What happens is nobody has tried the service that's posting this stuff. There's so much misinformation it's hard to know where to start. But I think the best thing I can say is this:
People at EveryDNS have been using my services for years. We're one of the largest and most free services on the Internet. We've stood up to lawsuits from assholes like Diebold and others in the past in the name of our users. I wouldn't ever scam or do that nasty stuff this thread is saying I would. I have an open email, open door, and open phone policy. I am me, and there's a good amount of clue behind me, and even smarter people around me.
So when I say this service is not going to spy on you or tell your parent that you look at porn, I'm serious. Read our privacy policy and know that we use the service too.
Here's the last thing, These can all be preferences. People that don't want typo's caught or other things can have a preference set that gives them just a better and more optimized DNS. When people ask us about our privacy policies I ask you, what does your ISP do? I mean, ATT just said they own all your data and they're being accused of working with the government to spy on you. We don't do that.
OpenNIC is a totally different organization. They are an alternate root. We're (OpenDNS.com) not anything close.
We're about giving you control over your recursive DNS, something you should want. If you don't want us catching typos for you, that's fine. Just check out our FAQ and learn a bit more.
This POS is neither new nor newsworthy nor useful, at least not for the reasons they try to sell it to you for.
Well, to be fair, you're responding to the article and not the service. But I'm going to go through and answer each of your points because this post seems to cover a lot of the really important topics.
An alternative-root DNS system will never work (since Critical Mass is impossible to attain).
I couldn't agree with you more and we are *NOT* an alternate root. If you are using our service, you are using the real ICANN assigned roots. Period. Full Stop.
OpenDNS is new particularly because of how we do what we do. We have built a recursive nameservice. That means that we are making the changes only for a client and not for the entire Internet. The article, while good at trying to cover a hard topic, fails to mention that not only are we opt-in but we can set preferences for different users.
So if you don't want us catching typos, we won't. If you just want straight, normal DNS that's just using a bigger and faster cache, that's just fine by us. We aren't going to mess with you later for deciding that you just want a more reliable DNS. But when you setup your neighbor or mom or brother or friend you might decide they are better off with an added layer of security. The choice is, of course, yours and always will be.
Myspace will not get faster. Whoever made you believe that is selling snake oil, too.
First, MySpace is just an example, of course. It does like 10 DNS requests on the homepage loading web,ad,image server FQDNs. But to respond, empirical evidence thus far (from really smart people) would disagree with that statement. Hopefully we'll have some good and more scientifically grounded data soon. If you want to help out with that, let me know.
In fact, your DNS will actually slow down by a good bit; at least if you belong to the majority of the world (unlike root DNS servers, which actually deliver geographical and network dispersion). The big cache they are so proud of will create lots of problems if they actually do it differently from regular DNS resolver caches that you have at every major (and minor) ISP -- and those will be a lot closer to you than OpenDNS ever will.
Most resolvers tend to churn through their cache long before TTLs expire so what you're saying isn't exactly true. In many instances most recursive DNS servers toss out a bunch of glue that is consistently being re-fetched. While it's important to respect TTLs (and we absolutely do), it's also important to keep stuff in your cache to get the benefit of the TTL that was set by the zone owner. That's not happening and that's making your DNS not perform well. And it's more than just adding more ram to the system. DNS is 20 years old and it's now a quite critical piece of infrastructure. It's beautiful in many ways, but one way in which it isn't is with how resolvers work. Really, nobody has ever spent much time working on making a killer resolver until recently.
Fixing typos is a double-edged blade. Sure it's nice if slashdo.torg works. How about whitehouse.gom, though ? And who decides that microsaft.com is really typo-squatter ? (They might just make nice juices !)
We don't redirect typos like that. We have a ton of requests to do that, but we don't yet for exactly the reason you point out. It's a tough road to go down, and if we do it, it'll be a preference you set with a little checkbox or something. Not a choice I should be making for you. Our goal is to empower you to control what used to be this black box of a memory structure in a DNS server and add some transparency to it for you. That was lost a bit in the article as it focused mostly on the security aspects of our service but there's more; much more.
Ususally the sites hit were the former home of a spamsite or spammer and at the time of being hit were just the compromised box of an innocent webhost, university computer or other bystander. You can argue all you want about the 1:1 ratio of it, or that networks should be more responsible (I agree) but that doesn't make it right.
And to the person who said I should suggest something better -- how about a botnet reporting engine to let responsible ISPs know they have compromised machines on their network? Or a system of sifting through whois and domain registration data to determine who the good or bad registrars are out there (like are all phishing sites coming from one policy-loose registrar or not?). Or a system to combat phishing and fraud on the net.
I can come up with a 100 good ideas to make the net a better place and teach you 1000 things about system administration, networking, running big networks, building scalable systems. Take advantage of that, not of the Internet.
Being an operator (sysop/netop) is infinitely better than being a hacker. A hacker just needs to know one way into your system, an operator needs to know all the ways in.:-)
Let's be realistic -- This is a great way to get arrested.
Building software to construct botnets is a totally unproductive use of time. Running botnets that DDoS sites all over the net is illegal. Blue Security isn't out of the woods yet legally and their DDoS of SixApart is far from a closed case.
If you think this kind of coding is interesting and fun then shoot me an email -- I'll give you an internship (or a job) working on way more productive and positive projects that will impact just as many (if not more) people.
I don't even look at who submitted it. Same with Digg -- It's the content, stupid.:-)
That said -- you were slashdot, even CowboyNeal was -- and we all shared your editorial taste. Now you have others making the majority of the choices and, well, their choices aren't always as good. In other words, you sucked less.
I understand, completely. I started EveryDNS about five years ago and we are now one of the largest free DNS providers in the world (and likely the most reliable). But growing large and being reliable has its downsides too -- and I suspect wikipedia is facing similar issues. Here's how it breaks down: At the core, it's what we call the tragedy of the commons. As EveryDNS has grown and had more and more users around the world relying on our service they seem to pick up a perception that "wow, there are 78,000 OTHER users, I don't need to donate, the others will." -- This is in stark contrast to what happened with the original 1000 members or so. They had the impression that if they found value in the service I gave them that they should put up money to keep it sustained. Now that is lost, but only slightly.
That said, I never email my users, so they probably just forget they are even using my service and that they haven't donated in a few years. Hard to say.
Newspapers take advertising to support themselves. There is a clear editorial wall between Journalists and AdvertisingSales in a newspaper. Why would it have to be any different at Wikipedia?
What you are doing is easy. Unfortunately 1 million won't be enough when you and I retire (I'm 24).
Sending kids to college alone can be a 250,000 expense. A nice house in an urban area is at least 3/4 or 1 million.
If you don't want to ride the debt train forever your best bet is to take risks young and shoot for the moon a few times. If you hit it, you win it, if you don't, well you'll hopefully be smart enough to just get a job and eek out the debt lifestyle.
If Microsoft thinks google is a search engine company and a website then they have really missed the boat.
Google is an advertising company. Google makes more money on AdSense than on AdWords. Google won't get rid of google.com anytime soon but the reality is that the search engine was just a platform for eyeballs (even if only in hindsight) to show ads and to build a massive and intelligent advertising platform.
-david
When you serve out a website that pushes in excess of 200,000,000 pageviews a day (yes I really do, dynamic even!) then you start to use a lot of metrics to try to gauge how your code changes and network changes affect things. There are lots of companies that specialize in this sort of thing. This runs from the application level all the way down to the network level, sometimes even the transport layer if you buy their marketing.:-)
Certainly from the network (RouteScience, Internap, etc) to the application (Zend, Urchin, Webtrends) there are all kinds of companies willing to provide you metrics and solutions, usually at a high cost.
The trick is to build your own metrics and then find or build the products you need to solve your bottlenecks or improve your user experience.
Just some ideas, not sure if it is the answer you want.
OT: And since I refuse to post in the "how do I build a mail server for 1mm users" thread I'll just say it here. "What the fuck dude? First of all, 1mm users isn't all that large these days. SMTP and POP3 are no brainers. IMAP is a bit harder but not really. Check out perdition and maildir and qmail or postfix or even sendmail if you know it well. This shit has been done over and over and over again. There is nothing even remotely complex in providing mail stores for 1mm users. THERE ARE FUCKING HOW-TO's to do it even. Okay, </rant>"
There is nothing in that article to suggest the reviews are being edited. Rather, the article states that reviews are simply being approved or rejected which, regardless of perspective, is an entirely different thing.
Editing someone elses words would be far worse than simply applying some editorial control as to what is posted on their own site. Slashdot does the same sort of thing in the form of moderation. Moderators can affect what is seen by readers but they can't change individual posts.
This is nothing like a Star Chamber -- The little script kiddies aren't being rounded up and killed (although maybe that'd send a nice message).
I'm just kicking them off my DNS network and when I can alert the ISPs of infected zombies and C&Cs then all the better. When there is information to hand over to LE then I try to do that. A lot of this abuse now deals with phishing and other financially driven motives and so having a strong working relationship with LE is essential. Vigilantes don't have that...
This isn't about being a vigilante, it's about protecting my backyard. That fact that it helps the rest of the net out is a positive side effect.
This is not at all an attack on the poster as we've all "been there" but it's more a reflection on the small company or your boss...
Basically, if you are a systems administrator or network administrator and you can't quit or they can't fire you because you are crucial to their survival then that is a serious problem. I mean, how do you take vacations? No individual should be such a major single point of failure.
well, at least the uprising unices make it easier for the proficient and maybe even raise the security bar for the amateurs, but alas this is not an end to itself!
I would argue that by raising the bar of those qualified to attack your systems you are actually decreasing the security of your systems.
Slashdot Mirror
So true.
What happens is nobody has tried the service that's posting this stuff. There's so much misinformation it's hard to know where to start. But I think the best thing I can say is this:
People at EveryDNS have been using my services for years. We're one of the largest and most free services on the Internet. We've stood up to lawsuits from assholes like Diebold and others in the past in the name of our users. I wouldn't ever scam or do that nasty stuff this thread is saying I would. I have an open email, open door, and open phone policy. I am me, and there's a good amount of clue behind me, and even smarter people around me.
So when I say this service is not going to spy on you or tell your parent that you look at porn, I'm serious. Read our privacy policy and know that we use the service too.
Here's the last thing, These can all be preferences. People that don't want typo's caught or other things can have a preference set that gives them just a better and more optimized DNS. When people ask us about our privacy policies I ask you, what does your ISP do? I mean, ATT just said they own all your data and they're being accused of working with the government to spy on you. We don't do that.
Check it out,
David Ulevitch
OpenNIC is a totally different organization. They are an alternate root. We're (OpenDNS.com) not anything close.
We're about giving you control over your recursive DNS, something you should want. If you don't want us catching typos for you, that's fine. Just check out our FAQ and learn a bit more.
-david
This POS is neither new nor newsworthy nor useful, at least not for the reasons they try to sell it to you for.
Well, to be fair, you're responding to the article and not the service. But I'm going to go through and answer each of your points because this post seems to cover a lot of the really important topics.
An alternative-root DNS system will never work (since Critical Mass is impossible to attain).
I couldn't agree with you more and we are *NOT* an alternate root. If you are using our service, you are using the real ICANN assigned roots. Period. Full Stop.
OpenDNS is new particularly because of how we do what we do. We have built a recursive nameservice. That means that we are making the changes only for a client and not for the entire Internet. The article, while good at trying to cover a hard topic, fails to mention that not only are we opt-in but we can set preferences for different users.
So if you don't want us catching typos, we won't. If you just want straight, normal DNS that's just using a bigger and faster cache, that's just fine by us. We aren't going to mess with you later for deciding that you just want a more reliable DNS. But when you setup your neighbor or mom or brother or friend you might decide they are better off with an added layer of security. The choice is, of course, yours and always will be.
Myspace will not get faster. Whoever made you believe that is selling snake oil, too.
First, MySpace is just an example, of course. It does like 10 DNS requests on the homepage loading web,ad,image server FQDNs. But to respond, empirical evidence thus far (from really smart people) would disagree with that statement. Hopefully we'll have some good and more scientifically grounded data soon. If you want to help out with that, let me know.
In fact, your DNS will actually slow down by a good bit; at least if you belong to the majority of the world (unlike root DNS servers, which actually deliver geographical and network dispersion). The big cache they are so proud of will create lots of problems if they actually do it differently from regular DNS resolver caches that you have at every major (and minor) ISP -- and those will be a lot closer to you than OpenDNS ever will.
Most resolvers tend to churn through their cache long before TTLs expire so what you're saying isn't exactly true. In many instances most recursive DNS servers toss out a bunch of glue that is consistently being re-fetched. While it's important to respect TTLs (and we absolutely do), it's also important to keep stuff in your cache to get the benefit of the TTL that was set by the zone owner. That's not happening and that's making your DNS not perform well. And it's more than just adding more ram to the system. DNS is 20 years old and it's now a quite critical piece of infrastructure. It's beautiful in many ways, but one way in which it isn't is with how resolvers work. Really, nobody has ever spent much time working on making a killer resolver until recently.
Fixing typos is a double-edged blade. Sure it's nice if slashdo.torg works. How about whitehouse.gom, though ? And who decides that microsaft.com is really typo-squatter ? (They might just make nice juices !)
We don't redirect typos like that. We have a ton of requests to do that, but we don't yet for exactly the reason you point out. It's a tough road to go down, and if we do it, it'll be a preference you set with a little checkbox or something. Not a choice I should be making for you. Our goal is to empower you to control what used to be this black box of a memory structure in a DNS server and add some transparency to it for you. That was lost a bit in the article as it focused mostly on the security aspects of our service but there's more; much more.
Their business model is funny, too.
Would it be misleading of Blue Security was charged with being responsible for the attack on SixApart?
What about if they were held financially responsible for it?
-david
Ususally the sites hit were the former home of a spamsite or spammer and at the time of being hit were just the compromised box of an innocent webhost, university computer or other bystander. You can argue all you want about the 1:1 ratio of it, or that networks should be more responsible (I agree) but that doesn't make it right.
:-)
And to the person who said I should suggest something better -- how about a botnet reporting engine to let responsible ISPs know they have compromised machines on their network? Or a system of sifting through whois and domain registration data to determine who the good or bad registrars are out there (like are all phishing sites coming from one policy-loose registrar or not?). Or a system to combat phishing and fraud on the net.
I can come up with a 100 good ideas to make the net a better place and teach you 1000 things about system administration, networking, running big networks, building scalable systems. Take advantage of that, not of the Internet.
Being an operator (sysop/netop) is infinitely better than being a hacker. A hacker just needs to know one way into your system, an operator needs to know all the ways in.
Best,
David
Let's be realistic -- This is a great way to get arrested.
Building software to construct botnets is a totally unproductive use of time. Running botnets that DDoS sites all over the net is illegal. Blue Security isn't out of the woods yet legally and their DDoS of SixApart is far from a closed case.
If you think this kind of coding is interesting and fun then shoot me an email -- I'll give you an internship (or a job) working on way more productive and positive projects that will impact just as many (if not more) people.
-david
Wow, you really have no clue, do you?
-david
I don't even look at who submitted it. Same with Digg -- It's the content, stupid. :-)
That said -- you were slashdot, even CowboyNeal was -- and we all shared your editorial taste. Now you have others making the majority of the choices and, well, their choices aren't always as good. In other words, you sucked less.
EOF
Slavemowgli,
I understand, completely. I started EveryDNS about five years ago and we are now one of the largest free DNS providers in the world (and likely the most reliable). But growing large and being reliable has its downsides too -- and I suspect wikipedia is facing similar issues. Here's how it breaks down: At the core, it's what we call the tragedy of the commons. As EveryDNS has grown and had more and more users around the world relying on our service they seem to pick up a perception that "wow, there are 78,000 OTHER users, I don't need to donate, the others will." -- This is in stark contrast to what happened with the original 1000 members or so. They had the impression that if they found value in the service I gave them that they should put up money to keep it sustained. Now that is lost, but only slightly.
That said, I never email my users, so they probably just forget they are even using my service and that they haven't donated in a few years. Hard to say.
-davidu
Newspapers take advertising to support themselves. There is a clear editorial wall between Journalists and AdvertisingSales in a newspaper. Why would it have to be any different at Wikipedia?
For a really solid read on how journalists take their bias and potential conflicts seriously please read this: Malcom Gladwell's Disclosure Statement.
-david
What you are doing is easy. Unfortunately 1 million won't be enough when you and I retire (I'm 24).
Sending kids to college alone can be a 250,000 expense. A nice house in an urban area is at least 3/4 or 1 million.
If you don't want to ride the debt train forever your best bet is to take risks young and shoot for the moon a few times. If you hit it, you win it, if you don't, well you'll hopefully be smart enough to just get a job and eek out the debt lifestyle.
-david
Furthermore, Godzilla and the folks at EasyNews are known good guys with good business cred, good tech cred, etc.
GUBA is not known to be run by good guys, quite the opposite actually.
-davidu
What didn't you like about AdBrite?
-david
Yeah, that's where I was going...
AdSense and their related products are who they are.
You ever try AdBrite?
-david
If Microsoft thinks google is a search engine company and a website then they have really missed the boat.
Google is an advertising company. Google makes more money on AdSense than on AdWords. Google won't get rid of google.com anytime soon but the reality is that the search engine was just a platform for eyeballs (even if only in hindsight) to show ads and to build a massive and intelligent advertising platform. -david
Yeah, fixing windows and or firewalling the shit out of it.
It's no longer a matter of stopping spoofed source addresses, people DoS with massive botnets using real src_addr's.
Fix windows and you'll start to get somewhere. It'll stop spam too.
-david
When you serve out a website that pushes in excess of 200,000,000 pageviews a day (yes I really do, dynamic even!) then you start to use a lot of metrics to try to gauge how your code changes and network changes affect things. There are lots of companies that specialize in this sort of thing. This runs from the application level all the way down to the network level, sometimes even the transport layer if you buy their marketing.
Certainly from the network (RouteScience, Internap, etc) to the application (Zend, Urchin, Webtrends) there are all kinds of companies willing to provide you metrics and solutions, usually at a high cost.
The trick is to build your own metrics and then find or build the products you need to solve your bottlenecks or improve your user experience.
Just some ideas, not sure if it is the answer you want.
OT: And since I refuse to post in the "how do I build a mail server for 1mm users" thread I'll just say it here. "What the fuck dude? First of all, 1mm users isn't all that large these days. SMTP and POP3 are no brainers. IMAP is a bit harder but not really. Check out perdition and maildir and qmail or postfix or even sendmail if you know it well. This shit has been done over and over and over again. There is nothing even remotely complex in providing mail stores for 1mm users. THERE ARE FUCKING HOW-TO's to do it even. Okay, </rant>"
And I'm out.
-david
There is nothing in that article to suggest the reviews are being edited. Rather, the article states that reviews are simply being approved or rejected which, regardless of perspective, is an entirely different thing.
Editing someone elses words would be far worse than simply applying some editorial control as to what is posted on their own site. Slashdot does the same sort of thing in the form of moderation. Moderators can affect what is seen by readers but they can't change individual posts.
Thanks,
David
This is nothing like a Star Chamber -- The little script kiddies aren't being rounded up and killed (although maybe that'd send a nice message).
I'm just kicking them off my DNS network and when I can alert the ISPs of infected zombies and C&Cs then all the better. When there is information to hand over to LE then I try to do that. A lot of this abuse now deals with phishing and other financially driven motives and so having a strong working relationship with LE is essential. Vigilantes don't have that...
This isn't about being a vigilante, it's about protecting my backyard. That fact that it helps the rest of the net out is a positive side effect.
Thanks,
David U.
*yawn* ;-)
-davidu
This is not at all an attack on the poster as we've all "been there" but it's more a reflection on the small company or your boss...
Basically, if you are a systems administrator or network administrator and you can't quit or they can't fire you because you are crucial to their survival then that is a serious problem. I mean, how do you take vacations? No individual should be such a major single point of failure.
Just my $0.02...
-davidu
An art/graphics site is slashdotted on a network you help run...
:)
At least the site/server caved before the bandwidth bill did.
-davidu
You didn't read my post did you?
My point was that by raising the bar, you make your system less secure.
-david
well, at least the uprising unices make it easier for the proficient and maybe even raise the security bar for the amateurs, but alas this is not an end to itself!
And yes, I've been here a long time...
davidu
Wow.
I just got that feeling I had the first time I saw E way back in the "Hand of God" days.
Awesome...and in the words of 'leet children everywhere. "Rox0rs!!1111"
Great work E Dev Team...and the aardvarks too!
-davidu