No Such Weblog

Spammers cause ever new embarassments. This week-end, we were visiting my parents. Thanks to Apple's excellent OS X, they are reasonably comfortable with their computer (well, mostly) which mostly serves as a repository for digital photography, and for exchanging e-mail and instant messages with me. Fortunately, their e-mail addresses haven't made it onto any spammers' lists, yet. You can probably imagine my surprise when I was suddenly questioned about some porn they had recently found in their inbox. The solution: This wasn't porn addressed to them, but a bounce message. Some spammer had, apparently, guessed my father's e-mail address (<first name>@does-not-exist.org; the first name isn't that rare), and had been using it as the sender's address for obscene spam. That spam hadn't reached the intended recipient, though, but my parents. No, I'm not suggesting that "adult content", "obscenity", or whatever you want to call it be banned online. But I don't want to be asked by my parents where that porn in their inbox comes from, either.

In more pleasant news on the spam front, Wired reports that Dutch police have arrested 52 people suspected of being involved with Nigerian scam schemes.

The GNSO Council's call for this week has been cancelled. The call's purpose would have been to discuss a staff-manager-prepared summary of constituency statements for the new registry-services PDP. That summary has not yet been sent to the council, but is expected within the next 24 hours, we're told. The council now plans to discuss this report on February 19.

This is turning into an increasingly absurd pattern of staff promises that are then broken. I'm tempted to talk about a systemic failure that began when the new wishful-thinking PDP was adopted during the reform process.

Susan Crawford has background information on today's congress hearing: At that hearing, the Subcommittee will be considering a new Whois bill creating new penalties for people who provide false data when registering a domain name.

The hearing will be webcast. A witness list is not available.

Later: The committee's schedule page refers to this as an oversight hearing; on the subcommittee's page, it's now a legislative hearing on HR 3754 (text here; thanks to Susan Crawford).

Some preliminary notes from listening to the WHOIS hearing's live webcast: Testimonial was heared from Tim Trainer (IACC), J Scott Evans (INTA; former GNSO Council member and IPC chair), Rick Wesson (registrar constituency CTO), and Mark Bohannon (Copyright Coalition on Domain Names). All witnesses supported the bill.

Besides the usual "whois is important" statements, Rick Wesson testified about his fraudit system, and pointed out that registrars have no business incentives to verify contact data supplied to them as long as they are paid. He seemed to suggest that additional lelgislation was needed in order to create such incentives. (I may have mis-heared him on that point, though.)

J Scott Evans repeatedly said that ICANN efforts on WHOIS accuracy were busy discussing procedure, not substance. I wonder how he came to that conclusion -- Task Force 3 is, after all, chaired by a member of the IPC, and (I'm hearing) currently attempting to reach out and collect input on available accuracy verification mechanisms. Outreach seems stalled, though, because relevant contact information is lacking.

I'm planning to re-listen to the webcast once it's available; I may have more then.

As Kris Köhntopp points out over and over again, file sharing can give consumers a level of comfort and value that money, unfortunately, can't buy these days.

A friend points me to a great recording of Brahms' German Requiem (Leinsdorf with the Boston Symphony). I want to buy that recording as a christmas gift for my father -- it's not available on this side of the Atlantic, I'm told.

I order the sound track for Chicago (dozed through the movie on a trans-Atlantc flight some time ago, still want to get the sound track) from Amazon -- it's three weeks and counting now, and I was just told that it may take some more weeks.

Add to this Kris' observation that CDs often come with copy protection mechanisms these days which aren't effective against determined attackers, but can break players; that digital music is either unavailable legally, or DRMed to the extent that it's not portable across player platforms (and technology generations); add to this that MP3s are not so encumbered.

Then, why on earth, should people pay money to be allowed to wait a month for a product that may quite well be inferior to what's available almost freely and almost immediately, can be used across platforms, and is available in formats that are suitable for long-time archival?

The written testimony from yesterday's WHOIS hearing is now available online: Timothy Trainer, J. Scott Evans, Rick Wesson, Fraudit Info Sheet submitted by Mr. Wesson, Mark Bohannon

Rick Wesson, by the way, indeed testified what I thought I heared yesterday: I do support the proposed legislation as a step forward and hope it will deter those intent on registering domains with fraudulent contact data. While it might indeed have a deterrent effect, we cannot solely rely on industry regulation to prevent false and invalid registrant data from entering the Whois database. ... Please add a requirement that registrars be involved in validating a potentially accurate representation of those they register. Don’t miss this opportunity to evolve the Internet beyond the wild, wild west toward the safety of any civilized community.

Implementation of the transfers consensus policy is getting closer; an update with a proposed implementation has been posted to ICANN's web site. There'll now be a two-week comment period for registrars, registries, and -- through ALAC -- the public at large. For details, see alac.info.

(That said, it was a pleasure to serve on the Transfers Assistance Group that drafted the proposed implementation.)

Washington Post, VeriSign Reconsiders Search Service (TechNews.com): Stratton Sclavos, chief executive of VeriSign Inc., told investors in a conference call last month that the company might relaunch its "Site Finder" service as early as April.

(Link credit: IP.)

Seems like someone complained to the bugtraq moderators about this message, claiming that it was spam, presumably abusing my e-mail address. Of course, the message was indeed legitimate, it was indeed sent by me, and it was not fake.

The Washington Post reports that Sunday's British Airways flight 223 from London to Dulles has been canceled again; the Department for Homeland Security says that cancellations for security reasons are going to be routine activities.

The article has two quotes, though, that sound like BA believes their flights are being cancelled because of false positives: (1) The airline was able to accommodate all of the 184 passengers scheduled for Sunday's flight to Washington on its two other daily flights from London to Dulles or at later dates. (2) British Airways officials, concerned that the focus on the flight has something to do with its number, are discussing whether to change the number or slightly alter the departure time, an aviation source said.

Assume there's really a terrorist that wants to board that flight. Then that terrorist isn't a danger on one of the other flights the same day? And that terrorist isn't a danger when the flight is given a different number, or the departure time is slightly altered?

WHOIS Task Force #2 (review of data elements collected and displayed) is still looking for input. Only few responses have been received so far.

Input will continue to be useful when submitted this week. The plan is to have a report on the input collected ready by Rome.

After last night's blog spam attack has painfully exposed the lack of rate limiting in the version of movable type that I was using (and the lack of resource limits on my web server), I've gotten a little paranoic about my web server logs. One particularly remarkable feature that only seems to show up quite recently consists in "random" user-agent strings; there are numerous queries of this kind from a relatively small number of IP addresses, apparently DSL-connected machines.

It's relatively obvious that some kind of robot is behind this -- does anyone have an idea what's going on here, or does this sound familiar in any way?

Later: Things should be somewhat more robust now. Resource limits are in place, the back-end has moved to MySQL, and blog items are automatically closed for comment after seven days.

On its conference call earlier tonight, the GNSO Council re-elected Alejandro Pisanty to the board, with the votes of all council members who attended the call.

Besides that, the council discussed various procedural issues, and approved the proposed time lines for the WHOIS Task Forces. These time lines now need to be approved by the board -- a good example for the unhealthy board-and-bylaws micro-management that the new PDP has brought to the GNSO.

Discussion of substantive issues was essentially deferred to Rome. There, the GNSO will hold workshops on all ongoing policy-development processes.

MP3 recording here.

If you look at the Summary of Constituency Statements on Future new Services or Actions by gTLD Registries on the GNSO web site, you'll notice that the gTLD registry constituency -- presumably the constituency most directly impacted by the ongoing PDP -- is the only GNSO constituency that has not submitted a constituency statement in this process. From a statement on this process submitted to the GNSO by Neulevel, we now learn that the reason for the gTLD registry constituency's silence is lack of consensus.

Neulevel's submission includes a detailed description of a possible review process. Although I haven't digested the details of this proposal, yet, I'd recommend a look -- as far as I know, this is the first time that one of the gTLD registries speaks on the record about detailed ideas for a "registry services process."

So we're back to anonymous rumors at ICANNwatch when it comes to learning about board decisions. That's the kind of scenario that preliminary reports from board meetings are supposed to prevent. According to the bylaws, these reports are due five business days after a board meeting; in the past, they were often available on the day of a board phone conference, or -- when late -- on the next day.

Today, we're still waiting for the preliminary report from January 15 -- for instance, was the bylaw change that was up for comment before that meeting actuallly adopted?

And I don't even dare to hope that we see a preliminary report from Wednesday's telephone conference before Rome.

PS: I'd love to be told that the preliminary reports are hidden in some unknown corner of the ICANN web site and that I'm just too stupid to find them. But I don't believe that's the case.

ICANN has finally -- on 20 February -- posted the preliminary report from its 15 January meeting. On the proposed bylaw change (number of constituency representatives on the GNSO council), the preliminary report notes that ICANN had solicited comments, but that none were received. The bylaw change was then adopted as proposed.

Unfortunately, the assertion that there were no comments is simply not true. I sent e-mail to John Jeffrey on January 12 pointing out that the terms for council members proposed in the bylaw amendment were inconsistent with the concept of having staggered terms on the council; I know that at least one further comment on this was sent to Jeffrey.

I'm currently looking at "proxy registration providers", i.e., at firms that offer domain name registrations where WHOIS records don't identify the actual registrant, but the proxy service. I have, so far, found the following providers (quite a few thanks to hints contained in the ISPCP's submission to Task Force 2):

• Aplus (known in registrar listings as Abacus America) offers "unlisted" domain name registrations through a sister company. I was not able to find any terms and conditions on their web site, but that may have something to do with browser compatibility issues.
• Domains By Proxy is a sister company of accredited registrar Go Daddy. Terms and conditions.
• IDdp appears to be affiliated with accredited registrar Key Systems GmbH. Terms and conditions.
• Katz Global does domain name registration for cash and e-gold, and does not collect any information except for an e-mail address. Terms of Service; Acceptable Use Policy.
• Silent Register appears to be an enom reseller; Terms and Conditions.
• ProxyOne also seems to be an enom reseller; Terms of Service.
• 1001 discrete resources uses contact information in Panama, and gives an Antigua address in its registration agreement. Limitations; registration agreement.
• alpina1.net is, according to WHOIS, owned by Mr. Dagobert Duck from Hanoi. This may be a Tucows reseller. Recommend e-gold as payment method. Terms and Conditions don't give much information about their "unlisted registration service."
• anonix doesn't offer much information; the approach is apparently to collect as little information as possible. Acceptable Usage Policy; Domain Registration service description.

Am I missing any known services of this kind? Are there any "war stories" about the conditions under which information about registrants is actually disclosed by those providers that collect it? Comments welcome.

The ICANN blog aggregator has been rebuilt from scratch. Besides being much simpler and more efficient than the old code, the new code also leads to a shorter delay until updates about which the aggregator is notified by a weblogs.com-style ping are actually incorporated. The most visible changes are probably the re-direct to the script that generates the index page dynamically, and the changed layout. Any comments welcome. Remarks about the layout are only accepted, though, when accompanied by a new style sheet.

First, as an all-time favorite, most corkscrews. The classical waiter's knife with corkscrew is about the best thing you can get (and you can get it much cheaper than Google's first hit for "sommelier knife"!), but that does not keep suppliers from flooding the marketplace with useless alternatives that usually tear the cork apart, or leave cork rests in the wine. The one on the photograph is kept for educational purposes only.

Second, a recently-discovered stupidity, Samsonite's Malaga travel bag. This bag comes with a small padlock (the same lock and key is used for all Samsonite products, it seems, but then again, this lock does not even try to look like it offers serious protection), a more robust combination lock, and a back zipper which can't be locked, and gives easy access to the bag's main compartment.

Third, the keyboard in my trusty Dell laptop. A critical part of the mechanism is a relatively thin piece of tin that must be bent in the right way -- and, of course, is distorted over time, with all kinds of not so funny effects on my typing habits. The distortion effect is particularly strong with the shift and control keys, but can fortunately be fixed with a little bit of tinkering. The stupid assumption, though, that tin doesn't exhibit unelastic distortions, seems to have been commonplace in Dell hardware design for quite some time. I still remember some "workstations" which provided comfortable access to the PCI bus, but required re-bending some critical tin parts after the third exchange of a faulty PCI card.

Washington Post: Suit Challenges Powers of Key Internet Authority (TechNews.com)

VeriSign has sued ICANN over SiteFinder, and -- apparently -- also over delays in IDNs and WLS. Essentially, it seems like the new registry services issue has just been moved from the GNSO to the court system.

Discussion at ICANNwatch.

I'm at the ICANN meetings in Rome, and it seems like this is a bad place for anonymity, and, for that matter, the end-to-end Internet. Not only do you have to present a photo ID when purchasing a pre-paid GSM card (+39-3394227447) -- access to the wireless network at the meeting is also designed to prevent anonymous access to communications from happening. Standard at ICANN meetings (delivered by organizers even in China and Tunisia) is open Wi-Fi, with routed IP addresses and fully transparent access. In Italy, we're told, that can't be provided because of some obscure law, so we get individual user IDs and passwords for logging into a 10.* network that's hidden behind a NAT box and a couple of more or less transparent proxies that get into peoples' way when, for instance, securely connecting to a home mail server, and inject silly service provider logos while surfing the web.

Security scanning devices photo taken in Vatican yesterday, where airport-like screening is applied to visitors to St. Peter's cathedral; more tourist photos here.

Update, Monday morning: Network connectivity looks much more transparent now.