Verisign Considers Restarting Sitefinder 376
Rosco P. Coltrane writes "The Washington Post reports that VeriSign is considering reviving its infamous search engine. 'Site Finder was not controversial with users' says VeriSign's Tom Galvin, and VeriSign 'assured ICANN that it would give 60 to 90 days' warning to resolve any remaining technological problems.' Such as leaving the DNS service alone for example?"
Proof that some people never learn (Score:4, Insightful)
Re:Proof that some people never learn (Score:5, Insightful)
It's just the way things go.
Re:And microsoft does this anyway to all windows u (Score:5, Insightful)
Also, M$'s way sends you back to a Microsoft page - which is expected, since MS has a search service (along with one copy of every single other web application). But Mozilla choose Google fairly arbitrarily - why not use Yahoo? Or Wikipedia? And anyone who argues "it's the #1 search option" gets a free copy of IE, the #1 browser, from your good friends at Monopolysoft
Re:And microsoft does this anyway to all windows u (Score:1, Insightful)
On the other hand, what Verisign does, affects the operation of any application that relies on DNS to connect anywhere.
Re:And microsoft does this anyway to all windows u (Score:5, Insightful)
Re:And microsoft does this anyway to all windows u (Score:5, Insightful)
But DNS is used for more than web look ups. If DNS returns spurious results for gethostbyname(), a typo in a SSH command, or nntp request will be seriously bjorked.
I've no problem with Firefox (or IE) sending me to a search engine when I try to connect to a typo-ed web page: this is a reasonable policy to set at the application level
That's what we get with corporations (Score:5, Insightful)
Re:You would think... (Score:5, Insightful)
The fun will start when Verisign starts not liking large ISPs blocking their users from accessing Site Finder and initiate a cat-and-mouse game of having Site Finder resolve to a ton of different changing IPs that the admins will have to keep up with.
An extension of this idea (Score:4, Insightful)
In your idea, remember to get the script to follow all the paid-for links. The advertisers will have to pay for the hit, and will soon realise they're getting bad value for money. And you can still identiy site-finder DNS entries easily, so you could just mis-spell random real web sites and see if they point to site-finder.
Re:Why is a profit-company in such a central role? (Score:5, Insightful)
How would choosing an alternate root server fix brokenness in the .com and .net tld's?
They still point to Verisign's gTLD-server.net's nameservers for the .com and .net domains, so using these alternate roots won't solve this problem.
Of course, you could set up your own alternate .com or .net TLD. Good luck in getting the full and updated list of all registered .com and .net domains and their nameservers :)
Fine, if it's within your control (Score:5, Insightful)
DNS only works well with single authoritative root (Score:5, Insightful)
Re:Why is a profit-company in such a central role? (Score:5, Insightful)
From an operations standpoint, the impacts of Sitefinder are unfortunatly minimal now. Most of the major operational issues brought up when it was first released have been solved by either Verisign or by various application developers (ISC and other DNS developers) and are no longer an issue.
While I and many other people involved in operations agree that Sitefinder is a horrible idea ethically, nobody is helping their case with histronics and ad hominem attacks on Verisign's business practices, regardless of how true they are. All that does is gives Verisign more fuel for their "technocratic elite" arguments in press releases.
If you really want to fight this, tone down some of the passion and write to ICANN with legitimate concerns about the service and its effects. Crying foul about slimy business practices with no supporting evidence and a lot of sound and fury is a good way to make people who might be swayed agree with Verisign's claims of being attacked unjustly.
Re:And microsoft does this anyway to all windows u (Score:5, Insightful)
But with this service you will always get a hit. Which in turn renders this anti-spam program ineffective.
Of course you could use other anti-spam tool, but this stops a lot of spam with fake hostnames.
Re:capitalism at its best... (Score:2, Insightful)
"Yes boss, we could use Verisign, but I spent some hours last night finding alternative solutions that are both better and cheaper. Here they are."
How many companies are looking to work with SCO these days?
Isn't there anything we can do? (Score:2, Insightful)
Verisign has a long story of abuse with DNS, and we should be able to do something more than bitch about it or make technical workarounds (ie, patches to dns) about it.
Perhaps a petition to ICANN with enough signatures to make them revoke Verisign's contract?
Re:And microsoft does this anyway to all windows u (Score:2, Insightful)
In fact, I'd expect Microsoft &co to *strongly* object to this, since what it will mean is that dns lookups will eseentially never fail, so you'll never see the search page from IE &c. Essentially Verisign are going to start providing the service that MS now does for IE users, and google now does for Mozilla!
60 to 90 DAYS (Score:4, Insightful)
Oh, wait, that's NOT funny.
Re:You would think... (Score:5, Insightful)
I'm also secretly hoping that Paul Vixie & co will figure out a way to filter that step, once it comes to it.
By the way, this sort of arms race of action-filter is exactly what ICANN is terrified of. The last thing they want to see is an all-out war over the DNS...it causes instability. This is why it's at least somewhat likely that ICANN will stop Verisign. I can't guarantee that they will act, but they *really* don't want to see an arms race occur.
Re:Why is a profit-company in such a central role? (Score:1, Insightful)
Sure, they could still trash .com, but who would care?
Alternative root servers (Score:4, Insightful)
I find the TLDs a bit silly, since the general purpose ones lost much of their meaning (commercial websites have
Re:Why is a profit-company in such a central role? (Score:2, Insightful)
I do not oppose to Sitefinder alone, but to VeriSign as a whole. I think it's a Bad Thing to have a corporation in such a dominant position. I don't trust corporations. Sitefinder just proves me right. I don't just want Sitefinder to go away, I want VeriSign to go away. Down with corporate control! The Internet to the People!
Re:You would think... (Score:5, Insightful)
They have.
What they've learned is that outrage, like everything else, is a limited quantity.
You and I can't spend afford eight hours a day, five days a week to watch and warn against Verisign.
We have other things to worry about: Belkin using routers to spam, New York's Livingston County Social Services Commission letting confidential data get posted on the web, Johm Ashcroft eviscerating the Bill of Rights.
But Verisign can trigger our outrage the first time around, back down in the face of our massed complaints, and then, like a spider in its hole, wait patiently until the time is ripe to strike again.
Just like the Department of Justice and the proposed "Patriot II" law; they withdrew it after furious opposition, wait a while, and then got key provisions passed after everyone had relaxed.
Verisign is banking that each time around, they'll be a few less people able or willing to work up any outrage, until only a small minority objects -- a small minority that can be derided with a dismissive comment about "tin foil hats".
This is why we need organizations like the EFF and EPIC (and the ACLU): so the we have someone in out corner who, like a Verisign employee, is paid five days a week to watch for and counter these outrages.
Re:VeriSign Poll (Score:3, Insightful)
Actually, it makes sense to me that 84% of _users_ would not find it controversial, because typically, users wouldn't know or care about the implications that this will have behind the scenes. Now if Verisign was to quote the percentage of developers, administrators, and people who actually know what a bad thing this is, you'd have a more realistic figure.
Mihh (Score:5, Insightful)
I *heart* corporate thinking.
The Internet is NOT the Web! (Score:4, Insightful)
Technologists and Public Relations Wars (Score:4, Insightful)
Come again? Since when are "highly regarded technologists" given a second thought by the average user? Their thinking is...
"Let's see... www dot... oh, I hate these computers... where's the g? hootmaail.como... there! Wait, that's not my mail. This is... uh... oh yeah, silly me. I spelled it wrong. Yes, that's the one I want... I'll that... wait... online dry cleaning... I need THAT."
And that is the END of the thought process. They don't think about whether or not it's a helpful service unless a surveyor puts a gun to their head and makes them commit one way or the other. They certainly don't think about asking the "highly regarded technologists".
Re:capitalism at its best...Well Monopoly... (Score:2, Insightful)
Capitalism works on the premise of competition. Because they are the sole athoritative root for all
Beyond that it fundementally changes the way the internet works to the benifit of a single company. This is very anticompetitive.
If I were a shareholder, I would tell them to drop all of its plans for site finder since eventually it will lead to a loss of all of its domain registration revenues.
Interview with Stratton Sclavos, he's the devil (Score:5, Insightful)
It is analogous to saying that if I put a detour sign in the middle of the freeway to direct traffic to my shopping mall, that I am obeying the traffic sign protocols.
The comment about "ninety-nine percent of the traffic is pure HTTP" is a shorthand way to sum up why it is not possible to communicate with Verisign's executives, and why they must be stopped and soon.
Because it wouldn't matter if one hundred percent of the traffic on the internet were HTTP, it still is not a reason to break DNS in order to insert advertising. The "service" they claim to be providing should be provided by the browsers, giving everyone a chance to implement their own solution to the problem of mistyped domain names. Then many possible solutions to this issue can be innovated. By breaking DNS to lie about the existence of domain names, they actually prevent anybody else from providing any solution. This is the exact opposite of innovation. And they are smart people at Verisign, they clearly and obviously know all this, and yet they are lying to every one about it. And that, in a nutshell is what makes me more furious about this than any other Internet legal issue has in a long long time, maybe ever, or at least since Network Solutions took the .com database
offline and made it their own private property.
There was a story I heard once, about a company (Novell ?) which implemented their own file transfer protocol over the network. They did not use exponential backoff on retransmit, which made their protocol look much faster than TCP/IP. It would in fact hog all the bandwidth, bumping out all the more polite and well behaved protocols. This was great for them, but in fact as the network approached saturation, the system would fail catastrophically, for reasons obvious to Internet protocol designers.
At some meta-level, this is what is happening to the Internet itself now. Verisign is itself like the bad protocol, which does not play well with others. It is taking advantage of an opportunity which gives it a short term advantage, while degrading the entire network protocol infrastructure.
Re:Why is a profit-company in such a central role? (Score:5, Insightful)
Except for things like this:
Option 1 -
MailServer: "OK, you sent me mail from this domain, let's reverse look it up to see if it actually exists... nslookup domain... OK, so I'm gonna go ahead and reject that spam."
Option 2 -
MailServer "OK, you sent me mail from this domain, let's reverse look it up to see if it actually exists... nslookup domain... OK, it exists, let's look it up by IP to make sure it actually is the domain you're from... nslookup IP... ok, I'm going to go ahead and reject this, and either stop sending spam, or configure your reverse zones".
Option 3 -
MailServer: "OK, you sent this, I'm going to check and see if you're valid... nslookup domain... nslookup IP... fantastic! Welcome to my humble abode, and don't worry about that mail, it's been taken care of".
Or, with SiteFinder, Option 4 -
MailServer: "I hate my life. Are you a valid domain? Yes? No? I don't care, I'm barely here. My existance is meaningless, my spirit is broken. I think I'm going to cat
~Will
Re:Fine, if it's within your control (Score:2, Insightful)
Better solution is to patch your DNS server to return NXDOMAIN instead of sitefinder's IP(s) (the way it should be(TM) ).
Re:Proof that some people never learn (Score:3, Insightful)
Innovation in the core? (Score:4, Insightful)
Keep the core dumb. No innovation is necessary or wanted.
Re:Interview with Stratton Sclavos, he's the devil (Score:3, Insightful)
I've worked with file transfer protocols that didn't use backoff. However they required someone configure the maximum bandwidth they could use, and assumed a leased line. Sure you were running over IP, but you had dedicated bandwidth.
In the case of high latency links (think geosynchronous satelites) the standard TCP implimentations do not have a big enough window to saterate a link. If you bought a link with guaranteed bandwidth with an application in mind that needed that much, you need to write your won protocol. Sure you could modify TCP, but that means you need to check if you are on the dedicated line, or the standard network.
Running such a protocol on the internet is impolite and a bad idea. Running it on lines you own is a much different matter.
This is simply theft by an "employee". (Score:4, Insightful)
Verisign doesn't own the "product" they're selling, they're just operating it for ICANN. This is no more a legitimate business than, oh, the original Napster was.
Re:Why is a profit-company in such a central role? (Score:3, Insightful)
I don't know if you've been inside one, but it turns out corporations are made up of people. And it's a crazy thing, but so are governments. Everywhere you look, it's people, people, people. And as far as I can tell, none of 'em are perfect.
The problem isn't corporations as such; it's ICANN giving control of the big TLDs without sufficient oversight. Outsourcing the operation makes sense, but allowing Verisign to do whatever they please doesn't. ICANN should be making sure that none of their vendors are doing stuff that harms the internet, outrages the people who make it go, or inconveniences the zillions of people who rely on it.
Whether it's a coroporation or a government department doing the work, you still need oversight, and that seems lacking here.
Spam-harvester traps also hit Sitefinder. (Score:3, Insightful)
A DDOSer who wanted to annoy Sitefinder could do random downloads from their site, and unless they've improved on the original Sitefinder, those downloads are 17KB of singing dancing Javascript instead of ~1KB of simple clean html text. If this has a big enough impact on Sitefinder's bandwidth cost, it will encourage them to provide simple clean html instead of their current potentially-dangerous dreck.
Re:And microsoft does this anyway to all windows u (Score:3, Insightful)
.kids versus .porn/.sex/.xxx (Score:3, Insightful)
I disagree with you to a point on the lack of merit to this idea. I think that a
The trouble with trying to make porn domains is that states could enact laws that prohibit ISPs from allowing traffic to sites that are so easily identified, which would be censorship. It would also be difficult to get pornographers to make use of the domain anyway, since a lot of content mirrored isn't exactly staying within copyright guidelines, and I would imagine that someone engaging in copyright violations wouldn't want to make themselves stand out that clearly.
Re:.kids versus .porn/.sex/.xxx (Score:3, Insightful)
Hardly, dotcom sits would dwarf that TLD 10,000 to 1. So the kid still has to beg to get access to the site he needs to be able to do a essay. No help there. A
Re:Proof that some people never learn (Score:3, Insightful)
It happens every day, the number of recorded DoS attacks against the core DNS is over 1000. There are DDoS attacks happening on a regular basis.
MyDoom only took out SCO because they had a DNS server on a T1 link. It did not come close to taking out Microsoft.