
The gimp.org domain has expired - danr4
http://www.gimp.org/
======
whichdan
[https://www.icann.org/resources/pages/expired-2013-05-03-en](https://www.icann.org/resources/pages/expired-2013-05-03-en)

Domains have a renewal grace period. Since it expired recently, they'll be
fine.

------
Grue3
Can the headline be changed to reflect the fact that it expired and wasn't
"poached"?

~~~
delinka
Seconded, since the registrar has to provide a grace period, but can still
redirect the expired domain to any place they like.

~~~
larrys
Edit: Not any place you want actually...

Per ICANN if domain is made innactive the page that it points to if it points
to a page (it doesn't have to you can just put the name on hold) needs to
describe how to get the domain back. Once again that's only if a page is
displayed displaying a page is not required.

[https://www.icann.org/resources/pages/errp-2013-02-28-en](https://www.icann.org/resources/pages/errp-2013-02-28-en)

"2.2.4. In interrupting the DNS resolution path of the registration, if the
registrar directs web traffic to the domain name to a web page while the
registration is still renewable by the RAE, that web page must conspicuously
indicate that the domain name registration is expired and provide renewal
instructions."

~~~
delinka
And how often is this enforced? Does the registrar actually face anything
punitive for doing what's been done here?

~~~
larrys
Good question. ICANN does audits where they cherry pick some domains and say
"show me what the fuck happened in logs and prove you did the right things".
However the audits are every 3 years or so and the domains are just random
pickings. So it's up to a registrant that is wronged to file a complaint and
then ICANN says something to the registrar and the registrar says something
back and they close the case kind of like a residential noise complaint where
the cops come out when called. There really aren't any minor punitive actions
per se other than revoking accreditation which is major. And you would be
correct in assuming that would be rare and ICANN first gives every chance for
a registrar to correct the wrong doing. So you could in theory get away for
this for years and if and when caught you would just get your act together and
fix things up.

Note: I have been dealing with ICANN since the start and they tend to be
pretty cool and fair with registrars but they do take complaints seriously and
do follow up on them. Creates a ton and a pain of paperwork for registrars so
that really is the negative to not complying in a way.

------
simonswords82
This is exactly why we created a domain name/ssl reminder tool:
[http://www.expirify.com](http://www.expirify.com). A really easy mistake to
make and very costly, I hope they get it back

~~~
zymhan
How is this necessary if there is a grace period after a domain expires?

~~~
gokhan
You can't use your domain in grace period until you pay. It gets redirected.

~~~
kuschku
With ICANN registrars, that is true.

DENIC, for example, (which operates seperately and has their own, incompatible
WHOIS system), operates .de differently:

After your domain ran out, it will get "locked", all DNS settings will be
locked they were before, and you get a letter or an SMS. The domain will stay
locked for 2 weeks, during that you can enter the code from the SMS or letter
on a website to move the domain to another registrar or delete the domain.

If you don’t react at all, after 2 weeks, the domain goes into TRANSIT. It
still stays locked, but now you get actually billed for it, until you enter
the code or delete the domain.

Essentially, with DENIC, the domain stays locked until you decide to delete it
or move it to another registrar.

You can also disable the TRANSIT, in that case, if the domain runs out, after
2 weeks grace period of being locked it actually runs out.

Remember: Not all NICs operate like ICANN.

------
duggan
Not poached, but definitely now in the 30-day grace period[1].

[1]
[https://www.dotster.com/domains/faq.bml](https://www.dotster.com/domains/faq.bml)

------
kragen
We should stop using the domain name system to name web pages and email
addresses. It is too vulnerable to legal attacks, extralegal attacks, and
simple human error.

There are a bunch of decentralized possibilities out there: IPFS, Tahoe-LAFS,
MaidSafe, and so on. None of them are ready yet, except (for some purposes)
FreeNet and Tor Onion Services, and it's going to be a lot of work to get them
to work, and probably some of them are simply unworkable. But this is a
really, really important problem to solve, and it's solvable.

~~~
dspillett
Excellent plan.

Now we only need to worry about the small matters designing an alternative
system that acheives what the domain name system does without those draw-
backs, and convincing people to use the new system...

~~~
belorn
There is one, and its called search. People are getting used to ask the search
engine on their phones and tablets for finding websites, so the big engineer
problem is remaking the service into private instances which isn't controlled
by google or apple.

~~~
Turing_Machine
How would hyperlinks work in this model? If I have a hyperlink "This is an
awesome program" that links to gimp.org, how is search going to help if
gimp.org goes away?

~~~
kragen
The hyperlink URL text could contain a secure hash of the gimp.org home page.
Or a revision number and the hash of a public key used to sign gimp.org home
page revisions. Or of a document containing three public keys, the majority of
which need to sign a home page revision for it to be considered a valid value
for the link. Or, as in onion services, the hash of the public key of the
server hosting the document, along with a document path to send to that server
when you manage to reach them. Or a name unique within a certain namespace,
and a public key used to sign new versions of the document listing the name-
hash mappings for the latest version of the namespace. And maybe a list of
IPv4:port pairs to contact to ask for the document. Or the name of a
decentralized pub-sub channel where versions of the page are periodically
announced — maybe the Bitcoin blockchain. There are lots of possibilities.

~~~
Turing_Machine
"The hyperlink URL text could contain a secure hash of the gimp.org home page.
Or a revision number and the hash of a public key used to sign gimp.org home
page revisions."

That would help to make sure you got the right page, but wouldn't help you
_find_ it.

Your other suggestions (e.g. a list of IP addresses/ports) are basically just
reimplementing DNS, but with more complexity. :-)

~~~
kragen
With more or less complexity (although that statement makes me suspect you’ve
never administered BIND) — but with different failure characteristics! And
hopefully better ones.

------
BiohaZd
Updated Date: 2015-08-06T08:16:07Z

Name Server:NS1.DOTSTER-EXPIRED.DOMAINPARKINGSERVER.NET Name
Server:NS2.DOTSTER-EXPIRED.DOMAINPARKINGSERVER.NET

------
scriptproof
Gimp.org domain: Created 1997-08-04 Expires 2015-08-03. So expired 3 days ago.

~~~
delinka
If it expired three days ago, isn't there a 30 day window whithin which they
can still renew?

~~~
at-fates-hands
Yeah, it gets put on hold for 45 days at which time it can be renewed. If it
isn't renewed with that 45 day window, then it gets listed as "expired" and
the owner still has another 30 days to renew it.

Once it goes beyond these two phases, it enters into the "pending delete"
phase at the end of which, it's released and open to get hijacked by someone
else.

They still have plenty of time to renew it without issue.

------
jonwinstanley
Looks more like someone forgot to pay the domain fee

~~~
neotek
Poaching is registering a recently expired domain, usually so that you can
(effectively) extort the original owner to buy it back from you.

------
colinbartlett
When I go there now, I see the same site that's been there for a while:
[https://web.archive.org/web/*/gimp.org](https://web.archive.org/web/*/gimp.org)

So maybe it was returned to its owner?

~~~
rplnt
Or maybe you are using the old IP from your DNS cache?

~~~
Shivetya
I don't understand registrars that don't alert you to the fact that it is
going to expire. I have that registrar that everyone loves to hate and they
are damn good at reminding me when to renew and not annoying me in between
such times.

(as in, I have godaddy)

~~~
dspillett
I'm pretty sure _every_ registrar does this. It is in their interest: they
remind you to pay so they get your money instead of some other registra
getting a poacher's money.

A key problem is people not seeing the reminders. Perhaps they get lost in a
sea of spam. Perhaps they get accidently calssifed as spem themselves. Perhaps
the contact information for the domain isn't kept up-to-date and the reminders
end up in an email account that is no longer monitored.

------
ilurkedhere
They're probably just moving to Sourceforge.

------
commentereleven
It looks fine to me? What are you talking about?

~~~
richmarr
I get the correct gimp.org site too. whois seems to indicate Shawn Amundson as
the owner, which sounds about right.

I wonder if we're part way through DNS propogation

------
BinaryIdiot
Note to self: check gimp.org on September 3rd to see if it was renewed or not.

In all seriousness I'm pretty surprised they would let it lapse. Hopefully
they pick it up within the grace period. It would suck for a bad actor to get
ahold of it and offer up the gimp for download with, say, malware in it.

~~~
schumaml
Well, Shawn has already renewed gimp.org.

This wasn't really surprising to me* - some months ago, when we discovered
that gimpguru.org (no one from GIMP is connected to that site, btw) had
expired and taken over by a third-party, we checked and discovered that
gimp.org expires on 2015-08-03.

Personally, I firmly believe that useful change only happens when survivable
incidents happen, so my only concern was whether gimp.org would be lost
immediately it wasn't renewed before that date. But when someone pointed out
the grace period, I thought "well, either it is renewed in time, or we will
have discussions similar to those that happen right now, might be a good
wakeup call" _.

_ * but yes, of course I was surprised when I couldn't connect to www.gimp.org
anymore, in particular because I had some updates planned for the downloads
pages, because I had simply forgotten about it. Dismissing it as a non-issue
until something actually happens tneds to cuase this, apparently.

------
aikah
I get "Domain not active" so what people get may vary depending on their
location.

------
postynotes
They should have at least had a monitoring service like [https://www.dotcom-
monitor.com](https://www.dotcom-monitor.com) monitoring their site so they
knew about the issue right away.

------
roflchoppa
URL poaching is messed up.

don't be a jerk.

~~~
morganvachon
As others have said, I don't think it was poached, more likely it's in the 30
day grace period for a missed renewal. Hopefully they'll get it sorted soon.

And yes, domain poaching is very douche-y, and is basically extortion.

------
franzpeterstein
Question: Alternative download links for Mac and Windows? (No Sourcforge)

~~~
skrebbel
Looks like Fosshub has it:
[http://www.fosshub.com/GIMP.html](http://www.fosshub.com/GIMP.html)

(to anyone who knows this: it looks to me like fosshub wants to be the anti-
sourceforge, the new home for binary opensource downloads, and that they're
non-evil. is this true?)

~~~
morganvachon
It seems legitimate, and I agree with their stance (if not their tone) in the
"Controversy" section of their FAQ.

I'd love to see them put out a tool similar to Ninite, though I don't know if
they have the resources to allocate for that.

~~~
FossHub
Thank you for the confidence! We can assure you that our intentions are
"good". As for the Ninite suggestion, unfortunately (since FossHub is NOT
after the money) we don't have the financial resources to add such a tool.
Maybe later. Thanks again!

~~~
skrebbel
May I ask why you're running the site anonymously?

~~~
FossHub
Sure! We run the site anonymously for the same reason as others - keep
phishing attempts away, minimize spam, increase the security by eliminating
social hacking attempts and a few other reasons that are well-known by law
enforcement agencies. We did tried to run without the "privacy" option enabled
and we were forced to activate it. We acknowledge that this might raise some
questions but as long as we deliver a trustworthy service this shouldn't
matter too much for our users.

------
hope4peace
still says domain not active for me. I tried doing a control refresh but still
no.

------
moviuro
BTW, it is back up.

------
burstmode
Great ! Now the GIMP team will use this opportunity to create their own
version of a "domain". I will look & work mostly like all other domains, but
just mostly. Like you will not be allowed to directy save a change to its
structure...

