Comment by ๐ป eugene
To be more specific, a domain's TTL in ALFIS extends to one year every time you alter it, including, e.g., adding a host. Which is much quicker than mining a new domain name from scratch.
But yes, they do expire.
I wonder, would it be worth it to set up an yggdrasil-only ACME service, so we could have a letsencrypt-like certification process? I could do it, but I'm not sure I should be trusted with something like that, nor am I sure I could guarantee uptime...
Apr 20 ยท 2 weeks ago
10 Later Comments โ
๐ป ps [mod] ยท Apr 20 at 07:55:
I am no longer using Alfis because domains without TLS can be compromised after their expiration. This is simply unsafe for users authorized by the password.
And mining sucks in world where oil ignites the war by fat capitalists and their followers. Crypto-shit. Encrypt everything but verify your age... Sorry, I'm using Meshname where classic DNS is required.
๐ SavaRocks ยท Apr 20 at 09:24:
@ps I am thinking about leaving i2p and yggdrasil also .. they are really niche and the traffic is almost 0. Here are stats for today:
As you can see sava.rocks got 650 hits while YGGdrasil only 1 ... and the request was made at the ip instead of http://sava.ygg :-)
I can't see the hits made on http://sava.i2p but I'm sure they're the same as for yggdrasil
๐ป eugene [mod] ยท Apr 20 at 12:35:
@SavaRocks
sava.ygg replies on http:// but not on gemini:// - that might be why. :)
๐ SavaRocks ยท Apr 20 at 12:55:
@eugene I am talking about http/https traffic/hits. Those stats are from the logs of nginx proxy manager.
I had gemini://sava.ygg running a while back but I had to enable host networking for the docker container ... etc
See this reply:
โ bbs.geminispace.org/u/SavaRocks/40348
๐ norayr [mod] ยท Apr 20 at 22:53:
on alfis, i also found
๐ป eugene [mod] ยท Apr 21 at 06:22:
@norayr
This thread has been there for quite a while now.
Notice that they're discussing a hypothetical threat actor the size of US government, though, and the argument doesn't fully conclude in something layman-readable.
While I can't claim to understand all the considerations involved, myself being very much a crypto/blockchain layman, I think it's secure enough *for right now,* until someone can come up with anything substantially better. The network isn't big enough for it to be a critical issue, in any case.
And nothing stops us from using it concurrently with meship/meshname/v6.alt, which would make tampering very apparent.
๐ jsreed5 ยท Apr 21 at 16:34:
Do you know if this was a bug in the cargo distribution of ALFIS, or was it a configuration issue on your machine? I run ALFIS on my home server, but I use a precompiled binary from GitHub, and I originally generated my keys on the Windows build.
๐ fstfabi [OP] ยท Apr 21 at 19:35:
once you have the 'key.toml' files saved and backed up you're fine. I just didn't know the GUI didn't come with a save dialog until I needed one.
๐ norayr [mod] ยท Apr 21 at 20:18:
one question:
if someone can mine a domain by running a computer for 3 days, can someone else mine same domain in same time and fake the domain by pointing it to their own server?
do you need to run alfis constantly if you have already mined the domain?
do you have to run it a client?
๐ป eugene [mod] ยท Apr 22 at 06:20:
@norayr
No solid clue to the first question. It would make the system pretty useless if that were possible though.
For the other two, though, the answer is definitely no to both: You need to leave ALFIS running for a few minutes after mining completes for the domain to stick, because other participants need to sign the block you just produced, but that's it. You don't have to run it to resolve ALFIS domains either: you can use, e.g., Reverton's in-Yggdrasil servers to do it. And you don't have to trust them for anything outside the ALFIS TLDs either, but that's a matter of configuring your resolver.
Original Post
A sad Alfis moment โ decided to try out alfis for dns. installed via cargo. ran it for a combined 30h or so. key finally mined. click 'save key'. a 'tiny file dialogs' opens, telling me it's missing software to give me a proper save dialog. "press enter to continue". window unresponsive. crashes. no key saved. dns is overrated anyway.