Does your org own your domain name and trademark?
If not - make a fallback plan now!
I'm watching in horror as the W3C tries to retain control over its domain w3.org and the w3c trademark, which to date has been held on its behalf by MIT.
MIT's lawyers seem to me to have spotted an opportunity to make some money by gouging the not-for-profit standards body.
In case anyone was wondering why this matters:
xmlns="http://www.w3.org/1999/xhtml" is why.
(Update - TIL - Modern apps don’t actually fetch these references. So the next bit is wrong for most important cases)
If www.w3.org breaks - then _all_ those xml schema all over the web and in apps break too.
So it isn't a little not-for-profit corp matter.
It's an #infosec #ddos matter .
@steely_glint The namespace names have the forms of URL's, but they are not actually addresses. It's just a pretty bad way to make them unique.
There is a convention to put documentation about the namespace on that URL, but that's not required.
@ajorg @steely_glint Most XML parser should know about the W3C schemas as standard and would not need to fetch them from the w3c site, as far as I know.
Also, most security recommendations suggests to disable all external downloads, so the impact would be minimal, I think.
Tim Panton
Elias Mårtenson
Andrew Jorgensen