Slashdot Mirror

> I looked at namecheap.com and it looked pretty interesting. However, I had
> two bad first impressions about them.
>
> First, they are running their site on Microsoft Windows. That gives me
> questions about the intelligence of the company and security of your domain
> registrations. It is likely to have about as much security that Hotbot,
> running on MS Windows, did when they had thousands (or was it millions) of
> their email accounts compromised. We don't really want every virus that comes
> along to wipe out our domain resolution service.

Blanket statements about the inherent insecurity of Windows hosted sites only serve to show the bias of the speaker.
The biggest security problem with Windows is the low barrier for entry. There are a lot of Windows "admins" who will work for less but cannot tell security from a guava. Of course, there are good ones but you have to pay them as much as you'd pay a good unix admin (sometimes more, because they have also unix administration experience) and most companies prefer to cut corners.

That said, most eNom resellers just act as a front end to eNom. The actual registration (and domain name services) are done on eNom's site.

> Second, I click on their contact link and see no phone number. Just email.
> I found this to be common with the really low priced registrars. The ones we
> have tried have always costed us a lot more in lost time and headache in the
> long run. As I mentioned on my other reply, I have found most registrars do
> not stand up to the service they promise. If you do not get adequate
> resolution to a problem via email (which has been the case about 70-80% of
> the time with us), having no phone number to call just leaves you out in the
> cold.

You don't need to call them. Once they set up your account, you deal directly with eNom.
For example, I bought my domain name from polardomains.com a couple of years ago and never had to deal with them again.

Anyway, if you don't like them, shop around. How does $5/year sound?

> I also checked eNom.com. They are also running on Microsoft Windows.

Bias again, eh?

They are the fifth largest registrar and are usually in 1st-3rd place (with Tucows and GoDaddy) among the fastest growing (it fluctuates, currently GoDaddy is 1st). Check Registrar Stats for details.

> They, at least, have contact phone numbers but they are not toll free. From
> my experiences with other registrars, especially Network Solutions, leaving
> us on hold for 45 minutes to reach a human, that is also a deterrent. Notice
> that InetAddresses.net has a link to a toll free phone number for 24 hour
> technical support right on the front page.

I have never had a problem with eNom, whether I was calling them from across the border or from across the Atlantic. I am happy with them and I intend to stay. Can't say they're perfect but then, nobody is.

Bottom line, you have my recommendation but the final choice is yours. Good luck.

Here is a list of all the class A IP allocations.

I find it amusing to read about an IP address shortage. Here are some highlights from that list:

• Bolt, Beranek, and Newman has 3 class A ranges with a total of 50.33 million addresses, the vast majority of them unused. While they did create ARPANET, they are no longer a relevant entity on the modern internet.
• GE has a class A, but decided that it wanted nothing to do with the internet.
• Xerox, HP, Apple, DEC: all own class A ranges. They're all huge tech companies, but neither one of them actually has anything to do with the infrastructure of the global internet. They make hardware, but they don't run the net - they're just consumers of bandwidth like any other large company.
• Halliburton, DuPont, Boeing, Ford, and Prudential all own class A ranges. They're all huge companies, but I can't imagine either one of them requiring more than 3 class B ranges.
• The Defense Information Systems Agency owns 67.11 million addresses. Other government or military agencies own a large portion of the IP space as well.
• A full class A is reserved for amateur radio. The legal technicalities of amateur radio make it practically impossible for a HAM operator to be a functional node on the global internet. 44.* isn't really routable, to the best of my knowledge. It's just 16.7M addresses wasted.

ICANN should develop a spine and forcefully divest these companies of their class A ranges unless they can display a reasonable near-term allocation need. They can be given a dozen class B ranges each as a consolation prize.

To talk of an IP address shortage, and put half the computers in the world behind the broken hack that is NAT, while these agencies sit on hundreds of millions of addresses, is nothing short of a joke.

However, the US and the European Commission are staunchly defending the Icann model, which is based on minimal regulation and commercial principles. Icann members are predominantly drawn from industrialised countries and the established internet community.

So now, we're rooting for the much-maligned ICANN institution... I guess that's not such a cognitive dissonance now that they've actually faced up to Verisign -- though the end of that story is yet to be written.

Interesting that this should come up on the same day that NPR's Morning Edition (just audio, sorry) reported that the US is blocking an attempt by UNESCO to allow countries to subsidize their national film industries to preserve cultural identity.

In one corner, we have the US: protector of political free speech and homogenous corporate culture.

In the other, we have the rest of the world: protector of political speech restriction and diverse cultural heritage.

Damn, it's hard to know what side to root for these days.

NAT mitigates the problem for the most part on the client (or typical "end user") end, very true.

One thing that I have not seen many people mention in this discussion is the server-side analogue: Name-based virtual hosting. Circa 1996 or 1997, a majority of web sites operated on the 1:1 mapping of IP address to hostname, as most browsers were still old stupid HTTP/1.0 things. But with the advent of name-based virtual hosting made possible by the Host: field that was optional in HTTP/1.0 but required in HTTP/1.1, we now routinely have hundreds or thousands of web sites on a single IP address. This vastly cut down on the appetite of IP addresses on the server end of things. If you're ever bored or curious, browse over to http://whois.sc and try out their reverse-IP tool. It requires that you sign up for a free account, but once you've done that you can enter any IP address and see all the web sites that are hosted on that interface. It's often quite surprising how many sites are on some server. You can use this trick if you're paying for shared web space from a hosting company to see approximately how many other sites they have running on that same server.

The only thorn in the side of name-based vhosting is SSL. You cannot host more than a single https site per IP address. Or at least, you can't and still have each site present its own signed certificate. It's a chicken-and-egg problem. The server doesn't know which host it is supposed to be masquerading as until the HTTP headers arrive, but this happens after the secure channel has already been established. When the client initially asks for the server's certificate it has no choice but to respond with the default, meaning that you can really only realistically host one https site per IP address. But I'd say this is really a minority of sites out there, and there are workarounds such as hosting multiple secure sites from a single domain: www.secureserver.com/site1, www.secureserver.com/site2, etc.

What might get VeriSign into very big trouble is the admission, in the press release that "ICANN is using anecdotal and isolated issues to attempt to regulate non-registry services, but in the interests of further working with the technical community we will temporarily suspend Site Finder."

I think this is a brand new tactic on the part of VeriSign, to categorize it as a "non-registry service".

That seems to escalate things to a new level, in that it seems to be an admission of abusing their monopoly in the Registry for the provision of a NON-REGISTRY SERVICE.

It had been my understanding that previously their position would have been that it would have been categorized as a Registry service, but one that didn't need approval due to it being "free" (i.e. needs no contract amendment). However, giving advantage for the provision of a non-registry service seems to be MUCH WORSE. Suppose that NON-REGISTRY SERVICE was a REGISTRAR SERVICE, for example, and VeriSign abused its monopoly to advantage one of their partners in that space? Just like WLS.

Clearly, VeriSign's abusive and monopolistic business practises need to be examined at the highest levels of government and by regulators.

P.S. Keep up the pressure, by supporting the Stop VeriSign DNS Abuse petition -- 17,000 signatures and counting.

Register.com might be the next one to file suit, given their strongly-worded letter which was sent to VeriSign and ICANN.

The Stop Verisign DNS Abuse Petition is still going strong, with 15,000 signatures. ICANN still hasn't had the sense to post it on their website, though. They have a public forum at the very bottom of the page here at least, with 64 comments (many from the petition site, as we're giving folks the option to forward those along to ICANN too).

Amazon already bought an e-commerce search company for over $100 Million.

And boy, were they excited:

"PlanetAll is the most innovative use of the Internet I've seen," said Amazon's founder and CEO Jeff Bezos. "It's simply a breakthrough in doing something as fundamental and important as staying in touch."

"This is a significant opportunity for all of us at Junglee to extend our technology well beyond our current base," said Ram Shriram, president and COO of Junglee. "With Amazon.com, we can address the larger challenges of e-commerce sooner--and on a broader scale--than we could have done alone."

I guess the technology Amazon obtained for "equity valued at approximately $280 million" has gone to good use. Hard to tell, though, since both partners' websites have gone up in smoke. I wonder if Amazon will even bother to renew the domains, which expire in May and October 2004?

For some reason, I don't see much of a future for the A9 project anymore -- as if I ever really did...

Amazon already bought an e-commerce search company for over $100 Million.

And boy, were they excited:

"PlanetAll is the most innovative use of the Internet I've seen," said Amazon's founder and CEO Jeff Bezos. "It's simply a breakthrough in doing something as fundamental and important as staying in touch."

"This is a significant opportunity for all of us at Junglee to extend our technology well beyond our current base," said Ram Shriram, president and COO of Junglee. "With Amazon.com, we can address the larger challenges of e-commerce sooner--and on a broader scale--than we could have done alone."

I guess the technology Amazon obtained for "equity valued at approximately $280 million" has gone to good use. Hard to tell, though, since both partners' websites have gone up in smoke. I wonder if Amazon will even bother to renew the domains, which expire in May and October 2004?

For some reason, I don't see much of a future for the A9 project anymore -- as if I ever really did...

It's now here having been Slashdotted last time....on a better server this time, though (we hope!), so be gentle....

It's good to see that PIR is taking the high road. If .com/net are ever redelegated, I'd much rather they run it, than someone who would be looking for every opportunity to squeeze out nickels and dimes ($100 million/yr!) from the internet community, via abuse of their monopoly. Or, perhaps a corporation with a solid reputation (maybe IBM?) would step up, to replace Verisign.

If you havent allready signed it, there's a petition at http://www.whois.sc/verisign-dns/ to encourage Verisign to rack-off.

Hi,

There's a petition available. Now I don't know exactly how effective it will be, but signing is more effective than not.

http://www.whois.sc/verisign-dns/.

rgds

Alan

I'm glad the IAB took that position. Hopefully Verisign will do the right thing....but, given their history, they probably won't.

We started a petition on Tuesday, and it got more than 16,000 signatures, before the site apparently got Slashdotted or something. We had to move it to a new server, with backups of the first 10K signatures. The new link is:

Stop Verisign DNS Abuse Petition

We also made announcements here and here, including having sent a hardcopy of the first 10,000 signatures to ICANN via FedEx. Thanks for all the support!

I authored the petition. Seems the old site is Slashdotted, and so it's now on a NEW server. Please change your links to point to:

http://www.whois.sc/verisign-dns/

instead. Hopefully this server survives!

I've made mirrors here too, in case the primary goes down again. We lost some data, but not the first 10,500, as I had archived them.

I also made an announcement on the ICANN mailing list here and here.

The petition overwhelmed petitiononline's system when it got to about 16,000 signatures. It's been moved to http://www.whois.sc/verisign-dns/.

The petition overwhelmed petitiononline's system when it got to about 12,000 signatures. It's been moved to http://www.whois.sc/verisign-dns/.

Not that these folks are any better, but it appears that emailresults.net (WHOIS SPEWS results) and propulsive.net/surfplex.net are not related to each other.

Well, I took your suggestion. According to whois.sc, nobody has ever thought of "stillmoresex.com" as their dot-com brainstorm idea.

I couldn't resist the temptation... I went to Gandi and registered the domain. How could I pass it up?

I'll probably redirect it to the URL of this thread. I've registered it with a unique Gandi ID, so it's up for grabs for whoever wants it. Mention Slashdot, and I'll let ya have it pretty much at cost. Send a note to robert b at dixie dash chicks dot com and we'll go over the details.

Usually, I grab interesting domains to keep them from becoming porn portals! Now, I guess I've gone from Karma Whoring to Domain Whoring. So much for the purity of my Slashdot experience!

What's even worse is when you look at how few actual web sites are actually hosted in those "legacy class A" spaces. I've heard that, for example, GM has tons of ancient robotics and other embedded applications that are running on hard coded IPs in their allocated space. Not that they're publicly visible, just that no one really ever considered a scarcity of IP addresses in the past.

Here's a great link that shows where web servers are in relation to the various class A (/8) address spaces. As you can see, they're mostly clumped in small zones, with a large majority of the IP space marked as either reserved or not in use for the "public" internet.

To some degree I'd say the scarcity of IP addresses is somewhat manufactured. While you don't want to go willy-nilly allocating large blocks, at some point you have to recognise the genuine need and start unreserving some space. Also, some concensus should be reached on all those "legacy" blocks that aren't being used efficiently.

Actually, only ONE year. Well, more like seven months.

According to Whois.sc, the domain name was registered in October 18, 1995. The Sex.Com trademark, however, was registered on May 20, 1996.

Slight difference there.