I'm glad to hear they're doing that. The usual reason for silent dropping isn't just to hide it from the spammers, though - it's also because sending bouncegrams adds to your outgoing email load, and sending bouncegrams to various flavors of bogus addresses adds even more to your outgoing email load. That's especially true when 80% of your incoming mail is spam.
The software you need for checking in a whitelist isn't much different than what you need for checking in a blacklist - the big differences are that a match means you accept rather than reject the message (duh) and that if you have multiple whitelists, you OR them, while if you have multiple blacklists, you AND them. It's a little bit different, and someone may need to write one extra regexp once per type of SMTP config file, but that's a job for Eric Allman and Dan Bernstein and a couple of other people, and you're just going to copy it from a cookbook. Now, whether you're going to use DNSSEC to validate that the DNS entries aren't spoofed is a different story.
The purported advantage of One ICANN-blessed Top-Level.mail whitelist is that it would be more obvious to everybody who receives email that this is the whitelist they want, as opposed to keeping track of 50 different whitelist companies (some good, some useless, some bogus spammer fronts), and obvious to everybody who sends large-volume email that this is the whitelist they want to pay, instead of paying 50 different whitelist companies (some popular with large or small mail receivers, some totally ignored by the market). Because after all, this is DNS, it's hierarchical, and There Can Be Only One TLD for that purpose, so there's no need for decentralized ratings and competition and keeping track of the karma of different rating lists, and competition isn't necessary. Maybe Linford's right, maybe he's wrong, but go RTFA so you can see what _he_ says he means rather than just listening to me ranting about what his proposal _really_ means.
Laws depend on guys with guns announcing that they can find the right people and shoot them so everybody'd better listen up and obey. (In more civilized countries, like England, they don't use guns, they just use clubs to beat you senseless if you resist, unless of course you're Irish, in which case they'll still shoot you.)
The US government doesn't have any jurisdiction outside its borders, so US laws that don't stop spam now wouldn't stop anything if you required the spam to have a.spam domain name. Other countries may let you send your soldiers in to hunt for Osama, but they haven't found him, and they're not going to support armed raids looking for something as trivial (if annoying) as spammers.
SPF doesn't say you're not a spammer - it just prevents spammers from pretending to be you, at least without doing extra work. That makes it harder for them to impersonate you if you're widely whitelisted (like Dave Farber or Declan) or joe-job you if they're mad at you. Dot-Mail will need to use something like SPF or Reverse-DNS lookups to discourage impersonation, but Spam-R-Us.com can use SPF to tell you that a message really came from Spam-R-Us.com, while they can't be Spam-R-Us.com.mail for very long without losing their $2000 investment. (Neither of these methods will work well without DNSSEC, because spammers who are willing to forge lots of other things will forge DNS records to hide behind other people's SPF or.mail records.)
Yes, it does sound a lot like profiteering, and like Ironport's Bonded Sender or Habeas's Not-A-Spammer Haiku headers. It's a bit easier to check at SMTP Envelope Time instead of parsing headers after receiving an email message (though BondedSender.org has a DNSWL server you could use.) But the big difference between one.MAIL for the entire world vs. many.My-Whitelist.com businesses is that Linford thinks they can talk more receivers into accepting the One Centralized ICANN-Blessed Solution than the crowd of decentralized competitors can, and therefore they can talk more people into paying them to get bonded.
I much prefer decentralized competitive approaches, but if I were running a mail server, I'd rather only put in a couple of whitelist or blacklist checks, rather than needing to keep track of which 50 whitelist services were real, which were out of business, which were bogus fronts for spammers, which were free to mail receivers, which charged money to receivers, which were aggregators of other services' information, etc. It's probably harder to get most mail systems to check N whitelists and accept the message if at least one of them hits than it is to get them to check N blacklists and reject if at least one of them hits, but it's also a lot safer to trust a random whitelist than a random blacklist, because if it goes flaky and over-aggressive like some of the DNSBLs, you're not throwing away real messages - you're accepting messages from people you might not want, and giving them a lower level of spam filtering, but a moderate level of false negatives, while annoying, is much less of a problem than false positives, and it warns you that there's a problem you need to fix.
Since AOL doesn't tell the senders or the intended recipients that it's dropping emails, you need to get your *own* AOL account that you can use to make sure your emails are going through, and at least check it occasionally for Quality Assurance. Annoying, but if you're trying to deal with moderately high volumes, or smaller volumes of people who are paying you money, you probably should be doing it. I don't know if there's any way to automate your AOL system to autoforward your postings to your regular account (or to a bot on your regular system), or whether you've got to do it by hand (grumble grumble).
"Opt-In" means that you, or someone claiming to be you, requested that you be put on the list. (Except for spam, of course, where it usually means that somebody lied about you asking to be on the list, or claims that they opted you into the list, or whatever.)
"Double opt-in" means that you asked to be on the list, and the list sent mail to you asking if you're *sure* you want to be on the list, and you ask *again* to be put on the list.
If you can do this with your user base, require that all subscribers set up PGP and use PGPdomo or some similar encrypted mailing list system. That greatly reduces the likelihood of somebody pressing the spam button by mistake, and more to the point it puts a reasonably large clue barrier in front of your system, so people will tend to take it more seriously (if they're willing to put up with it, anyway...)
Calling you by name when they don't actually know you is rude. (I haven't tried your phone number, so I don't know how rude and/or unpronouncable the name you gave them is:-) Safeway seems to alternate every few months between calling you by name and not. My cards never have my name on them - sometimes they're cards I've traded with friends, sometimes they're fake names I've given them, sometimes they're friends of friends or friends' fake names. Sometimes they can pronounce them, and sometimes they can't.
The fake or missing address means that they can't send you any coupons, but they see to send me too much bulk paper even without it. They can still track large purchasers. Some chains will give you coupons printed at the cash register if your total is above $X. One chain used to give you "Ham Bucks" coupons which could be used to buy a ham at Christmas time; their database analysis didn't extend as far as noticing whether I ever bought meat products...
Most of the big grocery store chains have ATMs from at least one bank; if you haven't been near your own bank's ATMs lately, you can pay the annoying $2 to Bank of America and get cash for your groceries. It's theoretically possible to correlate a long train of grocery card user purchases to ATM withdrawals, but unlikely that anyone would bother.
Some supermarket chains use loyalty cards for check cashing, and care about real names, but many of them don't (or at least don't care if you're not trying to cash a check. Safeway and Albertsons' are two examples.) The real purpose is to correlate purchases and marketing. Sometimes they'll give you the card and the form to fill out and hand to them, or sometimes the manager wants to type in the material themselves. I usually carry cards from [Illegible scrawl] or John Doe, whose address is "General Delivery" in my town (or in 90210, which is my other zip code.)
RSA developed an RFID Blocker Tag which annoys RFID readers by responding grumpily to all RFID read requests. It's a passive device like RFIDs, and doesn't burn out anything, just blocks requests.
The technology uses round balls that are black on one side and white on the other that rotate in response to an electrical charge, so each pixel is black or white. At 170 dpi, there aren't enough pixels to do much dithering, so no grayscale for you.
The Color versions are still X and White, e.g. Red & White instead of Black & White.
So if you're concerned about electronically stored history being rewritten, keep electronic copies of the books you care about. Burn them to CD-ROM if you want.
And if you think paper doesn't get revised, go to a bookstore and buy a new edition of a book you read long ago. You'd be surprised how often things get revised. It's not just that the cover art gets revised to show the actors from the current movie version instead of the original cover art, or the blurbs on the back get revised for more current advertising value, or the books get subtitled (e.g. "Farenheit 451 - The Temperature at which Books Burn".) They don't get revised as fast as Whitehouse.gov speech transcripts, but they do get revised.
(New.net FAQ on conflicts with ICANN is here. There are technical issues, internet-user-community issues, and trademark-lawsuit issues, and the first two aren't a problem, and the last one probably isn't. It's definitely not the Wild West.)
DNS is a hierarchical system, and the tree has One Root. (There Can Be Only One!) That may or may not have been the best architectural design that could have been done (Pike & Thompson's paper "The Hideous Name" argues credibly that it was a Bad Idea), but that's the way it is. There's no particularly good reason that, just because there's One Root, that ICANN or Verisign or the U.S.Department of Commerce or Jon Postel's Ghost should be in charge of it, and there are many good reasons that they shouldn't be, but again, that's the way it is. (The mathematical term is "Proof by Vigorous Assertion", and it's worked fairly well here.) In fact the Cabal of 13 Root Server Operators, or some big fraction of them, could theoretically decide to stop listening to ICANN and do something better, but they haven't, in spite of much provocation, and it's unlikely that they will.
There are two basic competitors to the ICANN namespace root. One is the various "Open Root" "Alternate Root" "Orange Root" etc. folks who've sprung up and declared that they can be root just as well as ICANN's preferred root, and at one point as much as half a percent of the Internet occasionally used them to resolve TLDs. If 99.5% of the net doesn't use you, you're not in charge. Some of them have gotten into legal squabbles with ICANN or its predecessors over names that both sides claimed, and they've lost.
The more interesting case is people like new.net, who are selling shortcut namespace for subsets of the DNS hierarchy, roughly equivalent to example.newTLD.new.net. They work for two reasons - one is that new.net has gotten a bunch of major ISPs to buy in and resolve new.net names from their nameservers, and another is that most DNS resolvers have a default suffix, so if the suffix is "3ld.2ld.tld" and they can't directly resolve "example.foo", they'll try example.foo.3ld.2ld.tld, example.foo.2ld.tld, and example.foo.tld, so you can usually trick them into resolving "example.newTLD" as "example.newTLD.new.net". If enough people (or their ISPs) buy into this, you can get yourself a real market in those names, and otherwise you'll have a bunch of grumpy customers who explain that you can reach their website or email at "example.newTLD.new.net".
New.net's FAQ says that if ICANN introduces a TLD name that New.net has been selling, than individual users and ISPs will have to decide who to follow, and that new.net thinks they'll have enough market leverage to dominate. That's a big problem for a new.net user "example.newTLD.new.net" if the ICANN registry sells "example.TLD"; it's a smaller problem for them if ICANN has that TLD but none of the ICANN registries have sold "example.newTLD" yet, so maybe they need to land-rush and buy it from ICANN-space. It's $10-20 for the first year, which is the main risk. They knew the product was limited and somewhat risky when they bought it, and the risks and limitations were disclosed up front.
The more interesting case is what happens if somebody buys "example.newTLD.new.net" first and registers it as a trademark, then somebody else buys "example.newTLD" from ICANN-space, and the first group tries to seize the name, either in an ICANN UDRP arbitration, or else in a trademark lawsuit ignoring the ICANN process. Yes, either approach would be much more expensive than just spending the $10-20 to register the name directly, but sometimes somebody else registers it before you do, either as a bad faith cybersquatting ripoff (like really-distinctive-well-known-name.newTLD), or just because it's a commercially obvious generic name (li
Rebellion is fine, if you're good at it, but sometimes the proper response for the teacher is to whack you with a stick and tell you to sit down and read enough of the last 400 years of mathematics and Natural Philosophy to figure out that, no, the common wisdom works fine, and that just because Xeno didn't have an adequate combination of mathematical knowledge or individual brilliance to overcome his paradoxes, that doesn't mean there's anything deep there. As a couple of other people have said, high-school calculus takes care of these problems just fine thank you.
Now, that ulcer guy, he did something really useful for the world. But he was clueful.
OE is still one of the goals; VPNs have been easy for a few years. One problem has been that their method for doing OE requires Reverse DNS support for DNSSEC, which makes it impractical for most potential users. In some sense it's still the Right Thing to do, because an IPSEC gateway only has a source and destination IP address to work from and needs some method for getting authentication keying information to prevent man-in-the-middle attacks, so it either needs Reverse DNSSEC or something very much like it, and preventing MITM is the Right Thing To Do.
If Gilmore was willing to risk MITM attacks in return for protecting a much higher fraction of the network users from passive eavesdroppers, the alternative was to use "shared secret" mode with a publicly known "secret", such as "open secret" or something proposed in a draft rfc. But that would have meant that the people who most needed OE would be using a method that wasn't secure against governments or motivated crackers, and a false sense of security is arguably much more dangerous than known insecurity - if you know you're not secure, you're forced to use PGP to encrypt your email instead.
Ok, there's a bit of a technical issue ("Will Netsol respond to my domain name change requests promptly"), but most companies that are worried about that can run their own domain name servers anyway. It's almost certainly cheaper to pay the money once than to pay the administrative cost of renewing it every year. Maybe the domain name is your company name, but if you've paid some marketing consultant to design you the optimally marketable name, like ZippieYow.com or Uranus-Hertz.com or DogFoodOnLine or other dotcom-boom names, the $1000 to Netsol is a drop in the bucket.
But this is really a tradeoff between the chances that Netsol will screw up some year after you've bought the 100-year service, leading to the domain name getting stolen, vs. the chances that Netsol or you will screw up some year if you don't buy it (which is more likely), leading to the domain name getting stolen, vs. the chances that Netsol will die / get sold / etc. (which has problems whether you did or didn't buy the upfront service, and will cost you well over $1000 in lawyer-time), vs. the chances that you will want to sell the domain name (your company splits, or sells off the service using that name, or goes broke and tries to sell assets), which may or may not cost you less money if you buy the service.
If there's a major inflation period, the price you pay every year for annual renewals won't stay the same. If you get $10 cash now for Y2038, it's better than getting $10 in 2038 without hyperinflation, and much better than getting $10 in 2038 after hyperinflation, but if there's hyperinflation, the price in 2038 might be $10000000.
On the other hand, they still want to take the money and run. It's unlikely that the price of domain name registration will go up significantly, the price might go down, it's pretty pure profit to them, and it's highly likely that the organizational structure for domain name selling will change, and it's also highly likely that any current customer of theirs could get annoyed and leave sometime in the next 20 years.
Before the Bell System Breakup in 1984, there was Bell Labs.
After the split, AT&T got Bell Labs, Long Distance, and Manufacturing (aka Western Electric), and the 7 Regional Bell Operating Companies (RBOCs) jointly ran a smaller Labs spinoff called Bellcore.
Bellcore had N years of funding, and eventually turned into Telcordia and was bought by SAIC.
In 1992-93, AT&T spun off Unix Systems Labs, which got acquired by Novell, which sold it to SCO in 1995.
In 1996, AT&T spun off Lucent (aka Western Electric) and NCR. Lucent got most of Bell Labs, especially the physics/chemistry/computer people, and AT&T kept a much smaller AT&T Labs, mainly communications and computer and Internet folks.
Other people posted how to set your browser to do this consistently, but if you don't want to do that, just type the URL that's getting blocked into a new browser window, or copy and paste it if it's too long to retype. That way there's no REFERER associated with it.
On the other hand, some websites that don't like deep linking will only show you their deeper pages if you DO have a REFERER set from one of their other pages - so you have to go in through the front door. That's one reason you might not want to block REFERER permanently.
You can't really use the words "explain" and "Telstra" in the same sentence without a negative and a couple of intensifiers in there somewhere. They've historically been the most totally clueless telco in any economically developed country; India's VSNL was worse (but are gradually liberalizing), and there are little underdeveloped countries that have worse service. And yes, Australia's as big as the main part of the United States, but Telstra couldn't find enough clues do the Right Thing in Sydney, where 1/4 of the population lives, much less out back in Wagga Wagga.
Miller's article shows that the FCC doesn't have a clue what "profane" means, and Miller himself is a bit fuzzy though he's at least in the right ballpark.
"Profane" speech is using something sacred / religious for secular purposes. If the FCC tries to get into that business, it's jumping seriously into the "establishment of religion" parts of the First Amendment, and has entirely no business doing so, especially when its members have demonstrated their incompetence with the territory. Swearing on Bibles in court is profane - the Bible is there specifically because of its religious significance. Saying "Oh, my God!" when you're not talking to God is profane, and the FCC doesn't seem to mind that kind of language on TV. Saying "Fuck You!" might be profane if you're a part of some fertility-worshipping religion, or saying it to someone of that belief set, but in normal American cultural use it's not profane, just offensive. "Shit!" isn't profane; "Holy shit!" sort of is, because of the "holy" part.
"Blasphemy" is saying insulting things about something sacred or religious, particularly a God. Using religious terms profanely isn't usually blasphemy, but can be. Blasphemy used to be illegal in much of the US, in spite of obvious First Amendment problems; Delaware got rid of their hadn't-been-enforced-in-years blasphemy laws in a case back in ~1968 along with the punishment for it, which was the whipping post.
"Vulgar" speech is using language that the common people use instead of the more proper language that the aristocracy and other people Better Than You use. "Having intercourse" isn't vulgar; "getting laid" and "fucking" are. "Horseshit" is vulgar; "horse manure" isn't vulgar if you're talking about farming, but is moderately vulgar if you're using it to offensively dismiss someone's arguments because you weren't willing to make the mental effort to say "Errant nonsense" or "like, totally bogus!" instead.
"Offensive", if you're an Elitist, means anything that of course would offend any proper person, and anyone who's not offended by it is obviously not a proper person. "Offensive", if you're not an Elitist, is just something that offends you, or that's being used to offend someone else. "Fuck you!" is usually intended to be offensive; "Fucking brilliant" is a sufficiently flexible term that could be offensive or high praise or pleased surprise. The FCC is finds both of those terms offensive because they're Elitists who are offended by the choice of language, rather than because they care whether someone is offending someone else.
"Bad Taste" is a lower level of Elitist term, and we are talking about American television here, so 'nuff said cause they ain't going there.
"Expletive" is a grammatical term, as is "pejorative" - President Nixon's expletives got deleted when they were vulgar, which might reflect badly on his character, and left in when they weren't, and so did his pejoratives. (AFAIK, LBJ didn't tape his own office, but wasn't the kind of elitist who worried about people knowing about his use of much more colorful metaphors.) "[Expletive Deleted]! The FCC are a bunch of [participle deleted] [pejorative deleted]s who wouldn't [intensifier deleted] recognize the Constitution if it bit them on their [participle deleted] [noun deleted]s!"
I'm glad to hear they're doing that. The usual reason for silent dropping isn't just to hide it from the spammers, though - it's also because sending bouncegrams adds to your outgoing email load, and sending bouncegrams to various flavors of bogus addresses adds even more to your outgoing email load. That's especially true when 80% of your incoming mail is spam.
The purported advantage of One ICANN-blessed Top-Level .mail whitelist is that it would be more obvious to everybody who receives email that this is the whitelist they want, as opposed to keeping track of 50 different whitelist companies (some good, some useless, some bogus spammer fronts), and obvious to everybody who sends large-volume email that this is the whitelist they want to pay, instead of paying 50 different whitelist companies (some popular with large or small mail receivers, some totally ignored by the market). Because after all, this is DNS, it's hierarchical, and There Can Be Only One TLD for that purpose, so there's no need for decentralized ratings and competition and keeping track of the karma of different rating lists, and competition isn't necessary. Maybe Linford's right, maybe he's wrong, but go RTFA so you can see what _he_ says he means rather than just listening to me ranting about what his proposal _really_ means.
The US government doesn't have any jurisdiction outside its borders, so US laws that don't stop spam now wouldn't stop anything if you required the spam to have a .spam domain name. Other countries may let you send your soldiers in to hunt for Osama, but they haven't found him, and they're not going to support armed raids looking for something as trivial (if annoying) as spammers.
Yes, it does sound a lot like profiteering, and like Ironport's Bonded Sender or Habeas's Not-A-Spammer Haiku headers. It's a bit easier to check at SMTP Envelope Time instead of parsing headers after receiving an email message (though BondedSender.org has a DNSWL server you could use.) But the big difference between one .MAIL for the entire world vs. many .My-Whitelist.com businesses is that Linford thinks they can talk more receivers into accepting the One Centralized ICANN-Blessed Solution than the crowd of decentralized competitors can, and therefore they can talk more people into paying them to get bonded.
I much prefer decentralized competitive approaches, but if I were running a mail server, I'd rather only put in a couple of whitelist or blacklist checks, rather than needing to keep track of which 50 whitelist services were real, which were out of business, which were bogus fronts for spammers, which were free to mail receivers, which charged money to receivers, which were aggregators of other services' information, etc. It's probably harder to get most mail systems to check N whitelists and accept the message if at least one of them hits than it is to get them to check N blacklists and reject if at least one of them hits, but it's also a lot safer to trust a random whitelist than a random blacklist, because if it goes flaky and over-aggressive like some of the DNSBLs, you're not throwing away real messages - you're accepting messages from people you might not want, and giving them a lower level of spam filtering, but a moderate level of false negatives, while annoying, is much less of a problem than false positives, and it warns you that there's a problem you need to fix.
Since AOL doesn't tell the senders or the intended recipients that it's dropping emails, you need to get your *own* AOL account that you can use to make sure your emails are going through, and at least check it occasionally for Quality Assurance. Annoying, but if you're trying to deal with moderately high volumes, or smaller volumes of people who are paying you money, you probably should be doing it. I don't know if there's any way to automate your AOL system to autoforward your postings to your regular account (or to a bot on your regular system), or whether you've got to do it by hand (grumble grumble).
If you can do this with your user base, require that all subscribers set up PGP and use PGPdomo or some similar encrypted mailing list system. That greatly reduces the likelihood of somebody pressing the spam button by mistake, and more to the point it puts a reasonably large clue barrier in front of your system, so people will tend to take it more seriously (if they're willing to put up with it, anyway...)
The fake or missing address means that they can't send you any coupons, but they see to send me too much bulk paper even without it. They can still track large purchasers. Some chains will give you coupons printed at the cash register if your total is above $X. One chain used to give you "Ham Bucks" coupons which could be used to buy a ham at Christmas time; their database analysis didn't extend as far as noticing whether I ever bought meat products...
Most of the big grocery store chains have ATMs from at least one bank; if you haven't been near your own bank's ATMs lately, you can pay the annoying $2 to Bank of America and get cash for your groceries. It's theoretically possible to correlate a long train of grocery card user purchases to ATM withdrawals, but unlikely that anyone would bother.
Some supermarket chains use loyalty cards for check cashing, and care about real names, but many of them don't (or at least don't care if you're not trying to cash a check. Safeway and Albertsons' are two examples.) The real purpose is to correlate purchases and marketing. Sometimes they'll give you the card and the form to fill out and hand to them, or sometimes the manager wants to type in the material themselves. I usually carry cards from [Illegible scrawl] or John Doe, whose address is "General Delivery" in my town (or in 90210, which is my other zip code.)
RSA developed an RFID Blocker Tag which annoys RFID readers by responding grumpily to all RFID read requests. It's a passive device like RFIDs, and doesn't burn out anything, just blocks requests.
The Color versions are still X and White, e.g. Red & White instead of Black & White.
Burn them to CD-ROM if you want.
And if you think paper doesn't get revised, go to a bookstore and buy a new edition of a book you read long ago. You'd be surprised how often things get revised. It's not just that the cover art gets revised to show the actors from the current movie version instead of the original cover art, or the blurbs on the back get revised for more current advertising value, or the books get subtitled (e.g. "Farenheit 451 - The Temperature at which Books Burn".) They don't get revised as fast as Whitehouse.gov speech transcripts, but they do get revised.
DNS is a hierarchical system, and the tree has One Root. (There Can Be Only One!) That may or may not have been the best architectural design that could have been done (Pike & Thompson's paper "The Hideous Name" argues credibly that it was a Bad Idea), but that's the way it is. There's no particularly good reason that, just because there's One Root, that ICANN or Verisign or the U.S.Department of Commerce or Jon Postel's Ghost should be in charge of it, and there are many good reasons that they shouldn't be, but again, that's the way it is. (The mathematical term is "Proof by Vigorous Assertion", and it's worked fairly well here.) In fact the Cabal of 13 Root Server Operators, or some big fraction of them, could theoretically decide to stop listening to ICANN and do something better, but they haven't, in spite of much provocation, and it's unlikely that they will.
There are two basic competitors to the ICANN namespace root. One is the various "Open Root" "Alternate Root" "Orange Root" etc. folks who've sprung up and declared that they can be root just as well as ICANN's preferred root, and at one point as much as half a percent of the Internet occasionally used them to resolve TLDs. If 99.5% of the net doesn't use you, you're not in charge. Some of them have gotten into legal squabbles with ICANN or its predecessors over names that both sides claimed, and they've lost.
The more interesting case is people like new.net, who are selling shortcut namespace for subsets of the DNS hierarchy, roughly equivalent to example.newTLD.new.net. They work for two reasons - one is that new.net has gotten a bunch of major ISPs to buy in and resolve new.net names from their nameservers, and another is that most DNS resolvers have a default suffix, so if the suffix is "3ld.2ld.tld" and they can't directly resolve "example.foo", they'll try example.foo.3ld.2ld.tld, example.foo.2ld.tld, and example.foo.tld, so you can usually trick them into resolving "example.newTLD" as "example.newTLD.new.net". If enough people (or their ISPs) buy into this, you can get yourself a real market in those names, and otherwise you'll have a bunch of grumpy customers who explain that you can reach their website or email at "example.newTLD.new.net".
New.net's FAQ says that if ICANN introduces a TLD name that New.net has been selling, than individual users and ISPs will have to decide who to follow, and that new.net thinks they'll have enough market leverage to dominate. That's a big problem for a new.net user "example.newTLD.new.net" if the ICANN registry sells "example.TLD"; it's a smaller problem for them if ICANN has that TLD but none of the ICANN registries have sold "example.newTLD" yet, so maybe they need to land-rush and buy it from ICANN-space. It's $10-20 for the first year, which is the main risk. They knew the product was limited and somewhat risky when they bought it, and the risks and limitations were disclosed up front.
The more interesting case is what happens if somebody buys "example.newTLD.new.net" first and registers it as a trademark, then somebody else buys "example.newTLD" from ICANN-space, and the first group tries to seize the name, either in an ICANN UDRP arbitration, or else in a trademark lawsuit ignoring the ICANN process. Yes, either approach would be much more expensive than just spending the $10-20 to register the name directly, but sometimes somebody else registers it before you do, either as a bad faith cybersquatting ripoff (like really-distinctive-well-known-name.newTLD), or just because it's a commercially obvious generic name (li
Now, that ulcer guy, he did something really useful for the world. But he was clueful.
Time is *supposed* to keep everything from happening at once.
It's not working, and hasn't been for some time now.
If Gilmore was willing to risk MITM attacks in return for protecting a much higher fraction of the network users from passive eavesdroppers, the alternative was to use "shared secret" mode with a publicly known "secret", such as "open secret" or something proposed in a draft rfc. But that would have meant that the people who most needed OE would be using a method that wasn't secure against governments or motivated crackers, and a false sense of security is arguably much more dangerous than known insecurity - if you know you're not secure, you're forced to use PGP to encrypt your email instead.
But this is really a tradeoff between the chances that Netsol will screw up some year after you've bought the 100-year service, leading to the domain name getting stolen, vs. the chances that Netsol or you will screw up some year if you don't buy it (which is more likely), leading to the domain name getting stolen, vs. the chances that Netsol will die / get sold / etc. (which has problems whether you did or didn't buy the upfront service, and will cost you well over $1000 in lawyer-time), vs. the chances that you will want to sell the domain name (your company splits, or sells off the service using that name, or goes broke and tries to sell assets), which may or may not cost you less money if you buy the service.
On the other hand, they still want to take the money and run. It's unlikely that the price of domain name registration will go up significantly, the price might go down, it's pretty pure profit to them, and it's highly likely that the organizational structure for domain name selling will change, and it's also highly likely that any current customer of theirs could get annoyed and leave sometime in the next 20 years.
Some references: Bell Labs NoBell.org
On the other hand, some websites that don't like deep linking will only show you their deeper pages if you DO have a REFERER set from one of their other pages - so you have to go in through the front door. That's one reason you might not want to block REFERER permanently.
... is censorship, because if they delete him from Google nobody can find him.
You can't really use the words "explain" and "Telstra" in the same sentence without a negative and a couple of intensifiers in there somewhere. They've historically been the most totally clueless telco in any economically developed country; India's VSNL was worse (but are gradually liberalizing), and there are little underdeveloped countries that have worse service. And yes, Australia's as big as the main part of the United States, but Telstra couldn't find enough clues do the Right Thing in Sydney, where 1/4 of the population lives, much less out back in Wagga Wagga.
And while it isn't as bad as it once was, and in fact does some things very well, it's still broken enough to be extremely aggravating.