Author: lost

Stupid Verisign Tricks Redux Redux

I first commented on the Verisign nonsense on September 16, and then later on September 19. In the mean time, wheels have been turning consequences appear to be materializing. Today, ICANN insisted that Verisign cease the wildcard in .com and .net immediately.

I must admit that I had fully expected ICANN to do absolutely nothing. I applaud this action as far as it goes and hope they manage to enforce their decision. This is a critical test of their reason for existence. I will be watching with great interest to see how this all turns out.

Update at 15:00: Verisign has apparently capitulated. Note that an invasive registration procedure may be required for that link. Apparently Verisign is the victim. Yeah, right.

Hurricanes

Hurricane Juan cut a path of devastation through Nova Scotia and Prince Edward Island late Sunday night. Much more than many would have expected.

Even now, thousands of people have no electricity. The sheer destruction people are recovering from is mind boggling. Frankly, I am glad I live in an area that has a very low chance of experiencing a storm of that magnitude.

To all of you reeling from Juan, my best wishes are with you.

Memory Failure

You wouldn’t think that memory that was working perfectly for two years would up and fail causing a computer to stop booting. And you would be wrong. I had just such an event happen to me.

It manifested itself as randomly crashing software initially. This meant the problem could be anything from the processor to the memory to the hard drive to the software on the system being messed up. Eventually it got to the point that I could do nothing with the computer so I decided to troubleshoot it. I made sure everything was assembled correctly and found nothing wrong there. I checked for overheating and found no heat problems. Then I swapped the memory with that from another computer. And lo, the other computer started crashing and the first one became stable.

So now I’m $100 poorer but have shiny new memory in my computer.

I hate when computer hardware fails.

Stupid Verisign Tricks Redux

Reactions to the actions taken by Verisign as described in my blog entry from September 16 have been heated and varied. It currently appears that Verisign has no intention of ceasing this nonsense. However, certain internet authorities have finally been heard from today.

The Internet Architecture Board has released an analysis of the use of wildcard DNS records at high levels in the DNS hierarchy. Anyone interested in this situation and its implications is encouraged to read this analysis. Perhaps the best part of the article from my perspective is this: "Proposed guideline: If you want to use wildcards in your zone and understand the risks, go ahead, but only do so with the informed consent of the entities that are delegated within your zone."

The Internet Corporation for Assigned Names and Numbers (ICANN) has also finally broken its silence with the following advisory about the situation. While I usually disagree with ICANN’s tactics, this particular one of actually studying the issue and asking for feedback from other organizations is good. In particular their call for Verisign to voluntarily suspend the operation of their wildcard until the investigation is completed.

As things go, this issue has been little more than a minor technical annoyance to many of us in the industry. However, it was the sheer gall it took on the part of Verisign to say that they were doing this for the good of the internet when they, by their own admission, were profiting from it that got up most of our noses. Not to mention the protocol breakage that is mentioned in the IAB article noted above.

In fairness to Verisign, it should be noted that they were not the first ones to introduce a wildcard into a TLD, simply the most prominent one.

Stupid Verisign Tricks

On Monday, Verisign, the company that manages the contents of the .com and .net zone files, hijacked all non-existant domains to point to an intermittently functional search service. This does not affect any top level domain other than .com and .net.

Apparently, Verisign has decided that any DNS query for an A (IP address) record for any second level domain in the .com or .net top level domains will now resolve to an IP address controlled by Verisign which then attempts to guess what the user is trying to do. While this sounds like a great idea on the surface, and is, in fact, markedly similar to what many web browsers and online providers do, this is a horribly bad idea. When my web browser offers to search for the domain I misspelled, it affects me and me alone. When an online provider does this, it affects only the customers of that provider. In both cases, there is the possiblity of using a different browser or service. However, the the case of Verisign doing it using the DNS system, it makes it impossible for anyone trying to access a .com or .net domain to opt out of it, regardless of provider or web browser or any other consideration.

In addition, the DNS system is designed to respond with a negative answer when a request is made for a name that does not exist. This allows web browsers, email servers, and so on, to do something useful in this circumstance, like tell the user the domain does not exist. However, by adding an A record for non-existing domains, it is now impossible for a mail server to know that the domain really doesn’t exist. And while the use can likely figure out that the web site they requested does not exist based on the response from the server Verisign is point it to, automated systems that rely this negative response behaviour have no way of deducing this. And relying on this negative response is by no means broken since that is the only way the system can indicate that a domain does not exist.

To make matters worse, Verisign provided no notice to relevant internet community groups, such as NANOG, that such a change to the standard operating procedure was going to be done. In fact, the first notice many network operators had was that nonexistant domains were suddenly resolving. Many other learned this via discussion threads on NANOG which can be read in the NANOG archive at the above link. Many others in the internet community would have learned of this from the Slashdot article and related discussion on the issue.

The uproar on this issue shows no signs of dying down any time soon either as messages fly around the internet an amazing rate.

I hereby call upon Verisign to do the right thing and cease and desist this reprehensible attempt to hijack the .com and .net domains as their own personal playground. It is high time that Verisign started acting in a manner befitting an orgranization on whom a public trust has been bestowed!

Update at 1645: It looks like the authors of the BIND name server software are creating a patch that will allow users of BIND to bypass the Verisign brain damage. See a news report here. BIND is available from the ISC.

Update at 1435, Sept 17: Debate continues to rage about this issue. Some folks have taken actions which may or may not help. The ISC has released a patch to BIND which allows people to work around the problem. In addition, one person has publicly sent a formal complaint to ICANN (the body supposedly in charge of .com and .net overall) which is worth a read for those interested.

Weather

I just love the weather in Calgary. It’s so predictably unpredictable. I mean, today they’re forcasting snow (and have a heavy snow fall warning out) for Calgary. It’s apparently supposed to snow tonight and tomorrow then warm up some by Thursday. Well, I suppose that isn’t so bad. But it’s only the middle of September. It just doesn’t feel right for it to snow.

I suppose I should stop whining about it though. We’ve had years where it snowed in July.

On Movies and Critics

I was watching one of the ridiculous movie critic shows the other day. I listened to them consistently slamming just about every movie I have ever found entertaining. This got me to thinking. What makes a good film?

Obviously, what I like in a film is likely different than what you like in a film. Now, I can only truly examine what makes a movie good to my taste, so that is what I’ll do.

First, and foremost, the movie must be entertaining. If I am not entertained, there is little point watching it. At least in most cases. My motivation in going to a movie is to be entertained thus this is the most important factor. If I were going to learn something about something, then, perhaps, information would be more important.

Beyond entertaining, I have no real definition of what makes a movie good. I enjoyed such movies as Shrek, The Thirteenth Floor, The Matrix, Message in a Bottle, and, believe it or not, Star Wars: The Phantom Menace. I don’t mind really bad physics. I mean, that can be fun to pick apart. But a movie that is mostly correct but gets one or two important points glaringly wrong can be ruined. But not always. Humour helps, but is not required. Pure fantasy is great but can go horribly wrong. A good moral can help but can also hinder if there’s nothing else. Too slow of a pace or too fast can ruin an otherwise good film.

It seems to me that most people would agree that there is no single formula that makes a film good. While a particular formula may make repreated decent films, it can just as often (or more so) make duds. Predictability can be a drag or can be fun. You never can tell what will work.

And then there are films like Last Action Hero which I enjoyed but most people hate. On the other hand, there are movies which have nearly universal appeal such as It’s A Wonderful Life (which I also enjoyed). In any event, it seems to me that one should ignore the critics and simply decide what movie to go to based on one’s own taste. Don’t let anyone tell you what is a good movie and what isn’t.

It takes all kinds

For my weekly constitutional this week I walked around the Glenmore Reservoir. Ordinarily, I wouldn’t comment on this but this stroll was more eventful than most.

Not long after I got started, working counter-clockwise from “Parking Area A” of North Glenmore Park, I was flagged down by Piers (the boss’s son) and a pair of girls who were apparently doing some sort of scavenger hunt. Apparently they needed someone to sing a nursery rhyme. I declined to assist them since I couldn’t think of any nursery rhymes at that point.

Then, I encountered a fellow who was walking along the pathway with no shoes on. He seemed to have decent clothes so I have no idea why he was doing so. I never stopped to talk to him since he gave every indication of not wanting to talk to anyone.

When I was about three quarters around the reservoir, at Heritage Park, I stopped for a rest (one of many rests I took along the way since it was rather hot) and had a most unusual conversation with a fellow called Michael (if I’m remembering his name correctly). He seemed to be a nice enough fellow and probably just wanted to talk to people as he sat around on the bench since as I continued on my we, he started up with another person who had just arrived at the rest spot.

The preceeding only notes the most exceptional people encountered along the four hour trek around the reservoir. There were people of all sorts, young and old, availing themselves of the pathway. At a few points, there was a veritable traffic jam due to all the people on the path. All in all, it was an interesting day.

Megascale Engineering

I was watching a show called "Extreme Engineering" today. This episode discussed building a 1km high pyramid to house 750,000 people. An interesting idea, and possibly not so ridiculous as it might sound at first. But that isn’t what I want to yammer about today.

There seems to be a plethora of ideas for megascale engineering. Everything from gigantic pyramid cities to space elevators to colonies on distant planets. These things used to be the sole province of science fiction and fantasy stories yet now people are seriously considering building just such things. In fact, for much of this stuff, the technology to actually accomplish it does not seem to be so hugely far off.

I don’t know whether this is a testament to human imagination and skill or an example of sheer hubris. Either way, it will certainly make for interesting times to come.

Pedestrian Friendliness

Why is it that when freeways are built that pedestrian traffic is completely ignored? I mean, why are pedestrian crossings over freeways so far apart? Wouldn’t it help some of the traffic issues if there were more ways for pedestrians to cross freeways?

In Calgary, for example, along Deerfoot Trail one is hard pressed to find a bridge over the freeway which has a sidewalk on it. It seems that when most of the interchanges were built, there was no consideration at all that people might want to walk from one place to another. It should be pointed out that most of the newer road crossings do have sidewalks so it seems there has been a change in policy in Calgary at least. But even so, the ones that haven’t been upgraded still present something of a challenge for the pedestrian.

In some cases, the lack of a sidewalk can be attributed to the fact that the interchange was built in the country before there was any development around it. It is possible to understand the reasoning for not building in anything to handle foot traffic, but really, how much extra does it cost to build in the necessary width on the bridge deck to handle a sidewalk? I suppose the reasoning is that there is no sidewalk along a highway so why on the bridge? Well, a person can walk along the ditch in many places (or on the shoulder) but the bridges often have no extra width for a shoulder thus nowhere for people to walk. Granted, there aren’t many pedestrians in the country so it might seem silly to people.

I suppose the point of this relatively pointless ramble is that it would be nice to see some consideration for pedestrians when people are designing transportation networks.