Remember when the .tk TLD became free 20 years ago ? Every hobbyist took one, then scammers followed, then Facebook and antiviruses started blocking it.
I remember publishing a website for a class on my .tk domain, the teacher couldn't open it and I almost got a failing grade because of it.
I always thought these TLDs were a flight risk to be used in any serious capacity. What if the random state decides you/your business are in violation of [whatever] and kick you off?
Those were the days indeed. A big part for me is probably because I was a teen at the time with little responsibility, but getting to be a part of the wild west days of the internet was a magical experience.
Somewhere out there is a developer telling this exact same story. ‘I once agreed to build an MVP for a kid who promised to mail me cash. Never showed up. And THAT’S when I decided to get a real job.’
Except I mailed the cash in advance! It’s okay, it was probably another 14 year old.
My parents were not happy when I told them I sent cash to a stranger. I remember having to do it in secret because they were very not okay with the idea that you can meet strangers online. Hah.
A friend almost failed an IT class because his website didn't render at all in IE6. This was during the time of IE9. The teacher just hadn't updated their browser in a long time.
I don't get how you get to be an IT teacher without knowing the most basic troubleshooting steps to get assignments to run.
Please. Universities have students by the short and curlies. They can academically do basically whatever they want, and fail you for not complying. Professors can even demand their book be purchased, and fail for not buying the book.
Most universities are unethical shitholes that can do basically whatever they want to gatekeep a diploma.
When I had web design a bit after 2010, they still used Dreamweaver and yeah you could get a license for free via the university. That’s pretty normal (eg giving you a Visual Studio license, Office, all that). It was more crazy that the course was so incredibly basic (nothing more than static page building in dreamweaver) at this college compared to the other one I later transferred to
Dreamweaver was cool as a beginner because it took a lot of the troublesome parts out of the equation. But it did end up being more of a hindrance than a benefit the further you went in.
Heh…I once was in a state-level coding event (it was a small portion of a larger competition) where half of the test was turning in code on a CD during the competition, with the written half during the event. My CD was deemed unusable for whatever reason (it had worked on XP and Fedora 6 or 7 at home) and didn't count towards my score. I still got second in the event. I declined to continue because I couldn't trust that the judges would be able judge my submission fairly and that with half of my score missing I still got second that I didn't need to prove anything else at the cost of more after-school practice hours and wrecking my perfect attendance record during my senior year to travel to nationals.
Does high school attendance matter for anything? Genuine question. Always seemed like pre-college schooling always wanted you to think everything was more important long-term than it really was.
I remember that. The one thing I would add is I think the usage was much more general purpose. "Free stuff" sites were a big deal and huge source of traffic and .tk was widely shared on those. You could have a banner with ads and have the domain for free.
The "one free domain per person" isn't the interesting part really - that will be hard to police unless domain name is a function of ID proof (avoids squatting).
0) The actual intersting part of a new TLD can be growing reputation by post-facto taking away a domain without recourse in case of squatting. Instead of adversarial takedowns (which produce false positives as noted), let anyone challenge an inactive domain in the first year or two.
1) If they can figure out a mechanism for moving a domain from "assigned" -> "squatted".
2) Domain must match (or derive from) a verified identity - e.g. your domain is a hash/slug of your government ID. Makes squatting structurally impossible because you can't claim someone else's name / gov (Sign in with passkeys linked to a national ID).
3) Proof of human effort, reduced with time - require periodic renewal with proof-of-use (DNS TXt updates, through a flow hard to automate).
4) Kill speculative market - domains are non-sellable and non-transferable - always go back to the free pool, and stay there for 30 days mandatorily.
Some mix of these could be the right structure for a trule high-reputation, free domain.
Sounds like a bad domain for self hosting. You have to update txt records randomly and your domain can be taken for whatever reason. Whatever value you build goes away if you are inactive. You cannot transfer ownership killing any value you added.
Hence the "in the first year or two". Some more human effort to showcase proof early on, then the domain is solidified for you like iwth any other registrar. This is something like captcha/bcrypt - a single instance isn't a burden, but doing it at scale is costly.
> You cannot transfer ownership killing any value you added
I think this is by design. The domain should be for personal use - hence free.
Exactly this, the goal is to design a TLD according to human-centered principles. That is, we are assuming (and enforcing) that every endpoint using this domain will be some relatively small-scale environment for personal use. This is what will allow us to provide a lot of neat functionality but only at that scale.
We can get creative. quick ideas: Send it by printed post. pass it around people to people. an email needs to be added in with some process, and can only get one TXT update value a week.
Many ways of adding friction to obtaining the updatable value - which a human owning a domain would be happy to do, but a squatter would not want to.
In brief, I think they aim to solve the most important needs for online identity-gated services in a maximally private way.
For instance, I'd like to see .self offer the following: a single domain to any person in the world with identity blinded. I can imagine two 'tranches': say xxx.v.self for 'verified' and xxx.u.self for 'unverified'.
Both would use a Zero Knowledge proof to confirm they had not already registered a domain; verified would register with you guys or a data broker some PII in case it was needed for verification / checks / etc, while unverified would maintain the promise of one domain = one person, but not allow the TLD or registrars to be able to unblind which person it is.
Use cases like this would be really fantastic. And, obviously could be tested out and tried on a normal domain name while you make your pitch, and put in for the auction / however ICANN is currently managing TLD launches.
It is good that Microsoft Vega is popularizing zero-knowledge identity-based attestations. It's unfortunate that they're doing so in a relatively inflexible way.
I wish the Vega people had oriented their work around general-purpose zkVMs instead of application-specific ZK circuits. The latter is a fleeting efficiency win; the former is a permanent flexibility advantage. ZK-based privacy advocates shouldn't over-index on proof performance on today's systems when zkVM systems have been making multiple-OOM performance improvements over the past couple of years.
IOW, with Nova, the Vega people are trying to do something very clever (just as the BBS+ people are trying to do something very cleaver) that general-purpose compute wins have made unnecessary.
Something like RISC Zero will let you run arbitrary Rust code under zero knowledge in a few hundred milliseconds with little fuss. Nobody appreciates that identity verification is one special case of a vast set of useful applications enabled by widespread adoption of a ZK compute platform.
Can you talk more about RISC Zero? Does it require a TEE of some sort? I had trouble finding a quality mid-detail spec of how it works; lots of marketing materials basically.
zkVMs (of which RISC Zero is one example) do not require a TEE. That's the whole point: the privacy properties come out of the math. Basically, nowadays, once you and I can agree on the text of a program, you can run the program on your private inputs and produce a number that proves to me that you actually ran this specific program and not some other.
For example, age verification: I can run a program that takes a signed time-stamp and an officially-signed birth certificate and produces a yes/no "over 18" boolean, then prove to you I actually ran this program, not just "return true", but WITHOUT revealing the birth certificate.
It's a really neat facility that too few people are thinking about. We've had zero knowledge systems for a few decades now, but until now, each one has been a special bespoke mathematical object that would take years to develop. Over the past year or two, we've 1) made the things 1000x faster, and 2) made it possible to write arbitrary code under zero knowledge instead of having to make each ZK system a PHD thesis.
Others say that zkVMs are pointless because they're less efficient than these bespoke mathematical objects. Yes, they are. So what? The flexibility is worth it. Others say that zkVMs came out of Etherium, so they're only good for "crypto" stuff. False. Sure, it's the Etherium people who did a lot of foundational research into efficient zkVMs. We owe them a debt of gratitude, because they made a new kind of CS object that's going to be useful for tons of things not tied to Etherium or web3 in any way.
Anyway, if you want to get a feel for fully programmable ZK systems, check out https://noir-lang.org/, a programming language for ZK programs (not a zkVM, but same UX). Or https://github.com/a16z/jolt, which lets you run normal Rust under zero knowledge.
Today, you can write normal-looking code and have it execute under zero knowledge, and, importantly, efficiently. You literally couldn't do this two years ago, and it changes everything.
RISC Zero is useful for crypto use-cases: Other people need to verify an exact program was run.
The identity use case is about connecting sources of trust (document issuers) with consumers of that trust ("this is a real person") in ways that don't release more than the minimum information required ("the passport office has signed that this is a real person so we can trust that").
Single purpose circuits make a lot of sense for this - there is just no need to a full ZK RISC-V VM for this use case.
RISC Zero verifies that an exact computation was performed. What would be the point of the system otherwise? If you're starting from this incorrect premise, you're going to arrive at an incorrect conclusion.
> Single purpose circuits make a lot of sense for this
No, they don't. They lock your system into a single set of trade-offs without an advantage to offset it. They're premature optimization. How do you think ZK systems can be made resilient to cloning attacks without hardware locking if your ZK vocabulary is limited to stupid BBS-style selective disclosure and nothing else?
How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
> No parking, squatting, or reselling
How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.
> No parking, squatting, or reselling
Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
I'm curious about how this works, but it doesn't look like I can find out without creating an account. I see that it says "Link your existing social accounts to prove you're not a bot." How does having social media accounts prove I'm not a bot?
Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
The "how it works" page for that website says that the ID data is "digitally signed by the issuing government". But there doesn't seem to be anything in the docs about how to get or verify that signature. So it seems like they are just asking users to trust them to do the verification.
> Think of it as a similar model to ISRG and LetsEncrypt.
In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
> rule of one person per subdomain
What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
> In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing!
> What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.
To be honest it feels like these answers boil down to "we feel it'd be nice if this existed but we have no actual answers as to how to get it done".
---
To stick with your comparison: when letsencrypt and ISRG launched they had actual answers for how to deal with the hard challenges in their space:
A) how to get included in a trust roots (crossigning with IdenTrust at first and the knowledge and expertise of how to get included in the longer term)
B) Automated domain validation in a standardized way (ACME)
C) Long term commitments of sponsorships to ensure people could trust it would stick around
---
I wish you the best of luck, but I think this might have needed to bake a bit longer before publicizing.
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue?
Is it actually a substantial expense? The TLD itself only has to publish the nameserver records, which generally have a TTL of about a day. A DNS response is a few hundred bytes. Big DNS providers like Google and Cloudflare would make requests for every actively used domain every day, but then cache them. Smaller providers wouldn't cache as well but also wouldn't each request every domain every day. For e.g. a million personal domains, ballpark estimate is somewhere in the few TB a month of traffic. Maybe a little over personal hobby project money but definitely not outrageous for a small non-profit organization.
> How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
This is the easy one. Squatters buy domains because they want to sell them. To sell them they have to make it publicly known to prospective buyers that the domain is available for sale. So then if anyone lists the domain for sale anywhere, you make them prove that they own it (which any actual buyer would also have to do in order to not get scammed) and when they do the domain is forfeit.
It's kind of sad that we don't do that for all domains. Domain squatters can go to hell.
For this application round, ICANN is running an Applicant Support Program, or ASP. The applicants seeking to apply for a TLD this round who qualify for the ASP will have a substantially reduced application fee, among other benefits. Our organization is one such org who has qualified for the ASP so we will not have to pay the full $227,000 application fee.
How much is the reduced fee then? As I understand it's somewhere between 75-85% less, which is still a lot of money.
Also, who is paying for the reduced fee, administrative and infra costs? And have you actually submitted gTLD application, or are you trying to crowdfund? Unclear to me.
The fee will fall on us to pay and the gTLD application window is open and our application is in progress. Yes we are crowdfunding (there is a donation link on our website and in the pamphlet) while also actively seeking partners to sponsor us.
Much of the cost here comes from compliance with the ICANN gTLD program structure, not from running the underlying technical infrastructure (which is not limited to DNS - you also need EPP/RDAP/etc). See https://www.icann.org/en/registry-agreements for (hundred+ page) documents outlining registry responsibilities. Registries can outsource some of this to an ICANN-accredited "registry service provider", but should expect to pay upwards of hundreds of thousands of dollars yearly for the privilege.
Might be a public service? I guess many countries already had such a thing with running cost several order higher than such a thing as a TLD, operating for centuries now.
Is it really that expensive to run a TLD? Name servers are notoriously long running on ancient spec servers.
I’m guessing, if designed well, the registration process could run on lightweight infrastructure. Maybe $1-5k total per year, not counting time. So it’s enough for a fun hobby project.
I'm just being a negative nancy here, but I don't think I'd want to advertise that any of my sites are specifically self hosted, in that it kinda asks for ... security probing, since it's more likely than not got less than professional security surrounding it.
Having said that gestures to the entirety of the internet
I don't understand the naming scheme, or the apparent lack of it. I half expected it to be some sort of UUID which would at least makes sense. At one per person for 7 billion people that's a little under 33 bits. Make it a nice round 40 for a bit of future proofing (the scheme doesn't need to live forever) and to make a bit of space internally and that's 5 words from a 256-word list. That would seem to make a lot more sense then first-come, first-serve on something as easy to abuse as .self.
However, perhaps more relevantly, it isn't clear why this needs a TLD and all the hassle associated with a tld when it could just as easily be attached to any convenient domain name lying around that you have access to, such as, oh, say, onmy.cloud.
Then again I have this objection to almost all TLDs. But I'm not sure I'm wrong.
At the very least if you want to show ICANN that you mean business I would strongly suggest just doing it on onmy.cloud, and tell people that if you get the .self you'll transparently migrate their onmy.cloud domain on to .self when you get it. Nothing says "I can do this" like actually doing it.
Controlling the TLD has its own benefits and drawbacks (managing email reputation, for example) but as a regular person I have more reason to trust `.cloud` than `.self` purely on the basis of proven continuity. My `.com` domain will almost certainly live as long as the internet does provided that I keep paying to renew.
Regardless, a UUID is probably the right call. It doesn't help with memorability but it's at least more stable than an IPv4/IPv6 address and can be hard-coded. I wonder if you would get a full zone or if it's just an A/AAAA record given their broader goals of email and VPN tunneling.
This is an idea at this point, the next round of gTLD applications is currently open and we are in the process of applying and we are trying to garner support!
there's a project for getting retro computers connected to an "internet" with 90s/00s services available, and they use .retro on that. it's pretty cute.
There are three TLDs I block on my computer completely, and all of them are file extensions - .zip, .md, and .mov.
(Yes, the domain "readme.md" exists. Fortunately, whoever owns it is not using their power for evil and does not have any webserver there... but I'm not risking it.)
So this is my iCloud on the web for AI agents to pay me for access to my content (Cloudflare allows the bots in upon paying) :-)
Cloudflare offers this now (their Pay to Crawl service) but its not geared towards every human getting paid for their content. As of today Facebook and other social media platforms profit from our content....not us!
This is practically useless information (and I don't mean that in the flippant "of low regard" slang sense, I mean a literal "this information becomes irrelevant once you look at what practically applying it does" sense). E.g.:
- Centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways!
- No centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways!
My above pedantry aside, the article is explicitly about "The Internet" (it's even using the capital "I" oft forgotten about these days). I.e. the worldwide bubble which has centrally controlled assignment via ICANN/IANA, separate from other systems using the DNS/IP protocols. That's why it talks about ICANN and why bananamogul mentioned .self has not been centrally registered with IANA yet.
Site errored out and gave me three different error messages as I reloaded. I guess it's self-hosted on something underpowered, and dynamic where static would do the job?
States could grant such domains when individuals register their identity, for example, "klaus-mueller-<close eyes say first word that comes to your mind>.self". It runs on a VPS, and it is well documented how to create and run a website on that. School kids are introduced to it. Would be an excellent entry point into digital sovereignty for citizens.
Please leave states out of this. The State™ is not your friend, and we don't need a future, even more criminal government to have access to the shutdown button of even more of our identity.
Note that I did not single out an individual coutnry. All governments always stride towards autocracy.
We are probably going to reserve some of the more obvious ones for specific purposes, e.g. my.self automatically pointing to a homepage on your local network. As we go through the gTLD evaluation process we will be keen to solicit feedback from the community on more specifics!
I don't fully understand how this works... who regulates and defines what is "self-hosted" or "ethical technology"... I feel you can't really solve the distributed consensus and governance problem by just introducing a new domain suffix.
If this is supposed to be human-centered, why isn't it .human? I assume there will be many agents with their own ".self" domains that have very little human oversight.
Sounds like a unified directory of domain with lower security that attackers can target to me. not sure the domain for self hosting is such a great idea.
It simply cannot be both free and free choice of domain.
If it has both, it will be squatted to uselessness, and blocked everywhere because of phishing scams everywhere.
You can either make the domains cost money, which seems counter to the entire point, or disallow choosing the domain, instead handing out free what3words style names.
You should read their proposal. Specifically, the first "core feature": one person, one domain. If you want to squat on a domain, go for it -- it's yours, and that's the only domain you're getting.
I suppose this will be done by ID verification, which is a complete and total non-starter for me, but they do have a vision of some kind.
I've read it, I don't believe it will be effective, even with actual physical ID verification. Scammers can get more IDs, for example by way of scamming.
We have considered this, all of these things will be examined during the evaluation process of the application with ICANN before any approval to operate the TLD is granted. We could also police our domain and revoke users who use it for abuse but that may be too costly. But you are right that fundamentally we must protect the reputation of the TLD at all costs and that will require imposing certain limits on its use.
Their free terms are kind of bad. They use CORS security feature to block you from loading content from other sites. It doesn't cost them anything to let your site link outside content so they are only doing it make the free tier bad so people upgrade.
What is the expected price range for registration and renewal under this TLD?
Will there be any assurance that renewal prices will remain fairly stable, rather than being significantly raised after customers grow attached to their domains (a practice that seems to be common with new gTLDs)?
Well, the .meow kickstarter raised €121,896 with just an assertion and a voucher system, so there's at least some community support for this kind of thing, without it needing to be a good idea :-)
That all the cool 2-letter TLDs are designated as country codes was an extraordinary mistake that will have unpredictable and devastating consequences long into the future.
Our goal is for .self to be more than just another TLD string, we want to specifically empower the self-hosting use case with local clients that integrate directly with the TLD and operate shared services like mail servers as a public good. We want to dramatically simplify the effort it takes to set up a domain for homelabs and offer free services that are directly tied to the domain like email.
We don't necessarily, however there are many benefits for doing so. We could simply purchase a domain and then build our initiative beneath it but then everything we do would be beneath that domain, meaning there would be two dots in what is our effective TLD. That would also mean we are a bit beholden to whichever TLD we are beneath and also whichever registrar we purchased our domain from. With the services we hope to offer around things like TLS certs and emails, it just makes more sense for use to own the whole thing from the root.
<something>.duckdns.org. works fine, and being "beholden" to ICANN is no worse than being a client of one of the big traditional gTLDs. If you want "one person, one name", well, .name is there for that.
It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"
What value is there in "horse.horse" being something you can resolve with DNS? What value does <something>.self give me, as a reader, that <something>.name or <something>.me or any of the other zillion variations on the same idea doesn't?
If anything, it creates confusion! "Oh, I met Bob McBobFace. Is he mcbobface.me? mcbobface.name? mcbobface.local?".
I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
I guess I just don't get the value to the public of increasing the set of dotted word suffixes that indicate that a word is a a cognizable DNS object.
> It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"
So the new gTLD round is open right now, we're getting more TLDs whether we like it or not. Our goal is to make one that has features built-in which cater to the self-hosting use case. So that is our key differentiator, that every endpoint leveraging our TLD should be someone's small-scale homelab setup.
> I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
Technically yes it could work, but given the suite of features we'd like to build into our TLD, it would make things more difficult if we didn't own it. We would be dependent on external parties for our root domain, the root of trust for TLS certificates, all users' subdomains would have an extra dot etc.
It just feels a bit like you've decided to solve the hardest possible side quest first.
Everything else on your roadmap could have been built and shipped in the universe that exists, and then if down the road it's working, you could have aimed for your own TLD.
Instead you're putting the TLD first and any of the actual functionality that end users might want afterwards.
That is a fair criticism, however I would say that the reason we are going for the TLD now is because now is the only time we can do it. The last round of TLD applications was in 2012, so if we don't apply now, it could be a veeery long time before the opportunity comes around again. We are a new org and our goal is to build functionality in parallel with the ICANN application which will likely take years to resolve.
What do you mean by "US domains?" Domains registered by US citizens? Hosted in the US (in which case does that include territories)? Regardless of the definition, I don't see an easy way to do this, nor a reason to, since domains can change hands (and hosts) across countries.
Domains that fall under the jurisdiction of the US? The domains themselves not the websites they point to? Everything under .games is controlled by the US government, the German government gets .games.de instead. To be fair it should be .games.us and .games.de (or .spiele.de)
Even gTLDs using other languages, like .kaufen, are under US jurisdiction. A German website selling to German customers using a .kaufen domain is forced to abide by US law as well as German law or loses the domain. Using a .de domain they would only have to abide by German law. That's unfair that the US government gets to stick its grubby fingers into every TLD that isn't a country code.
I have the opposite opinion, TLDs should have been restricted to ISO 3166 codes only, with only a few exceptions for international organizations and private networks.
The point is that you are your own hosting provider! We are trying to cater to self-hosters so our goal is to make it as easy as possible for someone with their own homelab to get a domain and have it pointed at the services they want to host.
If we're gonna futz around with self hosting tld stuff, can we get HTTP clients to allow self signing on dot local? It's my goddamned network stop warning me about my own servers and no I don't want to install new root certs I resent the need to do Deep Magic just to have a private NAS.
I've been experimenting with using "mymobilenumber.xyz" for stuff thats specific to me.
the domains are cheap and easy to remember.. in this day and age mobile numbers are not super secret anyway...
Computer Systems Laboratory, Stanford University, Stanford, California 94305
RANDALL B. SMITH† (rsmith@parc.xerox.com)
Xerox Palo Alto Research Center, Palo Alto, California 94304
Abstract. SELF is an object-oriented language for exploratory programming based on a small
number of simple and concrete ideas: prototypes, slots, and behavior. Prototypes combine inheritance
and instantiation to provide a framework that is simpler and more flexible than most object-oriented
languages. Slots unite variables and procedures into a single construct. This permits the inheritance
hierarchy to take over the function of lexical scoping in conventional languages. Finally, because
SELF does not distinguish state from behavior, it narrows the gaps between ordinary objects,
procedures, and closures. SELF’s simplicity and expressiveness offer new insights into objectoriented computation.
I've been looking to get into the TLD game. It's gonna cost about $600k, and it's a coin toss as to whether or not you'll get your money back. The two I've been eyeing, is .ion and .ness. Anyone want to go in on either of those with me?
We plan to operate a shared mail server than can be used by users of the domain and we will work to ensure it is trusted by imposing usage limits. We will assume that every endpoint in our domain is someone's personal homelab, meaning small-scale use. For large mailing campaigns and newsletters there are plenty of services to choose from that enable those but for just sending personal emails, it should work.
Wait, so self hosting but I don't host my own email? So you guys just want to run your own mailserver and give people custom emails?
That sounds like negative utility. That would make hosting an email server on one of your domains harder than hosting it on a .com, so what benefit is this providing?
I am disappointed that icannt.org is taken and is not an alternative root.
Edit: I've been rate limited because of this comment, apparently. Account burned - will make a new one. Dang says below it's because of flagged comments but I don't see many flagged comments in my history.
Of course we wouldn't rate limit you, or anyone else, for an innocuous comment.
We rate limited you because of flamewar comments you posted in another thread, like this one: https://news.ycombinator.com/item?id=48723651. You posted over 50 times in that thread, and many of your comments there broke the site guidelines. That's abusive. If we didn't rate limit accounts for doing that, we might as well have no guidelines or restrictions at all.
unless it's promising a return on investment funded by new entrants to the scheme it's not a ponzi. Managing TLDs is just a plain old service. If you want to set people up with a different solution to planting a flag in a global namespace you're free to do so (.eth was an interesting attempt) but you are competing with one hell of a 'network effect'
That doesn't contradict anything I said. Private networks can be huge, e.g. in big companies, and they can still use .internal. .internal serves quite a different purpose to that proposed for .self, so the top level comment I replied to doesn't make much sense.
I've been using .lan, referenced in rfc6762[1] as a good alternative to the multicast .local
> We do not recommend use of unregistered top-level
domains at all, but should network operators decide to do this, the
following top-level domains have been used on private internal
networks without the problems caused by trying to reuse ".local." for
this purpose:
Remember when the .tk TLD became free 20 years ago ? Every hobbyist took one, then scammers followed, then Facebook and antiviruses started blocking it.
I remember publishing a website for a class on my .tk domain, the teacher couldn't open it and I almost got a failing grade because of it.
>One Person, One Subdomain
Indeed. That's the necessary
Yes, one of the key principles we follow is that all the perks we aim to provide must come with some limit to prevent abuse.
What a memory you have unlocked. They were everywhere. I remember the urban legend that .tk domains were X% of their GDP
10% apparently for .tk. I also remember .tv windfall, which is 8-9% of their GDP.
And the .sy boom until startups got enough heat for, you know, funding the Assad regime.
Apparently nobody cares that .af is now funding the Taliban
The terms of using that tld say it must comply with Sharia law
pretty strict and apparently the Minister of that agency doesnt care that .af is a domain hack for “as fuck” in the west
In other words, he doesn't give a fuck
yeah it was right there
Perhaps he does - dontgive.af does not resolve.
1. Be Sharia law
2. Sell domain name that's against Sharia law
3. Retake it back when someone buys it, because it's against the law
4. Repeat and profit
What website/service actually uses that?
A Mastodon instance used it: https://www.theverge.com/2024/2/12/24071036/queer-af-mastodo...
During Pride Month?!?
The .ai TLD is some tiny island with a few thousand people
.io is (British) Indian Ocean (Territory).
haha yeah I've bet the last 12 months of my career on a .io
I always thought these TLDs were a flight risk to be used in any serious capacity. What if the random state decides you/your business are in violation of [whatever] and kick you off?
What if an elephant steps on the power cable to the server room?
Core memory unlocked
Not enough allowance to fund a .com domain, had to use freenom / tk + cloudflare for my first years of self hosting
Double unlock.
In the mid 2000’s, I moderated a domain name discussion forum in exchange for free hosting. “X forum posts per month = x gb of bandwidth”
My goal was to post enough for them to give me WHM access so I could try to resell it.
Those were the days.
Those were the days indeed. A big part for me is probably because I was a teen at the time with little responsibility, but getting to be a part of the wild west days of the internet was a magical experience.
Magical indeed!
I once mailed $70 cash (multiple months of allowance) to someone to code a MVP of something I wanted to build.
They ripped me off and disappeared.
And… that’s when I decided I needed to learn to code!
Somewhere out there is a developer telling this exact same story. ‘I once agreed to build an MVP for a kid who promised to mail me cash. Never showed up. And THAT’S when I decided to get a real job.’
Except I mailed the cash in advance! It’s okay, it was probably another 14 year old.
My parents were not happy when I told them I sent cash to a stranger. I remember having to do it in secret because they were very not okay with the idea that you can meet strangers online. Hah.
I think they're describing a scenario where the cash was stolen by a postal worker or for some other reason didn't make the full trip.
In my case, ignorance unlocked. I never heard of tk and I remember 36k modems so old enough.
I think reason is I went to work, slung .NET and didn't think much about computers otherwise except occasional reading some C++ books for "fun".
tk and cc, the domains i used to use for php reverse shell haha, bring back memories!
At least https://tcl.tk redirects => https://www.tcl-lang.org/
A friend almost failed an IT class because his website didn't render at all in IE6. This was during the time of IE9. The teacher just hadn't updated their browser in a long time.
I don't get how you get to be an IT teacher without knowing the most basic troubleshooting steps to get assignments to run.
I had a similar class where they threatened to fail us if we didn't use Dreamweaver and instead wrote our own html.
Were they paying for the Dreamweaver licenses?
Please. Universities have students by the short and curlies. They can academically do basically whatever they want, and fail you for not complying. Professors can even demand their book be purchased, and fail for not buying the book.
Most universities are unethical shitholes that can do basically whatever they want to gatekeep a diploma.
It’s getting so bad. My wife is in a remote school where they fail students occasionally to squeeze a little extra $$ out of them.
I’m sorry your wife failed some classes, but it’s probably not because the school wants some extra money.
They didn't say that.
When I had web design a bit after 2010, they still used Dreamweaver and yeah you could get a license for free via the university. That’s pretty normal (eg giving you a Visual Studio license, Office, all that). It was more crazy that the course was so incredibly basic (nothing more than static page building in dreamweaver) at this college compared to the other one I later transferred to
Dreamweaver was cool as a beginner because it took a lot of the troublesome parts out of the equation. But it did end up being more of a hindrance than a benefit the further you went in.
Was that class taught by a certain woman who had a business making websites, per-chance?
You just described my teacher, and I’m fairly certain we didn’t go to the same middle school.
Heh…I once was in a state-level coding event (it was a small portion of a larger competition) where half of the test was turning in code on a CD during the competition, with the written half during the event. My CD was deemed unusable for whatever reason (it had worked on XP and Fedora 6 or 7 at home) and didn't count towards my score. I still got second in the event. I declined to continue because I couldn't trust that the judges would be able judge my submission fairly and that with half of my score missing I still got second that I didn't need to prove anything else at the cost of more after-school practice hours and wrecking my perfect attendance record during my senior year to travel to nationals.
Does high school attendance matter for anything? Genuine question. Always seemed like pre-college schooling always wanted you to think everything was more important long-term than it really was.
It's a built-in secret part of the teaching for any job where you interact with customers, they don't upgrade and they have no troubleshooting skills.
Or just ineptitude, but I'm hoping for the former.
I remember that. The one thing I would add is I think the usage was much more general purpose. "Free stuff" sites were a big deal and huge source of traffic and .tk was widely shared on those. You could have a banner with ads and have the domain for free.
The "one free domain per person" isn't the interesting part really - that will be hard to police unless domain name is a function of ID proof (avoids squatting).
0) The actual intersting part of a new TLD can be growing reputation by post-facto taking away a domain without recourse in case of squatting. Instead of adversarial takedowns (which produce false positives as noted), let anyone challenge an inactive domain in the first year or two.
1) If they can figure out a mechanism for moving a domain from "assigned" -> "squatted".
2) Domain must match (or derive from) a verified identity - e.g. your domain is a hash/slug of your government ID. Makes squatting structurally impossible because you can't claim someone else's name / gov (Sign in with passkeys linked to a national ID).
3) Proof of human effort, reduced with time - require periodic renewal with proof-of-use (DNS TXt updates, through a flow hard to automate).
4) Kill speculative market - domains are non-sellable and non-transferable - always go back to the free pool, and stay there for 30 days mandatorily.
Some mix of these could be the right structure for a trule high-reputation, free domain.
Sounds like a bad domain for self hosting. You have to update txt records randomly and your domain can be taken for whatever reason. Whatever value you build goes away if you are inactive. You cannot transfer ownership killing any value you added.
Hence the "in the first year or two". Some more human effort to showcase proof early on, then the domain is solidified for you like iwth any other registrar. This is something like captcha/bcrypt - a single instance isn't a burden, but doing it at scale is costly.
> You cannot transfer ownership killing any value you added
I think this is by design. The domain should be for personal use - hence free.
Exactly this, the goal is to design a TLD according to human-centered principles. That is, we are assuming (and enforcing) that every endpoint using this domain will be some relatively small-scale environment for personal use. This is what will allow us to provide a lot of neat functionality but only at that scale.
I dislike the term “domain squatting”. It should be called “domain scalping”.
Or domain ownership.
It isn't scalping if your actually using it. It's easy to spot a scalping site since its just an advertisement to buy the domain.
Or domain leasing.
I am probably missing something, but how DNS TXT updates can be made difficult to automate?
We can get creative. quick ideas: Send it by printed post. pass it around people to people. an email needs to be added in with some process, and can only get one TXT update value a week.
Many ways of adding friction to obtaining the updatable value - which a human owning a domain would be happy to do, but a squatter would not want to.
Hi there. I've done a bit of work on specifying human-centric identity goals for the internet over the last 10 years. May I suggest you look at Microsoft Vega? https://www.microsoft.com/en-us/research/blog/vega-zero-know... (I have no affiliation).
In brief, I think they aim to solve the most important needs for online identity-gated services in a maximally private way.
For instance, I'd like to see .self offer the following: a single domain to any person in the world with identity blinded. I can imagine two 'tranches': say xxx.v.self for 'verified' and xxx.u.self for 'unverified'.
Both would use a Zero Knowledge proof to confirm they had not already registered a domain; verified would register with you guys or a data broker some PII in case it was needed for verification / checks / etc, while unverified would maintain the promise of one domain = one person, but not allow the TLD or registrars to be able to unblind which person it is.
Use cases like this would be really fantastic. And, obviously could be tested out and tried on a normal domain name while you make your pitch, and put in for the auction / however ICANN is currently managing TLD launches.
Please submit this to us via our contact form, we will need lots of community input! https://hccf.onmy.cloud/get-involved/
It is good that Microsoft Vega is popularizing zero-knowledge identity-based attestations. It's unfortunate that they're doing so in a relatively inflexible way.
I wish the Vega people had oriented their work around general-purpose zkVMs instead of application-specific ZK circuits. The latter is a fleeting efficiency win; the former is a permanent flexibility advantage. ZK-based privacy advocates shouldn't over-index on proof performance on today's systems when zkVM systems have been making multiple-OOM performance improvements over the past couple of years.
IOW, with Nova, the Vega people are trying to do something very clever (just as the BBS+ people are trying to do something very cleaver) that general-purpose compute wins have made unnecessary.
Something like RISC Zero will let you run arbitrary Rust code under zero knowledge in a few hundred milliseconds with little fuss. Nobody appreciates that identity verification is one special case of a vast set of useful applications enabled by widespread adoption of a ZK compute platform.
Can you talk more about RISC Zero? Does it require a TEE of some sort? I had trouble finding a quality mid-detail spec of how it works; lots of marketing materials basically.
zkVMs (of which RISC Zero is one example) do not require a TEE. That's the whole point: the privacy properties come out of the math. Basically, nowadays, once you and I can agree on the text of a program, you can run the program on your private inputs and produce a number that proves to me that you actually ran this specific program and not some other.
For example, age verification: I can run a program that takes a signed time-stamp and an officially-signed birth certificate and produces a yes/no "over 18" boolean, then prove to you I actually ran this program, not just "return true", but WITHOUT revealing the birth certificate.
It's a really neat facility that too few people are thinking about. We've had zero knowledge systems for a few decades now, but until now, each one has been a special bespoke mathematical object that would take years to develop. Over the past year or two, we've 1) made the things 1000x faster, and 2) made it possible to write arbitrary code under zero knowledge instead of having to make each ZK system a PHD thesis.
Others say that zkVMs are pointless because they're less efficient than these bespoke mathematical objects. Yes, they are. So what? The flexibility is worth it. Others say that zkVMs came out of Etherium, so they're only good for "crypto" stuff. False. Sure, it's the Etherium people who did a lot of foundational research into efficient zkVMs. We owe them a debt of gratitude, because they made a new kind of CS object that's going to be useful for tons of things not tied to Etherium or web3 in any way.
Anyway, if you want to get a feel for fully programmable ZK systems, check out https://noir-lang.org/, a programming language for ZK programs (not a zkVM, but same UX). Or https://github.com/a16z/jolt, which lets you run normal Rust under zero knowledge.
Today, you can write normal-looking code and have it execute under zero knowledge, and, importantly, efficiently. You literally couldn't do this two years ago, and it changes everything.
Disagree with this.
RISC Zero is useful for crypto use-cases: Other people need to verify an exact program was run.
The identity use case is about connecting sources of trust (document issuers) with consumers of that trust ("this is a real person") in ways that don't release more than the minimum information required ("the passport office has signed that this is a real person so we can trust that").
Single purpose circuits make a lot of sense for this - there is just no need to a full ZK RISC-V VM for this use case.
RISC Zero verifies that an exact computation was performed. What would be the point of the system otherwise? If you're starting from this incorrect premise, you're going to arrive at an incorrect conclusion.
> Single purpose circuits make a lot of sense for this
No, they don't. They lock your system into a single set of trade-offs without an advantage to offset it. They're premature optimization. How do you think ZK systems can be made resilient to cloning attacks without hardware locking if your ZK vocabulary is limited to stupid BBS-style selective disclosure and nothing else?
https://hccf.onmy.cloud/wp-content/uploads/2026/06/dot-self....
> Everyone entitled to a subdomain at no cost
How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
> No parking, squatting, or reselling
How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
It's not clear whether they're actually talking about domains or subdomains there, which is a worrying sign from a potential registrar.
Any domain that isn't one of the Top Level Domains is also a subdomain.
Isn't the actual top level domain an empty one after TLD? Looking like «.com.» with trailing dot
I mean sure, but if you started talking about google.com as a subdomain, real humans would correctly look at you funny.
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.
> No parking, squatting, or reselling
Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
How is one person per subdomain enforceable? How is a person uniquely identified and tracked?
My guess is by using ID verification similar to how I do it on https://onlyhumanhub.com/
I'm curious about how this works, but it doesn't look like I can find out without creating an account. I see that it says "Link your existing social accounts to prove you're not a bot." How does having social media accounts prove I'm not a bot?
So you have just built a wrapper around https://passportreader.app/, which itself is reading NFC enabled ID/passports from specific countries. The coverage map is here: https://passportreader.app/coverage.
Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
The "how it works" page for that website says that the ID data is "digitally signed by the issuing government". But there doesn't seem to be anything in the docs about how to get or verify that signature. So it seems like they are just asking users to trust them to do the verification.
> Think of it as a similar model to ISRG and LetsEncrypt.
In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
> rule of one person per subdomain
What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
> In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing!
> What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.
You need to find a benevolent selfless soul who will sponsor you.
To be honest it feels like these answers boil down to "we feel it'd be nice if this existed but we have no actual answers as to how to get it done".
---
To stick with your comparison: when letsencrypt and ISRG launched they had actual answers for how to deal with the hard challenges in their space:
A) how to get included in a trust roots (crossigning with IdenTrust at first and the knowledge and expertise of how to get included in the longer term)
B) Automated domain validation in a standardized way (ACME)
C) Long term commitments of sponsorships to ensure people could trust it would stick around
---
I wish you the best of luck, but I think this might have needed to bake a bit longer before publicizing.
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue?
Is it actually a substantial expense? The TLD itself only has to publish the nameserver records, which generally have a TTL of about a day. A DNS response is a few hundred bytes. Big DNS providers like Google and Cloudflare would make requests for every actively used domain every day, but then cache them. Smaller providers wouldn't cache as well but also wouldn't each request every domain every day. For e.g. a million personal domains, ballpark estimate is somewhere in the few TB a month of traffic. Maybe a little over personal hobby project money but definitely not outrageous for a small non-profit organization.
> How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
This is the easy one. Squatters buy domains because they want to sell them. To sell them they have to make it publicly known to prospective buyers that the domain is available for sale. So then if anyone lists the domain for sale anywhere, you make them prove that they own it (which any actual buyer would also have to do in order to not get scammed) and when they do the domain is forfeit.
It's kind of sad that we don't do that for all domains. Domain squatters can go to hell.
It costs ~$200,000 to apply for a TLD, and there's an ongoing renewal cost in the tens of thousands of USD.
That's definitely not a cartel then.
For this application round, ICANN is running an Applicant Support Program, or ASP. The applicants seeking to apply for a TLD this round who qualify for the ASP will have a substantially reduced application fee, among other benefits. Our organization is one such org who has qualified for the ASP so we will not have to pay the full $227,000 application fee.
How much is the reduced fee then? As I understand it's somewhere between 75-85% less, which is still a lot of money.
Also, who is paying for the reduced fee, administrative and infra costs? And have you actually submitted gTLD application, or are you trying to crowdfund? Unclear to me.
The fee will fall on us to pay and the gTLD application window is open and our application is in progress. Yes we are crowdfunding (there is a donation link on our website and in the pamphlet) while also actively seeking partners to sponsor us.
Much of the cost here comes from compliance with the ICANN gTLD program structure, not from running the underlying technical infrastructure (which is not limited to DNS - you also need EPP/RDAP/etc). See https://www.icann.org/en/registry-agreements for (hundred+ page) documents outlining registry responsibilities. Registries can outsource some of this to an ICANN-accredited "registry service provider", but should expect to pay upwards of hundreds of thousands of dollars yearly for the privilege.
Might be a public service? I guess many countries already had such a thing with running cost several order higher than such a thing as a TLD, operating for centuries now.
Is it really that expensive to run a TLD? Name servers are notoriously long running on ancient spec servers.
I’m guessing, if designed well, the registration process could run on lightweight infrastructure. Maybe $1-5k total per year, not counting time. So it’s enough for a fun hobby project.
I'm just being a negative nancy here, but I don't think I'd want to advertise that any of my sites are specifically self hosted, in that it kinda asks for ... security probing, since it's more likely than not got less than professional security surrounding it.
Having said that gestures to the entirety of the internet
So maybe not such a big deal.
My initial thought as well, so you're no outlier, unless we are.
Why not? Surely you’re putting a cdn in-front of it still.
I don't understand the naming scheme, or the apparent lack of it. I half expected it to be some sort of UUID which would at least makes sense. At one per person for 7 billion people that's a little under 33 bits. Make it a nice round 40 for a bit of future proofing (the scheme doesn't need to live forever) and to make a bit of space internally and that's 5 words from a 256-word list. That would seem to make a lot more sense then first-come, first-serve on something as easy to abuse as .self.
However, perhaps more relevantly, it isn't clear why this needs a TLD and all the hassle associated with a tld when it could just as easily be attached to any convenient domain name lying around that you have access to, such as, oh, say, onmy.cloud.
Then again I have this objection to almost all TLDs. But I'm not sure I'm wrong.
At the very least if you want to show ICANN that you mean business I would strongly suggest just doing it on onmy.cloud, and tell people that if you get the .self you'll transparently migrate their onmy.cloud domain on to .self when you get it. Nothing says "I can do this" like actually doing it.
imho we should be able to register ipv6 as our identity.
Controlling the TLD has its own benefits and drawbacks (managing email reputation, for example) but as a regular person I have more reason to trust `.cloud` than `.self` purely on the basis of proven continuity. My `.com` domain will almost certainly live as long as the internet does provided that I keep paying to renew.
Regardless, a UUID is probably the right call. It doesn't help with memorability but it's at least more stable than an IPv4/IPv6 address and can be hard-coded. I wonder if you would get a full zone or if it's just an A/AAAA record given their broader goals of email and VPN tunneling.
Hold up...why isn't .self listed here:
https://www.iana.org/domains/root/db
Is this just an idea at this point, or some kind of "you have to use our DNS to resolve .self domains" scheme - ?
This is an idea at this point, the next round of gTLD applications is currently open and we are in the process of applying and we are trying to garner support!
Could do something like .brave and just sidestep ICANN?
With your hosts file or running a DNS on localist you can do whatever you want
there's a project for getting retro computers connected to an "internet" with 90s/00s services available, and they use .retro on that. it's pretty cute.
This is the first I've heard of this and search results have been fruitless. Where can I find more info on this?
Oh great, an entire .brave TLD shilling a BAT shitcoin crazy crypto scam. Don't we already have enough of those?
TIL https://newgtldprogram.icann.org/en/application-rounds/round...
Oh god not this shit again.
Inb4 they give away .docx
.zip was especially egregious. No one should have allowed that to happen.
There are three TLDs I block on my computer completely, and all of them are file extensions - .zip, .md, and .mov.
(Yes, the domain "readme.md" exists. Fortunately, whoever owns it is not using their power for evil and does not have any webserver there... but I'm not risking it.)
.md seems overzealous, no? Do you also block .rs? Would break too much I imagine.
What do you have against Moldova?
They're unlucky, no EU for you.
So this is my iCloud on the web for AI agents to pay me for access to my content (Cloudflare allows the bots in upon paying) :-)
Cloudflare offers this now (their Pay to Crawl service) but its not geared towards every human getting paid for their content. As of today Facebook and other social media platforms profit from our content....not us!
Domain names are not centralized, there is no central entity that controls an approved list of kosher domains.
This is practically useless information (and I don't mean that in the flippant "of low regard" slang sense, I mean a literal "this information becomes irrelevant once you look at what practically applying it does" sense). E.g.:
- Centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways!
- No centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways!
My above pedantry aside, the article is explicitly about "The Internet" (it's even using the capital "I" oft forgotten about these days). I.e. the worldwide bubble which has centrally controlled assignment via ICANN/IANA, separate from other systems using the DNS/IP protocols. That's why it talks about ICANN and why bananamogul mentioned .self has not been centrally registered with IANA yet.
Site errored out and gave me three different error messages as I reloaded. I guess it's self-hosted on something underpowered, and dynamic where static would do the job?
Indeed, this response is way more than we expected. Trying to set up a web cache now.
States could grant such domains when individuals register their identity, for example, "klaus-mueller-<close eyes say first word that comes to your mind>.self". It runs on a VPS, and it is well documented how to create and run a website on that. School kids are introduced to it. Would be an excellent entry point into digital sovereignty for citizens.
Enabling digital sovereignty for individuals is our foundational motivating principle!
Please leave states out of this. The State™ is not your friend, and we don't need a future, even more criminal government to have access to the shutdown button of even more of our identity.
Note that I did not single out an individual coutnry. All governments always stride towards autocracy.
Shotgun on your.self! That’s going to yield a ton of great second level sub domains :)
treat.your.self
treat.yo.self
hug.your.self
serve.your.self
dancing.with.my.self
reference.self
interest.self
pleasure.self
gratification.self
b.true@to.thine.own.self
touch.a.touch.a.touch.a.touch.me
https://www.youtube.com/watch?v=x92ccvZCzlg
go.----.your.self
We are probably going to reserve some of the more obvious ones for specific purposes, e.g. my.self automatically pointing to a homepage on your local network. As we go through the gTLD evaluation process we will be keen to solicit feedback from the community on more specifics!
Hey now!
And the slang and typos? (ur.self, mi.self, his.self, there.self, ther.self, theyre.self, they.self, ...)
all CNAME -> claude.ai
go.fuck.your.self would be a pretty good one
Hosted ... all.by.my.self
I’m just using .home.arpa for my self hosted stuff. Free, just have to deal with TLS root cert trust, but once that’s down; you’re golden.
.internal works fine now.
Both of these are meant for operating a home/private network.
.self seems to be geared towards a 'accessible from the everyday net' kind of approach.
I don't fully understand how this works... who regulates and defines what is "self-hosted" or "ethical technology"... I feel you can't really solve the distributed consensus and governance problem by just introducing a new domain suffix.
> Human-Centered
If this is supposed to be human-centered, why isn't it .human? I assume there will be many agents with their own ".self" domains that have very little human oversight.
Sounds like a unified directory of domain with lower security that attackers can target to me. not sure the domain for self hosting is such a great idea.
It simply cannot be both free and free choice of domain.
If it has both, it will be squatted to uselessness, and blocked everywhere because of phishing scams everywhere.
You can either make the domains cost money, which seems counter to the entire point, or disallow choosing the domain, instead handing out free what3words style names.
You should read their proposal. Specifically, the first "core feature": one person, one domain. If you want to squat on a domain, go for it -- it's yours, and that's the only domain you're getting.
I suppose this will be done by ID verification, which is a complete and total non-starter for me, but they do have a vision of some kind.
I've read it, I don't believe it will be effective, even with actual physical ID verification. Scammers can get more IDs, for example by way of scamming.
We have considered this, all of these things will be examined during the evaluation process of the application with ICANN before any approval to operate the TLD is granted. We could also police our domain and revoke users who use it for abuse but that may be too costly. But you are right that fundamentally we must protect the reputation of the TLD at all costs and that will require imposing certain limits on its use.
We should probably just bring back Geocities at this point.
Neocities exists and you are welcome to it :)
TIL. Nice.
Their free terms are kind of bad. They use CORS security feature to block you from loading content from other sites. It doesn't cost them anything to let your site link outside content so they are only doing it make the free tier bad so people upgrade.
Somewhat related, in case you missed it a few weeks ago, Oldavista (Altavista)
https://news.ycombinator.com/item?id=48447111
What is the expected price range for registration and renewal under this TLD?
Will there be any assurance that renewal prices will remain fairly stable, rather than being significantly raised after customers grow attached to their domains (a practice that seems to be common with new gTLDs)?
I tried to leave a comment and it errored out and said “please leave a valid email.” I tried 6 different addresses at prepend.com.
It’s weird when sites have invalid email checks.
Well, the .meow kickstarter raised €121,896 with just an assertion and a voucher system, so there's at least some community support for this kind of thing, without it needing to be a good idea :-)
What is the premise for being able to do "one person, one subdomain" that isn't a privacy/security nightmare?
Looks like we've hugged it to death.
yes and it's not even on the front page yet lol
It's #10 on front page for me.
Apt for self-hosting
Indeed that appears to be so O_O. Our site is of course self-hosted, this is quite the response. Will have to troubleshoot what the bottleneck is!
Better charge an arm and a leg for it, or people will complain that it’s too cheap and argue for blocking it everywhere.
The reason why this won't work is right there, in the original link itself.
They're allowing comments and obviously the first thing there is a scam.
No way any goodwill on the Internet is going to prosper. Not anymore.
Scam comment deleted.
and yet 5 more popped up.
Deleting them as they appear.
> One Person, One Subdomain
> - Everyone entitled to a subdomain at no cost
One subdomain, or one subdomain? Would I be entitled to something like "pavel.hosts.self"?
Seems like an idea that would be abused badly, quickly
a sub (level below) domain from a top level domain (.self) would presumably be pavel.self
.me is cooler, but...
That all the cool 2-letter TLDs are designated as country codes was an extraordinary mistake that will have unpredictable and devastating consequences long into the future.
Our goal is for .self to be more than just another TLD string, we want to specifically empower the self-hosting use case with local clients that integrate directly with the TLD and operate shared services like mail servers as a public good. We want to dramatically simplify the effort it takes to set up a domain for homelabs and offer free services that are directly tied to the domain like email.
And you needed a gTLD for this task why?
We don't necessarily, however there are many benefits for doing so. We could simply purchase a domain and then build our initiative beneath it but then everything we do would be beneath that domain, meaning there would be two dots in what is our effective TLD. That would also mean we are a bit beholden to whichever TLD we are beneath and also whichever registrar we purchased our domain from. With the services we hope to offer around things like TLS certs and emails, it just makes more sense for use to own the whole thing from the root.
<something>.duckdns.org. works fine, and being "beholden" to ICANN is no worse than being a client of one of the big traditional gTLDs. If you want "one person, one name", well, .name is there for that.
It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"
What value is there in "horse.horse" being something you can resolve with DNS? What value does <something>.self give me, as a reader, that <something>.name or <something>.me or any of the other zillion variations on the same idea doesn't?
If anything, it creates confusion! "Oh, I met Bob McBobFace. Is he mcbobface.me? mcbobface.name? mcbobface.local?".
I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
I guess I just don't get the value to the public of increasing the set of dotted word suffixes that indicate that a word is a a cognizable DNS object.
> It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"
So the new gTLD round is open right now, we're getting more TLDs whether we like it or not. Our goal is to make one that has features built-in which cater to the self-hosting use case. So that is our key differentiator, that every endpoint leveraging our TLD should be someone's small-scale homelab setup.
> I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
Technically yes it could work, but given the suite of features we'd like to build into our TLD, it would make things more difficult if we didn't own it. We would be dependent on external parties for our root domain, the root of trust for TLS certificates, all users' subdomains would have an extra dot etc.
It just feels a bit like you've decided to solve the hardest possible side quest first.
Everything else on your roadmap could have been built and shipped in the universe that exists, and then if down the road it's working, you could have aimed for your own TLD.
Instead you're putting the TLD first and any of the actual functionality that end users might want afterwards.
That is a fair criticism, however I would say that the reason we are going for the TLD now is because now is the only time we can do it. The last round of TLD applications was in 2012, so if we don't apply now, it could be a veeery long time before the opportunity comes around again. We are a new org and our goal is to build functionality in parallel with the ICANN application which will likely take years to resolve.
Are you working on the not-TLD parts in parallel? If you don't get the TLD, do you plan to launch on a more traditional domain?
The marketing stuff makes it look like the TLD is your main focus.
The only mistake was not opening the root namespace altogether. It’s just a money grab.
The only mistake was not putting all US domains under .us, now the US has an an exorbitant privilege to print and enforce rules on new TLDs.
I mean, that wasn’t done by mistake
Sometimes hindsight is 1/20.
What do you mean by "US domains?" Domains registered by US citizens? Hosted in the US (in which case does that include territories)? Regardless of the definition, I don't see an easy way to do this, nor a reason to, since domains can change hands (and hosts) across countries.
.edu and .gov are us-specific, not sure if that is what they are referring to.
Domains that fall under the jurisdiction of the US? The domains themselves not the websites they point to? Everything under .games is controlled by the US government, the German government gets .games.de instead. To be fair it should be .games.us and .games.de (or .spiele.de)
Even gTLDs using other languages, like .kaufen, are under US jurisdiction. A German website selling to German customers using a .kaufen domain is forced to abide by US law as well as German law or loses the domain. Using a .de domain they would only have to abide by German law. That's unfair that the US government gets to stick its grubby fingers into every TLD that isn't a country code.
> That's unfair that the US government gets to stick its grubby fingers into every TLD that isn't a country code.
You're right in a sense, but the US invented the internet, so they get to invent the rules, no?
How about .mine?
I think letting anyone make any TLD is a bigger mistake.
.zip .pdf .mp3
I'd like to thank Caribbean island of Anguilla for having a ccTLD that helps identify which websites aren't worth your time in one quick look.
That's a popular tld for 'me' domains, like you said it's closer to .self in meaning but has better appeal
However .me (https://namegulf.com/tld/cctld/me) is a ccTLD managed by the Government of Montenegro, they set their own rules
I have the opposite opinion, TLDs should have been restricted to ISO 3166 codes only, with only a few exceptions for international organizations and private networks.
The $1/year numerical .xyz domain is pretty affordable already, and there are multiple providers now with free DNS services.
In this econimy? where google's full might is behind killing self-hosting? Be still, my beating heart --- there may be hope yet.
I, as a human, find that website decidedly unfriendly to quickly getting information. Particularly on mobile.
Will Self[0] is going to love this.
[0] https://en.wikipedia.org/wiki/Will_Self
Can someone explain how the "core features" would work ?
How/Why is this linked to a TLD and not a hosting provider ?
The point is that you are your own hosting provider! We are trying to cater to self-hosters so our goal is to make it as easy as possible for someone with their own homelab to get a domain and have it pointed at the services they want to host.
In practice sadly many of these more obscure TLDs seem to be more expensive than more 'normal' ones like .org
Some of them, the more corporate or tech-focused ones like .ai or .inc or .tech or .llc. Very many of them are comparable within a dollar of .org.
Feels like putting a flag on yourself that you are an easier target (security vulnerabilities, ddos, etc.)
A free tunnel would be a dream. This would be a great initiative.
Seems like a good way to get targeted by attackers
Just use cloudflare with static hosting for things like this. Doesn’t load for me.
We did not expect this level of response, it should be reachable now.
Seems that my.self is already taken. Moving right along, then ...
If we're gonna futz around with self hosting tld stuff, can we get HTTP clients to allow self signing on dot local? It's my goddamned network stop warning me about my own servers and no I don't want to install new root certs I resent the need to do Deep Magic just to have a private NAS.
Wanted to find out more but it looks to be down. Unfortunate.
I think is a good goal to pursue.
I've been experimenting with using "mymobilenumber.xyz" for stuff thats specific to me. the domains are cheap and easy to remember.. in this day and age mobile numbers are not super secret anyway...
too selfish
Oh too bad will.i.am can’t spend $5,000,000 for a my.self domain :(
my.self is going to be sold for millions
SELF: The Power of Simplicity
DAVID UNGAR (ungar@self.stanford.edu)
Computer Systems Laboratory, Stanford University, Stanford, California 94305 RANDALL B. SMITH† (rsmith@parc.xerox.com) Xerox Palo Alto Research Center, Palo Alto, California 94304
Abstract. SELF is an object-oriented language for exploratory programming based on a small number of simple and concrete ideas: prototypes, slots, and behavior. Prototypes combine inheritance and instantiation to provide a framework that is simpler and more flexible than most object-oriented languages. Slots unite variables and procedures into a single construct. This permits the inheritance hierarchy to take over the function of lexical scoping in conventional languages. Finally, because SELF does not distinguish state from behavior, it narrows the gaps between ordinary objects, procedures, and closures. SELF’s simplicity and expressiveness offer new insights into objectoriented computation.
To thine own self be true. —William Shakespeare
https://bibliography.selflanguage.org/_static/self-power.pdf
mine.my.own.my.precious.self
I've been looking to get into the TLD game. It's gonna cost about $600k, and it's a coin toss as to whether or not you'll get your money back. The two I've been eyeing, is .ion and .ness. Anyone want to go in on either of those with me?
I use netbird.io for my home lab and all my connected devices are reachable to each other without manual firewall hackery
Good luck getting your outgoing emails accepted by Gmail and outlook.
We plan to operate a shared mail server than can be used by users of the domain and we will work to ensure it is trusted by imposing usage limits. We will assume that every endpoint in our domain is someone's personal homelab, meaning small-scale use. For large mailing campaigns and newsletters there are plenty of services to choose from that enable those but for just sending personal emails, it should work.
Wait, so self hosting but I don't host my own email? So you guys just want to run your own mailserver and give people custom emails?
That sounds like negative utility. That would make hosting an email server on one of your domains harder than hosting it on a .com, so what benefit is this providing?
ICANN and its consequences have been a disaster for the internet namespace.
I am disappointed that icannt.org is taken and is not an alternative root.
Edit: I've been rate limited because of this comment, apparently. Account burned - will make a new one. Dang says below it's because of flagged comments but I don't see many flagged comments in my history.
Of course we wouldn't rate limit you, or anyone else, for an innocuous comment.
We rate limited you because of flamewar comments you posted in another thread, like this one: https://news.ycombinator.com/item?id=48723651. You posted over 50 times in that thread, and many of your comments there broke the site guidelines. That's abusive. If we didn't rate limit accounts for doing that, we might as well have no guidelines or restrictions at all.
This is just a fact. It's a ponzi scheme.
unless it's promising a return on investment funded by new entrants to the scheme it's not a ponzi. Managing TLDs is just a plain old service. If you want to set people up with a different solution to planting a flag in a global namespace you're free to do so (.eth was an interesting attempt) but you are competing with one hell of a 'network effect'
I CANN, YOU CANN, Yes We CANN!
treat.yo.self!
it.self
>One domain per person
How will you ensure this?
gofuckyour.self
lovethy.self
tothineown.self/be/true
I've started using .internal
That's no use for self-hosting unless all your users are on your private network.
Tailnet and Magic DNS make it easy to bring other people or devices to your network, including simple authentication mechanisms to know who is who
A VPN is literally a… (Very) Private Network.
Virtual, not Very
That doesn't contradict anything I said. Private networks can be huge, e.g. in big companies, and they can still use .internal. .internal serves quite a different purpose to that proposed for .self, so the top level comment I replied to doesn't make much sense.
As I understand it, if you want to use domains internally for your home ("home") network, there's some DNS support for "home.arpa"[0].
0 - https://www.rfc-editor.org/rfc/rfc8375.html
I've been using .lan, referenced in rfc6762[1] as a good alternative to the multicast .local
> We do not recommend use of unregistered top-level domains at all, but should network operators decide to do this, the following top-level domains have been used on private internal networks without the problems caused by trying to reuse ".local." for this purpose:
[1]: https://datatracker.ietf.org/doc/html/rfc6762