Slashdot Mirror

OK, gotta get the music to that strangely addictive game out of my head now.

Check out this piece of wholesome goodness, delivered in the same message as my (cleartext) domain hijacking password:

If you do not wish to receive e-mail from Network Solutions, click on this
+e-mail address and type "remove" in the
+subject line.
PLEASE NOTE: by opting to be removed from this list we will not be able to
+communicate to you, in real-time, on issues regarding your account.

The mind boggles. One of the primary aspects of the net's formative power is its ability to quickly report the consensus of a company's customer base. Emails such as the one recently sent to all domain owners--containing both an unprecedented security breach and a jaw-dropping amount of arrogance(read our spam or we lose your bill)--only serve to increase internal communication within NSI's customer base, and to erode and eliminate the trust that the company has built up over the years.

I am positive there are alot of others out there like myself who hold a great deal of technical respect for their extremely high-uptime management of the closest thing we have to a single point of failure. They've done much right, and honestly, they've scaled better than one might have expected considering their ever increasing workload and the sheer number of years they've been doing their job.

I almost see a parallel to Microsoft here. People complain that the Windows 9x kernel is buggy, but considering that it runs everything from ancient DOS games to 32 bit applications, it's a miracle it runs at all. There's some truly respectable hackery involved in that! However, nobody, not even Microsoft's staunchest allies will say that their businesspeople are the most ethical in the industry, and most of the industry will claim that the Microsoft businessdroids have even less faith in their coders than the Linux bigots.

Why else fudge the numbers and force the shipments? Nobody's going to run Internet Explorer unless they're forced to...so lets force 'em. That seems to be the mindset.

Similarly, the Network Solutions folks have pulled off some significant technical miracles, but their business side is obsessed with the concept that nobody cares about anything technical. Since nobody would use NSI if they had an alternative registrar, the quality and quantity of alternatives must be fought tooth and nail. Since NSI is nothing but its collection of names and addresses retrieved under contract from the federal government, they'll claim de facto ownership of the WHOIS database until the Commerce Department's gun is pointed at their head with the hammer cocked.

Nobody cares about name resolution, you see. The real fad is WEB BASED EMAIL; create accounts for people without even following basic security procedures!

Nobody would actually want any of the services offered by NSI through email, so issue a vague threat to cut off all email--even that which is critical to the operation of one's domain--unless the domain owner agrees to sift through the latest thing being hawked by NSI.

The more NSI does in this style, the more they disenchant, disenfranchise, and disconnect themselves from their customer base.

There's no logical reason for this to occur.

I call all of this the PARC Lemming Syndrome. Every hi-tech businessperson secretly(or not-so-secretly) laments that he or she wasn't there at Xerox PARC to bring all of those amazingly profitable inventions to market. The agony of imagining so many lost dollars causes them to try to milk whatever or wherever they're at without due concern for what this will actually do to the businesses Core Competency.

To the businessperson...maybe he's breaking loose, pulling ahead of the pack, about to lift off, ascend to new hights...or maybe she's in the middle of a herd, trailblazing, secure in the knowledge that together new possibilities are being forged.

The the customers, and the rest of us...just looks like a bunch of lemmings racing headlong towards a cliff.

I implore you, Network Solutions. Buy a clue. Get a twelve pack if needed. Your customers trust you because your uptime is unbeatable, your security is generally reasonably tight, and because you've been doing it right longer than anyone else in the business. I'm one of your customers. Before you tell me anything, offer me anything, or do anything, think of why I do business with you, and about what could make me stop.

Don't be a lemming!

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com


Once you pull the pin, Mr. Grenade is no longer your friend.

OK, gotta get the music to that strangely addictive game out of my head now.

Check out this piece of wholesome goodness, delivered in the same message as my (cleartext) domain hijacking password:

If you do not wish to receive e-mail from Network Solutions, click on this
+e-mail address and type "remove" in the
+subject line.
PLEASE NOTE: by opting to be removed from this list we will not be able to
+communicate to you, in real-time, on issues regarding your account.

The mind boggles. One of the primary aspects of the net's formative power is its ability to quickly report the consensus of a company's customer base. Emails such as the one recently sent to all domain owners--containing both an unprecedented security breach and a jaw-dropping amount of arrogance(read our spam or we lose your bill)--only serve to increase internal communication within NSI's customer base, and to erode and eliminate the trust that the company has built up over the years.

I am positive there are alot of others out there like myself who hold a great deal of technical respect for their extremely high-uptime management of the closest thing we have to a single point of failure. They've done much right, and honestly, they've scaled better than one might have expected considering their ever increasing workload and the sheer number of years they've been doing their job.

I almost see a parallel to Microsoft here. People complain that the Windows 9x kernel is buggy, but considering that it runs everything from ancient DOS games to 32 bit applications, it's a miracle it runs at all. There's some truly respectable hackery involved in that! However, nobody, not even Microsoft's staunchest allies will say that their businesspeople are the most ethical in the industry, and most of the industry will claim that the Microsoft businessdroids have even less faith in their coders than the Linux bigots.

Why else fudge the numbers and force the shipments? Nobody's going to run Internet Explorer unless they're forced to...so lets force 'em. That seems to be the mindset.

Similarly, the Network Solutions folks have pulled off some significant technical miracles, but their business side is obsessed with the concept that nobody cares about anything technical. Since nobody would use NSI if they had an alternative registrar, the quality and quantity of alternatives must be fought tooth and nail. Since NSI is nothing but its collection of names and addresses retrieved under contract from the federal government, they'll claim de facto ownership of the WHOIS database until the Commerce Department's gun is pointed at their head with the hammer cocked.

Nobody cares about name resolution, you see. The real fad is WEB BASED EMAIL; create accounts for people without even following basic security procedures!

Nobody would actually want any of the services offered by NSI through email, so issue a vague threat to cut off all email--even that which is critical to the operation of one's domain--unless the domain owner agrees to sift through the latest thing being hawked by NSI.

The more NSI does in this style, the more they disenchant, disenfranchise, and disconnect themselves from their customer base.

There's no logical reason for this to occur.

I call all of this the PARC Lemming Syndrome. Every hi-tech businessperson secretly(or not-so-secretly) laments that he or she wasn't there at Xerox PARC to bring all of those amazingly profitable inventions to market. The agony of imagining so many lost dollars causes them to try to milk whatever or wherever they're at without due concern for what this will actually do to the businesses Core Competency.

To the businessperson...maybe he's breaking loose, pulling ahead of the pack, about to lift off, ascend to new hights...or maybe she's in the middle of a herd, trailblazing, secure in the knowledge that together new possibilities are being forged.

The the customers, and the rest of us...just looks like a bunch of lemmings racing headlong towards a cliff.

I implore you, Network Solutions. Buy a clue. Get a twelve pack if needed. Your customers trust you because your uptime is unbeatable, your security is generally reasonably tight, and because you've been doing it right longer than anyone else in the business. I'm one of your customers. Before you tell me anything, offer me anything, or do anything, think of why I do business with you, and about what could make me stop.

Don't be a lemming!

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com


Once you pull the pin, Mr. Grenade is no longer your friend.

Interesting response. Entirely outside of what I expected.

For instance, you claim the following:

"you present the USPTO as some idealitic world far removed from any contraints."

Far from it. Rereading my post, I find that the federal courts are predisposed to favor the opinion of the official government body for determining patent fairness, the USPTO, when judging a patent infringement lawsuit. Such is the nature of the courts--stick to precendent, stay consistent, defer to experts.

My point was that the patent office is not an impartial judge of proper patentry, and as a method of power aggrandization will eventually attempt to usurp more and more power over obvious monopolies.

Again, I fail to understand how you could possibly claim that I believe the patent office exists without constraints; rather, I think that the primary constraints against it aren't truly counterbalancing, due to the expert deferrance. I also think new constraints will form as more and more money gets extorted from large companies.

While the ability to utilize patent extortion is a powerful source of leverage for many large corporations, the exposure possible from being extorted is so vast that we will see significant reforms on this front, if only because it will be cheaper to pay to get the law changed than to deal with the continual flow of frivolous patents.

Economics at work.

Lets look at some of the things you said. Could be fun.

This to me illustrates some of problems with the moderation as you present no real arguments but resort to long words. This then tells me that the average /. moderator has a limited vocabulary.

This to me illustrates some of problems with your post as you present ad hominem attacks yet cannot intrepret long words. This then tells me that the average /. moderator would mark this post as flamebait if I didn't limit my vocabulary.

Hint: The patent applications have many references to prior patents. The new patent is simply an extension of prior work.

This is not surprising. Here I am, arguing that the patent office is providing patents to more and more obvious things, and you're saying that the patent office is issuing patents related to previous patents.

The number 0 was novel once too, ya know.

You also have to consider, if you take a bunch of reference patents, then add something completely obvious(do it online!), you haven't particularly innovated much.

But, consider this. I have a great new concept for the internet. MS then figures that they also want this.

My good idea is gone. MS now has extended and embraced my idea.

We shouldn't be bashing Microsoft. They're standing up to Priceline. Brownie points from this Linux geek for that.

Lets extend your example into...like, reality. It's much more likely to be the other way around. MS has the money to patent any tiny idea that happens to spooge out in the middle of a board meeting, no matter how minute or obvious. You only patent your brilliance. Unfortunately, your one patent has been superceded by MS's thousands. They own your idea, or at least they threaten you into silence with expensive lawyers.

If I remember right, MS owns the concept to putting a computer in all those set top boxes that Everyone Will Buy and turning them into a distributed computing environment. Completely obvious to anyone in distributed computing.

Oh, sorry. Your great distributed computing idea...is now controlled by them. Sorry.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com


Once you pull the pin, Mr. Grenade is no longer your friend.

Twas a few weeks ago at work, whence I was determining how to solve a raft of remote access problems. Nothing was working, deadlines were coming...and then I remembered SLiRP. Oh my.

SLiRP is alot more valuable than you might think. For one thing, it provides a user-level NAT'd IP connection over any terminal link. Note, not just a modem link, but *anything*. Combined with SSH, SLiRP makes for an insanely slick VPN routable link that just *works*.

Even for dialup lines, SLiRP rocks. *Absolutely* no administrative headache getting an IP range in which to run PPP. No headaches at all.

I think you need to try to get ASPPP to work on Solaris to truly understand how painful PPP can be. Even pppd isn't too nice on Solaris. But slirp? Thunk. Work. First try.

I'm not just blowing smoke. At my work, there's a semi-decent chance we'll be deploying SLiRP *all over the place*, at *huge* companies, very soon, for precisely these reasons. It's fast, it's free, and it's astoundingly functional.

My shock at seeing my recently rediscovered PPP app of old up on Slashdot again is quite unnerving, but I can't complain. SLiRP has done me well.

One thing I'd request, if anybody's working on adding features--could somebody port in the MS-DNS code? I'm eventually going to be doing *alot* of GPL work involving SLiRP, but my stuff will end up much more high level.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com


Once you pull the pin, Mr. Grenade is no longer your friend.

A bit of history.

Around eight months ago, I was hacking away at this economics essay regarding Open Source. With Linuxworld coming up, I chose to go around, soliciting opinions like any good annoying writer should.

I went to LinuxCare, spoke to Sifry, and received some interesting commentary. I walked up to the infamous Maddog, and had some nice flaws evicerated apart...then I went to the SCO booth.

Wow.

What you guys saw in that article wasn't just the ravings of a deluded marketroid. That's the corporate culture of SCO. I think SCO genuinely feels it owns Unix on Intel, and is desperately flummoxed that someone--anyone--would encroach on their domain.

SCO doesn't like Linux. That's not surprising. What's more interesting, arguably even fascinating, is the degree to which SCO Employees are public about this distaste. I mean, you know there are at least a few people in large corporations who believe very strongly in everything SCO has to degrade about Linux. But they're generally rather quiet about it.

SCO outscreams Microsoft--although, it's interesting to note that MS owns a chunk of SCO...

The question is: Is SCO the only company strong enough to wage those complaints(perhaps due to the MS connection?), or is it the only company weak enough to prevent its employees from spouting off?

I'd personally bet on the latter, but the former isn't altogether unfeasable.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com


Once you pull the pin, Mr. Grenade is no longer your friend.

Fuck them! My hair is long and my sandals are worn. That's who I am. That's who all of us are. And we fucking wrote the software that Red Hat sells. We own the company in a far more real sense than any of the moneyed lords with sufficient "liquid net worth" to take part in the IPO. They're auctioning my software off on the New York Stock Exchange to the highest bidder, and I can't take part!

Wow.

Open Source Economics takes a whole new turn...

I'll have to integrate this stuff into that essay-cum-Linuxworld-Presentation. A major point I've been arguing is that those who suffer the direct effects of inferior software are more likely to create the fixes for various shortcomings than a body only indirectly connected to the financial pain. Almost all companies have a serious monetary stake in the stable operations of their computer software, and a growing number have realized that such a mission critical part of their business demands the elimination of propietary risks.

In the age of UCITA, open code may be the only thing you can trust. Buying software from companies that support false advertising, remote killswitches, and censorship is akin to hiring Hannibal Lector as your person plastic surgeon--or Master Chef.

Relevance? Consider the financial impact of Open Source on investors. Want your stock to do better? See a specific area of weakness that you percieve is reducing the value of your stock? Fix it. Yourself.

The amount of people funding OSS projects is about to increase...substantially. Fascinating.

See you at LinuxWorld!

Yours Truly,

Dan Kaminsky
http://www.doxpara.com


Once you pull the pin, Mr. Grenade is no longer your friend.