Exploring BlueSky's Domain Handles


Treemap of top level domains. It is dominated by .com, although .social is very popular.

Hot new social networking site BlueSky has an interesting approach to usernames. Rather than just being @example you can verify your domain name and be @example.com! Isn't that exciting? Some people are @whatever.tld and others are @cool.subdomain.funny.lol.fwd.boring.tld I wanted to know what the distribution is of these domain names. For example, are there more .uk users than .org users? Shut up and show me the results You can play with the interactive data Oh, and the large number of…

Continue reading →

A few thoughts on domain verification for social media


Glowing computer text showing dot com dot info etc.

Both Mastodon and BlueSky have the concept of "self-verification". Rather than trust a central authority to assess your notability and then bless your account (as Twitter used to do), they let anyone self-attest using Domain Verification. What does that mean? You tell the service what your website is. The service gives you a secret code. You upload that secret code onto your website. The service checks the secret code is on the website. If it is, the service says your domain is verified. …

Continue reading →

.ss TLD opening for direct registrations


National Communication Authority (NCA) ssNIC Registry Sunrise Registration Policy July 2024 1. Duration: The Registry will run the registration process according to the below timetable: Sunrise Period: 45 Days (1st August – 15th September 2024) Landrush Period: 30 Days (20th September – 10th October 2024) Early Access Period: 10 Days (15th October – 25th October 2024) General Availability: 1st November 2024

It looks like South Sudan's Top Level Domain is going to start allowing direct registrations! Long-time readers of this blog will know that it's possible to register .me.ss domain names - there are various other 3rd level domains you can buy. But, from the 1st of August 2024, you'll be able to apply for a 2nd level. So you'll be able to grab example.ss. Here's the official announcement. As per normal for a new TLD, there will be a period where organisations with Trade Marks can register…

Continue reading →

What the UK Government gets wrong about QR codes


A leaflet for Childcare with a prominent QR code.

One of my most memorable experiences in the Civil Service was discussing link shortening services with a very friendly person from the Foreign and Commonwealth Office. I was trying to explain why link shortners like bit.ly and ow.ly weren't sensible for Government use. They didn't seem to particularly care about the privacy implications or the risk of phishing. I needed to take a different tack. "So, you know how .uk is the UK and .de is Germany, right?" "Yes." "What country do you think .ly …

Continue reading →

A quick look inside the HSTS file


Glowing computer text showing dot com dot info etc.

You type in to your browser's address bar example.com and it automatically redirects you to the https:// version. How does your browser know that it needed to request the more secure version of a website? The answer is... A big list. The HTTP Strict Transport Security (HSTS) list is a list of domain names which have told Google that they always want their website served over https. If the user tries to manually request the insecure version, the browser won't let them. This means that a…

Continue reading →

Some more silly Punycode domain names


The logo for the band Spinal Tap. The logo looks like it has been chiselled out of heavy metal by virgin nuns who only wish to please the gods of rock and roll.

You know how it is, you buy one silly domain name and then you get an idea for loads more! A few weeks ago, I got https://⏻.ga/ - I think I'm the first person to get a domain name which uses a glyph from the Miscellaneous Symbols Unicode block. How exciting! And that got me wondering… what other abuses of the Punycode algorithm can I whack into DNS? Well, here's some I whipped up using FreeNom - they offer free domain names on the .ga TLD (and a few others) and are very liberal in accepting P…

Continue reading →

Not Quite Emoji Domain Names


A bright red power symbol.

@font-face { font-family: "power"; src:…

Continue reading →

What's the cheapest domain you can register for 10 years?


Screenshot showing £12.80 for 10 years.

I'm concerned about the longevity of the domains I register. I want my domains to be available for as long as possible. But it seems that every year prices rise - and the discount often provided for a new domain rarely continues into subsequent years. So I recently started renewing them for as long as possible. It turns out that most domains can be registered for a maximum of 10 years. A typical .uk domain will set you back the thick end of a hundred quid if you want it for a decade! Can I…

Continue reading →

🔥.me.ss! You can't register emoji domains in South Sudan


Dear Terence, We have contacted the registry and they said they don't allow 2 successive dashes.

It's useful to share negative results. Not every experiment has an amazing or successful outcome. tl;dr you can't register Punycode .ss domains. This also means Internet users in South Sudan can't register domains using their own writing system. Background The Republic of South Sudan became independent and joined the United Nations back in 2011. A decade later, and it's now possible to register .ss domains. Partly due to the history of the letters SS, and partly because of the way domains…

Continue reading →

Buying a single character domain - and 3 character FQDN - for £15


Glowing computer text showing dot com dot info etc.

Short domains are useful for security testing. If you only have a limited number of characters, you need to be able to reference code on a remote server in as few characters as possible. A few years ago, I tried to find a Minimum Viable XSS. The conclusion that I (and others) came to is that 20 characters is the bare minimum. But it requires you have a 2 character domain name on a 2-character TLD. Something like xy.uk I don't think any 1- or 2-character domain names are available. If they're…

Continue reading →

How much would it cost to buy every domain name?


Glowing computer text showing dot com dot info etc.

The ridiculous proliferation of TLDs (Top Level Domains) continues unabated. I wondered how much you'd have to spend to secure your name on every TLD. tl;dr;tld Over $300,000! (Roughly €280.000 / £245,000.) But... This estimate is pretty rough. A few caveats: This only covers one version of your domain name - it doesn't cover misspellings. I've assumed a single year of registration. Some domains give discounts for multiple years, or only offer multi-year registration. Some TLDs have a di…

Continue reading →

IANA Insanity - or, how I learned to stop .worrying and .love the .new .internet


Glowing computer text showing dot com dot info etc.

In The Beginning There was the .com and the .org and the .net and it was good. And, I mean, there were probably a few others - but that's all people cared about. Go Forth And Multiply And THE LORD sayeth "Hey, do people want country codes? Like .UK, .FR, .DE?" And the people were all like "Duh! Yeah!" Except for the people of the American United States. For they gnashed their teeth and wailed "We invented the Internet. There's no way we are going to use .US. We'll take the top level,…

Continue reading →