No redirects! Bad Verisign! No biscuit!
September 22, 2003 3:44 PM   Subscribe

ICANN requests Verisign to stop wildcard redirects. The Internet Architecture Board posts many reasons why wildcards are a very bad thing in root servers. Verisign responds by saying "We don't care and you can't make us." (This is a follow-up to this thread.)
posted by dejah420 (64 comments total)
 
This situation is getting out of hand. I sincerely hope Vixie & crew, as well as DJB update BIND & djbdns specifically to block this crap out. That would probably be the easiest way to sort this crap out and sort it out NOW.
posted by Ryvar at 3:56 PM on September 22, 2003


Y'know I'd boycott Verisign if I could, but it's hard to do that when I access their web servers by accident.
posted by ZachsMind at 4:16 PM on September 22, 2003


Vixie et al. have already issued an update to block Verisign's nonsense.
posted by Zonker at 4:25 PM on September 22, 2003


as mentioned in the last thread, I am using the ignoreip2 patch to djbdns, and have noticed no ill effects thus far. ISC's patch to BIND has a small issue with cached names, but I imagine they'll fix it in short order.

verisign's latest response is reason more than ever for people to give opennic a try. for some bizarre reason though, www.opennic.unrated.net does not resolve (but www.opennic.glue works just fine for me, heh...)
posted by dorian at 4:27 PM on September 22, 2003


Mommy, what's "FASILMILE"?
posted by stonerose at 4:28 PM on September 22, 2003


I'm using the ignoreip patch for dnscache, haven't switched to ignoreip2 yet, but I'll have to check things out more before blindly blocking all the *.tld IPs. Some of them are useful and weren't at all controversial before this verisign madness. The one I'm aware of is *.museum, which resolves to the same IP as index.museum.
posted by duckstab at 4:39 PM on September 22, 2003


oh I do love my registrar...looks like godaddy is suing verisign for "Misuse of Registry Position" (or unfair competition/anti-trust/&c., I'd imagine...). icannwatch is keeping up to date, naturally.

duckstab -- you're probably right about not needing all of the ignoreip2 blocks. personally, I don't care about any of those TLDs, but I agree that some people might want to retain the wildcards for them.
posted by dorian at 4:49 PM on September 22, 2003


All indications are that users, important members of the internet community we all serve, are benefiting from the improved web navigation offered by Site Finder. These results are consistent with the findings from the extensive research we performed.

Seriously Verisign, What kind of bullshit is that? It seems that all of the important members of the web are a bit peeved by it. Why the fuck else would ICANN have actually gotten off their asses to send you a little note about your new *.squatting plan? Maybe it was all of the emails that slammed ICANN's boxes after the news of your browser hijacking and spam filter killing was posted to websites that "important members of the internet community" read?
posted by eyeballkid at 4:58 PM on September 22, 2003


Weird, I couldn't find that quote anywhere.
posted by The God Complex at 5:28 PM on September 22, 2003


Of course they're not going to stop. They are generating MILLIONS in revenues by selling advertising on the pages! They won't stop until they're ordered to do so.

Another black mark for Verisign. I can't stand that company.
posted by aacheson at 5:34 PM on September 22, 2003


Andrew Fried posted the following to the NANOG list today:
I have been following the various threads relating to Verisign and wanted to make one comment that I feel has been missing. Simply put, I would like to publicly express my appreciation to Mr. Vixie for taking the time to add the "root-delegation-only" patch for Bind. I'm fairly new to NANOG, but I'm sure that others beside myself also feel a thank you is appropriate.
Who is Andrew Fried? He's a Senior Special Agent for the U.S. Treasury Department and Treasury Inspector General for Tax Administration.
posted by monju_bosatsu at 5:43 PM on September 22, 2003


Mommy, what's "FASILMILE"?

It means I'm telling you to fuck off and I don't give a shit how it's spelled because I AM ABOVE THE LAW!

Love,
Russell

Insert standard OpenSRS plug here
posted by WolfDaddy at 6:17 PM on September 22, 2003


Verisign's offices are right around the corner from my house. There is an excellent coffee shop one block from them. Who wants to have a combination protest/meetup on, say, Wednesday or Thursday?
posted by billsaysthis at 6:46 PM on September 22, 2003


Verisign's letter actually looked pretty polite to me. Yeah, there's garbage like "All indications are that users, important members of the internet community we all serve, are benefiting from the improved web navigation offered by Site Finder." But if they're really scheduling meetings with the likes of Vinton Cerf to review this....
posted by namespan at 7:03 PM on September 22, 2003


zachsmind writes: Y'know I'd boycott Verisign if I could, but it's hard to do that when I access their web servers by accident.

Not only that, but they have a Terms of Service agreement linked to the sitefinder page, saying that if you don't agree to the terms you shouldn't use the service. So what does it mean to not use the service? Never misspell a domain again? Find some other way to determine which domains are uregistered order to avoid accessing them? What if, despite my best efforts to never type an unregistered domain, an invalid domain is used in the src attribute of an IMG URL of a page I access?

I feel like writing them: "Dear Verisign, I am unwillilng and unable to comply with the terms of your sitefinder service. Please inform me as to how I may avoid ever being referred to to it."
posted by George_Spiggott at 7:06 PM on September 22, 2003


i tried to do this...
Here is the form for filing complaints about the top level registrars...of which Verisign is the biggest.
posted by dejah420 at 8:43 PM PST on September 15



To Whom It May Concern:
As I'm sure you're aware, Verisign is now resolving all domain names regardless of whether the name resolves to an IP address.

This is a blantant abuse of the DNS system and I urge you to put a demand that Verisign put a stop to this immediately.
Sincerely,
posted by bshort at 10:25 PM PST on September 15

like it says to do here, but ...uh... i don't have a particular domain to complain about.
posted by memnock at 7:54 PM on September 22, 2003


I haven't been able to get to these famed pages either from home (Earthlink) or work....
posted by zeoslap at 9:47 PM on September 22, 2003


zeoslap: That's because many ISPs are null routing requests to SiteFinder. Mine isn't, but I am -- my local nameserver has the patch, and my firewall drops the SiteFinder site, returning "Destination Host Unreachable."

The latter only works if Verisinge doesn't change the IP address of the *.com and *.net resolve. However, I can change my firewall configs, if it should be needed. However, as fast as the bind and such patches are coming out, I don't think it'll be an issue.
posted by eriko at 10:47 PM on September 22, 2003


what can those of us who don't run our own nameserver do to block verisign's wildcard?
posted by kjh at 12:46 AM on September 23, 2003


Here's a thought. What if everyone, at least once a day, entered the URL "fuckyouverisign.com" into their browser as a protest against these assholes?

It's certainly legal to type something into your own browser and if they're logging "typos" (which I have no doubt they are), it just might give them the idea we really don't like them and their shitty actions.

posted by Cranky Media Guy at 12:47 AM on September 23, 2003


what can those of us who don't run our own nameserver do to block verisign's wildcard?

There are a few tricks you can pull with the route command in Windows 2000/XP and Linux, and probably Mac OSX to block it, but by far the easiest thing for you to do would be to to switch to a DNS server that has enabled the new BIND patch. You don't actually have to use the DNS servers assigned by your ISP (although it is marginally more efficient), you can use any that you can reach. But it will probably be a while before lists of publicly accessible DNS servers implementing the patch start showing up.

Also, write your ISP's support address and ask them to implement the patch. They may actually do it without any prompting because of the various things Verislime has broken.
posted by George_Spiggott at 1:34 AM on September 23, 2003


it just might give them the idea we really don't like them and their shitty actions.

I think the point of this whole thing is they don't care what we think.
posted by jpoulos at 7:10 AM on September 23, 2003


namespan: I sincerely hope you're kidding about that letter being polite.

Verisign's letter is businessspeak for 'Fuck you, I won't do what you tell me' and nothing more. The fact that it didn't use those direct words doesn't alter the meaning.
posted by mosch at 7:15 AM on September 23, 2003


I think the point of this whole thing is they don't care what we think.

agreed. I think they are just waiting for the outrage to blow over, and to get entrenched for long enough for the everyday users (i.e. the less-technically-inclined majority, many of whom don't understand why this is a Bad Thing™) to start seeing .com and .net (i.e. "THE Internet", for those of you who are non-USians ;-) as being a Verisign brand.
posted by dorian at 7:26 AM on September 23, 2003


Here's another nice bit - the sitefinder thing you get redirected to contains a webbug that is used to track all your future typos.

On a related note, the company providing this functionality is a grand master of marketing speak.
posted by Irontom at 8:18 AM on September 23, 2003


I think Neal Pollack should come up with a way for the blog world to handle this. He's a regular firecracker of proactive online dissent, is Neal.
posted by soyjoy at 8:21 AM on September 23, 2003


George_Spiggott, I sent that email
posted by teradome at 12:43 PM on September 23, 2003


[ahem... try #2]

George_Spiggott, I sent that email--well, one like it. We'll see what kind of response I get.

For those who are wondering, I was informed that the correct support email is sitefinder@verisign-grs.com. (check domain)
posted by teradome at 12:44 PM on September 23, 2003


Verisign's offices are right around the corner from my house. There is an excellent coffee shop one block from them. Who wants to have a combination protest/meetup on, say, Wednesday or Thursday?

Why stop with that? Find the CEO and break his fucking kneecaps.

Seriously. The time has come for pigopolists to start paying a price for their greed. The regulatory bodies have failed us. The auditors have failed us. The courts have failed us.

There really seems to be little choice but to eliminate these bastards through brute force.

"Come the revolution" is, I think, approaching ever nearer.
posted by five fresh fish at 5:47 PM on September 23, 2003


www.fuckyouverisign.com could not be found. Please check the name and try again.

Thank you Earthlink!

Still open.
posted by anewc2 at 6:20 PM on September 23, 2003


The problem with revolution is that no one ever plans for victory. It's easy to plan for continued struggle or outright loss, but...what do you do if you win?
posted by FormlessOne at 9:48 PM on September 23, 2003


Step one is to eliminate the pigopolists. Off to the gulag with 'em.

Step two is to get rid of the umpteen hundred feet of books dedicated to rules, regulations, and laws regarding life and liberty. Return to America back to the Constitution. It is a good document, short and sweet, and is very nearly all that is needed to run a decent country.

And from there, we can progress forward again, hopefully with much more common sense than last time...
posted by five fresh fish at 10:22 PM on September 23, 2003


And this is bad because...? Tell me, who exactly is hurt over this?

It seems bizarre that some Internet users would rather hit a blank domain name not found page than a page that actually improves navigation by helping the user find the intended site or something like it (even though Verisign gets paid for it). Or is it just the irrational lefties who equates Big Corporation with Eeevil and anything that makes money is baaaad?

Of course ideally, there will be some competition in the redirection of domain names. But even if it is a monopoly, some redirection is still better than no redirection.

Is the only reason for the outrage over this is because it generates revenue for Verisign?
posted by VeGiTo at 7:22 AM on September 24, 2003


VeGiTo, that's kind of a lame defense. It's like saying "why should you care if Microsoft secretly installed spyware on your computer... if it has the potential to help you by alerting you to new updates?" The point is that people don't get to choose whether they want Verisign's "help," and they don't get to choose whether to give extra money to a company whose list of naked-profiteering consumer abuses outstrips most of America's most hated companies.

In other news, Neal Pollack says he's too busy launching his Neal Pollack Invasion tour to start another Web campaign. A busy, busy multifaceted Web contrarian, is Neal.
posted by soyjoy at 7:43 AM on September 24, 2003


uhhh, soyjoy, who's giving who extra money unwillingly again? I don't recall receive a bill last time I mistyped a domain.
posted by VeGiTo at 7:47 AM on September 24, 2003


<Izzard>
We stole countries! That's how you build an empire. We stole countries with the cunning use of flags! Sail halfway around the world, stick a flag in.
"I claim India for Britain!"
"You can't claim us, we live here! 500 million of us!"
"Do you have a flag?"
"We don't need a bloody flag, its our country, ya bastards!"
"No flag, no country, you can't have one. That's the rules that.. I've .. just made up."
</Izzard>
According to VeGiTo, Verisign has a flag.
posted by jpoulos at 8:24 AM on September 24, 2003


Lol... How does this have to do with my argument, jpoulos? You still haven't answered who is materially hurt by this action. Or is it just that the left is incapable of rational discussions?
posted by VeGiTo at 8:45 AM on September 24, 2003


Yikes. I think you have a point, VeGiTo, and I was wondering the same thing, although more along the lines of "Why are people getting so bent out of shape about this while remaining more or less indifferent to a whole host of other, and in my opinion, worse abuses of the people by giant corporations" but to, for no good reason that I can see, decide that it's not about perspective or the unwillingness to get involved unless directly affected by something or just ignorance of an issue, but instead about "the left being incapable of rational discussions" more or less just destroys your argument before you've even had a chance to make it by insulting, and making pressupositions about, those who don't share your point of view.
posted by jennyb at 8:51 AM on September 24, 2003


Note: I recognize that quite a few people expressing anger this this thread are indeed informed and outraged about a whole host of other corporate abuses, and I didn't intend my above post to be any sort of criticism of anyone who is pissed about this. I think it's sleazy myself. I just found the unification and willingness to take action against this transgression interesting when, in the population in general as well as on MeFi but not thinking of anyone in particular, there isn't always this kind of unificaiton when corporations do other, and in my opinion, meaner things.
posted by jennyb at 8:57 AM on September 24, 2003


ok, so I have an idea for a new business model ... I'll put a guy with a megaphone outside VeGiTo's window. He'll listen in on his conversations, and based on what he says, my guy'll shout targetted advertisements. Heck, VeGiTo doesn't even need to purchase the items, since my money stream comes from the advertisers. It'll be great!
posted by crunchland at 8:58 AM on September 24, 2003


Oh, and did I mention that my guy'll tail VeGiTo wherever he goes?
posted by crunchland at 9:00 AM on September 24, 2003


jennyb: If you read the comments arguing against my point, you will find that they are full of sarcasm and smuck comments, and not much rational content. As such, my assessment about them is not as much an insult as a statement of a fact.

Case in point: crunchland's comment. If he was serious, I would argue that in his example I would be materially hurt because I will be disturb by the megaphone when I am resting at my home. I would have no right to complain however if I run into a place with a microphone because I was driving randomly - which more accurate describe the current issue.

But we know he's not serious. Why would he need be? An anti-corporation stance is always correct priori, so he had no need to justify his position, right?
posted by VeGiTo at 9:08 AM on September 24, 2003


How about forcing you to listen to an ad when you dial a wrong number?
posted by crunchland at 9:18 AM on September 24, 2003


jennyb -- I think the unification may be because, with the internet, so many things are now possible that were not before, not just technically but in terms of personal freedoms.

so when someone messes with the 'Net, our 'Net, we tend to get pretty pissed off and those of us who can do something about it, do something about it. a monopoly given public trust by the US gov't is abusing that trust for their own gain; in addition they are violating no small number of RFCs and other standards by doing it. any utility derived from the so-called service being provided is irrelevant.

I can understand how this specific issue may seem to a lot of people like a very small thing. and yes, there are much worse, meaner things happening at the same time, but we any of us just do what we can.
posted by dorian at 9:24 AM on September 24, 2003


I believe the job of the telephone system is doing its job as long as it connects me to the correct phone terminals when I dial the correct number.

I don't see how anyone can be hurt by reaching an ad when they dial an invalid number, as long as at the beginning of the message the system states unamibiguously that a wrong number has been dialed, to prevent any confusion.
posted by VeGiTo at 9:27 AM on September 24, 2003


Or is it just that the left is incapable of rational discussions?

What does this have to do with left vs right, troll? Unless you consider a fair and open market a "lefty" idea.
posted by jpoulos at 9:39 AM on September 24, 2003


Anti-corporation is a "lefty" idea, by definition. I bet you if this service was somehow provided by an open-source group (though I know it's technically impossible) who don't make any money off it, there will be less of an outrage. Anti-corporation advocates just can't stand it when somebody's making money - regardless of whether or not the consumers are really hurt by it.
posted by VeGiTo at 9:45 AM on September 24, 2003


And this is bad because...? Tell me, who exactly is hurt over this?

The answer to your question is in the original thread - see this post by dejah420, and also this post by nothing.
posted by anastasiav at 10:02 AM on September 24, 2003


anastasiav: any spam filters/search robots whose algorithm relies on net root is almost completely useless. Firstly, spammers don't have to fake an unregistered domain, and secondly, most commonly mistyped domain names are already registered by cybersquatters, anyway.

Next.
posted by VeGiTo at 10:08 AM on September 24, 2003


VeGito- I frequently have issues with this site over the anti-corporate viewpoint myself.

But in this instance I do have an issue with what verisign is doing from a business viewpoint. Say you mistype in my brand name you are redirected to a website that may have advertising for my competition.
posted by Yossarian at 10:11 AM on September 24, 2003


Post cross.

A cybersquatter does not have rights to every domain mis-spelling by default.
posted by Yossarian at 10:15 AM on September 24, 2003


Anti-corporation advocates just can't stand it when somebody's making money - regardless of whether or not the consumers are really hurt by it.

But we know he's not serious. Why would he need be? A pro-corporation stance is always correct priori, so he has no need to justify his position, right?

After all, he hasn't bothered to read this thread or the previous thread to see the mentions of violated RFCs, the advantage that Verisign has given itself over other registrars by violating said rules, the problems that spam filtering software is going to have with false positives when testing for existing domains (whether or not they rely on open relay lists or algorithms to sort as a secondary test, the first and least processor intensive method is now useless), etc.

On preview: most commonly mistyped domain names are already registered by cybersquatters

Most? Could you vague that up a bit more?
posted by eyeballkid at 10:19 AM on September 24, 2003


Yossarian: Good point. However, I do not think that the system has an obligation to guarantee that users do NOT reach your competitor when they type in a wrong domain.

Say if one day you felt like Tim Horton's coffee. On the way there, you made a wrong turn and ended up at Starbucks. Is Starbucks at fault? They ARE at almost every street corner.

Even if people truly dislike what Verisign has done, they is still things that they could do, including using another domain root. Verisign has a sanctioned monopoly on .net and .com, but not .info, .biz, .us, .ca, or the "Internet". If business STILL choose to go around with a .com domain, then there must be something really enticing about .com that trumps its "disadvantage" of having mistyped domains redirected.

Free market is still at work at some degree - it's just that one product so overwhelmingly superior to the rest at this moment that people view it as the only choice.
posted by VeGiTo at 10:24 AM on September 24, 2003


Dorian: That makes sense, and it's nice to see people united for a cause.

VeGiTo: I normally wouldn't bother (because I think this is a pointless conversation) but because you addressed me specifically earlier...

Anti-corporation is a "lefty" idea, by definition.

And therefore any sentiment that you view as anti-corporate (wheter or not it is anti-coporate is another debate that you can't have with people for the reasons outlined below) is therefore lefty and therefore bad and therefore no actual debate can ensue because you've already decided that if the people opposed to it are "lefties" they are thus bad and their viewpoints, no matter how potentially logical, are also bad. Thus my original statement, that you've effectively closed all potential debate on the merits of Verisign's practice by proclaiming all viewpoints in opposition to yours are, a priori, lefty and therefore bad, still holds true.

And as I am a lefty, and therefore bad, and therefore have nothing to say that you would find worthwhile, I'm going to back out of this thread and go to lunch because further conversation between us would be utterly futile.
posted by jennyb at 10:25 AM on September 24, 2003


jennyb: so when did I ever state that lefty equals bad? I'm just trying to address the group as a whole.

Gee... You sure put words into my mouth and read too much into what I say, just like my girlfriend. (So is my girlfriend bad, too?)
posted by VeGiTo at 10:31 AM on September 24, 2003


VeGiTo, the problems with Verisign's action are both technical and anticompetitive. Judging by your postings you obviously haven't read any of the linked articles on the subject. For a simple and fairly authoritative explanation of the whole issue, try this one, for example, if you actually want to understand. Which I doubt: you're pretty obviously just in here doing a little opportune lefty-baiting.
posted by George_Spiggott at 10:41 AM on September 24, 2003


I regret bringing up the word "lefty" in this conversation. I did not intend to incite any dormant partisan emotions. From here on I am addressing "anti-corporation advocates".

Geoge_Spiggot: I have read your link and many others on this thread. I was aware of the "disadvantages" of wildcard redirections and still believe that they are overrated, blown out of proportion, and insignificant when compared to the advantages it provides the novice user as opposed to a plain "404". Most advanced user can easily block it if they want to.

The most valid point raised in your link that hasn't been addressed before is "Internationalization": the fact that Verisign is serving that page in English only. But I am certain that this is just a small technical issue to resolve - Verisign can serve that page in different languages by first determining the origin of the user, a la Google.
posted by VeGiTo at 10:58 AM on September 24, 2003


Most advanced user can easily block it if they want to.

No, it's actually technically impossible for an end-user to reverse what was done. You need to be running your own, modified, domain server, which few people can do.

The reason I said you haven't read the articles is because you're limiting your reponses to the issue of being redirected to their search page. In the articles it is made clear that while that is Verisign's intent, it is not the only effect. The infrastructure of the internet is predicated upon things behaving according to standards -- and one of those standards indicates the proper response that must be given for an unregistered domain. That response is no longer given, so network systems that rely on that response no longer function properly. This is causing ISPs to tear their hair out because their systems don't work as they're supposed to any more, (notably SMTP, the mail transfer protocol, is broken as a result of this), as a result they're having to essentially rewrite a portion of the internet.

Verisign has taken possession of a portion of the net which they were charged with administering responsibly, a task for which they are extremely well compensated already. But instead of administering it, they have taken it over. It's time to take it away from them and give it to an independent body.
posted by George_Spiggott at 11:07 AM on September 24, 2003


I only have a few things to say:

(1) Verisign has yet to turn a profit. Obviously they have not been compensated enough for the cost of administering the portion of the net, let alone "extremely well compensated".

(2) As I have stated before, any algorithm that relies on the net root protocol was obsolete long time ago, ever since practically any permutations of legit domain names has been cybersquatted.

(3) Running a domain server is not as difficult as you may think, and certainly possible for any advanced users. And if the demand is strong enough, ISPs can block it at their level.

This will be the last post I make to this thread.
posted by VeGiTo at 11:12 AM on September 24, 2003


Oh, don't run off now! It's getting good:

As I have stated before, any algorithm that relies on the net root protocol was obsolete long time ago, ever since practically any permutations of legit domain names has been cybersquatted.

This is abject nonsense. This is like saying "any formula that relies on fundamental organic chemistry was obsolete a long time ago, ever since we started synthesizing large numbers of new compounds." Completely absurd, illogical and with no basis in or even acquaintance with any facts.

Running a domain server is not as difficult as you may think, and certainly possible for any advanced users.

Believe, me, I know exactly how difficult it is and isn't, having set them up professionally. For several reasons, it is not an end-user task. A competent system administrator, even an amateur one, can do it, but only if they have access to a suitable platform and code. This is down to... what: 3% of users? 1%? Hardly a an acceptable answer to systemic corruption.
posted by George_Spiggott at 11:25 AM on September 24, 2003


I might add that even if everyone could install a patched DNS for themselves, that would still only correct certain symptoms relating to transactions originating with their own computer. Much of what occurs in the internet involves transactions that don't interact with an end-user's computer, and these would still be broken.
posted by George_Spiggott at 11:31 AM on September 24, 2003


Note: don't mistake anti-pigopolist for anti-corporate. Corporations can be jolly fine creatures. Pigopolists are not.
posted by five fresh fish at 11:32 AM on September 24, 2003


Gee... You sure put words into my mouth and read too much into what I say, just like my girlfriend.

Hmmm... and to think the people on this thread don't even know your girlfriend. What're the odds?
posted by soyjoy at 2:34 PM on September 24, 2003


VeGiTo's comments take the cake. And I thought the dolty ones at ./ were bad. The internet is not just the http protocol, now repeat until you understand that, please. They broke the internet, not just http.
posted by dabitch at 2:54 PM on September 24, 2003


« Older Dreaming with the Senoi   |   Mutant Rats are Here! Newer »


This thread has been archived and is closed to new comments