Slashdot Mirror
Verisign's SiteFinder - An Engineer's View
ixs writes "CircleID has an interesting article by David Monosov about Verisign's plans to reintroduce Sitefinder.
The article presents the thesis that the Internet engineering community is partly to blame for Verisign's ability to mess with the .com and .net root zones. According to the author we spend too much time with our systems and not enough with politics. The writeup was previously posted to NANOG and received a favorable response from Paul Vixie."
ICANN threatened to sue them, and 'revoke' their registry status last time, and they relented. Is there any indication that ICANN intends to do the same thing again? My guess is that Verisign isn't as stupid as SCO and wouldn't go forward with this if they thought they would lose out on what's basically a huge free money engine over this. Have they made a deal with ICANN? Do they think they can win, and own the entire domain system for .COM and .NET, ICANN be damned?
I mean, if they can get away with this, what's to stop them from doing things like shutting out other registrars, etc?
autopr0n is like, down and stuff.
I was going to put a sig here, but I had already submitted the message.
According to the author we spend too much time with our systems and not enough with politics.
Ok. Who watches CPAN here? Time to throw out our congressmen(and women) and take their places on capitol hill.
And make our congressmen code monkeys. Don't be surprised if you frag down your senator on CS then.
The tone of the summary makes it seem like Monosov is advocating leaving Verisign alone and letting them do whatever they want.
.com,.net, and .org registration from capitalist companies, and give it to a more global entity. Then, use those funds to help the Internet infrastructure further instead of lining the pockets of the already-rich.
In fact, the article is exactly the opposite and states that we should wrest control of
the problem with politics is that you need to get political in order to make sure people don't get political
According to the author we spend too much time with our systems and not enough with politics.
No shit, Sherlock. That's why we're engineers.
Mike
What Verisign doesn't understand is that the public will put up with it's monopoly if we can use the internet day to day without seeing the verisign logo. This company has somehow cheated the system to become the overlord of the internet. As long as everyday consumers aren't aware where their meat comes from, they'll eat it. But if the harsh truth faced them every day, nobody would touch a big mac. In the same way, Verisign can get away with it's monopoly because nobody cares where the internet comes from. I hope sitefinder changes this. Let sitefinder be the 21st century "The Jungle."
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Verisign put a DNS wildcard in to sell their search service and generally piss off the world.
We put in a bind patch to prevent DNS wildcarding on top level domains.
We don't need to play brain-dead political games with these losers. It's our internet, not theirs. We have the right to totally ignore any and all of ICANN's setup and use our own DNS servers without notice and without asking for their permission.
Slashdot should Slashdot Washington DC. Let's stick with what we do best!
Countries and corporations are both run by people whose primary job is politics. It is extremely difficult to go up against these people without becoming one of them.
Not many engineers want to become politicians, even if it means fighting for something they value. They want to do their job, which is designing stuff.
N4st0r, trixx0r h0bb1tz0rz! Th3y st0l3 0ur pr3c10uzz!
http://web.archive.org/web/20000818212505/www.iii
"There will be up to one-hundred-fifty (150) new iTLDs allocated to as many as fifty (50) new registries, with no more than one half (1/2) in the same country, created in 1996, and chartered to operate for up to five years.":a .org/lists/newdom/current/0518.html
http://web.archive.org/web/20000818221119/www.iii
Tell me what was wrong with this again?
for a distributed decentralized DNS using JXTA,
which is the Java peer-to-peer framework.
The basic idea is to trust your peers,
rather than the centralized system now.
Of course that raises all kinds of questions;
still it's compelling to consider the approach.
The O'Reilly introduction is HERE
Cheers, Joel
Sometimes I misspell URLs and I actually *like* having a service that attempts to find the site I'm looking for.
No problem, just set your browser to send you to a search engine of your choice when you get a 404. If your browser doesn't do that bug the developers.
DNS wildcarding isn't the way to this. It breaks other stuff.
Just throwing out an idea... There has been a lot of talk about whose laws should apply in cyberspace. One thought is that maybe it should be made explicit whose laws are applying by making the country explicit in the domain name. Ditch all .com, .org, .net, etc domains and just keep the country top level domains.
.com redirect to .com.us in the US, .com.au in Australia, etc. Those names would only be useful as shorthand for people to type and would be deprecated as published URLs (because they would no longer mean the same thing everywhere).
.us site from Canada, the same laws apply as if I poked a stick over the border while standing in Canada.
.us).
As an ease of use measure you could make
When I access a
Moreover, it removes the problem of VeriSign playing with the TLDs (at least for the rest of the world, I don't know who administers
Pity it'll never happen.
Another thing is that the way they implement this SiteFinder is breaking other stuff on the net. Internet is more than just Web, you know.
And it certainly did not help that they ran an SMTP server aswell. God knows what it collected before it dropped the connection, and the server was also RFC ignorant with programmed responses.
I was tempted to mod you a troll, but figured all the answers you would get would be quite informative on the issue.
Putting it simply, I think the present organisation works this way: people with power (government) and people with money (corporation) get together so that some of the power can be used to generate more money. The corporation is happy because of easy money; the government can use the threat of taking the money away to influence the behaviour of the corporation, which is happy to appease its master so long as the money is there. Both parties are happy. Everyone else doesn't really figure in on the equation unless the corporation does something to rile the general public, at which point the government may be obliged to take steps which make it look like it's doing its job.
Suppose the government delegates control of the GTLDs to a non-profit organisation which has a mandate to ensure the smooth operation of DNS infrastructure, and can be relied upon to do a good job of that. What's in it for the government? They can't easily coerce the organisation into doing things in a manner which leaves them in control (governments thrive on control), since there's no greed to manipulate. Further, no filthy lucre means no pork for the politicians to direct back to their electorate. What's in it for the politicians?
How do you sell a politician on an idea when the best you can come up with is, "this is obviously the Right Thing to do." What you really need is a P.R. headline which emphasises how it's good for employment, or the economy, or security, or will save the children, and a subtle undergirding of, "this will make you (politicians) more powerful and/or popular and/or provide economic benefits to your constituents."
So what we need is some very creative P.R. spin, and I'm not very talented at it. Any suggestions?
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
This is a pet peeve of mine. When a site can't resolve, it is an nxdomain. A 404 is when the requested file on a web server doesn't exist. Please stop calling an nxdomain a 404.
I agree that the tech community has traditionally been averse to playing politics, and this is evidenced in many areas. Nowhere is this more poignant than in the issue of SPAM, which is now more of a political than a technical issue. The tech community needs to form a hardcore lobbying group to force the Federal Authorities to do their job and prioritize the prosecution of spammers and other groups who are stealing, breaking into and destroying resources. The ineffectiveness of anti-spam efforts nowadays is the perfect testimonial to the much-needed aggressive politicking the tech community needs to do to solve this problem.
On the other hand, the business community is also being too political and not technical enough. Tens, perhaps hundreds of thousands of businesses do not have secure networks and related policies and 99% of the larger operations are not fully-exploiting the technology available to them.
Likewise, the mainstream business community is excessively political and seems to have had the common sense, as well as technical insight, sucked out of a majority of their business models. The whole "dot bomb" implosion was the result of too many companies relying exclusively on hype and politics to drive their business model.
While the tech community can stand to be more political, I think the mainstream business community even more desperately needs to get technical.
We don't need to play brain-dead political games with these losers. It's our internet, not theirs. We have the right to totally ignore any and all of ICANN's setup and use our own DNS servers without notice and without asking for their permission.
While a shift is not as trivial as you make it, I do agree with on major point.
Paul Vixie has been running around trying to ensure that nobody acts "immaturely" or engages in name-calling with Verisign. He's desperate to be taken seriously.
That's ridiculous. Verisign, not the engineers criticising them, is the side lacking respectability. The engineers run and design the networks and control the systems that Verisign uses. Verisign is a comparatively tiny collection of a few people who have buddies in politics, scientists, and engineers.
Nobody should feel constrained in their online conversation for fear of "sounding respectable". The engineers who run the networks need prove nothing. They are running things. The only organization that has to worry about image at all is Verisign, which must seem at least impartial and benevolent enough to keep ICANN from axing their monopoly, which could be done.
Verisign was granted a special, unique opportunity to get money for doing almost no work (some bandwidth and adding an entry to a database). Yes, they *can* be expected not to play hardball, as would be accepted in a general business arena, as they are not operating as a regular business. They have a monopoly that was granted to them that they do very well off of. If they want to continuously test their limits and see how much additional money they can soak people for, ICANN and other engineers are under no requirement to keep granting Verisign the right to continue making vast amounts of money for almost no effort.
Verisign has clearly indicated that it is not currently willing to operate a public trust in good faith. They have continued to spout what most engineers consider to be bullshit, and have ignored frusterated feedback. Unfortunately, we have only one remedy, aside from formal complaints from ICANN (which have already been tried), and that is threats against and ultimately termination of Verisign's special privileges. Doing so will mean work for a lot of systems around the world, temporary service interruptions, bad blood at Verisign (and with political buddies of Verisign) and the risk that nobody else will be willing to step up after Verisign (given that their role might be terminated). Verisign is gambling that the Internet's collection of network engineers do not have the balls to actually terminate their role with a certain amount of bad behavior on their part. I am increasingly wanting to see Verisign's gamble proven wrong.
Shifting to OpenNIC or similar has its own set of problems -- can the same level of service be provided? What happens when an name schisms start appearing?
However, it may be better to be safe than sorry. Every day, Verisign makes it harder and harder to extricate them from a position where they can feed on vast amounts of technology money. This is acceptable, as long as they operate in good faith, which they have not done. Verisign's management has tried deceptive renewal forms sent to Verisign competitors. They have tried mucking about with fundamental components of the Internet. They may not be at a point where they must immediately be replaced, but I think that they are at a point where they must be made to modify their behavor or be terminated.
May we never see th
Sometimes I misspell URLs and I actually *like* having a service that attempts to find the site I'm looking for.
That's not an accurate requirement.
- Sometimes - when? I assume when you type it in your browser, you are not speaking email here?
- having a service - well, more like having something, you dont really bother what it is as long as it works, dont you?
So your requirement becomes : When I misspell an URL in my browser, I like it when something attempts to find the site I'm looking for.Fine with everyone. There is such a feature in IE, and this is the right place for such a feature to be.
Why we are against SiteFinder (and if you had read Slashdot before you would know this) :
You simply cant. Not even with cookies or so, as there is no such thing for DNS. But you can opt-out if the same service is implemented in your browser. (change browser/deactivate feature)
AND you will get a wrong message : "recipient not known" instead of "server not know".
It may annoy you, but you can adapt quickly. But there is also software that needs DNS lookup to function properly (most prominently, spam filter). And software doesnt adapt itself, it has to be rewritten, thus generating costs in various other companies. If SF was an opt-in service that would be less problematic, so that only software that wants to use this feature had to be rewritten, but this isnt the case.
It is written : "when the domain does not exists, you return a does not exist message". But suddenly Verisign decides to return "it's Verisign".
Like the idea? Then get IE, misuse google for it, or hack mozilla/write a RFE. But SF is A Bad Thing (TM).
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
A non-profit organization was set up to run Internet name assignments, with international participation, representation of major infrastructure players, and even a nascent direct interested-person representation system.
It was called the Internet Corporation for Assigned Names and Numbers, and it's the organization that went ahead and so solidly entrenched VeriSign in the first place.
Merely passing along control to another NGO is not, in itself, a solution; there is no reason to expect it won't be politicized and turned into another ICANN.
Well now, if we are going to have urls and dns, we need someone to sit on the database of who has what assigned to where.
......
meet Verisign...
Ok, so we are sitting on the afforementioned database with the required info for the internet presence for millions if not billions of people,
what shall we do?
I know, lets break it all and try to break into the search engine business! Every page anyone looks for on a domain that no longer exists will be our domain!
All your leftovers are belong to verisign!
Now to me this just seems like an abuse of power by the people who look after the database for us.
(veri-lame)
If they had mentioned that they would do this in the future then i'm most likely we wouldn't have picked verisign to look after our data, or we would have made sure they couldn't use it as a gun to our heads further down the road.
If they were going to break all the RFC's and the like, again, we would have put blocks in place.
but instead they are free to claim they own every domain that was ever that doesn't have a paying owner right now. Not that verisign are paying to squat on that domain mind, they just control the database.
so i say again
All your leftovers are belong to verisign!
Who do they think they are? I don't want to use their substandard search engine anyway.
much more useful would be a link to the domain as it was last known on internet archive or some other internet backup site. Not whatever it is verisigns ill thought out search routines are going to return.
This site is a little conspiratorial, but at the time many of the people in the know agreed that Abovenet and MAPS blackholed ORBS by using dirty tricks little advertising low cost (hop count) routes to ORBS and then blackholing the traffic. See here among others.
He seems fond of making everything two tiered, pay for BIND support, pay for access to the MAPS *BLs now. There was the situation where the patches for BIND were only available to those who paid. This was a huge deal at the time.
There also seems to be denials of the connections between ISC and the other money making businesses that Paul and his employees are involved with.
This is not a guy who want to share power and take the opinions of others into account, he and his companies also have a history of attacking overtly (DJB) and covertly (ORBS) people or groups who cross them. They scare me more than a bumbling giant corporation... Paul has companies/domains like Men in Black Hats and New World Order, these guys have very high opinions of themselves. I and many others would never speak out publicly against him, his employees/"volunteers" or companies because of the power they wield and their willingness to exact revenge on people who speak out against them. Those who do speak out are immediately branded as spammers or worse.
Some Paul quotes:
VeriSign running a bogus SMTP server was very bad from a privacy point of view. Even if they didn't accept the message body (did they? I don't remember), they collected a lot of information that could've been used for traffic analysis. It's none of VeriSign's business to know that I mistyped an email address: they could find out what the real address was. It's none of VeriSign's business to know that I mistyped a URL: they could find out what the real URL was (hamming distance usually 1 or 2). Why should they collect so much information about my email or surfing habits anyway? If I believed in conspiracy theories, I'd suspect that they may be in cahoots with the NSA (I don't think so).
cpghost at Cordula's Web.
Sometimes I misspell URLs and I actually *like* having a service that attempts to find the site I'm looking for.
Hey, good point! You can't type, so we should break the internet and one of the few effective anti-spam techniques, so that you don't have to retype "www.hot-mokney-porn.com".
By the way, I'm a fat slob with a heart condition, but I can't keep my fat ass out of McDonalds, inhaling lard-burger after lard-burger. I'd actually like a service that shut down all McDonalds and inconvenienced everybody else who can manage to control their compulsion to have evry meal at McDonalds.
By the way, I'm an alky; I jus' can't stay awy from dat ol' demon rum. Howsabout we Prohibit all alcohol, jus' 'cause I can't figure out how to stop after two drinks?
By the way, I get really afraid of Ay-rabs, and I don't understand why anybody would mind being on camera 24/7 unless they had something to hide. Can we tear up the Fourth Amedment and let John Ashcroft read your mail and tap your phones in order to give me a spurious sense of security?
I mean, that would be really convenient to me if we could do these things. I don't care how it would inconvenience you, becuase I, just like Verisign, am in the business of offloading my costs onto the community, in order to increase the personal profits I keep all to myself.
Opinions on the Twiddler2 hand-held keyboard?
If Varisign can tinker with DNS responses provided by their DNS, why can't every other downstream DNS server act in kind, when forwarding a query, taking the ersatz advertising responses from Varisign and substituting their own advertising website, or better yet, substitute the responsible "usual" behavior?
Indeed, if Varisign does this, wouldn's such a response be inevitable, for good and for ill?
What I will be most amused by when that happens are the frivolous lawsuits Varisign will raise when that happens.
Engineer has an idea. Engineer implements the idea. Engineer is happy. Engineer's peers are happy. Non-engineer picks it up and uses it to get a lot of money, tarnishing the original idea in the process. All engineers are outraged.
The article states that engineers should be more aware of politics. That's bull.
An engineer that takes politics into account will accomplish nothing, because he is battling windmills. Trying to protect your inventions against corporate meddling is impossible. The problem is that those who invent simply do not have the power to enforce the "right" use of their invention. Being aware that that power lies with people who are mainly interested in squeezing money out of ideas will only make you despressed.
And there are reasons that this is the way it is. The two main ones are (1) the innovators are the grease-monkeys of the corporate and political worlds; and (2) the fact that innovations can generate money is the catalyst that allows engineers to innovate.
These two reasons lead to three possible solutions for the described situation.
Solution 1: More engineers become politicians, thereby gaining influence on law-making and getting the ability to bend the laws to idealistic purposes. Unfortunately, engineers (just as scientists and artists) do not want to be politicians. It's a frustrating job, especially if you are idealistic. If someone is only interested in money and power, it can be a fulfilling job, but I don't expect idealistic law-making from such a person.
Solution 2: Engineers refuse to work for corporations and develop their ideas for themselves. Unfortunately, this will mean that they do not have the funding to work on their interesting ideas, and even if they succeed, a big corporation will notice them and run away with them.
Solution 3: Engineers do not create inventions that can be or need to be exploited for money. Translated: Engineers won't innovate at all.
Conclusion: All three solutions won't work in practice. Since that is a depressing thought, perhaps you better not read this comment.
Too late.