Can we get a super fast way to update DNS with lower cache, so dynamic IP updated through API works. This is one of the limiting factors.
Cloudflare works but the cache give downtime after every IP-switch
GOgoldenarm11 小时前
Remember when the .tk TLD became free 20 years ago ? Every hobbyist took one, then scammers followed, then Facebook and antiviruses started blocking it.
I remember publishing a website for a class on my .tk domain, the teacher couldn't open it and I almost got a failing grade because of it.
MOmort968 小时前
A friend almost failed an IT class because his website didn't render at all in IE6. This was during the time of IE9. The teacher just hadn't updated their browser in a long time.
I don't get how you get to be an IT teacher without knowing the most basic troubleshooting steps to get assignments to run.
HIhilariously1 小时前
I left community college after a week because my "computer" teacher required us to change our monitors to 640x480 and print out ever step that we completed in things like Notepad or Configuring the Desktop and then every day we'd punch it out and would add it to a three ring binder of all the things we've done.
Full Color.
PApaulluuk58 分钟前
I assume this was at a highschool and not at university? My IT teacher in highschool was the chemistry teacher, because.. he knew how to use Word, I guess?
He knew we were computer nerds so didn't really care about teaching us (we knew more than him anyway). And we didn't mind that he just sat there drinking coffee and reading a book, as it meant we could just play videogames for an hour. Good times.
MAmathstuf4 小时前
Heh…I once was in a state-level coding event (it was a small portion of a larger competition) where half of the test was turning in code on a CD during the competition, with the written half during the event. My CD was deemed unusable for whatever reason (it had worked on XP and Fedora 6 or 7 at home) and didn't count towards my score. I still got second in the event. I declined to continue because I couldn't trust that the judges would be able judge my submission fairly and that with half of my score missing I still got second that I didn't need to prove anything else at the cost of more after-school practice hours and wrecking my perfect attendance record during my senior year to travel to nationals.
ROrogerrogerr4 小时前
Does high school attendance matter for anything? Genuine question. Always seemed like pre-college schooling always wanted you to think everything was more important long-term than it really was.
RErepeekad3 小时前
It’s needed to get into college and that’s it, which is needed to get your first maybe second job and that’s it, which is needed to…
JIJimDabell1 小时前
During the time of Internet Explorer 9, it was surprisingly common for people to still be using Internet Explorer 6. This was often out of their control, for instance if they had intranet sites that required Internet Explorer 6, or if they were stuck on an old version of Windows because they had outdated hardware.
Later versions of Internet Explorer had compatibility mode, but it often wasn’t enough to get things working, especially if there was ActiveX involved or the security policies were restrictive.
Schools were especially prone to this due to their limited budgets among other reasons, and IT teachers weren’t normally the decision makers who could do anything about it. You shouldn’t assume that a random IT teacher had the authority to spontaneously upgrade a school computer that needs to be used for things besides that one student’s assignment.
MOmort961 小时前
I will, however, assume that an IT teacher has the ability to recognise, "this isn't working because I'm using an ancient browser". If the teacher is completely unable to use a less ancient browser, the requirement for the project to work on IE6 should be clearly stated, which it was not.
However in this case, my friend just helped the IT teacher install Google Chrome on his computer and showed that the site rendered fine there. I don't know what sort of policies were in place but there were evidently no technical measures implemented to prevent people from installing a modern browser.
CPCpoll7 小时前
I had a similar class where they threatened to fail us if we didn't use Dreamweaver and instead wrote our own html.
BObowersbros12 分钟前
I had a teacher who told us to make a website using Powerpoint..
Turns out you save save as HTML and any links you put between slides become anchor tags.
Pretty neat, but hurt my soul to have all my classmates do that
HEHerbManic7 小时前
Dreamweaver was cool as a beginner because it took a lot of the troublesome parts out of the equation. But it did end up being more of a hindrance than a benefit the further you went in.
MOmort961 小时前
I never understood Dreamweaver. The first thing it asked me when making a new website was ... what the resolution of my user's screen is? I don't know that!
BAbandrami2 小时前
What were these "troublesome parts"? The whole point of HTML's design is that it's incredibly easy for a human to write correctly.
REreddalo1 小时前
Just like AI vibecoded websites... Good luck understanding the code when the AI bubble explodes and you can't afford the insane price that AI will have by then.
LAlayla5alive7 小时前
Was that class taught by a certain woman who had a business making websites, per-chance?
DCdcow6 小时前
You just described my teacher, and I’m fairly certain we didn’t go to the same middle school.
ARarsenicwater7 小时前
Were they paying for the Dreamweaver licenses?
ANanon70004 小时前
When I had web design a bit after 2010, they still used Dreamweaver and yeah you could get a license for free via the university. That’s pretty normal (eg giving you a Visual Studio license, Office, all that). It was more crazy that the course was so incredibly basic (nothing more than static page building in dreamweaver) at this college compared to the other one I later transferred to
NEnekusar7 小时前
Please. Universities have students by the short and curlies. They can academically do basically whatever they want, and fail you for not complying. Professors can even demand their book be purchased, and fail for not buying the book.
Most universities are unethical shitholes that can do basically whatever they want to gatekeep a diploma.
LOlovich1 小时前
Tenure. Or at least that was my experience with my comp sci teacher who required that we gave him printed out programs for our homework and then tossed them into the trash while making eye contact with you and gave you a grade later.
The schools admins told me he had tenure so there was nothing I could do.
Didn’t take me a whole year before I switched majors.
TEtechpression3 小时前
It's a built-in secret part of the teaching for any job where you interact with customers, they don't upgrade and they have no troubleshooting skills.
Or just ineptitude, but I'm hoping for the former.
AFAFF8710 小时前
What a memory you have unlocked. They were everywhere. I remember the urban legend that .tk domains were X% of their GDP
CAcaptn3m010 小时前
10% apparently for .tk. I also remember .tv windfall, which is 8-9% of their GDP.
TYtyre9 小时前
And the .sy boom until startups got enough heat for, you know, funding the Assad regime.
RORobotToaster9 小时前
Apparently nobody cares that .af is now funding the Taliban
ARartursapek8 小时前
The .ai TLD is some tiny island with a few thousand people
GEgerdesj8 小时前
.io is (British) Indian Ocean (Territory).
UNunknown10 小时前
[deleted]
UNunknown10 小时前
[deleted]
GLglenstein6 小时前
I remember that. The one thing I would add is I think the usage was much more general purpose. "Free stuff" sites were a big deal and huge source of traffic and .tk was widely shared on those. You could have a banner with ads and have the domain for free.
DODonHopkins9 小时前
At least https://tcl.tk redirects => https://www.tcl-lang.org/
PRpreisschild10 小时前
Core memory unlocked
Not enough allowance to fund a .com domain, had to use freenom / tk + cloudflare for my first years of self hosting
CJcj9 小时前
Double unlock.
In the mid 2000’s, I moderated a domain name discussion forum in exchange for free hosting. “X forum posts per month = x gb of bandwidth”
My goal was to post enough for them to give me WHM access so I could try to resell it.
Those were the days.
DIdinkleberg9 小时前
Those were the days indeed. A big part for me is probably because I was a teen at the time with little responsibility, but getting to be a part of the wild west days of the internet was a magical experience.
CJcj9 小时前
Magical indeed!
I once mailed $70 cash (multiple months of allowance) to someone to code a MVP of something I wanted to build.
They ripped me off and disappeared.
And… that’s when I decided I needed to learn to code!
HAhahahaa6 小时前
In my case, ignorance unlocked. I never heard of tk and I remember 36k modems so old enough.
I think reason is I went to work, slung .NET and didn't think much about computers otherwise except occasional reading some C++ books for "fun".
ZNznpy2 小时前
I still have a .tk domain, paid since 2008, because it was the only one with my surname available.
Haven’t had much issues but surely if could go back and i’d pick a different tld.
TAtamimio9 小时前
tk and cc, the domains i used to use for php reverse shell haha, bring back memories!
PApaxcoder10 小时前
>One Person, One Subdomain
SIsingpolyma39 小时前
Indeed. That's the necessary
HUHumanCCF9 小时前
Yes, one of the key principles we follow is that all the perks we aim to provide must come with some limit to prevent abuse.
ANanilgulecha7 小时前
The "one free domain per person" isn't the interesting part really - that will be hard to police unless domain name is a function of ID proof (avoids squatting).
0) The actual intersting part of a new TLD can be growing reputation by post-facto taking away a domain without recourse in case of squatting. Instead of adversarial takedowns (which produce false positives as noted), let anyone challenge an inactive domain in the first year or two.
1) If they can figure out a mechanism for moving a domain from "assigned" -> "squatted".
2) Domain must match (or derive from) a verified identity - e.g. your domain is a hash/slug of your government ID. Makes squatting structurally impossible because you can't claim someone else's name / gov (Sign in with passkeys linked to a national ID).
3) Proof of human effort, reduced with time - require periodic renewal with proof-of-use (DNS TXt updates, through a flow hard to automate).
4) Kill speculative market - domains are non-sellable and non-transferable - always go back to the free pool, and stay there for 30 days mandatorily.
Some mix of these could be the right structure for a trule high-reputation, free domain.
_K_kb26 分钟前
.id.au already has some similar requirements for associating a domain with a real world (human) identity: https://www.auda.org.au/au-domain-names/the-different-au-dom...
IPipaddr7 小时前
Sounds like a bad domain for self hosting. You have to update txt records randomly and your domain can be taken for whatever reason. Whatever value you build goes away if you are inactive. You cannot transfer ownership killing any value you added.
ANanilgulecha6 小时前
Hence the "in the first year or two". Some more human effort to showcase proof early on, then the domain is solidified for you like iwth any other registrar. This is something like captcha/bcrypt - a single instance isn't a burden, but doing it at scale is costly.
> You cannot transfer ownership killing any value you added
I think this is by design. The domain should be for personal use - hence free.
HUHumanCCF5 小时前
Exactly this, the goal is to design a TLD according to human-centered principles. That is, we are assuming (and enforcing) that every endpoint using this domain will be some relatively small-scale environment for personal use. This is what will allow us to provide a lot of neat functionality but only at that scale.
QQqq663 小时前
The much simpler way to avoid squatting is to make .com domains cost $200 a year. This will instantly end the vast majority of domain squatting on the .com TLD and if people can easily get the .com they need for their business then the other TLDs are not going to have much squatting activity.
ZEzelphirkalt40 分钟前
How does this lend itself to self-hosting then? I think few people will pay that much to self host.
SCschrodinger2 小时前
I don't get it. How do you handle 10k people wanting, say, garden.com, without a free market?
PRprmoustache2 小时前
first served or random from a waitlist are other options.
BUBuyMyBitcoins7 小时前
I dislike the term “domain squatting”. It should be called “domain scalping”.
NOnonethewiser6 小时前
Or domain ownership.
KOkoolala5 小时前
It isn't scalping if your actually using it. It's easy to spot a scalping site since its just an advertisement to buy the domain.
BObottled_poe5 小时前
Or domain leasing.
UNunknown6 小时前
[deleted]
MAMagicMoonlight1 小时前
[deleted]
JUjurgenaut234 小时前
I am probably missing something, but how DNS TXT updates can be made difficult to automate?
ANanilgulecha4 小时前
We can get creative. quick ideas: Send it by printed post. pass it around people to people. an email needs to be added in with some process, and can only get one TXT update value a week.
Many ways of adding friction to obtaining the updatable value - which a human owning a domain would be happy to do, but a squatter would not want to.
SZszszrk2 小时前
> Send it by printed post
that's how one of my local companies tries to force clients in. They removed auth code from their web panels and introduced complex snail-mail procedure.
That was clear signal to run, but it took me 6 months to do just the domain transfer.
VEvessenes10 小时前
Hi there. I've done a bit of work on specifying human-centric identity goals for the internet over the last 10 years. May I suggest you look at Microsoft Vega? https://www.microsoft.com/en-us/research/blog/vega-zero-know... (I have no affiliation).
In brief, I think they aim to solve the most important needs for online identity-gated services in a maximally private way.
For instance, I'd like to see .self offer the following: a single domain to any person in the world with identity blinded. I can imagine two 'tranches': say xxx.v.self for 'verified' and xxx.u.self for 'unverified'.
Both would use a Zero Knowledge proof to confirm they had not already registered a domain; verified would register with you guys or a data broker some PII in case it was needed for verification / checks / etc, while unverified would maintain the promise of one domain = one person, but not allow the TLD or registrars to be able to unblind which person it is.
Use cases like this would be really fantastic. And, obviously could be tested out and tried on a normal domain name while you make your pitch, and put in for the auction / however ICANN is currently managing TLD launches.
HUHumanCCF10 小时前
Please submit this to us via our contact form, we will need lots of community input! https://hccf.onmy.cloud/get-involved/
QUquotemstr10 小时前
It is good that Microsoft Vega is popularizing zero-knowledge identity-based attestations. It's unfortunate that they're doing so in a relatively inflexible way.
I wish the Vega people had oriented their work around general-purpose zkVMs instead of application-specific ZK circuits. The latter is a fleeting efficiency win; the former is a permanent flexibility advantage. ZK-based privacy advocates shouldn't over-index on proof performance on today's systems when zkVM systems have been making multiple-OOM performance improvements over the past couple of years.
IOW, with Nova, the Vega people are trying to do something very clever (just as the BBS+ people are trying to do something very cleaver) that general-purpose compute wins have made unnecessary.
Something like RISC Zero will let you run arbitrary Rust code under zero knowledge in a few hundred milliseconds with little fuss. Nobody appreciates that identity verification is one special case of a vast set of useful applications enabled by widespread adoption of a ZK compute platform.
NLnl6 小时前
Disagree with this.
RISC Zero is useful for crypto use-cases: Other people need to verify an exact program was run.
The identity use case is about connecting sources of trust (document issuers) with consumers of that trust ("this is a real person") in ways that don't release more than the minimum information required ("the passport office has signed that this is a real person so we can trust that").
Single purpose circuits make a lot of sense for this - there is just no need to a full ZK RISC-V VM for this use case.
QUquotemstr4 小时前
RISC Zero verifies that an exact computation was performed. What would be the point of the system otherwise? If you're starting from this incorrect premise, you're going to arrive at an incorrect conclusion.
> Single purpose circuits make a lot of sense for this
No, they don't. They lock your system into a single set of trade-offs without an advantage to offset it. They're premature optimization. How do you think ZK systems can be made resilient to cloning attacks without hardware locking if your ZK vocabulary is limited to stupid BBS-style selective disclosure and nothing else?
VEvessenes7 小时前
Can you talk more about RISC Zero? Does it require a TEE of some sort? I had trouble finding a quality mid-detail spec of how it works; lots of marketing materials basically.
QUquotemstr4 小时前
zkVMs (of which RISC Zero is one example) do not require a TEE. That's the whole point: the privacy properties come out of the math. Basically, nowadays, once you and I can agree on the text of a program, you can run the program on your private inputs and produce a number that proves to me that you actually ran this specific program and not some other.
For example, age verification: I can run a program that takes a signed time-stamp and an officially-signed birth certificate and produces a yes/no "over 18" boolean, then prove to you I actually ran this program, not just "return true", but WITHOUT revealing the birth certificate.
It's a really neat facility that too few people are thinking about. We've had zero knowledge systems for a few decades now, but until now, each one has been a special bespoke mathematical object that would take years to develop. Over the past year or two, we've 1) made the things 1000x faster, and 2) made it possible to write arbitrary code under zero knowledge instead of having to make each ZK system a PHD thesis.
Others say that zkVMs are pointless because they're less efficient than these bespoke mathematical objects. Yes, they are. So what? The flexibility is worth it. Others say that zkVMs came out of Etherium, so they're only good for "crypto" stuff. False. Sure, it's the Etherium people who did a lot of foundational research into efficient zkVMs. We owe them a debt of gratitude, because they made a new kind of CS object that's going to be useful for tons of things not tied to Etherium or web3 in any way.
Anyway, if you want to get a feel for fully programmable ZK systems, check out https://noir-lang.org/, a programming language for ZK programs (not a zkVM, but same UX). Or https://github.com/a16z/jolt, which lets you run normal Rust under zero knowledge.
Today, you can write normal-looking code and have it execute under zero knowledge, and, importantly, efficiently. You literally couldn't do this two years ago, and it changes everything.
MImiki1232112 小时前
What does require a trusted computing platform, however, is ensuring that the same program isn't being executed millions of times per second to send millions of different ZKPs to different parties.
ID verification is not enough, you also need some way to prevent one malicious user from re-selling the same ID to millions of others. Without ZKPs, you know what document the user is trying to sign up with, so you can rate-limit that document. With ZKPs, however, you need those rate limits to exist somewhere else.
HUHumanCCF1 小时前
Please get in touch with us via our contact form, we will need collaborators of all kinds and the human validation problem is going to be the hardest technical challenge to solve. We could use your help! https://hccf.onmy.cloud/get-involved/
GRgreyface-11 小时前
https://hccf.onmy.cloud/wp-content/uploads/2026/06/dot-self....
> Everyone entitled to a subdomain at no cost
How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
> No parking, squatting, or reselling
How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
HUHumanCCF11 小时前
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.
> No parking, squatting, or reselling
Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
SASahAssar10 小时前
> Think of it as a similar model to ISRG and LetsEncrypt.
In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
> rule of one person per subdomain
What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
HUHumanCCF10 小时前
> In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing!
> What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.
SASahAssar8 小时前
To be honest it feels like these answers boil down to "we feel it'd be nice if this existed but we have no actual answers as to how to get it done".
---
To stick with your comparison: when letsencrypt and ISRG launched they had actual answers for how to deal with the hard challenges in their space:
A) how to get included in a trust roots (crossigning with IdenTrust at first and the knowledge and expertise of how to get included in the longer term)
B) Automated domain validation in a standardized way (ACME)
C) Long term commitments of sponsorships to ensure people could trust it would stick around
---
I wish you the best of luck, but I think this might have needed to bake a bit longer before publicizing.
DODonHopkins9 小时前
You need to find a benevolent selfless soul who will sponsor you.
ALal_borland10 小时前
How is one person per subdomain enforceable? How is a person uniquely identified and tracked?
DOdom9610 小时前
My guess is by using ID verification similar to how I do it on https://onlyhumanhub.com/
SASahAssar10 小时前
So you have just built a wrapper around https://passportreader.app/, which itself is reading NFC enabled ID/passports from specific countries. The coverage map is here: https://passportreader.app/coverage.
Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
KOkokanee10 小时前
I'm curious about how this works, but it doesn't look like I can find out without creating an account. I see that it says "Link your existing social accounts to prove you're not a bot." How does having social media accounts prove I'm not a bot?
UNunknown10 小时前
[deleted]
ANAnthonyMouse10 小时前
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue?
Is it actually a substantial expense? The TLD itself only has to publish the nameserver records, which generally have a TTL of about a day. A DNS response is a few hundred bytes. Big DNS providers like Google and Cloudflare would make requests for every actively used domain every day, but then cache them. Smaller providers wouldn't cache as well but also wouldn't each request every domain every day. For e.g. a million personal domains, ballpark estimate is somewhere in the few TB a month of traffic. Maybe a little over personal hobby project money but definitely not outrageous for a small non-profit organization.
> How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
This is the easy one. Squatters buy domains because they want to sell them. To sell them they have to make it publicly known to prospective buyers that the domain is available for sale. So then if anyone lists the domain for sale anywhere, you make them prove that they own it (which any actual buyer would also have to do in order to not get scammed) and when they do the domain is forfeit.
It's kind of sad that we don't do that for all domains. Domain squatters can go to hell.
GRgreyface-9 小时前
Much of the cost here comes from compliance with the ICANN gTLD program structure, not from running the underlying technical infrastructure (which is not limited to DNS - you also need EPP/RDAP/etc). See https://www.icann.org/en/registry-agreements for (hundred+ page) documents outlining registry responsibilities. Registries can outsource some of this to an ICANN-accredited "registry service provider", but should expect to pay upwards of hundreds of thousands of dollars yearly for the privilege.
MImiki1232112 小时前
You can't do it in the general case.
Most TLDs need to allow domain transfers because projects do genuinely change ownership sometimes. If you allow transfers, you allow reselling by definition (because you can't physically determine whether cash changes hands).
This isn't like tickets, where "return to pool and let an interested party buy it" is a viable strategy. Tickets are fungible, domains are non-fungible.
MAmadsushi9 小时前
It costs ~$200,000 to apply for a TLD, and there's an ongoing renewal cost in the tens of thousands of USD.
HUHumanCCF9 小时前
For this application round, ICANN is running an Applicant Support Program, or ASP. The applicants seeking to apply for a TLD this round who qualify for the ASP will have a substantially reduced application fee, among other benefits. Our organization is one such org who has qualified for the ASP so we will not have to pay the full $227,000 application fee.
KOKomoD8 小时前
How much is the reduced fee then? As I understand it's somewhere between 75-85% less, which is still a lot of money.
Also, who is paying for the reduced fee, administrative and infra costs? And have you actually submitted gTLD application, or are you trying to crowdfund? Unclear to me.
ANAnthonyMouse9 小时前
That's definitely not a cartel then.
PApavel_lishin11 小时前
It's not clear whether they're actually talking about domains or subdomains there, which is a worrying sign from a potential registrar.
FAfavorited10 小时前
Any domain that isn't one of the Top Level Domains is also a subdomain.
MAmaximilianthe19 小时前
Isn't the actual top level domain an empty one after TLD?
Looking like «.com.» with trailing dot
AKakerl_6 小时前
I mean sure, but if you started talking about google.com as a subdomain, real humans would correctly look at you funny.
PRprepend9 小时前
Is it really that expensive to run a TLD? Name servers are notoriously long running on ancient spec servers.
I’m guessing, if designed well, the registration process could run on lightweight infrastructure. Maybe $1-5k total per year, not counting time. So it’s enough for a fun hobby project.
PSpsychoslave10 小时前
Might be a public service? I guess many countries already had such a thing with running cost several order higher than such a thing as a TLD, operating for centuries now.
MImiki1232112 小时前
Countries have the loop of "taxpayers pay government -> government funds service -> service benefits taxpayers." You can't do that if you offer the service to the general internet.
PSpsychoslave1 小时前
Why not? I would happily see a fraction of my taxes go into such a project.
BLBLKNSLVR6 小时前
I'm just being a negative nancy here, but I don't think I'd want to advertise that any of my sites are specifically self hosted, in that it kinda asks for ... security probing, since it's more likely than not got less than professional security surrounding it.
Having said that gestures to the entirety of the internet
So maybe not such a big deal.
DRdrummojg6 小时前
My initial thought as well, so you're no outlier, unless we are.
ARarrty886 小时前
Why not? Surely you’re putting a cdn in-front of it still.
JEjerf8 小时前
I don't understand the naming scheme, or the apparent lack of it. I half expected it to be some sort of UUID which would at least makes sense. At one per person for 7 billion people that's a little under 33 bits. Make it a nice round 40 for a bit of future proofing (the scheme doesn't need to live forever) and to make a bit of space internally and that's 5 words from a 256-word list. That would seem to make a lot more sense then first-come, first-serve on something as easy to abuse as .self.
However, perhaps more relevantly, it isn't clear why this needs a TLD and all the hassle associated with a tld when it could just as easily be attached to any convenient domain name lying around that you have access to, such as, oh, say, onmy.cloud.
Then again I have this objection to almost all TLDs. But I'm not sure I'm wrong.
At the very least if you want to show ICANN that you mean business I would strongly suggest just doing it on onmy.cloud, and tell people that if you get the .self you'll transparently migrate their onmy.cloud domain on to .self when you get it. Nothing says "I can do this" like actually doing it.
ZEzenoprax8 小时前
Controlling the TLD has its own benefits and drawbacks (managing email reputation, for example) but as a regular person I have more reason to trust `.cloud` than `.self` purely on the basis of proven continuity. My `.com` domain will almost certainly live as long as the internet does provided that I keep paying to renew.
Regardless, a UUID is probably the right call. It doesn't help with memorability but it's at least more stable than an IPv4/IPv6 address and can be hard-coded. I wonder if you would get a full zone or if it's just an A/AAAA record given their broader goals of email and VPN tunneling.
PIpizzafeelsright8 小时前
imho we should be able to register ipv6 as our identity.
RCrcarmo1 小时前
We could fix a lot of this by just making sure .local (which is used in Bonjour/mDNS) could coexist sanely in mixed resolver environments _and_ could support subdomains. I built https://rcarmo.github.io/projects/mdnsbridge to “fix” it for my particular use case, and if it wasn’t for TLS shenanigans and the lack of subdomains, my issues largely went away.
BAbananamogul11 小时前
Hold up...why isn't .self listed here:
https://www.iana.org/domains/root/db
Is this just an idea at this point, or some kind of "you have to use our DNS to resolve .self domains" scheme - ?
HUHumanCCF11 小时前
This is an idea at this point, the next round of gTLD applications is currently open and we are in the process of applying and we are trying to garner support!
OSOsrsNeedsf2P11 小时前
TIL https://newgtldprogram.icann.org/en/application-rounds/round...
NENewJazz10 小时前
Oh god not this shit again.
Inb4 they give away .docx
KEkemotep10 小时前
.zip was especially egregious. No one should have allowed that to happen.
PLplopz11 小时前
Could do something like .brave and just sidestep ICANN?
JAjazzyjackson11 小时前
With your hosts file or running a DNS on localist you can do whatever you want
SKskyyler11 小时前
there's a project for getting retro computers connected to an "internet" with 90s/00s services available, and they use .retro on that. it's pretty cute.
DODonHopkins9 小时前
Oh great, an entire .brave TLD shilling a BAT shitcoin crazy crypto scam. Don't we already have enough of those?
PApaul798611 小时前
So this is my iCloud on the web for AI agents to pay me for access to my content (Cloudflare allows the bots in upon paying) :-)
Cloudflare offers this now (their Pay to Crawl service) but its not geared towards every human getting paid for their content. As of today Facebook and other social media platforms profit from our content....not us!
MAMagicMoonlight1 小时前
[deleted]
TZTZubiri11 小时前
Domain names are not centralized, there is no central entity that controls an approved list of kosher domains.
ZAzamadatix9 小时前
This is practically useless information (and I don't mean that in the flippant "of low regard" slang sense, I mean a literal "this information becomes irrelevant once you look at what practically applying it does" sense). E.g.:
- Centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways!
- No centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways!
My above pedantry aside, the article is explicitly about "The Internet" (it's even using the capital "I" oft forgotten about these days). I.e. the worldwide bubble which has centrally controlled assignment via ICANN/IANA, separate from other systems using the DNS/IP protocols. That's why it talks about ICANN and why bananamogul mentioned .self has not been centrally registered with IANA yet.
SAsarreph15 分钟前
481 upvotes on HN, and only $136 USD donated (out of $64k target) -- at the time of writing.
Given the amount of traffic this project has received by being at the top of the front page for half a day, one has to wonder if a different approach to soliciting donations would have yielded them more money.
Clearly, everyone here is at least interested in the idea of a .self domain, and I wager that most (even the naysayers) of the commenters would register theirs.
Imagine if instead of asking for a $15–125 donation behind a CTA, they asked for $2 to "pre-register" your domain (with higher tiers for more benefits). I have a feeling they would have raised a lot more money...
MKmkl11 小时前
Site errored out and gave me three different error messages as I reloaded. I guess it's self-hosted on something underpowered, and dynamic where static would do the job?
HUHumanCCF11 小时前
Indeed, this response is way more than we expected. Trying to set up a web cache now.
NInilslindemann6 小时前
States could grant such domains when individuals register their identity, for example, "klaus-mueller-<close eyes say first word that comes to your mind>.self". It runs on a VPS, and it is well documented how to create and run a website on that. School kids are introduced to it. Would be an excellent entry point into digital sovereignty for citizens.
HUHumanCCF4 小时前
Enabling digital sovereignty for individuals is our foundational motivating principle!
DODocTomoe3 小时前
Please leave states out of this. The State™ is not your friend, and we don't need a future, even more criminal government to have access to the shutdown button of even more of our identity.
Note that I did not single out an individual coutnry. All governments always stride towards autocracy.
9D9dev12 小时前
Shotgun on your.self! That’s going to yield a ton of great second level sub domains :)
HUHumanCCF11 小时前
We are probably going to reserve some of the more obvious ones for specific purposes, e.g. my.self automatically pointing to a homepage on your local network. As we go through the gTLD evaluation process we will be keen to solicit feedback from the community on more specifics!
UNunknown5 小时前
[deleted]
OJOJFord9 小时前
And the slang and typos? (ur.self, mi.self, his.self, there.self, ther.self, theyre.self, they.self, ...)
MYmyself2489 小时前
Hey now!
HUHugsbox11 小时前
go.fuck.your.self would be a pretty good one
LAlaszlokorte11 小时前
write.it.your.self
think.4.your.self
written.by.my.self
all CNAME -> claude.ai
I don't fully understand how this works... who regulates and defines what is "self-hosted" or "ethical technology"... I feel you can't really solve the distributed consensus and governance problem by just introducing a new domain suffix.
SAsamgranieri10 小时前
I’m just using .home.arpa for my self hosted stuff. Free, just have to deal with TLS root cert trust, but once that’s down; you’re golden.
AHahoka9 小时前
.internal works fine now.
DODocTomoe3 小时前
Both of these are meant for operating a home/private network.
.self seems to be geared towards a 'accessible from the everyday net' kind of approach.
KAkaelwd3 小时前
I just use .home, yeah I know it's not reserved but idgaf I'm not writing .arpa.
HAhananova10 小时前
It simply cannot be both free and free choice of domain.
If it has both, it will be squatted to uselessness, and blocked everywhere because of phishing scams everywhere.
You can either make the domains cost money, which seems counter to the entire point, or disallow choosing the domain, instead handing out free what3words style names.
HUHumanCCF10 小时前
We have considered this, all of these things will be examined during the evaluation process of the application with ICANN before any approval to operate the TLD is granted. We could also police our domain and revoke users who use it for abuse but that may be too costly. But you are right that fundamentally we must protect the reputation of the TLD at all costs and that will require imposing certain limits on its use.
APapplfanboysbgon10 小时前
You should read their proposal. Specifically, the first "core feature": one person, one domain. If you want to squat on a domain, go for it -- it's yours, and that's the only domain you're getting.
I suppose this will be done by ID verification, which is a complete and total non-starter for me, but they do have a vision of some kind.
HAhananova10 小时前
I've read it, I don't believe it will be effective, even with actual physical ID verification. Scammers can get more IDs, for example by way of scamming.
PRprepend9 小时前
I tried to leave a comment and it errored out and said “please leave a valid email.” I tried 6 different addresses at prepend.com.
It’s weird when sites have invalid email checks.
WAwalrus011 小时前
Do the people who are promoting this know that it costs approx. $227,000 to apply for a new gTLD with ICANN?
EDedent1 小时前
The Applicant Support Programme makes it significantly cheaper (if they qualify).
See https://newgtldprogram.icann.org/en/application-rounds/round...
And https://www.kickstarter.com/projects/dotmeow/meow-next-round...
FOforesto11 小时前
What is the expected price range for registration and renewal under this TLD?
Will there be any assurance that renewal prices will remain fairly stable, rather than being significantly raised after customers grow attached to their domains (a practice that seems to be common with new gTLDs)?
SUsudonem10 小时前
We should probably just bring back Geocities at this point.
IGIgorPartola9 小时前
Neocities exists and you are welcome to it :)
KOkoolala5 小时前
Their free terms are kind of bad. They use CORS security feature to block you from loading content from other sites. It doesn't cost them anything to let your site link outside content so they are only doing it make the free tier bad so people upgrade.
SUsudonem9 小时前
TIL. Nice.
TETerr_9 小时前
Somewhat related, in case you missed it a few weeks ago, Oldavista (Altavista)
https://news.ycombinator.com/item?id=48447111
评论
20 条顶层评论请先登录 h4cker 账号,然后连接 Hacker News 后发表评论。
Can we get a super fast way to update DNS with lower cache, so dynamic IP updated through API works. This is one of the limiting factors. Cloudflare works but the cache give downtime after every IP-switch
Remember when the .tk TLD became free 20 years ago ? Every hobbyist took one, then scammers followed, then Facebook and antiviruses started blocking it. I remember publishing a website for a class on my .tk domain, the teacher couldn't open it and I almost got a failing grade because of it.
A friend almost failed an IT class because his website didn't render at all in IE6. This was during the time of IE9. The teacher just hadn't updated their browser in a long time. I don't get how you get to be an IT teacher without knowing the most basic troubleshooting steps to get assignments to run.
I left community college after a week because my "computer" teacher required us to change our monitors to 640x480 and print out ever step that we completed in things like Notepad or Configuring the Desktop and then every day we'd punch it out and would add it to a three ring binder of all the things we've done. Full Color.
I assume this was at a highschool and not at university? My IT teacher in highschool was the chemistry teacher, because.. he knew how to use Word, I guess? He knew we were computer nerds so didn't really care about teaching us (we knew more than him anyway). And we didn't mind that he just sat there drinking coffee and reading a book, as it meant we could just play videogames for an hour. Good times.
Heh…I once was in a state-level coding event (it was a small portion of a larger competition) where half of the test was turning in code on a CD during the competition, with the written half during the event. My CD was deemed unusable for whatever reason (it had worked on XP and Fedora 6 or 7 at home) and didn't count towards my score. I still got second in the event. I declined to continue because I couldn't trust that the judges would be able judge my submission fairly and that with half of my score missing I still got second that I didn't need to prove anything else at the cost of more after-school practice hours and wrecking my perfect attendance record during my senior year to travel to nationals.
Does high school attendance matter for anything? Genuine question. Always seemed like pre-college schooling always wanted you to think everything was more important long-term than it really was.
It’s needed to get into college and that’s it, which is needed to get your first maybe second job and that’s it, which is needed to…
During the time of Internet Explorer 9, it was surprisingly common for people to still be using Internet Explorer 6. This was often out of their control, for instance if they had intranet sites that required Internet Explorer 6, or if they were stuck on an old version of Windows because they had outdated hardware. Later versions of Internet Explorer had compatibility mode, but it often wasn’t enough to get things working, especially if there was ActiveX involved or the security policies were restrictive. Schools were especially prone to this due to their limited budgets among other reasons, and IT teachers weren’t normally the decision makers who could do anything about it. You shouldn’t assume that a random IT teacher had the authority to spontaneously upgrade a school computer that needs to be used for things besides that one student’s assignment.
I will, however, assume that an IT teacher has the ability to recognise, "this isn't working because I'm using an ancient browser". If the teacher is completely unable to use a less ancient browser, the requirement for the project to work on IE6 should be clearly stated, which it was not. However in this case, my friend just helped the IT teacher install Google Chrome on his computer and showed that the site rendered fine there. I don't know what sort of policies were in place but there were evidently no technical measures implemented to prevent people from installing a modern browser.
I had a similar class where they threatened to fail us if we didn't use Dreamweaver and instead wrote our own html.
I had a teacher who told us to make a website using Powerpoint.. Turns out you save save as HTML and any links you put between slides become anchor tags. Pretty neat, but hurt my soul to have all my classmates do that
Dreamweaver was cool as a beginner because it took a lot of the troublesome parts out of the equation. But it did end up being more of a hindrance than a benefit the further you went in.
I never understood Dreamweaver. The first thing it asked me when making a new website was ... what the resolution of my user's screen is? I don't know that!
What were these "troublesome parts"? The whole point of HTML's design is that it's incredibly easy for a human to write correctly.
Just like AI vibecoded websites... Good luck understanding the code when the AI bubble explodes and you can't afford the insane price that AI will have by then.
Was that class taught by a certain woman who had a business making websites, per-chance?
You just described my teacher, and I’m fairly certain we didn’t go to the same middle school.
Were they paying for the Dreamweaver licenses?
When I had web design a bit after 2010, they still used Dreamweaver and yeah you could get a license for free via the university. That’s pretty normal (eg giving you a Visual Studio license, Office, all that). It was more crazy that the course was so incredibly basic (nothing more than static page building in dreamweaver) at this college compared to the other one I later transferred to
Please. Universities have students by the short and curlies. They can academically do basically whatever they want, and fail you for not complying. Professors can even demand their book be purchased, and fail for not buying the book. Most universities are unethical shitholes that can do basically whatever they want to gatekeep a diploma.
Tenure. Or at least that was my experience with my comp sci teacher who required that we gave him printed out programs for our homework and then tossed them into the trash while making eye contact with you and gave you a grade later. The schools admins told me he had tenure so there was nothing I could do. Didn’t take me a whole year before I switched majors.
It's a built-in secret part of the teaching for any job where you interact with customers, they don't upgrade and they have no troubleshooting skills. Or just ineptitude, but I'm hoping for the former.
What a memory you have unlocked. They were everywhere. I remember the urban legend that .tk domains were X% of their GDP
10% apparently for .tk. I also remember .tv windfall, which is 8-9% of their GDP.
And the .sy boom until startups got enough heat for, you know, funding the Assad regime.
Apparently nobody cares that .af is now funding the Taliban
The .ai TLD is some tiny island with a few thousand people
.io is (British) Indian Ocean (Territory).
[deleted]
[deleted]
I remember that. The one thing I would add is I think the usage was much more general purpose. "Free stuff" sites were a big deal and huge source of traffic and .tk was widely shared on those. You could have a banner with ads and have the domain for free.
At least https://tcl.tk redirects => https://www.tcl-lang.org/
Core memory unlocked Not enough allowance to fund a .com domain, had to use freenom / tk + cloudflare for my first years of self hosting
Double unlock. In the mid 2000’s, I moderated a domain name discussion forum in exchange for free hosting. “X forum posts per month = x gb of bandwidth” My goal was to post enough for them to give me WHM access so I could try to resell it. Those were the days.
Those were the days indeed. A big part for me is probably because I was a teen at the time with little responsibility, but getting to be a part of the wild west days of the internet was a magical experience.
Magical indeed! I once mailed $70 cash (multiple months of allowance) to someone to code a MVP of something I wanted to build. They ripped me off and disappeared. And… that’s when I decided I needed to learn to code!
In my case, ignorance unlocked. I never heard of tk and I remember 36k modems so old enough. I think reason is I went to work, slung .NET and didn't think much about computers otherwise except occasional reading some C++ books for "fun".
I still have a .tk domain, paid since 2008, because it was the only one with my surname available. Haven’t had much issues but surely if could go back and i’d pick a different tld.
tk and cc, the domains i used to use for php reverse shell haha, bring back memories!
>One Person, One Subdomain
Indeed. That's the necessary
Yes, one of the key principles we follow is that all the perks we aim to provide must come with some limit to prevent abuse.
The "one free domain per person" isn't the interesting part really - that will be hard to police unless domain name is a function of ID proof (avoids squatting). 0) The actual intersting part of a new TLD can be growing reputation by post-facto taking away a domain without recourse in case of squatting. Instead of adversarial takedowns (which produce false positives as noted), let anyone challenge an inactive domain in the first year or two. 1) If they can figure out a mechanism for moving a domain from "assigned" -> "squatted". 2) Domain must match (or derive from) a verified identity - e.g. your domain is a hash/slug of your government ID. Makes squatting structurally impossible because you can't claim someone else's name / gov (Sign in with passkeys linked to a national ID). 3) Proof of human effort, reduced with time - require periodic renewal with proof-of-use (DNS TXt updates, through a flow hard to automate). 4) Kill speculative market - domains are non-sellable and non-transferable - always go back to the free pool, and stay there for 30 days mandatorily. Some mix of these could be the right structure for a trule high-reputation, free domain.
.id.au already has some similar requirements for associating a domain with a real world (human) identity: https://www.auda.org.au/au-domain-names/the-different-au-dom...
Sounds like a bad domain for self hosting. You have to update txt records randomly and your domain can be taken for whatever reason. Whatever value you build goes away if you are inactive. You cannot transfer ownership killing any value you added.
Hence the "in the first year or two". Some more human effort to showcase proof early on, then the domain is solidified for you like iwth any other registrar. This is something like captcha/bcrypt - a single instance isn't a burden, but doing it at scale is costly. > You cannot transfer ownership killing any value you added I think this is by design. The domain should be for personal use - hence free.
Exactly this, the goal is to design a TLD according to human-centered principles. That is, we are assuming (and enforcing) that every endpoint using this domain will be some relatively small-scale environment for personal use. This is what will allow us to provide a lot of neat functionality but only at that scale.
The much simpler way to avoid squatting is to make .com domains cost $200 a year. This will instantly end the vast majority of domain squatting on the .com TLD and if people can easily get the .com they need for their business then the other TLDs are not going to have much squatting activity.
How does this lend itself to self-hosting then? I think few people will pay that much to self host.
I don't get it. How do you handle 10k people wanting, say, garden.com, without a free market?
first served or random from a waitlist are other options.
I dislike the term “domain squatting”. It should be called “domain scalping”.
Or domain ownership.
It isn't scalping if your actually using it. It's easy to spot a scalping site since its just an advertisement to buy the domain.
Or domain leasing.
[deleted]
[deleted]
I am probably missing something, but how DNS TXT updates can be made difficult to automate?
We can get creative. quick ideas: Send it by printed post. pass it around people to people. an email needs to be added in with some process, and can only get one TXT update value a week. Many ways of adding friction to obtaining the updatable value - which a human owning a domain would be happy to do, but a squatter would not want to.
> Send it by printed post that's how one of my local companies tries to force clients in. They removed auth code from their web panels and introduced complex snail-mail procedure. That was clear signal to run, but it took me 6 months to do just the domain transfer.
Hi there. I've done a bit of work on specifying human-centric identity goals for the internet over the last 10 years. May I suggest you look at Microsoft Vega? https://www.microsoft.com/en-us/research/blog/vega-zero-know... (I have no affiliation). In brief, I think they aim to solve the most important needs for online identity-gated services in a maximally private way. For instance, I'd like to see .self offer the following: a single domain to any person in the world with identity blinded. I can imagine two 'tranches': say xxx.v.self for 'verified' and xxx.u.self for 'unverified'. Both would use a Zero Knowledge proof to confirm they had not already registered a domain; verified would register with you guys or a data broker some PII in case it was needed for verification / checks / etc, while unverified would maintain the promise of one domain = one person, but not allow the TLD or registrars to be able to unblind which person it is. Use cases like this would be really fantastic. And, obviously could be tested out and tried on a normal domain name while you make your pitch, and put in for the auction / however ICANN is currently managing TLD launches.
Please submit this to us via our contact form, we will need lots of community input! https://hccf.onmy.cloud/get-involved/
It is good that Microsoft Vega is popularizing zero-knowledge identity-based attestations. It's unfortunate that they're doing so in a relatively inflexible way. I wish the Vega people had oriented their work around general-purpose zkVMs instead of application-specific ZK circuits. The latter is a fleeting efficiency win; the former is a permanent flexibility advantage. ZK-based privacy advocates shouldn't over-index on proof performance on today's systems when zkVM systems have been making multiple-OOM performance improvements over the past couple of years. IOW, with Nova, the Vega people are trying to do something very clever (just as the BBS+ people are trying to do something very cleaver) that general-purpose compute wins have made unnecessary. Something like RISC Zero will let you run arbitrary Rust code under zero knowledge in a few hundred milliseconds with little fuss. Nobody appreciates that identity verification is one special case of a vast set of useful applications enabled by widespread adoption of a ZK compute platform.
Disagree with this. RISC Zero is useful for crypto use-cases: Other people need to verify an exact program was run. The identity use case is about connecting sources of trust (document issuers) with consumers of that trust ("this is a real person") in ways that don't release more than the minimum information required ("the passport office has signed that this is a real person so we can trust that"). Single purpose circuits make a lot of sense for this - there is just no need to a full ZK RISC-V VM for this use case.
RISC Zero verifies that an exact computation was performed. What would be the point of the system otherwise? If you're starting from this incorrect premise, you're going to arrive at an incorrect conclusion. > Single purpose circuits make a lot of sense for this No, they don't. They lock your system into a single set of trade-offs without an advantage to offset it. They're premature optimization. How do you think ZK systems can be made resilient to cloning attacks without hardware locking if your ZK vocabulary is limited to stupid BBS-style selective disclosure and nothing else?
Can you talk more about RISC Zero? Does it require a TEE of some sort? I had trouble finding a quality mid-detail spec of how it works; lots of marketing materials basically.
zkVMs (of which RISC Zero is one example) do not require a TEE. That's the whole point: the privacy properties come out of the math. Basically, nowadays, once you and I can agree on the text of a program, you can run the program on your private inputs and produce a number that proves to me that you actually ran this specific program and not some other. For example, age verification: I can run a program that takes a signed time-stamp and an officially-signed birth certificate and produces a yes/no "over 18" boolean, then prove to you I actually ran this program, not just "return true", but WITHOUT revealing the birth certificate. It's a really neat facility that too few people are thinking about. We've had zero knowledge systems for a few decades now, but until now, each one has been a special bespoke mathematical object that would take years to develop. Over the past year or two, we've 1) made the things 1000x faster, and 2) made it possible to write arbitrary code under zero knowledge instead of having to make each ZK system a PHD thesis. Others say that zkVMs are pointless because they're less efficient than these bespoke mathematical objects. Yes, they are. So what? The flexibility is worth it. Others say that zkVMs came out of Etherium, so they're only good for "crypto" stuff. False. Sure, it's the Etherium people who did a lot of foundational research into efficient zkVMs. We owe them a debt of gratitude, because they made a new kind of CS object that's going to be useful for tons of things not tied to Etherium or web3 in any way. Anyway, if you want to get a feel for fully programmable ZK systems, check out https://noir-lang.org/, a programming language for ZK programs (not a zkVM, but same UX). Or https://github.com/a16z/jolt, which lets you run normal Rust under zero knowledge. Today, you can write normal-looking code and have it execute under zero knowledge, and, importantly, efficiently. You literally couldn't do this two years ago, and it changes everything.
What does require a trusted computing platform, however, is ensuring that the same program isn't being executed millions of times per second to send millions of different ZKPs to different parties. ID verification is not enough, you also need some way to prevent one malicious user from re-selling the same ID to millions of others. Without ZKPs, you know what document the user is trying to sign up with, so you can rate-limit that document. With ZKPs, however, you need those rate limits to exist somewhere else.
Please get in touch with us via our contact form, we will need collaborators of all kinds and the human validation problem is going to be the hardest technical challenge to solve. We could use your help! https://hccf.onmy.cloud/get-involved/
https://hccf.onmy.cloud/wp-content/uploads/2026/06/dot-self.... > Everyone entitled to a subdomain at no cost How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model? > No parking, squatting, or reselling How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model? We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt. > No parking, squatting, or reselling Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
> Think of it as a similar model to ISRG and LetsEncrypt. In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here? > rule of one person per subdomain What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
> In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here? We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing! > What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number. There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.
To be honest it feels like these answers boil down to "we feel it'd be nice if this existed but we have no actual answers as to how to get it done". --- To stick with your comparison: when letsencrypt and ISRG launched they had actual answers for how to deal with the hard challenges in their space: A) how to get included in a trust roots (crossigning with IdenTrust at first and the knowledge and expertise of how to get included in the longer term) B) Automated domain validation in a standardized way (ACME) C) Long term commitments of sponsorships to ensure people could trust it would stick around --- I wish you the best of luck, but I think this might have needed to bake a bit longer before publicizing.
You need to find a benevolent selfless soul who will sponsor you.
How is one person per subdomain enforceable? How is a person uniquely identified and tracked?
My guess is by using ID verification similar to how I do it on https://onlyhumanhub.com/
So you have just built a wrapper around https://passportreader.app/, which itself is reading NFC enabled ID/passports from specific countries. The coverage map is here: https://passportreader.app/coverage. Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
I'm curious about how this works, but it doesn't look like I can find out without creating an account. I see that it says "Link your existing social accounts to prove you're not a bot." How does having social media accounts prove I'm not a bot?
[deleted]
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is it actually a substantial expense? The TLD itself only has to publish the nameserver records, which generally have a TTL of about a day. A DNS response is a few hundred bytes. Big DNS providers like Google and Cloudflare would make requests for every actively used domain every day, but then cache them. Smaller providers wouldn't cache as well but also wouldn't each request every domain every day. For e.g. a million personal domains, ballpark estimate is somewhere in the few TB a month of traffic. Maybe a little over personal hobby project money but definitely not outrageous for a small non-profit organization. > How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services? This is the easy one. Squatters buy domains because they want to sell them. To sell them they have to make it publicly known to prospective buyers that the domain is available for sale. So then if anyone lists the domain for sale anywhere, you make them prove that they own it (which any actual buyer would also have to do in order to not get scammed) and when they do the domain is forfeit. It's kind of sad that we don't do that for all domains. Domain squatters can go to hell.
Much of the cost here comes from compliance with the ICANN gTLD program structure, not from running the underlying technical infrastructure (which is not limited to DNS - you also need EPP/RDAP/etc). See https://www.icann.org/en/registry-agreements for (hundred+ page) documents outlining registry responsibilities. Registries can outsource some of this to an ICANN-accredited "registry service provider", but should expect to pay upwards of hundreds of thousands of dollars yearly for the privilege.
You can't do it in the general case. Most TLDs need to allow domain transfers because projects do genuinely change ownership sometimes. If you allow transfers, you allow reselling by definition (because you can't physically determine whether cash changes hands). This isn't like tickets, where "return to pool and let an interested party buy it" is a viable strategy. Tickets are fungible, domains are non-fungible.
It costs ~$200,000 to apply for a TLD, and there's an ongoing renewal cost in the tens of thousands of USD.
For this application round, ICANN is running an Applicant Support Program, or ASP. The applicants seeking to apply for a TLD this round who qualify for the ASP will have a substantially reduced application fee, among other benefits. Our organization is one such org who has qualified for the ASP so we will not have to pay the full $227,000 application fee.
How much is the reduced fee then? As I understand it's somewhere between 75-85% less, which is still a lot of money. Also, who is paying for the reduced fee, administrative and infra costs? And have you actually submitted gTLD application, or are you trying to crowdfund? Unclear to me.
That's definitely not a cartel then.
It's not clear whether they're actually talking about domains or subdomains there, which is a worrying sign from a potential registrar.
Any domain that isn't one of the Top Level Domains is also a subdomain.
Isn't the actual top level domain an empty one after TLD? Looking like «.com.» with trailing dot
I mean sure, but if you started talking about google.com as a subdomain, real humans would correctly look at you funny.
Is it really that expensive to run a TLD? Name servers are notoriously long running on ancient spec servers. I’m guessing, if designed well, the registration process could run on lightweight infrastructure. Maybe $1-5k total per year, not counting time. So it’s enough for a fun hobby project.
Might be a public service? I guess many countries already had such a thing with running cost several order higher than such a thing as a TLD, operating for centuries now.
Countries have the loop of "taxpayers pay government -> government funds service -> service benefits taxpayers." You can't do that if you offer the service to the general internet.
Why not? I would happily see a fraction of my taxes go into such a project.
I'm just being a negative nancy here, but I don't think I'd want to advertise that any of my sites are specifically self hosted, in that it kinda asks for ... security probing, since it's more likely than not got less than professional security surrounding it. Having said that gestures to the entirety of the internet So maybe not such a big deal.
My initial thought as well, so you're no outlier, unless we are.
Why not? Surely you’re putting a cdn in-front of it still.
I don't understand the naming scheme, or the apparent lack of it. I half expected it to be some sort of UUID which would at least makes sense. At one per person for 7 billion people that's a little under 33 bits. Make it a nice round 40 for a bit of future proofing (the scheme doesn't need to live forever) and to make a bit of space internally and that's 5 words from a 256-word list. That would seem to make a lot more sense then first-come, first-serve on something as easy to abuse as .self. However, perhaps more relevantly, it isn't clear why this needs a TLD and all the hassle associated with a tld when it could just as easily be attached to any convenient domain name lying around that you have access to, such as, oh, say, onmy.cloud. Then again I have this objection to almost all TLDs. But I'm not sure I'm wrong. At the very least if you want to show ICANN that you mean business I would strongly suggest just doing it on onmy.cloud, and tell people that if you get the .self you'll transparently migrate their onmy.cloud domain on to .self when you get it. Nothing says "I can do this" like actually doing it.
Controlling the TLD has its own benefits and drawbacks (managing email reputation, for example) but as a regular person I have more reason to trust `.cloud` than `.self` purely on the basis of proven continuity. My `.com` domain will almost certainly live as long as the internet does provided that I keep paying to renew. Regardless, a UUID is probably the right call. It doesn't help with memorability but it's at least more stable than an IPv4/IPv6 address and can be hard-coded. I wonder if you would get a full zone or if it's just an A/AAAA record given their broader goals of email and VPN tunneling.
imho we should be able to register ipv6 as our identity.
We could fix a lot of this by just making sure .local (which is used in Bonjour/mDNS) could coexist sanely in mixed resolver environments _and_ could support subdomains. I built https://rcarmo.github.io/projects/mdnsbridge to “fix” it for my particular use case, and if it wasn’t for TLS shenanigans and the lack of subdomains, my issues largely went away.
Hold up...why isn't .self listed here: https://www.iana.org/domains/root/db Is this just an idea at this point, or some kind of "you have to use our DNS to resolve .self domains" scheme - ?
This is an idea at this point, the next round of gTLD applications is currently open and we are in the process of applying and we are trying to garner support!
TIL https://newgtldprogram.icann.org/en/application-rounds/round...
Oh god not this shit again. Inb4 they give away .docx
.zip was especially egregious. No one should have allowed that to happen.
Could do something like .brave and just sidestep ICANN?
With your hosts file or running a DNS on localist you can do whatever you want
there's a project for getting retro computers connected to an "internet" with 90s/00s services available, and they use .retro on that. it's pretty cute.
Oh great, an entire .brave TLD shilling a BAT shitcoin crazy crypto scam. Don't we already have enough of those?
So this is my iCloud on the web for AI agents to pay me for access to my content (Cloudflare allows the bots in upon paying) :-) Cloudflare offers this now (their Pay to Crawl service) but its not geared towards every human getting paid for their content. As of today Facebook and other social media platforms profit from our content....not us!
[deleted]
Domain names are not centralized, there is no central entity that controls an approved list of kosher domains.
This is practically useless information (and I don't mean that in the flippant "of low regard" slang sense, I mean a literal "this information becomes irrelevant once you look at what practically applying it does" sense). E.g.: - Centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways! - No centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways! My above pedantry aside, the article is explicitly about "The Internet" (it's even using the capital "I" oft forgotten about these days). I.e. the worldwide bubble which has centrally controlled assignment via ICANN/IANA, separate from other systems using the DNS/IP protocols. That's why it talks about ICANN and why bananamogul mentioned .self has not been centrally registered with IANA yet.
481 upvotes on HN, and only $136 USD donated (out of $64k target) -- at the time of writing. Given the amount of traffic this project has received by being at the top of the front page for half a day, one has to wonder if a different approach to soliciting donations would have yielded them more money. Clearly, everyone here is at least interested in the idea of a .self domain, and I wager that most (even the naysayers) of the commenters would register theirs. Imagine if instead of asking for a $15–125 donation behind a CTA, they asked for $2 to "pre-register" your domain (with higher tiers for more benefits). I have a feeling they would have raised a lot more money...
Site errored out and gave me three different error messages as I reloaded. I guess it's self-hosted on something underpowered, and dynamic where static would do the job?
Indeed, this response is way more than we expected. Trying to set up a web cache now.
States could grant such domains when individuals register their identity, for example, "klaus-mueller-<close eyes say first word that comes to your mind>.self". It runs on a VPS, and it is well documented how to create and run a website on that. School kids are introduced to it. Would be an excellent entry point into digital sovereignty for citizens.
Enabling digital sovereignty for individuals is our foundational motivating principle!
Please leave states out of this. The State™ is not your friend, and we don't need a future, even more criminal government to have access to the shutdown button of even more of our identity. Note that I did not single out an individual coutnry. All governments always stride towards autocracy.
Shotgun on your.self! That’s going to yield a ton of great second level sub domains :)
We are probably going to reserve some of the more obvious ones for specific purposes, e.g. my.self automatically pointing to a homepage on your local network. As we go through the gTLD evaluation process we will be keen to solicit feedback from the community on more specifics!
[deleted]
And the slang and typos? (ur.self, mi.self, his.self, there.self, ther.self, theyre.self, they.self, ...)
Hey now!
go.fuck.your.self would be a pretty good one
write.it.your.self think.4.your.self written.by.my.self all CNAME -> claude.ai
treat.your.self
treat.yo.self
Hosted ... all.by.my.self
hug.your.self
go.----.your.self
serve.your.self dancing.with.my.self reference.self interest.self pleasure.self gratification.self b.true@to.thine.own.self touch.a.touch.a.touch.a.touch.me https://www.youtube.com/watch?v=x92ccvZCzlg
[deleted]
I don't fully understand how this works... who regulates and defines what is "self-hosted" or "ethical technology"... I feel you can't really solve the distributed consensus and governance problem by just introducing a new domain suffix.
I’m just using .home.arpa for my self hosted stuff. Free, just have to deal with TLS root cert trust, but once that’s down; you’re golden.
.internal works fine now.
Both of these are meant for operating a home/private network. .self seems to be geared towards a 'accessible from the everyday net' kind of approach.
I just use .home, yeah I know it's not reserved but idgaf I'm not writing .arpa.
It simply cannot be both free and free choice of domain. If it has both, it will be squatted to uselessness, and blocked everywhere because of phishing scams everywhere. You can either make the domains cost money, which seems counter to the entire point, or disallow choosing the domain, instead handing out free what3words style names.
We have considered this, all of these things will be examined during the evaluation process of the application with ICANN before any approval to operate the TLD is granted. We could also police our domain and revoke users who use it for abuse but that may be too costly. But you are right that fundamentally we must protect the reputation of the TLD at all costs and that will require imposing certain limits on its use.
You should read their proposal. Specifically, the first "core feature": one person, one domain. If you want to squat on a domain, go for it -- it's yours, and that's the only domain you're getting. I suppose this will be done by ID verification, which is a complete and total non-starter for me, but they do have a vision of some kind.
I've read it, I don't believe it will be effective, even with actual physical ID verification. Scammers can get more IDs, for example by way of scamming.
I tried to leave a comment and it errored out and said “please leave a valid email.” I tried 6 different addresses at prepend.com. It’s weird when sites have invalid email checks.
Do the people who are promoting this know that it costs approx. $227,000 to apply for a new gTLD with ICANN?
The Applicant Support Programme makes it significantly cheaper (if they qualify). See https://newgtldprogram.icann.org/en/application-rounds/round... And https://www.kickstarter.com/projects/dotmeow/meow-next-round...
What is the expected price range for registration and renewal under this TLD? Will there be any assurance that renewal prices will remain fairly stable, rather than being significantly raised after customers grow attached to their domains (a practice that seems to be common with new gTLDs)?
We should probably just bring back Geocities at this point.
Neocities exists and you are welcome to it :)
Their free terms are kind of bad. They use CORS security feature to block you from loading content from other sites. It doesn't cost them anything to let your site link outside content so they are only doing it make the free tier bad so people upgrade.
TIL. Nice.
Somewhat related, in case you missed it a few weeks ago, Oldavista (Altavista) https://news.ycombinator.com/item?id=48447111