Slashdot Mirror
McLaughlin Defends Site Finder As 'Innovation'
psimeonbeta2 continues:"Additionally (shades of Darl) he suggests that an anti-capitalism animus is behind the resistance to sitefinder. This despite the known problems that sitefinder caused and despite the fact that breaking the DNS standards may have constituted a breach of contract on Verisign's part. Resistance, he concludes, must be due to some sort of techno-religious fervor.
While Verisign's chutzpah certainly doesn't rise to fiaSCO levels, I find the similar tones in spinning the issues at hand to be truly disturbing. Not only did Verisign screw us by changing how the internet works at a fundamental level, now they purport to be irritated that we didn't thank them for the favor! At least in this case the good guys(cherish this moment, ICANN!) won."
Since the Site finder breaks some anti-spam tools and makes web admins jobs more difficult due to every address having an IP address returned it cannot be considered an "innovation" a new type of computer that ran a little faster but messes with the voltage on the power line so that other devices would'nt work right wouldn't be an innovation, it would be a piece of crap, as is site finder
Snowden and Manning are heroes.
Starting nmap 3.28 ( www.insecure.org/nmap/ ) at 2003-09-15 06:36 PDT ... good. :365 .1%D=9/15%Time=3F65C0E9%O=80%C=-1)% IPID=Z%TS=U)= AS%Ops=MNNTNW)g s=AS%Ops=MNW)A CK=S++%Flags=AS%Ops=MNW)O %Flags=R%Ops=))
Host sitefinder.verisign.com (12.158.80.10) appears to be up
Initiating SYN Stealth Scan against sitefinder.verisign.com (12.158.80.10) at 06
Adding open port 80/tcp
The SYN Stealth Scan took 94 seconds to scan 1643 ports.
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
For OSScan assuming that port 80 is open and port 36304 is closed and neither are firewalled
For OSScan assuming that port 80 is open and port 43206 is closed and neither are firewalled
For OSScan assuming that port 80 is open and port 44655 is closed and neither are firewalled
Interesting ports on sitefinder.verisign.com (12.158.80.10):
(The 1642 ports scanned but not shown below are in state: filtered)
Port State Service
80/tcp open http
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SInfo(V=3.28%P=i386-portbld-freebsd
TSeq(Class=TR
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags
T1(Resp=Y%DF=Y%W=16D0%ACK=S++%Fla
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16D0%
T4(Resp=Y%DF=Y%W=0%ACK=
T5(Resp=N)
T6(Resp=N)
T7(Resp=N
PU(Resp=N)
TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
TCP ISN Seq. Numbers: 673A4C36 652AB817 BBE534C3 685BB54A
IPID Sequence Generation: All zeros
Nmap run completed -- 1 IP address (1 host up) scanned in 137.552 seconds
The linux hacker
tinfoil hat time for me: maybe they have a *use* for collecting all those typos? Just an idea...
C|N>K
or even better some of us don't like to have to rewrite tons of scripts that use the DNS system for something besides the web. I mean there is more to the internet then just the World Wide Waste :). When Verisign decided it would do this, I noticed all my domain checking scripts stopped returning NXDOMAINS, and had to be hacked real quick to look for the magic site finder ip, and then before that wonderful Bind patch, had to worry that they would change the magic ip thus breaking my scripts again.
Then to add salt to my wounds, they send me an e-mail saying that my domain name is expired and I should call a friendly Verisign scumbag^H^H^H^H^H^Halesperson to help get my domain back. This was the last domain I had registered on them, and it was moved to OpenSRS 5 months ago. I don't see how someone this incompentant and this greedy should be put in charge of something this important.
To E-mail me, replace the first period in my domain with an @
' But there is another issue here, one that is hardly ever mentioned and that's the coining of the term "innovation." This word, which was hardly used at all until two or three years ago, feels to me like a propaganda campaign and a successful one at that, dominating discussion in the computer industry. I think Microsoft did this intentionally, for they are the ones who seem to continually use the word. But what does it mean? And how is it different from what we might have said before? I think the word they are replacing is "invention." '
Perhaps Verisign will help the world see through this concept of "innovation" and let us get back to inventing things.
I hate M$FT as much as the next guy here, but their autosearch solution was innovative* (* not sure if it was their idea). Without changing how the internet fundamentally works, they chose to render a failed DNS lookup as something more friendly and functional than a limited, rather useless OK popup. Something well within the right of a client application, and easily checked off if it doesn't float your boat. And it only affected those people that voluntarily chose to use their product (don't beat me up on the voluntarily bit).
With Verisign, there is no choice. They took a common community resource that should benefit all equally and biased it in their favor. They were selected as guardians of the system, not burdened with a mandate to "improve it". If they really think themselves clever, have them deploy a new, distinct system and compete for our patronage.
Why is everybody assuming that innovation is a good thing? Seems to me it is really a bad thing.
What convinced me that this was the right course of action is that Thawte's slogan is "It's a trust thing." Well, yeah, it is and VeriSign has shown that it can't be trusted. So I guess I'll give my money to someone else.
Prevent email address forgery. Publish SPF records for y
Couldn't you determine their magic site-IP dynamically? It seems to me that you could just look up an invalid address and then compare the result to what you got when looking up your questionable one. Looking up example.com should work, for instance. Even if Verisign deliberately broke things by making a distinction between reserved names line example and other errors, you could pretty much guarantee that your chosen domain was invalid by using a string of 30 random alphanumeric characters. Not, of course, that this justifies stupidity like sitefinder.
There's no point in questioning authority if you aren't going to listen to the answers.
No bluster. I think you just don't realize a. the scope of this issue and b. the potential for future mismanagement. The problem came in because Verisign tried to think for itself, but it doesn't have a license to think! Their job is to competently maintain a prescribed service, not to "innovate", and frankly they failed on both counts. You may consider this no big deal (if you were the admin of a major network you might feel differently, I suppose) but do you really want a bunch of marketing drones making decisions that affect the root servers? That's what happened here, whether you like SiteFinder or not. If they aren't put squarely in their place now, the next time they make some stupid little decision it may have worse impact. Verisign likes to make a big deal out of trust, but they don't understand that trust comes from predictability: the knowledge that a trusted entity will behave in a known way. I (and pretty much the rest of the planet) don't want these people to innovate ... just run the damn servers they way you contracted to run them. And I will tell you this: they are a lot less trusted now then they were before all this foolishness.
... fine. Some people might even pay for it. But what they did was utterly irresponsible for a company in their position.
As a developer of Internet-aware applications, Verisign already caused me some grief. We had a problem with one of our customer's data acquisition systems failing because they misconfigured the name of a remote server and the software couldn't tell! Ordinarily the software would have simply rejected the bad domain as unknown, but it (and we) had no reason to suspect that a long-time network standard would be violated simply because Verisign's marketing department saw an opportunity. So don't tell me this was no big deal: our problem was repeated the whole world over. I lost the better part of a day over it, and I have better things to do.
If Verisign wants to offer SiteFinder as a service
The higher the technology, the sharper that two-edged sword.
decentralizing the DNS system... or at least promoting alternatives 8)
http://www.opennic.unrated.net/ would be a good start.
well example.com wouldn't work as it's registered to iana, but yes in hindsight now(and what I will do if verisign turns the blasted thing back on), I could just look up *.tld, and get the magic address and store it. The problem was. Right when this was going on we where in the process of taking over another ISP, so trying to figure out if which of their domains was still valid, on on the hosts in question, got a lot harder...
To E-mail me, replace the first period in my domain with an @
They break all sorts of applications that rely on proper DNS behaviour, and typosquat EVERY domain name, and they call it innovation?
Hell, there isn't even an entry in sitefinder for every domain, (Try searching for my site, novasearch.net, on sitefinder. No hits.), so it's not even good at the task they purport it to be for!
it's kinda like calling the wrong 800 number and the person who answers says "Oh this happens all the time, the number you actually want is...". This is a nice feature!
Problem is, it's also like writing the address wrong when you send your mom a gift for her birthday certified mail, and rather than the post-office quickly return the letter 'addressee unknown,' instead the person who tries to deliver it keeps the letter and says 'Oh, I can't deliver because no one is home right now' and tries to deliver it again day after day. After a while, the post office might learn that when a certain Mr. Verislime answers the door but says he cannot accept the letter for your mom, that really means the address is wrong. If a different person answers the door, though, it happens again until that person becomes known. Repeat until insane.
This is not a feature, it's a malfunction. Given their position, Verislime had to know they were doing it, and such irresponsibility should get their admin rights revoked immediately. If you or I knowingly and purposefully did something at work that Broke Everything, how long before we would get the sack?
If I ever screw up at work so bad I'm gonna get fired, I've gotta try the innovation line though. That's rich. 'Sorry I blew up research areas A-F, I need to do more research to see how mixing large quantities of hydrogen, oxygen, and fire in the open areas is received company-wide before I change anything, I'm just trying to be innovative and you wouldn't want to stifle innovation!'
My concerns about the SiteFinder:
- Who decides what pages are shown? Is it a completely objective search or are we under the cover of corporate sponsorship?
- What kind of user control do you have? So far I see three options available to me, and I could really care less about content filtering so where is everything else?
- Where are the other languages? Google supports just about every language known to mankind, living, dead, and ficticious. Why does America think it runs the world?
- How does this make the Internet stronger? So far, this move has defeated spam filters and caused other network problems.
As far as I'm concerned, this is an abuse of their administrative powers and ICANN has done the right thing for a change by putting a stop to this operation. They should revoke Verisign's power if abuse continues.Everything in moderation. It's no use polarizing the polemic.
It should be clear though, that what Verisign is doing is wrong, not because it wasn't done before or some very esotheric reason that only a slashdotter could come up with, it's because DNS is not only used by HTTP (as the ICANN very aptly explained). The very bottom line is that DNS is used by more than just humans. That being said, yet another point against them: DNS over HTTP is used by more than just english speaking people.
Innovation? Disregarding RFCs, breaking the expected behaviour of the Internet, for the commercial gain of a single company is 'innovation'? That's almost as good as Microsoft's 'Freedom to Innovate' arguments... sorry... couldn't help myself there :)
Call me recalcitrant, but I think that major changes to the functionality of the Internet should have at least some technical merit to the billions of people who use it.
threatens that stifling 'innovation'
I could make a special-toed boot specially designed for kicking people such as McLaughlin in the arse. I will of course, have features that makes it optimal for aiming directly towards that great rectal divide.
Then, when McLaughlin tries to press charges, I'll just state that my device is an innovation, and just because it damages the way he works doesn't mean it isn't useful to somebody...
Of course, I wouldn't have the power to force the masses to use such a device... but really I think that a swift-kick-in-the-arse is probably a lot more useful for many people than sitefinder ever was.
This is innovatation as defined by marketing 'droids...
I use DNS to match IP addresses to domain names... When I want to search for something, I'll the use the search engine of my choice.
Site Finder is like trying to use a fuel additive to change the colour of your car
Need I say that anti-spam applications, networked printers, mail forwarders and mobile IP users were hung because of these highly-modified genetic root servers?
Should I point out that Mae-West traffic actually shot up because spammers were having a wonderful and rare day for unfeterred spamming?
He must be smoking crack...
I found sitefinder to be very helpful while it was online. The thing is, it could usually figure out what the site you were going to was supposed to be (no surprise since they have the name database). I can see the arguments of the people who claim it broke name resolution...i think there needs to be a way so that something like sitefinder can still work while still reporting properly a bad lookup so that programs that need that can have it.
In contrast, sitefinder's suggestions were never even close and it broke protocols to boot. Amazing here that Microsoft could actually have come up with the right solution. I never liked their error pages, but it was only because the error number wasn't immediately obvious. If they had just added "404" or "505" in big letters I would have been happy with them.
Someone ought to tell Verisign that they didn't innovate anything. Microsoft already had this idea, and they did it way better.
Did anybody notice that SiteFinder only worked for Verisign customers? I have 6 .com and .net domain names, 3 of them are registered through Verisign, and 3 others are registered through another registrar. The only sites that were "suggested" by Sitefinder were the Verisign ones.
Nice "innovation"! Promote Verisign customers only!!!!
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein
I was suprised to see so little coverage of this issue on eff.org, so I sent the following e-mail to ask@eff.org:
Greetings.
Verisign's damage to the DNS system (called "SiteFinder") is one of the most egregious abuses of power that the Internet community has yet encountered. Although SiteFinder is currently suspended, recent comments from Verisign's officers make it clear that they intend to fight hard to resume SiteFinder in the future.
I am writing to ask EFF to elevate Verisign's abuse to high importance on the eff.org web-site.
Specifically, I ask that the eff.org web-site include an item about Verisign's abuse on the "Hot Topics" list (on the home page) and on the "To Do List" (on the Action Center page).
I urge EFF to use the eff.org web-site to deliver a loud, clear, and unambiguous message against Verisign's abuse of the Internet, and to assist the Internet community in organizing against their abuse.
Thank you for posting EFF's positive reaction to the suspension of SiteFinder on the eff.org home page (03 October 2003).
All the best,
(name / address)
You said they rolled out sitefinder "without warning", but I disagree, and that has been my problem with this from the beginning.
There WAS advance notice. And what didn't happen then was quite surprising: ICANN should have come down hard on VS for even suggesting that they might do this. They waited, and now they look like reactionary cowards instead of proactive stewards. ICANN looks weaker than Verisign at the end of the day, and Verisign isn't really discouraged.
I think they should ALREADY have their contract pulled, there should ALREADY be a termination date delivered to them, and there should be no discussion. THAT would send a message that says "this is not something you fuck with, and this is damned sure not a fuckup you have the opportunity to make twice in your position because, guess what, you're out of business. Have a nice live. Goodbye."
I really don't understand why that hasn't happened, except that ICANN is too weak and has too many conflicts of interest to make that happen and be done with it and we can wash our hands of Netsol and Verisign once and for all.
I don't speak for my employer, but they feel that way as well, and would say so with fewer f-words...
-fb Everything not expressly forbidden is now mandatory.
There WAS advance notice.
I'm dubious. I read one of the very first, if not the first, announcements on NANOG, and it was after-the-fact (or approximately at-the-fact). There was certainly not the at *least* six months of warning that would be necessary for a change like this.
Also, has anyone noticed that Verisign and Microsoft, two of the largest tech companies that play the nastiest and are the *worst* at coming out with new tech (actually, to be honest, I don't know Verisign's history well enough to know whether they're historically like this or not) are the ones that *constantly* claim that any interference with their operations would "stifle innovation"?
I don't see Google pulling the "stifle innovation" card. Google's research lab comes out with exciting, helpful, interesting things on a regular basis. I don't see Apple pulling the "stifle innovation" card -- and while Apple may not be the tech luminary that it once was, it still comes out with decent and out-of-the-ordinary products. The only people claiming that their "innovation" is at risk are those who *aren't* innovating.
May we never see th
At first I didn't read the article, figuring that it was just a longer sappier version of the summary posted here. The summary does it no fucking justice.
More likely, ICANN caved under the pressure from some in the Internet community for whom this is a technology-religion issue about whether the Internet should be used for these purposes.
For this vocal minority, resentment lingers at the very fact that the Internet is used for commercial purpose, which ignores the fact that it's a critical part of our economy.
At this moment the veins in my forehead are bulging, and I'm envisioning a fate for this man pulled out of Crichton's Congo.
Apparently this gigantic ass doesn't realize that we are the critical people that make it function as a critical part of our economy. It also happens to be the fucking critical part of putting food on our plates. Somebody needs to get this through his thick head before the next time he hops into his 6 figure car heading back to his 7 figure house.
This unforgivable libel needs to be answered on the pages of news.com, and I think we should be petitioning to get this guy canned. He is not of the moral character I want near the big red button of the Internet.
I need to go cool off...
Sorry... Maybe the only application you use on the intenet is Web Browsing, and, so you
aren't effected by the things they broke. Lucky you.
However, for those of us that use other applications (email, ssh, IPSEC, etc.), which are suffering
incorrect error messages at best, and, significant malfunctions at worst as a result of this
action by Verisign, it's not a good thing. If you get a 404 page, you're welcome to go to
sitefinder yourself. You're welcome to go to google or any other search engine.
This isn't knee-jerk reactionism, it's response to painful stimuli. Additionally, Verisign made
this change without public review, without public comment, without public notice, and, without
approval from any of the governing bodies (IETF, IAB, ICANN) or the operational communities.
Further, when the governing body that owns their contract (ICANN) asked them nicely, they
refused to fix it. They had to resort to threatening legal action.
I hope this will help you understand the issue a little better and realize that most of the people
making the most vocal reaction are responding to real pain in trying to keep their networks
running. Most of us don't have time to be chicken little.
Owen
Yes. This is the New Corporatism.
Once upon a time there were no CFOs, COOs or CIOs, the President of a company was the CEO without being called "CEO," because everyone knew that the President was, by definition, the chief executive officer, and no one in their right mind would have put an MBA into a position as a "professional manager" while the MBA was completely clueless about the business or the industry. "Human Resources" didn't exist -- we had a Personnel Department that kept records, added people to payroll and removed them, kept tabs on benefits, and had no voice in anything. The top financial officer was the Treasurer or the Comptroller, also without much of a voice, since the primary financial function in a corporation, after collecting receivables, paying payables and not misplacing the remainder, is accounting -- that is, keeping track of where we have been -- essentially the view out the back window of the corporate car. A friend of mine once observed that if you drive looking out the back window, you'll end up in a ditch.
Look at the bright side: there's always seppuku.
Two thoughts:
1) There's nothing wrong with SiteFinder. What was wrong was unilaterally changing the meaning of all DNS queries regardless of purpose, in order to force us all to go there whenever we fat-finger a URL, breaking the other 65534 Internet protocols in the process.
2) Oh, boy, let's also stop requiring manufacturers to make screws with standardized threads-per-inch and pipes in standard sizes. We've been crushing innovation. Let gas stations sell 30-octane fuel if they like -- shoot, don't even require it to be gasoline. Throw out those anti-business laws that forbid the "extension" of flour with sawdust. Eliminate the unnecessary burden that shoes must be manufactured in some specific size. Who cares if nothing fits or works, so long as we have Shiny New Products introduced every 28 nanoseconds?