20i Domains

New Nominet drop catching flaw revealed?

Discussion in 'Drop catching Domain Names' started by davedevelopment, Jul 30, 2020.

  1. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,066
    Likes Received:
    353
    This is a equal opportunity vs equal outcome argument

    Footaballers are paid so well because their talent draws thousands of people to a stadium and millions of people to watch at home

    Choose 22 random people from around the country to have a football match who is going to pay to watch? you turn something of value into nothing

    A lottery system for domains would be completely fair but benefit everyone and no one at the time, when the mumsnet or moneysavingexpert forum type people got wind of it you would have tens of thousands of entries for each obviously valuable domain

    Your chances of getting a good domain are the same as everyone else, practically none

    The .uk release system is now totally fair with no pesky barriers like talent but also now completely worthless, that is not a step forward that is just destruction of value
     
    • Agree Agree x 1
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk
     
  3. Ben Thomas

    Ben Thomas Well-Known Member

    Joined:
    Mar 2018
    Posts:
    1,539
    Likes Received:
    183
    I agree wholeheartedly with you. I don't think a lottery system is a way forward.
     
  4. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,066
    Likes Received:
    353
    "Too long the U.K. namespace has been restricted to the coding competent, or those with money to invest in"

    If no coding and no money (so not auction) what is left but a lottery?
     
  5. Siusaidh United Kingdom

    Siusaidh Active Member

    Joined:
    Jun 2019
    Posts:
    767
    Likes Received:
    247
    This is the UK's namespace. Something we should be proud of, for its values, its efficiency, its security. I don't have a problem with talent, skills, and hard work being rewarded - in fact I admire it.

    I don't think the onus is on domain catchers to be little Lord Fontleroys, because I don't think you can expect that human nature will operate that way. We can't expect everyone to be selfless and noble and report gaps and flaws to Nominet at the earliest opportunity. Not everyone will. That's just reality.

    Rather:

    The *onus* is on Nominet to run a system that runs equally and fairly for all, and as a firm invested in cyber security, the onus is on them to ensure their systems are resilient, and that flaws cannot be gamed.

    It seems frankly incredible that these flaws (if reports are correct, which it looks like they are) have been allowed to run unresolved over long periods of time. In the NHS, if I confront a problem outside my skillset, I don't just leave the patient to die: I call in a specialist to deal with the situation.

    It is disappointing that flaws occur in a system that is part of our vital national infrastructure. That system resilience and security is Nominet's first absolute imperative, or else the government needs to call in their mandate to operate. However, random errors occur in all areas of life.

    The real concern that disturbs me is if these flaws were flagged up, and month or months later the flaws have not been shut down. That would be astonishing neglect. It also means people gaming the system are harming and damaging many other Nominet members.

    As a cyber security company - which is how Nominet claims to be diversifying - it is almost hard to believe that they have not been able to deal with flaws that have been flagged up. After all, what possible motive could they have for letting their own systems fall prey to chaotic circumvention? I'll leave that question for others to reflect on - because on the surface it doesn't make sense.
     
    • Agree Agree x 4
  6. super-whois United Kingdom

    super-whois Active Member

    Joined:
    Oct 2008
    Posts:
    172
    Likes Received:
    24
    What @Siusaidh said is spot on. I would expect a "world leading registry" to be proactive on security and prevention of gaming the system. What we see is certainly neglect.
     
    • Agree Agree x 1
  7. Siusaidh United Kingdom

    Siusaidh Active Member

    Joined:
    Jun 2019
    Posts:
    767
    Likes Received:
    247
    It certainly looks that way. I simply can't believe there aren't people in this country with the skills to address the called out flaw within 24-48 hours.

    Now whether there is an answer for all this, I don't know, but it's been raised on the Nominet forum (on Thursday morning), asking Nominet to explain, and so far no reply.
     
  8. Ben Thomas

    Ben Thomas Well-Known Member

    Joined:
    Mar 2018
    Posts:
    1,539
    Likes Received:
    183
    Exactly. It is hard to believe. It’s almost as if they *wanted* it to be that way. If the moneys green, right?
     
  9. Siusaidh United Kingdom

    Siusaidh Active Member

    Joined:
    Jun 2019
    Posts:
    767
    Likes Received:
    247
    Well if that was the case Ben, then the Government would be right to remove the mandate to operate the namespace, and I would be the first to call for that. But I don't want to believe that, and I think a clear explanation is needed. People are owed that, and it's not some optional extra, because harm has been done. For vital UK infrastructure, accountability must always be required. Who are Nominet accountable to? GoDaddy? Namesco? No, of course not. They are accountable to their members collectively, and equally, and beyond that they are accountable to the nation and its representatives. This is not ice-pops or baked beans we are talking about. It's the UK's namespace, which almost the whole nation relies on - in education, in healthcare, in business, in communities, in recreation, in families. It has to be run on secure, resilient, and orderly systems, transparent, honest, fair. Or else someone else has to run it instead. Unless the UK namespace just becomes a jungle where anything goes, and big tech companies cash in, and accountability is by choice and not by compulsion, answers to concerns like these have to be provided.

    So keep asking. Who pointed out the flaw? When? Were they correct? How long did it take for Nominet to respond? How long did it take for Nominet to act? How long had the flaw been existing before it was called out to Nominet? What technical problems prevented the flaw being dealt with sooner? Could those solutions have been outsourced? Are there protocols set in place when events like this happen? Will someone provide the answers?

    I don't presuppose anything about this specific issue, but there are issues of culture and mindset that have been raised again and again, not only in the UK but elsewhere in the DNS-related industries, about openness and accountability, not least to the people for whom the namespace exists.

    This is the start of a debate, and not the end of it. I personally think Nominet needs reform, and greater accountability and oversight.
     
  10. Siusaidh United Kingdom

    Siusaidh Active Member

    Joined:
    Jun 2019
    Posts:
    767
    Likes Received:
    247
    Also.

    Can everyone feel assured that all flaws will have been corrected by the time over a million .uk domains drop in the first two weeks in September?

    (Of course, that won't prevent the issue of multiple tags being used to game the system, as was strongly suspected in the Namesco mass-drops in January.)
     
  11. dropped.uk

    dropped.uk Active Member Exclusive Member

    Joined:
    Feb 2016
    Posts:
    64
    Likes Received:
    33
    Is it not apparent that Nominet don't want to fix these issues, because the more issues there are with the DAC, the more complaints are made by Members, and the more reason to abolish it and introduce their auction route?

    How do these flaws get into production? I find it hard to believe that they were accidentally introduced. What's their QA/test process that should have picked them up? Nominet consistently talk about technical load on their systems, but they're actively giving everyone extra allowance to cause more load, and doing nothing about it.

    First off we had additional allowance by simply disconnecting and reconnecting to a rogue server in the pool. That was patched, then suddenly they've moved it to adding a new IP. It's like they want a flaw to exist so that there's something wrong with DAC, and an excuse to start releasing domains by other means.
     
    • Agree Agree x 2
    • Informative Informative x 2
    • Like Like x 1
  12. gregfindley

    gregfindley Well-Known Member

    Joined:
    Dec 2006
    Posts:
    1,325
    Likes Received:
    89
    Everyone? I’m not sure if anyone can at this point - there’s a history of flaws and exploits being reported with little or nothing done to address them.

    In much the same way the .uk launch was handled, I think the writing has been on the wall, regardless of consultation sadly.
     
    • Agree Agree x 1