Forgot your password?
typodupeerror
The Internet

UPDATED: OpenSSH Domain Name Controversy 364

Posted by Hemos
from the domain-squatting dept.
Bowie J. Poag was one of the folks who wrote to us about the domain name controversy regarding OpenSSH. (I've included the full letter below). They're in the interesting situation of /having/ to be a .com, because a squatter has taken the openssh.org domain name. Read the letter below - it's a stickier situation than the other squatting issues we've talked about. Update: 03/07 04:58 by E : Alex de Joode has written his own response here. I hope this can be resolved amicably.


Please be advised that OpenSSH.ORG is NOT the official domain name for OpenSSH development. The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community. The correct Web and e-mail address for the OpenSSH development effort is OpenSSH.COM instead of .ORG.

The OpenSSH developers wanted to register under the .ORG top level domain, traditionally meant for non-profit organisations such as OpenSSH, but the name had already been taken. They settled for the .COM in the interim.

The .ORG name is currently held by Mr. Alex de Joode <adejoode@zedz.net>, a proponent of open source cryptography who runs his own free crypto portal hosted by xs4all.nl, a well-known and respected Dutch ISP. Mr. de Joode has repeatedly refused requests to sell or turn the .ORG name over to the OpenSSH developers. This leaves us no choice but to issue this advisory.

The OpenSSH.ORG Web site currently is a blank page with a link to the official site. Please do not visit the .ORG site, nor send e-mail to anybody at the .ORG address. This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution.

Any help or suggestions in breaking the deadlock are appreciated.

Regards

For the OpenSSH developers, Louis Bertrand <louis@openbsd.org>
This discussion has been archived. No new comments can be posted.

UPDATED: OpenSSH Domain Name Controversy

Comments Filter:
  • by Anonymous Coward
    Y'know, this isn't the first time there have been ugly political battles fought by the guy in charge of OpenBSD, with ambiguous morality involved on both sides of the issue. That's how OpenBSD became its own entity to begin with.

    On the one hand, that event seemed to stem from some not so great communications that weren't entirely the fault of either party. On the other hand, the OpenBSD parties went out of their way to be spiteful and power grasping once the situation got out of hand. If the situation was really different, they were unable to convince the outsider through the information they were allowed to disclose. That whole event _seemed_ like a fit of spite in revenge for not getting access to a source tree, whatever the real reasons were they were not communicated well.

    Now a similar situation comes up. The OpenBSD folks may or may not have been wronged, but the only information I can see points to the OpenBSD side being spiteful and mistrustful. It's more a matter of communiation style than the content of what was said and done. If the OpenBSD folks want me to sympathize over this domain name issue they'll have to communicate in a different style, because this one has failed to convince twice in a row.

    I say this as a very strong admirer of OpenBSD project and its work, people with less admiration for the project are likely to see the situation in an even more negative light.

    Go ahead, I know I'll be "troll-branded" for this. Not as if I post often anyway.

  • by Anonymous Coward
    The OpenSSH group is just helping people think that domains are more important than they actually are, thereby motivating squatters further.

    OpenSSH is an open source project. They aren't making any money off it. Just put everything at www.openbsd.org/openssh

    People want to install OpenSSH. They will find it no matter what domain its under.
  • by Anonymous Coward
    One: why not openssh.net? I think it suits the project better than openssh.com or openssh.org anyway, given the nature of the project.
    Not unless they've suddenly become an ISP.
    Two: Why won't this guy just let them use the domain name? He's not using it for anything. This isn't a typical squatting case either, because he's not even trying to sell them the name. Though frankly, that frightens me even more; what could he want with the name, if he doesn't intend to sell it or to use it for a legitimate site?
    Funny, I could have sworn this exact concern was raised in the article.
  • I don't know what the old version looked like, but the current web page is the perfect way to settle any and all domain name disputes: Simply create a replacement for the 404 page that points to all the other domain names. Hell, you can even do similar things for email, ftp, telnet, etc. If openSSH has any complaints to make about this web page, I say they totally deserve to be a .com 'cause they're already acting like one.
  • That's because .com was taken, and everyone else was already doing .coms.
  • Two: Why won't this guy just let them use the domain name? He's not using it for anything.

    Whoa, whoa, whoa. Who's position is it to decide what a site contains? As a new domain holder, I take great offense to this. If he were just begging $10,000US for the domain, it had just porn banners, I could see a case being made. But he isn't doing these. He is providing a list of free SSH programs. People here bitch about government "intruding" on the Internet with taxes, filters and the like. I will have much more fear if these decisions are made by bands of hooligans who are just unhappy. The OpenSSH group had a good ten days to register the .org (see whois listings for both), they didn't. They only registered openssh.com. Now is not the time to come back whining because they failed to do it.

  • Even if this isn't the case, there will be web log files which could be used for data mining.

    How about openssh.com - someone wanna prove to me they've turned logging on their httpd off so that they aren't collecting log files that could be used for data mining?

    WTF is your point?

    ...j
  • It strikes me as somewhat strange that are very few posts on this thread talking about the update to the story, which was submitted many hours ago. A flood of posts came right after the story was posted, some doing the usual juvenile 'I know nothing about this case but I hate this squatter anyway' thing and some actually advocating waiting until the whole story was out. Now it seems that the whole story is out and nobody wants to talk about it. Is Theo de Raat such a beloved figure that nobody wants to recognize that he seems to have acted like an ass in this matter? Of course I have little information besides Theo's letter and the response but it seems like an apology is in order from both Theo and the Slashdot crew. I hate to think that /. will become a place that posts anything by an Open Source advocate even when it turns out to be a personal vendetta or something else of that sort.

    Of course I hope that this post will not be moderated down but my karma can take it and I had to say something so if you feel the need to mark me down, feel free, just please don't do it because I said Slashdot isn't perfect or that Theo might be human.

  • es, and I've only seen one ISP (UUNet) which actually uses that as their primary address.

    Sprint's Internet backbone is called sprintlink, and their address is sprintlink.net. And in Toledo, we have glasscity.net, and in Ann Arbor, ic.net and voyager.net.


    ...phil

  • Yeah, and through "Network Solutions", too. Man, they're pure evil. Of course, the other "real" site is entertaining too.

    Note that, to my knowledge, OpenSSH and OpenBSD both have nothing to do with "The Open Group", and that group has nothing to do with actually being open... Go figure.

    [whois.corenic.net]
    Registrant Todd T. Fries (template COCO-21730)
    OpenBSD, the REAL open group
    1523 North Pierson Apt F
    W. Peoria, IL 61604 USA

    Domain Name: openssh.com
    Status: production

    Admin Contact, Technical Contact, Zone Contact:
    Todd Fries (COCO-21731) todd@fries.net
    +3096739259

    CORE Registrar: CORE-80

    Record created: 1999-10-25 08:44:41 MET by CORE-80

    Domain servers in listed order:

    zeus.theos.com 199.185.137.1
    cvs.openbsd.org 199.185.137.3
    ns0.fries.net 209.251.96.130

    Database last updated on 2000-03-07 03:55:07 MET

    To optimize query speed and answer correctness see the
    --help option. Depending on your whois client use
    whois -h whois.corenic.net HELP
    or
    whois HELP@whois.corenic.net

    ---
    pb Reply or e-mail; don't vaguely moderate [152.7.41.11].
  • I know. It was around before we knew what squatting was. I quote myself:

    Okay, so openssh.org got taken. This happened to altavista, and countless other "big names" on the web. Some guy registers "your" name before you do, so you settle for another one.

    Did I say squatting? I don't think so. Without following your link, I believe my description that someone took "their" name, i.e. the name that they wanted to use and thought was rightfully theirs because they were so attached to it, was correct. This doesn't take the intent of the original domain registrant into consideration.

    And "squatting" is when you're using land that rightfully belongs to someone else. I don't know if this is that good an analogy in the first place, because domain names don't "belong" to anyone until they get registered. You can't squat on land that no one owns, and you definitely can't squat on land that you yourself own!

    The only thing that's evil is when someone wastes a whole domain for something stupid, when it could go to something useful. That might be the case here, but let's wait and see first.

    The OpenBSD community is known for their flamewars and bad feelings on both sides of the fence: that's how it was founded. This might be another one of those stupid pissing contests. And if someone flames me for saying so, I'll consider it further proof. :)
    ---
    pb Reply or e-mail; don't vaguely moderate [152.7.41.11].
  • that's how it has been!

    --

  • by mattdm (1931)
    .net wasn't for the company-related systems -- it was for the infrastructure stuff. So the web page of a backbone company would be .com -- but their routers would be .net.

    Theoretically, of course.

    --

  • Why do we trust that they haven't inserted bogus code in the OpenSSH source? When is the last time you looked at the code, and compiled it yourself, rather than downloading the precompiled packages?

    Open Source doesn't require everyone to look at the source in order to prevent that, it just requires that enough people do it so that the word gets out of there is something like that going on. What are the odds that no one has looked at the OpenSSH source? Let 99% of the people download and install precompiled packages if they want. This doesn't hurt reliability or security in the slightest. Preventing the other 1% from seeing the source is what hurts.

    In short, the principle is "many eyeballs", not "every eyeball".

    --

  • While reviewing my recent points I noticed your questions. I don't know that you'll ever see the responses, but here goes...

    "WTF is your point?"

    My point was that the cutoinary stance of the original message wasn't so out of line, and that the post I was responding to was potentially incorrect to state their were no scripts.

    I didn't mean to imply that they nessecarily were collecting information, or that any other site wasn't doing so.

    My point was just that the original statement which I was critiquing went to far. I was attempting to help that posts author understand that the claim "Certainly looks harmless enough to me." might be misguided.

  • Even if I think I can guess the address Google is going to list the real site first. After all I would not want to wind up somewhere like www.whitehouse.com by accident.

    Since you have added a link to whitehouse.com from a highly rated site (slashdot) you are slowly making google think you want the wrong answer here...

    Incidentally (slightly OT) speaking of people tracking what you are doing and all that, what is the scoop with @HOME's proxy servers? The only reason that I can see for them wanting you to use their proxy server is to track users. And boy do they go out of the way to force people to use their proxy server!

    They might want the proxy to track users, but only as a very secondary reason. The real reason is @Home has limited bandwidth to "real" national backbone ISPs, and using a local cache will help conserve that expensave (to them) resource. If they put caches close enough to the users it also reduces the load on whatever backbone they have built themselves.

  • The company that regiestered it was named AltaVista. It was poor judgment on Digital's part not to name it something with a name already in use and a domain previously registered. Though the company that did own AltaVista.com later capitalized I'm sure they also encountered way more traffic than they were planning for on their website.

    Altavista Domain Story [searchenginewatch.com]

  • He does'nt need this domain. He just registered it after OpenSSH was released. It's just lame.
  • Indeed. I read the correction and felt defrauded. I trusted the OpenBSD guys bc I knew they were doing a great work ... now this is just plain lame. Damn. I have to apologize for what I said earlier.
  • I remember coming to the internet about 7yr ago and reading FAQs and such... then it came time for me to apply my wisdom... Boy, was I mistaken that guidelines would be heeded.

    I wonder if NSI's "reserve ALL TLDs with your name on them!" marketing could have just a little to do with the squatting thing, or the inappropriateness of others' domain names (ie, a for-profit .org) ... It's a wonder that the .edu space is still straight.

    (heh... I recently got marketing from NSI telling me I should "register .NET and .ORG versions of your domain" too...)

    --

  • Even if I think I can guess the address Google is going to list the real site first. After all I would not want to wind up somewhere like www.whitehouse.com [whitehouse.com] by accident.

    Of course that means that I have to trust Google...

    Incidentally (slightly OT) speaking of people tracking what you are doing and all that, what is the scoop with @HOME's proxy servers? The only reason that I can see for them wanting you to use their proxy server is to track users. And boy do they go out of the way to force people to use their proxy server!

    Cheers,
    Ben
  • I was asked by Niels Provos (OpenBSD/OpenSSH) to talk to Alex de Joode about this issue back in november, because I seemed to have some neutral position in this and just happened to know both
    sides personally.

    As far as I understood the issue, Alex was concerned that the OpenBSD people would make OpenSSH too focused on OpenBSD. Apparently talking with Theo de Raadt didn't help any. In an email to me he offered them DNS references from www/ftp/cvs
    .openssh.org to any host(s) that Niels would supply, but he wanted to keep control of the domainname just incase it indeed would get focused on just OpenBSD. I conveyed that message to Niels, but don't know why this issue never got properly resolved. But I know the silly namecalling and the pointer at the .com side pointing out Alex is a squatter shows a lot of unprofessionalism from the OpenBSD people.

    Paul Wouters
  • You'll have to ask Alex, but even to me the distinction between openssh and openbsd is already quite unclear and it does seem to be overly focused on openbsd. This isn't domain parking, it
    is using a common logical domainname to offer information. Alex wants the name to indicate free ssh implementations, and not just one single group developing one single implementation. You can then argue who should have the name but that is pointles, because the first-come first-server principle holds true in that case.

    As for who thought of the name and who leaked out what, I have no clue nor interest.

    Paul
  • What do they do to persuade you to use their proxy servers? I don't use them here, after the clueless cable guy left I removed the Proxy settings from my browsers, and all works fine, been that way for 6 months.

    Then again, my @Home may be non-standard, a friend of mine downloaded a whole CD from me last week, and said "You must not have AT&T @Home" and I told him that I did. He was amazed because I don't have an "upload cap" which apparently others do, he was getting a steady 60K/second FTP'ing from an old CD-ROM drive on a P5-120 in my basement.

    If it helps, I'm in Waterloo, Iowa and I'm on the 24.6.200.* subnet.

    Does anyone know anymore about this? I've often wondered if I'm on a "main" subnet or something, since the DNS servers are 24.6.200.15 and 24.6.200.17, it just seems strange that they'd have 2 DNS servers for every subnet.
    ---

  • I like that one.

  • I have a log file from a chat sesssion starting
    '10/24/99 5:27am' and ending '10/28/99 6:18pm'.
    Within this chat session I pasted the following:

    <fries> Whois Search Results
    <fries> Search again:
    <fries> Whois Server Version 1.1
    <fries> Domain Name: OPENSSH.ORG
    <fries> Registrar: NETWORK SOLUTIONS, INC.
    <fries> Whois Server: rs.internic.net
    <fries> Referral URL: www.networksolutions.com
    <fries> Name Server: NS2.KYARITSU.COM
    <fries> Name Server: NS1.KYARITSU.COM

    So I know it was prior. I think you should use the same whois server when doing your query. Otherwise you're comparing apples to oranges. Try using whois.internic.net and you'll see that this
    person registered the domain 9 days before I registered OpenSSH.com ...

    Domain Name: OPENSSH.COM
    Registrar: CORE INTERNET COUNCIL OF REGISTRARS
    Whois Server: whois.corenic.net
    Referral URL: www.corenic.net
    Name Server: CVS.OPENBSD.ORG
    Name Server: NS0.FRIES.NET
    Name Server: ZEUS.THEOS.COM
    Updated Date: 25-oct-1999

    Domain Name: OPENSSH.ORG
    Registrar: NETWORK SOLUTIONS, INC.
    Whois Server: whois.networksolutions.com
    Referral URL: www.networksolutions.com
    Name Server: NS2.KYARITSU.COM
    Name Server: NS1.KYARITSU.COM
    Updated Date: 15-oct-1999

    Please get your facts straight before suggesting
    that I fell asleep and that I don't know what I'm doing when I determined that the OpenSSH.org domain was registered back in October when I attempted to register it and the domain registrars told me so..

    BTW, just because the person who contributed
    the registration money is in Peoria, IL, that does
    not by any means suggest the project iself is
    located here.
  • Did a little research: (whois)

    OpenSSH.com:
    Record created: 1999-10-25 08:44:41

    OpenSSH.org
    Record created: 04-Nov-1999.

    Hmm...

    So how did he squat the domain and force them to register openssh.com 9 days after they registered openssh.com?

    If there's a reason not to trust the whois record dates, I'll accept that as a refutation.

    --Shoeboy
  • Ah yes, but look at it this way. Say I have a project called freessh and I want to increase traffic. I know that people looking for an open source ssh program are (assuming they're too stupid to use a search engine) most likely to type openssh.org or freessh.org or gnussh.org. So for 15 bucks I go register openssh.org. That's legit right?
    Now the openSSH groups argument rests on the claim that he registered it after learning of the existence of the openssh team. This info was apparently "leaked" rather than released. So it may be that Mr. de Joode had never even heard of the openssh project. Until we hear from Mr. de Joode, our only source of info is a group that has attempted to play to the paranoids in the audience with a load of security/privacy FUD.
    --Shoeboy
  • >>"net" was traditionally intended for use by network service providers.

    >Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the .net TLD, but it's nothing more than a redirect to the .com address, which is by your definition another "ridiculous misuse of the namespace."

    Yet Another example: att.com is AT&T, the company (and user@att.com is an employee); att.net is AT&T WorldNet Services and other ISP stuff (and user@att.net is a customer).
  • by Pope (17780)
    NO! Don't provide free links to the site in question [openssh.org] because he's probably using Open Source software and the Slashdot effect won't work!!! ;)

    Pope
  • It's not entirely clear to me exactly what's going on, apart from the fact that the InterNIC servers can't even seem to agree with each other about when the domain was created:

    $ whois -h whois.networksolutions.com openssh.org

    Registrant:
    Open SSH Project (OPENSSH2-DOM)
    Zaanstraat 250
    AMSTERDAM, NL-1013 RZ
    NL

    Domain Name: OPENSSH.ORG
    ...
    Record created on 04-Nov-1999.

    $ whois -h whois.internic.net openssh.org

    Domain Name: OPENSSH.ORG
    Registrar: NETWORK SOLUTIONS, INC.
    Whois Server: whois.networksolutions.com
    Referral URL: www.networksolutions.com
    Name Server: NS2.KYARITSU.COM
    Name Server: NS1.KYARITSU.COM
    Updated Date: 15-oct-1999

    I give up.
  • http://slashdot.org/article.pl?sid=00/03/06/203624 2 [slashdot.org]
    http://www.deadly.org/article.php3?sid=20000306151 402 [deadly.org]
    http://www.deadly.org/article.php3?sid=20000306030 924 [deadly.org]
    http://www.deadly.org/article.php3?sid=20000306023 532 [deadly.org]


    Who are you ?
    .: I'm Alex de Joode, I operate the ZedZ ftp site which is propably the largest cryptography oriented ftp site in the world. I also ran an anonymous remailer for 4.5 years and currently host an anonymous remailer and operate an mail2news gateway so people can post anonymously to usenet. I'm in the process of setting up a new remailer.

    Who are "they" ?
    .: "They" are the OpenBSD core team represented by Theo de Raadt. [theos.com]

    What's this document about ?
    .: I received a lot of request to tell my side of the story, since it's impossible to reply to all people in detail, I decided to setup this page to answer the most common questions.

    Why did you register openssh.org ?
    .: The company I work part-time for allowed me to investigate the kickstart of a open/free ssh server client combo that was compatible with ssh1 and could run on Linux/Solaris.

    The project title was, guess what ... 'openssh' ...

    I learned from LWN that there was an other group working on an openssh version so I contacted Theo de Raadt and asked if he was interested in developing a port for Linux/Solaris. He told me that they were only interested in developing a version for OpenBSD.

    I registered openssh.org and was trying to find someone to do the porting. Unrelated to my activities Damien Miller started a succesful porting effort for Linux/Solaris, so there was no necessety for my search to continue.

    Why didn't you give away openssh.org to openbsd ?
    .: Actually I tried. I mailed Theo de Raadt and told him I was willing to give control of the opensh.org to them provided they added links to other open/free ssh projects on 'their openssh.org' page.

    Then why do you still have openssh.org?
    .: Theo de Raadt first agreed and suggested I register http://www.freessh.org [freessh.org], which I promptly did, but later he canceled the deal telling me:
    "We're not going to get ripped off by someone we don't trust".

    What happend then (part 1) ?
    .: Theo sent me some nasty emails and I didn't hear from him again untill the 1st of March. I offered other openssh developers the use of www,cvs,ftp and mail, but they declined. As a service to the community I rewrote the openssh.org URL to openssh.com so people would be transfered to that domain automaticly.

    What happend then (part 2) ?
    .: Theo sent me an email demanding I remove the mx records for openssh.org. Theo must have known this demand was impossible since rfc822 [faqs.org] requires that postmaster@domain is a valid email address. Without mx this is not the case, and I would violate this requirement.

    We exchanged some email about/with the word please and we summarized the November email exchange.

    And then ?
    .: Theo sent me a message telling me he would post a banner on openssh.com to warn people, he would post a message to BUGTRAQ and there would be story on slashdot.org. Handing over the domain would stop that.

    So what did you do ?
    .: Nothing, I was surprised someone was trying to coerce me.

    Did other people contact you ?
    .: I received a sudden influx of messages most cc'ed to openssh@openssh.com requesting me to hand over openssh.org, some seemed to believe I was reading their mail, while others were angry they couldn't receive mail @openssh.org. Since I offered the use of www,cvs,ftp and mail to the openssh developers this strikes me as strange.

    How is mail for openssh.org setup than ?
    .: It's a virtual host that only accepts mail for postmaster@openssh.org, root@openssh.org, webmaster@openssh.org, all other mail will bounce. Since the mx points to the same host that used to run the remailer@replay.com, and still runs the remailer@hr13.zedz.net, sendmail is setup with 'LOGLEVEL=0', so not only do I not receive bounced mails, I don't even get a logfile of people who tried to send mail.

    What do you think of the OpenBSD Announcement ?
    .: They recommend caution since "there could be privacy issues, possibly data mining or building a mailing list of security conscious users". I feel this was sent 'in the spur of the moment'. If I wanted a to build a mailinglist of security conscious users or was dataming, the only thing I would have to do is mail all the users of the ZedZ ftp-site. As for the privacy issues, I've provided and still provide ways to anonymously access the Internet. But you decide.

    Why do I suddenly get a seperate page at openssh.org ?
    .: Damien Miller laid out his concerns about the seamless redirect from the openssh.org URL to the openbsd.com URL and requested me to remove the rewrite and to setup a seperate page. Which I did.

    What happens next ?
    .: I'm disappointed in the behaviour of one or two people but since my main goal is and always will be the spread of encryption products and the use of those products by end users, hence the building of the ZedZ ftp site, I'm willing to 'get over' that.

    In order to facilitate the community I suggest to the OpenSSH/OpenBSD group that they supply me with a zone file and a secondary for openssh.org. I will instruct the primary DNS to fetch the zone file from the OpenSSH controlled secondary. It's up to the OpenSSH/OpenBSD group to configure the layout of the domain. If at a later stage 'the wounds' are healed and a mutual understanding, maybe even a mutual appreciation has been reached it's not impossible that the domain will be donated to the OpenSSH Project.

    Since OpenBSD already uses ftp.zedz.net as primary ftp site for rsaref and cfs for instance (under it's old name utopia.hacktic.nl) this seems a reasonable and acceptable compromise to me.

    Other whishes ?
    .: A public apology from Theo would be nice. Also the OpenSSH.com site is very OpenBSD centric a change that would level the exposure of other OS's would be welcomed, but it's up to their webteam to decide.

    Other things ?
    .: Not at the moment.

    How can I contact you ?
    .: Just mail me at adejoode@zedz.net


    Exit! Stage Left!


  • The original DNS wasn't designed to do what it is now, not in the manner it's being used. And the TLDs that were picked had good meaning. See, they didn't think of it as all thse businesses existing SOLELY on the web.. it was just a simple way for you to put your real-life network, that augmented a business or whatever, online. If you were a company, you could have ford.com. NOT so you could 'put up a website', but to define computers within ford, for whatever reason. ONE domain for ford. It wasn't a rule, but it was kind of assumed. That's why it's heirarchial! Nowadays, things are different.. domains are used as a primary lookup service for products. Companies see fit to register zillions of domains. I always though it was silly.. but we don't really give them another option, and we allow it to happen.
  • The openssh.org website isn't some Evil page that forwards you to a dozen porn sites.

    It's squatting, but not malicious squatting.
  • For those not in the know, Alex de Joode is also known as usura, the maintainer of the venerable replay archives (since renamed to zedz.net [zedz.net], replay.com being a domain name he did sell.

    Replay/zedz is unarguably the best privacy-related archive, and also widely mirrored. For crypto downloads, including SSH, it's simply great. I find the suggestion that Alex would want to strip us of our privacy by using a page that links to the "official" page quite ridiculous..

    I don't know the reasons behing either Alex' actions, or the as-yet-unproven allegations of Mr. Bertrand, but I'm inclined to trust Alex somewhat more...
    --

  • Uh? how can there be a controversy if this is the first publisized information about it? Maybe if there's a huge comment thread, but...

    This is just like the traditional media, hyping non-events in order to get people interested.

    [ c h a d o k e r e ] [dhs.org]
  • I agree. I dislike the fact that Slashdot was brought in the middle of this entire debate. Is that fair? But on the other hand, maybe he'll feel pressured into responding, or doing the Right Thing. At this point he seems like a dork, but we haven't heard his story yet.

    Oh, and why should we trust that the real OpenSSH guys aren't mining data or building a list of security conscious users?

    Why do we trust that they haven't inserted bogus code in the OpenSSH source? When is the last time you looked at the code, and compiled it yourself, rather than downloading the precompiled packages?

  • If he's interested in it not being too Open-BSD instead of OpenSSH, why doesn't he give it up to those who /do/ deserve it, on request?

    Domain-parking is evil. As are pathetic domain-registration "companies" such as easyspace whose MDs phone you at 2103 on a saturday to swear their heads off.
  • So if everyone figures that everyone else is going to look at the source, who does? The only way to be sure is to do it yourself, anything else is merely complacency and asking to get whacked with a big security cluestick.
  • Yeah, sort of like issuing an advisory stating that it would be a good idea to keep your children away from this guy because he might be a child molestor. Particulary since the fellow who owns openssh.org has similar or better credentials than those involved with openssh.com.
  • If you've been getting crypto software from this guy for years (or whatever) then why would you assume that he has less support for crypto than the OpenSSH guys have? What makes them the god-touched keepers of the flame?

    Just being devil's advocate here.
  • This is probably going to be taken the wrong way, but if Mr. de Joote's comments are accurate, then you should probably just not let Theo talk to people. Keep him coding and out of the communications chain. His history seems to be quite colored regarding situations like these.
  • We have no idea what the .org guy plans to do.


    Do you have any idea what the .com guys plan to do?
  • It's hard to argue that he attempted any kind of hijack with this since the openssh project didn't have any kind of net identity or public identity to associate with "openssh.org" in the first place. The assumption that they would be a .org is premature and definitely not in keeping with the current climate of the internet.
  • "net" was traditionally intended for use by network service providers.

    Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address.


    How about Jump.Net [jump.net] or Texas.Net [texas.net]?
  • Check that:

    1) OpenSSH.COM by OpenBSD people (25-10-1999)
    2) OpenSSH.ORG 9 days later by our friend in Europe (04-11-1999)
    3) OpenSSH.NET 12 days later by OpenBSD (16-11-1999)

    The BSD guys went for .com first, they snooze, they lose.

    -- iCEBaLM
  • Possibly, but don't you think it's more likely that if they DID screw it up, the dates would be later then actual, and not earlier? This means that if the date is screwed up there's a higher possibility of the OpenBSD guys actually registering before the date in the whois database, further showing that: they snooze, they lose.

    -- iCEBaLM
  • Hypocracy is saying one thing and practicing another, which is opposed to or exclusive of the first.

    In this case, I feel about the same way about this case as I did about the very first such cases (mcdonalds.com and mtv.com). That is, the person who registered the domain did so in an attempt to utilize the popularity of the name of a product. Realistically, trademark or no, that's a slimy move.

    In the case of, for example, etoy vs. etoys the etoy domain was there first, so they could not possibly have chosen that name to capitalize on the popularity of etoys.com.

    As for "freedom" and "legality"... if something is legal, but morally repugnant to me, I don't accept it. The freedom issues don't enter into it. This guy is free to do whatever he wants, but we don't have to like it. Microsoft is free to write crappy software, but that doesn't stop us from complaining about it and using other products....

    This is all, of course, pending hearing his side of the story. It could turn out that the OpenSSH project is not telling the whole story....
  • ?!? Did you read the text you just quoted? Where's the accusation? You do know what the word means, don't you? Where in the letter does it say Mr. de Joode is doing anything? Saying he could use the domain for data mining is not an accusation, it's an observation

    It is an observation in much the same way that "Have you stopped beating you wife?" is a question. It is more than a simple observation - it is an observation that will produce a negative opinion of Mr De Joode in the minds of the reader.

    An observation couched in those terms is nothing more than an Ad Hominem attack. There is not an iota of evidence, or even reasonable grounds for suspicion, that Mr De Joode is doing anything untowards. Indeed, based on his reputation, previous work, and useful contributions to usenet and other places, the opposite conclusion should, initally, be drawn.

    Paranoid, baseless, and derogatory "observations" that try to put pressure on him say more about the observer than the observed.

  • Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the .net TLD, but it's nothing more than a redirect to the .com address, which is by your definition another "ridiculous misuse of the namespace."

    No, it's not, it's specifically what people were asked to do by IANA: to use .net addresses for all elements of the public network backbone, and .com addresses for everything else.

    What, then, would you suggest Slashdot's URL be? "Slashdot.com" doesn't fit, because Slashdot isn't really a commercial venture (the ads notwithstanding). "Slashdot.net" doesn't work for the reasons you just said. "Slashdot.gov" and "slashdot.mil" are obvious problems as well.

    It may have escaped your notice, but /. is a commercial venture of Andover.Net, inc. Both 'slashdot.org' (which isn't a non-profit) and 'andover.net' (which doesn't own any part of the network backbone) are gross abuses of the namespace.

  • Looks like he changed his website:

    <html>
    <head>
    <title>www.openssh.org</title>
    </head>

    <body bgcolor="#FFFFFF"
    text="#000000"
    link="#000000"
    vlink="#000000"
    hlink="#000000"
    alink="#000000"
    >

    <table align="center"
    border="0"
    cellpadding="0"
    cellspacing="0"
    width="525">

    <tr>
    <td colspan="1" align="middle">
    <BR>
    <BR>
    <BR>
    For information about free ssh implementations<BR>
    please goto: <a href="http://www.freessh.org">http://www.freessh.o rg</a>
    </td>
    </td>
    </tr>
    <tr>
    <td align="middle">
    <BR>
    <BR>
    <BR>
    For information about OpenBSD' OpenSSH implementation<BR>
    please goto: <a href="http://www.openssh.com">http://www.openssh.c om</a>
    </td>
    </tr>
    </table>

  • Without access to NSI's whois archive (to see the records for the original registration), I don't know when openssh.org was originally registered. HOWEVER, the existing records show creation of OPENSSH2-DOM on Nov 4, 1999. Openssh.com was created on Oct 25, 1999. So, who got where when?

    As was stated on openssh.org's page, he offered to give them the domain -- he didn't say if that meant a domain transfer or just giving openbsd access to the records (I'll assume a transfer.) This then comes down to, "here, you can have this domain name." "No thanks, we don't trust you." "Fine, I'll keep my domain."

    I will submit, 'OpenSSH' isn't really "open" if it's only for OpenBSD... maybe 'ssh.OpenBSD.org' is a better idea.

    [It will never cease to amaze me how people can find the most worthless things to bitch about.]
  • How do you know which server is right?

    If I query whois.networksolutions.com (which is the master for openssh.org according to corenic), the date it was created was november 9.

    If I query whois.corenic.net (which is the master for openssh.com) for openssh.org, it's oct 15.

    Shouldn't I assume that corenic "lost something in the translation" from networksolutions rather than assuming that the master is bad? I mean, networksolutions can get the correct date from corenic for openssh.com
  • Why would a proponent of open cryptography want to mess with the OpenSSH project? This is the fundamental question.

    The only thing I can really see as a motive is the suggestion that the article makes - that he may be collecting information.

    Does anyone else know what the purpose of this stand-off might be??

  • Here is his(owner of openssh.org) response [openssh.org].

    It is on his site, so if you worry about what was said: "This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution."

    Personally I find the letter from Louis Bertrand a bit reckless, and the use of Slashdot as a tool to apply political pressure in bad taste.

    It is similar to how etoy manipulated public opinion to influence the courts to get one over on etoys. There is no representation from the other side, and the wording in Louis Bertrand's letter is inflammatory, and unduly fear causing. (at least on the surface)

    This thing is being handled very poorly by slashdot. They should have written up something with links to both sides of the story (i'm guessing personal politics got in the way).

    This is not news for nerds, it is an electronic soapbox for friends and family of slashdot.

    (Just because the message it comes from a developer of a respectable project, does not mean the developer is respectable himself.)

    Just a warning...

  • I wonder it St. Helena sells domains to non-locals.
    Yes! Here [www.nic.sh]. £60 Year 1, £30/yr thereafter. And openssh.sh is still available.
    --
  • You are right, there are not enough TLD's, but without enforcing the correct usage of whatever TLD's we have, it does not matter. .gov and .mil are of course regulated correctly, but I can have a www.big-ass-e-business.com and also register it in .org and .net, regardless if .org or .net is approiate for my business or goals. Domains have become a marketing gimmick and nothing more. If we get more TLD's we need an orginization devoted to the correct usage and registration of each one. When they are all lumped together it becomes to easy to say.. oh yeah I need that in .net too and no one with any authority cares/has time to investigate that claim.

  • The lesson here is to be silent about your naming plans for your new site until you act, and then snag the big three, com, org, and net, all at once. That is exactly what we had to do... and our organizational name was not confirmed until we knew we had the three doman names locked up. Perhaps our final name of freeio.org was not our first choice, but all three were available, and it was descriptive of what we do - GPL hardware designs.

    Live and Learn...

    -- The easiest way to lose your freedom is to fail to exercise it! --
  • What a putz.

    Rename to Open-SSH.org or TrueSSH.org and be done with it.
  • I guess the lesson is, register the domain name, then announce the project/company/whatever.

    Stay one step ahead of the parasites.

  • If there's one thing to be learned, providing an actual link to http://www.openssh.org [openssh.org] will allow us to, as a community, Slashdot them (it brings in the people to lazy to type in the address)! But on a more serious note, he does provide a link to openssh.com. He doesn't try to deceive anyone.
  • But instead of squatting at McDonalds.com they'll be squatting at .McDonalds.

    No sir, we should all go back to raw numeric IP addresses. Not dot-quads mind you but the new 128 bit hexadecimal raw numeric IPv6 IP addresses. Most of the pages people access these days are through search engines, anyway.

  • The WombatNipples free encrypted shell product just doesn't have the same ring to it.

    I just registered paratheoanametamystikhood.com. One of these days real soon now I'll have the energy to set up DNS servers for it.

  • What would you say if I said that Openssh.com *could* be data mining, I just don't know? Your statement is similar to asking "do you still beat your kids?". The statement/accusation/comment should have *never* been made in the first place. Shame on you.
  • In the open letter it sais the following:

    Please do not visit the .ORG site, nor send email to anybody at the .ORG address. This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution.

    Those are pretty brutal accusations which you seemed not willing to react to. I would like to know why you claim this. Alex de Joode has quite a reputation, but that is because of his ftp-site at ftp.zedz.net. Still my favorite place for crypto. I have a really hard time beleiving that he would use this to start some mailinglist or do some datamining..... If he wanted to do that he would do better to just use the logs of his ftp..

  • Well i am sorry you can't understand my logic. You might have troubles understanding his reaction that he posted on the web then too.. But maybe somebody could explain it to you and the Openssh.com team could react to that statement. If I read it I only gather from it that he is willing to cooperate witht he openssh.com-team as much as he can. Now you might see that differently, but please make it clear to us. :-)

  • If I were Mr. de Joode, I'd be offended -- he simply doesn't appear to be squatting.

    Take a look at http://www.openssh.org/org-vs-com/ [openssh.org]. This seems to outline his position very well, without resorting to name-calling.

    meisenst
  • WTH: This guy is just running his own site he got the name first, and he isnt squatting per say. The article noted that he works with encryption stuff, maybe he plans to use that site for some of his work. Wasnt there just this huge fiasco about etoy.com, It seemed that the slashdot community was behind etoy.com.
    I could understand if he was squatting to get money but it doesnt look like this guy is out to make money off of the deal, he just registered the site. Just becuase OpenSSH wants the site doesnt mean that it deserves to get it. I *hate* doman squatters, but this seems like a legit use of the domain registration service. Is he trying to exhort money out of OpenSSH?
    Anyway we have to be fair, and it sound like this guy is being fair.
  • I decided to check out the HTML myself without a web browser, and I didn't see a link to the official website.. This is the HTML I got back (Superflous
    s removed):

    <HTML>
    <HEAD>
    <TITLE>www2.terena.nl</TITLE>
    </HEAD>
    <BODY BGCOLOR="#FFFFFF" LINK="#CCCCCC">
    <CENTER>
    <IMG SRC="/html/lame.gif" border=no>
    <a href="mailto:webmaster@alpha.terena.nl">webmaster@ alpha.terena.nl</a>
    </CENTER>
    </BODY>
    </HTML>

    Perhaps it shows different content to different web browsers?

    Additionally, the image /html/lame.gif was lacking.

  • OpenSSH.cc? You mean OpenSSH is out of the Cocos Islands?
    Seriously though, the whole marketing of the .cc domain is laughable. They play radio ads on the station I listen to (For those of you who don't know, it's spot.cc [spot.cc])
    Their ads state stuff like "When .com was new, domains like business.com went for millions of dollars" and they are touting .cc as being the new .com - I mean, come on, it's just a regional TLD that sold out, not the best thing since sliced .com! But that is another can of worms.
    I suppose I should make this on topic... The .cc TLD, despite having recently sold out, is not free from squatters, and many big companies have gotten .cc domains just to protect themselves.. Hmm, I wonder if slashdot.cc is taken.
  • Domain squatters are the plague of the internet nowadays. Sometimes the media reacts a bit too harshly, but there are enough top-level domains out there to get around the squatters, but many times the squatters use the domain ownership as a means of getting false hits for their banners or what-not.. which is very very lame.
  • Almost every conceivable useable combination of characters has been reserved by someone using it, misusing it, or squatting on it.

    Its been like this for a while and there isn't any going back. The best you can hope for is industry wide rules banning overt squatting (i.e., taking a domain name and then not applying it to a site for a year), or a rash of new TLDs to free up demand.

    I'm personally looking for new TLDs - any type of squatting rule is likely to choke cyberspace in ridiculous lawsuits.

  • "net" was traditionally intended for use by network service providers. Your useage is no less an abuse than "slashdot.org", another ridiculous misuse of the namespace.
  • That's because .com was taken, and everyone else was already doing .coms.

    Not that it really matters now. You could call this site clownpenis.fart and people would still come in droves.

  • OpenSource Land?
  • by rlk (1089) on Monday March 06, 2000 @06:18PM (#1221613)
    openssh.org does not attempt to set a cookie. It does not contain any scripts or applets. Its HTML is perfectly vanilla, and it doesn't even have any meta tags to redirect search engines. It also contains a link to openssh.com.

    Certainly looks harmless enough to me.
  • by Millennium (2451) on Monday March 06, 2000 @05:42PM (#1221614) Homepage
    One: why not openssh.net? I think it suits the project better than openssh.com or openssh.org anyway, given the nature of the project.

    Two: Why won't this guy just let them use the domain name? He's not using it for anything. This isn't a typical squatting case either, because he's not even trying to sell them the name. Though frankly, that frightens me even more; what could he want with the name, if he doesn't intend to sell it or to use it for a legitimate site?
  • by Millennium (2451) on Monday March 06, 2000 @06:13PM (#1221615) Homepage
    "net" was traditionally intended for use by network service providers.

    Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the .net TLD, but it's nothing more than a redirect to the .com address, which is by your definition another "ridiculous misuse of the namespace."

    Your useage is no less an abuse than "slashdot.org", another ridiculous misuse of the namespace.

    What, then, would you suggest Slashdot's URL be? "Slashdot.com" doesn't fit, because Slashdot isn't really a commercial venture (the ads notwithstanding). "Slashdot.net" doesn't work for the reasons you just said. "Slashdot.gov" and "slashdot.mil" are obvious problems as well.

    That's the major problem with TLD's; there aren't enough of them. Then again, that's because they were created in a time when no one had really come up with the idea of personal Websites or Weblogs or anything like that. If the slashdot.org name is an abuse of the namespace, it only goes to show that the problem is with the namespace itself, not the users. The namespace needs to be changed to reflect the times. Until it is, there's nothing that can be done, and .net still fits the project better than .com does.
  • by Reject (11791) on Monday March 06, 2000 @07:16PM (#1221616)
    Well, how long before the first OpenSSH release was the news of OpenSSH leaked? (It's not rhetorical, I don't know the answer). Then there's also the little fact that registering a domain isn't instantaneous and can take a little while. 9 days isn't all that long, especially when you consider that two out of every seven aren't business days (I don't have a calander handy to check what day of the week Oct 25-Nov 4 were)

    That said, my problem with the OpenSSH.org thing isn't that he got there first, it's that he's using it to advertise his site knowing that OpenSSH.org is where people will go to try to find information about (surprise) OpenSSH. If they wanted his site they'd have gone to FreeSSH for obvious reasons. I know that I, for one, usually think ".org" when I think of OpenSSH or Open anything. Even if he does have a legitimate claim to the domain and he isn't trying to squat it for cash (which he isn't), it would still be a good jester to hand over the domain (especially since they offered to pay for it) as an offer of goodwill.

    --
    Reject
  • by tweek (18111) on Monday March 06, 2000 @07:17PM (#1221617) Homepage Journal
    this seems really really odd. I mean the Zedz guys are the formerly know as replay.com guys. It seems odd that he wouldn't sell the domain name if he really supports cryptography as in the past. This really bugs me because I relied on replay/zedz for alot of crypto enabled software.

    I think is the unique case we should give the Zedz guys a chance to comment on the issue publically before jumping to conclusions (which we all have done and are guilty of).

    While I totally value the opinion of the OpenBSD team and the OpenSSH team I think something along these lines without any comment from the other (in my opinion) well respected party involved is a bit harsh.

  • by trcooper (18794) <coop.redout@org> on Tuesday March 07, 2000 @05:04AM (#1221618) Homepage

    Dead or Alive, Mr. de Joot certainly is in the right here. The openssh.org site is not in anyway harming openssh. They're even providing the courtesy of linking to the projects site. OpenSSH should be happy that they're getting that much. They should have registered all of the TLD's, but didn't see it as being necessary, and apparently, they thought the .com was the one they needed the most.

    Even the U.S. government has not been able to get around this mistake. There's the infamous whitehouse.com site, which is still active.

    If someone came to me and said that I had to give them one of my domains, because they felt they had some right to it I'd laugh in their face. Simply because you're an open source project does not excuse stupidity.

    Beyond all this, we're talking about the former Replay.com site here, now zedz.net [zedz.net] which has provided for years a good many of us with free crypto systems. They were doing a service years before OpenSSH was even thought of.

    I don't use OpenSSH on my machines yet, and I was considering switching, but due to this situation where it appears they're in the running for a Slashdot beanie for "Open source domain bully" I'm going to boycott the product, until they play nice.

  • by Score Whore (32328) on Tuesday March 07, 2000 @09:40AM (#1221619)
    There's a ton of ACs who read the stupid-dot summary/story and go on to post "that fucker! how could he be squatting that domain! he's going to be raping my children next! why the fuck doesn't he hand of the openssh.org domain to the REAL security experts! the fucker!" Yet it turns out
    that Mr. de Joode is a real, honest-to-god security/crypto/privacy advocate with a great deal of knowledge and experience and a long history of service to the community.

    I'd be curious to know how long stupid-dot is going to allow this sort of defamation to continue and how long it's going to be until they get their spleen yanked out in a court of law over something like this.
  • by wmono (82952) on Monday March 06, 2000 @11:40PM (#1221620)
    Unless something extremely world-shattering has happened and Alex de Joode is now a radically different person from who I remember from years ago during my involvement with the Cypherpunks, I find it extremely difficult to imagine that he would set up a web site to do any of what the OpenSSH developers claim he is doing. De Joode would not collect viewer data. De Joode would not collect addresses for spamming. That's just not what the guy is all about.

    The OpenSSH advisory says that they don't know his motives. They're absolutely correct; they don't know his motives at all. They correctly identify de Joode as the one who started xs4all.nl, and they correctly identify him as someone who advocates widespread use of cryptography, but they fail to mention that he is a privacy advocate. They also fail to give any rationale for their accusations other than that de Joode refused to sell them his property, which is meaningless.

    Visit http://www.openssh.org/ [openssh.org] and judge his motives for yourself. Other posters have already discussed the ludicrousy of boycotting the web site so I won't repeat all of it here, but have a little think: Why would the OpenSSH group want you to think that openssh.org, who points to openssh.com and to one other site, is evil?
  • by Savage Henry Matisse (94615) on Tuesday March 07, 2000 @05:39AM (#1221621) Homepage
    Hell, this guy is even providing a clear link to openssh.com, just in case folks come to his site looking for them. He's clearly not trying to cash in on confusion-- he isn't even running adds on the openssh.org [openssh.org] page. I think that it's pretty clear that some of the implcations in the letter (such as indicating that this guy is setting people up to confuse him for them and thus gather data on security-minded individuals) is unfounded and alarmist. Nothing at openssh.org seems in any way intended to make anyone believe that it is the official website of OpenSSH devel.

    And, isn't an unconditional boycott a pretty good way to prevent people from actually looking at the site and deciding for themselves if it was set-up with bad intention?

  • by pnevares (96029) on Monday March 06, 2000 @06:15PM (#1221622) Homepage
    A search for OpenSSH? [google.com]
    A search for Open SSH? [google.com]
    A search for "OpenSSH"? [google.com]

    None of them return the actual site near the top, neither the .org or .com varieties.

    Pablo Nevares, "the freshmaker".
  • by .torq (128951) on Monday March 06, 2000 @08:17PM (#1221623)
    All you people who are giving the legal owner of the openssh.org domain name a hard time for using it ought to be ashamed of yourselves. How dare you stand up and speak about having a free and open internet with no controls (and bullying) by big companies, then whinge and complain when someone actually uses it.

    If you are all as high and morally right as the drivel you so often spout you have an obligation to support Alex de Joode in his legal right to use the domain he registered. Too bad if FreeBSD didn't get there first - they have their chance 2 years from now to beat Alex to the renewal process (if he hasn't succumbed to the pressure by then and given it away).

    Don't whine about people who work within the rules. If you don't like the way the domain registration process works, try to get the rules changed!

    I also hate to say it but most of the whining seems to come from Linux user wannabes who want to put all their pent up frustration into ridiculous vocal support of any Linux based endeavour. Use your brains people. I think Linux is great, but I don't think everything Linux is great. Be more selective about what you support. Complaining about domain registration just because a Linux company is affected is really lame.

  • by bbk (33798) on Monday March 06, 2000 @05:47PM (#1221624) Homepage
    The guy who registered openssh.org runs the zedz.net site, which hosts the replay redhat crypto archives (good place to get .rpms of security software). They used to be at replay.com before replaytv bought the domain from them.

    The Zedz guys seem to be pretty good people as far as free software goes. Makes you wonder what they plan to do with the domain, and why they set it up as a forwarder to openssh.com

    This reminds me of the whole LinuxHQ/Kernelnotes.org fiasco...
  • by Inoshiro (71693) on Monday March 06, 2000 @08:38PM (#1221625) Homepage

    $ whois openssh.com@whois.corenic.net
    Record created: 1999-10-25 08:44:41 MET by CORE-80

    $ whois openssh.net@whois.networksolutions.com
    Record created on 16-Nov-1999.

    $ whois openssh.org@whois.networksolutions.com
    Record created on 04-Nov-1999.


    So it was
    1) OpenSSH.ORG by our friend in Europe (04-11-1999)
    2) OpenSSH.NET 12 days later by the OpenBSD people (16-11-19996)
    3) OpenSSH.COM a further 9 days later (25-11-1999)

    I don't understand why they don't just use .net. They (OpenSSH project) did register it before the one in the COM TLD. Sigh.
    ---
  • by smoondog (85133) on Monday March 06, 2000 @05:42PM (#1221626)
    Ok, so some jerk has taken a name that really shouldn't be his. This would be a non-problem if nobody cared. I'm just not sure that being a *.com, *.org or a *.net really means much anymore. /. is under a publicly traded company (andover.net), is that necessarily the right place for a *.org? (see nobody really cares...) I think Openssh is just fine as a .com and I don't think it to be a big deal. Why not be openssh.net? That seems appropriate, too. If you are really doing great stuff for a .org domain name, people will know, whether or not it is a .org or a .com


    -- Moondog
  • by cruise (111380) on Tuesday March 07, 2000 @04:08AM (#1221627) Homepage
    Well this sure tops the cake. Now Slashdot is bullying OpenSource ADVOCATES!

    Domain Names are first come first serve. I hardly see how an OpenSource advocate who registers a domain name in the org top level to be a squatter when he is using it for related purposes (or any purposes.. he paid for it, he was there first, He took the initative that the SSH group did not.) Big deal! They were caught sleeping.. they loose.

    Like it or not (I don't much like it anymore) Slashdot has some power over this OpenSource comunity and this is a clear abuse of that power. The poor guy's web page is being flooded, his email box is being flooded with lamer flames and Slashdot is directly responsible by posting this story.

    You've twisted the SSH announcemnt to incite anger among your members, You're using your members as a tool for your own personal attack on a person who was well within their rights to register a domain he felt he could use for his benefit.

    Some animals are more equal than others?

    PIGS

    Today will be the last day I participate in this madness which is called Slashdot. Today is also the day that I buy that Dell computer instead of a VA Linux system.


    They are a threat to free speech and must be silenced! - Andrea Chen
  • by karmatrip (114613) on Monday March 06, 2000 @05:46PM (#1221628) Homepage
    strange. look what whois turned up:

    Registrant:
    Open SSH Project (OPENSSH2-DOM)
    Zaanstraat 250
    AMSTERDAM, NL-1013 RZ
    NL

    Domain Name: OPENSSH.ORG

    Odd.and the page is simply a link. Looks like this guy registered the domain name for the project. We need some more information on what this guy is doing before an honest opinion could be made.
  • by whoop (194) on Monday March 06, 2000 @09:29PM (#1221629) Homepage
    Well, this is a refreshing way to look at the Free Software community. Get that knee-jerk reaction we are so known for, and put it to your use. Now, I'd like to look at Mr. Bertrand's letter.

    The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community.

    Hmm, "when news of OpenSSH was first leaked." Let's look at those seven words, shall we? When was this news leaked?

    Performing a search on this here web site (Slashdot for those not in the know) for "openssh" yieds two results. This very article, and one from November 18, 1999, entitled, "OpenSSH Project Now at openssh.com."

    Next I moved to LinuxTod ay.com [linuxtoday.com]. They have articles for everything under the sun. Their first article mentioning OpenSSH is one at Security Portal dated October 27, 1999.

    I search Google (both plain Google and the Linux subsearch), and they have never heard of openssh.

    Finally, I visted the very site for this project, openssh.com [openssh.com]. Looking for an "about this project" sort of link, I clicked on the Project Goals [openssh.com] link right up at the top of the left column of links. What's that it says at the very bottom? "OpenBSD: goals.html,v 1.4 1999/11/17 14:14:15 provos Exp $" That looks much like a cvs (or related) entry. That date is November 11, 1999. I also visited the link to the devel mail list archives, and the earliest date there is November 16, 1999.

    Looking at all these, I'd guess their formal announcement was around November 17. But the "leak" award goes to Security Portal on October 27, 1999. I'm sure they got their information from somewhere else, but I'm tired of searching. :) Back on track, when did openssh.org register it's domain? Whois gives me the date of November 4, 1999. I count eight days from that "leak." That's not an extremely brief time, but it is before their formal announcement.

    Back to the letter, Mr. Bertrand says, "The OpenSSH developers wanted to register under the .ORG top level domain,[...] but the name had already been taken. They settled for the .COM in the interim."

    Ok. Well that sure sounds unfortunate. Let's take a look at when they registered openssh.com, shall we? Returning to my favorite domain searching services, whois, it yields October 25, 1999, as the date the record was created. What's this, I see? That looks a lot like a date before the openssh.org was registered. It's even two days before the slight mention by Security Portal. So, they "settled" on the COM top level domain ten days before the ORG one was "taken by a someone not affiliated with the OpenSSH development team." Uh huh, sure thing buddy.

    Next Mr. Burtrand discusses the owner of openssh.org, "Mr. de Joode has repeatedly refused requests to sell or turn the .ORG name over to the OpenSSH developers.

    Since when must anyone turn over a domain to anyone who asks for it? In my book, domain names are a first-come, first-served service. The OpenSSH group had plenty of time to register any domains they wanted. What if the real SSH group wants the openssh.com domain? Would you, Mr. Bertrand, be so giving and just surrender it?

    Now comes the discussion of openssh.org's web site, "The OpenSSH.ORG web site currently is a blank page with a link to the official site."

    Ok, this is somewhat true. Going to openssh.org [openssh.org], you are presented with a link to www.openssh.org. But Mr. Bertrand, did you really stop reading there and not see a few blank lines below (9 lines if you telnetted to port 80)? From openssh.org's page I quote, "For information about OpenBSD' OpenSSH implementation please goto..." and they link to the OpenSSH group's web site, openssh.com [openssh.com]. This ommission is purely ridiculous, Mr. Bertrand.

    Finally, Mr. Bertrand pushes one of the hottest buttons in the community, privacy. "This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution." Hmm, a very strong accusation. None of us like being spammed, tracked where we go, etc. So, I asked myself, "What data mining is openssh.org doing?"

    Let's take a gander at the HTML source code. This site is afterally a mere two pages. There could be some JavaScript performing some hidden actions users won't see when just using Netscape (or other JavaScript enabled browsers). And there it is, plain HTML. What?! No fancy, shmancy Netscape Composer, FrontPage or other editor META tags? No META tags at all to con search engines to pointing to them instead of openssh.com. I find it refreshing that someone else codes HTML in plain, simple HTML. But I see nothing hidden here.

    Ok, but I have my Netscape set to just accept all cookies. I could have been slipped one of those and now they have access to my whole hard drive, right (I'm kidding, of course)? Let's give the Netscape cookies file a good grepping, shall we?

    316-1 Mon/11:55pm ~> grep -i ssh .netscape/cookies
    317-1 Mon/11:56pm ~>

    Hmm, exactly zero references to anything SSH related. I still haven't found any maliciousness. What about the "building a mailing list" bit? I've seen many sites with "Click here to receive our free newsletter" sort of links. No doubt many of them then give out your email address to every spammer in the universe. Is there any similar line in these web pages? Not that I can see, the bottom of the second page does contain a simple "For more information about freessh.org, please contact:" mailto link. I haven't sent an email to that address yet, so I can't say if it's a secret email net. But since I'm sending this analysis to Mr. Bertrand, I'll send one to that address as well with a brand new email address. If I get spammed there, I'll know who's to blame. If openssh.org really is using this link to catch people for a spam list, I must sahe's doing a poor job of it. At least claim you can get free porn if you send an email. ;)

    In closing, as Mr. Bertrand says "Any help or suggestions in breaking the deadlock are appreciated.", so I say, Mr. Bertrand, I sincerely hope you recosider your position, because well, it has no leg to stand on. A) You registered the .COM ten days prior to Mr. de Joode registered the .ORG one. That is a right-out lie, never a good thing to have right out the starting gate. I will ask, how do you base your allegation of data mining and mail list gathering? If it is also a lie, that's doubly bad. B) Openssh.org is not using the domain for squatting (there isn't a "Pay $10,000US if you want this domain" message like we've all seen so many times). It is about free SSH programs, perfectly reasonable and on target. C) Mr. de Joode provides links on both of it's web pages to openssh.com. Any users looking for it will easily see that and go to the appropriate web site.

    If a reasonable agreement between these two parties is made, that's great, but to seek out the outrage of the free software communities by deceiving them like this is not the way to go about it. I sincerely hope you reconsider your position Mr. Bertrand.

    Thank you.
    John Corey

    Copies sent to both Mr. Bertrand and Mr. de Joode.
  • by whoop (194) on Monday March 06, 2000 @07:42PM (#1221630) Homepage
    Has anyone besides me done a whois on the two domains? There was one bit in there that confuses me.

    openssh.com: "Record created: 1999-10-25 08:44:41 MET by CORE-80"
    openssh.org: "Record created on 04-Nov-1999."

    So, I'm no domain expert, only have one myself. But I think, correct me if I'm wrong, that the OpenSSH group registered the .com a good 10 days before this fellow registered the same .org. Was this a clerical error? Did some secretary fall on the job and not register both? Were walnuts involved in this incident?

    This does sound like whining, and though it's nice to see a project like this hq'ed here in the Peoria, IL area, I will have to give my vote to the .org in this matter. They are giving links to free ssh products, even if it is a simple site with no graphics/javascript/bannerads/porn/buy-this-domain -for-$10,000US ad. Domains are a game of first come, first served. They had a ten day lead and fell asleep. That isn't reason enough to come whining to this fine community.
  • by N8F8 (4562) on Monday March 06, 2000 @05:44PM (#1221631)

    In this case at least, some of the blame lies with the OpenSSH project noy claiming the domain before announcing their project. I mean really, what does it cost? A whopping $15/yr to register?

    Whats even worse is that this story posted on Slashdot could be interpreted as a veiled threat. Not cool. I'm all for OpenSource but this subtle bullying is BS in my book.

  • by Shoeboy (16224) on Monday March 06, 2000 @05:58PM (#1221632) Homepage
    Situation: Some guy has registered openssh.org and is pointing to the groups real site. He won't sell or give it away and he doesn't appear to be using it.

    Conclusion: WE MUST BOYCOTT!!! He might be doing something awful!!!

    Am I the only one who doesn't understand this response? I think the motives of OpenSSH.com in posting this warning are every bit as strange and unfathomable as Mr. de Joode's in grabbing the site.
    (Sorry for injecting a touch of sanity into a /. discussion, I won't ever do it again.)
    --Shoeboy
  • by Shoeboy (16224) on Monday March 06, 2000 @06:04PM (#1221633) Homepage
    Check out the site [openssh.org]. Looks like Mr. de Joode just wants to make sure that freessh.org and other free (beer) ssh projects are easy to find as well. Maybe a bit unfair to be claim jumping the domain, but it's hardly evil. Odd how the warning never mentioned that he was advertising competing projects. I guess the openssh guys wanted to hide that fact. (Which is probably why they say "Don't visit, he's tracking you!")
    --Shoeboy
  • by shon (20200) on Monday March 06, 2000 @06:25PM (#1221634)
    Take a look at the whois records:

    $ whois openssh.com@whois.corenic.net
    Registrant Todd T. Fries (template COCO-21730)
    OpenBSD, the REAL open group
    Record created: 1999-10-25 08:44:41 MET by CORE-80

    $ whois openssh.net@whois.networksolutions.com
    Registrant Todd T. Fries (template COCO-21730)
    OpenBSD, the REAL open group
    Record created on 16-Nov-1999.

    $ whois openssh.org@whois.networksolutions.com
    Registrant:
    Open SSH Project (OPENSSH2-DOM)
    Zaanstraat 250
    AMSTERDAM, NL-1013 RZ
    NL
    Record created on 04-Nov-1999.

    Looks to me like the "real" OpenSSH Project registered the dot com first, this other guy grabs dot org, then they got dot net. So why did they grab dot com first? Looks like they screwed themselves.

    Anyway, what's the big deal? Even Network Solution suggests that you get all three dot com, dot net and dot org to "protect" your company. Only dodgy purists still stick to the old conventions.

    Why even publicize this at all? All the documentation and downloads will use whatever the official openssh URL is anyway. The web already has a way of routing around misinformation.

    Also, do open source project automatically have a right to the dot org? I think this is presumptuous. What makes any project "the official" openssh project other than when it becomes the de facto standard? Maybe this guy has a right to create another open source or proprietary "openssh" package.

  • by p0six (23324) on Monday March 06, 2000 @05:54PM (#1221635)
    Most people on the thread so far has been very much on the side of the OpenSSH. However, I don't think that what this other guy is doing is wrong in the very least. He is not trying to make a profit. He is not trying to blackmail or exhort anything from the OpenSSH group. He was there first, and if he wants to keep the name, the more power to him. He doesn't necessarily have to do anything with it. I mean, if he wanted to, he could just put up a html document saying "This is my page."

    Just because the OpenSSH group happens to have want the name does not mean that they have a right to that name. I think that it is in very poor taste to boycott the OpenSSH.org. It seems almost arrogant in fact, to presume that just because Mr. Alex de Joode does not wish to deal with them with regards to the domain name, that he has ulterior motives. A simple message warning people that OpenSSH.org is not affilated with the OpenSSH group would have surely sufficed.
  • by RovingSlug (26517) on Monday March 06, 2000 @06:28PM (#1221636)
    I agree 100%.

    The post by the OpenSSH developers strongly implies they think they are solely entitled to OpenSSH.org. Wrong. Are we so quick to forget eToys.com versus etoy.com? Were no lessons learned?

    It is unethical for a group to bully others just to acquire an asset. Mr. Alex de Joode has done nothing wrong except to own something the OpenSSH developers want. The OpenSSH developers should be reprimanded for believing they have some right to demand that Mr. Alex de Joode "sell or turn the .ORG name over to the OpenSSH developers." Shame on them.
  • by Bob Uhl (30977) <eadmund42@gma3.14il.com minus pi> on Monday March 06, 2000 @05:46PM (#1221637) Homepage
    Let's not jump to conclusions here. This sounds suspiciously like one of those personality conflicts which are all too common nowadays. It could be that either or both players are acting in ill will, or it could eb that each thinks ill of the otehr but neither is bad from our perspective.

    For that matter, if Mr. de Joot has simply not replied to any emails, it may be that he has passed away (don't laugh; it happened to Duane Blehme, a Macintosh shareware programmer years back).

    It would seem to me that the wise things to do is to wait and hear from both sides. Remember the Uruguayan Linux fiasco awhile back? We don't really want a repeat of that hysteria, do we?

Asynchronous inputs are at the root of our race problems. -- D. Winker and F. Prosser

Working...