.self: A new top-level domain designed to support self-hosting
hccf.onmy.cloud486 points by HumanCCF 13 hours ago
486 points by HumanCCF 13 hours ago
Can we get a super fast way to update DNS with lower cache, so dynamic IP updated through API works. This is one of the limiting factors.
Cloudflare works but the cache give downtime after every IP-switch
Remember when the .tk TLD became free 20 years ago ? Every hobbyist took one, then scammers followed, then Facebook and antiviruses started blocking it.
I remember publishing a website for a class on my .tk domain, the teacher couldn't open it and I almost got a failing grade because of it.
A friend almost failed an IT class because his website didn't render at all in IE6. This was during the time of IE9. The teacher just hadn't updated their browser in a long time.
I don't get how you get to be an IT teacher without knowing the most basic troubleshooting steps to get assignments to run.
I left community college after a week because my "computer" teacher required us to change our monitors to 640x480 and print out ever step that we completed in things like Notepad or Configuring the Desktop and then every day we'd punch it out and would add it to a three ring binder of all the things we've done.
Full Color.
I assume this was at a highschool and not at university? My IT teacher in highschool was the chemistry teacher, because.. he knew how to use Word, I guess?
He knew we were computer nerds so didn't really care about teaching us (we knew more than him anyway). And we didn't mind that he just sat there drinking coffee and reading a book, as it meant we could just play videogames for an hour. Good times.
Heh…I once was in a state-level coding event (it was a small portion of a larger competition) where half of the test was turning in code on a CD during the competition, with the written half during the event. My CD was deemed unusable for whatever reason (it had worked on XP and Fedora 6 or 7 at home) and didn't count towards my score. I still got second in the event. I declined to continue because I couldn't trust that the judges would be able judge my submission fairly and that with half of my score missing I still got second that I didn't need to prove anything else at the cost of more after-school practice hours and wrecking my perfect attendance record during my senior year to travel to nationals.
Does high school attendance matter for anything? Genuine question. Always seemed like pre-college schooling always wanted you to think everything was more important long-term than it really was.
It’s needed to get into college and that’s it, which is needed to get your first maybe second job and that’s it, which is needed to…
...attendance? I landed a spot in likely the best economics uni in Poland while having 52% attendance in my final HS year, out of which perhaps 10% of the absence was due to illness.
During the time of Internet Explorer 9, it was surprisingly common for people to still be using Internet Explorer 6. This was often out of their control, for instance if they had intranet sites that required Internet Explorer 6, or if they were stuck on an old version of Windows because they had outdated hardware.
Later versions of Internet Explorer had compatibility mode, but it often wasn’t enough to get things working, especially if there was ActiveX involved or the security policies were restrictive.
Schools were especially prone to this due to their limited budgets among other reasons, and IT teachers weren’t normally the decision makers who could do anything about it. You shouldn’t assume that a random IT teacher had the authority to spontaneously upgrade a school computer that needs to be used for things besides that one student’s assignment.
I will, however, assume that an IT teacher has the ability to recognise, "this isn't working because I'm using an ancient browser". If the teacher is completely unable to use a less ancient browser, the requirement for the project to work on IE6 should be clearly stated, which it was not.
However in this case, my friend just helped the IT teacher install Google Chrome on his computer and showed that the site rendered fine there. I don't know what sort of policies were in place but there were evidently no technical measures implemented to prevent people from installing a modern browser.
I had a similar class where they threatened to fail us if we didn't use Dreamweaver and instead wrote our own html.
I had a teacher who told us to make a website using Powerpoint..
Turns out you save save as HTML and any links you put between slides become anchor tags.
Pretty neat, but hurt my soul to have all my classmates do that
Dreamweaver was cool as a beginner because it took a lot of the troublesome parts out of the equation. But it did end up being more of a hindrance than a benefit the further you went in.
I never understood Dreamweaver. The first thing it asked me when making a new website was ... what the resolution of my user's screen is? I don't know that!
What were these "troublesome parts"? The whole point of HTML's design is that it's incredibly easy for a human to write correctly.
There was a ton of... not exactly footguns, just things to keep in mind if you’ve wanted your site to work as you intended in all browsers. The webcompat nowadays is way better now.
That said, personally I’ve never understood Dreamweaver either. By the time I tried it, I’ve already got used to Notepad++ and writing HTML by hand, so I’ve just treated it as another text editor... and IIRC it just felt way more laggy than Notepad++, with a browser preview panel that took half of my 4:3 display. Maybe I’d discover some cool features if I’ve spent some more time in it? I dunno.
Just like AI vibecoded websites... Good luck understanding the code when the AI bubble explodes and you can't afford the insane price that AI will have by then.
Was that class taught by a certain woman who had a business making websites, per-chance?
You just described my teacher, and I’m fairly certain we didn’t go to the same middle school.
Were they paying for the Dreamweaver licenses?
When I had web design a bit after 2010, they still used Dreamweaver and yeah you could get a license for free via the university. That’s pretty normal (eg giving you a Visual Studio license, Office, all that). It was more crazy that the course was so incredibly basic (nothing more than static page building in dreamweaver) at this college compared to the other one I later transferred to
Please. Universities have students by the short and curlies. They can academically do basically whatever they want, and fail you for not complying. Professors can even demand their book be purchased, and fail for not buying the book.
Most universities are unethical shitholes that can do basically whatever they want to gatekeep a diploma.
It’s getting so bad. My wife is in a remote school where they fail students occasionally to squeeze a little extra $$ out of them.
I’m sorry your wife failed some classes, but it’s probably not because the school wants some extra money.
Tenure. Or at least that was my experience with my comp sci teacher who required that we gave him printed out programs for our homework and then tossed them into the trash while making eye contact with you and gave you a grade later.
The schools admins told me he had tenure so there was nothing I could do.
Didn’t take me a whole year before I switched majors.
It's a built-in secret part of the teaching for any job where you interact with customers, they don't upgrade and they have no troubleshooting skills.
Or just ineptitude, but I'm hoping for the former.
What a memory you have unlocked. They were everywhere. I remember the urban legend that .tk domains were X% of their GDP
10% apparently for .tk. I also remember .tv windfall, which is 8-9% of their GDP.
And the .sy boom until startups got enough heat for, you know, funding the Assad regime.
Apparently nobody cares that .af is now funding the Taliban
The terms of using that tld say it must comply with Sharia law
pretty strict and apparently the Minister of that agency doesnt care that .af is a domain hack for “as fuck” in the west
In other words, he doesn't give a fuck
Perhaps he does - dontgive.af does not resolve.
1. Be Sharia law
2. Sell domain name that's against Sharia law
3. Retake it back when someone buys it, because it's against the law
4. Repeat and profit
What website/service actually uses that?
A Mastodon instance used it: https://www.theverge.com/2024/2/12/24071036/queer-af-mastodo...
The .ai TLD is some tiny island with a few thousand people
.io is (British) Indian Ocean (Territory).
I always thought these TLDs were a flight risk to be used in any serious capacity. What if the random state decides you/your business are in violation of [whatever] and kick you off?
What if an elephant steps on the power cable to the server room?
The owners of `queer.af` thought that AF only meant “as f*ck”, without realizing that AF also happens to the be the ISO 3166 code for a country controlled by the Taliban, who didn’t like their domain name [1].
Brits that had `.eu` domains lost their domains due to Brexit [2] (unless they had some other EEA ties).
And if the Chagos deal goes ahead [3] and the British Indian Ocean Territory ceases to exist, then all `.io` domains might disappear too (although considering that `.su`/Soviet Union domains are still a thing, they probably would have stayed around).
[1]: https://www.404media.co/taliban-shuts-down-queer-af-domain-b...
[2]: https://www.gov.uk/guidance/registering-and-renewing-eu-doma...
>Brits that had `.eu` domains lost their domains due to Brexit
Ouch, that must've hurt. Brexit is the most stupid thing that Britain has ever imposed on itself.
Assuming the British/American air base remains on some agreement with the Mauritian government, then the Chagos Islands may remain as a special territory of Mauritius, justifying the continual existence of an ISO 3166 code for it.
I remember that. The one thing I would add is I think the usage was much more general purpose. "Free stuff" sites were a big deal and huge source of traffic and .tk was widely shared on those. You could have a banner with ads and have the domain for free.
Core memory unlocked
Not enough allowance to fund a .com domain, had to use freenom / tk + cloudflare for my first years of self hosting
Double unlock.
In the mid 2000’s, I moderated a domain name discussion forum in exchange for free hosting. “X forum posts per month = x gb of bandwidth”
My goal was to post enough for them to give me WHM access so I could try to resell it.
Those were the days.
Those were the days indeed. A big part for me is probably because I was a teen at the time with little responsibility, but getting to be a part of the wild west days of the internet was a magical experience.
Magical indeed!
I once mailed $70 cash (multiple months of allowance) to someone to code a MVP of something I wanted to build.
They ripped me off and disappeared.
And… that’s when I decided I needed to learn to code!
Somewhere out there is a developer telling this exact same story. ‘I once agreed to build an MVP for a kid who promised to mail me cash. Never showed up. And THAT’S when I decided to get a real job.’
Except I mailed the cash in advance! It’s okay, it was probably another 14 year old.
My parents were not happy when I told them I sent cash to a stranger. I remember having to do it in secret because they were very not okay with the idea that you can meet strangers online. Hah.
I think they're describing a scenario where the cash was stolen by a postal worker or for some other reason didn't make the full trip.
In my case, ignorance unlocked. I never heard of tk and I remember 36k modems so old enough.
I think reason is I went to work, slung .NET and didn't think much about computers otherwise except occasional reading some C++ books for "fun".
I still have a .tk domain, paid since 2008, because it was the only one with my surname available.
Haven’t had much issues but surely if could go back and i’d pick a different tld.
tk and cc, the domains i used to use for php reverse shell haha, bring back memories!
>One Person, One Subdomain
Indeed. That's the necessary
Yes, one of the key principles we follow is that all the perks we aim to provide must come with some limit to prevent abuse.
The "one free domain per person" isn't the interesting part really - that will be hard to police unless domain name is a function of ID proof (avoids squatting).
0) The actual intersting part of a new TLD can be growing reputation by post-facto taking away a domain without recourse in case of squatting. Instead of adversarial takedowns (which produce false positives as noted), let anyone challenge an inactive domain in the first year or two.
1) If they can figure out a mechanism for moving a domain from "assigned" -> "squatted".
2) Domain must match (or derive from) a verified identity - e.g. your domain is a hash/slug of your government ID. Makes squatting structurally impossible because you can't claim someone else's name / gov (Sign in with passkeys linked to a national ID).
3) Proof of human effort, reduced with time - require periodic renewal with proof-of-use (DNS TXt updates, through a flow hard to automate).
4) Kill speculative market - domains are non-sellable and non-transferable - always go back to the free pool, and stay there for 30 days mandatorily.
Some mix of these could be the right structure for a trule high-reputation, free domain.
.id.au already has some similar requirements for associating a domain with a real world (human) identity: https://www.auda.org.au/au-domain-names/the-different-au-dom...
Sounds like a bad domain for self hosting. You have to update txt records randomly and your domain can be taken for whatever reason. Whatever value you build goes away if you are inactive. You cannot transfer ownership killing any value you added.
Hence the "in the first year or two". Some more human effort to showcase proof early on, then the domain is solidified for you like iwth any other registrar. This is something like captcha/bcrypt - a single instance isn't a burden, but doing it at scale is costly.
> You cannot transfer ownership killing any value you added
I think this is by design. The domain should be for personal use - hence free.
Exactly this, the goal is to design a TLD according to human-centered principles. That is, we are assuming (and enforcing) that every endpoint using this domain will be some relatively small-scale environment for personal use. This is what will allow us to provide a lot of neat functionality but only at that scale.
The much simpler way to avoid squatting is to make .com domains cost $200 a year. This will instantly end the vast majority of domain squatting on the .com TLD and if people can easily get the .com they need for their business then the other TLDs are not going to have much squatting activity.
How does this lend itself to self-hosting then? I think few people will pay that much to self host.
I don't get it. How do you handle 10k people wanting, say, garden.com, without a free market?
I dislike the term “domain squatting”. It should be called “domain scalping”.
Or domain ownership.
It isn't scalping if your actually using it. It's easy to spot a scalping site since its just an advertisement to buy the domain.
I am probably missing something, but how DNS TXT updates can be made difficult to automate?
We can get creative. quick ideas: Send it by printed post. pass it around people to people. an email needs to be added in with some process, and can only get one TXT update value a week.
Many ways of adding friction to obtaining the updatable value - which a human owning a domain would be happy to do, but a squatter would not want to.
> Send it by printed post
that's how one of my local companies tries to force clients in. They removed auth code from their web panels and introduced complex snail-mail procedure.
That was clear signal to run, but it took me 6 months to do just the domain transfer.
Hi there. I've done a bit of work on specifying human-centric identity goals for the internet over the last 10 years. May I suggest you look at Microsoft Vega? https://www.microsoft.com/en-us/research/blog/vega-zero-know... (I have no affiliation).
In brief, I think they aim to solve the most important needs for online identity-gated services in a maximally private way.
For instance, I'd like to see .self offer the following: a single domain to any person in the world with identity blinded. I can imagine two 'tranches': say xxx.v.self for 'verified' and xxx.u.self for 'unverified'.
Both would use a Zero Knowledge proof to confirm they had not already registered a domain; verified would register with you guys or a data broker some PII in case it was needed for verification / checks / etc, while unverified would maintain the promise of one domain = one person, but not allow the TLD or registrars to be able to unblind which person it is.
Use cases like this would be really fantastic. And, obviously could be tested out and tried on a normal domain name while you make your pitch, and put in for the auction / however ICANN is currently managing TLD launches.
Please submit this to us via our contact form, we will need lots of community input! https://hccf.onmy.cloud/get-involved/
It is good that Microsoft Vega is popularizing zero-knowledge identity-based attestations. It's unfortunate that they're doing so in a relatively inflexible way.
I wish the Vega people had oriented their work around general-purpose zkVMs instead of application-specific ZK circuits. The latter is a fleeting efficiency win; the former is a permanent flexibility advantage. ZK-based privacy advocates shouldn't over-index on proof performance on today's systems when zkVM systems have been making multiple-OOM performance improvements over the past couple of years.
IOW, with Nova, the Vega people are trying to do something very clever (just as the BBS+ people are trying to do something very cleaver) that general-purpose compute wins have made unnecessary.
Something like RISC Zero will let you run arbitrary Rust code under zero knowledge in a few hundred milliseconds with little fuss. Nobody appreciates that identity verification is one special case of a vast set of useful applications enabled by widespread adoption of a ZK compute platform.
Disagree with this.
RISC Zero is useful for crypto use-cases: Other people need to verify an exact program was run.
The identity use case is about connecting sources of trust (document issuers) with consumers of that trust ("this is a real person") in ways that don't release more than the minimum information required ("the passport office has signed that this is a real person so we can trust that").
Single purpose circuits make a lot of sense for this - there is just no need to a full ZK RISC-V VM for this use case.
RISC Zero verifies that an exact computation was performed. What would be the point of the system otherwise? If you're starting from this incorrect premise, you're going to arrive at an incorrect conclusion.
> Single purpose circuits make a lot of sense for this
No, they don't. They lock your system into a single set of trade-offs without an advantage to offset it. They're premature optimization. How do you think ZK systems can be made resilient to cloning attacks without hardware locking if your ZK vocabulary is limited to stupid BBS-style selective disclosure and nothing else?
Can you talk more about RISC Zero? Does it require a TEE of some sort? I had trouble finding a quality mid-detail spec of how it works; lots of marketing materials basically.
zkVMs (of which RISC Zero is one example) do not require a TEE. That's the whole point: the privacy properties come out of the math. Basically, nowadays, once you and I can agree on the text of a program, you can run the program on your private inputs and produce a number that proves to me that you actually ran this specific program and not some other.
For example, age verification: I can run a program that takes a signed time-stamp and an officially-signed birth certificate and produces a yes/no "over 18" boolean, then prove to you I actually ran this program, not just "return true", but WITHOUT revealing the birth certificate.
It's a really neat facility that too few people are thinking about. We've had zero knowledge systems for a few decades now, but until now, each one has been a special bespoke mathematical object that would take years to develop. Over the past year or two, we've 1) made the things 1000x faster, and 2) made it possible to write arbitrary code under zero knowledge instead of having to make each ZK system a PHD thesis.
Others say that zkVMs are pointless because they're less efficient than these bespoke mathematical objects. Yes, they are. So what? The flexibility is worth it. Others say that zkVMs came out of Etherium, so they're only good for "crypto" stuff. False. Sure, it's the Etherium people who did a lot of foundational research into efficient zkVMs. We owe them a debt of gratitude, because they made a new kind of CS object that's going to be useful for tons of things not tied to Etherium or web3 in any way.
Anyway, if you want to get a feel for fully programmable ZK systems, check out https://noir-lang.org/, a programming language for ZK programs (not a zkVM, but same UX). Or https://github.com/a16z/jolt, which lets you run normal Rust under zero knowledge.
Today, you can write normal-looking code and have it execute under zero knowledge, and, importantly, efficiently. You literally couldn't do this two years ago, and it changes everything.
What does require a trusted computing platform, however, is ensuring that the same program isn't being executed millions of times per second to send millions of different ZKPs to different parties.
ID verification is not enough, you also need some way to prevent one malicious user from re-selling the same ID to millions of others. Without ZKPs, you know what document the user is trying to sign up with, so you can rate-limit that document. With ZKPs, however, you need those rate limits to exist somewhere else.
Yeah, this goes back to the blind spot we technical people have: Solve people/social issues with technological enforcement.
Please get in touch with us via our contact form, we will need collaborators of all kinds and the human validation problem is going to be the hardest technical challenge to solve. We could use your help! https://hccf.onmy.cloud/get-involved/
https://hccf.onmy.cloud/wp-content/uploads/2026/06/dot-self....
> Everyone entitled to a subdomain at no cost
How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
> No parking, squatting, or reselling
How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?
We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.
> No parking, squatting, or reselling
Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.
> Think of it as a similar model to ISRG and LetsEncrypt.
In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
> rule of one person per subdomain
What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
> In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?
We are reaching out to companies who operate in the self-hosted space, academia, ISPs, registars, as well as digital rights orgs. We believe they would be aligned with this mission and ultimately benefit from such a TLD existing!
> What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.
There are a few emerging technologies we are evaluating to help with this but have not settled on one just yet. Whatever we choose, we will start small and go from there. Worst-case scenario, we start with the credit card approach and iterate. This will ultimately all be a part of the evaluation process we go through with ICANN.
To be honest it feels like these answers boil down to "we feel it'd be nice if this existed but we have no actual answers as to how to get it done".
---
To stick with your comparison: when letsencrypt and ISRG launched they had actual answers for how to deal with the hard challenges in their space:
A) how to get included in a trust roots (crossigning with IdenTrust at first and the knowledge and expertise of how to get included in the longer term)
B) Automated domain validation in a standardized way (ACME)
C) Long term commitments of sponsorships to ensure people could trust it would stick around
---
I wish you the best of luck, but I think this might have needed to bake a bit longer before publicizing.
How is one person per subdomain enforceable? How is a person uniquely identified and tracked?
My guess is by using ID verification similar to how I do it on https://onlyhumanhub.com/
So you have just built a wrapper around https://passportreader.app/, which itself is reading NFC enabled ID/passports from specific countries. The coverage map is here: https://passportreader.app/coverage.
Might be good to know that even in the US this approach would only work for ~50% of people, since a lot of people don't have passports. In most countries this does not work at all, since they don't issue NFC enabled ID/passports.
The "how it works" page for that website says that the ID data is "digitally signed by the issuing government". But there doesn't seem to be anything in the docs about how to get or verify that signature. So it seems like they are just asking users to trust them to do the verification.
> The coverage map is here: https://passportreader.app/coverage
Oh, cool! Russia is not on the list. Another service that excludes me just becasue I got lucky with the colour of my (NFC-enabled, biometric) passport.
On a less bitter note, I don’t think it’s that hard to build biometric passport validation. Face matching would be another thing, but for unregulated industries I don’t think you’ll need that, so why not grab some library from GitHub and be in control of the whole process? (You would still need to handle people without biometric passports somehow, of course.)
I'm curious about how this works, but it doesn't look like I can find out without creating an account. I see that it says "Link your existing social accounts to prove you're not a bot." How does having social media accounts prove I'm not a bot?
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue?
Is it actually a substantial expense? The TLD itself only has to publish the nameserver records, which generally have a TTL of about a day. A DNS response is a few hundred bytes. Big DNS providers like Google and Cloudflare would make requests for every actively used domain every day, but then cache them. Smaller providers wouldn't cache as well but also wouldn't each request every domain every day. For e.g. a million personal domains, ballpark estimate is somewhere in the few TB a month of traffic. Maybe a little over personal hobby project money but definitely not outrageous for a small non-profit organization.
> How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?
This is the easy one. Squatters buy domains because they want to sell them. To sell them they have to make it publicly known to prospective buyers that the domain is available for sale. So then if anyone lists the domain for sale anywhere, you make them prove that they own it (which any actual buyer would also have to do in order to not get scammed) and when they do the domain is forfeit.
It's kind of sad that we don't do that for all domains. Domain squatters can go to hell.
Much of the cost here comes from compliance with the ICANN gTLD program structure, not from running the underlying technical infrastructure (which is not limited to DNS - you also need EPP/RDAP/etc). See https://www.icann.org/en/registry-agreements for (hundred+ page) documents outlining registry responsibilities. Registries can outsource some of this to an ICANN-accredited "registry service provider", but should expect to pay upwards of hundreds of thousands of dollars yearly for the privilege.
You can't do it in the general case.
Most TLDs need to allow domain transfers because projects do genuinely change ownership sometimes. If you allow transfers, you allow reselling by definition (because you can't physically determine whether cash changes hands).
This isn't like tickets, where "return to pool and let an interested party buy it" is a viable strategy. Tickets are fungible, domains are non-fungible.
It costs ~$200,000 to apply for a TLD, and there's an ongoing renewal cost in the tens of thousands of USD.
For this application round, ICANN is running an Applicant Support Program, or ASP. The applicants seeking to apply for a TLD this round who qualify for the ASP will have a substantially reduced application fee, among other benefits. Our organization is one such org who has qualified for the ASP so we will not have to pay the full $227,000 application fee.
How much is the reduced fee then? As I understand it's somewhere between 75-85% less, which is still a lot of money.
Also, who is paying for the reduced fee, administrative and infra costs? And have you actually submitted gTLD application, or are you trying to crowdfund? Unclear to me.
The fee will fall on us to pay and the gTLD application window is open and our application is in progress. Yes we are crowdfunding (there is a donation link on our website and in the pamphlet) while also actively seeking partners to sponsor us.
If anybody is asking you "are you trying to crowdfund" and your answer is "yes,", you've clearly failed at conversion, marketing and UX design.
90+% of people who would be willing to sponsor this stuff will go "hmm, I wonder where they've taken their money from, not us I guess." Not everybody reads comments, even fewer post ones of their own.
Being on the front of HN is a great opportunity, I'm afraid you haven't used yours as well as you possibly could.
It's usually the clever cunts that try to deceive the investor by deploying an arsenal of marketing tactics. At least the organization in this case, is clear upfront.
It's not clear whether they're actually talking about domains or subdomains there, which is a worrying sign from a potential registrar.
Any domain that isn't one of the Top Level Domains is also a subdomain.
Isn't the actual top level domain an empty one after TLD? Looking like «.com.» with trailing dot
I mean sure, but if you started talking about google.com as a subdomain, real humans would correctly look at you funny.
Is it really that expensive to run a TLD? Name servers are notoriously long running on ancient spec servers.
I’m guessing, if designed well, the registration process could run on lightweight infrastructure. Maybe $1-5k total per year, not counting time. So it’s enough for a fun hobby project.
Might be a public service? I guess many countries already had such a thing with running cost several order higher than such a thing as a TLD, operating for centuries now.
Countries have the loop of "taxpayers pay government -> government funds service -> service benefits taxpayers." You can't do that if you offer the service to the general internet.
Why not? I would happily see a fraction of my taxes go into such a project.
I'm just being a negative nancy here, but I don't think I'd want to advertise that any of my sites are specifically self hosted, in that it kinda asks for ... security probing, since it's more likely than not got less than professional security surrounding it.
Having said that gestures to the entirety of the internet
So maybe not such a big deal.
I don't understand the naming scheme, or the apparent lack of it. I half expected it to be some sort of UUID which would at least makes sense. At one per person for 7 billion people that's a little under 33 bits. Make it a nice round 40 for a bit of future proofing (the scheme doesn't need to live forever) and to make a bit of space internally and that's 5 words from a 256-word list. That would seem to make a lot more sense then first-come, first-serve on something as easy to abuse as .self.
However, perhaps more relevantly, it isn't clear why this needs a TLD and all the hassle associated with a tld when it could just as easily be attached to any convenient domain name lying around that you have access to, such as, oh, say, onmy.cloud.
Then again I have this objection to almost all TLDs. But I'm not sure I'm wrong.
At the very least if you want to show ICANN that you mean business I would strongly suggest just doing it on onmy.cloud, and tell people that if you get the .self you'll transparently migrate their onmy.cloud domain on to .self when you get it. Nothing says "I can do this" like actually doing it.
Controlling the TLD has its own benefits and drawbacks (managing email reputation, for example) but as a regular person I have more reason to trust `.cloud` than `.self` purely on the basis of proven continuity. My `.com` domain will almost certainly live as long as the internet does provided that I keep paying to renew.
Regardless, a UUID is probably the right call. It doesn't help with memorability but it's at least more stable than an IPv4/IPv6 address and can be hard-coded. I wonder if you would get a full zone or if it's just an A/AAAA record given their broader goals of email and VPN tunneling.
We could fix a lot of this by just making sure .local (which is used in Bonjour/mDNS) could coexist sanely in mixed resolver environments _and_ could support subdomains. I built https://rcarmo.github.io/projects/mdnsbridge to “fix” it for my particular use case, and if it wasn’t for TLS shenanigans and the lack of subdomains, my issues largely went away.
Hold up...why isn't .self listed here:
https://www.iana.org/domains/root/db
Is this just an idea at this point, or some kind of "you have to use our DNS to resolve .self domains" scheme - ?
This is an idea at this point, the next round of gTLD applications is currently open and we are in the process of applying and we are trying to garner support!
Oh god not this shit again.
Inb4 they give away .docx
.zip was especially egregious. No one should have allowed that to happen.
There are three TLDs I block on my computer completely, and all of them are file extensions - .zip, .md, and .mov.
(Yes, the domain "readme.md" exists. Fortunately, whoever owns it is not using their power for evil and does not have any webserver there... but I'm not risking it.)
I am SO tired of the Claude docs site getting a rich preview every time anyone mentions “claude.md”. At least it’s registered by Anthropic, but what a terrible decision to allow these TLDs.
.md seems overzealous, no? Do you also block .rs? Would break too much I imagine.
Could do something like .brave and just sidestep ICANN?
With your hosts file or running a DNS on localist you can do whatever you want
there's a project for getting retro computers connected to an "internet" with 90s/00s services available, and they use .retro on that. it's pretty cute.
This is the first I've heard of this and search results have been fruitless. Where can I find more info on this?
Oh great, an entire .brave TLD shilling a BAT shitcoin crazy crypto scam. Don't we already have enough of those?
So this is my iCloud on the web for AI agents to pay me for access to my content (Cloudflare allows the bots in upon paying) :-)
Cloudflare offers this now (their Pay to Crawl service) but its not geared towards every human getting paid for their content. As of today Facebook and other social media platforms profit from our content....not us!
Domain names are not centralized, there is no central entity that controls an approved list of kosher domains.
This is practically useless information (and I don't mean that in the flippant "of low regard" slang sense, I mean a literal "this information becomes irrelevant once you look at what practically applying it does" sense). E.g.:
- Centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways!
- No centralized authorities for IP & DNS assignment? You (+anyone else you can convince) can just ignore that and it'll work in your bubble anyways!
My above pedantry aside, the article is explicitly about "The Internet" (it's even using the capital "I" oft forgotten about these days). I.e. the worldwide bubble which has centrally controlled assignment via ICANN/IANA, separate from other systems using the DNS/IP protocols. That's why it talks about ICANN and why bananamogul mentioned .self has not been centrally registered with IANA yet.
481 upvotes on HN, and only $136 USD donated (out of $64k target) -- at the time of writing.
Given the amount of traffic this project has received by being at the top of the front page for half a day, one has to wonder if a different approach to soliciting donations would have yielded them more money.
Clearly, everyone here is at least interested in the idea of a .self domain, and I wager that most (even the naysayers) of the commenters would register theirs.
Imagine if instead of asking for a $15–125 donation behind a CTA, they asked for $2 to "pre-register" your domain (with higher tiers for more benefits). I have a feeling they would have raised a lot more money...
Site errored out and gave me three different error messages as I reloaded. I guess it's self-hosted on something underpowered, and dynamic where static would do the job?
Indeed, this response is way more than we expected. Trying to set up a web cache now.
States could grant such domains when individuals register their identity, for example, "klaus-mueller-<close eyes say first word that comes to your mind>.self". It runs on a VPS, and it is well documented how to create and run a website on that. School kids are introduced to it. Would be an excellent entry point into digital sovereignty for citizens.
Enabling digital sovereignty for individuals is our foundational motivating principle!
Please leave states out of this. The State™ is not your friend, and we don't need a future, even more criminal government to have access to the shutdown button of even more of our identity.
Note that I did not single out an individual coutnry. All governments always stride towards autocracy.
Shotgun on your.self! That’s going to yield a ton of great second level sub domains :)
We are probably going to reserve some of the more obvious ones for specific purposes, e.g. my.self automatically pointing to a homepage on your local network. As we go through the gTLD evaluation process we will be keen to solicit feedback from the community on more specifics!
And the slang and typos? (ur.self, mi.self, his.self, there.self, ther.self, theyre.self, they.self, ...)
write.it.your.self
think.4.your.self
written.by.my.self
hug.your.self
serve.your.self
dancing.with.my.self
reference.self
interest.self
pleasure.self
gratification.self
b.true@to.thine.own.self
touch.a.touch.a.touch.a.touch.me
I don't fully understand how this works... who regulates and defines what is "self-hosted" or "ethical technology"... I feel you can't really solve the distributed consensus and governance problem by just introducing a new domain suffix.
I’m just using .home.arpa for my self hosted stuff. Free, just have to deal with TLS root cert trust, but once that’s down; you’re golden.
.internal works fine now.
Both of these are meant for operating a home/private network.
.self seems to be geared towards a 'accessible from the everyday net' kind of approach.
I just use .home, yeah I know it's not reserved but idgaf I'm not writing .arpa.
It simply cannot be both free and free choice of domain.
If it has both, it will be squatted to uselessness, and blocked everywhere because of phishing scams everywhere.
You can either make the domains cost money, which seems counter to the entire point, or disallow choosing the domain, instead handing out free what3words style names.
We have considered this, all of these things will be examined during the evaluation process of the application with ICANN before any approval to operate the TLD is granted. We could also police our domain and revoke users who use it for abuse but that may be too costly. But you are right that fundamentally we must protect the reputation of the TLD at all costs and that will require imposing certain limits on its use.
You should read their proposal. Specifically, the first "core feature": one person, one domain. If you want to squat on a domain, go for it -- it's yours, and that's the only domain you're getting.
I suppose this will be done by ID verification, which is a complete and total non-starter for me, but they do have a vision of some kind.
I've read it, I don't believe it will be effective, even with actual physical ID verification. Scammers can get more IDs, for example by way of scamming.
I tried to leave a comment and it errored out and said “please leave a valid email.” I tried 6 different addresses at prepend.com.
It’s weird when sites have invalid email checks.
Do the people who are promoting this know that it costs approx. $227,000 to apply for a new gTLD with ICANN?
The Applicant Support Programme makes it significantly cheaper (if they qualify).
See https://newgtldprogram.icann.org/en/application-rounds/round...
And https://www.kickstarter.com/projects/dotmeow/meow-next-round...
What is the expected price range for registration and renewal under this TLD?
Will there be any assurance that renewal prices will remain fairly stable, rather than being significantly raised after customers grow attached to their domains (a practice that seems to be common with new gTLDs)?
We should probably just bring back Geocities at this point.
Neocities exists and you are welcome to it :)
Their free terms are kind of bad. They use CORS security feature to block you from loading content from other sites. It doesn't cost them anything to let your site link outside content so they are only doing it make the free tier bad so people upgrade.
Well, the .meow kickstarter raised €121,896 with just an assertion and a voucher system, so there's at least some community support for this kind of thing, without it needing to be a good idea :-)
> Human-Centered
If this is supposed to be human-centered, why isn't it .human? I assume there will be many agents with their own ".self" domains that have very little human oversight.
Looks like we've hugged it to death.
Indeed that appears to be so O_O. Our site is of course self-hosted, this is quite the response. Will have to troubleshoot what the bottleneck is!
What is the premise for being able to do "one person, one subdomain" that isn't a privacy/security nightmare?
.me is cooler, but...
That all the cool 2-letter TLDs are designated as country codes was an extraordinary mistake that will have unpredictable and devastating consequences long into the future.
Our goal is for .self to be more than just another TLD string, we want to specifically empower the self-hosting use case with local clients that integrate directly with the TLD and operate shared services like mail servers as a public good. We want to dramatically simplify the effort it takes to set up a domain for homelabs and offer free services that are directly tied to the domain like email.
And you needed a gTLD for this task why?
We don't necessarily, however there are many benefits for doing so. We could simply purchase a domain and then build our initiative beneath it but then everything we do would be beneath that domain, meaning there would be two dots in what is our effective TLD. That would also mean we are a bit beholden to whichever TLD we are beneath and also whichever registrar we purchased our domain from. With the services we hope to offer around things like TLS certs and emails, it just makes more sense for use to own the whole thing from the root.
You can't purchase a domain, only rent it. If anything, going through a "pay to get a temporary monopoly on some virtual object" is the very opposite of empowering people with more autonomy as the project seems to try to support.
<something>.duckdns.org. works fine, and being "beholden" to ICANN is no worse than being a client of one of the big traditional gTLDs. If you want "one person, one name", well, .name is there for that.
It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"
What value is there in "horse.horse" being something you can resolve with DNS? What value does <something>.self give me, as a reader, that <something>.name or <something>.me or any of the other zillion variations on the same idea doesn't?
If anything, it creates confusion! "Oh, I met Bob McBobFace. Is he mcbobface.me? mcbobface.name? mcbobface.local?".
I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
I guess I just don't get the value to the public of increasing the set of dotted word suffixes that indicate that a word is a a cognizable DNS object.
> It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"
So the new gTLD round is open right now, we're getting more TLDs whether we like it or not. Our goal is to make one that has features built-in which cater to the self-hosting use case. So that is our key differentiator, that every endpoint leveraging our TLD should be someone's small-scale homelab setup.
> I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?
Technically yes it could work, but given the suite of features we'd like to build into our TLD, it would make things more difficult if we didn't own it. We would be dependent on external parties for our root domain, the root of trust for TLS certificates, all users' subdomains would have an extra dot etc.
It just feels a bit like you've decided to solve the hardest possible side quest first.
Everything else on your roadmap could have been built and shipped in the universe that exists, and then if down the road it's working, you could have aimed for your own TLD.
Instead you're putting the TLD first and any of the actual functionality that end users might want afterwards.
That is a fair criticism, however I would say that the reason we are going for the TLD now is because now is the only time we can do it. The last round of TLD applications was in 2012, so if we don't apply now, it could be a veeery long time before the opportunity comes around again. We are a new org and our goal is to build functionality in parallel with the ICANN application which will likely take years to resolve.
Are you working on the not-TLD parts in parallel? If you don't get the TLD, do you plan to launch on a more traditional domain?
The marketing stuff makes it look like the TLD is your main focus.
That's a popular tld for 'me' domains, like you said it's closer to .self in meaning but has better appeal
However .me (https://namegulf.com/tld/cctld/me) is a ccTLD managed by the Government of Montenegro, they set their own rules
The only mistake was not opening the root namespace altogether. It’s just a money grab.
The only mistake was not putting all US domains under .us, now the US has an an exorbitant privilege to print and enforce rules on new TLDs.
What do you mean by "US domains?" Domains registered by US citizens? Hosted in the US (in which case does that include territories)? Regardless of the definition, I don't see an easy way to do this, nor a reason to, since domains can change hands (and hosts) across countries.
.edu and .gov are us-specific, not sure if that is what they are referring to.
Domains that fall under the jurisdiction of the US? The domains themselves not the websites they point to? Everything under .games is controlled by the US government, the German government gets .games.de instead. To be fair it should be .games.us and .games.de (or .spiele.de)
Even gTLDs using other languages, like .kaufen, are under US jurisdiction. A German website selling to German customers using a .kaufen domain is forced to abide by US law as well as German law or loses the domain. Using a .de domain they would only have to abide by German law. That's unfair that the US government gets to stick its grubby fingers into every TLD that isn't a country code.
> That's unfair that the US government gets to stick its grubby fingers into every TLD that isn't a country code.
You're right in a sense, but the US invented the internet, so they get to invent the rules, no?
I have the opposite opinion, TLDs should have been restricted to ISO 3166 codes only, with only a few exceptions for international organizations and private networks.
I think letting anyone make any TLD is a bigger mistake.
.zip .pdf .mp3
I'd like to thank Caribbean island of Anguilla for having a ccTLD that helps identify which websites aren't worth your time in one quick look.
Better charge an arm and a leg for it, or people will complain that it’s too cheap and argue for blocking it everywhere.
In practice sadly many of these more obscure TLDs seem to be more expensive than more 'normal' ones like .org
Some of them, the more corporate or tech-focused ones like .ai or .inc or .tech or .llc. Very many of them are comparable within a dollar of .org.
Sounds like a unified directory of domain with lower security that attackers can target to me. not sure the domain for self hosting is such a great idea.
The reason why this won't work is right there, in the original link itself.
They're allowing comments and obviously the first thing there is a scam.
No way any goodwill on the Internet is going to prosper. Not anymore.
I, as a human, find that website decidedly unfriendly to quickly getting information. Particularly on mobile.
> One Person, One Subdomain
> - Everyone entitled to a subdomain at no cost
One subdomain, or one subdomain? Would I be entitled to something like "pavel.hosts.self"?
a sub (level below) domain from a top level domain (.self) would presumably be pavel.self
the .self root itself should self-host itself
In this econimy? where google's full might is behind killing self-hosting? Be still, my beating heart --- there may be hope yet.
The $1/year numerical .xyz domain is pretty affordable already, and there are multiple providers now with free DNS services.
Will Self[0] is going to love this.
Kind of makes sense.
I remember that the local service provider in the 1990s offered free homepages for all customers. Over the years this, strangely enough, disappeared completely; still not sure why, but it was harder to get hosting. It's still possible today, even for free, but it is more of a hassl and harder to do so than what I remember in the late 1990s early 2000s. I actually think every citizen should automatically get a free homepage etc..., if they want to (should be guaranteed to be an option, never mandatory of course; and I also think it should be a human right, together with access to information. Some countries perma-ban people who "violated" something e. g. downloaded copyrighted material, that also needs to be eliminated and states that do so should be called brutal dictatorships.)
Huh?
"Will be?" It's not up yet? Are they an approved TLD registry?
Their "pamphlet" is just their web site as a PDF file.
Are they selling domains, web hosting, DNS service, or what?
Right now, the only thing you can do is "Donate".
Can someone explain how the "core features" would work ?
How/Why is this linked to a TLD and not a hosting provider ?
The point is that you are your own hosting provider! We are trying to cater to self-hosters so our goal is to make it as easy as possible for someone with their own homelab to get a domain and have it pointed at the services they want to host.
Feels like putting a flag on yourself that you are an easier target (security vulnerabilities, ddos, etc.)
A free tunnel would be a dream. This would be a great initiative.
Just use cloudflare with static hosting for things like this. Doesn’t load for me.
Seems like a good way to get targeted by attackers
Seems that my.self is already taken. Moving right along, then ...
Wanted to find out more but it looks to be down. Unfortunate.
If we're gonna futz around with self hosting tld stuff, can we get HTTP clients to allow self signing on dot local? It's my goddamned network stop warning me about my own servers and no I don't want to install new root certs I resent the need to do Deep Magic just to have a private NAS.
I think is a good goal to pursue.
I've been experimenting with using "mymobilenumber.xyz" for stuff thats specific to me. the domains are cheap and easy to remember.. in this day and age mobile numbers are not super secret anyway...
my.self is going to be sold for millions
Oh too bad will.i.am can’t spend $5,000,000 for a my.self domain :(
SELF: The Power of Simplicity
DAVID UNGAR (ungar@self.stanford.edu)
Computer Systems Laboratory, Stanford University, Stanford, California 94305 RANDALL B. SMITH† (rsmith@parc.xerox.com) Xerox Palo Alto Research Center, Palo Alto, California 94304
Abstract. SELF is an object-oriented language for exploratory programming based on a small number of simple and concrete ideas: prototypes, slots, and behavior. Prototypes combine inheritance and instantiation to provide a framework that is simpler and more flexible than most object-oriented languages. Slots unite variables and procedures into a single construct. This permits the inheritance hierarchy to take over the function of lexical scoping in conventional languages. Finally, because SELF does not distinguish state from behavior, it narrows the gaps between ordinary objects, procedures, and closures. SELF’s simplicity and expressiveness offer new insights into objectoriented computation.
To thine own self be true. —William Shakespeare
https://bibliography.selflanguage.org/_static/self-power.pdf
mine.my.own.my.precious.self
too selfish
I've been looking to get into the TLD game. It's gonna cost about $600k, and it's a coin toss as to whether or not you'll get your money back. The two I've been eyeing, is .ion and .ness. Anyone want to go in on either of those with me?
I use netbird.io for my home lab and all my connected devices are reachable to each other without manual firewall hackery
Good luck getting your outgoing emails accepted by Gmail and outlook.
We plan to operate a shared mail server than can be used by users of the domain and we will work to ensure it is trusted by imposing usage limits. We will assume that every endpoint in our domain is someone's personal homelab, meaning small-scale use. For large mailing campaigns and newsletters there are plenty of services to choose from that enable those but for just sending personal emails, it should work.
Wait, so self hosting but I don't host my own email? So you guys just want to run your own mailserver and give people custom emails?
That sounds like negative utility. That would make hosting an email server on one of your domains harder than hosting it on a .com, so what benefit is this providing?
>One domain per person
How will you ensure this?
ICANN and its consequences have been a disaster for the internet namespace.
This is just a fact. It's a ponzi scheme.
unless it's promising a return on investment funded by new entrants to the scheme it's not a ponzi. Managing TLDs is just a plain old service. If you want to set people up with a different solution to planting a flag in a global namespace you're free to do so (.eth was an interesting attempt) but you are competing with one hell of a 'network effect'
I am disappointed that icannt.org is taken and is not an alternative root.
Edit: I've been rate limited because of this comment, apparently. Account burned - will make a new one. Dang says below it's because of flagged comments but I don't see many flagged comments in my history.
Of course we wouldn't rate limit you, or anyone else, for an innocuous comment.
We rate limited you because of flamewar comments you posted in another thread, like this one: https://news.ycombinator.com/item?id=48723651. You posted over 50 times in that thread, and many of your comments there broke the site guidelines. That's abusive. If we didn't rate limit accounts for doing that, we might as well have no guidelines or restrictions at all.
treat.yo.self!
it.self
[dead]
[dead]
[flagged]
[flagged]
Please don't reply like this to comments like this. Just flag them, and if you're feeling extra-helpful, email us (hn@ycombinator.com).
I've started using .internal
As I understand it, if you want to use domains internally for your home ("home") network, there's some DNS support for "home.arpa"[0].
I've been using .lan, referenced in rfc6762[1] as a good alternative to the multicast .local
> We do not recommend use of unregistered top-level domains at all, but should network operators decide to do this, the following top-level domains have been used on private internal networks without the problems caused by trying to reuse ".local." for this purpose:
.intranet.
.internal.
.private.
.corp.
.home.
.lan.
That's no use for self-hosting unless all your users are on your private network.
Tailnet and Magic DNS make it easy to bring other people or devices to your network, including simple authentication mechanisms to know who is who
That doesn't contradict anything I said. Private networks can be huge, e.g. in big companies, and they can still use .internal. .internal serves quite a different purpose to that proposed for .self, so the top level comment I replied to doesn't make much sense.