Many development teams have established .dev domains for testing their software. But a recent change means these connections will no longer work unless they are secured. While that’s a good move – dev environments can be just as damaging if successfully attacked as production – this will mean many developer teams will need to make changes to their test environment.
A very long post at Medium goes through the details of why this change is happening, including a history lesson on the evolution of DNS from hosts.txt files, the use of localhost and how ARPANET managed to migrate from its old address system to the use of Top Level Domains (TLDs) and other fascinating tidbits of history.
The article is worth a read, if only for capturing that piece of the internet’s evolution.
The TL;DR is simple. Changes made to Chromium, the engine that drives Chrome, mean that any site using a .dev TLD must use a HTTPS connection. And while that seems limited to Chrome at the moment, the change is expected to make its way to other browsers.
If you’re likely to be affected, the easiest thing to do is create your own self-signed certificates and do the necessary messing about to make that work.
It turns out the .dev is owned by Google and their application for control of the TLD makes it clear they want to use the entire .dev domain for their own purposes (the details of their application are in the article but you’ll need to read for a while to get there). And it turns out they also own a bunch more TLDs.
By controlling the registry for a huge swathe of TLDs, Google has gained control of a large chunk of the Internet with the consent of ICANN and the other authorities that govern the Internet. It’s been a sweetly executed strategy that has happened under our noses.
I tend not to be swayed by conspiracy theories but it really does seem that we are in a pitched battle at the moment with Google and Facebook squaring off for control of the Internet.
Leave a Reply
You must be logged in to post a comment.