Hot new social networking site BlueSky has an interesting approach to usernames. Rather than just being @example you can verify your domain name and be @example.com! Isn't that exciting? Some people are @whatever.tld and others are @cool.subdomain.funny.lol.fwd.boring.tld I wanted to know what the distribution is of these domain names. For example, are there more .uk users than .org users? Shut up and show me the results You can play with the interactive data Oh, and the large number of…
Continue reading →
Both Mastodon and BlueSky have the concept of "self-verification". Rather than trust a central authority to assess your notability and then bless your account (as Twitter used to do), they let anyone self-attest using Domain Verification. What does that mean? You tell the service what your website is. The service gives you a secret code. You upload that secret code onto your website. The service checks the secret code is on the website. If it is, the service says your domain is verified. …
Continue reading →
It looks like South Sudan's Top Level Domain is going to start allowing direct registrations! Long-time readers of this blog will know that it's possible to register .me.ss domain names - there are various other 3rd level domains you can buy. But, from the 1st of August 2024, you'll be able to apply for a 2nd level. So you'll be able to grab example.ss. Here's the official announcement. As per normal for a new TLD, there will be a period where organisations with Trade Marks can register…
Continue reading →
One of my most memorable experiences in the Civil Service was discussing link shortening services with a very friendly person from the Foreign and Commonwealth Office. I was trying to explain why link shortners like bit.ly and ow.ly weren't sensible for Government use. They didn't seem to particularly care about the privacy implications or the risk of phishing. I needed to take a different tack. "So, you know how .uk is the UK and .de is Germany, right?" "Yes." "What country do you think .ly …
Continue reading →
You type in to your browser's address bar example.com and it automatically redirects you to the https:// version. How does your browser know that it needed to request the more secure version of a website? The answer is... A big list. The HTTP Strict Transport Security (HSTS) list is a list of domain names which have told Google that they always want their website served over https. If the user tries to manually request the insecure version, the browser won't let them. This means that a…
Continue reading →
You know how it is, you buy one silly domain name and then you get an idea for loads more! A few weeks ago, I got https://⏻.ga/ - I think I'm the first person to get a domain name which uses a glyph from the Miscellaneous Symbols Unicode block. How exciting! And that got me wondering… what other abuses of the Punycode algorithm can I whack into DNS? Well, here's some I whipped up using FreeNom - they offer free domain names on the .ga TLD (and a few others) and are very liberal in accepting P…
Continue reading →
@font-face { font-family: "power"; src:…
Continue reading →
I'm concerned about the longevity of the domains I register. I want my domains to be available for as long as possible. But it seems that every year prices rise - and the discount often provided for a new domain rarely continues into subsequent years. So I recently started renewing them for as long as possible. It turns out that most domains can be registered for a maximum of 10 years. A typical .uk domain will set you back the thick end of a hundred quid if you want it for a decade! Can I…
Continue reading →
It's useful to share negative results. Not every experiment has an amazing or successful outcome. tl;dr you can't register Punycode .ss domains. This also means Internet users in South Sudan can't register domains using their own writing system. Background The Republic of South Sudan became independent and joined the United Nations back in 2011. A decade later, and it's now possible to register .ss domains. Partly due to the history of the letters SS, and partly because of the way domains…
Continue reading →
Short domains are useful for security testing. If you only have a limited number of characters, you need to be able to reference code on a remote server in as few characters as possible. A few years ago, I tried to find a Minimum Viable XSS. The conclusion that I (and others) came to is that 20 characters is the bare minimum. But it requires you have a 2 character domain name on a 2-character TLD. Something like xy.uk I don't think any 1- or 2-character domain names are available. If they're…
Continue reading →
The ridiculous proliferation of TLDs (Top Level Domains) continues unabated. I wondered how much you'd have to spend to secure your name on every TLD. tl;dr;tld Over $300,000! (Roughly €280.000 / £245,000.) But... This estimate is pretty rough. A few caveats: This only covers one version of your domain name - it doesn't cover misspellings. I've assumed a single year of registration. Some domains give discounts for multiple years, or only offer multi-year registration. Some TLDs have a di…
Continue reading →
In The Beginning There was the .com and the .org and the .net and it was good. And, I mean, there were probably a few others - but that's all people cared about. Go Forth And Multiply And THE LORD sayeth "Hey, do people want country codes? Like .UK, .FR, .DE?" And the people were all like "Duh! Yeah!" Except for the people of the American United States. For they gnashed their teeth and wailed "We invented the Internet. There's no way we are going to use .US. We'll take the top level,…
Continue reading →