RE: Sitefinder II, the sequel...
Nice troll. -----Original Message----- From: Gerry Boudreaux [mailto:gerry@tape.net] Sent: Mon Jul 10 06:45:33 2006 To: nanog@nanog.org Subject: Sitefinder II, the sequel... It is not VeriSign this time. For those who have not yet seen this: http://www.opendns.com/ They will 'correct' your spelling mistakes for you. From their FAQ: -------------- Why is OpenDNS smarter? We fix typos in the URLs you enter whenever we can. For example, if you're using OpenDNS craigslist.og will lead directly to craigslist.org.If we're not sure what to do with an error, we provide search results for you to choose from. How does OpenDNS make money? OpenDNS makes money by offering clearly labeled advertisements alongside search results on error pages. OpenDNS will provide additional services on top of its enhanced DNS service. ---------------
Joseph Jackson wrote:
Nice troll.
Nah, wasn't even entertaining. There's a big difference, of course, between INTENTIONALLY pointing your computers at DNS servers that do this kind of thing, and having it done for you without your knowledge and/or consent. -- Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows Apple Valley, California PGP:0xE3AE35ED It's all fun and games until someone starts a bonfire in the living room.
On Mon, Jul 10, 2006 at 11:19:51PM -0700, Steve Sobol <sjsobol@JustThe.net> wrote a message of 16 lines which said:
There's a big difference, of course, between INTENTIONALLY pointing your computers at DNS servers that do this kind of thing, and having it done for you without your knowledge and/or consent.
As Steven Bellovin pointed out, most OpenDNS users will not choose it: it will be choosen for them by their corporate IT department or by their Internet access provider.
On Jul 11, 2006, at 12:09 AM, Stephane Bortzmeyer wrote:
On Mon, Jul 10, 2006 at 11:19:51PM -0700, Steve Sobol <sjsobol@JustThe.net> wrote a message of 16 lines which said:
There's a big difference, of course, between INTENTIONALLY pointing your computers at DNS servers that do this kind of thing, and having it done for you without your knowledge and/or consent.
As Steven Bellovin pointed out, most OpenDNS users will not choose it: it will be choosen for them by their corporate IT department or by their Internet access provider.
Our preference system is designed around CIDR and the most specific prefix will win a lookup meaning a /32 settings are preferred over that of a /24. A corporate network can have a policy changing that (aka, you are fired), but an ISP can't. The policies of IT departments and ISPs are not remotely comparable. This is a deliberate design choice. As usual, ymmv. -david
Having seen a lot cons and little pros, here is my scenario: I am running my own root, a copy of the Cesidan Root plus some TLDs of my own liking, some shared with "friends" who dont want to risk cache poisoning. I am runnings both djbdns (dnscache with tinydns and axfrdns as root) and Bind 9.4.0.a6 I have seen that my own nameservers are always faster than my ISP's. I like the idea of catching the phishermen before they can catch me, although I am not running Phishermans friend (windows eXPerimental). I have seen with my own eyes on a windowssystem OpenDNS is a MUST. Even if I dont click on install or execute... and I do not trust open MACs too very much either. I do not neccessarily improove speed when using OpenDNS and I am not shure wether I want OpenDNS decide between typos and alt. TLDs. But I still want to catch the phishermen. Does it make sense for me and the mine? Kind regards Peter and Karin -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de mail: peter@echnaton.serveftp.com http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/
On Jul 11, 2006, at 3:09 AM, Stephane Bortzmeyer wrote:
On Mon, Jul 10, 2006 at 11:19:51PM -0700, Steve Sobol <sjsobol@JustThe.net> wrote a message of 16 lines which said:
There's a big difference, of course, between INTENTIONALLY pointing your computers at DNS servers that do this kind of thing, and having it done for you without your knowledge and/or consent.
As Steven Bellovin pointed out, most OpenDNS users will not choose it: it will be choosen for them by their corporate IT department or by their Internet access provider.
So? DNSBLs are bad because most users won't choose it, it will be chosen for them. PPPoE is bad because most users won't choose it, it will be chosen for them. IP is bad because most users won't choose it, it will be chosen for them. Choice still exists. People who abdicate their choice, either through laziness, ignorance, other willful choices (e.g. employment), etc., are still making a choice. You cannot say something is horrible because they do not check every individual computer that might in some way be affected. Put another way, if you run a large network, I guarantee you make choices every day that affect your users. Do you check with each one of them? I didn't think so. -- TTFN, patrick
That's absolutely ridiculous. Enterprise IT organizations make decisions on behalf of their userbase all day. Frankly, I'd be shocked if many tried this out - most enterprises run their own DNS servers as part of an Active Directory scheme. In any case, those workstations belong to the enterprise and they can point them to whatever DNS servers they want. For most end-users, their Internet access provider already selects their DNS caching server. ISPs are within their rights to do this - I'm surprised most broadband ISPs haven't done exactly what OpenDNS is doing to generate revenue. I'm sure if you look really hard, you can find something else to be outraged about. OpenDNS isn't it. I'm at a loss to explain why people are trying so hard to condemn something like this. - Daniel Golding
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Stephane Bortzmeyer Sent: Tuesday, July 11, 2006 3:09 AM To: Steve Sobol Cc: Joseph Jackson; nanog@nanog.org Subject: Re: Sitefinder II, the sequel...
On Mon, Jul 10, 2006 at 11:19:51PM -0700, Steve Sobol <sjsobol@JustThe.net> wrote a message of 16 lines which said:
There's a big difference, of course, between INTENTIONALLY pointing your computers at DNS servers that do this kind of thing, and having it done for you without your knowledge and/or consent.
As Steven Bellovin pointed out, most OpenDNS users will not choose it: it will be choosen for them by their corporate IT department or by their Internet access provider.
On Jul 12, 2006, at 3:30 AM, Simon Waters wrote:
On Tuesday 11 Jul 2006 20:22, Daniel Golding wrote:
I'm at a loss to explain why people are trying so hard to condemn something like this.
Experience?
Please explain to me what experience anyone on this list, or any other, which would induce people to try "so hard to condemn something like this"? It's a great answer, but like many answers given here with zero support, it is worth every electron it's written on. And not much more. -- TTFN, patrick
On Jul 12, 2006, at 12:30 AM, Simon Waters wrote:
On Tuesday 11 Jul 2006 20:22, Daniel Golding wrote:
I'm at a loss to explain why people are trying so hard to condemn something like this.
Experience?
People have never created a platform to manage recursive DNS, so it's surprising you have experience here. I don't think we've ever talked either, though I'd be happy to and learn more about what you think and how it compares to other things you've used. Have you seen this: http://www.opendns.com/prefs/ People that make a comparison to Site Finder still are showing a substantive lack of clue, at this point it should be clear that such a comparison is inappropriate. That said, I'm still working on messaging -- going from someone who talks about DNS to someone who talks about DNS and gets some press about it is new to me. Cool, but new. ;-) Best, David Ulevitch
On Wednesday 12 Jul 2006 18:35, David Ulevitch wrote:
On Jul 12, 2006, at 12:30 AM, Simon Waters wrote:
On Tuesday 11 Jul 2006 20:22, Daniel Golding wrote:
I'm at a loss to explain why people are trying so hard to condemn something like this.
Experience?
People have never created a platform to manage recursive DNS
That somewhat depends on what you mean by "platform". If by "platform" you mean a remote managed service for recursive DNS, no one I know in the DNS business ever tried to sell that (although arguably the ISPs generally supply something similar free to every customer), that doesn't necessarily negate their experience. Most of those I know try to deploy recursive services as close as possible to the client, avoiding where possible alternative views of the DNS, and forwarding. Perhaps time to ask Brad, Paul and Cricket what they think, and have answers to their comments. I commend your enterprise, but have you considered trying to sell the "data feed" via firewall channels, where the restrictions could be applied more specifically than via a different view of the DNS. With automated responses to "bad things", it is usually best to minimise the scope of the change. Similarly typo correction makes sense for URLs, but not for most other uses of the DNS (hence the proviso you make to switch it off if you use RBL, although I'd say switch it off for all email servers less you start correcting spambot crud, our email servers make a DNS check on the senders domain, that doesn't want correcting either), so the answer is probably browser plug-in (although most browsers already try to guess what you meant to some extent).
On Jul 13, 2006, at 3:39 AM, Simon Waters wrote:
Most of those I know try to deploy recursive services as close as possible to the client, avoiding where possible alternative views of the DNS, and forwarding.
Would that everyone did what the people you know do. Unfortunately, there are a few providers doing things like outsourcing their recursive service to, say, their upstream, or having one "node" of recursive servers anywhere in the world for all their end users. These providers violate the first part of your sentence. The second part doesn't make any sense to me. It seems that having multiple, geographically disparate recursive name servers would be more likely to present an "alternative [view] of the DNS". (In fact, I can prove that's true in at least some cases. :) So you are actually arguing -against- your first point. That said, no one has yet said why it is necessary, or even desirable, to have a completely homogenous view of the world.
Perhaps time to ask Brad, Paul and Cricket what they think, and have answers to their comments.
Perhaps. However, in the last DNS related thread, Paul made a pretty strong claim (violating a protocol) and showed exactly _ZERO_ facts to back it up, despite being asked at least five times (by my count).
With automated responses to "bad things", it is usually best to minimise the scope of the change. Similarly typo correction makes sense for URLs, but not for most other uses of the DNS (hence the proviso you make to switch it off if you use RBL, although I'd say switch it off for all email servers less you start correcting spambot crud, our email servers make a DNS check on the senders domain, that doesn't want correcting either), so the answer is probably browser plug-in (although most browsers already try to guess what you meant to some extent).
Perhaps something as simple as a preference only 'correcting' queries that begin with "www"? -- TTFN, patrick
Going off on something of a tangent, I'd be really curious what sort of efforts OpenDNS are making/will need to make in order to limit their servers' utility as a relay for amplification attacks (which I'm listening to a discussion on at IETF as I type). http://www.ietf.org/internet-drafts/draft-ietf-dnsop-reflectors-are- evil-01.txt On Jul 13, 2006, at 8:08 AM, Patrick W. Gilmore wrote:
On Jul 13, 2006, at 3:39 AM, Simon Waters wrote:
Most of those I know try to deploy recursive services as close as possible to the client, avoiding where possible alternative views of the DNS, and forwarding.
Would that everyone did what the people you know do.
Unfortunately, there are a few providers doing things like outsourcing their recursive service to, say, their upstream, or having one "node" of recursive servers anywhere in the world for all their end users. These providers violate the first part of your sentence.
The second part doesn't make any sense to me. It seems that having multiple, geographically disparate recursive name servers would be more likely to present an "alternative [view] of the DNS". (In fact, I can prove that's true in at least some cases. :) So you are actually arguing -against- your first point.
That said, no one has yet said why it is necessary, or even desirable, to have a completely homogenous view of the world.
Perhaps time to ask Brad, Paul and Cricket what they think, and have answers to their comments.
Perhaps. However, in the last DNS related thread, Paul made a pretty strong claim (violating a protocol) and showed exactly _ZERO_ facts to back it up, despite being asked at least five times (by my count).
With automated responses to "bad things", it is usually best to minimise the scope of the change. Similarly typo correction makes sense for URLs, but not for most other uses of the DNS (hence the proviso you make to switch it off if you use RBL, although I'd say switch it off for all email servers less you start correcting spambot crud, our email servers make a DNS check on the senders domain, that doesn't want correcting either), so the answer is probably browser plug-in (although most browsers already try to guess what you meant to some extent).
Perhaps something as simple as a preference only 'correcting' queries that begin with "www"?
-- TTFN, patrick
On Thu, 13 Jul 2006, Patrick W. Gilmore wrote:
That said, no one has yet said why it is necessary, or even desirable, to have a completely homogenous view of the world.
I'd use one example reason of why: "Customer Service issues" So If grandma Jane goes to fobar.com (which gets corrected/redirected/blah) to foobar.com and sees some content she really likes she may tell grandma June. Grandma June goes to fobar.com and gets the IE error message saying 'site does not exist. She calls her ISP to find out why the site is down. This is a very oversimplified example, I admit. It does show a simple example though of inconsistency and why that could be 'bad' or atleast problematic. (It might also argue for universal adoption of this technology, which I still 'just dont like', which also might be the crazy pills) In general inconsistency is troubling to folks, I think, and in recursive DNS it's especially difficult to see as 'good' since that 'service' is not universal (not all owned/operated by one entity). In the case of authoritative DNS though, you are (or anyone, not just Patrick) free to goof with responses as you (or anyone) see's fit... you are afterall 'authoritative' for the record. In the recursive land it may be viewed as 'rude' or 'out of spec' (perhaps this is paul's issue?) to fake answers to questions. I wonder about performance and impact and the legittimacy of replying to a 'typo' that isn't really a 'typo' ? The claims to 'fix phishing' (phishing protection) that is doing things like knowing what a phishing name is, I presume this works on some list of names currently in use (from antiphishing.org for example) Is there a timeout on these entries? What about names that are the shared host for lots of users? (members.aol.com for instance) There are a host if issues here, simple typo correction isn't going to find/solve/know about most of them. At the right level of the hierarchy this service certainly could be 'nice' (or not objectionable) the choice part is a big 'nice' for the service, I admit. I find it hard to believe an enterprise or MSO would offer this as a blanket answer though, again crazy-pills might be acting up again though. -chris
On Jul 13, 2006, at 10:48 AM, Christopher L. Morrow wrote:
On Thu, 13 Jul 2006, Patrick W. Gilmore wrote:
That said, no one has yet said why it is necessary, or even desirable, to have a completely homogenous view of the world.
I'd use one example reason of why: "Customer Service issues"
Thanx, Chris, I was waiting for someone to give this answer. (And I couldn't figure out why no one had! :) I don't really have a good answer. I'm not sure it's a HUUUUUUGE problem, but I can see the argument. Perhaps someone associated with the service can give a better answer?
In general inconsistency is troubling to folks, I think, and in recursive DNS it's especially difficult to see as 'good' since that 'service' is not universal (not all owned/operated by one entity). In the case of authoritative DNS though, you are (or anyone, not just Patrick) free to goof with responses as you (or anyone) see's fit... you are afterall 'authoritative' for the record. In the recursive land it may be viewed as 'rude' or 'out of spec' (perhaps this is paul's issue?) to fake answers to questions.
Is it? If you type "fobar" and the domain does not exist, is it rude to return foobar? Or is it helpful? As a purist, I can see saying that's wrong. As a user, they like easy. Hell, most of them us Windows & Outlook, so they clearly don't care about things like "standards". Since they pay our bills, should we listen to them? Can someone show the Internet is going to collapse, or at least be harmed, by being "rude" in this way? -- TTFN, patrick
On Thursday 13 July 2006 10:18, Patrick W. Gilmore wrote:
On Jul 13, 2006, at 10:48 AM, Christopher L. Morrow wrote:
On Thu, 13 Jul 2006, Patrick W. Gilmore wrote:
That said, no one has yet said why it is necessary, or even desirable, to have a completely homogenous view of the world.
I'd use one example reason of why: "Customer Service issues"
Thanx, Chris, I was waiting for someone to give this answer. (And I couldn't figure out why no one had! :)
I don't really have a good answer. I'm not sure it's a HUUUUUUGE problem, but I can see the argument.
Perhaps someone associated with the service can give a better answer?
In general inconsistency is troubling to folks, I think, and in recursive DNS it's especially difficult to see as 'good' since that 'service' is not universal (not all owned/operated by one entity). In the case of authoritative DNS though, you are (or anyone, not just Patrick) free to goof with responses as you (or anyone) see's fit... you are afterall 'authoritative' for the record. In the recursive land it may be viewed as 'rude' or 'out of spec' (perhaps this is paul's issue?) to fake answers to questions.
Is it? If you type "fobar" and the domain does not exist, is it rude to return foobar? Or is it helpful?
Hmmm, while a "good" question - how about another example, someone mistypes whitehouse.gov - do you return the "real" whitehouse.gov or the whitehouse.com site ???
As a purist, I can see saying that's wrong. As a user, they like easy. Hell, most of them us Windows & Outlook, so they clearly don't care about things like "standards". Since they pay our bills, should we listen to them?
Also true, and while I agree in "principle", if you transpose only two numbers on your next deposit ticket - is it the banks responsibility to put the money in the correct account - or is it simply your mistake??
Can someone show the Internet is going to collapse, or at least be harmed, by being "rude" in this way?
I don't think the "net" is going to collapse, but I do think that many of the "things" being done are simply "making" (allowing/enabling/supporting) end users to be more and more lazy or what-ever term you want to apply. In school if you spell the word tree as tre - hopefully your teacher corrects this. What we seem to be doing is saying it is ok to not know how to spell or even know what or where you want to go on the net - and I am not certain that in the long term we are not doing more "harm" than good - just as your teacher would by allowing you to mis-spell words instead of learning the correct way.... -- Larry Smith SysAd ECSIS.NET sysad@ecsis.net
Larry Smith wrote:
In school if you spell the word tree as tre - hopefully your teacher corrects this.
Yes, hopefully a correction is made in a safe manner. As opposed to the teacher smothering your face with a pornographic magazine or shoving a lit firecracker up your ass. Cause when you spell a word incorrectly on the internet, that's what frequently occurs. -mark -- Mark Jeftovic <markjr@easydns.com> Founder & President, easyDNS Technologies Inc. ph. +1-(416)-535-8672 ext 225 fx. +1-(866) 273-2892
On Thu, 13 Jul 2006, Mark Jeftovic wrote:
Larry Smith wrote:
In school if you spell the word tree as tre - hopefully your teacher corrects this.
Yes, hopefully a correction is made in a safe manner. As opposed to the teacher smothering your face with a pornographic magazine or shoving a lit firecracker up your ass.
Cause when you spell a word incorrectly on the internet, that's what frequently occurs.
That's a tad over dramatic isn't it? Typosquatting is a problem, sure, some of it is annoying, sure. Never has my derrier exploded though from it... Perhaps part of the 'safe manner' is actually teaching people that using their favorite search engine to locate 'fobar tool enterprises' is often more productive than 'www.fobartools.com' placement in the 'location bar' is? Just like learning how to use a phonebook instead of random dialing, or encyclopedia's as opposed to blind searching of the dewey decimal system? -Chris
On Thu, 13 Jul 2006, Mark Jeftovic wrote:
Larry Smith wrote:
In school if you spell the word tree as tre - hopefully your teacher corrects this.
Yes, hopefully a correction is made in a safe manner. As opposed to the teacher smothering your face with a pornographic magazine or shoving a lit firecracker up your ass.
Cause when you spell a word incorrectly on the internet, that's what frequently occurs.
That's a tad over dramatic isn't it? Typosquatting is a problem, sure, some of it is annoying, sure. Never has my derrier exploded though from it...
I don't really think it is entirely appropriate that a child who is looking for information on the White House could land somewhere obscene through entering a web address that appears obvious and logical. What I could see happening, down the road, if this service is successful, would be the creation of a nameserver service company that would be targetted at creating a safer (note: not _safe_, merely safe_r_) Internet where requests for certain names could be redirected to the search engine instead. Yes, there are lots of political, legal, ethical, and moral questions associated with that. I am not advocating it, I am just saying I could see the case for it happening.
Perhaps part of the 'safe manner' is actually teaching people that using their favorite search engine to locate 'fobar tool enterprises' is often more productive than 'www.fobartools.com' placement in the 'location bar' is?
Boy, at that point, I think you've got the basis of an argument against additional top level domains. 2LD domain names have some value: I can see the value in "ibm.com" and "apple.com", due to the geographic scope of those companies and their overall size. However, I do not see "martyspizza.com" as the ideal candidate for a .com: why should that resolve to a Santa Barbara pizzeria and not our local one? The value of a 2LD domain name is obviousness, and when the obviousness is no longer present or not valid to begin with, the search engine methodology is more likely to be valid and useful than simply choosing to name your business "martyspizzaofbrookfield.com" or "martyspizza.biz". In Marty's case, they don't even have a domain name, but you can find their web page easily enough via search engines. Of course, this leaves some questions, such as what happens for e-mail purposes (3LD? works) or when the business model of the search engines change, and search engines start charging for listings, etc. But in general, I agree that search engines may be safer. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Jul 13, 2006, at 12:19 PM, Joe Greco wrote:
I don't really think it is entirely appropriate that a child who is looking for information on the White House could land somewhere obscene through entering a web address that appears obvious and logical.
Who gets to decide that?
On Jul 13, 2006, at 12:19 PM, Joe Greco wrote:
I don't really think it is entirely appropriate that a child who is looking for information on the White House could land somewhere obscene through entering a web address that appears obvious and logical.
Who gets to decide that?
If you were reading along, you would have noted that I was using it to lead into an example of why some sort of "net nanny" DNS service might be at least moderately successful, in which case - they would. I notice you conveniently clipped all of that out of my note. There are at least 101 other ways to accomplish the same thing; personally, I don't believe in allowing children on the Internet unsupervised in the first place(*). The possible exception to supervision might be a carefully constructed whitelist system of some sort that restricted activities to known-safe sites, which is what some schools do. Who knows, there might be a market for such a thing implemented via DNS. Apparently you didn't quite get that point, apologies for any misunderstanding. I see *significantly* more potential in that sort of a service offering than I do a mere "SiteFinder" type of service, but the success or failure of such a service is dependent on whether or not there are fundamental flaws in the underlying concept of the OpenDNS strategy. (*) I'll further note that even strategies such as supervision can fail when confronted with something like "whitehouse.com." So, here are some thoughts. 1) A DNS service provider could provide the virtual equivalent of "NOGGIN on the Web", listing the Top 1000 kid-safe destinations on the Web, and referring any other domain lookups back to the search engine, which in turn only lists the Top 1000 kid-safe destinations. 2) A DNS service provider could provide the equivalent of Google's safe-search, where sites that are known not to be kid-safe, plus phishing sites, plus maybe new domain registrations, are instead referred to the search engine, which lists most of the rest of the Internet. Both of these assume that it is all right to alter the DNS in a manner more invasive than what OpenDNS appears to be doing. Both of them are in fact models which could potentially generate direct user revenue. I am not advocating it, I am just contemplating the possibilities. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On July 13, 2006 at 13:15 john@sackheads.org (John Payne) wrote:
On Jul 13, 2006, at 12:19 PM, Joe Greco wrote:
I don't really think it is entirely appropriate that a child who is looking for information on the White House could land somewhere obscene through entering a web address that appears obvious and logical.
Who gets to decide that?
I don't think it's entirely appropriate that a child chasing a bouncey-ball can so easily run out into the street and get killed by a passing car. According to MMWR over 500 children per year under 14 years of age wander out into the street and and are killed by a car (US.) Another 30,000+/year are injured seriously enough to need an emergency room visit. Ban cars or at least limit them to under 5 mph! And we're not just talking about a kid seeing some bare breasts (isn't kids seeing bare breasts the most appropriate use of bare breasts?), we're talking DEAD. Or maybe the better answer is: Don't let your young kids wander out into traffic, or allow them to use table saws, etc. Sarcasm aside isn't the right answer, for starters, software interfaces for kids? -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
BS> Date: Thu, 13 Jul 2006 14:35:10 -0400 BS> From: Barry Shein BS> Sarcasm aside isn't the right answer, for starters, software BS> interfaces for kids? Are you proposing Bob.NET? Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.
Joe Greco:
I don't really think it is entirely appropriate that a child who is looking for information on the White House could land somewhere obscene through entering a web address that appears obvious and logical.
Personally, I don't really think it is entirely appropriate that a child who is looking for obscentiy could land on the White House site inadvertantly. Matthew Kaufman matthew@eeph.com
On Jul 13, 2006, at 11:35 AM, Larry Smith wrote:
Is it? If you type "fobar" and the domain does not exist, is it rude to return foobar? Or is it helpful?
Hmmm, while a "good" question - how about another example, someone mistypes whitehouse.gov - do you return the "real" whitehouse.gov or the whitehouse.com site ???
Note: "and the domain does not exist". Whitehouse.gov absolutely exists.
As a purist, I can see saying that's wrong. As a user, they like easy. Hell, most of them us Windows & Outlook, so they clearly don't care about things like "standards". Since they pay our bills, should we listen to them?
Also true, and while I agree in "principle", if you transpose only two numbers on your next deposit ticket - is it the banks responsibility to put the money in the correct account - or is it simply your mistake??
Does the other account exist? And should the bank be checking the name <-> account # association? I would argue they should. (But know they do not.) Either way, not really the same thing, IMHO.
Can someone show the Internet is going to collapse, or at least be harmed, by being "rude" in this way?
I don't think the "net" is going to collapse, but I do think that many of the "things" being done are simply "making" (allowing/enabling/ supporting) end users to be more and more lazy or what-ever term you want to apply. In school if you spell the word tree as tre - hopefully your teacher corrects this. What we seem to be doing is saying it is ok to not know how to spell or even know what or where you want to go on the net - and I am not certain that in the long term we are not doing more "harm" than good - just as your teacher would by allowing you to mis-spell words instead of learning the correct way....
I think that's going a bit far. By that token, we should lobby Microsoft to take spel chickers out of MS Word. -- TTFN, patrick
On Thu, 13 Jul 2006, Patrick W. Gilmore wrote:
just as your teacher would by allowing you to mis-spell words instead of learning the correct way....
I think that's going a bit far.
By that token, we should lobby Microsoft to take spel chickers out of MS Word.
we should absolutely lobby MS to remove that functionality, in all their products. I think the bigger issue is retooling folks to understand that just dropping any-old thing into a 'location' bar is just not useful some large percentage of the time. Using the other online tools available though is: use google, msnsearch, yahoo, blah-search-engine-de-jour. Just putting in 'fobartools.com' is likely to not get you the content you desire.
On 13 Jul 2006, at 16:48, Patrick W. Gilmore wrote:
On Jul 13, 2006, at 11:35 AM, Larry Smith wrote: [...]
Hmmm, while a "good" question - how about another example, someone mistypes whitehouse.gov - do you return the "real" whitehouse.gov or the whitehouse.com site ??? Note: "and the domain does not exist". Whitehouse.gov absolutely exists.
I don't think that was quite what was meant. Suppose the user typed "whitehouse.cov"?
On Thu, 13 Jul 2006 11:48:55 EDT, "Patrick W. Gilmore" said:
On Jul 13, 2006, at 11:35 AM, Larry Smith wrote:
Is it? If you type "fobar" and the domain does not exist, is it rude to return foobar? Or is it helpful?
Hmmm, while a "good" question - how about another example, someone mistypes whitehouse.gov - do you return the "real" whitehouse.gov or the whitehouse.com site ???
Note: "and the domain does not exist". Whitehouse.gov absolutely exists.
So... I enter "whitehorse.gov". Who wins, the guy at 1600 Pennsylvania, or the guy who's got whitehorse.com parked at GoDaddy? I can see this as being *loads* of fun in combination with browsers that auto-complete URLs for you (I know of at least one that will keep auto-completing a typo in preference to what you *wanted*. Blech. ;) "Where do you want to go today?" :)
At 12:32 PM -0400 7/13/06, Valdis.Kletnieks@vt.edu wrote:
On Thu, 13 Jul 2006 11:48:55 EDT, "Patrick W. Gilmore" said:
On Jul 13, 2006, at 11:35 AM, Larry Smith wrote:
Is it? If you type "fobar" and the domain does not exist, is it rude to return foobar? Or is it helpful?
Hmmm, while a "good" question - how about another example, someone mistypes whitehouse.gov - do you return the "real" whitehouse.gov or the whitehouse.com site ???
Note: "and the domain does not exist". Whitehouse.gov absolutely exists.
So... I enter "whitehorse.gov". Who wins, the guy at 1600 Pennsylvania, or the guy who's got whitehorse.com parked at GoDaddy?
Depends on what each has paid for the ad placement? An what happens when this gets it's first big competitor? If they have any success at all, there will surely be more of them. You as a business owner will have to stake out search prominence in each. Kind of back to having to get a name in every top level to protect yourself.
I can see this as being *loads* of fun in combination with browsers that auto-complete URLs for you (I know of at least one that will keep auto-completing a typo in preference to what you *wanted*. Blech. ;)
"Where do you want to go today?" :)
Indeed.
Attachment converted: Kayak:Untitled 79 ( / ) (0045831D)
Cheers, -- Ken Eddings, Hostmaster, IS&T, eddingsk@apple.com, eddingsk@mac.com Work:+1 408 974-4286, Cell: +1 408 425-3639, Fax: +1 408 974-3103 Apple Computer, Inc., 1 Infinite Loop, M/S 60-MS Cupertino, CA 95014 The Prudent Mariner never relies solely on any single aid to navigation.
Divining user intent is better handled in the user application where such intent was stated rather than in the infrastructure (DNS) If the service wants to help (human) users find their way to the web sites they "intended" to get to .. isn't a better solution the one already offered by many search engines- which is to prompt the user with a question Did you mean ... ( offers corrected spelling) ? Perhaps you meant to go to (list of sites follows) ? This alerts the user that they made a mistake, and lets them pick another action from the application they used in the first place (application local behaviour) If so, the solution belongs in the browser and not in DNS where it may have unintended consequences. Some browsers will let you specify the action that should follow if the URL in question could not be found, and if not this functionality could be rolled into a useful plugin or extension. (Yes, this approach is not without its detractors - http://news.com.com/Microsoft+gives+error+pages+new+direction/2100-1023_3-27... ) ~
* christopher.morrow@verizonbusiness.com (Christopher L. Morrow) [Thu 13 Jul 2006, 16:55 CEST]:
So If grandma Jane goes to fobar.com (which gets corrected/redirected/blah) to foobar.com and sees some content she really likes she may tell grandma June. Grandma June goes to fobar.com and gets the IE error message saying 'site does not exist. She calls her ISP to find out why the site is down.
This is a very oversimplified example, I admit. It does show a simple example though of inconsistency and why that could be 'bad' or atleast problematic. (It might also argue for universal adoption of this technology, which I still 'just dont like', which also might be the crazy pills)
I don't think it's such a good example. Here's why: The redirect from fobar.com to foobar.com doesn't happen on a DNS level. This is a good thing, as name-based virtual hosting wouldn't work anymore. So instead of getting the MSIE search page Jane gets the OpenDNS search page, can select foobar.com and then read out the URL in her browser's Location bar to June. (ironically, www.fobar.com is an alias for ad.funnel.revenuedirect.com.akadns.net.) -- Niels.
On Thursday 13 Jul 2006 13:08, you wrote:
The second part doesn't make any sense to me. It seems that having multiple, geographically disparate recursive name servers would be more likely to present an "alternative [view] of the DNS". (In fact, I can prove that's true in at least some cases. :) So you are actually arguing -against- your first point.
Only where others deliberately provide conflicting data from different sources. That is their choice, certainly the recursive machines would be deployed to avoid making the situation worse. The point of local provision is for reliability, and performance.
Perhaps something as simple as a preference only 'correcting' queries that begin with "www"?
Alas "www" is ascribing meaning where non-exists, webservers exist without the www prefix, and some name servers and mail servers have proper names with the www in. Such half baked approaches are how systems decay.
On Tuesday 11 Jul 2006 07:19, Steve Sobol wrote:
There's a big difference, of course, between INTENTIONALLY pointing your computers at DNS servers that do this kind of thing, and having it done for you without your knowledge and/or consent.
Yes, one way you choose who breaks your DNS, the otherway Verisign break it for you. Most people don't have the know-how to understand the consequences of using such a service. So providing it without screaming huge warnings is at best misleading. As someone who works for a company that provides trials of a web hosting product, we've had our share of abusive trial users inventing new ways to abuse our service. But if you try and block this abuse at the DNS level you'll almost certainly break access to every other site we host on that service. Similarly our DNS servers provide short term A records for some important sites, blocking their IP address in the DNS server would result in a loss of redundancy of a fairly major service (okay we use different names for the DNS server and the webserver, but not everyone does that). In this instance it is unlikely the loss of redundancy would be noticed, until it was needed, as by its nature redundancy acts to hide small scale failures. This is the basic issue with DNS changes by third parties; "the third party can have no knowledge of the scope or scale of the issues their changes could cause". That is why the DNS has delegated administration, although there is probably less need for the delegated deployment any more (computers are big and cheap compared to the 1970's), delegated administration is still a MUST have. Think DNS is *sensitively dependent on correct values*. Sure they can try and guess, but it is at best a guess. I note almost all phishing sites use IP address these days anyway, certainly all those I reported this morning were using URLs of the form "http://10.11.12.13/www.example.com/" If you just want faster recursive resolvers, that is easily done without breaking anything, and without risking your view of the DNS. More hardware, slave ".", optimise the binaries (Rick Jones has documented this in huge detail at HPs performance labs), optimise the IP stack etc. If the only value add is fast recursive resolution, but from off your network, I'd suggest this is a poor choice as well, as a key planning decision of DNS resolver deployment is to deploy "within your network" so stuff works when your connectivity is toast (of course that'll never happen). I see no redeeming features of the service, or did I miss something?
On Tue, 11 Jul 2006, Simon Waters wrote:
On Tuesday 11 Jul 2006 07:19, Steve Sobol wrote:
There's a big difference, of course, between INTENTIONALLY pointing your computers at DNS servers that do this kind of thing, and having it done for you without your knowledge and/or consent.
Yes, one way you choose who breaks your DNS, the otherway Verisign break it for you.
Agreed! If you break your own stuff, that's your own problem and does not raise any of SiteFinder's issues. Even if an ISP uses this service, people can still usually find another ISP or point their computers at other DNS servers.
I see no redeeming features of the service, or did I miss something?
I'm not arguing it's a good idea. I'm just saying it's not evil like SiteFinder. -- Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows Apple Valley, California PGP:0xE3AE35ED It's all fun and games until someone starts a bonfire in the living room.
participants (22)
-
Barry Shein
-
Chris Woodfield
-
Christopher L. Morrow
-
Daniel Golding
-
David Ulevitch
-
Edward B. DREGER
-
ennova2005-nanog@yahoo.com
-
Joe Greco
-
John Payne
-
Joseph Jackson
-
Ken Eddings
-
Larry Smith
-
Mark Jeftovic
-
Matthew Kaufman
-
Niels Bakker
-
Patrick W. Gilmore
-
Peter Corlett
-
Peter Dambier
-
Simon Waters
-
Stephane Bortzmeyer
-
Steve Sobol
-
Valdis.Kletnieks@vt.edu