Slashdot Mirror
Verisign Considers Restarting Sitefinder
Rosco P. Coltrane writes "The Washington Post reports that VeriSign is considering reviving its infamous search engine. 'Site Finder was not controversial with users' says VeriSign's Tom Galvin, and VeriSign 'assured ICANN that it would give 60 to 90 days' warning to resolve any remaining technological problems.' Such as leaving the DNS service alone for example?"
Those who forget history are doomed to repeat it...
Visceral Psyche Films
You think we might be able to outsource VeriSign to India?
This is .org and .com! When does Verisign's lease expire? Can ICANN turn over the license to someone else?
When you type in a wrong address at the moment which doesn't exist, you are automatically taken to either a site search engine, which is pure crap.. or to the microsoft auto search.. (talking for users on School networks, with Windows terminals) which offers the option to use the great Hotmail (Spam Central), Shopping (at ridiculous prices, from the company which could afford to give us all we want free) etc.
tim
...that they would learn from past mistakes. But no, of course not.
The problem is, are ICANN going to back down this time and let it slide, or are they going to continue to give Verisign hell over this, and pressure them, as they should definitely do?
Are we likely to see another backlash from users and network admins?
And will there be the same sort of media coverage that basically gave Verisign quite a bad bit of PR for 2 weeks.
It seems like they have sneaked this out again with the minimal amount of fanfare in an attempt to try and stifle the opposition, but when you have so many people mistyping domains everyday, you cant really expect it to go unnoticed and not to piss people off.
TheHustler
http://www.elmarko.org/ - Useless bilge
http://www.asylum-games.co.uk/ - Co-Founder
'Site Finder was not controversial with users'
It wasn't controversial at all. Everybody agree it was a bad idea.
This space left intentionally blank.
Fast mirror here. Enjoy the Net exploatation !
Carefully crafted sig.
There's a difference. Microsoft only do it at the application layer, with a particular browser that they provide. If you don't like it (and I can't see why anyone would), you can always switch to one of the many alternatives. Verisign's site finder operates at the DNS level. It's not as if you can choose to not use DNS, or switch to another name service.
"The invisible and the non-existent look very much alike." -- Delos B. McKown
they take .com and .net out of verisign's hands the better. Its just unfortunate that this will misinform new people AND generate more needless traffic because of the returned page. Did the search page ever have preferences to certain websites? or was it truly independent? If i typed in server software would it bring up xxx penis extensions because some idiot put in metatags or would it bring up true results?
We played dungeons and dragons for 3 hours.....then i was slain by an elf
And firebird^H^H^H^Hfox does it for google ... it could be argued that's even worse than Microsoft, since there you get shot off on an I'm Feeling Lucky, while microsoft gives you a list of close matches and lets you choose one. I've had too many times when I mistyped a URL, got shot off to another page entirely, and then had to go back and do a "google URL" to find what I was looking for.
;)
Also, M$'s way sends you back to a Microsoft page - which is expected, since MS has a search service (along with one copy of every single other web application). But Mozilla choose Google fairly arbitrarily - why not use Yahoo? Or Wikipedia? And anyone who argues "it's the #1 search option" gets a free copy of IE, the #1 browser, from your good friends at Monopolysoft
True, but that is a browser thing. It doesn't break well-written applications that don't use MSIE (isn't that redundant?), and doesn't affect Linux/Mac users at all. This, on the other hand breaks applications through no fault of the original developers, forces ads down ppls throats with no means of changing it, and exploits a publicly trusted position.
#define DRM chmod 000
That is fair enough.. but what about those of us unfortunate enough to be on a school network where we can't install a single thing (not even Mozilla Firefox, bird whatever..) And where we can't access settings. The other point was that for home users, many of whom do not know how to use the configuration to turn off M$ autosearch, it is just as bad as the Verisign is.
tim
And in other news, the US forces were crushed in Iraq, Mars Beagle did not go missing and has been transmitting pictures for many days, and these aren't the droids you're looking for.
But DNS is used for more than web look ups. If DNS returns spurious results for gethostbyname(), a typo in a SSH command, or nntp request will be seriously bjorked.
I've no problem with Firefox (or IE) sending me to a search engine when I try to connect to a typo-ed web page: this is a reasonable policy to set at the application level
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Thats a different issue entirely. Having a *browser* point you to a search engine is all well and good. You can modify this behaviour to suit yourself. But if the *internet* starts doing this stuff for you... well, it's not a pretty picture.
And in other news, techno soothsayers predict that verisign is going to be the target of a large DDos attack in the near future......
tom-george.comBecause geeks rate higher t
That's what we get by having corporations managing the Internet infraestructure instead of a public service. Some people talk about censorship, but if the corporations actually have the nerve to do something like this, whow long does it take until censorship sets in?
The full paragraph from the internal Verisign report reads:
"Studies in Outer Mongolia showed that our Site Finder service was not controversial with users of the Trans-Himalaya Yak Courier Service. Everyone else on the planet, including Arawoyo Pnu (34) from Upper Amazonia, found the service both useless and obnoxious. We therefore recommend renaming the Site Finder service to 'Yak Finder' in order to better exploit the Outer Mongolian market."
Ceci n'est pas une signature
Understood. I'm not trying to defend MS, but merely point out that with MSIE, there is an alternative in most cases. Whether or not this alternative is pursured, well, that's another matter. At anyrate, my only point is that it is possible to avoid MSIE, whereas it isn't possible to avoid Verisign short of: 1) using pure IP addresses w/o domain names, 2) using alternate DNS servers, or 3) raise enough bloody hell to give Verisign a run for their money.
#define DRM chmod 000
Seems to be a philosophy the PR flacks for VeriSign and SCO subscribe to wholeheartedly.
"You have to license your Linux installation from us." "Everybody likes Sitefinder." "I was singing in a church choir in Cucamonga when the murder happened." "I won't cum in your mouth."
Sheesh.
Start a happiness pandemic
God will roast ICANN stomachs in hell at the hands of Verisign.
I can say, and I am responsible for what I am saying, that they have started to commit suicide behind our firewalls. We will welcome them with bullets and shoes.
"Site Finder was not controversial with users, 84 percent of whom said they liked it as a helpful navigation service,.."
Hmm, I wonder how they selected those users ?
Something like this ?
Are you running Windows, Mydoom, Kazaa, and you don't care about privacy or legal issues ? Have we got a poll for you !
If I were a shareholder, I wouldn't ask them to do this at all. Sure, it may boost short-term profits for them, but in the long-term, it could cause consumer rebellion against them and the revenue lost would probably far outweigh the short-term benefit. You can just look at the slashdot community and say that it could be potentially disastrous in the long-run. Sure, this community is a small subsection of the population, but these people are the gatekeepers for many aspects of the technological world and if you piss the gatekeepers off, all hell breaks loose.
can someone be blamed for doing a denial of service
to a site that Does Not Exist ?
how about some scripts to pump out requests to a fairly
limited set of known to be Non-Existent domains...
could this possibly cause an interesting burden on Verishit's servers?
would the name lookups themselves affect DNS too badly to
cause innocent collateral damage? i'd hope caching of a limited
set of non-existent names would avoid much dns load.
just curious, academic musing and all that...
Remember the times when microsoft and SCO had to change their web address to side step being attacked by DDOS for various worms?
If site finder goes up.. All falied DDOS going to old domain names will end up taking those attacks. Guess verisign will be the official decoy for outdated worms. =)
All slashdotters, espeically people that were seriously affected by sitefinder, please complain NOW. Let them know how controversial it is!
found here
I don't know about you guys, but this made troubleshooting a pain for me. Me: you are not able to access the server? User: But I can ping it??? Me:Is it giving back (Sitefinder IP - can't remember it) User: Yes - it is responding, why can't I access it???? Me: Well you see, DNS works by... User: I don't care, fix it Me: But........
Galvin said that the continued opposition stems from "an ideological belief by a narrow section of the technological community who don't believe you should innovate the core infrastructure of the Internet."
In our recent article a number of mistakes slipped past our content review processes. In this case "destroy" was incorrectly spelled "innovate". Also "ideological" clearly was meant be "correct". Likewise "narrow section" appeared instead of "all".
We apologise for these errors and any confusion they might have caused.
Yes, but that is only when you browse the web. When you mistype the address into anything else than a web browser (email address, ssh connection, ftp, vpn, ntp, Z39.50, any private protocol), the program is supposed to receive an error message, and handle it in some meaningful way. Instead the broken DNS gives you a sitefinder address, and your program tries to contact that. Most likely it will time out (in a few seconds), and report to the user that the server he wanted to contact is down. This causes lots of frustration among users, and lots of unnecessary support calls.
In Murphy We Turst
You can change the url to anything you like.
Just do a about:config and change the keyword.URL setting.
I set mine to http://www.google.com/search?btnG=Google+Search&q= which is a regular Google search.
When you type in a wrong address at the moment which doesn't exist, you are automatically taken to either a site search engine, which is pure crap.. or to the microsoft auto search [...]
Or you can just use the Microsoft created and provided TweakUI to change this to go whatever page or search engine you desire. The key is it's user-controlled (heck they can just use another browser), not a change to the core system as this Verisign shenanegans is.
And firebird^H^H^H^Hfox does it for google ...
Are you sure?
I just tried a domain name that doesn't exist, and instead of being taken to Google or any other place, I saw a "www.randomdomainname.org not found" dialog box instead. It doesn't even give me an option to feed it to a search engine from there.
IIRC, IE will take you immediately to a search engine without displaying any error message. This is the annoying and broken behaviour that the OP was talking about.
Perhaps you've installed a plug-in or extension that is doing this?
Also, M$'s way sends you back to a Microsoft page - which is expected
No, it isn't. I expect it to say "domain name not found". End of story.
Last time they were accepting emails to non-existant domains too. If everyone makes sure they have lots of web pages with long lists of email addresses in nonexistant domains then the spammers will spend a significant fraction of their bandwidth DOSing verisign instead of hassling the rest of us.
In your idea, remember to get the script to follow all the paid-for links. The advertisers will have to pay for the hit, and will soon realise they're getting bad value for money. And you can still identiy site-finder DNS entries easily, so you could just mis-spell random real web sites and see if they point to site-finder.
In soviet russia stale jokes recycle you!
I love the idea.
That would just put so much stress on BIND servers around the world. It can just very well bring down the internet for most of the world. That could easily cause a massive slow down in just looking up domain names since the caches can fill entire databases.
Actually, you can. But Slashdot would be awkward when called "66.35.250.150, news for nerds, stuff that matters" instead...
Hate me!
Many sites cannot be reached by their IP address alone. Ever heard of shared hosting ("name based virtual hosting")?
Am I the only one here who actually thought SiteFinder was good? I mean, quite a few times, if I was typing in a domain, like say Homestarrunner.com, and I misspelled it, I'd get a "no server found" error, have to go back into the URL and try and figure out where I screwed up. Not exactly a challenge, but still annoying. With SiteFinder, I just have to click the link that popped up. And it always popped up.
Getting a search engine is fine, if that's within my control. That's a good *browser* feature. And with a good browser, you can configure such a feature to go where you want it to, or just to give an error message (my personal preference). The problem with Verisign's approach is that there is nothing to tell the browser that there was no DNS record, so you no longer have the choice.
"Site Finder was not controversial with users"
Hm, let's see:
a) Right. It just was extremely controversial with those who didn't use it (i.e. everyone else, like 99% of the Internet users)
b) Right, it wasn't controversial. Everyone agreed that it's a bloody fucking stupid thing.
c) Right, it wasn't the Sitefinder page itself that we all hated, it was Verisigns "bend over, here we come" attitude of forcing it on everyone, whether they wanted to or not.
Now that's three ways how he's saying the truth. Can't really argue with that, can you?
Assorted stuff I do sometimes: Lemuria.org
Nice idea, but the domain system only really works if we all agree on a single set of authoritative root servers. Otherwise you are effectively introducing another level into the DNS - go to 'www.mydomain.com2' is not very useful if you also have to append instructions on how to change your DNS servers. I can just imagine the voiceover at the end of the radio ads - very fast, and in the style of 'terms and conditions apply'.
And as understand it some anti-spam programs does a lookup on the senders hostname to see if it's a valid hostname. If the lookup returns an error (not found) they send the mail directly to the trash.
But with this service you will always get a hit. Which in turn renders this anti-spam program ineffective.
Of course you could use other anti-spam tool, but this stops a lot of spam with fake hostnames.
I would be more impressed if Verisign restarted the Pathfinder instead of Sitefinder.
Also, this community has lots of weight in the recommendation og technical solutions.
"Yes boss, we could use Verisign, but I spent some hours last night finding alternative solutions that are both better and cheaper. Here they are."
How many companies are looking to work with SCO these days?
Can't we do something, I mean, something to legally make them pay for it?
Verisign has a long story of abuse with DNS, and we should be able to do something more than bitch about it or make technical workarounds (ie, patches to dns) about it.
Perhaps a petition to ICANN with enough signatures to make them revoke Verisign's contract?
"The contractual inconsistencies include, violation of the Code of Conduct and equal access obligations agreed to by VeriSign, failure to comply with the obligation to act as a neutral registry service provider, failure to comply with the Registry-Registrar Protocol, failure to comply with domain registration limitations, and provision of an unauthorized Registry Service."
You do know that there's a lot more to the Net than the Web, right? And that having a website returned instead of the spec-ordered "No such domain" when you're using a different Net scheme (like email, or chat, or good ol' gopher) is fundamentally Wrong. If the Web were a distinct thing that had its own DNS then I doubt many would be grousing, save those whose profits just got diverted into VeriSlime's ShiteFinder pockets.
ObInsult: Ya Jughead!
Learn to spell: nickel, missile, lose, solely, amendment, speech, kernel, probably, ridiculous, deity, hierarchy, versus
... where we can't install a single thing
If you can save files somewhere (most schools give you space on a central fileserver) then you can install Fire.* - download to filespace, unpack, run program. No full-blown Windows Installer access required.
And you're looking at the issue from the wrong perspective. Most admins couldn't care less what home users see when they type in the wrong URL: a search engine is a good as anything and probably the right thing to do for most people. What they do object to is the fact that wildcard DNS resolution breaks a lot of things end users never see but admins have to deal with on a daily basis - the resolution failure should be handled by the browser, not at the DNS level where there are times when you want a name that doesn't exist to not resolve.
As others have pointed out, that's not the same thing at all: what Verisign want to do is to usurp the basic look-up-a-name service.
In fact, I'd expect Microsoft &co to *strongly* object to this, since what it will mean is that dns lookups will eseentially never fail, so you'll never see the search page from IE &c. Essentially Verisign are going to start providing the service that MS now does for IE users, and google now does for Mozilla!
60 to 90 days to patch every network utility out there to work around the DNS breakage. ROFL.
Oh, wait, that's NOT funny.
Please correct me if I got my facts wrong.
"Firefox" will do an I'm Feeling Lucky search if you type in something it thinks isn't a URL. Type in, say, "slashdot" and Firefox will do an I'm Feeling Lucky search becuase it isn't a URL. Type in, www.dsfgsdfjghk.com and it will give an not found error because www.dsfgsdfjghk.com is a URL.
#include "sig.h"
Would using alternative root servert also allow domains with just one part? E.g. slashdot instead of slashdot.org?
.org or .net TLDs), they are confusing (is the site for this norwegian company .no or .com?), most sites will want to have .com anyway, as it is sort of the de facto standard one, etc. So why don't we just dispose of the TLD, and the hostname, and call the website slashdot instead of slashdot.org?
I find the TLDs a bit silly, since the general purpose ones lost much of their meaning (commercial websites have
Please correct me if I got my facts wrong.
Especially since saying "...leaving the DNS service alone..." is redundant. DNS = Domain Name Service. That's like saying Domain Name Service service. Or like saying PIN number... or ATM machine...
I'm with the general consensus who feel that this is a 'very bad thing'. However - ICANN made a big mistake in announcing it would undertake 'reviews'.
They should have simply given a big fat NO to Versign's Sitefinder in the first place.
Leaving the subject open for discussion was a big mistake, IMHO.
The annoyance factor and the outrage will be big pushes for the OpenDNS idea, especially once the cc people wise up and get on board to stop the extortion.
Maybe ICANN won't notice as everybody migrates away from their little empire of root servers until everybody's already used to the idea; that will eliminate the 'single point of political failure'.
Verisign is busy proving all over again that FLOSS has been demonstrating: when it comes to the Internet, the only people you can trust are everybody.
I *heart* corporate thinking.
The Slashdot Paradox: "100% Overrated"
IIRC, IE will take you immediately to a search engine without displaying any error message. This is the annoying and broken behaviour that the OP was talking about.
You recall incorrectly. If you type in a proper domain name, IE will just give you a "This page cannot be displayed - Cannot find server or DNS Error". It only tries to do a search if you type in non domain name type expressions. eg a phrase with spaces or a single word without any dots in it which doesn't match a local host.
I expect it to say "domain name not found". End of story.
That's exactly what it does say! Why do people keep confusing what happens if you type in *words*, with what happens if you type in a *domain*?
Please *try* these things before posting misleading rubbish that will only spark further trollish messages.
(I have tried all of the above in IE6)
The Internet is a connected suite of protocols that work off of a similar top layer of technology, permitting multiple types of information transfer. Granted, the WWW, being the kick-ass application it is, is a very large part of this. However, what people ALWAYS fail to realize is that Electronic Mail, FTP, SSH, Telnet, Internet Gaming, X-Windows, ICQ, AIM, and every other Internet program under the sun utilizes DNS to try to get where it's going. When Verisign turns on its crappy service, what happens is that every OTHER program that relies on host names will be SCREWED UP. Why? Because instead of an error message that says you are trying to access a host that doesn't exist, you'll get a message that is much more similar to the fact that the host is unavailable! That means when you send an email message to dumbshit@verisiggn.com by mistake, instead of getting a response back immediately that you typed in a bad address, your message will sit in a queue for 3 days, and then you'll get an error message saying that your recipient couldn't be reached. This will cause you to contact your system administrator, and waste hours of his time, and time at other remote administrators because no one will catch the typo until after they've exhausted all the possible reasons your mail systems cannot talk to each other. System Admins RELY on error messages that make sense. When those are absent, answering user questions of 'It doesn't work - fix it' is VERY VERY DIFFICULT. This message is just for those of you who appear to not have a clue just how much frustration this causes, and who think that this makes even a modicum of sense to do.
Still, he added, it would be tough for VeriSign to win the public relations war because its opponents are highly regarded technologists.
Come again? Since when are "highly regarded technologists" given a second thought by the average user? Their thinking is...
"Let's see... www dot... oh, I hate these computers... where's the g? hootmaail.como... there! Wait, that's not my mail. This is... uh... oh yeah, silly me. I spelled it wrong. Yes, that's the one I want... I'll that... wait... online dry cleaning... I need THAT."
And that is the END of the thought process. They don't think about whether or not it's a helpful service unless a surveyor puts a gun to their head and makes them commit one way or the other. They certainly don't think about asking the "highly regarded technologists".
I know this is troll bait, but I will bite.
.com/.biz domains, they have been given a monopoly. No other company can do this since they don't control the athoritative root for those domains.
Capitalism works on the premise of competition. Because they are the sole athoritative root for all
Beyond that it fundementally changes the way the internet works to the benifit of a single company. This is very anticompetitive.
If I were a shareholder, I would tell them to drop all of its plans for site finder since eventually it will lead to a loss of all of its domain registration revenues.
Shameless self promotion : The Misadvetures of the in
It is analogous to saying that if I put a detour sign in the middle of the freeway to direct traffic to my shopping mall, that I am obeying the traffic sign protocols.
The comment about "ninety-nine percent of the traffic is pure HTTP" is a shorthand way to sum up why it is not possible to communicate with Verisign's executives, and why they must be stopped and soon.
Because it wouldn't matter if one hundred percent of the traffic on the internet were HTTP, it still is not a reason to break DNS in order to insert advertising. The "service" they claim to be providing should be provided by the browsers, giving everyone a chance to implement their own solution to the problem of mistyped domain names. Then many possible solutions to this issue can be innovated. By breaking DNS to lie about the existence of domain names, they actually prevent anybody else from providing any solution. This is the exact opposite of innovation. And they are smart people at Verisign, they clearly and obviously know all this, and yet they are lying to every one about it. And that, in a nutshell is what makes me more furious about this than any other Internet legal issue has in a long long time, maybe ever, or at least since Network Solutions took the .com database
offline and made it their own private property.
There was a story I heard once, about a company (Novell ?) which implemented their own file transfer protocol over the network. They did not use exponential backoff on retransmit, which made their protocol look much faster than TCP/IP. It would in fact hog all the bandwidth, bumping out all the more polite and well behaved protocols. This was great for them, but in fact as the network approached saturation, the system would fail catastrophically, for reasons obvious to Internet protocol designers.
At some meta-level, this is what is happening to the Internet itself now. Verisign is itself like the bad protocol, which does not play well with others. It is taking advantage of an opportunity which gives it a short term advantage, while degrading the entire network protocol infrastructure.
There are good reasons for a hierarchy. Control is devolved, rather than concentrated in a single body. Each country has control of their own TLD, (excepting those that have sold it off) and believe it or not outside the US they *are* used, particularly for local businesses. And so on to the following levels: a domain owner has the freedom to set up as many third-level subdomains as they like (smtp.mydomain.com, pop3.mydomain.com, etc.). I don't know how this would work with a single-word system.
Anyway, many browsers *will* try .com on the end if you type in a single word, or you can just stick your favourite sites in your hosts file:
66.35.250.150 slashdot
yes I have, thats irrelevant to if someone decides not to use DNS. they can always define the name in their hosts file, access the site correctly and still not use DNS.
dave
Everybody knows what to expect when you mistype a DNS name - pages of porn!
----------------------------------- My Other Sig Is Hilarious -----------------------------------
I say no. That the core is dumb is one of the reasons the internet is available to everyone. That the core is dumb is one of the reasons it is so reslient. That the core is dumb is the reason we can assign stewardship - not ownership - to Verisign, and yank it away from them when they misstep.
Keep the core dumb. No innovation is necessary or wanted.
Edith Keeler Must Die
You can actually configure IE to disable the autosearch feature or select one of several other popular search engines. Open the search sidebar and click customize -> autosearch settings. This is a feature I don't mind having at the browser level.
Sitefinder is like discovering your receptionist has decided to redirect all wrong phone numbers to her cousin's "dial-a-psychic" service, and the janitor's been putting ads for his brother's body shop on everyone's desk.
Verisign doesn't own the "product" they're selling, they're just operating it for ICANN. This is no more a legitimate business than, oh, the original Napster was.
It's not returning a web page, though. Your DNS resolver asks for, and receives, the numerical address to which the domain name is bound. Now, the fact that it's your browser using the resolver means that your browser goes out and retrieves a web page under false pretenses (because Verisign lied and said the domain name you typed exists when it doesn't); it's not like DNS said "Here's a web page in response to your query".
I'm not saying I disagree with your sentiment, just that it's wrong for a whole bunch of other reasons. Imagine an "intelligent" (for want of a better word) Yellow Pages that happens to display phone numbers for phone-sex services (who are paying YP for the redirection) whenever you look up the wrong company. Or the local crank that gives people directions to the nearest crack house when they ask him how to get to the mall.
A DDOSer who wanted to annoy Sitefinder could do random downloads from their site, and unless they've improved on the original Sitefinder, those downloads are 17KB of singing dancing Javascript instead of ~1KB of simple clean html text. If this has a big enough impact on Sitefinder's bandwidth cost, it will encourage them to provide simple clean html instead of their current potentially-dangerous dreck.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If it's going to do this, it should pop up a dialog the first time, explaining what it's doing, and give you the chance to turn it off right then and there.
"Remember, these are the guys that think a "dot porn" and a "dot kids" TLD will actually fix anything."
.kids or .students or some form of TLD that is managed would work well, especially if it were handled right. Right now, school districts are forced to try to filter the whole Internet to prevent pornographic materials (and I'm not talking art, I'm talking Tawnee Stone, god bless her soul:) from being easily accessible. If a heavily restricted .kids or .elem or the like domain were created, schools could trust the content of the domain. It'd be similar to the .museum domain. An organizational body could punish or retract domains based on abuses, and the body could work to establish actual guidelines for acceptibility. Granted, it'd be just as political as anything else bodies do, but at least there'd be a chance for it to work right.
I disagree with you to a point on the lack of merit to this idea. I think that a
The trouble with trying to make porn domains is that states could enact laws that prohibit ISPs from allowing traffic to sites that are so easily identified, which would be censorship. It would also be difficult to get pornographers to make use of the domain anyway, since a lot of content mirrored isn't exactly staying within copyright guidelines, and I would imagine that someone engaging in copyright violations wouldn't want to make themselves stand out that clearly.
Do not look into laser with remaining eye.