
Someone forgot to renew NodeJS.org - pixelmonkey
http://nodejs.org/
======
IsaacSchlueter
Sorry, folks. My bad.

The root cause here is that some stuff didn't get handed over properly in the
switch from Ryan to me as Node.js manager. So, the emails were indeed going to
a non-functioning inbox.

It's resolved now, and we're setting it up to auto-renew so that this doesn't
happen again.

~~~
javajosh
It's kind of amazing how much certain data (in this case, a record in DNS)
comes to _mean_ to people. And how much we come to rely on that little bit of
data. And really, how much we trust the DNS system and it's maintainers.
"Ruling the world" might be difficult, but "ruling the internet" appears to be
a matter of controlling DNS and then mimicking well-known sites well enough to
install arbitrary software on every PC and device on the planet via a
nefarious auto-update. It's the ultimate MITM attack. Even better if you can
take over the DNS system for a short period, get a few million installs, then
put the system back.

tl;dr: He who controls the DNS, controls the universe.

~~~
bdg
It's not who controls the spice, its the one who can disrupt the flow.

------
aneth4
There is a lot of self-righteous dickishness and schadenfraude in these
responses. Proclaiming there to be "NO excuse" to someone who has worked their
ass off to create a stellar open-source project really says more about
yourself than the person you are attacking.

Most certainly there is some sort of explanation, and whether or not it was a
terrible mistake, being a jerk about it doesn't relieve you from the terrible
mistakes you've made in your past - we all have them. And in the end, this is
really not a big deal.

~~~
IsaacSchlueter
You have hit on the exact reason why I almost never look at Hacker News any
more, except when someone explicitly asks me to respond to something.

This site appeals to the absolute worst in everyone. I find myself becoming an
asshole every time I come here, and I don't like that feeling.

~~~
aneth4
I don't know about the worst in _everyone_ :). Lots of people still manage to
hold their temper. I've certainly gotten snippy here before.

I still come here for great commentary on complex topics, but usually resist
the urge to look at comments on gotcha articles like this where I know there
is probably nothing constructive to say, so the trollishness comes out.

------
binarymax
I know people make mistakes and overlook things, but really...there is no
excuse for this. I get about 8 emails from my registrars warning me before a
domain expires...60 days, 45 days, 30 days, 1 week, then one like every day
until the date. Unless these emails are going to an address nobody is
monitoring I can't see how this can get overlooked.

~~~
mise
If an email was sent to a mailbox that wasn't being checked, it doesn't matter
how many emails were sent. I don't know if it's the case, just guessing as one
possibility.

~~~
larrys
That's exactly true. Emails bounce and the person who is in charge of the
domain often changes jobs and the contact isn't changed. Some go straight to
the spam bin.

But you'd be surprised at how many people ignore even postal notices that some
registrars send.

What you have to keep in mind is that restoring domains that have expired is a
profit center for registrars. [1]

And having incorrect email contact info helps as well since not only does it
favor that profit center but it also prevents competitors from soliciting your
accounts (as well as preventing spam, right?)

[1] In the case of the nodejs.org domain it was taken offline on the day of
expiration. It wasn't deleted it didn't go into redemption. Generally most
registrars give some grace period (but if you aren't getting the emails that
doesn't really matter, does it?)

There is a new policy being floated by ICANN that addresses these issues. If I
can find the link I will post.

------
trotsky
I know there is a joke about event driven programming in here somewhere.

------
dfc
I hope the node installation never did one of these:

    
    
      curl -s -L http://nodejs.org/some-script.sh |sh 
    

I have never understood why people install software like that. I can not
remember which project it is that uses this in the installation.

~~~
jaredonline
Homebrew, rbenv, rvm, to name a few. Never understood it either. If you could
get ahold of a domain write a malicious script at /some-script.sh, you could
do a lot of damage.

~~~
halvsjur
I agree that it feels insecure, but is there really a difference between this
and downloading and running files from a .tar.gz or installing a .deb for
example?

~~~
dfc
Yes.

apt-get:

    
    
      $ ls -l /etc/apt/trusted.gpg.d/
    
    

Source Installation:

    
    
      $ wget http://nmap.org/dist/sigs/nmap-6.01.tgz.asc
      $ wget http://nmap.org/dist/nmap-6.01.tgz
      $ gpg nmap-6.01.tgz.asc

~~~
sgt
The point is that most people don't do this.

~~~
dfc
Its built into apt. Unless you are suggesting that most people do:

    
    
      # apt-get --allow-unauthenticated ...

------
ck2
Also, 10 year registrations are typically only $80

If you have a serious domain, why not just grab the decade.

Domain prices will only go up, sometimes $1 a year, so there are savings too.

~~~
larrys
"10 year registrations are typically only $80"

Where are you seeing $80 for 10 years (not doubting just curious).

$80 is below the cost that the registrar pays (for .com) to the registry and
ICANN variable fees. Not to mention the cost for credit card processing as a
variable fee.

Consequently in order to charge that amount the registrar has to make money in
other places (could be to charge for things that are free elsewhere as one
example).

~~~
aw3c2
nearlyfreespeech charges 9.49USD per year so that is not too far off for a
respected registrar

~~~
larrys
They are a reseller, not a registrar.

<http://faq.nearlyfreespeech.net/full/accredited>

------
carsongross
ERROR 500.5150 - Too busy being rockstar tech

~~~
kombine
Please stop using this bs terminology, rockstars, ninjas and all that sort of
crap. With all respect to Ryan he is just one of many great programmers.

~~~
bgilroy26
No one can truly know the mind of another human being, but I'm pretty sure
Carson Gross is sick of the term as well.

I do agree with you that sincere language is more likely than sarcastic
derision to turn the tide, but you should know that you guys are on the same
side.

------
wilsaj
For those who need it, the IP address is: 8.12.44.238

~~~
bilalq
This caught me and my coworkers by surprise just now. Thanks for the link.

------
ck2
It used to be possible to pay for other people's domains (they still own it,
you are just gifting the payment).

Someone once renewed a hotmail domain after Microsoft forgot.

Registrars should allowing gifting, source doesn't matter.

~~~
nivla
>Someone once renewed a hotmail domain after Microsoft forgot

<http://www.doublewide.net/>

This is what ck2 is referring to. Its was an interesting incident.

Slashdot discusssion around it:
[http://slashdot.org/story/03/11/06/1540257/microsoft-
forgets...](http://slashdot.org/story/03/11/06/1540257/microsoft-forgets-to-
renew-hotmailcouk)

------
deweller
whois nodejs.org

    
    
      Registrant Name:Ryan  Dahl
      Registrant Organization:Joyent
      Registrant Street1:345 California St Suite 2000
      Registrant City:San Francisco
      Registrant State/Province:CA
      Registrant Postal Code:94104
      Registrant Country:US
      Registrant Email:ryan@joyent.com

~~~
sirrealle
With the email "ryan@joyent.com", it doesn't seem likely that it's an
unmonitored email address that would have missed the registration, unless it
was seen as spam / junk mail.

------
aelaguiz
Wow, what recourse is available in this situation? None? Does this mean that
100% they are going to now be blackmailed to get their domain back?

~~~
sturadnidge
Shouldn't be anything to worry about - here’s how the domain expiry process
works.

1\. Domain ‘expires’, and enters a 40 day grace period. I have read things
that imply this can vary from registrar to registrar, but it seems pretty
standard from what I have seen.

2\. After the grace period, it enters a 30 day redemption period. Again,
apparently this can vary, but I have yet to see it (admittedly I have only
looked at a small number of domains)

3\. Finally, when the redemption period expires, a 5 day ‘pending deletion’
period is entered.

Between 11am and 2pm Pacific Time on the 6th day of pending deletion, the
registrars theoretically start dropping the names from the ICANN database.

It is kind of odd that such a domain would only be renewed annually... it's
hardly speculative!

~~~
larrys
Your numbers are off.

Grace period (as you have pointed out somewhat) varies by registrar. The basis
for what you are saying is how long a registrar has to delete the domain
before they can get their money refunded. That time period is 45 days. So on
the expiration date the registrar is automatically charged for the renewal. If
they delete on day 45 (by a certain time depending on when registered) they
will have their fee refunded. Consequently they can give a grace period if
they want of up to 45 days but from a practical standpoint it's tricky to wait
until the last minute before deleting (if you have a system problem on day 44
that prevents you from deleting 2000 names you're stuck with them).

After they delete the domain (which can theoretically be anytime and keep in
mind that "delete" is different than "take off line" "change ownership" etc.)
it goes into redemption.

It is in redemption for 30 days during which only the sponsoring registrar can
submit the necessary report to get the domain back. With .com .net .org .info
the cost for the registrar to get the name out of redemption is $40 plus the
renewal fee.

Once 30 days have past it is in pending delete and goes into a 5 day black
hole where nothing happens and not even the sponsoring registrar can get it
back. After that 5 day period it's released and anyone can grab it, first come
first serve.

nodejs.org as I pointed out elsewhere was simply taken offline. It wasn't
"deleted" in the sense that it goes into redemption. From the registrars point
of view this makes sense since it allows them (if they want) to charge a fee
to restore the domain w/o having to incur any extra ($40) costs.

"the registrars theoretically start dropping the names"

The time the domains drop is not controlled by registrars. It's controlled by
the registries. The registrars only control (in addition to other things
pointed out) when the domain goes offline or gets "deleted" and enters
redemption.

" it enters a 30 day redemption period. Again, apparently this can vary"

Can't vary it's 30 days.

~~~
sturadnidge
You start by saying my numbers are off, then agree about the variability of
the grace period before stating exactly the same numbers as I did?

Thanks for clearing up the redemption period invariability though.

~~~
larrys
You made statements of fact, such as:

"here’s how the domain expiry process works." (might have been better to say
"here's how I think").

"Domain ‘expires’, and enters a 40 day grace period" although you qualified
this saying it like that gives people the wrong impression of your actual
knowledge in this area.

"After the grace period, it enters a 30 day redemption period. Again,
apparently this can vary, but I have yet to see it "

You say "it enters" (like a fact) but then say "it can vary, but I haven't
seen it yet".

My point isn't to give you a hard time but on HN crowd tends to jump on
anything incorrect and it's clear from your summary that you don't have much
experience in this area. I've made mistakes when I've said things on HN that I
haven't doubled checked or don't know very well. (It's possible of course to
even make mistakes on things you know well!)

------
Jailout2000
I don't understand. It looks normal and works for me?

~~~
asdfs
Wait half an hour or so, and flush your computer's DNS cache. Your ISP is
probably caching the DNS entry.

~~~
InclinedPlane
It's been fixed. So it might be YOU who now have the old, bad DNS entry
cached.

    
    
      Domain Name:NODEJS.ORG
      Created On:29-Sep-2009 14:50:55 UTC
      Last Updated On:29-Sep-2012 16:27:30 UTC
      Expiration Date:29-Sep-2013 14:50:55 UTC

------
sonier
It now shows "Welcome! This domain was registered at namecheap.com. Please
check back later!"

------
moeffju
How does this keep happening to people? No registrar I know has a default of
"don't renew", and they send your reminders. Why not just buy the doman for 10
years, or set autorenew, or ... seriously. There is NO excuse for this.

------
holdenweb
File under shit happens and move on. Nothing to see here, people.

