Online Security and Corporate Honesty

In the past two days I’ve received 12 emails from various online services about the Heartbleed bug and what I should do to protect myself. I wonder when the other 120 online services I subscribe to will get around to mailing me.

One of the twelve providers who contacted me explained that they did, in fact, have the vulnerability, but that everything is now patched and I need not worry myself about it. Including, as I discovered in a subsequent email exchange, not worrying about changing my password, since their architecture is “built to avoid a leak of sensitive information”. Needless to say, my trust in this particular service provider has been greatly reduced.

Dear companies-who-had-the-Heartbeat-vulnerability-and-are-saying-nothing-about it:

  1. It is your duty to inform customers what you’ve done about security breaches, even if it’s just to let them know everything is OK.
  2. If you did have this particular vulnerability, and you’ve patched it, it’s your duty to tell your customers to change their passwords, since there is no way you can know whether customer information was stolen from your servers.
  3. Lastly, be assured that sending a “Please change your password” email will not make you look bad in the eyes of your customers. The opposite is true: it will serve as proof of your corporate honesty, integrity, and good intentions. It’s the right thing to do.

No More Stack Rank. What now?

I hear MSFT is dropping the stack rank, finally.


I wonder what will take its place when it comes time to allocate compensation. Any insiders care to share?

Here are some of my musings about Microsoft compensation and the broader topic of how to do it better, from years ago… 2006, no less! How time flies when you’re having fun.

How to Claim a Domain Name

Friends often ask me for advice in getting their new business online. Here’s my advice on the first step: claiming a domain name.

Step 1: Find it

You need to find or invent a great domain name that’s available for sale.

What makes a name great? Pick something that other people find memorable, easy to pronounce, and easy to type (including on a mobile phone). It doesn’t have to be a real word, but I do find real words easier to remember and spell.

I also recommend making the domain name the same name as your business or the main product/service you’re promoting. That way, your customers only have to remember one thing, and you don’t split marketing dollars across two different names.

For me, coming up with a good name is easy; it’s finding a name available for sale that’s hard. In general, most of the names I want are already taken. Hopefully you have better luck than me. But luck need not be your only companion; here are some useful tools for finding domain names:

I found all of these via Hacker News, where people love talking about nerdy topics like this. I like LeanDomainSearch best.

Step 2: Register

Once you’ve found the domain name you want, you lay claim to it. To do this you pay a small fee to a “Domain Registrar”.

Tread carefully; there are hundreds if not thousands of domain registrars, and many of them are shady, if not downright annoying to deal with. Be suspicious of registrars that offer you an amazing deal for the first year; they often hike the price in subsequent years, try aggressively to upsell you to extra products you don’t need, and make it very difficult for you to transfer your domain name to another registrar later on. Sadly, that’s the norm in the domain registration business.

The two domain registration companies I recommend are, which I’ve used extensively since 2006, and DNSimple, whom I’ve done business with since 2011. (By the way, these are not affiliate links. If you want an affiliate link, find it at the bottom of this post.)

With Namecheap you get:

  • cheap domain registration prices
  • less upselling than most other registrars I’ve tried
  • easy transfer out, should you want to switch providers
  • a usable interface, although managing DNS records is a bit of a pain

With DNSimple you get:

  • modest domain registration prices, usually $2 or $3 more per year than Namecheap
  • excellent tools for managing DNS records
  • a delightfully easy-to-use interface (the best I’ve found)
  • no upselling
  • easy transfer out, should you want to switch providers

Basically you pay a bit more with DNSimple to get the best user experience and some additional tools that are very handy if you’re managing many domains. If all you need is cheap and simple, try Namecheap.

I have also used, and do not recommend, GoDaddy (infuriating upsell tactics) and (not competitive on price).

I have heard good things about Badger and Hover, but haven’t used them. I’m curious to know more.

Here is a LifeHacker post on the Five Best Domain Name Registrars.

Step 3: Renew

Congratulations, you’ve registered your domain name. But you don’t own it; a domain registration is much like a lease, in that you’re renting the right to use that name for a year. So in one year you’ll have to renew the registration by paying another small fee to your registrar.

Your registrar will almost certainly email you a renewal reminder, as they want to keep your business. But you should set your own calendar reminder for about 10 months from now.

If you miss out on renewing your domain, your lease will expire, and the domain name becomes available for other people to purchase. Getting your domain name back after the expiry deadline is sometimes possible, and always hellish. So don’t forget.

Another important reason for a reminder is that switching to a different registrar, which you might want to do, takes time. You need to start on the transfer process a few months before expiry. Registrars won’t let you transfer your domain name elsewhere if you’re within the last week or two of the registration year.


How much should I pay for domain registration? $20? $30? You shouldn’t pay more than $15 a year for a .COM domain name. You may be able to find promotional deals as low as $8 per year (search for “discount code” + the name of the registrar). Most of the time I pay between $11 and $14 a year. [Update 2013-04-24: see Ed Kaim’s useful comments about purchasing $0.99 domains on GoDaddy]

Should I try to get the “.COM” domain? Personally I prefer .COM, especially in North America, as it’s what most people associate with businesses and with websites in general. But you may want a country-specific domain (.CA, .CO.UK, etc.) if your business serves a particular geography. And for a not-for-profit you’ll want to get the .ORG. In many cases I’ve registered all three.

“GoDaddy’s prices look amazing, should I buy through them?” (Insert favorite cut-rate registrar here.) I don’t recommend registering through GoDaddy, as I have found their upsell tactics infuriating. Many of the cheap registrars offer poor service, in my experience. [Update 2013-04-24: I stand by my advice here, especially for newbies, but see also Ed Kaim’s useful comments about GoDaddy]

How many years should I register my domain name for?  To start with, 1 year. You can always register for more years later, and most registrars give you a price break for doing so. But to begin with, especially when you aren’t sure you’ll like the registrar, and you aren’t certain you will invest marketing into the domain name you’re purchasing, start small.

Can I buy a domain name before I’ve set up my sole proprietorship/partnership/corporation? Yes, and you absolutely should. Buy the domain name on your own dime and transfer ownership to your business later, when you’re ready.

What is “domain privacy”, and do I need it?  Domain registration information is all publicly searchable via a “WhoIs” report. Domain privacy masks the name, phone number and address you use to register a domain. So if you’re using your personal phone number and address, privacy might be appealing to you. On the other hand if you’re buying with a business phone number and address then use that as the registration info. Many registrars offer privacy free for a year but then charge thereafter. Personally I haven’t found the privacy features worth the hassle.

Should I buy “web hosting” services at the same time as I buy the domain name? No. Many domain registrars will try to sell you on this, and it just isn’t necessary.  To start with, simply register your domain. Figure out hosting later, once you’re sure you really want to use that domain name, and after you have your site design figured out.

How should I build my website and where should I host it?  This is a deep topic, so I’ll cover it in another blog post. But the short story for most small business owners I’ve talked with is this: use If all you need to do is put up a 1- or 2-page website with a bit of info about your business, WordPress is a cheap, quick starting point that looks great and requires zero management time from you after you’ve put it up. Start there.

You promised me I could click an affiliate link, didn’t you? Indeed, I did. Here is my Namecheap affiliate link. Enjoy.


Get every new post delivered to your Inbox.

Join 427 other followers

%d bloggers like this: