Kevin Ohashi

I was recently introduced to Amartya Sen's Liberal Paradox and found it quite interesting. The Wikipedia page does an ok job explaining it, I liked this article more.

Sen’s liberal paradox is meant to demonstrate that when autonomous agents act with complete freedom, it is impossible for the agents to produce an outcome that is a net improvement to everyone. While this is not to argue for government intervention, it is to say that a pareto optimal improvement and libertarianism cannot coexist. In other words, the paradox shows us that the invisible hand of the marketplace is incapable of producing net improvements in welfare for a given society.

When you think about the domain industry in the context of the liberal paradox it makes sense why everyone is so unhappy.

One thing that constantly bothers me is how we give advice to other people and how people listen to our advice. I think we are generally predisposed to give our opinions and advice to others; whether it be for our own ego, genuine desire to help others, a social obligation or whatever else may drive us. The underlying reason is somewhat irrelevant to the point of this post.

The thing that bothers me most is when people give unqualified advice, which could vary from simply time wasting to harmful in terms of content.

I receive a few advertising offers on my websites every month and most simply want to buy a banner/link for whatever reason - traffic, sales, branding, seo, etc. Honestly I don't care about their intention as long as it doesn't ruin my user experience.

The worst offers are people trying to get me to signup for their affiliate program.

Here is an example:

Hi,

I am Harish from Allo.com; we develop cost-effective next generation high quality VOIP products, such as Digital Telephony Cards, PBX Systems, Next Generation IP Phones and Analog Telephone Adapters…

We are interested in advertising our products on [my site redacted].

Please let me know who I should talk to.

Regards,

What's wrong with this offer?

It's deceitful.

This looks like a normal advertising request to buy a banner/link. It's not. How do I know it's an affiliate offer?

Seriously? Now my downloaded software is going to spew ads at me and provide a crappier product?

Thank god for Libre Office.

Great video about writing clean code (which sadly cannot be embedded): http://vimeo.com/12643301

I thought I was doing an ok job but it really shined light on some things I could do to improve my code.

Funny thing is, I could have gone there but didn't think I would be writing that much code in the future at the time. It was 15 minutes away in Malmo!

A stressful day trying to work with NLP leads to things like this.

You are still emailing me lost passwords in plaintext. This just isn't acceptable.

I contacted you, worked my way through your support team until the manager I spoke to who was supposed to be connected to the dev team asked me what email client I used and said maybe it was outlook that was revealing my password. My email client (oh, I don't even use outlook) was allegedly cracking the passwords or something. I am not even sure what they were trying to say or imply. Whatever it was, it's ridiculous.

I only noticed this because I reactivated an old account because I thought listing with you guys would be a good idea to complement listing on sedo since you were also free now. I want to be your customer. I also want you to treat my information with respect and keeping my password secure is something I simply cannot compromise on. Please fix this issue so we can get back to selling domain names, because I simply won't do business with you until you do.

This is a warning to at least one major domain company. I will be naming names Monday (April 25th) unless it gets fixed. This type of behavior puts customer information at risk and has been hacked before.

YOUR PASSWORDS AREN'T SECURELY STORED

They store passwords in plaintext or a system where they can get back to plaintext (which for all intents and purposes are the same).

What does that mean? It means instead of data being stored in the following format:

accountName | 5f4dcc3b5aa765d61d8327deb882cf99

It gets stored like this:

accountName | password

How do I know if my password is securely stored (as a customer)?

There is no way to tell for sure it isn't stored as plaintext. However, the most common giveaway is trying the password recovery system. If they email you your original password, they are storing it in plaintext. If they force you to generate a new password, they most likely are storing it in a hashed form and have to generate a new hash on your new password because neither of you knows your old password.

Why does this matter?

If they were ever broken into, your passwords are exposed and the attacker can simply read them. If they are encrypted, the attacker would have to decrypt them first, which takes an incredible amount of time (assuming they use Salt). Thus making it exceptionally difficult if not practically impossible to do anything with a hashed password.

Huh? what? I am lost...
Ok, here is a simple explanation of how logins work:

User visits website.

User types in account and password.

In a PLAINTEXT system, the computer matches user entered account:password combo with an account:password combo in a user database.

In an encrypted (secure) system, the computer hashes the password using an algorithm (such as MD5) to produce a hash ('password' after md5 encrypt becomes '5f4dcc3b5aa765d61d8327deb882cf99'). The computer then matches the hash to a stored hash in the database, if the hashes match, it is the correct password. Only your password will generate the same hash, but nobody with access to the database will ever know what your password is because it's stored as a hash.

UPDATE: I am not going to recommend MD5 after further reading, there are apparently stronger algorithms such as bcrypt and SHA-2 which will keep passwords more secure than MD5.

If you have any questions - as a company or as a customer - feel free to contact me and ask.

I published a post listing 24,000 available brandable domain names that anyone could register a couple days ago.

It was far more successful than I ever imagined receiving over 17,000 page views. Ranking 3rd on HackerNews frontpage and 2nd in a major subreddit with over 30,000 subscribers.

I wanted to go through the entire setup of the article, the marketing, the goals, the traffic, the results and conclusion.

This is a continuation from this article.

My pickups were:
Hipeo.com
Docey.com
Blisu.com
Bliro.com
Releq.com
MuteU.com
Ocane.com
Smizi.com

There is a lot Japanese sounding names in there which I liked but didn't take. Enjoy!

Update 7:09 pm: Request for an affiliate link. So I picked my favorite consumer facing registrar NameCheap.

DISCLAIMER: these domains were checked against the zone file, NOT the registry. Some names ARE TAKEN but for whatever reason did not have name servers when the zone file was downloaded. Possible causes: somewhere in the delete cycle or simply no name servers registered.