Alphabet has too much cash. They have a well established track record of enthusiastically backing exciting new projects way outside of their core competency just to dump them like hot garbage several years later.
They also compete in random new industries each time this happens.
It doesn't seem like a smart move to lease a domain from a politically active mega-monopoly that might decide to randomly become your competitor in 2 years.
Hi. I'm the Tech Lead of Google Registry, the team that is launching .dev (not to be confused with the linked Google Domains, which is one of many registrars selling .dev domains to end users).
You'll be glad to know that TLDs can't simply be discontinued like other products might be. ICANN doesn't allow it. The procedures in place preventing a live TLD from shutting down are called EBERO; more details here: https://www.icann.org/resources/pages/ebero-2013-04-02-en
The way it works is that all registries must send daily full backups to a third-party escrow provider, which are then used to restore the TLD under a different operator if the original operator shuts down unexpectedly. This is not some theoretical backup/restore procedure that goes untested; it's been used in the past, e.g. with .wed: https://www.icann.org/news/announcement-2017-12-08-en
But this typically only happens when the registry operator goes abruptly bankrupt, and is thus quite rare. Many, many widely used TLDs have been seamlessly sold/transferred across registry operators without you ever realizing it, including .io last year. That would be the "worst" you would expect from TLDs launched by large established players like Google. You actually get a lot more protections with gTLDs than you do with ccTLDs (such as .io), as ccTLDs aren't bound by contract with ICANN and thus aren't forced to do EBERO, or anything else for that matter.
If I register a domain, can google boot me off it at a later year if they don't like my politics? Or do I own the domain with the continuing option to re-register it or transfer to another domain registrar? Does google ultimately own the domains and simply lease them to me with no guaranteed option to continue?
Along those lines, if Google decides I’m a bot or nefarious developer as seems to mistakenly happen on occasion judging from recent hacker news posts, will I then lose my domain name? Or at least access to it? At this point tying any major asset solely to a Google account feels risky.
That's just false information. They didn't take any domain down. They stopped offering their CDN/proxying service to a customer. That customer is/was free to host their own content using their own or a different service. No company should be required to offer services to anyone and everyone unless they are the only option on the market. And cloudflare is very far from the only CDN on the market.
Unless I'm thinking of something else, it's not a domain registered through CloudFlare. The taken down site was using CloudFlare's reverse proxy service. IIRC, Matthew wrote about the incident in length.
I personally don't use CF for various reasons, but this site take down is not one of them.
It really depends on the product. E.g. if you buy Google Wifi, you can call them or chat with customer support, etc. If you need help with constructing a web search query, not so much.
So, please do not over generalize or compare apples to oranges.
As a customer, I can't be expected to have a mental model of which Google services come with actual support, and which ones come with Google-it-yourself support.
Comparing Google products to Google products should not be comparing apples to oranges. If Google is frustrated with customers assuming they don't support their products, maybe they should support all of their products, not just a select few.
I am frustrated by Google’s lack of support as anyone else, but it is completely unreasonable to expect support for a free product, regardless of how they might otherwise profit off you.
You can't say for sure that any new Google product is guaranteed to have horrible customer support, but you probably should assume that any new Google product has horrible customer support until you see proof of the contrary.
Google Fi’s support might be great. But you have to pay for it through Google Payments which is another potential single point of failure. If you ever trip any of their fraud flags you’ll probably never be allowed to pay for anything through google again, and good luck getting it fixed.
Sorry, but I reserve the right to be cynic. I belong to the old group of people who got to know Google as "do no evil" company, who tossed that to the wind as soon at it suited them better.
I wouldn't lease the domain through Google domains. Use a different registrar --- if possible, one that you'll be able to trust. That registrar will work with the registry of the TLD, which would be google in this case, and has a much better chance of actually resolving issues than if you were a direct customer of Google Domains.
While this is true there are very few reasons why a domain registrar will give you a lifetime ban let alone automatically do it for some perceived TOS crime, let alone refuse to tell you what your alleged misdeed was, let alone automatically reject evidence you submit to the contrary and keep your domains. Imagine the liability!?
Meanwhile someone got their Adsense account banned and in those cases Google refunds the allegedly fraudulent revenue to the advertisers and do not pay you the non-fraudulent revenue. The person who got banned went to court over it because it looked like Google schedules these things to maximize how much they could keep, Google fought for four years to conceal where the non-fraudulent revenue went and then settled for $11 million to keep that shrouded in mystery.
Note the nobody who will say what happens to your domains when your account is banned despite relevant Google personnel participating in this page, but they have time to detail how we're covered by ICANN if Google with $106+ billion in savings goes bankrupt in thousands of years...
They designed this awful system exactly the way they wanted it to work and they choose to keep it this way, everyone else should probably not use them for domains or web hosting in case yourself or someone associated with your account is irreversibly judged to have committed a TOS transgression somewhere within their empire.
I've been using https://www.hover.com/ for many years and they're great. Mostly because the prices aren't too bad, the dashboard makes sense, and they never contact me.
That's a redundant question, because just about every registry can dictate what their TLDs can be used for. It's part of the design laid down by ICANN.
- For Verisign with .com, they don't care if you're really a company or not.
- With Minds & Machines and .law, they only want qualified lawyers, courts, legal schools, etc. using the TLD.
Keep in mind that the registry and registrar are different things.
Godaddy banned Gab for political reasons as well. While you can split hairs and say that's just a registrar, you can also split hairs and say that youtube is just a hosted content platform. If you're thinking of running another infowars then I would advise avoiding registering domains with any major tech platform in general.
@bduerst,
Forgive my ignorance, but just to distill it down to brass tacks:
In this case, Google is the registry and thus the supreme court of who can and cannot be on this domain and there is no recourse if they yank your claim on the domain?
I mean, the entire domain name infrastructure is set up so that someone along the path can revoke registrations, all the way up to ICANN itself.
IME you're much more likely to be banned by the registrar than the registry itself. Registries want people to use their TLDs, so they're not going to reject post-registration unless you've changed how you're using the TLD and it's violating the rules they originally laid down. Registrars are much more consumer facing and will act accordingly - i.e. GoDaddy banning Gab.
You talk about the protections ICANN gives your customers in case Google goes bankrupt, but what are the protections or recourse your registry or Google Domains created for your customers to ensure recoverable domains and unimpeded uptime if their Google account is banned?
Premium prices are set at the registry level, and for Google's TLDs, are charged annually. The EAP fee is a one time only up-front cost.
Domains being sold by resellers are something different entirely, but yeah, some registrars that participate in reseller networks may lump those in as "premium" as well, which is confusing. Those prices tend to be one-time acquisition costs.
Because this is your area of expertise, can I ask you why more registrars are not selling 10 or 20 year domain ownership? Who wants a domain for just a year (if you agree with the premise behind individuals owning domains in the first place)?
Most TLDs allow registration lengths up to 10 years. And registrars will happily sell you registration for 10 years. Buy the domain, then immediately renew it for 9 years. I suspect the reason they don't offer a choice of registration years in the initial checkout flow is to reduce purchasing friction -- they don't want you to have to make another choice and then potentially back out of the sale. It's the same reason e-commerce sites will ask you for as little information as they can get away with when checking out your cart; for digital sales many retailers just do zip code instead of full address since they're not shipping anything.
As for longer registration periods than that, I suspect it's the same reason you can't, e.g., call up your cable company and try to pre-pay 50 years of service. They have no idea what things will be like that far down the road, and they don't want to have such longstanding obligations weighing on them.
It comes down to business decisions, not technical issues; technically speaking the spec allows for up to a 99 year registration period, though I'm not aware of any TLDs that support that. https://tools.ietf.org/html/rfc5731#section-2.5
I recently read an HN thread about Romanian ccTLD registry selling domains for lifetime. They have stopped it and asked the former customers to pay up though.
And also ccTLDs can make up whatever rules they want, whereas gTLDs are all bound by the same common set of rules. There are many ccTLDs that don't even use EPP (the spec I linked to above).
We already have enough sleazy domain squatters holding names for years and trading for ridiculous prices. Instead of long ownerships, we should have some way to prove you're actually using the domain after a certain number of years.
I disagree. At the end of the day, they are still vanity domain names. Adding more paperwork and process doesn't change that.
For example, pitch a solution that doesn't just make squatters upload some bare bones index.html. Or check a registrar's checkbox to park the domain somewhere with content. Or, well, upload the minimum amount of substance that you think is necessary.
Think about how you could possibly design such a program to ensure use, and how you'd prevent parking site services from cropping up that would make a site just meet the requirements for continuing registration. And if it's not a purely automated process, then the base registration price would have to go way up to pay for all the human work going into validations.
And now imagine the public outcry that can happen every time people have their domains taken from them (rightly or wrongly).
No, no registry wants to be in the business of doing that. You continue to pay for the name, it's yours.
We should stop calling organisations who hog domains in order to accrue an exaggerated profit from them "domain squatters". A real "domain squatter" should be someone who employs the "domain hogger's" domain until the domain hogger decides to actually do something with it themselves.
We wouldn't need such a profusion of TLDs (most of which are awful: .dev is an exception) if real domain squatting was made feasible.
The biggest problem with squatters is that they pay 100x less then you do for a domain. If they had to pay the same price they would squat on way less domains.
It sounded like they were referring to something specific, but didn't provide examples. I want to know exactly what they're worried about so that I can answer the question, but I haven't been given enough to go on. It sounds like they're worried about prices being jacked up by large amounts, but I'm not aware of that even having happened. Absent that, the current prices are what they are; pay them or don't, but you know what you're getting into.
I think they might be referring to Chrome's upcoming use of &targetText= for linking to specific words or paragraphs, which caused some controversy here yesterday. See:
Hi, just wanted to say how absolutely horrid this entire idea is. Domain name squatting and auctioning is already bad enough, and you're telling me we should give one of the richest companies in the world thousands of dollars for a domain name for development. This is completely counter to the spirit of the internet, and spits in the face of open source and passionate hobby developers who don't have silicon valley stock vesting every quarter. Instead of trying to get these domain names into the hands of real developers at a reasonable price, you're going to sell them to the highest bidders, squatters looking for new investments, and corporations.
Really not at all impressed by this, and it only serves as a stark reminder of the failed state of TLDs.
I don't understand the bile here, nor the alternative. Today there are no .dev domains, so anything is an improvement: today you can't use them, tomorrow you can choose to if you think it makes sense.
Re: price, say the .dev registrar decides to offer domains for a hobby-dev-friendly $1 flat fee, first come first served. Wouldn't that just immediately lead to a resale market where predatory squatters register all the domains and extract the market price from anybody who wants one?
I think it’s not cool to offer “early bird” registration for thousands of dollars. So Google is endorsing that rich developers should get the best domain names? How are they reserving for themself?
I think it would be cooler to have programming challenges or something neat.
But a cash grab just seems kind of, lame I guess.
I wouldn’t say I have bile, but I went from “this might be cool” reading the headline to “this is really stupid.”
But if you don't think the dutch auction style is a good one, what would your alternative be?
Because the problem of resellers buying up TONS of domain names is a real one, and thus far a dutch auction style seems to be one good way to combat that (since buying 10000 names and selling 10% of them for an overall profit is a LOT more risky when getting them first means shelling out a LOT more money).
A challenge or something would probably drive costs up across the board, and it would still exclude those who want to use the domains that might not be able to complete the challenge (IMO a worse situation), and other methods of "verification" would either be gameable or would exclude many devs.
I don't know of any more "fair" way of allowing people to buy domains. Why should a hobbyist be able to buy "paypal.dev" when potentially thousands of devs could use that domain at paypal, and similarly "klathmon.dev" would be awesome to have for me, and it's pretty unlikely that someone will buy that out from under me with this scheme.
Not to mention that the timeline here is literally half a month. After Feb 28th, there is no additional charge. So we are talking about 2 weeks of waiting.
In an idealized economic model, "rich developers" will get their desired domain names anyway as they can offer a large sum of money to the "poor developers" to give up their domain name.
I think the risk isn't that they become your competitor, it's that an algorithm flags your website for perceived abuse and that cascades down to you and your workplace being banned forever from Google, with no recourse because they choose to provide fake support despite having $100+ billion in savings and plenty of funding for eg global tax evasion.
It's risk management through diversification attempts. Google, like any other large scale extremely successful single product[1] company, hedges market risks in occupying "hot" spaces. Same with MS, Apple and all other giants, even in non-tech.
[1] see financial report of the last year (10K). Search for "We operate our business in multiple operating segments. Google is our only reportable segment. None of our other segments meet the quantitative thresholds to qualify as reportable segments" and "How we make money" (Source: https://www.sec.gov/Archives/edgar/data/1652044/000165204419... )
Youtube - money loser
Maps - money loser (but we will see after their recent huge price increases shake out)
Phones - money loser. they are selling fewer phones annually than apple sells in a week.
You made a fully general argument against anything that Google touches.
This isn't useful, because everyone knows that argument already. I'd rather know what Google's track record is specifically having to do with DNS (or fundamental Internet infrastructure).
I think their 8.8.8.8 DNS server has a pretty impressive track record for I think over 10 years. I know many people who changed their dns to 8.8.8.8 when they thought their DNS was shitty.
Back in highschool (15yrs ago) pinging a DNS server was something I sometimes did when fixing people's internet, always used 212.142.28.66. No idea why it's still in my head so much later, 8.8.8.8 sure is a lot easier to remember.
Can't agree with that. Taking a minimal amount of time and effort to host your own site on a TLD shows, at least, a moderate understanding of DNS and all that, much more than clicking things on Github Pages IMO.
Haha. I totally agree. As a shareholder, I almost feel like an activist campaign is needed. Sure, Verily and Waymo are interesting moonshots, but then the rollout of Youtube Plus or Premium seems like the most mismanaged rollout of a big tech company outside of the Amazon phone. Why is Google bothering with domain registry is a good question. Google code probably could have been what GitHub had it not been abandoned is another example of mismanaging product or service vision.
A while ago, some posts on HN went around saying that you shouldn't use third-world TLDs for your startup because some of them are unreliable stewards who would put your domain at risk. Does registering a .dev domain make you dependent on Google in the same way that registering a .ly makes you dependent on Libya?
There was this one guy who lost a valuable Twitter handle due to him using his custom domain email (via GoDaddy) as a login email.[0] I'd like to think imagine Google is better than GoDaddy when it comes to security and fighting social-engineering attacks but who knows. But if Google is a weak link wouldn't that also mean all our gmails are not as safe as we think?
I'd say Google would be one of the most resistant organizations to social engineering by virtue of the fact that you can never really talk to an actual human even if you are a legit user and want help on an issue.
I don't really understand the worry here though. Aren't you always trusting your registrar when you buy a domain name? Google at least has a pretty solid track recordin wrt security.
You aren't dependent on your vendors if you can switch them out without destroying your company. The real mystery is why people turn their own businesses in to little barnacles on the skin of behemoths and expect to not get brushed off.
Names in the DNS aren't personal property (and they certainly aren't real property). So "owns" is probably the wrong word.
But ICANN, which is responsible for the entire hierarchy, expected that eventually at least some of the new gTLD registry operators would fail, and so there is an escrow agreement for each one. If the gTLD is popular enough that somebody else will operate it, the last daily backup from escrow is given to the new operator and things continue from there. I guess your new registry operator may set fees or other conditions your current registrar doesn't like, but if you like the new you can move to a registrar that's OK with them. The list of names in the registry doesn't vanish unless both your registry AND the third party escrow company screw up.
If the gTLD is grossly unpopular, it may not be possible to find a new operator for that gTLD registry. I don't know what happens in that case, although whatever it is by definition won't happen to many names.
I also don't know what happens for the very stupid gTLDs that are essentially for private use by a single organisation, like .kerrylogistics. And I don't really care, so long as the fees roll in to pay for everything. Actually I'd have billed them for their original request, .kerrylogisitics [sic] as well, but I guess someone felt that was too mean.
"ICANN requires all registrars and gTLD registries to contract with a data escrow provider in order to safeguard registrants ... in case of registry or registrar failure, accreditation termination, or accreditation relapse without renewal." Basically if Google screws up then ICANN will give the data to someone competent who will take over the domain. https://icannwiki.org/Data_Escrow
That’s a bit of a stretch, not? If I visit dev.somesite.com, I can reasonably assume it belongs to the same owner as somesite.com. The same can not be said about somesite.dev.
Should we design standards for the dumbest of the lot lol? Not everyone understand that TLD is then maybe they should be educated rather than appeased to.
Also it seems to be primarily USA's issue. Every other nation uses their domain for internal websites (like cats.de) where's Americans tend to just clump everything in `.com` and act all confused by simple TLD scheme.
I don't think a person qualifies as "dumbest" because they do not know what a TLD is. Not everyone has to understand everything else in the world to be a human and use it. Not everyone knows how to be a mechanic but lots drive vehicles and fly in planes.
The issue with your generalization of America is flawed. The internet started in America so "we" clumped everything into .com because we could. TLDs for countries came as a way to organize and route better. A German requesting amazon.com, should goto amazon.de. (This all happened before amazon and CDNs and other things.)
It is ignorant to think a fundamental concept of domain resolution, TLDs is something everyone should understand to use the internet. Do you know how your cell provider takes a request to dial a number and resolve it to another person across towers and potentially hard wired cabling? Most don't and they all make calls.
My point was more about the assumption about who owns somesite.com. Assuming two domains are owned by the same company is a somewhat secondary concern to authenticating the owner of either; both of which are larger issues in their own right.
As commented by someone else, see e.g. whitehouse.com. The fact of whitehouse.gov being a different owner is much less of concern than that of whitehouse.com not having the expected owner in the first place (from the perspective of most visitors).
It might sound useless for those who doesn't know what it is.
However, for those who does it is very useful and getting more useful.
Browsers might (if not yet, coming soon to you) raise red flags if you try to use a website whose certificate was signed by a rogue CA that, according to DNS instructions, shouldn't be able to do so for that domain.
Browsers might demand OV from high profile websites in theory.
Seeing the organisation name next to the lock icon definitely gives me an extra layer of warm and fuzzy feelings. I’d say it has some value for those that can pay for it.
You are talking about EV certificates. OV-validated certificates require (the best case) the user to click on the padlock icon to reveal more information about the certificate.
> Let’s Encrypt offers Domain Validation (DV) certificates. We do not offer Organization Validation (OV) or Extended Validation (EV) primarily because we cannot automate issuance for those types of certificates.
I buy them. I don't like paying for them, but I want a certificate I know will just work for years without having to run certbot or one of its clones on my server. Well, that and LE didn't yet allow wildcard certs when I bought mine. They've already dropped their maximum validity from three to two years though, so I'll probably throw in the towel when they further reduce their validity to less than six months.
ACME is an open protocol (and very soon it will be an IETF Internet Standard too). There are many alternative implementations. Just find one you trust.
We actually did our own DNS-based implementation for our infrastructure.
I don't want to run someone else's code on my server just for this (the default certbot wants root access too, yikes), nor do I want to analyze someone else's implementation before running their code, and I sure as heck don't have the time, patience, or interest to write my own implementation of ACME just for the one service that uses it.
I want to go to a website, have it tell me to put a string into a meta tag or DNS TXT record, and then save the key it returns on my box. Then I want to forget about it for the next 2-3 years.
Honestly I don't even want to do that. I want my nameserver to generate a DANE/DNSSEC record for me automatically, and for browsers to honor that. It isn't like domain verification is any more secure than a DNSSEC record would be.
We do something similar, although not through a REST API. We handle all this cert management centralized on one server, which publishes the DNS records for DNS verification etc.
On our other servers is then just a simple script that periodically checks if the certs on the machine are near the expiry date and if so pulls a new one from the central system.
ACME protocol is fairly straight forward to implement, and you can easily write your own implementation with existing code (OpenSSL, Apache/nginx, etc).
With many commercial registrar's, although they offer a valid and long certificate, their technical aspects aren't very good. Many CAs don't support ECC certificates, the must-staple flag or CT SCTs embedded in the certificate.
I work a lot with web PKI, and every time I have to deal with a CA that's not LE or Digicert, I sigh out loud.
A certificate that last for years... That's exactly how you end up with a certificate that expired and no one realized. An automated process is a way more reliable.
Dutch auctions are incentive-compatible - they allocate the resource to the person that gains the highest utility for having it. Maybe Google got some of the people working on ads auctions to design this pricing structure.
I’m, that’s an icann rule for launching new tlds. The early access period is always higher, then there are several other periods that happen before a tld gets to General availability.
This pricing structure is not just for .dev domains.
FYI, there is no ICANN requirement that any sort of auction be involved in launching a new TLD. We used to use a standard auction (called the landrush phase in TLD parlance), but have since switched over to a descending price Dutch auction because it's significantly less operational burden for us.
It's generally a good idea to have some kind of auction for the reasons the parent comment mentions, as it is a more economically efficient way to allocate the limited namespace to those who want it the most.
I remember people calling that a bit of a fiasco... was there anything theoretically wrong with the application of a Dutch auction for that purpose, or was it just that the underwriting community and their clients had every reason to make the situation look bad?
The price basically ended up being set by the underwriters because they big players bought most of the shares and bid at the price they underwriters told them to bid at. It wasn't really a fiasco, it just didn't accomplish what they wanted.
Yeah, there are domain names out there that are so valuable that they've sold for eight figures USD. There definitely are domains that buyers (typically companies) are willing to spend well over $10k on acquiring. It's with this in mind that the EAP prices are set.
> they allocate the resource to the person that gains the highest utility for having it
I don’t think that’s necessarily true. Any large company is able to drop a ton of money on something that has marginal utility for them, whereas a small business that would gain much more utility from it may be outbid just by virtue of having the wrong opponents.
This assumes bidders have similar amounts of money to spend on domains, which may or may not true for any particular domain.
We can say that, when bidders do have similar bankrolls, whoever wants the domain the most is likely to buy it first. If they don't, whoever has the bigger bankroll will probably be able to buy it first.
I reserved unix.dev for the regular domain reservation price, not the crazy "premium domain" price because unix.dev was not part of the premium domain list.
However, Google determined that no, unix.dev should be a premium domain, and "stole" the reservation from me (after I have already paid for it). They later added it to the premium domain list, and they asked me for $11k to keep the reservation.
TBH, I expected to lose the domain because of trademarks or whatever, but apparently it was simple highway robbery.
Btw, I didn't even get my money back, just "store credit".
Hey, I just want to correct some misunderstandings here.
"Reservations" mean nothing. Google Domains is merely one of many registrars that have customers all vying for domains in the same namespace. A "reservation" just means that the registrar will make their best effort to attempt to get that domain for you at the specified price; it doesn't mean that some other registrar won't get it first, or that some other customer isn't willing to spend more and will get it on an earlier day of EAP.
Until the domain is actually created with you as the registrant, it isn't yours in any sense of the word. There are even registrars out there that will, upon acquiring a domain, auction it off amongst all of their customers who pre-registered it.
There are also Indian (male) names that are just “Dev” or that end in “dev”. The word means deity or god. There could be many Indians buying these when early access ends on February 27.
I recently found out that the sidebar menus on pages within https://developers.google.com/web don't work with JS off (usually a trivial thing: show sub-items by default and hide them with JS). Almost every Alphabet website has something like that.
So yes, minor anecdote, and I genuinely appreciate the hundreds of Google employees who really help the Web and share useful knowledge (and don't lead developers into using techniques best suited for billion-user websites, as FB often does) but I'll reserve to right to side-eye anything Google says.
Also the site claims to about “web fundamentals”, but the content pushed out are all articles about cutting edge, experimental features in Chrome. There’s nothing wrong with documenting new features in your browser, but calling it fundamental is fundamentally misleading.
There's nothing about Safari that makes it "the new IE8". Ironically, the very same HN that bemoans every new thing as "why should devs jump onto this shiny new things, just slow down already" criticises Safari for not jumping onto every new thing.
Ironically, the very same HN that bemoans every new thing as "why should devs jump onto this shiny new things, just slow down already" criticises Safari for not jumping onto every new thing.
HN is quite diverse and I'm pretty sure those are two disjoint sets of users. (I'm in the former group myself --- not a fan of presenting information in such a way as to decrease its accessibility while also increasing resource usage.)
I bet I could make those accordion sections work in all browsers going back to IE5 without much effort, and use nothing near 120KB of JS to do it... but no, most "modern web devs" would rather pile on the bloat of their libraries and "best practices" to make something that works only in the very latest version of the one browser they personally use.
Your post shows the big difference in mentality that's partly responsible for why we see so many broken sites --- I haven't ever used those tags before and would just go for plain old DOM style manipulation with JS (which has been around for a very long time), whereas you started with something much newer and took backwards-compatibility as an afterthought to be added on. Your solution requires less initial effort (providing you knew about the new tags) but then additional effort to work on older browsers --- that might not even be done --- whereas my solution may take a little more effort initially, but then naturally doesn't need any further considerations for backwards-compatibility.
My mentality is to make the website usable without JS for most people (with the reasonable effort of installing FF or Chrome at most), then use as simple and compatible JS as possible if needed. Thus, old-style DOM fiddling isn't the first choice - and if we're talking very old browsers, it was also tricky to get right due to all the incompatibilities.
Why you think something would be broken when a polyfill is used as fallback, I don't know.
Why would anyone use an older browser? (Other than IE in old firms - but this is probably becoming rarer and rarer) I guess everyone should upgrade their browser regularly, at least to get security upgrades
It's support for video codecs is pretty limited, and has been for a long time, but I think you're right about most of the other things being very new "standards".
Also, the navigation and some other parts aren't usable with ad blocker enabled, since there are no non-JS links/anchors. Embarrassing for an entity that once tried to position itself as a supporter of usability and user-friendly web pages.
<SUPPORT_PERSON>12:53 PM
Thank you for contacting Google Domains. My name is <SUPPORT_PERSON> and I'll be happy to assist you. Let me quickly read your notes here.
<SUPPORT_PERSON>12:54 PM
Hi there
<SUPPORT_PERSON>12:54 PM
How are you?
<ME>12:54 PM
Hi. I'm trying to read your website but it's broken in one of the dominant web browsers in the world.
It works great in Edge, Firefox, and Chrome on my PC. I think he's too high up on his horse to realize that the problem may be on his beloved religion/platform.
It's a nice way to earn a bit of cash from larger companies who do not want "company.dev" associated with porn or malicious content. Imagine if "unity.dev" or "disney.dev" pointed to a cesspool of viruses.
There are icann rules for launching a tld. There is a period for tm holders. Most companies are going to get their company.dev during the tm period. If they don’t, three is always the udrp process.
So big companies with big money won't have to shell out cash because there's a TM period for them but smaller one got to buck out 10,000 bucks to prevent cyber squatting ?
If you're already running your own internal DNS servers (to serve .dev, .test, etc.) , then just buy a domain for your org for internal use (e.g. "<mycompany>-internal.<tld>" or "<mycompany>-private.<tld>", or if your company is "<mycompany>.com" then purchasing "<mycompany>.net" or similar), split-horizon so that queries from the Internet direct to some CDN-hosted static page saying "nothing to see here, internal use only, if you are an employee please VPN in" and internally you find the actual services.
You never run the danger of your internal domain being unroutable (since you indisputably own it), none of the stuff on subdomains of your internal domain are internet-discoverable (since none of the internal services are exposed externally), you retain the flexibility of eventually making internal services Internet-routable when you get around to building out a BeyondCorp model (if you ever do), and it probably costs a negligible <$10/year in registration fees.
Not every development environment, company, and set of IT/security policies are the same as yours. Just because you cannot envision the problem doesn’t mean the problem doesn’t exist.
> The ".localhost" TLD has traditionally been statically defined in host DNS implementations as having an A record pointing to the loop back IP address and is reserved for such use. Any other use would conflict with widely deployed code which assumes this use.
So it might work but it could be problematic if the intent is to use ".localhost" as a local network domain rather than just the local host.
An internal network might not be a LAN - for example, it might be a company's entire internal infrastructure spread over three offices and a datacenter with VPN.
Plus "DNS related code" can be stretched pretty far to "code that uses DNS." so it's the one I prefer.
The only thing I wish was easier was having a TLD for network local names but not link-local names. I typically just buy a name for that but it seems clunky since any in-use name that uses public DNS TLDs I feel ought to be DNS server independent.
.test also works, but I like .dev more, so I have and continue to use .dev via hosts file (edit: hearing Firefox is doing the .dev HSTS preload as well, that's very disappointing to hear.)
I do wish /etc/hosts accepted wildcards, though. It can be a touch annoying having to add a new rule every time I create a new subdomain.
If you like .dev so much instead of .test, why not use something like subdomain.[public-domain].dev.com for all of your dev use?
It seems silly to continue using .dev, especially when this will now be a public and commonly used TLD. So now, if you're modifying .dev records for a local/private network, and then you or someone on that network attempts to go to a public website that is using the .dev TLD, it might not work, or you'll get a completely unexpected result. Doesn't seem worth that hassle.
Who bought it is irrelevant. It could have been released to the public in a similar way to .com and the same issue would remain.
The .dev TLD was never reserved for your dev use. If you had been doing it correctly and following the RFC, you wouldn’t have to change anything with your workflow.
Now, if they ever release .test for public use then I’ll grab my pitchfork with you.
One company I worked at thought it would be a good idea to use .local for their global internal network.
Worked fine for Windows folks. Was an huge pain in the ass for anyone on a Mac (using Bonjour) or Linux machine (using Avahi). No auto discovery of printers.
Google weren't supposed to make it generally available. From their application[0]:
> .dev will operate as a closed gTLD. It will provide Google with the opportunity to differentiate and innovate upon its Google products and services through its use of the gTLD. This will promote competition in the gTLD space by inciting competitors to respond with improved gTLD operations, greater range and higher quality products and services, and⁄or the creation of their own respective gTLDs, to the benefit of all Internet users. Launching the proposed gTLD will also generate increased competition in the online marketplace by adding incremental availability to the second-level domain pool.
Presumably you were already editing your hosts file or running your own DNS server in order to make .dev resolve for local development, which you can continue to do?
Yeah sure takes one minute, one minute of wondering if you really wanna bash your head against a wall getting openssl to spit out an X509 cert and then some.
You mean wait six to eight months for the IT security department in another division of the company in another state to -maybe- approve my cert request.
Not all web development is three guys on Linux laptops at WeWork.
If you're a big org, presumably you could just get your org to just buy the TLD if it's that much trouble.
Something tells me it's not actually that much trouble though, and people just like whining about minor inconveniences because it's the internet and they can.
I've been annoyed by how Google uses Adwords for a while; suppose you're company in a competitive, undifferentiated space. I just searched for "enterprise rental cars," and the first thing below the search box, an ad, was for getaround.com. The second was an ad for Enterprise, the third was the organic result for Enterprise. Google is effectively telling these companies "You wouldn't want someone to happen to see a competitor first and click them when they search for them, would you? Then pay up." That's a racket.
Same with this. They're inventing the demand for this TLD, then telling developers to pay up if they don't want someone to take their name.
They're inventing the demand for this TLD, then telling developers to pay up if they don't want someone to take their name.
For a lot of developers the demand was already there because they had their local virtual hosts on .dev. It wasn’t standard, but it was extremely common.
Then one day Google announced that it owns .dev and all the developers had to move their development domains to a different imaginary TLD or .example since Chrome would no longer let them test web sites on their development environments.
I am a developer. I will not pay Google or anyone else to use .dev simply because I have learned that Google can not be trusted. What prevents Google from taking .dev back in-house one random day and kicking everyone’s web sites to the curb? Absolutely nothing. Because you don’t own the domain. You only rent it.
I keep my development and testing on locally routed .dev and simply don’t use Chrome. Fortunately the people who sign my paychecks only care about Safari. Not everyone has that luxury, but I do, so I will make this minuscule stand that Google will never know or care about because an algorithm cannot know or care.
You could make the argument with a lot of the (mostly pointless) TLDs that have been released recently, such as .uk, which was a clear money-grab targeting existing .co.uk owners, or .sucks, which feels like an attempt to extort all domain owners.
True. Also, the new TLDs have gotten out of hand to the point that ICANN launching a new TLD has become noise. Their restraint has been so lacking that I'm expecting punycode emoji TLDs in the next few years. If you thought .sucks was bad, just wait for the poo emoji.
Ugh. I wish I had something more insightful to say, but I read your comment and audibly groaned, because I just know deep down that you're correctly predicting the future.
google.com isn't a public place, it also isn't a particularly valuable plot of "land" aside the private goliath built upon it.
The fact people go to Google gives them their power to extort business for ranking. But thats because Google remains valuable - people use it because it works, or at least because of inertia that nothing is remotely better yet, and so long as people still value the search companies can do the cost benefit analysis to know if paying the rent is worth it.
And its fortunate the only people who really care about search ranking are those trying to make money off it. There are a lot more egregious crimes being committed in the privacy space by Alphabet or by rent seekers across the economy than a business making money as a parasite off other businesses trying to make money.
I'm aware of free speech in privately owned "public places" (usually shopping centers) in some jurisdictions (California), but I didn't think that applied to racketeering.
I find it hilarious that most solo or indie developers (who they are targeting, and the vast majority of developers) won't be able to get a .dev domain judging by these prices. If they really cared, they would have some program where they validated you were a real developer and actually put some effort into screening out squatters.
Instead they have implemented a braindead dutch auction-style system that ensures developers will not be represented fairly. The marketing and implementation of this are out of touch and its doubtful this effort will be successful.
Really? Because starting feb 28th it's only 12$/year, that's lower than pretty much any other decent TLD. Do indie devs really need the high demand domain names?
When I think of 'developers' I don't think of corporations with a $12k budget, sorry. What was cool about domain names back in the day was that anyone could register them, and you could get a cool name as an individual. I realize things are different now, and it's all about money.
It would be like Github launching a new web site and allowing 'developers' to select their usernames on a first-come basis if they paid $12k for the privilege. It's incredibly tacky and shows a lack of self-awareness on the part of Google.
My guess would be that this isn't primarily about the money (there are probably domains they could get more than $11,500 for), but rather about allocating the most in-demand domains in a way that reflects how badly people want them. A Dutch-auction-type thing like they're doing is a crude solution to this problem, but if they just went straight to GA too much valuable real estate would immediately be claimed by squatters and trolls.
The squatters defense is a good point - however, this also seems to ensure that the megacorps get the best pieces before anybody else gets to choose.
If defending against squatters is the top priority, they could also make it an application-driven process: Let people submit proposals about what they want to do with the domains along with a link to their organisation and have some group grant applications (preferably along some previously published criteria)
That sounds just as empty except now with massive human overhead for processing applications that can pitch whatever they want. I'd even be tempted to write up some bullshit to get a domain I want. What are they going to do, research my details? You can barely get a human on the phone at Google even when you're a paying customer.
Not to mention all the hurt feelings when someone's application is denied and the domain stays undeveloped or becomes a terrible website.
Auctions seem unfair but money is an extremely simple system for allocating finite resources. And it's not like you need a dictionary word domain name to have an online identity. It's almost pure vanity.
That kind of program, with us being in charge of deciding who gets each domain name, would be received extremely poorly. You can just imagine.
Domains would also be much more expensive, as there would need to be human evaluators in the loop for each domain name. The base price would likely need to be at least 10X higher to fund all this.
>I find it bizarre they are trying to make money in this way.
Why not? If they charged a flat rate at launch, domain speculators would snatch up all the valuable domains and you'll have to buy it from them at an inflated price. At least with this system google is pocketing the premium rather than third parties.
They also compete in random new industries each time this happens.
It doesn't seem like a smart move to lease a domain from a politically active mega-monopoly that might decide to randomly become your competitor in 2 years.