Slashdot Mirror
Verisign's SiteFinder - An Engineer's View
ixs writes "CircleID has an interesting article by David Monosov about Verisign's plans to reintroduce Sitefinder.
The article presents the thesis that the Internet engineering community is partly to blame for Verisign's ability to mess with the .com and .net root zones. According to the author we spend too much time with our systems and not enough with politics. The writeup was previously posted to NANOG and received a favorable response from Paul Vixie."
It's not easy for someone sophisticated in technology just 'step into' these politics. These are still big companies, and those who make the decisions just consult geeks if they want to - and believe them - if they want to.
-el
ICANN threatened to sue them, and 'revoke' their registry status last time, and they relented. Is there any indication that ICANN intends to do the same thing again? My guess is that Verisign isn't as stupid as SCO and wouldn't go forward with this if they thought they would lose out on what's basically a huge free money engine over this. Have they made a deal with ICANN? Do they think they can win, and own the entire domain system for .COM and .NET, ICANN be damned?
I mean, if they can get away with this, what's to stop them from doing things like shutting out other registrars, etc?
autopr0n is like, down and stuff.
I was going to put a sig here, but I had already submitted the message.
According to the author we spend too much time with our systems and not enough with politics.
Ok. Who watches CPAN here? Time to throw out our congressmen(and women) and take their places on capitol hill.
And make our congressmen code monkeys. Don't be surprised if you frag down your senator on CS then.
The tone of the summary makes it seem like Monosov is advocating leaving Verisign alone and letting them do whatever they want.
.com,.net, and .org registration from capitalist companies, and give it to a more global entity. Then, use those funds to help the Internet infrastructure further instead of lining the pockets of the already-rich.
In fact, the article is exactly the opposite and states that we should wrest control of
the problem with politics is that you need to get political in order to make sure people don't get political
According to the author we spend too much time with our systems and not enough with politics.
No shit, Sherlock. That's why we're engineers.
Mike
People often use metaphors to describe things like this, which sometimes bugs me because people then get into arguments about the metaphor, which is totally pointless. We are all smart enough to discuss this directly, I should hope.
In any event, I did think of one, and I thought I'd share it with y'all because I have nothing better to do.
It would be like the government contracting out road work to a private company, and then having that company put huge advertising over the signs, or printed right on the road. And then having the CEO going out and saying "It's time someone started making money off infrastructure." When in fact what they are doing is making things worse for everyone else to benefit themselves, and doing it with something that they have only by coincidence, rather then any real work.
autopr0n is like, down and stuff.
What Verisign doesn't understand is that the public will put up with it's monopoly if we can use the internet day to day without seeing the verisign logo. This company has somehow cheated the system to become the overlord of the internet. As long as everyday consumers aren't aware where their meat comes from, they'll eat it. But if the harsh truth faced them every day, nobody would touch a big mac. In the same way, Verisign can get away with it's monopoly because nobody cares where the internet comes from. I hope sitefinder changes this. Let sitefinder be the 21st century "The Jungle."
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Verisign put a DNS wildcard in to sell their search service and generally piss off the world.
We put in a bind patch to prevent DNS wildcarding on top level domains.
We don't need to play brain-dead political games with these losers. It's our internet, not theirs. We have the right to totally ignore any and all of ICANN's setup and use our own DNS servers without notice and without asking for their permission.
Should slashdot march on Washington DC?
Slashdot should Slashdot Washington DC. Let's stick with what we do best!
Countries and corporations are both run by people whose primary job is politics. It is extremely difficult to go up against these people without becoming one of them.
Not many engineers want to become politicians, even if it means fighting for something they value. They want to do their job, which is designing stuff.
N4st0r, trixx0r h0bb1tz0rz! Th3y st0l3 0ur pr3c10uzz!
http://web.archive.org/web/20000818212505/www.iii
"There will be up to one-hundred-fifty (150) new iTLDs allocated to as many as fifty (50) new registries, with no more than one half (1/2) in the same country, created in 1996, and chartered to operate for up to five years.":a .org/lists/newdom/current/0518.html
http://web.archive.org/web/20000818221119/www.iii
Tell me what was wrong with this again?
for a distributed decentralized DNS using JXTA,
which is the Java peer-to-peer framework.
The basic idea is to trust your peers,
rather than the centralized system now.
Of course that raises all kinds of questions;
still it's compelling to consider the approach.
The O'Reilly introduction is HERE
Cheers, Joel
Sometimes I misspell URLs and I actually *like* having a service that attempts to find the site I'm looking for.
I'm not saying that people who are against it are anti-capitalist or anything, but they certainly are a bunch of knee-jerk reactionists.
Did you mean Lomonosov? BTW, this translates as "break a nose's"
Just throwing out an idea... There has been a lot of talk about whose laws should apply in cyberspace. One thought is that maybe it should be made explicit whose laws are applying by making the country explicit in the domain name. Ditch all .com, .org, .net, etc domains and just keep the country top level domains.
.com redirect to .com.us in the US, .com.au in Australia, etc. Those names would only be useful as shorthand for people to type and would be deprecated as published URLs (because they would no longer mean the same thing everywhere).
.us site from Canada, the same laws apply as if I poked a stick over the border while standing in Canada.
.us).
As an ease of use measure you could make
When I access a
Moreover, it removes the problem of VeriSign playing with the TLDs (at least for the rest of the world, I don't know who administers
Pity it'll never happen.
All this mess is caused by people that try to maximize their profit. Just imagine a world without money, nobody would need to send spam mails because there is no profit to make. Ok, sorry, was just kdding.
But I hope you see the point. I guess the price we have to pay for globalisation and outsourcing important infrastructure things from governments to private companies is that those things might get abused by morons that want to get a maximum profit.
But since I'm not able to lie so well I'll guess I'll keep stuck to engineering and won't make a careeer in politics.
Putting it simply, I think the present organisation works this way: people with power (government) and people with money (corporation) get together so that some of the power can be used to generate more money. The corporation is happy because of easy money; the government can use the threat of taking the money away to influence the behaviour of the corporation, which is happy to appease its master so long as the money is there. Both parties are happy. Everyone else doesn't really figure in on the equation unless the corporation does something to rile the general public, at which point the government may be obliged to take steps which make it look like it's doing its job.
Suppose the government delegates control of the GTLDs to a non-profit organisation which has a mandate to ensure the smooth operation of DNS infrastructure, and can be relied upon to do a good job of that. What's in it for the government? They can't easily coerce the organisation into doing things in a manner which leaves them in control (governments thrive on control), since there's no greed to manipulate. Further, no filthy lucre means no pork for the politicians to direct back to their electorate. What's in it for the politicians?
How do you sell a politician on an idea when the best you can come up with is, "this is obviously the Right Thing to do." What you really need is a P.R. headline which emphasises how it's good for employment, or the economy, or security, or will save the children, and a subtle undergirding of, "this will make you (politicians) more powerful and/or popular and/or provide economic benefits to your constituents."
So what we need is some very creative P.R. spin, and I'm not very talented at it. Any suggestions?
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
I agree that the tech community has traditionally been averse to playing politics, and this is evidenced in many areas. Nowhere is this more poignant than in the issue of SPAM, which is now more of a political than a technical issue. The tech community needs to form a hardcore lobbying group to force the Federal Authorities to do their job and prioritize the prosecution of spammers and other groups who are stealing, breaking into and destroying resources. The ineffectiveness of anti-spam efforts nowadays is the perfect testimonial to the much-needed aggressive politicking the tech community needs to do to solve this problem.
On the other hand, the business community is also being too political and not technical enough. Tens, perhaps hundreds of thousands of businesses do not have secure networks and related policies and 99% of the larger operations are not fully-exploiting the technology available to them.
Likewise, the mainstream business community is excessively political and seems to have had the common sense, as well as technical insight, sucked out of a majority of their business models. The whole "dot bomb" implosion was the result of too many companies relying exclusively on hype and politics to drive their business model.
While the tech community can stand to be more political, I think the mainstream business community even more desperately needs to get technical.
We don't need to play brain-dead political games with these losers. It's our internet, not theirs. We have the right to totally ignore any and all of ICANN's setup and use our own DNS servers without notice and without asking for their permission.
While a shift is not as trivial as you make it, I do agree with on major point.
Paul Vixie has been running around trying to ensure that nobody acts "immaturely" or engages in name-calling with Verisign. He's desperate to be taken seriously.
That's ridiculous. Verisign, not the engineers criticising them, is the side lacking respectability. The engineers run and design the networks and control the systems that Verisign uses. Verisign is a comparatively tiny collection of a few people who have buddies in politics, scientists, and engineers.
Nobody should feel constrained in their online conversation for fear of "sounding respectable". The engineers who run the networks need prove nothing. They are running things. The only organization that has to worry about image at all is Verisign, which must seem at least impartial and benevolent enough to keep ICANN from axing their monopoly, which could be done.
Verisign was granted a special, unique opportunity to get money for doing almost no work (some bandwidth and adding an entry to a database). Yes, they *can* be expected not to play hardball, as would be accepted in a general business arena, as they are not operating as a regular business. They have a monopoly that was granted to them that they do very well off of. If they want to continuously test their limits and see how much additional money they can soak people for, ICANN and other engineers are under no requirement to keep granting Verisign the right to continue making vast amounts of money for almost no effort.
Verisign has clearly indicated that it is not currently willing to operate a public trust in good faith. They have continued to spout what most engineers consider to be bullshit, and have ignored frusterated feedback. Unfortunately, we have only one remedy, aside from formal complaints from ICANN (which have already been tried), and that is threats against and ultimately termination of Verisign's special privileges. Doing so will mean work for a lot of systems around the world, temporary service interruptions, bad blood at Verisign (and with political buddies of Verisign) and the risk that nobody else will be willing to step up after Verisign (given that their role might be terminated). Verisign is gambling that the Internet's collection of network engineers do not have the balls to actually terminate their role with a certain amount of bad behavior on their part. I am increasingly wanting to see Verisign's gamble proven wrong.
Shifting to OpenNIC or similar has its own set of problems -- can the same level of service be provided? What happens when an name schisms start appearing?
However, it may be better to be safe than sorry. Every day, Verisign makes it harder and harder to extricate them from a position where they can feed on vast amounts of technology money. This is acceptable, as long as they operate in good faith, which they have not done. Verisign's management has tried deceptive renewal forms sent to Verisign competitors. They have tried mucking about with fundamental components of the Internet. They may not be at a point where they must immediately be replaced, but I think that they are at a point where they must be made to modify their behavor or be terminated.
May we never see th
I say if things turn bad, we all move to .gov/.edu/.org/.info/.us/.your-country-code and let verisign "administer" nothing.
.com/.net. .com/.net address.
- Find a hosting service outside of
- Host your stuff there from now on.
- Remove every link you might have pointing to a
Are you with all me?
...this article is stating somethi8ng that isn't a new concept, but certainly one that needs to be paid more attention to.
Geeks in general have been absent from the political process, or at best mediocre at bitching in online fora and sending boilerplate emails as if having your meager feeling of involvement is somehow truly the best use of your collective intellect. A handwritten letter is usually worth 1000 emails (that is a comparison I have heard enough times to conbsider it fairly valid).
The people currently most likely to be active at a grass roots level (wrt technology) seem to either abject Luddites or simply big commercial concerns that have more pecuniary motives than anything else...and profits do not always equate to innovation or the best interest of the public at large. Technology Policy these days is being largely defined by non-technical cadres of lawyers and politicos who can barely spell SSH let alone know what it does. These are people who willingly purchase questionable products for elections from Diebold, who have had convoluted and inane encryption laws (here is the genie...it's out of the bottle...deal), not to mention have propped up such fucktarded laws as the DMCA and UNITA and left the state of Intellectual Property laws to go pretty much on the liberal side of imbecilic).
A non-profit organization was set up to run Internet name assignments, with international participation, representation of major infrastructure players, and even a nascent direct interested-person representation system.
It was called the Internet Corporation for Assigned Names and Numbers, and it's the organization that went ahead and so solidly entrenched VeriSign in the first place.
Merely passing along control to another NGO is not, in itself, a solution; there is no reason to expect it won't be politicized and turned into another ICANN.
Well now, if we are going to have urls and dns, we need someone to sit on the database of who has what assigned to where.
......
meet Verisign...
Ok, so we are sitting on the afforementioned database with the required info for the internet presence for millions if not billions of people,
what shall we do?
I know, lets break it all and try to break into the search engine business! Every page anyone looks for on a domain that no longer exists will be our domain!
All your leftovers are belong to verisign!
Now to me this just seems like an abuse of power by the people who look after the database for us.
(veri-lame)
If they had mentioned that they would do this in the future then i'm most likely we wouldn't have picked verisign to look after our data, or we would have made sure they couldn't use it as a gun to our heads further down the road.
If they were going to break all the RFC's and the like, again, we would have put blocks in place.
but instead they are free to claim they own every domain that was ever that doesn't have a paying owner right now. Not that verisign are paying to squat on that domain mind, they just control the database.
so i say again
All your leftovers are belong to verisign!
Who do they think they are? I don't want to use their substandard search engine anyway.
much more useful would be a link to the domain as it was last known on internet archive or some other internet backup site. Not whatever it is verisigns ill thought out search routines are going to return.
I'd just like to ask, "where's the beef in this article?". To my eyes, it reads like a general complaint on life in general. Should he have titled this article, "My rant" ? There's nothing, I repeat, NO THING, in this article that wasn't already said, more eloquantly, in yesterday's slashdot article: What the Internet Isn't"
-- I'd give my right arm to be ambidextrous
Speaking of SCO, I'd love for them to bring sitefinder up right now, mydoom.a will have a new home.
/dev/null is full).
Sitefinder will simply become the internet's new blackhole ('cus
That is because article submitters, and subsequently Editors, do not read the articles.
This shouldn't be a surprise.
Mod parent up. This is as sane a synopsis as I have seen this topic.
If Varisign can tinker with DNS responses provided by their DNS, why can't every other downstream DNS server act in kind, when forwarding a query, taking the ersatz advertising responses from Varisign and substituting their own advertising website, or better yet, substitute the responsible "usual" behavior?
Indeed, if Varisign does this, wouldn's such a response be inevitable, for good and for ill?
What I will be most amused by when that happens are the frivolous lawsuits Varisign will raise when that happens.
You think it will be hard to find a replacement? Heck, I will do it. I do not mind getting rich for doing next to nothing. In all Seriousness, maybe someone can back me up on this, but I believe that Verisign does not even own the servers, they are supplied by the US government which owned them first. I could be wrong, but I believe I heard that from a reliable source.
THe uk registrar, nominet (http:www.nic.uk) is a not-for-profit and is far and away the best registrar I've ever used. Everything they do is GPG signed and the domains are cheap. They even have a dispute resolution service for if your ISP steals your domain.
Engineer has an idea. Engineer implements the idea. Engineer is happy. Engineer's peers are happy. Non-engineer picks it up and uses it to get a lot of money, tarnishing the original idea in the process. All engineers are outraged.
The article states that engineers should be more aware of politics. That's bull.
An engineer that takes politics into account will accomplish nothing, because he is battling windmills. Trying to protect your inventions against corporate meddling is impossible. The problem is that those who invent simply do not have the power to enforce the "right" use of their invention. Being aware that that power lies with people who are mainly interested in squeezing money out of ideas will only make you despressed.
And there are reasons that this is the way it is. The two main ones are (1) the innovators are the grease-monkeys of the corporate and political worlds; and (2) the fact that innovations can generate money is the catalyst that allows engineers to innovate.
These two reasons lead to three possible solutions for the described situation.
Solution 1: More engineers become politicians, thereby gaining influence on law-making and getting the ability to bend the laws to idealistic purposes. Unfortunately, engineers (just as scientists and artists) do not want to be politicians. It's a frustrating job, especially if you are idealistic. If someone is only interested in money and power, it can be a fulfilling job, but I don't expect idealistic law-making from such a person.
Solution 2: Engineers refuse to work for corporations and develop their ideas for themselves. Unfortunately, this will mean that they do not have the funding to work on their interesting ideas, and even if they succeed, a big corporation will notice them and run away with them.
Solution 3: Engineers do not create inventions that can be or need to be exploited for money. Translated: Engineers won't innovate at all.
Conclusion: All three solutions won't work in practice. Since that is a depressing thought, perhaps you better not read this comment.
Too late.
I was trying to think of the further ramifications of recommending this change: increased load on the remaining servers (which we can do little about... except maybe by creating a commercial service where we hijack users enquiries and... no wait), increased latency for some users querying some domains, and marginally increased vulnerability to DDoS attacks.
It brings to mind the famous quote:
"The Internet interprets censorship as damage and routes around it."
-- L. Peter Deutsch
The latest named.ca is available from here.
Q.
Insert Signature Here
Since Verisign receive a payment for each registered .com domain, they can't argue that my employer should register all variants on its trademark, without opening themselves up to a charge of extortion, and I would be surprised if the system automatically ensured that it didn't risk abusing someone else's trademark.
I appear to have a blog. Odd.
Almost all of the non-ISO country-code TLDs are country-specific. They are simply legacy from when the United States was the only player involved. .com is US commercial, .mil US military, .gov US government, and .net US network provider. (AFAIK, the only non-US non-ISO TLDs are the recent additions, like .int and .info). The TLDs have been abused (thanks in no small part to money-hungry registrars like Verisign, which encouraged you to abuse the TLD system -- "add foo.org and foo.net to your foo.com registration with one click!"
:-)
Your proposed system is a good idea -- it's already present.
May we never see th
Stratton Sclavos, the CEO of Verisign, must be Darl McBride's secret twin brother, because he is using exactly the same lies, FUD, and ad-hominem attacks against the Internet technical community as SCO is using against the free software community.
.com
/You temporarily suspended Site Finder in reaction to widespread /*
...
There is an interview with Stratton Sclavos,CEO of Verisign, at http://news.com.com/2008-7347-5092590.html
Here are some highlights of the Q&A which particularly make my blood boil. This guy is both doing a smear campaign against the opposition to SiteFinder, and either has such a warped understanding
of how Internet protocols are developed and operate that he is incompetent to be in charge of the root DNS for
, or else he is a cynical liar. I believe the latter is the more likely. His comments about a "cultural divide" are true, but not
in the way he intends. The cultural divide is between the fair, decent, ethical, and technically responsible people and
the people such as himself.
*
*
*After a couple of weeks on the hot seat, VeriSign CEO Stratton
Sclavos is turning up the fire on his company's severest critics.*
*The Site Finder controversy
criticism. What's the next step?
The reason Site Finder became such a lightening rod is that it goes
to the question of are we going to be in a position to do innovation
on this infrastructure or are we going to be locked into obsolete
thinking that the DNS was never intended to do anything other than
what it was originally supposed to do?
Still, a lot of people in the Internet community were quite
surprised by Site Finder--and then you had complaints surfacing that
it was not complying to approved standards.
Let's break the argument down: The claim that Site Finder was
nonstandard and that we should have informed the community we were
doing something nonstandard--excuse me: Site Finder is completely
standards-compliant to standards that have been out and published by
the IETF (Internet Engineering Task Force) for years. That's just a
misnomer. The IAB (Internet Architecture Board) in its review of
Site Finder said the very same thing--that VeriSign was adhering to
standards.
What we're seeing are predetermined opinions masquerading as
processes where the outcome is predetermined.
The second claim, that we brought it out without testing--Site
Finder had been operational since March or April and we had been
testing it with individual companies and with the DNS traffic at
large. Ninety-nine percent of the traffic is pure HTTP, and so it
handles it the way it should. Just so you know, our customer service
lines went from 800 or 900 calls on the first day to almost zero
right now. Every customer who had a Site Finder issue, the
remediation took less than 12 hours.
*You temporarily suspended Site Finder in reaction to widespread
criticism. What's the next step? *
The reason Site Finder became such a lightening rod is that it goes
to the question: Are we going to be in a position to do innovation
on this infrastructure, or are we going to be locked into obsolete
thinking that the DNS was never intended to do anything other than
what it was originally supposed to do?
*
You're hinting at a cultural divide? *
I think that there is. I don't think it's an intentional divide, but
it's drifting apart of the day-to-day usage from the folks who did
great steward's work in the early days and were asked to define all
the standards to make it work.
*And those are the people who still dominate the standards bodies? *
They're speaking out of both sides of their mouth right now. It's
not OK to say standards are important, un
The engineering community is to blame??!!
That is like blaming the Jews for the Holocaust when it was the f$@%ing Nazis who where killing people!!
Perhaps Verisign should sit down and read the "World of Ends". Especially the parts about The Internet is stupid, Adding value to the Internet lowers its value, and All the Internet's value grows on its edges.
-- Some people say they can tell the time by looking at the Sun, but I have trouble seeing the numbers.
I don't know that GWB has the power to strip US-born atheists of their nationality. However, it is impossible for a foreign-born atheist to become a US citizen without either breaking the law or compromising their principles.
Now, many atheists have become US citizens, and some of them (e.g. James Randi) are quite vocal atheists. The usual way to do this is to be sworn in to citizenship as part of a group, and to remain silent while the rest of them say "under God".
I have a couple of problems with this approach. One is that a country where I have to break that country's laws to become a citizen isn't really a country I want to be a citizen of. The other is that my main problem with the Pledge of Allegiance is that my allegiance goes to the Constitution, not the flag. The US Government derives its legitimacy from the consent of the governed, and its power from the Constitution. The Pledge of Allegiance is the only formal statement of that consent, and it's been ballsed up by legislators who did not understand (or disagreed with) the intent of the Founders.
</rant>
--
E_NOSIG
They can hold us over a barrell and all we can do is sue them. We've seen how long lawsuits take. A week of we're-screwed-time is too long.
While it would take forever to get every incompetant sysadmin to change root DNS servers, the bulk of us could be changed over in days.
We just need
A. someone to do it (set up new root servers and maintain them)
B. a massive insult and pain in the ass like the reinstitution of site-finder to prod sysadmins into changing over to them.
Versign would still own creating domains, but a clone could be actually serving the info. Talk about embarassing for Verisign. They'd sue immediately and the civilians would learn about this quickly.
When it all comes down to it, such a new root server provider could say, "I'm takin' my ball and..." creating new top levels? censoring sites via domain expiration? splitting the list off entirely, creating an Internet-prime? Telling ICANN to shove it? "We are, after all, just an edge service which people use by choice. PETA.com stays People Eating Tastey Animals on our servers. Screw you."
And if the community didn't like it, someone else could do it all AGAIN. When you set up an Internet connection, you'd say, which one do I want to be on? (Logically, not physically, of course.)
It would be both horrifying and interesting. And after some chaos, order would be restored in the form of a ROOT server authority with the oversite of a smarter overseer (one hopes).
I would hope that a public entity would do it, someone who is interested in the Internet being open, but a private entity would do, too. Hey, GoDaddy, do you hear oportunity knocking?
Guess so.
"Reality is that which, when you stop believing in it, it doesn't go away." - Philip K. Dick
I have a major beef with anyone who shows a complete lack of respect for the capital investments that companies make in a technology, even if in this case its a "public" technology.
The US government financed the initial DNS rollout, they gave contracts to companies that made signifigant investments in it, and while I agree with the statements about the technology in question being a bad idea - I have say I strongly disagree with "internationalizing" any technology that has been invested in by a public company. That is outright disrespect for property - not EXACTLY private property, but property none the less.
If you think that an international organization can run it better than a private company, you are entitled to your opinion, but you would be wrong.
Here if you don't know the reference.
You are not a beautiful or unique snowflake -- but you could be if you got off your ass.
Thanks Dancin_Santa!
Not true. It could be that back in the DAY the US gov gave Verisign some servers to use, to get them started. But since then, verisign has upgraded immensely. They run their own software systems, server hardware, the whole thing. As they should, really. In fact, from a technical perspective, verisign is doing a good job (the .com domain has always worked). It's their political decisions that are causing grief.
http://www.marketmechanix.com/searchalchemy.htm
"Our patent-pending technology allows ISPs and modem manufacturers to intercept 404 errors, and rather than display boring, unproductive error pages, to instead present one of our proprietary Search Alchemy search directory pages."
Don't worry, I saw the post you're talking about in meta.