ICANN and the 7 Keys to the Internet
01:14:46 Share

Support for Waveform comes from AT&T. What's it like to get the new iPhone 16 Pro with AT&T NextUp anytime? It's like when you first light up the grill and think of all the mouth-watering possibilities. Learn how to get the new iPhone 16 Pro with Apple Intelligence on them and the latest iPhone every year with AT&T NextUp anytime. AT&T, connecting changes everything.

Apple Intelligence coming fall 2024 with Siri and device language set to US English. Some features and languages will be coming over the next year. Zero dollar offer may not be available on future iPhones. Next up, anytime features may be discontinued at any time. Subject to change, additional terms, fees, and restrictions apply. See att.com slash iPhone for details. Support for the show comes from Anthropic.

It's time to meet Claude, the AI assistant from Anthropic that can transform how your organization works. Imagine if your whole team had an expert collaborator who knows your company inside and out. With Claude, you can empower every person at your organization with AI that's both powerful and protected. According to Anthropic, they'll never train their models on your company conversations and content so you can securely connect your company knowledge and empower every employee with expert level support from engineering to marketing. Transform your organization's productivity and visit anthropic.com slash enterprise.

What's up, everybody? I'm David Amell, and welcome to Waveform. Have you ever wanted a domain, and then you were in Virginia, and then you were in a small cage with iris scanners and lots of strange people? Me neither, until about a month ago. Stick around, because I'm about to tell you what the heck I'm talking about. All right, boys, let's buckle up. Let's do this. So I'm going to tell you a story, and it's a little weird and a little wild and a little cheesy. It's an entirely true story.

Okay. Yes. Okay. So a few months ago, I think this is around June. So this podcast has been a long time coming. I was in Seattle hanging out with some friends. I think I went there to visit friends from college I haven't seen in a very long time. And we were just chilling at one of their houses. And we wanted to order a pizza. Okay. Because there were a bunch of us and it was like, makes sense to have a pizza for everybody. Right? Right.

So, every now and then, I go and I look up all of the potential websites that you can own, all the top-level domains that you can own, just for fun. Okay. There are many. Sorry, I was thinking about the pizza. All right. Yeah. No. Yes. It's okay. I think we're reasonable here. Yeah. I see no flaws. Yeah. We'll get there.

Okay. Okay. So do you guys know what a top level domain is? So that would be like the .com or the .org or the .gov part of the URL. Yeah. And there's a bunch more that I don't, you know, pay attention to or keep track of. Yeah. But the most common ones being country.us.ca. Wow.

Wow, nice. Trivia. Turns out there are many, many, many, many top-level domains. I believe that. There's a list of top-level domains that you can go look at anytime you want. And I, every few months, kind of just read them for fun because I really want. I really just want to see the domains, right? So I remember...

that there is a dot pizza among other things, right? Because there's like dot lawyer, dot fun, dot joy, dot monster, dot condos, dot cool, dot dance, dot dating, dot deal, dot deals, international, dot investments, dot Irish, dot jewelry, dot jobs, dot joy.

.vacations, .ventures, .villas, .vin, .volvo, .voting, .voyage, all of this random stuff. .monster. .monster. That's awesome. But there's also a .pizza. So in my head, I'm like, we want a pizza. There's a .pizza. You should be able to go to pizza.pizza, right? Like if you go to pizza.pizza, I would assume that like,

Papa John's or Domino's probably owns pizza.pizza. You can tell you're not from the tri-state area. Why? Papa John's or Domino's. Sorry, sorry, sorry. There needs to be some elitism here if we're from New Jersey. Yeah, those are both awful, awful pizza places. Oh, totally. Absolutely. But in Seattle, that's probably standard pizza. Yeah, yeah, yeah. Oh, wow. Papa John's is the most popular pizza chain in the U.S., right? Okay, that's fair. Fact check that. I think that was the fact check. I

I ordered a Papa John's pizza while I had COVID, and this thing was so unbelievably dense. Oh, my God. I, like, could not believe this pizza. It was, like, ridiculous. Better ingredients. Yeah. Betteringredients.pizza would be the best domain for Papa John's. Yeah, I mean, there are many options that you could have here, but I just wanted to go to pizza.pizza because I thought it was the dumbest one. Okay. Right? Because you could have, like, I want to order a.pizza or I need a.pizza, but...

Pizza.pizza. Funnier. So I try to go to pizza.pizza and it doesn't resolve. Right? It's like not found. I'm like, hmm. Hmm. You know what I do when I have good domain ideas? Oh, you're one of those. Oh, yeah. You're one of those. Oh, yeah. How many domains do you have, David? Oh.

I haven't counted in a while. How many digits of domains do you have? I think in the two digits. Okay. That's all right. Which could go up to 99. Yeah. Yep. It's 97, but. Yeah. So you bought. Yeah. When I have good domain ideas, I try to buy them, right? Speaking of which, Ellis just looked up betteringredients.pizza and it's currently available for $14.99 a month. That's not bad. Yeah. But betteringredientsbetter.pizza is unavailable. Oh, weird. That's funny.

Okay, so yeah. So yeah, it's only usually like $12 a year, so I try to buy them. I have a lot of domains. I own such selections as bangersonly.net, which just takes you to a Spotify radio playlist of Semi-Tard in Life by Third Eye Blind. Nice, nice. Because imagine you're at a party, right? And someone's like, I don't know what to play on the radio. And you just go, just go to bangersonly.net.

And it's only bangers, dude. Every single one. You're not wrong. During COVID, I bought outmywindow.app, and I just made it so if you went there, it would just rotate through really pretty scenes of out windows because people were trapped in their apartments. I also have bought two domains that got me sued by Lego Corporation. So we probably don't have to go into that part. But here's to say, I like buying domains. So...

I tried to buy pizza.pizza and it looked like somebody already owned it. Like it wasn't available. And I was like, hmm, why would someone sit on pizza.pizza in the domain space? This is called parking. This one's parking on pizza.pizza. So, but what you can do is when someone owns a domain, you can do what's called a who is lookup on a domain.

So effectively, you are looking up like the person that owns it, when they bought it, how much they bought it for all of this stuff. Just I was just curious. Right. So I do a who is look up on pizza pizza and I start to get pretty confused. There's a lot of information here, but I started seeing all of these names pop up over and over again. There was Donuts Inc. There was I can. But Donuts Inc. started popping up a lot more. So I did some research on Donuts Inc. and I looked them up.

They're they're like massive. They're like a multi-billion dollar corporation and all they do is own top-level domains This is doughnuts like the pastry. Yes, okay. I just want to make sure beyond the irony Yeah, exactly beyond the irony that doughnuts owns dot pizza They also own like a crapload of other top-level domains like 20 almost like 25% of the entire top-level domain industry Yeah, so David

What? It's Mega David. Exactly. Yeah. So I start Googling them. And there's some articles from like 2012, 2014 being like, should we be concerned that donuts is...

owning so much of the domain industry. And I'm like, I agree. How is it that one company can be a multi-billion dollar corporation and own almost a quarter of the entire domain industry? That seems really confusing and weird. And how does any of that actually work? Because isn't the internet a thing that we are all supposed to own together? And why do you just get to spin up a

a top level domain and just own it and then sell it. That's real quick to just to confirm when you're saying 25% of all domain names, that's including domain names that are like owned and working or 25% of all like claim domains that aren't actually directed to something. It's just top level domains. So that's like the amount of claimed but not actual working domain names is way past 25%. So they head up .pizza, right? And then anyone there's

millions of permutations of something that could be a .pizza, but they own .pizza. .pizza, okay. Right? Yeah, they just own the top-level domain, and then someone can register pizza.pizza. This might be a dumb question, but I didn't realize that one company can just own an entire top-level domain. Right. So...

So do the... Because there's the .us, .ca, are those owned by... So those are called country codes. And those are not really owned by anyone. Those are operated by someone else who we'll get to later in the podcast. I see. And then if you want to buy...

So something.pizza, you have to pay for that address through the people that own .pizza, which is the donut? So not particularly, but we will get there. I promise you. All right. So I start wondering, how do we get to this point? How do we end up at this place where this Donuts Inc. owns a quarter of the top-level domains that are available on the internet? That seems insane because you're just a private company worth billions of dollars, and you get to just spin up these top-level domains. Yeah.

So I realized I don't really understand how like any of this stuff works. So I decided to do a little research and what we found was a lot. So we're about to get into it. Oh boy.

Six months. Six months. Cue the waveform intro. I don't know. So if we're going to understand how we got to this point where one private company owns like a quarter of all top-level domains on the internet, we kind of have to understand how we got to the domain name system in the first place. Right? Yeah.

But to just give you a brief intro of what's going on, the internet, as we know it today, actually used to be a research project run by the US government, and it was called ARPANET.

And originally, the entire purpose of it was to allow different computers that were far away from each other to do something called time sharing. So you have a supercomputer at a university, and another university wants to use that supercomputer. You can basically log into that computer and use its computing power, right? Amazing. Yeah. So the original purpose of this internet thing, which was the ARPANET at the time, was to just share resources and also share information with each other. It's very wholesome.

Yeah. It's kind of like remote desktopping across. Yeah, it's absolutely remote desktopping. And it's funny that remote desktopping now seems like an additional feature you can do with a computer because it was originally the whole point of the computer of having an internet, right?

This only works because computers have IP addresses. You guys probably know what IP addresses are. It's like a unique identifier that your computer has that it's like a home address, right? If you want to mail a piece of mail somewhere, you have to know where to send it. If you're sending it over a network, you have to know what computer to send that to over the network.

At the very beginning of the ARPANET, there were only a few computers on the ARPANET. You had government organizations, university computers that were being sponsored by ARPA, military. It was all basically only government stuff because this was just a government research project. Side note, spurred by the launch of Sputnik in 1957, just like the whole NASA episode that we did.

everything comes back to 1957 that we'll get into that in a future podcast at the time uh

The IP addresses that were being given out to all these computers were managed by one guy at the University of Southern California. His name was John Postel. And so effectively, if you wanted to be on the ARPANET on the internet, you basically call up one dude who ran a spreadsheet, like an Excel spreadsheet basically, right? And he said, "Hey, John, I want to be on the ARPANET. Here's my computer. Can you issue me like an IP address?"

And he's like, oh yeah, sure, yeah, sure. So he literally like adds you to the spreadsheet and then every night he distributes the spreadsheet onto the internet or the ARPANET and everyone's computer downloads the spreadsheet.

So if you want to do time sharing with another computer. Like a directory. Yeah, it's a directory. It's a phone book. You put in their IP address and it allows you to go to their computer. But you have to know like, oh, David is at 186.8.4.2. Right. Yeah. Which just the sheer ridiculousness of like one single spreadsheet. I'm trying not to make any crypto references.

Well, please do. You can because the thing about the internet is that it's a distributed network. There's centralized, decentralized, and distributed. And the internet is distributed.

Meaning it's on a bunch of different servers in a bunch of different places that are all updating with each other. Meaning every node on the internet connects to almost every other node. So even if one node gets destroyed in the early days they were worrying about potential nuclear attacks knocking out a major node, you can still send information across the network, right? Got it. So.

So yeah. So this guy was maintaining the spreadsheet, which was completely ridiculous. But it didn't take long after the development of the ARPANET and everyone realizing how useful this was for other governments and universities and agencies to want to be on the internet too, right? So NASA, Department of Energy, more universities, everyone that was technically legally allowed to be on the internet were just like, wait, John,

John, put us on the internet. Get me in there. Yeah. Yeah. So this spreadsheet starts getting real big. Uh-huh. Real big. And it's like, it's one guy managing this spreadsheet. Seems like a terrible idea. Yeah. Yeah. So the more people that started to get on it, the more they realized like, okay, this whole IP address thing is like not working. Obviously, you still need IP addresses, but humans don't really think in terms of numbers. They think in terms of words. Yeah.

So, they spun up these top level domains, these websites. And the seven original ones were .org, .gov, .mil, .edu, .int, .net, and .com. And these were basically just the different organizations that were allowed on the internet. Yeah. Right?

Fast forward to the 1980s and the internet is growing very, very fast. It would eventually get to the point where the public would have access to it, but the guys in charge of this project kind of saw the writing on the wall and they knew the internet was going to be a thing.

It spans the globe like a superhighway. It is called Internet. Imagine, if you will, sitting down to your morning coffee, turning on your home computer to read the day's newspaper. Well, it's not as far-fetched as it may seem. You need a computer and a phone, and suddenly you're part of a new mesh of people, programs, archives, ideas. This was going to be a thing that everyone was going to use, and they needed a solution to scale it, right? Because, again, a spreadsheet, even if you're using domains... Yeah. Yeah.

That spreadsheet's not scalable. Was it still a spreadsheet by then? Yeah. It was literally called host.txt. Hosts.txt. Oh, man. Dang. Yeah. It was a .txt document. He was one guy and they gave him this nickname of the IANA, the Internet Assigned Numbers Authority, which started out as like a funny nickname for him and very clearly became like a lot. Yeah. You know? Just a big thing.

So they were like, all right, this isn't working. We need to set up a scalable way to do this. They thought that just having domains would be the way to scale it, but a host.txt file is not scalable. So they put out this call for ideas because they were like, the public is eventually going to get access to this thing. We need to have a scalable, secure way for everyone to do this. So this guy named Paul Macapetris came forward with a pretty simple and elegant solution called the DNS system.

Or it's not DNS system, that's redundant. The DNS, which stands for domain name system. Yeah. So do you guys know what DNS is? Man. Okay. I did have a class in college that explained all of the basics of DNS, IP addresses, and all the things that go behind making a website. Okay.

I've forgotten 80% of it. So you might have to refresh my memory on the differences, what a DNS is, how it works. It sounds like a redirect, but I'll let you explain. That's what I was going to say. Just the way to redirect top level domain or whatever, you type into your bar into the IP address that goes to wherever that website is hosted at. That goes from a bunch of numbers to going, oh, that's google.com.

Right. Isn't Google like 8.8.8.8 or something like that? Probably something like that, yeah. All right. Well, we're going to get to that after the break. Okay.

Support for Waveform comes from AT&T. What does it feel like to get the new iPhone 16 Pro with AT&T next up anytime? It's like when you first pick up those tongs and you know you're the one running the grill. It's indescribable. It's like something you've never felt before. All the mouthwatering anticipation of new possibilities, whether that's making the perfect cheeseburger or treating your family to a grilled baked potato, which you know will forever change the way they look at potatoes.

With AT&T NextUp Anytime, you can feel this way again and again. Learn how to get the new iPhone 16 Pro with Apple Intelligence on them and the latest iPhone every year with AT&T NextUp Anytime. AT&T, connecting changes everything. Apple Intelligence coming fall 2024 with Siri and device language set to US English. Some features and languages will be coming over the next year. Zero dollar offer may not be available on future iPhones. NextUp Anytime features may be discontinued at any time. Subject to change, additional fees, terms and restrictions apply. See att.com slash iPhone for details.

Thumbtack presents the ins and outs of caring for your home. Out. Indecision. Overthinking. Second-guessing every choice you make. In. Plans and guides that make it easy to get home projects done. Out. Beige on beige on beige. In. Knowing what to do, when to do it, and who to hire. Start caring for your home with confidence. Download Thumbtack today.

All right, we're back. So I sort of like to think of the DNS as like a layered network of phone books, sort of. Effectively, you're putting in the URL that you want to go to in your address bar, and then your computer needs to find what's the IP address of that. Because a website is not like words. A website is just a server, right? So you're accessing that computer just like the time sharing on the ARPANET. You're actually just accessing that computer, and it's like giving you the website, you know?

So generally, on your browser, your browser caches what the IP address of websites are when you've already accessed them within the last few days. So it'll stay on your computer for a little bit, and that way it's just way easier to instantly go to that website so you don't have to ask a bunch of questions. If your browser doesn't have that cached because it clears its cache every few days automatically, it will ask your OS. And your OS does the same thing, where your OS also caches IP addresses.

But your OS also wipes your cache every few days because IP addresses can change. That's a whole other thing. So then if your OS doesn't have the IP address, it goes to your ISP. And your ISP, your Internet Service Provider, has this special type of server which is called a recursive server or a resolver server.

And the reason that this is sort of like a layered stack of phone books is because that resolver server will jump to a bunch of other servers and say, "Hey, do you know where I can find this IP address?" And it says, "I don't know the exact place, but I know the name servers are over here." And the name servers can tell you where to find .com or .org or .net.

And it's sort of just going back and forth where you have this ISP right here and it goes bing bong, bing bong, bing bong. Got it. Yeah. Was that weird? Bing bong is... Maybe describe bing bong for the audio listeners. Bing bong. When I'm saying bing bong, I'm... I don't know. It's like a... Going... To, from. Just bouncing forth. To, from, to, from, to. Yeah. Back, forth, back, forth. Yeah. Jumping back and forth, basically. New York is back, baby. Bing bong. Yeah. Bing bong.

Yeah, okay. So anyway, your ISP eventually will get told where that IP address is, and then it caches that for a number of days so that not only when you ask for a website, but when other computers that are also using your internet service provider ask, it can immediately tell them, right? The entire purpose of this is to sort of make it as fast as possible to access the websites that you're looking for and not have to go through this whole DNS system. So it's all based on caching and all of this stuff.

And remember this ISP resolver thing later because it's going to come up again. It's kind of important.

So anyway, this is a pretty elegant system. The DNS system is a hit and it's working pretty well and it's, most importantly, it's scaling. Tons of people are getting on the internet. The public's getting on the internet. It's just, it's scaling really fast. Yeah, but suddenly the public could start registering their own web pages because once they originally got access to the internet, they could start making blogs and stuff like that. Mm-hmm.

And luckily, we have this robust DNS system so that people can actually get to the websites that they want. But that also doesn't mean that the system is perfect. Because the scale of the internet was growing the way it was, it became a lot of work for John Postel,

to keep registering domains, right? Like he'd moved on from the spreadsheet, but he was still by himself the IANA, the Internet Assigned Numbers Authority, one guy at USC registering everyone who wanted to be on the internet.

And this was like an exponential growth of people who were getting on the internet, right? It's like the amount of people that used ChatGPT over the last three days, it's been like a million people in three days. Imagine you're one guy and a million people come to you and ask for something. Like that's just too much. So suddenly the National Science Foundation was paying like his salary.

And it became too much work for him. So they started basically contracting out a third party to register domains for people. And that was a company called Network Solutions. So as soon as the public had access, this started to become a problem because when web pages started popping up and stuff, the lawyers at USC started being like, people are going to have disputes over who gets what domain. Because at the current time, you could just reach out to John and you could just say,

"Hey, I want pizza.pizza." And he would just be like, "All right, you got pizza.pizza." And it didn't really matter. But when they started contracting the work out to Network Solutions, they had to pay Network Solutions and the government started being like, "We're paying real money to a real company to register domains for people and that is taking our government money. Why are we doing that? That makes no sense."

So Network Solutions is like, well, we could charge people for domains and then we could like put that money back into the National Science Foundation. And there's a lot of drama over this because the government was handling, you know, it was a research project, right? It was like, they're like, is this still a research project or is this becoming like a thing? Like this is profit scaling business. Yeah. Like actual businesses, actual commercial work is getting put on this and this is becoming a problem. So what happens though, if you said you can just call them up and

and ask for a domain, what if you are like wannabenintendo.com but you're not actually Nintendo? Can you just...

How is he confirming that? No. No confirming. We're just, we're full send. Full send. We're just like, you are now Nintendo.com. That seems like a big problem. Yeah. So the lawyers are like, this is a big problem. And they're like, look, we got, we got like commercial information flowing over government sponsored and paid for servers that are being hosted at private universities. Yeah.

This is three separate entities that are never supposed to touch. This is a big problem. So the lawyers are like, we got to get this like internet registration thing out of the university as like fast as possible. Right. So this takes a while. The government kind of puts forward these different papers for what they want the this like potential internet or registration organization to be. They have, you know, they're drafting this paper. They're like, it should be this and it should do this and it should have these laws and

And eventually they come up with a paper that basically states exactly what they want this third party organization to be. Originally, they were like, it should be in Geneva because there's no problems in Switzerland, right? They're so unbiased and all this stuff. By now, this was being handled by the U.S. Department of Commerce. And of course, the U.S. Department of Commerce, anytime they see an opportunity for capital C capitalism, they

They're going to take the chance here. So they basically, within this paper, developed this way for internet registration to work that would spur competition. It would be a whole new industry. It wasn't just going to be IANA that people were going to pay IANA and that was going to work. It was going to be distributed into different roles. So this organization comes forward calling themselves ICANN, the Internet Corporation for Assigned Names and Numbers.

And they win the contract to basically be the organization that will be this oversight board. They create the rules on how internet registration works. They maintain everything.

And then below them, because they're just a governing body, they're like a standards committee in a way, there are going to be two different types of registration things. There are registrars, which are companies that you are almost definitely familiar with. You've got things like GoDaddy, Google Domains, you know, that name.com, Namecheap. GoDaddy is the largest registrar in the world by now, or right now, by the way.

And basically registrars are just, they're the ones that interface with you where you say like, hey, I want to register pizza.pizza. You go to GoDaddy and they sort of like deal with it, but they don't actually like maintain the .pizza domains. They just handle the money transfer stuff, you know, and they handle registering it for you. They're like a broker. They're basically like a broker.

And registrars have to pay ICANN a little small fee when they register domains, which helps keep ICANN afloat. Because remember, ICANN is a nonprofit organization. And they also have to pay the registries a little bit. And the registries are probably the guys you have not heard of, which is Donuts Inc., there's Pool.com. There's all of these registries, and effectively what those registries do is they maintain the top level domains.

Right. So dot pizza. Yeah. Dot fun. Dot joy. Dot.

Are the other names all just random nouns as well? Donut and pool? They're just flexing on ping pong. Yeah. For posterity, Donuts is now Identity Digital. Donuts is cool. Literally, while we were reporting this story, they changed their name. That is the most corporate overlord name possible. Apparently, Donuts used to be a play on DNS because it's Donuts. Uh-oh.

But there's like also multiple stories that have been reported for where this has come from. Wow. Yeah. Yeah. So to me, it seems kind of weird that you can just like, you know, you can just spin up .pizza and be like, I'm going to own .pizza. I'm going to deal with this and I'm going to make billions of dollars out of nowhere. And it is kind of weird. I mean, it's...

You can just be a registry, right? But to be a registry, you are sort of helping maintain the internet because you are maintaining the .pizza servers. You have to like have a lot of infrastructure ready to let .pizza work, right?

So if you decide to own .pizza, you've got to maintain .pizza. You've got to make those servers work so that .pizza can even be a thing. Okay, so there was a little give and a little take. There's a lot of give and, yeah, there's a lot of take. Little give, a lot of take. Yeah. Comparatively. If there's some gigantic company that decides to buy a .pizza domain and suddenly they're running huge businesses and things on a .pizza server and you're...

maintaining all of that for them. In general, isn't that server just the one that's redirecting to being the redirection? No. But it is sort of like the symbiotic relationship because ICANN is a non-profit organization that's just like a standards committee and the registries, when they want to create a new top-level domain, say Donuts is just like

We think there should be a dot pizza. They go to ICANN and say that. And then ICANN says, hmm, interesting. Okay, I kind of like that idea. Hey, all the other registries out there, are you interested in being the dot pizza thing? And then they can bid on that.

So they can bid on who gets to be the dot pizza overlord, right? You have to put a lot of money into it and then you have to have tons of maintenance and stuff. But it's very much this kind of symbiotic relationship between the people that create the standards for the internet and the people that create the infrastructure for the internet. So while it does seem like a little bit weird and sketchy, you can just spin something up, it's still good for everybody because that's

That competition that allows donuts to go and say, hey, we think there should be a .pizza. It allows people like me to spin up .pizza domains, right? Or like, you know, bangersonly.net, you know? Leagueoflego.com. I shouldn't have disclosed that. I might get sued again. I'll beep it out. Yeah, you can beep it out. It's incoming. Yeah, yeah. So yeah, it's not like necessarily as nefarious as it seems. But...

While doing a lot of research on the things that ICANN actually does and maintains and the rules that they put into place, I started hearing these rumblings and reading these rumblings of this secret meeting called the Key Signing Ceremony that ICANN conducts. It's the Key Signing Key Ceremony. And I was sort of just doing like basic research into it. And everything that I was reading was basically like,

There are seven different people from seven different countries who every three months all come together at a secret facility and perform a ritual that takes three to four hours. And everything on the Internet was like, these are the people that can take down the Internet. And I was like, what? Like, this is insane. Sure.

This sounds like a James Bond. I love it. It's like immediately picturing like a cauldron. Yeah. Yeah, like seven people from seven different places all have to physically come to the same location to perform a ritual. And when you say ritual, you mean like a...

It's a ceremony. Like a spreadsheet type ritual? Well, I didn't really know. Everything just said it's a ceremony and it takes three to four hours. And I was like, is there blood involved here? And they all have keys, you said? Yeah. I'm just imagining this giant wall with these big keys that they put in and all have to turn at the same time. Right, they have these hyper-protected keys that they have to bring with them to this physical location. Oh, I was going to make that up. No, no. They all bring in one different animal.

And they all have to put the animal in a box. Okay, so there's keys. Yeah, they bring in these physical keys that they bring with them from their country. Imagine forgetting your key.

I made my fight. I didn't even think about that. I got my key. Sorry, guys. Yeah. Can't do the ceremony. Yeah. So I was like, this sounds insane. Yeah. And apparently it's been the topic of like a CSI episode and like a couple of random ones. What has? I mean, this is great. This is great. Like headline fodder. Oh, absolutely. The most clickbaity things like these people could take down 80% of the internet as you know it tomorrow. Believe it or not, that's like what all the headlines say. Yeah. And I was just like, this seems insane. Yeah.

And I want to verify what's actually going on here. So, we'll find out what's going on after the break.

This episode is brought to you by Indeed. We're driven by the search for better, but when it comes to hiring, the best way to search for a candidate isn't to search at all. Don't search, match with Indeed. Use Indeed for scheduling, screening, and messaging so you can connect with candidates faster. Listeners of this show will get a $75 sponsored job credit to get your jobs more visibility at indeed.com slash SBO. Terms and conditions apply.

Support for the show today comes from NetSuite. Anxious about where the economy is headed? You're not alone. If you ask nine experts, you're likely to get 10 different answers. So unless you're a fortune teller and it's perfectly okay that you're not, nobody can say for certain. So that makes it tricky to future-proof your business in times like these. That's why over 38,000 businesses are already setting their future plans with NetSuite by Oracle.

This top-rated cloud ERP brings accounting, financial management, inventory, HR, and more onto one unified platform, letting you streamline operations and cut down on costs. With NetSuite's real-time insights and forecasting tools, you're not just managing your business, you're anticipating its next move. You can close the books in days, not weeks, and keep your focus forward on what's coming next.

Plus, NetSuite has compiled insights about how AI and machine learning may affect your business and how to best seize this new opportunity. So you can download the CFO's Guide to AI and Machine Learning at netsuite.com slash waveform. The guide is free to you at netsuite.com slash waveform. netsuite.com slash waveform.

All right, we're back. Key signing, key signing key ceremony, vampires, people eating each other. Nine mysterious faceless figures emerge from the dark. Seven key holders of the internet. Each holding mysterious keys. Yeah, this sounded completely absurd. So I started spamming ICANN with emails.

Nice. I was like, I want. As you should. Yeah. I was like, hey. I don't want to get involved in this mess. This seems a little mysterious. Oh, I love to throw myself in front of bullet trains. Fair. I want to get in the middle of the danger. So I'm like, I want to come to this. Can I come to this? I want to come. Can I come to this? Can you let me come to this? And at first they said no.

And then I battered them for three more months and then they said yes. I mean, if you hear ritual and then get denied access, you want to go more. I would be like, well, now I have to go. And it's going to happen every three months. It's going to keep happening. Right. It's every three months. And it rotates between an indescript building in Culpeper, Virginia and an area of L.A.

Yeah. Apparently like right as, yeah. Right as you leave the LA airport, there's like these indescript black buildings and nobody ever knows what they're for. And this is where this happens. It's cause it's near an In-N-Out. I mean, yeah. Prove me wrong. That's,

It is though. Yeah, that's true. It is right there. That's true. That's what LAX is. It's just an airstrip surrounded by In-N-Outs. Yeah. So ironically, the one that they denied us access to was in LA, even though I was ready to just fly to LA and do this. But they rotate, so the one that they finally said I could come to was the one in Virginia. And because we live in the New York, Jersey area, it's not completely out of the question to drive to Virginia, right? Yeah.

So, Ellis and Adam and I pack into a car and we go to see what's really going on at the source of the internet. This explains why you asked me for a hotel room for an undisclosed location. Yeah. I didn't want to spoil it. Not a lot of people go overnights in Virginia for work for no real reason. I did say yes. I did say yes. And when I was like, "Where are you going?" You were like, "I can't tell you where I have to kill you." It's hard to say no to that, I guess. Yeah. Yeah. So, yeah, I didn't want to spoil the podcast. Yeah.

So as you can see, we did not get sacrificed. Yeah, you're back. We're still alive. That's really good. Yeah. And it turns out everything that this ritual has to do has to do with DNS, which is amazing because maybe it will answer my question of who owns .pizza, right? Because I just want to get pizza.pizza. This is the key to the entire story. The key to the internet is the key to .pizza. The seven keys.

Right, the seven keys. The seven keys. I almost forgot that this was the motivation for everything is we need pizza.pizza to happen. Oh, yeah. We still need pizza.pizza to happen. All right. So back in 2010, a security researcher named Dan Kaminsky found a major security exploit in DNS.

and the exploit is called DNS cache poisoning or DNS spoofing. Do you guys remember when you would see things on TV and they'd be like, don't connect to rogue Wi-Fi networks in your internet cafes and all that stuff? Or the airport or something. Yeah, or the airport. And people are still putting this kind of stuff out, but it's not as important anymore. It doesn't seem as crazy. There's not as many public service announcements saying don't connect to rogue Wi-Fi networks.

Effectively, this DNS cache poisoning hack, how this works is that when your ISP's resolver is ping pong, ping pong, ding dong, whatever. Bing bong. Bing bong. Bing bong. When it's bing bonging between the name servers and all these different servers, every time it asks a question to one of these servers, it sends out a query number. So question number 1,000.

And then you answer. This is the answer to question number 1,000. Question number 1,001. Bing. Bing. This is the answer to question number 1,001. Bong. Bong. Right. Exactly. So what happens in this DNS cache poisoning thing is that this nefarious server over here just sprays out query resolves. It just sprays out answers to these queries. So it's like, hey, I've got the answer to query 1,000 through 1,099. And it's just spraying them out.

So if it's able to attach to the query question before this other server over here is able to give the answer, then your internet service provider server resolver will just be like, oh, okay. And it takes that answer. So nefarious server can just be like...

Yeah. So Nefarious Server can just be like, "Yeah, here's the IP address of the website that you're looking for." So imagine you type in facebook.com. Your browser doesn't have facebook.com cache, so it asks your OS. Your OS doesn't have it cached because you haven't been there in a while. It goes to your ISP. Your ISP doesn't have it cached because it hasn't been there in a while. It sends out that query, and then the Nefarious Server says,

"Oh, facebook.com is at this IP address." It routes you to a fake facebook.com login page. Looks exactly like the regular facebook.com login page. You type in your username and password, hit enter, and then it forwards you to the real facebook.com and you are none the wiser that they just stole your information. This could be a lot even worse if it was like a bank, right? Bank login page. They just stole your login info for all of your money.

And this was a really, really big issue because the internet is built on trust. Back in the day when it was just a research project,

The internet, nobody had to worry about nefarious actors. It was literally just the government, universities, and scientists, and they were just sharing information. It was like, literally no one worried about this. It was the good old days. The good old days. Yeah. But as soon as money is added to any sort of thing, as soon as there's money to be made, there's going to be nefarious actors that try to steal your information and your money, right? Yeah.

So ICANN was like, all right, this is a huge problem because the entirety of DNS is built on this. And because the internet is built on trust, imagine like 50% of the time you have no idea, or actually all of the time, you have no idea whether or not when you go to facebook.com and it has you log in, if you're logging in or if you're literally giving away your information, nobody's going to use the internet if nobody knows if it's secure. Like,

Like, that's just a core part of it. And I think a lot of people think about, you know, oh, I'm just like, I'm this like little guy, this random person. Nobody wants to steal my information. But it's not even about that. It's like the biggest websites on the internet are just going to be continuously targeted and all of the information of everybody is just going to be stolen. Yeah. So the internet organizations and ICANN are like, well, we want people to keep using the internet and they're not going to use it if they think their info is going to be stolen. So we need to figure out how to patch this. Right. Right.

DNS works in a very specific, elegant way, and they don't want to change up the way that DNS works completely because this is like, it's the way that things have been going for a long time and it works really well. So what they decide to do is add public key cryptography to the DNS system. Do you guys know how public key cryptography works? Nope. Nope. Let's talk about basic cryptography really quick. So here's an example. I want to send you a message, right?

But I don't want anyone else to be able to just take that message. So back in the day of spies and stuff, you could encrypt a message with some algorithm and then meet someone in a park, give them your letter. And if they also have the algorithm, say that you had the algorithm on a USB drive and you give them the USB drive, they could then decrypt it on their end. But with the internet, when you're sending information over the internet,

That encryption key is what it's called. It's called an encryption key. You can't send someone else the decryption key because then you have to encrypt the decryption key. It's a recursive problem, right? It's this layered problem. So what they came up with was this thing called public key cryptography.

And basically how this works is that every website has both a public key and a private key. You can think of the keys as just encryption algorithms, right? Every website's private key is something that only they know. Like nobody else is supposed to be able to get access to the private key, but they distribute their public key all over the internet. So when you request facebook.com, you have the public key for facebook.com, right? Yeah.

But only when you say, "Here's the public key for Facebook.com," only when the private key interacts with the public key of Facebook.com does it actually decrypt the data and give you the data, right?

And that way, if a nefarious actor was able to inject the fake IP address of fakefacebook.com, when your public key interacted with fakefacebook.com, it would not be able to decrypt the information because it doesn't have the public key there. Does that make sense? Yeah, so it wouldn't match.

Yeah. So when you create a public key and a private key for a website, specifically when you create a private key for a website, that's what's considered a website being signed. You've probably seen this in your browser before. You have this little lock on a site, and it says this website is signed. This website is secure. You've also seen HTTPS versus HTTP. That means that website is signed, secure. Is that what the S stands for? Yeah. Hypertext Transfer Protocol Signed.

I think it's secure. Usually there's a lock or something. Yeah, it's a little lock. Yeah, yeah. So HTTPS means that they have a private key. So it means you can be sure that when you access this website, it's the real website. Go to mkbhd.com. We got a little lock. Right, right. We used to not have it and we used to get a lot of that. Oh, really? Yeah, yeah, yeah. Got a nice lock there. Years ago, yeah. It's Hypertext Transfer Protocol Secure. Secure. There it is. Yeah. Beautiful. Yeah.

Cool. So now ICANN for a number of years has been trying really hard to get more, basically since 2010, to get as many people to move over to this public key cryptography methodology as possible. A lot of the original top level domains, they're still trying to get to move over. Even the country code domains, you know, like TV for Tuvalu.

Some of those are not signed. Wait, what? TV's what? Oh, I didn't explain this earlier. TV is not. Sorry. Okay, sorry. So Twitch is based in Tuvalu? Yeah. So, okay. No, this is actually amazing. I know this is a side tangent, side note. I thought TV's television, so I'm lost. No, okay. So when they created all of the non-

non-generic top-level domains, .com, .org, .gov, .net, that kind of stuff. They also created country codes for all of the countries. And actually, they're not specifically just countries. They're areas of economic interest. So IO, guess what IO stands for?

Dot IO. It's not input output. No. Okay. Guess what that stands for. And everyone uses it as a tech website because it's like IO, input output. Yeah, yeah. It's a region. It's an area of economic interest. Indonesia. No. Iowa. Country cuts. It is the Indian Ocean. Oh. Wait, what? Okay. The ocean. So if there's enough...

All right. Yeah, ICANN is not the UN, right? They don't want to be the ones that are designating what's a country and what's not because that gets really complicated really fast. There's wars being fought about that. Exactly. So you just define regions instead. Regions of economic interest. Areas of economic interest. Okay. So basically ICANN just distributes all of these country code domains and they allow the countries to maintain them.

So Tuvalu is an independent nation, but ICANN has given them the .tv because it's Tuvalu. That's a big responsibility for that small region. Well, it's a huge moneymaker for a lot of these small regions. Oh, okay. Yeah, think about this. .gg...

That's like all gaming websites use .gg? All their hyperlinks are .gg. Like we have mkbhd.gg, I think, is our Discord link. Something along there. Yeah, gg is Guernsey.

Right? It's like these are actually areas of economic interest. So a lot of countries and areas of economic interest make a lot of money off of being able to just sell these top level domains. And the ones that have handy ones like .tv or .io or .gg, they make a lot of money at this, which is great for them, especially small island countries. Shout out to Tuvalu. Shout out to Tuvalu. All our Tuvalu fans out there. Gotta go visit the home of Twitch someday. Yeah. Our next road trip, we're going to ask to go to Tuvalu. A long road trip.

Okay. So anyway, let's get back to what happens at these events.

I can key signing key ceremonies. Let's talk about that. Right. What happened? Yeah. So we drive all the way to Virginia. We stay in a little hotel. So we get up in the morning at our hotel. We, you know, have some breakfast and we start driving into the countryside and towards this secure location. Right. Okay. We're driving up this road and we start seeing little cameras just peeking out on this dirt road and we're filming and we're like, we

we should probably stop filming. So we immediately stopped filming and we're just going up this dirt road and there's just more cameras as we're going up the road. And we end up at this giant facility with this big gates and cameras pointing in different directions. And we drive up to the gate and they're like, what are you here for? Who goes there? Yeah, basically. We're guests for the I Can Keysighting Key Ceremony.

And they're like, hmm. And they go talk to people and they come back and then they unlock the gate and we go in. Yeah. And it was like, hmm. So you're not allowed to film anywhere leading up to the building or anywhere in the building except for in the secure room in which the key signing key ceremony takes place.

Right? It's a good rule. Yeah, which is a good rule because making something digitally unhackable is basically impossible because people will always find a way to hack it. But making something physically unbreakable

It's doable. Doable. Yeah. Yeah, exactly. So this is why they do this. So we go in, we go through multiple layers of security. We have to show them these QR codes. They have, not for us, but for people who have done this a lot, they have iris scanners, they have thumbprint scanners. This is everything I was dreaming it would be. Oh yeah, this is like secure, secure. Because again, this used to be under the US government. This used to be under the US Department of Commerce.

And it was only at the very end of Obama's administration that he spun it off. He canceled the contract with the Department of Commerce, spun it off to be its own independent organization. So they still maintain most of the government security protocols that they had at the time. So we follow them through these rooms.

And we have lunch, we have very nice sandwiches. And then we go into this super secure room. And even just to get into the room, we were with all these key holders, right? Now, one thing to note that the internet got wrong is that you don't need all seven of the key holders of the internet to be there at every single meeting. You only need like a few. They invite most of them because they're all from different countries. And

by the way, most of them are not employed by ICANN. They're just security researchers from all around the world. So they do this willingly.

And they have to take time off and fly to America to perform this ceremony. So we walk in after we go through all these security protocols. People are using iris scanners, thumb prints. And even just to get into the room, you have to have two separate people scan these key cards to allow them to enter the room. You have to sign in every time you enter the room. The amount of tracing to know when anyone has done any action is insane. It's totally insane.

So we go into this room and the room is kind of wild because there's a seating room where everyone sits and then there's like a front desk area for people for the person that is administering the meeting to like call the meeting to order and do everything. But there's also just a giant cage next to you. And within that cage is like two safes.

And effectively what's happening during this key signing key ceremony is that ICANN is signing the root zone. And the root zone are the servers that your ISP's resolver or recursive server, it's the first thing that your ISP's resolver asks for an IP address. So if the root zone is signed, that basically means that

That first jump that you went to in the DNS system to ask for where this IP address is, is also secure. So just like a website becomes secure, that whole zone of saying, "I'm telling you where to go," you know that the information that it's telling you where to go is the real information.

So if ICANN is able to do that, your ISP will pretty much never get false information. Because even if your ISP is sending out query numbers and this nefarious server is sending out bongs, wow, sorry, we'll do that again.

I always say things and then they become inappropriate. I never think about them. Anyway, even if your ISP is sending out query numbers and a nefarious server is sending out responses to those query numbers, it uses the same cryptography to know this response is legit. Right?

So now when you spin up a new top level domain, I can requires that that top level domain is signed and that everything that comes from that top level domain is signed. But a lot of the originals have not been signed yet and they're trying to get more people to sign them. But this ritual is,

It's basically made to every three months, re-sign the root zone. So anyway, yeah, all these people are from different countries and to perform any action requires at least two to three people. So to get into the cage, two people have to scan into the cage. And then other people have different jobs where like only one person knows the code to one safe. Only one person knows the code to the other safe. They open the saves. They build a computer.

on the desk of the guy that's administering the whole ceremony they literally have a laptop that is just a shell they have to put in the battery they have to put in like all of these different parts of the computer they boot the OS off of a DVD like everything they have a power cable that like only

It only goes into a certain area. Everything about this computer is air gapped, which means it's not connected to the internet. They de-build it and rebuild it every time they do this. That's awesome. It's crazy. That's really cool. Isn't that awesome? Yeah. And then what they do after they go through all this cage stuff and all this stuff, and then they build a computer, is they have this thing called an HSM, or a hardware security module. Basically what this HSM is, is it's a key generator.

that also needs people with key cards to put their key cards into just to turn on. And then that key generator algorithmically signs all of the root zones. It creates new cryptographic keys for all of the root zones that lasts for the next three months. Yeah. So it's this insane process, right? And the crazy thing about this is there's maybe 15 people in the room. Every single step

that goes through the ceremony, every person in the room has to sign off that that happened exactly as it was supposed to. Because they distribute the script for the ceremony way before the ceremony even happens. You can see it on the internet before you even do it. Every single little task is

is like specifically test number one, test number two, test number three. And it goes just like, it's like three to four hours of ceremony, right? So every person in the room is like, yep, I agree that that worked the way it was supposed to. Yep, I agree that worked the way it was supposed to. And there's just like no way for any one, two, three, four nefarious actors to like mess up the key signing ceremony, right? It's like,

every single perceptible way that they could get people to one person could say i don't think you did that right and that actually happened at our ceremony where like one thing happened incorrectly and a couple people were like wait wait wait do that like oh and they fix it and it's wild and as secure as the ceremony like is you know being able or having to like

Go to this this undisclosed location or secure facility and then not being able to film leading up to all this stuff Oh, yeah, you can see the document here Ellis brought it in. This is the key signing key ceremony script Look at the amount of pages in this 34 page double-sided document Normally this takes about four hours our ceremony took three and they're like, I think that's a record. Oh

So a lot of it is really technical like that, but then if you go, I believe it's Act 9, Step 6.

Should be towards the back. They get much more lighthearted towards the end. Ceremony participants take a group photo. That's it. 6'9". 6'9"? Nice. Nice. They got the memes too. Very nice. I hope you might have seen this while I was out of the room, but the whole thing is like,

part of a public record. Like you can go on YouTube and watch Key Signing Keys Ceremony #47 and we're in it. Welcome as well. David Immel. Here. Ellis Rovin.

And Adam Molina, here. Great. And so in the beginning, there's a step where everyone introduces themselves. And when they're like, all right, the YouTube guys, let's have them stand up and introduce themselves. And on the public record, as we stand up, one of the administrators goes, Smash that like button. Smash that like button. Smash that like button.

Yeah. So, so yeah, the incredible thing about this actually is that with how insanely secure all of these steps are, right? It's actually security through transparency because they actually live stream this entire process on YouTube while they're doing it with the comments on.

They have seven different camera angles, one that's pointing directly down at the hardware security module, one that's pointing at the audience, one that's in the safe, one that's this direction in the safe, one that's doing this. They show you as many angles as physically possible. They're using a black magic switcher to just like...

It's crazy because they're so public about everything, but because there are so many places to stop these potential points of failure, just because you need a number of people to sign off on things, it's actually one of the most secure possible things there is. They're like putting it all out there. They're like, this is how it works. This is exactly the scripts. This is what people need to be there to do the thing.

But you can't break in. It's literally impossible to break in. Verified from every angle. Yeah. Wow. So it was a pretty crazy experience. And what's crazy is that they're supposed to rotate the key holders out. It's like every few months the key holder is supposed to rotate out or something, like every few ceremonies. But they never really ended up doing it. And then they were going to retire. A couple of people were going to retire in 2020, but then they didn't because of COVID. Yeah.

And so the ceremony we were at was the first ceremony where anyone ever retired. And so two people retired at that ceremony. It was like really emotional and like,

I don't know, Ellis and Adam and I, we were like, it felt like a summer camp kind of thing because we're in this room with all these people for three and a half hours. We have lunch together. We have this debrief afterwards where everyone's like, all right, do you think that could have gone smoother? What could we have changed? What can we change in the script next time? And they retire these people and it's just like everyone's starting to get emotional. It's really weird. That's awesome. So anyway. Is this how you became the new key holder? Yeah.

I actually asked if I could be a key holder and they were like, you go through a rigorous process of deciding who is going to be a key holder. Yeah. So basically background check you for everything. You can apply. And like we talked, one of the people that retired was someone from Sweden and she was getting replaced by a new person from Sweden.

And we asked the new person from Sweden, like, oh, like, you know, what do you do? And she's like, oh, I've been in the cybersecurity industry for 30 years or something like that. It was like she was like really insane. Her credentials were crazy. So like they go through like a rigorous vetting process just to be able just because they want to make sure that anyone that is doing this stuff knows what they're doing. So you don't have what it takes.

Probably not. Probably not. So anyway, yeah, it ended up being kind of crazy because the DNS system is this thing that we all use every single day. We all assume that it's safe and secure and that when you go to a website, it's the real website and people wouldn't use the internet if this didn't happen. And these people who meet every three months and have sandwiches together in a secure facility

They basically keep the internet safe. Like it is not necessarily true that they could take down the internet because they are just like signing the root zone and making sure the internet's safe. But they could kind of take down the internet in the sense that you wouldn't use the internet because every single popular website would be compromised. Potentially, yeah.

And it's just, it's crazy that this happens and nobody knows about it. The heroes we need, but not the ones we deserve. Absolutely. And they were the nicest people ever. It was, it was crazy. Um, so I guess to wrap this all up, uh,

I guess it does feel slightly sketchy that Donuts owns so much of the internet, but it's also under the oversight of a nonprofit organization whose goal is to keep the internet safe. And it's a symbiotic relationship between private companies and oversight boards and

I don't know if there's a better model for this. They've thought about moving these ICANN ceremonies to different countries, obviously, because the internet sort of used to be a U.S. research project, but now it's owned by everybody. It's not even under the Department of Commerce anymore. And the fact that the meetings happen in L.A. and Virginia is a little bit U.S.-centric, so they're thinking about moving them. But I feel a lot more...

Feel a lot more secure about the fact that there's not some like nefarious overlords that are kind of running all this stuff You know there have been registrars who the people that run our registrars have gotten in a lot of legal trouble for like selling domains before I can even said they were like available and there have been random nefarious bad actors, but Overall, I think it's something that is just technically good for everyone and

And the last thing I got to note is that the irony of this whole story about who owns Pizza.Pizza is

actually completely kind of wrong in the first place because when I would did that who is look up to find out who owns pizza pizza I just missed the guy that owns pizza pizza. I just completely missed his name Ellis found it and Ellis emailed him and Perfect ending to a David Ellis Six months later

Ellis never would have happened. Ellis, do you want to tell them about the email? Sure. So we found out pizza.pizza. We found it for sale on a domain auction site. Pizza.pizza is listed for, you want to guess how much pizza.pizza costs? Yeah, I do. You want to guess? Do we get a trivia point? One time fee? Yeah.

I'm going to guess it's $150. Wait, I guess my question is, do you pay yearly or do you pay one-time fees? There's an option to own it forever and there's an option to lease it per month. We're guessing own it forever? Own it forever, yeah. $1,000? Neither of you are even remotely close.

I don't even know what you guessed. What did you say? $150. Guys, pizza. Think of the power. Think of the value. I don't know what I'm going to tell you right now. If you want a pizza.pizza, it took six months to research a project. The name was right in front of them.

It wasn't in the Whois lookup because the dude who owns it made sure to redact all of his information. I did find it on this domain auction site, though. If you wanted to lease Pizza.Pizza, it would cost you about $200,000 a month, or you could have it for the cool price of $10 million. Wow.

Don't do it. And so naturally, so Ellis decided to email the owner of Pizza.Pizza. Yeah, we'll put these emails up for the video and I'll read them for the audio listeners. But, you know, I said, hey, what's up? My name's Ellis. I'm a producer on a podcast. We're working about, you know, top level domains. I saw you own Pizza.Pizza. Could we just like, could we just talk? Like, I just want to know like who you are, what you're about, why you picked Pizza.Pizza. And I got this email back. Hello. Hello.

Thank you for your interest until I have nothing to say. Thank you. So wasn't down to talk. Guess he just wants his cool 10 mil. I just wanted to know why he owns pizza.pizza. Is it that hard of a question? I mean, if I had something even just up for sale for $10 million, I'd consider that worth owning. Do we think he...

paid way more than that or way less than that? No. He definitely paid way less than that. I would guess because during the .com boom when it was still pretty easy to get domains, people were just parking as many domains as they physically could. Yeah. He's hoping a big corporation comes along and they have like an ad campaign where they're going to do pizza.pizza ads and then they go, well, I guess we'll have to spend $10 million and buy it from this guy. Who else do we know that does things like that?

It's only $12 a month, a year, a year, $12 a month, a dollar a month, Adam. My portfolio is pretty good. I am waiting for Lego Corporation to come to me and just buy it for me, but instead they decided to sue me. I think that's what happens when they see the price tag.

That guy's not going to get $10 million in Pizza Hut. Okay. There's no way. I'm going to tell, okay, just maybe we'll use this in a clip or maybe this will be the end of the podcast. I just want to tell you guys about my League of Legos website. Okay. So. Legos is a copyrighted word. Yes. Well, that's what you think. So, okay. I had this great idea. Do you guys know what a MOBA is? Mm-hmm. I do. It's an acronym for. I'm not 100% sure on the acronym, but like League of Legends Dota. Right.

All those different ones. Massive multiplayer online battle arena? Correct. Multiplayer online battle arena, right? So League of Legends, Dota 2, that kind of stuff. Now, in these MOBA games, it's usually like 5v5 or 3v3, and there's a lot of heroes in the game, right? So usually they have themes. League of Legends is like, you know, they create heroes. The biggest, the hardest part of making a MOBA is...

is building a hero that is unique and also balanced and also has a background and a story. So most of these MOBAs only release one hero per year, right? Dota only releases one to two heroes per year because character development is a lot. And then they also have to create skills and have them balanced and all this stuff. So what is the one company that has access to unlimited IP? Just unlimited. They have partnerships across the freaking globe.

McDonald's. Crocs. Disney. Nintendo. Lego. Oh my God. Oh my God. Nike. Did I not cue this up? Adidas. Oh, the metaverse. The metaverse. Oh my goodness. Okay, yeah. So Lego Corporation, if you go to any store, you got Harry Potter Legos. You've got New York City Legos. You've got...

Avengers Legos and you know every single possible IP has made a Lego set because it's a win-win situation for both companies right so not only do you already have the 3d CAD mile CAD models of these little minifigures you can just make like it already makes sense for Lego to have like a MOBA game but the fact that you can use any IP to

in this MOBA game means that you don't have to put a ton of effort into the character development and background stuff of this character. It's a radiated thing. It seems like the most obvious thing ever, right? So, I purchased leagueoflego.com and leagueoflegoes.com

because I wanted Lego to reach out to me and pay me, and said they'd reach out to me and sued me. Allegedly. Allegedly, that's what you wanted. In Minecraft. But I have a really great way to get out of this. So in the event that they actually take me to a physical court, I'm going to start an Irish pub.

Whether or not it's in the real world or in the metaverse, who's to say? But you know how Irish pubs and local pizza joints and these kind of places, they sponsor local sports teams? Yeah. So imagine my Irish pub, Oflego's Irish pub, right? Oflego's Irish pub sponsors a children's soccer team, and they call it League Oflego's, right? League Oflego's.

Wait, so the league has a bunch of the same team called Flegos? No, it's O'Flegos Irish Pub. They're sponsoring one team, but now there's a league of only one team? They could sponsor a whole soccer league. I'm just poking some holes in here, so I need to make sure you're ready for the Lego lawyers. We'll just say they...

Dude, the Lego lawyers do not mess around. I mean, a league has to have more than one team. So the problem here is I think you need to create a sport called a Lego. Unless... We can just say they sponsor a whole league. What if it's like a series of sort of randomized teams where each person plays a role and maybe each role has a specific skill and we can call them champions? I like that. It makes people feel like they're winning. Oh, yeah, yeah, yeah, yeah, yeah.

True, true. Champions, heroes. And it's a video game? I don't know what that... Anyway, so yeah. So the moment that I get more than a cease and desist letter, I plan to spin up the Irish pub in the metaverse for the lawyers. The Lego lawyers. I think it's a full fruit plan. And that's the end of the podcast. Almost. Okay. So anyway. So yeah. So now, now, now, who owns .pizza, dear listeners? We own .pizza.

We own dot pizza. We own dot pizza. We own dot pizza. We own dot pizza. Are you asking me to type we own dot pizza? Oh, yes, I am. I just typed David Amell owns dot pizza. Oh, my God. We own. We own. We own dot pizza.

We own We Owned a Pizza. We Owned a Pizza. How'd you get this picture of me? Anyway, that's the end of the podcast. I hope you guys learned something about the domain name system and the insane world of ICANN. Many of the people at ICANN told us that if we were able to make a podcast that they could show to their kids so that they knew what they did for a living, it would be beneficial. I'm not sure if this helped, but if it did, that'd be great. I did learn a lot, yeah. I learned a ton.

I'm probably going to learn a ton again when I re-listen to this because there's a lot of information. But I have one short burning question at the end. Hit me. The pizza you had that night when you developed all of this, was it just like not satisfactory because you had so much on your brain after ordering it?

Before ordering? That night that I wanted to order a pizza. Well, you were originally ordering pizza, correct? Well, I wanted to. You never ordered pizza that night? Oh my god. Are you serious? Oh my god. You totally left that out. I should have guessed that. I should have guessed you never. Did you guys just not eat that night? We've been working on this story for six months and you never told me that. We actually didn't have dinner that day. I fell too deep into this rabbit hole and then it was like 11 p.m. and we just kind of...

It's only right. Oh, that was perfect. It's only right. Yeah. Anyway, yeah, thanks for listening to the Waveform podcast. Also, we got to give some special thanks to the people that were helping us out over at ICANN. Patrick showed us around on his day off. Andreas and Aaron helped us and were amazing and guided us through the whole process.

Gwen hooked us up with the ICANN stuff in the first place after I pestered them for multiple months. Vint Cerf and Steve Crocker, who helped build the internet in the first place, they came on and did interviews with us, and that was super useful. Appreciate that. And Kim Davies, who is now the new IANA, the new Internet Assigned Numbers Authority, was not physically at the event with us, but he was on the iPad. It was like a little virtual head. Nice. And he's in the photo on the iPad as a virtual head. Thank you, everyone. Thank you.

Also, thank you to Vox Media Podcast Network, Adam Ellis, David, and Vane Sill for creating our intro to our music. Close enough. Peace.

Apple intelligence coming fall 2024 with Siri and device language set to US English. Some features and languages will be coming over the next year. Zero dollar offer may not be available on future iPhones. Next up, anytime features may be discontinued at any time. Subject to change, additional terms, fees, and restrictions apply. See att.com slash iPhone for details.