We have a vested interest in this space, that's also how we figured out what Google was doing. And we have a vested interest in giving people a great experience. I don't think I'm being hypocritical in my post at all. Go to the dell page and search for microsoft.xom, then go to Google and search for microsoft.xom. When users are trapped and locked-in, they are taking advantage of them. When users have choice (like on google.com) they are given a great experience.
I'm not being a hypocrite. Everyone who uses OpenDNS is doing it by choice which means we have to deliver a fantastic experience. And for the record, when you type microsoft.xom into your browser when using OpenDNS, we just correct those kinds of typos automatically. We don't make a cent on 'em, and that's fine. Most of those corrections are corrections to trademarked words and it gets scandalous to try and take advantage of 'em.
As it turns out, this part might not be true -- It might be even harder to uninstall. And remember, lots of people aren't comfortable adding and removing software. That's what Google is betting on here. We've heard more than enough reports to believe that there are multiple names for this software, including the infamous "Browser Helper Objects" that are put into IE, outside the Add/Remove Programs arena.
But that's not the point here. This might not be spyware by your definition, but as someone else mentioned, it's certainly not friendlyware. And what do I expect of Google?
If you just compare what google is doing to their own users you'll see that they are showing a terrible experience to the users who are Locked-In versus the users who have the choice to use any search service.
I've never heard of a VC say they expect a 100x return. Not in your wildest dreams. Maybe if the amount of total investment is like under $50,000 could I see that expectation.
Sequoia Capital is one of the best in the business and they have had 5 exits, maybe 10 at most, that were over a billion dollars.
10x is nothing to sneeze at. 20x is great. 50x is fantastic. 100x is abnormally impressive.
Thanks for the plug. We think we rock too.:-) We've been pretty quiet as of late but that's because we're cranking on some really intense stuff. We'll keep pushing the envelope to give people a better internet experience, that's for sure.
I'm not surprised ISPs are doing this. More will be doing this. What does surprise me is how ISPs try to do this silently and behind closed-door without informing their customers, or even their tech support in some cases.
Think about it this way: Any change an ISP makes that results in 1% (or more) of their customer base calling in for technical support is a cost nightmare. Customer Service is a (*the*) major cost center for ISPs. I guess we have to imagine that they are making more money than the pain of doing the customer service is costing them.
The other thing that surprises me (and obviously I'm biased since I run OpenDNS) is that the search results page linked above is 100% ad-driven. There are no no organic search results for my typo (as far as I can tell). Moreover, when I click on a category to "refine" my results they totally remove the typo'd domain that I had there in the first place instead just giving me generic ads for a category (which is a mediocre CPC on their side) and a crappy search experience on the user side. There is absolutely no user-benefit to what Charter has done here.
I'm proud to say that our page is getting better and better every single day. Compare and contrast. Not only that, but we're driving more and more innovation in both user navigation and fundamental DNS operations. These things go hand in hand. Fundamentally the DNS is about navigation. It's about helping users get where they are trying to go. That's exactly what we intend to help our users do. We know that the changes we have made to how our DNS servers operate aren't for every user which is why we are so clear about how our system works and is why make sure we can manage account settings on a per IP basis (CIDR-style preferences down to/32's).
As usual, I'm happy to answer questions where I can.
I know Samy personally and he is one of the smartest and most level-headed individuals I know. This is the case where a joke went a bit awry but it could have happened to any of us. He specifically made sure he wasn't malicious in what he did but the side effect over overwhelming MySpace's server was unintended.
This is no different from the Morris worm. The sad fact is that he got prosecuted whereas the hundreds of botnet operators overseas and here in the US continue to wreak the real havoc on networks and infrastructure totally immune from prosecution.
Samy got caught because he put his name on what he did. It's sad that that is the only basis for prosecution of computer crimes in this country. The good guys at the FBI and USSS don't have enough clue helping them to bring in the real criminals.
That's less trivial to filter, especially when your upstream isn't being cooperative. In our case, which you'll read about tomorrow or Monday, we quickly were able to jump onto a network run by some folks with very very high levels of clue; nLayer operated by Richard Steenbergen. Their website is cheesy -- don't let it fool you. They are a seriously run network providing transit across the country to a bunch of other networks. Check routeviews for proof.
Since I've been getting a lot of questions from folks about EveryDNS, how we've been stable and around so long, how we dealt with this DDoS and how we manage to cover our costs I am writing a response that will probably be posted here on Slashdot tomorrow or Monday to answer all these questions.
If you have questions about this or DDoS in general, feel free to ask them here and I'll make sure to cover them in my response. I'll be writing about what we've seen and what I generally do when it comes to soaking up traffic and how we handled this event in particular. (The short answer: find the smartest people you can to help you and then start taking corrective action)
I dont really see how that prevents scammers from gaming the system. All it means is that it'll take a few more scammers to make sure their definition of 'scam' isn't what everybody elses is. If they do that, when people vote scam pages as scams the system will think "Hey thats not right" and it'll lower the legit users accuracy.
That's not how it works.
You don't see other people's votes until after voting is done.
Second, you don't get scored until after the phish is verified.
The wisdom of the crowds, as it is, increases the scope and breadth of the phishing data and it increases the viability and fast-moving stream of phishing data while maintaining a high accuracy.
Having an API feed (now) and more RSS feeds means everybody gets to benefit from a valid and large source of accurate data to improve their applications and tools. Corporations, developers, ISPs, etc.
I think you're right. We're working to get there and until we do we can only rely on the privacy policy to keep us honest. I think we'll get to the point pretty quickly where we can just say "we calculate aggregates once a day and toss out all the logs, no possibly identifying information is retained."
It'll get there, just can't say we are there yet. It's all about checks and balances though, and your words are dead-on.
So if you have typo protection enabled, and you type googl.ecom, it figures out that you meant google.com and directs you there. If it can't figure out the domain you intended, it sends you to their search page. If you disable the typo correction, then it just sends you to the search page immediately.
That is absolutely false. If you disable typo correction you will never see the search page. The search page is intended to help users so if you turn off typo correction, you turn off that page. That's okay with us. You will see NXDOMAIN (RCODE=3) responses from our server. Like I've pointed out before, we're technologists and we're building functional and interoperable stuff here.
Not to toot my horn or get all "Slashdot's lame" on this thread but I've been here a long time and it's clear to me that most of the users who posted on slashdot when we launched didn't even read our site or understand what it is that we're doing. Can we not make that mistake again?
We're putting control and choice into users hands where there was none before. It's a fact of life that ISPs are doing this. They should be working with us, just like users are. We look at this as giving you a dashboard and all the knobs and buttons you need to manage DNS. DNS is the root (no pun intended) of a ton of applications and services so why wouldn't you want to manage it just like you would a firewall or anti-spam service?
Think about it: we don't even see the full URLs you visit. Consider software like the Google toolbar, yahool toolbar and stumbleupon. In fact, think of any toolbar product, including alexa and netcraft. They're all in much better positions to build profiles than we are.
I, with some other highly-clued folks, run OpenDNS -- maybe I can help answer some questions. We're going to be rolling out some code at the beginning of October to deal with dynamic IPs. I think you'll find it elite.
Ping me an email at ceo [at] opendns.com if you want to help us beta test.
I'm happy to answer other questions too, as most of you know.:-)
It's also worth pointing out that while Vista might come out on a single day it won't be rolled out in a single day -- it'll take months to years to rollout.
So even if there is an increase in DNS load because of the AAAA before A DNS requests it won't cause rolling blackouts or major network failures.
FWIW, we see about 20% of our requests as AAAA requests. I don't have the number of those that are retried as A requests but I'd guess it's pretty high since we aren't (yet) listening on IPv6 interfaces. We do support AAAA dns requests, of course.
That's going to change. We just had to cut a few features on the front-end for our initial roll out. We're definitely going to support dynamic IPs and folks with larger netblocks.
Just shoot me an email if you want to help beta test this before we roll it out. It'll be in the coming month or two.
Slashdot Mirror
We have a vested interest in this space, that's also how we figured out what Google was doing. And we have a vested interest in giving people a great experience. I don't think I'm being hypocritical in my post at all. Go to the dell page and search for microsoft.xom, then go to Google and search for microsoft.xom. When users are trapped and locked-in, they are taking advantage of them. When users have choice (like on google.com) they are given a great experience.
9 62/
I'm not being a hypocrite. Everyone who uses OpenDNS is doing it by choice which means we have to deliver a fantastic experience. And for the record, when you type microsoft.xom into your browser when using OpenDNS, we just correct those kinds of typos automatically. We don't make a cent on 'em, and that's fine. Most of those corrections are corrections to trademarked words and it gets scandalous to try and take advantage of 'em.
Compare things side by side: http://www.flickr.com/photos/dannysullivan/510738
-davidu
As it turns out, this part might not be true -- It might be even harder to uninstall. And remember, lots of people aren't comfortable adding and removing software. That's what Google is betting on here. We've heard more than enough reports to believe that there are multiple names for this software, including the infamous "Browser Helper Objects" that are put into IE, outside the Add/Remove Programs arena.
But that's not the point here. This might not be spyware by your definition, but as someone else mentioned, it's certainly not friendlyware. And what do I expect of Google?
Yesterday I got a lot of feedback from people who just assumed I was biased and an underdog out to complain about Google. This is not what it's about!
Here's what I mean:
Use the smell test. Does what Google is doing smell bad? Is it giving users a good experience?
Compare:
with
(and if you want to see ours)
If you just compare what google is doing to their own users you'll see that they are showing a terrible experience to the users who are Locked-In versus the users who have the choice to use any search service.
Thanks,
davidu
I've never heard of a VC say they expect a 100x return. Not in your wildest dreams. Maybe if the amount of total investment is like under $50,000 could I see that expectation.
Sequoia Capital is one of the best in the business and they have had 5 exits, maybe 10 at most, that were over a billion dollars.
10x is nothing to sneeze at. 20x is great. 50x is fantastic. 100x is abnormally impressive.
-david
Thanks for the plug. We think we rock too. :-) We've been pretty quiet as of late but that's because we're cranking on some really intense stuff. We'll keep pushing the envelope to give people a better internet experience, that's for sure.
-david
I'm not surprised ISPs are doing this. More will be doing this. What does surprise me is how ISPs try to do this silently and behind closed-door without informing their customers, or even their tech support in some cases.
Think about it this way: Any change an ISP makes that results in 1% (or more) of their customer base calling in for technical support is a cost nightmare. Customer Service is a (*the*) major cost center for ISPs. I guess we have to imagine that they are making more money than the pain of doing the customer service is costing them.
The other thing that surprises me (and obviously I'm biased since I run OpenDNS) is that the search results page linked above is 100% ad-driven. There are no no organic search results for my typo (as far as I can tell). Moreover, when I click on a category to "refine" my results they totally remove the typo'd domain that I had there in the first place instead just giving me generic ads for a category (which is a mediocre CPC on their side) and a crappy search experience on the user side. There is absolutely no user-benefit to what Charter has done here.
I'm proud to say that our page is getting better and better every single day. Compare and contrast. Not only that, but we're driving more and more innovation in both user navigation and fundamental DNS operations. These things go hand in hand. Fundamentally the DNS is about navigation. It's about helping users get where they are trying to go. That's exactly what we intend to help our users do. We know that the changes we have made to how our DNS servers operate aren't for every user which is why we are so clear about how our system works and is why make sure we can manage account settings on a per IP basis (CIDR-style preferences down to
As usual, I'm happy to answer questions where I can.
-david ulevitch
I know Samy personally and he is one of the smartest and most level-headed individuals I know. This is the case where a joke went a bit awry but it could have happened to any of us. He specifically made sure he wasn't malicious in what he did but the side effect over overwhelming MySpace's server was unintended.
This is no different from the Morris worm. The sad fact is that he got prosecuted whereas the hundreds of botnet operators overseas and here in the US continue to wreak the real havoc on networks and infrastructure totally immune from prosecution.
Samy got caught because he put his name on what he did. It's sad that that is the only basis for prosecution of computer crimes in this country. The good guys at the FBI and USSS don't have enough clue helping them to bring in the real criminals.
-david
Most DDoS's aren't spoofed anymore.
:-)
What you wrote sounds good though, and everyone else says it, so it must be true.
-davidu
4x400mbps == 1200mbps at times.
That's less trivial to filter, especially when your upstream isn't being cooperative. In our case, which you'll read about tomorrow or Monday, we quickly were able to jump onto a network run by some folks with very very high levels of clue; nLayer operated by Richard Steenbergen. Their website is cheesy -- don't let it fool you. They are a seriously run network providing transit across the country to a bunch of other networks. Check routeviews for proof.
-david
In short, the latter. Nothing is ever righteous when it comes to DDoS. :-)
Since I've been getting a lot of questions from folks about EveryDNS, how we've been stable and around so long, how we dealt with this DDoS and how we manage to cover our costs I am writing a response that will probably be posted here on Slashdot tomorrow or Monday to answer all these questions.
If you have questions about this or DDoS in general, feel free to ask them here and I'll make sure to cover them in my response. I'll be writing about what we've seen and what I generally do when it comes to soaking up traffic and how we handled this event in particular. (The short answer: find the smartest people you can to help you and then start taking corrective action)
Thanks!
David Ulevitch
The site is EveryDNS.Net.
:-)
I'll keep it up for Slashdot, let me just move it around a bit.
-david
And how do you access the netcraft data in your applications?
With PhishTank you don't need to pick Symantec over Netcraft or McAfee over Kaspersky. With PhishTank, they can all pull a feed and do what they want.
-david
That's not how it works.
The wisdom of the crowds, as it is, increases the scope and breadth of the phishing data and it increases the viability and fast-moving stream of phishing data while maintaining a high accuracy.
Having an API feed (now) and more RSS feeds means everybody gets to benefit from a valid and large source of accurate data to improve their applications and tools. Corporations, developers, ISPs, etc.
-davidu
I don't know if what you say is true or not but it doesn't really matter (and sounds like someone has sour grapes).
But I'll tell you this:
Ideas aren't worth much if you can't execute on them.
-david
I think you're right. We're working to get there and until we do we can only rely on the privacy policy to keep us honest. I think we'll get to the point pretty quickly where we can just say "we calculate aggregates once a day and toss out all the logs, no possibly identifying information is retained."
It'll get there, just can't say we are there yet. It's all about checks and balances though, and your words are dead-on.
-david
We want users to have the best experience possible.
If we did something like this we wouldn't have any users.
We just tested some stuff here and it works. Happy to diagnose with you offline if you'd like. ceo [at] opendns.com
-david
Did you wait a few minutes before checking?
Certainly sounds odd to me.
-david
That is absolutely false. If you disable typo correction you will never see the search page. The search page is intended to help users so if you turn off typo correction, you turn off that page. That's okay with us. You will see NXDOMAIN (RCODE=3) responses from our server. Like I've pointed out before, we're technologists and we're building functional and interoperable stuff here.
Not to toot my horn or get all "Slashdot's lame" on this thread but I've been here a long time and it's clear to me that most of the users who posted on slashdot when we launched didn't even read our site or understand what it is that we're doing. Can we not make that mistake again?
We're putting control and choice into users hands where there was none before. It's a fact of life that ISPs are doing this. They should be working with us, just like users are. We look at this as giving you a dashboard and all the knobs and buttons you need to manage DNS. DNS is the root (no pun intended) of a ton of applications and services so why wouldn't you want to manage it just like you would a firewall or anti-spam service?
Best,
David
Hi,
:-)
We can't really build a profile on you.
Think about it: we don't even see the full URLs you visit. Consider software like the Google toolbar, yahool toolbar and stumbleupon. In fact, think of any toolbar product, including alexa and netcraft. They're all in much better positions to build profiles than we are.
Just, you know, pointing that out.
-david
Oh, beat me to it. Thanks pixr99! :-)
-david
Hey all,
:-)
I, with some other highly-clued folks, run OpenDNS -- maybe I can help answer some questions. We're going to be rolling out some code at the beginning of October to deal with dynamic IPs. I think you'll find it elite.
Ping me an email at ceo [at] opendns.com if you want to help us beta test.
I'm happy to answer other questions too, as most of you know.
Best,
-david
It's also worth pointing out that while Vista might come out on a single day it won't be rolled out in a single day -- it'll take months to years to rollout.
So even if there is an increase in DNS load because of the AAAA before A DNS requests it won't cause rolling blackouts or major network failures.
FWIW, we see about 20% of our requests as AAAA requests. I don't have the number of those that are retried as A requests but I'd guess it's pretty high since we aren't (yet) listening on IPv6 interfaces. We do support AAAA dns requests, of course.
-david
That's going to change. We just had to cut a few features on the front-end for our initial roll out. We're definitely going to support dynamic IPs and folks with larger netblocks.
Just shoot me an email if you want to help beta test this before we roll it out. It'll be in the coming month or two.
Thanks,
David
I own EveryDNS 100%. EveryDNS has never been funded by anything other than my checkbook.
Today, our users cover our OPEX and almost all our CAPEX.
-david