Slashdot Mirror

MARID was when Microsoft's chicanery destroyed any chance of global co-operation for email source verification, which is the necessary first step for spam elimination.

But, seriously - if YOU, YOU PERSONALLY, aren't aware of whether your email has valid SPF or not (better yet, DKIM) then YOU, YOU PERSONALLY, are a part of the problem. This shit is just not hard; SPF takes literally 5 minutes to implement on your DNS server today.

However, it's Microsoft's fault that the email server and service providers haven't solved the problem for you. They were just such dicks about their submarine patents that they alienated everyone and broke consensus for a decade.

----before you Reply/criticize, please read at least one of the links I posted below - thank you ---

Change in ICANN has been impossible to come by. The only "representative of the people", Karl Aurbach
tried for years to get some accountability, some rationality, some responsibility. Instead all he got was
stonewalled. It makes for interesting but not hopeful reading that ICANN is ready to manage a global
network with ANY sort of eye to "the stakeholders."

It's like letting the MAFIAA manage the Internet. Their goals are to please THEIR stakeholders, which
do not include those of us who enjoy Pandora, Spotify, Hulu, Bittorrent, etc.

Here's that "interesting reading" I promised. It's a small but representative subset.
http://www.circleid.com/posts/...
http://www.theregister.co.uk/2...
http://archive.icann.org/en/co...
https://w2.eff.org/Infrastruct...

Ehud

See subject & e.g. Open DNS resolvers http://www.circleid.com/posts/...

APK

P.S.=> Just clarifying this for him w/ an "e.g."... apk

We've seen censorship before, with chat providers blocking certain words, replacing key letters with asterisks or simply substituting inoffensive words for those considered 'problematic.' That's not what Valve is doing here though - the entire message is disappearing, not just the troublesome domain.

Microsoft was doing something similar back in 2007. samzenpus seems to have a short memory :/

IANA says you can't. Courts have said otherwise.

http://www.circleid.com/posts/...

http://www.internetgovernance....

http://domainincite.com/3936-m...

It's interesting to see a discussion of my op-ed on Slashdot, it's been a while since I've had my work critiqued here. The last thread I remember on one of my pieces was the text of a speech I gave on net neutrality in 2008 that ended up being the second most read piece on CircleID for the year, http://www.circleid.com/posts/86147_net_neutrality_innovation_081/ Slashdot effect. . Many of the claims in the op-ed are controversial because they're contrary to conventional wisdom, but they're all based on empirical data. You can see the research here: http://www.itif.org/publications/whole-picture-where-america-s-broadband-networks-really-stand and view a panel discussion with members of the FCC's National Broadband Plan team. . The op-ed doesn't address the specific problems with rural broadband, of course. The approach that most policy analysts support is to re-purpose the Universal Service Fund that presently supports telephone service in rural areas for broadband, but the costs need to be brought under control. Subsidies can be as high as $50,000 per line per year, and that's obviously neither sustainable nor fair to the urban telephone users who pay for the subsidies. If it's any comfort, rural broadband is better in the US than it is in most countries, even if it's not as good as it is in the suburbs and cities where the market works. In general, 94% of Americans have some sort of wireline broadband option, 4G/LTE will be available to 98% by 2015, and satellite is available to the rest at ever-improving speeds; currently two carriers provide speeds > 10 Mbps by satellite, and it's much better than most people think. . Publicly financed broadband isn't really an option for competitive markets because the higher speed networks are not shareable in the same way that ADSL networks are. Cable, xPON, and even Vectored DSL require exclusive use of the wires at layer one, so the days of attaching your own DSLAM in a CO are in the past. . The US is installing more fiber every year than Europe, despite having less population, land mass, and population density, and more Americans use broadband per capita than Europeans, so the complaints about the U. S. market system don't seem to reflect any legitimate issues. . I notice that the usual critics have denounced ITIF here, as they usually do. So let me point out that the University of Pennsylvania's Think Tanks and Civil Societies Program ranks ITIF as the fifth most important science and technology think tank in the world: http://repository.upenn.edu/cgi/viewcontent.cgi?article=1006&context=think_tanks . Carry on.

Actually it wasn't ignored, the ITU made sure the US goverment *mandated* the ITU/OSI protocol suite and *banned* the TCP/IP protocol suite for any interaction with the US government in 1991. By 93 this had come to seem as ridiculous even to the USG then as is it does now to you and this quietly went away.

When the very first transatlantic ITU-protocol OSI/X.25 link was put up the first thing that went over it was TCP/IP traffic. Why? Because there actually *was* some.

The sole accomplishment of the dude that spun the ITU and UN into this feeding frenzy for the net was a technical paper on how to write an X.400 email address on a business card. That's it. http://www.itu.int/itudoc/teltopic/x400/20656.txt

Previous to that he made Ethernet work in the ITU office, comically described in Carl Malamud's superb book wherein he tries to put the ITU technical specs online like the IETF's were. The general counsel at the time, the America technical genius (who set up the white house web server) / lawyer who started Internet Society, Dr. Tony Rutkowski, thought it was a swell idea, and since the rest of the ITU had never heard of the Internet they said "whatever" thinking it was some sort of CompuServe like thing. Then they found out some months later, and took them all down so they could figure out how best to deploy their information online - http://museum.media.org/eti/ http://museum.media.org/eti/Prologue01.html and more...

Rutkowski wrote a paper recently pointing out it would be best if the ITU were sort of, um, turned off. http://www.circleid.com/posts/20120816_privatizing_the_itu_t_back_to_the_future/

On the other hand, read this, by Tony Rutkowski. For background, Tony has a PhD, MBA and LLB and installed the white house web server way back when and is well known in all internet policy circles. He founded (then quit out of disgust) ISOC and was the ITU general counsel and was the clever fellow that mad the net *legal* under ITU international telecommunications treaty/laws during his brief stint ar ITU general counsel. In this article he explains the two VERY BAD THINGS the ITU did and why they can never be trusted. There is nobody on earth that has more direct policy experience with the ITU and internet policy:

http://www.circleid.com/posts/20121026_the_great_itu_internet_heist

The UN did not invent the Internet. Do your research, beginning here: http://www.circleid.com/posts/so_who_really_did_invent_the_internet/.

That works. But we'll need to replace the DNS as it's a hierarchy and guess who has the top slot?

But...

Two problems with this plan as presented in TFA: 1) it's physically impossible 2) they lack any authority to do so. What really happens is they may decide to do it then every country has to agree. The US will not. Nor will it ever. And it holds all the cars. The UN and ITU, can, as always, go fuck themselves.

They've been trying this for 17 years now; the ITU who used to coordinate analog phone voltages across national borders has been made redundant by VOIP and is seeking relevence to the net. It has none of course, and should either die or be replaced by a private entity as Tony Rutkowski (former ITU counsel) has advocated: http://www.circleid.com/posts/20120816_privatizing_the_itu_t_back_to_the_future/

...or else the customer could own the last mile.

http://www.circleid.com/posts/87311_customer_owned_fiber_in_ottawa/ http://arstechnica.com/features/2008/07/customer-owned-fiber/ http://googlepublicpolicy.blogspot.ca/2008/07/what-if-you-could-own-your-internet.html

It's really, honestly as simple as adding "Muriel Kane of Raw story writes:" at the start of the paragraph.

Slashdot's style is to credit the submitter, not the actual writer. This is is wrong, but they won't change.

Much worse than this is the increasing tendency to cite and link not the original source, but some plagiarising asshole who copied the story from a real publication, and put it on their spammy blog, and submitted that to Slashdot for the ad hits. Not only is it stealing the story, they often misrepresent or sensationalise it to make it more dramatic.

For example, yesterday: Paul Vixie On DNS Changer: We're Dealing With Malware the Wrong Way That story is credited to ibtimes.co.uk on the same day, but it actually is a dumbed down and mangled version of a blog post made 4 months ago.

As has become all too common the /. summary is linked to a negative-added-value article at the totally worthless IBT.

Paul's actual post is at CircleID: http://www.circleid.com/posts/20120327_dns_changer/ and is over 3 months old. Not news. As is normal for Paul it is well written and smart but if you've been following DNSChanger, you've read this already.

Does anyone know of a new site to post criticism of ICANN besides slashdot?

At ICANN 43 I found three sites useful for keeping track of ICANN's moves :

• ICANNwatch
• CircleID
• .nxt

REFUSED won't work. Paul Vixie himself has come out criticising that proposal. http://www.circleid.com/posts/20120111_refusing_refused_for_sopa_pipa/

I wasn't aware of how clients reacted to this and it certainly wasn't documented in DNS RFCs I read. Paul Vixie has a point. That said, one could use alternatively Paul Vixie's DNS RPZ system, which apparently existing DNS servers and DNSSEC implementations support for blocking even though it's not officially standardized and may need future development to function appropriately as he noted himself.

Sorry, but I don't give a FUCK about what it's "intended" to be used for,

Then why are you raising this point? My argument was against the fact that people raise a fake intent and then shoot that down intent, making the legislation look like it fails at what it was intended to do, when in actual fact it was intending to do something else.

Funnily enough, TPB is immune to the provisions of this bill as it's currently written. You claim you've read the bill, right?

See the section on facilitating copyright infringement in the legislation.

Sounds like you have no problem making streaming, DNS anti-circumvention and and linking criminal offenses... which this bill would do.

Sounds like you're an ass who didn't read my entire post when I said I don't support the bill.

Were you referring to someone in particular? The person you were replying to, perhaps? Or was that a moment of self-reflection?

I went ahead and read the legislation proposed, I also went and read a lot of RFCs on the matter. I consider myself to have done a fair good amount of research. Because everyone who kept telling me about SOPA couldn't even describe how DNSSEC worked to begin with, but told me it was going to break it. I even have doubts you read the legislation to begin with since you come to some conclusions referenced in articles that were taken out of context from the legislation.

No they aren't, you're just wrong.

You dismissed my previous point where people are misrepresenting the intent of the legislation. Sorry, you're wrong.

Like how the proposed DNS filtering system breaks DNSSEC, despite the fact DNS resolvers would use the response code REFUSED

REFUSED won't work. Paul Vixie himself has come out criticising that proposal. http://www.circleid.com/posts/20120111_refusing_refused_for_sopa_pipa/

Or how people completely misrepresent the purpose of the DNS filter, which is to stop copyright infringing websites from posing as legitimate sites and charging customers for advertising time or trick them into paying for a product that isn't actually genuine.

Sorry, but I don't give a FUCK about what it's "intended" to be used for, just what it WILL be used for. Just like the DMCA before it, it will be abused to give the copyright industry more control over the internet economy -- and worse.

The only additionally area (talking about the scope in take downs) that the DMCA does not particularly cover where SOPA and PIPA are intended to deal with is a loop hole that sites like the pirate bay exploit.

Funnily enough, TPB is immune to the provisions of this bill as it's currently written. You claim you've read the bill, right? Here's the short version: http://www.techdirt.com/articles/20120109/04205617341/if-sopas-main-target-is-pirate-bay-its-worth-pointing-out-that-thepiratebayorg-is-immune-sopa.shtml

Now, there are definitely issues with SOPA and PIPA, mainly the lack of evidence requirement before a judge should be a changed (although I expect that many judges will want to see some evidence regardless - They didn't get into their position by screwing people, despite what people think).

Sounds like you have no problem making streaming, DNS anti-circumvention and and linking criminal offenses... which this bill would do.

And before someone makes the argument that they can make a website poof, if you actually read the legislation, that is a last measure when there has been no cooperation with the people involved in the matter.

Yeah, just like ICE has been doing for the past year.

It pisses me off so many people get their information from a 3rd party sources and don't even bother verifying the information.

Were you referring to someone in particular? The person you were replying to, perhaps? Or was that a moment of self-reflection?

People are lying worse than the politicians right now. I am appalled by so many people who represent themselves as someone knowledgeable in the tech industry.

No they aren't, you're just wrong.

FYI: I am against SOPA and PIPA as I feel that the legislation should require more evidence on the copyright holder before they can get a judge to issue a take down request, but a lot of the other crap people are talking about is just complete utter bullshit to me.

Here's an idea about "evidence": how about those exalted "copyright holders" show some evidence that their already draconian monopoly needs more draconian measures. Let's see them show even a modicum of proof that more of ANY aspect of copyright is a good thing for the economy or for culture.

I don't want to associate with the anti SOPA and PIPA crowd.

They love you too.

Some sources:

  * https://en.wikipedia.org/wiki/IPv6_deployment
  * http://www.circleid.com/posts/20090609_verizon_mandates_ipv6_support_for_next_gen_cell_phones/
  * https://www22.verizon.com/opendev/Forum/LTE_Document_Archives.aspx
  * https://en.wikipedia.org/wiki/IPv4_address_exhaustion#Regional_exhaustion

You editors (in the not-slashot-world) would have checked the submitted link and have seen Vixie's blog post on circleid about this...
Why not include this into the soup so there is some meat and appeal?

Yeah, forgot, slashdot isn't about content or comment-quality anymore...

On Mandated Content Blocking in the Domain Name System by Paul Vixie.

This root key would have to be generated and signed in some kind of ceremony, maybe with people wearing viking hats and carrying swords and torches, and the resulting public validation key would have to be published on the web and managed according to RFC 5011 so that it can roll forward throughout all time. Videos from this ceremony would go up on YouTube.

http://www.circleid.com/posts/20110318_on_mandated_content_blocking_in_the_domain_name_system/

What precedent? Settling a privacy class action suit by promising to pay millions to fund some kind of privacy foundation, and no payment to individual users?

Facebook did that last year when it settled the class action suit over its "beacon" program.

It sounds plausible that the Opera *mobile* user base has doubled every three years, along with the doubling of mobile users every three years. Note, however, that the usage share of Opera mobile has dropped over the past year, from about 27% a year ago to about 25% today according to StatCounter. They may be gaining *users* as more users go mobile, but they're losing *share* of the mobile market as more users tend to go with BlackBerry and Android.

The Opera *desktop* user base has grown at approximately the rate of new Internet users, so their usage share has been around 2% for years. This story and the post I was replying to is about *desktop* Opera. Let's stop misrepresenting the numbers to try to make Opera look good. That makes it look like the actual numbers are something to be embarrassed about. Opera removing the ads in the desktop version did not result in a sudden surge of desktop Opera popularity, and extensions won't matter either.

Domain Name: THENERDSUPPORT.COM
Registrant:

• Domains by Proxy, Inc.
  DomainsByProxy.com
  15111 N. Hayden Rd., Ste 160, PMB 353
  Scottsdale, Arizona 85260
  United States

The owner of a domain is the entity in the "Registrant" position, even if they're a "proxy service". (This is very real, and at times a legal nightmare. See RegisterFly.)

There's a 2009 legal decision here that's important: Solid Host vs. NameCheap. US registrars rely on a legislative immunity against lawsuits given them in the ACPA. But in Solid Host vs. NameCheap, the US District Court for the Central District of California held that "domain proxy" services don't qualify for that immunity. Even if the "proxy service" is also a registrar, that doesn't help them. "The court concludes that NameCheap's status as an accredited registrar does not shield it from liability in cases where it did not act as a registrar."

So DomainsByProxy is the entity to sue. They can try to pass the buck to their customer, if they can find them. But that's their problem. The proxy service may be on the hook for the activities of the entity they're helping to hide.

It's estimated AT&T's 3G network costs them $3/GB. http://www.circleid.com/posts/20100215_absolutely_no_wireless_spectrum_shortage_in_2010/

Obviously 3.9G (WiMAX and LTE) are more efficient with spectrum, and true 4G (LTE Advanced and WiMAX 2) blows everything out of the water. So in other words as AT&T's costs to provide bandwidth drop, they have lowered caps and increases prices. Gotta love corporate America.

AT&T's congestion problems are self-inflicted, through a reduction in capex and network investment. http://www.circleid.com/posts/20100215_absolutely_no_wireless_spectrum_shortage_in_2010/

There is no wireless spectrum shortage, as admitted by Verizon's own CEO: http://dslprime.com/a-wireless-cloud/61-w/2844-no-spectrum-for-competition-why-verizon-turned-around

AT&T's congestion problems are self-inflicted, through a reduction in capex and network investment. http://www.circleid.com/posts/20100215_absolutely_no_wireless_spectrum_shortage_in_2010/

There is no wireless spectrum shortage, as admitted by Verizon's own CEO: http://dslprime.com/a-wireless-cloud/61-w/2844-no-spectrum-for-competition-why-verizon-turned-around

AT&T's congestion problems are self-inflicted, through a reduction in capex and network investment. http://www.circleid.com/posts/20100215_absolutely_no_wireless_spectrum_shortage_in_2010/

There is no wireless spectrum shortage, as admitted by Verizon's own CEO: http://dslprime.com/a-wireless-cloud/61-w/2844-no-spectrum-for-competition-why-verizon-turned-around

Remember all the shenanigans that have happened with censorship countries announcing invalid routes over BGP and accidentally disabling or blocking websites halfway across the globe? Think that.

Check this for an example.

Cellular telephone systems present a large deployment field for Internet Protocol devices as mobile telephone service is being transitioned from 3G systems to next generation (4G) technologies in which voice is provisioned as a Voice over Internet Protocol (VoIP) service. This mandates the use of IPv6 for such networks due to the impending IPv4 address exhaustion. In the U.S., cellular operator Verizon has released technical specifications for devices operating on its future networks.[30] The specification mandates IPv6 operation according to the 3GPP Release 8 Specifications (March 2009) and deprecates IPv4 as an optional capability.

Wikipedia. Print version of Wikipedia's source.

Agreed--I'd like to see some real evidence too (Chinese language is fine). As far as I can tell, this is the story: CNNIC does have a "Chinese Language Surfing" product, which enables the use of Chinese domain names, among other things. (ICANN approved non-ASCII ccTLDs late last year, but the Chinese have been using browser plugins and the like to get the same effect for years. This probably isn't the best article about it, but it was what came up when I tried to search for an article that explained it: China's New Domain Names: Lost in Translation.)

AFAICT, "Chinese Language Surfing" isn't malware--it does what it says it does. However, it does seem unusually protective of itself once installed--but not to the point that the uninstaller doesn't work. Also, while CNNIC doesn't endorse this, apparently "Chinese Language Surfing" gets automatically installed (without user consent) by other programs. This has led to some antimalware-software vendors listing it as malware. E.g., MS calls it BrowserModifier:Win32/CNNIC, and has this to say about it:

BrowserModifier:Win32/CNNIC enables Chinese keyword searching in Internet Explorer and adds support for other applications to use Chinese domain names that registered with CNNIC (China Internet Network Information Center). This program is often installed as part of a shareware or freeware program, with or without user consent. BrowserModifier:Win32/CNNIC also contains a kernel driver that protects its files and registry settings from being modified or deleted. The program also includes automatic self-update functionality.

FWIW, I tried installing CNNIC's product in a virtual machine while running Sysinternals' ProcMon, and didn't spot anything super-suspicious--it did install a driver as MS said, which did seem excessive. And it did add a menu item to IE, but it didn't cause me to get any more popup ads. Seemed well-behaved, as far as I could tell (not that I spent much time with it). I then uninstalled it, and it seemed to remove itself cleanly, including the driver.

Personally, I would definitely be annoyed if it got installed without my consent, but the program itself does not meet my definition of "malware". Now if anyone has evidence that it's secretly nefarious and does more than what it claims to, please post the details.

One could argue that there are approximately five Internet management cultures, represented roughly by the RIRs and their NOGs (e.g. ARIN and NANOG in North America). Based on 2008 data, RIPE and ARIN countries seem to be doing fairly well in IPv6 HTTP and DNS support, APNIC and maybe RIPE seem ahead for SMTP:

http://www.circleid.com/posts/81166_actual_state_ipv6_deployment/

Note: they also said they would eventually restrict 4.2.2.1 and 4.2.2.2 to customer access only, so if you're not a Level(3) customer, you probably need to find another solution.
link
I've seen a bunch of other comments like that from people who seem to know tech people over at L3, combined with the behavior we saw after these comments started popping up and I have to assume that L3 was intentionally introducing the delay to wakeup non-customers to switch off them.

Hypothetically, assuming only one tier of NAT, could be around 4 quadrillion or so.

Not quite that much, even for short scale.
Anyway, my Nokia (N82) seems to support IPv6 just fine. I don't see why cellular carriers would "take full advantage of" the opportunity to have a massive clusterfuck for a network configuration when they probably are among the best prepared for IPv6 both in network structure and endpoint devices. They've been feeling the limits of IPv4 for some time, seeing the fastest growth in internet connected devices, much of it areas like Asia and Africa that got in late to the IP allocation party. I suspect a lot of (non-US) cell phone networks are already running largely IPv6, but I don't have the hard data.

Oh, lookie what I found: http://www.circleid.com/posts/20090609_verizon_mandates_ipv6_support_for_next_gen_cell_phones/
Looks like the iPhone is still a bit behind, but we'll have to cut it some slack; I hear they just got support for this new-fangled MMS stuff.

DNSSEC only helps you if you run your own DNS resolver. 99% of the population uses their ISP's resolver. The exception are corporate networks, etc. DNSSEC does nothing to protect or help the end-user know that queries are good. The data from the resolver to client isn't signed or authenticated in any way, so even if you ask for the +adflag, etc., if someone has a way to mess with your DNS queries with MitM, they can add the "ad" (authenticated data) flag so your client would thing the data had been verified by DNSSEC.

No, you can demand that the ISP's resolver forward all the records you need in order to verify the signatures yourself. The first thing google comes back with is this, from 2007:

The current DNSSEC standards define a security-aware (stub) resolver that would be located at the users PC and which can indicate to a security-aware intermediate nameserver that it will perform its own DNSSEC validation by setting the Checking Disabled (CD) flag in the DNS query Header. This has the effect of inhibiting DNSSEC at the security-aware nameserver causing all necessary records to be supplied to the resolver to enable it to perform the security validation. The net result is we have achieved end-to-end security.

Note: they also said they would eventually restrict 4.2.2.1 and 4.2.2.2 to customer access only, so if you're not a Level(3) customer, you probably need to find another solution. Almost every ISP has recursive name servers, and if yours is honestâ"sends you an error rather than advertising if you type in a nonexistent domain nameâ"you should be using it. If your ISP is dishonest, then you should consider opendns or neustar's dnsadvantage, or do what I do, run your own RDNS. I use BIND, but I've also heard good things about PowerDNS and Unbound. There are also many non-free RDNS servers.

Interesting articles about the general state of Iranian connectivity.

http://www.renesys.com/blog/2009/06/strange-changes-in-iranian-int.shtml
http://www.circleid.com/posts/20060617_iran_and_the_internet_uneasy_standoff/

Seems like Iran is well connected, but slashdotted since everyone is interested.

All it would take is the right cables to be cut for the internet to go down. Perhaps with a rented backhoe even.

A single backhoe might have some trouble getting the entire internet in 30 minutes. What's the top speed on those things?

All it would take is the right cables to be cut for the internet to go down. Perhaps with a rented backhoe even.

But half of American banks forced HTTP login http://blogs.zdnet.com/Ou/?p=201. Then there's the fact that people never manually type in HTTPS and they rely on an auto redirect, but the redirect could be intercepted and changed to HTTP. The solution requires a modification of web browsers and DNS to automatically enforce HTTP policy because people will ignore HTTP 100 out of 100 times and they will ignore fake certificate warnings 199 out of 200 times. EV is not the solution to this problem because it still relies on the human to make the decision on security.

See http://www.circleid.com/posts/20090219_https_web_hijacking/

Even if true now that number will trend downward rapidly from now on. Flash support on Linux has always been ordinary, especially on anything other than x86 processors. Given the next wave of netbooks are likely to be ARM devices (especially the really cheap ones) they're going to have a really hard time keeping up unless they do something drastic like open source the player itself. Flash constantly crashes WebKit nightlies on OS X and the same is true of every experience with Flash I've had outside of the mainstream browsers.

Definitely good to see some critical analysis done though... I much prefer native web applications and with HTML 5's video tag and application features Flash will really become quite optional.

I would go so far as to say that Flash penetration could drop below 50% in the coming years given these two new kids on the block alone.

Sam

Slasdot sez:

CircleID is reporting a large-scale DDoS attack affecting all of Network Solutions' name servers

And at http://www.circleid.com/posts/20090123_network_solutions_down_ddos_attack/ we find:

Other sources: UPDATED Jan 23, 2009 7:26 PM PST
[...]
Network Solutions Under Large-Scale DDoS Attack, Jan.23.2009

...argh! non-halting loop detected! They've ddos'd the web!

Slasdot sez:

CircleID is reporting a large-scale DDoS attack affecting all of Network Solutions' name servers

And at http://www.circleid.com/posts/20090123_network_solutions_down_ddos_attack/ we find:

Other sources: UPDATED Jan 23, 2009 7:26 PM PST
[...]
Network Solutions Under Large-Scale DDoS Attack, Jan.23.2009

...argh! non-halting loop detected! They've ddos'd the web!

The map of the linked article http://www.circleid.com/posts/20081219_undersea_cables_cuts_europe_asia/ names Sicily as Malta!

Many years ago I proposed .here as something like the DNS equivalent of RFC1918 IP addresses[1].

e.g. anyone can then use *.here for their own network (stuff like .local or .localnet would probably be for machine use - but AFAIK they are not formally reserved either).

So if you roam to a WiFi network within range, http://jukebox.here/ could control a jukebox for that location.

And http://about.here/ might actually tell you something useful. On most wifi networks this could say something like:

"Welcome to the default LinkSys WiFi homepage. The owner of this network has not set a usage policy yet. You should probably assume you're not supposed to use this network unless otherwise authorized. Please be nice :)".

But some might provide permission (maybe with some T&C).

Of course it would be safer if https was used, or the http redirected to a FQDN + https e.g. https://about.mydomain.com/.

But you'd get lots of grumbles about certs and all that...

Unfortunately I don't have millions of dollars spare to buy a TLD and then give it to the world to use.

[1] http://www.watersprings.org/pub/id/draft-yeoh-tldhere-01.txt
http://www.circleid.com/posts/top_level_domains_for_addressing_by_physical_context/

Tell me again why you can't do "NAT" if you use IPv6? (That's a serious question, what technology prevents you from using port-forwarding with IPv6?)

More to the point, do you really want to do NAT if you have IPv6?

Having all IP addresses public is not any less secure or vulnerable, given a correct firewall configuration. If you deny by default, and open exactly what should be allowed (address and port tuple), you are as secure as the firewall can do, short of advance features like protocol specific inspection, etc.

From a comment on http://www.circleid.com/posts/nat_just_say_no/

There is even speculation that Georgians themselves crashed/trashed their OWN systems to exploit the current bad image Putin (yes, PUTIN is calling the shots, not Medvedev. Moreover, and ironically, a US-based outfit in, guess where... GEORGIA (yes, the state) offered and took on the hosting for the Georgian President's web site. Guess what? It wasn't working out. It was still being crashed/taken down. So, another party (seems to be Estonia) is helping out.

first, after the estonia shit, i wouldnt believe anything to the contrary of russia doing it itself. government at least.

second, the us datacenter that offered to host president's website has an office doing business in georgia, AND had one of their employees who was on vacation stranded there due to war when it happened. so the rescue started :

http://www.webhostingtalk.com/showthread.php?t=714632
http://www.circleid.com/posts/russian_cyber_attack_on_georgia/
http://news.yahoo.com/s/ap/20080811/ap_on_hi_te/tec_georgia_internet

Yeah I believe an xxx TLD will make it easier for people to search for xxx stuff.

Of course some strange/funny people will probably register xxx sites and put non xxx stuff on it.

Then again it'll be pretty hard to tell what some even stranger people regard as xxx. :).

Anyway, I'd like .here (or at least something similar) to be specially reserved (and made free for private use) so that it can be the DNS equivalent of RFC1918 addresses.

See: http://www.circleid.com/posts/top_level_domains_for_addressing_by_physical_context

If you google for Verisign's slogan (the value of trust), what do you get?

http://www.lindacaroll.com/value-of-trust.html

That one comes up higher than Verisign's own page for me.

http://www.circleid.com/posts/the_value_of_trust_in_2007/
http://www.infinitumdesign.com/verisign.html

My own experience with Verisign's domain business comes way down the list:

http://www.scarydevil.com/~peter/io/vs/

The value of trust? That and $1.99 gets you a Doubleshot.

At a recent ICANN meeting, it was voted that ICANN will cease to refund the ICANN domain fee. The result of that will be that registrars won't refund it either, which in turn is expected to be a bullet to the heart of domain tasting.

ICANN's fee is not a lot - 20 cents (US) per year - but that is expected to be sufficient to make domain tasting unprofitable.

Article here: http://www.circleid.com/posts/81299_domain_tasting_ends/

Network Solutions recently released a comment on their supposedly unscrupulous business practices. They claim that their automatic registration of domain names that were searched for was an effort to stem the problem of domain tasters. I have a hard time believing that.

In response to customer concerns about Domain Name Front Running (domains being registered by someone else just after they have conducted a domain name search), we have implemented a security measure to protect our customers. The measure will kick in when a customer searches for an available domain name at our website, but decides not to purchase the name immediately after conducting the search.

After the search ends, we will put the domain name on reserve. During this reservation period, the name is not active and we do not monetize the traffic on these domains. If a customer searches for the domain again during the next 4 days at networksolutions.com, the domain will be available to register. If the domain name is not purchased within 4 days, it will be released back to the registry and will be generally available for registration.

What you've outlined makes sense, and would be useful to NSI's customers. Placing a "hold" on the domain while the billing info is processed and so forth would be very useful in the hypothetical situation you've mentioned. However, that is not the nature (and I suspect it is not the purpose) of the company's actions.

It appears to me that NSI could demonstrate good faith by scaling back the system so it works the way you've described, or making the hold optional, instead of default.