Discussion on Hacker News: Purism Domain Puri.sm Suspended? | Hacker News
Similar discussion from the Purism subreddit on my Redlib instance:
As I said before, L1 is an unreliable service.
https://forums.puri.sm/t/unable-to-register-in-purism-community-wiki/21071/8
If this took more than a day I’d start changing my accounts in websites to point another email for 2FA. Imagine if you had a business using this email, how many invoices or purchase orders would you have missed yesteday afternoon?
If you buy or sell, you may have to take the mark of the google beast.
Does anyone know what will happen to any emails that were sent to librem.one
addresses yesterday? Are they in a queue and getting distributed, are they completely gone, or would people sending emails have gotten some notice that the email wasn’t delivered?
It depends on how both sending and receiving mail servers are configured but the short version is that the messages will either be queued for automatic redelivery, OR the timeout on automatic redelivery will have passed and the sender will get a delivery failure report.
Something strange for me: I read here that this problem was discussed in websites as ycombinator and Reddit but I chatted, yesterday, into element (matrix protocol) in purism channel and no one answered me and I find it strange because matrix should be favorite in terms of privacy and security compared with the previously two mentioned
It seemed me empty/inactive!
Someone could, please, explain me it?
Anyone who uses a Librem One Matrix account couldn’t do anything yesterday, because the servers were down. I suspect a decent number of people in Purism channels might be using Librem One, so they wouldn’t have been able to participate in any discussion.
Did anyone else find that the r/Purism “subreddit” on a well-known website called “Reddit” had disappeared yesterday, concurrent with the Purism domain suspension
I did a web search to see if anyone was writing about the Purism domain problem anywhere and when I clicked on a (probably irrelevant) link to r/Purism I got an error page generated by a Reddit server telling me, specifically, that the subreddit did not exist. I then tried manually navigating to the subreddit rather than following a link and got the same result multiple times. What a strange coincidence.
I don’t frequent that subreddit, so I initially assumed it genuinely no longer existed, but today it is back as though it was never gone. The rest of Reddit seemed to still be there the whole time.
Technically I think the servers were up, but that the requests to puri.sm were not being fulfilled since the domain name was suspended.
If you put this in your /etc/hosts file, I think you would have been able to reach the sites:
138.68.253.24 puri.sm
138.68.253.24 www.puri.sm
128.140.118.223 forums.puri.sm
I could only read just so far of the conjectures, bets, probables and reminiscing. I forced myself to re-read it.
Summary? Know one really knows.
I remember Microsoft down for a couple days because they didn’t renew their com. That was before the .com bubble that blew up.
Welcome back guys.
~s
Typing “whois puri.sm” in the Terminal gives the below… note I blanked Todd’s phone and email below (I’m not comfortable pasting it in here), but you can type the command yourself if you wish.
Yesterday the status was “Status: Suspended”. Hence my guess to what went wrong
Anyways, I’m glad everything is back up!
Domain Name: puri.sm
Registration date: 05/05/2014
Status: Active
Owner:
Purism SPC
417 Associated Rd
98199 Brea
US
Phone: –
Email: –
Technical Contact:
Todd Weaver
Purism SPC
417 Associated Rd
98199 Brea
US
Phone: –
Email: –
DNS Servers:
ns1.puri.sm
ns2.puri.sm
ns3.puri.sm
To clear up some of the conjecture, here is what happened:
The domain registration for puri.sm was indeed suspended because of a payment issue. We’re still investigating why the registration wasn’t paid automatically and addressing that for next time.
We paid the registration manually as soon as we discovered the issue, but unfortunately we were hit by San Marino’s office hours again being much ahead of our own. Services were not restored automatically upon making the payment, and we were not able to contact them until their office opened for business the next day.
(All credit to @JCS for staying up into the early morning to catch them when they opened )
Although we had previously moved from a third party registrar to a direct registration with TIM San Marino and were able to contact them directly, they are still not available 24x7.
Librem One services were affected because the name servers for librem.one were ns1.puri.sm through ns3.puri.sm. The Librem One registration was active, but its authoritative name servers were no longer resolvable. Caches may have kept this up for some, particularly because this was a problem resolving their name servers and not one affecting those domains themselves.
To address this, we are creating name server records in other domains, starting with ns1.librem.one, so no domain becomes a single point of failure for the others. We are also examining additional redundancy, such as alternative host names for some of our critical infrastructure.
Backstory:
I highly suggest Tor onion services, which were specifically designed to resist censorship:
Or actually following up with the original solution six years ago:
There are other options. For a start, there are any number of other free or paid options. Or you can host it yourself.
The underlying problem here is registration of the domain - and if the domain registration falls over then it doesn’t matter who provides the hosting, you will still have a problem.
Anyway, you can see above that Purism is fixing the problematic dependency of librem.one
on puri.sm
.
Thanks, yes those are both good suggestions that we have on our internal tracker for this issue. Our sysadmin is working on standing up alternative domains for critical infrastructure, and we’re also going to look into providing onion services.
I wasn’t around six years ago, so I’m not sure what prevented adding those domains then, but we are working on it now.
Librem.One will now be able resolve with better redundancy. Working on other suggestions as well.
$ dig +short -t NS librem.one
ns3.puri.st.
ns2.puri.sm.
ns1.librem.one.
Okay, then I have suggestions to address each issue in more detail.
You can renew any domain up to ten years in advance:
Instead of relying on various registrars to remind you about renewing domain names, I suggest proactively renewing multiple years for each domain. My recommendation for order of priority:
pureos.net
purismspc.com
puri.sm
librem.one
puri.st
Since Purism has registered multiple domains, I suggest distributing the name servers in this or a similar configuration:
ns1.librem.one.
ns2.puri.sm.
ns3.puri.st.
ns4.purismspc.com.
ns5.pureos.net.
For deploying Tor onion services, use Onionspray:
I just have a cron
job on a relevant server that sends me an email a few weeks in advance of something needing renewing. All the various service providers will most likely also send reminders but it doesn’t hurt to provide a backstop.
However none of this necessarily solves the underlying problem if the payment will be made automatically but the automatic payment fails (as stated above).
I can say for sure that automatic payment is troublesome for me due to overzealous anti-scam protection with my card service provider. That’s why I like a few weeks warning - in case I have to spend hours on the phone persuading them that the transaction is legitimate (not me being scammed).
I would put librem.one
higher on the list - there are paying customers that depend on it.
Or a simple quote from a 1968 episode of Dr. Who. “Write it on the wall. You can lose a piece of paper, but you can’t lose a wall.”
Noticed this last week and had a flash of panic that the company had suddenly folded. Glad it was just a domain hiccup.