Slashdot Mirror
Verisign Considers Restarting Sitefinder
Rosco P. Coltrane writes "The Washington Post reports that VeriSign is considering reviving its infamous search engine. 'Site Finder was not controversial with users' says VeriSign's Tom Galvin, and VeriSign 'assured ICANN that it would give 60 to 90 days' warning to resolve any remaining technological problems.' Such as leaving the DNS service alone for example?"
Those who forget history are doomed to repeat it...
Visceral Psyche Films
You think we might be able to outsource VeriSign to India?
This is .org and .com! When does Verisign's lease expire? Can ICANN turn over the license to someone else?
When you type in a wrong address at the moment which doesn't exist, you are automatically taken to either a site search engine, which is pure crap.. or to the microsoft auto search.. (talking for users on School networks, with Windows terminals) which offers the option to use the great Hotmail (Spam Central), Shopping (at ridiculous prices, from the company which could afford to give us all we want free) etc.
tim
...that they would learn from past mistakes. But no, of course not.
The problem is, are ICANN going to back down this time and let it slide, or are they going to continue to give Verisign hell over this, and pressure them, as they should definitely do?
Are we likely to see another backlash from users and network admins?
And will there be the same sort of media coverage that basically gave Verisign quite a bad bit of PR for 2 weeks.
It seems like they have sneaked this out again with the minimal amount of fanfare in an attempt to try and stifle the opposition, but when you have so many people mistyping domains everyday, you cant really expect it to go unnoticed and not to piss people off.
TheHustler
http://www.elmarko.org/ - Useless bilge
http://www.asylum-games.co.uk/ - Co-Founder
'Site Finder was not controversial with users'
It wasn't controversial at all. Everybody agree it was a bad idea.
This space left intentionally blank.
Fast mirror here. Enjoy the Net exploatation !
Carefully crafted sig.
There's a difference. Microsoft only do it at the application layer, with a particular browser that they provide. If you don't like it (and I can't see why anyone would), you can always switch to one of the many alternatives. Verisign's site finder operates at the DNS level. It's not as if you can choose to not use DNS, or switch to another name service.
"The invisible and the non-existent look very much alike." -- Delos B. McKown
they take .com and .net out of verisign's hands the better. Its just unfortunate that this will misinform new people AND generate more needless traffic because of the returned page. Did the search page ever have preferences to certain websites? or was it truly independent? If i typed in server software would it bring up xxx penis extensions because some idiot put in metatags or would it bring up true results?
We played dungeons and dragons for 3 hours.....then i was slain by an elf
And firebird^H^H^H^Hfox does it for google ... it could be argued that's even worse than Microsoft, since there you get shot off on an I'm Feeling Lucky, while microsoft gives you a list of close matches and lets you choose one. I've had too many times when I mistyped a URL, got shot off to another page entirely, and then had to go back and do a "google URL" to find what I was looking for.
;)
Also, M$'s way sends you back to a Microsoft page - which is expected, since MS has a search service (along with one copy of every single other web application). But Mozilla choose Google fairly arbitrarily - why not use Yahoo? Or Wikipedia? And anyone who argues "it's the #1 search option" gets a free copy of IE, the #1 browser, from your good friends at Monopolysoft
True, but that is a browser thing. It doesn't break well-written applications that don't use MSIE (isn't that redundant?), and doesn't affect Linux/Mac users at all. This, on the other hand breaks applications through no fault of the original developers, forces ads down ppls throats with no means of changing it, and exploits a publicly trusted position.
#define DRM chmod 000
And in other news, the US forces were crushed in Iraq, Mars Beagle did not go missing and has been transmitting pictures for many days, and these aren't the droids you're looking for.
But DNS is used for more than web look ups. If DNS returns spurious results for gethostbyname(), a typo in a SSH command, or nntp request will be seriously bjorked.
I've no problem with Firefox (or IE) sending me to a search engine when I try to connect to a typo-ed web page: this is a reasonable policy to set at the application level
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
That's what we get by having corporations managing the Internet infraestructure instead of a public service. Some people talk about censorship, but if the corporations actually have the nerve to do something like this, whow long does it take until censorship sets in?
can someone be blamed for doing a denial of service
to a site that Does Not Exist ?
how about some scripts to pump out requests to a fairly
limited set of known to be Non-Existent domains...
could this possibly cause an interesting burden on Verishit's servers?
would the name lookups themselves affect DNS too badly to
cause innocent collateral damage? i'd hope caching of a limited
set of non-existent names would avoid much dns load.
just curious, academic musing and all that...
Remember the times when microsoft and SCO had to change their web address to side step being attacked by DDOS for various worms?
If site finder goes up.. All falied DDOS going to old domain names will end up taking those attacks. Guess verisign will be the official decoy for outdated worms. =)
All slashdotters, espeically people that were seriously affected by sitefinder, please complain NOW. Let them know how controversial it is!
found here
Galvin said that the continued opposition stems from "an ideological belief by a narrow section of the technological community who don't believe you should innovate the core infrastructure of the Internet."
In our recent article a number of mistakes slipped past our content review processes. In this case "destroy" was incorrectly spelled "innovate". Also "ideological" clearly was meant be "correct". Likewise "narrow section" appeared instead of "all".
We apologise for these errors and any confusion they might have caused.
You can change the url to anything you like.
Just do a about:config and change the keyword.URL setting.
I set mine to http://www.google.com/search?btnG=Google+Search&q= which is a regular Google search.
And firebird^H^H^H^Hfox does it for google ...
Are you sure?
I just tried a domain name that doesn't exist, and instead of being taken to Google or any other place, I saw a "www.randomdomainname.org not found" dialog box instead. It doesn't even give me an option to feed it to a search engine from there.
IIRC, IE will take you immediately to a search engine without displaying any error message. This is the annoying and broken behaviour that the OP was talking about.
Perhaps you've installed a plug-in or extension that is doing this?
Also, M$'s way sends you back to a Microsoft page - which is expected
No, it isn't. I expect it to say "domain name not found". End of story.
Last time they were accepting emails to non-existant domains too. If everyone makes sure they have lots of web pages with long lists of email addresses in nonexistant domains then the spammers will spend a significant fraction of their bandwidth DOSing verisign instead of hassling the rest of us.
In your idea, remember to get the script to follow all the paid-for links. The advertisers will have to pay for the hit, and will soon realise they're getting bad value for money. And you can still identiy site-finder DNS entries easily, so you could just mis-spell random real web sites and see if they point to site-finder.
In soviet russia stale jokes recycle you!
I love the idea.
That would just put so much stress on BIND servers around the world. It can just very well bring down the internet for most of the world. That could easily cause a massive slow down in just looking up domain names since the caches can fill entire databases.
Many sites cannot be reached by their IP address alone. Ever heard of shared hosting ("name based virtual hosting")?
Getting a search engine is fine, if that's within my control. That's a good *browser* feature. And with a good browser, you can configure such a feature to go where you want it to, or just to give an error message (my personal preference). The problem with Verisign's approach is that there is nothing to tell the browser that there was no DNS record, so you no longer have the choice.
"Site Finder was not controversial with users"
Hm, let's see:
a) Right. It just was extremely controversial with those who didn't use it (i.e. everyone else, like 99% of the Internet users)
b) Right, it wasn't controversial. Everyone agreed that it's a bloody fucking stupid thing.
c) Right, it wasn't the Sitefinder page itself that we all hated, it was Verisigns "bend over, here we come" attitude of forcing it on everyone, whether they wanted to or not.
Now that's three ways how he's saying the truth. Can't really argue with that, can you?
Assorted stuff I do sometimes: Lemuria.org
Nice idea, but the domain system only really works if we all agree on a single set of authoritative root servers. Otherwise you are effectively introducing another level into the DNS - go to 'www.mydomain.com2' is not very useful if you also have to append instructions on how to change your DNS servers. I can just imagine the voiceover at the end of the radio ads - very fast, and in the style of 'terms and conditions apply'.
And as understand it some anti-spam programs does a lookup on the senders hostname to see if it's a valid hostname. If the lookup returns an error (not found) they send the mail directly to the trash.
But with this service you will always get a hit. Which in turn renders this anti-spam program ineffective.
Of course you could use other anti-spam tool, but this stops a lot of spam with fake hostnames.
"The contractual inconsistencies include, violation of the Code of Conduct and equal access obligations agreed to by VeriSign, failure to comply with the obligation to act as a neutral registry service provider, failure to comply with the Registry-Registrar Protocol, failure to comply with domain registration limitations, and provision of an unauthorized Registry Service."
... where we can't install a single thing
If you can save files somewhere (most schools give you space on a central fileserver) then you can install Fire.* - download to filespace, unpack, run program. No full-blown Windows Installer access required.
And you're looking at the issue from the wrong perspective. Most admins couldn't care less what home users see when they type in the wrong URL: a search engine is a good as anything and probably the right thing to do for most people. What they do object to is the fact that wildcard DNS resolution breaks a lot of things end users never see but admins have to deal with on a daily basis - the resolution failure should be handled by the browser, not at the DNS level where there are times when you want a name that doesn't exist to not resolve.
DNS is used by a variety of applications, not just the web. By returning bogus data instead of "NXDOMAIN" (non-existant domain) to applications, applications are unable to easily detect legitimate errors.
Many/most web-browsers already allow you to configure them to go to a search engine in the event of a problem. People actually complain about IE doing it, and IE is the most installed/used webbrowser on the planet, so at most maybe 5% of people, who use browsers other than IE, whose browsers do not support searching for bad domains, would find this "hack" useful.
Additionally, a web browser knows basic information such as what language you speak. SiteFinder didn't. The impact of SiteFinder is such that it replaces an error message everyone can read with a page that many people cannot.
It's bad, and redundant, for web browsers. And it breaks everything else. What's the up-side?
You are not alone. This is not normal. None of this is normal.
I have to think you're trolling, but I"ll bite anyway. You're falling into the common trap of only thinking of DNS as affecting Web traffic. What about email? If you fat-finger your friend's email address, don't you *want* that email to come back, rather than dissappearing into the void that is Verisign? The wildcard they're putting into the DNS isn't just about web traffic. It's *all* DNS queries...that's going to affect email, ssh, nntp, everything. Once of the basic spam filters, for instance, is a check to see if the sender's domain exists. With the wildcard, *all* domains exist, causing you to get more spam.
SiteFinder the search service is fine. The DNS wildcard to *force* you to SiteFinder is what makes people angry.
If you read a large thread further up, you'll see that that functionality can only sensibly be implemented at the application (browser) level. To do it at the DNS level will break the DNS model. This means that any of the many other applications that use DNS will be broken as they can no longer distinguish between real and fake domains.
Trivial example: spam sender checks will now resolve for all attempts, thus preventing simple blocking of spoofed senders. Want more spam?
Justin.
You're only jealous cos the little penguins are talking to me.
Especially since saying "...leaving the DNS service alone..." is redundant. DNS = Domain Name Service. That's like saying Domain Name Service service. Or like saying PIN number... or ATM machine...
The annoyance factor and the outrage will be big pushes for the OpenDNS idea, especially once the cc people wise up and get on board to stop the extortion.
Maybe ICANN won't notice as everybody migrates away from their little empire of root servers until everybody's already used to the idea; that will eliminate the 'single point of political failure'.
Verisign is busy proving all over again that FLOSS has been demonstrating: when it comes to the Internet, the only people you can trust are everybody.
I *heart* corporate thinking.
The Slashdot Paradox: "100% Overrated"
IIRC, IE will take you immediately to a search engine without displaying any error message. This is the annoying and broken behaviour that the OP was talking about.
You recall incorrectly. If you type in a proper domain name, IE will just give you a "This page cannot be displayed - Cannot find server or DNS Error". It only tries to do a search if you type in non domain name type expressions. eg a phrase with spaces or a single word without any dots in it which doesn't match a local host.
I expect it to say "domain name not found". End of story.
That's exactly what it does say! Why do people keep confusing what happens if you type in *words*, with what happens if you type in a *domain*?
Please *try* these things before posting misleading rubbish that will only spark further trollish messages.
(I have tried all of the above in IE6)
The Internet is a connected suite of protocols that work off of a similar top layer of technology, permitting multiple types of information transfer. Granted, the WWW, being the kick-ass application it is, is a very large part of this. However, what people ALWAYS fail to realize is that Electronic Mail, FTP, SSH, Telnet, Internet Gaming, X-Windows, ICQ, AIM, and every other Internet program under the sun utilizes DNS to try to get where it's going. When Verisign turns on its crappy service, what happens is that every OTHER program that relies on host names will be SCREWED UP. Why? Because instead of an error message that says you are trying to access a host that doesn't exist, you'll get a message that is much more similar to the fact that the host is unavailable! That means when you send an email message to dumbshit@verisiggn.com by mistake, instead of getting a response back immediately that you typed in a bad address, your message will sit in a queue for 3 days, and then you'll get an error message saying that your recipient couldn't be reached. This will cause you to contact your system administrator, and waste hours of his time, and time at other remote administrators because no one will catch the typo until after they've exhausted all the possible reasons your mail systems cannot talk to each other. System Admins RELY on error messages that make sense. When those are absent, answering user questions of 'It doesn't work - fix it' is VERY VERY DIFFICULT. This message is just for those of you who appear to not have a clue just how much frustration this causes, and who think that this makes even a modicum of sense to do.
It is analogous to saying that if I put a detour sign in the middle of the freeway to direct traffic to my shopping mall, that I am obeying the traffic sign protocols.
The comment about "ninety-nine percent of the traffic is pure HTTP" is a shorthand way to sum up why it is not possible to communicate with Verisign's executives, and why they must be stopped and soon.
Because it wouldn't matter if one hundred percent of the traffic on the internet were HTTP, it still is not a reason to break DNS in order to insert advertising. The "service" they claim to be providing should be provided by the browsers, giving everyone a chance to implement their own solution to the problem of mistyped domain names. Then many possible solutions to this issue can be innovated. By breaking DNS to lie about the existence of domain names, they actually prevent anybody else from providing any solution. This is the exact opposite of innovation. And they are smart people at Verisign, they clearly and obviously know all this, and yet they are lying to every one about it. And that, in a nutshell is what makes me more furious about this than any other Internet legal issue has in a long long time, maybe ever, or at least since Network Solutions took the .com database
offline and made it their own private property.
There was a story I heard once, about a company (Novell ?) which implemented their own file transfer protocol over the network. They did not use exponential backoff on retransmit, which made their protocol look much faster than TCP/IP. It would in fact hog all the bandwidth, bumping out all the more polite and well behaved protocols. This was great for them, but in fact as the network approached saturation, the system would fail catastrophically, for reasons obvious to Internet protocol designers.
At some meta-level, this is what is happening to the Internet itself now. Verisign is itself like the bad protocol, which does not play well with others. It is taking advantage of an opportunity which gives it a short term advantage, while degrading the entire network protocol infrastructure.
There are good reasons for a hierarchy. Control is devolved, rather than concentrated in a single body. Each country has control of their own TLD, (excepting those that have sold it off) and believe it or not outside the US they *are* used, particularly for local businesses. And so on to the following levels: a domain owner has the freedom to set up as many third-level subdomains as they like (smtp.mydomain.com, pop3.mydomain.com, etc.). I don't know how this would work with a single-word system.
Anyway, many browsers *will* try .com on the end if you type in a single word, or you can just stick your favourite sites in your hosts file:
66.35.250.150 slashdot