Interestingly, whilst Wikipedia does say that, the language in RFC 1591 (Domain Name System Structure and Delegation) only says:

There are a set of what are called “top-level domain names” (TLDs). These are the generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two letter country codes from ISO-3166.

Likewise, in ICANN’s PRINCIPLES FOR THE DELEGATION AND ADMINISTRATION OF COUNTRY CODE TOP LEVEL DOMAINS, they say:

‘Country code top level domain’ or ‘ccTLD’ means a domain in the top level of the global domain name system assigned according to the two-letter codes in the ISO 3166-1 standard

In neither case do they actually limit two letter TLDs to being country codes, they only state that all country codes in ISO 3166-1 are ccTLDs. In the RFC, the author does suggest it is unlikely that any other TLDs will be assigned, but this has obviously been superseded with the advent of gTLDs. Thus I still consider it likely that the .io TLD will simply transition to being a commercial one, rather than a country one.

Having said all that, it’s entirely possible I’ve missed some more recent rule that tightens this up and only allows two letter domains from ISO 3166-1. If I have I’d be glad of a pointer to it.

You’re probably correct, but it’ll still have to be competitive with other TLDs, so it probably wont go too high.

It’ll get eliminated as a country code, yes, but that leaves it available as a generic TLD. Seen as it will be available and is obviously lucrative, someone will register it and, presumably allow domains to be registered under it. Off the top of my head, I think it costs $10,000 and you have to show you have the infrastructure to support the TLD you register, so an existing registrar is the most likely. That figure is probably out of date, it’s been many years since I checked it, but the infrastructure requirement is the more costly part anyway.

I very much doubt that the .io TLD will vanish, too many big companies use it. Seen as non-country TLDs are allowed, I suspect that as soon as the country code goes away an existing registrar will buy it and .io domains will carry on.

I enjoy reading dead tree books as much as anyone, and whilest the publisher/distributor can’t take it away, there are plenty of ways you can lose access to them. Fire and flood being the two obvious ones, whereas digital books can be backed up offsite. It’s also easier to carry many books when they’re digital compared to physical.

For books I care about I try to get both a physical and a (drm free) digital copy for the best of both world.

It depends what you want to do with it. If it’s just for storing files/backups then encrypt them before uploading and make sure the key never goes anywhere near the VPS. If it’s for serving up something like a simple website, you probably care more about data integrity than exfiltration, so make sure you have the security, including selinux or equivalent, locked down, and regularly run integrity checks. If it’s for running something interactive, or where data will be generated or downloaded to the machine, you’re out of luck, there’s no even theoretical way of securing that against an adversary with that much access.

Not morons, just not educated enough about them to understand exactly what the implications of that action are.