DNS Heavyweights Raise Concern Over DNS Filtering

penciling_in writes "A group of DNS heavyweights have released a paper detailing serious concerns over the proposed DNS filtering requirements included as part of the bill recently introduced in the US Senate named Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PROTECT IP Act). The group which includes Paul Vixie, Dan Kaminsky, Steve Crocker, David Dagon and Danny McPherson, have detailed several serious technical and security concerns in the event that the mandated DNS filtering is enacted into law. Dan Kaminsky says: 'There are efforts afoot to manipulate the DNS on a remarkably large scale. The American PROTECT IP act contains several reasonable and well targeted remedies to copyright infringement. One of these remedies, however, is to leverage the millions of recursive DNS servers that act as accelerators for Internet traffic, and convert them into censors for domain names in an effort to block content.'"

Blocking domains? Very effective...

[Yetihehe]

Didn't anyone warn them that just blocking a domain name doesn't work?

Re:Blocking domains? Very effective...

SHHHHHHHHHHH!!!!!!!!!!

Re:Blocking domains? Very effective...

But it sure as hell makes it look like they're busy.

Re:Blocking domains? Very effective...

[Dog-Cow]

I know it's anathema, but you could read the PDF instead of asking inane questions.

Re:Blocking domains? Very effective...

Who'll be the first to print: "Well known Security researcher Dan Kaminsky calls DNS filtering reasonable and well targeted."

"The American PROTECT IP act contains several reasonable and well targeted remedies to copyright infringement. One of these remedies, however, is to leverage the millions of recursive DNS servers that act as accelerators for Internet traffic"

Re:Blocking domains? Very effective...

[1s44c]

Didn't anyone warn them that just blocking a domain name doesn't work?

Yes. They didn't understand what a domain was or what blocking one meant.

Re:Blocking domains? Very effective...

[SuricouRaven]

But if it doesn't work, it'll only serve as a justification to introduce a tougher form of filtering. It's far easier politically to justify fixing a 'loophole' in an existing law than it is to propose something completly new. DNS blocks first, IP address blocks later.

Re:Blocking domains? Very effective...

i think it is effective. it is effective as locks on doors. we use those. circumvention is possible. i think what really matters is whether or not the lobbyist think it's effective. congressmen could be laughing just as hard as you are about the effectiveness of the bill but they would still pass it because it keeps the lobbyist money flowing.

Re:Blocking domains? Very effective...

[LongearedBat]

But it's so boooring to have to read every article.

;-)

Re:Blocking domains? Very effective...

Not to mention that they'll pass an anti-circumvention law that will turn /etc/hosts into a burglary tool.

Ineffective

[WillyWanker]

And what's to stop people from using a DNS server that's outside the US? Or even just punching in the IP address directly?

Re:Ineffective

[i+kan+reed]

FBI agents with guns.

Re:Ineffective

[SanityInAnarchy]

If you've got those, why do you need to fuck with DNS anyway?

Re:Ineffective

People find out about the IP mainly from DNS. So unless people start NOW to look up the IP address for all their favorite sites most people won't know the IP's when the censorship starts. I can honestly say I don't know the IP for ANY of the sites I visit. I don't have my own IP's memorized for the couple of VPS I manage. I have to login to the control panel to find them or dig through saved / archived emails.
And this still only counts for known sites. What if a new site comes out that is in the start of growth, then gets blocked? Not many people will know what the IP is because they have not had a chance to get there in the first place.
Perhaps I'm in the minority on this site. How many people "honestly" knows the IP address for every site you lie to visit? (Or to put it differently, if a site you like to visit gets blocked, do you ALREADY know the IP to visit it anyway)

Re:Ineffective

[i+kan+reed]

Ok, well I was mostly joking, but you're forgetting the pareto principle.

If they can eliminate 80% of file sharing with a 20% offort of blocking the DNS, the remainder can be treated just as I mentioned. If they had to expend that much effort on every person willing to google "movie torrents" and just click a link the FBI wouldn't be able to keep up.

Re:Ineffective

[Kamiza+Ikioi]

Dogs work too.

Re:Ineffective

[sosume]

I can't wait for the feds to seize the root DNS servers for not complying.

Re:Ineffective

FBI agents with guns.

Parent was modded "+5, Funny" and for good reason, but the comment is equally worthy of "+5, Insightful"

Re:Ineffective

[SuricouRaven]

It only needs one person to put it on blog or forum, and word will spread.

Re:Ineffective

[sgt+scrub]

DNS traffic is easily redirected. Typing in the IP address is definitely a work-a-round but it isn't plausible for someone to know the IP address of every place they want to go. sDNS is possible but, albeit pretty obviously, can be proxied with a MiM attack. What is needed is DNS over another protocol that is encrypted. One of the items on my to do list, and something that anyone can do instead of me, is to create a plugin for firefox that does DNS over HTTPS. I'm a little pissed with Mozilla right now so it is way back on the burner. Feel free to do it yourself though :)

Re:Ineffective

[wkcole]

I can't wait for the feds to seize the root DNS servers for not complying.

No need to do that. Killing a domain only requires changing the registry-level zone file. Also, as a legal matter the traditional gTLD's registries operate under a contract with the federal government. Simply put, the feds own .com, .net, .edu, .gov, and .org. so they could rather easily and effectively knock domains out of those zones if they wanted to work that way. As for the roots, they wouldn't ever need to seize anything, they just (at worst ) might need to get a new root zone deployed if they wanted to kill off an incumbent TLD authority. And yes, that would be a mess...

However, it is worth a few minutes to look at Kaminsky's paper, because it describes what the bill is apparently defining as the mechanism of action against specific names: filtering and redirection at the ISP level on the resolver side, not logical seizure of the domain on the authoritative side. That is a positively stupid approach to killing a domain name. Looking at the bill myself, it seems to me that there is a huge gap built in because it requires service of court orders to every DNS resolver operator being asked to do the filtering and redirection (that would be quite a "jobs program"!) and includes language that provides obvious grounds for just telling the feds to stuff their orders.

Re:Ineffective

[TheRealGrogan]

You can also do a whois lookup on the domain name, note the authoritative DNS servers for the domain, and query them directly. I've done that before to find the IP address of a site that had moved, yet the ISP's DNS server was still caching old records. (That doesn't seem to be as common nowadays, but some of the larger ISPs used to be absolute bastards with DNS caching. It often took days before you got updated records.) I am sure that could be done programatically as well.

Re:Ineffective

It just points to an alternative DNS that doesn't see the root nameservers as authoritative...

Re:Ineffective

[Agripa]

ATF and the US Marshals are the ones with the guns. The FBI prefers fire.

Re:Ineffective

It'll work for a short while but there'll soon be a simple program to set the DNS to working servers, all it'll take is downloading and double clicking an exe.

Not on my servers!!

[Eggplant62]

I guess it's time to get a read done of this nonsense and the see if I can't straighten my own elected officials out about how the tech works... *sigh*

Re:Not on my servers!!

[hedwards]

Sigh, this is probably the most pathetic troll post I've ever seen. Health Care Reform. Even without him doing another damned thing his entire term that alone would have put him way ahead of any President since Reagan.

Re:Not on my servers!!

[1s44c]

I bet you're one of those bible-thumping lunatics who believes the world "hates you for your freedoms," you know, those freedoms you DON'T ACTUALLY FUCKING HAVE ANY MORE.

Or in some cases never had.. America can preach about freedom when it gets its prison population down to sane levels and when its cops stop electrocuting everyone who so much as looks at them funny.

Re:DNS problems, & you can filter via HOSTS fi

Great... it's the HOSTS file spamming nutcase again.

china 2.

great firewall of america?

What's a DNS server?

[billlava]

I think you greatly overestimate the technological literacy of the average American. Most people aren't going to have a clue how to change their DNS servers, but even for those who do understand how to get around such restrictions, this is still disturbing. This is just a way for government to get its foot in the door. Soon, they'll be mandating to ISPs which DNS servers their clients are allowed to use, and what IP ranges are 'legal' to access on the internet. Maybe I should just take off the tinfoil hat and relax, but I can't see how government getting involved in legislating the internet in ANY way is a good thing.

Re:What's a DNS server?

"I think you greatly overestimate the technological literacy of the average American"

Buy EZDNSChanger Ex Pro Deluxe Platinum Premium edition for $19.99 and instantly change your DNS with no hassles. Order today and get a free Clippy tie clip at no extra charge! That's a $9.99 value free when you order!

Re:What's a DNS server?

[WillyWanker]

I didn't say I liked the idea, I only said that it would be highly inefficient, and as such shouldn't be done if for no other reason than it wouldn't have the desired effect. If someone wants to get to the Pirate Bay badly enough they'll figure out how to do it, as it's only a Google search away.

Re:What's a DNS server?

[billlava]

I think we're pretty much on the same page here. I agree that DNS blocking will be very inefficient. As a matter of fact, it will probably just increase people's awareness of what DNS is, and how to take advantage of it.

However, as I said before, I'm afraid that this is just a foot in the door. To borrow a phrase from paranoid philosophers of years past, this is a slippery slope. It's not hard to imagine regulators blocking swaths of IP address space or even filtering out specific pages on websites. If China can get away with it (with most people content to be censored and kept in the dark) who's to say it couldn't happen here?

Re:What's a DNS server?

[1s44c]

I didn't say I liked the idea, I only said that it would be highly inefficient, and as such shouldn't be done if for no other reason than it wouldn't have the desired effect. If someone wants to get to the Pirate Bay badly enough they'll figure out how to do it, as it's only a Google search away.

If the bad guys have DNS they control who gets to see google.

Re:What's a DNS server?

[hedwards]

Yes, but are those really the sorts of folks that are downloading torrents of their favorite shows? I mean seriously.

Re:What's a DNS server?

DNS server settings can also be changed automatically, in several ways. One can make a site that says "frustrated by PROTECT IP? Click here!", which edits the windows registry to change DNS settings. One could also solve this via browser addons. Just install an addon that has a small table of blacklisted domains and their IP address. I guarantee it will take about five minutes after PROTECT IP passes until we are inundated with them. Hell, there's even one available now (called the MafiaaFire redirector).

Re:What's a DNS server?

[g0bshiTe]

To borrow from "Guns don't kill people..."

Pirates don't illegally file share, it's ISP's that allow DNS that cause illegal file sharing.

Re:What's a DNS server?

[cdrguru]

Ah, but you miss the opportunity for folks to install the "New Unblocking DNS Mod" which grants you access to all sorts of pirated content. For only $10 you open up your computer and let some pirate application do whatever and you get access restored to the pirate sites you were being blocked from.

Of course, you also just installed some software which returns your passwords to somewhere else. But that is why the software that changes the DNS servers is so cheap.

Re:What's a DNS server?

Actually, it doesn't matter if the average American can't change DNS servers or type in an IP manually, the pirating scene will go back to the WaReZ scene where a few knowledgeable people in a social network will distribute infringed works to their friends. That's the old school WaReZ scene; one where this kind of "IP Protection" stands zero chance, and I welcome it. Remember the days of IRC? FTP servers? Newsgroups? If it goes back to that then the government and IP giants cannot stop us under any circumstance. "Digital identities," you say? Forge one. There's always a way around everything on the Internet and there always will be.

Re:What's a DNS server?

[DarkOx]

Like the average smuck was not going to be able to use dvdshrink? Come on you know some 1337 kid is going to read up on DNS just enough to learn how to set which server is used on Windows, whip out his intro to VB.net book and whip up a little single form program with all his code in the DoIt.OnClick() handler to set the value to some server in The Republic of North Bumfuck.

Then everyone moron on facebook will be sending it to each other and installing it. That is Week 1.

Week 2 is when everyones ISP just starts NAT'ing ever packet with a dst port 53 tcp or udp to their own DNS server.

Week 3 same kid who has now learned that port translation can be used for other things besides playing wow behind his Linksys router starts his Google quest for a COM object that implements SSH....

Week 4... Frustration ensues

Week 5 ... A new VB.net app is published!

Re:What's a DNS server?

[SuricouRaven]

Such a table already exists. It's called a hosts file.

Re:What's a DNS server?

[JimFive]

I'm afraid that this is just a foot in the door. To borrow a phrase from paranoid philosophers of years past, this is a slippery slope.

I just wanted to point out that "slippery slope" is the name of a fallacy. The fact that you can imagine these regulations does not mean that this act necessarily leads to those regulations.

We would do better to argue that this act itself is improper in itself.
--
JimFive

Re:What's a DNS server?

[sycorob]

Nice! Please to feed parent many mod points.

Re:What's a DNS server?

[Idbar]

I think you greatly overestimate the technological literacy of the average American.

I think you're underestimating the effort a young person will go through to get things online. Why would you think limewire, eDonkey, etc became popular?

I think that if the price doesn't work for you, you'll look for cheaper alternatives. This is particularly true for kids from college down to school, that have absolutely no income, but are the largest consumers of popular media.

Re:What's a DNS server?

1) File sharers aren't the average American. They are just a bit more technologically literate (enough so that most of them will be able to get around this manually).
2) All it takes is a single person making some program/script that, when run, will allow people to bypass the DNS filtering. 99% of computer users probably know how to download and run a file.

Re:What's a DNS server?

[houghi]

Like the average smuck was not going to be able to use dvdshrink?

No, more like how the TSA started to fondle everybody (including terrorist and kids) and nobody did anything.

Re:What's a DNS server?

[Synonymous+Homonym]

Does it matter?

Someone will know someone who knows.

distributed dns

It's time to move away from centralized DNS, we can't leave the internet in the hands of the government. We need a compatible distributed DNS system.

Re:distributed dns

[1s44c]

It's time to move away from centralized DNS, we can't leave the internet in the hands of the government. We need a compatible distributed DNS system.

I don't see how to implement such a thing when the bad guys can attach thousands of servers to the network and abuse the hell out of it.

DNS though is a single point of failure attached to the internet and replacing it with something less abusable would be better.

I'll just use the ip address!

Error 403: Forbidden
Please be aware that copyright infringement is illegal. A copyright enforcement specialist will be contacting you shortly to schedule your mandatory attendance to one of our copyright education seminars.

Re:I'll just use the ip address!

You forgot about the donation, erm. fee that would have to be made to the music/movie industry.

Ah, yes: The TRUE anonymous "coward" troll!

Is the "best you've got" an ad hominem attack, in poorly attempting to attack MYSELF, rather than the 20++ points I listed with backing facts behind them?

* Apparently so...

Fact is?? You're the one with "delusions of grandeur" thinking you're the "/. 'SiDeWaLk-PsYcHoAnALySt" around here (see my p.s. below in regards to that much especially).

APK

P.S.=> That said? Do you have:

---

1.) A PHD in Psychiatry to your name/credit?

2.) A license to practice it professionally??

3.) Years-to-Decades of professional experience in the field of psychiatry???

4.) A formal examination of myself in a professional environs to make your "instant snap prognosis" of my alleged mental state according to you, the "/. SiDeWaLk PsYcHo-AnALySt"????

---

No to ALL/EACH of the above????? Well, then no small wonder WHY you troll me anonymously - you're LIBELLING me!

Well, that "all said & aside" - LMAO @ U, troll!

... apk

Re:Ah, yes: The TRUE anonymous "coward" troll!

[drinkypoo]

You ARE a spamming nutbag, although you're right about hosts files. However, your link to go get a good hosts file is 503. Don't you check the links in your spam?

Re:Ah, yes: The TRUE anonymous "coward" troll!

P.S.=> That said? Do you have:
1.) A PHD in Psychiatry to your name/credit?

Psychiatry requires an M.D., not a Ph. D.

Protecting Nutcases

>Great... it's the HOSTS file spamming nutcase again.

I would say we should block him, but if he's using a HOSTS file, DNS Censorship won't work.

We need a different solution. Content-based censorship, maybe? That would work. More intrusive though.

*sigh* why does protecting liberties always mean protecting nutcases?

let's coin a new term

[rubycodez]

a HOSTS-tard.

I'm curious how often the HOSTS-tard updates the hundreds of millions of entries in his gigabytes-large HOSTS file

Re:let's coin a new term

[mldi]

Actually, you could just use the ADB+ update files and schedule regular updates to your own HOSTS file. How do you think your browser plugin does it?

Re:let's coin a new term

[drinkypoo]

The guy raises a good point, through packet mangling you can reroute DNS queries with users none the wiser. Since most providers don't offer any encryption (let alone authentication) of DNS queries, this is a real problem. But you can trade fingerprinted hosts files... Is there a cryptographically secured open DNS service that is also trustworthy?

Campaign Contributions

[Microlith]

They don't matter. They haven't paid the requisite Campaign Contribution necessary for their opinions to be considered.

Re:Campaign Contributions

Eh, you elected them. Go ahead and whine about how corrupt they are, you put them into power. You were the ones that said "I want these people running my government." If the most protesting about it you're going to do is to make some stupid joke on Slashdot then you got what you deserved as far as I'm concerned.

Re:Campaign Contributions

[Curunir_wolf]

They don't matter. They haven't paid the requisite Campaign Contribution necessary for their opinions to be considered.

I came here to say this. Saying these guys are "heavywieghts" in DNS doesn't matter one whit - how many senators they own, that's they only "weight" that's going to matter in this debate.

Re:Campaign Contributions

[1s44c]

Eh, you elected them. Go ahead and whine about how corrupt they are, you put them into power. You were the ones that said "I want these people running my government." If the most protesting about it you're going to do is to make some stupid joke on Slashdot then you got what you deserved as far as I'm concerned.

Maybe these wicked guys are better than the alternative so the GP did the right thing voting them in?

Re:Campaign Contributions

[hairyfeet]

Uhhh...just in case you ain't noticed, been hid under a rock or something, the current choices (hell for the last 30 years at least) have been, now choose wisely! A.-Corporate cock sucking rich douchebag in a blue suit, OR B.Corporate cock sucking rich douchebag in a slightly darker blue suit. Man, decisions decisions!

News Flash: when it costs on average something in the neighborhood of 100 MILLION dollars just to be a senator or congressman, and that is from one of the shitty flyover states? Well the odds you are gonna get a choice that isn't Corporate cock sucking rich douchebag in a blue suit is pretty much 0%. That is why no matter how bad things get they ALWAYS vote for the corporate interests, every time.

As for TFA anybody who think the corps won't get everything their hard stolen bribes can buy can think again. the lust for power and control has gotten to the point that they don't even pretend to give a fuck about We The People or the constitution or rule of law anymore. i mean can you imagine Nixon or LBJ having the brass balls to say they have the right to assassinate Americans anywhere, even on American soil without so much as a hearing and get away with it? But that's where getting your corporate pals in control of the media pays off. it lets you label whistleblowers as 'terrorists" and have a dozen talking heads talking about what an evil bastard they are before the end of the day.

I mean for fuck's sake they ruled that a single Goatse style troll can land you in prison since the feds are running their own "kiddie porn" honeypots that don't log referrers and don't actually offer any CP! When you've got a system so corrupted where the rule of law is completely ignored time and time again any corp with a big bank acount can ram shit like this home. Just don't be surprised if you see Nancy Grace talking up how TPB and other P2P sites are nothing but a "home for pedos and pervs!" as they have just about beat the terrorist buzzword to death so they'll need a new bogeyman to sell this to the general pop.

Re:Campaign Contributions

[Agripa]

Maybe these wicked guys are better than the alternative so the GP did the right thing voting them in?

The lessor evil is still evil.

Who comes up with these titles for bills?

[fortfive]

And where can I apply?

DEFINITELY Read the article by Paul Vixie

[p4nther2004]

Hilarous

This root key would have to be generated and signed in some kind of ceremony, maybe with people wearing viking hats and carrying swords and torches, and the resulting public validation key would have to be published on the web and managed according to RFC 5011 so that it can roll forward throughout all time. Videos from this ceremony would go up on YouTube.

http://www.circleid.com/posts/20110318_on_mandated_content_blocking_in_the_domain_name_system/

Thank goodness it's been blocked

[dstarfire]

Well, y'all can stop worrying now. It appears the Protect IP bill won't even be making it to the senate floor, thanks to Senator Ron Wyden (Ore). Check out the story over on Ars http://arstechnica.com/tech-policy/news/2011/05/sen-ron-wyden-to-place-a-hold-on-the-protect-ip-act.ars

Re:Thank goodness it's been blocked

Wow, another reason to be jealous of Oregon...

Me, I get stuck with Paul Ryan. Maybe it's time to move...

just use /etc/hosts

[bl8n8r]

Cool thing is, you can refer to everything on the internet with your own naming convention.

for foo in `seq 0 255`; do
   for bar in `seq 0 255`; do
      for bin in `seq 0 255`; do
         for baz in `seq 0 255`; do
            echo "$foo.$bar.$bin.$baz    www${RANDOM}";  >> /etc/hosts
          done
        done
     done
  done

Re:just use /etc/hosts

[nedlohs]

My IPv6 junk is on the internet you insensitive clod!

Re:just use /etc/hosts

[NatasRevol]

Ewwww?

http://xkcd.com/305/

Re:just use /etc/hosts

[cdrudge]

Good idea...as long as you don't visit a shared server. Or a secure server. Or use a protocol where the real domain name is used as part of the communication.

PROTECT

[BillGod]

P.R.O.T.E.C.T How much time and money is wasted on just coming up with an acronym like that?

Re:PROTECT

[hedwards]

Actually, they're not that expensive. They buy in bulk saving lots of money.

Re:PROTECT

Need an acronym in a hurry? Not sure what words can be used to spell out C.O.O.L.?
Call us, the Freaking Acronym Guys.

Paid for by the Legislative Equal Services Bureau In A Neutral Setting.

Re:PROTECT

The most interesting part:

Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act

Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act

Preventing Real Online Threats to ... Theft of Intellectual Property Act

Is it just me or does this say "preventing people from making it hard to steal IP"?

Of course, this is actually truth in advertising since Record Labels outright steal the copyright, small scale copiers just infringe it.

Re:There's MANY valid sources you can use

[drinkypoo]

"You ARE a spamming nutbag" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

Oh, really? Do you have your:

I'll play for a second, because I have time; none of your professional accreditations impress me. I've known many people who have had similar and some of them impressed me and some didn't.

You have retreated into psuedo-anonymity, but still sign your comments to feed your ego. You can see that the community does not want to see what you have to say but persist anyway; your theatrical text culminating in "That's right I am RIGHT... always am!" underscores your self-importance. If the community is uninterested enough in what you have to say to score you down consistently such that you must post as an AC to express your message, then perhaps you are simply sharing sociopathy with the rest of us? In my experience, the lunatics are on both sides of the straitjackets. What is the current phase of your moon?

Move offshore

How long before control of the Internet moves out of the US?

I can't see anyone else putting up with this, which means that root DNS servers or a competing technology will end up supporting the Internet from somewhere outside the US.

The US is well on it's way to becoming an environment hostile to business (and to it's own people). At least in Soviet Russia the people had the good sense to realize that they were being manipulated.

Re:Move offshore

[Coren22]

How do you go about moving the root DNS servers for .com, .net, .org? As they are TLDs for the US, and for whatever reason, everyone uses them anyways, you will still have this issue. If you want to live by the rules for Russia, than use a .ru domain, and you won't have to be effected by the laws in the US.

HOSTS File Legal Questions

[Kamiza+Ikioi]

Does this mean that if I have a HOSTS file, I have to filter through it, too?

What if that HOSTS file is for an enterprise?

What if that HOSTS file is published on the Internet for others to use?

What about Ad-Blocking software that uses a system like HOSTS? If it is capable of blocking DNS, will it then be required to block censored hosts as well?

What about VPN? Which side of the connection is reponsible?

What about Cache? Will there be a mandate that all DNS cache's everywhere only last for X amount of hours?

Beyond the level of the ISP, this presents an unworkable situation if any of these start applying to individuals, publishers (can free speech protect the publication of a HOSTS file, if so, why does it not protect a DNS server?), small organizations. The problem isn't just that this is wrong, but it's completely unworkable. It requires a very intrusive and extensive hack of the entire system currently in place, affecting everything from the router to the PC to the cellphone... unless, of course, the government runs its own firewall/dns that everyone shares, just like China.

What a joke

What a joke PROTECT IP is. Going after DNS just like blaming cities because the traffic light system doesn't prevent speeding.

Net Neutrality

[Kamiza+Ikioi]

Yeah, good luck. We went from Net Neutrality to this! With Net Neutrality they were saying, "Oh, leave it alone, it works fine. Don't force companies to not favor one site over another with premium QOS bandwidth." Now they're saying, "Stick it deep, as deep as possible, into the core of the Internet itself and control it all one record at a time!"

Where are the Libertarians railing against Net Neutrality when you need them to rail against this? If any of you are one, I hope you bring this comparison up LOUD and CLEAR to anti-net neutrality people who are now siding with DNS censoring that they are hypocrites. Either you mean it when you say you are hands off, or you don't.

Re:Net Neutrality

We're right here, same as we always have been. The only difference between us and you is that we don't really see a difference between the two laws.

Re:Net Neutrality

[DarkOx]

I am anti-Net Neutrality ( because I am a libertarian and I don't think government should tell anyone how to run their IP network ). I am opposed to this because I don't think copyright infringement which is inherently a civil offense has any place in criminal code. I don't think the government has any place investigating civil matters between parties. If the *IAA has a problem with someone distributing materials owned by groups they represent, its up to them to discover it, its up to those groups to file a suit against that person, without any help from the FBI.

I am against this DNS crap because I don't government should be regulating anyones DNS. Is my position ideologically consistent enough for you? ICANN is a private company they should be free to publish any directory (thats what DNS is a directory ) they want. Its not a government asset they should have NO SAY, under the first amendment.

Good news for Canada and Mexico server farms

Oh cool, another US IT stimulation bill for Canada and Mexico.

Way to go...not!

[shawnhcorey]

Congratulations. The US Senate has just guaranteed that the DNS will fracture. Nice going guys and gals. :(

Re:Way to go...not!

[Coren22]

What is the problem? The problem is that companies want to use Chinese laws but have a .com domain. .com is a US TLD, so it falls under the laws of the US. If you want to sell counterfeit products in China, or fake drugs in Canada, than get a TLD from one of those countries, than the US laws can't touch you. I don't agree with this law, but it isn't like it matters for any other country's TLD, just the US TLDs.

Re:Way to go...not!

[shawnhcorey]

The problem is that there are going to be two DNS. The official one maintained by the governments and the underground one maintained by those who believe in Freedom of Speech. There is nothing technically difficult in having many DNS. It has only been the convenience of having everything in one list that has prevented the breakup. But now, there is a reason for it to happen.

Do you have either one? Apparently not, lol!

Do you have that M.D.?? Well???

(Hell no, and we ALL know it!)

APK

P.S.=> So much for the "pseudo-experts" on /., eh, what with their "wannabe sidewalk-shrink" tactics... lol! apk

Re:Get back 2 us when U have a PHD in Psych

[drinkypoo]

Between your writing style, unwillingness to log in and be moderated, and your insistence on ignoring what was actually said for what you want to read, you have made yourself the Slashdot equivalent of a street person on the corner jumping up and down, foaming at the mouth, and screaming that The End is Nigh with one hand down your pants and the other flailing incoherently at arm's length at all times.

If you don't see that your persistence in the face of this situation makes you a nut, you're utterly hopeless.

Senator Ron Wyden's statement

[Local+ID10T]

“In December of last year I placed a hold on similar legislation, commonly called COICA, because I felt the costs of the legislation far outweighed the benefits. After careful analysis of the Protect IP Act, or PIPA, I am compelled to draw the same conclusion. I understand and agree with the goal of the legislation, to protect intellectual property and combat commerce in counterfeit goods, but I am not willing to muzzle speech and stifle innovation and economic growth to achieve this objective. At the expense of legitimate commerce, PIPA’s prescription takes an overreaching approach to policing the Internet when a more balanced and targeted approach would be more effective. The collateral damage of this approach is speech, innovation and the very integrity of the Internet.

"The Internet represents the shipping lane of the 21st century. It is increasingly in America’s economic interest to ensure that the Internet is a viable means for American innovation, commerce, and the advancement of our ideals that empower people all around the world. By ceding control of the Internet to corporations through a private right of action, and to government agencies that do not sufficiently understand and value the Internet, PIPA represents a threat to our economic future and to our international objectives. Until the many issues that I and others have raised with this legislation are addressed, I will object to a unanimous consent request to proceed to the legislation."

Re:Senator Ron Wyden's statement

[Coren22]

When you cut out all the political grandstanding in that quote, it kind of shocks me how well he understands the issue. Maybe the *IAAs forgot to pay him off last election season?

Re:Senator Ron Wyden's statement

[Ja'Achan]

There's a senator in this world that understands it? DNF really is coming out O.o

Re:Senator Ron Wyden's statement

[codegen]

A senator that understands.. Must be a sign of the rapture!!

Re:Senator Ron Wyden's statement

[matthew_t_west]

I'm from Oregon... Ron Wyden is pretty awesome. Despite being a politician, he seems like a decent guy. And I may be wrong, but I think Ron boots linux. One of our Oregon reps does, I just can't find out which from the interwebz.

M

Re:Aha: Now, "writing style" troll attack attempts

APK, you're awesome

Re:Are you the "expert" on how to post on forums?

[RobertM1968]

Nah, you're just an idiot trying to look like you know something. Sadly, glomming together bits and pieces of things you've heard here and there into walls of text - the SAME walls of text you repeat verbatim every chance you get... does not make you look smart. It makes you look like a total moronic idiot. Just figured you should know that before you repeat this nonsense the next time DNS, security, malware or whatever else comes up and you get the idea to repost the same wall-o-text post as the last few times.

But at least you were smart enough to not log in so as not to damage your karma.

C'mon editors, put in some fillers...

You editors (in the not-slashot-world) would have checked the submitted link and have seen Vixie's blog post on circleid about this...
Why not include this into the soup so there is some meat and appeal?

Yeah, forgot, slashdot isn't about content or comment-quality anymore...

On Mandated Content Blocking in the Domain Name System by Paul Vixie.

Another danger

[retardpicnic]

Another facet that wasn't mentioned in the paper is that as America attempts to legislate the internet so that the mega rich can become ultra rich, we simply remove ourselves from meaningful discussion about the problem and social view of file sharing.
As a security buff i learned from experience that while the "rules" if examined presented my ideal view of the world, or let others know whats actually important to me, my logs function as a mirror, telling me how things actually looked.
On behalf of the mega rich, the mega powerful are attempting to create a rule that says this transaction shouldn't happen, but the logs tell us that the general population in no way shape or form shares this view of the world.
If it was viewed as say child porn, in which the vast majority of the user community sees the issue in much the same manner as the rulemakers you get a set of logs that indicate that this view is shared and a small set of transgressions presented in the logs..
this is not so in the case of file sharing, hence, a waste of time and effort, the file sharing medium will change, the methods will change, but the desire will not

Re:Yet MORE effete adhominem attacks? Please...

My goodness. We aren't trying to attack your comments on HOSTS files. We really don't care that much and most of us agree with your points. What we are trying to do is get you to shut up and go away because you, personally, are annoying.

U know UR right if unjustified moddowns occur

Per the technically unjustified down moderation of the post I replied to here. No disproving my points in my initial posting, but instead stupidity. Effete stupidity!

I mean, lol: Between that and the ad hominem illogical off topic attacks that the true AC cowards and others like drinkypoo had to admit I was correct on?

Says it all!

APK

P.S.=> IF the best you have is a technically unjustified mod down boys, alongside illogical off topic adhominem attacks on myself? U FAIL, and you KNOW it... badly!

This? This was, as-per-my-usual, vs. the "idiot savant" wannabe "SiDeWaLk-PsyChOAnALySts" of /., just "too, Too, TOO EASY", just '2EZ'... lol! apk

You're clearly OFF TOPIC then... apk

And, that's valid grounds for down moderation, now isn't it? As far as THIS from you? LMAO:

"We aren't trying to attack your comments on HOSTS files." - by Anonymous Coward on Thursday May 26, @03:56PM (#36255086)

I know that, because YOU CAN'T - they are SOLID! Instead, you not only go "off topic" but also use illogical ad hominem attacks!

(Piss poor that, lol, along with down moderating my initial post on 20 points in favor of HOSTS files over DNS servers & their problems, + the shortcomings of AdBlock too! Talk about WEAK/EFFETE, lol!)

---

"We really don't care that much and most of us agree with your points." - by Anonymous Coward on Thursday May 26, @03:56PM (#36255086)

Then why attack ME personally, adhominem illogical off topic style?

You're only annoyed because I make utter fools of you all in every post you make, off topic & ad hominem illogical loaded as your replies are.

You're obviously NOT very intelligent & keep repeating the SAME mistake over & over again (some define THAT as insane you know)... expecting diff. results on your end, only to FAIL even more.

APK

P.S.=> Troll, you FAIL, and you KNOW it... lol, & this, as per my usual?? Well, gotta say it again, for "posterities' sake":

It was just "too, Too, TOO EASY - just '2EZ'"!

... apk

Re:You're clearly OFF TOPIC then... apk

[drinkypoo]

And, that's valid grounds for down moderation, now isn't it?

YES. Yes, it is. The purpose of the moderation system, flawed though it is in many ways, is to produce comments that people want to read.

Re:Norton filters vs. bad sites & again: THANK

[drinkypoo]

See, I have no problem with your technical analysis, but with your presentation. I don't think you should be chased off of slashdot. I do think you should be regarded based on your behavior.

U should be down modded then (UR Off topic)

You even ADMIT it here in this quote from you:

"YES. Yes, it is." - by drinkypoo (153816) on Thursday May 26, @04:32PM (#36255676) Homepage

Now, as far as people downmodding my points on HOSTS files here, as you said they do "consistently"? Well, again (2nd time I have posted this evidence to the contrary of your off topic & often libelous adhominem attacks you direct MY way), to THAT??

"If the community is uninterested enough in what you have to say to score you down consistently" - by drinkypoo (153816) on Thursday May 26, @01:59PM (#36253548) Homepage

Ok then: NOW THAT YOU'VE BEEN SHOWN SAYING THAT? Well - See these, vs. your statement I requote, again, then!

(15 posts of mine on HOSTS that have done well, drinkypoo, vs. your saying the community here doesn't like them, & consistently downmods them (quoted below from you)):

---

HOSTS MOD UP -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285
HOSTS MOD UP -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983
HOSTS MOD UP -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274
HOSTS MOD UP -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182
HOSTS MOD UP -> http://it.slashdot.org/comments.pl?sid=1530066&cid=30965192
HOSTS MOD UP with facebook known bad sites blocked -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128
HOSTS FILE MOD UP FOR ANDROID MALWARE -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952
HOSTS FILE MOD UP vs ANDROID MALWARE -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952
HOSTS MOD UP ZEUSTRACKER -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066
HOSTS MOD UP vs AT&T BANDWIDTH CAP -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584

---

So much for THAT from you, eh, drinkypoo! You clearly don't *THINK* before you speak... between THAT & the off topic illogical adhominem attacks you directed my way here?? Please... show SOME sign of intelligence, won't you???

Oh, see below in my 'p.s.' too!

Listen the Dan

[gubers33]

I would listen to Kaminsky, the man saved the internet from DNS vulnerability just a few years ago when he discovered the flaw in DNS and came up with a patch and solution to the issue. So I guarantee he knows more about DNS and security then Congress and the greedy and annoying RIAA.

Good point on HOSTS 'shortcut' ability + MORE

And, FAR MORE (I use them & type s into my browser's address bar for this very site in fact, lol!)... Anyhow/anyways - you may find THIS, interesting!

Check this out:

(Especially after the 'trolling' I got on my init. post on this here today in this article's replies in fact, with nobody able to disprove a SINGLE ONE of the points below, here -> http://yro.slashdot.org/comments.pl?sid=2188228&cid=36252736 )

20++ ADVANTAGES OF HOSTS FILES OVER DNS SERVERS &/or ADBLOCK ALONE for added layered security:

1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program).

2.) Bad news: ADBLOCK CAN BE DETECTED FOR: See here on that note -> http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars

HOSTS files are NOT BLOCKABLE by websites, as was tried on users by ARSTECHNICA (and it worked, proving HOSTS files are a better solution for this because they cannot be blocked & detected for, in that manner), to that websites' users' dismay:

PERTINENT QUOTE/EXCERPT FROM ARSTECHNICA THEMSELVES:

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words, because Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example). However/Again - this is proof that HOSTS files can still do the job, blocking potentially malscripted ads (or ads in general because they slow you down) vs. adblockers like ADBLOCK!

----

3.) Adblock doesn't protect email programs external to FF, Hosts files do. THIS IS GOOD VS. SPAM MAIL or MAILS THAT BEAR MALICIOUS SCRIPT, or, THAT POINT TO MALICIOUS SCRIPT VIA URLS etc.

4.) Adblock won't get you to your favorite sites if a DNS server goes down or is DNS-poisoned, hosts will (this leads to points 4-7 next below).

5.) Adblock doesn't allow you to hardcode in your favorite websites into it so you don't make DNS server calls and so you can avoid tracking by DNS request logs, hosts do (DNS servers are also being abused by the Chinese lately and by the Kaminsky flaw -> http://www.networkworld.com/news/2008/082908-kaminsky-flaw-prompts-dns-server.html for years now). Hosts protect against those problems via hardcodes of your fav sites (you should verify against the TLD that does nothing but cache IPAddress-to-domainname/hostname resolutions via NSLOOKUP, PINGS, &/or WHOIS though, regularly, so you have the correct IP & it's current)).

6.) HOSTS files protect you vs. DNS-poisoning &/or the Kaminsky flaw in DNS servers, and allow you to get to sites rel

A technically unjustified mod down? Please...

I've ALREADY made utter fools of my "naysayers" here on this topic already:

http://yro.slashdot.org/comments.pl?sid=2188228&threshold=-1&commentsort=0&mode=thread&pid=36252736

How much more abuse can you heap on yourselves, what with this technically unjustified mod down, trolls??

APK

P.S.=> To quote Sgt. Barnes from the classic film "PLATOON"? Well, here goes (to whoever did the cowardly little mod down of my reply to a user asking about HOSTS files):

"I shit on all of you"...

The funniest part is, you do THAT MUCH, for me - as seen in the URL above I posted!

(Especially via cowardly 'hit & run' downmods with no technical justifications as was done here to myself, and to all the adhominem off topic trolling crap I had to deal with in the URL above!)

You have, NO BALLS, cowards... none!

You can't point out any technical mistakes I may have made either (on things "computing"/technical issues in points I made) - no, all you have? Is effete coward's tactics, nothing more, and you KNOW it!

... apk

THE solution lies in the UI

[nog_lorp]

We simply need a new URI scheme. Let us link to a name that is not in the "central root" of the DNS.
dig:nameserver.example.com;http://mywebsite.lol

Use the normal DNS root to bootstrap names of nameservers.

Re:Yet MORE effete adhominem attacks? Please...

[RobertM1968]

Yup, idiot with good copy/paste skills "telling" us nothing we don't already know. :-)

And here ya go! One more post to reply to with another wall-o-copy-paste-text! It's a shame you're so stupid you can't even post your own ideas. So, hope you enjoy this opportunity to yet again reply with a buncha magazine and website listings with little summaries attached to about stuff you dont understand.

You forget ADK, some of us know who you are. You like pretending to have functioning brain matter, but we know you really don't. It's a shame that since you got pushed off your favorite forum, you decided to come here to try to look smart. It's not working. Grow up already - or at least find someplace else to try.

Can you read? They're MY ideas, & w/ proof

First, I have proofs what's in my init. post are my ideas (only backed with quotes of others, such as Mr. Oliver Day, but if you actually had READ that? You'd see he mentions he read about HOSTS in the early to mid 90's, & I have proofs of myself posting on HOSTS back then in the same paragraphs in my init. reply where I feature his backing my statements (and, his article is from 2009 iirc, mind you - MUCH later than my words cited from 1997-2001)):

"Yup, idiot with good copy/paste skills "telling" us nothing we don't already know. :-) " - by RobertM1968 (951074) on Thursday May 26, @10:40PM (#36259148) Homepage

And, you're a "ne'er-do-well" troll that hasn't done jack shit by comparison to myself in this field... period, and YOU KNOW IT. Prove otherwise, goofy!

I don't post it for folks that already KNOW about HOSTS files benefits - I post it for those THAT DON'T (so they too can gain by them).

---

"And here ya go! One more post to reply to with another wall-o-copy-paste-text! " - by RobertM1968 (951074) on Thursday May 26, @10:40PM (#36259148) Homepage

And, here we go: Another trolling off topic reply replete with effete adhominem illogical attacks on myself, & from of ALL people? A fucking "ne'er-do-well" nobody like you, lol!

---

"It's a shame you're so stupid you can't even post your own ideas. " - by RobertM1968 (951074) on Thursday May 26, @10:40PM (#36259148) Homepage

LMAO - see my first part of this reply, 1st paragraph about your 1st quoted words... & "EAT YOUR WORDS" Mr. "ne'er-do-well" nobody, ok?

(SO: Tell us, lol - How do they taste, now that they're flavored with the "bitter taste of YOUR defeat"??)

---

"So, hope you enjoy this opportunity to yet again reply with a buncha magazine and website listings with little summaries attached to about stuff you dont understand. " - by RobertM1968 (951074) on Thursday May 26, @10:40PM (#36259148) Homepage

No, iirc? You're the one I posted just a SMALL FRACTION of the times I've been actually featured in respected magazines, books, trade shows & more in the art and science of computing... you know: The THINGS YOU'VE NEVER DONE, & NEVER WILL (Because you're just another dime-a-dozen "ne'er-do-well" nobody/nothing).

---

"You forget ADK, some of us know who you are. " - by RobertM1968 (951074) on Thursday May 26, @10:40PM (#36259148) Homepage

Great, so I am known... but you? By way of comparison?? Like I kept saying above: You're a "Ne'er-Do-Well NOBODY/NOTHING" & you KNOW it.

---

"You like pretending to have functioning brain matter, but we know you really don't. " - by RobertM1968 (951074) on Thursday May 26, @10:40PM (#36259148) Homepage

Quit projecting YOUR OWN FAULTS, onto me, loser... ok? It's NOT MY FAULT you're nothing but a "ne'er-do-well" nobody/nothing!

---

"It's a shame that since you got pushed off your favorite forum, you decided to come here to try to look smart. " - by RobertM1968 (951074) on Thursday May 26, @10:40PM (#36259148) Homepage

What forums are you TALKING about? I don't have a "favorite forums" & I never have... and?? Thanks for the slip in saying I am 'smart' because compared to you & the "trolling 'ne-er-do-well' likes of YOU"??? Bacteria is intelligent.

"It's not working. Grow up already - or at least find someplace else to try. " - by RobertM1968 (951074) on Thursday May 26, @10:40PM (#36259148) Homepage

Sorry - I don't take advice from "ne'er-do-well's" like yourself...

APK

20 yrs. in computing & still a tech Robert? LO

You are nothing more than a failure in computing, with allegedly over 20 yrs. of time around computers and the BEST you can manage is to be a techie, AND, the company you worked for folded too? Says worlds about your 'L33T3 skillz', eh?? A company full of failures, like yourself, is bound to fail. You're nothing more than a done nothing with himself Long Island LOSER, and you know it. The techie is the lowest of the low in computing and you couldn't go above that level? Hahahaha. Unbelievable. No wonder you've never accomplished anything others noted as good: You're too damned stupid obviously, and limited (both mentally and skillset-wise).

APK