This is how I subscribed several customers for iOS development. If you have anything to add, please add a comment or send an email.

A quick overview

1. An Apple user is called an “Apple ID”. You need an Apple ID to purchase the iOS Developer Program, but it can be created as part of the process.
2. Then you enroll for an iOS Developer Program, which means you are asking Apple if they will allow you to send them money.
3. Apple considers your request. They may contact you, ask you to send documentation, ask you to phone someone etc.
4. If your request is accepted, you are allowed to pay and accept the conditions.

This has nothing to do with actually releasing an app, it’s just a prerequisite.

What you need

My situation is a bit special, because I’m not an iOS developer. I chose to register a legal person, and let the developer either use that account, or create his own account and add that to the developer program. I guess you could register a developer instead. In that case, you will still need the information about a legal contact, and the process is almost exactly the same.

I need the following information to “enroll in the iOS Developer Program”:

• Legal name and address of the company (The name for marketing is not relevant in this process.)
• Name, phonenumber and email-address of a person with legal responsibility
• An email-address (used a lot during the process)
• A password
• A birthdate (I picked a random and noted it with all the other security information. I’m not going to ask the legal person about his/her birthday.)
• A security question and an answer
• The company website address

These informations CANNOT contain any special characters. Apple does NOT use the 8859-1 (latin-1) character set, apparently they use us-ascii. Apple DO NOT validate the input for this. You CANNOT expect to be able to change this later. If you overlook a special character you WILL be rejected, and you will need to start all over with ANOTHER Apple-id and ANOTHER email-address! The email-address will be banned indefinitely!

Just to make it clear, here’s a danish example: In stead of “blåbærgrød”, write “blaabaergroed” according to the danish spelling rules.

By the way: I asked our customers for an email for “important technical email that I need to do this – you can create a new address that will automatically forward everything to me, or just forward manually”. About 25% gave me an address that didn’t even work. Almost all of the generic addresses with manual forwarding had problems with long delays and mails that wasn’t forwarded at all.

Enrolling

Special characters
Go back to the information you collected, and replace any special characters.

Double check.
Seriously.

”Enroll in the Apple Developer Programs”
Go to http://developer.apple.com/programs/start/standard/.

Click ”Continue”.

“Are you new or a registered Apple developer?”
Under “New Apple Developer” select “I need to create a new account for an Apple Developer Program.”, click “Continue”.

“Are you Enrolling as an Individual or Company?”
Click “Company”.

“Complete your personal profile”
The email-address is NOT for the legal person, it’s the address that will be used a lot.

In the phone-number, you need to fill out area code. If your country doesn’t use them, pretend the first two digits are the area code. Remember country code.

Fill out the rest of the information (remember the special characters!) and click “Continue”.

“Complete your professional profile”
Fill out the information and click “Continue”.

“Registered Apple Developer Agreement”
Read the agreement (heh), check the checkbox, click “I Agree”.

“Enter the verification code sent to your email”
You can wait for the mail to arrive, but that can take days. Here’s a trick: Press F5 now. If the browser asks if you are serious, you are. I got some badly formatted text that looks like it should have been in the mail. It includes the secret URL for verifying the email-address. Copy it to the clipboard, insert it in the address bar. Feel like a hacker.

“Enter your company information”
Fill out the information, remember the special chars. Yes, you’ve already told Apple most of this, don’t ask why you need to do it again.

Except the phone-number. Apple probably want the companys main phonenumber. You decide if that makes sense. I put in the legal persons phonenumber.

Click “Continue”.

“Provide the legal contact for your company”
Yes, you already did that. Just select “I am the legal contact for my company” and click “Continue”.

“Select Your Program”
Check “iOS Developer Program” and click “Continue”.

“Review your enrollment information and submit”
They are serious here. Review and submit. Do not expect to be able to correct anything.

“Thank you for submitting your enrollment”
Now you wait.

Confirming

Apple needs some time to consider your request. Sometimes they don’t feel confident that you are who you say you are, in which case they’ll want you to do something to confirm it.

About 50% of my customers was asked to fax documentation, specifically “the Certificate of registration from the Danish Commerce and Companies Agency of identity for your business based on your company form”. Faxing the wrong papers is not a huge setback, my customers was asked to just fax again with the right papers.

Here’s some more details in danish:

Registreringsbeviset fra Skat er ikke godt nok, det SKAL være registreringsbeviset fra Erhvervs- og Selskabsstyrelsen.

UPDATE 2011-09-30: Jeg har efterhånden hørt om en del problemer om dette fra flere sider. Nogle får afvist registreringsbeviset, og nogle bliver bedt om at sende den ikke-eksisterende engelske version. Nogle firmaer har slet ikke et registreringsbevis, da Erhvervs- og Selskabsstyrelsen stoppede med at lave dem for adskillige år siden. Den eneste udvej jeg har fundet indtil videre er at købe et engelsk selskabscertifikat fra cvr.dk, det koster 500 kr.
I øvrigt har jeg også hørt flere steder at selvstændige godt kan glemme det, de er nødt til at registrere sig som private.

Checking status

Go to http://developer.apple.com/membercenter/, and look in the top right. Examples, in chronological order:

• Get access to the wealth of technical resources and information to assist you in creating new and innovation applications for iOS OS and Mac OS X. Join Today
• We have received your Program Enrollment and are in the process of reviewing the information you have submitted.
• We have reviewed your Program Enrollment and ask that you contact us.
• We are processing your Program Enrollment and have received the documentation you provided to verify your identity. We will contact you soon regarding next steps.
• We are processing your Program Enrollment and are attempting to reach the legal contact you provided during the enrollment process.
• You must review and accept the iOS Developer Program License Agreement in order to continue with your Program Enrollment.
• Once you’ve completed your purchase, you will receive an Order Acknowledgement email from the Apple Online Store and an Activation email within 24 hours from Apple Developer Support. The email from Apple Developer Support will contain information on how to access the resources of your Program.

If you see the second-last one, click “Agree now”.

If you see the last one and haven’t paid yet, click ” Programs & Add-ons” in the top menu, then “Continue Enrollment”. Then you will get to the next part.

If you see the last one and have paid, you may have received an activation code by email.

Payment

Apple will send an email about that “You can now continue the Apple Developer Program enrollment process by reviewing and agreeing to the Program License Agreement”. Either click the link in the mail, or click “Agree now” in the status in the Member Center.

Program License Agreement
Read the license, check the checkbox, click “I Agree”.

Proceed to your country’s Apple Online Store to purchase.
Click “Add to cart”.

Apple Store / Basket – Items in Your Basket
Click  ”Check Out Now”

Please Sign In
Under “Guest Checkout” click “Continue”

Apple Store / Secure Checkout - Shipping
Fill out shipping info. Nothing is physically shipped, so I entered the payment info. Except the phone-number, I entered my own. If they call anyone about shipment or payment, I’m the only one who knows what they are talking about. In the name fields, I entered the name of the card-holder. Click “Continue”.

Apple Store / Secure Checkout – Payment
Click “Same as shipping information” above the text-fields.

Enter an email-address. This is where the activation code and invoice is sent. Caution: If you buy on behalf of several companies, see “Activation” below before you enter the same name and email-address for more than one!

Enter VAT-number. Caution: I was told it is very important to supply the VAT-number. I later found out that Apple doesn’t need it, but we need it to be on the invoice. Apple DOES NOT add the VAT-number on the invoice! Put it in the field “Additional Address Information”!

Enter creditcard information

Click “Continue”.

Apple Store / Secure Checkout – Account
I click “Continue as Guest”.

Apple Store / Secure Checkout – Terms & Conditions
Check “I have read blah blah blah”

Click “Continue”

Apple Store / Secure Checkout – Order Details
Click “Place Order Now”

App Store / Thank You
Use the print-function to print these order details. (I “print” to PDF.) You may need some info here, that isn’t on the invoice, plus the invoice may take days to arrive.

Now you wait again. Most companies accept credit card payment immediatly, Apple needs “up to 24 hours”.

Activation

I get an email like this:

To:  <Billing email address>
Subject: Apple Developer Program Activation Code

Apple Developer Program Activation Code

Dear <name I used for billing, not the user account or shipping>,
To complete your purchase and access your Apple Developer Program benefits, please click on the activation code below.

	Activation Code	Part Number
iOS Developer Program	<clickable activation code>	D4521G/A

If you need further assistance, please contact us.
Best regards,

Apple Developer Support

If you paid several accounts within a few days, you may now have a problem. I used the same email-address and name for billing for all customers. Clicking the link doesn’t help, because that just takes you to a login screen.

I started registering over a week ago, and I just got my first rejection. I made a mistake in the registration. I spelled a named correctly, and now I am being punished for it. The contact at the customers company is called “Jens Elkjær”. Well actually he isn’t, but there is an “æ” in his name. I was previously adviced by a colleague that special characters are problematic, and I should avoid them. I just overlooked this one. Copying and pasting name, address email etc. for dozens of accounts numbs your brain, and I overlooked this single character. I also overlooked a couple in the addresses, but those could be changed later.

There was nothing to indicate any kind of error, until I reached a confirmation page. The name was displayed like this: “Jens Elk�r”. (The “æ” is replaced with the “replacement character“.) It was too late. I could not go back and change the name. I could submit the application now or I could rage a while and then submit it.

Today I got this email (anonymized, emphasis is mine):

From: eurodev@apple.com
Date: 17-02-2011 10:13
To: XXXXX@XXXXX.dk
Subject: Re: iOS Developer Program

---

Please include the line below in follow-up emails for this request.

Follow-up: XXXXX

Re: iOS Developer Program

Dear Sir/Madam,

We are in the process of reviewing your iOS Developer Program enrollment information.

In reviewing your Company Enrollment application XXXXX, I have found the following information:

Enrollment Reference Number: XXXXX
Program: Standard Program
Enrollment Type: Company/Organization
Applicant Name: Jens Elkjær
Email: XXXXX@XXXXX.dk

Please know that the applicant’s name does not appear correctly. I have withdrawn your Enrollment XXXXX and you can submit a new Enrollment Request. I would advise you not to use foreign characters, as they are not recognizable from our system.

Should you wish to enroll again for the Standard Program, please submit a new enrollment using a different Apple ID and email address than the ones used for your original enrollment. Before submitting your NEW Enrollment, please clear your browser’s cookies, cache and history, ensure that it is configured to accept all cookies, quit and restart your browser.

Once you have completed the new enrollment, please then contact us back with the NEW Enrollment ID so that we review the NEW application.

We hope that this information is useful to you. Please let us know if you have any questions regarding this information.

Best regards,

XXXXX XXXXX
Apple Developer Support

My list of criticisms is not short.

1. The danish special letters are part of the character set “ISO 8859-1″ also known as “latin 1″. This character set was published in 1985, registered as at internet standard in 1992, and is the default character set in HTTP since version 1.0 published in 1996. However, if international characters is important (such as if you are collecting names from all over the world), you should use the more modern character set UTF, which is rapidly becoming a standard replacing 8859-1. In short, Apple really should just support the danish special letters. It’s not hard, practically everybody else does. It has been many years since last time I saw a system that didn’t support them by default.

2. If the danish special letters is not supported, the website could easily have informed me of this. The primitive solution would be a simple text: “In english letters only.” But the professional way would be to validate the input. This is very easy to do. Very.

3. The confirmation page didn’t allow me to go back and change it.

4. So they don’t support “æ” but they accepted it anyway. And then I can’t just go into profile settings and change it. I can change address, phone-numer, email-address, company name… Anything but the name. If a person actually changes name (this happens quite often, typically when getting married), it cannot be changed in the Apple profile. This reminds me of a phonecompany that got my name wrong in the phonebook and couldn’t change me. They said I had to change phonecompany to correct my name. Of course I did. I don’t do business with amateurs if I have a choice.

5. So there’s “æ” in the name and I can’t do anything about it. Will Apple do it for me? No. (BTW: “æ” will look like that when it is saved or transmitted as UTF-8 and read as 8859-1.)

6. So there’s “æ” in the name and it’s not going to change. Apple just have to accept it. They don’t. They reject the application.

7. It’ no use just applying again. I have to make a new profile, and THEN apply again.

8. The new profile can’t have the same id as the old one. So I can’t use the same id for the iOS app as for the Android app. This complicates managing alle these accounts for my customers.

9. The new profile can’t have the same email-address as the old one. Others have tried, unsuccessfully. But that’s the correct one. That is the one the customer has. Of course the customer has other addresses, but none of those are right one. They have to create a new address, and make it forward everything. I need to tell this to a colleague. He will contact our contact person. He will contact their IT department. They will find a technician to do it. According to my experience there is a good chance it won’t work, and I need to start the chain again.

This is not a list of trouble I’ve had during the process so far. This just one single example from a long list of unnecessary problems. I find it very hard to believe that Apple is so incompetent. Maybe they are indifferent about the quality of their work? Nah, I’ve been told so many times by Apple-fans that quality is what Apple is all about.

No, it’s very simple: Apple hates developers. And I hate Apple.

What I have tested

The HTPC is connected to my TV by HDMI. It automatically chose HDMI output, and the right resolution for my TV (1360×768). I didn’t have any audio, so I clicked my way into audio settings and changed the output to “HDMI Stereo”, and then it worked like I wanted it. I haven’t tried VGA, optical audio out

It’s networked by WIFI (802.11b), no problems there. I haven’t tried 802.11n or wired network.

Reading DVD’s works. I haven’t tried CD or burning anything.

Infrared works with the supplied MCE remote. It probably works with almost any infrared remote, with a bit of work. I haven’t tried that yet.
My Logitech Harmony (programmable universal remote) works fine with the HTPC. I simply autodetected the MCE remote with the Harmony.

I can play 1080p h264 movies.

USB 2 works, haven’t tried USB 3 yet.

Oh, and I can turn the device on with the IR-remote.

Installing the infrared driver

ASRock has two Linux-downloads for the Core 100HT: Infrared driver for Ubuntu 10.4, and infrared driver for Ubuntu 10.10. The latter has a great manual, but there’s a lot of steps. The style in the manual is “click this, click that, type this, type that” etc., which I think is what most people want. I prefer a more terse syntax, with commands I can copy/paste to the terminal. Like this:

sudo apt-get update
sudo apt-get install lirc lirc-modules-source

        Remote control configuration: None
        IR transmitter, if present: None

unzip -d /tmp/ "IR(10.10)2.6.35-22.zip"

Install one of these, ignore errors:
32 bit: sudo dpkg -i /tmp/Ubuntu\ 10.10/lirc-nct677x-1.1.0-ubuntu10.10-kernel2.6.35.deb
64 bit: sudo dpkg -i /tmp/Ubuntu\ 10.10/lirc-nct677x-x64-1.1.0-ubuntu10.10-kernel2.6.35.deb

Again, ignore errors:
sudo dpkg -i /tmp/Ubuntu\ 10.10/lirc-nct677x-src-1.1.0-ubuntu10.10.deb 

cd /usr/src
sudo dkms remove -m lirc -v 0.8.7~pre3 --all
sudo dkms add -m lirc -v 0.8.7~pre3
sudo dkms build -m lirc -v 0.8.7~pre3
sudo dkms install -m lirc -v 0.8.7~pre3 --force
sudo dpkg-reconfigure lirc

        Remote control configuration: Nuvoton Transceivers/Remotes
        IR transmitter, if present: None

Test by running the command "irw", and push some buttons on the remote. It should output the name of the buttons you press.

Using the remote

After installing the driver and confirming that it works, the remote still didn’t do anything. I haven’t studied how this is supposed to work, but after playing around a bit I’ve learning that it’s probably something like this: LIRC (Linux Infrared Remote Control) receives the infrared signal, recognizes which remote it is and which button it is, and then tells about it to anyone who wants to listen. In my case, nobody.

I started XBMC and made sure it knows I have a remote that doesn’t send keyboard signals, and then it worked.

For now, I only want one more feature: Starting XBMC with the remote.

Warning: I tried to configure LIRC with an easy GUI. I don’t remember the name, but it didn’t work and it destroyed what already worked. I removed the software and reinstalled the driver. Please comment or email me if you have anything to add here.

I created the file “~/.lircrc” with this content:

begin
    prog = irexec
    button = Home
    config = ps -e | grep xbmc >/dev/null || xbmc&
    repeat = 0
end

In english, if I understand correct: “If the program irexec wants to know that Home (big green button with the ) is pressed, give it the string from the ‘config’-line.”

irexec then executes the command, which is “if xbmc is not running, run it”.

The final step is to start irexec when the machine is booting, I simply did that with the Ubuntu “Startup Applications” function.

LIRC names of the remote buttons

…as defined by the driver from ASRocks website.

Harmony names of the remote buttons

…in the configution it autodetected. You could make your own configuration with the LIRC-names or whatever you choose. There is a few duplicates and a few buttons not on the original remote.

Additional commands, not on the original remote:

This is fine for the beginning amateur, but professionals should always get this right.

What happens when you don’t do this

If you are very lucky, you will have a lot of extra work and more complicated code. If you are less lucky strange things will happen on your website. Maybe “2<3″ is displayed as “23″ or “don’t” is displayed as “don\’t”. Maybe it’s even saved like that in the database, which just makes it much harder to fix.

But worst case is a gaping security hole. Do one little thing wrong, and you can get serious security vulnerabilities like XSS and SQL injection.

What is layers

Any non-static website has layers. It’s just a question of how many, and if you are using them correctly. To make a simple blog you need at least three:

1. The presentation (HTML, CSS etc.)
2. The application (maybe written in PHP)
3. A database (like MySQL)

A layer should only know about what is above it, and what is below it. In this extremely simple scenario, the HTML knows about the PHP (filenames for the links etc.), but should never know about the database (table names and certainly never ever login information). And SQL statements (or even snippets) should NEVER get more than one layer away from database layers.

Usually there is many more layers in the application part to simplify things. Maybe there is a layer for translating pretty urls to actual PHP filenames. And there should be a “database abstraction layer”, which makes database access look the same no matter which database you use.

En example of how even abstraction layers that hardly adds any features are useful: It adds flexibility. With a good database abstraction layer, you can change the entire database (maybe from MySQL to PostGreSQL) without changing your actual application. You just edit the abstraction layer, which sits between the application and the database. The advantages becomes clearer further down.

In this article I will only talk about a few layers, enough for most simple web-projects. But the idea is the same with any amount of layers. I will use:

1. The presentation (HTML, CSS etc.)
2. The application (maybe written in PHP)
3. Database Abstraction Layer
4. A database (like MySQL)

My recommended solution

When the user performs an action (like a search), data from the user (for example search terms) travels through the layers, probably all the way to the bottom, and then results (for example search results) travels all the way back up, possibly including the original data.

Here comes the important part:

When data moves from one layer to the other, make sure all necessary conversions are done correctly, and preferrably automatically.

When data moves from the browser to your application, you will probably get it as normal plaintext. So far so good.

Then you transfer the data to the database. The database interpretes certain characters specially, like percent, underscore and apostrophe. The amateur is tempted to fix this with search-and-replace, and will often do this the wrong place so that the fix ends up in places outside the database.

This is a task for the database abstraction layer. My favorite way is parameterized statements. A simple example:

result = db.getAll("SELECT id, name FROM students WHERE name=?", name);

The questionmarks gets replaced with the parameters after the query.

The variable db containts an object from the database abstraction layer. Which you may have made yourself, maybe one provided by the system you use (PHP has several), or as I prefer – a simply one build on top of something good someone else has made.

The results from the database should be in plaintext. No special handling of any characters, special to SQL, HTML or any other technology. Any layer should only know about the layer above and below, and the HTML and browser is far above the dabase and database abstraction layer(s).

Now you have the input and the result from the database, and it’s time to display them. But data is sent to the browser in HTML format, not plaintext. So transferring data from the application to the presentation layer, means translating from plaintext to HTML.

There are tons of ways to do that, depending on the framwork you are using. Here’s a very primitive way of doing it in PHP:

<p>
Search terms: <?=toHTML($terms)?><br />
Results: <?=$result_count?><br /><!-- No need to escape, this is numeric -->
</p> 

In this primitive example, you need to remember “toHTML()” every time you print out text, which is a weak spot. In some systems it takes extra code to NOT encode it in HTML.

The toHTML()-function will replace < with &lt; etc. Maybe it inserts <br /> at the end of lines, but then you should check that the search terms doesn’t have more than one line. Maybe you should check for that anyway. If it’s a comment for all users to see, maybe you want some extra checks here. like collapsing 500 newlines in a to two. Maybe like this: <%=toHTML(sanitize($terms))%>

But why not sanitize it while getting it from the browser, so we get sane data? Well, it is a good time to check for very bad input, like binary data. But I like to have the original input in the database. That is always a good thing, for example if you change something in how you display your data. Maybe you want to change how you handle newline characters. Maybe you have improved your sanitizing method.
With this method you just change your code, and you’re done. If you change the data before you put it in your database, you will need to change your old data. This can be very complicated, sometimes impossible. (For example if a bug removes data.)

Summary

• Know that you have layers, and which ones
• Insert abstraction layers when they add value
• A layer can only know about the layer directly above or below
• When data moves from one layer to another, convert it accordingly
• Do the conversion in a common place so you only have the code once, and maybe even in a way so you don’t need to remember to do it every time

Doing this the right way makes simple code, pretty results and solves most security issues.

1. Den korte udgave
2. Sagen indtil nu
3. Mine kommentarer til afgørelsen
4. Hvad skal vi andre gøre?
5. Andre bemærkninger om Orango ApS
6. Relaterede links

Den korte udgave

Peter Veileborg har haft domænet orango.dk i 9 år, og bruger det som sin online identitet, da han er kendt under navnet “Orango”. Det domæne bliver nu taget fra ham af domæneklagenævnet, fordi firmaet Orango ApS (stiftet i januar i år) bedre kan lide det, end deres nuværende orango.nu. Hvordan pokker kan de få lov til det? Hvad skal vi andre gøre for ikke at blive udsat for det samme?

…og så den lange. ;-)

Sagen indtil nu

Januar 2000: Peter Veileborg er kendt under navnet Orango, og vælger at registrere domænet orango.dk til email. Et par år senere laver han også en simpel hjemmeside.

Januar 2009: Firmaet Orango ApS stiftes, og de markedsfører sig på domænet orango.nu.

Lidt senere i 2009: Orango ApS synes det er problematisk, at kunder leder efter hjemmesiden på orango.dk i stedet for orango.nu.

Marts 2009: Orango ApS forsøger at købe orango.dk af Peter Veileborg for 500 kr., men Peter siger at domænet ikke er til salg. Han gør dog opmærksom på at en større pris kan få ham til at genoverveje.

Maj 2009: Orango ApS klager til domæneklagenævnet.

November 2009: Domænet orango.dk bliver frataget Peter Veileborg og overdraget til Orango ApS, med effekt fra 4. december 2009.

Mine kommentarer til afgørelsen

Helt overordnet synes jeg afgørelsen ikke bare er forkert, den er uretfærdig, en hån mod danske forbrugere og på dette punkt er jeg flov over at være dansker. Det styrker den tendens jeg oplever flere og flere brokke sig over: Firmaer er vigtigere i Danmark end borgerne.

Her er mine kommentarer til Orango ApS’s klagepunkter: (citater er fra afgørelsen (PDF))

Klageren har gjort gældende,

• at klageren benytter betegnelsen ”Orango” som selskabsnavn og varemærke,

Her står de to parter lige, de har samme navn.

• at klageren alene henvender sig til kunder på det danske marked,

Her står de to parter lige, da Peter Veileborg er dansker, og har lige så stor tilknytning til “.dk”.

• at klageren derfor har en væsentlig interesse i at kunne gøre brug af domænenavnet ”orango.dk”,

Det har Peter Veileborg også. Efter 9 år er det en del af hans “online identitet” – folk er vant til at kontakte ham på den adresse, og han er formentlig registreret i mange systemer med den. Så stadig lige.

• at der ikke tidligere var nogen hjemmeside på domænenavnet ”orango.dk”,

Jeg kan ikke se hvordan det kan være et argument. Et domænenavn bruges til meget andet end hjemmesider. I dette tilfælde er der mindst tale om email, og at det er hans online identitet. I øvrigt har der teknisk set været en hjemmeside siden 2002, og dermed 7 år længere end Orango ApS har eksisteret. Hjemmesiden burde skubbe afgørelsen en anelse til Peter Veilborgs fordel.

• at den hjemmeside, som indklagede efter klagerens henvendelse har etableret under domænenavnet ”orango.dk”, ikke har nogen særlig tilknytning hertil, og derfor kan flyttes til et hvilket som helst andet domænenavn,

Det er korrekt, men hjemmesiden er jo heller ikke hans primære formål med domænet. Det primære formål er email, og kan være meget vanskeligt at skifte email-adresse.

• at indklagede har tilkendegivet at ville sælge domænenavnet ”orango.dk” til klageren, hvis prisen var tilstrækkelig høj,

Jeg har læst deres kommunikation igennem, og to ting er meget tydeligt for mig: For det første er domænet ikke til salg, og har aldrig været registreret for at sælge det igen. For det andet kender han er han klar over at han (som i stort set alle tilfælde) er klar til at sælge, hvis prisen er høj nok. Det betyder sandsynligvis at der skal kompenseres for ulemperne (hvilket i sig selv er noget mere end de 500 kr. de bød), plus et beløb som gør det interessant at indvolvere sig.

• at domænenavnet ”orango.dk” derfor bør overføres til klageren.

Jeg fik det til præcist nul gode grunde.

I afgørelsen har nævnet en række bemærkninger, dvs. begrundelser for afgørelsen. Der snakker de bla. om god skik. Jeg undrer mig over hvad Peter Veilborg kan have gjort, som er imod god domæneskik. Det er Orango ApS der har valgt at benytte et firmanavn, hvor .dk-domænet ikke var ledigt. Da de valgte at benytte domænet orango.nu kunne de have valgt at navngive firmaet Orango.nu ApS. I betragtning af at det er et internet-baseret firma er det overhovedet ikke en upraktisk løsning.

Derefter de at domænet benyttes til email, online identitet og hjemmesiden. Derefter snakker de om at hjemmesiden let kan flyttes, og ser bort fra de to andre punkter.

På denne baggrund er det klagenævnets opfattelse, at det har en langt større interesse og værdi for klageren end for indklagede at kunne gøre brug af domænenavnet ”orango.dk”, og at indklagede, for hvem dette har været kendeligt, som følge heraf har optrådt i strid med god domænenavnsskik ved at nægte at afstå dette domænenavn til klageren på rimelige vilkår.

Hvis Orango ApS har større interesse end Peter Veilborg, så er der udelukkende tale om entusiasme. På nuværende tidspunkt skulle det ikke overraske mig om en helt tredje har endnu større interesse i domænet, da det nu har været omtalt i rigtigt mange medier.

Hvis domænet har større værdi for Orango ApS end Peter Veilborg, er det udelukkende fordi Orango ApS har båret sig uheldigt ad. Jeg kan ikke se hvorfor Peter Veilborg skal bøde for dette.

Som jeg ser det har han nægtet at afstå domænenavnet på urimelige vilkår, hvilket er ganske forståeligt. Selvfølgelig skal have en ordentlig kompensation, hvis domænet skal overdrages. Jeg mener at han viste tydeligt nok, at det var et spørgsmål om en realistisk kompensation. Og jeg mener at Orango ApS viste tydeligt nok, at det var de ikke interesseret i at give. Og de var da slet ikke interesseret i at betale et beløb, som bare minder om den værdi, de tilsyneladende mener domænet har for dem. Jeg har en fornemmelse af at de 500 kr. handlede mere om at have et argument til klagen, end at de reelt var parate til at købe domænet.

Man kan argumentere for at Orango ApS blot har benyttet sin ret til at få sin sag afprøvet ved et nævn, og at det er nævnets ansvar at komme med en retfærdig afgørelse. Men på den anden side er det ikke alt man har ret til at gøre, som er moralsk i orden.

Hvad skal vi andre gøre?

Ud over at det er synd for Peter Veileborg, så er jeg da også nervøs for mit eget domæne. Og mine venners domæner. Og stort set alle andre .dk-domæner, som bliver brugt privat. Tilsyneladende er .dk-domæner til privat brug noget man har, indtil et firma får lyst til at overtage. Det er da en særdeles bekymrende tanke.

Jeg identificerer mig vane-mæssigt ved at modtage en mail. Hvis jeg mister mit domæne, kan jeg ikke identificere mig over for et hav af tjenester. Det vil være et kæmpe problem for mig. Faktisk vil den nye domæne-ejer have overtaget meget af min identitet, en ting som normalt er ulovligt.

Tilsyndeladende er vi nødt til at skifte domæne nu, mens vi har muligheden for at gøre det i vores eget tempo.

Andre bemærkninger om Orango ApS

Alle laver fejl, og selv grove fejl skal man være parate til at tilgive. Men inden du overvejer at handle med Orango ApS, bør du også vide følgende.

1) Deres logomand er ikke noget de selv har lavet. Hvor figuren oprindeligt stammer fra ved jeg ikke, men den kan bla. købes hos iStockphoto, og bliver brugt mange andre steder. I øvrigt virker deres tilpasninger (først og fremmest hovedet udskiftet med et logo) nu heller ikke helt professionelt. Det er tydeligvis ikke lavet i 3D, men med simpelt klippe/klistre i et Photoshop-agtigt program.
Det er da flovt, at et firma som lever af at lave design, ikke kan lave sit eget uden at basere det på et købt standard-produkt.

2) I skrivende stund har deres hjemmeside et åbenlyst og amatøragtigt sikkerhedshul, en såkaldt XSS (Cross-Site-Scripting)-fejl. Klik på linket (og bladr ned i bunden) for at teste om hullet stadig er uændret, eller se screenshot herunder.
Konsekvensen er fx. at jeg kan lave et specielt link til orango.nu, som teknisk set giver dig en side fra deres server, men som jeg modificere helt som jeg har lyst. Hvis der fx. er login-mulighed, kan jeg ændre systemet så folks brugernavn og kodeord bliver rapporteret til mig, uden de selv kan se der sker noget usædvanligt.
Dette er utroligt amatøragtigt, for et firma som ellers burde leve af at have styr på den slags.

Klik for større billede

3) Jeg har kigget lidt på den første side jeg kunne finde, som de har lavet. Det er langt fra det værste jeg har set, men det bærer meget præg af at være baseret på kode de har fundet rundt omkring på nettet, i stedet for at lave tingene selv. Det er ikke uacceptabelt, men det er absolut heller ikke professionelt.

3a) Orango ApS har lavet en hjemmeside for Warmdal Blomster. Butikken har fået en meget rosende anmeldelse flere steder (MitKBH, Alt om København, the copenhagen guide m. fl.) af “KasperFP”. På sin egen blog skriver KasperFP stolt om at han har lavet siden, at han er medejer af Orango ApS og at butikken tilhører hans svigerforældre. Der er ikke noget ulovligt i at rose et produkt uden at fortælle at man er dybt indvolveret i det, men det betragtes generelt som meget umoralsk og upopulært.

Og så selvfølgelig de åbenlyse ud fra denne sag:

4) De har ikke sans for håndtering af domænenavne

5) De har intet imod at trumle den lille mand ned, for at få sin vilje. Heller ikke selv om der er andre muligheder der er lige så gode, og som ikke går ud over andre.

Så kort sagt: De er amatøragtige, inkompetence og umoralske. Og det vil jeg egentlig fastholde, uanset hvad de har lavet af gode ting.

Relaterede links

• Om kampen: Orango-Tilbage
• Blogindlæg: Danske TLD domæner er ikke længre sikre for privatpersoner.. Go EURid!
• Blogindlæg: Ejeren af domænet orango.dk skal overdrage det til orango.nu
• Nyhedsartikel: Domæne-ejer mister navnet efter ni år
• Underskriftindsamling: Domænefriheden tilbage – tak!
• Facebook gruppe: orango.dk skal forsat ejes af Peter Veileborg
• Klip fra Dr Update: Smidt ud fra egen hjemmeside

UPDATE 2009-11-22: Tilføjet link til blogindlægget “Ejeren af domænet orango.dk skal overdrage det til orango.nu”
UPDATE 2009-11-22: Tilføjet punkt 3a i listen over hvad Orango ApS ellers gør forkert.
UPDATE 2009-11-22: Tilføjet diverse illustrationer. Jeg skulle mene at jeg overholder ophavsretsloven mm. under citater, parodier og illustration. (Det man i den amerikanske udgave kalder “fair use”.)
UPDATE 2009-11-22: Overstreget link til MitKBH, da jeg opdagede at han der indrømmer sin relation. Ret skal være ret.
UPDATE 2009-11-29: Tilføjet link til “Orango-Tilbage”

1. Log ind
2. Gå ind på den side som gør det, dit script skal gøre. Fx. for at tilføje en record, skal du gå ind på den side hvor du angiver detaljerne
3. Ret formens method fra POST til GET. Det kan man ikke med en helt almindelig browser, men med Firebug er det nemt, med Web Developer er det endnu nemmere. (De er begge plugins til Firefox.) Chrome kan vist gøre det uden plugins.
4. Udfyld og submit
5. Kopier urlen du nu er inde på
6. Dit script kan nu tilpasse data i urlen, og blot downloade den.

Eksempel – Gmail

Hvis man vil bruge Gmail på dit eget domæne skal du tilføje et hav af MX-records til dit domæne. Det skal man ikke gøre på ret mange domæner før det bliver kedeligt. (Jeg begyndte at kede mig inden jeg blev færdig med et første domæne.)

I Ubuntu Linux brugte jeg dette simple bash-script (kræver at curl er installeret):

#!/bin/bash
USER=myplacedk
PASSWD=god
DOMAIN=myplace.dk
HOST=$DOMAIN

function addMX() {
 pref=$1
 exchanger=$2
 curl --silent "https://ssl.gratisdns.dk/editdomains4.phtml?user=$USER&password=$PASSWD&user_domain=$DOMAIN&action=addmxrecord&host=$HOST&exchanger=$exchanger&preference=$pref&button=Tilf%F8j+MX+recorden" > /dev/null
}

addMX 10 aspmx.l.google.com &&
addMX 20 alt1.aspmx.l.google.com &&
addMX 20 alt2.aspmx.l.google.com &&
addMX 30 aspmx2.googlemail.com &&
addMX 30 aspmx3.googlemail.com &&
addMX 30 aspmx4.googlemail.com &&
addMX 30 aspmx5.googlemail.com

Scriptet giver ingen statusmeddelelser, så kig selv om de er dukket op som de skal.

Eksempel 2 – Google Chat

Hvis man vil bruge Google Chat på sit eget domæne, og chatte med folk på et andet domæne, skal der en masse SRV-records til. Dem tilføjer jeg sådan her:

#!/bin/bash
USER=myplacedk
PASSWD=god
DOMAIN=myplace.dk
HOST=$DOMAIN

function addSRV() {
 host=$1
 pref=$2
 weight=$3
 port=$4
 exchanger=$5
 curl --silent "https://ssl.gratisdns.dk/editdomains4.phtml?user=$USER&password=$PASSWD&user_domain=$DOMAIN&host=$host&exchanger=$exchanger&preference=$pref&weight=$weight&port=$port&action=addsrvrecord&button=Tilf%F8j+SRV+recorden" > /dev/null
}

addSRV _xmpp-server._tcp.$HOST 5 0 5269 xmpp-server.l.google.com
addSRV _xmpp-server._tcp.$HOST 20 0 5269 xmpp-server1.l.google.com
addSRV _xmpp-server._tcp.$HOST 20 0 5269 xmpp-server2.l.google.com
addSRV _xmpp-server._tcp.$HOST 20 0 5269 xmpp-server3.l.google.com
addSRV _xmpp-server._tcp.$HOST 20 0 5269 xmpp-server4.l.google.com
addSRV _jabber._tcp.$HOST 5 0 5269 xmpp-server.l.google.com
addSRV _jabber._tcp.$HOST 20 0 5269 xmpp-server1.l.google.com
addSRV _jabber._tcp.$HOST 20 0 5269 xmpp-server2.l.google.com
addSRV _jabber._tcp.$HOST 20 0 5269 xmpp-server3.l.google.com
addSRV _jabber._tcp.$HOST 20 0 5269 xmpp-server4.l.google.com

Update 2009-11-07: Tilføjet eksempel til Google Chat

Normal

This is a typical spider web. This is the goal, what you should compare the other images with.

Marijuana

This spider was given marijuana (or “hash”) before making the web. Marijuana makes you slow and makes it hard to concentrate. The spider started just fine, but then it got lazy.

Benzedrine

Benzedrine made this spider active. So active, it forgot to plan anything.

Chloral Hydrate

Chloral hydrate is (among other things) a sedative. This poor spider started nicely, and probably fell asleep.

Caffeine

This is the interesting part. This is what happens when you get too much caffeine. No planning, no system, worthless. Like the sedated spider, it never got to the part with the spirals. Now let me ask all you software developers like me out there: Do you really want to create software, with large amounts of caffeine in your body? And everybody else: Do you want to use software created like this?

This experiment was invented in 1948, but these images are from a similar experiment performed by NASA in 1995.

Source: Wikipedia - Effect of psychoactive drugs on animals

And by the way:

In large amounts, and especially over extended periods of time, caffeine can lead to a condition known as caffeinism. Caffeinism usually combines caffeine dependency with a wide range of unpleasant physical and mental conditions including nervousness, irritability, anxiety, tremulousness, muscle twitching (hyperreflexia), insomnia, headaches, respiratory alkalosis, and heart palpitations.

Wikipedia – Caffeine