Hot new social networking site BlueSky has an interesting approach to usernames. Rather than just being @example you can verify your domain name and be @example.com! Isn't that exciting? Some people are @whatever.tld and others are @cool.subdomain.funny.lol.fwd.boring.tld I wanted to know what the distribution is of these domain names. For example, are there more .uk users than .org users? …
Continue reading →
Both Mastodon and BlueSky have the concept of "self-verification". Rather than trust a central authority to assess your notability and then bless your account (as Twitter used to do), they let anyone self-attest using Domain Verification. What does that mean? You tell the service what your website is. The service gives you a secret code. You upload that secret code onto your website. The…
Continue reading →
It looks like South Sudan's Top Level Domain is going to start allowing direct registrations! Long-time readers of this blog will know that it's possible to register .me.ss domain names - there are various other 3rd level domains you can buy. But, from the 1st of August 2024, you'll be able to apply for a 2nd level. So you'll be able to grab example.ss. Here's the official announcement. As …
Continue reading →
One of my most memorable experiences in the Civil Service was discussing link shortening services with a very friendly person from the Foreign and Commonwealth Office. I was trying to explain why link shortners like bit.ly and ow.ly weren't sensible for Government use. They didn't seem to particularly care about the privacy implications or the risk of phishing. I needed to take a different…
Continue reading →
You type in to your browser's address bar example.com and it automatically redirects you to the https:// version. How does your browser know that it needed to request the more secure version of a website? The answer is... A big list. The HTTP Strict Transport Security (HSTS) list is a list of domain names which have told Google that they always want their website served over https. If the user …
Continue reading →
You know how it is, you buy one silly domain name and then you get an idea for loads more! A few weeks ago, I got https://⏻.ga/ - I think I'm the first person to get a domain name which uses a glyph from the Miscellaneous Symbols Unicode block. How exciting! And that got me wondering… what other abuses of the Punycode algorithm can I whack into DNS? Well, here's some I whipped up using FreeNom …
Continue reading →
Like all good geeks, I have far too many domain names that I acquired for interesting projects which never took off. My latest is a bit different though. https://⏻.ga/🔗 That's "Unicode Power Symbol Dot Gabon". Because why not. Regular readers will know that I helped get ⏻ and several power symbols into Unicode. When I do talks about this, I usually refer to them as Emoji because, to most peo…
Continue reading →
I'm concerned about the longevity of the domains I register. I want my domains to be available for as long as possible. But it seems that every year prices rise - and the discount often provided for a new domain rarely continues into subsequent years. So I recently started renewing them for as long as possible. It turns out that most domains can be registered for a maximum of 10 years. A…
Continue reading →
It's useful to share negative results. Not every experiment has an amazing or successful outcome. tl;dr you can't register Punycode .ss domains. This also means Internet users in South Sudan can't register domains using their own writing system. Background The Republic of South Sudan became independent and joined the United Nations back in 2011. A decade later, and it's now possible to…
Continue reading →
Short domains are useful for security testing. If you only have a limited number of characters, you need to be able to reference code on a remote server in as few characters as possible. A few years ago, I tried to find a Minimum Viable XSS. The conclusion that I (and others) came to is that 20 characters is the bare minimum. But it requires you have a 2 character domain name on a 2-character…
Continue reading →
The ridiculous proliferation of TLDs (Top Level Domains) continues unabated. I wondered how much you'd have to spend to secure your name on every TLD. tl;dr;tld Over $300,000! (Roughly €280.000 / £245,000.) But... This estimate is pretty rough. A few caveats: This only covers one version of your domain name - it doesn't cover misspellings. I've assumed a single year of registration. Some d…
Continue reading →
In The Beginning There was the .com and the .org and the .net and it was good. And, I mean, there were probably a few others - but that's all people cared about. Go Forth And Multiply And THE LORD sayeth "Hey, do people want country codes? Like .UK, .FR, .DE?" And the people were all like "Duh! Yeah!" Except for the people of the American United States. For they gnashed their teeth and…
Continue reading →
