If domain names were covered by the Uniform Commercial Code (UCC) there might be imputed into the contract an obligation on the part of GoDaddy to engage in good faith behaviour. But it is unclear whether domain name rental falls under the UCC, and the UCC is not all that U(niform) across the states.
I can't remember whether it was FTP Software of NetManage, but one of those used to hide the serial number of the software in the bits between the end of broadcast ARP requests and the end of the Ethernet frame.
That way they could check for duplicate license keys on the same net without bothering anybody. Only worked across the broadcast domain, but that was adequate for that purpose.
There's lots of other places too.
RTP packets have optional extension headers that can be used, DNS can hold extra information in parts of the query and response packets - I once encountered someone tunneling music feed via buggered DNS packets. (It became very visible when it caused a Cisco firewall to go haywire.)
Give pchar a try. Just because it's not being upgraded hardly means that its data is not more accurate than ICMP echo times. Pchar is slow; it emits over 1400 probes per cycle. That's why it can take 15+ minutes to characterize each hop of the path.
Pchar is derived from Van Jacobson's pathchar; there is a lot of very good and very deep knowledge behind those tools.
Yes, Ping is better than nothing, and a lot better than things like DNS round trip times. But if you are probing basic connectivity of a single hop the best protocol is to use is ARP.
But pings, as I mentioned, are often rate limited or slow-path switched or even blocked. And an increasing number of folks don't even reply to 'em. Moreover, they usually don't reveal the fate of large packets to things like MTU constraints or very noisy wireless paths that tend to clobber larger packets (as in bittorrent or HTTP) more often than small ICMP packets.
By-the-way, a lot of folks have commented on how to use the Linux traffic control system to manage outbound traffic. I commercially build a small box to do this for folks who don't want to mess with "tc" commands.
But the bigger issue for outgoing links is that the providers don't keep the outbound bandwidth constant; many providers tweek the outbound pipe size fairly rapidly. This makes it quite difficult to maintain the aggregate outbound rate so that the queues build up in the user's box (where the user can do sane management) rather than the provider's box (where the provider does whatever is good for the provider.)
We long ago learned that when inserting time between protocol events that it is far better to use a time randomized between an upper and lower bound than to use a repeating interval.
When fixed repeating intervals are used, separate instances of a protocol (and other protocols that use repeating intervals) slowly tend to fall into lock-step patterns with pulsating waves of traffic in accord with those patterns.
In other words, fixed protocol timers can create the traffic equivalent of the Tacoma Narrows bridge.
By-the-way, ping (ICMP Echo request/reply) is a terrible way to measure network latency. ICMP is often a disfavored form of traffic as it crosses routers, sometimes even rate limited.
There are better tools for measuring link properties, for example there is "pchar" - http://www.kitchenlab.org/www/bmah/Software/pchar/
I worked on a method to do even better measurements, but I put it aside several years ago: Fast Path Characterization Protocol at http://www.cavebear.com/archive/fpcp/fpcp-sept-19-2000.html
Back in Febrary 2006 I wrote a note "What Could You Do With Your Own Root Server" at http://www.cavebear.com/cbblog-archives/000232.html
My conclusions were that one could make money and cause trouble.
One of the more interesting aspects was (and still is) that one could operate root servers and, using the Google model, pay ISPs and users to send their queries to your roots so that you could generate data mining revenues.
That quality of data that is minded form root traffic would not be as good as that as from a top level domain server - and who has some large top level domains and also has root servers? Verisign.
And ICANN's contract with Verisign explicitly permits data mining of query traffic.
Yes. When you pay $9 to a registrar, nearly $7 of that goes to Verisign as a "registry fee", and $0.20 goes to ICANN. (And the amount is allowed to increase by several percent every year.)
ICANN, which decrees these amounts has never bothered to find out what it actually costs Verisign to deliver this registry service. The cost has been estimated somewhere between $0.02 and $2.00 - which means, in either case, a monopoly profit to Verisign measured in the hundreds to thousands of percent.
You have no choice but to pay these amounts - a tax.
ICANN forces us to pay a tax of somewhere between $6 and $7 on every domain name registered in.com and.net. That adds up to about $500,000,000 every year. And rather than going to the government where it might be used to fund schools and pave roads it goes to Verisign.
ICANN also forces another tax (this one going to ICANN) of $0.20 per domain name - which amounts to about $20,000,000 in additional yearly taxation already in place.
ICANN granted to Verisign a perpetual right of renewal.
In other words, unless Verisign goes out and illegally clubs baby seals (and maybe even if they do) they get the right to renew the contract again and again and again and again...
Has ICANN ever bothered to consider the actual costs that Verisign incurs to deliver those domain name registrations? No.
It has been estimated that the amount may be as low as $0.02 per year. In which case ICANN has created a guaranteed profit to Verisign of about $420,000,000 eavery year - with you and me paying.
We are entering an "interesting" era in which the authority and power once held nearly exclusively by national governments is eroding, due to the internet and multi-national corporations, and flowing into the hands of privary bodies such as ICANN.
There have been private bodies that have become legitimatized and have demonstrated that they can be trusted with authority - the Red Cross comes to mind as one example. (It's now a body that has treaties behind it, but that was parallel to the growth of its legitimacy.)
We need to reach back to the late 17th and early 18th centuries to re-learn the lessons - from folks like Voltare and Madison - about how to structure bodies so that they have internal tensions (think the three branches of the US gov't) and other mechanisms (such as a constitution that enumerates powers and limits) so constrain improper use of the power that a body has.
How this is done in specific terms is the issue of internet governance today. But unfortunately the "stakeholders" (such as the intellectual property protection industry) are well organized and tend to trump the less organized, and less able to afford to attend, members of the public.
ICANN is already costing you and me - the people who buy domain names - something on the order of $500,000,000 every year in hyper-inflated fees that go directly into the bank account Verisign and the lesser registries. ICANN also requires you and me to path a tithe of about $0.20 to ICANN every time we register a domain name.
And ICANN has created a regime that restricts DNS on behalf of the trademark industry in ways that RIAA can only envy and wish they had such restrictions over music distribution on the net.
And despite that, ICANN has no means for the public to engage in its decision processes beyond remotely observing and trying joining an ICANN approved committee that, in turn joins another ICANN approved committee, that, in turn gets a seat on another ICANN committee, that gets to nominate members of the board of directors. Even citizens of the old USSR had a more representative system.
Once upon a time ICANN did have directors elected by the public - I was the one for North America - but when I wanted to look at ICANN's financial records, a thing quite proper for a director to do, ICANN reacted by erasing all elected seats.
So, if the US government drops its oversight, limited and self-interested as it might be, where will oversight come from?
Do we really trust that ICANN will be any more self-responsive to the community of internet users than was Enron or MCI/Worldcom to their shareholders?
It does seem that the quid pro quo that the US ought to require as the price of freedom is that ICANN adopt mechanisms that really and truly make it responsible to the public.
There is, of course, the further question of where ICANN might obtain immunity against anti-trust laws should the US gov't drop its protective cloak - ICANN does shape the domain name marketplace, set prices and product terms, determine who may and who may not be vendors in that marketplace, and in other ways restrains trade in the world's only viable marketplace of domain names. Several experts in the field feel that ICANN may be vulnerable as a combination that acts in restraint of trade.
It has long been rumored that domain name registries snap up names when they see signs of interest. Unfortunately ICANN's committees don't have the tools to really open up the clamshell and see what is really going on deep inside registries and registrars.
However, there is another matter - that of data mining of the query packets that arrive at root and top level domain servers.
ICANN's contracts do not prohibit data mining of the query stream, in fact they openly permit it. Thus Verisign has the right to look at incoming queries and generate a body of information about what domain names are being uttered by users. It's not a big step from that to come up with a list of names that would be nice things to have if one wants to spatter up a bunch of Google Adsense ads and collect click revenue.
(Also, because the entire domain name, not just the top level parts, hits root and top level domain servers, through a bit of statistical reduction, one can produce a data stream that is of interest not only to paying marketeers but, perhaps, to certain national intelligence agencies.)
Much of what is happening in Rio is not on the agenda.
Both the US Gov't and ICANN have tried to put many issues off limits, not the least of which is ICANN itself.
It is slowly dawning on people that there is a mad grab by industrial interests, with a lot of assistance from certain parts of certain governments, to lock-down large parts of the net and keep "the mob" (you, me, and the other people who use the net) as nothing more than puppet consumers.
That exclusion, which amounts to a total inversion of the idea that governmental authority derives from the people, i.e. a rejection of democracy, is a foundation stone of most of internet governance - see my note "Stakeholderism - The Wrong Road for Internet Governance" at http://www.cavebear.com/archive/rw/igf-democracy-in-internet-governance.pdf
I agree with you that PDT is good; he is fair, openminded, and smart. And the new vice chairman, Roberto Gaetano, is very much in tune with the need for ICANN to serve the community of internet users rather than just a few selected industrial "stakeholders".
You are confusing the now obsolete need to register to obtain a copyright with the still present obligation to register in order to bring an action complaining that the copyright has been infringed.
In other words, even if you have a copyright you can't sue anybody until you register the copyright.
And as far as I can see from the complaint busybox isn't registered. And there is a question whether the plaintiffs can do anything more than file a copyright registration on any but pieces of busybox, particularly since it includes a rather large number of chunks of code from others, many of which are not under the GPL and rather more liberal licenses - e.g. the e2fsprogs.
By-the-way, your perjoratives are rather misdirected; You seem to misread the wikipedia entry, which is at best ill written, and you might want to check out the actual law, which I quoted in a follow-up to my initial comment.
The obligation to register is found in 17 USC 411:
(b), no action for infringement of the copyright in any United States work shall be instituted until preregistration or registration of the copyright claim has been made in accordance with this title.
The complaint does not claim that the work is registered by the author, or because it is may be a work from many hands, by the authors (plural).
Has the copyright been registered with the US copyright office?
If not, the question arises about the legal requirements about having a registration *before* going to court.
If so, it raises the questions of statutory damages, but also raises the question whether the registration(s) were made by the actual authors of each separate snippet of code in the composite work, each having its own author and date of authorship.
Way back in the 1970's folks I worked with were hired by IBM to form a tiger team to attack VM/370. (Virtual machine OS's have been around since the 1960's.)
They were able to crack the system by setting up a DMA based read. Then they called the kernel with some kernel call parameters. The kernel checked the parameters. And then the DMA input rolled new values onto those parameters.
This, of course, took some careful timing.
And it relied on kernel weakness - the weakness of leaving the user parameters in user accessible memory while they were being validated. The fix was to have the kernel move the call parameters into its own memory before validating.
And on a multi-CPU unit (those, too, existed back then) that copying of system call parameters had to be to a different place for each CPU, else synchronized calls from different CPU's could be a weakness.
There are those who want us to delay replacing the Diebold (and similar) voting machines, forever if necessary, until we have a perfect solution.
Of course, there is no perfect solution. We only have adequate solutions.
Condorcet voting is mathematically better than simple tallies or "instant runoff" voting. But does anyone except mathematicians comprehend it? Would switching to it increase our confidence in voting or would people be suspicious and trust voting even less?
Paper is adequate. And what's better, it is something that mere mortals understand. And the attack vectors for paper are reasonbly well understood after more than a century of use of the "Australian" ballot style that we all use today.
The proposal by this group opens the door to FUD and infinite delay, and thus infinite retention of flawed DRE voting machines. Diebold would win, democracy would lose.
(Please take the text below as a non-serious, jest.)
If "liberal" brains are more capable of dealing with changing circumstances, would that not be a trait that increases the change of survival and thus be an trait that is selected-in over time?
In other words, is the conservative brain a recessive trait that, if natural selection were occuring in humans, eventually fade away?
There are several indicators that suggest that the actual cost to provide a domain name registration at the registry level is only a few cents per year (I estimate that it is less than $0.03).
ICANN requires that Verisign receive more than $7 for each name in.com each year. That's a fiat transfer of roughly $6.97 from you and me to Verisign every year for each of the 60,000,000+ names in.com. That works out to very roughly $400,000,000 per year. Add in similar situations for.org,.net and you come up with half a billion $ each year.
Even if I'm off by an order of magnitude, i.e. that it's merely $50,000,000 a year, we're still talking about a lot of money that is being pumped.
Now, ICANN is run by incumbent registries, registrars, and business interests that like the status quo. They set domain name price floors (the registry fee), sales terms (such as UDRP, whois, and terms of 1 to 10 years in one year increments), as well as decide who may and who may not sell names in that marketplace, who must be used as resellers, and, on top of it all, ICANN extracts an override on all sales. It looks like and smells like a combination of insiders who restrain the trade of domain names. Illegal?
And remember, at least with telcos who engage in non net-neutral practices and with Microsoft, at least you and I, in theory, can buy stock and have a say in what they do (in theory.) In ICANN we don't even have that theory because ICANN has eliminated any real form of public role in its decision making processes.
This is the same justice department that eviscerated the anti-trust judgment against Microsoft that the proceeding administration worked so hard to obtain.
And this is the same justice department that can't seem to see that ICANN is a combination in restraint of trade on the internet that is costing domain name consumers something on the order of $500,000,000 per year in excessive fees for domain names.
So I wouldn't expect to see this Justice department to notice even the total destruction of the end-to-end principle.
My prediction: The internet will soon resemble the US cellular phone system - a system of provider shaped lumps of good connectivity, for paid-for applications, and only enough free inter-provider HTTP/HTTPS connectivity to keep the level of customer complaints manageable.
And perhaps we might even see mandatory provider-centric, provider crippled user software, just like we have provider centric, provider-crippled cell phones.
It may not be classed as a "scam" (because there is no illegality about it), but it is certainly as effective as one.
I am speaking of a kind of private internet "tax" that amounts to roughly $400,000,000 every year.
The internet now has a regulatory apparatus, called ICANN, that requires that domain name buyers pay about $400,000,000 in excessive domain name fees every year. This is a result of ICANN imposing a roughly $7 "registry fee" on every domain name sale every year even though the actual cost of providing that service is only a few cents.
It may not be phishing, but the ICANN tax certainly pays off for Verisign and the very few other lucky DNS registrars. In fact it is better than phishing because smart consumers can avoid being caught, but with the ICANN tax the buyers of domain names have no choice but to pay.
A few years ago the root server operators (on their own initiative and without asking for, or obtaining, permission from ICANN) took the wise step of deploying replica servers using a routing technique called "anycast". Thus under the name of, for example, f.root-servers.net there are many distinct servers geographically dispersed.
Consequently today we have more than 130 root servers scattered around the world.
That's good. It tends to localize the damage caused by attacks.
What is not good is that these root server operators, although they today operate to the highest of standards and with the highest degree of integrity, are not required to do so in the future.
For example, several root servers are operated by the US military establishment or by other branches of the US government and are thus subject to being "adjusted" according to military, political, or Atty General Alberto Gonzolez's latest desire to do data mining.
Nor are the root servers required to play fair and respond to all queries with equal dispatch or equal accuracy no matter the source or the name being queried for.
Nor are the root servers off limits for sale to companies like Microsoft or Google who could use them for commercial data mining.
Many people believe that ICANN serves as a kind of fire marshall, overseeing that the root servers are operated responsibly and that the root server operators have access to the resources they might need to recover from a natural or human disaster.
But that is not the case. ICANN has abrogated that role and has engaged itself as a protector of trademarks and US cultural values.
Over the last few thousand years we've learned that it's best for long term stability to build institutions and not depend on individual people. Today the root servers are the work of good individuals and organizations that encompass them. We really need to move to a more formalized structure that reinforces the long-term continuation of the good system we have today.
I agree with much of what you write, but there is one important point - ICANN has created an arbitrary fee of $7 per name per year that we all pay to Verisign for every name we keep in.com every year.
Now, as we see from the 200:1 ratios, and from the fact that we know that Verisign is making a good profit from registry operations, the $7 registry fee exceeds the actual operational cost of those 201 transactions. This means that the actual cost of a registry transaction is as low as $0.02.
Why should you and I be forced to pay $7 for something that costs $0.02. The answer is the ICANN-supported Verisign monopoly over.com.
This 5-day add-grace thing that the "domainers" use is merely the bright light that illuminates this enormous difference between cost and price and the fact that ICANN is an active element in the transfer of roughly $300,000,000 per year out of our pockets into those of Verisign. (And that doesn't include the ICANN cut.)
Now, if there were in fact real inter-registry competition and existing registries had to charge no more for renewals than they do for first-time registrations, then this system might cure itself. But with ICANN's guild-like approach to domain businesses, this isn't possible.
Consider my proposal to do a registry in which registrations are represented by a certificate that can be transfered outside the registry, and never expires, and in which revenue is obtained by service fees (e.g. NS record updates) rather than rent - see The.ewe Business Model - or - It's Just.Ewe and Me,.Kid(s)
Slashdot Mirror
If domain names were covered by the Uniform Commercial Code (UCC) there might be imputed into the contract an obligation on the part of GoDaddy to engage in good faith behaviour. But it is unclear whether domain name rental falls under the UCC, and the UCC is not all that U(niform) across the states.
There are sometimes other places to hide data:
I can't remember whether it was FTP Software of NetManage, but one of those used to hide the serial number of the software in the bits between the end of broadcast ARP requests and the end of the Ethernet frame.
That way they could check for duplicate license keys on the same net without bothering anybody. Only worked across the broadcast domain, but that was adequate for that purpose.
There's lots of other places too.
RTP packets have optional extension headers that can be used, DNS can hold extra information in parts of the query and response packets - I once encountered someone tunneling music feed via buggered DNS packets. (It became very visible when it caused a Cisco firewall to go haywire.)
Give pchar a try. Just because it's not being upgraded hardly means that its data is not more accurate than ICMP echo times. Pchar is slow; it emits over 1400 probes per cycle. That's why it can take 15+ minutes to characterize each hop of the path.
Pchar is derived from Van Jacobson's pathchar; there is a lot of very good and very deep knowledge behind those tools.
Yes, Ping is better than nothing, and a lot better than things like DNS round trip times. But if you are probing basic connectivity of a single hop the best protocol is to use is ARP.
But pings, as I mentioned, are often rate limited or slow-path switched or even blocked. And an increasing number of folks don't even reply to 'em. Moreover, they usually don't reveal the fate of large packets to things like MTU constraints or very noisy wireless paths that tend to clobber larger packets (as in bittorrent or HTTP) more often than small ICMP packets.
By-the-way, a lot of folks have commented on how to use the Linux traffic control system to manage outbound traffic. I commercially build a small box to do this for folks who don't want to mess with "tc" commands.
But the bigger issue for outgoing links is that the providers don't keep the outbound bandwidth constant; many providers tweek the outbound pipe size fairly rapidly. This makes it quite difficult to maintain the aggregate outbound rate so that the queues build up in the user's box (where the user can do sane management) rather than the provider's box (where the provider does whatever is good for the provider.)
We long ago learned that when inserting time between protocol events that it is far better to use a time randomized between an upper and lower bound than to use a repeating interval.
When fixed repeating intervals are used, separate instances of a protocol (and other protocols that use repeating intervals) slowly tend to fall into lock-step patterns with pulsating waves of traffic in accord with those patterns.
In other words, fixed protocol timers can create the traffic equivalent of the Tacoma Narrows bridge.
By-the-way, ping (ICMP Echo request/reply) is a terrible way to measure network latency. ICMP is often a disfavored form of traffic as it crosses routers, sometimes even rate limited.
There are better tools for measuring link properties, for example there is "pchar" - http://www.kitchenlab.org/www/bmah/Software/pchar/
I worked on a method to do even better measurements, but I put it aside several years ago: Fast Path Characterization Protocol at http://www.cavebear.com/archive/fpcp/fpcp-sept-19-2000.html
Back in Febrary 2006 I wrote a note "What Could You Do With Your Own Root Server" at
http://www.cavebear.com/cbblog-archives/000232.html
My conclusions were that one could make money and cause trouble.
One of the more interesting aspects was (and still is) that one could operate root servers and, using the Google model, pay ISPs and users to send their queries to your roots so that you could generate data mining revenues.
That quality of data that is minded form root traffic would not be as good as that as from a top level domain server - and who has some large top level domains and also has root servers? Verisign.
And ICANN's contract with Verisign explicitly permits data mining of query traffic.
Yes. When you pay $9 to a registrar, nearly $7 of that goes to Verisign as a "registry fee", and $0.20 goes to ICANN. (And the amount is allowed to increase by several percent every year.)
ICANN, which decrees these amounts has never bothered to find out what it actually costs Verisign to deliver this registry service. The cost has been estimated somewhere between $0.02 and $2.00 - which means, in either case, a monopoly profit to Verisign measured in the hundreds to thousands of percent.
You have no choice but to pay these amounts - a tax.
We are already paying internet taxes.
.com and .net. That adds up to about $500,000,000 every year. And rather than going to the government where it might be used to fund schools and pave roads it goes to Verisign.
ICANN forces us to pay a tax of somewhere between $6 and $7 on every domain name registered in
ICANN also forces another tax (this one going to ICANN) of $0.20 per domain name - which amounts to about $20,000,000 in additional yearly taxation already in place.
The contract with Verisign does not end in 2012.
ICANN granted to Verisign a perpetual right of renewal.
In other words, unless Verisign goes out and illegally clubs baby seals (and maybe even if they do) they get the right to renew the contract again and again and again and again...
Has ICANN ever bothered to consider the actual costs that Verisign incurs to deliver those domain name registrations? No.
It has been estimated that the amount may be as low as $0.02 per year. In which case ICANN has created a guaranteed profit to Verisign of about $420,000,000 eavery year - with you and me paying.
We are entering an "interesting" era in which the authority and power once held nearly exclusively by national governments is eroding, due to the internet and multi-national corporations, and flowing into the hands of privary bodies such as ICANN.
There have been private bodies that have become legitimatized and have demonstrated that they can be trusted with authority - the Red Cross comes to mind as one example. (It's now a body that has treaties behind it, but that was parallel to the growth of its legitimacy.)
We need to reach back to the late 17th and early 18th centuries to re-learn the lessons - from folks like Voltare and Madison - about how to structure bodies so that they have internal tensions (think the three branches of the US gov't) and other mechanisms (such as a constitution that enumerates powers and limits) so constrain improper use of the power that a body has.
How this is done in specific terms is the issue of internet governance today. But unfortunately the "stakeholders" (such as the intellectual property protection industry) are well organized and tend to trump the less organized, and less able to afford to attend, members of the public.
This isn't easy stuff.
ICANN is already costing you and me - the people who buy domain names - something on the order of $500,000,000 every year in hyper-inflated fees that go directly into the bank account Verisign and the lesser registries. ICANN also requires you and me to path a tithe of about $0.20 to ICANN every time we register a domain name.
And ICANN has created a regime that restricts DNS on behalf of the trademark industry in ways that RIAA can only envy and wish they had such restrictions over music distribution on the net.
And despite that, ICANN has no means for the public to engage in its decision processes beyond remotely observing and trying joining an ICANN approved committee that, in turn joins another ICANN approved committee, that, in turn gets a seat on another ICANN committee, that gets to nominate members of the board of directors. Even citizens of the old USSR had a more representative system.
Once upon a time ICANN did have directors elected by the public - I was the one for North America - but when I wanted to look at ICANN's financial records, a thing quite proper for a director to do, ICANN reacted by erasing all elected seats.
So, if the US government drops its oversight, limited and self-interested as it might be, where will oversight come from?
Do we really trust that ICANN will be any more self-responsive to the community of internet users than was Enron or MCI/Worldcom to their shareholders?
It does seem that the quid pro quo that the US ought to require as the price of freedom is that ICANN adopt mechanisms that really and truly make it responsible to the public.
There is, of course, the further question of where ICANN might obtain immunity against anti-trust laws should the US gov't drop its protective cloak - ICANN does shape the domain name marketplace, set prices and product terms, determine who may and who may not be vendors in that marketplace, and in other ways restrains trade in the world's only viable marketplace of domain names. Several experts in the field feel that ICANN may be vulnerable as a combination that acts in restraint of trade.
It has long been rumored that domain name registries snap up names when they see signs of interest. Unfortunately ICANN's committees don't have the tools to really open up the clamshell and see what is really going on deep inside registries and registrars.
However, there is another matter - that of data mining of the query packets that arrive at root and top level domain servers.
ICANN's contracts do not prohibit data mining of the query stream, in fact they openly permit it. Thus Verisign has the right to look at incoming queries and generate a body of information about what domain names are being uttered by users. It's not a big step from that to come up with a list of names that would be nice things to have if one wants to spatter up a bunch of Google Adsense ads and collect click revenue.
(Also, because the entire domain name, not just the top level parts, hits root and top level domain servers, through a bit of statistical reduction, one can produce a data stream that is of interest not only to paying marketeers but, perhaps, to certain national intelligence agencies.)
Much of what is happening in Rio is not on the agenda.
Both the US Gov't and ICANN have tried to put many issues off limits, not the least of which is ICANN itself.
It is slowly dawning on people that there is a mad grab by industrial interests, with a lot of assistance from certain parts of certain governments, to lock-down large parts of the net and keep "the mob" (you, me, and the other people who use the net) as nothing more than puppet consumers.
That exclusion, which amounts to a total inversion of the idea that governmental authority derives from the people, i.e. a rejection of democracy, is a foundation stone of most of internet governance - see my note "Stakeholderism - The Wrong Road for Internet Governance" at http://www.cavebear.com/archive/rw/igf-democracy-in-internet-governance.pdf
I agree with you that PDT is good; he is fair, openminded, and smart. And the new vice chairman, Roberto Gaetano, is very much in tune with the need for ICANN to serve the community of internet users rather than just a few selected industrial "stakeholders".
But the changes will take time.
You are confusing the now obsolete need to register to obtain a copyright with the still present obligation to register in order to bring an action complaining that the copyright has been infringed.
In other words, even if you have a copyright you can't sue anybody until you register the copyright.
And as far as I can see from the complaint busybox isn't registered. And there is a question whether the plaintiffs can do anything more than file a copyright registration on any but pieces of busybox, particularly since it includes a rather large number of chunks of code from others, many of which are not under the GPL and rather more liberal licenses - e.g. the e2fsprogs.
By-the-way, your perjoratives are rather misdirected; You seem to misread the wikipedia entry, which is at best ill written, and you might want to check out the actual law, which I quoted in a follow-up to my initial comment.
The obligation to register is found in 17 USC 411:
(b), no action for infringement of the copyright in any United States work shall be instituted until preregistration or registration of the copyright claim has been made in accordance with this title.
The complaint does not claim that the work is registered by the author, or because it is may be a work from many hands, by the authors (plural).
Has the copyright been registered with the US copyright office?
If not, the question arises about the legal requirements about having a registration *before* going to court.
If so, it raises the questions of statutory damages, but also raises the question whether the registration(s) were made by the actual authors of each separate snippet of code in the composite work, each having its own author and date of authorship.
Way back in the 1970's folks I worked with were hired by IBM to form a tiger team to attack VM/370. (Virtual machine OS's have been around since the 1960's.)
They were able to crack the system by setting up a DMA based read. Then they called the kernel with some kernel call parameters. The kernel checked the parameters. And then the DMA input rolled new values onto those parameters.
This, of course, took some careful timing.
And it relied on kernel weakness - the weakness of leaving the user parameters in user accessible memory while they were being validated. The fix was to have the kernel move the call parameters into its own memory before validating.
And on a multi-CPU unit (those, too, existed back then) that copying of system call parameters had to be to a different place for each CPU, else synchronized calls from different CPU's could be a weakness.
There are those who want us to delay replacing the Diebold (and similar) voting machines, forever if necessary, until we have a perfect solution.
Of course, there is no perfect solution. We only have adequate solutions.
Condorcet voting is mathematically better than simple tallies or "instant runoff" voting. But does anyone except mathematicians comprehend it? Would switching to it increase our confidence in voting or would people be suspicious and trust voting even less?
Paper is adequate. And what's better, it is something that mere mortals understand. And the attack vectors for paper are reasonbly well understood after more than a century of use of the "Australian" ballot style that we all use today.
The proposal by this group opens the door to FUD and infinite delay, and thus infinite retention of flawed DRE voting machines. Diebold would win, democracy would lose.
(Please take the text below as a non-serious, jest.)
If "liberal" brains are more capable of dealing with changing circumstances, would that not be a trait that increases the change of survival and thus be an trait that is selected-in over time?
In other words, is the conservative brain a recessive trait that, if natural selection were occuring in humans, eventually fade away?
(Remember, I'm saying this in jest.)
Well, this is getting a bit off topic - but OK.
.com each year. That's a fiat transfer of roughly $6.97 from you and me to Verisign every year for each of the 60,000,000+ names in .com. That works out to very roughly $400,000,000 per year. Add in similar situations for .org, .net and you come up with half a billion $ each year.
There are several indicators that suggest that the actual cost to provide a domain name registration at the registry level is only a few cents per year (I estimate that it is less than $0.03).
ICANN requires that Verisign receive more than $7 for each name in
Even if I'm off by an order of magnitude, i.e. that it's merely $50,000,000 a year, we're still talking about a lot of money that is being pumped.
Now, ICANN is run by incumbent registries, registrars, and business interests that like the status quo. They set domain name price floors (the registry fee), sales terms (such as UDRP, whois, and terms of 1 to 10 years in one year increments), as well as decide who may and who may not sell names in that marketplace, who must be used as resellers, and, on top of it all, ICANN extracts an override on all sales. It looks like and smells like a combination of insiders who restrain the trade of domain names. Illegal?
And remember, at least with telcos who engage in non net-neutral practices and with Microsoft, at least you and I, in theory, can buy stock and have a say in what they do (in theory.) In ICANN we don't even have that theory because ICANN has eliminated any real form of public role in its decision making processes.
This is the same justice department that eviscerated the anti-trust judgment against Microsoft that the proceeding administration worked so hard to obtain.
And this is the same justice department that can't seem to see that ICANN is a combination in restraint of trade on the internet that is costing domain name consumers something on the order of $500,000,000 per year in excessive fees for domain names.
So I wouldn't expect to see this Justice department to notice even the total destruction of the end-to-end principle.
My prediction: The internet will soon resemble the US cellular phone system - a system of provider shaped lumps of good connectivity, for paid-for applications, and only enough free inter-provider HTTP/HTTPS connectivity to keep the level of customer complaints manageable.
And perhaps we might even see mandatory provider-centric, provider crippled user software, just like we have provider centric, provider-crippled cell phones.
Lisp has had a Do What I Mean (DWIM) capability for decades upon decades.
It may not be classed as a "scam" (because there is no illegality about it), but it is certainly as effective as one.
I am speaking of a kind of private internet "tax" that amounts to roughly $400,000,000 every year.
The internet now has a regulatory apparatus, called ICANN, that requires that domain name buyers pay about $400,000,000 in excessive domain name fees every year. This is a result of ICANN imposing a roughly $7 "registry fee" on every domain name sale every year even though the actual cost of providing that service is only a few cents.
It may not be phishing, but the ICANN tax certainly pays off for Verisign and the very few other lucky DNS registrars. In fact it is better than phishing because smart consumers can avoid being caught, but with the ICANN tax the buyers of domain names have no choice but to pay.
A few years ago the root server operators (on their own initiative and without asking for, or obtaining, permission from ICANN) took the wise step of deploying replica servers using a routing technique called "anycast". Thus under the name of, for example, f.root-servers.net there are many distinct servers geographically dispersed.
Consequently today we have more than 130 root servers scattered around the world.
That's good. It tends to localize the damage caused by attacks.
What is not good is that these root server operators, although they today operate to the highest of standards and with the highest degree of integrity, are not required to do so in the future.
For example, several root servers are operated by the US military establishment or by other branches of the US government and are thus subject to being "adjusted" according to military, political, or Atty General Alberto Gonzolez's latest desire to do data mining.
Nor are the root servers required to play fair and respond to all queries with equal dispatch or equal accuracy no matter the source or the name being queried for.
Nor are the root servers off limits for sale to companies like Microsoft or Google who could use them for commercial data mining.
Many people believe that ICANN serves as a kind of fire marshall, overseeing that the root servers are operated responsibly and that the root server operators have access to the resources they might need to recover from a natural or human disaster.
But that is not the case. ICANN has abrogated that role and has engaged itself as a protector of trademarks and US cultural values.
Over the last few thousand years we've learned that it's best for long term stability to build institutions and not depend on individual people. Today the root servers are the work of good individuals and organizations that encompass them. We really need to move to a more formalized structure that reinforces the long-term continuation of the good system we have today.
I agree with much of what you write, but there is one important point - ICANN has created an arbitrary fee of $7 per name per year that we all pay to Verisign for every name we keep in .com every year.
.com.
.ewe Business Model - or - It's Just .Ewe and Me, .Kid(s)
Now, as we see from the 200:1 ratios, and from the fact that we know that Verisign is making a good profit from registry operations, the $7 registry fee exceeds the actual operational cost of those 201 transactions. This means that the actual cost of a registry transaction is as low as $0.02.
Why should you and I be forced to pay $7 for something that costs $0.02. The answer is the ICANN-supported Verisign monopoly over
This 5-day add-grace thing that the "domainers" use is merely the bright light that illuminates this enormous difference between cost and price and the fact that ICANN is an active element in the transfer of roughly $300,000,000 per year out of our pockets into those of Verisign. (And that doesn't include the ICANN cut.)
Now, if there were in fact real inter-registry competition and existing registries had to charge no more for renewals than they do for first-time registrations, then this system might cure itself. But with ICANN's guild-like approach to domain businesses, this isn't possible.
Consider my proposal to do a registry in which registrations are represented by a certificate that can be transfered outside the registry, and never expires, and in which revenue is obtained by service fees (e.g. NS record updates) rather than rent - see The