After Years of Serving X11, X.Org Stands To Lose Its One-Letter Domain (phoronix.com)

← Back to Stories (view on slashdot.org)

After Years of Serving X11, X.Org Stands To Lose Its One-Letter Domain (phoronix.com)

Posted by Soulskill on Friday January 8, 2016 @10:22AM from the go-set-up-a-notification-to-renew-your-domain dept.

An anonymous reader writes: The X.Org domain predates the X.Org Foundation. It was used in the '90s as a destination by The Open Group around the X Window System. While many are expecting Mir and Wayland to eventually succeed the X.Org Server, it seems the X.Org/X11 Server may outlive the valuable domain. Thanks to poor management by the X.Org Foundation, they risk losing access to their one-letter domain. Procrastination, paired with not transferring the domain when forming the non-profit foundation, has led to a last-minute mess. They left the domain registered for years to a person who is no longer involved with X.Org — and doesn't want to relinquish it. In the few days until the domain expires, they are hoping for a "Hail Mary." Let this be a lesson for open-source projects to better manage their assets.

26 of 140 comments (clear)

Min score:

Reason:

Sort:

It's not just open source projects by forgottenusername · 2016-01-08 10:33 · Score: 5, Informative

We almost lost our production domain. The original dummkopf who set things up registered it all under his own name and individual email instead of using a role based account. He then was fired for unrelated incompetence. Fast forward to the domain renewal coming up.. charge went to his personal CC.. he disputed the charges.. we would have lost it except by pure dumb luck I was in the middle of a DNS migration project and was auditing/cleaning up the registrar details. It was as last minute as you'd want; expiration was within 12h.
One of my pet peeves - people who register for services or get licenses tied to their individual accounts.
1. Re:It's not just open source projects by ickleberry · 2016-01-08 10:51 · Score: 3, Interesting
  
  Used to work for a hosting company and seen it happen all the time. With actual malicious intent a lot of the time - two guys start a business and one of them runs away, has the domain in his name and starts sending mails to the guy still running the business saying "~haha~ you can't have the domain!!". Other times the guy running the business just has a falling out with his IT guy. Real childish carry on, you'd think these guys were old and wise enough not to carry on like this.
  
  Another time we had this 18 y/o guy who made sites for people and the domains were registered to his account but not under his name - the fool threatened to take the site down and keep the domain if she wouldn't go out with him
2. Re:It's not just open source projects by Midnight+Thunder · 2016-01-08 10:56 · Score: 4, Insightful
  
  The challenge is that a number of companies don't have the notion of role based accounts, so when you are faced with registering something of the sorts, it is a challenge trying to work out the best way to do this, without tying the account to a transient entity (any employee or physical resource is transient).
  Companies that don't have the notion of aliased accounts or special account types for this purpose are just asking for issues.
  
  --
  Jumpstart the tartan drive.
3. Re:It's not just open source projects by TapeCutter · 2016-01-08 11:05 · Score: 3, Interesting
  
  get licenses tied to their individual accounts
  This is a partly corporate accounting problem, every time I have been given permission to buy software on behalf of a company they have asked me to do it with my CC and put in an expense claim. It's always the responsibility of the project/department head to manage license compliance/renewals, sucks to be them if they don't keep the license/renewal details I give them. Keeping a domain name you registered in good faith on behalf of someone else is just being a dick.
  
  --
  And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
4. Re:It's not just open source projects by Kjella · 2016-01-08 11:19 · Score: 4, Insightful
  
  If said person was a founding member with an actual stake in the company, I wouldn't be too hard on them. I was part of a start-up and in the beginning it's all about making a profit and taking whatever shortcuts you can. If you get caught up in doing things "proper" and planning for when you have hundreds or thousands of employees you're probably not going to get there. Early Microsoft was hardly perfect but Gates ran with it. Early Oracle was hardly perfect but Ellison ran with it. Early Facebook was hardly perfect but Zuckerberg ran with it. Worrying too much about growth pains means you lose sight of the growth being the hard part and the pains the easy part. If you're just "an employee" and do things with your personal accounts then yeah, you deserve what's coming to you.
  
  --
  Live today, because you never know what tomorrow brings
5. Re:It's not just open source projects by Anonymous Coward · 2016-01-08 11:21 · Score: 3, Insightful
  
  You call him a "dummkopf", but I know several cases where some "dummkopf" was the reason why a domain existed at all and not just some third party lock-in URL, and despite several attempts to transfer the domains to a role account, the projects would have sooner let the domains expire than take responsibility of them. It's always a mixture of not caring about things that seem to take care of themselves (thanks to the "dummkopf" paying out of his own pocket) and organizational red tape which makes these things more of a chore than they need to be. The people who make the bureaucracy bearable always get shafted: Nobody thanks them and in the end they're the "dummkopf".
6. Re:It's not just open source projects by forgottenusername · 2016-01-08 11:44 · Score: 4, Interesting
  
  I guess. Lately I think the real difference between a seasoned engineer and a "senior" engineer is just taking that extra 10% of time to do things vaguely sensibly up front. There is no such thing as temporary. At the least, set things up so refactoring them later doesn't require a total redo.
  This guy in particular was just in way over his head but one of those sorts who is paranoid about admitting that or asking for help. In fact he was hostile to help. Not really part of my original point but he'd do stuff like;
  - ignored my advice to not tie production services into corporate domain (if you ever get sold/acquired etc, you understand)
  - ignored my advice to not create a "split domain" with the corporate domain (eg the windows domain was companyname.com, the windows dns servers thought they were SOAs but that same domain had actual internet resolvers with different records)
  - refused to entertain the notion that linux was production ready (this was in 2009) and forced solaris as a standard. On x86. As vmware VMs.
  - refused to take any help or assistance in installing the base OS despite being a windows guy with zero unix knowledge. We ended up with stuff like DB servers that had 2x swap as ram.. and they had 128G ram..
  - For some odd reason was very hostile to the notion of service/host monitoring.. like.. not just against nagios but _anything_
  The list goes on and on.
  He was just really promoted way above his experience level as happens in startups; they hired me probably 8 months after him, when production databases had been wiped and backups hadn't been successful for months (back to the no monitoring thing).
  It took a bunch of years to fully undo all the crap he had put in place. I danced a jig when I closed the lights on the datacenter he had built (we migrated). Did I mention in that datacenter, he setup "redundant" switches and firewalls for the servers.. but had all the internet drops coming down into one single unmanaged 1G cheapie netgear entry level switch?
  If he had allowed me to help I bet he'd still be working there. I have no problems mentoring people as long as they're not asshats. Last I heard he was in law school after a stint in real estate..
7. Re: It's not just open source projects by TWX · 2016-01-08 12:25 · Score: 2
  
  The IT director, CIO, CTO, Network Supervisor, Director of Business Services, or any other of a number of people should be in-charge of things like that. That's the difference between the administrative contact and the technical contact, the network engineer might be the technical contact and be in a position to perform the technical changes needed for DNS, but the boss' job should be to pay for the domain and handle business-related queries and functions.
  
  Arguably that same person should be responsible for the calendar for the certificates too. That stuff is too important to leave to a low-level functionary, even if that low-level functionary ultimately uses the certs technically once they're obtained.
  
  --
  Do not look into laser with remaining eye.
8. Re:It's not just open source projects by Sarten-X · 2016-01-08 14:29 · Score: 2
  
  Is this the new troll line now? No more "you fail it" or "moo"? I've seen comments about "corporations are people" on a few recent articles, and it never quite seems to fit...
  On another note, yes, this is part of why the notion of corporate personhood exists. Corporations are able to enter into contracts as legal entities separate from the individual people involved, so the individual's circumstances do not affect the contract's legality. That also means corporations need a measure of free expression, so they can choose to do business with whom they want. They also then must have an ability to contribute financially to politics, because to curb that would interfere with the aforementioned free expression.
  The problem is that not all jurisdictions allow corporate personhood, and it is still legal to discriminate against corporate entities. If a registrar does not want to enter into a business agreement with a corporation simply because they're not a human person, the registrar has the right (per free expression as noted above) to reject the business. Per the registrar's contract with ICANN, they may actually be required to deal only with individuals.
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
9. Re:It's not just open source projects by KGIII · 2016-01-08 17:37 · Score: 2
  
  You know, I want to say you're full of shit and making that whole thing up BUT, sadly, I've read Slashdot (and seen enough of your posts) to the point where that doesn't even really surprise me any more and I completely believe you. I am so glad that I owned the business and that we got started as early as we did but, more importantly, I'm so friggen happy that I sold and got out when I did.
  This sort of stuff is just mind boggling. I don't even understand how that happens. The very first thing I did when I started was find smart people to help. Not just people who said they were smart but people that were actually smart. No, I couldn't have paid them in shares in the company nor would I have tried to. I got a tiny grant and ate Ramen noodles. (That and we had a rather nice contract coming in but if we'd failed to meet the goals in that contract, the penalties would have bankrupted me for life.)
  How does that sort of shit even happen? Who the hell promoted this person? Why? Being there for a longer period than others is grounds for a raise - not a fucking promotion that you're unqualified for... I had a secretary who was with us since not long after the beginning. She was there longer than some of the programmers and there before we even had a DB admin. Maybe I should have promoted her to be a server admin?
  Is that company still in business? Did they learn anything from this?
  Me? I learned to hire smart people, reward them well, give them clear tasks, give them the tools they ask for, ask questions when I do not know, know when I do not know, and to get the hell out of the way so that they can do the job that I hired them to do. It was a little different for us. There weren't a whole bunch of traffic engineers that were into computers and exactly zero of them were fluent in modeling and working with data sets that large (it's actually like modeling a chaotic system with very large data sets). There were some transportation engineers but most of them worked in fleet management or with trains, ships, or planes - not exactly what I was needing. Then, finding someone who could be trained in one aspect or the other was hard.
  Hell, I actually went so far, at one point, that I funded some research at a local university and poached the students and research assistants. I stole almost all of my tech employees. I had to. Sadly, I look at what a transportation engineer makes now and it's something like 80k as an average, when you get a few years under your belt, and I was paying them around $120k back in the 1990s. Of course, there are all sorts of companies that do it now. I did look out for the people who worked with me (not for, with) when I sold but most of them still work for the now parent company. I know damned well some of them can easily have retired quite some time ago.
  Ah well... I've typed you a long enough novella. I just figured I'd ask if you had any more information or insight as well as share some alternative results. I'm really baffled at how these companies manage to stay open. I don't get it. Hell, my worst mistake was trying to micromanage and still trying to do a lot of the programming - even after I'd hired professionals. It took me a little bit to realize that doing so was stupid and it took a few comments from them to make me understand what they needed - even if they couldn't vocalize it properly. I hired them because I could not. Oddly, it took me a little while to put my ego aside and think it through. Fortunately, they were very good at their jobs and I made sure they were well compensated for their work. It's shameful that traffic engineers earn as little as they do now but, I guess, it is quite a bit easier now. Ho hum...
  
  --
  "So long and thanks for all the fish."
I feel like I'm missing something here... by dslauson · 2016-01-08 10:36 · Score: 3, Insightful

So, the guy whose name is currently on the registration (Leon Shiman, from what I've gathered) doesn't want to turn over the domain, but also isn't going to renew it? Is he being uncooperative on purpose? I know he hasn't been involved for years, but is he being antagonistic, or can they just not get hold of him, or what? It seems like this should be relatively simple to clear up, so what am I missing?
1. Re:I feel like I'm missing something here... by Volanin · 2016-01-08 10:42 · Score: 4, Informative
  
  The synopsis is misleading. There is nothing like this in the article. It mentions that Leon Shiman is the current registered owner, but everything else is being kept private for the moment. He being uncooperative is just as likely as he being unreachable for contact for some reason. We'll find out in the next 11 days.
  
  --
  If I clone myself, can I call it a thread?
  If a girl winks to us, can I call it a race condition?
2. Re:I feel like I'm missing something here... by mysidia · 2016-01-08 10:46 · Score: 4, Interesting
  
  Yeah.... I don't understand. You do not need a registrant's consent to pay for a domain renewal.
  One of their fans should just pay the bill on his behalf.
  Also, unless they have gone out of their way to set a registry-level lock on the domain clientRenewProhibited, then most likely ANY domain registrar could technically send an EPP request to renew the domain for 1yr, and just pay the bill.
3. Re:I feel like I'm missing something here... by Anonymous Coward · 2016-01-08 11:12 · Score: 2, Informative
  
  Here's the current locks:
  Domain Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited
  Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
  Domain Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited
4. Re:I feel like I'm missing something here... by ScentCone · 2016-01-08 11:52 · Score: 4, Funny
  
  We'll find out in the next 11 days
  You mean x11 days. Ba-da-bing!
  
  --
  Don't disappoint your bird dog. Go to the range.
5. Re:I feel like I'm missing something here... by Todd+Knarr · 2016-01-08 11:56 · Score: 5, Informative
  
  Yeah, someone's just trying to make drama where there isn't much. Shiman's using his own email for the contact email, and possibly his own personal phone numbers, but the registrant name is "X.ORG Foundation, LLC". Probably all it is is X.org doesn't have the credentials for the registrar account to manage the domain themselves, so they'll need to jump through the hoops with NetSol to prove they're really X.org and get the domain moved to their account. A copy of the letters of incorporation should do the trick, and accompanying it with payment should get NetSol to extend the registration while this is being cleared up.
  Part of this I blame on the registrars who don't make it obvious how to set up a domain so that several registrar accounts can manage/access it, or who don't provide a way to register a domain with a new account owning it and yours just being assigned to manage it.
6. Re:I feel like I'm missing something here... by zyklone · 2016-01-08 11:58 · Score: 2
  
  That's how we did it back in the olden days around here.
  This was a fun day when Microsoft let passport.com expire, luckily some slashdoter renewed it for them.
  https://web.archive.org/web/20140921073357/http://slashdot.org/articles/99/12/25/114201_F.shtml#40
7. Re: I feel like I'm missing something here... by TheReaperD · 2016-01-08 12:41 · Score: 2
  
  Sounds like he's been out of the project for a while and no one, including the registar, has his current contact information. It's probably why they're publishing the story. They're hoping he'll see the story and contact them.
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
8. Re:I feel like I'm missing something here... by Anonymous Coward · 2016-01-08 13:08 · Score: 4, Interesting
  
  I have seen this before with other open source projects. Members of the project who are developing suddenly get very paranoid of the guy who has been footing the bill for their domain or services. Even if the guy has been trustworthy and a friend of theirs for years and it has been genuinely helping the project. Something happens, like a renewal is filed at the very last minute or they receive threats from an outside party to hijack their domain. Sometimes nothing happened to trigger it.
  Usually, the threats are unfounded, but paranoia and name calling sets in. People accuse the fella paying the domain host, or they're rude to him. Then some random member just demands he hand over the domain. He doesn't know if he can trust that person to handle it properly, or they aren't willing to pay for the control because let us face it they're pinko communists. This creates a lot of contention between the members and their benefactor. It recently happened at cyanogen, they're even threatening to sue the guy even though he handed over everything.
  And, this psychological effect seems to extend beyond just domain control, for example Mozilla biting the hands that feeds them i.e. Google. They were being given something like roughly 80 million every year for making a free browser, and then they were telling people to switch to Bing and refusing to support Google video or image standards. Google kept funding them until recently, even though Mozilla held such contempt for them.
  Many other examples exist I'm sure.
9. Re:I feel like I'm missing something here... by Trailer+Trash · 2016-01-08 13:37 · Score: 4, Insightful
  
  That's how we did it back in the olden days around here.
  This was a fun day when Microsoft let passport.com expire, luckily some slashdoter renewed it for them.
  https://web.archive.org/web/20140921073357/http://slashdot.org/articles/99/12/25/114201_F.shtml#40
  Yeah, I'm standing by just in case.
  
  --
  Do you have ESP?
10. Re:I feel like I'm missing something here... by stephanruby · 2016-01-08 19:49 · Score: 2
  
  I have seen this before with other open source projects. Members of the project who are developing suddenly get very paranoid of the guy who has been footing the bill for their domain or services.
  There is some truth to what you're saying, just like there is some truth about the other side as well.
  Some people make it a point to get a domain name under their own personal name, and personal credit card, even when asked not to do so initially by the leaders of the project. After all, among developers (and outside of university students who can be broke), people in Technology can usually afford the domain name registration fees, so this action is really not about money. It's usually about control.
  During the start of an open source project, it isn't always clear who is going to be the top contributor, and it isn't even clear if the project is going to be successful at all. But you can often see people jockeying for position, and one of the ways that gets done is through domain name registration.
  And whether that initial registration is done with benevolence in mind, or less than a benevolent intent. You can be sure that if I had been the one in the control of the cyanogen related domain name, I would have been dismayed by the one-sided partnership deal with Microsoft and I would have looked in to cash in on that partnership as well (or had I been more idealistic, I would have probably directed my domain name elsewhere as a form of protest). After all, if the leadership of Cyanogen was willing to ignore the pleas of 99% of its early adopters and sell out to Microsoft and install Bing, Outlook, Office, etc by default on all its ROMs in exchange for a sizable mountain of cash. Why shouldn't I do the same? After all, it was my domain name (hypothetically speaking). I loaned it out as long as the organization/company was heading in the direction I wanted them to, but why should I suddenly surrender my domain name at just about the time the company is going into a completely different direction?
  That is to say. Cyanogen should consider itself lucky I wasn't the one with that domain name (or worse yet, someone idealistic like RMS with that domain), or the end result would have been much more costly for Cyanogen.
Big deal by Anonymous Coward · 2016-01-08 11:07 · Score: 3, Insightful

Yes, he's listed as a contact but it's registered to "X.ORG Foundation, LLC". They just need to contact networksolutions. tell them the sob story and jump through the hoops (they may need to show incorporation docs) to prove they are actually the X.ORG Foundation. I've successfully done this for a client in the past. Maybe times have changed since then.
1. Re:Big deal by Anonymous Coward · 2016-01-08 11:32 · Score: 2, Interesting
  
  As explained in TFA, ""The domain is currently registered in the name of X.Org Foundation LLC, which the foundation dissolved when forming the 501(c)3 organization."
2. Re:Big deal by Dredd13 · 2016-01-08 11:41 · Score: 4, Informative
  
  Having been through a similar rodeo, it's just a matter of showing a different set of paperwork that shows "when orgA dissolved, all of its assets were transferred legally to orgB", at which point any representative of orgB has the same power over it because it's a transferred asset which just hasn't had some paperwork corrected at the registrar.
Not always incompetent or malicious by Anonymous Coward · 2016-01-08 11:12 · Score: 5, Informative

I'm seeing a lot of comments along the lines of "ah stupid morons, so incompetent to register a client domain using your personal credentials" which tells me these people have not worked a lot in the real world.

I can think of 5 separate occasions where I saw that the CEO, CTO, COO, CO-whoever is in charge couldn't be bothered to come up with the correct credentials or a company account to set up a simple domain for their clients. These aren't mom-and-pop shops-- major ad agencies do this all the time, movie and media companies are slightly better.

Out of desperation, either you set it up yourself, or it doesn't get done and you get fired. Explaining the legality, fragility, and idiocy of this to the people in charge of credentials is pointless-- all they hear is "blah blah blah I won't do what you want me to do"

One place I worked at EVERY TWO YEARS there was a major scramble to get a long-departed tech guy to renew a domain. Each time this happened, the day always finished thusly:"OK, let's never do that again. Give me company credentials and a billing account and I'll set this up to auto-renew".
"Sure, send me an email about it tomorrow, I gotta go play some golf".
One letter domain names by weave · 2016-01-08 12:59 · Score: 2

So if isn't registered, would it become unavailable for someone else to grab? Most other one letter com, orgs, and nets are reserved. Only a few are grandfathered in, like x.org.