Hello to all of our new users.
I wish we could all meet in better circumstances. The closing of lemm.ee is a real blow to the fediverse, and I have nothing but the greatest respect for the lemm.ee admin team. Lemm.ee was a cornerstone of the lemmy community, and set a high bar for moderation and technical performance.
Finding a home on the fediverse can be tough. Whether you're here to lurk, post, moderate, or contribute in your own way, we’re glad you’ve joined us. Lemmy.zip might not replace what was lost, but we hope it can become a lemmy instance where you can feel at home.
Everyone should receive a welcome PM when they sign up to Lemmy.zip from the ~~ever-present dark lord overseer~~ friendly bot, ZippyBot. However, in case poor Zippy has been overworked and forgotten to send the PM to you, here's some helpful information regarding Lemmy.zip!
-
All of our policies can be found at legal.lemmy.zip. This includes our Code of Conduct. Please (please!) have a read of this. Our number 1 rule is
Remember the human! (no harassment, threats, etc.). We absolutely adhere to this. Treat people with respect. -
When you created your account, we set up some "Default Blocks". If you want a more unfiltered Lemmy experience, you can head to your account settings and remove the blocks. You can read more about this in our Welcome Post - they are currently hexbear and lemmgrad.
-
We have monthly updates! You can read the latest one here!. We're always open to suggestions if there's anything else you'd like to see in these.
-
We have some metrics around federation for the curious among you. The link is in the sidebar or you can click here!
-
We have our status page at status.lemmy.zip. In the unlikely event the server becomes sentient and starts a robot uprising, full details will be available here.
Finally, your admin team is myself (Demigodrick), Sami, Druid, and Gazby. Please reach out to any of us if you feel you need help or support with anything. We also have a support email - [email protected].
If you have any questions, please let us know and we'll do our best to answer them.
Thanks,
The Lemmy.zip Admin Team
It seems more like a issue with applications honestly
DNS shouldn't be the source of a compromise
And a TLD shouldn't be so easy to mistake for one of the most recognisable filetypes ever, yet here we are. Well made apps discern between a zip file and a zip web address without issue. The problem, as usual, is in the human element:
holidayphotos2025.zip,2025ProductData.zipor whatever hook you're going for.Having .zip in the string and in the link visible on hover could be all that is needed to 'sell' it to a user that makes a cursory glance before clicking - nevermind the ones that just click anyway. Plenty of folk have fallen for more obvious traps than that, so it's a winner for a bad actor. Any trick that lends legitimacy to a scam increases the chance of success. Users savvy enough to check but not enough to spot the discrepancy may also have more data interesting to an attacker.
Blocking .zip TLDs wholesale at DNS level kills this even if the first and hardest hurdle (getting the user to click) is cleared. I'll concede that it is an edge case in the grand scheme of things, but why leave the hole open when it is so easily plugged?
I still don't see how that is an issue. If someone clicks on a link from a email and then gets compromised there is a bigger issue.
Throw enough people at something, and one of them will fail. The more people, the higher the chance.
Perfect people in a perfect world would not need fire extinguishers, seatbelts, helmets, endpoint protection software, or TLD level blocks. You can try to train the problem out of people, but the threat still exists, mistakes can be made, and the next 0day might be just around the corner.
I'm not a fan of sorting people problems out with tech based solutions either - I see your point. The pragmatist in me will take that over dealing with the fallout of user error though.