Alphabet has too much cash. They have a well established track record of enthusiastically backing exciting new projects way outside of their core competency just to dump them like hot garbage several years later.
They also compete in random new industries each time this happens.
It doesn't seem like a smart move to lease a domain from a politically active mega-monopoly that might decide to randomly become your competitor in 2 years.
Hi. I'm the Tech Lead of Google Registry, the team that is launching .dev (not to be confused with the linked Google Domains, which is one of many registrars selling .dev domains to end users).
You'll be glad to know that TLDs can't simply be discontinued like other products might be. ICANN doesn't allow it. The procedures in place preventing a live TLD from shutting down are called EBERO; more details here: https://www.icann.org/resources/pages/ebero-2013-04-02-en
The way it works is that all registries must send daily full backups to a third-party escrow provider, which are then used to restore the TLD under a different operator if the original operator shuts down unexpectedly. This is not some theoretical backup/restore procedure that goes untested; it's been used in the past, e.g. with .wed: https://www.icann.org/news/announcement-2017-12-08-en
But this typically only happens when the registry operator goes abruptly bankrupt, and is thus quite rare. Many, many widely used TLDs have been seamlessly sold/transferred across registry operators without you ever realizing it, including .io last year. That would be the "worst" you would expect from TLDs launched by large established players like Google. You actually get a lot more protections with gTLDs than you do with ccTLDs (such as .io), as ccTLDs aren't bound by contract with ICANN and thus aren't forced to do EBERO, or anything else for that matter.
If I register a domain, can google boot me off it at a later year if they don't like my politics? Or do I own the domain with the continuing option to re-register it or transfer to another domain registrar? Does google ultimately own the domains and simply lease them to me with no guaranteed option to continue?
Along those lines, if Google decides I’m a bot or nefarious developer as seems to mistakenly happen on occasion judging from recent hacker news posts, will I then lose my domain name? Or at least access to it? At this point tying any major asset solely to a Google account feels risky.
That's just false information. They didn't take any domain down. They stopped offering their CDN/proxying service to a customer. That customer is/was free to host their own content using their own or a different service. No company should be required to offer services to anyone and everyone unless they are the only option on the market. And cloudflare is very far from the only CDN on the market.
Unless I'm thinking of something else, it's not a domain registered through CloudFlare. The taken down site was using CloudFlare's reverse proxy service. IIRC, Matthew wrote about the incident in length.
I personally don't use CF for various reasons, but this site take down is not one of them.
It really depends on the product. E.g. if you buy Google Wifi, you can call them or chat with customer support, etc. If you need help with constructing a web search query, not so much.
So, please do not over generalize or compare apples to oranges.
As a customer, I can't be expected to have a mental model of which Google services come with actual support, and which ones come with Google-it-yourself support.
Comparing Google products to Google products should not be comparing apples to oranges. If Google is frustrated with customers assuming they don't support their products, maybe they should support all of their products, not just a select few.
I am frustrated by Google’s lack of support as anyone else, but it is completely unreasonable to expect support for a free product, regardless of how they might otherwise profit off you.
You can't say for sure that any new Google product is guaranteed to have horrible customer support, but you probably should assume that any new Google product has horrible customer support until you see proof of the contrary.
Google Fi’s support might be great. But you have to pay for it through Google Payments which is another potential single point of failure. If you ever trip any of their fraud flags you’ll probably never be allowed to pay for anything through google again, and good luck getting it fixed.
Sorry, but I reserve the right to be cynic. I belong to the old group of people who got to know Google as "do no evil" company, who tossed that to the wind as soon at it suited them better.
I wouldn't lease the domain through Google domains. Use a different registrar --- if possible, one that you'll be able to trust. That registrar will work with the registry of the TLD, which would be google in this case, and has a much better chance of actually resolving issues than if you were a direct customer of Google Domains.
While this is true there are very few reasons why a domain registrar will give you a lifetime ban let alone automatically do it for some perceived TOS crime, let alone refuse to tell you what your alleged misdeed was, let alone automatically reject evidence you submit to the contrary and keep your domains. Imagine the liability!?
Meanwhile someone got their Adsense account banned and in those cases Google refunds the allegedly fraudulent revenue to the advertisers and do not pay you the non-fraudulent revenue. The person who got banned went to court over it because it looked like Google schedules these things to maximize how much they could keep, Google fought for four years to conceal where the non-fraudulent revenue went and then settled for $11 million to keep that shrouded in mystery.
Note the nobody who will say what happens to your domains when your account is banned despite relevant Google personnel participating in this page, but they have time to detail how we're covered by ICANN if Google with $106+ billion in savings goes bankrupt in thousands of years...
They designed this awful system exactly the way they wanted it to work and they choose to keep it this way, everyone else should probably not use them for domains or web hosting in case yourself or someone associated with your account is irreversibly judged to have committed a TOS transgression somewhere within their empire.
I've been using https://www.hover.com/ for many years and they're great. Mostly because the prices aren't too bad, the dashboard makes sense, and they never contact me.
That's a redundant question, because just about every registry can dictate what their TLDs can be used for. It's part of the design laid down by ICANN.
- For Verisign with .com, they don't care if you're really a company or not.
- With Minds & Machines and .law, they only want qualified lawyers, courts, legal schools, etc. using the TLD.
Keep in mind that the registry and registrar are different things.
Godaddy banned Gab for political reasons as well. While you can split hairs and say that's just a registrar, you can also split hairs and say that youtube is just a hosted content platform. If you're thinking of running another infowars then I would advise avoiding registering domains with any major tech platform in general.
@bduerst,
Forgive my ignorance, but just to distill it down to brass tacks:
In this case, Google is the registry and thus the supreme court of who can and cannot be on this domain and there is no recourse if they yank your claim on the domain?
I mean, the entire domain name infrastructure is set up so that someone along the path can revoke registrations, all the way up to ICANN itself.
IME you're much more likely to be banned by the registrar than the registry itself. Registries want people to use their TLDs, so they're not going to reject post-registration unless you've changed how you're using the TLD and it's violating the rules they originally laid down. Registrars are much more consumer facing and will act accordingly - i.e. GoDaddy banning Gab.
You talk about the protections ICANN gives your customers in case Google goes bankrupt, but what are the protections or recourse your registry or Google Domains created for your customers to ensure recoverable domains and unimpeded uptime if their Google account is banned?
Premium prices are set at the registry level, and for Google's TLDs, are charged annually. The EAP fee is a one time only up-front cost.
Domains being sold by resellers are something different entirely, but yeah, some registrars that participate in reseller networks may lump those in as "premium" as well, which is confusing. Those prices tend to be one-time acquisition costs.
Because this is your area of expertise, can I ask you why more registrars are not selling 10 or 20 year domain ownership? Who wants a domain for just a year (if you agree with the premise behind individuals owning domains in the first place)?
Most TLDs allow registration lengths up to 10 years. And registrars will happily sell you registration for 10 years. Buy the domain, then immediately renew it for 9 years. I suspect the reason they don't offer a choice of registration years in the initial checkout flow is to reduce purchasing friction -- they don't want you to have to make another choice and then potentially back out of the sale. It's the same reason e-commerce sites will ask you for as little information as they can get away with when checking out your cart; for digital sales many retailers just do zip code instead of full address since they're not shipping anything.
As for longer registration periods than that, I suspect it's the same reason you can't, e.g., call up your cable company and try to pre-pay 50 years of service. They have no idea what things will be like that far down the road, and they don't want to have such longstanding obligations weighing on them.
It comes down to business decisions, not technical issues; technically speaking the spec allows for up to a 99 year registration period, though I'm not aware of any TLDs that support that. https://tools.ietf.org/html/rfc5731#section-2.5
I recently read an HN thread about Romanian ccTLD registry selling domains for lifetime. They have stopped it and asked the former customers to pay up though.
And also ccTLDs can make up whatever rules they want, whereas gTLDs are all bound by the same common set of rules. There are many ccTLDs that don't even use EPP (the spec I linked to above).
We already have enough sleazy domain squatters holding names for years and trading for ridiculous prices. Instead of long ownerships, we should have some way to prove you're actually using the domain after a certain number of years.
I disagree. At the end of the day, they are still vanity domain names. Adding more paperwork and process doesn't change that.
For example, pitch a solution that doesn't just make squatters upload some bare bones index.html. Or check a registrar's checkbox to park the domain somewhere with content. Or, well, upload the minimum amount of substance that you think is necessary.
Think about how you could possibly design such a program to ensure use, and how you'd prevent parking site services from cropping up that would make a site just meet the requirements for continuing registration. And if it's not a purely automated process, then the base registration price would have to go way up to pay for all the human work going into validations.
And now imagine the public outcry that can happen every time people have their domains taken from them (rightly or wrongly).
No, no registry wants to be in the business of doing that. You continue to pay for the name, it's yours.
We should stop calling organisations who hog domains in order to accrue an exaggerated profit from them "domain squatters". A real "domain squatter" should be someone who employs the "domain hogger's" domain until the domain hogger decides to actually do something with it themselves.
We wouldn't need such a profusion of TLDs (most of which are awful: .dev is an exception) if real domain squatting was made feasible.
The biggest problem with squatters is that they pay 100x less then you do for a domain. If they had to pay the same price they would squat on way less domains.
It sounded like they were referring to something specific, but didn't provide examples. I want to know exactly what they're worried about so that I can answer the question, but I haven't been given enough to go on. It sounds like they're worried about prices being jacked up by large amounts, but I'm not aware of that even having happened. Absent that, the current prices are what they are; pay them or don't, but you know what you're getting into.
I think they might be referring to Chrome's upcoming use of &targetText= for linking to specific words or paragraphs, which caused some controversy here yesterday. See:
Hi, just wanted to say how absolutely horrid this entire idea is. Domain name squatting and auctioning is already bad enough, and you're telling me we should give one of the richest companies in the world thousands of dollars for a domain name for development. This is completely counter to the spirit of the internet, and spits in the face of open source and passionate hobby developers who don't have silicon valley stock vesting every quarter. Instead of trying to get these domain names into the hands of real developers at a reasonable price, you're going to sell them to the highest bidders, squatters looking for new investments, and corporations.
Really not at all impressed by this, and it only serves as a stark reminder of the failed state of TLDs.
I don't understand the bile here, nor the alternative. Today there are no .dev domains, so anything is an improvement: today you can't use them, tomorrow you can choose to if you think it makes sense.
Re: price, say the .dev registrar decides to offer domains for a hobby-dev-friendly $1 flat fee, first come first served. Wouldn't that just immediately lead to a resale market where predatory squatters register all the domains and extract the market price from anybody who wants one?
I think it’s not cool to offer “early bird” registration for thousands of dollars. So Google is endorsing that rich developers should get the best domain names? How are they reserving for themself?
I think it would be cooler to have programming challenges or something neat.
But a cash grab just seems kind of, lame I guess.
I wouldn’t say I have bile, but I went from “this might be cool” reading the headline to “this is really stupid.”
But if you don't think the dutch auction style is a good one, what would your alternative be?
Because the problem of resellers buying up TONS of domain names is a real one, and thus far a dutch auction style seems to be one good way to combat that (since buying 10000 names and selling 10% of them for an overall profit is a LOT more risky when getting them first means shelling out a LOT more money).
A challenge or something would probably drive costs up across the board, and it would still exclude those who want to use the domains that might not be able to complete the challenge (IMO a worse situation), and other methods of "verification" would either be gameable or would exclude many devs.
I don't know of any more "fair" way of allowing people to buy domains. Why should a hobbyist be able to buy "paypal.dev" when potentially thousands of devs could use that domain at paypal, and similarly "klathmon.dev" would be awesome to have for me, and it's pretty unlikely that someone will buy that out from under me with this scheme.
Not to mention that the timeline here is literally half a month. After Feb 28th, there is no additional charge. So we are talking about 2 weeks of waiting.
In an idealized economic model, "rich developers" will get their desired domain names anyway as they can offer a large sum of money to the "poor developers" to give up their domain name.
I think the risk isn't that they become your competitor, it's that an algorithm flags your website for perceived abuse and that cascades down to you and your workplace being banned forever from Google, with no recourse because they choose to provide fake support despite having $100+ billion in savings and plenty of funding for eg global tax evasion.
It's risk management through diversification attempts. Google, like any other large scale extremely successful single product[1] company, hedges market risks in occupying "hot" spaces. Same with MS, Apple and all other giants, even in non-tech.
[1] see financial report of the last year (10K). Search for "We operate our business in multiple operating segments. Google is our only reportable segment. None of our other segments meet the quantitative thresholds to qualify as reportable segments" and "How we make money" (Source: https://www.sec.gov/Archives/edgar/data/1652044/000165204419... )
Youtube - money loser
Maps - money loser (but we will see after their recent huge price increases shake out)
Phones - money loser. they are selling fewer phones annually than apple sells in a week.
You made a fully general argument against anything that Google touches.
This isn't useful, because everyone knows that argument already. I'd rather know what Google's track record is specifically having to do with DNS (or fundamental Internet infrastructure).
I think their 8.8.8.8 DNS server has a pretty impressive track record for I think over 10 years. I know many people who changed their dns to 8.8.8.8 when they thought their DNS was shitty.
Back in highschool (15yrs ago) pinging a DNS server was something I sometimes did when fixing people's internet, always used 212.142.28.66. No idea why it's still in my head so much later, 8.8.8.8 sure is a lot easier to remember.
Can't agree with that. Taking a minimal amount of time and effort to host your own site on a TLD shows, at least, a moderate understanding of DNS and all that, much more than clicking things on Github Pages IMO.
Haha. I totally agree. As a shareholder, I almost feel like an activist campaign is needed. Sure, Verily and Waymo are interesting moonshots, but then the rollout of Youtube Plus or Premium seems like the most mismanaged rollout of a big tech company outside of the Amazon phone. Why is Google bothering with domain registry is a good question. Google code probably could have been what GitHub had it not been abandoned is another example of mismanaging product or service vision.
A while ago, some posts on HN went around saying that you shouldn't use third-world TLDs for your startup because some of them are unreliable stewards who would put your domain at risk. Does registering a .dev domain make you dependent on Google in the same way that registering a .ly makes you dependent on Libya?
There was this one guy who lost a valuable Twitter handle due to him using his custom domain email (via GoDaddy) as a login email.[0] I'd like to think imagine Google is better than GoDaddy when it comes to security and fighting social-engineering attacks but who knows. But if Google is a weak link wouldn't that also mean all our gmails are not as safe as we think?
I'd say Google would be one of the most resistant organizations to social engineering by virtue of the fact that you can never really talk to an actual human even if you are a legit user and want help on an issue.
I don't really understand the worry here though. Aren't you always trusting your registrar when you buy a domain name? Google at least has a pretty solid track recordin wrt security.
You aren't dependent on your vendors if you can switch them out without destroying your company. The real mystery is why people turn their own businesses in to little barnacles on the skin of behemoths and expect to not get brushed off.
Names in the DNS aren't personal property (and they certainly aren't real property). So "owns" is probably the wrong word.
But ICANN, which is responsible for the entire hierarchy, expected that eventually at least some of the new gTLD registry operators would fail, and so there is an escrow agreement for each one. If the gTLD is popular enough that somebody else will operate it, the last daily backup from escrow is given to the new operator and things continue from there. I guess your new registry operator may set fees or other conditions your current registrar doesn't like, but if you like the new you can move to a registrar that's OK with them. The list of names in the registry doesn't vanish unless both your registry AND the third party escrow company screw up.
If the gTLD is grossly unpopular, it may not be possible to find a new operator for that gTLD registry. I don't know what happens in that case, although whatever it is by definition won't happen to many names.
I also don't know what happens for the very stupid gTLDs that are essentially for private use by a single organisation, like .kerrylogistics. And I don't really care, so long as the fees roll in to pay for everything. Actually I'd have billed them for their original request, .kerrylogisitics [sic] as well, but I guess someone felt that was too mean.
"ICANN requires all registrars and gTLD registries to contract with a data escrow provider in order to safeguard registrants ... in case of registry or registrar failure, accreditation termination, or accreditation relapse without renewal." Basically if Google screws up then ICANN will give the data to someone competent who will take over the domain. https://icannwiki.org/Data_Escrow
That’s a bit of a stretch, not? If I visit dev.somesite.com, I can reasonably assume it belongs to the same owner as somesite.com. The same can not be said about somesite.dev.
Should we design standards for the dumbest of the lot lol? Not everyone understand that TLD is then maybe they should be educated rather than appeased to.
Also it seems to be primarily USA's issue. Every other nation uses their domain for internal websites (like cats.de) where's Americans tend to just clump everything in `.com` and act all confused by simple TLD scheme.
I don't think a person qualifies as "dumbest" because they do not know what a TLD is. Not everyone has to understand everything else in the world to be a human and use it. Not everyone knows how to be a mechanic but lots drive vehicles and fly in planes.
The issue with your generalization of America is flawed. The internet started in America so "we" clumped everything into .com because we could. TLDs for countries came as a way to organize and route better. A German requesting amazon.com, should goto amazon.de. (This all happened before amazon and CDNs and other things.)
It is ignorant to think a fundamental concept of domain resolution, TLDs is something everyone should understand to use the internet. Do you know how your cell provider takes a request to dial a number and resolve it to another person across towers and potentially hard wired cabling? Most don't and they all make calls.
My point was more about the assumption about who owns somesite.com. Assuming two domains are owned by the same company is a somewhat secondary concern to authenticating the owner of either; both of which are larger issues in their own right.
As commented by someone else, see e.g. whitehouse.com. The fact of whitehouse.gov being a different owner is much less of concern than that of whitehouse.com not having the expected owner in the first place (from the perspective of most visitors).
It might sound useless for those who doesn't know what it is.
However, for those who does it is very useful and getting more useful.
Browsers might (if not yet, coming soon to you) raise red flags if you try to use a website whose certificate was signed by a rogue CA that, according to DNS instructions, shouldn't be able to do so for that domain.
Browsers might demand OV from high profile websites in theory.
Seeing the organisation name next to the lock icon definitely gives me an extra layer of warm and fuzzy feelings. I’d say it has some value for those that can pay for it.
You are talking about EV certificates. OV-validated certificates require (the best case) the user to click on the padlock icon to reveal more information about the certificate.
> Let’s Encrypt offers Domain Validation (DV) certificates. We do not offer Organization Validation (OV) or Extended Validation (EV) primarily because we cannot automate issuance for those types of certificates.
I buy them. I don't like paying for them, but I want a certificate I know will just work for years without having to run certbot or one of its clones on my server. Well, that and LE didn't yet allow wildcard certs when I bought mine. They've already dropped their maximum validity from three to two years though, so I'll probably throw in the towel when they further reduce their validity to less than six months.
ACME is an open protocol (and very soon it will be an IETF Internet Standard too). There are many alternative implementations. Just find one you trust.
We actually did our own DNS-based implementation for our infrastructure.
I don't want to run someone else's code on my server just for this (the default certbot wants root access too, yikes), nor do I want to analyze someone else's implementation before running their code, and I sure as heck don't have the time, patience, or interest to write my own implementation of ACME just for the one service that uses it.
I want to go to a website, have it tell me to put a string into a meta tag or DNS TXT record, and then save the key it returns on my box. Then I want to forget about it for the next 2-3 years.
Honestly I don't even want to do that. I want my nameserver to generate a DANE/DNSSEC record for me automatically, and for browsers to honor that. It isn't like domain verification is any more secure than a DNSSEC record would be.
We do something similar, although not through a REST API. We handle all this cert management centralized on one server, which publishes the DNS records for DNS verification etc.
On our other servers is then just a simple script that periodically checks if the certs on the machine are near the expiry date and if so pulls a new one from the central system.
ACME protocol is fairly straight forward to implement, and you can easily write your own implementation with existing code (OpenSSL, Apache/nginx, etc).
With many commercial registrar's, although they offer a valid and long certificate, their technical aspects aren't very good. Many CAs don't support ECC certificates, the must-staple flag or CT SCTs embedded in the certificate.
I work a lot with web PKI, and every time I have to deal with a CA that's not LE or Digicert, I sigh out loud.
A certificate that last for years... That's exactly how you end up with a certificate that expired and no one realized. An automated process is a way more reliable.
Dutch auctions are incentive-compatible - they allocate the resource to the person that gains the highest utility for having it. Maybe Google got some of the people working on ads auctions to design this pricing structure.
I’m, that’s an icann rule for launching new tlds. The early access period is always higher, then there are several other periods that happen before a tld gets to General availability.
This pricing structure is not just for .dev domains.
FYI, there is no ICANN requirement that any sort of auction be involved in launching a new TLD. We used to use a standard auction (called the landrush phase in TLD parlance), but have since switched over to a descending price Dutch auction because it's significantly less operational burden for us.
It's generally a good idea to have some kind of auction for the reasons the parent comment mentions, as it is a more economically efficient way to allocate the limited namespace to those who want it the most.
I remember people calling that a bit of a fiasco... was there anything theoretically wrong with the application of a Dutch auction for that purpose, or was it just that the underwriting community and their clients had every reason to make the situation look bad?
The price basically ended up being set by the underwriters because they big players bought most of the shares and bid at the price they underwriters told them to bid at. It wasn't really a fiasco, it just didn't accomplish what they wanted.
Yeah, there are domain names out there that are so valuable that they've sold for eight figures USD. There definitely are domains that buyers (typically companies) are willing to spend well over $10k on acquiring. It's with this in mind that the EAP prices are set.
> they allocate the resource to the person that gains the highest utility for having it
I don’t think that’s necessarily true. Any large company is able to drop a ton of money on something that has marginal utility for them, whereas a small business that would gain much more utility from it may be outbid just by virtue of having the wrong opponents.
This assumes bidders have similar amounts of money to spend on domains, which may or may not true for any particular domain.
We can say that, when bidders do have similar bankrolls, whoever wants the domain the most is likely to buy it first. If they don't, whoever has the bigger bankroll will probably be able to buy it first.
I reserved unix.dev for the regular domain reservation price, not the crazy "premium domain" price because unix.dev was not part of the premium domain list.
However, Google determined that no, unix.dev should be a premium domain, and "stole" the reservation from me (after I have already paid for it). They later added it to the premium domain list, and they asked me for $11k to keep the reservation.
TBH, I expected to lose the domain because of trademarks or whatever, but apparently it was simple highway robbery.
Btw, I didn't even get my money back, just "store credit".
Hey, I just want to correct some misunderstandings here.
"Reservations" mean nothing. Google Domains is merely one of many registrars that have customers all vying for domains in the same namespace. A "reservation" just means that the registrar will make their best effort to attempt to get that domain for you at the specified price; it doesn't mean that some other registrar won't get it first, or that some other customer isn't willing to spend more and will get it on an earlier day of EAP.
Until the domain is actually created with you as the registrant, it isn't yours in any sense of the word. There are even registrars out there that will, upon acquiring a domain, auction it off amongst all of their customers who pre-registered it.
There are also Indian (male) names that are just “Dev” or that end in “dev”. The word means deity or god. There could be many Indians buying these when early access ends on February 27.
I recently found out that the sidebar menus on pages within https://developers.google.com/web don't work with JS off (usually a trivial thing: show sub-items by default and hide them with JS). Almost every Alphabet website has something like that.
So yes, minor anecdote, and I genuinely appreciate the hundreds of Google employees who really help the Web and share useful knowledge (and don't lead developers into using techniques best suited for billion-user websites, as FB often does) but I'll reserve to right to side-eye anything Google says.
Also the site claims to about “web fundamentals”, but the content pushed out are all articles about cutting edge, experimental features in Chrome. There’s nothing wrong with documenting new features in your browser, but calling it fundamental is fundamentally misleading.
There's nothing about Safari that makes it "the new IE8". Ironically, the very same HN that bemoans every new thing as "why should devs jump onto this shiny new things, just slow down already" criticises Safari for not jumping onto every new thing.
Ironically, the very same HN that bemoans every new thing as "why should devs jump onto this shiny new things, just slow down already" criticises Safari for not jumping onto every new thing.
HN is quite diverse and I'm pretty sure those are two disjoint sets of users. (I'm in the former group myself --- not a fan of presenting information in such a way as to decrease its accessibility while also increasing resource usage.)
I bet I could make those accordion sections work in all browsers going back to IE5 without much effort, and use nothing near 120KB of JS to do it... but no, most "modern web devs" would rather pile on the bloat of their libraries and "best practices" to make something that works only in the very latest version of the one browser they personally use.
Your post shows the big difference in mentality that's partly responsible for why we see so many broken sites --- I haven't ever used those tags before and would just go for plain old DOM style manipulation with JS (which has been around for a very long time), whereas you started with something much newer and took backwards-compatibility as an afterthought to be added on. Your solution requires less initial effort (providing you knew about the new tags) but then additional effort to work on older browsers --- that might not even be done --- whereas my solution may take a little more effort initially, but then naturally doesn't need any further considerations for backwards-compatibility.
My mentality is to make the website usable without JS for most people (with the reasonable effort of installing FF or Chrome at most), then use as simple and compatible JS as possible if needed. Thus, old-style DOM fiddling isn't the first choice - and if we're talking very old browsers, it was also tricky to get right due to all the incompatibilities.
Why you think something would be broken when a polyfill is used as fallback, I don't know.
Why would anyone use an older browser? (Other than IE in old firms - but this is probably becoming rarer and rarer) I guess everyone should upgrade their browser regularly, at least to get security upgrades
It's support for video codecs is pretty limited, and has been for a long time, but I think you're right about most of the other things being very new "standards".
Also, the navigation and some other parts aren't usable with ad blocker enabled, since there are no non-JS links/anchors. Embarrassing for an entity that once tried to position itself as a supporter of usability and user-friendly web pages.
<SUPPORT_PERSON>12:53 PM
Thank you for contacting Google Domains. My name is <SUPPORT_PERSON> and I'll be happy to assist you. Let me quickly read your notes here.
<SUPPORT_PERSON>12:54 PM
Hi there
<SUPPORT_PERSON>12:54 PM
How are you?
<ME>12:54 PM
Hi. I'm trying to read your website but it's broken in one of the dominant web browsers in the world.
It works great in Edge, Firefox, and Chrome on my PC. I think he's too high up on his horse to realize that the problem may be on his beloved religion/platform.
It's a nice way to earn a bit of cash from larger companies who do not want "company.dev" associated with porn or malicious content. Imagine if "unity.dev" or "disney.dev" pointed to a cesspool of viruses.
There are icann rules for launching a tld. There is a period for tm holders. Most companies are going to get their company.dev during the tm period. If they don’t, three is always the udrp process.
So big companies with big money won't have to shell out cash because there's a TM period for them but smaller one got to buck out 10,000 bucks to prevent cyber squatting ?
If you're already running your own internal DNS servers (to serve .dev, .test, etc.) , then just buy a domain for your org for internal use (e.g. "<mycompany>-internal.<tld>" or "<mycompany>-private.<tld>", or if your company is "<mycompany>.com" then purchasing "<mycompany>.net" or similar), split-horizon so that queries from the Internet direct to some CDN-hosted static page saying "nothing to see here, internal use only, if you are an employee please VPN in" and internally you find the actual services.
You never run the danger of your internal domain being unroutable (since you indisputably own it), none of the stuff on subdomains of your internal domain are internet-discoverable (since none of the internal services are exposed externally), you retain the flexibility of eventually making internal services Internet-routable when you get around to building out a BeyondCorp model (if you ever do), and it probably costs a negligible <$10/year in registration fees.
Not every development environment, company, and set of IT/security policies are the same as yours. Just because you cannot envision the problem doesn’t mean the problem doesn’t exist.
> The ".localhost" TLD has traditionally been statically defined in host DNS implementations as having an A record pointing to the loop back IP address and is reserved for such use. Any other use would conflict with widely deployed code which assumes this use.
So it might work but it could be problematic if the intent is to use ".localhost" as a local network domain rather than just the local host.
An internal network might not be a LAN - for example, it might be a company's entire internal infrastructure spread over three offices and a datacenter with VPN.
Plus "DNS related code" can be stretched pretty far to "code that uses DNS." so it's the one I prefer.
The only thing I wish was easier was having a TLD for network local names but not link-local names. I typically just buy a name for that but it seems clunky since any in-use name that uses public DNS TLDs I feel ought to be DNS server independent.
.test also works, but I like .dev more, so I have and continue to use .dev via hosts file (edit: hearing Firefox is doing the .dev HSTS preload as well, that's very disappointing to hear.)
I do wish /etc/hosts accepted wildcards, though. It can be a touch annoying having to add a new rule every time I create a new subdomain.
If you like .dev so much instead of .test, why not use something like subdomain.[public-domain].dev.com for all of your dev use?
It seems silly to continue using .dev, especially when this will now be a public and commonly used TLD. So now, if you're modifying .dev records for a local/private network, and then you or someone on that network attempts to go to a public website that is using the .dev TLD, it might not work, or you'll get a completely unexpected result. Doesn't seem worth that hassle.
Who bought it is irrelevant. It could have been released to the public in a similar way to .com and the same issue would remain.
The .dev TLD was never reserved for your dev use. If you had been doing it correctly and following the RFC, you wouldn’t have to change anything with your workflow.
Now, if they ever release .test for public use then I’ll grab my pitchfork with you.
One company I worked at thought it would be a good idea to use .local for their global internal network.
Worked fine for Windows folks. Was an huge pain in the ass for anyone on a Mac (using Bonjour) or Linux machine (using Avahi). No auto discovery of printers.
Google weren't supposed to make it generally available. From their application[0]:
> .dev will operate as a closed gTLD. It will provide Google with the opportunity to differentiate and innovate upon its Google products and services through its use of the gTLD. This will promote competition in the gTLD space by inciting competitors to respond with improved gTLD operations, greater range and higher quality products and services, and⁄or the creation of their own respective gTLDs, to the benefit of all Internet users. Launching the proposed gTLD will also generate increased competition in the online marketplace by adding incremental availability to the second-level domain pool.
Presumably you were already editing your hosts file or running your own DNS server in order to make .dev resolve for local development, which you can continue to do?
Yeah sure takes one minute, one minute of wondering if you really wanna bash your head against a wall getting openssl to spit out an X509 cert and then some.
You mean wait six to eight months for the IT security department in another division of the company in another state to -maybe- approve my cert request.
Not all web development is three guys on Linux laptops at WeWork.
If you're a big org, presumably you could just get your org to just buy the TLD if it's that much trouble.
Something tells me it's not actually that much trouble though, and people just like whining about minor inconveniences because it's the internet and they can.
I've been annoyed by how Google uses Adwords for a while; suppose you're company in a competitive, undifferentiated space. I just searched for "enterprise rental cars," and the first thing below the search box, an ad, was for getaround.com. The second was an ad for Enterprise, the third was the organic result for Enterprise. Google is effectively telling these companies "You wouldn't want someone to happen to see a competitor first and click them when they search for them, would you? Then pay up." That's a racket.
Same with this. They're inventing the demand for this TLD, then telling developers to pay up if they don't want someone to take their name.
They're inventing the demand for this TLD, then telling developers to pay up if they don't want someone to take their name.
For a lot of developers the demand was already there because they had their local virtual hosts on .dev. It wasn’t standard, but it was extremely common.
Then one day Google announced that it owns .dev and all the developers had to move their development domains to a different imaginary TLD or .example since Chrome would no longer let them test web sites on their development environments.
I am a developer. I will not pay Google or anyone else to use .dev simply because I have learned that Google can not be trusted. What prevents Google from taking .dev back in-house one random day and kicking everyone’s web sites to the curb? Absolutely nothing. Because you don’t own the domain. You only rent it.
I keep my development and testing on locally routed .dev and simply don’t use Chrome. Fortunately the people who sign my paychecks only care about Safari. Not everyone has that luxury, but I do, so I will make this minuscule stand that Google will never know or care about because an algorithm cannot know or care.
You could make the argument with a lot of the (mostly pointless) TLDs that have been released recently, such as .uk, which was a clear money-grab targeting existing .co.uk owners, or .sucks, which feels like an attempt to extort all domain owners.
True. Also, the new TLDs have gotten out of hand to the point that ICANN launching a new TLD has become noise. Their restraint has been so lacking that I'm expecting punycode emoji TLDs in the next few years. If you thought .sucks was bad, just wait for the poo emoji.
Ugh. I wish I had something more insightful to say, but I read your comment and audibly groaned, because I just know deep down that you're correctly predicting the future.
google.com isn't a public place, it also isn't a particularly valuable plot of "land" aside the private goliath built upon it.
The fact people go to Google gives them their power to extort business for ranking. But thats because Google remains valuable - people use it because it works, or at least because of inertia that nothing is remotely better yet, and so long as people still value the search companies can do the cost benefit analysis to know if paying the rent is worth it.
And its fortunate the only people who really care about search ranking are those trying to make money off it. There are a lot more egregious crimes being committed in the privacy space by Alphabet or by rent seekers across the economy than a business making money as a parasite off other businesses trying to make money.
I'm aware of free speech in privately owned "public places" (usually shopping centers) in some jurisdictions (California), but I didn't think that applied to racketeering.
I find it hilarious that most solo or indie developers (who they are targeting, and the vast majority of developers) won't be able to get a .dev domain judging by these prices. If they really cared, they would have some program where they validated you were a real developer and actually put some effort into screening out squatters.
Instead they have implemented a braindead dutch auction-style system that ensures developers will not be represented fairly. The marketing and implementation of this are out of touch and its doubtful this effort will be successful.
Really? Because starting feb 28th it's only 12$/year, that's lower than pretty much any other decent TLD. Do indie devs really need the high demand domain names?
When I think of 'developers' I don't think of corporations with a $12k budget, sorry. What was cool about domain names back in the day was that anyone could register them, and you could get a cool name as an individual. I realize things are different now, and it's all about money.
It would be like Github launching a new web site and allowing 'developers' to select their usernames on a first-come basis if they paid $12k for the privilege. It's incredibly tacky and shows a lack of self-awareness on the part of Google.
My guess would be that this isn't primarily about the money (there are probably domains they could get more than $11,500 for), but rather about allocating the most in-demand domains in a way that reflects how badly people want them. A Dutch-auction-type thing like they're doing is a crude solution to this problem, but if they just went straight to GA too much valuable real estate would immediately be claimed by squatters and trolls.
The squatters defense is a good point - however, this also seems to ensure that the megacorps get the best pieces before anybody else gets to choose.
If defending against squatters is the top priority, they could also make it an application-driven process: Let people submit proposals about what they want to do with the domains along with a link to their organisation and have some group grant applications (preferably along some previously published criteria)
That sounds just as empty except now with massive human overhead for processing applications that can pitch whatever they want. I'd even be tempted to write up some bullshit to get a domain I want. What are they going to do, research my details? You can barely get a human on the phone at Google even when you're a paying customer.
Not to mention all the hurt feelings when someone's application is denied and the domain stays undeveloped or becomes a terrible website.
Auctions seem unfair but money is an extremely simple system for allocating finite resources. And it's not like you need a dictionary word domain name to have an online identity. It's almost pure vanity.
That kind of program, with us being in charge of deciding who gets each domain name, would be received extremely poorly. You can just imagine.
Domains would also be much more expensive, as there would need to be human evaluators in the loop for each domain name. The base price would likely need to be at least 10X higher to fund all this.
>I find it bizarre they are trying to make money in this way.
Why not? If they charged a flat rate at launch, domain speculators would snatch up all the valuable domains and you'll have to buy it from them at an inflated price. At least with this system google is pocketing the premium rather than third parties.
I'm not familiar with ICANN rules, but I wonder if a company can do whatever they want to a gTLD once it's accepted, even if it's not within the intended usage in the gTLD application? As far as I know, Google said they registered .dev for internal use and for Google-related products and it will be completely closed to Google, according to their application[1]:
> The mission of this gTLD, .dev, is to provide a dedicated domain space in which Google can enact second-level domains specific to its projects in development. Specifically, the new gTLD will provide Google with greater ability to create a custom portal for employees to manage products and services in development.
> Charleston Road Registry intends to operate the proposed gTLD as a closed registry with Google as the sole registrar and registrant. The goal of the proposed gTLD is to allow Google to manage the domain name space for its projects in development. The proposed gTLD will provide Google with the ability to customize its domain and website names for its projects and signal to users that .dev websites are managed by Google
> Charleston Road Registry believes that given its intended use by Google, the .dev gTLD will best add value to the gTLD space by remaining completely closed for the sole use of Google.
…and now they're opening it up to the public... :\
It's not a TLD, it's either a single-label hostname or a fully-qualified subdomain (both will resolve internally, the former obviously won't resolve externally but the latter will, you'll just get an auth error).
I always thought gTLD has the same restriction as sTLD (for example, .aero is strictly for airline-related domains, or .mobi that must be optimized for mobile, which TBL strongly disagrees[1], etc.) but in reality I guess it's more like ccTLD where they're free to do whatever they want with the domain.
This seems like one of those anti-patterns that has been passed down by blog posts and from engineer-to-engineer. I've seen this in almost every single developer team I've been apart of.
Either way, like you said, people should be using .test so you don't have to worry about future collisions.
It literally happened to me yesterday, setting up a VM and aliasing it to a .dev domain for local testing. Took me an hour to figure out what was wrong =/
They run the authoritative nameservers for .dev, so they'll have some information about how much traffic your domain is getting, and from where.
Beyond that (and knowing you own the domain), running the registry doesn't give them any more info than they already get about you & your domain from their other services.
Does anyone know how the “premium” renewal prices are set and governed? I’m going through this right now with .app domains (also owned by Google). Apparently domains categorized as “premium” have a much higher yearly pricing, and how it’s priced is not specified anywhere on the registry website. I called a few registrars and they said that the premium pricing is set by the registry. What’s concerning is that the registrars admitted that there really isn’t anything stopping the registry from increasing the premium pricing at will.
Anyone have anymore info about this? Seems concerning that a registry has no restrictions on what they can do with pricing after an individual has invested into an expensive domain.
AFAIU, the ICANN New gTLD registry agreement means you can't have "premium" prices for renewals:
"Registry Operator must have uniform pricing for renewals of domain name registrations (“Renewal Pricing”). For the purposes of determining Renewal Pricing, the price for each domain registration renewal must be identical to the price of all other domain name registration renewals in place at the time of such renewal, and such price must take into account universal application of any refunds, rebates, discounts, product tying or other programs in place at the time of renewal."
Hmm, this definitely isn't the case for .app. There are numerous tiers of pricing as of right now. Google categorized specific names as "Premium", which you can see when searching for a lot of .app domains. These Premium domains vary in both initial purchase price AND the yearly renewal. One of my examples is in this thread. Purchase price was around $1000, yearly renewal is $280. Other names are even higher...
Ah, yes, the (c) clause says they can charge you more if you agreed to it "at the time of the initial registration", but not after you have invested in the domain.
But I suggest people read the whole article themselves, I have no industry expertise.
Premium names are common across the domain industry. Different registries handle them differently (some have an up-front cost whereas others like us use annually recurring), but the registrar you're using should be making it very clear what costs you're signing up for during the registration flow.
Are you saying the registry can arbitrarily change the .app domain renewal price without control, or that they can charge a different renewal price for different .app domains?
I've experienced weird price fluctuations with .io domain renewals in the past, but haven't owned one in a few years.
According to registrars, yes. So for example, let's say I paid $1000 for a premium .app last year when they were released. Renewal price is marked for something like $280/yr, which I didn't expect, because I thought the premium pricing was an initial purchase price only. I thought the renewal price was standard .app renewal rates.
When I called to clarify with a few registrars, they said that this premium price ($280) is specified by the registry (Google), and that there's no guarantee that pricing will stay at $280. I used a hypothetical, and asked them if it were possible for Google to raise the price to something like $1000/yr or $10k/yr, and they confirmed that there is technically nothing stopping the registry from doing so.
What registrar did you use? They should have made it very clear during the checkout flow what the annually recurring charge was. Can you try it again now with persona.app (another premium) and post a screenshot of what exactly they're displaying?
Yikes! My one was and still is $63.70/year. I wonder what makes a domain "premium" anyway, and what makes it more or less premium? Never even seen a live .app domain anyway so that sort of makes them not premium at all.
One criteria I've seen used to price domains as "premium" is shorter names and popular dictionary words. Not sure if this is consistent across registrars, but I would think "premium-ness" is established at the registry level.
It's unclear to me if premium-ness is a function of time, and/or if there's an objective formulaic criteria here.
I'm unsure how it is determined but when I asked my .app registrar they said it should be $120/year for each renewal, which was less than I paid to register it. Guess I'll find out.
I believe in the original .app launch thread on HN they stated that premium domain pricing was based on machine learning. So...who knows.
"Our ML predictor calculated with 95% confidence that in the next 3 years your software will become our competitor, damaging our projected profits. We decided to terminate your domain ownership and auctioned it off to PigsDoAds Inc., effectively immediately.
Our ensemble of customer support chatbots wishes you a wonderful day!
"
Good question. Nobody seems to know the answer here.
HN seems to be generally knowledgeable, but in this case nobody seems to be able to provide answers with good references, just guesswork. Google operates the domain. How much regulatory power it has? What is the agreement with ICANN. What is the dispute solution mechanism?
----
edit
after looking around, operator agreement with ICANN seems include public interest commitments etc. Operator can't do whatever they want and their policy should be transparent.
> Registry Operator will operate the TLD in a transparent manner consistent with general principles of openness and non-discrimination by establishing, publishing and adhering to clear registration policies.
I don't know how this stuff works, what gives google the ability to sell these domains early? Also why is everyone cursing google for taking their local .dev? Google is not the only place you can buy these. Namecheap has .dev in the works, and GoDaddy is taking pre-orders as well (I didn't keep searching but I'm sure it's available at many other registrars), but nobody is cursing and shaking their fist in the air at those services. So what does google have to do with it? Why are we all holding them responsible?
>The evaluation fee is US$185,000. Applicants will be required to pay a US$5,000 deposit fee per requested application slot when registering. The deposit will be credited against the evaluation fee. Other fees may apply depending on the specific application path. See the section 1.5 of the Applicant Guidebook for details about the methods of payment, additional fees and refund schedules.
There's a nonzero chance that the investment could be a dud if people simply don't like the TLD, the same way how no one (except a few people [1]) like the .bike TLD.
I feel like if they're going to force https on .dev domains they should just bundle certs with the domain itself. I like https as much as the next guy but it's simply not necessary in many types of websites (e.g. a website with documentation and third party binary links), and they're not making it as painless as it could be to comply with their own rules
>it's simply not necessary in many types of websites (e.g. a website with documentation and third party binary links)
I see debates about HTTPS as being a bit like debates about wearing pants in public. "Technically, if a subway station is empty and the AC is working, you don't have to wear pants." "You don't gain anything by wearing pants in a deserted forest when the weather is nice." "Wearing pants is a lot of work, and every day before putting them on I check to make absolutely sure that I will suffer dire consequences if I leave them off."
In all of these cases, you are betting big that none of the situations will go sideways for unexpected reasons (how sure are you that you have thought of 100% of the ways in which going pants-less in a subway station could get you in trouble, and how sure are you that none of them will happen?), but the reward for taking on that risk is almost nothing.
I take your point, but to be fair, there is a cost to me for thinking in this way where I better consider every possible action I take being offensive. I have no malicious bone in my body, but I am certainly callous at times (unintentionally).
What are some good use cases for a .dev domain? For example, .ai for Artificial Intelligence, .io for startups. One thing that comes to my my mind is .dev is good for developer tools and related projects. Any other projects or products that .dev domain can be used for? Thanks!
Sure. I'm not really impacted. The racketeering targets big companies who need to buy all domains in all tlds for all of their trademarks. It's disgraceful but of course it's hard to feel sorry for large corporations.
Yet, Internet companies (like Google) who participate in this should lose a little respect from everyone.
Having used "sudo vi /etc/hosts" to add .dev domains, this gets no <3 from me.
I'm going to avoid buying one, but if there are any popular .dev domains I hope I will forget about it before long. I don't want negative feelings from this so often. On the other hand there are plenty of reminders of negative things in politics and the environment, so I guess I've gotten used to it and developed outrage fatigue.
We have RFCs for a reason, so people follow predictable behavior everywhere. And so you don’t build up a ton of work/customization and then suddenly have a surprise like this. Worse, you embed that custom design into a system and then leave and someone else needs to fix that mess.
.test is what you should have been using, precisely for this reason.
Nope. Testing is a meaningful term in software development, and what I was using it for doesn't entirely fit into my concept of testing. Much of it was just development.
At least you aren't directly accusing me of failing to RTFM!
I've been vaguely aware of what's in that RFC, but I don't think reserving those TLDs for local stuff means that other TLDs are off limits. I certainly don't use example.com for all example emails. Developer happiness comes first.
I got burned by going with domains outside that doc, but I think the blame goes on Google, not on those who decided to use .dev without making it an official standard. I think if it was an official standard Google might still have muscled their way into getting .dev, and I wouldn't be surprised if they do the same with .test in the future.
I'm a developer too, I always use example.com because accidentally triggering bogus outbound mail from corporate IP addresses can make a mess for Operations.
And Google gets baseless accusations because you feel entitled to something. Enjoy the feeling, you're entitled to it.
.dev domains will be available from many dozens of registrars, including most likely the one(s) you're already using. You'll for sure be able to get one.
It seems like some companies and individuals started to register their names with .dev TLD. There are 573 registered .dev domain names now.
You can see all of them on dofo.com: https://dofo.com/search/?extension=dev
Most likely the domains like tmp.dev, staging.dev, and production.dev are premium domains that will never be released by the registry.
Many premium domains are held back by the registry, which are a part of icann rules. Those domains are typically not able to be registered and used by anyone.
I feel disappointed about the pricing. Shows a complete lack of understanding of developers. Right pricing steps are 0,1,2,4,8,16,32,64,128,256,512,1024,2048,4096,...
Most likely the registry won’t let you buy trademarked domains if you can’t prove you have the trademark. There is a period set aside for tm holders.
I would stay far away from any brand or tm domains at any time. You will eventually lose the domain through a udrp. And you could likely get sued as well.
I really actually hope Google decides to not index .dev domains/sites. It’s crazy how many times have I seen a site in dev or staging that gets indexed by google but shouldn’t be indexed.
Um. Wait? Didn't Google recently propose (effectively) an alternative to domains? I realize that's a long way off, if ever. None the less $12k feels excessive.
A domain just for developers! Until it abruptly shuts down Feb 19, 2021. Why would anyone trust Google with something with any kind of long-term requirements as important as a name? They should have registered ".chump" instead, because that is really what users of a Google-managed TLD are declaring
"Dear VALUED developer, thanks so much for being a part of the .dev experiment! After a long hard period of staring at our shoes, we realized we cannot extract sufficient value from our users in this manner. As of midnight, your name will automatically be migrated to our newer, better, faster TLD, .plus, the future of the open web"
I don't think this is a huge concern - at least ICANN has the power to designate a successor registry, and I guarantee someone will break down the doors trying to get that particular gtld.
A TLD "with benefits" from Google is a money-printing press. While Google has a certain track record, this makes it rather unlikely for them to discontinue it in the near future.
I mean, I get your point, but I think this is a meme exclusive to HN. Other than Google Reader, there really isn't much Google has shut down without having a newer, better product you can transition to.
When it comes to something like this (AKA not a consumer product, makes money, relatively easy to run, etc), I genuinely can't see them shutting down a TLD like this.
If anything, the complaint should be the lack of official support you should probably expect for it.
Also, can I add Google Code Search? That thing was such an incredibly valuable resource for figuring out how to work around inane edge cases in eg GTK. Just search for the function that's giving you issues, and find a dozen projects with extensive comments describing their workarounds.
This is an amazing list. It might not be 100% fair since a few products got replaced with something better, but I think most didn't.
Fundamentally, Google is just an advertising company that happens to employ very smart people. If you go to work for Google, you have to understand from the outset that you're working for an advertising company and you're not going to change the world. You might be allowed to work on a fun project, but if it doesn't directly serve the needs of advertising it will be shut down. But hey, it'll look good on your resume.
The 'Google Graveyard' meme is known far and wide beyond HN - I'm a long time member on a [n ostensibly] design-focused forum where it's been a long time running gag (of the acerbic kind) too.
Somebody makes this post on every HN thread involving Google now. But the three big public deprecations I'm aware of are Reader, Inbox, and G+. All consumer products. All the other stuff on that killed by Google site is stuff I've barely even heard of, and all consumer products.
To my knowledge, no major GCP component has ever been deprecated. Am I missing something? This seems like it has just become a groupthink HN meme at this point.
> To my knowledge, no major GCP component has ever been deprecated. Am I missing something? This seems like it has just become a groupthink HN meme at this point.
It's not like these complainers actually read articles they're commenting on. You could see this in the Chromecast DNS rantfest - the path is "Google in title => rant about your pet peeve" not "Read article => complain about topical thing".
It hosted repos, and broke links to those repos and links within them. It also broke processes that relied on the repo, e.g. automatic issue creation in CI, but that's less serious.
Setting up a redirect works if you are the administrator of the project...and are still alive. Migrating a project was simple if it didn't have a wiki. There are a lot of details that caused some real headaches. I remember it being like a mini Y2k at the time, and there's no telling how much we just collectively lost from it.
This is simply incorrect. As the person who (led? handled?) the shutdown/archiving, the vast majority of the 'developer' web had gone to github. The handful of active projects were given white glove treatment once we decided to shutter the site.
> the vast majority of the 'developer' web had gone to github
I see hundreds of thousands of repositories on Github responding to the search "Automatically exported from code.google.com", which means they only transferred _after_ the shutdown was announced (when the export tool went live). Any wikis would have had to be hand-converted to not be broken, since the markup between the two systems was not compatible. I mean, thank you for handling it as well as it was handled, and thank you for (if you were part of that) the export tool, but let's not pretend that it wasn't disruptive.
The famous app engine pricing increase happened when app engine left preview. People still mention it often, but it was never meant for production usage while at the preview price.
Besides the usual disregard decency let's HSTS preload a TLD people have been using for local development for decades...
This is terrible gatekeeping and I hope Google perishes soon. Wow. I can't get over how fucking dumb this is.
This is the mark of a corporation filled with people that thinks putting a price tag on supposedly scarce good early will deter bad actors. Clearly everyone who thought this up has way too much money in their account.
Yes, this, though I really am disappointed in ICANN here. ICANN should not have sold a TLD known to be in heavy use already. Their desire for cash from this process seems to have overwhelmed their good sense in managing the domain system.
Yeah, well. That's got nothing to do with .dev. All the new TLDs are fucking dumb. Just a cash grab for the ICANN. Might as well get rid of TLDs altogether.
Honestly I don’t think it’s a cash grab for icann. There are plenty of registries that are making plenty of money, as well as domain owners selling the domains in the aftermarket.
The reason the new tlds were needed is the lack of options for buying a new domain. I know plenty of smaller biz and startups who couldn’t get the dot com they wanted and ended up choosing a really good keyword rich new tld.
Is steampowered.com sketchy? Even incredibly large companies often can't get the domains they want because they were bought twenty years ago by some Joe Schmo.
If you've been using .dev for local development, that means you've either been setting it in your hosts or using your own DNS server until now, which you can continue to do with a .dev TLD.
Except that both Firefox and Chrome ship with the ENTIRETY of .dev on HSTS preload lists, so it'll be impossible to use those domains without clients either installing a CA or owning the domain and getting a cert.
if you have the technical savvy to be using .dev before the Google deployment, you have the technical savvy to install an additional root cert for use with Chrome.
Sorry but this is pure malice by Google. I can invert this argument by saying if you're buying a .dev domain you have the technical savvy to get on an HSTS preload list, except you haven't broken anyone's workflow.
EDIT: And I mean... have you USED openssl's x509 toolchain? That's a few steps up from editing the hostsfile.
Editing the hosts file isn't a solution for internal use in organizations.
If it's just you, editing your hosts file, switch to .local or whatever. There was always a chance when using a "local" domain (which isn't actually some sort of standard) that such a TLD could be created in the future. If it's for an organization, create the root cert, and have that be one of the steps users need to take in order to access the dev site. Or just switch to .local or .test or .whatever.
I've been using .dev as a local test environment for years too, but I'd prefer to have more TLD options available and just switch to .local or .test because I'm not averse to change.
.local is reserved for multicast DNS/zeroconf, by the standard. You literally can’t use it on macos because it will always try to look it up in with mDNS first, and only fall back on /etc/hosts once that fails.
If you use .local for fake DNS for a dev setup, you’ll probably notice lookups are slow; that’s why.
(This is why I’ve always used .dev actually, although this may make me switch to .fuckgoogle or something instead)
Maybe you've never been in an environment where having to change internal domains is near impossible.
I work at the intersection of 3 corporations within our group. We provide a sort of "internal Heroku" using Kubernetes for anyone in the group that needs it. We recently ran into the 63 character limit on domain name labels (we have to use a wildcard cert because nothing else is approved by legal). You wouldn't believe the time developers would've had to spend on fixing the domain schema across hundreds of services if we hadn't found a way out of that dilemma. We're talking thousands of internal names, some of them given our to external partners (we use a partially publicly resolvable name, but we could've exposed our DNS as well) and some used in systems long forgotten.
That is such specious logic it’s kind of sickening.
I use TLDs like .dev exactly because it’s convenient. Not because I’m “savvy”, and even if that were true, it doesn’t follow that it would be just as convenient to set up a local CA.
Using `echo ip >/etc/resolver/dev` to have a custom dns server for everything in the .dev domain is trivial. It’s one command. Getting a custom CA for all of that is not.
One man's "convenient" is another man's "savvy." If you've got the technical ability (you are 'savvy') to use this TLD, you've got the technical ability ('savvy') to use your own CA.
And I didn't say it would be convenient. The world doesn't revolve around your convenience. I said you've got the ability to use a CA.
What's sickening is devs pretending their broken workflow is important (or should matter) to anyone else, and then getting fussy when it turns out that no, their non-standardized workflow is, in fact, not a standard.
Using .dev for local development is a bug, not a feature. The only reason it was used is because it wasn't yet a TLD . Not because it had some sort of special status as a "Local TLD".
Are you on a mac? 99% of times it's because of an external mouse connected.
edit: the css for the element that overflows has: `grid-template-columns: 50vw 50vw;` and based on the spec: https://www.w3.org/TR/css3-values/#viewport-relative-lengths, scrollbars are not taken into account, therefore as long as you have a _forced_ scrollbar, the content WILL overflow regardless of your screen size.
By forced I mean a scrollbar you cannot remove and that's not enforced by your systems settings, you can clearly see this behaviour on mac if you toggle the "Show scroll bars" setting to "Always".
Safari and webkit based browsers can avoid this issues with `::-webkit-scrollbar{ display: none}` but it's not a cross browser solution nor a wise decision to hide scrollbars overall.
Shows up for me on firefox and chrome on windows. Also, safari (and maybe chrome on macos as well) doesn't show scrollbars unless you're actively scrolling, so it's easy to think there's no scrollbars.
They can use a different TLD. One big benefit is that the literal TLD is in the list (not every domain) keeping the size of the list O(1) instead of O(n) as it is for other TLDs.
- Cloudflare 1.1.1.1 doesn't prevent you from using 1.1.1.1 as a development IP, it just prevents you from accessing their service if you are. Google preloading everything to the HSTS list prevents you from using it without jumping through loops.
- The IP address 1.1.1.1 as a public DNS has clear value to the public, DNS IP addresses needing to be for 0-255 values that are memorable. .dev has no real public value considering the plethora of other tlds.
> - The IP address 1.1.1.1 as a public DNS has clear value to the public, DNS IP addresses needing to be for 0-255 values that are memorable. .dev has no real public value considering the plethora of other tlds.
Of course it has, TLDs that describes itself are valuable for some business, and this is exactly what this seems to be about.
I hate the very high prices for early access. This is anti-individual-developer, pro big company, rich people.
I can see it's a way to let big companies save off their amazon.dev domain or whatever. I think a much more preferable early stage practice would be to let people who can authenticate their name let them get their name .dev. I've been trying to buy my personal domain name for a while, a name squatter has been sitting on it for years, they don't even answer their contact email. A second domain that is commercial is also in a similar category. How do these companies keep their domains and never sell them?
Someone like say JohnAkbar.com has to wait and hope another JohnAkbar or a squatter doesn't get their name. I'm also jealous of people that have more unique names. People get vanity urls or twitter handle like things with my name and never use them. Sure, first world problem but
They also compete in random new industries each time this happens.
It doesn't seem like a smart move to lease a domain from a politically active mega-monopoly that might decide to randomly become your competitor in 2 years.