back to article Someone must be bricking it: UK govt website for first-time home buyers snapped up for £40,000 after left to expire

The UK government’s affordable housing arm was left with egg on its face when one of its domain names, used for a website aimed at first-time buyers, expired this month. Homes England launched the Help-to-Buy website in 2013 to get people on the property ladder, by walking them through shared ownership, equity loans, and such …

  1. Dinanziame

    How is this STILL a thing!?

    Seriously. I understand that domain registration is something you should lose unless you pay for it; but when I forget to pay my rent in time, I'm not kicked out the next second. And changing flats would be arguably much less disruptive for me than changing domain names for some businesses.

    Of course, it's easy to laugh and point the finger at the morons who forgot to renew their registration, but this is even a security issue — users trust that the website with that address is the same as the one from yesterday. Maybe it's time to introduce some mandatory protections?

    1. My other car is also a Trabant.

      Re: How is this STILL a thing!?

      You get enough reminders. Only utter incompetence could be the reason. It is no good trying to protect idiots; they get even more careless and then create an even greater idiocy.

    2. Lee D Silver badge

      Re: How is this STILL a thing!?

      You mean like repeated emails to the postmaster address, a grace period during which only the owner can renew it even if it goes offline, and an appeal process?

      This only happens when people are not just incompetent but government-department-incompetent - signing up with an employee email who leaves, or literally never checking the postmaster mailbox, and not having anything as simple as a calendar entry which would warn the appropriate technical staff.

      Don't forget - someone, somewhere is running a server with that content on. Was that still being paid for? Was it hosted in-house? Or was it terminated as part of the same contract as the domain? Who was responsible for it? Who was maintaining it? Who was updating it? Which datacentre did it reside on? Why did they not notice when the domain went into a grace period? Nothing even as simple as one of those free "is your website still working today" automated tests? Were they still paying for it on the server end?

      Sorry, but if this happens to you, then you necessarily should not be running Internet-facing servers, especially for government services. It's a symptom of a complete lack of maintenance and interest.

      And, more importantly, who authorised the .org.uk in the first place when they could have had a .gov.uk that could not possibly expire? Why was it anything but a redirect for all those years? Why did the *real* gov.uk site not get anywhere near as many links as the original .org.uk for all those years?

      It goes far beyond "we need a way for people running small businesses to renew their domain at the scheduled time", and no scenario like that would fix it.

      1. Anonymous Coward
        Anonymous Coward

        Re: How is this STILL a thing!?

        As far as I'm aware, one month after expiry, .org.uk domains will go offline for two months before they are released and can be bought by someone else. At any point during that three month period they can be renewed by the original owner.

        If I'm right and if that process was followed, then the website would have been down for two months. And nobody noticed?

        1. Mark192 Bronze badge

          Re: How is this STILL a thing!?

          The redirect would have been down for two months. The website (.gov) was still working normally.

          1. John Brown (no body) Silver badge

            Re: How is this STILL a thing!?

            ...and no one noticed, no one complained or no complaints reached the relevant people. The action taken depends on which of the preceding happened.

            Hopefully someone checked to see just how many site visits occur via the re-direct and how they got to the old .org.uk site in the first place, ie is it people still using the old address or is it links from other sites not yet updated?

      2. Anonymous Coward
        Anonymous Coward

        Re: How is this STILL a thing!?

        Christ Almighty don't get me started on fucking managers refusing to use their .gov.uk addresses.

        They all want their own "identity" or "branding" for their little bit away from the core organisation. So they buy up shittle little domains using departmental budgets deliberately avoiding proper process. they they will normally have a shite website knocked up by a school leaver (who charges about £20k over the going rate but talks a good game), with no on going maintenance using out of support WordPress.

        Domain abandonment is alos a big issues with these shittly little unauthorised websites.

        They they get fucking uppity when I find out about it and tell them to get it fucking fixed or gone.

        1. Anonymous Coward
          Anonymous Coward

          Re: How is this STILL a thing!?

          Yep, same battle here and all over the country I expect. The domain name is normally about 40 Chars long and they'll have also bought a load of other TLDs to go with; .co.uk,.com, .net, .org, .org.uk, .uk, .info (because cyber-squatting and brand protection) all under a personal domain registration, on a PCard and used those domains in printed PDFs and advertising material - thus proving how we 100% can't let these domains go.

          We are winning but it's a game of whack-a-mole trying to keep on top of this type of domain/website procurement - I feel your pain!

        2. Anonymous Coward
          Anonymous Coward

          Re: How is this STILL a thing!?

          Yes - much much better to put all useful information into a single bland repository dumbed down to the intellectual capacity of a Govt Minister Then you can expunge the useful bits because they don't fit the one size fits all template (or the embarrassing bits). Because any suggestion that an entity of the government should have pride, or esprit de corps is clearly to be stomped down on, and history is for losers (and a few beloved statues).

          Just because .gov.uk works well for strictly transactional 'citizen as customer' bureaucracy doesn't mean that everything has to be the same. it's slightly weird that this ultra-centralised 'any type of car you like citizen, as long as it's a white 4 door Lada' control of the web has been foisted on us by avowed espousers of the 'free- market'.

          1. Anonymous Coward
            Anonymous Coward

            Re: How is this STILL a thing!?

            It's just an SLD, not important and not a reason for a call to arms.

        3. Anonymous Coward
          Anonymous Coward

          Re: How is this STILL a thing!?

          They they get fucking uppity when I find out about it and tell them to get it fucking fixed or gone.

          You are Malcolm Tucker and I claim my five pounds.

          1. My other car is also a Trabant.

            Re: How is this STILL a thing!?

            Sadly, Malcolm Tucker was a parody but was infinitely more competent than today's actual Malcolm Tucker. Would Tucker have gone on a trip to Barnard Castle? He might have got one of his enemies to do it and then leaked to the Press, he'd never have done it himself. Competent evil versus chaotic malice.

      3. Peter2 Silver badge

        Re: How is this STILL a thing!?

        And, more importantly, who authorised the .org.uk in the first place when they could have had a .gov.uk that could not possibly expire? Why was it anything but a redirect for all those years? Why did the *real* gov.uk site not get anywhere near as many links as the original .org.uk for all those years?

        An imagined discussion at HelpToBuy a number of years ago.

        Tech: The gov.uk people say that they haven't heard of us as a government department, and want a letter signed by the minister for the department of administrative affairs confirming that our department exists. When they have that then they'll ask if anybody in whitehall objects to this name being taken in case it clashes with any project that somebody else has. There is then a mandatory 30 day wait for responses, 15 days to compile a report for the allocation committee, and then at the next names allocation committee meeting then they'll review the request and decide if they will deign to create us a .gov.uk domain name. At that point, the request and proposed address will be passed on to the head of the civil service, and the PM to approve, and then following Royal consent being granted the allocation committee will pass it along to the creation department.

        Boss: The PM said we'd be up and running by the end of next week. I told him we'd do that. You said it could be done easily. Why are you now telling me it's not going to be ready for what, six months?

        Tech: It takes five minutes to set up a domain name. I didn't imagine that it could possibly take this long to get a gov.uk domain name!

        Boss: So, we've got the site ready on HelpToBuy.example.com, but we can't just get a gov.uk domain name?

        Tech: Yes! We'd be up and running in 20 minutes if we were using an org.uk domain name! Dealing with this...

        Boss: Ok. I promised the PM personally that we'd be up in time and i'm not going back and telling him I can't do it. Pick that domain name, get it printed on all of our stationary and we'll use that. When we get a gov.uk domain name then we can shift the site to the that, right?

        Tech: That'd work.

        ---

        11 Months later

        - - - -

        Boss: We finally got that gov.uk domain name. It comes with government hosting too; switch over to that, would you.

        Tech: Hang on, this only supports static .html and coldfusion on an Oracle database? That's insane! It's...

        Boss: Do you have any asprin?

        Tech: *Hands over bottle* We could just redirect the gov.uk domain to the working site?

        15 years later, that tech and boss has moved on and the postmaster checking the "left staff" emails sees the email and forwards it to the domain renewals team. It's not on the approved list to renew, so doesn't get renewed because it's not anybodies job to do it

        And that's how something like this happens.

        1. Anonymous Coward
          Anonymous Coward

          Re: How is this STILL a thing!?

          That-does-sound-like-the-local-authority- bureaucratic -stuff-I-came-across.

          Especially the last part.

      4. Roland6 Silver badge

        Re: How is this STILL a thing!?

        >You mean like repeated emails to the postmaster address, a grace period during which only the owner can renew it even if it goes offline, and an appeal process?

        This only happens when people are not just incompetent but government-department-incompetent

        Actually, I suspect it isn't just government-department-incompetence but a failure in the entire governance process which effects any organisation where those responsible for the postmaster inbox are disconnected from those with a direct interest in and knowledge of specific domain registrations, so don't necessarily forward notifications on to relevant people.

    3. steviebuk Silver badge

      Re: How is this STILL a thing!?

      If you treat admins like shit and then eventually make them redundant. They aren't going to want to keep records. I suspect the original purchaser left long ago and no one bothered to mention it in the hand over.

      1. logicalextreme Bronze badge

        Re: How is this STILL a thing!?

        I've never actually done it, because all of my get-rich-quick schemes consist of two minutes of thinking about it and then two minutes of kicking myself for not doing it years later, but…I think anybody that's worked at a place where they've regularly seen the domains lapse has probably made a mental note to keep an eye on those domains after they leave the company.

    4. logicalextreme Bronze badge

      Re: How is this STILL a thing!?

      It is a security issue yes, but one that's under the remit of the lessee of the domain, while they lease it. Even if there was a grace period of a full year before they finally finally expired domains, they'd still expire and this would still happen; we'd just see the news article about any given domain swoopage show up twelve months later than we do now.

      It's not always solely adminstrative incompetence, either — businesses, quite often (and this includes state entities) don't like paying for things unless it's a) utterly necessary and b) it's the last day of the final grace period that they can possibly pay. I've worked for more than one retail chain where the power was cut off to the store in the middle of the day because head office hadn't paid the leccy bill and they'd exhausted all of their warnings.

      Remember when Softcat got taken to court for not paying their milk bill? https://www.theregister.com/2018/01/30/softcat_unpaid_milk_bill_court/

  2. wolfetone

    Fair play to them. Someone might as well benefit from the ineptitude that engulfs these government departments.

    Because the people of the UK certainly don't!

  3. Nifty Bronze badge

    I've just registered oximoron.org and am offering it as the new domain for 'affordable housing'.

    1. PermissionToSpeakPlease

      Its not even 9, and you've already won the Internet for today.

      The rest can stop playing and try again tomorrow

    2. Neil Barnes Silver badge

      Aw. I wanted to use it for 'government intelligence'. You beat me to it.

    3. TopCat62

      Very good, but it's actually spelled 'oxymoron'.

      1. Nifty Bronze badge

        That was already taken ;-)

      2. MAF

        Don't underestimate the Ministry of puppetry

        But because they probably can't spell as well as think, they'll probably try and register oxymoron, oxymoron, oxymoron & oxymoron just to be on the safe side - ka-ching!!

        1. logicalextreme Bronze badge

          Re: Don't underestimate the Ministry of puppetry

          I used Oxymoron, Oxymoron, Oxymoron & Oxymoron for my second divorce settlement. Nice offices.

    4. Just Enough

      404

      No you haven't.

  4. Anonymous Coward
    Anonymous Coward

    Some junior management grade messed up...

    ...and some senior management grade needs a calendar populated with 'things to check have been done because part of my job is preventing cock ups'.

    But, you know, that would require managers that understood the organisation they're running.

    1. Mike 137 Silver badge

      Re: Some junior management grade messed up...

      Not necessarily a junior, maybe the process.

      On assignment in a senior management role, I was asked to buy a digital certificate for a government department personally using my own credit card and then get a refund on expenses. They had no formal mechanism for this.

      1. Peter2 Silver badge

        Re: Some junior management grade messed up...

        And one wonders how often somebody that got screwed on not getting paid by accounts the last time said "actually, nah" and just let things expire.

    2. chivo243 Silver badge
      Meh

      Re: Some junior management grade messed up...

      One shared calendar with early alerts to the date approaching is all it takes. Clearly someone unclear on the concept.

  5. Pascal Monett Silver badge

    "their list of addresses to protect"

    So, UK Gov has a list of addresses that cannot be resold even when expired. They set up that list when .gov.uk came about, transferred all their .org addresses to .gov and promptly forgot everything .org.

    Are there any other .org.uk addresses that are still in use by the the government that could also be snapped up like that ? Or is some busybody finally going to get the order to sort the situation out yesterday ?

    That is the problem with the administrative mentality. When transferring to .gov.uk, somebody should have made it clear that the "old" .org.uk addresses needed protecting as well. Maybe somebody even did, but the order came down from On High : .gov.uk addresses are to be protected, no mention of .org.uk so, no protection for the latter.

    And now this happens.

    Incidentally, the fact that the guy who got it for £10 turned around to sell it for much more, that used to be called something nasty, didn't it ? And the original owner could complain about it and get it back for manifest domain name squatting or something. Yes, it had expired, but the operation was clearly not with the intention of using the domain, just selling it for (tidy) profit. Doesn't the government (as negligent previous owner) have a say about that ?

  6. Terry 6 Silver badge

    Cultural issue

    And I'd say probably not only governmental bureaucracies.

    But but the order came down from On High : .gov.uk addresses are to be protected, no mention of .org.uk so, no protection for the latter is a class of thinking. Off with the old, on with the new.

    It explains many phenomena.All aspects of losing continuity with what went on before because it's not part of the new shiny.

    When, in the 70s, we decimalised our currency the word "shilling" (5p) was eliminated. It could have been retained, but there was a deliberate effort to stop using it- it wasn't part of the new thinking, but it could have been and a whole generation would have been more comfortable with the new currency. It's just a name for 5p after all. It could have been left to wither naturally.

    Most of the shenanigans with Windows Start menu over the last few years seem likewise to be a way of burying the Win 7 designs that were abandoned with the fucking horrible Windows 8 layout, rather than having any practical use that helps people do stuff .

    1. Arthur the cat Silver badge

      Re: Cultural issue

      When, in the 70s, we decimalised our currency the word "shilling" (5p) was eliminated. It could have been retained, but there was a deliberate effort to stop using it- it wasn't part of the new thinking, but it could have been and a whole generation would have been more comfortable with the new currency. It's just a name for 5p after all. It could have been left to wither naturally.

      I still occasionally use florin for 10p, but only to wind up my millennial niece and nephew. Sadly florin didn't even catch on during the 19th century attempt at decimalisation.

    2. Vincent Ballard
      Coat

      Re: Cultural issue

      Now that sterling coins have been resized, maybe it's time to bring back the word "bit", so instead of "shilling" we could call it a "quinqupenny bit".

      1. gerdesj Silver badge
        Gimp

        Re: Cultural issue

        We had a thruppenny bit so let's see what a four penny bit would become: foppnny or perhaps fappnny!

        1. Vincent Ballard
          Coat

          Re: Cultural issue

          If you're feeling traditionalist it would be a groat.

  7. Doctor Syntax Silver badge

    "Or did the new owner have an attack of conscience?"

    A £40k attack of conscience doesn't seem likely Maybe HMG raised a dispute.

  8. Ken Moorhouse Silver badge

    I can just see a crowdfunding page being setup...

    It would be called helptobuy our domain name back.

    ===

    Maybe the reason they ignored the renewals was because they were getting confused with renewing their .uk domain which they'd never bought in the first place.

  9. Anonymous Coward
    Anonymous Coward

    You will never fix Stupid

    You will never fix stupid by "Oxygen Stealers" and it's going to get worse when we jump to Https Certificates only supported if they have less that a year to run. And are not self signed. Another BAFU in the Tunnel and the lights are definately a fast train. A Sec Managers once told me they where in charge, I informed him he was a fly on the windscreen of an Intercity 125 and only think you are in charge and running things.

  10. Anonymous Coward
    Anonymous Coward

    This brings back memories.... A few years ago I was working as the infrastructure & Systems TDA for a very high profile public body. I didn't work for the government but for the large IT organisation ran their infrastructure. Sounds a lot grander than it was as my time was spent mainly as a punching bag for senior public sector managers. Shouting at me seemed to ease their embarrassment at the frequently revealed truth that they knew nothing about the field they had been working in for 30 years. But I digress....

    It was a big day for them - a royal visit was happening and they were using this occasion to launch their new 'brand'. We were hosting their brand new website, managing their inquiries email addresses etc. About an hour before Liz and Phil turn up my boss received a call from their irate and terrified IT director screaming that the website is down . He went full bore into my director with the usual: 'this is the worst cock up you lot have ever made, I'll go to the top with this'.

    So, I look at our status checks, browse the site from our office - all fine. I try from a couple of other unrelated locations, fine too. I tell my boss I don't know what they're on about, he pops over and were both scratching our heads. Then I had an idea - checked our DNS monitors which report from all over the globe. Hmmmm... about 75% of locations were showing domain unreachable. Tried nslookup with a clean cache - nothing returned, not even an SOA. Then I realised and screamed "Yes, thank F**K for that!".

    Even though we hosted the SOAs and managed the domains, this was a domain they had registered themselves before they had created the new website.We didn't pot it as we didn't monitor the domain itself or the reg. It appeared that the very morning of the royal visit they had lost registration of the domain, and over 2 hours the website had gradually dissipated as DNS servers caught up. It was nothing to do with us!

    They forwarded all managers' mails to a shared mailbox (which I had access to) for 12 months after they left. I looked in there for this problem domain and there must have been two dozen emails and over the last 2 months which had gotten clearer and sterner in warning that this domain was gonna lapse from their control. The recipient was a marketing manager, let's call him 'John Smith' that had left 6 months ago!

    The domain had reappeared as available, so I immediately snapped it up for about a tenner and put it on expenses! Me and my boss did discuss charging them £50000 and going 50-50 on the proceeds, but though it might be frowned upon..... Anyway, knowing how much stress I got from them, my boss very kindly let me tell the story. We went on speaker in his office and I started off by asking their CTO and IT director if he knew John Smith - 'yes he was the marketing manager in charge of this initiative'. I wanted them to work it out before I told them outright, so I went slowly, step by step until all of a sudden the IT director says 'Oh fuck.'. Oh fuck indeed!

    In the end I gave the support guys the details - they had the domain configured in 30 minutes, within an hour all was fine.

    Before that incident they were always in attack mode - always accusing and assuming the worst, always massive pains in the arse. Afterwards, they weren't perfect, but they were no longer permanently insufferable arseholes.

  11. USER100

    Property is not necessarily theft

    Lol affordable housing! I don't care anymore. Govt. schemes mean zip. The only way to be able to have a house available to everyone is to completely re-split up and redistribute the land and allow people to build on it. And introduce a land tax.

    Let's look at the truth: the land originally belonged to no one and everyone, when we were all hunter-gatherers. All these posh fuck landowners, including the Royal family, simply expropriated it from what was the Commons. Maybe the damage started millennia ago when we began with farming and the accumilation of 'wealth'.

    In ancient Greece (especially Athens), mass mobilization warfare meant all citizens had a stake in society. I'm not advocating conscription but... at least they had a common cause which ultimately resulted in a more even distribution of wealth

    1st time buyers, right. I'll have that bit near the river, nicely sheltered by the trees.

    Redistribution of wealth seems to be a bit taboo these days. Perhaps because the PTB control polite society. The continued possession of material assets is based on power/priviledge/bullying(basically).

    Maybe the trouble started 2000 years ago when a man was nailed to a tree for saying how great it would be to be nice to people for a change.

    1. Terry 6 Silver badge

      Re: Property is not necessarily theft

      A lot of this came with 1066 And All That.

      All of a sudden ownership vested in Feudal Overlords. The Land was theirs.

      From that came, eventually, over a few hundred years, the Enclosure Acts. Which allowed commonly grazed land to be expropriated by the Lordies.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020