Decius wrote:
] Rattle just observed to me that Verisign's actions toward the
] Internet community were sort of like Bush's actions toward the
] UN. There may be more to that then you think. The moral
] standards of acceptable behavior are set by the leadership. If
] the leader says its ok to do a certain thing, then people will
] rationalize away any natural inhibition that they might have
] toward it. "He thinks its ok to do this and he is obviously
] smarter then me, so I'm going to ignore that nagging little
] voice and go ahead..."
]
] The way we've been throwing our weight around and doing things
] that are of dubious responsibility simply because we can and
] the people who ought to check us really aren't in a position
] to do that.... Well that rubs off. A manager thinking of doing
] something this dramatic might have thought twice about it in a
] time when one feared reprisals from millions of angry people.
] That fear is the heart of democracy. You can't screw the
] people because they are collectively more powerful then you.
] You respect them.
]
] I think we are in the process of loosing that fear.

] We just went through the new age of "boom," where everyone
] forgets that booms always bust. Now we begin the new age of
] empire, where everyone forgets that empires are always
] violently overthrown.

Indeed.

] The reason we still have wars is that greed is more powerful
] then reason.

What? Did you say something about SCO?

RE: Verisign and Bush

This would be _so_ much better if they all were sitting in a big tic tac toe board like in Hollywood Squares. Statham is a great host.

Huffington and Schwarzenegger should get a Crossfire like talk show.

Decius wrote:
] Original Page:
] ] We call on ICANN to examine the procedures for changes in
] ] service, including provisions to protect users from
] ] abrupt changes in service.
] ]
] ] We call on the IAB, the IETF, and the operational
] ] community to examine the specifications for the domain
] ] name system and consider whether additional
] ] specifications could improve the stability of the overall
] ] system. Most urgently, we ask for definitive
] ] recommendations regarding the use and operation of
] ] wildcard DNS names in TLDs and the root domain, so that
] ] actions and expectations can become universal.
]
] This really didn't get much coverage yesterday given that it
] came out shortly after Verisign's arrogant response. Its
] interesting. If ICANN could do something, this document would
] specifically say "Verisign is in violation of XYZ." It
] doesn't. What it says is that rules need to be reconsidered
] and clarified. IE, what they have done is not against the
] current rules. ICANN has the right under their contracts to
] create new policies, and Verisign must abide by those policies
] once they are approved within a reasonable period of time.
] This document is part of a long documentation trail that will
] ultimately result in Sitefinder getting shutdown. This
] process could take years. There are a number of methods
] that Verisign can use to delay things, including disputing the
] ICANN process, and filing a breach of contract suit along with
] a request for preliminary injunction preventing any new ICANN
] regulation from taking effect, and then delaying and delaying
] and delaying on going to trial, and then appealing and
] appealing... Once the court process is over with Verisign gets
] 4 months to implement any change ICANN requires. Furthermore,
] we're not anywhere near that stage yet. We are miles away.
] There is all kinds of IAB, IETF, and ICANN beaurocratic
] bullshit that has to occur first.
]
] I hope I'm wrong, but I doubt it. They should have had a
] clause in the contract that prevents Verisign from making
] disruptive changes without seeking approval. They don't. This
] is a loophole big enough to drive a truck through, and
] Verisign just did. By the time this actually gets resolved
] will we have been living with it for so long that no one will
] notice.

I don't think you are wrong. It will take years.

] If this issue is not resolved by Phreaknic I will use my
] speaking time there to call for a move to a DNS system that
] exists outside of ICANN's control. Its not really their fault,
] but this situation cannot be allowed to go on for years.

I have a few questions that I have not yet had the time to research.. What is the current size of the z... [ Read More (0.2k in body) ]

RE: ICANN can't do anything...

] Activists have also questioned the political affiliations
] of the leading voting companies. Late last year, Harris
] found that Sen. Chuck Hagel, a Nebraska Republican, used
] to run the voting company that provided most of the
] voting machines in his state. And in August, the
] Cleveland Plain Dealer reported that Walden O'Dell, the
] CEO of Diebold, is a major fundraiser for President Bush.
] In a letter to fellow Republicans, O'Dell said that he
] was "COMMITTED TO HELPING OHIO DELIVER ITS ELECTORAL
] VOTES TO THE PRESIDENT NEXT YEAR."
]
] But the problems Harris found in Diebold's system are
] perhaps the best proof yet that electronic voting systems
] aren't ready for prime time. Indeed, the vulnerabilities
] in the software, as well as the internal memos, raise
] questions about the legitimacy of the California recall
] election. In its ruling, the 9th Circuit Court put the
] election on hold until the six counties that currently
] use punch-card systems -- six counties that comprise 44
] percent of the state's voters -- upgrade their systems.
] On Monday, 11 judges on the 9th Circuit reheard the
] recall case; they may very well allow the election to go
] ahead on Oct. 7. If the recall vote is put on hold until
] March, however, many may wonder whether to trust the
] results: Four of the six punch-card counties -- including
] the largest, Los Angeles and San Diego -- have plans to
] upgrade to Diebold machines by March.

(Comments from Decius)

Very good article, with links to Diebold's internal memos, on the electronic voting systems.

I think that Harris is a conspiracy theorist. Certainly if the elections in Georgia were stolen that would be a historic fraud, a great mar on our history. However, it is not appropriate to allege that unless you've got proof. Saying "Oh, oh, oh, this might have occured..." simply serves to rile up people's emotions and it contributes to the ignorance and confusion that surrounds this issue. The quotes in the Diebold memos about "King County" are obviously not in reference to election fraud. Later in the same memo the same person discussess the concerns that Texas has about the use of this capability for such a purpose.

On the other hand, the Diebold memos demonstrate a complete lack of computer security clue on the part of the engineers. The fact that you have a password on your .mdb file isn't going to keep me out of it, in particular when you've handed me software that has access to it. Furthermore, the fact these morons are confident enough of their clue level to be poking fun at the "technical wizards" in the certifying companies is enough to turn the stomach.

All of these people simply seem to be in way the hell over their heads, and none of them seem to realize it.

Salon.com Technology | An open invitation to election fraud

] Not only has Verisign betrayed their trust by hijacking
] all the .NET and .COM typos, they've also tossed out the
] privacy of every fumblefingered netizen by putting a
] web-bug on their SiteFinder page, so that anyone whose
] session is stolen by Verisign is thereafter marked with a
] tracker-cookie that is used to spy on you as you traverse
] the Web.
]
]] The query string of the URL contains the usual things
]] such as the Web page URL, the referring URL, browser
]] type, screen size, etc. This query string is built on the
]] fly by about 50 lines of JavaScript embedded in the
]] Verisign Web page.
]
] The Omniture server sets a cookie so that people can be
] watched over time to see what typos they are making.
] Link (via Dan Gillmor)

I was bitching about this a week ago.

http://www.memestreams.net/users/rattle/blogid3252792/

Boing Boing | Verisign's SiteFinder hijacks your privacy as well as your typos

] An international group of cryptographers, the Kryptos
] Group, announced this week that the decade-old Cyrillic
] Projector Code has been cracked, and that it deciphers to
] some classified KGB instructions and correspondence.
]
] The Cyrillic Projector is an encrypted sculpture at the
] University of North Carolina in Charlotte, that was
] created by Washington DC artist James Sanborn in the
] early 1990s. It was inspired by the encrypted Kryptos
] sculpture that Sanborn created two years earlier for CIA
] Headquarters.
]
] The message on the Cyrillic Projector has turned out to
] be in two parts. The decrypted first part is a Russian
] text encouraging secret agents to psychologically control
] potential sources of information. The second part appears
] to be a partial quote from classified KGB correspondence
] about the Soviet dissident Sakharov, with concerns that
] his report to the Pugwash conference was being used by
] the Americans for an anti-Soviet agenda.

Kudos to Elonka and crew!

Press Release: The Cyrillic Projector Code Has Been Solved

] You are most likely visiting this page because you noticed
] an entry in your web server log file that references this
] page. NPBot is the NameProtect Inc. web crawler. As a
] Digital Brand Asset Management company, NameProtect
] engages in crawling activity in search of a wide range of
] brand and other intellectual property violations that may
] be of interest to our clients. For more information on our
] services, please visit the NameProtect website at
] http://www.nameprotect.com

The brand police.

NameProtect Inc :: NPBot Notification

] This document contains a number of observations on
] the implications of the use of wildcards in DNS zones,
] and makes some recommendations concerning their use.

] The Robustness principle tells us that in some (not all) of
] the problems detailed above, both parties could be
] construed as being at fault. In some cases this is hardly
] surprising: spam filtering in particular, by its nature,
] tends to be extremely ad hoc and somewhat fragile.
] No doubt there are lessons here for all parties involved.

] The Principle of Least Astonishment suggests that the
] deployment of wildcards was disastrous for the users.
] It had widesweeping effects on other users of the
] Internet far beyond those enumerated by the zone
] operator, created several brand new problems, and
] caused other internet entities to make hasty, possibly
] mutually incompatible and possibly deleterious (to
] the internet as a whole) changes to their own
] operations in an attempt to react to the change.

] Proposed guideline: If you want to use wildcards in your
] zone and understand the risks, go ahead, but only do so
] with the informed consent of the entities that are delegated within your zone.

Internet Architecture Board - Architectural Concerns on the use of DNS Wildcards

"Snubby" has been replaced, its now something based on Postfix.

I can't count the number of SMTP servers in each server pool like I could with the previous SMTP implementation, but it is worth noting that the number of HTTP servers in each redirection pool has dropped. There were 30 machines in each of four clusters at different two locations, for what looks like a total of 120 servers in the US. Now the clusters are down to 20 machines in each, so 80 total US. Its safe to assume those machines have been transfered to the SMTP pool in this change. That would be at least 20 SMTP servers on each coast.

] In response to widespread expressions of concern from the
] Internet community about the effects of the
] introduction of the wildcard, ICANN has requested
] advice from its Security and Stability Advisory
] Committee, and from the Internet Architecture
] Board, on the impact of the changes implemented
] by VeriSign. ICANN's Security and Stability Advisory
] Committee is expected to release an objective
] expert report concerning the wildcard later today.
]
] Recognizing the concerns about the wildcard service,
] ICANN has called upon VeriSign to voluntarily
] suspend the service until the various reviews
] now underway are completed.

ICANN Speaks!