I'd be interested to hear if you got a response to your message.
Did they even bother to reply? I'm guessing they didn't... not responding would be the arrogant thing to do, and when has Verisign ever passed up on the chance to do the arrogant thing?
Who set up the contract with Verisign? The "gov" did. Who kept the contract with Verisign? ICANN, but who set up ICANN? The Department of Commerce -- the "gov".
Do I want to see the government directly administrate this? No. Do I want a for profit company to be granted the monopoly that Verisign has? HELL, no. I think the second option is actually worse in the long run.
Personally I think that a non-profit organization should be doing what Verisign has been doing. It's a monopoly position and as such can't be trusted to a "for profit" entity (IMHO for whatever it's worth). There's no danger of them being beaten by "competition" so there's no incentive for them to do a good job and follow the rules. If they screw everyone else over, "so what? It's our playground."
But to question whether we want the government "involved" seems a little naive. The government has always been involved, is still involved, and frankly will probably always need to be involved.
The government was heavily involved up until well after the Internet went into wide use. The the Clinton folks decided to try to turn it into just a cash cow. Unlike some people, I tend to like a great deal of what the two Clinton administrations accomplished... but this whole business of trying to turn the Internet into nothing but a commercial space was foolish. The Internet isn't a street market.
Then again, I suppose the government had a lot of help from all the profiteers until the bust.
The Internet is a community. Every community has a place and need for businesses. Every community also has a place and need for government.
Business' interest is in making profit. It isn't interested in handling bad actors. The market will to some extent correct for bad actors but will also encourage bad actors to some extent. Just look at the business headlines of the past couple of years.
And in some cases bad actors pop up who the market could care less about because their actions don't involve money. Government is the third party that has the job of stepping in and controlling the bad actors (in or out of business) and imposing ethics on business.
This particular situation with Verisign involves a monopoly. Sometimes a monopoly is unavoidable. Like with power companies, this is one of those situations. Also, like with power companies, there's a necessity for a governing body that is NOT (at least not entirely) made up of commercial interests.
ICANN should be filling that role but it's track record is abysmal and it's causing all of us to reap what they've sown.
When you've got a monopoly resource you can either have government manage it, a business handle it, or a non-governmental non-profit organization handle it. It can certainly be argued that government isn't always the best way to go. Alternately, giving a business a monopoly removes the only check on bad behavior -- competition. If there's no competition, sooner or later government will have to step in and either reign in the business or take over because the business will abuse the privilege of it's position.
How soon it happens depends on the ethics of those initially in charge, but sooner or later there'll either be overt abuse of power or simply really shitty customer service and bad management of the resource. There's no incentive to avoid it.
Unfortunately, to some extent, no matter who "manages" the monopoly community resource, there's going to have to be a level of governmental oversight, or there will be Verisigns all over the place saying, "You don't like it? Then don't use our service. Oh, you can't avoid our service if you use the Internet? Well, there's your answer, bub."
The government created the Internet. The government ran everything until the Internet was commercialized. Verisign got the position they now have when it was relinquished by the government.
We didn't have this problem when the government was running things.
The Internet is one of those cases where the "government is always bad" dogma is way off course.
Haven't we reached that point before with Verisign? Oh... Yeah... ICANN are a bunch of cow-towing corporate pansies, and they are the only ones who have the authority to do anything...
I had blocked the Sitefinder service on my firewall by IP address for good measure, but it appeared that ComCast had already blocked it for me too...
Until yesterday that is. I typoed a domain name and was suddenly looking at the damned Sitefinder page again.
I pinged the web address of the Sitefinder page and I was getting a different IP address than before. They either moved the damnable thing or they've started playing musical chairs to try to force it past people's barricades. I'm now seeing it at 12.158.80.10
Maybe they should put training wheels on all of them while they are in recall?
You know, that started as a joke in my head, but you do have to wonder why they didn't put a small third wheel on there somewhere always touching the ground but on a hing so that it would only actually bear weight if the thing tipped too far.
Then again, I suppose the market droids couldn't have pushed it so hard as the next big thing if it didn't just have two wheels... Hard to look like an adult when you're basically whizzing around on a tricycle.
Yes, except sadly from a market droid's perspective (provided he doesn't work for a company that was previously widely known and respected), a huge untargetted spam campaign probably isn't a waste of money. Because it isn't his money for the most part. It's my ISP's backbone provider's, my ISP's, and my money...
And so for every stupid shill who does buy into the SPAM email the droid sends out, there's that much more incentive for him to SPAM -- "Easy profit - get rich quick - woohoo!"
All he needs is an unscrupulous, uncaring, or just stupid ISP to shoot his SPAM out through.
This is now being spun as "he might have resigned." @Stake is being very coy about the whole thing and so far (it would seem) Geer hasn't come out swinging in response. See InfoWorld article.
I wonder what kind of hammer they put over his head to force him to shut up.
I think you should do some more reading on this...
I'm not nuts. He did this on his own time and he didn't represent it as the opinion of his employer. I don't know where you got that bit about using their company's "good name to push his own agenda."
The paper was written by six different authors, all of whom are very well respected in the security community. I think that covers your concerns about "peer review."
Obviously people who *do* go off half-cocked and represent half baked opinions as those of their employer have created a big problem for themselves, however... The opinions weren't half baked, weren't represented as the opinions of his employer and weren't presented by himself alone.
Sounds a bit like you've got an agenda yourself... or at least a chip on your shoulder. Long day at the university or something?
Here's another good article on this subject:
Washington Post
According to the Washington Post, Lona Therrien, the @Stake spokesperson, "said the company had no conversations with Microsoft about Geer or the report."
However (same article), Sean Sundwell of @Stake said that on Tuesday night, when notice of the report's pending release was circulated, "Microsoft was contacted by @Stake officials . . . expressing their disappointment in the report and saying that Dan Geer's opinion did not reflect the position of @Stake and its commitment to an ongoing relationship with Microsoft."
So... which is it? Did they discuss the report directly with Microsoft or not??
With any luck Dan Greer will find a better job with a better company to work for.
@Stake on the other hand...
This is probably going to be a bit of a nightmare for them. The firing is starting to generate a lot of attention in the press. People who may or may not have heard of @Stake before this are now going to remember them as "the company that fired a guy for dissing the security of using all Microsoft."
I for one wouldn't want to hire a company whose line of business is other people's security but who fired a guy for pointing out obvious and factual problems with the security of a major software vendor. It speaks volumes to whose interests they are going to represent if I were ever their client.
It wouldn't be mine -- it would be their own and any bigger client whose interests might run contrary to mine.
According to Forbes and several other news outlets, the CTO of @Stake who was one of the authors of this report was promptly fired. @Stake then called Microsoft to apologize, apparently...
How'd ya like them apples... Who says being critical of Microsoft can't put an end to your career?
There've been a lot of posts lately to the effect of "makes me glad to live in..." (usually Canada it seems) "rather than the US."
I think this makes me glad to live in the US rather than the UK. I don't think I'd be too thrilled with the idea that it's possible to remotely keep tabs on me as I wandered about through London...
I think the argument might be made that Microsoft didn't produce quality products that customers love and buy over everything else.
You say that the key is competition, however if you have a monopoly there is no competition. That's the definition of a monopoly.
In the case of a monopoly of a national or international scale there's no way for a true competitor to appear. The monopolist has the ability to crush a competitor through means that have nothing to do with the relative merits of the products in question. Any company with the instincts to successfully become a monopolist on a national or international scale has to have done so by being willing to squash the competition by any means it thinks it can get away with.
If a company can squash the competition by leveraging an existing monopoly, why would they compete on the merits? There's no incentive. Competition is inherently risky. It's a surer road to profit to make sure that the competition cannot reach a level playing field.
Not many companies can reach the place where they have the ability to leverage a monopoly to quash their competition. When a company reaches that position and begins to do so, we *DO* need the intervention along the lines of the Sherman Antitrust Act.
To quote your message, Can anyone think of any monopolies that have *NOT* tried to "use their market leadership to maintain their monopoly"?
And as we all know, Microsoft works hard to make sure that everything seems as "eeeeaaaassyyy" as possible to the bosses upstairs to that they'll buy and STANDARDIZE on Microsoft products.
For reference, look at the recent discussion here about all ATM's moving to a hacked down version of Windows because it would be compatible with the rest of the banks' networks.
Microsoft is a company. It's reason to be is profits... as much profits as possible. Just like every other company.
The problem is that they are too good at corralling all the business. (Someone somewhere is going to blow a gasket at the idea that could be a bad thing -- "Free Marketeers, unite!")
We sometimes look at this as though Microsoft's goal is to make the best operating system. That's only true as long as you define that in terms of whatever will get the most only marginally clueful management folk to swing the business in Microsoft's direction.
I think Microsoft feels that it's only in their best interests to provide the most security in their OS that they can as long as it contributes to the bottom line. If it comes to a choice between making things "easy" to sway the business, and making things more "secure", the choice has always gone with the money. They don't really have to make a truly secure operating system because they get the business through marketing tricks without going to the extra trouble.
And of course, once they have an iron grip on one market, they look for any way they can to use it to drop a hammer on competition in the next market they set their sites on.
This is why we have anti-trust laws. They are the check-and-balance of capitalism. There *is* such a thing as being too good at creating a profit. There's a point where you haven't *explicitly* broken any laws but you've driven the competition out and there's no incentive for you to produce good products because you're now in a position to create barriers to entry so high that no one can challenge you.
Unless the newborn competition can wish on a genie's magic lamp and instantly have equivalent marketing muscle to the company that already has a monopoly. Uh... yeah... right... that's going to happen. At that point, the market doesn't fix things anymore. A new set of rules apply.
Writing papers to point out the fact that a monopoly is bad hasn't worked so well for anyone so far. This isn't the first one published.
The trouble with the BeOS was always hardware support. It was a thing of beauty (fast and pretty) when you got everything going, and it could do really cool stuff. Without the kind of heavy duty developer support that other operating systems have it couldn't run on all the latest and greatest hardware though.
That didn't stop me from using it in a dual boot system until after the company went out of business though. Damn shame.
SCO: No one will indemnify users against us because they know that we're right! There's no defense against our cliams!
later...
SCO: HP is indemnifying users against us because they know we're right!
So, let me get this straight... According to SCO, HP is voluntarily indemnifying users because it knows that by doing so it will end up paying out big cash to SCO to make reparations for using SCO's code? Sure. Makes sense to me. (Can you spot the sarcasm?)
This is an absolute abuse of Verisign's position. They are contracted to *maintain* the database, not warp it to their own *commercial* purposes. If this was actually a valid service, they would have had no trouble with proposing it to the Internet standards bodies before implementing it. Instead, they're defying those organizations. Worse yet, they've actually put me in the position of agreeing with ICANN.
With those words (an absolute abuse) you just described most of what Verisign has done.
Folks should remember, this is the company that was contracted to *maintain* the database until one day they decided that they *owned* the database... (errr... okay... if I get paid to clean all the cars at the dealership can I decide one day that I own them all and get away with it?)
And yet somehow years after that magical acquisition of property rights they've still got the contracts. They've gotten away with all kinds of stuff and like a spoiled child they'll keep taking more until (if ever) someone takes away their privileges and sends them to time out.
Gotta agree with you that there's no way that any benefits that stupid Sitefinder page provides make up for the abuse of position and random chaos it's caused.
I don't think this is going to hurt anything, and anything that gets Lindows attention in the press is good for them. It might get a few people to try it out. Some few of them might even catch an interest in Linux... maybe...
I guess the real question is, "how much do we care?"
This law violates a) spammers' right to free speech where the recipient hasn't expressed a desire to not get spam, and b) recipients' right to receive unsolicited spam if they desire to do so.
Free Speech applies in public forums.
The right to free speech does not mean that I have the right to (as someone else said) stand in your yard shouting advertisements. As long as there's no community statute that says that door to door solicitation is illegal, I suppose sales people can do it until you explicitly tell them to get out of your yard.
If a community wants to make door to door solicitation illegal, I don't think that a salesperson could successfully mount a First Amendment challenge to that statute though. The right to free speech doesn't apply on private property... I don't have a "right" to stand on your lawn and say whatever I want.
As part of why "junk mail" in the real world may not fall under this same argument, IANAL but once heard that a person's real-world mailbox is not considered their own private property. It's considered government property... making possible Federal charges for some related offences(?) That would mean that junk snail mail is "public" speech and thus perhaps First Amendment protected.
Maybe someone can back me up or shoot me down on this?
If we were discussing the illegalization of websites, free speech would make sense as an argument. The web is a public forum. My email inbox on the other hand isn't a public place or public property. If I and the majority of my community members are of like mind to prohibit junk email, it seems to me that we should be able to enact a statute telling the sales people to "get outta my yard!"
Slashdot Mirror
Did they even bother to reply? I'm guessing they didn't... not responding would be the arrogant thing to do, and when has Verisign ever passed up on the chance to do the arrogant thing?
Who set up the contract with Verisign? The "gov" did. Who kept the contract with Verisign? ICANN, but who set up ICANN? The Department of Commerce -- the "gov".
Do I want to see the government directly administrate this? No. Do I want a for profit company to be granted the monopoly that Verisign has? HELL, no. I think the second option is actually worse in the long run.
Personally I think that a non-profit organization should be doing what Verisign has been doing. It's a monopoly position and as such can't be trusted to a "for profit" entity (IMHO for whatever it's worth). There's no danger of them being beaten by "competition" so there's no incentive for them to do a good job and follow the rules. If they screw everyone else over, "so what? It's our playground."
But to question whether we want the government "involved" seems a little naive. The government has always been involved, is still involved, and frankly will probably always need to be involved.
The government was heavily involved up until well after the Internet went into wide use. The the Clinton folks decided to try to turn it into just a cash cow. Unlike some people, I tend to like a great deal of what the two Clinton administrations accomplished... but this whole business of trying to turn the Internet into nothing but a commercial space was foolish. The Internet isn't a street market.
Then again, I suppose the government had a lot of help from all the profiteers until the bust.
The Internet is a community. Every community has a place and need for businesses. Every community also has a place and need for government.
Business' interest is in making profit. It isn't interested in handling bad actors. The market will to some extent correct for bad actors but will also encourage bad actors to some extent. Just look at the business headlines of the past couple of years.
And in some cases bad actors pop up who the market could care less about because their actions don't involve money. Government is the third party that has the job of stepping in and controlling the bad actors (in or out of business) and imposing ethics on business.
This particular situation with Verisign involves a monopoly. Sometimes a monopoly is unavoidable. Like with power companies, this is one of those situations. Also, like with power companies, there's a necessity for a governing body that is NOT (at least not entirely) made up of commercial interests.
ICANN should be filling that role but it's track record is abysmal and it's causing all of us to reap what they've sown.
When you've got a monopoly resource you can either have government manage it, a business handle it, or a non-governmental non-profit organization handle it. It can certainly be argued that government isn't always the best way to go. Alternately, giving a business a monopoly removes the only check on bad behavior -- competition. If there's no competition, sooner or later government will have to step in and either reign in the business or take over because the business will abuse the privilege of it's position.
How soon it happens depends on the ethics of those initially in charge, but sooner or later there'll either be overt abuse of power or simply really shitty customer service and bad management of the resource. There's no incentive to avoid it.
Unfortunately, to some extent, no matter who "manages" the monopoly community resource, there's going to have to be a level of governmental oversight, or there will be Verisigns all over the place saying, "You don't like it? Then don't use our service. Oh, you can't avoid our service if you use the Internet? Well, there's your answer, bub."
The government created the Internet. The government ran everything until the Internet was commercialized. Verisign got the position they now have when it was relinquished by the government.
We didn't have this problem when the government was running things.
The Internet is one of those cases where the "government is always bad" dogma is way off course.
Haven't we reached that point before with Verisign? Oh... Yeah... ICANN are a bunch of cow-towing corporate pansies, and they are the only ones who have the authority to do anything...
Bastards.
Until yesterday that is. I typoed a domain name and was suddenly looking at the damned Sitefinder page again.
I pinged the web address of the Sitefinder page and I was getting a different IP address than before. They either moved the damnable thing or they've started playing musical chairs to try to force it past people's barricades. I'm now seeing it at 12.158.80.10
How's that for a "service"?
You know, that started as a joke in my head, but you do have to wonder why they didn't put a small third wheel on there somewhere always touching the ground but on a hing so that it would only actually bear weight if the thing tipped too far.
Then again, I suppose the market droids couldn't have pushed it so hard as the next big thing if it didn't just have two wheels... Hard to look like an adult when you're basically whizzing around on a tricycle.
And so for every stupid shill who does buy into the SPAM email the droid sends out, there's that much more incentive for him to SPAM -- "Easy profit - get rich quick - woohoo!"
All he needs is an unscrupulous, uncaring, or just stupid ISP to shoot his SPAM out through.
I wonder what kind of hammer they put over his head to force him to shut up.
I'm not nuts. He did this on his own time and he didn't represent it as the opinion of his employer. I don't know where you got that bit about using their company's "good name to push his own agenda."
The paper was written by six different authors, all of whom are very well respected in the security community. I think that covers your concerns about "peer review."
Obviously people who *do* go off half-cocked and represent half baked opinions as those of their employer have created a big problem for themselves, however... The opinions weren't half baked, weren't represented as the opinions of his employer and weren't presented by himself alone.
Sounds a bit like you've got an agenda yourself... or at least a chip on your shoulder. Long day at the university or something?
According to the Washington Post, Lona Therrien, the @Stake spokesperson, "said the company had no conversations with Microsoft about Geer or the report."
However (same article), Sean Sundwell of @Stake said that on Tuesday night, when notice of the report's pending release was circulated, "Microsoft was contacted by @Stake officials . . . expressing their disappointment in the report and saying that Dan Geer's opinion did not reflect the position of @Stake and its commitment to an ongoing relationship with Microsoft."
So... which is it? Did they discuss the report directly with Microsoft or not??
@Stake on the other hand...
This is probably going to be a bit of a nightmare for them. The firing is starting to generate a lot of attention in the press. People who may or may not have heard of @Stake before this are now going to remember them as "the company that fired a guy for dissing the security of using all Microsoft."
I for one wouldn't want to hire a company whose line of business is other people's security but who fired a guy for pointing out obvious and factual problems with the security of a major software vendor. It speaks volumes to whose interests they are going to represent if I were ever their client.
It wouldn't be mine -- it would be their own and any bigger client whose interests might run contrary to mine.
How'd ya like them apples... Who says being critical of Microsoft can't put an end to your career?
(Ummm... can we all forget about the whole "wrestling governor" thing now? Our current Gov. wants to import drugs from Canada. A pirate he be!)
I think this makes me glad to live in the US rather than the UK. I don't think I'd be too thrilled with the idea that it's possible to remotely keep tabs on me as I wandered about through London...
And I'm generally a big fan of things English.
You say that the key is competition, however if you have a monopoly there is no competition. That's the definition of a monopoly.
In the case of a monopoly of a national or international scale there's no way for a true competitor to appear. The monopolist has the ability to crush a competitor through means that have nothing to do with the relative merits of the products in question. Any company with the instincts to successfully become a monopolist on a national or international scale has to have done so by being willing to squash the competition by any means it thinks it can get away with.
If a company can squash the competition by leveraging an existing monopoly, why would they compete on the merits? There's no incentive. Competition is inherently risky. It's a surer road to profit to make sure that the competition cannot reach a level playing field.
Not many companies can reach the place where they have the ability to leverage a monopoly to quash their competition. When a company reaches that position and begins to do so, we *DO* need the intervention along the lines of the Sherman Antitrust Act.
To quote your message, Can anyone think of any monopolies that have *NOT* tried to "use their market leadership to maintain their monopoly"?
For reference, look at the recent discussion here about all ATM's moving to a hacked down version of Windows because it would be compatible with the rest of the banks' networks.
Microsoft is a company. It's reason to be is profits... as much profits as possible. Just like every other company.
The problem is that they are too good at corralling all the business. (Someone somewhere is going to blow a gasket at the idea that could be a bad thing -- "Free Marketeers, unite!")
We sometimes look at this as though Microsoft's goal is to make the best operating system. That's only true as long as you define that in terms of whatever will get the most only marginally clueful management folk to swing the business in Microsoft's direction.
I think Microsoft feels that it's only in their best interests to provide the most security in their OS that they can as long as it contributes to the bottom line. If it comes to a choice between making things "easy" to sway the business, and making things more "secure", the choice has always gone with the money. They don't really have to make a truly secure operating system because they get the business through marketing tricks without going to the extra trouble.
And of course, once they have an iron grip on one market, they look for any way they can to use it to drop a hammer on competition in the next market they set their sites on.
This is why we have anti-trust laws. They are the check-and-balance of capitalism. There *is* such a thing as being too good at creating a profit. There's a point where you haven't *explicitly* broken any laws but you've driven the competition out and there's no incentive for you to produce good products because you're now in a position to create barriers to entry so high that no one can challenge you.
Unless the newborn competition can wish on a genie's magic lamp and instantly have equivalent marketing muscle to the company that already has a monopoly. Uh... yeah... right... that's going to happen. At that point, the market doesn't fix things anymore. A new set of rules apply.
Writing papers to point out the fact that a monopoly is bad hasn't worked so well for anyone so far. This isn't the first one published.
The trouble with the BeOS was always hardware support. It was a thing of beauty (fast and pretty) when you got everything going, and it could do really cool stuff. Without the kind of heavy duty developer support that other operating systems have it couldn't run on all the latest and greatest hardware though.
That didn't stop me from using it in a dual boot system until after the company went out of business though. Damn shame.
later...
SCO: HP is indemnifying users against us because they know we're right!
So, let me get this straight... According to SCO, HP is voluntarily indemnifying users because it knows that by doing so it will end up paying out big cash to SCO to make reparations for using SCO's code? Sure. Makes sense to me. (Can you spot the sarcasm?)
That's some really SCO'ed up logic for you!
With those words (an absolute abuse) you just described most of what Verisign has done.
Folks should remember, this is the company that was contracted to *maintain* the database until one day they decided that they *owned* the database... (errr... okay... if I get paid to clean all the cars at the dealership can I decide one day that I own them all and get away with it?)
And yet somehow years after that magical acquisition of property rights they've still got the contracts. They've gotten away with all kinds of stuff and like a spoiled child they'll keep taking more until (if ever) someone takes away their privileges and sends them to time out.
Gotta agree with you that there's no way that any benefits that stupid Sitefinder page provides make up for the abuse of position and random chaos it's caused.
A man's relationship with his sofa is a sacred bond not lightly to be trifled with. Much like that with his remote control.
I guess the real question is, "how much do we care?"
Is Lindows important?
Free Speech applies in public forums.
The right to free speech does not mean that I have the right to (as someone else said) stand in your yard shouting advertisements. As long as there's no community statute that says that door to door solicitation is illegal, I suppose sales people can do it until you explicitly tell them to get out of your yard.
If a community wants to make door to door solicitation illegal, I don't think that a salesperson could successfully mount a First Amendment challenge to that statute though. The right to free speech doesn't apply on private property... I don't have a "right" to stand on your lawn and say whatever I want.
As part of why "junk mail" in the real world may not fall under this same argument, IANAL but once heard that a person's real-world mailbox is not considered their own private property. It's considered government property... making possible Federal charges for some related offences(?) That would mean that junk snail mail is "public" speech and thus perhaps First Amendment protected.
Maybe someone can back me up or shoot me down on this?
If we were discussing the illegalization of websites, free speech would make sense as an argument. The web is a public forum. My email inbox on the other hand isn't a public place or public property. If I and the majority of my community members are of like mind to prohibit junk email, it seems to me that we should be able to enact a statute telling the sales people to "get outta my yard!"