Read the rest
Yesterday, Microsoft convinced a judge to let it take over No-IP's DNS service, shutting down name service for many websites, in order to stop a malware attack. Today, the company fake-pologized.
Read the rest
The City of London is a curiosity; it's the financial district within London proper, and it has its own local government, which is elected by the banks and other corporations within the district. This (literally) corporate-run government then operates its own police force, separate from the Metropolitan Police, with sweeping powers.
The City of London Police recently gave themselves the power to seize domains that they believed were implicated in copyright violation, and started sending officious letters to domain registrars demanding that the domains be shut down. This was a purely extrajudicial, ad-hoc procedure -- in other words, the City of London Police were just making it up. The letters they sent had no force in law, cited no evidence from a court, and were unenforceable.
Read the rest
Read the rest
The awesomesauce merchants at BeagleNetworks.net have engineered an appropriately epic set of internal routes, such that a traceroute to 188.8.131.52 produces the introductory crawl from Star Wars:
TraceRoute from Network-Tools.com to 184.108.40.206 [fin]
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 220.127.116.11 -
2 0 0 0 18.104.22.168 xe-4-2-0.er2.dfw2.us.above.net
3 3 3 3 22.214.171.124 ae2-109.dal33.ip4.tinet.net
4 36 36 36 126.96.36.199 xe-1-2-0.atl11.ip4.tinet.net
5 37 35 38 188.8.131.52 epik-networks-gw.ip4.tinet.net
6 21 21 21 184.108.40.206 po0-3.dsr2.atl.epikip.net
7 58 58 56 10.26.26.102 -
8 61 57 58 220.127.116.11 episode.iv
9 59 63 62 18.104.22.168 a.new.hope
10 59 58 61 22.214.171.124 it.is.a.period.of.civil.war
11 Timed out 58 60 126.96.36.199 rebel.spaceships
12 58 66 65 188.8.131.52 striking.from.a.hidden.base
13 60 60 60 184.108.40.206 have.won.their.first.victory
14 61 57 57 220.127.116.11 against.the.evil.galactic.empire
15 61 57 56 18.104.22.168 during.the.battle
16 61 58 60 22.214.171.124 rebel.spies.managed
17 57 59 62 126.96.36.199 to.steal.secret.plans
18 60 60 56 188.8.131.52 to.the.empires.ultimate.weapon
19 62 60 58 184.108.40.206 the.death.star
20 60 60 57 220.127.116.11 an.armored.space.station
21 61 64 61 18.104.22.168 with.enough.power.to
22 59 58 60 22.214.171.124 destroy.an.entire.planet
23 63 62 65 126.96.36.199 pursued.by.the.empires
24 62 59 Timed out 188.8.131.52 sinister.agents
25 59 61 60 184.108.40.206 princess.leia.races.home
26 62 60 62 220.127.116.11 aboard.her.starship
27 61 61 68 18.104.22.168 custodian.of.the.stolen.plans
28 64 60 62 22.214.171.124 that.can.save.her
My latest Guardian column is "Why did an MPAA executive join the Internet Society?" which digs into the backstory on the appointment of former MPAA CTO Paul Brigner as North American director of the copyright-reforming, pro-net-neutrality Network Society group, which manages the .ORG domain name registry.
I asked Brigner whether his statements about DNS blocking and seizure and net neutrality had been sincere. "There are certainly a number of statements attributed to me that demonstrate my past thoughts on DNS and other issues," he answered. "I would not have stated them if I didn't believe them. But the true nature of my work was focused on trying to build bridges with the technology community and the content community and find solutions to our common problems. As I became more ingrained in the debate, I became more educated on the realities of these issues, and the reality is that a mandated technical solution just isn't a viable option for the future of the internet. When presented with the facts over time, it was clear I had to adjust my thinking.
"My views have evolved over the last year as I engaged with leading technologists on DNSSEC. Through those discussions, I came to believe that legislating technological approaches to fight copyright violations threatens the architecture of the internet. However, I do think that voluntary measures could be developed and implemented to help address the issue.
"I will most definitely advocate on Internet Society's behalf in favor of all issues listed, and I share the organization's views on all of those topics. I would not have joined the organisation otherwise, and I look forward to advocating on its behalf."
Update: Joly sez, "After his appointment we (ISOC-NY) did pull Paul up on the carpet to explain himself - you can find the salient MPAA passage here
Carl Malamud sez, "Paul Vixie tells a real-life action adventure about the DNS Changer and Conficker plagues that are still active on the Internet and how he ended up running a center for disease control in addition to his day job. His day job, in case you're not familiar with isc.org, consists of helping keep the DNS going and as a sideline hosting a lot of important software and services like Mozilla, the Internet Archive, and many others (and a few lightweight low-volume clients like public.resource.org)."
Since the original court order that authorized ISC to install and operate these replacement DNS servers was due to expire on March 9 2012, a new DNS Changer Working Group (DCWG) was formed to handle victim notification and remediation. We had roughly four months to identify and notify half million or so DNS Changer victims, and to help these victims clean up their infected computers. Many victims would have to reinstall Windows on their computers — which at first was the only sure cure for this particular infection. On top of that, many of the victims have had their DSL or Cable modems ("home routers") reconfigured by the DNS Changer malware, so that they were using ISC's replacement DNS servers even if none of their computers are still infected and even if none of their computers were running Windows. Most Internet users do not have the skills necessary to check and repair the configuration of their home routers, and most Windows users are also unwilling to reinstall Windows. So, even when we could identify and notify a victim, we had a hard time "closing the deal".
We didn't make it. When March 9 2012 loomed, we still had hundreds of thousands of victims dependent on ISC's replacement DNS servers. Therefore the FBI asked the judge for an extension and we were given four more months. No fooling around this time, there won't be another extension, it's now or never, put up or shut up, etc. Noting that no private company or individual can legally operate this replacement DNS service on the open Internet unless they have a judge's permission to do so, many ISP's are now starting up replacement DNS servers inside their own networks, accessible only by their own customers, in order to control the risks they would otherwise face on July 9 2012 when the second and final court order is due to expire. But that kind of risk management isn't the same as cleaning up the problem. I don't think we want to "kick this can down the road". If an ISP wants to run a replacement DNS server for the purpose of forcibly breaking these computers, in small batches, to get their owners to call in and ask for help, that's one thing. But if it's just going to be a new permanent service that the ISP offers to these customers, count me as "opposed."
We as a digital society are much better at strategies for coping than we are at strategies for remediation.