The ironic twist is that in 2022, both Firefox and Chrome reverted to displaying punycode instead of Unicode, following incidents involving fake Apple websites. Surprisingly, Apple continued to show Unicode despite being a genuine victim of homograph attacks.
Just small note. Originally all browsers were showing Unicode characters in the address bar. But when malicious actors started registering domains with homographs, Chrome/Firefox switched back to showing raw punycode. Only Safari is still showing Unicode for unknown reasons.
firefox does not show the punycode by default. If you want it to render the punycode you have to set the option network.IDN_show_punycode in about:config manually
Right off the top of my head, I can say: While you _can_ definitely use any unicode character in a domain name these days, doing so almost always breaks accessibility for somebody - and I don't mean for disabled people, but simply for people in parts of the world who don't have that specific character on their local keyboard layout. For me, typing an Ü or an ß is easy, but for an US citizen, it might be a great big hassle to do so. The one best, most compelling reason to restrict oneself to 7-bit-ascii characters in one's domain names is to maximize the potential visitor base.
protip: there's a difference between "a" and "an" and they're not interchangeable. "a" goes before stressed syllables and consonants, "an" goes before unstressed syllables and vowels. So for example: "If you throw up at school, *a* nurse might give you *an* ice pack"
Dear Mr. Skeletal I am writing this letter to express my heartfelt gratitude for the incredible impact you have had on my life. Your presence, along with your newfound trumpet, has brought a melody of joy and transformation into my world, and I am forever changed because of you. When I first met you, Mr. Skeletal, I was captivated by your skeletal form and the air of mystery that surrounded you. But it was when you picked up that trumpet and began to play that I truly saw the magic within you. Your music has been a source of inspiration and comfort to me. It has lifted my spirits on the darkest of days and filled my heart with hope and joy. Your trumpet has a way of reaching deep into my soul, touching me in ways that words cannot express. But more than your music, Mr. Skeletal, it is your spirit that has touched me the most. Despite the challenges you face, you approach life with a sense of humor and lightness that is truly infectious. You have shown me that no matter what obstacles we may encounter, we can always find a way to make beautiful music out of them. You have also taught me the importance of embracing our talents and passions. Your love for music is evident in every note you play, and it has inspired me to pursue my own passions with the same fervor and dedication. So, thank you, Mr. Skeletal, for being such an amazing and inspiring presence in my life. Your music, along with your trumpet, has changed me in ways I never thought possible, and for that, I am eternally grateful. With heartfelt thanks and a song in my heart❤️
Just wanted to say, I liked this video so much, I actually signed-in to give it another watch and a like. It's rare for me to like tech-based videos outside the small group of RUclipsrs I watch, and even rarer for a video on networking/internet to teach me so many new things! I loved just about every part, even the sponsor bit was well done! And I got an unreasonable amount of joy to hear somebody else also pronounces Ko-Fi that way! I _am_ questioning your choice in terminal font though... but I can't blame you too much, those 7s look sweet.
Also usually you are not allowed to have letters from different scripts, ie alphabets, in a domain name, in order to avoid things like the little o vs little omicron example shown in the video
For years I've known about how this works on the backend, but no one ever explained the attack vector that is why there is arbitrary restriction. The restriction still doesn't match the attack vector, but at least I now know there is a valid reason for it.
FUN FACT: the HOSTS file still exists in Windows TO THIS DAY and still takes priority over DNS. We IT people occasionally still use it, albeit once in a blue moon.
This is cool, thanks! When I first saw non-ascii domains I just assumed DNS was updated with UTF-8 support but I should've known better, with something like DNS or IP the inertia is too strong to just globally update it.
This reminds me of that one part in "To the bone". Papyrus: Alas, I'll hit him with my Special Attack Sans:*trombone sounds* Papyrus: Leave me alone! Sans: You know I've got a knack for the trom-bone Papyrus: One more pun, and I'll be done Sans: But ain't two skulls better than one?
The idea that a data broker who traffics in information that can be used to steal someone's identity would ever actually remove your data from their systems is patently absurd. They have no motivation to comply with the request and every motivation to not comply.
@@LionTheFish They're also legally required to not be selling identities. Do you really expect people whose entire business is breaking the law to not break the law? You remind me of when Trump recently declared he'd solve crime in DC by establishing "crime free zones"... Like I have news for you, crime is already illegal.
@@LionTheFish They're legally required to not be selling people's identities. So what exactly is your point? That criminals will stop doing crimes if you ask nicely?
@@BerryTheBnnuy While shady and legally dubious, data brokering is legal in most countries, including but not limited to, the US, UK, EU, and Australia.
@@LionTheFishOh, you're right, criminals in UK, EU, and AU trading in people's identities are law abiding citizens. It's only the criminals in America that don't abide by the law. My mistake.
I suggest "some history of the skull trumpet" link to a playlist featuring the 2 Videos by Jeffiot regarding the skeleton origins instead of just the first one that's all from me Great video btw!!
5:29 Wow this is crazy because my brother visited a site that was a USPS scam, and the link looked right, but when clicked and opened, it turned into letter scramble. I assume it was an embeded hyperlink in the text, but it was likely what was explained here.
Honestly its not even only languages that don’t use the Roman letters, basically any language apart from English has some sort of umlaut or special character. ASCII is so incredibly outdated in my opinion.
the problem with the idea of storing the whole internet locally includes archiving tons of illegal content but hell, at least your search history won't be tracked
Haha, interesting video! It makes me wonder why, in all these years that I've been going online, I had never tried an Emoji in a URL or e-mail address to see what it does until now! But now I know, heheh!
@@alok.01 Meta sued Freenom, forcing them to disable domain registration My Freenom domain suddenly stopped working when I checked with a dns checker it was unconfigured like no one owned it
Also, using Emojis in your address would tend to be quite bad for business! Who wants to hunt around and type those dang things just to get somewhere? Ughhh!
did it get shut down? i can only see this message on the website, no matter what device or network im using: upstream connect error or disconnect/reset before headers. reset reason: connection failure, transport failure reason: delayed connect error: 113
Your form actually does go somewhere. To the server logs! Because you didn't preventDefault on form submission John Doe's personal info is now in your server logs.
Thanks again Aura for sponsoring this video! Check them out at aura.com/devdetour.
You should have thanked mr skeltal
your welcome
sigma
"tk" is close enough to "thank" so the domain reads as "skull trumpet thank" which is still fine
RIP .TK
🫠
tk is tokelau
a small island in Oceania
@@ItsSeatedtrue
The ironic twist is that in 2022, both Firefox and Chrome reverted to displaying punycode instead of Unicode, following incidents involving fake Apple websites. Surprisingly, Apple continued to show Unicode despite being a genuine victim of homograph attacks.
"homograph" finally an attack with a name that actually sounds threatening.
@@BlackbeltHitoshi what a phobe
@@Raderade1-pt3omwhat do you mean?
@@BlackbeltHitoshi Because you included the word "homo"
I doubt you were meaning it that way though.
@@MidnightTheKittenisn't it called a homograph attack? And I'm pretty sure I mean it considering the way I talked about traumatizededgeworth.
Being able to use the trumpet with no lips is commendable! Cheers to Mr. Skeltal
He got more thanks than the vid got views.
"418 im a teapot"
i was not expecting to ever actually see that.
Ah, nice catch.
Status codes continue to impress me even as a pro web dev
reading the code? lmao
I saw the same thing just now and went to the comments to see if anyone else saw it. Never thought I'd ever see the "I'm a tea pot" error in the wild.
I think it's just not configured right, as it does respond with "thank mr skeltal"
Just small note. Originally all browsers were showing Unicode characters in the address bar. But when malicious actors started registering domains with homographs, Chrome/Firefox switched back to showing raw punycode. Only Safari is still showing Unicode for unknown reasons.
I cannot believe I had to use google to understand this instead of just realising that "holograph" is supposed to say "homograph".
firefox does not show the punycode by default. If you want it to render the punycode you have to set the option network.IDN_show_punycode in about:config manually
Cuz apple users are apparently the most basic people? Idk
Cause apple is always form over function. Nicer looks is more important than safety apparently
@@mega_gamer93 mine shows punicode and I've never messed with configs
you should add a chat so people can thank mr skeltal in their own words
That would be nice but it'd need to be moderated
not practical cuz moderation would be a nightmare.
@@tankfire20you just hate Mr skeletal smh
There are node js libraries that auto censor so its not that bad@@tankfire20
There are already 4mil thanks out there
"A branded email adress like *You@🌚👉👈* shows you take your business seriously." is the best part of this whole video.
thank mr skeltal
bout to make it hit a billion thanks in a second
418 response to the post request ahaha nice
@@kieraisverybored I'm a teapot
@@kieraisverybored time to spam the website with post requests 😈
Update: I stopped the script but the counter is still going upwards of 2.5 million thanks
Right off the top of my head, I can say: While you _can_ definitely use any unicode character in a domain name these days, doing so almost always breaks accessibility for somebody - and I don't mean for disabled people, but simply for people in parts of the world who don't have that specific character on their local keyboard layout. For me, typing an Ü or an ß is easy, but for an US citizen, it might be a great big hassle to do so. The one best, most compelling reason to restrict oneself to 7-bit-ascii characters in one's domain names is to maximize the potential visitor base.
Üß we got those on samsung in the US ik it was just an example I just wanted to share
@@Piperonis what about physical keyboards?
@@Piperonis what about physical keyboards?
protip: there's a difference between "a" and "an" and they're not interchangeable. "a" goes before stressed syllables and consonants, "an" goes before unstressed syllables and vowels.
So for example: "If you throw up at school, *a* nurse might give you *an* ice pack"
@@SnoFitzroy sounds kinda like an skill issue to me
Dear Mr. Skeletal
I am writing this letter to express my heartfelt gratitude for the incredible impact you have had on my life. Your presence, along with your newfound trumpet, has brought a melody of joy and transformation into my world, and I am forever changed because of you.
When I first met you, Mr. Skeletal, I was captivated by your skeletal form and the air of mystery that surrounded you. But it was when you picked up that trumpet and began to play that I truly saw the magic within you.
Your music has been a source of inspiration and comfort to me. It has lifted my spirits on the darkest of days and filled my heart with hope and joy. Your trumpet has a way of reaching deep into my soul, touching me in ways that words cannot express.
But more than your music, Mr. Skeletal, it is your spirit that has touched me the most. Despite the challenges you face, you approach life with a sense of humor and lightness that is truly infectious. You have shown me that no matter what obstacles we may encounter, we can always find a way to make beautiful music out of them.
You have also taught me the importance of embracing our talents and passions. Your love for music is evident in every note you play, and it has inspired me to pursue my own passions with the same fervor and dedication.
So, thank you, Mr. Skeletal, for being such an amazing and inspiring presence in my life. Your music, along with your trumpet, has changed me in ways I never thought possible, and for that, I am eternally grateful.
With heartfelt thanks and a song in my heart❤️
Thank you Mr. ChatGPT.
@@RichardHennigan ah shoot, you caught me
It might be good if you clicked the link and watched the video. Then you could -have ChatGPT- write something to honor the creator.
This is the amount of info I learn in one month in school compressed into 6min and explained better
Cool 👍🏼
Maybe you're not paying enough attention
Crazy what happens when you dont watch tiktok in class bozo
@@ssgoko88 jokes on u I play clash of clans
(That was a joke I pay attention)
Thanks for leading me to a 40min documentary (link on the website) that made me cry, that was awesome haha
If you haven't seen it the creator has a sequel for the source of the 3d models used to construct the gif
Super cool video, can't wait to share this newfound knowledge with some unlucky individual at a house party.
honestly same
you worded it perfectly 😂💀🎺
I just thanked mr skeltal and JESUS THAT'S LOUD
No half-measures. Mr Skeltal goes full doot
Jeez
Just wanted to say, I liked this video so much, I actually signed-in to give it another watch and a like. It's rare for me to like tech-based videos outside the small group of RUclipsrs I watch, and even rarer for a video on networking/internet to teach me so many new things!
I loved just about every part, even the sponsor bit was well done! And I got an unreasonable amount of joy to hear somebody else also pronounces Ko-Fi that way! I _am_ questioning your choice in terminal font though... but I can't blame you too much, those 7s look sweet.
you made me watch entire video of skull trimpet's history that I had no idea about!
I'm a teapot 🫖
Also usually you are not allowed to have letters from different scripts, ie alphabets, in a domain name, in order to avoid things like the little o vs little omicron example shown in the video
For years I've known about how this works on the backend, but no one ever explained the attack vector that is why there is arbitrary restriction. The restriction still doesn't match the attack vector, but at least I now know there is a valid reason for it.
FUN FACT: the HOSTS file still exists in Windows TO THIS DAY and still takes priority over DNS. We IT people occasionally still use it, albeit once in a blue moon.
I love how in the beginning of the video Mr Skeltal has just 250 thanks and currently he has over 120 million.
3:37 the eggplant emoji in frequently used 💀
Self caught in 4k
Grow up
@@XxZeldaxXXxLinkxXWhy are you so boring
@@XxZeldaxXXxLinkxX grow as a person
The impostor was allowed as a crewmate, it is 2024 and now I can't take this out of my head please help
came onto this video to talk about the doot doot 💀🎺 and ended up learning how URLs and domains work
Guy broke into your car defies stereotypes.
This is cool, thanks! When I first saw non-ascii domains I just assumed DNS was updated with UTF-8 support but I should've known better, with something like DNS or IP the inertia is too strong to just globally update it.
Bro this video is so good you deserve more subs 🔥
summary: because it isn't allowed
thank
i was under the impression that .tk domains were no longer registerable, where did you register this at?
what if he traveled all the way to Tokelau to register it
I can't thank mr skeltal, my antivirus won't let me.
1:42 guy: “when-ever you ask to browser to go to a website” background: *asks google to go to a website quite literally*
This is a very strange sequel to the documentary on the origin of the trumpet gif, but I'll take it
This reminds me of that one part in "To the bone".
Papyrus: Alas, I'll hit him with my Special Attack
Sans:*trombone sounds*
Papyrus: Leave me alone!
Sans: You know I've got a knack for the trom-bone
Papyrus: One more pun, and I'll be done
Sans: But ain't two skulls better than one?
The idea that a data broker who traffics in information that can be used to steal someone's identity would ever actually remove your data from their systems is patently absurd. They have no motivation to comply with the request and every motivation to not comply.
they are legally required to comply
@@LionTheFish They're also legally required to not be selling identities. Do you really expect people whose entire business is breaking the law to not break the law?
You remind me of when Trump recently declared he'd solve crime in DC by establishing "crime free zones"... Like I have news for you, crime is already illegal.
@@LionTheFish They're legally required to not be selling people's identities. So what exactly is your point? That criminals will stop doing crimes if you ask nicely?
@@BerryTheBnnuy While shady and legally dubious, data brokering is legal in most countries, including but not limited to, the US, UK, EU, and Australia.
@@LionTheFishOh, you're right, criminals in UK, EU, and AU trading in people's identities are law abiding citizens. It's only the criminals in America that don't abide by the law. My mistake.
I suggest "some history of the skull trumpet" link to a playlist featuring the 2 Videos by Jeffiot regarding the skeleton origins instead of just the first one
that's all from me
Great video btw!!
I thank mr skeltal
5:29 Wow this is crazy because my brother visited a site that was a USPS scam, and the link looked right, but when clicked and opened, it turned into letter scramble. I assume it was an embeded hyperlink in the text, but it was likely what was explained here.
gotta love these random tidbits i come across being surprising discoveries on how browsers fetch data as an introductory guide! cheers mate
How did you even get a tk TLD?
All websites that claim to be registers for tk domain don't work.
.TK has it's own registrar, and it's free. You can't get it through subsidiaries as a result.
@@deadoonyea but the shut down like a few months ago, not sure if they came back tho
.TK has it's own registrar, and it's free. You can't get it through subsidiaries as a result.@@diamonddynamite1557
I thanked the skeleton, and he thanked me.
7:41 guys the amongus is allowed we chill
I like the m -> rn example. I often use corncast as a test value at work.
6:03 i said "fuck that o" without even knowing
"How do we prevent Homograph Attacks?"
I don't know, but we might be able to prevent homograph attacks.
Moral of the story: Be extra careful with websites from Samoa, Tonga, Tokelau.
How did you register a .tk domain? I thought freenom was down currently
P Sherman 42 Wallaby Ln Sydney Australia is the address of my dentist.
thank you mr skeltal and thank you cathy jarboe for creating him
Chrome might or should only convert the domain name to punny code visually if it contains any disallowed characters
the counter is pure genius
I just Got into 40 min vid and bro...... now IDK..... ITS JUST A GIF BUT THE LORE BRO THE LORE IS DEEPER THAN THE DEEPEST MAN MADE HOLE
How did you get a .tk domain? I read the domain registar was closed?
No idea
it used to work years ago but now I think its paid
@@mattia222 I just tried, it won't even let me select a domain name or register an account.
@@anonymoususer6294 Apparently they closed on March 2023
Honestly its not even only languages that don’t use the Roman letters, basically any language apart from English has some sort of umlaut or special character. ASCII is so incredibly outdated in my opinion.
My web protect (built into my wifi) dosent let me 😭
💀🎺
*lol skelly playing the trumpet*
the problem with the idea of storing the whole internet locally includes archiving tons of illegal content but hell, at least your search history won't be tracked
You need to do an update to this video addressing handshake (HNS) domains….
JESUS THATS A LOUD TRUMPET
They killed my TK domain ...
Amazing video. Thank you so much for the information!
1:20 WASHINGTON STATE MENTIONEDD RAHHH!!!!!
1:39 that's such a sweet kind old grandma thing to google 😢😩
unrelated to the video but i'm so glad you put the history video of doot doot on the website lol
Haha, interesting video! It makes me wonder why, in all these years that I've been going online, I had never tried an Emoji in a URL or e-mail address to see what it does until now! But now I know, heheh!
I had no idea about this "puny code"... Thanks! 👍
time to get some malaware!
Thank you mr skeltal!
this was unique and cool... i ❤ learning lol appreciate the knowledge friend
I understood and I never coded before. A true eli5 teacher ty
i think i was too thankful i just sent like infinite thanks at once
20k to be exact
0:06 what is this effect called?
could be mercury + stacked motion blur
it would be so good if you put the name of the skull emoji creator, that lady. +1 for linking the documentary of the guy finding that out.
50 million total thanks so far
90 million thanks to skeletal is my counter going crazy
THOUSANDS PER SECOND.
Спасибо, мистер Дудец!💀🎺
The fact that Mr. Skeltal has roughly half of the views this video has is amazing.
the skull and trumpet emojis aren't easily mistaken for any others though...
fun fact if you look in console and go to network and click thank and look at the request it will say 418 im a teapot
i somehow made a bot that makes the total thanks go brrrrrrrrrrrrr to make mr skeletal happy
2:56 omaiwa mo shinde iru
.com
1:15 washington mentioned
freenom got nuked and the .tk tld can't be used
how did you get one and how is it still up? the fuck
Freedom got nuked?
@@alok.01 freenom
@@alok.01 Meta sued Freenom, forcing them to disable domain registration
My Freenom domain suddenly stopped working
when I checked with a dns checker it was unconfigured like no one owned it
Something something Tokelau
Also, using Emojis in your address would tend to be quite bad for business! Who wants to hunt around and type those dang things just to get somewhere? Ughhh!
Currently the Skeleton has over 90 million thanks wow!
I watched the whole video a few months ago :D
The domain got blocked by my isp which is a shame they block websites not 30 days old
So it's a big domain conspiracy ...
Thanks Mr. Skeletal
did it get shut down? i can only see this message on the website, no matter what device or network im using:
upstream connect error or disconnect/reset before headers. reset reason: connection failure, transport failure reason: delayed connect error: 113
Whoops, just moved where this is hosted and missed a setup detail. Fixed now!
"First introduced..."?
How many times was it?
4:25 I saw the difference on frown was bigger
Thanks mr skeltal, doot doot
i thanked mr. skeltal
thats an interesting finding to me, thanks for the video and subbed
thanks mr skeletal
A great video, thank you for making it.
the honk burnt my ears
Your form actually does go somewhere. To the server logs! Because you didn't preventDefault on form submission John Doe's personal info is now in your server logs.
my question is how the heck do you have a .tk domain i thought they shut it down