Other than SCO and Darl McBride, I think DiDio is probably held in the lowest possible esteem over on Groklaw. They quote her a lot, and she seems to get it wrong nearly every time. The opinions that I have read by her are consistently pro-SCO, pro-Microsoft, and anti-open source, to the point that I don't think she can be considered an even remotely reliable source.
So it's particularly interesting that "TCO is equal" is the best she could come up with. If that's the best they can manage, it's a huge win for Open Source. When TCO is equal, why on earth would you pick the software that costs more up front?
The claim must be that Linux costs more to run, since it's free to install. That was the exact method that Microsoft used for ages to get ahead in the market... it was cheaper up front but cost more to run. That can actually be a very smart business decision, since presumably you'll have more money later than you do now, particuarly if your business is just getting off the ground. (That's part of why leases do so well.)
Of course, we all know that Linux is probably cheaper to maintain once you have the skills to do so, possibly by an order of magnitude, due to the absolute control you have over the system and the enormous power of the built-in scripting languages.
But even if you grant that it's more expensive to run, this study shows that Linux is a good choice for many businesses, particularly small ones, or companies growing very quickly without a lot of capital to do it.
I agree with you that the mailbox is more dangerous on a per-attempt basis. However, my mailbox is not physically accessible to 6 billion people. My WHOIS data is. And there are undoubtedly very, very smart people who can destroy lives remotely if they choose.
Admittedly, they're not likely to single me out.... but 'very unlikely' times six billion could easily be higher than 'moderately likely' times a couple thousand potential local identity thieves. Whatever the relative chances are, they are both nonzero.
There is no apparent benefit to me in listing my information publicly, and a number of possible benefits to hiding it, so I hide it. I'm still reachable in case of problems, so your ability to run your servers is unimpaired. You don't need to know who I am, you just need to be able to reach either me or my ISP, should there be a problem with a server under my control.
BTW, that does sound like it could make a good short story.
If a server or set of servers is beating you up, what matters is their IP space, not their domain info. Contact the hosting ISP. They should know about the problem anyway. I can't, offhand, imagine any emergency situations that would be based around the domain name.... only IP space. Sure, you might WANT TO resolve a problem with a domain quickly, but a problem that can't be traced to a specific set of IP addresses is unlikely to be a true emergency... just an annoyance, at worst.
I agree with you about most companies wanting to be as public as possible, overwhelmingly so in fact. Whatever I may do doing the day, however, doesn't imply that I also want publicity about me in my private life, running my private server(s).
As far as mail problems go, postmaster@ still works. Spammers seem, for whatever reason, to avoid postmaster addresses. And of course you can always send mail to the WHOIS addresses. I do get those. They're anonymized, but they do work.
I react this way because I have tons and tons of spam with my real name and address, as well as boatloads of junk snailmail. I DON'T LIKE IT when any sleazeball can get that info for a couple of cents.
You do realize that you can be put in jail for 'counterattacking', don't you? The net is no place for vigilante justice. Call the ISP and get the server taken down. Counter-hacking is illegal, no matter what your intentions may actually be.
Basically, I perceive what you just posted as a threat..."do it the way I want you to, or I will break your server". I hope you don't actually do things like that.
The purpose behind an unlisted number is to prevent people from looking you up and disturbing you when you don't wish to be disturbed. There are two pieces of data; name, and phone number. (and, optionally, street address.) Having an unlisted number, at least in theory, breaks the connection between the two required data elements for those who should not have it. (in reality it no longer works that well, but at least it's proof against a casual snoop.)
DNS names are mnemonics for numbers. They serve many more functions than a phonebook does. The most fundamental part of it, A records, are simply shortcuts for humans, so that they can find sites more easily. It's a lot easier to remember 'www.google.com' than it is to remember 64.233.161.99 (plus two more addresses in the lookup I did just now... who knows how many ACTUAL addresses they have.) With an A record, you're in essence dealing with THREE pieces of data, not two: the site's name, the address where it's hosted, and (via the WHOIS info) who runs the site.
So by using indirect (WhoisGuarded) listings for domains, the chain is broken a little further down. It still serves its mnemonic purpose, but doesn't give away ownership data. This is very close to the idea of an unlisted number. You can still reach my site by number (1.2.3.4), for convenience purposes by name (www.example.com), yet you can't instantly determine who I am. Your argument that having a number-only domain is most like being unlisted really isn't correct. You are breaking the mnemonic function of DNS when you don't need to.
Being MOST precise, WHOIS would be like a reverse phone number directory, in which one looks up a number and determines who owns it. In the United States, this is considered special information and isn't routinely accessible to ordinary citizens. It can be gotten much more easily now than it once could, but it costs money to do so.
Interestingly, the 'forward' lookup facility in WHOIS doesn't seem to work anymore. At one time, you could use my NIC handle in the WHOIS lookups to determine all the domains I ran. I don't think you can do that anymore. So the way in which it's MOST like a phonebook, looking up a site owned by a person, seems to have gone away. (My own domain doesn't even list NIC handles, perhaps they have removed that feature entirely??)
I'm not too worried about being considered a spammer for using Namecheap... my domain is six years old. If it were newer, I might very well have listed myself for awhile before taking it private, or perhaps I'd register it and not use it for a year or so. (less likely). But at this point, I'd just rather be anonymous... I have run the domain well for a long time and I intend to continue. I don't see any reason to plaster my address all over the Net. It can't POSSIBLY help me and it could certainly hurt me. I was getting a lot of snailmail advertisements when I still lived at the address last listed for me.
I don't really understand your objections to the police having extra access to this info. I'm not arguing, and never HAVE BEEN arguing, that one should be able to run a domain and be TRULY anonymous, just anonymous to non-authorities. (it would be better to be TRULY anonymous, I admit, but the chances of that are near-zero... it would be abused instantly and on a massive scale by spammers.) I think the authorities in the name service system (registrar of record and ICANN) should have access, and that, by extension, the police probably should too. You might be right that this should be protectable with a subpoena, but again... in the US, that idea is mostly moot. And since the registries are mostly hosted in the US, those laws will probably reach out and apply to you in Sweden.
(If you use the registrar Joker.com, which is quite good, though, you MIGHT be able to escape somewhat from US jurisdiction, if that matters to you.)
But I don't really get where posting your info outside a police station would really prove anything. I mean, in your c
First, it's not a good idea to use contact info from Domain X in the registration records FOR Domain X. If Domain X breaks, it's quite possible to end up in a spot where you can't fix it BECAUSE it is broken. (back when all administration was done through email, in fact, this was pretty common... with the web based interfaces now, it's less likely.) So as a rule I have always used at least one contact that wasn't in the domain. I may or may not have full control over that domain, and those addresses will get a torrent of spam.
The Namecheap anonymizer is really nice, because I don't have to make a special address that discards a lot of junk mail. It shifts the burden of administration to them... they just need to rotate the random address every so often. I get very little spam that way, and it costs me essentially zero effort. You can still get ahold of me easily, without actually knowing what my 'real' address is.
You say, "Obtaining an entry in the DNS without providing at least some contact information is a bit like obtaining an entry in the phone directory without providing a phone number.". You're close, but I think you got the metaphor wrong. Obtaining a domain name without publishing info is like getting a telephone but choosing not to go into the phonebook. It is the Internet equivalent of an unlisted number.
In your particular case, you have decided that the benefits from publishing your info outweigh the loss of privacy. I have no beef with or complaint about that choice. You choose to list yourself in the phone book. I generally do not. There are good reasons for both approaches.
The current.us regime (and.com/.net/.org to a lesser degree) is basically saying "you can't have an unlisted number". Depriving me of the choice doesn't seem like a good idea at all.
As far as the law enforcement comments go... at the moment, they have access to nearly everything, often without needing a subpoena. Like it or not, we already live in a police state, it's just one that hasn't showed its fangs too much yet. (since the government claims to now be able to hold people, even US Citizens, indefinitely, without charges, and without access to legal counsel.) You have virtually no privacy protections against the government, and they can disappear you at will. Under that circumstance, talking about whether or not the government should be able to access domain info is like wondering about the placement of a picture in the hall while your house is burning down.
I do like what you're saying, but it's so far from present reality that it's nothing more than vaguely theoretical.
As an aside, I just looked at your whois info. It's very strange, not at all like how mine is set up. It looks like NameCheap is claiming OWNERSHIP over your domain, instead of just being your registrar. It looks like you might be vulnerable to having your domain stolen, since you don't appear to be the owner of record. If they're fighting you on listing your name properly, this might be why -- the people who actually registered the domain may be trying to get you over a barrel so you can't change providers and keep it.
My contacts all show 'WhoisGuard Protected' rather than claiming that Namecheap actually owns my domain.
Sure, and the proxy service provided by Namecheap is near-immediate. No, you don't get the ability to pick up the phone and call me directly if there's a problem with my servers. This is a loss, I agree with that. But both Namecheap and my ISP can get ahold of me very quickly, usually within minutes. (I doubt Namecheap responds that quickly. I'd be shocked if they DID in fact.... but I know my ISP will.)
The Net isn't like it used to be. I know that the percentage of bad guys, relatively speaking, is probably pretty small, but there's just so many people online now that the absolute number of kooks and spammers is quite high.
With no way to know ahead of time that anyone who can see my personal info has my best interests in mind, I'd rather have the insulating layer of a professional company between us.
I did branch into 'rock through the window' arguments, but that wasn't my original objection.
The fundamental problems are spam and identity theft. I don't think you can plausibly argue that these these are small problems. Yes, you can probably find out quite a lot about me if you do a very determined, conscious, human search. But that isn't what spammers and identity thieves do. They're looking for the easy score, the easy mark. Why give them a tool that any sixth-grader could automate?
When dealing with individual domain owners, there's very little benefit to be gained in having names and addresses publicly available, and the potential downside is quite large.
Even if I grant your argument that the threats are small, they are still not zero. (in actual fact, the chance of spam is very, very close to 1.0). The data is just as easy to hide as to show. Given that, why not hide the data for people who want it hidden?
I'm not sure they'd even have to issue a subpoena, they'd probably just have to call up the registrar and ask for the info. What with it being the.us domain and all, they kinda own the data. So I just don't understand what problem they're trying to solve at all.
The only explanation I can think of so far is that the thought of widespread public anonymity might scare them. The Bushies aren't known to tolerate dissent well.
Sure, there's information leakage, and a smart person may be able to figure it out. But they also might not. And in any case, it will take active, focused, coordinated EFFORT to find it out. The answers will take real work to find, instead of just being handed to anyone who can type 'whois domain.com'.
Just because privacy invasion is possible by other means doesn't mean we should make it easy by this one.
And one more comment... the TOS I agreed to said I had to provide accurate information to my registrar, which I did. It does NOT say that every Tom, Dick, and Harry should automatically have access to that information.
As long as my ISP and my registrar know who I am, you don't need to.
So in other words, to work around the phone number problem, I'm supposed to pay for another phone line every month, and then just not answer it? Why do you need my phone number to begin with? My ISP has it. If you have a problem with one of my servers, they can contact me in minutes. You don't need to.
And then you're suggesting that I supply inaccurate information, which is essentially the same thing in another guise. You're saying that me withholding the information is stupid... so why isn't lying about that information also stupid? Those same telemarketers can surely figure it out, no?
Or maybe, just maybe.... a lot of domain searches might be AUTOMATED, done by inflexible programs. So perhaps your idea of falsifying the domain information WOULD work. But if that's the case, then everything else you're claiming (about my privacy being gone) doesn't really apply, does it?
Privacy happens one query at a time. Just because some big company in Arizona has my name and address doesn't mean that YOU do. And it's pretty damn unlikely that the company in Arizona is going to want to either break into my house or throw a rock through my window "for giving Terri Shiavo[sic] a run for the money". You, however, might. And you can't easily find my address without law enforcement being involved. I find that comforting.
BTW, that's Schiavo. It's wise to check your spelling carefully when calling someone a mental vegetable.
Just FYI, I'm a professional sysadmin and have been doing it a long time. Your comments about 'running toy servers' are a cheap shot and misdirected.
Very simply, you don't EVER need to know who and what I am, simply because I own a domain. You just don't. A domain is not IP space. And even if I DO have IP space, if you have a problem with an attack coming from that space, you can contact my ISP, who maintains records and can contact me, likely within minutes. If you have a complaint about the domain, then you can contact my registrar. (not sure how long that takes... but if it's not involving a specific IP, it's highly unlikely to be an emergency.) You can also email me directly via the Namecheap anonymous relay. Those three contact methods are enough. You don't need anything more than that.
The alternative is that you can contact me in ways I don't approve of and can't control. Probably any address listed in the WHOIS is going to be a good target for breakin, for instance -- probably going to be more tech goodies there than most places. And, of course, if you happen to disagree with something I'm saying, you can find out precisely what window to throw a brick through.
A domain is not automatically IP space, and it's not automatically a server. Requiring non-anonymous domain registrations shows poor thinking, a fundamental confusion over how the Internet works. It's IP SPACE that matters, not domains.
Personally, I don't like the fact that as a private citizen that wants to host his own email server, I have to reveal my real name, phone number, and ADDRESS to every human being on the globe with access to WHOIS.
This can be badly misused, and has been already by spammers. I get an enormous amount of spam aimed at my (formerly) published contact emails, and a lot of it comes in complete with the (obsolete) address data from back then. The ONLY way they could have gotten this information is from WHOIS, and I'm not happy about them having it; they have no legitimate reason to be in possession of that data.
I really like what Namecheap is doing. For an extra five or six bucks a year, they'll hide your real address and give you an anonymized contact address... mail sent to this random address will be forwarded to your real email, invisibly to the sender. So, if there is a problem with your domain, you are still contactable. If there's a legal problem with a domain, then of course the real info is going to be available to any form of law enforcement.
But it's hidden from the casual spammer/identity thief, and I am very, very happy about this.
Requiring people to publish information about a domain is sort of a presumption of guilt...."if you're innocent, you have nothing to hide!" Well, I am innocent and I have plenty to hide...like where I live. If I want to host an mail or a web server, my responsibility is to make sure I can be contacted in case of problems. My responsibility is not and never was to tell you exactly who and where I am, no matter what ICANN happens to think.
I'm such an idiot. In the grandparent, I said "Iron Council" when I meant "The Scar". I haven't even *read* Iron Council. I have no opinion on that one. The Scar is quite good, though, some very cool stuff in it.
They really should add a "-1, Stupid" moderation category. *sigh*
I didn't care for Perdido Street Station all that much, but I quite liked both King Rat and the Iron Council. The plotting was much better in both... PSS feels sort of lost and confused in spots, not sure where it's going or why. Neither of the other two books suffered from that problem.
I bought both PSS and King Rat at the same time from an Amazon recommendation (which, by and large, are pretty good). I read Perdido first, didn't like it that well, and nearly didn't read King Rat. That would have been a mistake. It's a good book, a dark urban fantasy. Sort of like a very angry Charles de Lint.:-)
It's funny how the exact same people can argue that the Bible is literally and exactly true, and then turn around and argue that 'thou shalt not kill' doesn't REALLY mean 'thou shalt not kill'.
I once had long impassioned arguments about how the present Bible was, as often as not, simple educated guesswork, but the counter-argument was 'oh but the translation was divinely inspired and therefore perfect.'
Well, I'm sorry, it's REAL HARD to blow four short words. Claiming the above in one argument and this one in the next is the ultimate hypocrisy. (and it may not be one that you specifically are guilty of, I do realize this.)
Either it's right or it isn't. If one of the bloody COMMANDMENTS is wrong, what could they possibly have gotten RIGHT?
If someone knows and respects you, they are more likely to listen to your opinions. If they know and despise you, not only will they ignore your opinions, they'll actively try not to do what you suggest. What is so hard to understand about this?
Our best weapon, since oh, probably about WW2, was our moral authority. It was better than any other weapon we've ever invented. Any idiot can blow stuff up, and they often do, over and over. It takes courage and discipline to choose a high ethical standard and live up to it, even when your opponents don't. But it confers real advantages in so doing.
Ethics are not a substitute for being strong. They are a supplement. If one is strong both physically and ethically, one's words have far more weight than if one is only strong physically.
And note, in the above example.... chances are pretty good that you're going to have to physically defend that target. But an ethical shield is an advantage; perhaps you can avoid the conflict, perhaps the attacker will be less enthusiastic. That may not be the case, but even a split-second advantage is still an advantage. And maybe, just maybe, you can avoid the conflict altogether. It's not a high chance, but it's better than NO chance.
I've taken quite a lot of karate and I'm under no illusion about what would be the most likely outcome of that hypothetical situation. But I'd want every advantage I could possibly get. One mistake will lose you most fights if you're dealing with trained people. If I make him a little more likely to make that mistake, then I have an advantage. And if he's not totally committed to an attack, a bit confused and uncertain, then it is a HUGE advantage for me.
Whatever reality you're in, it must be very small and mean if you don't see how this works.
What I am saying is that we have lost the moral authority to judge. In your example above, perhaps the murderer might know you.... and if you asked him to stop, or stood in between him and his potential victim, he might stop attacking out of respect for you. If, on the other hand, he thinks you're scum, your words are useless, and if you try to intervene you'll probably get the pointy end yourself.
Words don't always work, and there are times when you do have to fight. But if you are respected, that's less likely to happen. If you can convincingly stand on the moral high ground, you can sometimes sway people to believe what you believe. You can sometimes (often?) prevail without a shot being fired or a blow being struck. THAT is the true art of war -- winning without fighting.
People don't like to think of themselves as bad. If you hold yourself to a very high standard and work hard at living up to it, and they KNOW THIS, your words will have more weight with them.
Most people don't expect perfection, but they really detest hypocrisy, and the US reeks of it just now.
You don't really get it, do you? Just because other people are worse doesn't make us good. We are TORTURING people. The United States of America, Land of the Free, Home of the Brave, is TORTURING people. By policy. With the full knowledge of the government AND THE CITIZENRY.
What China does is *immaterial*. What Hitler did is immaterial. What Pol Pot did is immaterial. The United States is doing these things NOW. That is ALL that matters. Any noise to the contrary is just to try to distract you.
And, from a practical standpoint, the Chinese that you (rightly) detest can point to the fact that we're invading other countries and torturing anyone we choose. At least the Chinese torturers mostly stay home.
We can't preach from the moral high ground if we're not ON the moral high ground. How can we expect other countries to live up to ethical rules that we're willing to ignore whenever we find them inconvenient?
Because of Bush's actions, we have lost most of our ability to influence behavior in the world. The terrorists didn't just win, they hit the f*cking jackpot.
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable [inalienable] Rights, that among these are Life, Liberty, and the Pursuit of Happiness."
ALL men. (and women, too, we've grown up a bit.) Not people who happen to have been born within the borders of the United States. ALL people.
Very few people are going to choose a 'cheap', but brain-damaged operating system, when they can get a more sophisticated one for free. They'll either (illegally) copy XP, or (legally) copy Linux.
Further, if Microsoft manages to talk OUR government into pressuring THEIR governments into cracking down more on piracy, this will probably increase sales for them a little bit. It will also increase Linux adoption a very great deal.
The dirty little secret that Microsoft has been hiding all these years is that piracy was GOOD for them in creating their monopoly. Now that they have a monopoly, however, they believe the illegal copying does them no good, so they are trying to stop it.
But in many of those foreign countries, they do not yet have a monopoly. And the concept of serving the customer has been absent from Microsoft for so long that they actually think people will buy this brain-dead crap. Instead of doing the RIGHT thing by the customer, which is dropping the price on the normal product to something the local economy can supporty, they're trying this racket to protect their home monopoly pricing.
Ultimately, it's just not going to work. They may eventually figure it out. I'm not convinced of this, however. They have been a monopoly for too long and fear losing that power more than they want to get into new markets.
The fundamental problem is most likely because Motorola's primary customers are Verizon, Sprint, and Cingular.... where Apple's primary customers are just people.
The wireless companies take time to react to things. They are slow. They need to know about a product well ahead of time so that they can develop their marketing materials, do studies to determine the proper price point, and work out any implementation details on their networks. So Motorola normally gives them a several month lead time on new products so they can get ready.
Apple, on the other hand, sells to you and me. We don't need prep time to buy an iPod, we just buy one.
The thing is, in this market, end-user customers are a tiny, tiny fraction of the total market. Unless and until the big cellular carriers are selling this phone, Motorola just isn't going to move very many. The 'announce Sunday, ship Monday' culture simply DOES NOT WORK for their customers, the people who buy 98% of their product. Without that long lead time and solid coordinated pushes from the wireless carriers, an iTunes phone won't sell well. By the time the channel is really ready to start pushing them, the initial buzz will be all gone, and the product may never do well.
This is a case, I think, where Motorola is right to be upset with Apple. Apple, however, may not care. An announcement today of products available in the summer may impact THEIR sales as people delay purchases. So this move is likely in Apple's best immediate interest. It's a big problem for Motorola, and may have a bad long-term impact on Apple due to fewer iTunes customers.
Apple may be becoming a bit dangerous to partner with.... it'll bear watching.
I took the RHCE course back in the 7.0 days, several years ago. My knowledge isn't current, obviously, but I doubt that a one-week course could have changed amount of content all that substantially.
The way I summed it up at the time is this: An RHCE has a pretty good knowledge of how to run one (Redhat) Linux box. Without other experience, he or she would probably be a perfectly adequate junior admin... not someone you want to give the keys to the server room, but definitely worth having around.
Note that the actual certification test, while reasonably difficult, is fundamentally 'fair'. It's not like real life, where boxes mysteriously fail and don't tell you why. You always have all the information you need to solve a given problem, and the test environment is set up so that some of the more boneheaded things you might do aren't possible. It still takes knowledge and skill to pass the test, but unlike real life, it's not cruel and evil. (at least, it wasn't back in the 7.0 days; they may have gotten eviler since.:) )
Most people who've passed that test have a real clue, and have the potential to be good admins. I would definitely give an RHCE an edge if I were choosing interview candidates.
Unix is an extremely complex environment, one which you can literally spend your entire adult life learning. No cert could possibly substitute for years of battle testing. An RHCE is a great start, but it's only a start.
Slashdot Mirror
Other than SCO and Darl McBride, I think DiDio is probably held in the lowest possible esteem over on Groklaw. They quote her a lot, and she seems to get it wrong nearly every time. The opinions that I have read by her are consistently pro-SCO, pro-Microsoft, and anti-open source, to the point that I don't think she can be considered an even remotely reliable source.
So it's particularly interesting that "TCO is equal" is the best she could come up with. If that's the best they can manage, it's a huge win for Open Source. When TCO is equal, why on earth would you pick the software that costs more up front?
The claim must be that Linux costs more to run, since it's free to install. That was the exact method that Microsoft used for ages to get ahead in the market... it was cheaper up front but cost more to run. That can actually be a very smart business decision, since presumably you'll have more money later than you do now, particuarly if your business is just getting off the ground. (That's part of why leases do so well.)
Of course, we all know that Linux is probably cheaper to maintain once you have the skills to do so, possibly by an order of magnitude, due to the absolute control you have over the system and the enormous power of the built-in scripting languages.
But even if you grant that it's more expensive to run, this study shows that Linux is a good choice for many businesses, particularly small ones, or companies growing very quickly without a lot of capital to do it.
That is vigilante justice, and you can be arrested and put in jail for it. Tread carefully.
I agree with you that the mailbox is more dangerous on a per-attempt basis. However, my mailbox is not physically accessible to 6 billion people. My WHOIS data is. And there are undoubtedly very, very smart people who can destroy lives remotely if they choose.
Admittedly, they're not likely to single me out.... but 'very unlikely' times six billion could easily be higher than 'moderately likely' times a couple thousand potential local identity thieves. Whatever the relative chances are, they are both nonzero.
There is no apparent benefit to me in listing my information publicly, and a number of possible benefits to hiding it, so I hide it. I'm still reachable in case of problems, so your ability to run your servers is unimpaired. You don't need to know who I am, you just need to be able to reach either me or my ISP, should there be a problem with a server under my control.
BTW, that does sound like it could make a good short story.
If a server or set of servers is beating you up, what matters is their IP space, not their domain info. Contact the hosting ISP. They should know about the problem anyway. I can't, offhand, imagine any emergency situations that would be based around the domain name.... only IP space. Sure, you might WANT TO resolve a problem with a domain quickly, but a problem that can't be traced to a specific set of IP addresses is unlikely to be a true emergency... just an annoyance, at worst.
I agree with you about most companies wanting to be as public as possible, overwhelmingly so in fact. Whatever I may do doing the day, however, doesn't imply that I also want publicity about me in my private life, running my private server(s).
As far as mail problems go, postmaster@ still works. Spammers seem, for whatever reason, to avoid postmaster addresses. And of course you can always send mail to the WHOIS addresses. I do get those. They're anonymized, but they do work.
I react this way because I have tons and tons of spam with my real name and address, as well as boatloads of junk snailmail. I DON'T LIKE IT when any sleazeball can get that info for a couple of cents.
You do realize that you can be put in jail for 'counterattacking', don't you? The net is no place for vigilante justice. Call the ISP and get the server taken down. Counter-hacking is illegal, no matter what your intentions may actually be.
Basically, I perceive what you just posted as a threat..."do it the way I want you to, or I will break your server". I hope you don't actually do things like that.
The purpose behind an unlisted number is to prevent people from looking you up and disturbing you when you don't wish to be disturbed. There are two pieces of data; name, and phone number. (and, optionally, street address.) Having an unlisted number, at least in theory, breaks the connection between the two required data elements for those who should not have it. (in reality it no longer works that well, but at least it's proof against a casual snoop.)
DNS names are mnemonics for numbers. They serve many more functions than a phonebook does. The most fundamental part of it, A records, are simply shortcuts for humans, so that they can find sites more easily. It's a lot easier to remember 'www.google.com' than it is to remember 64.233.161.99 (plus two more addresses in the lookup I did just now... who knows how many ACTUAL addresses they have.) With an A record, you're in essence dealing with THREE pieces of data, not two: the site's name, the address where it's hosted, and (via the WHOIS info) who runs the site.
So by using indirect (WhoisGuarded) listings for domains, the chain is broken a little further down. It still serves its mnemonic purpose, but doesn't give away ownership data. This is very close to the idea of an unlisted number. You can still reach my site by number (1.2.3.4), for convenience purposes by name (www.example.com), yet you can't instantly determine who I am. Your argument that having a number-only domain is most like being unlisted really isn't correct. You are breaking the mnemonic function of DNS when you don't need to.
Being MOST precise, WHOIS would be like a reverse phone number directory, in which one looks up a number and determines who owns it. In the United States, this is considered special information and isn't routinely accessible to ordinary citizens. It can be gotten much more easily now than it once could, but it costs money to do so.
Interestingly, the 'forward' lookup facility in WHOIS doesn't seem to work anymore. At one time, you could use my NIC handle in the WHOIS lookups to determine all the domains I ran. I don't think you can do that anymore. So the way in which it's MOST like a phonebook, looking up a site owned by a person, seems to have gone away. (My own domain doesn't even list NIC handles, perhaps they have removed that feature entirely??)
I'm not too worried about being considered a spammer for using Namecheap... my domain is six years old. If it were newer, I might very well have listed myself for awhile before taking it private, or perhaps I'd register it and not use it for a year or so. (less likely). But at this point, I'd just rather be anonymous... I have run the domain well for a long time and I intend to continue. I don't see any reason to plaster my address all over the Net. It can't POSSIBLY help me and it could certainly hurt me. I was getting a lot of snailmail advertisements when I still lived at the address last listed for me.
I don't really understand your objections to the police having extra access to this info. I'm not arguing, and never HAVE BEEN arguing, that one should be able to run a domain and be TRULY anonymous, just anonymous to non-authorities. (it would be better to be TRULY anonymous, I admit, but the chances of that are near-zero... it would be abused instantly and on a massive scale by spammers.) I think the authorities in the name service system (registrar of record and ICANN) should have access, and that, by extension, the police probably should too. You might be right that this should be protectable with a subpoena, but again... in the US, that idea is mostly moot. And since the registries are mostly hosted in the US, those laws will probably reach out and apply to you in Sweden.
(If you use the registrar Joker.com, which is quite good, though, you MIGHT be able to escape somewhat from US jurisdiction, if that matters to you.)
But I don't really get where posting your info outside a police station would really prove anything. I mean, in your c
That's a thoughful reply, and I appreciate it.
.us regime (and .com/.net/.org to a lesser degree) is basically saying "you can't have an unlisted number". Depriving me of the choice doesn't seem like a good idea at all.
First, it's not a good idea to use contact info from Domain X in the registration records FOR Domain X. If Domain X breaks, it's quite possible to end up in a spot where you can't fix it BECAUSE it is broken. (back when all administration was done through email, in fact, this was pretty common... with the web based interfaces now, it's less likely.) So as a rule I have always used at least one contact that wasn't in the domain. I may or may not have full control over that domain, and those addresses will get a torrent of spam.
The Namecheap anonymizer is really nice, because I don't have to make a special address that discards a lot of junk mail. It shifts the burden of administration to them... they just need to rotate the random address every so often. I get very little spam that way, and it costs me essentially zero effort. You can still get ahold of me easily, without actually knowing what my 'real' address is.
You say, "Obtaining an entry in the DNS without providing at least some contact information is a bit like obtaining an entry in the phone directory without providing a phone number.". You're close, but I think you got the metaphor wrong. Obtaining a domain name without publishing info is like getting a telephone but choosing not to go into the phonebook. It is the Internet equivalent of an unlisted number.
In your particular case, you have decided that the benefits from publishing your info outweigh the loss of privacy. I have no beef with or complaint about that choice. You choose to list yourself in the phone book. I generally do not. There are good reasons for both approaches.
The current
As far as the law enforcement comments go... at the moment, they have access to nearly everything, often without needing a subpoena. Like it or not, we already live in a police state, it's just one that hasn't showed its fangs too much yet. (since the government claims to now be able to hold people, even US Citizens, indefinitely, without charges, and without access to legal counsel.) You have virtually no privacy protections against the government, and they can disappear you at will. Under that circumstance, talking about whether or not the government should be able to access domain info is like wondering about the placement of a picture in the hall while your house is burning down.
I do like what you're saying, but it's so far from present reality that it's nothing more than vaguely theoretical.
As an aside, I just looked at your whois info. It's very strange, not at all like how mine is set up. It looks like NameCheap is claiming OWNERSHIP over your domain, instead of just being your registrar. It looks like you might be vulnerable to having your domain stolen, since you don't appear to be the owner of record. If they're fighting you on listing your name properly, this might be why -- the people who actually registered the domain may be trying to get you over a barrel so you can't change providers and keep it.
My contacts all show 'WhoisGuard Protected' rather than claiming that Namecheap actually owns my domain.
Sure, and the proxy service provided by Namecheap is near-immediate. No, you don't get the ability to pick up the phone and call me directly if there's a problem with my servers. This is a loss, I agree with that. But both Namecheap and my ISP can get ahold of me very quickly, usually within minutes. (I doubt Namecheap responds that quickly. I'd be shocked if they DID in fact.... but I know my ISP will.)
The Net isn't like it used to be. I know that the percentage of bad guys, relatively speaking, is probably pretty small, but there's just so many people online now that the absolute number of kooks and spammers is quite high.
With no way to know ahead of time that anyone who can see my personal info has my best interests in mind, I'd rather have the insulating layer of a professional company between us.
I did branch into 'rock through the window' arguments, but that wasn't my original objection.
The fundamental problems are spam and identity theft. I don't think you can plausibly argue that these these are small problems. Yes, you can probably find out quite a lot about me if you do a very determined, conscious, human search. But that isn't what spammers and identity thieves do. They're looking for the easy score, the easy mark. Why give them a tool that any sixth-grader could automate?
When dealing with individual domain owners, there's very little benefit to be gained in having names and addresses publicly available, and the potential downside is quite large.
Even if I grant your argument that the threats are small, they are still not zero. (in actual fact, the chance of spam is very, very close to 1.0). The data is just as easy to hide as to show. Given that, why not hide the data for people who want it hidden?
I'm not sure they'd even have to issue a subpoena, they'd probably just have to call up the registrar and ask for the info. What with it being the .us domain and all, they kinda own the data. So I just don't understand what problem they're trying to solve at all.
The only explanation I can think of so far is that the thought of widespread public anonymity might scare them. The Bushies aren't known to tolerate dissent well.
Sure, there's information leakage, and a smart person may be able to figure it out. But they also might not. And in any case, it will take active, focused, coordinated EFFORT to find it out. The answers will take real work to find, instead of just being handed to anyone who can type 'whois domain.com'.
Just because privacy invasion is possible by other means doesn't mean we should make it easy by this one.
And one more comment... the TOS I agreed to said I had to provide accurate information to my registrar, which I did. It does NOT say that every Tom, Dick, and Harry should automatically have access to that information.
As long as my ISP and my registrar know who I am, you don't need to.
So in other words, to work around the phone number problem, I'm supposed to pay for another phone line every month, and then just not answer it? Why do you need my phone number to begin with? My ISP has it. If you have a problem with one of my servers, they can contact me in minutes. You don't need to.
And then you're suggesting that I supply inaccurate information, which is essentially the same thing in another guise. You're saying that me withholding the information is stupid... so why isn't lying about that information also stupid? Those same telemarketers can surely figure it out, no?
Or maybe, just maybe.... a lot of domain searches might be AUTOMATED, done by inflexible programs. So perhaps your idea of falsifying the domain information WOULD work. But if that's the case, then everything else you're claiming (about my privacy being gone) doesn't really apply, does it?
Privacy happens one query at a time. Just because some big company in Arizona has my name and address doesn't mean that YOU do. And it's pretty damn unlikely that the company in Arizona is going to want to either break into my house or throw a rock through my window "for giving Terri Shiavo[sic] a run for the money". You, however, might. And you can't easily find my address without law enforcement being involved. I find that comforting.
BTW, that's Schiavo. It's wise to check your spelling carefully when calling someone a mental vegetable.
Just FYI, I'm a professional sysadmin and have been doing it a long time. Your comments about 'running toy servers' are a cheap shot and misdirected.
Very simply, you don't EVER need to know who and what I am, simply because I own a domain. You just don't. A domain is not IP space. And even if I DO have IP space, if you have a problem with an attack coming from that space, you can contact my ISP, who maintains records and can contact me, likely within minutes. If you have a complaint about the domain, then you can contact my registrar. (not sure how long that takes... but if it's not involving a specific IP, it's highly unlikely to be an emergency.) You can also email me directly via the Namecheap anonymous relay. Those three contact methods are enough. You don't need anything more than that.
The alternative is that you can contact me in ways I don't approve of and can't control. Probably any address listed in the WHOIS is going to be a good target for breakin, for instance -- probably going to be more tech goodies there than most places. And, of course, if you happen to disagree with something I'm saying, you can find out precisely what window to throw a brick through.
A domain is not automatically IP space, and it's not automatically a server. Requiring non-anonymous domain registrations shows poor thinking, a fundamental confusion over how the Internet works. It's IP SPACE that matters, not domains.
Personally, I don't like the fact that as a private citizen that wants to host his own email server, I have to reveal my real name, phone number, and ADDRESS to every human being on the globe with access to WHOIS.
This can be badly misused, and has been already by spammers. I get an enormous amount of spam aimed at my (formerly) published contact emails, and a lot of it comes in complete with the (obsolete) address data from back then. The ONLY way they could have gotten this information is from WHOIS, and I'm not happy about them having it; they have no legitimate reason to be in possession of that data.
I really like what Namecheap is doing. For an extra five or six bucks a year, they'll hide your real address and give you an anonymized contact address... mail sent to this random address will be forwarded to your real email, invisibly to the sender. So, if there is a problem with your domain, you are still contactable. If there's a legal problem with a domain, then of course the real info is going to be available to any form of law enforcement.
But it's hidden from the casual spammer/identity thief, and I am very, very happy about this.
Requiring people to publish information about a domain is sort of a presumption of guilt...."if you're innocent, you have nothing to hide!" Well, I am innocent and I have plenty to hide...like where I live. If I want to host an mail or a web server, my responsibility is to make sure I can be contacted in case of problems. My responsibility is not and never was to tell you exactly who and where I am, no matter what ICANN happens to think.
I'm such an idiot. In the grandparent, I said "Iron Council" when I meant "The Scar". I haven't even *read* Iron Council. I have no opinion on that one. The Scar is quite good, though, some very cool stuff in it.
They really should add a "-1, Stupid" moderation category. *sigh*
I didn't care for Perdido Street Station all that much, but I quite liked both King Rat and the Iron Council. The plotting was much better in both... PSS feels sort of lost and confused in spots, not sure where it's going or why. Neither of the other two books suffered from that problem.
:-)
I bought both PSS and King Rat at the same time from an Amazon recommendation (which, by and large, are pretty good). I read Perdido first, didn't like it that well, and nearly didn't read King Rat. That would have been a mistake. It's a good book, a dark urban fantasy. Sort of like a very angry Charles de Lint.
It's funny how the exact same people can argue that the Bible is literally and exactly true, and then turn around and argue that 'thou shalt not kill' doesn't REALLY mean 'thou shalt not kill'.
I once had long impassioned arguments about how the present Bible was, as often as not, simple educated guesswork, but the counter-argument was 'oh but the translation was divinely inspired and therefore perfect.'
Well, I'm sorry, it's REAL HARD to blow four short words. Claiming the above in one argument and this one in the next is the ultimate hypocrisy. (and it may not be one that you specifically are guilty of, I do realize this.)
Either it's right or it isn't. If one of the bloody COMMANDMENTS is wrong, what could they possibly have gotten RIGHT?
If someone knows and respects you, they are more likely to listen to your opinions. If they know and despise you, not only will they ignore your opinions, they'll actively try not to do what you suggest. What is so hard to understand about this?
Our best weapon, since oh, probably about WW2, was our moral authority. It was better than any other weapon we've ever invented. Any idiot can blow stuff up, and they often do, over and over. It takes courage and discipline to choose a high ethical standard and live up to it, even when your opponents don't. But it confers real advantages in so doing.
Ethics are not a substitute for being strong. They are a supplement. If one is strong both physically and ethically, one's words have far more weight than if one is only strong physically.
And note, in the above example.... chances are pretty good that you're going to have to physically defend that target. But an ethical shield is an advantage; perhaps you can avoid the conflict, perhaps the attacker will be less enthusiastic. That may not be the case, but even a split-second advantage is still an advantage. And maybe, just maybe, you can avoid the conflict altogether. It's not a high chance, but it's better than NO chance.
I've taken quite a lot of karate and I'm under no illusion about what would be the most likely outcome of that hypothetical situation. But I'd want every advantage I could possibly get. One mistake will lose you most fights if you're dealing with trained people. If I make him a little more likely to make that mistake, then I have an advantage. And if he's not totally committed to an attack, a bit confused and uncertain, then it is a HUGE advantage for me.
Whatever reality you're in, it must be very small and mean if you don't see how this works.
What I am saying is that we have lost the moral authority to judge. In your example above, perhaps the murderer might know you.... and if you asked him to stop, or stood in between him and his potential victim, he might stop attacking out of respect for you. If, on the other hand, he thinks you're scum, your words are useless, and if you try to intervene you'll probably get the pointy end yourself.
Words don't always work, and there are times when you do have to fight. But if you are respected, that's less likely to happen. If you can convincingly stand on the moral high ground, you can sometimes sway people to believe what you believe. You can sometimes (often?) prevail without a shot being fired or a blow being struck. THAT is the true art of war -- winning without fighting.
People don't like to think of themselves as bad. If you hold yourself to a very high standard and work hard at living up to it, and they KNOW THIS, your words will have more weight with them.
Most people don't expect perfection, but they really detest hypocrisy, and the US reeks of it just now.
You don't really get it, do you? Just because other people are worse doesn't make us good. We are TORTURING people. The United States of America, Land of the Free, Home of the Brave, is TORTURING people. By policy. With the full knowledge of the government AND THE CITIZENRY.
What China does is *immaterial*. What Hitler did is immaterial. What Pol Pot did is immaterial. The United States is doing these things NOW. That is ALL that matters. Any noise to the contrary is just to try to distract you.
And, from a practical standpoint, the Chinese that you (rightly) detest can point to the fact that we're invading other countries and torturing anyone we choose. At least the Chinese torturers mostly stay home.
We can't preach from the moral high ground if we're not ON the moral high ground. How can we expect other countries to live up to ethical rules that we're willing to ignore whenever we find them inconvenient?
Because of Bush's actions, we have lost most of our ability to influence behavior in the world. The terrorists didn't just win, they hit the f*cking jackpot.
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable [inalienable] Rights, that among these are Life, Liberty, and the Pursuit of Happiness."
ALL men. (and women, too, we've grown up a bit.) Not people who happen to have been born within the borders of the United States. ALL people.
What part of "all" do we fail to grasp, I wonder?
Very few people are going to choose a 'cheap', but brain-damaged operating system, when they can get a more sophisticated one for free. They'll either (illegally) copy XP, or (legally) copy Linux.
Further, if Microsoft manages to talk OUR government into pressuring THEIR governments into cracking down more on piracy, this will probably increase sales for them a little bit. It will also increase Linux adoption a very great deal.
The dirty little secret that Microsoft has been hiding all these years is that piracy was GOOD for them in creating their monopoly. Now that they have a monopoly, however, they believe the illegal copying does them no good, so they are trying to stop it.
But in many of those foreign countries, they do not yet have a monopoly. And the concept of serving the customer has been absent from Microsoft for so long that they actually think people will buy this brain-dead crap. Instead of doing the RIGHT thing by the customer, which is dropping the price on the normal product to something the local economy can supporty, they're trying this racket to protect their home monopoly pricing.
Ultimately, it's just not going to work. They may eventually figure it out. I'm not convinced of this, however. They have been a monopoly for too long and fear losing that power more than they want to get into new markets.
The fundamental problem is most likely because Motorola's primary customers are Verizon, Sprint, and Cingular.... where Apple's primary customers are just people.
The wireless companies take time to react to things. They are slow. They need to know about a product well ahead of time so that they can develop their marketing materials, do studies to determine the proper price point, and work out any implementation details on their networks. So Motorola normally gives them a several month lead time on new products so they can get ready.
Apple, on the other hand, sells to you and me. We don't need prep time to buy an iPod, we just buy one.
The thing is, in this market, end-user customers are a tiny, tiny fraction of the total market. Unless and until the big cellular carriers are selling this phone, Motorola just isn't going to move very many. The 'announce Sunday, ship Monday' culture simply DOES NOT WORK for their customers, the people who buy 98% of their product. Without that long lead time and solid coordinated pushes from the wireless carriers, an iTunes phone won't sell well. By the time the channel is really ready to start pushing them, the initial buzz will be all gone, and the product may never do well.
This is a case, I think, where Motorola is right to be upset with Apple. Apple, however, may not care. An announcement today of products available in the summer may impact THEIR sales as people delay purchases. So this move is likely in Apple's best immediate interest. It's a big problem for Motorola, and may have a bad long-term impact on Apple due to fewer iTunes customers.
Apple may be becoming a bit dangerous to partner with.... it'll bear watching.
I took the RHCE course back in the 7.0 days, several years ago. My knowledge isn't current, obviously, but I doubt that a one-week course could have changed amount of content all that substantially.
:) )
The way I summed it up at the time is this: An RHCE has a pretty good knowledge of how to run one (Redhat) Linux box. Without other experience, he or she would probably be a perfectly adequate junior admin... not someone you want to give the keys to the server room, but definitely worth having around.
Note that the actual certification test, while reasonably difficult, is fundamentally 'fair'. It's not like real life, where boxes mysteriously fail and don't tell you why. You always have all the information you need to solve a given problem, and the test environment is set up so that some of the more boneheaded things you might do aren't possible. It still takes knowledge and skill to pass the test, but unlike real life, it's not cruel and evil. (at least, it wasn't back in the 7.0 days; they may have gotten eviler since.
Most people who've passed that test have a real clue, and have the potential to be good admins. I would definitely give an RHCE an edge if I were choosing interview candidates.
Unix is an extremely complex environment, one which you can literally spend your entire adult life learning. No cert could possibly substitute for years of battle testing. An RHCE is a great start, but it's only a start.