2001-02-02

6:44:41 PM

• Market shares of gTLD registrars. Lee Campbell sent the following item, which I'm pleased to run more or less as received.

  What are the market shares of the gTLD registrars? You can dig this information out of the ICANN site (updated 2001-01-15).

  ICANN billed the gTLD registrars a total of $535,000.01 for a year ending 2000-09-30. From the individual charges you can see the market share of each company. Here are the top five and the bottom two.

    Network Solutions, Inc.  $310,642.39  58.1%
    Register.com              61,339.37   11.5%
    BulkRegister.com          34,671.76    6.5%
    Tucows.com, Inc.          31,517.03    5.9%
    CORE Internet Council
     of Registrars            18,651.90    3.5%
  
    Domainsite.com, Inc.     $     0.13
    Talk.com				                0.11

  Network Solutions now has less than 60% of the market. I don't know how rapidly the number of domains grew last year, but I'l' bet that even with growth factored in, this will show domain holders fleeing NSI in droves. Personally I was very happy the day I moved my last domain away from NSI.

  Another fact we can easily discern from these numbers is that the 56 competitors trailing the leaders shared more than 14% of the registration business last year. Seems like reasonably lively competition with few signs of consolidation, yet.

2001-02-01

8:30:22 PM

• Proposed IRS rule could limit the freedom to link. The US Internal Revenue Service is proposing a rule that might make it inadvisable for not-for-profit organizations to provide links on their Web sites to any political site. Wes Vernon tells the story on NewsMax. The proposal begins:

  The Internal Revenue Service is considering the necessity of issuing guidance that would clarify the application of the Internal Revenue Code to use of the Internet by [tax-] exempt organizations.

  Its real import of the proposal becomes later:

  Does providing a hyperlink on a charitable organization that engages in political campaign intervention result in per se prohibited intervention?

  In other words, the IRS is proposing to interpret any link to a political site from the pages of a nonprofit as evidence that the nonprofit is "engaging in political activity" and thus in danger of losing its 503(c) status.

  The IRS will take public comments on Announcement 2000-84 until February 13. Comments must be submitted in writing to the agency in Washington:

  Internal Revenue Service
  1111 Constitution Ave., NW
  Washington, DC 20224
  Attn: Judith E. Kindell

  Declan McCullagh pointed out that this proposal first attracted attention last fall -- I missed it completely then. The text is online at Tech Law Journal and available from FedWorld in PDF form (401 KB) at FedWorld.

  Many thanks to Dorr H. Clark for pointing out the story.

11:34:38 AM

• Hail and farewell, Blogger and Pyra. Read Evan William's essay on the difficult situation Pyra, beloved maker of the blogger world's uber-tool, Blogger, finds itself in. It's touching, it damn near made me bawl, and it makes me proud to be a human. Ev -- thank you. (Picked up from the Doc Searles Weblog.)

2001-01-30

7:16:44 PM

• Trampling DNS hierarchy underfoot. The Domain Name System was designed to support hierarchical naming. Almost nobody pays any attention to this elementary fact and as a result the Web is far harder to navigate than it needs to be. One of the few commercial Web sites using DNS hierarchy to good effect is Yahoo! -- viz. maps.yahoo.com, travel.yahoo.com, my.yahoo.com.

  Here are two examples, local to Massachusetts, of ways to flip a bird at the very concept of DNS hierarchy.

  • You might expect to find the Massachusetts Registry of Motor Vehicles, a state entity, at (taking a wild guess here) rmv.gov.state.ma.us. (What would make even more sense is rmv.state.ma.gov, but ICANN don't play dat.) Instead we find our friends at The Registry operating out of massrmv.com. Now that's intuitive.

  • A local radio station calls itself Ninety-Two Point Five The River. They say it just that way, without a comma. (Why The River? It's WXRV. Get it, XRV, river?... whatever.) They have set up shop under the domain name 5theriver.com. On the air they say to visit "ninety-two point five the river dot com," and in fact typing 92.5theriver.com into a browser's location bar takes you there. Perhaps we're meant to assume that some media group owns multiple radio stations, in different markets, called 92.5 The River, 99.5 The River, etc. Alas, such appears not to be the case. Unable to sustain the courage of their convictions, however misguided, WXRV has also activated www.5theriver.com for the benefit of those probably numerous souls who cannot get their minds around a URL that contains no triple-dub. And yes, of course www.92.5theriver.com works as well, how could you doubt it?

2001-01-29

11:02:10 PM

• Leasing rights to your life. Brett Fausett, proprietor of the invaluable ICANN Blog, performed a little exercise in red-lining earlier this month. After receiving a note from GreatDomains.com that its User Agreement had changed after its acquisition by VeriSign, Fausett retrieved the previous terms of service from Google's cache and compared old and new. The result is eye-opening. (Note: PDF file.) GreatDomains has expunged with extreme care any hint of a whiff of a possibility that you might take away any impression that you actually own a thing called a domain name. Fausett adds, "This was done mostly out of idle curiousity, as I've never bought or sold a domain name with Great Domains."

8:54:13 PM

• Bad BIND bugs. Updated 2001-03-02, 6:42 am: The original TBTF Log posting on the BIND bugs is below in light type. New development:

  ISC, the developer of BIND, has floated a suggestion of a fee-based membership forum for early vulnerability warnings. A copy of the e-mail sent to a company announcement list is posted here. According to ISC, "recent events" had suggested a need for a fee-based membership forum consisting of ISC itself, software and hardware vendors that include BIND in their products, root and TLD name server operators, and "other qualified parties... nominated at ISC's discretion." Not-for-profit members could have their membership fees waived. This story first appeared on Fairfax.com.

  CERT issued an advisory Monday on four bugs unearthed in versions 4 and 8 of BIND -- software that runs on most DNS servers worldwide. (BIND is the Berkeley Internet Name Domain server, supported by the Internet Software Consortium.) CERT took the unusual steps of issuing a press release and holding a news conference to urge sysadmins to upgrade BIND right now.

  What CERT describes as four bugs the ISC seems to regard as three, according to their vulnerabilities page (see the topmost three bugs listed). ISC rates the bugs as Critical, Moderate, and Serious respectively. The two most serious could potentially allow an attacker to run arbitrary code in a privileged mode on any DNS server with an affected version of BIND.

  CERT urged all BIND users to upgrade to version 4.9.8, 8.2.3, or 9.1. (BIND 4 is no longer actively maintained and ISC recommends using either 8.2.3 or 9.1.)

  Three of the bugs were found by the PGP COVERT Labs. According to CERT, these bugs "have been successfully exploited by COVERT Labs in a laboratory environment," but "To the best of our knowledge, no exploits have been released to the public." The ISC's description of the situation is more ambiguous. For all three bugs ISC says bluntly, "Exploits for this bug exist" -- whether in the lab or in the world they do not disclose.

  The Pittsburgh Post-Gazette's coverage quotes a CERT spokesman describing the pattern of exploits and attacks over time after the last BIND hole was announced, offering a glimpse into a possible future once exploits for the new bugs spread -- which the WSJ expects to happen "within days."

  Look to the bottom of the ISC vulnerabilities page for an exhaustive table of BIND versions and their status with respect to all 12 security bugs ever reported against BIND.

  Lots of press outlets have picked up the story. Newer links are at the end. TechWeb (Reuters) | InternetNews good tech details | Wall Street Journal | ZDNet | Pittsburgh Post_Gazette good background | LA Times (AP) | ZDNet | The Register.

  My article for this morning's Media Grok newsletter on the subject is here.

  BIND critic D. J. Bernstein, who calls the software the Buggy Internet Name Daemon, has written a DNS server of his own and offers a $500 reward to anyone who finds a security hole in it. Bernstein recalls that when embarking on the version 9 rewrite, Paul Vixie characterized the original (version 8 base) BIND code as "sleazeware produced in a drunken fury by a bunch of U C Berkeley grad students." Bernstein claims that whatever the provenance of the version 9 code, it is at least equally buggy.

11:03:18 AM

• Unnatural acts. Eric A. Hall, author of Internet Core Protocols, recently came across an old Slashdot discussion (note: loads over 177K) of tunnelling IP over DNS. This is, admittedly, a deeply perverted act. But when Eric pointed it out on the Irregulars' private mailing list, other denizens quickly dragged into the light examples of even more dubious practices.
  • Joshua Eli Schachter cited IP tunneling over email.

  • Jon Callas recalled IP tunneling over MIME.

  • Andre Uratsuka Manoel speculated on the possibility of tunneling IP over ICMP:

    Some people have hacked into an ISP and copied its user database by means of some pings with the data in the packets... I also know of people who hide backdoors by only activating them when the attacker pings the machine with packets of a certain size.

    

  • Chris Olds trumped with an RFC dated 1990-04-01: IP datagrams by carrier pigeon. RFC 1149, A Standard for the Transmission of IP Datagrams on Avian Carriers, outlines an excellent choice for "high delay, low throughput, and low altitude service." Other desirable features:

    ...many carriers can be used without significant interference with each other, outside of early spring. This is because of the 3D ether space available to the carriers, in contrast to the 1D ether used by IEEE802.3. The carriers have an intrinsic collision avoidance system, which increases availability.

    Chris concluded with the fanciful error message Connection Dropped -- No Carrier (ECAT): pigeon eaten.
  

  Updated 2001-01-29, 5:14 pm: TBTF Irregular John LoVerso points out that RFC 1149 has been updated (by the same perv^Wauthor) for QoS. See RFC 2549, IP over Avian Carriers with Quality of Service (1999-04-01).

  The following quality of service levels are available: Concorde, First, Business, and Coach... [Note -- Concorde seems no longer to be offered. -- ed.] The ITU has offered the IETF formal alignment with its corresponding technology, Penguins, but that won't fly... Carriers may be lost if they are based on a tree as it is being pruned.

2001-01-28

7:10:18 PM

• In real time. Here on one handy page are all manner of tracking links to real-time data about the earth and its neighbors, including:
  • how the sun looks now in X-ray light
  • the phase of the moon
  • Mars's position, phase, and temperature map (a high of 210 Kelvins, brr)
  • a US weather map
  • world ocean temperatures
  • recent US earthquake activity

  Unlike many an academic collection of links, U.Montana professor Tim Slater's page initially loads thumbnails of visualizations of many of these data. It's strangely satisfying.

  Thanks to Richard M. Koolish for the link.