UPDATED: OpenSSH Domain Name Controversy

Bowie J. Poag was one of the folks who wrote to us about the domain name controversy regarding OpenSSH. (I've included the full letter below). They're in the interesting situation of /having/ to be a .com, because a squatter has taken the openssh.org domain name. Read the letter below - it's a stickier situation than the other squatting issues we've talked about. Update: 03/07 04:58 by E : Alex de Joode has written his own response here. I hope this can be resolved amicably.

Please be advised that OpenSSH.ORG is NOT the official domain name for OpenSSH development. The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community. The correct Web and e-mail address for the OpenSSH development effort is OpenSSH.COM instead of .ORG.

The OpenSSH developers wanted to register under the .ORG top level domain, traditionally meant for non-profit organisations such as OpenSSH, but the name had already been taken. They settled for the .COM in the interim.

The .ORG name is currently held by Mr. Alex de Joode <adejoode@zedz.net>, a proponent of open source cryptography who runs his own free crypto portal hosted by xs4all.nl, a well-known and respected Dutch ISP. Mr. de Joode has repeatedly refused requests to sell or turn the .ORG name over to the OpenSSH developers. This leaves us no choice but to issue this advisory.

The OpenSSH.ORG Web site currently is a blank page with a link to the official site. Please do not visit the .ORG site, nor send e-mail to anybody at the .ORG address. This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution.

Any help or suggestions in breaking the deadlock are appreciated.

Regards

For the OpenSSH developers, Louis Bertrand <louis@openbsd.org>

crack smokin' moderators

I've said it before, I'll say it again: slashdot's moderators smoke crack.

Why don't they just swap?

Why don't the two groups just swap their domain names?

No money need change hands.

The geezer from NL gets his commercial site, and the OpenBSD guys get their .org site.

Re:Why don't they just swap?

[Just+Your+Average+Li]

Alex shouldn't have to swap unless he wants to. Apparently he doesn't.

(Nobody suggested that etoy could get the etoy.net domain in exchange, did they?)

ASCII pr0n?

At least, it looks like that under w3m, which is an excellent (text) browser...

Do they have ASCII pr0n, man?

- Jesus Christ
(#154953, account temporarily disabled for being moderated down, imagine that!)

I am the Lord.
God Hates Moderators.

Re:Nope, two N's...

put down the crack pipe, sir. Step back.

Why not make doman registering more 'Open'

Would it not be possible to have a Domane Name Server with a entirely seperate set of domans from the official one - These domanes will be placed on this server not because the organsisation pays $$$, but they have a valid reason why they want registration, and the name relates to this reason. This new DNS IP address could be put above the official DNS servers in the TCP/IP setup. If the organisation did not make use of the dommane within a certain time frame, It would be de-registered and available once again. Dommans should be a privilage, not a right - abuse that privilage (by squating, etc) and it should be taken away. Theres a squatting case going on in the UK where several small scotish town names have been registered for $5 - the registering company is now asking $500 for these names, but intends to do nothing with them themselves. This is totally wrong. (Appoligies for any spelling mistakes!!!) Tony

Give up openssh.org *and* etoy.com!

The OpenSSH group have as much right to openssh.org as EToys does to etoy.com.

Re:hypocrisy

I believe the word you want is "lemmings".

Re:Two questions...

I gotta agree that the OpenSSH crew should have registered it first, that this article amounts to slasdot being a soapbox, and that if the slob who owns openssh.org and the OpenSSH crew were thinking clearly, they'd trade domains and have done with it.

What pisses me off

www.microshop.org, a computer retail shop. I mailed them and was very polite and asked why they had a .org The reply was that I was stupid. Nice folks. Pisses me off to see comercial stuff with a .org //G

power to de Joop

openssh.COM says:

Also, please do not mail to us at openssh.ORG, since he also receives that mail.

Now, what is this supposed to mean? Is de Joop forwarding mail to openssh.COM after reading them at openssh.ORG? Somehow I think not. So what is this?

Re:Don't restrict to com/net/org!!!!!

"I wonder it St. Helena sells domains to non-locals."

"Yes! Here. £60 Year 1, £30/yr thereafter. And openssh.sh is still available."

... but bin.sh is taken ;)

Re:Just a sence of things

Just by grepping what was already said here is what I think of this situation... How about reading what the legal owner of openssh.org has to say about the whole deal? We have no idea what the .org guy plans to do. The OpenSSH people planned to use the .org domain.. after all it's an open source project so it belongs on .org. However like anyone prepaired to deal with net squatters they grap .com,.net and .org.. Here comes the nasty part... Yes we do, if we in fact read his text. Someone else notices the .com domaim go up and for reasons yet unknown (Let me hazard a guess.. he thinks he is seeing a domain squater in progress) he grabs the .org... It is not clear how or why the .org guy got his domain BEFORE OpenSSH got it.. No, wrong. Even the whois records show that the .org was registered TEN DAYS before the .com. The .org guy was working on something like OpenSSH, and registered the .org, before he knew that the OpenBSD folks were working on something similar. It seems to me that the person to blame here is Theo De Raadt, acting VERY bluntly and childishly towards Alex De Joode, after being contacted by him, and being offered various solutions to the problem. Now the OpenSSH people make contact with the .org guy... He dosn't respond. Why? There are a number of posable reasons. Wrong, he got in contact with them first, receiving a whole lot of bs. Fair?

Theo de Raadt is a cheap dutch bastard

He should have registered the .net and .org together with the .com domains. Now that his cheapness got to him he's trying to rally Slashdot in bullying Alex?!!! What a looser!

Blame Canada!!

I came in late...

... and thus was able to read Joode's version first. Boy! Slashdot and a lot of its readers ought to try harder for The Other Side! Looks to me like the .org name is in perfectly good hands right now... maybe even better ones than OpenBSD's'd be. (I've been kinda vaguely honked at 'em anyway, for further splintering my BSD camp :)

THIS GUY MAKES A GOOD POINT

Take a look at the WHOIS records. OPENSSH.ORG Record created on 04-Nov-1999. OPENSSH.COM Record created: 1999-10-25 08:44:41 MET by CORE-80 Looks to me like they had the chance to get openssh.org and grabbed openssh.com instead.

Re:It's making me sick

You like how the Canadian registrar works? I find it terribly restrictive. My company (Success Information Systems) cannot register success.ca. Why? Because Success is the name of a town in Saskatchewan. In Canada you can't have the same domain name as a town. How smart is that?

Re:It's making me sick

This whole domain bs is making me sick.

Is it just the bs domain that is making you sick? Perhaps you will find a little relief at full.of.bs.

pspsspspps.

Oh, domain bs, not bs domain! Never mind.

Re:You have to wonder

Ya, it's $15/yr and monkeys fly out of my ass, stop smoking the weed!

Re:The revolution starts now (or maybe tomorrow)

And after we have the government then it will be slashdot.edu, so that we may keep our power base :)

I would have done the same

Mr. de Joode has repeatedly refused requests to sell or turn the .ORG name over to the OpenSSH developers.

I still can't understand why he should?

Maybe he has plans for the domain. Right now there are two links, to information about free SSH implementations and a link to OpenBSD OpenSSH project.

If I come up with a successful program called "slashdot" does that mean I'm entitled to have slashdot.org? If I had paid for and bought a domain (for whatever my purposes might be) and suddenly it's being demanded by some entity I've previously not heard of, I'd tell them to fuck off. I wouldn't sell.

I'd say the problem is when you get a domain so you can SELL it later, not if you buy a domain for yourself. What did the OpenSSH people offer in return other than money? Did they discuss switching domains, .com for de Joode and .org for OpenSSH?

Mr. de Joode also owns freessh.org, check it out here.

Re:Abuse of the namespace...

WHOOOOOO NOBODY OWNZ www.hotgrit.com or hotgritdownnataliespants.COM http://www.whois.org/checkDomain.cgi2?domain=hotgr itdownnataliespants.com the new trollborg

Re:He just does'nt need this domain

Read his reply, he actually wanted to make a port of SSH, and he did offer it to them, or at least use of the name. legit use, Seems like OpenSSH is trying to use there influence to flood this guy with nasty email from everyone and there dog.

Re:It's making me sick

Really. From my experience, it's more like they want a name that uniquely identifies your organization. success is rather generic. Personally, i *LOVE* the way the CA domain is not prone to abuse like .com is.... it's fantastic. Oh.. are you registered in more than one province? That could be why they don't give you success.ca as well you can't have a .ca unless you are a national organization.

Re:That's "Mr. MiLLeNNium" to you...

hehehe. He trolled, and you sure played.

Re:Two questions...

I don't think freshmeat is an ISP. Oh, and is /. an NPO?

Re:A Proper Analysis of OpenSSH's proposed boycott

That was awesome, thanks whoop.

Re:woah

Try actaully reading the announcement! The OpenSSH developers did try and buy it off of him but he refused to sell it as well.

openssh.org is misrepresenting itself

Registrant: Open SSH Project (OPENSSH2-DOM) Zaanstraat 250 AMSTERDAM, NL-1013 RZ NL Domain Name: OPENSSH.ORG That looks an awful lot like he's claiming to host the OpenSSH Project. Perhaps Joode can be pressured to sell it that way.

.ORG's and .COM's

Isn't this an interesting thing to read here on slashdot.org, the company with the .ORG in it's name.

Re:.ORG's and .COM's

[nerdling]

I would go to clownpenis.fart, I dont know about you, but hell Id register you.fart, to have great domains like did.you.fart n stuff, that would just *kick ass* Welp its that time again folks, my once-in-a-while rant. Moderators, start your engines.

Domain squatting is for f*cking sh*theads. WTF. Why would you even *try* to steal someone's company name. Remember the Morgan Dean Whitter fiasco? Some guy registered their initials and said it was a bike company, but broke down in court and said he held it for squatting. This *MIGHT* not sound too bad of a squat, and you might even think Whitter is a bunch of *ssholes, but theres MORE. The guy, turns out, had registered like 10 other domains, DWhitter.com, etc etc, and they got mighty pissed at the fact that he blatantly was trying to rip them off.

ANOTHER THING. eBay should take down its domain auctions. They set the fscking reserves at 1,000$ so they can rake in the cash, but no ones gonna pay (well seriously pay, maybe jokingly) anything over 300$ for a domain, and only if theyre a HUUUUGE corporation who doesnt have time for court cases... damnit. I saw stuff like "abcnewsteam.com" on eBay n crap, damnit we need an anti-squatters petition. /.'ers seem to be good with petitions, we need a cover page link tho, think of what happens when we send a petition with 24,000+ signatures to ebay saying fuck squatting... egad that would be great. I would rule the world.

feh! and FEH AGAIN!

Re:.ORG's and .COM's

[Felinoid]

Yes and Slashdot.org was originally a hobby not a busness :)
Before Slasdot went commertal someone snagged up the .com...
Still Slashdot.com points to Slashdot.org in the same way OpenSSH.org points to the original site

Re:.ORG's and .COM's

[Hemos]

That's because .com was taken, and everyone else was already doing .coms.

Re:.ORG's and .COM's

[rambone]

That's because .com was taken, and everyone else was already doing .coms.

Not that it really matters now. You could call this site clownpenis.fart and people would still come in droves.

The other side of the story?

Please, someone, moderate the parent message up a bit....

Re:It's making me sick

You dip!

That's because it would be success.sk.ca, ever hear of city level domains? like vancouver.bc.ca?

What ABOUT Slashdot?

Kinda off-topic, but this brings to light slashdot.ORG...they may have started out as non-profit but they have definetly sold out and are out for money now. Doesn't their use of .org to make money go against the rules involved to actually own a .org TLD? I guess this sheds light on another weakness of the current DNS system, as an organiztion evolves should it have to forfeit it's domain? I guess in Slashdot's case they could move everything over to dot.COM and .org could be used for slashcode... Just some related thoughts...

Re:Do you know what the "net" TLD is meant for?

But it's true! Mod that post down!

Re:You have to wonder

We all know opensrs sells them for $13

Out of curiosity...

Why .com instead of, say, .net? Doesn't have the same non-profit implications, but also doesn't have the commercial implications. I think of .net as being for everything that doesn't fit into .com or .org

Re:Abuse of the namespace...

Slashdot IS a commercial venture you idiot, just like everything else. Why don't you open source fucks pull your head out of your ass and get a life? Who gives a shit if somebody has his stupid domain name? The developers had plenty of time to snap it up before he did. I hope you all go to hell.

Re:@Home Proxy Servers

Even if you are using SSL, unless you are doing tunneling, they can track the destination of your packets. Using a proxy somewhere else might actually make it a whole lot harder to track, since your packets will be bound for somewhere else than what they think.. Logging every request sent to port 80 on some machine can be expensive, but just logging IP traffic not so bad, since you don't need to look at the contents of every packet flying by, just connection-opens ...

BullS*it

I think it's just beautiful the way that Slashdot and many other websites went out and slamed etoys for trying to do this very same thing but if the site is a open source site then I guess it's ok to bully people around?????????????????????

F*ck you!!!

If you say that it is alright for this group have the balls to come out and say that it was right for etoys. I don't have any affiliation with any company/org association with either battle but it just seems half-ass to praise etoy for being the first to have the domain name and stand up to etoys and then call openssh a cybersquater for having a domain name before an open source group that wants the same domain name. F*uck you!!!!!!!!!!

http://anon.free.anonymizer.com/Re:BullS*it

You're right on target here. Hypocrits. This guy can't run the PR that etoy did? Let's f*ck him by calling him a name squatter. The only difference between this and the etoy/etoys debate is that this guy isn't an artist and doesn't have as many allies as etoy did. If you supported etoy and are rallying this guy you are a hypocrit. It's either right or it's wrong. Just because etoys is a public company doesn't make one person's actions more wicked than someone with no money. Like the man said . . . F*uck you!!!!!!!!!!!!!!!

Re:woah

> While I totally value the opinion of the OpenBSD
> team and the OpenSSH team I think something
> along these lines without any comment from the
> other (in my opinion) well respected party
> involved is a bit harsh.

I have great respect for the work of the OpenBSD team, but I have little respect for the way some of their people tend to communicate with the 'outside' world. They made me want to not deal with them anymore (and even made me remove the OpenSSH that comes with FreeBSD 4.0 from my system)

I agree with many posters that it would be nice if Alex de Joode would hand over the domain to the OpenSSH developers, but from past experience I'm afraid tact was not a part of their attitude when they talked to him about that. Mr. de Joode is a highly respected person in the internet security comunity and so are many of the OpenSSH developers. It is sad that the OpenBSD and OpenSSH people have a very bad track record when it comes to finding solutions to such problems. Tjis has in the past caused the splitoff of OpenBSD from the NetBSD project in the first place.

Before you people go on acusing mr de Joode, I suggest you really read his reply and consider the history of OpenBSD. They make very good things, but in general aren't very easy people to deal with (I won't say they are not nice by intention, to me it rather seems they are not nice by lack of a clue how to be nice, and mind you, this applies to some, but most definitely not all of the OpenBSD team)

Theo De Rat

Theo's ugly disfunctional personality is at it again. This whole issue is Theo's fault because once again he has shown that he doesn't know how to play with others. Theo is the number one reason why I will never use OpenBSD. He has poisoned the waters. Theo would rather shit in the soup pot rather than share the broth with others in the community. Theo is waging an ongoing personal war against NetBSD, FreeBSD, Linux, and just about every other open software project that you can name.

How can we put Theo back in his cage? Maybe authors of OSS projects whould boycott OpenBSD. That would give Theo a taste of his own medicine.

Re:Yawn

probably collects information about those who visit those who visit the page before forwarding it to here.

This sort of goes without saying, doesn't it? Apache, the most common server on the net, has a little file called $SERVER_HOME/logs/access_log...

Granted, there's more information to be had, but it's funny that the openssh.com people don't mention that they're probably collecting similar data.

---
chahast
at pangaea
dot dhs
dot org

...and justice for all

Thanks god we have

• Spam
• DDoS (quite common nowadays, huh?)

Everbody gets what deserves.

Re:Two questions...

Two: Why won't this guy just let them use the domain name? He's not using it for anything.

Does he have to use it for anything? It would seem kinda stupid to force people to use something or let someone else take it over. He is leasing the domain, what he does with it is his business. This is no different than any lease really... I lease my car, though there is no expectation on how much I drive that car. Nor should I have to face backlash from people who wanted the same car as I have but were not fast enough to claim it.

OpenSSH developers: We are living in a time when the world can change overnight.... Don't expect it to stay still for you. You Snoze you lose.

look at both sides

it seems very few of us looked at openssh.org....it seems the creator was on a project also called openssh, and offered the name when his project came to an end, the openssh people refused it and then complained about not getting it.....

Re:Abuse of the namespace...

What, then, would you suggest Slashdot's URL be?

Slashdot.edu

or maybe...

...your racism is preventing you from seeing the picture clearly... then again i didn't actually say that you were a racist, now did i? words like 'maybe' should have tipped you off to that.

cheers,

Re:That's lame.

Interesting that you should mention whitehouse.com...in my CNA class in high school the teacher asked us to go to whitehouse.com instead of whitehouse.gov. Fortunately it was filtered in the proxy.

Re:Most public one-n mill...

Japanese? Tank yoo veddy mutch.

Re:InterNIC servers have the wrong dates?

the rs.internic.net (whois.internic.net)
servers seem to keep track of the last billing
date, or something. (i.e. all seem to be within the past year when they would have paid their domain registration.) Remember the passport.com story? Last updated Dec 27, 1999. Date of slashdot story? Posted originally Dec 25th, and Updated on the 26th. Now since the internic servers don't get updated immediately, this could be that date.

Re:The fries guy is kinda childish too

From some emails I received via a friend, these statements were made by him.

> Well, if everybody who thinks the wrong think
> echos in chorus lots of people will start
> believeing because everybody else is saying it.

> Perhaps Alex would care to enlighten you and
> others who have noticed that networksolutions
> has a date that is, as well known to us,
> obviously wrong.

> My mind is quite sound. Could you please
> explain to me what happened so I
> can remember correctly?

Reminds me of an immature kid

Re:***THE REAL DANGER***

de Joode is a true blue cypherpunk. Undermining confidence in good crypto (by distributing a trojan ssh) is the last thing a principal behind replay.com is gonna do.

FUD Alert !!!

Mr de Joode a former OpenBSD developper ?
Like hell !!!

Show me the commit messages.

OpenBSD is an *open* project, there are archives
of the cvs files all around the world.

You can just check things by yourself.

Mr. de Joode's side

The other side of this is also available.

Honestly, as soon as Theo "the Fork" is mentioned the likelihood of this being more about personalities than anything else goes way up.

Re: Abuse of the namespace...

Oddly enough, slashdot is not a US state. It'd have to be something like slashdot.andover.holland.mi.us .

Just a Troll Away?

Hmmm, that was considered a Troll? I thought it was a plausible scenario.

As a long time contact person to Alex de Joode

I have to say that he behaved very helpful and
once set up a very comprehensive (the best?)
crypto archive for Linux software.

When I once rebuilt zip/unzip rpm packages with
its (weak) crypto enabled and those cfs (crypted
file system) rpms which included blowfish, Alex
was very helpful to setup a crypto archive
at his website (it was called replay.com).

At this time even Red Hat got a crypto repository
outside the ammunitions idiocy region. I'm proud
that I once initiated this and pointed Alex to
that "niche market"

So it should be said that Alex de Joode doesn't
seem to be the guy who hijacks domain names.
He seems to be a bright hacker. Please treat him
as such a person and don't judge before you have
heard booth sides.

A friendly resolution should be possible among
intelligent people.

Best Regards
--hal@darkstar.frop.org

robots look here!

Since you have added a link to whitehouse.com from a highly rated site (slashdot) you are slowly making google think you want the wrong answer here...

http://www.whitehouse.gov

President Bill Clinton US government Washington DC capital executive branch

Thank you.

Re:robots look here!

Since you have added a link to whitehouse.com from a highly rated site (slashdot) you are slowly making google think you want the wrong answer here...

http://www.whitehouse.gov

President Bill Clinton US government Washington DC capital executive branch

affair cigar Monica Lewinsky

I know it's kinda offtopic, but sorry, I couldn't resist ;).

-- AC

Re:openssh.net indeed!

Millennium.

To Mr. de Joode

Mr. de Joode, rot op eikel.

Re:openssh.net indeed!

(not the guy you're arguing with here)
annus n.
Latin for year. Hence millenium==1000 years

anus n.
Latin for anus. Hence millenium==1000 assholes

I hope this helps to clear up any lingering misunderstandings.

Moderators

this was not a troll, nor was it flamebait or off topic, if anything it was funny and some moderator had his sense of humor labotomised.

Re:You have to wonder

I don't know why you're marked as Troll.

Some bearded, stained T-shirt-wearing "advocate" took a break from mastrubating to show you he's displeased with the fact that you used Open Source and BS in the same sentence. At least you're marked as 3 right now, so most people think you're right.

Re:They already have openssh.net

The openssh.org domain was actually regged a few days before openssh.com, even if the nsi records don't reflect that. Basically openssh's existence got leaked, and openssh.org was scooped by the zedz guy.

Re:openssh.net indeed!

Sorry, sir, you were a helpless bystannder. (PS Millennnnium has onnly onne n. It's true. Look it up! Your bounndless perfidity notwithstannding.)

Re:Hold Your Opinions

Umm.. You misspelled the dudes name. It's supposed to have two n's, like the word Millennium.

Dealer's Choice: Jihad? Or Fatwa?

Our course is clear: This "individual" must be exterminated for the good of the Open Source tribe. He is sowing conflict in our ranks and queering the PR pitch. He must be eliminated.

I call all loyal Open Source Geeks to arm themselves in accordance with the Second Amendment and deal with this threat immediately.

Thank you for complying with my demands.

That seems the most reasonable so far...

I would actually redirect it to another page, one with all the 'data-mining' FUD and such, and requesting that after the user empties their cache, cookies, histories and munged their email address that they return by hitting -O and typing in the correct address manually.

That was not to put down your idea, it really is a good solution, and my addendum there is obviously overkill, but y'all get the idea...

Re:Looks like de Joode's trying to make a point.

The nsi registry is incorrect, openssh.org was scooped a couple days before openssh.com, after openssh's existence was leaked.

Old meanings are dead. Just get used to it.

Heck, there's even navy.com, army.com, usps.com. And as the TLD namespace is meaningless, why not just let anything be a TLD?

Pass the Dutchie

never fear, openpants.org is still avaialble and ready for everyone to pour hot grits all over it. thank you.

Re:That is one reason to use Google

There were initially plans to use the data to make a hotlist of things that should be mentioned on the @Home news page for customers. Not a bad idea in my opinion, since they'd be looking at people as a whole rather than at any specific users. It's a marketing advantage they would have as a link farm that places like Yahoo (who can't exactly sniff users' traffic or monitor combined proxy usage) couldn't beat when it comes to providing information about what people really want on the web. Only problem that I can see is that they can't very well make mention of new porn sites as they start showing up on the high end of the sitelist.

Re:OPEN SOURCE CONTROVERSY

Narcotic addiction is a terrible, TERRIBLE thing!

hemos

Why does Hemos do this? Does he have some kind of grudge against Alex De Joode?

I see nothing wrong with www.openssh.org. It seems to be a perfectly legitimate and decent page.

Re:@Home Proxy Servers

Even if you don't use their proxies, they could still track you, unless you do everything through SSL.

Nope, two N's...

[Millennium]

I was hoping not to make things dull, but I see you've forced my hand.

Looking in Webster's Encyclopedic Unabridged Dictionary of the English Language, I get the following (pronunciation omitted):

mill*en*ni*um, n., pl. -ni*ums, -ni*a. 1. a period of 1000 years. 2. the millennium, the period of a thousand years doring which Christ will reign on earth. Rev. 20:1-7. 3. a period of general righteousness and happiness, esp. in the indefinite future. 4. a thousandth anniversary. [1630-40; < NL, equiv. to L mill(e) a thousand + ennium, extracted from BIENNIUM, TRIENNIUM, etc.]

Want other people who spell it that way? Let's see. George Lucas does (Millennium Falcon). Micron and Matrox both spell it that way, the former on computers and the latter on video cards. Chris Carter did (Millennium, the TV series; an X-Files-esque show best left forgotten). Satisfied? Trust me; I've used this handle on various Net places for six years, since long before I'd even heard of Slashdot. I think I'd know how to spell it.

Re:Nope, two N's...

Sir, you have absolutely no idea what you're talking about! That stuff you quote is all SLOP!. Your endless bejabbering is testing my patience.

Here you go: The government of British Columbia puts up a Milenium website, the lovely magazine Sky and Telescope notes the Milenium's Last Eclipse, and my favorite artsty-fartsy print website ArtMagick is advertising special Milenium Calendars!!!

I'm not even through with you! But in spite of your bald-faced ignorance of such a simple word, I will spare you my full wrath. Do not test me again!

Beware, Mr. "Milennium", beware.

Link Error

[SEWilco]

The "related links" box has too much stuff, as if an anchor termination was missed.

Re:Link Error

[Crawl]

ok, so I saw what you were referring to, but before I could check it out further, I reloaded the page and it had been fixed. Looks like someone is on top of things here. :)

one? i have 4.

[TwistedGreen]

www.x5ca.net
www.jet2.net
www.jet.net
www.mnsi.net

Re:one? i have 4.

[mwood]

Ameritech.net

Snail Mail Protest

[Nezer]

Why don't we organize a snail mail protest to the address listed in whois: Joode, Alex De Zaanstraat 250 AMSTERDAM, NL-1013 RZ NL

Re:Snail Mail Protest

[Nezer]

Forgot to format that properly:

Joode, Alex De
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL

a quick check on dejanews

I'd hold off for a while on castigating the guy. I checked out a sampling on his posts on dejanews. Many of them are helpful and almost *all* of them deal with security (ssh or pgp).

Given developers' often prickly natures, I'm inclined to guess this is nothing more than a good old-fashioned pissing contest.

Re:They already have openssh.net

How the hell does inaccurate shit like this get moderated up?? It now up to 5 in the time it took for me to right this. Previous articles already showed those dates to be inaccurate. Here it is again for those impaired moderators...
$ whois openssh.org
[rs.internic.net]

Whois Server Version 1.1

Domain Name: OPENSSH.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS2.KYARITSU.COM
Name Server: NS1.KYARITSU.COM
Updated Date: 15-oct-1999


$ whois openssh.com
[rs.internic.net]

Whois Server Version 1.1

Domain Name: OPENSSH.COM
Registrar: CORE INTERNET COUNCIL OF REGISTRARS
Whois Server: whois.corenic.net
Referral URL: www.corenic.net
Name Server: CVS.OPENBSD.ORG
Name Server: NS0.FRIES.NET
Name Server: ZEUS.THEOS.COM
Updated Date: 25-oct-1999

So Alex de Joode independently thought up openssh just days before openssh is looking to use it. I don't think so. So this is showing 10 days, some of the 10 days was probably spent deciding on how they should proceed. Now if Alex had this domain for months or years, he should have the right to keep, but 10 days, give me a break. The term OpenSSH obviously was leaked, so he decided to snag OpenSSH's proper domain name knowing that he would generate more traffic to his 'freessh' site.

I definitely would not trust a product produced by someone like him.

Re:Mr. Fries explain this.

I have no proof that osu-neko (I won't tell his real name; you might be surprised, though) has incestuous relations with his mother. Nor could I prove in a court of law that he has erotic designs on sheep and cattle. And you probably wouldn't believe me if I were to describe night-time liasons between himself and his dog. Yet, despite my lack of evidence, my use of hypotheticals and the subjunctive mood, I think you would believe me if I told you that he finds this posting to be distateful. Though I have affirmed nothing, I have cast some (pretty unbelievable) aspersions in his direction.

We aren't in criminal court, here. Accusations and convictions aren't necessary to damage a reptutation; aspersions are all that are needed. Reputation is all we have.

Re:Looks like de Joode's trying to make a point.

openssl.com - Record created on 1999-10-25
openssl.org - Record created on 04-Nov-1999

How can someone be "cybersquatting" on the domain when the .COM domain was registered approximately two (2) weeks before the .ORG domain was registered? Seems to me like the openssh.com folks screwed up, forgot to register the .ORG domain and are now trying to shift blame towards Mr. de Joode.

"The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community."

Seems that should be changed to

"The name was taken by someone else (someone who is heavily involved in crypto but we can't mention that because he's being painted as the "bad guy") because we were stupid and forgot to register the .ORG site. But if we bitch enough we may get it!"

hypocrisy

You know, I always thought the common belief on slashdot was that big coorporations and companies are abusing the rights of the individual by trying to "steal" domain names that had been legitimately registered by another individual. Then some open source project group tries to bully a guy out of his domain and, we see cries of "GO OPENSSH, KILL THAT SQUATTER!" (despite the fact that someone who has a relevant use for the domain and is by no means a domain grabber is using the domain). You guys are freaking hypocrites :P

Re:hypocrisy

[osu-neko]

You guys are freaking hypocrites

Not that hypocricy is at all uncommon in the world, but I have noticed that when someone notes someone else exhibiting different behavior in case A than case B and calls that person a hypocrite, 95% of the time it's because the person doing the accusing is too clueless to understand that case A and B are two different cases, and are unable to identify the relevant differences between the two.

The other thing I've noted is that since in the responses to any Slashdot article are all over the map, anyone stupid enough to believe there's any such thing as "the opinion (note the singular) of Slashdotters" can easily "identify" (that is, manufacture in their own minds) instances of hypocricy. It becomes much more difficult if they're asked to provide evidence (i.e. which specific poster said it was wrong for X but right for Y -- it's no good to say "someone said X before but you're saying Y now").

Did you have anything real to say here, or do you just like to complain without having any real point or substance?

--

Re:hypocrisy

[dingbat_hp]

legitimately registered by another individual

"another individual" covers a wide range. I'd suggest that the Slashdot hive-mind opinion is that Old McDonald's burger shop (flippin 'em since 1812) is a legitimate holder of mcdonalds.com, if they registered it first as their claim to the name is equally as good as the golden arches people. OTOH, a domain squatter who simply sees an oppportunity for a new business name and grabs it should have no moral claim to retaining it. Doing it to an Open Source project is simply evil.

Don't restrict to com/net/org!!!!!

The world is so much bigger. I wonder it St. Helena sells domains to non-locals.

Openssh.sh

Now that would be cool. But please, lose the idea that the net is just .com, .net, and .org.

Re:Don't restrict to com/net/org!!!!!

[ghassanm]

You raise a good point about the net not being .com, .net, and .org; however, some people who visit the site will still have that idea, and discrimenate against it.

Re:Don't restrict to com/net/org!!!!!

[anatoli]

I wonder it St. Helena sells domains to non-locals.

Yes! Here. £60 Year 1, £30/yr thereafter. And openssh.sh is still available.
--

Re:At least..

> Not yet, anyway.

Well, the guy running it has run a pretty well respected crypto archive for several years now, so I don't see him turning it into a porn site in the near future...

Re:Two questions...

Officially (yeah, right), .net domains should be used by ISPs and others involved in the technicalities of the Internet. However, from the beginning, no-one every listened to the suggested uses. For instance, Freshmeat.net. And Slashdot.org, which is a commercial entity owned by VA Linux. Right Tacofool? ;-)

Besides, the .org domains have become a badge of the OSS community, trying to make it blatantly obvious that they are not "in it for the money" and instead are "in it" for the joy of creating quality software. I know that I, for one, first looked for the OpenSSH site at openssh.org, and I was very surprised to find it located on a .com. Now I see why, of course, but at the time I was all WTF-ified.

I am not a proponent of regulation of these things, but this bothers me. At least the registered owner of openssh.org is really making himself look like quite an asshole in front of a lot of people. ;-) I wonder if he knows how he's sullying himself in the eyes of his potential customers. He may find this his selfishness has farther-reaching implications that he thought in the past.

For a minute, I'll be the devil's advocate. (Something I'm quite used to, being a loudmouthed BSD goon, har har.) From his point of view, the OpenSSH people are a big evil organization, trying to take what he rightfully paid for. He was first, he paid the fees, it's his domain. And now those evil SSHers are trying to make him look bad.

But I really think that he's being dumb. OpenSSHers: have you offered to give him the .com domain in addition to paying him? If he were a bit smarter, he'd gladly take the .com domain. Why? Because .com domains are what the general public thinks of first. A PHB who hears about "this OpenSSH thing" is going to try openssh.com first. Anyone actually familiar with OSS will try the .org domain. But what Mr. Squatter doesn't get is that the in-the-know person will quickly grok that this is the wrong page, find the correct page via search engine, and then be all pissed at Mr. Squatter.

I dunno. I just hope that Mr. Squatter realizes what he's getting himself into. OpenSSH is a great product (IMHO) that is not only endeared to BSDers, but as Linux continues to grow in popularity among corporate America, OpenSSH will probably be used there too. I cannot think of any other secure shell with the feature/value bonus of it. So Mr. Squatter is going to have more and more people annoyed at him. Everyone hates squatters.

See, it'd be different if the domain weren't a product name. Myself, I had one domain that I didn't even use for eight months after I registered it. But that was different. It was my own company name, and I just wanted to make sure that no-one else took it. If this dude had a company called "OpenSSH", fine. If he had his own product called "OpenSSH", fine. If his page was a miriad of OpenSSH resources and articles, it'd still be fine probably. But this asshole heard of the product and is just squatting, taking a crap, on this domain.

You assramming Australian scum. I'm gonna sic ESR on your dumb ass.

Enough ranting for now. G'night.

- Jesus Christ
(#154953, account temporarily disabled for being moderated down, imagine that!)

I am the Lord.
God Hates Moderators.

Telnetting to port 80

[whoop]

It's useful to tell the server what hostname you wanted when doing this, especially since everyone uses virtual domains nowadays. :)

123-1 Mon/11:08pm ~> telnet openssh.org 80
Trying 192.87.30.19...
Connected to 192.87.30.19.
Escape character is '^]'.
GET / HTTP/1.0
Host: openssh.org

Give it a couple returns and there you go.

Re:Squatting...

[whoop]

Well sir, please do not visit my domain. It contains even less than this openssh.org, but I wish to keep it for myself. Domain desputes should go to who likes your web page more anyhow.

Just what are we boycotting?

[whoop]

The site is a collection of links to other web sites with free SSH programs. So what, the next time I want a free SSH program, I won't go there?

If we are to assume Mr. Bertrand's letter is accurate (I analyze it in a previous post) and openssh.org is evil, shouldn't we register freeopenssh.org and provide truely free links to programs involving ssh that do not charge a fee thereby undercutting their target audience?

Re:woah

[whoop]

Heh, boy did I read it. You can click the User Info link there to see other comments I've submitted. Look at the one starting "A Proper Analysis..."

Even if they offered, openssh.org has the right to refuse it. That's not reason enough to put out a letter like this condemning the domain owner.

Re:A Proper Analysis of OpenSSH's proposed boycott

[whoop]

The accusation is in the wording. As another one put it, this is much the same as asking, "Have you stopped beating your wife?" I'm not going to parse the literal meaning of each word a la President Clinton or Senator McCain (for those in the US). Whether it's calling someone a wife-beater or claiming they are collecting emails/personal information, you had better have some evidence to back it up.

But if you do wish to take it all literally, anyone could say the same about openssh.com, openbsd.org, slashdot.org, linux.com, you, me, etc. I will be against doing anything like this to anyone (even Microsoft) without just reason. Do not pollute our community like this.

Re:a slight bit of interest

[whoop]

Odd.and the page is simply a link. Looks like this guy registered the domain name for the project. We need some more information on what this guy is doing before an honest opinion could be made.

And what's stopping you from doing the research to learn what "this guy" is doing with the domain? This intro page points out right up front, "For information about OpenBSD' OpenSSH implementation please goto: http://www.openssh.com." If you're looking for the OpenSSH project, go there. This is perfectly legitimate use of a domain. If you are brave enough and actually click on the link to his www.openssh.org, you will learn his true evil cause. *GASP* A list of links to free SSH programs. Ohmigod, the horror!

I even like the use of HTML on this page. No Frontpage/Netscape crap in meta tags. Most likely hand coded. Let's hope he used vi to create it. ;)

Re:woah

[whoop]

It seems odd that he wouldn't sell the domain name if he really supports cryptography

This line got me thinking. Could it be the OpenSSH folks just don't want to have to BUY the domain from them? Are they looking for a free ride by seeking the knee-jerk Slashdot crowd to flood them with "You homo, give up your domain" emails? The OpenSSH group did register .com and .net via Network Solutions. Perhaps they are just flat broke now. :) (a pun against NSI's prices, not their state of finance)

Re:AltaVista.com wasn't squatting

[pb]

"The Whitehouse" actually looks like a very responsible porn site, if such an animal exists.

At least, it looks like that under w3m, which is an excellent (text) browser...

If you're going to register all the TLDs you can with the same name attached, why stop there? Register all the obvious mis-spellings and other things people might try too. (because for the major sites, someone always registers these, and they put up really annoying sites!)

---
pb Reply or e-mail; don't vaguely moderate.

No big deal (yet)

[pb]

Okay, so openssh.org got taken. This happened to altavista, and countless other "big names" on the web. Some guy registers "your" name before you do, so you settle for another one.

Openssh.org looks like a harmless list of links. Of course, the intent of Mr. Alex de Joode couldn't have been that benificent since he already has freessh.org, which is no more than a list of bookmarks, as far as I can tell.

But still, ho hum. No big news here, move along. It isn't that original a name, guys. More importantly, I certainly don't want the big companies taking away our domain names because it's their trademark/copyright/whatever. A ruling in this situation would probably set a precedent that we don't want. The only option I can think of is to try to negotiate with the parties involved, which apparently hasn't worked.
---
pb Reply or e-mail; don't vaguely moderate.

Re:Abuse of the namespace...

[pb]

Actually, slashdot.[cc|com|net|org] are taken. Half of them even point to slashdot!

Fortunately, .edu, .gov, .int, .mil, .nu, and .to are still available. Get them while you still can! ;)

barrapunto.org is "Open Resources", and BarraPunto.com is the Spanish slashdot knockoff...

dotslash.com is coming soon, and slapdash.org is still my favorite...
---
pb Reply or e-mail; don't vaguely moderate.

Re:Data mining? Looks fishy...

[Chexum]

I decided to check out the HTML myself without a web browser...

Maybe you forgot the Host: HTTP header, and they are using virtual servers. This way, the server can't tell, from which server was the page requested, and this is default (erroneous) page for the server.

Re:Hypocritical Linux Community (including /.ers)

[algae]

What the hell are you talking about?!? Virtually every high-rated comment in this thread is in a agreement with you. Where are the hypocritical /.ers that you're referring to (and please don't point to some -5 flamebait post).

You say that we "have an obligation to support Alex de Joode in his legal right to use the domain he registered." Well guess what? We are! Nobody's acting the way you think they are.

That's "Mr. MiLLeNNium" to you...

[Millennium]

Now you're not even getting your own spellings of the word consistent across postings. This little mini-flamewar has been fun (if one-sided; you're the one doing all the flaming), but playtime is over. Your little friends don't have it spelled right, I'm afraid. Or perhaps you want me to quote definitions from other dictionaries?

I'm bored of arguing over the spelling of my handle. You're not the first one I've had to explain this to. You're not even near the first. So if you'll kindly step aside, I'd like to get back to the "stuff that matters" bit.

Re:openssh.net indeed!

[Millennium]

Actually, the word you misspelled was, of all things, "millennium." Two Ls, two Ns. At least, as defined by "Noah Fucking Webster."

I could go into the history of the word and explain exactly why it's spelled that way, but I'd imagine you've already stopped reading this post so there wouldn't be much point in it anyway.

By the way, just in case you are still reading this, what is it you don't like about my writing anyway? I don't recall you ever complaining before.

Considering the update, it all makes sense...

[Improv]

After having read the update, and recognizing
the name of Theo der Raadt as being one of the
more problematic people in the BSD movement,
it seems likely that Joode is entirely in the
right. In fact, if I were Joode at this point,
I would keep openssh.org as it is currently,
not turn it over to anyone, and write some nice
essays that make it clear how much of a loony
Theo is. It's clear that Theo is doing his best
to smear Joode...

Re:Abuse of the namespace...

[Improv]

ibm.net = Advantis -- IBM's (ex) ISP division.

Well, may lose a little Karma for this but...

[moonboy]

Who cares? The rules are not adhered to anymore anyway. Though this may seem to be a big deal now, I think it will cease to be in the somewhat near future.

There are already many such sites out there that disregard what these extensions were set up for in the first place. There are also many sites out there that buy a ".com" address (or whatever: .org, .net, etc.) and they merely use these sites to point to another site altogether. I used to think, "what a waste of a name!" BUT, like I said, I think this will cease to be an issue in the future. Why? The net is in it's infancy, pure and simple. These .com companies are so very overvalued right now. Why is this? Well, if you have a .com at the end of your address, that automagically gets you millions more in venture capital. What a bunch of bunk! There are going to be a lot of people and companies surprised in the future when there is a big shakeout and all of this venture funding stops flowing into the valley. These companies are built on stilts (.com stilts, if you like) and when they don't put forth the numbers that is expected of them...whooooops! Those stilts are going to break in half under the shere weight of the companies they support. We all know that content is king in media. When these companies end up without any significant contribution content-wise...watch out! They are going to come tumbling down. How many really BIG pet store companies can there be on the Internet? Auction sites? Search engines? I'm sorry, I don't think that many. I think once they start falling, they are going to get bought out by the "Wal-Mart's", "Amazon's" and "Ebay's". Not that they are even guaranteed to be around.

I know that this does not have much to do with the OpenSSH controversy, I just had to get this off my chest and maybe put some things in perspective.

Re:You mixed up your dates..

[nathana]

Well, apparently InterNIC must have messed it up, at least if you believe what one of the developers of OpenSSH posted here on Slashdot: link

Top Level Domains

[kidlinux]

What would be interesting would be if people and/or communities could get their own TLDs and be the one who sets the rules for that TLD.
For example, the Open Source community could have its own TLD ".open", and the rules for owning a domain name under this TLD could be based around some kind of Open Rules, which could be designed and evolved by the community.
Of course, this would need the big DN servers, and that costs some cash. But for something as big as the Open Community you'd think someone would like to make a donation of DNS resources.
THEN: OpenSSH can have "SSH.open", or something -- I guess it depends on what the TLD is, maybe "OpenSSH.opn".

Re:Top level domains

[FFFish]

Why do you consider .com to be strictly an American TLD?

--

Re:Top level domains

[pmc]

Nay, Nay and thrice Nay: .com is an international designation, not a US one.

Re:Top level domains

[okjo]

An if they where in the USA they should use .us and not .com ;->

their IP, and ftp site...

[kidlinux]

I nslooked up the IP for OpenSSH.org, 192.87.30.19, then nslookedup the IP, and it points to tux.securetux.com. I went to that site in my browser, and it went to http://www.dejoode.com/, DeJoode Associates, LLP. It had a logo image and email link, but that's it.
FTP is open for anonymous connections on that same IP too; a zedz.nl mirror. There's some interesting stuff there, like /pub/crypto/crypto/ (which actually has all kinds of crypto stuff like SSL, OpenSSH, and others) and /pub/crypto/cracking/ (and then the "warez" dir in there). A lot of interesting stuff on that ftp, /pub/incoming/ (and its VXe subdir) too. 18446744073707919700 Kb left for uploads as well.
Tons of security stuff, but there's "cracking" stuff too.
Maybe I don't know what I'm talking about, but it all seems odd to me.
Go ahead, snoop around.

Re:kernelnotes vs linuxhq all over again?

[osu-neko]

Unfortunately, if he intends ill with "openssh.org" based on its similarity to the official site's name, making the official site "open-ssh.org" actually plays into his hand. It's probably best not to make the official site differ from his by a simple and easily forgettable bit of punctuation.

--

Re:Yawn

[osu-neko]

Still, it's a bit on the harsh side.

Harsh? Harsh?! WTF?!? The OpenSSH people have done, what? They've issued an advisory that essentially says, "Hey, it ain't us, so if you want to see or talk to us, don't visit or send email there!" In what way is this harsh?

--

Re:domain names

[osu-neko]

Umm, if 3 TLDs are too many, would you recommend just one? If everything ended in, say, ".com", we could just leave off the ".com" on all domain name names. Then we wouldn't have 1 TLD, we'd have millions!

Paradoxical as it may sound, an argument that 3 TLDs is too many is an argument that there should be more TLDs!

--

Re:Come on, this is Alex de Joode!

[osu-neko]

They also fail to give any rationale for their accusations other than that de Joode refused to sell them his property, which is meaningless.

Well, seeing as how they haven't made any accussations, it'd be kind of hard for them to give any rationale for them.

...but have a little think: Why would the OpenSSH group want you to think that openssh.org, who points to openssh.com and to one other site, is evil?

First of all, they didn't say it was evil, they quite specifically said they don't know the motivations behind it. So, maybe it's evil, maybe it's not. They have made no accusations nor any statements at all to the effect that the motives are bad. Secondly, ignoring your question but asking the relevant one I think you may have been alluding to: Why would the OpenSSH group recommend not trusting openssh.org? Is there some reason we need to speculate about this question? They answer it in their own letter (you did read it, didn't you? You seem to be replying to /. comments instead of the letter, since you've already said twice it says things it doesn't say) when they point out that the motives of openssh.org are unclear at present.

--

Re:A Proper Analysis of OpenSSH's proposed boycott

[osu-neko]

Finally, Mr. Bertrand pushes one of the hottest buttons in the community, privacy. "This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution." Hmm, a very strong accusation.

WTF?!? Did you read the text you just quoted? Where's the accusation? You do know what the word means, don't you? Where in the letter does it say Mr. de Joode is doing anything? Saying he could use the domain for data mining is not an accusation, it's an observation. You do understand the difference between these two words, right? I've read Mr. Bertrand's letter several times, and he's not accused of anything (other than not selling his domain, and I don't believe that fact is in dispute).

None of us like being spammed, tracked where we go, etc. So, I asked myself, "What data mining is openssh.org doing?"

If you'd actually read and understood the original letter, you'd have realized that question is irrelevant. openssh.org was not accused of engaging in that activity in that letter. I suggest learning some basic reading skills before attempting "A Proper Analysis" of anything -- how can you analyze a letter when you obviously didn't read and understand it to begin with?

--

Re:Mr. Fries explain this.

[osu-neko]

Those are pretty brutal accusations which you seemed not willing to react to.

Reread the quoted text:

Please do not visit the .ORG site, nor send email to anybody at the .ORG address.

That's a couple of requests. No accusations there.

This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users.

This is an observation. Note particularly that it discusses in the hypothetical mode (note the words "possibly" and "could be") what could be done with such a domain, and as a webadmin, I can assure you that the observation is absolutely true. But note that at no point is any accusation made that this is or ever will be done.

We simply don't know Mr. de Joode's motives,

Another observation. No accusation here. In fact, this admission precludes the author from making any accusations. If the author wished to make any accusations, he would have to deny what he's just admitted.

and we recommend caution.

And finally, we have a recommendation. No accusation here either.

I'd sure love to know where these "brutal accusations" of which you speak are.

I would like to know why you claim this.

What pray tell did you think the author was claiming? That there exists the possibility that this could be used for data mining? I assume the author claims this because it's absolutely true. That the site is for this purpose? The author does not claim this at all, in fact he points out that he doesn't know Mr. de Joode's motives at all! I assume that this too is a true statement. Since the author has made nothing but obviously true statements, I'm curious about what potentially false accusations you believe are in the letter? I can't find any...

--

Re:A Proper Analysis of OpenSSH's proposed boycott

[osu-neko]

I've read Mr. Bertrand's letter several times, and he's not accused of anything

A clarification: the "he" here refers to Mr. de Joode, not Mr. Bertrand as it may at first seem. Sloppy use of pronouns on my part; I apologize.

One more thing, I simply don't have time to reply to the message in its entirety, so I picked this as the most obvious example of what's wrong with this "Proper Analysis", to illustrate it's nothing of the sort. The rest of it works the same way: straw-man tactics. First the author distorts what Mr. Bertrand says, then argues against the fabricated point Mr. Bertrand never said to begin with. It's easy to win an argument against a straw-man. But it's the furthest thing in the world away from "A Proper Analysis."

--

Re:Looks like de Joode's trying to make a point.

[Nathaniel]

"It does not contain any scripts or applets."

You don't know that.

I am certain I can put up a page which appears to have no scripts of applets, but does server side processing.

Even if this isn't the case, there will be web log files which could be used for data mining.

Of course, this may not be happening.

Re:Yawn

[azatoth]

> I know nothing about de Joode

He was one of the main developpers of openbsd and has been blackbowled by the others for not really clear reasons. They are just continuing bashing him (I don't defend him nor the contrary)

XS4all and Alex deJoode are now more known in the web databases for their implication in the Grady Ward trial (this is relative to scientlogy :-/ )

Things are not as simple as only name squatting...

Re:Do you know what the "net" TLD is meant for?

[sarlalian]

And considering that slashdot was originally a site done by a college student, not for profit, it makes perfect sense. It is just in recent history that it has really become anything remotely near a comercial venture.

Re:Controversy?

[sarlalian]

Slashdot is not the only source of news.. if you check OpenBSD Journal there has been mention of this for several days now.

Re:You mixed up your dates..

[sarlalian]

This is going to sound like flamebait.. but..
like NetworkSolutions never messes anything up.. I wouldnt put it past them having the wrong registration dates in their database.

Re:I'm perplexed

[sarlalian]

One of the more frightening aspects of this is the security implications... I'm sure that the owner of the OpenSSH.org site has good intentions, whatever they are, but he could put contaminated binaries and / or source on his site. This could be code that has various security vulnerabilities with it, etc... This is especially dangerous in software who's express purpose is to help secure your system.

Now I honestly dont think he's going to do that, but it is a valid concern.

Re:Come on, this is Alex de Joode!

[TeddyR]

"Well, seeing as how they haven't made any accussations, it'd be kind of hard for them to give any rationale for them."

Um..

from the http://www.openssh.com page:

"If you reached this web site via www.OpenSSH.ORG, please realize that OpenSSH.COM is the correct address, and that OpenSSH.ORG is owned by a domain squatter (Alex de Joode of Zedz.net) who allocated the domain after he saw us first use the name, and probably collects information about those who visit the page before forwarding it to here. Also, please do not mail to us at openssh.ORG, since he also receives that mail. We have repeatedly asked him to please give us the domain, since we feel that we (not he) created this free, new, and great thing for the world to use and we wish to avoid confusion. If you can, please mail him and ask him to reconsider. The members of our developer group have asked as nicely as possible, and it has not gotten us anywhere."

lets see... they are accusing him of being:

• A domain squatter.
  
• eMail hijacker.
  
• Intellectual Property theif.
  

and thats what is being said publicly...



--
Amarillo Linux Users Group

Why the heck are you calling me a troll?

[N8F8]

I think thats complely unfair. I think my point is legitimate, especially considering recent stories like " Tux Works for Microsoft?! " where somone basically hacked a website because they didn't agree politically, then posted to SlashDot to rub it in .Ha Ha, I get it.

Where does this go from being humorous to somthing more sinister like cyberterrorism? Sure /. a site as a political stand for effect is one thing, but painting a bullseye for hackers is another.

Re:AltaVista.com wasn't squatting

[N8F8]

Point taken. I agree with what you are saying. On another point, if I were to register a business domain I'd certainly register all the TLDs. Just go to the Whitehouse to see why. On the other hand, the guy using this website sure is capitalizing on it and I can't see any reason why he shouldn't.

Re:Cybersquatting makes me sick

[howardjp]

Only if you start a coutnry whose two-letter country code is OS.

Re:Ugh! (Offtopic)

[unitron]

Not if they're doing the job properly, they won't. They'll go back and read as much of the original thread as necessary to judge properly. (this is easier with redundant than with troll or funny, however)

Could it be ... ?

[airfabio]

www.openssh.org is running Apache/1.2.6 Red Hat on Linux.

Damn these Linux people taking stuff from Good BSD people.
Well, as long it doesn't run win98 I am cool.

Go to Italy

[craw]

I said it once before but I'll say it again. Any domain related to SSH should be registered in Italy. The .it should do it (no pun intended).

The ppl who try to filter out the offensive domains will have a quandry. Sorry, openshit.it is not allow. We don't want any shi, ah woops, cra, woops, ah, poop here.

POOP, People Outraged for Opensource Privacy. (Actually this sucks. Does Echelon filter poop?).

Re:A Proper Analysis of OpenSSH's proposed boycott

[pqbon]

Wow! I bet you are an openbsd guy. All I can say is Objection sustained... Oh wait... That's what the game the openssh.com guy was doing. He was putting an un-substantiated claim out for the reading public to sow the seed of malicious activity. This is the same thing lawers to in jury trial they throw things to the jury that will get striken from the record but will still influnce the jury.

If I were say to Cmndr Taco is not on vacation but is locked up in Hemos' basement. You would be that much closer to believing what you wouldn't have even considered on your own. And maybe a few people would email Hemos demainding his release. It happened all the time in the OJ trial the lawers would ask questions and give probable answers just before and objection could be raised... and the remark striken every where but the jury's memory.

Let us consider why this was sent to slashdot in the first place: 1) Slashdot is a mostly linux site (say what you might but I don't see announcements of *BSD or SYSV beta kernels only linux kernels) 2) Many slashdot readers are hotheads who flame and crack with out thinking or reading. To me it seems like the perfect place to sow the seeds of discontent. Throw a little gas onto the slashdot fire with some unsustantitiated aligations (yes that is was those were...) and maybe the openssh.org gives up his domain name just to stop the spam and hacking of his site.

I'm not sure but I bet if that site gets attacked and the reasoning can be traced to those comments I'm willing to bet Mr.Bertrand can be sued for liable.



"... That probably would have sounded more commanding if I wasn't wearing my yummy sushi pajamas..."
-Buffy Summers
Goodbye Iowa

Is this really boycotting?

[Kitanin]

If the people who installed your security system called to advise you that `John Smith', even though his ID seemed legitimate, was not a representative of their company, and should not be permitted to maintain your system, would you be complaining?

It's the same situation here. Alex de Joode, and by extension, openssh.org, even though the host name seems legitimate, are not related to OpenSSH. If you are sufficiently concerned about security to be looking at OpenSSH, this fact matters.

The problem is, ``boycott'' was a bad^Wpolitically unwise^W^Wbad choice of words.

Re:They already have openssh.net

[astyanax]

Also, do open source project automatically have a right to the dot org? I think this is presumptuous. What makes any project "the official" openssh project other than when it becomes the de facto standard? Maybe this guy has a right to create another open source or proprietary "openssh" package.

He does indeed have that right, but it doesn't appear *yet* that this person is starting a new project with the exact same goal as OpenSSH.

When you think of an open source development project, you automatically think of .org as the TLD (non-profit). Well at least I do.

Since this guys seems to want an SSH portal, why don't they just swap domains, since a portal would be considered more commercial (.com) and the open development project considered more nor for profit (.org)

Will slashdot post correction?

[ajm]

Here's a case where either slashdot was taken for
a ride cause they didn't do their homework, or they had some axe to grind in the dispute. So, after the hysterical headline, based on one side only of the story, they post a little link to the other side. Slashdot needs to stand up and say they were wrong, and explore more fully what is really going on here, which would be interesting and illuminating. Everything is not always golden in the world of open source. Since, in many cases there isn't, or didn't used to be, a whole lot of money involved, the ego reward is much more important for some people. And that can lead to some long running and bitter disputes.
And next time, before putting fingers to keyboard, please engage brain.

Re:Will slashdot post correction?

[DryEraser]

If they let this lopsided article stand, perhaps we can conclude that they don't really care about truth. How about engaging the conscience? Better late then never.

Re:Question: TLD's?

[Rozzin]

"What is the reason for limiting the number of TLD's?"

A better question is, `what is the reason for having suffixes on TLDs?', and the answer might be that it allows different entities wanting the same name for different reasons to have that same name.

"It seems to me it'd be just as well to allow any organization to register a single TLD as their own."

It sounds like you mean, `drop the suffixes' (unless a full name of just "ibm" would be illegal).

I think that the suffixes on domain-names are akin to suffixes or prefixes on file-names (they're an easy way to have and differentiate between several files with the same name but different types).

Dangerous data collection?

[PureFiction]

ehehe./. its a blank page, no cookies, no scripts, nothing but a freaking blank page with a little text and two links..

I think some people are pissed off.. ehehe..
(i guess I would be too)

But that seems to border on the edge of slander..

Read before you leap...

[Ageless]

It's worth reading what the guy has to say on his web page about this mess. Sounds like he's been pretty nice about the whole thing and that he has offered a pile of options to the OpenSSH team.
You can read the page here

Re:Two questions...

[WH]

I'd use OpenBSD myself but I refuse to support Theo. I'm not altogether surprised by his latest tactics. OpenBSD cd's do make better coasters than Microsoft cd's btw.. WH

Re:Looks like de Joode's trying to make a point.

[Reject]

You mean the same freessh.org which, completely coincidentally, also belongs to him? Or the not mentioning that he's also linking to Freessh.org found, say, here?

The /. article was a post taken from a mail. It's hardly fair to claim that "they" are trying to hide info without first doing a little research (and no, reading /. and the comments doesn't count).

--
Reject

Funny you should mention tunneling...

[Sangui5]

But SSH (more specifically, OpenSSH) will allow you to do encrypted tunnelling of any IP service. No SSL needed (if you aren't worried about ppl. spying on stuff as it goes from the source site to your tunneller).

Question: TLD's?

[MikeFM]

What is the reason for limiting the number of TLD's? It seems to me it'd be just as well to allow any organization to register a single TLD as their own. So that a page at IBM might be es.research.ibm and would take people to the Spanish version of IBM's R&D web site. By limiting each organization to a single one it means they can't fight over every single word in the fricken dictionary. They get a tidy little address that actually makes sense and anyone can register any SLD they want under their own TLD without stupid rules about squating and trademarks and such. I don't see any reason why the system couldn't be adjusted to migrate to such a domain name scheme without disabling the current scheme. I'd go as far as to decentralizing the TLD's so that no central authority can keep you from registering whatever you want. Make it so you just point out the list of IP's you want to get TLD's from and then try them in order and whichever is first in your list gets priority. Sure 99% of us would still use some central group but by opening the system up as much as possible it'd make it so that if one domain registar got snotty people could just migrate painlessly. Maybe there are technical reasons why this shouldn't be done. If so I'd love to hear about it.

Re:Question: TLD's?

[MikeFM]

*nods* If the reasons given are anywhere near correct I don't think having a limited number of TLD's has worked. A good many companies will register at least the top three .com .net and .org for their trademarks and often more these days. I also highly doubt that computing power for handling the list of TLD's would be a problem these days if the system was programmed correctly. I think a lot of the problem is companies refusal to use the system as it was designed to be used and the publics inability to grasp addresses outside the www.anything.tld format. Most non-technical people I know don't even understand what makes a domain name a name and just use the Internet by clicking links. Maybe the web itself is usurping the role domain names once played?

Re:Question: TLD's?

[dorjelorand]

"What is the reason for limiting the number of TLD's?"

A better question is, `what is the reason for having suffixes on TLDs?', and the answer might be that it allows different entities wanting the same name for different reasons to have that same name.

"It seems to me it'd be just as well to allow any organization to register a single TLD as their own."

It sounds like you mean, `drop the suffixes' (unless a full name of just "ibm" would be illegal).

I think that the suffixes on domain-names are akin to suffixes or prefixes on file-names (they're an easy way to have and differentiate between several files with the same name but different types).


Just as the groupings of IP addresses in to Class A, Class B, and Class C simplified the job of routers quite considerably, I believe that splitting up the namespace into a relatively small number of TLDs simplified the job of the root name servers quite a bit. Somebody has to maintain an SOA record for each TLD at the root (the nothingness following final dot usually left off of domain names) and having tons of TLDs would significantly complicate this job. Splitting it into .com, .org, and so on helps a little.

Of course, the whole system was set up in the early eighties, when the face of the net was quite different. You didn't have the kind of abuses of the name system that you have today, like Micro$oft buying microsoft.org, and you also had the root nameservers running on what by todays standards was really lame hardware (in terms of power, not reliability). So the splitting really accomplished something, and the lack of computing resources on the root servers meant that it was necessary.

Not that I know any of this as fact - I'm just speculating. But it's speculation based on two years of running a couple of DNS servers.

Dave

Re:Whois the two YOURSELF!

[ShinGouki]

you might want to consider switching to decaf, man. the holier-than-thou we're-right-and-anyone-who-disagrees-is-evil attitude isn't really helping your cause here.


-dk

Re:Yawn

[nosferatu-man]

In what way is this harsh?

I think that the warning on the openssh.com page is a little out of line:

NOTE: If you reached this web site via www.OpenSSH.ORG, please realize that OpenSSH.COM is the correct address, and that OpenSSH.ORG is owned by a domain squatter (Alex de Joode of Zedz.net) who allocated the domain after he saw us first use the name, and probably collects information about those who visit the page before forwarding it to here. Also,please do not mail to us at openssh.ORG, since he also receives that mail.

(Emphasis mine) Don't know much (or care much) about the situation, but that's a pretty fair accusation of one of the nastiest hot-button issues around. I'd call it harsh.

(jfb)

Re:Abuse of the namespace...

[mcc]

> Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the .net TLD, but it's nothing more than a redirect to the .com address, which is by your definition another "ridiculous misuse of the namespace."

earthlink.net/psi.net, if you want the local big national bethemoth.
swbell.net (and pacbell.net, etc...) basically your major telcoms and thus major DSL providers.
pdq.net and concentric.net. i know nothing about these but they're the only ISPs i ever see ads for around here.
wt.net.

except for the cable access, RoadRunner, netcom and AOL, these are about the only ISPs in the area i can think of off the top of my head. and the .net domain is the one that they all use for reverse DNS resolves of people on their networks.

ok, maybe a bit of a nitpick, but still..

Re:Is it *really* that important?

[fries]

Right on! Not to mention the fact that if you read the OpenSSH.ORg web page you will note that it states 'free ssh implementations go to www.freessh.org' and stating "OpenBSD' OpenSSH implementation goto www.openssh.com"

.... now you tell me .. what is that implying to you? Ironically, the most freely available OpenSSH license can be found at www.OpenSSH.com.

Can someone explain to me this doesn't mean what it implies?

Re:Alex isn't a squatter

[fries]

One group developing a single implementation? I'm quite confused. I thought 'THE' implementation originates with OpenBSD developers, and the other projects are simply packages of what OpenBSD has created. Call me crazy, but...

Re:FreeSSH

[fries]

No problem, except there is but one OpenSSH source, and a bunch of repackaged, added onto distributions of the same for other os's. All
are linked to from the OpenSSH.com site. Thus
the OpenSSH.org site is a head-scratcher...

Re:Mr. Fries explain this.

[fries]

I cant understand your logic here. The phrase "We simply don't know" doesn't spell it out for you? Apparently there is a community out there that knows Mr. de Joode's motives alot better than he is explaining himself. That is good for you. The simple thing that is being sought is what the usefuless 'OpenSSH.org' is serving him, considering there is but one OpenSSH source, and a bunch of secondary bundles with secondary additions, all of which are pointed to from OpenSSH.com ...

Re:A possible way to solve this dispute

[fries]

There are links from OpenSSH.com. Are there not?

Too focused on OpenBSD? OpenBSD follows standards.

It also has a reputation for secure code.

Secure code cannot be written and audited when
cluttered with tons of cross platform crud.

OpenSSH as found in OpenBSD will remain small,
ironically 1/5th the size of some of the bloated
repackaged distributions containing the same name.

As to 'becoming too focused on OpenBSD', well, the
program will be suppored by the develpers to work
on OpenBSD. This is how it is, this is how it
always has been, this is how it always will be.
There is no change here, this is simply how it
can easily be maintained. There are pleanty of
people in the community who will take changes
from the OpenBSD code (and are welcomed to do so)
and prepare it for compiling on other operating
systems. They already have, they will continue
to do so, there is nothing stoping them from
doing so, and btw, that's the way it should be!

I would hope to think that this is not about
OpenBSD but the community of users that use
OpenSSH ... unfortunately not everyone is seeing
it this way.

Re:Notice Fries reactions?

[fries]

My reactions and tone are indicative of the
fact that no matter how much I say it, you guys
keep stating over and over 'guess what? OpenSSH guys are lazy bums that didnt register openssh.org when they had the chance' ....

Now consider the following:

... you register a .com domain because you checked everything out and you saw that all the registration authorities you bothered with told you it was already taken

... you find out months later they keep stating that you were lazy and really did have a choice.

Are you going to be calmly correcting everyone
when you notice that everybody keeps clamoring
the false information over and over?

Re:woah

[fries]

Sorry, you are sorely mistaken. Please see my letter at The OpenBSD Journal. I hope you are simply misinformed on the issues. A real effort was made to contact and communicate with the registrant of openssh.org, but no progress was forthcoming. It was with great dismay that the tactic that has been taken was taken. Please do not suggest otherwise. Thanks.

Re:A Proper Analysis...

[fries]

For the umteenth dozenth time, would you please
look at whois.internic.net? Your comment would
suggest that I mistakenly was told by the domain
registrars that openssh.org was taken when I
originally registered OpenSSH.com .. but this is
far from the truth. It was indeed registered. Your 'favorite' domain registrar is once again
shown to be quite thoroughly broken.

So to your point 'A)' above I hope you retract
your accusation ..

To your point 'B)' above, who is the official
group behind OpenSSH ? I believe you will reply
'OpenSSH.com' .. ok, so isn't squatting holding
a domain even though there is really another group
or entity that would naturally be thought of when
the url is mentioned? What real use has anyone
but the developers of OpenSSH with this domain?

To your point 'C)' above, how exactly is this a
replacement for the OpenSSH.com site?

I believe we all know who the real OpenSSH developers are. Why anyone would suggest this
domain would better the community in the hands of
another I will never understand, whatever his
motivations.

Re:That is one reason to use Google

[c64k]

To make the entire internet seem as fast as their local content...

At least that's what they taught me in the couple weeks I worked there. Basically the @home network is a whole high speed backbone with a small number (small in a relative term...) of peering points connecting it to the rest of the internet. To keep from bottlnecking at those peering points they cache stuff as much as possible. So the proxies aren't there to monitor you (lord knows the @home noc folks have better things to do than watch where you surf) they're there to relieve strain at the the possible bottlneck points in their network.

At least that's my hazy recolection of the network description.

Just a sence of things

[Felinoid]

Just by grepping what was already said here is what I think of this situation...

We have no idea what the .org guy plans to do.
The OpenSSH people planned to use the .org domain.. after all it's an open source project so it belongs on .org. However like anyone prepaired to deal with net squatters they grap .com,.net and .org.. Here comes the nasty part...

Someone else notices the .com domaim go up and for reasons yet unknown (Let me hazard a guess.. he thinks he is seeing a domain squater in progress) he grabs the .org...
It is not clear how or why the .org guy got his domain BEFORE OpenSSH got it..

Now the OpenSSH people make contact with the .org guy... He dosn't respond. Why? There are a number of posable reasons.

Now basicly the OpenSSH people are being "Resonably paranoid" Boycott? Thats an odd use of the term to be honnest.. Just use openssh.com instead of openssh.org... Thats hardly a boycott... Just don't use the .org domain as the motivation and purpous are unknown at this time... and it's better to error on the side of safty...
As for a boycott.. Don't... If someone responsable for the .org site is selling something don't take arms and boycott it... just don't use/advertise the stupid .org domain..

Just stay away from the .org site... it's a redirector and any website you visit.. even redirectors... gather some useful stats...
Nothing dangerous like e-mail addresses or... COOKIES ARE GOING TO KILL YOU ALL.. or evil web viruses.. Or some how getting you on Santas "Bad" list (I bribe him every year so I stay on his good list)...
Just some statistics he really has no right to anyway...
His reason for it? It may be some perverse game, he isn't ready to sell or he thinks the .com people are squatters... who knows...

Re:Just a sence of things

[Score+Whore]

We have no idea what the .org guy plans to do.

Do you have any idea what the .com guys plan to do?

Re:Controversy?

[phuzzie]

Actually, this story broke serveral days ago on OpenBSD Journal. You merely assumed "this is the first publisized information about it".

Gotcha scenario

[sverrehu]

1. Mr. de Joode sells openssh.org to the American government (or other) for an unknown amount of dollars.
2. The American government (or other) mirrors openssh.com under openssh.org.
3. The American government (or other) replaces downloadable files (source and binaries) with trojans doing all kinds of logging/reporting.
4. SSH security becomes a joke.

Re:Gotcha scenario

[PigleT]

Yes but who'd want to export their crypto from the US government anyway?!

Did you read everything?

[freakinPsycho]

Has anyone bothered to read all the info available? try reading Alex de Joode's version of what is going on. this is not a case of simple squatting. according to him, he was trying to help the community by providing a site where various versions of the software could be obtained. this was not someone setting out to "cause trouble".

you also notice that he tried to arrange a settlement with OpenSSH, which they rejected.

i personally find the letter to slashdot to be in poor taste. this was an affair that was between two groups, and now OpenSSH has tried to bring a bunch of people against Alex de Joode by using slashdot as a forum.

this is not a site to fight your personal wars. this should have remained between mr. de Joode and the OpenSSH group.

and a note to people posting here, try to read all the info at the sites before unleashing your flames on someone. you might miss something important.

----------------
"All the things I really like to do are either immoral, illegal, or fattening."

Re:Yawn

[IcePic]

Still, lets not forget that this person *might*
do something in the future which may impact
on OpenSSH. He might start distributing non-
working or broken/viral versions or worse.

I know nothing about de Joode, so I'm not accusing
anyone here, but the possibility exists so I can
understand the concerns OpenSSH.com might have.
Still, it's a bit on the harsh side.

Re:That's lame.

[Durbs]

A minor point, but there's been a porn mag called 'Whitehouse' in the UK for *years*, so they do have a claim on whitehouse.com - it's not just opportunistic domain squatting.

@Home Proxy Servers

[Atomizer]

The main reason to use the proxy servers is for caching. Try downloading a big file, and then when it's done do it again. The second download should be much faster, for a while. I'm sure they also track where their customers are going, but you also get a speed up on commonly accessed web sites. Oh, and you get the enhanced 128K max upload speed. It's good for you, trust them.

Re:Ugh! (Offtopic)

[SEWilco]

Relax, it's only a little moderation. It fades soon enough. I would have tagged it "Temporally Obsolete" myself if I could. Further moderation discussion where it's appropriate.

The authors e-mail...?

[bemis]

Perhaps it's been a little bit too long since I've slept, but I could have sworn that they guy who 'signed' the letter was asking not to e-mail or visit 'openssh.org'(when the legit openssh team is @ openssh.com?) and then signed the email with "name@openssh.org" ... wtf?
..guess i must need more caffeine ..

Re:The authors e-mail...?

[bemis]

okay ... sorry .. a quick 'jolt cola' and a quick look at the letter again pointed out my folly to me ... apologies on the wasted space (of both of these). bemis

The revolution starts now (or maybe tomorrow)

[dead_penguin]

What, then, would you suggest Slashdot's URL be? "Slashdot.com" doesn't fit, because Slashdot isn't really a commercial venture (the ads notwithstanding). "Slashdot.net" doesn't work for the reasons you just said. "Slashdot.gov" and "slashdot.mil" are obvious problems as well.


Ah, but "slashdot.mil" will become appropriate very soon with our plans for world domination. Once they are in place, "slashdot.gov" will become equally necessary. You didn't really think this was just a simple little news site, did you?

Someone's in Quiet

[jpowers]

At least it has a consistent tone.


-jpowers

Re:Looks like de Joode's trying to make a point.

[Larry+L]

Yes, until we hear from him we're all making assumptions. But if he were to do what you just said to withhold the domain name in order to publicize both projects, it seems unethical.

Re:Looks like de Joode's trying to make a point.

[Larry+L]

But it's the wrong way to approach it. There's a difference between advocacy of other projects and just plain interfering with a project by taking it's most logical domain name.

This smells like a pissing contest

[Arashi]

Zedz.net (under their former name of replay.com) have done sterling work for years - advocating and providing strong crypto, providing assured anonymity systems and services _for free_, and in general raising the awareness of crypto in Europe and providing valuable resources. To be honest, they've been on the block longer than Slashdot.

The domain issue is a silly one - I am strongly opposed to the "register everywhere to protect the organisation" policies advocated by Network Solutions - it obviously helps them sell more domains, but if your organisation is weak enough to need this type of protection, you have other things to worry about. It is arguable whether the current "hierachical" domain model is valid any more - if everyone "has" to be under .com, then surely .com is redundant.

Two things occur to me - the OpenSSH project(s) should be about cutting code, getting it out there early and often, and providing a viable alternative to the closed-source implementations. Squabbling about who has what domain name has nothing to do with open-source.
The Linux v BSD issue is also a non-event as far as I am concerned. Why can't you develop something that is cross-platform? The adoption rate will be far higher? In my opinion, the most desperate need for an open-ssh client is on WinTel - something which will compile and run on Linux, BSD and Wintel stands the most chance of being the prevalent package of use. Simply writing something that your friends will use probably means that your friends will be impressed, but the rest of the world will ignore you.

For Slashdot to caricature this as a "domain squatting" issue seems at least, sloppy journalism, and at worst, rampant bias.

If slashdot wishes to be seen as the voice of the opensource community, then it needs to raise its standards above simple jingoism, and present a balanced view. You certainly don't speak for me on this issue.

Re:Very weird...

[Zurk]

i dont know why the openssh guys simply dont block all requests coming through openssh.org...that will put an end to it instantly. just make the front page dynamic and block the moron.

*OTHER* squatting?

[Trojan]

What other squatting? That link is referring to Colgate vs Ajax.org which was clearly *NOT* a case of squatting, since the guy who registered Ajax.org did that for reasons that had nothing to do with Colgate. (And neither did it have to do with Ajax Amsterdam, for that matter.)

Re:They already have openssh.net

[GoofyBoy]

>When you think of an open source development project, you automatically think of .org as the TLD (non-profit). Well at least I do.

I've given up on assuming website of projects or companies. Too many ways to insert hyphans and pluralization.

Now until I know exactly what it is, I look it up on a search engine.

(Oh, and I have to agree with others who make the point of 1. Openssh does not automaticlly have the right to a domain name just because they way its named and 2. Until we hear from both parties we just don't know.

Re:Abuse of the namespace...

[timftbf]

$ISP_I_USED_TO_WORK_FOR did it The Right Way - $ISP.net for infrastructure - routers, internal servers, staff email; $ISP.co.uk for customer-facing servers, customer email etc.

($ISP_I_CURRENTLY_WORK_FOR is a backbone provider and uses so uses .net everywhere.)

I see far too many ISPs now getting the first part right and registering themselves as .net, but then handing out $LUSER@$ISP.net addresses to their customers. It just makes them look like they Don't Get It.

slashdot.org is about as right as any other .org with banner ads IMHO, and I guess it's better than the alternatives.

Regards,
Tim.

Notice Fries reactions?

[Mystikite]

having scanned thru the comments, and read the more interesting ones, i notice that most any message that is obviously in openssh.org's favor,
mr. fries promptly replys with a hostile-toned message.

I came to this discussion completely neutral, but after seeing the replys mr. fries has given.. the patently obvious "why won't you idiots see my way" attitude, my opinion has swayed completely in favor of openssh.org. I believe Mr. fries is attempting to use the known strong reactions of slashdot to attempt to brute force the openssh.org issue into his favor.

I am saddened that someone so petty, and small minded is a representative of OpenBSD project.

Re:Notice Fries reactions?

[Mystikite]

You brought the matter to 'us', the slashdot community.

And the 'false' imformation is infact true.
You have no claim over openssh.org.
you weren't the first to register it, and you can't force him to give it up.
he isn't doing anything to harm your users, and is even courteous
enough to forward mistaken travelers to the proper address.

I'm alittle surprised your tone has gone from:
> Any help or suggestions in breaking the deadlock > are appreciated.

to:
> everybody keeps clamoring the false
> information over and over?

Re:At least..

[ronfar]

The openssh.org website isn't some Evil page that forwards you to a dozen porn sites.

Not yet, anyway.

Here's his side of the story *READ*

[Kythorn]

On the openssh.org site, I found a link at the bottom to Mr. Joode's side of the story. I think everyone should read it, it clears up some things. He seems like a pretty reasonable guy.. I think I'm going to have to side against the majority here and I don't think Mr. Joode has done anything wrong, if anything, Mr. Raadt is trying to stir up trouble with this malicious advisory, and is clearly in the wrong. Mr Joode's side of the story.

Domain Security

[TheTomcat]

While I believe that the domain SHOULD be turned over the the real OpenSSH people, I don't think that this should become a legal battle, or that he should in any way be FORCED to transfer the domain.

This brings to mind my paranoia. If users trust openSSH.com to distribute clean binaries, and the guy who owns openSSH.org decides that he will also start distributing his own binaries, we could be in for some trouble. Users downloading from openSSH.org might think that it is an official source for the binaries. These cannot be trusted. Look at the BitchX.net fiasco.

If I want to control a bunch of boxen, it would probably be trivial to modify the source of openSSH, giving it a backdoor, then put the binaries on openSSH.org and check my server logs to see where the comprimised systems would be.

Like I said, I'm paranoid.

Re:1st post

[Shadowcaster]

You own your right hand.

Go play in the middle of a busy intersection, leave posting to people with at least a little of their mind left intact.

Re:OpenSSH dot.....umm....

[Gildenstern]

Yep sure is. Looks like a squatter

Re:no link!

[Gildenstern]

www.openssh.org

www.openssh.org is running Apache/1.2.6 Red Hat on Linux

Looks good to me. Maybe we should leave this guy alone till we figure out what he is doing

Re:OpenSSH dot.....umm....

[LordEq]

> What, OpenSSH.cc was taken too?

God forbid. Clear Channel Broadcasting is becoming the Microsoft of the radio/television industry. Their purchase of the .cc TLD is their attempt to push a tentacle into yet another medium. For this reason, I personally wouldn't have a .cc domain -- even if was the last domain name ever to be assigned, and I was given first crack at it.

--LordEq

Re:Jesus, Now slashdot is attacking their own!

[mrBoB]

You're just wrong dood. If openssh.org had content then it would be something for you to bitch about. The point is all he has is two links on the page. All he is trying to do is piss off a legitimate group and perhaps make some money. I hope the openssh team hold out.

Somebody is acting like children...

[The_Morlock]

After reading most of the comments, and after reading the "defendant"s version of what happened, I'm pretty well disgusted with the behavior and blind reacting that has happened here.

I have to admit that I'm guilty as well...the words "domain squatting" get my ire up just like anybody else, but on further investigation I think now that the OpenBSD people are acting really childish. Apparently, (unless Mr. De Joode is a complete liar) he has made several quite reasonable attempts at compromise, which included GIVING THE DOMAIN AWAY. All of which were rejected. This looks to be another case of the bigger organization bullying a smaller one.

Why should anybody have a default claim on a name they haven't registered? Sorry, boys, it doesn't work that way. I cheer the OpenBSD people and the fine work they've done, but come on. That doesn't make them right. He paid for the domain, he has made (to my relatively uninformed knowledge) fair attempts to resolve the controversy, and is the only one of the two who seems to be acting in good faith instead of name-calling and tossing insults and misinformation.

It's unfortunate that just because they posted an "advisory" on /. everybody freaks out and gets hostile. Maybe that's WHY the advisory was sent here. They know the audience too well.

Can't we all just...get along?

The_Morlock
-----
So you say life sucks? Well, life is what you make of it.
so if your life sucks, YOU suck.
-----

Uses of the openssh.org domain name

[fbw]

It should be obvious to everyone that Alex de Joode has no interest at all in putting up a web server on this domain name, seen to the fact that the web site just contains 2 links.

It should however be noted that a domain name is much more than just something to reach a web site on.

When you try to connect to the ftp port of the openssh.org domain you get the following welcome message:
Welcome to the ZEDZ .NL mirror
This site is co-located at the TERENA Offices, Amsterdam, The Netherlands.
We have setup a partial mirror of the content available @ftp.zedz.net (F.K.A. ftp.replay.com)
mailto:adejoode@zedz.net for more info

He is obviously mirroring the ftp site here.

Also there are other uses for a domain name, one would be a fancy email address, which is very understandable.

Another common use of domain names is for reverse lookups, which look fancy on IRC.
This is ofcourse something that is a total waste of domain and IP space, but can still be implemented by owning just a subdomain of the domain. (i.e. the part needed for the vhost)

Re:Two questions...

[Just+Your+Average+Li]

According to the UPDATE, he tried...

from the UPDATE

[Just+Your+Average+Li]

His side of the story and their side of the story don't seem to match up exactly. I just finished reading all the ballot props (CA primary) so I'm in the "which sounds like its been more exagerated" and I'm siding with the openssh.ORG guy.

Re:Bad NSI?

[Just+Your+Average+Li]

What are you basing this on?

How can you assume that NSI is at fault here?
CORENIC is the registrar of openssh.com
NSI registered openssh.org

NSI queries
(is master for ) openssh.org
Record created on 04-Nov-1999.
(retrieved from core) openssh.com
Record created: 1999-10-25 08:44:41 MET by CORE-80

whois.corenic.net queries
(had to retrieve from NSI) openssh.org
Updated Date: 15-oct-1999
(is master for) openssh.com
Record created: 1999-10-25 08:44:41 MET by CORE-80

Seems ta me that it would be corenic that has it wrong and somehow managed to translate it. I would assume that the master server would have the right information, NOT the server that took the information from the master.

NSI didn't screw up, COREnic did

[Just+Your+Average+Li]

I wouldn't say that NSI is perfect, but if CORENIC says this about openssh.org

Domain Name: OPENSSH.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS2.KYARITSU.COM
Name Server: NS1.KYARITSU.COM
Updated Date: 15-oct-1999

this means that it retrieved the record information FROM NETWORKSOLUTIONS!!!! So f NSI screwed up, HOW THE HELL WOULD CORENIC have gotten the "RIGHT" date?

Re:FreeSSH

[Just+Your+Average+Li]

He's free to do whatever he wants with the domain, as long as it doesn't infringe on someone else's legal rights (i.e. trademark violation -- it's not according to uspto.gov, or libel/slander, etc.)

Leave the guy alone.

Re: Abuse of the namespace...

[st.n.]

What, then, would you suggest Slashdot's URL be? "Slashdot.com" doesn't fit, because Slashdot isn't really a commercial venture (the ads notwithstanding). "Slashdot.net" doesn't work for the reasons you just said. "Slashdot.gov" and "slashdot.mil" are obvious problems as well.

What about slashdot.us? Everybody (*) in every other contry uses the two letter ISO country code for the TLD, only folks in the US don't. Why?

"This is how it always used to be" is the worst argument at all.

(*) Okay, not everybody, but really most people/companies etc.

- Stephan.

--
Carpe diem!

Re: Abuse of the namespace...

[st.n.]

Oddly enough, slashdot is not a US state. It'd have to be something like slashdot.andover.holland.mi.us.

Neither are ibm or yahoo or amazon or whatever German states, but they all have a .de domain. Just look around what the current practice outside of the U.S.A. is!

- Stephan.

--
Carpe diem!

SUPPORT ALEX DE JOODE

[DryEraser]

The case of the OpenSSH domain names lies at the intersection of several interesting issues. I came across the OpenSSH project a few months ago in my quest for a free SSH implementation on Linux; as the owner of several domain names and, more generally, a citizen and participant in a democratic and capitalist society (US), I'm curious to see the evolution of intellectual property rights in the age of the network.

Despite this standing interest, I found the original article on the OpenSSH domain "squatting" of only mild amusement until the posting of the update when learned that Alex De Joode is the "squatter" and read his reply. I found a name that I've known and respected for several years through my tinkering with crypto. I immediately read through all the threads to flesh out the debate.

Of the many points that have been made in the debate, I want to amplify one: the reputation of a good man has been wrongfully attacked. Those of us familiar with Alex de Joode's efforts on the behalf of crypto and privacy through the years--or those who have taken the initiative to discover it for the first time--and have read his statement cannot believe the accusations--direct and indirect--and judgement made against him. Those who don't know his work and too lazy or busy to learn about his character through a few minutes of research will dismiss him as a opportunistic squatter. I hate to see a good man villianized by ignorance.

I ask that all conscientious people who have benefitted from or simply respect the efforts of Alex de Joode--his USENET postings, his anonymous remailers, his FTP site, etc.--to please reply to this thread. Of course, if you want to maintain your privacy, post as an Anonymous Coward through an anonymizer. Please don't post more than once, and, worse, post nothing at all.

The chicken or the egg? (the letter lies)

[penguinicide]

Then why did they register openssh.com a week before openssh.org was registered? Didn't they want openssh.org? The letter put up here on slashdot is a lie (at least that part).

If you don't believe me check the whois records.

Re:The chicken or the egg? (the letter lies)

[cac0f0ny]

Your right. The openssh.org is registered 10 days after openssh.com. Maybe openssh is just whining because they didn't get all the addresses that they wanted. Looks a little odd to me.

Re:He just does'nt need this domain

[talldark]

Why is it lame - he might want to get some publicity for his encryption work and openssh just werent fast enough to get to the url. If he uses / works with ssh why not register the domain name.

Also - if openssh think he is squatting - pay him money to leave and be done with it :) All for people who were faster than a company to utilize their web names. Make as much money out of them as possible. (money is goooooddddd)

Re:Yawn

[jlb]

Go read his reply, you'll not that he runs a well known and popular cryptography site. In fact, in the advisory they use the phrase "a proponent of open source cryptography who runs his own free crypto portal" in their description of him.

I see this as just a bunch of lame posturing and egos getting in the way. The problem I have with this is the way they describe him on the openssh.org website:
NOTE: If you reached this web site via www.OpenSSH.ORG, please realize that OpenSSH.COM is the correct address, and that OpenSSH.ORG is owned by a domain squatter (Alex de Joode of Zedz.net) who allocated the domain after he saw us first use the name, and probably collects information about those who visit the page before forwarding it to here. Also, please do not mail to us at openssh.ORG, since he also receives that mail. We have repeatedly asked him to please give us the domain, since we feel that we (not he) created this free, new, and great thing for the world to use and we wish to avoid confusion. If you can, please mail him and ask him to reconsider. The members of our developer group have asked as nicely as possible, and it has not gotten us anywhere.

Also, his website is the primary distribution point for rsaref and cfs for openbsd. Yet he is untrustworthy to host a domain that points to the correct site?

Jesus christ OpenBSD people, put your egos down and get a grip.

Re:Mr. Fries explain this.

[jlb]

This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users.

This is an observation. Note particularly that it discusses in the hypothetical mode (note the words "possibly" and "could be") what could be done with such a domain, and as a webadmin, I can assure you that the observation is absolutely true. But note that at no point is any accusation made that this is or ever will be done.

If it's just an innocent observation why is it there in the first place? It's an observation put there to garner a reaction. If there's nothing to back up this simple observation, why put it there in the first place? Or even better! We could include a few more observations:

• It's possible this site is run by a large pink gorilla
  
  
• Puppies are neat.
  
  
• There's a possibility a meteor could crash into the earth.
  
  
• There's a possibility this site is run by the NSA as a way to track down peopel who have an interest in security in privacy so they can be the first executed once all our freedoms are gone.
  
  
• The person who runs this site could very well be a commie sympathizer.
  
  
• Theo could theoretically molest children.
  
  

See how useful all those observations were? Maybe they should include some of them in their next press release.

What I'm trying to say here is that you're doing two things, you're nitpicking and you're playing dumb. It's very obvious why those 'observations' were there and to pretend anything else is just silly.

Re:You mixed up your dates..

[fougasse]

$ whois openssh.com@whois.corenic.net Record created: 1999-10-25 08:44:41 MET by CORE-80

---

3) OpenSSH.COM a further 9 days later (25-11-1999)

---

Doesn't the whois record say 25-10-1999, not 25-11-1999? Which would mean the .com was registered in October, before the .org.

Re:Is it *really* that important?

[Spooky+Possum]

In the security software game paranoia is everything. The problem here is that the obvious place to look for OpenSSH stuff (for people who are guessing) is openssh.org, not openssh.com. There is a good chance that this isn't a problem and that people who are looking will find the correct place, but what happens if openssh.org starts masquerading as the real openssh site and maybe hands out trojaned binaries or source ? Sure this can be done in many other ways, but this is the easiest. This announcement is an attempt to make sure that people know which one is "real" and to try and minimise the possibility of the above scenario happening.

Yeah, it's ridiculously paranoid, but thats the name of the game.

"The Tactic"? That's virtually admitting

[addison]

That you were in fact, trying to lynch him in the court of public opinion.

What "tactic" do you mean, posting the very suggestive comments (and then saying (aka hiding behind semantics) "But we didn't SAY he was doing those horrible things")?

I find it hard to believe that dismay had any part of this, given the story that has emerged.

The OpenSSH/OpenBSD crowd is getting more and more egg on _their_ face, with these attempts to utilize "the slashdot effect" against those who they are displeased with.

If there's more to this story - I, for one, would love to hear it - but I think that the rebuttal by Mr. de Joote sounds very reasonable.

Even more so given this.

Well, now I think you've _really_ gone and done it - you've proven that _you_ are the ones who can't _really_ be trusted.

I think there _should_ have been _much more_ "dismay" before this "tactic" was decided upon.

Addison

Re: Hold Your Opinions (2, Interesting)

[BigGaute]

billg@microsoft.com writes:

Dead or Alive, Mr. de Joot certainly is in the right here. The openssh.org site is not in anyway harming openssh. They're even providing the courtesy of linking to the projects site. OpenSSH should be happy that they're getting that much. They should have registered all of the TLD's, but didn't see it as being necessary, and apparently, they thought the .com was the one they needed the most.

Even the U.S. government has not been able to get around this mistake. There's the infamous whitehouse.com site, which is still active.

If someone came to me and said that I had to give them one of my domains, because they felt they had some right to it I'd laugh in their face. Simply because you're an open source project does not excuse stupidity.

Beyond all this, we're talking about the former Replay.com site here, now zedz.net which has provided for years a good many of us with free crypto systems. They were doing a service years before OpenSSH was even thought of.

I don't use OpenSSH on my machines yet, and I was considering switching, but due to this situation where it appears they're in the running for a Slashdot beanie for "Open source domain bully" I'm going to boycott the product, until they play nice.

Quite right. Personally, I think that this is probably, though I wouldn't know for sure, a result of Theo de Raadt's fairly well-know attitude problem. (Do a deja search on "Theo de Raadt" and RMS some time, or "Theo de Raadt, NetBSD and Core")

OpenSSH dot.....umm....

[Eil]

What, OpenSSH.cc was taken too?

Re:OpenSSH dot.....umm....

[Tyger]

OpenSSH.cc? You mean OpenSSH is out of the Cocos Islands?
Seriously though, the whole marketing of the .cc domain is laughable. They play radio ads on the station I listen to (For those of you who don't know, it's spot.cc)
Their ads state stuff like "When .com was new, domains like business.com went for millions of dollars" and they are touting .cc as being the new .com - I mean, come on, it's just a regional TLD that sold out, not the best thing since sliced .com! But that is another can of worms.
I suppose I should make this on topic... The .cc TLD, despite having recently sold out, is not free from squatters, and many big companies have gotten .cc domains just to protect themselves.. Hmm, I wonder if slashdot.cc is taken.

Very weird...

[SuperG]

Whatever this guy's motives for squatting, they seem to be a trifle weird. Since he's apparently into open crypto, building a mailing list of "security-minded" people could work, I guess.

Hell, he might just be hoping to have a web page with a significant amount of customer through-put of people with interest in security, and then go sell it to anti-online or something. Since the openssh.com people mention they have offered him cash, I can only surmise he's after more than they were prepared to give.

Cheers,
SuperG

Re:Looks like de Joode's trying to make a point.

[bhhenry]

Some bozos also did that to abit.com. Annoying to be misled.

Ugh! (Offtopic)

[blogan]

Why was this moderated as Redundant? Can anyone explain the reasoning behind this? Yes, the guy's post was offtopic, but it was true. Do moderators understand the meaning of Redundant? No one else posted anything about it. This is the reason I would like to be able to meta moderate comments that I choose. The random ones lose their context when taken by themselves. There's no way to know if this was redundant weeks from now, and someone will metamoderate it as "Fair".

Re:A Proper Analysis of OpenSSH's proposed boycott

[D'Archangel]

Good show. You got to most of the dreadfully incisive commentary I was going to make first. This does seem more like an attempt to use /.'s well-known proclivities to evoke pressure against Mr. de Joode.

I want to add my own voice to the din, though, and say quite strongly that I find Mr. Bertrand's position in thie matter untenable at best, quite despicable at worst. And to add to Mr. de Joode has published his his own stance on the subject.

Domains are a first-come/first-served biz. Even if Mr. Bertrand's claim that Mr. de Joode grabbed the .org domain before they registered the .com (which seems flaky in light of the information returned by whois) is factual, he loses out. He does not have some sort of Goddess-granted right to the domain. Next case.

Most public one-n mill...

[devjoe]

And the one who got it wrong was one of those Japanese car makers (forget which), with their car, the Millenia. Guess what it's got thousands of... :-)

Re:Two questions...

[gid-foo]

Well if you check out the openssh.org FAQ the implied answer is that Theo de Raadt is an asshole. Surprise, surprise. Wow what a revelation, I guess he's decided to attack web site owners in addition to trolling the security and linux usenet groups. If I was Mr Joode I wouldn't give two shits to the openBSD team. Since he offered the domain name and all he wanted in return was links to ALL open ssh projects.
For all those two busy to surface: http://www.openssh.org/org-vs-com/

Re:They already have openssh.net

[T-Punkt]

> > > whois openssh.org@whois.networksolutions.com
[...]
> > > Record created on 04-Nov-1999.

> > whois openssh.org
[...]
> > Updated Date: 15-oct-1999

> By the way, there is a distinct difference between created and modified dates, remember that
> next time.

Yes, but please tell me now, how something can be updated before it has been created... :-)

(I'm not associated to Mr. Fries, Mr. de Joode or Mr. Coward (hahaha))

Re:Hold Your Opinions

[MicroBerto]

For that matter, if Mr. de Joot has simply not replied to any emails, it may be that he has passed away

Heh... Mr. de Joot is not dead, I just had lunch with him yesterday.
And although the food wasn't THAT good, i don't think it woulda killed him :)

Mike Roberto
- roberto@apk.net
-- AOL IM: MicroBerto

In the strictest sense

[Arker]

Your point is made, in that there were no *accusations* in the strictest sense (and strict sense is something I favour) - but there was a call for boycott, and some pretty heavy *implications* that don't seem warranted at all. Sit back and put yourself in the dutchman's place for a minute, I think if you were him you would probably be quite offended at the implications, and feel you had been accused.

I think you might have missed something...

[Arker]

Whoever posted that article may have been trying to do what you say, but if you read the comments it doesn't look like many of us are buying it. In fact it seems that the story is backfiring on the poster...

Re:I think you might have missed something...

[Score+Whore]

There's a ton of ACs who read the stupid-dot summary/story and go on to post "that fucker! how could he be squatting that domain! he's going to be raping my children next! why the fuck doesn't he hand of the openssh.org domain to the REAL security experts! the fucker!" Yet it turns out
that Mr. de Joode is a real, honest-to-god security/crypto/privacy advocate with a great deal of knowledge and experience and a long history of service to the community.

I'd be curious to know how long stupid-dot is going to allow this sort of defamation to continue and how long it's going to be until they get their spleen yanked out in a court of law over something like this.

Irresponsible jounalism?

[Djinh]

Is this once again a case of /. posting articles accusing people of Evil Deeds without checking the other side of the story?

Looks like it.

Maybe you should change the subtitle to "News for Nerds. Stuff that matters. Bad journalism."

Oversensitive

[ariux]

Let me get this straight. The Free Software community is smart enough to write good software, but can't critically consider resources on the Internet?

If this guy posts legit information on his site, I'm glad to have it. If he posts trojans, he gets found out, the community spreads the word, and he gets sued for damages. In either case, the domain he uses doesn't change much (since search engines index mostly by content anyway).

If I was looking for information on OpenSSH, I don't anticipate that this guy could put anything on his site that would significantly interfere with my search. Such a search normally passes through search engines, many sites, and a chain of referrals, and all I'd need to see is one debunk along the way.

On the other side, note the import of allowing political disputes between open-software groups to color the reactions of the community. Does it really matter what domain names these orgs have? Heck, they could fork the project and move it to corn-dogs.org and spittle.net and I still get two interesting and potentially suitable programs instead of one, and neither difficult to find (the magic of the Internet!).

I'd much rather everyone be able to post whatever they want wherever they can, and let the community sort it out, than object to minutiae like this.

Re:damn squatters

[AlexA]

Actually, www.hotgrits.com already exists. It's some music related web site (Southern Rock Entertainment).

Re:Cybersquatting makes me sick

[dingbat_hp]

Well, we've already got a penguin as a mascot -- how about Antarctica ?

Passive capture is as bad

[dingbat_hp]

So what ? I think the warning about collecting IP numbers is a very real worry. If I were a bvendor of asnake-oil crypto, I'd love to have the browser IPs of a list of people who wandered past the false OpenSSH site. Expect incoming junkmail !

Re:Hypocritical Linux Community (including /.ers)

[dingbat_hp]

How can any one person "own" a .org ?

As a sole trader, I might legitimately call myself "Fred's PCs" as a trading name, but how can any one person claim to be the moral representative of an organisation that he's deliberately opposing ?

FreeSSH

[D.A.Alderud]

This guy registered OpenSSH before OpenSSH was announced.
He has since registed freessh.org instead, he did that on the 15th of October.
This guy is realy working for the community providing services to find free crypto tools.

This guy has clearly no evil intent.
I'm a OpenBSD and OpenSSH user my self, this guy lets people know that there are more free, or open if you like, SSH tools out there.

Re:They already have openssh.net

[jhagler]

Gee, could this anonymous coward be Mr. Fries or one of his associates?

By the way, there is a distinct difference between created and modified dates, remember that next time.

Squatting...

[IshamaelNT]

I don't know about anyone else, but i don't have a huge problem with this case. If the site is a legitamate site with crypto information i don't see any reason why he should HAVE to give it up. By all means, i think that he should sell the domain for registration fees, but by no means should he be forced to give it up. As the site is now (it's simply 2 links, one to FreeSSH and one to OpenSSH. To me, that's simply a waste. If he wants to make a site on cryptography, take openSSH.com in place of openSSH.org, or better yet, just drop the whole thing because there isn't even a semblence of a page up there now. That's just my opinion, I may be wrong.
------------------------------------------------ ------

Re:Domain Name Squatting

[chris13]

Hehehe. You make it sound like people would want to go to that site in the first place. What for? To run into a few links? There's no reason for either advocating or boycotting the site. Quite pointless.

Still, I think Mr. de Joode is being quite silly as well in retaining the domain. It's not doing him any good, nor any one else in its current form.

Top level domains

[Cupis]

As they are in the UK, they should use whitehouse.co.uk, not .com

--
Paul Cupis

Re:a slight bit of interest

[onet]

Perhaps you can look him up and give him a call.
But please, *do* pick the _right_ name from the list! ;-)

The dutch phone directory: http://www.telefoongids.ptt-telecom.nl/

"Naam" = Name, "Plaats" = City, "evt. straat" = Street (can be left open!).

***THE REAL DANGER***

[jmd!]

While I personally believe this is more of a personal dispute between the OBSD folk and the .org guy, the "real danger" that the .org domain could pose wasn't even mentioned. The guy who owns openssh.org could put up a page similar to openssh.com's, and distribute the software, with a backdoor. I've downloaded openssh to quite a few hosts recently, and I always assumed the domain was .org, which I went to, and which previously redirected me to .com (though i never noticed till /. posted this article)...Had it simple shown me and fake OpenSSH page, with a backdoored version, well, all my servers would be rooted by now.

The mere fake de Raadt didn't mention this makes me think all the more that it is a personal dispute, as he hasen't even thought the issue though.

Doesn't appear to be any clandestine HTML

[CunningPike]

... but that could always change.

This sort of thing is bad

| What? you were expecting

Weirdness at 3 O'clock

[CunningPike]

That isn't the HTML I saw. I do get that HTML from http://alpha.terena.nl/ (a.k.a http://www2.terena.nl/)

Are you sitting behind an enforced HTML proxy?

| What? you were expecting

zedz.org is available!

[perigeeV]

Openssh.com could grab it and arrange for an exchange of hostages.

Re:Do you know what the "net" TLD is meant for?

[_Swank]

BTW you ever try going to www.slashdot.com? no? hmmm...

Re:They already have openssh.net

[Tarquin]

Now if Alex had this domain for months or years, he should have the right to keep, but 10 days, give me a break.

I'm sorry, but this has to be the dumbest I've ever heard (even on Slashdot!!). He shouldn't be allowed to keep his domain name because only picked it up a couple of days before someone else who would've wanted to use it if he hadn't gotten there first? Has your entire brain gone on vacation? Aside from the fact that it's a dumb argument in general, how are you ever going to prove a) the name was taken so someone else wouldn't get it, and/or b) that someone else wanted it?
"Well, Your Honour, he stole the name I wanted. He just happened to register it first, but I really wanted to! Honest!!"
Cripes Kate. So not only is it a completely redundant(x5) post, it ends with a Moron Moment (tm). Yeesh... </RANT>

--

Re:Looks like de Joode's trying to make a point.

[Tarquin]

I don't quite understand why folks are so steamed about him keeping the domain that he registered, just because it would be nice to give it to someone else. That's like expecting me to give my winning lottery ticket to the guy in line behind me because he wanted to win, too. I mean, sure it's a great gesture (not jester... ), but it's certainly not necessary, or even to be expected.

--

Alex de Joode's reply

[aunitt]

Alex de Joode has posted a well reasoned reply.
It's a good read.

So what?

[Bandazaar]

Hey, aren't we supposed to propagate freedom? So why start FUDing this guy? There is no good evidence that he took the name to make money, and, hey, even if he did, it is his good right. First in, first served. Or how would you like it if, let's say you were the owner of www.theBestOS.com and a well-known/hated company would start a foulmouthed campaign insisting THEY should be granted the name because they are SOOOO much more connected to that name. Check out the post #88 http://slashdot.org/comments.pl?sid=00/03/06/20362 42&cid=88 to see that they could have gotten their org if they wanted to. This campaign is inappropriate for people propagating freedom.

My bad... Re:Data mining? Looks fishy...

[Tyger]

I forgot to account for virtual domains.. This is likely just the default page from their ISP for if it can't figure out the domain you want.

Re:Is this reallly squatting?

[Tyger]

Boycotting may be the kneejerk /. reaction, but.. Doesn't it seem kind of pointless to boycott something that isn't really there to be boycotted?

On one hand, I can see that this is a little quick to do a boycott, and there is no reason.. But I also don't see much point in turning around and decrying people that want to boycott. Lets try and analyze the two sides of this logically:

Situation A: We assume openssh.org is evil
Reaction: openssh.org should be boycotted
End result: openssh.org ignores you too. Seeing as how it isn't getting anything out of you visiting and you aren't getting anything out of visiting, theres nothing lost.

Situation B: We assume openssh.org is just another domain that happened to be there first
Reaction: No reason to boycott
End result: Since there is really no reason to go there, I still don't visit. Seeing as how it isn't getting anything out of you visiting and you aren't getting anything out of visiting, there is nothing lost.

Is it just me, or do these two situations look rather... Err.. identical in the outcome? For Amazon or Sony I can see a boycott/don't boycott argument... But for a 2 link webpage that has no useful content on it's own? Besides, boycotting will not help the cause much. If someone stumbles across it, they probably wouldn't be boycotting it because then they would know it was useless to go there anyway and would know better.

He did the right thing(tm)!

[v1z]

"when news of the openssh-project was first leaked" -- in ohter words: Nobody was expected to know there WAS an openssh-project, the guy wanted to provide information about free ssh-implementations -FOR NON-PROFIT- and registers openssh.org. He did the RIGHT THING (tm)

Big deal. Now he links to plenty of (more or less) open ssh implementations, and anyone that visits www.openssh.org can easily find a link to www.openssh.com. Who says they are more official open than him?

Come on, why don't we get an interview with the ".org" man and the ".com" guys here on /. (or geeks in space ?) - Let them discuss it ?

On a side note, maybe the free-software community should offer to buy www.open.org and use it as a central link point to every major open/gnu/free/bsd project?

Re:They already have openssh.net

[dsb3]

Anyway, what's the big deal? Even Network Solution suggests that you get all three dot com, dot net and dot org to "protect" your company. Perhaps this is because they make a bunch of money off each one and not for any other reason?

Re:domain names

[aozilla]

I agree with your point completely. I'm not against unlimited TLDs (although at that point you might as well just go ahead and allow spaces and strange characters and call them keywords). But my argument is not that we should have *more* TLDs, it's that we should have *unlimited* TLDs, and that end-users should be able to obtain them. It may be a subtle distinction, but it's a very important one IMHO. 100 TLDs would be rediculous, especially because of the precedent that .com has set. (Is amazon amazon.com, or amazon.store?) Besides the fact that a hierarchical database (DNS) needs significant aliasing in order to make sense, and the fee structure of DNS does not support that.

domain names

[aozilla]

This is just another argument *against* the introduction of more top level domains. 3 major TLDs is already too many so you don't know where a site really is unless you do a search, or try all three. And any serious site winds up buying all three anyway. Just more $$$ into the hands of network solutions (and hopefully one of their competitors). And quite possibly more $$$ into the hands of lawyers and domain squatters.

Waste of domains

[SuperDuG]

I hate this where domains are registered in hopes that they'll sell for big money some day. There's people who pride themselves on stealing these domains. Or mistype domains like www.slasdit.org that take you to some kind of nudie site. Now I see why this would be profitable, but how can it not be a trademark viloation?

A possible way to solve this dispute

[corbosman]

Maybe a way to solve this dispute is to ask the OpenBSD OpenSSH people to promise to maintain a list of links to other free SSH projects. (sortof like Alex is doing now). Someplace not too hidden away on their site. Maybe Alex is willing to give up the domain then, if thats all he wants. Surely not too big a thing to ask of the OpenBSD people. Anyone of the OpenBSD/OpenSSH want to comment on this? Cor

Re:A possible way to solve this dispute

[Score+Whore]

This is probably going to be taken the wrong way, but if Mr. de Joote's comments are accurate, then you should probably just not let Theo talk to people. Keep him coding and out of the communications chain. His history seems to be quite colored regarding situations like these.

Oh! No! Mr. Bill!

[flatrabbit]

Oh No!
You have got to be kidding me. Could you be a little more angry, PLEASE!
Your blood pressure is way off the charts. Go take a walk. Slashdot is used to give information, Not to mandate who is right and who is wrong, thats is for the individual to decide for him(or her)self. /. is a tool that we the community use to gather INFORMED decisions.
So sorry that you feel that one article/letter is so offensive that you must discontinue your use of this wonderful tool, But alas too little, too late

Re:Abuse of the namespace...

[Refrag]

AT&T WorldNet uses the .net top-level domain for their Website as well as e-mail. I believe BellSouth does the same. .net gets you to their ISP homepage & .com gets you to their main homepage.

Cybersquatting makes me sick

[zaius]

I guess I don't know for sure if this is cyber squatting or not, but it sure sounds like it. This, plus the etoy case, and then M$ and all those other disputes just really hack me off.

There was a story on /. a few weeks ago about the nice people at the .cx TLD giving free domains to open source projects. Maybe the OpenSSH developers, as well as the developers of other open source projects should take them up on it.

If open source does not take advantage of the .cx TLD, or if they withdraw their offer, I really would like to see an open source TLD, specifically for open source projects and such. Perhaps .os?

Re:Cybersquatting makes me sick

[zaius]

OpenSource Land?

Domain Name Squatting

[Markar]

Seems to me if a person purchases a domain name and holds it for the purpose of making a future profit, that is cyber squating. This guy is actually using the name.

If OpenSSH still wants to use a .org domain, then how about TheOpenSSH.org, or RealOpenSSH.org, there was bound to be confusion between the .org and .com names anyway. Perhaps each site could have a prominent hyperlink to the others site for those that have gotten to the wrong site unintentionally. Instead of going to war, try to coexist!

Re:That's lame.

[AntiNorm]

but many times the squatters use the domain ownership as a means of getting false hits for their banners or what-not.. which is very very lame.

What's worse is that many of these squatters run porn sites. Not necessarily a huge problem for your average 20-years-old-or-so web surfer, but when an elementary school student goes to whitehouse.com expecting to find one thing, but finding...ummm, another thing, that's when you have a problem. It's almost as if they're trying to take advantage of the fact that someone who is new to the internet might not know that URL != content. Taking advantage of kids like that is inexcusable.

=================================

Re:Yawn

[Tetsujin28]

Harsh? Harsh?! WTF?!? The OpenSSH people have done, what? They've issued an advisory that essentially says, "Hey, it ain't us, so if you want to see or talk to us, don't visit or send email there!" In what way is this harsh?

If that is what the advisory said, I'd agree with you. But that's not what it says. Instead, the advisory says don't send mail or visit there at all, because something evil might be afoot:

The OpenSSH.ORG Web site currently is a blank page with a link to the official site. Please do not visit the .ORG site, nor send e-mail to anybody at the .ORG address. This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution.

What does .org really mean?

[balbuzaro]

I found this comment in a link from the ICANN site. It is a memorandum from Dr. Postel of the IANA.

ORG - This domain is intended as the miscellaneous TLD for organizations that didn't fit anywhere else. Some non-government organizations may fit here.

It seems that .org indicating a non-profit site is slightly inaccurate perception that has developed. One that loses relevance if browsers can perform searches from the URL Address.

It's making me sick

[smiley_all_the_way]

This whole domain bs is making me sick. I don't believe in rules and regs much but there needs to be some regulation for this domain registration BS. So where's the point in some corporation registering all domains that contain their trademark(s)? As if trademarks are the only legit use of certain words. So if some company trademarks my first name I can no longer use it???? As a matter of fact my first name is a trademark. Can I sue because my parents named me before that company was founded???? Or can I no longer use my name in public without adding this stupid circled R???? And on the same token where's the decency in registering a domain name without any reason but to charge some legit user an outrageous fee. Thsi is a crime for all I am concerned and should carry a stiff penalty. I can only say check out how the Canadian registrar works. It ain't perfect but it's darn well the next best thing! I love it! Yours truly....

Re:He just does'nt need this domain

Y'know, this isn't the first time there have been ugly political battles fought by the guy in charge of OpenBSD, with ambiguous morality involved on both sides of the issue. That's how OpenBSD became its own entity to begin with.

On the one hand, that event seemed to stem from some not so great communications that weren't entirely the fault of either party. On the other hand, the OpenBSD parties went out of their way to be spiteful and power grasping once the situation got out of hand. If the situation was really different, they were unable to convince the outsider through the information they were allowed to disclose. That whole event _seemed_ like a fit of spite in revenge for not getting access to a source tree, whatever the real reasons were they were not communicated well.

Now a similar situation comes up. The OpenBSD folks may or may not have been wronged, but the only information I can see points to the OpenBSD side being spiteful and mistrustful. It's more a matter of communiation style than the content of what was said and done. If the OpenBSD folks want me to sympathize over this domain name issue they'll have to communicate in a different style, because this one has failed to convince twice in a row.

I say this as a very strong admirer of OpenBSD project and its work, people with less admiration for the project are likely to see the situation in an even more negative light.

Go ahead, I know I'll be "troll-branded" for this. Not as if I post often anyway.

OpenSSH group isn't helping

The OpenSSH group is just helping people think that domains are more important than they actually are, thereby motivating squatters further.

OpenSSH is an open source project. They aren't making any money off it. Just put everything at www.openbsd.org/openssh

People want to install OpenSSH. They will find it no matter what domain its under.

Re:Two questions...

One: why not openssh.net? I think it suits the project better than openssh.com or openssh.org anyway, given the nature of the project.

Not unless they've suddenly become an ISP.

Two: Why won't this guy just let them use the domain name? He's not using it for anything. This isn't a typical squatting case either, because he's not even trying to sell them the name. Though frankly, that frightens me even more; what could he want with the name, if he doesn't intend to sell it or to use it for a legitimate site?

Funny, I could have sworn this exact concern was raised in the article.

Perfect way to settle domain name disputes...

I don't know what the old version looked like, but the current web page is the perfect way to settle any and all domain name disputes: Simply create a replacement for the 404 page that points to all the other domain names. Hell, you can even do similar things for email, ftp, telnet, etc. If openSSH has any complaints to make about this web page, I say they totally deserve to be a .com 'cause they're already acting like one.

Re:Two questions...

[whoop]

Two: Why won't this guy just let them use the domain name? He's not using it for anything.

Whoa, whoa, whoa. Who's position is it to decide what a site contains? As a new domain holder, I take great offense to this. If he were just begging $10,000US for the domain, it had just porn banners, I could see a case being made. But he isn't doing these. He is providing a list of free SSH programs. People here bitch about government "intruding" on the Internet with taxes, filters and the like. I will have much more fear if these decisions are made by bands of hooligans who are just unhappy. The OpenSSH group had a good ten days to register the .org (see whois listings for both), they didn't. They only registered openssh.com. Now is not the time to come back whining because they failed to do it.

But what's your point?

[jbrw]

Even if this isn't the case, there will be web log files which could be used for data mining.

How about openssh.com - someone wanna prove to me they've turned logging on their httpd off so that they aren't collecting log files that could be used for data mining?

WTF is your point?

...j

Re:But what's your point?

[Nathaniel]

While reviewing my recent points I noticed your questions. I don't know that you'll ever see the responses, but here goes...

"WTF is your point?"

My point was that the cutoinary stance of the original message wasn't so out of line, and that the post I was responding to was potentially incorrect to state their were no scripts.

I didn't mean to imply that they nessecarily were collecting information, or that any other site wasn't doing so.

My point was just that the original statement which I was critiquing went to far. I was attempting to help that posts author understand that the claim "Certainly looks harmless enough to me." might be misguided.

Strange

[Indomitus]

It strikes me as somewhat strange that are very few posts on this thread talking about the update to the story, which was submitted many hours ago. A flood of posts came right after the story was posted, some doing the usual juvenile 'I know nothing about this case but I hate this squatter anyway' thing and some actually advocating waiting until the whole story was out. Now it seems that the whole story is out and nobody wants to talk about it. Is Theo de Raat such a beloved figure that nobody wants to recognize that he seems to have acted like an ass in this matter? Of course I have little information besides Theo's letter and the response but it seems like an apology is in order from both Theo and the Slashdot crew. I hate to think that /. will become a place that posts anything by an Open Source advocate even when it turns out to be a personal vendetta or something else of that sort.

Of course I hope that this post will not be moderated down but my karma can take it and I had to say something so if you feel the need to mark me down, feel free, just please don't do it because I said Slashdot isn't perfect or that Theo might be human.

Re:Abuse of the namespace...

[phil+reed]

es, and I've only seen one ISP (UUNet) which actually uses that as their primary address.

Sprint's Internet backbone is called sprintlink, and their address is sprintlink.net. And in Toledo, we have glasscity.net, and in Ann Arbor, ic.net and voyager.net.


...phil

Re:a slight bit of interest

[pb]

Yeah, and through "Network Solutions", too. Man, they're pure evil. Of course, the other "real" site is entertaining too.

Note that, to my knowledge, OpenSSH and OpenBSD both have nothing to do with "The Open Group", and that group has nothing to do with actually being open... Go figure.

[whois.corenic.net]
Registrant Todd T. Fries (template COCO-21730)
OpenBSD, the REAL open group
1523 North Pierson Apt F
W. Peoria, IL 61604 USA

Domain Name: openssh.com
Status: production

Admin Contact, Technical Contact, Zone Contact:
Todd Fries (COCO-21731) todd@fries.net
+3096739259

CORE Registrar: CORE-80

Record created: 1999-10-25 08:44:41 MET by CORE-80

Domain servers in listed order:

zeus.theos.com 199.185.137.1
cvs.openbsd.org 199.185.137.3
ns0.fries.net 209.251.96.130

Database last updated on 2000-03-07 03:55:07 MET

To optimize query speed and answer correctness see the
--help option. Depending on your whois client use
whois -h whois.corenic.net HELP
or
whois HELP@whois.corenic.net

---
pb Reply or e-mail; don't vaguely moderate.

Re:AltaVista.com wasn't squatting

[pb]

I know. It was around before we knew what squatting was. I quote myself:

Okay, so openssh.org got taken. This happened to altavista, and countless other "big names" on the web. Some guy registers "your" name before you do, so you settle for another one.

Did I say squatting? I don't think so. Without following your link, I believe my description that someone took "their" name, i.e. the name that they wanted to use and thought was rightfully theirs because they were so attached to it, was correct. This doesn't take the intent of the original domain registrant into consideration.

And "squatting" is when you're using land that rightfully belongs to someone else. I don't know if this is that good an analogy in the first place, because domain names don't "belong" to anyone until they get registered. You can't squat on land that no one owns, and you definitely can't squat on land that you yourself own!

The only thing that's evil is when someone wastes a whole domain for something stupid, when it could go to something useful. That might be the case here, but let's wait and see first.

The OpenBSD community is known for their flamewars and bad feelings on both sides of the fence: that's how it was founded. This might be another one of those stupid pissing contests. And if someone flames me for saying so, I'll consider it further proof. :)
---
pb Reply or e-mail; don't vaguely moderate.

that's not a change

[mattdm]

that's how it has been!

--

.net

[mattdm]

.net wasn't for the company-related systems -- it was for the infrastructure stuff. So the web page of a backbone company would be .com -- but their routers would be .net.

Theoretically, of course.

--

Re:Hold Your Opinions

[osu-neko]

Why do we trust that they haven't inserted bogus code in the OpenSSH source? When is the last time you looked at the code, and compiled it yourself, rather than downloading the precompiled packages?

Open Source doesn't require everyone to look at the source in order to prevent that, it just requires that enough people do it so that the word gets out of there is something like that going on. What are the odds that no one has looked at the OpenSSH source? Let 99% of the people download and install precompiled packages if they want. This doesn't hurt reliability or security in the slightest. Preventing the other 1% from seeing the source is what hurts.

In short, the principle is "many eyeballs", not "every eyeball".

--

Re:That is one reason to use Google

[stripes]

Even if I think I can guess the address Google is going to list the real site first. After all I would not want to wind up somewhere like www.whitehouse.com by accident.

Since you have added a link to whitehouse.com from a highly rated site (slashdot) you are slowly making google think you want the wrong answer here...

Incidentally (slightly OT) speaking of people tracking what you are doing and all that, what is the scoop with @HOME's proxy servers? The only reason that I can see for them wanting you to use their proxy server is to track users. And boy do they go out of the way to force people to use their proxy server!

They might want the proxy to track users, but only as a very secondary reason. The real reason is @Home has limited bandwidth to "real" national backbone ISPs, and using a local cache will help conserve that expensave (to them) resource. If they put caches close enough to the users it also reduces the load on whatever backbone they have built themselves.

AltaVista.com wasn't squatting

[N8F8]

The company that regiestered it was named AltaVista. It was poor judgment on Digital's part not to name it something with a name already in use and a domain previously registered. Though the company that did own AltaVista.com later capitalized I'm sure they also encountered way more traffic than they were planning for on their website.

Altavista Domain Story

He just does'nt need this domain

[Nicolas+MONNET]

He does'nt need this domain. He just registered it after OpenSSH was released. It's just lame.

Re:He just does'nt need this domain

[Nicolas+MONNET]

Indeed. I read the correction and felt defrauded. I trusted the OpenBSD guys bc I knew they were doing a great work ... now this is just plain lame. Damn. I have to apologize for what I said earlier.

Re:He just does'nt need this domain

[Cramer]

Without access to NSI's whois archive (to see the records for the original registration), I don't know when openssh.org was originally registered. HOWEVER, the existing records show creation of OPENSSH2-DOM on Nov 4, 1999. Openssh.com was created on Oct 25, 1999. So, who got where when?

As was stated on openssh.org's page, he offered to give them the domain -- he didn't say if that meant a domain transfer or just giving openbsd access to the records (I'll assume a transfer.) This then comes down to, "here, you can have this domain name." "No thanks, we don't trust you." "Fine, I'll keep my domain."

I will submit, 'OpenSSH' isn't really "open" if it's only for OpenBSD... maybe 'ssh.OpenBSD.org' is a better idea.

[It will never cease to amaze me how people can find the most worthless things to bitch about.]

Re:Do you know what the "net" TLD is meant for?

[Yakko]

I remember coming to the internet about 7yr ago and reading FAQs and such... then it came time for me to apply my wisdom... Boy, was I mistaken that guidelines would be heeded.

I wonder if NSI's "reserve ALL TLDs with your name on them!" marketing could have just a little to do with the squatting thing, or the inappropriateness of others' domain names (ie, a for-profit .org) ... It's a wonder that the .edu space is still straight.

(heh... I recently got marketing from NSI telling me I should "register .NET and .ORG versions of your domain" too...)

--

That is one reason to use Google

[tilly]

Even if I think I can guess the address Google is going to list the real site first. After all I would not want to wind up somewhere like www.whitehouse.com by accident.

Of course that means that I have to trust Google...

Incidentally (slightly OT) speaking of people tracking what you are doing and all that, what is the scoop with @HOME's proxy servers? The only reason that I can see for them wanting you to use their proxy server is to track users. And boy do they go out of the way to force people to use their proxy server!

Cheers,
Ben

Re:That is one reason to use Google

[Sethb]

What do they do to persuade you to use their proxy servers? I don't use them here, after the clueless cable guy left I removed the Proxy settings from my browsers, and all works fine, been that way for 6 months.

Then again, my @Home may be non-standard, a friend of mine downloaded a whole CD from me last week, and said "You must not have AT&T @Home" and I told him that I did. He was amazed because I don't have an "upload cap" which apparently others do, he was getting a steady 60K/second FTP'ing from an old CD-ROM drive on a P5-120 in my basement.

If it helps, I'm in Waterloo, Iowa and I'm on the 24.6.200.* subnet.

Does anyone know anymore about this? I've often wondered if I'm on a "main" subnet or something, since the DNS servers are 24.6.200.15 and 24.6.200.17, it just seems strange that they'd have 2 DNS servers for every subnet.
---

Alex isn't a squatter

[leto]

I was asked by Niels Provos (OpenBSD/OpenSSH) to talk to Alex de Joode about this issue back in november, because I seemed to have some neutral position in this and just happened to know both
sides personally.

As far as I understood the issue, Alex was concerned that the OpenBSD people would make OpenSSH too focused on OpenBSD. Apparently talking with Theo de Raadt didn't help any. In an email to me he offered them DNS references from www/ftp/cvs
.openssh.org to any host(s) that Niels would supply, but he wanted to keep control of the domainname just incase it indeed would get focused on just OpenBSD. I conveyed that message to Niels, but don't know why this issue never got properly resolved. But I know the silly namecalling and the pointer at the .com side pointing out Alex is a squatter shows a lot of unprofessionalism from the OpenBSD people.

Paul Wouters

Re:Alex isn't a squatter

[leto]

You'll have to ask Alex, but even to me the distinction between openssh and openbsd is already quite unclear and it does seem to be overly focused on openbsd. This isn't domain parking, it
is using a common logical domainname to offer information. Alex wants the name to indicate free ssh implementations, and not just one single group developing one single implementation. You can then argue who should have the name but that is pointles, because the first-come first-server principle holds true in that case.

As for who thought of the name and who leaked out what, I have no clue nor interest.

Paul

Re:Alex isn't a squatter

[PigleT]

If he's interested in it not being too Open-BSD instead of OpenSSH, why doesn't he give it up to those who /do/ deserve it, on request?

Domain-parking is evil. As are pathetic domain-registration "companies" such as easyspace whose MDs phone you at 2103 on a saturday to swear their heads off.

Thank you.

[Venomous+Louse]

I like that one.

Whois the two YOURSELF!

[fries]

I have a log file from a chat sesssion starting
'10/24/99 5:27am' and ending '10/28/99 6:18pm'.
Within this chat session I pasted the following:

<fries> Whois Search Results
<fries> Search again:
<fries> Whois Server Version 1.1
<fries> Domain Name: OPENSSH.ORG
<fries> Registrar: NETWORK SOLUTIONS, INC.
<fries> Whois Server: rs.internic.net
<fries> Referral URL: www.networksolutions.com
<fries> Name Server: NS2.KYARITSU.COM
<fries> Name Server: NS1.KYARITSU.COM

So I know it was prior. I think you should use the same whois server when doing your query. Otherwise you're comparing apples to oranges. Try using whois.internic.net and you'll see that this
person registered the domain 9 days before I registered OpenSSH.com ...

Domain Name: OPENSSH.COM
Registrar: CORE INTERNET COUNCIL OF REGISTRARS
Whois Server: whois.corenic.net
Referral URL: www.corenic.net
Name Server: CVS.OPENBSD.ORG
Name Server: NS0.FRIES.NET
Name Server: ZEUS.THEOS.COM
Updated Date: 25-oct-1999

Domain Name: OPENSSH.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS2.KYARITSU.COM
Name Server: NS1.KYARITSU.COM
Updated Date: 15-oct-1999

Please get your facts straight before suggesting
that I fell asleep and that I don't know what I'm doing when I determined that the OpenSSH.org domain was registered back in October when I attempted to register it and the domain registrars told me so..

BTW, just because the person who contributed
the registration money is in Peoria, IL, that does
not by any means suggest the project iself is
located here.

Re:Looks like de Joode's trying to make a point.

[Shoeboy]

Did a little research: (whois)

OpenSSH.com:
Record created: 1999-10-25 08:44:41

OpenSSH.org
Record created: 04-Nov-1999.

Hmm...

So how did he squat the domain and force them to register openssh.com 9 days after they registered openssh.com?

If there's a reason not to trust the whois record dates, I'll accept that as a refutation.

--Shoeboy

Re:Looks like de Joode's trying to make a point.

[Shoeboy]

Ah yes, but look at it this way. Say I have a project called freessh and I want to increase traffic. I know that people looking for an open source ssh program are (assuming they're too stupid to use a search engine) most likely to type openssh.org or freessh.org or gnussh.org. So for 15 bucks I go register openssh.org. That's legit right?
Now the openSSH groups argument rests on the claim that he registered it after learning of the existence of the openssh team. This info was apparently "leaked" rather than released. So it may be that Mr. de Joode had never even heard of the openssh project. Until we hear from Mr. de Joode, our only source of info is a group that has attempted to play to the paranoids in the audience with a load of security/privacy FUD.
--Shoeboy

Re:Abuse of the namespace...

[Lumpish+Scholar]

>>"net" was traditionally intended for use by network service providers.

>Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the .net TLD, but it's nothing more than a redirect to the .com address, which is by your definition another "ridiculous misuse of the namespace."

Yet Another example: att.com is AT&T, the company (and user@att.com is an employee); att.net is AT&T WorldNet Services and other ISP stuff (and user@att.net is a customer).

no link!

[Pope]

NO! Don't provide free links to the site in question because he's probably using Open Source software and the Slashdot effect won't work!!! ;)

Pope

InterNIC servers have the wrong dates?

[Tim+Pierce]

It's not entirely clear to me exactly what's going on, apart from the fact that the InterNIC servers can't even seem to agree with each other about when the domain was created:

$ whois -h whois.networksolutions.com openssh.org

Registrant:
Open SSH Project (OPENSSH2-DOM)
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL

Domain Name: OPENSSH.ORG
...
Record created on 04-Nov-1999.

$ whois -h whois.internic.net openssh.org

Domain Name: OPENSSH.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS2.KYARITSU.COM
Name Server: NS1.KYARITSU.COM
Updated Date: 15-oct-1999

I give up.

From the OpenSSH.org website:

[JabberWokky]

http://slashdot.org/article.pl?sid=00/03/06/203624 2
http://www.deadly.org/article.php3?sid=20000306151 402
http://www.deadly.org/article.php3?sid=20000306030 924
http://www.deadly.org/article.php3?sid=20000306023 532


Who are you ?
.: I'm Alex de Joode, I operate the ZedZ ftp site which is propably the largest cryptography oriented ftp site in the world. I also ran an anonymous remailer for 4.5 years and currently host an anonymous remailer and operate an mail2news gateway so people can post anonymously to usenet. I'm in the process of setting up a new remailer.

Who are "they" ?
.: "They" are the OpenBSD core team represented by Theo de Raadt.

What's this document about ?
.: I received a lot of request to tell my side of the story, since it's impossible to reply to all people in detail, I decided to setup this page to answer the most common questions.

Why did you register openssh.org ?
.: The company I work part-time for allowed me to investigate the kickstart of a open/free ssh server client combo that was compatible with ssh1 and could run on Linux/Solaris.

The project title was, guess what ... 'openssh' ...

I learned from LWN that there was an other group working on an openssh version so I contacted Theo de Raadt and asked if he was interested in developing a port for Linux/Solaris. He told me that they were only interested in developing a version for OpenBSD.

I registered openssh.org and was trying to find someone to do the porting. Unrelated to my activities Damien Miller started a succesful porting effort for Linux/Solaris, so there was no necessety for my search to continue.

Why didn't you give away openssh.org to openbsd ?
.: Actually I tried. I mailed Theo de Raadt and told him I was willing to give control of the opensh.org to them provided they added links to other open/free ssh projects on 'their openssh.org' page.

Then why do you still have openssh.org?
.: Theo de Raadt first agreed and suggested I register http://www.freessh.org, which I promptly did, but later he canceled the deal telling me:
"We're not going to get ripped off by someone we don't trust".

What happend then (part 1) ?
.: Theo sent me some nasty emails and I didn't hear from him again untill the 1st of March. I offered other openssh developers the use of www,cvs,ftp and mail, but they declined. As a service to the community I rewrote the openssh.org URL to openssh.com so people would be transfered to that domain automaticly.

What happend then (part 2) ?
.: Theo sent me an email demanding I remove the mx records for openssh.org. Theo must have known this demand was impossible since rfc822 requires that postmaster@domain is a valid email address. Without mx this is not the case, and I would violate this requirement.

We exchanged some email about/with the word please and we summarized the November email exchange.

And then ?
.: Theo sent me a message telling me he would post a banner on openssh.com to warn people, he would post a message to BUGTRAQ and there would be story on slashdot.org. Handing over the domain would stop that.

So what did you do ?
.: Nothing, I was surprised someone was trying to coerce me.

Did other people contact you ?
.: I received a sudden influx of messages most cc'ed to openssh@openssh.com requesting me to hand over openssh.org, some seemed to believe I was reading their mail, while others were angry they couldn't receive mail @openssh.org. Since I offered the use of www,cvs,ftp and mail to the openssh developers this strikes me as strange.

How is mail for openssh.org setup than ?
.: It's a virtual host that only accepts mail for postmaster@openssh.org, root@openssh.org, webmaster@openssh.org, all other mail will bounce. Since the mx points to the same host that used to run the remailer@replay.com, and still runs the remailer@hr13.zedz.net, sendmail is setup with 'LOGLEVEL=0', so not only do I not receive bounced mails, I don't even get a logfile of people who tried to send mail.

What do you think of the OpenBSD Announcement ?
.: They recommend caution since "there could be privacy issues, possibly data mining or building a mailing list of security conscious users". I feel this was sent 'in the spur of the moment'. If I wanted a to build a mailinglist of security conscious users or was dataming, the only thing I would have to do is mail all the users of the ZedZ ftp-site. As for the privacy issues, I've provided and still provide ways to anonymously access the Internet. But you decide.

Why do I suddenly get a seperate page at openssh.org ?
.: Damien Miller laid out his concerns about the seamless redirect from the openssh.org URL to the openbsd.com URL and requested me to remove the rewrite and to setup a seperate page. Which I did.

What happens next ?
.: I'm disappointed in the behaviour of one or two people but since my main goal is and always will be the spread of encryption products and the use of those products by end users, hence the building of the ZedZ ftp site, I'm willing to 'get over' that.

In order to facilitate the community I suggest to the OpenSSH/OpenBSD group that they supply me with a zone file and a secondary for openssh.org. I will instruct the primary DNS to fetch the zone file from the OpenSSH controlled secondary. It's up to the OpenSSH/OpenBSD group to configure the layout of the domain. If at a later stage 'the wounds' are healed and a mutual understanding, maybe even a mutual appreciation has been reached it's not impossible that the domain will be donated to the OpenSSH Project.

Since OpenBSD already uses ftp.zedz.net as primary ftp site for rsaref and cfs for instance (under it's old name utopia.hacktic.nl) this seems a reasonable and acceptable compromise to me.

Other whishes ?
.: A public apology from Theo would be nice. Also the OpenSSH.com site is very OpenBSD centric a change that would level the exposure of other OS's would be welcomed, but it's up to their webteam to decide.

Other things ?
.: Not at the moment.

How can I contact you ?
.: Just mail me at adejoode@zedz.net

Exit! Stage Left!

The real problems with domains.

[mindstrm]

The original DNS wasn't designed to do what it is now, not in the manner it's being used. And the TLDs that were picked had good meaning. See, they didn't think of it as all thse businesses existing SOLELY on the web.. it was just a simple way for you to put your real-life network, that augmented a business or whatever, online. If you were a company, you could have ford.com. NOT so you could 'put up a website', but to define computers within ford, for whatever reason. ONE domain for ford. It wasn't a rule, but it was kind of assumed. That's why it's heirarchial! Nowadays, things are different.. domains are used as a primary lookup service for products. Companies see fit to register zillions of domains. I always though it was silly.. but we don't really give them another option, and we allow it to happen.

At least..

[Tarnar]

The openssh.org website isn't some Evil page that forwards you to a dozen porn sites.

It's squatting, but not malicious squatting.

Alex de Joode == usura of replay (zedz.net)

[wfberg]

For those not in the know, Alex de Joode is also known as usura, the maintainer of the venerable replay archives (since renamed to zedz.net, replay.com being a domain name he did sell.

Replay/zedz is unarguably the best privacy-related archive, and also widely mirrored. For crypto downloads, including SSH, it's simply great. I find the suggestion that Alex would want to strip us of our privacy by using a page that links to the "official" page quite ridiculous..

I don't know the reasons behing either Alex' actions, or the as-yet-unproven allegations of Mr. Bertrand, but I'm inclined to trust Alex somewhat more...
--

Controversy?

[delmoi]

Uh? how can there be a controversy if this is the first publisized information about it? Maybe if there's a huge comment thread, but...

This is just like the traditional media, hyping non-events in order to get people interested.

[ c h a d o k e r e ]

Re:Hold Your Opinions

[plankers]

I agree. I dislike the fact that Slashdot was brought in the middle of this entire debate. Is that fair? But on the other hand, maybe he'll feel pressured into responding, or doing the Right Thing. At this point he seems like a dork, but we haven't heard his story yet.

Oh, and why should we trust that the real OpenSSH guys aren't mining data or building a list of security conscious users?

Why do we trust that they haven't inserted bogus code in the OpenSSH source? When is the last time you looked at the code, and compiled it yourself, rather than downloading the precompiled packages?

Re:Hold Your Opinions

[Score+Whore]

So if everyone figures that everyone else is going to look at the source, who does? The only way to be sure is to do it yourself, anything else is merely complacency and asking to get whacked with a big security cluestick.

Re:Yawn

[Score+Whore]

Yeah, sort of like issuing an advisory stating that it would be a good idea to keep your children away from this guy because he might be a child molestor. Particulary since the fellow who owns openssh.org has similar or better credentials than those involved with openssh.com.

Re:woah

[Score+Whore]

If you've been getting crypto software from this guy for years (or whatever) then why would you assume that he has less support for crypto than the OpenSSH guys have? What makes them the god-touched keepers of the flame?

Just being devil's advocate here.

Re:Hypocritical Linux Community (including /.ers)

[Score+Whore]

It's hard to argue that he attempted any kind of hijack with this since the openssh project didn't have any kind of net identity or public identity to associate with "openssh.org" in the first place. The assumption that they would be a .org is premature and definitely not in keeping with the current climate of the internet.

Re:Abuse of the namespace...

[StenD]

"net" was traditionally intended for use by network service providers.

Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address.

How about Jump.Net or Texas.Net?

Re:You mixed up your dates..

[iCEBaLM]

Check that:

1) OpenSSH.COM by OpenBSD people (25-10-1999)
2) OpenSSH.ORG 9 days later by our friend in Europe (04-11-1999)
3) OpenSSH.NET 12 days later by OpenBSD (16-11-1999)

The BSD guys went for .com first, they snooze, they lose.

-- iCEBaLM

Re:You mixed up your dates..

[iCEBaLM]

Possibly, but don't you think it's more likely that if they DID screw it up, the dates would be later then actual, and not earlier? This means that if the date is screwed up there's a higher possibility of the OpenBSD guys actually registering before the date in the whois database, further showing that: they snooze, they lose.

-- iCEBaLM

Re:Hypocritical Linux Community (including /.ers)

[ajs]

Hypocracy is saying one thing and practicing another, which is opposed to or exclusive of the first.

In this case, I feel about the same way about this case as I did about the very first such cases (mcdonalds.com and mtv.com). That is, the person who registered the domain did so in an attempt to utilize the popularity of the name of a product. Realistically, trademark or no, that's a slimy move.

In the case of, for example, etoy vs. etoys the etoy domain was there first, so they could not possibly have chosen that name to capitalize on the popularity of etoys.com.

As for "freedom" and "legality"... if something is legal, but morally repugnant to me, I don't accept it. The freedom issues don't enter into it. This guy is free to do whatever he wants, but we don't have to like it. Microsoft is free to write crappy software, but that doesn't stop us from complaining about it and using other products....

This is all, of course, pending hearing his side of the story. It could turn out that the OpenSSH project is not telling the whole story....

Re:A Proper Analysis of OpenSSH's proposed boycott

[pmc]

?!? Did you read the text you just quoted? Where's the accusation? You do know what the word means, don't you? Where in the letter does it say Mr. de Joode is doing anything? Saying he could use the domain for data mining is not an accusation, it's an observation

It is an observation in much the same way that "Have you stopped beating you wife?" is a question. It is more than a simple observation - it is an observation that will produce a negative opinion of Mr De Joode in the minds of the reader.

An observation couched in those terms is nothing more than an Ad Hominem attack. There is not an iota of evidence, or even reasonable grounds for suspicion, that Mr De Joode is doing anything untowards. Indeed, based on his reputation, previous work, and useful contributions to usenet and other places, the opposite conclusion should, initally, be drawn.

Paranoid, baseless, and derogatory "observations" that try to put pressure on him say more about the observer than the observed.

Re:Abuse of the namespace...

[Simon+Brooke]

Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the .net TLD, but it's nothing more than a redirect to the .com address, which is by your definition another "ridiculous misuse of the namespace."

No, it's not, it's specifically what people were asked to do by IANA: to use .net addresses for all elements of the public network backbone, and .com addresses for everything else.

What, then, would you suggest Slashdot's URL be? "Slashdot.com" doesn't fit, because Slashdot isn't really a commercial venture (the ads notwithstanding). "Slashdot.net" doesn't work for the reasons you just said. "Slashdot.gov" and "slashdot.mil" are obvious problems as well.

It may have escaped your notice, but /. is a commercial venture of Andover.Net, inc. Both 'slashdot.org' (which isn't a non-profit) and 'andover.net' (which doesn't own any part of the network backbone) are gross abuses of the namespace.

Changed Webpage

[pirodude]

Looks like he changed his website:

<html>
<head>
<title>www.openssh.org</title>
</head>

<body bgcolor="#FFFFFF"
text="#000000"
link="#000000"
vlink="#000000"
hlink="#000000"
alink="#000000"
>

<table align="center"
border="0"
cellpadding="0"
cellspacing="0"
width="525">

<tr>
<td colspan="1" align="middle">
<BR>
<BR>
<BR>
For information about free ssh implementations<BR>
please goto: <a href="http://www.freessh.org">http://www.freessh.o rg</a>
</td>
</td>
</tr>
<tr>
<td align="middle">
<BR>
<BR>
<BR>
For information about OpenBSD' OpenSSH implementation<BR>
please goto: <a href="http://www.openssh.com">http://www.openssh.c om</a>
</td>
</tr>
</table>

Wait a minute....

[Just+Your+Average+Li]

How do you know which server is right?

If I query whois.networksolutions.com (which is the master for openssh.org according to corenic), the date it was created was november 9.

If I query whois.corenic.net (which is the master for openssh.com) for openssh.org, it's oct 15.

Shouldn't I assume that corenic "lost something in the translation" from networksolutions rather than assuming that the master is bad? I mean, networksolutions can get the correct date from corenic for openssh.com

I'm perplexed

[Durinia]

Why would a proponent of open cryptography want to mess with the OpenSSH project? This is the fundamental question.

The only thing I can really see as a motive is the suggestion that the article makes - that he may be collecting information.

Does anyone else know what the purpose of this stand-off might be??

Louis Bertrand!

[penguinicide]

Here is his(owner of openssh.org) response.

It is on his site, so if you worry about what was said: "This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution."

Personally I find the letter from Louis Bertrand a bit reckless, and the use of Slashdot as a tool to apply political pressure in bad taste.

It is similar to how etoy manipulated public opinion to influence the courts to get one over on etoys. There is no representation from the other side, and the wording in Louis Bertrand's letter is inflammatory, and unduly fear causing. (at least on the surface)

This thing is being handled very poorly by slashdot. They should have written up something with links to both sides of the story (i'm guessing personal politics got in the way).

This is not news for nerds, it is an electronic soapbox for friends and family of slashdot.

(Just because the message it comes from a developer of a respectable project, does not mean the developer is respectable himself.)

Just a warning...

Re:Abuse of the namespace...

[Spazmoid]

You are right, there are not enough TLD's, but without enforcing the correct usage of whatever TLD's we have, it does not matter. .gov and .mil are of course regulated correctly, but I can have a www.big-ass-e-business.com and also register it in .org and .net, regardless if .org or .net is approiate for my business or goals. Domains have become a marketing gimmick and nothing more. If we get more TLD's we need an orginization devoted to the correct usage and registration of each one. When they are all lumped together it becomes to easy to say.. oh yeah I need that in .net too and no one with any authority cares/has time to investigate that claim.

Find a name where you can get com, org, and net...

[liberty!]

The lesson here is to be silent about your naming plans for your new site until you act, and then snag the big three, com, org, and net, all at once. That is exactly what we had to do... and our organizational name was not confirmed until we knew we had the three doman names locked up. Perhaps our final name of freeio.org was not our first choice, but all three were available, and it was descriptive of what we do - GPL hardware designs.

Live and Learn...

-- The easiest way to lose your freedom is to fail to exercise it! --

kernelnotes vs linuxhq all over again?

[Rares+Marian]

What a putz.

Rename to Open-SSH.org or TrueSSH.org and be done with it.

First things first

[jmp]

I guess the lesson is, register the domain name, then announce the project/company/whatever.

Stay one step ahead of the parasites.

What? No link?

[blogan]

If there's one thing to be learned, providing an actual link to http://www.openssh.org will allow us to, as a community, Slashdot them (it brings in the people to lazy to type in the address)! But on a more serious note, he does provide a link to openssh.com. He doesn't try to deceive anyone.

New TLD's won't help

[Greyfox]

But instead of squatting at McDonalds.com they'll be squatting at .McDonalds.

No sir, we should all go back to raw numeric IP addresses. Not dot-quads mind you but the new 128 bit hexadecimal raw numeric IPv6 IP addresses. Most of the pages people access these days are through search engines, anyway.

Yeah, but...

[Greyfox]

The WombatNipples free encrypted shell product just doesn't have the same ring to it.

I just registered paratheoanametamystikhood.com. One of these days real soon now I'll have the energy to set up DNS servers for it.

Re:Mr. Fries explain this.

[Mark+F.+Komarinski]

What would you say if I said that Openssh.com *could* be data mining, I just don't know? Your statement is similar to asking "do you still beat your kids?". The statement/accusation/comment should have *never* been made in the first place. Shame on you.

Mr. Fries explain this.

[Raindeer]

In the open letter it sais the following:

Please do not visit the .ORG site, nor send email to anybody at the .ORG address. This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution.

Those are pretty brutal accusations which you seemed not willing to react to. I would like to know why you claim this. Alex de Joode has quite a reputation, but that is because of his ftp-site at ftp.zedz.net. Still my favorite place for crypto. I have a really hard time beleiving that he would use this to start some mailinglist or do some datamining..... If he wanted to do that he would do better to just use the logs of his ftp..

So what do you think of Alex de Joode's response?

[Raindeer]

Well i am sorry you can't understand my logic. You might have troubles understanding his reaction that he posted on the web then too.. But maybe somebody could explain it to you and the Openssh.com team could react to that statement. If I read it I only gather from it that he is willing to cooperate witht he openssh.com-team as much as he can. Now you might see that differently, but please make it clear to us. :-)

Squatter?

[meisenst]

If I were Mr. de Joode, I'd be offended -- he simply doesn't appear to be squatting.

Take a look at http://www.openssh.org/org-vs-com/. This seems to outline his position very well, without resorting to name-calling.

meisenst

Re:That's lame.

[FoulBeard]

WTH: This guy is just running his own site he got the name first, and he isnt squatting per say. The article noted that he works with encryption stuff, maybe he plans to use that site for some of his work. Wasnt there just this huge fiasco about etoy.com, It seemed that the slashdot community was behind etoy.com.
I could understand if he was squatting to get money but it doesnt look like this guy is out to make money off of the deal, he just registered the site. Just becuase OpenSSH wants the site doesnt mean that it deserves to get it. I *hate* doman squatters, but this seems like a legit use of the domain registration service. Is he trying to exhort money out of OpenSSH?
Anyway we have to be fair, and it sound like this guy is being fair.

Data mining? Looks fishy...

[Tyger]

I decided to check out the HTML myself without a web browser, and I didn't see a link to the official website.. This is the HTML I got back (Superflous
s removed):

<HTML>
<HEAD>
<TITLE>www2.terena.nl</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#CCCCCC">
<CENTER>
<IMG SRC="/html/lame.gif" border=no>
<a href="mailto:webmaster@alpha.terena.nl">webmaster@ alpha.terena.nl</a>
</CENTER>
</BODY>
</HTML>

Perhaps it shows different content to different web browsers?

Additionally, the image /html/lame.gif was lacking.

That's lame.

[res0]

Domain squatters are the plague of the internet nowadays. Sometimes the media reacts a bit too harshly, but there are enough top-level domains out there to get around the squatters, but many times the squatters use the domain ownership as a means of getting false hits for their banners or what-not.. which is very very lame.

DNS is already permanently ruined

[rambone]

Almost every conceivable useable combination of characters has been reserved by someone using it, misusing it, or squatting on it.

Its been like this for a while and there isn't any going back. The best you can hope for is industry wide rules banning overt squatting (i.e., taking a domain name and then not applying it to a site for a year), or a rash of new TLDs to free up demand.

I'm personally looking for new TLDs - any type of squatting rule is likely to choke cyberspace in ridiculous lawsuits.

Do you know what the "net" TLD is meant for?

[rambone]

"net" was traditionally intended for use by network service providers. Your useage is no less an abuse than "slashdot.org", another ridiculous misuse of the namespace.

Re:Looks like de Joode's trying to make a point.

[rlk]

openssh.org does not attempt to set a cookie. It does not contain any scripts or applets. Its HTML is perfectly vanilla, and it doesn't even have any meta tags to redirect search engines. It also contains a link to openssh.com.

Certainly looks harmless enough to me.

Two questions...

[Millennium]

One: why not openssh.net? I think it suits the project better than openssh.com or openssh.org anyway, given the nature of the project.

Two: Why won't this guy just let them use the domain name? He's not using it for anything. This isn't a typical squatting case either, because he's not even trying to sell them the name. Though frankly, that frightens me even more; what could he want with the name, if he doesn't intend to sell it or to use it for a legitimate site?

Abuse of the namespace...

[Millennium]

"net" was traditionally intended for use by network service providers.

Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the .net TLD, but it's nothing more than a redirect to the .com address, which is by your definition another "ridiculous misuse of the namespace."

Your useage is no less an abuse than "slashdot.org", another ridiculous misuse of the namespace.

What, then, would you suggest Slashdot's URL be? "Slashdot.com" doesn't fit, because Slashdot isn't really a commercial venture (the ads notwithstanding). "Slashdot.net" doesn't work for the reasons you just said. "Slashdot.gov" and "slashdot.mil" are obvious problems as well.

That's the major problem with TLD's; there aren't enough of them. Then again, that's because they were created in a time when no one had really come up with the idea of personal Websites or Weblogs or anything like that. If the slashdot.org name is an abuse of the namespace, it only goes to show that the problem is with the namespace itself, not the users. The namespace needs to be changed to reflect the times. Until it is, there's nothing that can be done, and .net still fits the project better than .com does.

Re:Looks like de Joode's trying to make a point.

[Reject]

Well, how long before the first OpenSSH release was the news of OpenSSH leaked? (It's not rhetorical, I don't know the answer). Then there's also the little fact that registering a domain isn't instantaneous and can take a little while. 9 days isn't all that long, especially when you consider that two out of every seven aren't business days (I don't have a calander handy to check what day of the week Oct 25-Nov 4 were)

That said, my problem with the OpenSSH.org thing isn't that he got there first, it's that he's using it to advertise his site knowing that OpenSSH.org is where people will go to try to find information about (surprise) OpenSSH. If they wanted his site they'd have gone to FreeSSH for obvious reasons. I know that I, for one, usually think ".org" when I think of OpenSSH or Open anything. Even if he does have a legitimate claim to the domain and he isn't trying to squat it for cash (which he isn't), it would still be a good jester to hand over the domain (especially since they offered to pay for it) as an offer of goodwill.

--
Reject

woah

[tweek]

this seems really really odd. I mean the Zedz guys are the formerly know as replay.com guys. It seems odd that he wouldn't sell the domain name if he really supports cryptography as in the past. This really bugs me because I relied on replay/zedz for alot of crypto enabled software.

I think is the unique case we should give the Zedz guys a chance to comment on the issue publically before jumping to conclusions (which we all have done and are guilty of).

While I totally value the opinion of the OpenBSD team and the OpenSSH team I think something along these lines without any comment from the other (in my opinion) well respected party involved is a bit harsh.

Re:Hold Your Opinions

[trcooper]

Dead or Alive, Mr. de Joot certainly is in the right here. The openssh.org site is not in anyway harming openssh. They're even providing the courtesy of linking to the projects site. OpenSSH should be happy that they're getting that much. They should have registered all of the TLD's, but didn't see it as being necessary, and apparently, they thought the .com was the one they needed the most.

Even the U.S. government has not been able to get around this mistake. There's the infamous whitehouse.com site, which is still active.

If someone came to me and said that I had to give them one of my domains, because they felt they had some right to it I'd laugh in their face. Simply because you're an open source project does not excuse stupidity.

Beyond all this, we're talking about the former Replay.com site here, now zedz.net which has provided for years a good many of us with free crypto systems. They were doing a service years before OpenSSH was even thought of.

I don't use OpenSSH on my machines yet, and I was considering switching, but due to this situation where it appears they're in the running for a Slashdot beanie for "Open source domain bully" I'm going to boycott the product, until they play nice.

Come on, this is Alex de Joode!

[wmono]

Unless something extremely world-shattering has happened and Alex de Joode is now a radically different person from who I remember from years ago during my involvement with the Cypherpunks, I find it extremely difficult to imagine that he would set up a web site to do any of what the OpenSSH developers claim he is doing. De Joode would not collect viewer data. De Joode would not collect addresses for spamming. That's just not what the guy is all about.

The OpenSSH advisory says that they don't know his motives. They're absolutely correct; they don't know his motives at all. They correctly identify de Joode as the one who started xs4all.nl, and they correctly identify him as someone who advocates widespread use of cryptography, but they fail to mention that he is a privacy advocate. They also fail to give any rationale for their accusations other than that de Joode refused to sell them his property, which is meaningless.

Visit http://www.openssh.org/ and judge his motives for yourself. Other posters have already discussed the ludicrousy of boycotting the web site so I won't repeat all of it here, but have a little think: Why would the OpenSSH group want you to think that openssh.org, who points to openssh.com and to one other site, is evil?

Agreed!

[Savage+Henry+Matisse]

Hell, this guy is even providing a clear link to openssh.com, just in case folks come to his site looking for them. He's clearly not trying to cash in on confusion-- he isn't even running adds on the openssh.org page. I think that it's pretty clear that some of the implcations in the letter (such as indicating that this guy is setting people up to confuse him for them and thus gather data on security-minded individuals) is unfounded and alarmist. Nothing at openssh.org seems in any way intended to make anyone believe that it is the official website of OpenSSH devel.

And, isn't an unconditional boycott a pretty good way to prevent people from actually looking at the site and deciding for themselves if it was set-up with bad intention?

what are you referring to?

[pnevares]

A search for OpenSSH?
A search for Open SSH?
A search for "OpenSSH"?

None of them return the actual site near the top, neither the .org or .com varieties.

Pablo Nevares, "the freshmaker".

Hypocritical Linux Community (including /.ers)

[.torq]

All you people who are giving the legal owner of the openssh.org domain name a hard time for using it ought to be ashamed of yourselves. How dare you stand up and speak about having a free and open internet with no controls (and bullying) by big companies, then whinge and complain when someone actually uses it.

If you are all as high and morally right as the drivel you so often spout you have an obligation to support Alex de Joode in his legal right to use the domain he registered. Too bad if FreeBSD didn't get there first - they have their chance 2 years from now to beat Alex to the renewal process (if he hasn't succumbed to the pressure by then and given it away).

Don't whine about people who work within the rules. If you don't like the way the domain registration process works, try to get the rules changed!

I also hate to say it but most of the whining seems to come from Linux user wannabes who want to put all their pent up frustration into ridiculous vocal support of any Linux based endeavour. Use your brains people. I think Linux is great, but I don't think everything Linux is great. Be more selective about what you support. Complaining about domain registration just because a Linux company is affected is really lame.

openssh.org owned by replay/zedz.net

[bbk]

The guy who registered openssh.org runs the zedz.net site, which hosts the replay redhat crypto archives (good place to get .rpms of security software). They used to be at replay.com before replaytv bought the domain from them.

The Zedz guys seem to be pretty good people as far as free software goes. Makes you wonder what they plan to do with the domain, and why they set it up as a forwarder to openssh.com

This reminds me of the whole LinuxHQ/Kernelnotes.org fiasco...

You mixed up your dates..

[Inoshiro]

$ whois openssh.com@whois.corenic.net
Record created: 1999-10-25 08:44:41 MET by CORE-80

$ whois openssh.net@whois.networksolutions.com
Record created on 16-Nov-1999.

$ whois openssh.org@whois.networksolutions.com
Record created on 04-Nov-1999.

So it was
1) OpenSSH.ORG by our friend in Europe (04-11-1999)
2) OpenSSH.NET 12 days later by the OpenBSD people (16-11-19996)
3) OpenSSH.COM a further 9 days later (25-11-1999)

I don't understand why they don't just use .net. They (OpenSSH project) did register it before the one in the COM TLD. Sigh.
---

Is it *really* that important?

[smoondog]

Ok, so some jerk has taken a name that really shouldn't be his. This would be a non-problem if nobody cared. I'm just not sure that being a *.com, *.org or a *.net really means much anymore. /. is under a publicly traded company (andover.net), is that necessarily the right place for a *.org? (see nobody really cares...) I think Openssh is just fine as a .com and I don't think it to be a big deal. Why not be openssh.net? That seems appropriate, too. If you are really doing great stuff for a .org domain name, people will know, whether or not it is a .org or a .com


-- Moondog

Jesus, Now slashdot is attacking their own!

[cruise]

Well this sure tops the cake. Now Slashdot is bullying OpenSource ADVOCATES!

Domain Names are first come first serve. I hardly see how an OpenSource advocate who registers a domain name in the org top level to be a squatter when he is using it for related purposes (or any purposes.. he paid for it, he was there first, He took the initative that the SSH group did not.) Big deal! They were caught sleeping.. they loose.

Like it or not (I don't much like it anymore) Slashdot has some power over this OpenSource comunity and this is a clear abuse of that power. The poor guy's web page is being flooded, his email box is being flooded with lamer flames and Slashdot is directly responsible by posting this story.

You've twisted the SSH announcemnt to incite anger among your members, You're using your members as a tool for your own personal attack on a person who was well within their rights to register a domain he felt he could use for his benefit.

Some animals are more equal than others?

PIGS

Today will be the last day I participate in this madness which is called Slashdot. Today is also the day that I buy that Dell computer instead of a VA Linux system.


They are a threat to free speech and must be silenced! - Andrea Chen

a slight bit of interest

[karmatrip]

strange. look what whois turned up:

Registrant:
Open SSH Project (OPENSSH2-DOM)
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL

Domain Name: OPENSSH.ORG

Odd.and the page is simply a link. Looks like this guy registered the domain name for the project. We need some more information on what this guy is doing before an honest opinion could be made.

A Proper Analysis of OpenSSH's proposed boycott

[whoop]

Well, this is a refreshing way to look at the Free Software community. Get that knee-jerk reaction we are so known for, and put it to your use. Now, I'd like to look at Mr. Bertrand's letter.

The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community.

Hmm, "when news of OpenSSH was first leaked." Let's look at those seven words, shall we? When was this news leaked?

Performing a search on this here web site (Slashdot for those not in the know) for "openssh" yieds two results. This very article, and one from November 18, 1999, entitled, "OpenSSH Project Now at openssh.com."

Next I moved to LinuxTod ay.com. They have articles for everything under the sun. Their first article mentioning OpenSSH is one at Security Portal dated October 27, 1999.

I search Google (both plain Google and the Linux subsearch), and they have never heard of openssh.

Finally, I visted the very site for this project, openssh.com. Looking for an "about this project" sort of link, I clicked on the Project Goals link right up at the top of the left column of links. What's that it says at the very bottom? "OpenBSD: goals.html,v 1.4 1999/11/17 14:14:15 provos Exp $" That looks much like a cvs (or related) entry. That date is November 11, 1999. I also visited the link to the devel mail list archives, and the earliest date there is November 16, 1999.

Looking at all these, I'd guess their formal announcement was around November 17. But the "leak" award goes to Security Portal on October 27, 1999. I'm sure they got their information from somewhere else, but I'm tired of searching. :) Back on track, when did openssh.org register it's domain? Whois gives me the date of November 4, 1999. I count eight days from that "leak." That's not an extremely brief time, but it is before their formal announcement.

Back to the letter, Mr. Bertrand says, "The OpenSSH developers wanted to register under the .ORG top level domain,[...] but the name had already been taken. They settled for the .COM in the interim."

Ok. Well that sure sounds unfortunate. Let's take a look at when they registered openssh.com, shall we? Returning to my favorite domain searching services, whois, it yields October 25, 1999, as the date the record was created. What's this, I see? That looks a lot like a date before the openssh.org was registered. It's even two days before the slight mention by Security Portal. So, they "settled" on the COM top level domain ten days before the ORG one was "taken by a someone not affiliated with the OpenSSH development team." Uh huh, sure thing buddy.

Next Mr. Burtrand discusses the owner of openssh.org, "Mr. de Joode has repeatedly refused requests to sell or turn the .ORG name over to the OpenSSH developers.

Since when must anyone turn over a domain to anyone who asks for it? In my book, domain names are a first-come, first-served service. The OpenSSH group had plenty of time to register any domains they wanted. What if the real SSH group wants the openssh.com domain? Would you, Mr. Bertrand, be so giving and just surrender it?

Now comes the discussion of openssh.org's web site, "The OpenSSH.ORG web site currently is a blank page with a link to the official site."

Ok, this is somewhat true. Going to openssh.org, you are presented with a link to www.openssh.org. But Mr. Bertrand, did you really stop reading there and not see a few blank lines below (9 lines if you telnetted to port 80)? From openssh.org's page I quote, "For information about OpenBSD' OpenSSH implementation please goto..." and they link to the OpenSSH group's web site, openssh.com. This ommission is purely ridiculous, Mr. Bertrand.

Finally, Mr. Bertrand pushes one of the hottest buttons in the community, privacy. "This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution." Hmm, a very strong accusation. None of us like being spammed, tracked where we go, etc. So, I asked myself, "What data mining is openssh.org doing?"

Let's take a gander at the HTML source code. This site is afterally a mere two pages. There could be some JavaScript performing some hidden actions users won't see when just using Netscape (or other JavaScript enabled browsers). And there it is, plain HTML. What?! No fancy, shmancy Netscape Composer, FrontPage or other editor META tags? No META tags at all to con search engines to pointing to them instead of openssh.com. I find it refreshing that someone else codes HTML in plain, simple HTML. But I see nothing hidden here.

Ok, but I have my Netscape set to just accept all cookies. I could have been slipped one of those and now they have access to my whole hard drive, right (I'm kidding, of course)? Let's give the Netscape cookies file a good grepping, shall we?

316-1 Mon/11:55pm ~> grep -i ssh .netscape/cookies
317-1 Mon/11:56pm ~>

Hmm, exactly zero references to anything SSH related. I still haven't found any maliciousness. What about the "building a mailing list" bit? I've seen many sites with "Click here to receive our free newsletter" sort of links. No doubt many of them then give out your email address to every spammer in the universe. Is there any similar line in these web pages? Not that I can see, the bottom of the second page does contain a simple "For more information about freessh.org, please contact:" mailto link. I haven't sent an email to that address yet, so I can't say if it's a secret email net. But since I'm sending this analysis to Mr. Bertrand, I'll send one to that address as well with a brand new email address. If I get spammed there, I'll know who's to blame. If openssh.org really is using this link to catch people for a spam list, I must sahe's doing a poor job of it. At least claim you can get free porn if you send an email. ;)

In closing, as Mr. Bertrand says "Any help or suggestions in breaking the deadlock are appreciated.", so I say, Mr. Bertrand, I sincerely hope you recosider your position, because well, it has no leg to stand on. A) You registered the .COM ten days prior to Mr. de Joode registered the .ORG one. That is a right-out lie, never a good thing to have right out the starting gate. I will ask, how do you base your allegation of data mining and mail list gathering? If it is also a lie, that's doubly bad. B) Openssh.org is not using the domain for squatting (there isn't a "Pay $10,000US if you want this domain" message like we've all seen so many times). It is about free SSH programs, perfectly reasonable and on target. C) Mr. de Joode provides links on both of it's web pages to openssh.com. Any users looking for it will easily see that and go to the appropriate web site.

If a reasonable agreement between these two parties is made, that's great, but to seek out the outrage of the free software communities by deceiving them like this is not the way to go about it. I sincerely hope you reconsider your position Mr. Bertrand.

Thank you.
John Corey

Copies sent to both Mr. Bertrand and Mr. de Joode.

Whois the two.

[whoop]

Has anyone besides me done a whois on the two domains? There was one bit in there that confuses me.

openssh.com: "Record created: 1999-10-25 08:44:41 MET by CORE-80"
openssh.org: "Record created on 04-Nov-1999."

So, I'm no domain expert, only have one myself. But I think, correct me if I'm wrong, that the OpenSSH group registered the .com a good 10 days before this fellow registered the same .org. Was this a clerical error? Did some secretary fall on the job and not register both? Were walnuts involved in this incident?

This does sound like whining, and though it's nice to see a project like this hq'ed here in the Peoria, IL area, I will have to give my vote to the .org in this matter. They are giving links to free ssh products, even if it is a simple site with no graphics/javascript/bannerads/porn/buy-this-domain -for-$10,000US ad. Domains are a game of first come, first served. They had a ten day lead and fell asleep. That isn't reason enough to come whining to this fine community.

You have to wonder

[N8F8]

In this case at least, some of the blame lies with the OpenSSH project noy claiming the domain before announcing their project. I mean really, what does it cost? A whopping $15/yr to register?

Whats even worse is that this story posted on Slashdot could be interpreted as a veiled threat. Not cool. I'm all for OpenSource but this subtle bullying is BS in my book.

Yawn

[Shoeboy]

Situation: Some guy has registered openssh.org and is pointing to the groups real site. He won't sell or give it away and he doesn't appear to be using it.

Conclusion: WE MUST BOYCOTT!!! He might be doing something awful!!!

Am I the only one who doesn't understand this response? I think the motives of OpenSSH.com in posting this warning are every bit as strange and unfathomable as Mr. de Joode's in grabbing the site.
(Sorry for injecting a touch of sanity into a /. discussion, I won't ever do it again.)
--Shoeboy

Looks like de Joode's trying to make a point.

[Shoeboy]

Check out the site. Looks like Mr. de Joode just wants to make sure that freessh.org and other free (beer) ssh projects are easy to find as well. Maybe a bit unfair to be claim jumping the domain, but it's hardly evil. Odd how the warning never mentioned that he was advertising competing projects. I guess the openssh guys wanted to hide that fact. (Which is probably why they say "Don't visit, he's tracking you!")
--Shoeboy

They already have openssh.net

[shon]

Take a look at the whois records:

$ whois openssh.com@whois.corenic.net
Registrant Todd T. Fries (template COCO-21730)
OpenBSD, the REAL open group
Record created: 1999-10-25 08:44:41 MET by CORE-80

$ whois openssh.net@whois.networksolutions.com
Registrant Todd T. Fries (template COCO-21730)
OpenBSD, the REAL open group
Record created on 16-Nov-1999.

$ whois openssh.org@whois.networksolutions.com
Registrant:
Open SSH Project (OPENSSH2-DOM)
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL
Record created on 04-Nov-1999.

Looks to me like the "real" OpenSSH Project registered the dot com first, this other guy grabs dot org, then they got dot net. So why did they grab dot com first? Looks like they screwed themselves.

Anyway, what's the big deal? Even Network Solution suggests that you get all three dot com, dot net and dot org to "protect" your company. Only dodgy purists still stick to the old conventions.

Why even publicize this at all? All the documentation and downloads will use whatever the official openssh URL is anyway. The web already has a way of routing around misinformation.

Also, do open source project automatically have a right to the dot org? I think this is presumptuous. What makes any project "the official" openssh project other than when it becomes the de facto standard? Maybe this guy has a right to create another open source or proprietary "openssh" package.

Is this reallly squatting?

[p0six]

Most people on the thread so far has been very much on the side of the OpenSSH. However, I don't think that what this other guy is doing is wrong in the very least. He is not trying to make a profit. He is not trying to blackmail or exhort anything from the OpenSSH group. He was there first, and if he wants to keep the name, the more power to him. He doesn't necessarily have to do anything with it. I mean, if he wanted to, he could just put up a html document saying "This is my page."

Just because the OpenSSH group happens to have want the name does not mean that they have a right to that name. I think that it is in very poor taste to boycott the OpenSSH.org. It seems almost arrogant in fact, to presume that just because Mr. Alex de Joode does not wish to deal with them with regards to the domain name, that he has ulterior motives. A simple message warning people that OpenSSH.org is not affilated with the OpenSSH group would have surely sufficed.

Re:Is this reallly squatting?

[RovingSlug]

I agree 100%.

The post by the OpenSSH developers strongly implies they think they are solely entitled to OpenSSH.org. Wrong. Are we so quick to forget eToys.com versus etoy.com? Were no lessons learned?

It is unethical for a group to bully others just to acquire an asset. Mr. Alex de Joode has done nothing wrong except to own something the OpenSSH developers want. The OpenSSH developers should be reprimanded for believing they have some right to demand that Mr. Alex de Joode "sell or turn the .ORG name over to the OpenSSH developers." Shame on them.

Hold Your Opinions

[Bob+Uhl]

Let's not jump to conclusions here. This sounds suspiciously like one of those personality conflicts which are all too common nowadays. It could be that either or both players are acting in ill will, or it could eb that each thinks ill of the otehr but neither is bad from our perspective.

For that matter, if Mr. de Joot has simply not replied to any emails, it may be that he has passed away (don't laugh; it happened to Duane Blehme, a Macintosh shareware programmer years back).

It would seem to me that the wise things to do is to wait and hear from both sides. Remember the Uruguayan Linux fiasco awhile back? We don't really want a repeat of that hysteria, do we?