Slashdot Mirror
UPDATED: OpenSSH Domain Name Controversy
Bowie J. Poag was one of the folks who wrote to us about the domain name controversy regarding OpenSSH. (I've included the full letter below). They're in the interesting situation of /having/ to be a .com, because a squatter has taken the openssh.org domain name. Read the letter below - it's a stickier situation than the other squatting issues we've talked about. Update: 03/07 04:58 by E : Alex de Joode has written his own response here. I hope this can be resolved amicably.
Please be advised that OpenSSH.ORG is NOT the official domain name for OpenSSH development. The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community. The correct Web and e-mail address for the OpenSSH development effort is OpenSSH.COM instead of .ORG.
The OpenSSH developers wanted to register under the .ORG top level domain, traditionally meant for non-profit organisations such as OpenSSH, but the name had already been taken. They settled for the .COM in the interim.
The .ORG name is currently held by Mr. Alex de Joode <adejoode@zedz.net>, a proponent of open source cryptography who runs his own free crypto portal hosted by xs4all.nl, a well-known and respected Dutch ISP. Mr. de Joode has repeatedly refused requests to sell or turn the .ORG name over to the OpenSSH developers. This leaves us no choice but to issue this advisory.
The OpenSSH.ORG Web site currently is a blank page with a link to the official site. Please do not visit the .ORG site, nor send e-mail to anybody at the .ORG address. This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution.
Any help or suggestions in breaking the deadlock are appreciated.
Regards
For the OpenSSH developers, Louis Bertrand <louis@openbsd.org>
Please be advised that OpenSSH.ORG is NOT the official domain name for OpenSSH development. The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community. The correct Web and e-mail address for the OpenSSH development effort is OpenSSH.COM instead of .ORG.
The OpenSSH developers wanted to register under the .ORG top level domain, traditionally meant for non-profit organisations such as OpenSSH, but the name had already been taken. They settled for the .COM in the interim.
The .ORG name is currently held by Mr. Alex de Joode <adejoode@zedz.net>, a proponent of open source cryptography who runs his own free crypto portal hosted by xs4all.nl, a well-known and respected Dutch ISP. Mr. de Joode has repeatedly refused requests to sell or turn the .ORG name over to the OpenSSH developers. This leaves us no choice but to issue this advisory.
The OpenSSH.ORG Web site currently is a blank page with a link to the official site. Please do not visit the .ORG site, nor send e-mail to anybody at the .ORG address. This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution.
Any help or suggestions in breaking the deadlock are appreciated.
Regards
For the OpenSSH developers, Louis Bertrand <louis@openbsd.org>
On the one hand, that event seemed to stem from some not so great communications that weren't entirely the fault of either party. On the other hand, the OpenBSD parties went out of their way to be spiteful and power grasping once the situation got out of hand. If the situation was really different, they were unable to convince the outsider through the information they were allowed to disclose. That whole event _seemed_ like a fit of spite in revenge for not getting access to a source tree, whatever the real reasons were they were not communicated well.
Now a similar situation comes up. The OpenBSD folks may or may not have been wronged, but the only information I can see points to the OpenBSD side being spiteful and mistrustful. It's more a matter of communiation style than the content of what was said and done. If the OpenBSD folks want me to sympathize over this domain name issue they'll have to communicate in a different style, because this one has failed to convince twice in a row.
I say this as a very strong admirer of OpenBSD project and its work, people with less admiration for the project are likely to see the situation in an even more negative light.
Go ahead, I know I'll be "troll-branded" for this. Not as if I post often anyway.
The OpenSSH group is just helping people think that domains are more important than they actually are, thereby motivating squatters further.
OpenSSH is an open source project. They aren't making any money off it. Just put everything at www.openbsd.org/openssh
People want to install OpenSSH. They will find it no matter what domain its under.
I don't know what the old version looked like, but the current web page is the perfect way to settle any and all domain name disputes: Simply create a replacement for the 404 page that points to all the other domain names. Hell, you can even do similar things for email, ftp, telnet, etc. If openSSH has any complaints to make about this web page, I say they totally deserve to be a .com 'cause they're already acting like one.
That's because .com was taken, and everyone else was already doing .coms.
Yeah, I'm that guy.
Two: Why won't this guy just let them use the domain name? He's not using it for anything.
.org (see whois listings for both), they didn't. They only registered openssh.com. Now is not the time to come back whining because they failed to do it.
Whoa, whoa, whoa. Who's position is it to decide what a site contains? As a new domain holder, I take great offense to this. If he were just begging $10,000US for the domain, it had just porn banners, I could see a case being made. But he isn't doing these. He is providing a list of free SSH programs. People here bitch about government "intruding" on the Internet with taxes, filters and the like. I will have much more fear if these decisions are made by bands of hooligans who are just unhappy. The OpenSSH group had a good ten days to register the
Even if this isn't the case, there will be web log files which could be used for data mining.
How about openssh.com - someone wanna prove to me they've turned logging on their httpd off so that they aren't collecting log files that could be used for data mining?
WTF is your point?
...j
It strikes me as somewhat strange that are very few posts on this thread talking about the update to the story, which was submitted many hours ago. A flood of posts came right after the story was posted, some doing the usual juvenile 'I know nothing about this case but I hate this squatter anyway' thing and some actually advocating waiting until the whole story was out. Now it seems that the whole story is out and nobody wants to talk about it. Is Theo de Raat such a beloved figure that nobody wants to recognize that he seems to have acted like an ass in this matter? Of course I have little information besides Theo's letter and the response but it seems like an apology is in order from both Theo and the Slashdot crew. I hate to think that /. will become a place that posts anything by an Open Source advocate even when it turns out to be a personal vendetta or something else of that sort.
Of course I hope that this post will not be moderated down but my karma can take it and I had to say something so if you feel the need to mark me down, feel free, just please don't do it because I said Slashdot isn't perfect or that Theo might be human.
Sprint's Internet backbone is called sprintlink, and their address is sprintlink.net. And in Toledo, we have glasscity.net, and in Ann Arbor, ic.net and voyager.net.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Yeah, and through "Network Solutions", too. Man, they're pure evil. Of course, the other "real" site is entertaining too.
Note that, to my knowledge, OpenSSH and OpenBSD both have nothing to do with "The Open Group", and that group has nothing to do with actually being open... Go figure.
[whois.corenic.net]
Registrant Todd T. Fries (template COCO-21730)
OpenBSD, the REAL open group
1523 North Pierson Apt F
W. Peoria, IL 61604 USA
Domain Name: openssh.com
Status: production
Admin Contact, Technical Contact, Zone Contact:
Todd Fries (COCO-21731) todd@fries.net
+3096739259
CORE Registrar: CORE-80
Record created: 1999-10-25 08:44:41 MET by CORE-80
Domain servers in listed order:
zeus.theos.com 199.185.137.1
cvs.openbsd.org 199.185.137.3
ns0.fries.net 209.251.96.130
Database last updated on 2000-03-07 03:55:07 MET
To optimize query speed and answer correctness see the
--help option. Depending on your whois client use
whois -h whois.corenic.net HELP
or
whois HELP@whois.corenic.net
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
I know. It was around before we knew what squatting was. I quote myself:
:)
Okay, so openssh.org got taken. This happened to altavista, and countless other "big names" on the web. Some guy registers "your" name before you do, so you settle for another one.
Did I say squatting? I don't think so. Without following your link, I believe my description that someone took "their" name, i.e. the name that they wanted to use and thought was rightfully theirs because they were so attached to it, was correct. This doesn't take the intent of the original domain registrant into consideration.
And "squatting" is when you're using land that rightfully belongs to someone else. I don't know if this is that good an analogy in the first place, because domain names don't "belong" to anyone until they get registered. You can't squat on land that no one owns, and you definitely can't squat on land that you yourself own!
The only thing that's evil is when someone wastes a whole domain for something stupid, when it could go to something useful. That might be the case here, but let's wait and see first.
The OpenBSD community is known for their flamewars and bad feelings on both sides of the fence: that's how it was founded. This might be another one of those stupid pissing contests. And if someone flames me for saying so, I'll consider it further proof.
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
--
Theoretically, of course.
--
Open Source doesn't require everyone to look at the source in order to prevent that, it just requires that enough people do it so that the word gets out of there is something like that going on. What are the odds that no one has looked at the OpenSSH source? Let 99% of the people download and install precompiled packages if they want. This doesn't hurt reliability or security in the slightest. Preventing the other 1% from seeing the source is what hurts.
In short, the principle is "many eyeballs", not "every eyeball".
--
"Convictions are more dangerous enemies of truth than lies."
Since you have added a link to whitehouse.com from a highly rated site (slashdot) you are slowly making google think you want the wrong answer here...
They might want the proxy to track users, but only as a very secondary reason. The real reason is @Home has limited bandwidth to "real" national backbone ISPs, and using a local cache will help conserve that expensave (to them) resource. If they put caches close enough to the users it also reduces the load on whatever backbone they have built themselves.
The company that regiestered it was named AltaVista. It was poor judgment on Digital's part not to name it something with a name already in use and a domain previously registered. Though the company that did own AltaVista.com later capitalized I'm sure they also encountered way more traffic than they were planning for on their website.
Altavista Domain Story
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
He does'nt need this domain. He just registered it after OpenSSH was released. It's just lame.
I wonder if NSI's "reserve ALL TLDs with your name on them!" marketing could have just a little to do with the squatting thing, or the inappropriateness of others' domain names (ie, a for-profit .org) ... It's a wonder that the .edu space is still straight.
(heh... I recently got marketing from NSI telling me I should "register .NET and .ORG versions of your domain" too...)
--
--
Me spell chucker work grate. Need grandma chicken.
Even if I think I can guess the address Google is going to list the real site first. After all I would not want to wind up somewhere like www.whitehouse.com by accident.
Of course that means that I have to trust Google...
Incidentally (slightly OT) speaking of people tracking what you are doing and all that, what is the scoop with @HOME's proxy servers? The only reason that I can see for them wanting you to use their proxy server is to track users. And boy do they go out of the way to force people to use their proxy server!
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
I was asked by Niels Provos (OpenBSD/OpenSSH) to talk to Alex de Joode about this issue back in november, because I seemed to have some neutral position in this and just happened to know both
.com side pointing out Alex is a squatter shows a lot of unprofessionalism from the OpenBSD people.
sides personally.
As far as I understood the issue, Alex was concerned that the OpenBSD people would make OpenSSH too focused on OpenBSD. Apparently talking with Theo de Raadt didn't help any. In an email to me he offered them DNS references from www/ftp/cvs
.openssh.org to any host(s) that Niels would supply, but he wanted to keep control of the domainname just incase it indeed would get focused on just OpenBSD. I conveyed that message to Niels, but don't know why this issue never got properly resolved. But I know the silly namecalling and the pointer at the
Paul Wouters
I like that one.
"Christianity neither is, nor ever was a part of the common law." --
I have a log file from a chat sesssion starting
...
'10/24/99 5:27am' and ending '10/28/99 6:18pm'.
Within this chat session I pasted the following:
<fries> Whois Search Results
<fries> Search again:
<fries> Whois Server Version 1.1
<fries> Domain Name: OPENSSH.ORG
<fries> Registrar: NETWORK SOLUTIONS, INC.
<fries> Whois Server: rs.internic.net
<fries> Referral URL: www.networksolutions.com
<fries> Name Server: NS2.KYARITSU.COM
<fries> Name Server: NS1.KYARITSU.COM
So I know it was prior. I think you should use the same whois server when doing your query. Otherwise you're comparing apples to oranges. Try using whois.internic.net and you'll see that this
person registered the domain 9 days before I registered OpenSSH.com
Domain Name: OPENSSH.COM
Registrar: CORE INTERNET COUNCIL OF REGISTRARS
Whois Server: whois.corenic.net
Referral URL: www.corenic.net
Name Server: CVS.OPENBSD.ORG
Name Server: NS0.FRIES.NET
Name Server: ZEUS.THEOS.COM
Updated Date: 25-oct-1999
Domain Name: OPENSSH.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS2.KYARITSU.COM
Name Server: NS1.KYARITSU.COM
Updated Date: 15-oct-1999
Please get your facts straight before suggesting
that I fell asleep and that I don't know what I'm doing when I determined that the OpenSSH.org domain was registered back in October when I attempted to register it and the domain registrars told me so..
BTW, just because the person who contributed
the registration money is in Peoria, IL, that does
not by any means suggest the project iself is
located here.
Todd Fries
Did a little research: (whois)
OpenSSH.com:
Record created: 1999-10-25 08:44:41
OpenSSH.org
Record created: 04-Nov-1999.
Hmm...
So how did he squat the domain and force them to register openssh.com 9 days after they registered openssh.com?
If there's a reason not to trust the whois record dates, I'll accept that as a refutation.
--Shoeboy
Ah yes, but look at it this way. Say I have a project called freessh and I want to increase traffic. I know that people looking for an open source ssh program are (assuming they're too stupid to use a search engine) most likely to type openssh.org or freessh.org or gnussh.org. So for 15 bucks I go register openssh.org. That's legit right?
Now the openSSH groups argument rests on the claim that he registered it after learning of the existence of the openssh team. This info was apparently "leaked" rather than released. So it may be that Mr. de Joode had never even heard of the openssh project. Until we hear from Mr. de Joode, our only source of info is a group that has attempted to play to the paranoids in the audience with a load of security/privacy FUD.
--Shoeboy
>>"net" was traditionally intended for use by network service providers.
.net TLD, but it's nothing more than a redirect to the .com address, which is by your definition another "ridiculous misuse of the namespace."
>Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the
Yet Another example: att.com is AT&T, the company (and user@att.com is an employee); att.net is AT&T WorldNet Services and other ISP stuff (and user@att.net is a customer).
Stupid job ads, weird spam, occasional insight at
NO! Don't provide free links to the site in question because he's probably using Open Source software and the Slashdot effect won't work!!! ;)
Pope
It doesn't mean much now, it's built for the future.
It's not entirely clear to me exactly what's going on, apart from the fact that the InterNIC servers can't even seem to agree with each other about when the domain was created:
...
$ whois -h whois.networksolutions.com openssh.org
Registrant:
Open SSH Project (OPENSSH2-DOM)
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL
Domain Name: OPENSSH.ORG
Record created on 04-Nov-1999.
$ whois -h whois.internic.net openssh.org
Domain Name: OPENSSH.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS2.KYARITSU.COM
Name Server: NS1.KYARITSU.COM
Updated Date: 15-oct-1999
I give up.
http://www.deadly.org/article.php3?sid=2000030615
http://www.deadly.org/article.php3?sid=2000030603
http://www.deadly.org/article.php3?sid=2000030602
Who are you ?
.: I'm Alex de Joode, I operate the ZedZ ftp site which is propably the largest cryptography oriented ftp site in the world. I also ran an anonymous remailer for 4.5 years and currently host an anonymous remailer and operate an mail2news gateway so people can post anonymously to usenet. I'm in the process of setting up a new remailer.
Who are "they" ?
.: "They" are the OpenBSD core team represented by Theo de Raadt.
What's this document about ?
.: I received a lot of request to tell my side of the story, since it's impossible to reply to all people in detail, I decided to setup this page to answer the most common questions.
Why did you register openssh.org ?
.: The company I work part-time for allowed me to investigate the kickstart of a open/free ssh server client combo that was compatible with ssh1 and could run on Linux/Solaris.
The project title was, guess what ... 'openssh' ...
I learned from LWN that there was an other group working on an openssh version so I contacted Theo de Raadt and asked if he was interested in developing a port for Linux/Solaris. He told me that they were only interested in developing a version for OpenBSD.
I registered openssh.org and was trying to find someone to do the porting. Unrelated to my activities Damien Miller started a succesful porting effort for Linux/Solaris, so there was no necessety for my search to continue.
Why didn't you give away openssh.org to openbsd ?
.: Actually I tried. I mailed Theo de Raadt and told him I was willing to give control of the opensh.org to them provided they added links to other open/free ssh projects on 'their openssh.org' page.
Then why do you still have openssh.org?
.: Theo de Raadt first agreed and suggested I register http://www.freessh.org, which I promptly did, but later he canceled the deal telling me:
"We're not going to get ripped off by someone we don't trust".
What happend then (part 1) ?
.: Theo sent me some nasty emails and I didn't hear from him again untill the 1st of March. I offered other openssh developers the use of www,cvs,ftp and mail, but they declined. As a service to the community I rewrote the openssh.org URL to openssh.com so people would be transfered to that domain automaticly.
What happend then (part 2) ?
.: Theo sent me an email demanding I remove the mx records for openssh.org. Theo must have known this demand was impossible since rfc822 requires that postmaster@domain is a valid email address. Without mx this is not the case, and I would violate this requirement.
We exchanged some email about/with the word please and we summarized the November email exchange.
And then ?
.: Theo sent me a message telling me he would post a banner on openssh.com to warn people, he would post a message to BUGTRAQ and there would be story on slashdot.org. Handing over the domain would stop that.
So what did you do ?
.: Nothing, I was surprised someone was trying to coerce me.
Did other people contact you ?
.: I received a sudden influx of messages most cc'ed to openssh@openssh.com requesting me to hand over openssh.org, some seemed to believe I was reading their mail, while others were angry they couldn't receive mail @openssh.org. Since I offered the use of www,cvs,ftp and mail to the openssh developers this strikes me as strange.
How is mail for openssh.org setup than ?
.: It's a virtual host that only accepts mail for postmaster@openssh.org, root@openssh.org, webmaster@openssh.org, all other mail will bounce. Since the mx points to the same host that used to run the remailer@replay.com, and still runs the remailer@hr13.zedz.net, sendmail is setup with 'LOGLEVEL=0', so not only do I not receive bounced mails, I don't even get a logfile of people who tried to send mail.
What do you think of the OpenBSD Announcement ?
.: They recommend caution since "there could be privacy issues, possibly data mining or building a mailing list of security conscious users". I feel this was sent 'in the spur of the moment'. If I wanted a to build a mailinglist of security conscious users or was dataming, the only thing I would have to do is mail all the users of the ZedZ ftp-site. As for the privacy issues, I've provided and still provide ways to anonymously access the Internet. But you decide.
Why do I suddenly get a seperate page at openssh.org ?
.: Damien Miller laid out his concerns about the seamless redirect from the openssh.org URL to the openbsd.com URL and requested me to remove the rewrite and to setup a seperate page. Which I did.
What happens next ?
.: I'm disappointed in the behaviour of one or two people but since my main goal is and always will be the spread of encryption products and the use of those products by end users, hence the building of the ZedZ ftp site, I'm willing to 'get over' that.
In order to facilitate the community I suggest to the OpenSSH/OpenBSD group that they supply me with a zone file and a secondary for openssh.org. I will instruct the primary DNS to fetch the zone file from the OpenSSH controlled secondary. It's up to the OpenSSH/OpenBSD group to configure the layout of the domain. If at a later stage 'the wounds' are healed and a mutual understanding, maybe even a mutual appreciation has been reached it's not impossible that the domain will be donated to the OpenSSH Project.
Since OpenBSD already uses ftp.zedz.net as primary ftp site for rsaref and cfs for instance (under it's old name utopia.hacktic.nl) this seems a reasonable and acceptable compromise to me.
Other whishes ?
.: A public apology from Theo would be nice. Also the OpenSSH.com site is very OpenBSD centric a change that would level the exposure of other OS's would be welcomed, but it's up to their webteam to decide.
Other things ?
.: Not at the moment.
How can I contact you ?
.: Just mail me at adejoode@zedz.net
Exit! Stage Left!
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
The original DNS wasn't designed to do what it is now, not in the manner it's being used. And the TLDs that were picked had good meaning. See, they didn't think of it as all thse businesses existing SOLELY on the web.. it was just a simple way for you to put your real-life network, that augmented a business or whatever, online. If you were a company, you could have ford.com. NOT so you could 'put up a website', but to define computers within ford, for whatever reason. ONE domain for ford. It wasn't a rule, but it was kind of assumed. That's why it's heirarchial! Nowadays, things are different.. domains are used as a primary lookup service for products. Companies see fit to register zillions of domains. I always though it was silly.. but we don't really give them another option, and we allow it to happen.
The openssh.org website isn't some Evil page that forwards you to a dozen porn sites.
It's squatting, but not malicious squatting.
Replay/zedz is unarguably the best privacy-related archive, and also widely mirrored. For crypto downloads, including SSH, it's simply great. I find the suggestion that Alex would want to strip us of our privacy by using a page that links to the "official" page quite ridiculous..
I don't know the reasons behing either Alex' actions, or the as-yet-unproven allegations of Mr. Bertrand, but I'm inclined to trust Alex somewhat more...
--
SCO employee? Check out the bounty
Uh? how can there be a controversy if this is the first publisized information about it? Maybe if there's a huge comment thread, but...
This is just like the traditional media, hyping non-events in order to get people interested.
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
Oh, and why should we trust that the real OpenSSH guys aren't mining data or building a list of security conscious users?
Why do we trust that they haven't inserted bogus code in the OpenSSH source? When is the last time you looked at the code, and compiled it yourself, rather than downloading the precompiled packages?
So if everyone figures that everyone else is going to look at the source, who does? The only way to be sure is to do it yourself, anything else is merely complacency and asking to get whacked with a big security cluestick.
Yeah, sort of like issuing an advisory stating that it would be a good idea to keep your children away from this guy because he might be a child molestor. Particulary since the fellow who owns openssh.org has similar or better credentials than those involved with openssh.com.
If you've been getting crypto software from this guy for years (or whatever) then why would you assume that he has less support for crypto than the OpenSSH guys have? What makes them the god-touched keepers of the flame?
Just being devil's advocate here.
This is probably going to be taken the wrong way, but if Mr. de Joote's comments are accurate, then you should probably just not let Theo talk to people. Keep him coding and out of the communications chain. His history seems to be quite colored regarding situations like these.
Do you have any idea what the
It's hard to argue that he attempted any kind of hijack with this since the openssh project didn't have any kind of net identity or public identity to associate with "openssh.org" in the first place. The assumption that they would be a .org is premature and definitely not in keeping with the current climate of the internet.
"net" was traditionally intended for use by network service providers.
Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address.
How about Jump.Net or Texas.Net?
Check that:
.com first, they snooze, they lose.
1) OpenSSH.COM by OpenBSD people (25-10-1999)
2) OpenSSH.ORG 9 days later by our friend in Europe (04-11-1999)
3) OpenSSH.NET 12 days later by OpenBSD (16-11-1999)
The BSD guys went for
-- iCEBaLM
Possibly, but don't you think it's more likely that if they DID screw it up, the dates would be later then actual, and not earlier? This means that if the date is screwed up there's a higher possibility of the OpenBSD guys actually registering before the date in the whois database, further showing that: they snooze, they lose.
-- iCEBaLM
Hypocracy is saying one thing and practicing another, which is opposed to or exclusive of the first.
In this case, I feel about the same way about this case as I did about the very first such cases (mcdonalds.com and mtv.com). That is, the person who registered the domain did so in an attempt to utilize the popularity of the name of a product. Realistically, trademark or no, that's a slimy move.
In the case of, for example, etoy vs. etoys the etoy domain was there first, so they could not possibly have chosen that name to capitalize on the popularity of etoys.com.
As for "freedom" and "legality"... if something is legal, but morally repugnant to me, I don't accept it. The freedom issues don't enter into it. This guy is free to do whatever he wants, but we don't have to like it. Microsoft is free to write crappy software, but that doesn't stop us from complaining about it and using other products....
This is all, of course, pending hearing his side of the story. It could turn out that the OpenSSH project is not telling the whole story....
It is an observation in much the same way that "Have you stopped beating you wife?" is a question. It is more than a simple observation - it is an observation that will produce a negative opinion of Mr De Joode in the minds of the reader.
An observation couched in those terms is nothing more than an Ad Hominem attack. There is not an iota of evidence, or even reasonable grounds for suspicion, that Mr De Joode is doing anything untowards. Indeed, based on his reputation, previous work, and useful contributions to usenet and other places, the opposite conclusion should, initally, be drawn.
Paranoid, baseless, and derogatory "observations" that try to put pressure on him say more about the observer than the observed.
No, it's not, it's specifically what people were asked to do by IANA: to use .net addresses for all elements of the public network backbone, and .com addresses for everything else.
It may have escaped your notice, but /. is a commercial venture of Andover.Net, inc. Both 'slashdot.org' (which isn't a non-profit) and 'andover.net' (which doesn't own any part of the network backbone) are gross abuses of the namespace.
I'm old enough to remember when discussions on Slashdot were well informed.
Looks like he changed his website:
o rg</a> c om</a>
<html>
<head>
<title>www.openssh.org</title>
</head>
<body bgcolor="#FFFFFF"
text="#000000"
link="#000000"
vlink="#000000"
hlink="#000000"
alink="#000000"
>
<table align="center"
border="0"
cellpadding="0"
cellspacing="0"
width="525">
<tr>
<td colspan="1" align="middle">
<BR>
<BR>
<BR>
For information about free ssh implementations<BR>
please goto: <a href="http://www.freessh.org">http://www.freessh.
</td>
</td>
</tr>
<tr>
<td align="middle">
<BR>
<BR>
<BR>
For information about OpenBSD' OpenSSH implementation<BR>
please goto: <a href="http://www.openssh.com">http://www.openssh.
</td>
</tr>
</table>
How do you know which server is right?
If I query whois.networksolutions.com (which is the master for openssh.org according to corenic), the date it was created was november 9.
If I query whois.corenic.net (which is the master for openssh.com) for openssh.org, it's oct 15.
Shouldn't I assume that corenic "lost something in the translation" from networksolutions rather than assuming that the master is bad? I mean, networksolutions can get the correct date from corenic for openssh.com
The only thing I can really see as a motive is the suggestion that the article makes - that he may be collecting information.
Does anyone else know what the purpose of this stand-off might be??
It is on his site, so if you worry about what was said: "This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution."
Personally I find the letter from Louis Bertrand a bit reckless, and the use of Slashdot as a tool to apply political pressure in bad taste.
It is similar to how etoy manipulated public opinion to influence the courts to get one over on etoys. There is no representation from the other side, and the wording in Louis Bertrand's letter is inflammatory, and unduly fear causing. (at least on the surface)
This thing is being handled very poorly by slashdot. They should have written up something with links to both sides of the story (i'm guessing personal politics got in the way).
This is not news for nerds, it is an electronic soapbox for friends and family of slashdot.
(Just because the message it comes from a developer of a respectable project, does not mean the developer is respectable himself.)
Just a warning...
penguinicide... when jumping out a window just won't do.
--
Industrial space for lease in Flatlandia.
You are right, there are not enough TLD's, but without enforcing the correct usage of whatever TLD's we have, it does not matter. .gov and .mil are of course regulated correctly, but I can have a www.big-ass-e-business.com and also register it in .org and .net, regardless if .org or .net is approiate for my business or goals. Domains have become a marketing gimmick and nothing more. If we get more TLD's we need an orginization devoted to the correct usage and registration of each one. When they are all lumped together it becomes to easy to say.. oh yeah I need that in .net too and no one with any authority cares/has time to investigate that claim.
www.mp3.com/Undocumented
The lesson here is to be silent about your naming plans for your new site until you act, and then snag the big three, com, org, and net, all at once. That is exactly what we had to do... and our organizational name was not confirmed until we knew we had the three doman names locked up. Perhaps our final name of freeio.org was not our first choice, but all three were available, and it was descriptive of what we do - GPL hardware designs.
Live and Learn...
-- The easiest way to lose your freedom is to fail to exercise it! --
Free the mallocs!
What a putz.
Rename to Open-SSH.org or TrueSSH.org and be done with it.
The message on the other side of this sig is false.
I guess the lesson is, register the domain name, then announce the project/company/whatever.
Stay one step ahead of the parasites.
jmp
If there's one thing to be learned, providing an actual link to http://www.openssh.org will allow us to, as a community, Slashdot them (it brings in the people to lazy to type in the address)! But on a more serious note, he does provide a link to openssh.com. He doesn't try to deceive anyone.
No sir, we should all go back to raw numeric IP addresses. Not dot-quads mind you but the new 128 bit hexadecimal raw numeric IPv6 IP addresses. Most of the pages people access these days are through search engines, anyway.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I just registered paratheoanametamystikhood.com. One of these days real soon now I'll have the energy to set up DNS servers for it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
What would you say if I said that Openssh.com *could* be data mining, I just don't know? Your statement is similar to asking "do you still beat your kids?". The statement/accusation/comment should have *never* been made in the first place. Shame on you.
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)
In the open letter it sais the following:
.ORG site, nor send email to anybody at the .ORG address. This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution.
Please do not visit the
Those are pretty brutal accusations which you seemed not willing to react to. I would like to know why you claim this. Alex de Joode has quite a reputation, but that is because of his ftp-site at ftp.zedz.net. Still my favorite place for crypto. I have a really hard time beleiving that he would use this to start some mailinglist or do some datamining..... If he wanted to do that he would do better to just use the logs of his ftp..
Use Adsense for Charity
Well i am sorry you can't understand my logic. You might have troubles understanding his reaction that he posted on the web then too.. But maybe somebody could explain it to you and the Openssh.com team could react to that statement. If I read it I only gather from it that he is willing to cooperate witht he openssh.com-team as much as he can. Now you might see that differently, but please make it clear to us. :-)
Use Adsense for Charity
If I were Mr. de Joode, I'd be offended -- he simply doesn't appear to be squatting.
Take a look at http://www.openssh.org/org-vs-com/. This seems to outline his position very well, without resorting to name-calling.
meisenstGreen's Law of Debate: Anything is possible if you don't know what you're talking about.
WTH: This guy is just running his own site he got the name first, and he isnt squatting per say. The article noted that he works with encryption stuff, maybe he plans to use that site for some of his work. Wasnt there just this huge fiasco about etoy.com, It seemed that the slashdot community was behind etoy.com.
I could understand if he was squatting to get money but it doesnt look like this guy is out to make money off of the deal, he just registered the site. Just becuase OpenSSH wants the site doesnt mean that it deserves to get it. I *hate* doman squatters, but this seems like a legit use of the domain registration service. Is he trying to exhort money out of OpenSSH?
Anyway we have to be fair, and it sound like this guy is being fair.
I decided to check out the HTML myself without a web browser, and I didn't see a link to the official website.. This is the HTML I got back (Superflous
<HTML>s removed):
<HEAD>
<TITLE>www2.terena.nl</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#CCCCCC">
<CENTER>
<IMG SRC="/html/lame.gif" border=no>
<a href="mailto:webmaster@alpha.terena.nl">webmaster
</CENTER>
</BODY>
</HTML>
Perhaps it shows different content to different web browsers?
Additionally, the image /html/lame.gif was lacking.
OpenSSH.cc? You mean OpenSSH is out of the Cocos Islands? .cc domain is laughable. They play radio ads on the station I listen to (For those of you who don't know, it's spot.cc) .com was new, domains like business.com went for millions of dollars" and they are touting .cc as being the new .com - I mean, come on, it's just a regional TLD that sold out, not the best thing since sliced .com! But that is another can of worms. .cc TLD, despite having recently sold out, is not free from squatters, and many big companies have gotten .cc domains just to protect themselves.. Hmm, I wonder if slashdot.cc is taken.
Seriously though, the whole marketing of the
Their ads state stuff like "When
I suppose I should make this on topic... The
Domain squatters are the plague of the internet nowadays. Sometimes the media reacts a bit too harshly, but there are enough top-level domains out there to get around the squatters, but many times the squatters use the domain ownership as a means of getting false hits for their banners or what-not.. which is very very lame.
Its been like this for a while and there isn't any going back. The best you can hope for is industry wide rules banning overt squatting (i.e., taking a domain name and then not applying it to a site for a year), or a rash of new TLDs to free up demand.
I'm personally looking for new TLDs - any type of squatting rule is likely to choke cyberspace in ridiculous lawsuits.
"net" was traditionally intended for use by network service providers. Your useage is no less an abuse than "slashdot.org", another ridiculous misuse of the namespace.
Not that it really matters now. You could call this site clownpenis.fart and people would still come in droves.
OpenSource Land?
openssh.org does not attempt to set a cookie. It does not contain any scripts or applets. Its HTML is perfectly vanilla, and it doesn't even have any meta tags to redirect search engines. It also contains a link to openssh.com.
Certainly looks harmless enough to me.
One: why not openssh.net? I think it suits the project better than openssh.com or openssh.org anyway, given the nature of the project.
Two: Why won't this guy just let them use the domain name? He's not using it for anything. This isn't a typical squatting case either, because he's not even trying to sell them the name. Though frankly, that frightens me even more; what could he want with the name, if he doesn't intend to sell it or to use it for a legitimate site?
"net" was traditionally intended for use by network service providers.
.net TLD, but it's nothing more than a redirect to the .com address, which is by your definition another "ridiculous misuse of the namespace."
.net still fits the project better than .com does.
Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the
Your useage is no less an abuse than "slashdot.org", another ridiculous misuse of the namespace.
What, then, would you suggest Slashdot's URL be? "Slashdot.com" doesn't fit, because Slashdot isn't really a commercial venture (the ads notwithstanding). "Slashdot.net" doesn't work for the reasons you just said. "Slashdot.gov" and "slashdot.mil" are obvious problems as well.
That's the major problem with TLD's; there aren't enough of them. Then again, that's because they were created in a time when no one had really come up with the idea of personal Websites or Weblogs or anything like that. If the slashdot.org name is an abuse of the namespace, it only goes to show that the problem is with the namespace itself, not the users. The namespace needs to be changed to reflect the times. Until it is, there's nothing that can be done, and
Well, how long before the first OpenSSH release was the news of OpenSSH leaked? (It's not rhetorical, I don't know the answer). Then there's also the little fact that registering a domain isn't instantaneous and can take a little while. 9 days isn't all that long, especially when you consider that two out of every seven aren't business days (I don't have a calander handy to check what day of the week Oct 25-Nov 4 were)
That said, my problem with the OpenSSH.org thing isn't that he got there first, it's that he's using it to advertise his site knowing that OpenSSH.org is where people will go to try to find information about (surprise) OpenSSH. If they wanted his site they'd have gone to FreeSSH for obvious reasons. I know that I, for one, usually think ".org" when I think of OpenSSH or Open anything. Even if he does have a legitimate claim to the domain and he isn't trying to squat it for cash (which he isn't), it would still be a good jester to hand over the domain (especially since they offered to pay for it) as an offer of goodwill.
--
Reject
--
Reject
reject@metaphorcity dot com
this seems really really odd. I mean the Zedz guys are the formerly know as replay.com guys. It seems odd that he wouldn't sell the domain name if he really supports cryptography as in the past. This really bugs me because I relied on replay/zedz for alot of crypto enabled software.
I think is the unique case we should give the Zedz guys a chance to comment on the issue publically before jumping to conclusions (which we all have done and are guilty of).
While I totally value the opinion of the OpenBSD team and the OpenSSH team I think something along these lines without any comment from the other (in my opinion) well respected party involved is a bit harsh.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
Dead or Alive, Mr. de Joot certainly is in the right here. The openssh.org site is not in anyway harming openssh. They're even providing the courtesy of linking to the projects site. OpenSSH should be happy that they're getting that much. They should have registered all of the TLD's, but didn't see it as being necessary, and apparently, they thought the .com was the one they needed the most.
Even the U.S. government has not been able to get around this mistake. There's the infamous whitehouse.com site, which is still active.
If someone came to me and said that I had to give them one of my domains, because they felt they had some right to it I'd laugh in their face. Simply because you're an open source project does not excuse stupidity.
Beyond all this, we're talking about the former Replay.com site here, now zedz.net which has provided for years a good many of us with free crypto systems. They were doing a service years before OpenSSH was even thought of.
I don't use OpenSSH on my machines yet, and I was considering switching, but due to this situation where it appears they're in the running for a Slashdot beanie for "Open source domain bully" I'm going to boycott the product, until they play nice.
There's a ton of ACs who read the stupid-dot summary/story and go on to post "that fucker! how could he be squatting that domain! he's going to be raping my children next! why the fuck doesn't he hand of the openssh.org domain to the REAL security experts! the fucker!" Yet it turns out
that Mr. de Joode is a real, honest-to-god security/crypto/privacy advocate with a great deal of knowledge and experience and a long history of service to the community.
I'd be curious to know how long stupid-dot is going to allow this sort of defamation to continue and how long it's going to be until they get their spleen yanked out in a court of law over something like this.
Unless something extremely world-shattering has happened and Alex de Joode is now a radically different person from who I remember from years ago during my involvement with the Cypherpunks, I find it extremely difficult to imagine that he would set up a web site to do any of what the OpenSSH developers claim he is doing. De Joode would not collect viewer data. De Joode would not collect addresses for spamming. That's just not what the guy is all about.
The OpenSSH advisory says that they don't know his motives. They're absolutely correct; they don't know his motives at all. They correctly identify de Joode as the one who started xs4all.nl, and they correctly identify him as someone who advocates widespread use of cryptography, but they fail to mention that he is a privacy advocate. They also fail to give any rationale for their accusations other than that de Joode refused to sell them his property, which is meaningless.
Visit http://www.openssh.org/ and judge his motives for yourself. Other posters have already discussed the ludicrousy of boycotting the web site so I won't repeat all of it here, but have a little think: Why would the OpenSSH group want you to think that openssh.org, who points to openssh.com and to one other site, is evil?
And, isn't an unconditional boycott a pretty good way to prevent people from actually looking at the site and deciding for themselves if it was set-up with bad intention?
Much Love,
"S"HM
*****
(I refuse to spellcheck out of contempt for your belief system)
A search for OpenSSH?
.org or .com varieties.
A search for Open SSH?
A search for "OpenSSH"?
None of them return the actual site near the top, neither the
Pablo Nevares, "the freshmaker".
Pablo Nevares, "the freshmaker".
All you people who are giving the legal owner of the openssh.org domain name a hard time for using it ought to be ashamed of yourselves. How dare you stand up and speak about having a free and open internet with no controls (and bullying) by big companies, then whinge and complain when someone actually uses it.
If you are all as high and morally right as the drivel you so often spout you have an obligation to support Alex de Joode in his legal right to use the domain he registered. Too bad if FreeBSD didn't get there first - they have their chance 2 years from now to beat Alex to the renewal process (if he hasn't succumbed to the pressure by then and given it away).
Don't whine about people who work within the rules. If you don't like the way the domain registration process works, try to get the rules changed!
I also hate to say it but most of the whining seems to come from Linux user wannabes who want to put all their pent up frustration into ridiculous vocal support of any Linux based endeavour. Use your brains people. I think Linux is great, but I don't think everything Linux is great. Be more selective about what you support. Complaining about domain registration just because a Linux company is affected is really lame.
email me or not.
The guy who registered openssh.org runs the zedz.net site, which hosts the replay redhat crypto archives (good place to get .rpms of security software). They used to be at replay.com before replaytv bought the domain from them.
The Zedz guys seem to be pretty good people as far as free software goes. Makes you wonder what they plan to do with the domain, and why they set it up as a forwarder to openssh.com
This reminds me of the whole LinuxHQ/Kernelnotes.org fiasco...
$ whois openssh.com@whois.corenic.net
Record created: 1999-10-25 08:44:41 MET by CORE-80
$ whois openssh.net@whois.networksolutions.com
Record created on 16-Nov-1999.
$ whois openssh.org@whois.networksolutions.com
Record created on 04-Nov-1999.
So it was
1) OpenSSH.ORG by our friend in Europe (04-11-1999)
2) OpenSSH.NET 12 days later by the OpenBSD people (16-11-19996)
3) OpenSSH.COM a further 9 days later (25-11-1999)
I don't understand why they don't just use
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Ok, so some jerk has taken a name that really shouldn't be his. This would be a non-problem if nobody cared. I'm just not sure that being a *.com, *.org or a *.net really means much anymore. /. is under a publicly traded company (andover.net), is that necessarily the right place for a *.org? (see nobody really cares...) I think Openssh is just fine as a .com and I don't think it to be a big deal. Why not be openssh.net? That seems appropriate, too. If you are really doing great stuff for a .org domain name, people will know, whether or not it is a .org or a .com
-- Moondog
Well this sure tops the cake. Now Slashdot is bullying OpenSource ADVOCATES!
Domain Names are first come first serve. I hardly see how an OpenSource advocate who registers a domain name in the org top level to be a squatter when he is using it for related purposes (or any purposes.. he paid for it, he was there first, He took the initative that the SSH group did not.) Big deal! They were caught sleeping.. they loose.
Like it or not (I don't much like it anymore) Slashdot has some power over this OpenSource comunity and this is a clear abuse of that power. The poor guy's web page is being flooded, his email box is being flooded with lamer flames and Slashdot is directly responsible by posting this story.
You've twisted the SSH announcemnt to incite anger among your members, You're using your members as a tool for your own personal attack on a person who was well within their rights to register a domain he felt he could use for his benefit.
Some animals are more equal than others?
PIGS
Today will be the last day I participate in this madness which is called Slashdot. Today is also the day that I buy that Dell computer instead of a VA Linux system.
They are a threat to free speech and must be silenced! - Andrea Chen
Fish! LipHo
strange. look what whois turned up:
Registrant:
Open SSH Project (OPENSSH2-DOM)
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL
Domain Name: OPENSSH.ORG
Odd.and the page is simply a link. Looks like this guy registered the domain name for the project. We need some more information on what this guy is doing before an honest opinion could be made.
---- Sig? What sig? Who needs one, anyway?
Well, this is a refreshing way to look at the Free Software community. Get that knee-jerk reaction we are so known for, and put it to your use. Now, I'd like to look at Mr. Bertrand's letter.
:) Back on track, when did openssh.org register it's domain? Whois gives me the date of November 4, 1999. I count eight days from that "leak." That's not an extremely brief time, but it is before their formal announcement.
.ORG top level domain,[...] but the name had already been taken. They settled for the .COM in the interim."
.ORG name over to the OpenSSH developers.
.netscape/cookies
;)
.COM ten days prior to Mr. de Joode registered the .ORG one. That is a right-out lie, never a good thing to have right out the starting gate. I will ask, how do you base your allegation of data mining and mail list gathering? If it is also a lie, that's doubly bad. B) Openssh.org is not using the domain for squatting (there isn't a "Pay $10,000US if you want this domain" message like we've all seen so many times). It is about free SSH programs, perfectly reasonable and on target. C) Mr. de Joode provides links on both of it's web pages to openssh.com. Any users looking for it will easily see that and go to the appropriate web site.
The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community.
Hmm, "when news of OpenSSH was first leaked." Let's look at those seven words, shall we? When was this news leaked?
Performing a search on this here web site (Slashdot for those not in the know) for "openssh" yieds two results. This very article, and one from November 18, 1999, entitled, "OpenSSH Project Now at openssh.com."
Next I moved to LinuxTod ay.com. They have articles for everything under the sun. Their first article mentioning OpenSSH is one at Security Portal dated October 27, 1999.
I search Google (both plain Google and the Linux subsearch), and they have never heard of openssh.
Finally, I visted the very site for this project, openssh.com. Looking for an "about this project" sort of link, I clicked on the Project Goals link right up at the top of the left column of links. What's that it says at the very bottom? "OpenBSD: goals.html,v 1.4 1999/11/17 14:14:15 provos Exp $" That looks much like a cvs (or related) entry. That date is November 11, 1999. I also visited the link to the devel mail list archives, and the earliest date there is November 16, 1999.
Looking at all these, I'd guess their formal announcement was around November 17. But the "leak" award goes to Security Portal on October 27, 1999. I'm sure they got their information from somewhere else, but I'm tired of searching.
Back to the letter, Mr. Bertrand says, "The OpenSSH developers wanted to register under the
Ok. Well that sure sounds unfortunate. Let's take a look at when they registered openssh.com, shall we? Returning to my favorite domain searching services, whois, it yields October 25, 1999, as the date the record was created. What's this, I see? That looks a lot like a date before the openssh.org was registered. It's even two days before the slight mention by Security Portal. So, they "settled" on the COM top level domain ten days before the ORG one was "taken by a someone not affiliated with the OpenSSH development team." Uh huh, sure thing buddy.
Next Mr. Burtrand discusses the owner of openssh.org, "Mr. de Joode has repeatedly refused requests to sell or turn the
Since when must anyone turn over a domain to anyone who asks for it? In my book, domain names are a first-come, first-served service. The OpenSSH group had plenty of time to register any domains they wanted. What if the real SSH group wants the openssh.com domain? Would you, Mr. Bertrand, be so giving and just surrender it?
Now comes the discussion of openssh.org's web site, "The OpenSSH.ORG web site currently is a blank page with a link to the official site."
Ok, this is somewhat true. Going to openssh.org, you are presented with a link to www.openssh.org. But Mr. Bertrand, did you really stop reading there and not see a few blank lines below (9 lines if you telnetted to port 80)? From openssh.org's page I quote, "For information about OpenBSD' OpenSSH implementation please goto..." and they link to the OpenSSH group's web site, openssh.com. This ommission is purely ridiculous, Mr. Bertrand.
Finally, Mr. Bertrand pushes one of the hottest buttons in the community, privacy. "This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution." Hmm, a very strong accusation. None of us like being spammed, tracked where we go, etc. So, I asked myself, "What data mining is openssh.org doing?"
Let's take a gander at the HTML source code. This site is afterally a mere two pages. There could be some JavaScript performing some hidden actions users won't see when just using Netscape (or other JavaScript enabled browsers). And there it is, plain HTML. What?! No fancy, shmancy Netscape Composer, FrontPage or other editor META tags? No META tags at all to con search engines to pointing to them instead of openssh.com. I find it refreshing that someone else codes HTML in plain, simple HTML. But I see nothing hidden here.
Ok, but I have my Netscape set to just accept all cookies. I could have been slipped one of those and now they have access to my whole hard drive, right (I'm kidding, of course)? Let's give the Netscape cookies file a good grepping, shall we?
316-1 Mon/11:55pm ~> grep -i ssh
317-1 Mon/11:56pm ~>
Hmm, exactly zero references to anything SSH related. I still haven't found any maliciousness. What about the "building a mailing list" bit? I've seen many sites with "Click here to receive our free newsletter" sort of links. No doubt many of them then give out your email address to every spammer in the universe. Is there any similar line in these web pages? Not that I can see, the bottom of the second page does contain a simple "For more information about freessh.org, please contact:" mailto link. I haven't sent an email to that address yet, so I can't say if it's a secret email net. But since I'm sending this analysis to Mr. Bertrand, I'll send one to that address as well with a brand new email address. If I get spammed there, I'll know who's to blame. If openssh.org really is using this link to catch people for a spam list, I must sahe's doing a poor job of it. At least claim you can get free porn if you send an email.
In closing, as Mr. Bertrand says "Any help or suggestions in breaking the deadlock are appreciated.", so I say, Mr. Bertrand, I sincerely hope you recosider your position, because well, it has no leg to stand on. A) You registered the
If a reasonable agreement between these two parties is made, that's great, but to seek out the outrage of the free software communities by deceiving them like this is not the way to go about it. I sincerely hope you reconsider your position Mr. Bertrand.
Thank you.
John Corey
Copies sent to both Mr. Bertrand and Mr. de Joode.
Has anyone besides me done a whois on the two domains? There was one bit in there that confuses me.
.com a good 10 days before this fellow registered the same .org. Was this a clerical error? Did some secretary fall on the job and not register both? Were walnuts involved in this incident?
.org in this matter. They are giving links to free ssh products, even if it is a simple site with no graphics/javascript/bannerads/porn/buy-this-domain -for-$10,000US ad. Domains are a game of first come, first served. They had a ten day lead and fell asleep. That isn't reason enough to come whining to this fine community.
openssh.com: "Record created: 1999-10-25 08:44:41 MET by CORE-80"
openssh.org: "Record created on 04-Nov-1999."
So, I'm no domain expert, only have one myself. But I think, correct me if I'm wrong, that the OpenSSH group registered the
This does sound like whining, and though it's nice to see a project like this hq'ed here in the Peoria, IL area, I will have to give my vote to the
In this case at least, some of the blame lies with the OpenSSH project noy claiming the domain before announcing their project. I mean really, what does it cost? A whopping $15/yr to register?
Whats even worse is that this story posted on Slashdot could be interpreted as a veiled threat. Not cool. I'm all for OpenSource but this subtle bullying is BS in my book.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
Situation: Some guy has registered openssh.org and is pointing to the groups real site. He won't sell or give it away and he doesn't appear to be using it.
/. discussion, I won't ever do it again.)
Conclusion: WE MUST BOYCOTT!!! He might be doing something awful!!!
Am I the only one who doesn't understand this response? I think the motives of OpenSSH.com in posting this warning are every bit as strange and unfathomable as Mr. de Joode's in grabbing the site.
(Sorry for injecting a touch of sanity into a
--Shoeboy
Check out the site. Looks like Mr. de Joode just wants to make sure that freessh.org and other free (beer) ssh projects are easy to find as well. Maybe a bit unfair to be claim jumping the domain, but it's hardly evil. Odd how the warning never mentioned that he was advertising competing projects. I guess the openssh guys wanted to hide that fact. (Which is probably why they say "Don't visit, he's tracking you!")
--Shoeboy
$ whois openssh.com@whois.corenic.net
Registrant Todd T. Fries (template COCO-21730)
OpenBSD, the REAL open group
Record created: 1999-10-25 08:44:41 MET by CORE-80
$ whois openssh.net@whois.networksolutions.com
Registrant Todd T. Fries (template COCO-21730)
OpenBSD, the REAL open group
Record created on 16-Nov-1999.
$ whois openssh.org@whois.networksolutions.com
Registrant:
Open SSH Project (OPENSSH2-DOM)
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL
Record created on 04-Nov-1999.
Looks to me like the "real" OpenSSH Project registered the dot com first, this other guy grabs dot org, then they got dot net. So why did they grab dot com first? Looks like they screwed themselves.
Anyway, what's the big deal? Even Network Solution suggests that you get all three dot com, dot net and dot org to "protect" your company. Only dodgy purists still stick to the old conventions.
Why even publicize this at all? All the documentation and downloads will use whatever the official openssh URL is anyway. The web already has a way of routing around misinformation.
Also, do open source project automatically have a right to the dot org? I think this is presumptuous. What makes any project "the official" openssh project other than when it becomes the de facto standard? Maybe this guy has a right to create another open source or proprietary "openssh" package.
Most people on the thread so far has been very much on the side of the OpenSSH. However, I don't think that what this other guy is doing is wrong in the very least. He is not trying to make a profit. He is not trying to blackmail or exhort anything from the OpenSSH group. He was there first, and if he wants to keep the name, the more power to him. He doesn't necessarily have to do anything with it. I mean, if he wanted to, he could just put up a html document saying "This is my page."
Just because the OpenSSH group happens to have want the name does not mean that they have a right to that name. I think that it is in very poor taste to boycott the OpenSSH.org. It seems almost arrogant in fact, to presume that just because Mr. Alex de Joode does not wish to deal with them with regards to the domain name, that he has ulterior motives. A simple message warning people that OpenSSH.org is not affilated with the OpenSSH group would have surely sufficed.
For that matter, if Mr. de Joot has simply not replied to any emails, it may be that he has passed away (don't laugh; it happened to Duane Blehme, a Macintosh shareware programmer years back).
It would seem to me that the wise things to do is to wait and hear from both sides. Remember the Uruguayan Linux fiasco awhile back? We don't really want a repeat of that hysteria, do we?