The Pirate Bay Co-Founder Starting P2P-DNS

An anonymous reader writes "The Pirate Bay Co-Founder, Peter Sunde, has started a new project which will provide a decentralized p2p based DNS system. This is a direct result of the increasing control which the US government has over ICANN. The project is called P2P-DNS and according to the project's wiki, this is how the project is described: 'P2P-DNS is a community project that will free internet users from imperial control of DNS by ICANN. In order to prevent unjust prosecution or denial of service, P2P-DNS will operate as a distributed and less centralized service hosted by the users of DNS. Temporary substitutes, (as Alpha and Beta developments), are being made ready for deployment. A network with no centralized points of failure, (per the original design of the internet), remains our goal. P2P-DNS is developing rapidly.'"

I love the idea,

[pecosdave]

But there is so, so much potential for spammers to kill it before it gets out of the gate good. Spammers so far have killed quite a large number of things that used to be cool on the internet and they're not going to stop until they're reigned in or nobody uses anything electronic anymore because of them.

Re:I love the idea,

[fuzzyfuzzyfungus]

I'd be more concerned by advertisers/audience tracker types than spammers(though, it is true, the botnet herders probably have enough hosts that, barring clever design, all domain names will point to h3rbal v15gra...)

There was a story a while back, I think it hit slashdot, about a university research group that set up a bugged tor node in order to explore that network. Because, unlike most of the idealists and tinfoil hats running tor nodes, they had a 100Mb symmetric line or something equally punchy, they had become the exit node of choice for some alarming percentage of the system by the end of their study.

Similarly, in the classic P2P scenarios, there are usually a few super seeders on University or colo connections, who end up moving a surprising percentage of the total traffic; because their connections are markedly better(and have basically 100% uptime compared to all the casual kids. Even when the casual kids actually introduce the material to the swarm, much of it ends up moving through the big guys.

I would imagine, again barring careful design(which would be tricky; because speed is of the essence with DNS lookups, unless you want your experience to suck), that it would be fairly trivial for google, Phorm, Neilson(if they aren't still living in the 19th century), or the like to set up a few P2P DNS servers that, for a few hundred bucks a month per geographic region, are by far the most responsive and fastest in the area(basic dual-socket 1u colo box on a gigabit line, we aren't talking crazy money here) which would give them near-ISP level of insight into where users of the P2P DNS are going...

Re:I love the idea,

[pecosdave]

You know, that MySpace bunch over there has tons of server power and bandwidth they're not using for anything anymore. It scares me to think of what would happen if they seized the opportunity to put it to use.

Re:I love the idea,

[fuzzyfuzzyfungus]

Don't give the dark lord Murdock any ideas...

Re:I love the idea,

Spammers are why we can't have nice things.

Re:I love the idea,

[colordev]

Count me in. I loved the internet when it was the new 'wild west'. With good PLANNING this project can become a great success that will _host_ great sites like Wikileaks! I would prefer...

(BEGIN of prior art to patent buster) a filesharing system and a device arrangement which is K N O W N for being a scalable anonymous encrypted distributer filesharing- network with properties of distributed webserver environment, where each user might be allowed to upload an amount of new file-data, that may be related to the amount of file-data which that particular user has mediated before to one or more of the other users of that p2p-cloud server computer system, of which that users computer may be part of. (END of prior art to patent buster)

when can I have one?

Re:I love the idea,

[mcgrew]

I've never seen spam on BitTorrent. Why would a P2P DNS be any different? If this is engineered and implimented intelligently, spam will not be a problem with it.

Re:I love the idea,

[colordev]

Sorry, forgot the word "onion-routed" *blush*

(BEGIN of prior art to patent buster) a filesharing system and a device arrangement which is K N O W N for being a scalable anonymous onion-routed encrypted distributed filesharing- network with properties of distributed webserver environment, where each user might be allowed to upload an amount of new file-data, that may be related to the amount of file-data which that particular user has mediated before to one or more of the other users of that p2p-cloud server computer system, of which that users computer may be part of. (END of prior art to patent buster)

Re:I love the idea,

[pecosdave]

You obviously haven't used BitTorrent, at least not years ago when I did. There were lots of results that would turn up claiming to be the exact whatever file name you were looking for. Usually they ended in .exe - my systems are compatible with that file type. Occasionally it would be an HTML file with redirects to the site they were "advertising" for.

Re:I love the idea,

[pecosdave]

Doh! My systems ARE NOT compatible with that file type.

Re:I love the idea,

[xtracto]

That could be challenged by including some kind of "peer reputation" system within the protocol

Re:I love the idea,

[DarkOx]

Sorry we caught you, you are using Windows. Its okay really you don't have to be ashamed; there are lots of people out there just like you.

Re:I love the idea,

[Eraesr]

I'm surprised that e-mail spam is still considered to be a profitable marketing option. The amount of spam that's not filtered out my ISP or e-mail provider's spam guard is extremely small and are there really still people who are dumb to click v14gr4 links?

Re:I love the idea,

[mark72005]

I wonder about this too.

I believe there are plenty of old people who are too dumb to realize they are being taken in on the Nigerian scams. I believe there are plenty of people dumb enough to open email attachments.

I still can't believe there are people dumb enough to fall for those spam emails. Especially pharmaceuticals... who would put medicine they bought from a spam email into their body?

Re:I love the idea,

[pecosdave]

Well, next worse thing. I'm using a Mac right now, with Snow Leopard on it.

Really, I think the OS is awesome (except where they intentionally handicapped it) but Apple is pushing lock in so hard and iTunes is beginning to take over everything, in the next revision even in the main OS is going to have iTunes being the main source of software. Given Apples track record of weining its users by introducing something new but staying compatible with the old way, then removing the old way I'm going back to Linux. You heard that right, I went Windows to Linux to Mac/Linux and heading back to just Linux.

Anyone want to donate to my new computer fund?

Re:I love the idea,

[silly_sysiphus]

I went through essentially the same process this year; all you need to do is sell your overpriced/overvalued Apple hardware and use that money for a (maybe slightly used) Thinkpad, preferably a T-series. Heck, I made a profit switching from a Macbook Pro to a Thinkpad, and ended up with faster, newer, more capable hardware. (high-end Thinkpads are fantastic on their own merits, but stand out for being some of the most Linux-friendly laptops around...of course, if you just need a desktop, the job's even easier).

Re:I love the idea,

[tomasf]

in the next revision even in the main OS is going to have iTunes being the main source of software

The Mac App Store is not a part of iTunes.

Re:I love the idea,

[Mitchell314]

Ignorant fool, nice things are exactly what they try to sell to us. :P

Re:I love the idea,

[pecosdave]

It's a Mac Mini so probably not worth a huge amount, but then again it's got a lot more RAM and HDD than when I bought it. Yes, I did that myself.

Re:I love the idea,

[mcgrew]

I've used it recently, and the only problem even close to spam was that sometimes files share the same name. The one that stands in my mind was a uTube video titled "The Bear", and I wanted a persistant copy.

Turns out there are a lot of works with that name. But if you search for "Star Wreck: In The Pirkinning" you're not likely to get anything BUT that film.

BitTorrent, by its very nature, is hard to spam.

Re:I love the idea,

In argentina we call that "acto fallido", when you reveal something you didn't want to ;)

Re:I love the idea,

[Xiterion]

Someone who is really insecure about their (penis|breast) size?

Re:I love the idea,

[tmosley]

Well, that's great, but this development means that the network doesn't just fail if those big nodes just disappear. The network will self adjust such that it takes full advantage of the resources it has access to. It isn't about empowering the people nor is it about isolating big companies. It is about ensuring that the network continues to function in the face of any type of attack, including those coming from governments or big corporations.

Re:I love the idea,

[Rich0]

Cost to send a bazillion spam emails from other people's computers:? Pretty close to zero.

Benefit from doing so:? Not much, but greater than zero.

Cost:benefit ratio:? Probably better than buying blue chip stocks.

Re:I love the idea,

[metrix007]

you realize that the above is useless as far as being submitted for prior art, right?

Re:I love the idea,

[wierd_w]

No, "nice things" are what they try to sell us on, not what they sell to us.

The vast majority of items being hawked by spam artists are the cheapest of the cheap of imitations and knockoffs.

Re:I love the idea,

[mcgrew]

You don't need a new computer to run Linux, it should run just fine on your Apple.

Re:I love the idea,

[mcgrew]

who would put medicine they bought from a spam email into their body?

The same people who would put illegal drugs from a stranger on a street corner in their body.

Re:I love the idea,

[Unequivocal]

No one ever went broke underestimating the intelligence of the buying public.

Not sure who said it but not much has changed in the digital world..

Re:I love the idea,

Why would you need donations? If you are going back to Linux, just use any old machine you have lying around. It isn't like you need a high powered 3D GUI running on top of your OS, right?

Re:I love the idea,

Personally I only use established bittorrent sites like TPB, ISOhunt, Demonoid. I've seen those other sites you refer to, had always assumed they were industry-sponsored sites designed to teach you a hard lesson about their way of peddling digitized entertainment. I mean, honestly, after seeing the common format of their webpages, it should be obvious that those sites are affiliated somehow, that there is more to them than meets the eye.

Re:I love the idea,

[internewt]

The mainstream computer companies are constantly banging on about how their products are easier to use, more user friendly, etc. than the competition. This is because the majority of the market (or the profitable bit) are essentially new computer users. Or are getting a computer of their own for the first time for recreational use, when they had generally only used computers in work/school for work/school stuff.

If the market was made up of experienced users, things wouldn't be sold as "easy to use", where easy to use is "possibly intuitive for those who don't get computer concepts, and will not RTFM". Cars (yeah, ignore the .sig) aren't sold as easy to use because the market for cars is made up of people who have to demonstrate they can work a car, and hence understand what features a car will and won't have, where they will probably be, and which ones to use and when. Car buyers don't need the steering wheel to be huge and green, they don't need a wizard to wind the windows down.

It wouldn't surprise me to find out that, world wide, every year there are more new users to the internet than the previous year. This means there's lots of new users who don't know how spam works, who don't know how affiliates work, who don't know how banner ads work, who don't know how Google works, who don't know about shit like those text advert links inserted into articles, etc.. These new users possibly will not think that v14gr4 is purposefully written like that, and might even think something like computer messages can suffer interference like a radio signal can.

New users also aren't used to the fonts. Slashdotters can no doubt tell the difference between l 1 I | and o O 0, and can identify the characters correctly when they aren't alongside the ones they could be confused with, but new users? No chance. v14gra might not look that odd to a new user, and so they don't spot it as suspect. You also can't buy viagra off the shelf (or at least, I don't think you can), so when presented with it human interest does kick in for some individuals.

I do sound like I am blaming new users, but I have been using the internet long enough to have seen new users come to the internet and wise up many times. Sometimes they barely wise up, sometimes they wise up very quick, but generally they stand to be manipulated the most when new to the web. There are people though who know they are limited, and so take things extra cautiously, though they are a fucking rare breed.

New users aren't necessarily used to the concepts that computers can produce copies for virtually no effort. Whilst there is a very clear cost to spam put through your front door, there isn't with email or other forms of spam, so even if the person has thought about the economics of advertising IRL, they might not get it right when it comes to computers. And so the spam could seem more legitimate than it is (not that I see any adverts as legitimate - they exist to manipulate your decision making processes, and I do not want that done to me. So I reject all advertising, everywhere).

Anyway, the answer? Education. And proper education, not asking MS what people should be learning. And not mandated computer science for all (though it should be available, if people want it). I dunno exactly what people need, but IME if some people had some basic knowledge of concepts like files and directories, programs and data, they would find using computers much less frustrating. I feel many proprietary products (and free ones that have copied paradigms) purposefully obscure what is going on so that the user becomes dependent on the proprietary product to do a job. The user can't learn what is going on, and if they did, they might change to a different product to do the same job. And that's bad for business.

Re:I love the idea,

[Beardo+the+Bearded]

Spam doesn't sell products. Spam is itself the product. Spammers sell the spam service to people who think that spam works. "If only 1/10th of 1% buy, then you meet your ROI!" but that's just a lie to get the cash.

The emails themselves are the product that is being purchased. The items being hawked are irrelevant.

Re:I love the idea,

[c6gunner]

I believe there are plenty of old people who are too dumb to realize they are being taken in on the Nigerian scams. I believe there are plenty of people dumb enough to open email attachments.

Yes, but how many people even SEE those e-mails any more? For the last year or so, I assumed that the nigerian scammers had just given up, or at least that their attempts had massively declined. Then last week I went to check my spam folder for something, and found out that I was getting an e-mail of that type at least once a day - I just never see them. Given how effective the filters have become at all the major e-mail providers, the fraction of users who get to see the spam and scam e-mails has got to be marginal.

Re:I love the idea,

[GameboyRMH]

Good point, P2P-DNS lookups should be done with random peers to prevent such honeypot tactics from working (if it doesn't already work this way). DNS lookups aren't bandwidth-intensive so there shouldn't be any serious performance hit (today's centralized DNS system isn't that speedy anyways).

Re:I love the idea,

[GameboyRMH]

Given Apples track record of weining its users by introducing something new but staying compatible with the old way, then removing the old way

Sounds like Embrace, Extend, Extinguish.

Re:I love the idea,

I've seen only one instance of "bittorrent spam" so far (not counting movies I've found in the new proprietary WMP format). One time I downloaded a movie (it wasn't out on DVD at the time, so I was suspicious when I found a torrent so soon) and it was encrypted. Nice. I went to the link where the key supposedly was out of curiosity (with a well-secured browser of course) and it had the message saying something like "I've done something for you, now I want you to do something for me"

Yeah right...torrent deleted!

The file sharing systems of ye olden days were full of spam...the official Kazaa client carried spyware first of all, and then the results were often virus-infected files and fakes put up by the record companies. People would share Linux ISOs claiming they were $hot_new_game to cheat the system. Even later when you could get a nice client like Shareaza that worked with all the different crappy little file sharing networks there was still the issue of virus-infected files and fakes.

But it's practically a non-issue now with torrents.

Re:I love the idea,

[Keeper+Of+Keys]

You know, that MySpace bunch over there has tons of server power and bandwidth they're not using for anything anymore.

Give this person an internet!

Re:I love the idea,

[GameboyRMH]

Wow, Apple laptops are so expensive you can sell them, buy a Thinkpad with better specs, and have money left over!

Re:I love the idea,

[Fjandr]

The problem with random peers is stated above, though perhaps not explicitly. Given the levels of botnet infection, all spammers would have to do is install the software on their zombies and a huge chunk of those "random peers" become malicious DNS servers.

Re:I love the idea,

[Fjandr]

The Mac App Store is not a part of iTunes yet..

Re:I love the idea,

[GameboyRMH]

Youtube or utube? My work firewall says utube is porn (although the Google Cache looks like the world's most generic website).

For downloading Youtube videos I just use the Clipnabber JS bookmark. It does other video sites too.

Re:I love the idea,

[psyclone]

Right. You'd want to many the same query to many peers, and compare the results. Due to the expense of this, you'd want to heavily cache responses and always be re-querying hostnames in the background if you want to honor the original TTL.

Any idea if something like DNS Curve could be useful here? It relies on the domain/zone owner to have a private key.. I don't see how you could ensure the integrity of a DNS response, unless the P2P network simply routed your queries to the domain/zone owner's nameservers.

Re:I love the idea,

[colordev]

uh,... no why would it be.

prior art is "the total body of knowledge, which teaches or otherwise relates directly to an invention. This is the primary criteria in determining the patentability of a new invention. Establishes novelty and unobviousness of the art that relates to the invention in question. Prior art references include documentary sources such as patents and publications from anywhere in the world, and nondocumentary sources such as things known or used publicly. "

OR

"Prior art or state of the art is all information that has been disclosed to the public in any form before a given date. Prior art does not include information kept secret, whether from trade secrecy or just a simple lack of interest in publication. Normally, we expect prior art to be descriptions sufficient to inform the average worker in the field (or the man skilled in the art), published in fixed form and made available in public libraries. Normally, prior art does not include unpublished work or mere conversations (though according to the European Patent Convention, oral disclosures also form prior art"

This is slashdot and many of those who choose to come and read news about "Pirate bay's co-founder starting P2P-DNS", are enough experts in fieds of filesharing, TOR, bittorrent and cloud technologies. In fact, I am pretty sure even you would read that "prior art patent-claim" to be (mostly) describing a "bit-torrent-TOR-hybrid-system", where the amount of data that the user mediates to other users impacts the amount of data that user is allowed to submit to the distributed-cloud- webserver-right. And based on just that you could see the the obvious industrial benefits being at least...

• vandals could not flood the distributed webserver with bogus data.
• cloud-webserver would be available as a storage media, files would be stored on (almost) 'randomly chosen' users computers
• Because the distributed fileserver would fetch the files using an encrypted onion-router like structure privacy of users would be improved
• Storing the files in encrypted form would allow even companies to use that as data distribution, storage server.

So, how could that used as a prior art, well lets assume lets say in 10 years time a company X would start patent trolling companies who use that kind of distributed storage. And if that patent was really a problem then EFFI of some other instance could challenge that patent and request prior art to that patent... and there is a high probability I would also see that request. And I would check my submit mini-prior art to the one needing it.

I believe these kinds of submarine-prior- art patent-busters could be very effective against submarine- patent trolls. If this type of action was popular among independent coders, it would take away much of the problem with stupid software patent. Companies would not dare to start costly process of suing everybody for something obvious, as there would be a BIG probability that someone in the world might just show up and invalidate the whole patent in the middle of an expensive legal process.

For me it was easy to cast that technology to public domain, as I have no use for it self and I'd like that being used. Ok, it is likely that the writing of that patent-buster was 15 minutes of wasted time, but there is also a small chance it wasn't. I consider that being a small service to the community.

Re:I love the idea,

If he said 'uTube' and a film entitled 'The Bear' I'm pretty sure it's homosexual porn. Bear is not a term usually applied to heteros :D

Re:I love the idea,

[pecosdave]

I absolutely love the Apple Zealots on this site who religiously read every comment and if they find something even slightly anti-Apple find a reason to mod it down. Every single critical thing I've ever said against Apple, even when incredibly fair has received this treatment. I could seriously compare some of those people's protection of Apple to a certain religious group protecting other things.

Re:I love the idea,

[julioody]

There is, and that's one among a few potential problems with this idea. Though identifying said problems isn't reason enough to throw it out of the window.

I also see the problem he's trying to address (US control over it) as a huge deal, considering that that pretty much means *some* corporations having control over the Internet. While today we're here posting on Slashdot, and browsing/using it in whichever way we want, it's not prudent to wait until that's not the case anymore to start looking into it.

... Spammers so far have killed quite a large number of things that used to be cool on the internet and they're not going to stop until they're reigned in or nobody uses anything electronic anymore because of them.

The same could be said about ICANN (and by extension the US govt), the day they decide that a website or product "violates their copyrights", "hasn't paid royalties for patents", "is controversial", or whatever.

Re:I love the idea,

[M.+Baranczak]

I'd be more concerned by advertisers/audience tracker types than spammers

There's a difference?

Re:I love the idea,

[GameboyRMH]

That would have been my first thought too, but I know mcgrew doesn't swing that way. I think this is the video he's talking about:

http://www.youtube.com/watch?v=Y3bCEhHgTLc

Re:I love the idea,

[complete+loony]

I said something to this effect yesterday. You'd generate a private key, hand your public key to a trusted certificate authority who would issue you a name then sign your key and domain name. You then use your key and signature to sign your current DNS records and publish them in a p2p distributed hash table. You could use the same key, or another key published in the same way via DNS, to initiate an SSL connection when the user connects to you. That way the user can be certain they are connecting to the correct host.

While you could also allow self signed DNS records in this model, or build a "web of trust" by signing each others keys. This could be a lot harder to trust, end to end, when you connect to a name you've never tried before.

Re:I love the idea,

Sarcasm, I assume. But look at the resale values for a used Macbook Pro, then compare them to the resale values for a Thinkpad, and tell me you don't think it's possible...

(Given that a first-generation Macbook Pro started at ~2000USD on launch, and a T60 equipped comparably (but inherently superior in terms of RAM capacity, expansion slots, higher-resolution screen...not to mention the ability to swap in a Socket M Core2Duo (the Mac's processor is soldered in), came in at a couple hundred less, this is totally feasible/believable. Even if you assumed equal rates of depreciation (yeah right), he has a point.

Re:I love the idea,

[GameboyRMH]

No not sarcasm, I was just pointing out that Apple laptops are even more overpriced than the notoriously expensive (and in my experience, superior) Thinkpads.

Re:I love the idea,

[Formalin]

Seems pretty common around here. Absolute lunacy.

It's a company FFS. They act like any perceived slight is the same as if you had called their mother a whore.

Re:I love the idea,

[pecosdave]

Dirty little secret.

The company I was working for that got me started on Macs a couple of years back issued me an iPhone. The phone no longer works properly. The Bluetooth and WiFi broke, last I checked the main radio still worked, so it probably still would work as a phone.

I use it for podcast at the gym.

I've dropped it off the elliptical probably two dozen times or more. Sure I could do podcast on my PSP or nice shiny EVO, but I don't want to drop those off of the elliptical. In other words I still need iTunes.

Did I mention iTunes lock-in is one of the reasons I hate Apple so much?

I'm seriously considering iTunes under WINE just until I finally break this thing to the point of not working for podcast anymore. I dislike WINE, I consider it an excuse to keep people from developing for Linux. Especially when Apple products are already *NIX based and a simple recompile and tool kit swaps would probably let it work on Linux. Or better yet, don't lock their devices down to begin with....

I love my EVO.

Re:I love the idea,

There was a story a while back, I think it hit slashdot, about a university research group that set up a bugged tor node in order to explore that network. Because, unlike most of the idealists and tinfoil hats running tor nodes, they had a 100Mb symmetric line or something equally punchy, they had become the exit node of choice for some alarming percentage of the system by the end of their study.

Who needs that much child porn? I mean, come on!

Re:I love the idea,

[metrix007]

Two words: Lacks and Detail.

Your little blurb paragraph lacks enough detail to be considered prior art for a patent application that would have excessive detail, making your little blurb abstract enough not to qualify in any meaningful way.

Honestly, it won't and can't be used for anything, and I guarantee it never will be, nor that any comment on any BBS ever has.

Re:I love the idea,

[totally+bogus+dude]

Where do you get the torrents from? So far as I can tell, most people use one (or several) "torrent sites" to download the torrents. These sites tend to be community-driven, but not peer-to-peer. There tends to be a centralised voting or reputation system that results in fake or malicious torrents being removed fairly quickly. That's harder to do in a pure P2P system.

Re:I love the idea,

[mcgrew]

Most definately a typo. Probably didn't have enough coffee (got up too early yesterday)

Re:I love the idea,

[mcgrew]

Does clipnabber work in offline mode? I only have intenet intermittently.

Re:I love the idea,

[GameboyRMH]

Oh, no clipnabber is an online tool (The JS grabs the site HTML and sends it to Clipnabber's site for processing, where you then get a link to the FLV source). I always use online tools for this because it's a constant cat-and-mouse game between the video downloader tools and the video sites.

There are various offline tools including browser addons, but they just do the grabbing and processing on your local machine, you still have to be online to download the source.

A technique like this might be more useful for you:

http://google.com/search?q=get+youtube+video+from+cache

Re:I love the idea,

[Ginger+Unicorn]

He's already howling mad enough as it is...

Re:I love the idea,

[duerra]

Am I the only one that thinks these guys wouldn't continue to spam if it *didn't* pay?

Re:I love the idea,

[bandmassa]

"The Atlantic ocean is such a dangerous place, Mr Columbus! There's the Sargasso Sea, storms that rage for weeks, even months and quite possibly sea monsters! You'd be mad to try to reach the East Indies by sailing that way, sir!"

So, because there are spammers, we must not try to improve the internet? Perhaps, people working on these sorts of projects might actually have some idea about how to make spamming via the service harder. Perhaps most people aren't actually as seriously affected by spam than the worst case scenario so are willing to make cool stuff anyway.

One man's spam is another's window on a bargain or something interesting to read.

The result of the first human not trying something because of the risks would have led to us still living in caves.

Re:I love the idea,

[pecosdave]

I think you're missing the point, especially the point that I sort of just made the point you made without using the same words.

You get an A+ for drama though.

Re:I love the idea,

Right. If spam is a scam on those paying for it, then why do the spammers bother sending it?

Good luck with that.

[Skarecrow77]

When you violate US copyright law, the feds really just kinda laugh and say "ok, sure, whatever."
When you try and prevent the US government from taking over something they've set their sights on dominating, they're a whole other kind of aggressive beast.

watch your back dude...

Re:Good luck with that.

[Haedrian]

Up Next - "The Pirate Bay Co-Founded killed in mysterious accident"

Re:Good luck with that.

[vlm]

Up Next - "The Pirate Bay Co-Founded killed in mysterious accident"

Accused of rape in a friendly foreign country, more likely.

Re:Good luck with that.

[sakdoctor]

"The Pirate Bay Co-Founder ... and alleged rapist ... has started a new project which will provide a decentralized p2p based ..."

Re:Good luck with that.

[someone1234]

Or murdered by canadian ninja turtles.
http://www.telegraph.co.uk/news/worldnews/northamerica/canada/8172920/Julian-Assange-should-be-assassinated-Canadian-official-claims.html

Re:Good luck with that.

Great idea but as the parent said:
Watch your back...

Re:Good luck with that.

[VShael]

They don't repeat themselves, do they?

Re:Good luck with that.

[Issarlk]

Better make it "child rapist" to offset the sympathy the Pirate Bay Co-Founder must enjoy with public opinion.

Re:Good luck with that.

[j00r0m4nc3r]

Or raped by canadian ninja turtles in a friendly foreign country

Re:Good luck with that.

[fuzzyfuzzyfungus]

I suspect that all but the most techno-clueless-my-gun-is-a-penile-prosthesis fed types are yawning right now. Alternate DNS schemes(albeit typically based on exactly the same tech as conventional DNS, just with different root servers) have been around for years, often as part of an attempt to squat on TLDs that ICANN hasn't approved yet, and all have foundered for lack of adoption. Less dramatically, it is totally unsurprising, and quite common, to encounter all sorts of odd setups inside corporate and institutional networks. The local institutional DNS servers are commonly both lying about certain registered domains(why yes, facebook.com is located at 127.0.0.1, their servers must be down...) and providing valid responses to totally unregistered stuff(printers, network scanners, etc.) that isn't reachable from the outside and thus has no need to be consistent with the global DNS hierarchy.

The feds have been tolerating FreeNet for years, despite the empirical fact that it is so slow and irritating to use that it is largely kiddie porn, a dash of copyright infringement, and a few idealists. It just isn't a threat. Similarly, any Fed who hasn't been hitting the CIA LSD stash while watching old James Bond films and channeling the spirit of ol' Joe McCarthy, american hero, will realize that a project of this sort is A) unlikely to succeed. B) going to get streisanded all to hell if its founder dies in a mysterious falling down three flights of stairs and hitting his head on three rounds to center mass and one to the head accident and C) likely to have some network signature that will actually making locating the paranoids, pirates, and general naer'do'wells easier than it would otherwise be...

Re:Good luck with that.

[Arancaytar]

As long as they haven't tried to kill Assange, Sunde is probably safe. There are people the US government hates far more than the Pirate Bay.

(Unless, of course, the RIAA decides to start hiring... private contractors.)

Re:Good luck with that.

don't they have hate speech laws in that country?

Re:Good luck with that.

[Barefoot+Monkey]

"The Pirate Bay Co-Founder ... and alleged rapist ... has started a new project which will provide a decentralized p2p based ..."

That should be a new meme. Simply put "an alleged rapist" after every reference to anyone at all, until that particular vector of character assassination becomes meaningless.

It's important to ensure that your subject actually is an alleged rapist though - otherwise you're just being inaccurate and libellous. The trick is to tell someone (a friend sitting next to you at the time will do) that the subject is a rapist, thus permanently transforming the subject into an alleged rapist even if the person you told is fully aware of the meme. It's safe to then clarify that the subject is not actually a rapist, since there is no such thing as "a formerly-alleged rapist".

This idea is inspired by Godwin (an alleged rapist) and his well-known counter-meme, Godwin's Law.

Re:Good luck with that.

"As long as they haven't tried to kill Assange..."

What makes you think they haven't tried (or aren't in the process of)?

Re:Good luck with that.

[elrous0]

Obviously the fame went to his head and he thought he could get away with it.

Re:Good luck with that.

[guruevi]

Blackwater (now Xe "Services") wouldn't even blink while doing it. They didn't blink at doing the dirty work in Somalia in their "take no prisoners" pirate hunting for rich multinational companies and the US Gov.

Re:Good luck with that.

...a mysterious falling down three flights of stairs and hitting his head on three rounds to center mass and one to the head accident...

Center mass is basically the torso; unless the three rounds you're referring to were made by the same company that manufactured the magic bullet that killed Kennedy, it's either 3 to the body and 1 to the head, or 4 to the head, no center mass.

Re:Good luck with that.

[fuzzyfuzzyfungus]

It was an intended(perhaps botched) joke. There is a phrase "He tripped and hit is head on a bullet", used colloquially to describe an absurdly suspicious death that is officially accidental. Similarly "three rounds to center mass, one to the head" is obviously impossible to hit your head on; but is intended to suggest an "accident" carried out by well drilled individuals who want to be very sure, not just some junkie doing it for $50 and a dimebag.

Re:Good luck with that.

[The+End+Of+Days]

He's still alive. That's a pretty good sign.

Re:Good luck with that.

[funkyloki]

When you violate US copyright law, the feds really just kinda laugh and say "ok, sure, whatever."

The Feds seized 82 domains related to trafficking in counterfeit goods, one of those being a torrent site. They are trying to pass ACTA, a copyright treaty that would circumvent a nation's own laws. They are trying to pass COICA which is in the Congress right now. The DMCA, ever hear of it? The RIAA and the MPAA are trying to make the DoJ their own legal enforcement department. Yeah, the Feds just don't care about copyright law.

Re:Good luck with that.

[networkBoy]

raped to death by Canadian ninja turtles in a friendly foreign country?

Re:Good luck with that.

[moonbender]

So is Castro.

Re:Good luck with that.

[icebraining]

Or in the Chicago musical: "And then he ran into my knife... he ran into my knife ten times!"

Re:Good luck with that.

[Asclepius99]

My first thought was Mystery Men:

Mr. Furious: Seems there was a little controversy there regarding your father's death.
The Bowler: Yes, the police said he fell down an elevator shaft. Onto some bullets.
The Blue Raja: You know, I've always suspected a bit of foul play there.
The Bowler: As have I.

Re:Good luck with that.

[Programmer_In_Traini]

i see what you did there.

Re:Good luck with that.

Or canadianized by a raped ninja turtle in a foreign country

Re:Good luck with that.

[Nadaka]

You can shoot someone center of mass and the head with the same bullet. You just have to be shooting at them from directly above or below and get lucky.

Re:Good luck with that.

Or actually committed rape in a friendly foreign country, more likely.

Re:Good luck with that.

[asvravi]

"suspected" rapist, not even "alleged".

Re:Good luck with that.

You just have to be shooting at them from directly above or below and get lucky.

From crotch to skull? Fuck, I can't imagine a worse way to die.

Re:Good luck with that.

That's a fantastic idea Barefoot Monkey (alleged rapist), thanks!

Re:Good luck with that.

Assange is helping the CIA prep to invade Iran/North Korea, and also to get back at the pentagon for screwing up in Afghanistan when their agency was doing a much better job of fighting that war. His arrest is a convenient excuse to exit the scene for awhile (similar to Hal Turner's "arrest" who was really an FBI informant).

Google +Assange +shill. You will learn quite a lot.

Re:Good luck with that.

[Beardo+the+Bearded]

"The Pirate Bay has been accused of hosting child pornography."

Re:Good luck with that.

[c6gunner]

Awesome. In other news, alleged-rapist Barefoot Monkey was beaten to death by a throng of angry feminists today, after being ass-raped with 6' barbed-wire dildos. The women were apparently angered by his successful campaign to marginalize rape. Film at 11.

Re:Good luck with that.

[GameboyRMH]

The company formerly known as Blackwater goes by many names, I don't think they even use Xe anymore. They recently won a contract with the US government under another name, International Development Solutions. But they're generally using more names than you can count on one hand.

Re:Good luck with that.

[Darinbob]

Kidnapped by Somali pirates.

Re:Good luck with that.

Of all the ways to die I have to put that one in the top ten.

Re:Good luck with that.

[AigariusDebian]

Also see http://www.antipope.org/charlie/blog-static/2010/12/the-nobel-peace-prize-for-2011.html

Re:Good luck with that.

dead Canadian turtle raped by friendly ninja in foreign country?

Re:Good luck with that.

[monkyyy]

keep up the good work of spreading the meme, anon(massive blob of alleged rapists), thanks!

Re:Good luck with that.

[j00r0m4nc3r]

It's one thing to joke about rape and murder, but being Canadianized is just cruel...

Re:Good luck with that.

[monkyyy]

and terrorism, Communism, and country's not dedicated to serving our will, etc.

Been Tried...

[nweaver]

This has been tried, several times. With the same problems popping up again and again.

Such as "The DNS is a hierarchical namespace, P2P type controls work only for flat namespaces. Yet generally people like hierarchical namespaces."

and "Without a good notion of cryptographic trust, you're doomed in a P2P setting. And if you think a PKI is hard to get right...".

Re:Been Tried...

[vlm]

>Such as "The DNS is a hierarchical namespace, P2P type controls work only for flat namespaces. Yet generally people like hierarchical namespaces."

Its the other way around, people generally hate hierarchical namespaces.

Outside the US, the whole "co.uk" type thing is tolerated, not enjoyed. Inside the US, the unwashed masses are completely mystified by *.state.us addresses to the point that they are mostly unused, with domains like "cityname.com" or "schoolname.org" as the modern preferred choice. Also "AOL keywords" have been replaced by "www.facebook.com/whatever". You see, each step in the edu/gov/us hierarchy contains a nearly impenetrable bureaucracy, but registering a ".com" at godaddy just takes 5 minutes and a credit card...

Re:Been Tried...

[werfu]

Then go flat namespace. Why do we really need hierarchical namespace? I mean, people don't bother if its .com, .net or .org. Its a convention. Anyway, most people now protect their domain name by buying other domain suffix. Or like my mom that has google as her start page, and enter the url she wants to go directly into the google search textbox then press search. IMO domain suffix are overrated and provide more bloat to the net than it does good. Just look at the mess the .co domain is doing. A lot of domain scammers have already taken well known domains to make moneys from people entering things like hotmail.co. If there was no domain suffix, you would simply enter gmail and then get to gmail. Who cares about country anyway on the net.

Re:Been Tried...

[Cyberax]

"Such as "The DNS is a hierarchical namespace, P2P type controls work only for flat namespaces. Yet generally people like hierarchical namespaces"

You just need to keep one level (second-level domains' glue) in DNS. Then the usual recursive nature of DNS can take over.

Reliable PKI is a problem. But it can be fixed, somewhat, using distributed key registries and reputation systems.

Re:Been Tried...

Flying was also tried time and a time again, but eventually humans flew.

While seemingly insightful at first blush, that comment is useless. Of course some difficult problems can eventually be solved. That's a big duh-four, good buddy.

Re:Been Tried...

[Dachannien]

Flying was also tried time and a time again, but eventually humans flew.

And eventually, some people realized the implications of commercialized flight and started blowing up planes or crashing them into buildings. But I'm sure we'll solve that problem eventually, too, won't we?

(Hint for the analogically dense.... flying : P2P DNS :: blowing up planes : exploiting gaping security holes fundamental to the P2P philosophy in order to reroute traffic to a desired destination for nefarious purposes)

Re:Been Tried...

[bluefoxlucid]

Right, a P2P decentralized DNS would need to rely on date-stamped, signed DNS entries with hierarchy control. Who owns slashdot.org? Does it DNS? No? Okay, find entries. Oh, here's several, but this one's outdated, and these three are newer than this still valid one signed by someone else. Well then that one should be valid. Okay, so the same entity should be signing *.slashdot.org entries... see?

Re:Been Tried...

[Captain+Hook]

You've just wiped out a vast amount of the namespace available because it's no longer possible to have the same domainname in different domains.

Re:Been Tried...

[nschubach]

If we decided to kill all plans because someone further down the line might use such technology for nefarious purposes... we'd still be living in caves and eating whatever is lying around. I mean, why use sharpened rocks or sticks that could possibly be used to hurt someone?

Re:Been Tried...

Your comment is so idiotic it deserves a reply. Far from "wiping out" anything, a flat DNS would permit lots of domain names that are not allowed at this time. But of course, you're thinking like the stupid little internet "merchant" you are, who got a hold of, say, wettshirts.info and is scared that a flat DNS system would no longer permit him to mooch off the abundant google-juice of wettshirts.com.

Re:Been Tried...

[xtracto]

Blah... as sibling said, your comment does not make sense.

With a flat namespace you could have among others
my-shitty-spamsite.a
my-shitty-spamsite.b
my-shitty-spamsite.aaaa
my-shitty-spamsite.a
my-shitty-spamsite.com
my-shitty-spamsite|com

The idea is that the dot would not have any semantic meaning within the name.

The TLDs are a baggage from the prehistoric internet era when the internet was just starting and researchers thought the World Wide Web would be an ordered place (put all commercial under a .com, all NGOs and similar under org, all education under edu, etc). Nowadays you have all kind of sites under all type of subdomains... the conventions do not makes sense.

Re:Been Tried...

[Steeltoe]

A distributed system can of course support a hierarchical namespace. If you need .com or .org, just tie it with the name-string, if required.

The issue with P2P-DNS is that it is inherently insecure, since any peer can be a potential hijacker. So you never know if the IP receieved is the real IP, or a hijacked IP with spoofed websites and services and all.

This can be mitigated by generating false DNS requests indistingushable from the real ones (no Tor's method is not there yet), and generating a web-of-trust of trustworthy peers.

However, for people requiring true anonymity, this can be less of a threat than being tortured and brought to final silence, which is why Tor already supports P2P DNS. I believe they route the requests to the exitnodes, for extra "safety", although if the exitnode is compromised or hostile, that can bring problems.

Another issue is who will have authority to allocate new names, and there hierarchy can bring problems as well.

I believe I2P has already solved the issue with its eepsites and tunnels. It does require a competely dark net like I2P though, since exitnodes are inherently untrustworthy and hierarchical in nature.

Re:Been Tried...

[nhaehnle]

I don't think people - as in, non-Slashdot visiting users - care one bit for hierarchical namespaces. The only thing that the system has to offer them is

1. The ability to click on links on websites and have them work.

2. The ability to type in an URL that they saw in an advertisment, magazine, or other off-line source.

Note that neither of these tasks requires a hierarchical namespace, and only the second task requires a centrally controlled namespace. On top of that, that second ability may be becoming increasingly irrelevant, giving search engines, 2D barcodes, etc.

There is, in fact, a useful way forward that would be any crypto-nerd's dream by reducing the importance of DNS and ridding the world of the mess that is SSL chains of trust at the same time. Forget about a decentrally controlled name space (that is totally unrealistic), but encourage people to use public-key based links. The idea is that - except for task 2 above - we would use hyperlinks that contain public key hashes (or even entire public keys). A decentralized lookup system would map public key hashes to IPs, and upon connection to the given IP, your browser/mail-client/whatever could directly verify whether the server was trusted, because you could verify whether it owns the correct private key.

Such a system cannot solve task 2 above, but a world with the outlined public key based server lookup, combined with a mostly vestigial centrally controlled namespace system that maps names to public keys could work, and it could even work pretty well.

The only problem is that I can see no natural path that takes us from where we are today towards that ideal world. Oh well.

Re:Been Tried...

Not necessarily; just eliminate ownership of names all together. As an added benefit, you no longer have to worry about squatters, prospecting, disputes, theft, and so forth. Trust needs to be verified anyways, and it is an orthogonal problem. Just as long as you know you are connected to the site you want, it doesn't matter if there are a thousand more.

Re:Been Tried...

[LordLimecat]

your argument might just possibly be worse than his. Just because the innovation of flight has led to some new problems doesnt mean that the entire process was a waste.

Re:Been Tried...

[icebraining]

What about ccTLDs? Many still have fixed rules, which can be useful (for example, I know that any online shop a .pt domain is legally registered in my country).

Re:Been Tried...

[icebraining]

why use sharpened rocks or sticks that could possibly be used to hurt someone?

I'm pretty sure that was intended by design, not a side effect.

Re:Been Tried...

[dnsdude]

Yeah, folks, this is non-news. The DNS is hierarchical. It can't be replaced. It's not a technology, it's a consideration to global name recognition.

The last paragraph of this article ( from *2002*: http://www.shirky.com/writings/domain_names.html ) says it best:

"There are no pure engineering solutions here, because this is not a pure engineering problem. Human interest in names is a deeply wired characteristic, and it creates political and legal issues because names are genuinely important. In the 4 years since its founding, ICANN has moved from being merely unaccountable to being actively anti-democratic, but as reforming or replacing ICANN becomes an urgent problem, we need to face the dilemma implicit in namespaces generally: Memorable, Global, Non-political -- pick two."

So please, let's quit with all this talk about "replacing" the DNS. Get real, kids.

Re:Been Tried...

[Asclepius99]

Even worse than that, his argument is that because one thing eventually created new problems we shouldn't try something completely different because it has the possibility of creating problems later. So basically, he's against trying to make any progress at all because there's always some problem that may or may not come from it.

Re:Been Tried...

[Logic+and+Reason]

2. The ability to type in an URL that they saw in an advertisment, magazine, or other off-line source.

I'm not even convinced they need to do that. Google searches are easier and more reliable (typo correction, auto-suggest, even basic phishing/malware protection).

Re:Been Tried...

[TheRaven64]

I read a paper a few years ago, which showed a strong correlation between programmers and hierarchical thinkers. This isn't entirely surprising - most programming languages arrange code in hierarchical structures (modules, classes, subroutines, nested scopes, and so on), so to be able to use one you need to be good at thinking in terms of hierarchy. Programmers therefore tend to assume that thinking in terms of hierarchies is normal for humans. In fact, the study showed that it's only easy for something like 5-10% of the population.

iTunes is a good example. It arranges music in a flat layout and lets you filter it based on various properties. A typical programmer reaction is 'why would I want that? My music is arranged in an artist/album/track directory structure already'. It's one of the main reasons why programmers tend to be terrible at designing user interfaces for non-programmers.

Re:Been Tried...

[Rich0]

I don't see flat namespace being that big a deal. If the distributed model just got you to the second-level domain it would probably be enough to cut out 99% of abuse. From there you just do a conventional DNS request to get the rest.

Sure, that does mean that the government can shutdown poor.boy.some.isp.com. However, they can't shut down wikileaks.org or any other second-level domain, which is of course where all the action tends to be.

Trust is the big problem. So, who is the legitimate owner of wikileaks.org ten years after it has been banned? Once you get rid of the central registry you end up with everybody having their own opinion, and at best you can do a weighted majority.

Re:Been Tried...

It's dead anyway. If people can't get ".com", they go for ".co"!

Re:Been Tried...

[billyswong]

Your idea remind me of magnet link in Bittorrent. Although they have significant difference, but the outlook is very similiar: a link with hash!

One rub: since computer is always advancing, brute-force cracking become easier and easier, which in return asks for key lengthening, or at least key switching, every n years. Are we going to be required to "renew" our bookmarks every n years too? How to handle the "hyperlink expiration"?

Re:Been Tried...

No shit, you don't say. I mean, that was the ENTIRE PREMISE of his post, but he sure must a missed it. What a dummy!

Re:Been Tried...

ya but like the guy (girl?) said, it is usually the case that a web site at something.com is the same as something.net and something.org and people are just registering the other TLD's to secure their reputation. In the cases where this is not true, where something.com is not the same as something.net or something.org then the others are impersonating the main one (usually .com) and are probably using it for nefarious purposes.

Re:Been Tried...

[Tim+C]

Who cares about country anyway on the net.

I do, when I'm trying to order physical goods (no, I do not want to ship from the US to the UK, or to have to pay in a foreign currency), or want my search results to favour my country (as google.co.uk will do, but google.com won't).

That doesn't necessarily require ccTLDs of course, but it's two examples off the top of my head when I care about geography on the net.

Re:Been Tried...

Redundant, error and fault tolerant designs are needed. Simply assume there will be erroneous and old info and use some Bayesian networking.

Re:Been Tried...

For such a low UUID, I'm surprised...

In the era of google, yahoo, altavista, and the dead webcrawler. Why do I need DNS? I just need the index to point at the IP. In IPV4 this doesn't work (well). But in an era of IPV6 where I get my permanent long lived address, we're a lot better off. Of course, that just pushes the issue from ICANN to ARIN. We can still solve that--but it gets rid of one of the possible and most economically feasible layers to tamper with.

I understand, this cuts out part of the abstraction layer--it makes things more brittle, but for most web content it's good enough if it gets indexed by something, and shows up. The real issue is that it makes it impossible to run an nslookup on a domain and see who the registered owner is--you have to go back to the address space, which people really don't like turning over. Even that brittleness is survivable though, with things as simple as "dyndns" type settings, hierarchical micro DNS with short lived TTL's and the host can publish any TLD they register with. With a content/name signing key or some pre-image hash chains attached to the "DNS" to authenticate the origin, you could even control who can update it to the original author.

This really *isn't* technically difficult. PKI isn't hard to get right. Trust is hard to get right.

You don't need cryptographic trust in P2P, just anonymity, authentication and a good way to handle sybil attacks.

Re:Been Tried...

[nschubach]

Maybe they used them to get sap from trees and cut vegetable easier. ;)

(I just dislike when people attribute tools being shunned because someone may use them improperly.)

Re:Been Tried...

[werfu]

I guest you live in the US. In Canada there's lot of web boutique that have .com TLD and it sometime confusing to know we're the shop is. Or if they ship in Canada and you don't know they are in the US then you end up with a custom fee. It's true that if they'd ended with .ca, that would be clearer, but then most other people wouldn't think they could ship to other countries. The thing is, the TLD doesn't guarantee the web site origin. Would someone in the US shop on a .ru website? Most won't, simply because of the TLD, but the company could have a shop in the US. Most companies use the .com TLD because it's international and more recognizable. But it doesn't ensure they doing business internationally. TLDs are a conventions that is being misused. That's why I think they could be discarded.

Re:Been Tried...

[GameboyRMH]

With my music and email I take the "chuck 'em all into one place and filter" approach, but everything else I tend to structure hierarchically. Probably because of the way I use them. Music and emails are "random access" while with documents and such I know what I'm looking for and want a structured way to get to it.

Re:Been Tried...

[GameboyRMH]

Sounds good, have any ideas on how this could work in an Average Joe-friendly way?

Re:Been Tried...

Nah. While I think we're Doing It Wrong(tm) with respect to namespaces, it's only that we order the name wrong for it to feel like a hierarchy.

com.foo.host/bar/baz is how things should be arranged. Least specific to most specific. Search engines can treat the namespace as flat for the user. Google (as you've shown in your example) has already proven they can do it pretty efficiently. The underlying namespace should still have a hierarchal arrangement to it.

Re:Been Tried...

Name is Teachknowlegy. Loggin in ain't workin for me right now:

Yeah, this is what a group of my so called peers (who ironically probably think they are all better programmers than I) keep running into. The way of things now is filtering peer data. Tag clouds are a good example. Importance isn't about who is over or under you, but about how much someone or something actually gives a d@mn about you. This isn't related to people. When I say you I speak of objects that don't have parents or children. Any programmer following yet? Didn't think so...carry on. My program will eat your program for dinner. As far as peer based DNS it will work fine. Imagine a system where .com or .tv means NOTHING. google.com is just google. Period. No .com needed. Instead of a host fi

Re:Been Tried...

So THAT'S why I hate iTunes so much, but everyone still uses it. However, if what you're saying is true, there should be an abundance of hierarchically-organized music players that never took off because normal people didn't like them. Please tell me where I can find these obscure failed players because I want one.

Re:Been Tried...

[BlueStrat]

Even worse than that, his argument is that because one thing eventually created new problems we shouldn't try something completely different because it has the possibility of creating problems later. So basically, he's against trying to make any progress at all because there's always some problem that may or may not come from it.

It's that whole pesky "sentience" thing again, as usual.

Darned if you do, or darned 'cause you drool.

Have to go now. I have a mess to mop up.

Strat

Re:Been Tried...

What about server names and subdomains? www.google.com vs reader.google.com? That's also hierarchical.

Re:Been Tried...

[Vegemeister]

Off the top of my head, I can think of three: Nautilus, Windows Explorer, and Thunar.

Re:Been Tried...

Everyone that isnt english speaking? Most european countries have all their e-commerce and local sites on a ccTLD.

Re:Been Tried...

[monkyyy]

y cant it be replaced ipv4 is going to need to be replaced and the internet is built on it

Re:Been Tried...

[monkyyy]

weighted by who?
the goverment?
the lawyers?
the people who did own it?

Re:Been Tried...

[monkyyy]

i think they were for hunting, as humans can dodge thrown things quite well and then throw them back

Re:Been Tried...

If you program as well as you articulate your ideas you are clearly a misunderstood genius.

Re:Been Tried...

[lonecrow]

Any chance you can find a link to that paper? I would be very interested in it.

Re:Been Tried...

[nhaehnle]

The hyperlink expiration is a valid point. I guess most hyperlinks from 10 years ago are no longer valid today, and many are being hijacked by domain squatters. So in that sense, the domain squatters of the future would be required to break public-key cryptographic systems, which is a more formidable barrier than what we have today.

Still, securing hyperlinks to critical sites (e.g. bank websites) is a serious issue. How many bookmarks from 10 years ago do you still have? As long as you visit them regularly enough, a roll-over system could be implemented where a replacement public key gets phased in over the course of some months to one year.

Re:Been Tried...

[Rich0]

All above, which isn't good, and hence my use of the words "best you can do" and "trust is the big problem."

Re:Been Tried...

[JSlope]

For ResoMail I intended to give root domain ownership to trusted organizations like EFF, so that root domains will be trusted. Then the sub-domains will be as trusted as the owner of the domain, you can distribute domain public key as much as you want as much as you want.

Re:Been Tried...

[Thing+1]

I wonder if Google might "pull a Geocities/MySpace/Facebook"? From your comment, it seems they have the "trust-share"...

Re:Been Tried...

Could you provide a link to that paper?

Re:Been Tried...

[TheRaven64]

Unfortunately, I read it in one of those dead-tree things, so I never had an electronic version of it and, because it wasn't really related to my research I never made a note of the citation information (a colleague in HCI handed it to me, saying I might find it interesting).

Cool

Though they didn't even shut down wikileaks yet..

Re:Cool

[The+End+Of+Days]

That pesky Constitution keeps getting in the way of the paranoia nerds worst nightmares.

The ultimate in decentralization:

[John+Hasler]

hosts files.

Re:The ultimate in decentralization:

[maxume]

All you have to do now is automate the process of updating it.

You could have some sort of program that acted both as a client and a server...

Re:The ultimate in decentralization:

[John+Hasler]

And we could use recursion to distribute the files. We could call the levels of recursion "domains" and we'd anchor the whole thing to some sort of a "root"...

Lack of Adoption ... Again

[eldavojohn]

From the article:

This is not the first time that an alternative Domain Name System has been proposed. Starting with AlterNIC in 1997, alternative DNS has had a controversial history. Many have ceased to function now because of the lack of adoption from users. However, coming right after the controversial seizure of 80 domains by the US government, P2P-DNS might just get enough support to make it a success.

My personal problem with the seizure of 80 domains really isn't that big of a deal. It sucks and it's probably a sign of the abuse of power from the DHS's Immigration and Customs Enforcement (ICE). But in the end, it was widely announced and advertised. It wasn't done under the cover of secrecy and they at least gave reasons as to why they were seized. For me, this isn't a reason to change the DNS root server that I use. Especially facing slower resolve times and security issues like DNS poisoning.

I can tell you I'm not interested in that trade off ... yet. If we see the US government doing what China's doing and not announcing who's being seized and why, then you will see me jump on board this.

My close friend used borntrade.net which was a knockoff jersey site from a factory in China. Their crime? Avoiding tariffs and not paying tribute to the NHL/MLB/NFL/NBA gods. He might want to use your DNS but I would assume it would only be to conduct business through borntrade.net and not to actually use it on a daily basis. Disclaimer: I think I've seen borntrade bots spamming the Slashdot forums before but now that it's just a DHS/DoJ logo splash screen, you can rest assured I'm not some guy trying to send you there by way of a fake comment.

I would guess that despite the domains being seized, you're going to see the general public not care that much and again the project will fail from lack of adoption. Clandestine government working against the people? Yeah, a few more people are going to hop on board and put up with the speed and security issues. But could someone outline how the whole public would get on board with this? I mean, assuming it's as simple as a browser plugin you can't even get people to install those when the benefits are obvious.

Re:Lack of Adoption ... Again

[Ltap]

Exactly. If people aren't installing Adblock Plus, despite all of the enormous benefits, they are going to mess with alternate DNS -- assuming they even know what DNS is and what it does. On the other hand, it doesn't necessarily need to have perfect adoption. Like torrents, it is fine if it starts with a few technically proficient people, then spreads outwards.

Also, you've probably underestimated the use against, say, schools or workplaces that use alternate DNS servers with "questionable" domains removed. Using this with encryption will pretty much kill any attempt at monitoring.

Re:Lack of Adoption ... Again

Yeah, a few more people are going to hop on board and put up with the speed and security issues. But could someone outline how the whole public would get on board with this?

That's like saying the general public isn't going to download a separate application just to download music files (Napster) or that they're going to learn something "complicated" like how to find BitTorrent trackers and stuff just to download movies and television shows, and yet ... What's really great about this is that end users will not have to do anything. It will be built into P2P applications.

Re:Lack of Adoption ... Again

[stonewallred]

I disagree. When it gets to a point where it can be installed as easily as ABP, then it will get used. I am not a tech geek. But I use ABP/NoScript and it is installed in my mom's computer, my sister's computers, my brother's computer and my uncle's computer, simply because I am the one who sets them up and maintains them for them. If there is a way to install a p2p DNS thingee as easily and securely as ABP, they will all be hosting it.

Re:Lack of Adoption ... Again

[airfoobar]

I thought the only reason they announced what websites were seized was public outcry... Besides, with COICA coming up, I expect online censorship will become just another part of everyday life. Adoption will be driven by need, and if we want to be optimistic, let's hope the need doesn't arise.

From what I read, the new DNS service will basically redirect to the usual ICANN system, except for .p2p domains for which lookup will be distributed. Even if governments censor Wikileaks and TPB .com domains, the .p2p domains will remain. The whole idea is to reassert that the internet routes around the bad parts, and to show to the imbeciles we have for politicians that we won't let them censor our internets.

Re:Lack of Adoption ... Again

[Abcd1234]

My personal problem with the seizure of 80 domains really isn't that big of a deal. It sucks and it's probably a sign of the abuse of power from the DHS's Immigration and Customs Enforcement (ICE). But in the end, it was widely announced and advertised. It wasn't done under the cover of secrecy and they at least gave reasons as to why they were seized.

Yeah! It's kinda like how the cops can just walk into your house and take your computer without any kind of due process, so long as they announce it ahead of time, and give a few good excuses!

Right? I'm sure that's how it's supposed to work...

Re:Lack of Adoption ... Again

[xtracto]

I had a quick read in the distributed notepad that the guys behind the dns-p2p are using. One of the clarifications they made there is that this dns-p2p would be mainly aimed at ISPs. The idea is that ISPs use dns-p2p to update the records of their own DNS and their users do not have to change anything.

If they can make say google 4.4.4.4 or 8.8.8.8 DNS adopt dns-p2p or a bunch of other mainstream dns providers, then we have won.

Re:Lack of Adoption ... Again

[Hatta]

But in the end, it was widely announced and advertised. It wasn't done under the cover of secrecy and they at least gave reasons as to why they were seized.

So in your eyes, theft is ok if it's brazen?

Re:Lack of Adoption ... Again

[icebraining]

He didn't say it was OK, he said it's not a threat big enough to get him to adopt P2P DNS.

Analogy: just because there are house robbers doesn't mean I'm willing to live in a windowless bunker.

Re:Lack of Adoption ... Again

[Hatta]

If the thefts are taking place in broad daylight, supported by your own government, without any sort of due process, then you might want to consider that bunker.

Re:Lack of Adoption ... Again

"It wasn't done under the cover of secrecy and they at least gave reasons as to why they were seized."

What crack are you smoking. They only said that sites were seized after people woke up one morning to a new website which was not their own. There was no warning, no reason given, and not even the hosting sites were notified. In the case of Torrent-Finder they specified the case that there site does not host anything and mearly runs a iframed search to other sites on the web. Technically that is a poor website but legally I don't see how that could constitute grounds for seizure. The ground would apply to the sites which host torrent files or direct link to hosted files. To me, it is simply an abuse of the DNS system by the government. We are apparently moving towards an internet dictatorship where if the government doesn't like something they can take it down without cause.

Re:Lack of Adoption ... Again

[Ltap]

By posting a comment on /., you've proved that you're at least somewhat technologically aware, if not a "tech geek". The problem with most people isn't laziness, it's lack of knowledge altogether -- they don't even know what ABP does or what it is, and wouldn't really consider using it. As well, many depend on a "tech guy" to make their decisions for them (such as you, perhaps), and it really depends on the "tech guy". There are many obstinately pro-Microsoft people from Gen Y (a.k.a. the commercial whore generation), or simply ones who will not tell their friends/family to do anything for fear of being held responsible for their advice, regardless of how good it was.

Re:Lack of Adoption ... Again

[stonewallred]

And I do install stuff like NoScript and ABP. If someone gets this p2p DNS thingee working and installable at the same level of ease and lack of problems as ABP or NoScript, I will install it on mine and my relatives' computers. But, unless it is that simple, I won't. I am "pro-microsoft" I guess, as I refuse to use apple stuff and Linux stuff still lacks the plug and play ease I like. But fact is that unless something is stable, non-obtrusive and useful, most folks like me ain't going to install it on their friends and families computers. Personally I am all for anything that allows rerouting blockages and attempts to stop the spread of information. If they get it up and running and develop a plugin for FF, then I'll be good to go.

Re:Lack of Adoption ... Again

[thetartanavenger]

The main problem I have with it isn't that they seized so many domains, it's their seizure of, for example, the tvshack.cc domain. Its top level domain is for the Cocos Islands, an Australian territory. The US should have zero control over another country's domains, but they managed to pull it off because the .cc TLD is managed by Verisign, a US company. I guess I should blame the Cocos Islands for that one, but no US company/entity, or any country for that matter, should have that kind of control over another country's domains, and any complaints about a foreign domain should go through diplomatic channels.

Re:Lack of Adoption ... Again

"If we see the US government doing what China's doing and not announcing who's being seized and why, then you will see me jump on board this. "

It's coming, probably sooner than many of us think. Don't fool yourself.

ICANN...

[digitaldc]

...see this being mysteriously stopped by unknown forces.

Re:ICANN...

[whiteboy86]

You can always sue the entity back, if it is government backed then even better, lawyers loves government defendant lawsuits, you can easily ask for millions in damages and they will pay, however, in this scenario of a blackhat plaintiff, this is probably not workable :)

2 questions

[abigsmurf]

1: how could you stop malware developers flooding the network and pointing every request to an exploit filled page?
2: would this be a router's worst nightmare?

Re:2 questions

[nedlohs]

1. Hopefully something fundamental in teh unexplained design.

2. router's don't know or care about DNS.

Re:2 questions

1: how could you stop malware developers flooding the network and pointing every request to an exploit filled page? 2: would this be a router's worst nightmare?

I suggest you read up a bit on the workings of DNS servers. This will not be a problem.

Re:2 questions

[werfu]

2: would this be a router's worst nightmare? In tree structure that ISPs has put us in, yes. But if this structure ever fails and we get back to the original net design, which is a mesh network, than it would not be such a problem. DNS change would be propagated to next nodes, wave like. IMO the problems come from the centralization and tree structure the net has become. We've seen fiber optic cable cutting net access to a whole part of the world. What would happen in a global war? Or a megalomaniac terrorist decided to cut net links all around the world? Worst economical crash ever? We're too dependent on big telcos and governments infrastructures. The net should be open, free for anyone. Simply by airwaves, like a big shout going unstopped around the world. Alright, enough dreaming here, I'm out :)

Re:2 questions

[VGPowerlord]

2: would this be a router's worst nightmare? In tree structure that ISPs has put us in, yes. But if this structure ever fails and we get back to the original net design, which is a mesh network, than it would not be such a problem. DNS change would be propagated to next nodes, wave like. IMO the problems come from the centralization and tree structure the net has become.

Actually DNS has always been a tree structure. For example, to resolve www.microsoft.com, a recursive DNS client needs to:

1. Ask a root server for the address of the .com registry.
2. Ask the .com registry for the DNS servers responsible for the microsoft.com domain
3. Ask (for example) ns1.msft.net for the address of www.microsoft.com

This is ignoring stub clients, which are found in most OSes which ask a recursive DNS server to do this process for them.

Re:2 questions

[guruevi]

There are solutions for that similar to how decentralized logins work (OpenID). DNSSEC would probably help a lot.

All they have to do is replicate the current roots and then just replicate a separate list with the illegally seized domain names.

Re:2 questions

[blueg3]

Actually, some routers know and care about DNS, because they provide a caching DNS resolver and advertise it to DHCP clients. Many home routers don't, though.

Some ISPs care enough about DNS to intercept DNS packets and respond to them using their DNS servers, even if the DNS request wasn't intended for them. That's because they're assholes.

Re:2 questions

[Kjella]

No one can by themselves determine if a returned DNS is correct or a DNS update is genuine. If you have no trust, it'll be overrun by bots faster than you can blink. If you have different trust, different nodes will give different answers and it'll all be a mess because some users can access your site and others can't.

You need a single authoritative source for trust for all nodes to agree that this node really has the right to change the DNS entry for google.com. Any attempt at a web of trust would quickly deteriorate into trusting some central nodes that'll act much like the root servers today because otherwise they'll be flooded with trust decisions.

Trying to propagate DNS as a push system is hopeless, my DNS server here doesn't need to know about 99% of the DNS changes in the world. It needs to be able to query some server on demand that it trusts.

I would say the simplest solution is "in addition to" rather tather than instead of. Some other top domains? Put in some kind of registrar field into urls? Like google.com~icann and google.com~opendns with some defaults system.

We're too dependent on big telcos and governments infrastructures.

Well, who else do you expect to lay big undersea cables and through mountains and desert areas populated by nearly no one? Alternate nets only work in big cities, and even if that were the case I'd say you rather build some kind of VPN on top. It'll be simpler and cheaper than trying to implement a completely separate network.

Re:2 questions

[nedlohs]

If they do that then they aren't just routers, and the non-router part is doing the DNSing and DHCPing.

ISPs intercepting DNS is soemthing they could use a router to do, but the router is still not doing any DNS it's just routing packets that happen to be related to DNS.

Re:2 questions

[blueg3]

The physical objects people generally refer to as routers often care about DNS.

Re:2 questions

[nedlohs]

None of the things they do with DNS would cause anything like this to be their "worst nightmare".

So let's keep trying

A completely decentralized internet would be nothing less than the holy grail of communications. So let's try to support those who strive for this noble goal. A centralized network, no matter how "democratic", is ultimately founded on political power, and I certainly don't have to explain why political power can't be trusted.

Re:So let's keep trying

[JSlope]

Who and how will support a decentralized Internet? It will not be as responsive as centralized one, it will have a lot of enemies and little friends (at least initially) so it will be very difficult to launch.

Doesn't Matter If It's Small or Fragmented

[Greyfox]

Anyone can set up a DNS server and serve names, and anyone else pointing at that DNS server can resolve them. There has always been some competition to the mainstream DNS and I think this move will bring more.

It doesn't really seem like you even really need a domain name these days. I don't even notice the name of a lot of sites I find through google. These days they're really just a symptom of the corporate takeover of the Internet, but the standards they rely on are just a bunch of documents from people suggesting that something might be a good idea. Now that the lines have been drawn and ICANN is showing its colors (again) it's time for people to start having some other good ideas. If most people are happy with corporations turning the Internet into a giant cable TV station with tolls for everything, that's fine, but if you don't like that situation you can do something else. People "in the know" can be as much or as little a part of the mainstream Internet as they want to.

Re:Doesn't Matter If It's Small or Fragmented

[asvravi]

Yes, who actually types in a URL anymore in the address bar? Google and other search engines are our DNS for all practical purposes. Google has open DNS servers too - so how long before they some sort of dynamic DNS service from them becomes the de-facto DNS for internet?

He better stay away from women for a while...

...or he'll soon be on interpol's list.

Who's the target audience..?

When I see stuff like this, I have to wonder - who's going to use it?

The answer, of course, is a simple one: people who care about shit like this. However, they make up such a small percentage of the internet using population that most others won't bother. Are everyday users going to start hacking their iPhones, Blackberries and Android devices so that they can get around the "imperial" 3g regimes that the telecoms provide?

Indeed, perhaps these are also the same people that are sponsoring Diaspora...

One does have to sometimes wonder if Peter is running from a force that exists only in his own head. There's no monster under your bed, mate. Now, go to sleep. Tomorrow is a new day.

Re:Who's the target audience..?

Peter just lost in court for the second time, accused of a crime he didn't commit (seriously - read his blog [Swedish] for more info) by the corporations currently running the world as they see fit and apparently controlling both the justice system and governments.

How is that not "a monster under your bed"?

disclaimer: I'm both Swedish and have had discussions with Peter on various subjects. He's really, really, clever.

Re:Who's the target audience..?

[nurb432]

Just beacuse only a few see it does not mean the monster doesn't exist, and is feeding...

What im wondering is,

[unity100]

why such a thing didnt come into being MUCH earlier. i mean, up till this time, almost entire control of internet in regard to this, has been in the hands of a single country .... isnt it ridiculous ?

Re:What im wondering is,

It isn't ridiculous (except for your rabid anti-US sentiment). The country that controls it invented the Internet. Think China or Russia would have been as open if they allowed people to connect and send civilian traffic on a network originally designed as a military one?

Re:What im wondering is,

[unity100]

The country that controls it invented the Internet.

u.s. didnt invent internet. it embodied numerous concepts already existing, and put them out as a meshed concept. just like how the first ironclad ever, warrior embodying all the inventions up to date, but appearing as a new class of ship back in 19th century.

and it is ridiculous. if internet was arranged for decentralization, there shouldnt be any country controlling it in the first place.

Re:What im wondering is,

[TheRaven64]

It isn't really under the control of a single country. DNS is and always has been decentralised. When you go to visit this story, you ask a DNS cache (typically run by your ISP, but maybe on your router or local machine) for the address of tech.slashdot.org. It starts at the root server and asks if for the domain. It will reply with the start of authority (SOA) record for the .org zone. The root domain is operated by ICANN, but there are 13 different sites hosting it, in different countries, and you are free to compare the results that they all give you for discrepancies. The .org. zone is run by the Public Internet Registry, so the SOA record will point to one of their authoritative servers. These may be in any country. The cache will then try the query here and get Slashdot's SOA record, which will have an answer for the tech.slashdot domain in the .org top-level domain.

If the TLD is operated by a US company, then it is bound by US law, but there are lots of TLDs (especially ccTLDs) that are not hosted in the USA.

Re:What im wondering is,

[toriver]

That's about as stupid an argument as if you argued that Germany should control car manufacturing or Italy should control radio.

Re:What im wondering is,

Ask again when the project has been successful in any meaningful way.

WINS - Yes, WINS - Windows Internet Naming System

[Joe+U]

Most major systems have a WINS client, I doubt nearly anyone is using it at home.

Write a resolver that mimics WINS to the client and then behind the scenes use a modern P2P encrypted network.

No client work is needed, no DNS passthru is needed and no DNS baggage is needed.

Now you have a foothold until you spend the time to write a native client.

Peter Sunde says...

[SgtKeeling]

From Peter Sunde's twitter:

Plz stop saying I'm the guy behind the new DNS-system. I'm just one of lots of people with interest in it. Everyone does their part!

https://twitter.com/#!/brokep/status/9684729515220992

Re:Peter Sunde says...

[Archangel+Michael]

Peter Sunde is the guy behind the new DNS-system ... in spite of his protestations to the contrary. Proof is the next sentence ... "I'm just one of lots of people with interest in it" .. which makes him at least "a guy" if not "the guy".

And if Peter Sunde has any geek cred, that makes him even more of "the guy" than just "a guy". The more geek cred he has, especially in the realm of fighting "the man", say like founding the Pirate Bay, then it is game over he is "the guy".

You will never win... try a new tactic

[CodePwned]

You cannot beat those who wish to share. You cannot win against the vast numbers. Take one down and 10 sprout to replace the fallen one. The harder you hunt them the more difficult it will be to find them. Stop fighting a battle you cannot win concerning control.

Instead, change your pricing structure, change your delivery methods, stop wasting money on DRM people like me bypass in mere seconds.

This is the future and you are merely in denial. Learn, adapt, and you'll be amazed at the success you will have.

Re:You will never win... try a new tactic

[Malenx]

Lol... give us what we want for free and you'll be amazed at what cash you won't make.

Do you really blame them for trying to keep a hold on their old business models?

The real problem here is the government spoon feeding them hope by allowing the government to be these companies enforcers. If the government didn't intervene, we'd all be off in a much better / customer friendly world right now.

Re:You will never win... try a new tactic

[GooberToo]

Instead, change your pricing structure

You mean, away from the pricing structure which pirates previously said was required? You mean, away from extremely reasonable prices (typically less than $1.00 per song)? There is absolutely nothing wrong with the pricing structure now.

Such statements are red herrings, making imaginary excuses to justify an illegal act.

Now if you want to complain about contractual obligations in the music world, you might have a point, but piracy isn't really related to that in the least. Attempting to make such a connection, is again, that same red herring. Besides, there are lots of existing ways to fix the system without taking from those who have worked hard on their copyrighted product.

Only in a pirate's mind is depriving someone of their income equivalent to helping them.

Re:You will never win... try a new tactic

[mikechant]

There is absolutely nothing wrong with the pricing structure now.

A pricing structure that typically (in the UK anyhow) charges about 10-20% more** for lossy digital album downloads than it does for lossless physical CDs (with free delivery) has certainly got something seriously wrong with it.

**My experience, comparing various back catalogue albums, Amazon CD vs. iTunes prices.

Re:You will never win... try a new tactic

free speech in whatever form it takes is not going to ever deprive someone of their income FORCIBLY like the top corps and lobbyists and lawyers who invented copyright law.

hacker creed #1... information wants to be free. welcome to the net broskey, there will be world wars fought over this kinda BS soon enough. I would wager gov backed by corp money and laws are going to or have already stricken the first blood in this war. FBI raiding peoples homes to stop mod chip makers under the auspices of terrorist protection with the blessing of the department of homeland security... years ago... google it.. making mod chips usto be protected by our constitution... cry me a river if you think XBox sales went down any over this.

Re:You will never win... try a new tactic

[mswhippingboy]

I love how free-marketers want the government to stay out of their business when it comes to regulation, but demand the government protect their income.

I say the government should stay out of it altogether.

Let the content producers use their best technological means to protect their content and let the pirates do their best to crack it.

If the content providers can't come up with a way to protect it that the pirates can't crack then they don't deserve the revenue lost. If the content providers DO come up with a way to protect it and it's so burdensome to the consumer that they choose not to purchase it, they don't deserve the revenue lost.

If I leave a stack of cash sitting out beside the road in front of my house, should I expect the police to guard it against theft? Shouldn't I bear some responsibility for keeping it safe instead of burdening the taxpayers with the cost of protecting it?

I just don't think it's right to sacrifice freedom for the sake of greedy corporate regimes that don't give a damn about the artist, developers or writers that produce the content and are only concerned with boosting their bottom line.

Re:You will never win... try a new tactic

[GooberToo]

A pricing structure that typically (in the UK anyhow) charges about 10-20% more** for lossy digital album downloads than it does for lossless physical CDs (with free delivery) has certainly got something seriously wrong with it.

Which absolutely means you are anti-capitalism. Period. End of discussion. Since you likely receive a paycheck because of capitalism, you're a hypocrite. If you make anything above minimum wage, I'll happily accept the difference so as to rid you of your hypocrisy.

The market asks what consumers will tolerate. Pirates are well on record that something like $1 per song is very tolerable.

Disagreement is not justification for stealing. You want too much for that car, so I'll just take it. That's a metaphor! Obviously a car is not digital media but the concept is exactly the same. Its not like you must have that specific car. Likewise, its not like you must have music and movies.

Time and time again, pirates dance around the fact that what they are really saying is they hate capitalism. Just come out and say you're a socialist; and yet provide nothing to a socialist community. Which more or less means your a parasite on society and a hypocrite.

To date, I've never met a pirate who truly understood the implications of their position. As such, I've never met a pirate who wasn't a hypocrite.

Re:You will never win... try a new tactic

[GooberToo]

I love how free-marketers want the government to stay out of their business when it comes to regulation, but demand the government protect their income.

You have no clue what you're saying. Government exists to regulate markets. There has been and never will be unregulated capitalism. You're position is basically saying, we shouldn't have police and if others wish to take your property, they should be allowed to do so - assuming they can get past you. Basically your argument is garbage.

I just don't think it's right to sacrifice freedom for the sake of greedy corporate regimes

This is yet more stupidity put forth by ignorant pirates who have no idea what they are talking about. Copyrights laws protect TONS of people. TONS of small and medium sized business DIRECTLY benefit from copyright protections. Copyright laws provide massive jobs and create massive wealth all over the world. A good chunk of the money has absolutely nothing to do with "greedy corporate regimes."

Basically you're arguing that despite you have no idea what you're talking about, capitalism is bad and that you are a socialist. If you accept a paycheck, despite your ignorant ranting, are a hypocrite.

Re:You will never win... try a new tactic

[Apocryphos]

I am no longer a pirate of anything, but I used to be. My position was that if I can't afford something, but I can benefit enormously from acquiring it while no one is hurt by the "theft", I should certainly do so. Many software tools fell into this category. Now that I am a productive member of society, I do not pirate anything since I have the means to pay for it. However, to have lost that experience and learning made possible by the pirating could have drastically changed my status today.

Re:You will never win... try a new tactic

[mswhippingboy]

You couldn't be more wrong (and name calling is a tactic often employed by those with a weak argument and/or weak mind). You seem to be confusing capitalism with corporatism (what we have in the US). I consider myself a capitalist (having run my own company for 20 years). I believe in the right to a fair day's wage for a day's labor. That's how I get my paycheck and that's how my employees get their paychecks.

What I don't agree with is that a corporation has the same (or more) rights than an individual. Corporations own no loyalty to their employees or any nation. Their only motive is profit - pretty much the definition of greed.

Despite your "Glen Beckian" view of the world (if you don't agree with me you are a socialist), when it comes to ideology, I tend to lean libertarian. I think the government sticks it's nose into far too many areas of our lives. Corporations have the financial capacity to protect their assets (especially digital assets) without getting government to do their dirty work for them.

In any case, I'm sure nothing I can post here will change your obvious "corporations are gods" viewpoint so I won't waste any more of my time.

Re:You will never win... try a new tactic

[GooberToo]

Actually, my view of the world is an almost complete opposite of Glen Beck. More likely is you're projecting.

Re:You will never win... try a new tactic

[Thing+1]

Yes, and copyright is infinite, so it is protecting us infinitely against the alien overlords.

Re:You will never win... try a new tactic

[mikechant]

Which absolutely means you are anti-capitalism. Period. End of discussion. Since you likely receive a paycheck because of capitalism, you're a hypocrite. If you make anything above minimum wage, I'll happily accept the difference so as to rid you of your hypocrisy.

You're completely off your head with this stuff. All I did was make a comment about the totally bizarre pricing structure for digital vs physical album. Do you see the bit where I said this justified copyright violation? No, because it's not there. I buy the physical CD and wonder why anyone buys album downloads.
Or did you confuse me with the GP poster or something?

HOSTS files are superior to AdBlock & how/why

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

4.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw for years now - hosts protect against that via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).

5.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

6.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

http://ddanchev.blogspot.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download
http://www.stopbadware.org/home

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

8.) AdBlock is a program, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

9.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content.

10.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

11.) You don't have the sourcecode to Adblock. With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

12.) Hosts files are easily secured via using MAC/ACL &/or Read-Only attributes applied.

13.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name

yawn

[burris]

Before embarking in this project, shouldn't he finish his replacement for BitTorrent he announced a few years back?

I'm sure the DNS project will be as successful as that one.

Re:yawn

Thats new to me. What is wrong with BitTorrent or TPB for the matter?

Re:yawn

[pak9rabid]

Before embarking in this project, shouldn't he finish his replacement for BitTorrent [gigaom.com] he announced a few years back?

I thought there already was a replacement for BitTorrent. Isn't it called Usenet? Ah shit, I just broke the first rule.

Re:yawn

You say that like all of his projects have failed. OpenBT didn't fail at all, and it sees a lot of usage these days.

Re:yawn

They're called magnets, and TPB has supported them for some time now.

They will attack it with Viruses

Just like they attacked Iran.... I think we're going to see more governments and corportations using Viruses to try and slow down the competition.

HOSTS files benefits (over AdBlock &/or DNS ev

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

4.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).

5.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

6.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

http://ddanchev.blogspot.com/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download
http://www.stopbadware.org/home

7.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

8.) AdBlock is a program, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

9.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content.

10.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

11.) You don't have the sourcecode to Adblock. With hosts you don't even need source to control it (edit, update, delete, insert of new entries via a text editor).

12.) Hosts files are easily secured via using MAC/ACL &/or Read-Only attributes applied.

13.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF

Re:WINS - Yes, WINS - Windows Internet Naming Syst

[ocularsinister]

Most desktop systems may have WINS installed, but those oh so important servers probably don't (why on earth would google install samba on all its linux boxen, for example?). Besides, you've somewhat glossed over the issue with "Write a resolver that mimics WINS to the client and then behind the scenes use a modern P2P encrypted network." That's the hard bit - whether its DNS or WINS resolution is a mere technical detail. Building a system that can provide reliable, quick and above all *trustworthy* resolution over p2p is difficult. I hope he/they can find a way, but I doubt that they will.

He's Swedish

[mangu]

Accused of rape in a friendly foreign country, more likely.

He's Swedish. He doesn't need to travel anywhere to be accused of rape.

Re:He's Swedish

"He's Swedish." - No, he's Australian, at least according to both CNN and Wikipedia.

Re:He's Swedish

[Nadaka]

He is Australian.

Re:He's Swedish

[Nadaka]

Damn ambiguous pronouns. It is entirely possible that you are talking about the swedish "he" involved in the pirate bay, not the Australian "he" accused of the crime.

Re:He's Swedish

[mangu]

he's Australian, at least according to both CNN and Wikipedia.

Not the subject of this story.

Violence is the answer.

[Lilith's+Heart-shape]

If spammers are such a problem, then we just need a distributed final solution to the spammer question. I recommend the new German microwave ovens; they seat five thousand.

Re:Violence is the answer.

[pecosdave]

I already TOLD you how to deal with spammers!

http://it.slashdot.org/comments.pl?sid=552690&cid=23403720

Re:Violence is the answer.

I thought they seat over nine thousand!

Re:Violence is the answer.

[Aurisor]

Your post advocates a

( ) technical ( ) legislative ( ) market-based (X) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(X) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Violence is the answer.

Your reply is:

( ) whoosh!

Tick appropriate box.

History lesson

[GPLDAN]

Karl Denninger, Chicago's most despised internet citizen, now Tea Party wacko dispensing Capital Market advice/doom in Florida, once tried to take ICANN on in 1997 and create eDNS, an alternate DNS with new root servers. Mostly under his direction. He failed. Funny, he doesn't mention that in his bio when he appears as the resident doomsayer on one of the financial networks on tv these days.

Nevertheless, it's a good history lesson in taking ICANN head on. Peter Sunde has something truly subversive, the people taking back the name server space. Let's see if Karl can get on board with this, he's usually preaching that the people need to take pitchforks and torches and march in the street.

Re:History lesson

[GPLDAN]

Here's a URL to eDNS:

http://www.iperdome.com/releases/970304.htm

Re:History lesson

[Wonko+the+Sane]

What exactly did he do to earn the title "most despised internet citizen"?

Re:History lesson

[GPLDAN]

Take the porn from Usenet.


http://www.wired.com/culture/lifestyle/news/1998/11/16276


I mean, come on, Usenet with out porn is like Penthouse without nudity.

Re:History lesson

[Thing+1]

If you have to ask, you can't afford it. (Or, don't know how to Google, or something.)

Re:WINS - Yes, WINS - Windows Internet Naming Syst

[alphatel]

Even as a hybrid node, WINS is limited to 15 characters (last bit for browser announce) so we'd run out of address space quick. Plus if memory serves (it's been a while), routers will not pass NBT traffic without implicit configuration.

I've written such a program, as have others

"All you have to do now is automate the process of updating it. You could have some sort of program that acted both as a client and a server..." - by maxume (22995) on Wednesday December 01, @09:23AM (#34403684)

Examples of what you're asking for have been done (I've done one myself even), but here are some "examples thereof":

HOSTSMAN:

http://www.abelhadigital.com/hostsman

HOSTESS:

http://www.raymarron.com/hostess/

I am FAIRLY sure those do "remote updates", but check to be sure...

(and, there ARE others too, but that's what I came up with on "short-notice" - I *think* mvps.org possibly even has one with the HOSTS file they distribute)

OR

You can just go to these sites & get current copies:

https://zeustracker.abuse.ch/blocklist.php?download=hostfile
http://www.mvps.org/winhelp2002/hosts.htm
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
http://hosts-file.net/?s=Download

To name a few reputable & reliable + regularly updated models of HOSTS files (the program I wrote consolidates them all, removes duplicates, alphabetizes the entries, + changes the "blocking IP Address" format from 127.0.0.1 (slowest & largest), to 0.0.0.0 (next slowest & largest) to 0 (not compatible w/ all OS' anymore, but was until Windows VISTA & still is on 2000/XP/Server 2003) & lastly "Trims" them so that no trailing bloating blanks remain (which is what happens in DB engines like Access since no VARCHAR type is present in Access, as it is in mySQL, SQLServer, Oracle, DB2 etc./et al where you can use SELECT * DISTINCT / ORDER BY type queries to do the same as far as removing duplicates, sorts, etc.)

APK

P.S.=> Mine's for personal use (I didn't build in the HTTPGET functionality into it, because I simply email my HOSTS file (a composite of all others + 30,000 or so adbanner blocks I put into it myself) to others that request it, & other programs like that already exist (but they don't do quite as much as mine does otherwise per the list of its functions I put into it above))... apk

Re:I've written such a program, as have others

[John+Hasler]

> Examples of what you're asking for have been done

Yes. One of them is called BIND.

Re:HOSTS files are superior to AdBlock & how/w

[nschubach]

Hosts files are ignored if you are on a proxy.

Re:WINS - Yes, WINS - Windows Internet Naming Syst

[defaria]

Two things. First - WINS is, as it's name implies - Windows Only. Many servers in the back room are not Windows. Secondly most "major systems" whatever that means don't even run WINS anymore.

PROXIES slow you down, badly, usually

That I'll have to add as a "caveat", & you're correct afaik (but, why use proxies from home? To post anonymously & to pull bogus stuff?? I can't see valid reasons for it, because PROXIES SLOW YOU DOWN BADLY MOST OF THE TIME, especially "highly anonymous" ones)...

Nice point though - I take it AdBlock isn't subject to that (is it)? Well, IF that's the case, then it makes sense WHY I listed using BOTH AdBlock &/or HOSTS in combination... "layered security" to protect you on ALL fronts & possible scenarios! Even the one you post now...

Still, I actually LIKE when you folks "take pot shots" @ that list of mine above where I extoll the virtues of HOSTS files usage.

(It only makes me make that list, all the more stronger vs. nitpicking!)

APK

P.S.=> Any problems with that which I wrote above, point-by-point? Thanks... apk

Re:PROXIES slow you down, badly, usually

[nschubach]

I'm not talking about anonymous proxies.

My workplace uses a proxy for all internet traffic so they can control who has access outside the WAN and Adblock is the only way I can avoid slamming up against twitter and facebook domains (in sidebars usually) which red-flag my account.

Solutions need to be supported at work, just as much as at home.

It already works

[Steeltoe]

Yet Tor supports DNS out of the box with just a quick option in torrc:
DNSPort 51

Set your DNS-host on all interfaces to localhost, removing everything else, and off you go.. Anonymous DNS.

Yes, it's slow, it often fails and the system can be tricked to produce false IPs, although there are some simple measurements against it. However, if you want anonymity from dedicated adversaries, it's crucial to know how to properly hide DNS lookups. If anonymity is important to you, the suckiness will matter less to you.

For most of us, it's too insecure and overkill, but for some, it's a viable option since the alternatives can mean torture and death.

I'm sure it is possible to improve on this considerably. You will never reach 100% security, but it can become tolerable for private usage.

The greatest accomplishments were never easy.

Re:It already works

[GameboyRMH]

That's not really a P2P DNS system, that's doing regular DNS lookups through an onion-routed anonymizer network. If the US government takes out the record for wikileaks.org, you're still not going to be able to resolve it by doing the lookup through Tor.

Also if you're just browsing, you can send your DNS lookups through Tor's SOCKS5 server.

Re:WINS - Yes, WINS - Windows Internet Naming Syst

[Joe+U]

Obviously, writing a new resolver isn't easy, and using DNS is easy, but also easily intercepted by the ISP.

I was just reminded that WINS may be limited to 15 characters, which pretty much rules it out anyway.

Oh well, that's what brainstorming is for. The answer to this is going to be outside of DNS as we know it today.

Doesn't look decentralized

[Sloppy]

The Torrentfreak article says:

The domain registrations will be totally free, but registrants will have to show that they own a similar domain with a different extension first, to prevent scammers from taking over a brand.

Have to show? Have to show to whom? It sounds like they already have a centralized authority.

If you are so concerned about "preventing scammers from taking over brands" then you're going to have some mechanism for dealing with scammers. And if that mechanism exists, then governments probably can use it to deal with you.

And also, frankly, the narrow focus on one TLD, "p2p" hints that these guys aren't thinking very big.

I think creating a new sabotage/coercion resistant DNS is a worthy goal. Remember that COICA and the recent seizures are just another straw on the camel's back, in a long history of governments interfering with DNS, people disagreeing with ICANN policies, and whatnot. The need isn't going away until it gets solved. But these particular guys have already taken at least 1 step in the wrong direction. That one line about registration shows that protecting freedom of expression isn't their top priority, but if it's not the top priority, then the system won't solve the problem people have with ICANN's DNS.

Re:Doesn't look decentralized

[Punkbob]

At the moment that is true. Peter Sunde and other decided to partner with OpenNIC to try and get a .P2P domain up as fast as possible. It is just the first step and there is already a group working on the next step. We are planning the architecture, developing early alpha software and starting to coordinate the project. We are working on a completely distributed P2P DNS, that will meet the stated goals of the FAQ page that quote is from. If you want to be involved then visit the wiki at http://www.dot-p2p.org/index.php?title=Main_Page or on efnet at #dns-p2p

Re:Doesn't look decentralized

"Have to show? Have to show to whom? It sounds like they already have a centralized authority."

Easy as pie: "You want to register apple.p2p? Sorry, but it looks like apple.com is already registered. Please create apple.com/ch398fchefh2389hbf239834hfsehf239.html and click on continue"

Then the swarm can verify that you have access.

Re:Doesn't look decentralized

Have to show? Have to show to whom? It sounds like they already have a centralized authority.

No, it doesn't! Just show it to 1000 random people along with some advanced form of CAPTCHA for each. It could be based on anything that is worth less than a ten bucks (a piece of software or hardware, a webcam, a microphone, a simple text captcha, etc). For less than ten bucks, you could take part in the voting of all .p2p domains.

f@s.n 369196

Re:HOSTS files are superior to AdBlock & how/w

[stonewallred]

Or better yet, WTF are host files? Non-techs can sort of understand ABP, as it is an add-on that stops bad or all ads. Host files, no way an average computer user would understand them or utilize them.

Re:WINS - Yes, WINS - Windows Internet Naming Syst

[Joe+U]

The words of the day are:

Mimic, Resolver, and Client.

Either way, this won't work due to other limitations.

What you should know about Peter Sunde

I just want to say that I don't know what Peter Sunde looks like and I probably have never met him since I don't live on the same continent, but he totally raped me. This undermines the credibility of his project, because rapists are known for their incompetence at managing software projects.

If users understand text files, they do

"Or better yet, WTF are host files? Non-techs can sort of understand ABP, as it is an add-on that stops bad or all ads. Host files, no way an average computer user would understand them or utilize them." - by stonewallred (1465497) on Wednesday December 01, @10:40AM (#34404550)

Take a GOOD solid read (and if still in doubt? Refer to this mvps.org link -> http://www.mvps.org/winhelp2002/hosts.htm (it has a great writeup that's EASILY UNDERSTOOD & very detailed, on HOSTS)) - this will show you how/why HOSTS files are superior to AdBlock or even DNS servers on MANY accounts (and why you ought to use them in combination for the "best in 'layered security'" practices online!

14 ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org/
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com/
http://www.shadowserver.org/
http://www.stopbadware.org/home

REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]

Re:If users understand text files, they do

[stonewallred]

Are you retarded, or is your business selling host files? Maybe tech geeks know what host files are, but the average computer has no idea and no desire to know or utilize them. If it doesn't take them to youtube, google or their favorite homepage, then it is not important to them. So instead of preaching about how great they are, why not develop a FF plug-in that allows them to be used easily, reliably and unobtrusively?

ipv6 private DNS / internet

correct me if I am wrong here.

In theory, if ipv6 ever really gets its legs, I should be able to setup my own DNS private root server(s) for a bunch friends, that can be reached by the public (or just my friends) through my root server and use whatever domain system we like (myserver.gofyourself.andyourmother) resolving to my assigned blocks. Basically creating a private internet, only navigable (other than by dumb luck) to any of the computers or servers that participate in my little corner of the internet. Now I know you can do this with ipv4 and so on, but it should become easier with ipv6 space being so much larger.

right?

Duh - All DNS are decentralized P2P

[flyingfsck]

I don't see any innovation here and OpenDNS is already doing it too.

BIND's got/had problems though... apk

How about BIND vs. what the Chinese are doing to DNS lately? See here:
  http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

(The Chinese seem to like playing with the routes DNS worldwide used VERY recently & what's routed + to where, in short/summation).

OR, vs. DNS vs. the "Kaminsky DNS flaw", here:

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you...)

---

?

Is BIND "proof" to those? Not afaik!

DNS has some "issues", & it's too bad... even DJBDNS, once touted "invulnerable", had to pay out $10,000 as a reward because of bugs found in it (they paid up honorably & fast too though).

Still - IF you're going to use DNS servers for home usage (and you will, you can't "cache" the entire internet in a HOSTS file really)?

Try this (can't do this on an AD/ActiveDirectory setup, or things like FULL outlook + exchange screwup (AD is a directory service & uses LDAP for access to x500 directories)):

OpenDNS or ScrubIT DNS (even GOOGLE DNS) are solid options (because for example, OpenDNS was the FIRST to make changes in DNS once folks like Dan Kaminsky started finding errors in it, or others like Moxie Marlinspike (0 error).

APK

P.S.=> I'd really like to know if BIND or other DNS servers (sans DNSSEC) are "proof" vs. the above 2 exploits, or other forms of "DNS poisoning"... thanks! apk

Norwegian-Finnish actually, not Swedish

[andersh]

Peter Sunde is actually Norwegian and Finnish (family and citizenship), but he does live in Sweden.

Don't be silly

Hosts files no longer make sense in a current computing environment, being to slow to update, maintain and distribute.

APK

Blink, Blink

[andersh]

Yeah, I don't see that happening. Xe Services would have a tough time even getting weapons into Sweden. And their "employees" would raise suspicion before they even enter the country due to the Europe wide travel/immigration information systems (see Schengen) and monitoring.

Nevermind that the functional civil society with police, SWAT, military forces, real security at all airports, air space control with modern fighter jets and so on. Of course they could get some illegal weapons, but that would hardly go unnoticed by local police. There is only so much you can do without getting noticed. Guns, shootings and murder is unusual here.

Even if they succeed in killing their target, how do you expect to escape? Shoot your way out of Europe? They wouldn't get far no matter what. And there's no bribing the prosecution to get out of jail.

There are "different rules" for operating in Western nations and places like Iraq, Somalia and Afghanistan. Where you can bribe the inefficient, corrupt police, if they actually care to look at all. Where you can ignore whatever borders the nation has, because what air force is going to control it? No, I think they would blink several times before doing anything in the West...

Comcast

[Sleepy]

Comcast is doing WONDERS to educate the public about the importance of DNS.

Years ago, just after the SECOND major Comcast outage, I switched from Comcast nameservers to some pretty old and reliable AT&T nameservers at 4.2.2.1. Of course there was OpenDNS also but it's a pain to remember their DNS server IP addresses.

Since then I switched to Google's free DNS - same benefit, but faster and "8.8.8.8" and "8.8.4.4" is -incredibly- easy for people to remember.

Now with Comcast's THIRD major DNS outage, people resorted to using Facebook and Twitter using just their mobile phones. Guess what? Nearly everyone who bitched about Comcast got a reply from some friend, just go plug in these numbers in Network Settings... and many did! The word IS spreading....

Re:Comcast

[stonewallred]

Ok, I'll bite. Where does the google 8.8.8.8 plug in at?

Re:Comcast

[penguinchris]

I'll spare you the "let me google that for you" link, but google's instructions for using alternate DNS servers are here - I use the google servers myself. I set my own computers and routers to use it, but also change it in the router settings of others if anyone ever has me do any network configuration (e.g. my parents, friends, etc.)

Re:Comcast

[jack2000]

I'll bite too.

• If on windows: start > run > ncpa.cpl > properties on a connection > Internet protocol > Properties > Use the following DNS server radio box
• If on linux: From console window : sudo echo 'nameserver 8.8.8.8' > /etc/resolv.conf (where 8.8.8.8 is google's free dns server)
  if unsure how to get to a console hit control+alt+f1

cool!

[hesaigo999ca]

oh goody, i want, i want, i want, how can i help make this a reality quicker the better....is there a list to help sign up for to stay on as proxy for these dns servers?

SECUNIA hit by DNS redirect attack this week?

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

So, yes: Even "security pros" get hit by ordinary DNS setups' problems (sans DNSSEC being employed & not everyone has that, in fact, the majority don't)!

(DO see that, it's VERY recent, this past week in fact)...

There isn't a DAMNED THING they can do about it, other than set the DNS records straight, & THEN? Then, they have to wait for "mass propogation" so it flows to ALL the DNS servers out there!

(DNS redirection &/or poisoning are a real problem... top that off with what the Chinese are doing routing DNS info around so they can parse data coming thru, & the Moxie Marlinspike "0 error" PLUS the Kaminsky flaw? Hey - YOU decide!)

The Kaminsky flaw makes it TRIVIAL to exploit!

E.G.-> Dan Kaminsky's shown how, in seconds, he can poison/misdirect ANY DNS SERVER, via "bum rushing" enmasse flooding DNS servers (especially those set in recursive mod) w/ false redirecting information... problem being, DNS servers accept what comes to them FIRST, & if that's "bogus data"?? You're history!

Even DJBDNS, once called "invulnerable" had to pay out $10,000 to those that found security vulnerabilities &/or bugs in it & not TOO long ago either... it happens, a lot, lately!

APK

P.S.=> No, nowadays? Use "layered security" online, HOSTS, and in your browsers with addons like AdBlock + NoScript (FF & Opera have there), or, native "block lists" browsers have (e.g. Opera's URLFILTER.INI file & ff + ie have these too) plus a good .pac file, if not a custom cascading style sheet to filter out various tags/scripts etc. too...

For "layered security"? Hey - it's all EASILY doable, above & beyond just using any 1 single approach, & it helps! apk

Counterfeiting is a huge problem

Counterfeit trade is actually a *HUGE* problem. Lots of stuff on ebay is not what it is suppose to be - it's garbage. There is no difference buying a knockoff than someone basically staling from you or worse.

Remember the issue with the fake i7 920 processors at new egg? Fake toothpaste (with antifreeze in it)? Melamine in milk and milk products from China? That's all part of the same problem - counterfeiting. If ALL counterfeits disappeared tomorrow, the world would be much better, safer place.

Copyright infringement is a type of counterfeiting too. Though people like ICE tend to be only involved when money is involved... maybe RIAA was bitching at them for a long time about those websites (ie. "counterfeit" MP3 files?).

http://en.wikipedia.org/wiki/Counterfeit

A report by the Organisation for Economic Co-operation and Development indicates that up to US$200 Billion of international trade could have been in counterfeit and illegally-copied goods in 2005. In November 2009, the OECD updated these estimates, concluding that the share of counterfeit and pirated goods in world trade had increased from 1.85% in 2000 to 1.95% in 2007. That represents an increase to US$250 billion worldwide.

Impersonating me!

Troll, you have no idea about security, and have no idea about computing in general.

Go and tarnish someone elses good name

APK

P.S.=> Just because you CAPITALIZE certain WORDS does not give your point any more CREDIBILITY

YOU CAN STOP IMPERSONATING ME boys... apk

"Hosts files no longer make sense in a current computing environment, being to slow to update, maintain and distribute. APK" - by Anonymous Coward on Wednesday December 01, @11:47AM (#34405438)

Funny I show QUITE otherwise below!

Custom HOSTS files are easily distributed across LAN/WAN environs too, via logon scripts, & easily deployed on a local system (via copies/overwrite or even manual edits, & I supply reputable + reliable sources for that below no less).

What are my "naysayers" here all afraid of?

Are my naysayers here impersonating me as they have above, because they're MALWARE MAKERS perhaps??

Malware makers who KNOW that custom HOST FILES put a MAJOR DENT into their illegal enterprises, perhaps???

It seems so... especially replying as AC as this one has (2nd time this week, lol).

Take a GOOD read of MY words (not this dull-witted impersonator I quote above, 2nd time this week no less, lol, like they're "fooling" anyone reading):

---

14 ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com
http://www.shadowserver.org/

REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

8.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a progra

UR Off topic troll, read this & grow up

You can cut impersonating me now, it's not working... 2 times in this thread now (1st one here -> http://tech.slashdot.org/comments.pl?sid=1891254&cid=34405740 )?

Please (You MUST be a malware maker who exploits others & knows what a HOSTS file can do to secure people on nearly ALL levels perfectly vs. your illegal heinous machinations online).

Folks KNOW I posted this material & the P.S. below even makes it MORE solid w/ examples of problems (past & present) & DNS:

14 ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

GOOD INFORMATION ON MALWARE BEHAVIOR LISTING BOTNET C&C SERVERS + MORE (AS WELL AS REMOVAL LISTS FOR HOSTS):

http://ddanchev.blogspot.com/
http://www.malware.com.br/lists.shtml
http://www.stopbadware.org
http://blog.fireeye.com/
http://mtc.sri.com/
http://news.netcraft.com
http://www.shadowserver.org/

REGULARLY UPDATED HOSTS FILES SITES (reputable/reliable sources):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]
http://someonewhocares.org/hosts/ [someonewhocares.org]
http://hostsfile.org/hosts.html [hostsfile.org]
http://hostsfile.mine.nu/downloads/ [hostsfile.mine.nu]
http://hosts-file.net/?s=Download
https://zeustracker.abuse.ch/monitor.php?filter=online
Spybot "Search & Destroy" IMMUNIZE feature (fortifies HOSTS files with KNOWN bad servers blocked)

8.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed.

10.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs.

11.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://www.mvps.org/winhelp2002/hosts.htm ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

12.) You don't have the sourcecode to Adblock. With hosts you don't even need source to control it (edit, update, delete, i

How does the tech work?

[shish]

The article seems to have no real details on the technical side -- does anyone know how this is supposed to work? In particular, how does it scale to billions of hosts? What stops somebody automatically registering all the names? Without central authority, how are disputes over where a name should point solved?

(Also, what happened to slashdot? It's been a couple of hours since the article was posted, and all the comments (reading at +2) are political -- does nobody else here care about the technical side of technology? :-( )

As much as I'd love to...

[Venzor]

As much as I'd love to see a truly decentralized internetwork (p2p DNS and routing) idealogically, such a notion cannot replace the Internet as we have it today. In order to get anywhere reliably, you have to trust someone. You cannot have trust without an accountable authority. It's possible that you can get a modicum of trust via trusting a server that the people you trust have trusted (that was a mouthful), but in the end it will aggregate to a select few authorities at the root of it all. And then we have the same or similar issues to now.

I honestly cannot see how a true p2p domain name system can work and still be usable by someone who "just wants to surf the 'net".

Perhaps all we really need is a 'democratic' system - a select few members of the root DNS (geographically and politically separated of course) and a lookup system that queries each and selects the majority response as the correct response. At the very least, the domain name system should not be solely in the hands of one government.

Re:As much as I'd love to...

[jack2000]

How about you trust a couple of people first? Something like say 20 isps.
If someone wants to change the DNS record for a given domain all must agree. Your list of trusted peers will be up to you to decide so you can add one more, say your neighbor's node.

HOSTS files are protection vs. DNS faults

"Anyone can set up a DNS server and serve names, and anyone else pointing at that DNS server can resolve them. There has always been some competition to the mainstream DNS and I think this move will bring more." - by Greyfox (87712) on Wednesday December 01, @09:01AM (#34403468) Homepage

Some more notes on DNS servers & their problems, very recent + ongoing ones:

BIND vs. what the Chinese are doing to DNS lately? See here:

http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

---

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

(Yes, even "security pros" are helpless vs. DNS problems, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind you!)

---

DNS vs. the "Kaminsky DNS flaw", here (and even MORE problems in DNS than just that):

http://www.scmagazineus.com/new-bind-9-dns-flaw-is-worse-than-kaminskys/article/140872/

(Seems others are saying that some NEW "Bind9 flaw" is worse than the Kaminsky flaw ALONE, up there, mind you... probably corrected (hopefully), but it shows yet again, DNS hassles being exploited!)

---

Moxie Marlinspike's found others (0 hack) as well...

Nope... "layered security" truly IS the "way to go" - hacker/cracker types know it, & they do NOT want the rest of us knowing it too!...

---

SO, WHAT CAN A HOSTS FILE DO VS. THOSE PROBLEMS ABOVE? PROTECT YOU! Read on...

14 ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK:

1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...).

2.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

3.) Adblock doesn't protect email programs external to FF, Hosts files do.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via PINGS &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites reliably vs. things like the Chinese are doing to DNS -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders

7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:

Re:HOSTS files are superior to AdBlock & how/w

[thePowerOfGrayskull]

hosts is a valid solution and can address a lot of issues; however, saying it's superior to adblock because of all the things adblock wasn't designed to do is like saying a car is better than a motorcycle because you don't need to wear a helmet.

Of course it doesn't block email and malware from communicating -- it's never been intended to. On the other and, what are you doing with malware installed, and allowing your email to d/l content from third party servers without your explicit approval?

Non-ICANN Domains now launched

New non-ICANN domain names already exist on http://dashworlds.com New DASHCOM domain names are available free

Wasn't it a performance thing?

[JSBiff]

I've always understood that the reason the DNS is hierarchical isn't that programmers just thought it would be great for no other reason than that they like trees. My understanding is it is the very foundation of breaking up the DNS into smaller chunks that can be stored (and resolved) on multiple servers. DNS is *already* distributed, sort of, in its design. The issue is that there are central root and tld servers.

So, if I want to check email, and my mail client needs to contact mail.myisp.net, it first asks the root servers for the .net server, it asks the .net server for the myisp.net server, then it asks the myisp.net server for mail.myisp.net - that way, all the higher level servers can just answers to a small 'chunk' of the total dns namespace.

One way or another, any DNS system is going to need to splitup the namespace *somehow*, so if it isn't a tree, then what's it gonna be?

Re:Wasn't it a performance thing?

[TheRaven64]

That's the theory, but it ended up being a very shallow hierarchy. The .com zone contains the vast majority of domains and requires a huge amount of infrastructure to drive it. Some ccTLDs are also quite popular, but people very rarely use the kind of deep tree that would have reduced the load on DNS.

Re:Wasn't it a performance thing?

[JSBiff]

I work for a somewhat small software company (about 100 employees), I know we have at least 10 or 20 'server-level' hostnames, all of which are part of our main domain, so that at least 10 server names are served by that single name server. Again, we are a small company - I wouldn't be surprised if some of the bigger organizations in the world have hundreds, maybe in some cases thousands, of hostnames all served under a single domain. Most large univeristies will have hundreds or thousands of servers spread across multiple colleges/departments, where sometimes the colleges, and in a few cases even departments, have their own sub-domain.

Hierarchies don't have to be 'deep' to help reduce the load pretty significantly. Because of different ccTlds, and the different 'standard' tlds, and because of what I mention above about a single domain-level server handling many servers inside that domain, I'm pretty sure the namespace is cut down quite a bit from the 'worst-case' scenario of a completely flat naming system. I also do believe the parent in that there's probably a lot of very big servers, connected to very big Internet connections, serving the .com domain.

Trust/control?

[JSBiff]

My first question would be, how is my 'domain' secured in this system so it can't be easily hijacked? If it does get hijacked, how do I ever get control of it again? How do I know a domain I am visiting wasn't hijacked?

These are issues facing the 'official' DNS system too, but generally, with the official DNS system, because of a fairly centralized control regime, it's at least difficult, usually, to hijack a domain, because you have to convince one of the levels of other servers to delegate authority over that domain to your servers. With a distributed system, how do you ensure that all the nodes give the same answer to a query? What's to stop a node from just lying? How do you detect if it's lying (some sort of cryptographic system would probably be needed)?

With the 'official' DNS, if my domain is hijacked, there are legal processes I can follow to try to prove that the domain should be rightly mine, and to have control restored if it's hijacked. Will there be any either technical or legal remedy for having your domain 'jacked in the P2P-DNS?

Better alternative?

IDONS:

http://lwn.net/Articles/417974/

It claims superiority to The Pirate Bay's version.

15 points favoring HOSTS over AdBlock ALONE

"hosts is a valid solution and can address a lot of issues;" - by thePowerOfGrayskull (905905) on Wednesday December 01, @12:46PM (#34406288) Homepage Journal

You realize HOSTS' files value: That's good! It's a solid supplement to DNS servers (external and even INTERNAL ones for AD) for security, & they're easily logon script "mass deployed" on LAN/WAN environs also.

---

"however, saying it's superior to adblock because of all the things adblock wasn't designed to do is like saying a car is better than a motorcycle because you don't need to wear a helmet. Of course it doesn't block email and malware from communicating -- it's never been intended to." - by thePowerOfGrayskull (905905) on Wednesday December 01, @12:46PM (#34406288) Homepage Journal

That's the "problem" though - I pointed out WHAT HOSTS CAN DO the same as Adblock alone, but also ADBLOCK'S DEFICIENCIES (especially when compared to AdBlock - 14-15 of them in that list in fact), which HOSTS overcome by adding what HOSTS files can do, vs. AdBlock (or DNS servers) alone.

I'm not really saying "don't use AdBlock" (in fact, I literally STATE THE OPPOSITE in my init. post here):

What I am saying is, SUPPLEMENT ADBLOCK &/or DNS Servers for layered security and speed gains!

(and I enumerate why (that goes for DNS problems too)).

I use AdBlock (opera's version, along with its URLFILTER.INI file, a custom .pac file, & also a custom cascading stylesheet, all in layered security "unison") PLUS OpenDNS or ScrubIT DNS Servers (GOOGLE DNS is yet another decent one)!

However, in an AD environs?

Well, w/ DNS servers assignments?? Don't use external ones... yes, you have to watch it in AD environs due to things like Exchange + FULL Outlook not working IF you use DNS that's NOT AD ready & from an external source outside your LAN/WAN (and you will use DNS & directory services NEED DNS... AD? Hey, it's based on LDAP, which is a toolset for x500 directory access, like ANY directory services are usually)).

---

"On the other and, what are you doing with malware installed, and allowing your email to d/l content from third party servers without your explicit approval?" - by thePowerOfGrayskull (905905) on Wednesday December 01, @12:46PM (#34406288) Homepage Journal

I don't have any malware installed, & I don't use HTML based email (text only, thus no scriptable exploits that way are possible here)!

E.G.-> I can recognize an infected system pretty fast & clean it also (literally 1000's of customers of mine have been cleared of them by myself, & I have YET to miss cleaning any type (inclusive of some rootkits too (bootsector originated))... the guide I wrote covers it in its "malware removal" portion in fact.

Plus, I secure myself this way (guide I wrote for Windows users I was actually PAID for & has gone WELL OVER 600,000++ views since 2008 (I stopped counting that in 2008 too, probably well over a million views by now - it's featured on 15 forums worldwide, & has been made a "sticky/pinned" thread, or "essential guide" &/or has been "5/5 star rated" many times also).

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE

(No malware here... I haven't been exploited in more than a decade & 1/2 if not more in fact, & because of what's in that guide (I wrote the 1st version of it in 1997 for NTCompatible.com in fact, as their "Article #1" & it's improved & adapted for NEW MS' Windows, as they released in fact (Mark II "Iron Man Armor Online" in the present version, as I think of it, lol!)

APK

P.S.=> To quote Tony Stark of IRON MAN fame (since I am using that analogy of sorts here now)?

"IT WORKS!"

The HOSTS file IS in my estimation, a crucial part of that guide too... the "Arc Reactor" portion (because I have ways of making it smaller & even MS' own senior mgt. in Foredecker (Windows Client Performance Division) agree I am correct on it here -> http://slashdot.org/comments.pl?sid=1467692&cid=30384918 ) ... apk

Re:15 points favoring HOSTS over AdBlock ALONE

[The+End+Of+Days]

Dude, start taking your meds again. You're losing it.

Hopefully this inspires you to start stalking me again :D

What SPAM doesn't kill, gets stronger....

[malakai]

You are looking at this from the wrong point of view. It is not that SPAM kills good products. Instead SPAM kills products that were poorly designed and/or implemented.

Let's say SPAM didn't exist. Let us say that you create some new Killer App 4.0. You release it. Someone doesn't like you. They don't like your company, or they don't like someone using your product. They don't want to make a buck, they just want to grief. At this point, whatever flaws would have been exploited by a SPAM'er, is going to be exploited by this griefer.

SPAM IS GOOD. Our infrastructure and our original set of RFC's are BAD. They were built in too clean of a room. They worked initially in the original sterile environment, but they are failing to cope with the current non-sterile environment. All internet products need a much more healthy immune systems. And SPAM, if it's good for nothing, is good for building an Immune systems ( have you tasted it )?

Re:What SPAM doesn't kill, gets stronger....

Interesting idea. So what you're saying basically is that SPAM is like all the dirt and crap we humans must intake in your youth, or we will end up being "allergic" (not in the hypersensitive disorder of the immune system way but in bad respone to normal stuff way).

Just how the above impersonator is wrong

Silly little troll showing his IGNORANCE by impersonating me, the great and wise APK.....anyway, I will show BEYOND a DOUBT why HOSTS files no longer make sense, and REFUTE the misinformed posts of the troll impersonating me several times in this thread.

"1.) Adblock blocks ads in only 1 browser family (Disclaimer: Opera now has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF...)." - by Anonymous Coward (22995) on Wednesday December 01, @12:20PM (#34405942)

FALSE - Chrome, FF, IE and Opera all have Adblock, and it probably is not to long until there is a centralized filterlist as a community effort

"HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program)." - by Anonymous Coward (22995) on Wednesday December 01, @12:20PM (#34405942)

THIS is not at all an ADVANTAGE, HOSTS file are lower level, but a higher level SOLUTION has the added ADVANTAGE of being used on any OS with a BSD stack, as well as those without.

"3.) Adblock doesn't protect email programs external to FF, Hosts files do." - by Anonymous Coward (22995) on Wednesday December 01, @12:20PM (#34405942)

FALSE - It is TRUE that adblock extensions are browser addons, but then a HOSTS file will not prevent displaying ads in an email(although if read in a browser will), nor will it help from soneone clicking on a malicious link. When someone does click on a malicious link, it then gets handled by the browser...the email client is IRRELEVANT. To CLAIM HOSTS files have any sort of protection against MUA's is simply FALSE.

"4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below)." - by Anonymous Coward (22995) on Wednesday December 01, @12:20PM (#34405942)

Which is why we have REDUNDANT and BACKUP DNS entries, and caching. Is this REALLY the best you can do, TROLL? This is a NON-ISSUE.

"7.) AdBlock doesn't let you block out known bad sites or servers that are known to be maliciously scripted, hosts can and many reputable lists for this exist:" - by Anonymous Coward (22995) on Wednesday December 01, @12:20PM (#34405942)

FALSE - EVERY ad block extension for EVERY browser allows you to explicity define sites to block, what is MORE they allow wildcarding and REGULAR EXPRESSIONS, something HOSTS files do not.

"8.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you)." - by Anonymous Coward (22995) on Wednesday December 01, @12:20PM (#34405942)

FALSE - The speed difference is NEGLIGIBLE and NEGATED due to CACHING, of course if you have some AUTHORITATIVE and CREDIBLE tests that show otherwise I would like to SEE them.

"9.) AdBlock & DNS servers are programs, and subject to bugs programs can get. Hosts files are merely a filter and not a program, thus not subject to bugs of the nature just discussed." - by Anonymous Coward (22995) on Wednesday December 01, @12:20PM (#34405942)

Except that a HOSTS file needs to be parsed by a PROGRAM, which is just as subject to BUGS as a higher level PROGRAM. To say you should nto use a superior solution BECAUSE it MIGHT have BUGS...or not even that it MIGHT just that BUGS are possible is a poor argument at best.

"10.) Hosts files don't eat up CPU cycles like AdBlock does while it parses a webpages' content, nor as much as a DNS server does while it runs." - by Anonymous Coward (22995) o

Impersonating me a 4th time, troll? apk

"Silly little troll showing his IGNORANCE by impersonating me, the great and wise APK.....anyway, I will show BEYOND a DOUBT why HOSTS files no longer make sense, and REFUTE the misinformed posts of the troll impersonating me several times in this thread." - by Anonymous Coward on Wednesday December 01, @01:49PM (#34407514)

See my subject-line, & my refutations of your points below:

---

"FALSE - Chrome, FF, IE and Opera all have Adblock, and it probably is not to long until there is a centralized filterlist as a community effort" - by Anonymous Coward on Wednesday December 01, @01:49PM (#34407514)

Ok then, I'll use a 3 points HOSTS can do that AdBlock can't, right now:

1.) Can AdBlock control HTML email programs like Outlook &/or OutLook FULL (both WIDELY used), HOSTS can? Anwswer = NO! Adblock can't...

2.) Can AdBlock block out KNOWN BAD WEBSITES like HOSTS CAN? Answer = NO! Adblock, can't...

3.) Can AdBlock speed up access to your favorite sites by hardcodes of the IPAddress-to-Domain/HostName equation? Answer = NO! Adblock, can't...

(Need more? I can do them you know, easily!)

---

"THIS is not at all an ADVANTAGE, HOSTS file are lower level, but a higher level SOLUTION has the added ADVANTAGE of being used on any OS with a BSD stack, as well as those without." - by Anonymous Coward on Wednesday December 01, @01:49PM (#34407514)

First of all? I didn't say that: You're misquoting me (probably you during impersonating me): HOSTS are used on systems with a BSD based IP stack (I don't know about others, & I even used ADB to "pull/push" it to ANDROID this week on the system mount point after mounting it with READ + WRITE ACCESS)...

"FALSE - It is TRUE that adblock extensions are browser addons, but then a HOSTS file will not prevent displaying ads in an email(although if read in a browser will), nor will it help from soneone clicking on a malicious link. When someone does click on a malicious link, it then gets handled by the browser...the email client is IRRELEVANT. To CLAIM HOSTS files have any sort of protection against MUA's is simply FALSE." - by Anonymous Coward on Wednesday December 01, @01:49PM (#34407514)

HOSTS will prevent ANY PROGRAM THAT IS WEBBOUND, even in HTML mail with bad url's in them, because the HOSTS file operates BELOW usermode/ring 3/rpl 3 mode operation (apps you use) & is used by the kernel mode programs like the IP stack itself.

Try it yourself - I have pals & myself that get bogus bushwhack attempt emails, with URLs to known malicious sites in them in HTML mail... I can even CLICK ON THEM, & I won't get there... why? HOSTS files operating @ IP Stack level is why!

---

"Which is why we have REDUNDANT and BACKUP DNS entries, and caching. Is this REALLY the best you can do, TROLL? This is a NON-ISSUE." - by Anonymous Coward on Wednesday December 01, @01:49PM (#34407514)

LMAO - are you stupid? Once the Kaminsky flaw propogates a BAD dns record up to DNS servers (which if NOT DNSSEC & most aren't mind you), it takes the "1st answer" it gets, even IF it's a misdirecting one. SECUNIA.COM just got hit by it, & guess what else??

They had to set the DNS records straight & then the subordinate servers that call on it have "lag time" during updating cascading/propogating to said subordinate DNS servers.

SECUNIA HIT BY DNS REDIRECTION HACK THIS WEEK:

http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

(Yes, even "security pros" are helpless vs. DNS problems, & they can only try to "set the DNS record straight" & then, they still have to wait for corrected DNS info. to propogate across all subordinate DNS servers too - lagtime in which folks DO get "abused" in mind yo

Are YOU retarded, is the question... apk

"Are you retarded" - by stonewallred (1465497) on Wednesday December 01, @02:59PM (#34408810)

Ad hominem attack the "Best you've Got"? Apparently so, look at your quoted reply!

QUESTION: Are you a MALWARE MAKER that doesn't want others to know about a valuable easy to obtain, edit, update & use extra layered security method like HOSTS files that even STOPS DNS errors (like redirect poisoning, which ADBLOCK CANNOT DO)?

---

"or is your business selling host files?" - by stonewallred (1465497) on Wednesday December 01, @02:59PM (#34408810)

Secondly?? I don't "sell" anything... hosts files are FREE (see the mvps.org link I put up).

Show us where I was trying to sell one, ok, and please: LEARN TO READ!

(You're trying to put words in my mouth I never stated with that one...)

---

"Maybe tech geeks know what host files are, but the average computer has no idea and no desire to know or utilize them?" - by stonewallred (1465497) on Wednesday December 01, @02:59PM (#34408810)

Untrue, there are ENTIRE FORUMS that do (including this one & others like mvps.org which both have many 1000's of users who know it)!

Forums like this are where folks know how to use custom HOSTS files which are free & regularly updated (and copying over an older outdated one, with a premade one from a reputable site like mvps.org? CAKE!).

Here is where I tell others about them is all, it's widely travelled here is why.

Who are you trying to fool here, and did you even READ my reply to you & others I posted here?

I cover all that & all else you mention here now, so, evidently you DID NOT READ my init. post & others subsequent to it!

(All you do it seems is call others names in ad hominem attacks (invalid in logical debate)).

---

"If it doesn't take them to youtube, google or their favorite homepage, then it is not important to them." - by stonewallred (1465497) on Wednesday December 01, @02:59PM (#34408810)

You've made the mistake of "Speaking for Everyone" and you? You're certainly NOT everyone there is online... try tell that to mvps.org's forums folks, for example.

They have a VERY easy to understand document for HOSTS & what they can do for you, and how to use them, plus to obtain updated ones also.

---

"So instead of preaching about how great they are, why not develop a FF plug-in that allows them to be used easily, reliably and unobtrusively?." - by stonewallred (1465497) on Wednesday December 01, @02:59PM (#34408810)

LOL, now I KNOW you didn't read my 1st post:

One of the 1st things I note is how AdBlock won't cover speeding you up via hardcodes into a HOSTS file of your fav. sites!

Another is how AdBlock cannot control anything other than the browser its made for (FF version, same with Opera version or Chrome) & even its email built in which it SHOULD work for, but not for ones like external to browser email programs (widely used ones that use HTML mail, where bushwhack bad links in SPAM are, such as Outlook Express OR full OUTLOOK).

APK

P.S.=> AdBlock is limited to the browser its coded for, but doesn't cover EVERY webbound program you have vs. bad sites... HOSTS files, can & DO, with ease (download a prebuilt one from say, mvps.org, & overwrite copy to yours you have IF it's out of date - simple)... apk

Re:Are YOU retarded, is the question... apk

[stonewallred]

And dumbass, L2read. I am not a tech geek. I am however the most computer literate person in my extended family. And if I don't know WTF a host file is and ain't interested in using them, then what makes you think anyone less technically inclined than me will be, regardless of how many times you post links, and other useless junk? Most folks think IE is the internet. So instead of spewing posts about how host files are the next greatest thing in the world and will even make your dick bigger, how about writing an add-on for FF that will easily install and link to a host file so non-geeks can have it installed by semi-computer literate folks?

You didn't SPECIFY, & I recommend BOTH

In my init. reply, you SKIMMED & missed that I advocate using BOTH AdBlock, DNS servers (good ones), AND HOSTS, because my list in favor of HOSTS shows HOSTS can do things, adblock alone just CANNOT... First of all!

Secondly?

I conceded your point but there are many things you seem to be "StRaNgELy" avoiding...

Things such as all the things AdBlock CANNOT DO that HOSTS can my init. posts' list has!

(Even to the point of showing HOSTS are covering you vs. the Chinese exploits of DNS servers this week via redirection -> http://yro.slashdot.org/story/10/11/29/1755230/Chinese-DNS-Tampering-a-Real-Threat-To-Outsiders and SECUNIA exploited too (via the Kaminsky flaw in DNS) -> http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/

---

"I'm not talking about anonymous proxies" - by nschubach (922175) on Wednesday December 01, @01:21PM (#34406958) Journal

First of all, you didn't specify ANY specific type of proxy server...

I merely pointed out the downside of online anonymous proxies (they SLOW YOU DOWN, quite often hugely)!

Also, & proxies @ work? They STILL SLOW YOU DOWN, whether you know it or not... you're going thru yet another layer of complexity is why (ask your network folks about that, they won't tell you diff. - it's not "huge" but the slowdown? Still there!)

Besides, in certain circumstances (even "necessary evils" like local proxies) are still programs, with possible security issues in them (look @ DNS servers alone as an example thereof) & beyond that?

HECK - AGAIN: I even SAY to use AdBlock, alongside good DNS servers (like OpenDNS), & NoScript - for "layered security", & yes, they ALL WORK FINE IN COMBINATION!

HOWEVER: I DO POINT OUT A NUMBER OF THINGS (15) THAT ADBLOCK ALONE, or DNS SERVER USE ALONE CANNOT DO, that HOSTS can!

Care to dispute that?

After all - You're free to dispute each of my 15 points in favor of HOSTS files usage, & to disprove them...

(Good luck, you'll NEED it (I've had "fleets" of trolls trying that here for years, and I have yet to see them disprove every single point in my lists about HOSTS files)).

Thing is though, & I hope you're not offended?

I actually LIKE IT when folks do, because it only takes me a second to overcome their objections disproving them, or nulllifying them, easily.

APK

P.S.=> Of course, there is also Mr. Oliver Day's "A RETURN TO THE KILLFILE" article that points out HOSTS files and their benefits too:

A RETURN TO THE KILLFILE (hosts):

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, from my initial & subsequent posts here in this very exchange no less... & guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly!

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blockin

In the spirit of Leslie Nielsen

[zooblethorpe]

who would put medicine they bought from a spam email into their body? The same people who would put illegal drugs from a stranger on a street corner in their body.

I don't have any street corners in my body, so I guess that's not a concern.

Cheers,

Cooking time!

[zooblethorpe]

So he's Finnished being Norwegian and decided to Sweden the pot by standing in as the new Swedish Chef? I'd love to see that Muppets episode!

Bork Bork Bork!

Cheers,

Name tossing "the best you got"? Apparently so!

"And dumbass, L2read. I am not a tech geek. I am however the most computer literate person in my extended family." - by stonewallred (1465497) on Wednesday December 01, @06:00PM (#34411536)

First, see subject-line, & secondly? Read:

This is HOW & WHY I burnt you on every "so-called point" you tried... take a hint: DO NOT TRY TO "SCHOOL" YOUR BETTERS THEN!

You'll lose, badly, as you did here...

(I've been at this field 27 yrs. total time, & 17 as a pro, & I have been multiply internationally published a dozen times & for programs that I've written that have been, for example, reviewed GREAT in highly esteemed publications like Windows IT Pro, whose ware & work went to MS Tech Ed 2x in a row on a contract I was paid to do for EEC Systems/SuperSpeed.com where my work took them to a FINALIST position in the hardest category: SQLServer Performance Enhancement!)

---

"And if I don't know WTF a host file is and ain't interested in using them, then what makes you think anyone less technically inclined than me will be, regardless of how many times you post links, and other useless junk? Most folks think IE is the internet." - by stonewallred (1465497) on Wednesday December 01, @06:00PM (#34411536)

Talk about "the pot calling the kettle black": You're out telling others about "AdBlock"!

You're not really that intelligent, are you? I mean, you're telling ME not to help people with the SAME BASIC idea you're doing yourself - you were pimping adblock & WHEN I TOLD OTHERS ABOUT HOSTS, you started your shit!

(Get an IQ upgrade for yourself, if not only for OUR sake here on /. ... "m'kay"? You NEED one!)

---

"So instead of spewing posts about how host files are the next greatest thing in the world and will even make your dick bigger, how about writing an add-on for FF that will easily install and link to a host file so non-geeks can have it installed by semi-computer literate folks?" - by stonewallred (1465497) on Wednesday December 01, @06:00PM (#34411536)

Sorry, I don't take advice from cretins/dolts like yourself that toss names as their "method of convincing others" first of all - secondly, my dick is plenty big enough, so "no thanks" (sounds like YOU are interested in dick though, lol)... & lastly?

AGAIN - BROWSER ADDONS ONLY RUN FOR THE BROWSER THEY ARE PROGRAMMED FOR (& I never "knocked" using them, but NOT BY THEMSELVES ONLY, but in layered security combination with DNS servers &/or say, AdBlock + NoScript - in fact, that's IN MY FIRST POST HERE!)

APK

P.S.=> Learn to read, you skimmed over that last point I made... apk

Re:WINS - Yes, WINS - Windows Internet Naming Syst

[Joe+U]

WINS did have scopes that could, in theory, extend that, but MS didn't do a great job implementing it.

Thinking about this, there are too many issues with hooking into the WINS resolver. Nope, it's going to have to be something new if it's done right.

Otherwise, it's just going to be a new DNS Root and that's just repeating history.

iTunes is not a good example..

of anything.

Please stop quoting it as such.

Try using the product before saying such things.

The interface belongs in a hall of shame.

After several years the iTunes developers still haven't resolved core user complaints (removing duplicates / lost of connection between itunes entry and file).

Scream if you like, but Winamp still wins - because it works.

Try these fun things with iTunes:

Trial 1. Drag a folder with lots of music files in from your local drive into iTunes; then drag the folder in again.

Now: Try and figure out how you are going to fix this massive problem of duplicates. Delete them (one at a time!)? Start from scratch?

Trial 2: Drag a folder with lots of music files in from a local drive into iTunes; then drag a folder with lots of songs in from a network drive to iTunes; disconnect the network drive; close then open itunes and play music from the remote folder. Then: Connect the remote share.

Now: All of your remotely stored files are disconnected. What will you do?
How do you know which files won't work? By playing them?
How will you fix this?
You have local (working) files, and disconnected remote files all mixed up.

and, because you have been such a good audience: we will add a #3

Trial 3: Drag in a bunch of files that don't resolve properly via online lookup; and a bunch of files with long file names into a windows instance of iTunes.

You will find that in the first case all of your files are renamed (and you are now asking "wtf? if you can't find it online WHY is it renamed to Unknown?!?!?!?) ; and in the second case all of your files are truncated (due to the file name length limits and due to itunes putting the file 50 chars deep into the file system).

So. Lets see. Now you have screwed file name - as they didn't exist online; and screwed file names.

What are you going to do?
Back out the name changes. Oh no, there's no magic button for that.
Manually restore the lost file name? For .. how many files?
Manually fix the long file names?

So, now, learning the hard way (and I HOPE you didn't use the option to consolidate the location of the files on add) you will probably create a local folder from the root of a local drive, clear everything from itunes, and import to that location.

and hope it doesn't screw everything up because back out is not an option.

Do Not Ever Use Itunes As An Example Of What Is Good

What you foreigners are forgetting....

[DrStoooopid]

...the internet was invented and implemented by the United States. It's OURS. If the powers that be decide "It's my bat and my ball, and I don't wanna play anymore" that's their choice. They own the bat and the ball. Don't like it, build your own and don't invite the US to play. OHHHH, but wait, that's what you're trying to do, but piggy back traffic on the network they control.

Kids, just wait till IP6...with bit-lengths that long, it'll be a lot easier to hide traffic, and by the time the powers that be get their heads out of their asses, something bigger and better will have come along.

"Oh no, the sky is falling, the sky is falling....some poor kid in Africa can't download the latest "The Office" torrent...." What you're all forgetting is that the internet is what it is today because of corporate backing and investment. I don't like it any more than you do, but you don't go to China and demand they speak English...

You're doing the stalking here it seems

See subject line above, and is that the best you've got? Some weak attempt at acting the "sidewalk psychoanalyst" on your part?? Seems so.

"Dude, start taking your meds again. You're losing it." - by The End Of Days (1243248) on Wednesday December 01, @11:28PM (#34413838)

Got your PHD in psychiatry since you're trying to dispense &/or proscribe meds there, The End of Days? No?? Didn't think so.

(I wonder who's "losing it" here: Myself, staying on the topic @ hand & disproving all comers' points with valid technical information, OR, you, trying to play "psychoanalyst" with no degree or years to decades of licensed professional practice under your belt?)

APK

netsukuku has a head start

https://secure.wikimedia.org/wikipedia/en/wiki/Netsukuku#A_Netsukuku_Domain_Name_Architecture