Sony Forgets To Pay For Domain, Hilarity Ensues

First time accepted submitter Dragoness Eclectic writes Early Tuesday, gamers woke up to find out that they couldn't log in to any Sony Online Entertainment games--no Everquest, no Planetside 2, none of them. Oddly, the forums where company reps might have posted some explanation weren't reachable, either. A bit of journalistic investigation by EQ2Wire came across the explanation: SOE forgot to renew the domain registration on SonyOnline.net, the hidden domain that holds all their nameservers. After 7 weeks of non-payment post-expiration, NetworkSolutions reclaimed the domain, sending all access to Sony's games into an internet black hole. Sony has since paid up. SOE's president, John Smedley, has admitted that the expiration notices were being sent to an "unread email" address.

Black hole?

[djupedal]

Hole in someone's head, maybe - after all, a simple spreadsheet to track something this basic or a reminder in a calendar with alerts with someone assigned to keep an eye on things would take care of things like this. They're lucky it wasn't held hostage...

Re:Black hole?

You want to assign someone to keep an eye on things that can be fully automated? Is your hair pointy?

Re:Black hole?

[lgw]

Same thing happened to Turbine a couple years back: DDO, LotR, etc all down for exactly the same reason. You wouldn't think this would be that hard to get right, but chances are no one in dev at either company survived from the early days to when the problem happened, so the tribal knowledge was lost.

Re:Black hole?

[peragrin]

the problem is you fire someone and those alerts and reminders and tracking spreadsheets are lost in the change over.

Re:Black hole?

[geekoid]

" simple spreadsheet to track something"
that is the bane of corporations. Important info sitting in a spreadsheet, somewhere.

Re:Black hole?

[Narcocide]

They're lucky it wasn't held hostage...

Lucky, indeed! Next expires 26-may-2020. Lets see how that works for them next time around.

I'm pretty sure also they're required by law to put ACCURATE contact info into the registry...

Re:Black hole?

[rhodium_mir]

Also, for $1000 they could have simply registered the name for one hundred years.

Re:Black hole?

When I fire someone, I redirect their email to their supervisor. It's right there in their employment contracts that their work email address and any correspondence are the property of the company (as if that wasn't obvious, but CYA applies). For things like this we have title addresses like dnsadmin@example.com, noc@example.com etc. which are broadcast to several staff responsible for the management of such affairs.

Also payments such as these are lodged in our recurring expenses ledger and paid by accounts payable. You can't incur recurring expenses here without making a ledger entry as the account would not get paid thus the domain name would never have been registered. I guess if you were a total dick you could try and sneak a recurring expense invoice past AP as an NRE, though I kind of hope our AP people are clueful enough to catch shenanigans of that sort.

Re:Black hole?

[nobuddy]

1) Uh. No, there is no such law.
2) If there was such a law, it would not require the email address listed to be read by a human being.

Re:Black hole?

[Narcocide]

1) Uh. No, there is no such law.
2) If there was such a law, it would not require the email address listed to be read by a human being.

REFUTED on both counts.

Re: Black hole?

That's a law?

Re:Black hole?

[theskipper]

There's no law per se, but there is a recent ICANN requirement called "Whois Accuracy Data Specification". It requires registrars to contact the registrant and click an emailed link as validation that their whois info is correct. The domain can be suspended if the validation isn't done within 15 days.

The intent is good but the implementation is pretty mindboggling. They're expecting every owner of a domain name to check that the email sent to them is not a phishing attempt...how that's supposed to work reliably is anyone's guess.

So, yeah, owners are supposed to verify to the registrars that the info is accurate which you could say is "ICANN's law". But not legally. Here's one of many articles that goes deeper into the issue:

http://blog.easydns.org/2014/0...

Re: Black hole?

[nedlohs]

So you've also demonstrated you don't know what a law is.

Re:Black hole?

[raftpeople]

Good point, I better print the email reminder and place that in the three ring binder that sits behind my desk.

Re:Black hole?

[Qzukk]

This is apparently my president's nightmare because he will call me at midnight and ask me when our domains and SSL certs expire.

Re: Black hole?

[Narcocide]

come on don't be egomaniacal or lazy. you can google this yourself. its a law. https://www.govtrack.us/congre...

Re: Black hole?

[Narcocide]

https://www.govtrack.us/congre...

while you're right that was a customer service agreement, a simple internet search will show you a ton of references to the text of the actual law.

Re:Black hole?

[LordKronos]

Actually, 10 years is the max registration. And that's exactly what I do. Throwaway domains that I'm experimenting with might only get a year or 2, but once anything becomes important to my business, it gets renewed for 10 years. The same is true for my personal domain. And every couple years I go through and bump it back up to the max. I'd literally have to go 10 years without remembering to renew a domain before one would expire. I can't see why any business would do otherwise.

Re:Black hole?

[Narcocide]

There actually IS a law, its called the "Fraudulent Online Identity Sanctions Act" and its an ammendment to some other law I forget the name of but I'm sure is as easy to google.

Federal crime, 7 years in jail yo.

Re:Black hole?

[Narcocide]

google the "Fraudulent Online Identity Sanctions Act", moron.

Re:Black hole?

[Narcocide]

Well, its really no more ridiculous than storing authentication on the client-side. You'd be shocked how often this basic foolishness flies with very large companies.

Re: Black hole?

[thunderclap]

Originally I haven't planned on entering this but when I clicked the link I got this.

This bill was introduced on May 12, 2004, in a previous session of Congress, but was not enacted.The text of the bill below is as of Jun 09, 2004 (Reported by House Committee).

To be clear this means president Bush never signed it into law. It also means, that as it isn't a law the other person is right unless you can find one that was. As for SonyOnline.net the best thing would be a redirect to Piratebay.se

Re:Black hole?

[theskipper]

It looks like that is specifically tied to using false whois info if there is a subsequent copyright or trademark infringement, not if Joe Average decides to put 123 Main St. as his contact address. Seems like the law is a tool that can be used to help prosecution of Lanham violations (there probably aren't many criminals who keep their whois info up to date ;)

Here's the text copied from wikia:

http://itlaw.wikia.com/wiki/Fr...

"Fraudulent Online Identity Sanctions Act, Tit. II of the Intellectual Property Protection and Courts Amendments Act of 2004, Pub. L. No. 108-482, 118 Stat. 3912, 3916 (Dec. 23, 2004).
Overview Edit

This Act increases criminal penalties for those who submit false contact information when registering a domain name that is subsequently used to commit a crime or engage in copyright or trademark infringement."

If it's broader than that then please correct me (IANAL).

Re: Black hole?

[pla]

here's the law. you want me to do any of your other homework for you?

Not the GP, but yeah, I do - Can you explain what an anti-domainsquatting law that specifically deals with trademarks and identity theft, and absolutely nothing to do with simply giving fake info to a registrar, has to do with your original claim that giving ACCURATE contact info counts as US law?

Now, ICANN can enforce its policies on the registrars themselves, simply by virtue of the fact that a registrar requires ICANN's continued blessing to operate. But the only recourse they have about (non-identity-stealing) fake registration info comes down to taking the domain away from you. For someone like Sony, that might look like an end-of-the-world scenario. For someone who just wants a named place to stick stuff online for my own personal use? Meh, worst case, I've lost $10-$15 and I have to wait three days for a new domain to propagate (and not always even out the money - Much to my surprise, I actually had GoDaddy refund me when I flatly refused to send them a photocopy of my license, three months into a registration).

Re:Black hole?

[thunderclap]

No, there isn't. There is a dead and now archived House resolution.

This bill was introduced on May 12, 2004, in a previous session of Congress, but was not enacted. The text of the bill below is as of Jun 09, 2004 (Reported by House Committee).

It was never signed into law as it never made it out of committee. That link you so nicely offer up also offres this:

H.R. 3754 (108th): Fraudulent Online Identity Sanctions Act Introduced: Feb 03, 2004 (108th Congress, 2003–2004) Status: Died (Reported by Committee) in a previous session of Congress

How about this one. Its currently alive. S. 2588: Cybersecurity Information Sharing Act of 2014

Re:Black hole?

[Nevo]

Yes, somebody should absolutely be assigned responsibility to keep up with things like this. Because when no one's assigned the responsibility, well, then you get things like domains expiring.

Re:Black hole?

[petermgreen]

IIRC 10 years is the max on com/net/org

How it could happen is pretty simple, someone is working on a new service, they are in a hurry and just buy the domain with a company credit card or a small one time PO or whatever putting their individual work email address as the contact info. They register it for a few years, maybe even the maximum of 10. Maybe they set a reminder for themselves to renew it, maybe they don't bother as they think it unlikely the domain will stay in use that long.

The project grows in importance but noone notices that the domain behind it is associated with one employee, then that employee becomes an ex-employee and their email is shut down

Re:Black hole?

[rhodium_mir]

Network Solutions offers kinda-sorta-100 year registration. Technically it's just a ten year registration that they automatically renew for you every ten years, but it still would've saved Sony a lot of trouble in this case.

Network Solutions price chart

20 and 100 Year Domain Registration Service - If the domain name registry of a particular third level domain does not provide for an initial registration term of 20 or 100 years, then Network Solutions will register your domain name on your behalf for the maximum term available at the respective registry, and as long as your domain name is registered with us, we will continue to add additional years to your registration on an annual basis up to the total of 20 or 100 years, depending upon the term you select from the date of purchase.

Re:Black hole?

[X0563511]

Domains and SSL certificates. It seems nobody can handle these things expiring until OMG IT'S HAPPENING TOMORROW!!!

Re: Black hole?

Somebody's parents didn't hug him

Re:Black hole?

[TitusGroan8856]

have you heard of automated systems breaking? this is why someone should be assigned and responsible for it.

Re:Black hole?

[Antique+Geekmeister]

I'm afraid that the current "whois" practices were deliberately set up to allow plausibility deniability, to protect the domain owners from being actually reached by the spammers and numerous sales people or lawyers with cause to contact domain owners. The domain vendors benefit from this: they can follow the letter of the law, but not actually support contacting the domain owners to handle criminal or abuse behavior, and wait for days, weeks, or years while lawyers collect the evidence and chain of repeated contact failures before a court order can be obtained.

In the meantime, they're collecting the registration fees, in bulk, for the relevant domain and all the related domain names. The current system is a critical revenue stream, which the domain and SSL key vendors have no need or desire to encumber by enforcing legitimate contact information.

Re:Black hole?

[rossdee]

The place that hosts my domains sends me an email, and then charges my credit card automatically if I don't respond.

Re:Black hole?

[ArcadeNut]

Or....... just buy the domain for 100 years... it's not like Sony wouldn't make the registration fees back and they would never have to worry about it again....

Re:Black hole?

[DigiShaman]

I've fucked up and forgot when an SSL cert was about to expire. I found out the next morning when their iPhones could no longer access the Exchange server. Shit happens. This time I include SSL, Domain, and Server hardware warranty expiration notices scheduled way in advanced in my calendar as an event.

Re: Black hole?

[Rockoon]

..perhaps giving him a uniquely wise view of the world.

Re: Black hole?

[viperidaenz]

Come on, read the content of what you googled.

That's an amendment to the Trademark Act of 1946
Nothing in that act is applicable outside the context of a trademark violation.

Re: Black hole?

[viperidaenz]

It was done as part of another act in December 2004. If you look at the Trademark Act 1946, it contains the amendments in GP's link.
Regardless, it only applies to calculating the damages provided in a trademark violation involving a domain name.

Re:Black hole?

[viperidaenz]

Read the "Fraudulent Online Identity Sanctions Act", moron.

Re:Black hole?

[ketomax]

I bought mine for 10 no problems.

Re:Black hole?

[ayesnymous]

Hole in someone's head, maybe - after all, a simple spreadsheet to track something this basic or a reminder in a calendar with alerts with someone assigned to keep an eye on things would take care of things like this. They're lucky it wasn't held hostage...

I'm sure someone that spreadsheet with a calendar reminder, but then they probably got laid off and didn't bother give the info to anyone else.

Re:Black hole?

[ArcadeNut]

Network Solutions offers it:

http://www.networksolutions.co...

Re:Black hole?

[pushing-robot]

Because something that has to be done every year gets done every year, like taxes.

Something that has to be done every 10+ years is a lot more likely to get lost and forgotten. Sure, you could set a reminder...but where? Staff get replaced, calendars get replaced, software gets replaced, computers get replaced, offices get cleared out, and the people who trained the current employees weren't even around themselves the last time it needed to be done.

It's like the hundred year $DISASTER, which kills hundreds and causes billions in damage simply because it's so rare. If it happened every year, damages would paradoxically go down because building codes would improve and the public would be better prepared.

Re:Black hole?

[Ixokai]

Read it. Its just a booster. It makes intellectual property violations considered 'willful' if involving a fraudulent domain name, and takes on extra penalties if you commit a crime involving a fraudulent domain name.

It doesn't make anything illegal, nor does it give ICANN force of law.

Re:Black hole?

[Opportunist]

Do you have any idea how that's gonna look on your quarter report? Not to mention that you might not be around in 10 years, let alone 100, so why bother paying for the domain so far in advance?

Welcome to corporate thinking!

Re:Black hole?

[Opportunist]

Lately? Hmm... I bought some pizza, got a haircut, hired a plumber...

Re: Black hole?

[thunderclap]

Okay, are you suggesting that accurate reporting to ICANN is covered by the Trademark act? The point I made was the bill he offered and promoted as a refutation was never a law because it died in committee. If you have the other acts name please share

Re: Black hole?

[mwvdlee]

Just to add my 2c. A while ago I was working on a project which could use data in WHOIS records. Ultimately this failed because the data is very unreliable and mostly unavailable, but I did come accross some laws.

Seems the U.S. is pretty much the only country that has a law on this, and it just says that it is illegal to have inaccurate information in a WHOIS record if and only if you're using that inaccurate information to scam people. So basically you can use inaccurate information all you want but if you're conficted of scamming people online, the use of inaccurate WHOIS information can be used to add some additional jailtime.

Re:Black hole?

[Koutarou]

SSL certs are pretty trivial to track in Nagios or whatever your monitoring software of choice is.

No two domain registrars seem to format their WHOIS data the same though, making it a lot harder.

Re:Black hole?

[cryogenix]

100 year registration is dirt cheap compared to what happened as a result of it expiring :)

Re:Black hole?

[cryogenix]

It wouldn't hurt to have a distribution group for this and then make yourself and others a member of the group, even if it's your boss. Best case scenario, he gets the alert and says, Bob, did you see the alert about... Already took care of it this morning. Good man.

Re:Black hole?

[Darinbob]

It's pretty easy to forget when the renewal date is so far off. Plus if they do everything online and via mail it's easy to lose the reminders and email addresses change all the time in corporations, but snail mail often gets to the right department at least. Even if it's on someone's calendar, that person gets laid off or quits or transfers. IT groups especially have high turnover from top to bottom. If someone pays for the upcoming 5 years, that person will almost certainly be gone from that job when it expires.

Re: Black hole?

Christ, I own a little over 50 domains from quite a few places and I get everything short of being beat by baseball bats, despite having most of them on auto-renew and I always pay a month or so in advance on the ones that don't.

Sometimes three months before they expire they will start calling me. Sometimes 6 times in a day or more. "Hi we noticed your domain, bigtits.com is about to expire, would you like to renew it?" Yes, yes I would like to renew it, just like I did the last 11 years one month prior to it expiring. Wtf. And they often have a different person call about each one of my domains and what annoys me most is when they ask out of curiosity what I use the domain for.

Re:Black hole?

[lgw]

Wow, that's a non-sequitur (and, BTW, like most things on Slate, the argument fails: the SCOTUS ruling explicitly hinged on the fact that Hobby Lobby was a closely held corporation, and thus no different from a partnership It was not a broad ruling applicable to corporations in general, where the linked argument might have been relevant.)

Re:Black hole?

[war4peace]

When I fire someone, I redirect their email to their supervisor.

Isn't that illegal?

Re:Black hole?

[TechyImmigrant]

When my certs expire I sign myself a new request. 30 seconds, mostly to find the script.

Re:Black hole?

[TechyImmigrant]

I got that email.

Of course I always click the links in emails claiming to be important.

Re:Black hole?

[Whiteox]

Automated systems? Well maybe as long as they update the Visa card's expiry date.....

Re:Black hole?

But but but... Self signed certs...

How are the intelligence agencies around the world going to MITM your SSL connections?

Re:Black hole?

[blackraven14250]

It was not a broad ruling applicable to corporations in general, where the linked argument might have been relevant.

You mean it doesn't apply to around 90% of all corporations according to the IRS' definition of the term, and that it absolutely doesn't apply to companies like Cargill, Koch and Mars?

Re:Black hole?

[LordKronos]

Because something that has to be done every year gets done every year, like taxes.

Something that has to be done every 10+ years is a lot more likely to get lost and forgotten.

And yet, here we are...looks to me like it DIDN'T get done.

See, the thing is, like I said I do, you DON'T have to wait 10 years. If you want to make it a policy to bump it up to 10 again EVERY year, then do that. You stay in the habit, but you've still got that huge buffer. Your policies and procedures would have to fail you 10 TIMES IN A ROW for it to even get to this point. It seems pretty likely to me that at SOME point in those 10 years, some sysadmin or manager would come along and say "so who handles domain renewals around here", and everyone would look at each other, and they'd figure it out these domain's have been neglected for 5 years, and then they'd be able to fix the problem before it was a problem.

Re:Black hole?

[Frigga's+Ring]

I can't speak to other countries, but in the US it's not illegal. Employers will put a section right in their Employee Handbook or contract that states the company owns all of the data that employee creates, their work email, their work documents, etc. In InfoSec, we're often called to perform an investigation on what a user has been accessed and what they're doing, and we can do legally this because having that ability is noted in the employee handbook.

Re:Black hole?

[LordLimecat]

No.

Theres generally no expectation of privacy; the email account is company property, sitting on a company server, on company storage. In what universe would the company not have rights to it?

Not only that, but most sane companies have an acceptable use policy that generally indicates "no expectation of privacy, and we are likely snooping on everything".

The only exceptions I've heard thrown around (not sure if these would even hold up in court) are if there is personal stuff in there, and the company is aware of it but snoops anyways.

Re:Black hole?

[necro81]

I'm pretty sure also they're required by law to put ACCURATE contact info into the registry...

"It's impossible! I never broke the law. I AM THE LAW!"

Re:Black hole?

[cdrudge]

And ICANN makes laws now? You "refuted" that there is a ICANN policy, not a law.

Re: Black hole?

[Talderas]

bigtits.com?

It's obviously an avian enthusiast website. What else would something think it be?

Re:Black hole?

[gurps_npc]

That works well for people. But if a corporation gets a 100 year registration, they are practically guaranteed to forget to renew it. Remember the guy that said "Why do we need 4 digit dates, a 100 years is good enough for me."

Re:Black hole?

[FatLittleMonkey]

Do you have any idea how that's gonna look on your quarter report?

Too small to appear as a rounding off error in the smallest item on the balance sheet of the smallest subsidiary of the Sony Online Entertainment division of the Sony Group?

$35/yr, 100yrs? $3500. For their top level global nameserver.

Re:Black hole?

[FatLittleMonkey]

You want to assign someone to keep an eye on things that can be fully automated?

It's a basic accounts payable function, so yes.

Someone has to have authority to maintain and modify the automated payment schedule, otherwise either anything can be added/removed or nothing can be added/removed. Moreso, someone within their accounts payable department should be specifically responsible for all these particular kinds of payments: trademark fees, site ownership fess, official registrations, patent renewal fees, etc. That person should have lost their job today.

I'm a bookkeeper, I would lose my job if my employer's domain was cut off because a) I didn't pay the account, and b) my excuse was, "<shrug>I don't read that email account any more."

Hell, SOE is a large enough corporation in its own right that they should have someone whose sole job is to make sure contact information at vendors is up to date in response to structural changes and staff movements, as well as checking email accounts for employees who are no longer at the company or divisions that no longer exist to ensure that critical info isn't being lost. And an entirely separate person (but working in the same section) whose job is to make sure SOE's internal contact & billing information is updated for all of the major clients, to ensure that SOE itself is also sending accounts to the right companies/divisions and contacting the right people at those companies, to prevent SOE from causing similar embarrassments to SOE's major clients/partners/etc.

And Sony Corporation (the parent) should have at least one person whose sole job is to liaise between those "Contact Managers (internal/external)" in the different subsidiaries and major divisions of Sony, to ensure that the whole group is up to date.

And that person should have lost their job too.

Seriously, fuck that guy.

Re:Black hole?

[cryogenix]

On the bright side, whoever selects that will be long dead by the time it happens and thus fully protected from ever having to deal with being blamed :)

Re:Black hole?

[Richy_T]

Such emails should never go directly to a person but rather to an alias, preferably one which goes to a group of people.

One of my tasks for one company I worked for was domain name manager. We were in an aggressive acquisition phase so I was dealing with new integrating new companies with their own domain names (which we kept) constantly. Gaining control of those was often somewhat crazy with the companies not knowing who was responsible or the person having left/dead or just a a-hole about getting back to me. We even had one domain snatched up by a squatter (not my fault) that cost $5000 to get back. Damn right you manage these things properly. I would check the folder those emails went to regularly and we had monitoring processes in place to ramp things up as domain expiry drew near if for some reason I missed something. This isn't rocket science.

Re: Black hole?

[nedlohs]

OK so even when you do find out what a law is you demonstrate you don't know how to read them.

Re:Black hole?

[Richy_T]

The best way is to scrape (or API) the domain registrar. Sometimes takes a bit of work but you have a 100% up-to-the-minute completely accurate list.

Re:Black hole?

[FatLittleMonkey]

Theres generally no expectation of privacy; the email account is company property, sitting on a company server, on company storage. In what universe would the company not have rights to it?

There are countries that do give employees an "expectation of privacy" from employers snooping on email accounts (& phone calls, toilet breaks, etc), even though those are hosted on company equipment. And since it's the law/right/reg/ruling/etc, a mere employment agreement or company policy can't usurp that. The US is unusual in that it not only doesn't have anything like that, it so doesn't have it to such a degree that people can't even imagine having it. It's funny that the master-servant relationship is the default assumption in the US.

However, even those laws or regs would still only apply during the employee's tenure, not after they leave. And would have big fat exceptions for transferring job-title and task-title based email addresses (admin@fatass.com, renewals@fatass.com).

Re:Black hole?

[war4peace]

Wait, wait.

Having appropriate people access employee's X e-mail account is one thing. Security group, Legal group, etc.
Having someone's e-mails forwarded to their manager is outside of those bounds.

One example would be me sending an e-mail to a colleague who works under the same manager telling them that I'm dissatisfied with how the manager performs, or an e-mail exchange between me and HR about my manager's misconduct in this or that area. These are things that are company-owned, but my manager should not be able to access.

Where I work, nobody can access my e-mail address (legally) unless they have legal approval. Ironically, it's a company which is rather hated here on /. - not that I care, it's just a job.

Re:Black hole?

[war4peace]

I live in one of those other countries, that's exactly why I asked.
It's amazing how people rush to say "nah it's normal" while at the same time they fume about NSA meddling. Heh. Go figure.

Re: Black hole?

[dgatwood]

If I were their registrar, I'd probably resell the name to someone who would hold it hostage, just to make a point. This is the easiest thing in the world to avoid, just by having some basic policies in place.

Require that all ongoing accounts be set up to send email to role accounts that forward to multiple people (an email list). Have a policy where any employee termination/retirement triggers an automatic check of all role accounts, and if it results in a role account with no recipients (or, ideally, below some higher threshold), the current IT head has to start contacting managers until they can sort out who should be responsible.

Had Sony done this, it wouldn't be a problem.

Re:Black hole?

[bingoUV]

While the way Sony is behaving they are unlikely to survive 100 years, but if they do, they are sure to forget to renew after 100 years. Some bean counter will fire the guy responsible for keeping track of those 100 years and that email address will be abandoned.

Re:Black hole?

[LordLimecat]

As has been explained numerous times, there are gigantic differences between a company-provided email and what the NSA did.

1) MOST employers have an employee conduct agreement, or a computer-specific Acceptable Use Policy. This usually lays out the reality that you will be monitored.
2) The NSA does not have ownership rights over the servers hosting your personal email or comms. The company does have ownership rights.
3) Often companies have a legal liability if they do not monitor the communications-- for instance, if PII is transmitted in violation of HIPAA, both the employer and the employee could be legally liable.
4) Often companies have technical liability if they do not monitor the communications-- for instance, you could find your domain blacklisted if the email leaving your network is spam or virus-laden.

You really cant compare the two.

Re:Black hole?

[Frigga's+Ring]

I can definitely imagine situations where email forwarding isn't the best answer. My company has a lot of interaction with outside businesses and if John Doe leaves the company, any businesses he has a relationship with still need to be able to communicate with my company. Whether that means that John Doe's manager has John's email forwarded to him or simply adds it as a secondary inbox within Outlook is a matter of company preference. Regarding your example of criticizing your manager to another employee via company email, that is a terrible idea and you can be fired for it so please be careful. Make sure you're absolutely clear on your company policy and any EULA you accept before you end up in a position you don't want to be in. In the case of communication to HR, my advice would be to use email only to ask HR to set up a meeting so you can discuss your issue and leave the details to an in-person meeting. Your manager should not get access to view those complaints nor should they hold it against you if they did, but this is hardly a perfect world. If your manager makes the case that they have a business need to access your email (either auto-forwarding or another method), the Legal, HR, and InfoSec teams I've worked with won't bat an eye at granting that access just as easily as they can get a list of websites you're visiting at work if your company uses any sort of web filter.

Re:Black hole?

[lonecrow]

Yes sometimes automated systems fail. So I wrote an automated audit system that sends up alerts in case the automated systems fails. But then I worried about what would happen if both my automated system and my auditor failed, so I wrote a system to monitor the auditor. But I was in a nasty situation once on an ocean fish boat where three systems failed or had issues at the same time and it was really bad. So I think I will write an auditor to audit my auditor monitor.

Re:Black hole?

[lgw]

I don't know about those specific examples, but yeah, it was not a broad ruling. It was also key to the ruling that Hobby Lobby is self-insured. Both factors together were needed to make the argument that the owners would effectively be paying for (what they saw as) abortions out of their own pockets, against their religious convictions. Many (most?) closely held corporations don't self-insure, so it's pretty narrow.
 

Re:Black hole?

[Narcocide]

Admit being wrong? No thanks, I've been trying to cut back.

Re:Black hole?

[Ozymandias_KoK]

What would be illegal about a company managing it's email accounts?

Re:Black hole?

[war4peace]

Shit, man, I really don't want to live in the States, and that comes from a guy located in Eastern Europe.

Re:Black hole?

[war4peace]

Nothing. It wouldn't be kosher though for a manager to gain access to one of his directs' e-mail address.

Re:Black hole?

[hermitdev]

I went through this at my new employer this month. I started this past December and our code signing cert expired this month. Thing is, I noticed back in around February/March timeline that this was going to happen, so I filed a ticket and added a personal reminder to tick off last month. Took us close to 2 weeks to get a new cert from our vendor (they were questioning our identity for some reason). By the time I got the new cert, it was 2 days before I went on vacation. I thought I had everything setup correctly and merrily went on my vacation. Turns out the wrong type of cert was sent and shit blew up after our old cert officially expired. Unlucky coworker had to pick up the pieces.

So, the moral here is, even if you do plan ahead an try and coordinate these things, sometimes it still blows up, and you still end up with unhappy customers.

Re:Black hole?

[houghi]

Businesses are not one person. You can do this, because it is important to you. For companies there is a difference. Many people are involved. Perhaps over several IT departments in different continents.
Thos epeople get sick, have holidays and leave the company for several reasons.

First what often happens is that there is no group email adress like dnsadmin@example.com, but rather john.doe@example.com. Then they might split up the company and first just for tax purposes.

Oh and sometimes they need a domain NOW while no IT people are available, so they do it quicly and will do the the transfer later.

And then you have those domains that you do not realy use anymore.

So it is normal that things get forgotten. So here is an idea for allthose who say that never happens to them:
Make a business case out of it and sell the service to companies. You can inlcude gthe service of doing their worldwide DNS service and deal with each local company and department. You can inlcude everything that is included in DNS.

All others are basically looking for technical solutions for a social problem.

Re:Black hole?

[TechyImmigrant]

The root is self signed obviously.

Everyone should have their own CA. The cert nag tax is only for web sites.

Re: Black hole?

[viperidaenz]

I'm suggesting that the Trademark Act was amended to increase the damages and penalties if false information is provided by a domain squatter.

Or you know, you could like, read the legislation.

Re:Black hole?

[fisted]

You need to arrange them in a circle. Auditor A audits Auditor B, which audits Auditor C, which in turn audits Auditor A. Together, using a distributed auditing algorithm, the three systems audit the original system which needs those audits.

Re:Black hole?

[cavebison]

I find an easy solution is to make sure those sorts of emails all go to a single internal address which is then forwarded to *2 or 3 other people*. That way the IT manager gets it, the individual responsible for actually doing it gets it, and someone else as a backup.

This reminds everyone how important it is, and people communicate to make sure it happens. The manager or backup person gets it and goes "ah, that guy isn't here anymore, we'd better sort that out".

Re:Black hole?

[blackraven14250]

Those specific examples are closely-held, according to the only legal definition I was able to find. I also looked up self-insurance, and found a citations that say anywhere between 50 million and 90 million people are under corporate self-insurance health plans. "Pretty narrow" doesn't seem to apply when it's somewhere roughly between a third and two thirds of the entire insured workforce.

Re:Black hole?

[Cinder6]

I'm honestly surprised it wasn't set to auto-renew.

Re:Black hole?

[lgw]

Did you have a problem with those specific companies or something? I'm not sure why you called those out.

Narrow or broad, I can't fault the reasoning here. The government can't ask someone to (directly) act against their religious beliefs without clearing the bars of compelling state interest and least-burdensome (most narrow) approach. When you hand out waivers left and right, you don't have much ground to stand on there.

Re: Black hole?

[thunderclap]

I did and it wasn't. You know you could put a link to the actual legislation that you believe was amended.

Re: Black hole?

[viperidaenz]

How about if you want to see the proof, go look for it. I've told you where it is. I'm not your mother.

Look at the GP's link, it tells you what the amendments to the Trademark Act are. It also says it has not been enacted.

Now look at the Trademark Act at where those amendments were supposed to be. Notice how they are there.

How did that happen? The same amendments were enacted under a different bill.

Re:Black hole?

[PIBM]

100 years registration is offered at 999.00$ - they 'give' you a 70% discount!!! =)

Re:Black hole?

[blackraven14250]

I was pointing them out specifically because they're very large, well-known companies. If someone is thinking of "closely held" and imagining a mom-and-pop candy shop with 4 employees, those companies (and plenty like them) dispel that notion entirely. These are massive employers that would easily be near the top of the Fortune 500 is they were public. For example, in the case of Koch, Forbes has said that if they were public, they'd rank in at number 17 of the list. Cargill is larger than Ford, and would have been at #7 in 2013.

Re:ring ring

[Zaelath]

I immediately thought this too, but you try ringing one of these corporations and see how far you get.

7 weeks?

[MrLogic17]

Wow, giving the company 7 weeks before Network Solutions took the site down? That's going way above & beyond. The average luser like me would be taken down the day of expiration.
 

Re:7 weeks?

[geekoid]

I've gone weeks. For the same reason Sony did, oddly enough.

Re:7 weeks?

It's a 10 day grace period, then another 10 days until it is disabled.

Re:7 weeks?

[rmdingler]

That's the problem with too much leeway.

The procrastinator in us invariably assumes there is seemingly an infinite amount of time to take care of this... by the time they send the We really fucking mean it this time! notice, well hell, they've been crying "wolf" so long it doesn't mean anything.

And to be fair, didn't the nerdtastic Mecca website herself forget to renew a certificate recently?

Re:7 weeks?

[ghn]

Managing hundreds of domains here, from various registrars. Expiration date is expiration date with all of them, it just stops working at midnight. Period.

The only intriguing thing about this article to me is how they got that special treatment of 7 weeks leeway..

Re:7 weeks?

[Threni]

Because you don't want to annoy large customers with requests for small amounts of money you know they can afford and will pay for at some point.

Re:7 weeks?

[FatLittleMonkey]

Coming from a small business background, sometimes this is the only way to deal with a corporate customer. Or you simply will not get paid.

Being a bookkeeper (and a pedantic nerd who pays things on time), I've always found it stunning how little respect corporations have for their own accounts payables and the consequences of not paying accounts properly. The only businesses which are worse are law firms.

LOL timing is everything

[hurfy]

I went to a training session for our new $50k accounting system. They had forgotten to renew their own license for the training classroom. Took an extra hour to get their tech in there to get it fixed. Yup, should have got up and went home at that point.

sigh

We bought it cause it was industry specific (well focused at least) and by a small company that only did this for 20 years. Next year they are bought by a national company and instead of being 1 of 200 customers now we were 1 of 20000 on a minor product. Not exactly the same experience :/ Naturally, followed a couple years later by a purchase from a multinational software company :(

Sony Computer Entertainment is full of morons

I programmed videogames for 17 years, worked on all of the Sony consoles except the PS4.
They're dumber then a bag of hammers over there. I'm glad I'm out.

Black hole?

[Bovius]

This sort of lapse has happened in every company I've worked in, big and small, when the person formerly responsible for this kind of thing leaves the company and someone else has to pick up their responsibilities. Sloppy, unorganized? You betcha. Also what I've come to expect.

Re:ring ring

[rudy_wayne]

you try ringing one of these corporations and see how far you get.

Exactly. Unless you know someone or have some inside connections, it is virtually impossible to contact someone, who actually knows something, using publicly available information. And I'm sure that NetworkSolutions really doesn't want to spend time calling everyone who lets their registration lapse.

The real problem is that Sony couldn't be arsed to register the domain names using a working e-mail address that actually goes to the person at Sony who is responsible for such a thing.

Special email addresses ...

[perpenso]

This is why you don't directly use employee email addresses for certain business activities. These activities get their own emails which forward to whoever the responsible person or persons are. Ex. domain_registration@sony.com. Note "forward to", these would not be standalone email addresses that someone has to log in to.

Re:Special email addresses ...

[msauve]

So, forward domain_registration@sony.com to former_employee@sony.com. Let us know how that works out for you.

Re:Special email addresses ...

[perpenso]

So, forward domain_registration@sony.com to former_employee@sony.com. Let us know how that works out for you.

That's why I wrote person or persons. Plus when someone is told they are now responsible for or involved in domain registration they go update the recipient list for the email address. There is no need to update some outsider's records. There is no need to get into the former employee's email. It really is an improvement over using employee emails directly.

Re:Special email addresses ...

[nobuddy]

Group mailboxes are a thing, and very useful for such as this.

Re:Special email addresses ...

[Solandri]

So, forward domain_registration@sony.com to former_employee@sony.com. Let us know how that works out for you.

It works a lot better because if domain registration emails are being sent directly to former_employee@sony.com, then only he knows that domain registrations are being sent to him. There is no record at Sony saying that he was the one getting those emails.

If you instead have it sent to domain_registration@sony.com with a forwarder, when former_employee is fired, the sysadmin can look at the entire list of forwarded addresses, grep for every instance of former_employee, and re-forward them to other employees.

See the difference? With your method, only the former employee knows what emails he was getting that need to be redirected. And if he was fired, he certainly isn't going to cooperate at providing a list. With forwarded email addresses, Sony has a list of all important emails which were going to the former employee.

All this is kinda moot though. In this case with a company the size of Sony, they should've just paid the $1000 or so to register the domain for the next 100 years.

Re:Special email addresses ...

[msauve]

It still requires tracking and making changes. It's easier to change the local email system than a registrar's database, but in either case, updates must be made to be effective. With 10 year registrations available, there's no guarantee that former_group_members@example.com is much better than former_employee@example.com, especially in fast moving industries. If company X acquires company Y, dns@y.com is apt to be forgotten, too.

You're suggesting a tactical solution to a process issue. Better to have the responsible group track and update necessary renewals on a regular basis, instead of depending on notifications from external parties being received.

Re:Special email addresses ...

[msauve]

So, your plan is that former_sysadmin@sony.com makes the change. OK, but how is keeping track of what emails need redirection when an employee arbitrarily changes more reliable than keeping track of when registrations expire, which is known well in advance? Is it somehow easier to remember to grep email accounts for "dns@example.com" than to query a database for "domain_expiration<90days?"

See the difference? One places responsibility for a mission critical function on an external party, and the other doesn't, it fixes the process.

Why not just have responsible_group keep track of registrations on a regular basis, and renew them when necessary. You do know that registrars aren't required to email anyone about pending expirations (most/all do, though), so nothing you can do with emails will really fix the process? Really, if a company can't take responsibility for tracking and renewing their registrations, they deserve to lose them. If you can't keep track of expiration dates, you've likely lost the security info required to renew, too.

Re:Special email addresses ...

[NormalVisual]

You're suggesting a tactical solution to a process issue. Better to have the responsible group track and update necessary renewals on a regular basis, instead of depending on notifications from external parties being received.

I only hold a couple of dozen domains, but this is exactly what I do. I get notifications from the registrar directly to a specific e-mail address I've set up for that purpose, but I also automatically generate an email to my personal account on the first of each month reminding me to check with the registrar to see if anything needs attention anyway.

Re:Special email addresses ...

[perpenso]

Whoosh. That only make it easier. It doesn't fix the process, which still requires tracking and making changes to make it effective.

Actually you might want to re-think who is having the woosh moment. :-) I never said it fixed the problem. I offered a practice that is an improvement, i.e. forwarding and multiple recipients, that reduces the opportunity for unread emails.

Re:Special email addresses ...

[Richy_T]

Because domain guy is responsible for the domain names and mail guy is responsible for the mail stuff. Trust me, no company neglects email and it turns a one-person requirement for failure into a two-person requirement for failure.

Not to mention if you have a specific address for such things, you can do all sorts of tricks like having the address forward to both your domain manager *and* inserting a ticket into your ticketing system.

Not the first time!

[rstanley]

I long for the good ole days when they actually send out paper invoices in envelopes! ;^)

And from the archives:

"In December 1999, Microsoft forgot to renew the domain name Passport.com,
and so rendered its Hotmail service partially crippled. A Linux
programmer, Michael Chaney, paid the $35 fee and promptly handed over
ownership to Microsoft."

It happened again in 2003:

http://www.theregister.co.uk/2...

Will they ever learn? ;^)

Re:Not the first time!

[zephvark]

I long for the good ole days when they actually send out paper invoices in envelopes! ;^)

You actually still look at your paper mail? I tend to assume it's all just spam. Then again, I tend to assume that of my email, too. What was the last year we had a communications system that had more signal than noise? It seems to have been a while.

Re:Not the first time!

[gangien]

A guy who posted on /. renewed one of the MS domains. Or atleast, that's what I recall.

Re:Not the first time!

[Richy_T]

Last I saw, he has the check from Microsoft hanging on his wall.

Re:ring ring

[perpenso]

]The real problem is that Sony couldn't be arsed to register the domain names using a working e-mail address that actually goes to the person at Sony who is responsible for such a thing.

Not quite, it should be a special purpose email like domain_registration@sony.com rather than an employee email. However the special purpose email should forward to those responsible, involved or overseeing the particular thing. The special purpose email should not be something that someone is supposed to log in to.

Re:Sony playing catchup with Microsoft

[bad_fx]

How on earth do you figure this is a "blow" in the console war? Are you suggest that Microsoft was somehow behind this? Or is everything that gets reported on and is related to Playstation\Xbox now some sort of insidious plot to discredit one or the other console?

In reality it sounds like pure incompetence at Sony (and the same in the story you link about Microsoft) and I think when many people are affected by this sort of thing it's fair enough that it's covered on tech sites. It doesn't have to be part of some 'console war' that you parenthesize with apparent disdain while at the same time perpetuating the idea.

Re:Sony playing catchup with Microsoft

[careysub]

Remember, Microsoft did not learn from their 1999 fiasco, they did it again 4 years later, though only in the UK.

An "unread email address"??

[Rone]

If the address was unread now, it must have been monitored originally.

What are the chances that the original recipients were RIFed at some point to goose the quarterly numbers?

Re:An "unread email address"??

[pla]

If the address was unread now, it must have been monitored originally.

Not necessarily - I have a domain. It has a "real" administrative contact email (a throwaway GMail account). I haven't checked it since I had to confirm it as valid (the registration just autorenews - Pssst, SCEA, you live off subscription models, ever thought of using the same damned idea to keep your domains/certs/etc active?).

Administrative contacts for a domain amount to nothing more than a pre-confirmed spam address. Why the hell would anyone use an address where they actually have to suffer through reading the crap that comes in?

Re:An "unread email address"??

[Overzeetop]

I use Google Apps. Spam is never an issue.

It interesting, though, that the requirement for verifying your contact information goes (essentially) entirely unheeded. Perhaps there should be a 2% audit of addresses every year, with a 30 day response time and mandatory permanent loss of domain name and $10,000 fine for incorrect information.

Re:An "unread email address"??

[scsirob]

Must have been "support@sony.com"

Re:An "unread email address"??

[timftbf]

Administrative contacts for a domain amount to nothing more than a pre-confirmed spam address. Why the hell would anyone use an address where they actually have to suffer through reading the crap that comes in?

My personal domains have my correct contact info on - email, snail-mail and mobile. I occasionally get stuff like the definitely-not-a-renewal notices from the Domain Registry of America and friends, but it's noise in amongst the general spam and junk-mail I have to filter anyway.

More to the point, it's the Right Thing to do, because the *privilege* of occupying a chunk of Internet resource comes with the *responsibility* of being contactable if bad things are emanating from it. Then again, my oldest registration dates to when you still had to write a justification to a human as to why you should be granted a domain, and wait a few days for a response. (I suspect in the twilight years when this was a rubber-stamping exercise, but you *did* still have to write it.)

Re:An "unread email address"??

[pla]

More to the point, it's the Right Thing to do, because the *privilege* of occupying a chunk of Internet resource comes with the *responsibility* of being contactable if bad things are emanating from it.

Bullshit, straight-up.

The right of all humans to communicate freely with one another - and to avoid communicating with those they don't want to - trumps archaic administrative nonsense about the accuracy of a DNS record as enforced solely through US hegemony over the internet.

Once upon a time, if you had a problem coming from a domain, you would contact the admin as a peer, explain the situation, and he'd put the smack-down on whichever of his users had screwed up. Today? Even at the likes of Sony they admit they don't monitor it, so why bother having it there at all? If you have a problem coming from a domain today, you either report it to the FBI (if a credible attack), or you blacklist them at the router (if a mere nuissance). The days of getting things done on the internet through the mutual respect of admins ended a looong time ago.

Re:An "unread email address"??

[phorm]

Honestly, so what if they were? People change positions and come/go a lot, and the bigger the company the more the churn. Could have been a retirement, a job offer elsewhere, somebody died, or a firing. I doubt that somebody's primary job was watching domain expirations, so likely this got lost in a transition among a bunch of other job functions. IMHO, the best way to take care of this would be to have checks for primary domains in the central monitoring/alerting system, and flag them yellow 15-30 days from expiration (and red a few days before).

Re:oops

I want more DRM. It is so nice to see the things I paid for just stop working like that. DRM FTW!!!

I was really worried

[WillAffleckUW]

And then I realized I never use PSN, but just play games I have discs for on my PS4.

Second Son rocks. It's like Seattle, but more.

What GTA should have done for GTA: Emerald City but they were too chicken to mess with the best!

Re:I was really worried

[CronoCloud]

And then I realized I never use PSN

Wouldn't matter, this was an SOE issue, not SCE-foo. Sony handles it's PC games separate as Sony Online Entertainment. The consoles are operated by Sony Computer Entertainment

As I posted earlier, there was only one console game that ever used an SOE login, that being EQOA on the PS2.

Sony Doesn't Use Databases to Track Filings?

[BoRegardless]

Well, dinosaurs did die out.

"Hilarity Ensues"

[steelfood]

Hilarity Ensues

You keep using that word. I do not think it means what you think it means.

Now, if some domain squatter had taken over the name the moment the domain expired, that would be funny. Giving them 7 weeks is just ... well, sad.

Re:"Hilarity Ensues"

I think it's referring to this.

Re:"Hilarity Ensues"

[Dragoness+Eclectic]

I think it's referring to this.

Yes, exactly.

Re:Sony playing catchup with Microsoft

[basscomm]

How on earth do you figure this is a "blow" in the console war? Are you suggest that Microsoft was somehow behind this? Or is everything that gets reported on and is related to Playstation\Xbox now some sort of insidious plot to discredit one or the other console?

In reality it sounds like pure incompetence at Sony (and the same in the story you link about Microsoft) and I think when many people are affected by this sort of thing it's fair enough that it's covered on tech sites. It doesn't have to be part of some 'console war' that you parenthesize with apparent disdain while at the same time perpetuating the idea.

Or, it could have been that I was making a terrible joke.

This type of proplem

[y5t3m]

Isn't a people problem, or a company problem, or a technical problem. Like the majority of company fuckups it a procedural problem. There is no documented procedures for anyone to follow, and it's a SPOF in a service.

Re:This type of proplem

[ledow]

So, whose responsible for not documenting it?

Somewhere in Sony, some IT guy KNOWS what would happen if that domain went offline. He knows that it shouldn't be allowed to happen. The beancounters know that it costs to much for the consequences, so they'd have to authorise it whatever.

Thus, someone, somewhere KNOWS this critical business element is a possible point of failure but NOBODY bothers to create that documented procedure.

It's not like the process is opaque, or that nobody could have predicted it... enough people inside Sony should know that there should be a procedure, and thus someone, somewhere is responsible for making sure that procedure is scheduled, documented, well-known and that it "belongs" to someone.

It's a company problem, because none of that happened. And it didn't happen because of a people problem. The technical problem? You're telling me that NOT ONE SYSTEM inside Sony was set up to check that the domain doesn't expire, to fallover to a second domain in the case of problems, to check that email account that was mysteriously unchecked for several weeks despite being the WHOIS contact, etc.?

It's not "none of the above". It's "all of the above".

Stop blaming some mystical, magical entity when - actually - some guy in Sony fucked up and the people above him weren't doing their job to check he hadn't fucked up and/or hadn't taken account of what to do if he had fucked up.

Re:This type of proplem

[Eristone]

The thing you aren't taking into account is things like reorgs and reductions in force. You have the process and procedure - and a distribution list is set up for domain-renewal@mycompany.com which has as members the manager Jane and the senior sysadmins John, Jill and Juan. Jane gets promoted and the group gets put under a different manager - Scott from Business Systems. Scott says "why am I getting all this junk from this address -- take me off the list" - he's the new manager and they follow instructions. Juan moves to a different group with different responsibilities and is not replaced. John and Jill are both laid off because they became redundant with the staff from the Bangledesh office. Now the list is an empty list that no one sees the mail going to it. Mail administration *might* catch this, or they might not - or it may get removed automatically because company policy has some silly rule like "no lists with less than 4 members" or "empty lists are removed if they remain empty for 30 days". So through policy, you've now shot yourself in the foot and don't even realize it.

That department

"SOE's president, John Smedley, has admitted that the expiration notices were being sent to an 'unread email' address"

You mean the e-mail address belonging to the IT department you banished last year? :D

Yet another reason to insist on software freedom

[jbn-o]

Early Tuesday, gamers woke up to find out that they couldn't log in to any Sony Online Entertainment games--no Everquest, no Planetside 2, none of them.

Could the users have used another server to connect with each other? Or is this a case of DRM ("Digital Restrictions Management", when properly viewed from the perspective of its effect on the users) and, more generally, nonfree software restricting users from running the games with other people?

DNS & SSL cert expiration

[wmute]

I work as a sys admin at a medium sized medical research institute, one of the things I made sure to do was to add nagios scrips to throw alerts for important licenses, certs, and domain names. I'm not sure why an organization as huge as Sony Online would not have added these kinds of checks to whatever monitoring system they are using. Having had this happen to me once nearly a decade ago with a SSL cert I can promise that the 10min of coding to add in a check is much more pleasant than a day of meetings to describe to everyone what went wrong.

Re:DNS & SSL cert expiration

[junkgoof]

Or use something automated. Tools like xymon (http://xymon.sourceforge.net/) do it out of the box.

Re:ring ring

According to this article:

On Twitter, however, SOE President John Smedley suggested that the company had failed to pay its website bills.

"The payment notifications went to a junk email box," Smedley tweeted, adding, "Someone left and it got caught in the replacements junk filter. Simple as that. Embarrassing as that. No point dodging."

"DNS problems could take up to 48 hours to resolve," he wrote, adding, "We are really really sorry on this one folks. Embarrassing and preventable. We screwed up."

GoDaddy Does It Right

[njhunter]

Any time I have a domain about to expire, GoDaddy is right on top of things with a phone call; Really good follow-up as well. I guess Network Solutions is more akin the government. I'm sure if one renews for ten years, the IT guy that was there at the beginning has moved on and his email address goes no where, except a honeypot.

If it's good enough for microsoft

[trollboy]

I still remember when someone got sued/threatened when MS did the same thing and it killed passport. After calling and unsuccessfully telling them how to fix the problem, he registered the domain, and pointed it back to where it should have been pointed and mailed them saying he would give them back the domain, he just wanted his stuff to work. They unleashed the vicious attack lawyers anyway.

Re:If it's good enough for microsoft

No they didn't. Jeeze, know the story before you post BS and lies: http://jeffmilner.com/index.php/2005/11/06/hotmail-user-restores-usage-to-20-million/

> On 24 December 1999, MSN Hotmail, the free web based email service owned by Microsoft, became inaccessible for a couple of days when the domain name registration lapsed for passport.com – which Hotmail uses for user authentication.

> The registration fee for the expired domain was paid by Hotmail user Michael Chaney on December 25 as a Christmas present to Microsoft and the 20 million users that were unable to access their mail.

> Microsoft confirmed to Chaney a couple of days later that his $35 payment to Network Solutions did in fact solve the Hotmail outage problem. As a reward for Chaney’s quick thinking and generous move, Microsoft sent him a check for $500 and a copy of Visual Studio 6.0.

Re:If it's good enough for microsoft

[Opportunist]

I don't know about your country, in mine MS would probably get into hot water with that procedure. Suing for what the other party already willingly offers is not something judges enjoy presiding over. I would see something like this in the pre-ordeal:

Judge: MS, what's your claim?
MS: He registered our domain.
Judge: To keep it?
MS: No, he pointed it at our servers.
Judge: So ... it worked like you wanted it to?
MS: Yes, but he still had the domain.
Judge: Did he plan to keep it?
MS: No, he wanted to hand it over to us.
Judge: So you're suing for...
MS: Umm... him to do what he wanted to do the whole time?
Judge: GTFO of my courtroom!

Also human

[Sycraft-fu]

Anyone on Slashdot who gets smugly superior about this and how "stupid companies are" is just being a hypocrite. We have ALL forgotten things in our lives. We've all forgotten an event we were supposed to be at, a bill we were supposed to pay, something we were supposed to bring with us. It happens.

What's more, everyone has been in a situation where something didn't happen because they, and everyone else, assumed someone else was going to deal with it. You don't go and check on everything that ever happens around you or involving you, you mentally categorize things you are and are not responsible for and ignore the latter.

So ya, companies, which are made up of people, can fuck up too. It's amusing, but perfectly normal.

Re:Also human

Thats why you build in redundancies.

Companies are STUPID because they've gotten hooked on the idea of "employee efficiency" to the point that employee efficiency is being negatively impacted. In the past, when a mistake was made, you could easily nail multiple employees simply because they were supposed to be watching/covering one another. If one (or more) screwed up, it meant the others weren't doing their job so they all got punished. It cost a lot more in payroll, but it made sure the job got done, on time, correctly (as far as procedures were concerned). Nowadays, GM can't even find ANYONE to pin the blame on for the ignition switch recalls.

So yeah, companies can fuck up too. But when you can't even find someone within the company you can point to say "that person is the one who fucked up", what does that say about the company?

Re:Also human

[Opportunist]

This. A billion times this.

Corporations are stupid for simply assuming that people are automatons. You come to work and do it flawlessly, always following the ISO 9001 standard. Yeah. Sure. And monkeys fly out of my butt.

People are people and people are making mistakes. Always. Every single day. Anyone in security learns that VERY quickly. And he also learns quickly that you cannot trust humans to be flawless. Not because people are stupid but because people are NOT automatons and make mistakes. Yes, even (actually, especially) if doing the same job for ages. Show me a person who makes no mistakes and I show you a person who does no work!

Security is FINALLY starting to get wise and build systems that are tolerant of human error. Let's see how long it takes 'til the rest of the system catches on.

Re:Also human

[Opportunist]

Companies are designed to maximize profit for those in power. This almost always means that redundancies are eliminated even where they would be sensible from a risk management point of view.

Marginal short term profit trumps long term risk any day.

Re:Also human

[Oligonicella]

Dude/tte, I have five domains. All are paid up through 2020. In 2015 I shall extend them until 2030. It's not hard to do and it's not hard to remember, FFS. For a company that large to neglect is inexcusable. Just buy them for then next 20 years, it doesn't cost all that much.

Re:Also human

[cryogenix]

Nah. Spiceworks reminds me on the off chance my brain cells have completely checked out.

Re:Also human

[Darinbob]

Are you going to properly transfer all the knowledge and email accounts and contact information when you leave the job, or get fired?

Re:Also human

[Sockatume]

The whole point of having a corporation (or any other sort of team for that matter) is that you find ways to be less failure-prone than you are as individuals. You have to do this to offset the fact that a failure of the group affects every member - the cost is multiplied.

Re:Also human

[hcs_$reboot]

We have ALL forgotten things in our lives

It seems Sony doesn't attach the right amount of importance to domains. Domains should be renewed for 10 years (sony.com has just been renewed, 4 days before expiration, for 2 years), and registrar mails should be directed to a person mailbox. This again shows that Sony neglects its IT infrastructure / (people?) Remember how many times Sony was hacked in recent years...

Re:Also human

[SparkleMotion88]

Except this isn't "I forgot to turn off the coffee maker and my coffee burned" territory. It is closer to "I forgot to de-ice the Pitot tubes and a plane full of people crashed." Companies have figure out how to manage stuff like this when it is important enough (process, checklists, redundancy, etc), Sony just failed to do so.

Re:Also human

[fibonacci8]

However when you forget once for several thousand customers all at once, each one is likely to take it as a seperate occasion. It's also perfectly normal to treat a mistake that affects orders of magnitude more people as orders of magnitude more irritating. Also it wasn't amusing for anyone affected that I've talked to, it was a combination or irritating and annoying.

Sincerely,
Someone who worked around the issue himself, but then got to spend hours via ventrilo and skype helping other players adjust their DNS settings so they could play the game they'd paid for.

P.S. Dear Sony: I would gladly maintain correspondence with your name / hosting providers in exchange for continued all-access membership during such periods.

Re:Also human

[doccus]

Anyone on Slashdot who gets smugly superior about this and how "stupid companies are" is just being a hypocrite. We have ALL forgotten things in our lives. We've all forgotten an event we were supposed to be at, a bill we were supposed to pay, something we were supposed to bring with us. It happens.

What's more, everyone has been in a situation where something didn't happen because they, and everyone else, assumed someone else was going to deal with it. You don't go and check on everything that ever happens around you or involving you, you mentally categorize things you are and are not responsible for and ignore the latter.

So ya, companies, which are made up of people, can fuck up too. It's amusing, but perfectly normal.

Hah . This is a little bit more than "just forgetting things" It's their bloody JOB.. I mean.. "aw shucks general, I forgoit to reset the safety on that nuke over there" "That's OK sonny boy, we all forget things once in a while..Heck I remember when mah division flattened that village because I forgot to send the recall order" .

Re:Also human

[Haegar]

These long expire times are worse for a company than things happening every year!

When you leave, the next guy retains perhaps 80% of your knowledge about this, the guy after him still has maybe 50% of your info, with less and less stuff still known after each new person or reorg.

If the renewal is supposed to happen in 10 years - how many people will have it on their radar THEN?

"But it always just worked, we never had to do anything"

come on...

[Charliemopps]

come on guys.. There's lots of reasons to hate on SOE. Hell, I haven't bought an SOE product in 10yrs because of the Foglok fiasco... I was actually banned from their forums for a few months back in the day for suggesting they didnt exist, only later find out I was right. The title of the freek'n thread to announce the disappointment was "CharlieMopps was right, not a troll, there are no frogloks!!!" (paraphrased, the threads been deleted for some time now) If you don't know what thats about you've no reason to hate on SOE. Ok ok, I'm just tryning to point out I have no love for them...

Anyways... Managing a domain is a pain in the ass. I've worked in a few places with large website, I'm sure a few of you have. Maintaining that domain registration is deceptively difficult. Think about it as if you were the one in charge of it.

You tell your staff "Register out domain!"
They go off and come back "well, it appears we can register it for anywhere from 1yr to 5yrs, which you would like?"
You say "5yrs of course!"
They tell you "how would you like it billed? We can pay it one time now... or put it on the company credit card?"
You say "The company card of course! It will renew!"
***5yrs later your site goes down***
How could this happen?!?! An in-depth review shows that the entire team you assigned to take care of that task has either moved on or transfered elsewhere in the company. Doh! Even worse, credit cards only last for 5yrs before they are canceled and reissued, you were doomed from the start. All the phone numbers you gave them were moved, the people gone, and those that answered barely knew what a domain was in the first place. You're biggest fault was apparently setting the renewal so far out. If you'd set it for 1yr at least you could have a repeating process for people to get use to as newhires rolled in and out.

But wait! There's a "contracts" department that should have cought this!
Well "contracts" kind of sorts things in order of importance by cost and that domain registration cost what? $20? So that out it between free Twinkie Friday and the new coffee pot... not really on their radar.

As many times as I've seen this happens it still baffles me to this day why there isn't a service that went something like "$10k per year and you'll never have to worry about any of your domains... ever... pay us, we take care of it"

anyways, whatever... point is, it's not as simple as it appears on the surface.

Re:come on...

[ledow]

IT department.
List of all domains.
Expiry date of those domains, culled from WHOIS.

How hard is it? Ten minute job. And you KNOW what domains you have to use - you've been including them in game titles, software on the systems you put out, and keeping those domains running somewhere.

This is NOT a huge task. Even for a multi-million dollar company with 10,000 domains. Hell, it's barely an IT task... more an office admin kind of thing (did they have to "renew" their subscription to the newspapers and tech journals? Were they caught off-guard? Did they have to budget and contract for that? And they're not even business-critical).

Sorry, but I'd go straight to the head of IT, demand to know how it was allowed to get close to expiration, let alone past it. And I guarantee you they'd have a spreadsheet to hand on with their documentation to their successor, who will have on their job description "Manage domain renewals" (if they haven't already).

Fuck, this is an Outlook calendar kind of note, if that. But if I was Sony, I'd be fucked if I wouldn't have it plugged into bog-standard IT helpdesk software like every other contract, renewal and scheduled update required.

Re:come on...

[CronoCloud]

I haven't bought an SOE product in 10yrs because of the Foglok fiasco... I was actually banned from their forums for a few months back in the day for suggesting they didnt exist, only later find out I was right.

What do you mean froglok's don't exist, I've seen them. There was a HUGE underground fortress/city FULL of them down south near the Ogre/Troll town in EQOA. High level Froglok paladins and such.

They were NPC's in the original EQ release too. Ykesha made them playable.

Re:come on...

[Charliemopps]

I haven't bought an SOE product in 10yrs because of the Foglok fiasco... I was actually banned from their forums for a few months back in the day for suggesting they didnt exist, only later find out I was right.

What do you mean froglok's don't exist, I've seen them. There was a HUGE underground fortress/city FULL of them down south near the Ogre/Troll town in EQOA. High level Froglok paladins and such.

They were NPC's in the original EQ release too. Ykesha made them playable.

lol... Ok, I'll enlighten you.
I was hardcore into EQ1. I played on a PVP server and we did all the hardcore raiding stuff... we carried pagers so when rare mobs popped we'd get paged and go home from work sick. Some of us carried laptops to work so we could log in from there, etc...

So EQ2 was a highly anticipated release. We all had the game and were in it within seconds of the servers coming up. Our guild was formed and we were off. One of my primary roles was cataloging and documenting quests. My guild (and a few others) solve a lot of the original quests and raid content. You know all those guides you follow to finish a quest? I (and others like me) wrote a lot of the first ones. I loved doing that... there were many in my guild that solved the riddles, or sometimes it would be a combination of the top raiding guilds. My guide for Nektropos Castle was one of my favorite's because it reminded me so much of EQ1's crazy complicated quests.

But at the time of the games release, THE quest to solve was the Froglok unlock quest. SOE said the game included frogloks from the start and that there was simply a quest we had to figure out to unlock them. No one had done it, if they had it would have been obvious because we'd see a froglok running around. From the start we suspected something was up. We invested huge amounts of time trying to solve the riddle. I was personally putting in 12hrs a day trying to figure it out. We went to every corner of every map, talked to every NPC. We had spreadsheets filled with data but none of it made sense. It seemed like there were broken quests related to it all over the place. But the real giveaway that something was wrong was the fact that the few Froglok npc's in the game never moved. We suspected they'd not finished the animations in time. So we took to the forums. I cataloged what I could, and made my points. We got posts from SOE themselves stating they were in the game, we had to just keep trying. So we did, for months. Then a guy hacked the client, and got it to load the character creation screen for the froglok and took screenshots. It was missing bits and pieces of its body. That was it, they were lying. So we went back to the forums, I got into a huge argument with moorguard amongst others and got banned for spreading misinformation or some such... I suspect there were others that got banned but was never sure. Then a few weeks later they had a press release... Frogloks were never in the game, they were going to patch them in, the quest didn't exist yet. We'd pushed them to ask enough questions and the truth was revealed. Quietly my ban was lifted without apology. I suspect upper management had been lying to the community team for plausible deniabilities sake.

A while later, maybe a few months? There was a big patch and unlocking the frogloks was one of the simplest, stupidest quests you can imagine. It was clearly an afterthought. The entire "unlock the froklok" thing was a lie to cover up the fact that the game hadn't been finished at release. I quite playing and later entered the Vanguard Alpha testing... but that's a tale for another time ;-)

I got a 6yr old now... no more time to waste on MMOs.

Re:Yet another reason to insist on software freedo

[Cl1mh4224rd]

Early Tuesday, gamers woke up to find out that they couldn't log in to any Sony Online Entertainment games--no Everquest, no Planetside 2, none of them.

Could the users have used another server to connect with each other?

Not much of a gamer, I take it? Most, if not all, of the games affected are not peer-to-peer style multiplayer games; they're MMOs. There's no matchmaking servers involved here.

Re:Sony playing catchup with Microsoft

[CronoCloud]

Didn't affect PSN/SEN on the PS3/PS4/PSP/Vita, it doesn't use SOE logins. In fact, as far as I know, only one sony console game used an SOE based login, and that was Everquest Online Adventures, which is no longer running.

Re:and your suprised why??

[CronoCloud]

This isn't SCEfoo, this is SOE, Sony's PC gaming centric division.

Did is what they get for outsourcing IT

[Joe_Dragon]

Did is what they get for outsourcing IT.

Even if they still had some stuff still in house things can get lost in the shuffle

Memo

[bdwoolman]

From: Kazuo Hirai

To: John Smedly

Re: SOE Rego

@#$$%^&*()!) (*$%@#$$%^&*()!)(*$%@#$$@ #$$%^&*()!)(*$%% @#$$%^&*()!)(*$%

Stop thinking in terms of employees ...

[perpenso]

With 10 year registrations available, there's no guarantee that former_group_members@example.com is much better than former_employee@example.com, especially in fast moving industries.

Stop thinking in terms of employees, that's the point of this exercise, the email addresses on the distribution list can include functional roles. company_web_site_manager@sony.com, senior_web_admins@sony.com, etc. Basically the slots in the corporate org chart come with an email address based on the function so you don't necessarily have to know who the person in that role is nowadays.

You're suggesting a tactical solution to a process issue. Better to have the responsible group track and update necessary renewals on a regular basis, instead of depending on notifications from external parties being received.

So your calendar server has a list of people rather than your email server, that's not much of a difference.

Happens more often than you might expect

[Opportunist]

Another big company that I worked for, curiously also starting with S, had exactly the same problem. With an internal server, so nobody buy the people working there noticed it. Why? I have no idea.

But once you spend a few years working, you notice that the term "professional" only means "doing it for money". Not "doing it professionally". So please, don't think corporations are in any way more efficient than you are, or that they would or could do a better job. And how should they? It's just people doing for money what other people do for you as a favor.

In other words, if you need to get something fixed, ask a friend. Don't hire someone.

Re:A Phone call wouldnt of hurt

[Opportunist]

I'm usually not a grammar-, spelling- or other language Nazi. But where the fuck does that "of" come from? That's really a mistake I've never seen from anyone but a native speaker, nobody who learned English as a second language would ever think that this could for some odd reason function.

Re:idiots

[Opportunist]

Now how the heck is it my problem if you can't get your domain registration sorted out?

The registrar did actually more than he really had to do. It's YOUR responsibility to remember your domains.

And you think the phone number was correct?

[Overzeetop]

They can't bother to keep their (required annually) admin whois contact email up to date, but their phone number is going to be a working one that connects to someone who can resolve the problem?

Re:A Phone call wouldnt of hurt

[CrimsonAvenger]

"wouldnt of" should be "wouldn't have" or "wouldn't've". Yes, it's a native speaker sort of mistake. What's amazing is that this guy managed to get through elementary and high school still doing this.

As I've said before, never try to type a word or phrase you've only heard spoken.

As we suspected

[HangingChad]

SOE's president, John Smedley, has admitted that the expiration notices were being sent to an "unread email" address.

The same one used for customer service inquiries.

Fired

[Bengie]

I bet they fired the person who was responsible for this and no one checked his email.

What's a DNS admin? Do we need him? You, PHP programmer, you now have his job on top of what ever you already do.

Happens all the time...

[RoloDMonkey]

I have been doing web work for a decade, and I can tell you this happens all the time. In fact, older employees in marketing have told me horror stories about 800 numbers and mailing addresses that were never set up, misprinted, or never updated.

I always tell clients that they should set up emails that describe the job/function, like marketing@example.com and webmaster@example.com, and make sure that those emails go to a distribution list that goes to at least two people.

You wouldn't believe how often critical accounts and webforms are only accessible with the email addresses of Sally the Secretary or William the Webmaster. When they leave, no one knows there is a problem, until it is a big problem.

It's still not working!!

[NotDrWho]

I'm still not able to log on to Star Wars Galaxies.

Re:I don't understand how that could be common

[jfdavis668]

And if you forget, you may not put money in that account, or even close the account. Then how does the automatic payment work?

Re:A Phone call wouldnt of hurt

[Richy_T]

I actually ran across this in one of GRR Martin's books the other day. Very sloppy proofreading. He sometimes writes the accents but this wasn't one of those cases.

SNASU

[meglon]

Situation normal, all Sony'd up.

Addendumdum

[FatLittleMonkey]

and b) my excuse was, "I don't read that email account any more."

Apparently the actual excuse was "Went to my junk filter lol."

[Someone else pointed out that sony.com itself was only renewed 4 days before expiry, and only for two years. What, are you worried about paying too far in advance in case the company decides to stop using the internet and you can't get your $35 back? I mean, fuck.]

Re:ring ring

[Time+Ed]

You're all close.

Along time ago, all of a company's DNS belonged to the admins, and Network handled the bill - which was lumped in with the one for the Internet connection.

These days, external DNS aka "The Brand" is usually managed by either Legal or Marketing. In those organizations, the common 'dnsadmin@company.com' email is redirected to someone who neither knows nor cares what DNS is. Even internally, no one knows whos responsible for external domains. And when the bill comes, it just sits on the department secretary's desk.

Every. Single. Time.

Meh...

[SanDogWeps]

EVE Online still holds the record for most epic fallout from not paying a bill...

HOSTS FILE

[IntrepidDreams]

I had to edit my HOSTS FILE.

But I'm not that guy.

I tried to play Planetside 2 on Tues. The launcher got an error message. Their website down too... Was odd. Reddit to the rescue. Someone posted the domains and IP addresses necessary to add to the hosts file. Worked fine but game pop was way down. Lowest I think I've seen since the recent server merger.

There were other recommendations to switch to Google's DNS servers wich apparently updated much faster after SOE fixed it, but like I really need Google to know every single domain name I connect to.

LUL

[Jeruvy]

Ya, John Smedley is a moron.