/dev/nikc/blog

Kuolleiden purjehduskenkien seura

Sep 19th 2017

The day the .dev gTLD died

13:26

Few things are as "fun" as an untouched development environment rendered non-working after coming back from a week-long holiday. A brief but intense session of searching for the broken cog in the machine ensued, finally unveiling the issue; we use a .dev TLD in our local environments.

It turned out that on Sep 16th @lgarron added .dev to the static HSTS list1 in the Chromium project, forcibly telling the Chrome Canary2 browser to only request anything on a .dev website using https and only https.

While I'm a big fan of HSTS, the usefulness of the exercise eludes me, seeing how .dev isn't available for public consumption, but wholly reserved by Google for private use. (It could of course also be a sign that it's on its way into public use. Also, it really shouldn't have ever been assigned, but whatever.)

It could of course be just me (or us, really) who's clueless, as its use was "considered harmful" already in 2015.

1 chromium/src/net/http/transport_security_state_static.json

2 AFAIK the list is used by many browser vendors and thus other browsers are bound to follow suit at some point

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Meta

Pages

Search blog

Latest comments