Slashdot Mirror
Karl Auerbach Speaks Out on ICANN
richard koman writes "Here's an interview I did with Karl Auerbach about ICANN in the aftermath of their eliminating public board members. 'October's distributed, denial-of-service attack against the domain name system--the most serious yet, in which seven of the thirteen DNS roots were cut off from the Internet--put a spotlight on ICANN, the nongovernmental corporation responsible for Internet addressing and DNS. The security of DNS is on ICANN's watch. Why is it so susceptible to attack, when the Internet as a whole is touted as being able to withstand nuclear Armageddon? It's religious dogma, says Karl Auerbach, a public representative to ICANN's board. There's no reason DNS shouldn't be decentralized, except that ICANN wants to maintain central control over this critical function. Worse, Auerbach said in a telephone interview with O'Reilly Network, ICANN uses its domain name dispute resolution process to expand the rights of trademark holders, routinely taking away domains from people with legitimate rights to them, only to reward them to multinational corporations with similar names.'" A Wired article suggests the five elected board members won't be stepping down on December 15 after all.
http://www.opennic.unrated.net/
I should probably start pointing my OpenNIC domain at my server again.
X(7): A program for managing terminal windows. See also screen(1).
You expected ethical behavior from businessmen who founded a corporation to administer a database? Business people just do not behave altruistically. There is ALWAYS an angle.
There is, believe it or not, a diference between a nuclear attack and a DDoS attack.
If there is a direct nuclear strike on the location of one of the DNS roots, the others are unscathed. You need a whole lot of nuke strikes to fully disable the DNS servers.
However, although 7 of the DNS roots were down during the DDoS, the fact remains that SIX WERE UNAFFECTED.
I.e. the system behaved the way it is supposed to behave, and proved that it is relissialnt after all.
I offer no comment oin the rest of the article.
People should not be afraid of their governments - Governments should be afraid of their people.
The internet would still work without ICANN... Just not domain names...
:-) Do you?
If you knew the IP addresses so you could reach the servers you desired, and didn't have to use domain names, you can still reach the servers (in fact this is a useful way to get around some types of blocking.)
ICANN just converts the domain name to an IP address... And unfortunately, it's kinda difficult to have a non-central way to handle that (albeit, I have seen some interesting papers on this topic... discussion for another time.)
the Internet is built that if the base architecture is not one server dependent. (in other words, if one server isn't all that is connect two sections of the internet.) Then it will work, since no taking out of one server will disrupt the connections between the rest.
The only thing that fails if ICANN fails is the domain names. Which means that if you don't know the IP addresses to those sites that are important, then you can't do much.
I know Slashdot's IP... that's all that matters to me.
~ kjrose
Let me ask you - did YOU notice problems with the net on the day of this attack? more than half of the root nameservers were down and the average internet user didn't even notice. Things kept working and the other root nameservers took the load. The DNS system explicitly is NOT susceptible to attack and I think that this attempt at DOS-ing it supports this.
Free Online Dark Fantasy RPG - http://www.blackmud.com
Everyone hurry up, and write down all the IP addresses of your favorite websites before it's too late!!! The DNS apocalypse is upon us!!
Slashdot.org: 66.35.250.150
freeporn.com: 209.150.195.101
Wheew... well that about covers my use of the Internet.
--Zuchini
http://www.opennic.unrated.net/
It's a democratic, non-national set of dns servers that sit above the regular root server and offering additional top-level domain spaces such as:
By altering where you point your DNS, you get everything you always had, plus the above, plus more redundancy.
Quote: "Worse, Auerbach said in a telephone interview with O'Reilly Network, ICANN uses its domain name dispute resolution process to expand the rights of trademark holders, routinely taking away domains from people with legitimate rights to them, only to reward them to multinational corporations with similar names."
.reg !
The registered trademark symbol ® (called 'R' in a circle or RTM) identies them in physical world - isn't it obvious something is required in cyberspace to perform same function?
Facts:
The United Nations World Intellectual Property Organization and the United States Department of Commerce are hiding the simple solution to trademark and domain name problem. But they would rather be aiding and abetting corporations to violate Trademark and Competition Law.
Virtually every word is trademarked - most are many times over (in different types of business and/or country) so every domain can be 'stolen' in UDRP from the legal owner, on the premise that it is confusingly similar.
Corporations have no desire at all to prevent confusion on the Internet - they just wish illegal dominance of it.
You can legally use any word, words or initials to start a new business without registering a trademark - providing you are not passing off, of course. Take for example the word 'apple'. It is legally used by thousands of businesses - large and small all over the world. Indeed, it is impossible that they all register themselves as trademarks - they are bound to conflict with many others, being confusingly similar. In my local phone book alone, there are at least five using this word - two garages (seems not connected), a car centre, fruit growers and a decorating firm. These are unlawfully being prevented from getting their name in Sunrise period.
In this vast ocean of domains on the Internet, mostly non-trademarks, a marker is absolutely essential - for people to identify it as trademark - e.g. a new protected TLD of
name.class.country.reg would identify all trademarks - e.g. apple.computer.us.reg and apple.record.uk.reg.
This could be used as certificate of authentication. There is no restriction on business, it can still use current/new domain, just directed to dot REG.
For more facts please visit World Intellectual Piracy Organization - Not associated with United Nations WIPO.org
Few memes bug me more than this one.
The internet is not designed to survive a nuclear attack.
The Arpanet was not designed to survive a nuclear attack.
Read Where the wizards stay up late: the origins of the internet for confirmation.
The Arpanet was built with multiple redundant paths to withstand normal, mundane disasters, like fires, local power outages, construction backhoes digging up communications cables, not nuclear attack.
Yet you hear well-educated people, who should know better, repeat this nonsense all the time. I guess it makes too good a story.
Yes, I can see Richard didn't actually say it could survive a nuclear attack, merely that it was touted as being able to survive. But this meme is so annoying it bugs me when people even hint it is true.
The problem with these types of articles is that they don't explain anything. Do you know why only 700 some people voted for ICANN board members in the US? Because very few people even know what DNS means: it means Domain Name System. Now, you can't just say that. You have to say what it does. The DNS binds a certain web-address (such as www.slashdot.org), which you type in your web-browser, to its location in computer-space, represented by its IP (Internet Protocol) number, which might be something like 135.352.653.354. DNS is necessary because no one can remember IP numbers, and you need to have easy-to-remember things to type in.
Now, there does not need to be one and only one DNS. Different people can use different resolution systems. The main one is that of ICANN, but free public-interest alternatives such as OpenNIC exist. Also, note that there is no reason why you have to abide by ICANN's assignment of any website to its IP number. You can -- in your hosts file, a file on your computer -- make it so that web addresses assign to the IP you want them do. Don't think the courts were right in stealing Nissan.com from its rightful owner, a computer business owner? Then assign Nissan.com to the actual IP address of his website. Don't think that Stampede.com should belong to a corporation which makes useless products you have no need for? Fine, reassign it in your hosts file to the IP address of Stampede.org, the Linux distro.
The point is, you the user have power to assign any web address to any IP address. you also have the power to choose whether to use ICANN or OpenNIC...I use my HOSTS file first, then OpenNIC, then ICANN.
In fact, anyone can start a DNS system. All it takes is a server. The only thing is getting major recognition. But that doesn't matter: people who want a free, public-interest DNS will be able to find the appropriate one's. I think that OpenNIC is wrong when they say they won't do anything to conflict with ICANN's domain name resolution. They should actively counter ICANN when ICANN makes decisions taking domain names away from private individuals and giving them to corporations. The court's have no business interfering with OpenNIC's decisions on who to assign domain-names to via its server: this is a private organization, and it can assign domain-names to whatever IP address it wants to. Corporations don't like that, too fucking bad. Users can choose which domain name resolution systems to go to...if corporations don't like OpenNIC assigning intel.com to someone who is selling information services, then they can try to convince people to use ICANN instead of OpenNIC. But in the end, its up to each individual user to decide: Intel (for example) has no right to have intel.com assigned to the IP address for its website on every single DNS system. I can start my own DNS system, convince all you fellow slashdotters to use it, and assign intel.com to my own website! How about that!
Now, there is an obvious problem with having conflicting DNS systems between ICANN and OpenNIC...that is, that ICANN might assign intel.com to 135.354.535.343, while OpenNIC will assign it to 463.534.643.134. Thus, hyperlinking becomes a problem...if I type in , then it might mean a different thing for someone who uses ICANN and for someone who uses OpenNIC or dh003iNIC
So, what can we
- Stop using ICANN as our primary service.
- Use OpenNIC as our primary service.
- Modify our host files to fuck over greedy corporations, and create a server system for these specific modifications so anyone can access them. If thee aren't to many, just post them and offer them for download. I figure there might be about a thousand or so web addresses which ICANN has assigned to various entities that we disagree (and should disagree) with.
- Create automated services to resolve web-address conflictions between different services by auto-converting them to IP numbers and then re-converting back to web-addresses, depending on which service (ICANN or OpenNIC) is used.
So, in short, there is something we can do other than just try to reform ICANN. I personally think ICANN's hopeless anyways. Selling web-address locations for all kinds of money is absurd...its only one entry in a file pinning a web-address to an IP number: costs next to nothing to do. There could easily be as many top-level domain's as there are ideas...you the individual user could even create personal "domains" in your hosts file.social sciences can never use experience to verify their statemen