Actually, that part's pretty simple. The .LY domain belongs to Libya, so their laws apply -- even if the registrant or their web site isn't physically in Libya. The company which manages registrations in .LY decided to permit registrations by companies or people outside of Libya, but they still own it.
Originally there were only a handful of "global" or "generic" top-level domains, known as gTLDs, available to anyone in any country: .COM, .NET, .ORG, and .EDU. .GOV and .MIL were effectively only for the United States. .INT, reserved for organizations created by international treaty, is rarely seen.
Each country has their own ccTLD, based on the ISO two-letter country codes. Some are fairly obvious to English speakers: .US for the United States, .CA for Canada, .UK for the United Kingdom, .AU for Australia. Some seem a bit more obscure, due to differences in language or conflicts with other names: .TD for Chad, .RS for Serbia, or .ZA for South Africa.
Each ccTLD authority sets their own rules for who is allowed to register one of their names. Island nations Tongo (.TO) and Tuvalu (.TV) have reportedly made some pretty good money by permitting non-local registrations. After splitting from Yugoslavia (.YU) and Serbia, Montenegro opened .ME in hopes of attracting English speakers -- and sold over 320,000 domains between 2008 and 2010. Colombia's .CO, which attracts typos of .COM, sold half a million in two months -- mostly to registrants in the United States.
But none of this addresses the real question: what do actual users care about?
In March the most popular search term on Google, Yahoo!, and Bing was "facebook". Other top searches across all three, according to Experian Hitwise, included youtube, myspace, craigslist, ebay, and gmail. Perhaps ironically, "google" was the second most popular search on Microsoft's Bing.
Does it matter whether Facebook is facebook.com, fb.me, facebook.ca, facebook.co.za, et cetera? Well, unfortunately, it kind of does. If a bad guy registered facebook.ql (which is just an example, there's no .QL ccTLD), then they could put up a site that mimics the real Facebook, and send phishing email which might have a better chance of fooling users than the usual nonsense domains. And, of course, there are the usual trademark issues. So, Facebook has had to register in all of these.
To put it another way: big brands are effectively required to register their trademark in every gTLD and ccTLD they can, because most users are completely unaware of gTLDs and ccTLDs. If the TLDs effectively separated different types of organizations, as was originally imagined, then this wouldn't be necessary.
There's also another type of user to consider. Violet Blue chose to register vb.ly because she wanted something short and easy to remember, and was following the trend set by bit.ly, jl.ly, et cetera. Unlike .ME or .TV the value wasn't that vb.ly has any particular meaning, but rather that it's short and appeared to be easy. URL shorteners are for the people who don't type "facebook" into google, and do want to share links to specific things. Of course, if web designers considered the length of URLs when designing their sites, this wouldn't be as much of an issue.
ICANN, the quasi-non-governmental organization which oversees these top-level domains, has introduced quite a few other gTLDs in recent years. Many of these are restricted in some fashion, which helps to reduce the land rush; for example, .MUSEUM is only for museums, though of course most museums already have domains under .ORG, .EDU, .GOV, or an appropriate ccTLD.
Only two of the newer gTLDs are unrestricted: .INFO, and (for most purposes), .BIZ. When was the last time you saw a company put their primary site in .BIZ or .INFO, rather than having it be a redirect to their site in .COM? Oh hey, it was Return Path -- and we switched a few years ago to returnpath.net, because most of our neighbors in .BIZ were spammers or phishers. .INFO has the same spam problem; some spam filtering software sees the mere presence of .BIZ or .INFO as increasing the likelihood that a message is spam.
Ignoring these concerns, ICANN has decided to open up the namespace further and permit pretty much anyone with $185,000 and a bunch of nameservers to register their own gTLD -- likely before next March. It's unclear if anyone actually wants this except the potential new gTLD registries, who stand to earn a lot of money over trademark concerns. For example, the .CO registry initially offered a "Specially Protected Marks" program, permitting companies to register their trademarks ahead of the general populace. .CO claims "100% Participation by Leading Brands", and any new unrestricted gTLDs can surely expect the same.
Even if a company creates a new gTLD for their own use, such as .IBM, they'll still need to keep ibm.com, lotus.com, et cetera -- everything they have now, plus the same trademarks in every other gTLD.
Once all that dust has settled, and the registries and ICANN have made their money, we'll still be left with an ever-greater threat of phishing or other brand hijacking. Most end users will still expect to find their friends by typing "facebook" into google, while a smaller number will still want shorter URLs.
If domain names are for end users -- if, indeed, the internet is for end users -- then why do we need more TLDs?