(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1999-02-01: Squammers

Keith Dawson (dawson dot tbtf at gmail dot com)
Mon, 1 Feb 23:14:13 -0400


Contents

  • IBM joins Linux International Open source OS's momentum looks unstoppable in the server space

  • updated Book bots Two sites comparison-shop the Net booksellers

  • Followups Intel's Big Brother problems multiply; Compromised utility package updated; We can get it for you wholesale; Becoming a Y2K urban legend

  • An interview at the NSA Good Will Hunting missed the mark

  • updated Rings A pretender to the ring-world throne


CDA-II ruled unconstitutional

Laudable goal, terrible legislation

The judge hearing the CDA-II (Child Online Protection Act) challenge has ruled that the law is unconstitutional [1]. No word yet on whether the government will appeal. (Remember, this is a law that Janet Reno's Justice Department advised they could not enforce.) The judge said

Perhaps we do the minors of this country harm if First Amendment protections, which they will with age inherit fully, are chipped away in the name of their protection.
[1] http://www.news.com/News/Item/Textonly/0,25,31724,00.html?tbtf

___

Squammers

Domain name squatters who spam the InterNIC

Network Solutions, Inc. has recently been falling behind with registration requests. They say [2] that domain-name squatters have been bombarding NSI with bogus requests, crashing their servers and delaying processing of ordinary business. This activity has been going on for some time, but in January it reached a level double that of legitimate registrations. Wired's coverage is here [3]. This is not a story about speculators or domain-name homesteaders who put down their money on a bet about the Net's direction. The squatters pay nothing, financing their bets with everyone else's money; a subset of them, the squammers, additionally throw sand in the gears for the rest of us.

Mailing-list discussion -- see this thread on NANOG [4] for example -- has fleshed out the picture of the squammers. A squatter reserves a domain name, perhaps giving a bogus email address and/or physical address, and ignores the bill when/if it comes. After 30 days NSI suspends the name. When another 30 days have passed and no payment has arrived NSI releases the name. The original squatter now showers the registrar with many (probably automated) requests to re-register that name. Thus the name remains tied up and the squammer never pays a cent. If a buyer wants the name, they end up paying the original NSI bill as well as whatever usurious ransom the squammer has been able to negotiate.

Posters on NANOG are playing the story as yet another example of NSI's incompetence [4], and certainly this interpretation is supportable. One measure NSI has taken to slow the squammers was to drop (without announcement) the "initial creation date" and "current status" fields from the information it publicly reports about name ownership and status. This will have little impact on squammers -- surely they know when they registered a name -- but will break ISPs' existing procedures and software and inconvenience all legitimate users of the name database. NSI's ill-advised policies are partly to blame for creating a something-for-nothing opportunity for squammers in the first place. The miscreants would vanish into the night if NSI made registrants supply two valid DNS servers before reserving a name, and particularly if they required a valid credit-card number up front.

News.com plays one domain-name squatter's story [5] as a tale of a little guy against the megacorp. Their reporter appears to have been completely bamboozled by Jerry Sumpton [6] of Freeview Listings, who lost his bid to extort $13,000 from Avery-Denison Inc. for the names avery.net and dennison.net.

Ian Andrew Bell shoots straighter [7]. He points out that Sumpton holds as many as 30,000 domain names: many proper names and many words from the dictionary, largely in the .net domain. Sumpton's business plan of record -- renting mailboxes at $4.95 per month on, e.g., smith.net -- makes no sense if he has to pay over $1M per year for the names. It makes sense only if he never pays for a name until someone signs up for a mailbox on it, or better yet bids to buy it from him. (Note: no evidence suggests that Sumpton is one of the squammers; NSI has not made public any results from its attempts to trace these malfeasors.)

Note added 1999-02-02: Jamie McCarthy <jamie at mccarthy dot org>, a customer of Mr. Sumpton, writes with some corrections.
His price is not $4.95 a month but $4.95 a year... he also charges a $20 startup fee; and my guess is that pretty much everyone will buy five years at once, as I did. That's $45. He actually owns about 12,000 domain names according to domainwatch [8a]. So if his burn rate is $420,000 / yr., he has to find 10,000 people each year to buy $45 email accounts. Can he get 300 signups a day?
Sounds to me like he would need closer to 1,000 such signups a day, if he wants to pay for anything more than domain names (such as the rent). And he gets no more revenue from those customers for 5 years.

The handy Domain Surfer site [8] offers the fastest way I've found to explore the domain namespace and winkle out homesteaders, speculators, and squatters.

[2] http://rs.internic.net/customer_advisory.html
[3] http://www.wired.com/news/print_version/technology/story/17522.html?wnpg=all
[4] http://www.cctec.com/maillists/nanog/current/msg00256.html
[5] http://www.news.com/News/Item/Textonly/0,25,21333,00.html?tbtf
[6] http://rs.internic.net/cgi-bin/whois?JS1578
[7] http://xent.ics.uci.edu/FoRK-archive/jan99/0345.html
[8] http://www.domainsurfer.com/
[8a] http://www.domainwatch.com/getwho.cgi?dom=MAILBANK.COM

___

Windows Refund Day

Ready to demand your money back from Mr. Bill?

Proponents of non-Microsoft operating systems have declared 15 February Windows Refund Day [9] to encourage PC buyers to get cash back for the Windows software they have never used. Microsoft's end-user license agreement gives purchasers the right to obtain a refund from their PC vendor if they've installed an alternative OS such as Linux or IBM's OS/2 without having used Windows. The effort was inspired by Geoffrey Bennett's tale [10] of pursuing a refund from Toshiba over 4 months, eventually with success. The Windows Refund Center [11] features links to other such stories, some without a happy ending after two years. On 15 February Linux users in California plan to show up on the doorstep of their local Microsoft office for their refunds.

[9] http://www.wired.com/news/print_version/technology/story/17452.html?wnpg=all
[10] http://www.netcraft.com.au/geoffrey/toshiba.html
[11] http://www.linuxmall.com/refund/

space ______

A new kind of trademark dispute

Is a search site that sells keywords diluting copyrights?

Estee Lauder has filed suit against Excite for selling its trademarked terms Estee Lauder and Origins to the Fragrance Counter, a competitor [12]. Search engines commonly sell keywords to whoever is willing to pay, displaying the buyer's ad banners whenever a visitor searches on one of the keywords. So far no law or court precedent restricts the search companies from selling whatever they please. The Lauder action is being publicized by BannerStake [13], which offers a keyword of your choice to 12 search engines and displays the banners that they display, if any. I tried the keyword "Linux" and found that Excite appears to have sold it to Microsoft. Probably last Halloween [14].

[12] http://www.internetnews.com/IAR/1999/01/2901-lawsuit.html
[13] http://www.bannerstake.com/
[14] http://tbtf.com/archive/1998-11-03.html#s02

space ______

Net weather and traffic

Internet tomography and an index of Net health

The journal Nature carries an article [15] on Net tomography. The authors have developed skitter, a "tomography scanning tool" that dynamically discovers and depicts global Internet topology and measures the performance of specific paths through the Internet. Skitter uses ping ICMP packets to develop a diagram of Net connectivity at a point in time. Here is a sample interconnectivity diagram [16] (194K).

Another view of the state of Net health is provided by the Internet Traffic Report [17], which also uses ping to derive indices of worldwide round-trip times and packet loss. Thanks to Tom Parmenter <tompar at world dot std dot com> for pointing out this service.

[15] http://helix.nature.com/webmatters/tomog.html
[16] http://helix.nature.com/webmatters/tomfigs/fig1.html
[17] http://www.internettrafficreport.com/

___

IBM joins Linux International

Open source OS's momentum looks unstoppable in the server space

Following Sun's lead [18], IBM Software Solutions has become a sponsoring corporate member of Linux International. Besides these two the roster [19] now includes Silicon Graphics and Compaq. Missing for the moment is HP, though that company has recently announced that it will sell Linux on its NetServer systems and has struck an alliance with Linux packager Red Hat [20]. This article [21] discusses recent Linux initiatives by HP and SGI.

[18] http://tbtf.com/archive/1998-05-25.html#s03
[19] http://www.li.org/sponsors/sponcorp/index.shtml
[20] http://www.news.com/News/Item/Textonly/0,25,31511,00.html
[21] http://www.internetnews.com/Reuters/1999/01/2805-linux.html

___

Book bots

Two sites comparison-shop the Net booksellers

You've read about the coming wonderful world of intelligent agents that will make Web comparison-shopping a breeze, once the nirvana of universal XML arrives to usher in the day. But even now clever folks are implementing services to help you compare prices for commodities on the Net. Consider books. The free service AddALL [22] will search for any book and compare prices, including shipping, across 34 separate online bookstores, and display the results in price order in the currency of your choice. The search is a little clunky; I find it's best find my book first at Amazon or Barnesandnoble and then price-shop at AddALL. The site needs a going-over by someone with a strong grasp of English syntax, but so what? It's an extremely useful labor of love and seems to be under constant improvement.

A few months back Glenn Fleischman got to musing on how URLs might be used like programs, and the result is isbn.nu [23]. You can get a price comparison, including shipping charges, for any book by feeding its International Standard Book Number to this site as if it were a directory name. For example, entering

http://isbn.nu/0201149370/price
compares prices for John Hanson Mitchell's Ceremonial Time: 15,000 Years on One Square Mile across 8 online stores. Leave off the trailing "/price" and the site takes you to Amazon.com's order page for the book. Prefer another store? You can append the name of one of 10 other online bookstores from a list on the site.
Note added 1999-02-06: A largish number of folks wrote to inform me that I had missed the boat on the subject of book comparison-shopping sites, and most pointed to Acses [23a] as their favorite. On the other hand, a few people wrote saying they had never come across the concept of WebRings before. Both are indicative of the fact that the Web, like television before it, has grown to the point where it harbors entire communities — gamers, chat fans, infosurfers, online auction addicts — who coexist on the medium without sharing a cultural experience. Acses is a commercial book-comparison site that requires a good number of clicks to get to the list that AddALL returns immediately. I would guess that AddALL was developed in reaction to Acses's commercial nature.

[22] http://www.addall.com/
[23] http://isbn.nu/
[23a] http://www.acses.com/

___

Followups

bul Intel's Big Brother problems multiply

On 27 January pressure on Intel increased again to scrap its plans to include a consumer-identifying serial number in each Pentium III [24]. A lawmaker in Arizona has said he will file a bill this week making it illegal for any company to manufacture or sell a PC chip in that state that features a unique identifying number in the hardware [25]. Intel runs two chip fabs in Arizona and its CEO, Craig Barrett, has a home there. Such a law could have an unintended impact on Sun Microsystems, whose Sparc chips have for years included a serial number to prevent piracy.

Cryptographer Bruce Schneier has a commentary on ZDNet [26] explaining in simple terms exactly why Intel's scheme will not work to enhance consumer security or authentication.

Finally, Dan Kohn passes along a pointer to a FAQ [27] on the Intel chip flap, which claims that Intel has not turned off the ID number in the hardware at all, as it claims. (The multi-part FAQ begins here [28].)

[24] http://tbtf.com/archive/1999-01-26.html#s03
[25] http://www.news.com/News/Item/Textonly/0,25,31482,00.html?tbtf
[26] http://www.zdnet.com/zdnn/stories/comment/0,5859,2194863,00.html
[27] http://www.zdnet.com/zdhelp/static/p3/p3_3.html
[28] http://www.zdnet.com/zdhelp/static/p3/p3_1.html

bul Compromised utility package updated

In the aftermath of the backdooring of ftp.win.tue.nl [29], the author of one of the affected utilities, util-linux, has released an updated package [30] to the sunsite and tsx-11 software depots. He writes:

If you get it from ftp.win.tue.nl (very unwise), check the md5sum:    d98b2a08c4865c14b9aefec3586c685a util-linux-2.9h.tar.gz
Contrary to a note I posted at [29] after the email edition went out, Hotmail administrators were in fact immediately responsive when notified about the compromised code at ftp.win.tue.nl that referenced two Hotmail drop boxes, according to John R Levine <johnl at iecc dot com>, one of the perpetrators of Internet for Dummies.

[29] http://tbtf.com/archive/1999-01-26.html#s01
[30] http://www.geek-girl.com/bugtraq/1999_1/0364.html

bul We can get it for you wholesale

TBTF for 1999-01-13 [31] covered buy.com and its "sell a buck for 85 cents and make it up on advertising" business model. Now competitor Onsale has abandoned retail markups and thrown in its lot with the tulip traders [32]. It's a win for consumers in the short term, but how will Web merchants endure in this atmosphere of purest helium?

[31] http://tbtf.com/archive/1999-01-13.html#s05
[32] http://www.onsale.com/aboutus/ir/pr/pr1199901.htm

bul Becoming a Y2K urban legend

This note was sent in by faithful TBTF reader Cheryl Stocks <cstock at ibm dot net>:

I think we have a new urban legend category.

I read your story "Report of a very Confucian incentive is a joke" [33] recently, and got a chuckle from it. Today my husband said "Did you hear that British Air is going to require 40% of its executives to be in the air at midnight, New Year's Eve, this year?"

[33] http://tbtf.com/archive/1999-01-26.html#s11

___

An interview at the NSA

"Good Will Hunting" missed the mark

A long-time reader sent this account [34] of a recent job interview at the US National Security Agency. My informant was not offered a job but came away impressed with the professionalism, seriousness, and collegial atmosphere at the agency. Here's an excerpt on the agency's training program for new hires.

The first interview is with the mathematician who is head of the training program, which lasts three years. The program starts with a quick review of algebra and then launches into crypto stuff, and it's full-time for months at a time, two hours of lecture and six hours of study every day, in a big classroom with forty other newly hired mathematicians, some just out of college, some PhD's.
[34] http://tbtf.com/resource/NSA-interview.html

___

Rings

A pretender to the ring-world throne

Last November GeoCities bought Starseed [35], the inventor of the WebRing [36]. A WebRing collects many Web sites on a similar topic (e.g., fan sites for a particular music group) and stitches them into a circular structure. From any ring member you can move ahead or back in the ring or jump to the ring's head. Starseed's implementation of this novel navigation system is highly structured, with Ring Members (individual sites), Ring Masters, and a central Ring Server (Starseed's) to enable navigation. At the time of its purchase by GeoCities, Starseed had attracted 66,000 "affinity groups" to join in rings; in all 900,000 Web sites participated.

Now that Yahoo has announced plans to acquire GeoCities [37] it will be the lord of the rings.

But don't count out the pretender to the throne: Bomis [38], whose hands-off technology runs rings around any site without requiring the intervention, or even the knowledge, of its Webmaster. Bomis's lightweight approach to ring construction wraps ringed Web sites within frames; an Escape button allows the visitor to jump out of the ring context and back to the unframed site at any point.

The Bomis maintainers strut a subversively cheeky attitude. See for example their FAQ page [39], and don't miss the infrequently asked questions [40]. They don't tell us what, if anything, "Bomis" means, but they provide a page where you can guess [41], one chance in 65,340. P.S. -- Bomis rhymes with Thomas.

Note added 1999-02-06: Mark A. Wagner <mark at betsy dot mi-reporter dot com> threw together a Perl script he calls Deep Bomis [42] to brute-force the answer (and yes, there is one). Hint: it's recursive.

[35] http://www.news.com/News/Item/Textonly/0,25,28639,00.html?tbtf
[36] http://www.webring.com/
[37] http://www.news.com/News/Item/Textonly/0,25,31582,00.html?tbtf
[38] http://www.bomis.com/
[39] http://www.bomis.com/bomis_faq.html
[40] http://www.bomis.com/ifaq.html
[41] http://www.bomis.com/whatisbomis.html
[42] http://betsy.mi-reporter.com/~mark/deep_bomis.html


Sources

bul For a complete list of TBTF's (mostly email) sources, see http://tbtf.com/sources.html.

TBTF home and archive at http://tbtf.com/ . To subscribe send the
the message "subscribe" to tbtf-request@tbtf.com. TBTF is Copyright
1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use pro-
hibited. For non-commercial purposes please forward, post, and link as
you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.

___

Most recently updated 2000-10-18