20i Domains

New Nominet drop catching flaw revealed?

Discussion in 'Drop catching Domain Names' started by davedevelopment, Jul 30, 2020.

  1. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,201
    Likes Received:
    401
    This is a equal opportunity vs equal outcome argument

    Footaballers are paid so well because their talent draws thousands of people to a stadium and millions of people to watch at home

    Choose 22 random people from around the country to have a football match who is going to pay to watch? you turn something of value into nothing

    A lottery system for domains would be completely fair but benefit everyone and no one at the time, when the mumsnet or moneysavingexpert forum type people got wind of it you would have tens of thousands of entries for each obviously valuable domain

    Your chances of getting a good domain are the same as everyone else, practically none

    The .uk release system is now totally fair with no pesky barriers like talent but also now completely worthless, that is not a step forward that is just destruction of value
     
    • Agree Agree x 1
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk
     
  3. Ben Thomas

    Ben Thomas Well-Known Member

    Joined:
    Mar 2018
    Posts:
    1,720
    Likes Received:
    219
    I agree wholeheartedly with you. I don't think a lottery system is a way forward.
     
  4. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,201
    Likes Received:
    401
    "Too long the U.K. namespace has been restricted to the coding competent, or those with money to invest in"

    If no coding and no money (so not auction) what is left but a lottery?
     
  5. Siusaidh

    Siusaidh Retired Member

    Joined:
    Jun 2019
    Posts:
    862
    Likes Received:
    302
    This is the UK's namespace. Something we should be proud of, for its values, its efficiency, its security. I don't have a problem with talent, skills, and hard work being rewarded - in fact I admire it.

    I don't think the onus is on domain catchers to be little Lord Fontleroys, because I don't think you can expect that human nature will operate that way. We can't expect everyone to be selfless and noble and report gaps and flaws to Nominet at the earliest opportunity. Not everyone will. That's just reality.

    Rather:

    The *onus* is on Nominet to run a system that runs equally and fairly for all, and as a firm invested in cyber security, the onus is on them to ensure their systems are resilient, and that flaws cannot be gamed.

    It seems frankly incredible that these flaws (if reports are correct, which it looks like they are) have been allowed to run unresolved over long periods of time. In the NHS, if I confront a problem outside my skillset, I don't just leave the patient to die: I call in a specialist to deal with the situation.

    It is disappointing that flaws occur in a system that is part of our vital national infrastructure. That system resilience and security is Nominet's first absolute imperative, or else the government needs to call in their mandate to operate. However, random errors occur in all areas of life.

    The real concern that disturbs me is if these flaws were flagged up, and month or months later the flaws have not been shut down. That would be astonishing neglect. It also means people gaming the system are harming and damaging many other Nominet members.

    As a cyber security company - which is how Nominet claims to be diversifying - it is almost hard to believe that they have not been able to deal with flaws that have been flagged up. After all, what possible motive could they have for letting their own systems fall prey to chaotic circumvention? I'll leave that question for others to reflect on - because on the surface it doesn't make sense.
     
    • Agree Agree x 6
    • Like Like x 1
  6. super-whois United Kingdom

    super-whois Active Member

    Joined:
    Oct 2008
    Posts:
    204
    Likes Received:
    43
    What @Siusaidh said is spot on. I would expect a "world leading registry" to be proactive on security and prevention of gaming the system. What we see is certainly neglect.
     
    • Agree Agree x 1
  7. Siusaidh

    Siusaidh Retired Member

    Joined:
    Jun 2019
    Posts:
    862
    Likes Received:
    302
    It certainly looks that way. I simply can't believe there aren't people in this country with the skills to address the called out flaw within 24-48 hours.

    Now whether there is an answer for all this, I don't know, but it's been raised on the Nominet forum (on Thursday morning), asking Nominet to explain, and so far no reply.
     
  8. Ben Thomas

    Ben Thomas Well-Known Member

    Joined:
    Mar 2018
    Posts:
    1,720
    Likes Received:
    219
    Exactly. It is hard to believe. It’s almost as if they *wanted* it to be that way. If the moneys green, right?
     
  9. Siusaidh

    Siusaidh Retired Member

    Joined:
    Jun 2019
    Posts:
    862
    Likes Received:
    302
    Well if that was the case Ben, then the Government would be right to remove the mandate to operate the namespace, and I would be the first to call for that. But I don't want to believe that, and I think a clear explanation is needed. People are owed that, and it's not some optional extra, because harm has been done. For vital UK infrastructure, accountability must always be required. Who are Nominet accountable to? GoDaddy? Namesco? No, of course not. They are accountable to their members collectively, and equally, and beyond that they are accountable to the nation and its representatives. This is not ice-pops or baked beans we are talking about. It's the UK's namespace, which almost the whole nation relies on - in education, in healthcare, in business, in communities, in recreation, in families. It has to be run on secure, resilient, and orderly systems, transparent, honest, fair. Or else someone else has to run it instead. Unless the UK namespace just becomes a jungle where anything goes, and big tech companies cash in, and accountability is by choice and not by compulsion, answers to concerns like these have to be provided.

    So keep asking. Who pointed out the flaw? When? Were they correct? How long did it take for Nominet to respond? How long did it take for Nominet to act? How long had the flaw been existing before it was called out to Nominet? What technical problems prevented the flaw being dealt with sooner? Could those solutions have been outsourced? Are there protocols set in place when events like this happen? Will someone provide the answers?

    I don't presuppose anything about this specific issue, but there are issues of culture and mindset that have been raised again and again, not only in the UK but elsewhere in the DNS-related industries, about openness and accountability, not least to the people for whom the namespace exists.

    This is the start of a debate, and not the end of it. I personally think Nominet needs reform, and greater accountability and oversight.
     
  10. Siusaidh

    Siusaidh Retired Member

    Joined:
    Jun 2019
    Posts:
    862
    Likes Received:
    302
    Also.

    Can everyone feel assured that all flaws will have been corrected by the time over a million .uk domains drop in the first two weeks in September?

    (Of course, that won't prevent the issue of multiple tags being used to game the system, as was strongly suspected in the Namesco mass-drops in January.)
     
  11. dropped.uk

    dropped.uk Active Member Exclusive Member

    Joined:
    Feb 2016
    Posts:
    81
    Likes Received:
    49
    Is it not apparent that Nominet don't want to fix these issues, because the more issues there are with the DAC, the more complaints are made by Members, and the more reason to abolish it and introduce their auction route?

    How do these flaws get into production? I find it hard to believe that they were accidentally introduced. What's their QA/test process that should have picked them up? Nominet consistently talk about technical load on their systems, but they're actively giving everyone extra allowance to cause more load, and doing nothing about it.

    First off we had additional allowance by simply disconnecting and reconnecting to a rogue server in the pool. That was patched, then suddenly they've moved it to adding a new IP. It's like they want a flaw to exist so that there's something wrong with DAC, and an excuse to start releasing domains by other means.
     
    • Agree Agree x 2
    • Informative Informative x 2
    • Like Like x 1
  12. gregfindley

    gregfindley Well-Known Member

    Joined:
    Dec 2006
    Posts:
    1,447
    Likes Received:
    127
    Everyone? I’m not sure if anyone can at this point - there’s a history of flaws and exploits being reported with little or nothing done to address them.

    In much the same way the .uk launch was handled, I think the writing has been on the wall, regardless of consultation sadly.
     
    • Agree Agree x 1
  13. Jay Daley New Zealand

    Jay Daley Active Member

    Joined:
    Jan 2005
    Posts:
    349
    Likes Received:
    12
    My nickname at school was indeed ‘Arthur’!
     
    • Funny Funny x 7
    • Like Like x 3
    • Winner Winner x 1
  14. pcourtney1 United Kingdom

    pcourtney1 Member

    Joined:
    Aug 2020
    Posts:
    5
    Likes Received:
    1
    it does seem that DAC is not fit for purpose anymore, surely it makes sense on all levels for nominet to move on, and improve the current system of domains expiring before it is too late, and the circus/fiasco that continues to plague the small drop catching companies ( mainly self employed) who are getting squeezed evey day by nominet's "head in sand" mentality

    even when Denys presents them with the back story in black and white they run for cover !
     
  15. Siusaidh

    Siusaidh Retired Member

    Joined:
    Jun 2019
    Posts:
    862
    Likes Received:
    302
    It's not a good look, when a company that claims to be breaking into the US cyber-security market cannot even protect the resilience and defences of its own systems.

    You need to ask what's behind all that.

    Is it just "laissez-faire attitude" and just couldn't care enough?

    Is it deliberate as a pretext for radical change - 'the worse it gets, the greater the justification'?

    Is it technical - an aging system requiring a rebuild or replacement? 'This takes time.'

    Some flaws seem to have gone on for months. If the system has been circumvented, to the disadvantage of paying members, shouldn't that be first degree priority?

    Is it lack of ability to handle the problem, in which case you need to outsource the task and find people who can sort it?

    Has there been a pre-conceived agenda to abandon this whole status quo, so why bother mending something you're going to ditch?

    Like I say, for all the shiny PR, and investment of registry money in Cyglass, this is not a good look. 'We can't even control out own set up, never mind anyone else's.'
     
  16. Siusaidh

    Siusaidh Retired Member

    Joined:
    Jun 2019
    Posts:
    862
    Likes Received:
    302
    Also, bearing in mind the massive name drops of the next two weeks, are the doors still open, have the flaws been sorted?

    Or are they now in the public domain for everyone to exploit?
     
  17. rob

    rob Founding Member

    Joined:
    Jan 2005
    Posts:
    5,959
    Likes Received:
    82
    Had to check this thread was from 2020 not 2006!
     
    • Funny Funny x 1
  18. JMI

    JMI Active Member Acorn Supporter

    Joined:
    Oct 2015
    Posts:
    466
    Likes Received:
    80
    Agreed, lots of WP dev newbs who took up drop catching think they're discovering the best thing since sliced bread.
     
    • Agree Agree x 1
  19. webber

    webber Active Member

    Joined:
    Sep 2019
    Posts:
    190
    Likes Received:
    43
    Drop them all on Monday at 2pm, only once a week.
    No need for DAC. Problem solved
     
  20. redbird United Kingdom

    redbird Well-Known Member

    Joined:
    Sep 2005
    Posts:
    1,179
    Likes Received:
    25
    I suspect only those of us of a certain age will know why
     
  21. pcourtney1 United Kingdom

    pcourtney1 Member

    Joined:
    Aug 2020
    Posts:
    5
    Likes Received:
    1
    I was thinking every day at 12 Midday, but Monday to Friday would also work, but yes - you and I are on the same page, get rid of DAC and then Nominet can move on ( in a transparent more honest fit for business way going forward to benefit all, not just the big guns)

    It will never happen though, because there are some forces out there who do not want change !
     
    Last edited: Sep 1, 2020