No Such Weblog

SiteFinder is now also active in .com.Meanwhile I haven’t seen a single mailing list posting anywhere that would welcome this change — but a lot of furor across the board, and some thought on how this can be stopped: People are modifying name servers that serve as resolvers to replace Verisign’s sitefinder A records by the correct NXDOMAIN response.

Here’s an illustration of what I mean when I complain about corrupting error diagnostics: During the past 20 minutes or so (it’s now 1:38 a.m. GMT+0200), the address which is returned by the registry in response to queries for unregistered domain names was unreachable. The result? Instead of a quick message that I’ve mistyped the domain name, I get a timeout after waiting for quite some time. That’s a highly misleading error diagnostic, and it’s making the user experience much worse. Which brings us to another problem with this: Verisign has been careful to put work-arounds in place that are supposed to mitigate the effects of the DNS change for individual protocols. These work-arounds depend on the availability of Verisign’s infrastructure in order to work, though. Once this infrastructure is unreachable, users have no possibility to discern a non-existing domain name from an unreachable host.

Talking about user experience, I’m also sure that users of Asian localized software will very much appreciate getting English-language error messages from Verisign instead of localized and translated error messages from the software they are running.

White papers on the mechanisms that Verisign apparently plans to implement for resolving unregistered domain names are available here.The service seems to have gone live now, at least for .net. Concerns here, here, and here. Discussion at ICANNWatch.

Here’s an updated version of my debbugs tools. cli.pl is now able to interactively spamassassinate bug logs; also, there is a script named fix-utimes.pl that will adjust log files’ modification times according to the date of the last message received with respect to a specific bug report. (This is important to prevent done bugs from staying in the system forever just because of spam.)

Germany’s new copyright law has been published in the official journal today, and becomes applicable tomorrow.

Sobig.F has recently deactivated itself. The impact on e-mail bandwidth is amazing — green for spam + virus bandwidth, blue for legitimate e-mail bandwidth.

We spent quite some time today tracking down an obscure Linux problem: With the commonly-used user space NFS daemon, quota doesn’t seem to propagate over NFS. In theory, quota is enforced on the server-side.We think we have found the bug; it’s in the 2.4 kernel (but we couldn’t test that, yet): The user space NFS daemon runs as root, and protects system calls that affect the file system by calling setfsuid(2) in order to drop privileges. setfsuid(2) to a non-root user will clear all capability bits in CAP_FS_MASK. The CAP_SYS_RESOURCE bit (1

… or: When is a hyperlink a hyperlink?Alexander Svensson continues to cover the development of .kids.us, and has a close look at the first site established there. Particularly fascinating — with regard to policies in place that forbid hyperlinks that take a user outside of the kids.us domain– is a links page Alexander has found — it points to web sites outside .kids.us with content about American presidents. Instead of using actual hyperlinks, the URLs are simply listed there, as part of the page text.Update: Jeff Neumann responds (thanks) that listing web sites in the way it’s done on the Smithsonian’s page is perfectly acceptable in .kids.us. Fascinating.

Representatives of the US government are going to have a conference call on WHOIS with members of the registrars’ constituency on 17 September. Government-side participants: Lader, Sene, Layton (NTIA); Mithal (FTC); LoGalbo (DOJ); Larsen (IRS); Cotton (USPTO).

Elana Broitman has posted a presentation on what she calls Interim Whois Solutions. I’d rather talk about dirty hacks; some of the proposed steps — like returning GIFs over port 43 WHOIS — simply don’t look feasible.