UPDATED: OpenSSH Domain Name Controversy 364
Bowie J. Poag was one of the folks who wrote to us about the domain name controversy regarding OpenSSH. (I've included the full letter below). They're in the interesting situation of /having/ to be a .com, because a squatter has taken the openssh.org domain name. Read the letter below - it's a stickier situation than the other squatting issues we've talked about. Update: 03/07 04:58 by E : Alex de Joode has written his own response here. I hope this can be resolved amicably.
Please be advised that OpenSSH.ORG is NOT the official domain name for OpenSSH development. The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community. The correct Web and e-mail address for the OpenSSH development effort is OpenSSH.COM instead of .ORG.
The OpenSSH developers wanted to register under the .ORG top level domain, traditionally meant for non-profit organisations such as OpenSSH, but the name had already been taken. They settled for the .COM in the interim.
The .ORG name is currently held by Mr. Alex de Joode <adejoode@zedz.net>, a proponent of open source cryptography who runs his own free crypto portal hosted by xs4all.nl, a well-known and respected Dutch ISP. Mr. de Joode has repeatedly refused requests to sell or turn the .ORG name over to the OpenSSH developers. This leaves us no choice but to issue this advisory.
The OpenSSH.ORG Web site currently is a blank page with a link to the official site. Please do not visit the .ORG site, nor send e-mail to anybody at the .ORG address. This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution.
Any help or suggestions in breaking the deadlock are appreciated.
Regards
For the OpenSSH developers, Louis Bertrand <louis@openbsd.org>
Re:He just does'nt need this domain (Score:2)
On the one hand, that event seemed to stem from some not so great communications that weren't entirely the fault of either party. On the other hand, the OpenBSD parties went out of their way to be spiteful and power grasping once the situation got out of hand. If the situation was really different, they were unable to convince the outsider through the information they were allowed to disclose. That whole event _seemed_ like a fit of spite in revenge for not getting access to a source tree, whatever the real reasons were they were not communicated well.
Now a similar situation comes up. The OpenBSD folks may or may not have been wronged, but the only information I can see points to the OpenBSD side being spiteful and mistrustful. It's more a matter of communiation style than the content of what was said and done. If the OpenBSD folks want me to sympathize over this domain name issue they'll have to communicate in a different style, because this one has failed to convince twice in a row.
I say this as a very strong admirer of OpenBSD project and its work, people with less admiration for the project are likely to see the situation in an even more negative light.
Go ahead, I know I'll be "troll-branded" for this. Not as if I post often anyway.
OpenSSH group isn't helping (Score:2)
OpenSSH is an open source project. They aren't making any money off it. Just put everything at www.openbsd.org/openssh
People want to install OpenSSH. They will find it no matter what domain its under.
Re:Two questions... (Score:2)
Perfect way to settle domain name disputes... (Score:2)
Re:.ORG's and .COM's (Score:2)
Re:Two questions... (Score:2)
Whoa, whoa, whoa. Who's position is it to decide what a site contains? As a new domain holder, I take great offense to this. If he were just begging $10,000US for the domain, it had just porn banners, I could see a case being made. But he isn't doing these. He is providing a list of free SSH programs. People here bitch about government "intruding" on the Internet with taxes, filters and the like. I will have much more fear if these decisions are made by bands of hooligans who are just unhappy. The OpenSSH group had a good ten days to register the
But what's your point? (Score:2)
How about openssh.com - someone wanna prove to me they've turned logging on their httpd off so that they aren't collecting log files that could be used for data mining?
WTF is your point?
...j
Strange (Score:2)
Of course I hope that this post will not be moderated down but my karma can take it and I had to say something so if you feel the need to mark me down, feel free, just please don't do it because I said Slashdot isn't perfect or that Theo might be human.
Re:Abuse of the namespace... (Score:2)
Sprint's Internet backbone is called sprintlink, and their address is sprintlink.net. And in Toledo, we have glasscity.net, and in Ann Arbor, ic.net and voyager.net.
...phil
Re:a slight bit of interest (Score:2)
Note that, to my knowledge, OpenSSH and OpenBSD both have nothing to do with "The Open Group", and that group has nothing to do with actually being open... Go figure.
[whois.corenic.net]
Registrant Todd T. Fries (template COCO-21730)
OpenBSD, the REAL open group
1523 North Pierson Apt F
W. Peoria, IL 61604 USA
Domain Name: openssh.com
Status: production
Admin Contact, Technical Contact, Zone Contact:
Todd Fries (COCO-21731) todd@fries.net
+3096739259
CORE Registrar: CORE-80
Record created: 1999-10-25 08:44:41 MET by CORE-80
Domain servers in listed order:
zeus.theos.com 199.185.137.1
cvs.openbsd.org 199.185.137.3
ns0.fries.net 209.251.96.130
Database last updated on 2000-03-07 03:55:07 MET
To optimize query speed and answer correctness see the
--help option. Depending on your whois client use
whois -h whois.corenic.net HELP
or
whois HELP@whois.corenic.net
---
pb Reply or e-mail; don't vaguely moderate [152.7.41.11].
Re:AltaVista.com wasn't squatting (Score:2)
Okay, so openssh.org got taken. This happened to altavista, and countless other "big names" on the web. Some guy registers "your" name before you do, so you settle for another one.
Did I say squatting? I don't think so. Without following your link, I believe my description that someone took "their" name, i.e. the name that they wanted to use and thought was rightfully theirs because they were so attached to it, was correct. This doesn't take the intent of the original domain registrant into consideration.
And "squatting" is when you're using land that rightfully belongs to someone else. I don't know if this is that good an analogy in the first place, because domain names don't "belong" to anyone until they get registered. You can't squat on land that no one owns, and you definitely can't squat on land that you yourself own!
The only thing that's evil is when someone wastes a whole domain for something stupid, when it could go to something useful. That might be the case here, but let's wait and see first.
The OpenBSD community is known for their flamewars and bad feelings on both sides of the fence: that's how it was founded. This might be another one of those stupid pissing contests. And if someone flames me for saying so, I'll consider it further proof.
---
pb Reply or e-mail; don't vaguely moderate [152.7.41.11].
that's not a change (Score:2)
--
.net (Score:2)
Theoretically, of course.
--
Re:Hold Your Opinions (Score:2)
Open Source doesn't require everyone to look at the source in order to prevent that, it just requires that enough people do it so that the word gets out of there is something like that going on. What are the odds that no one has looked at the OpenSSH source? Let 99% of the people download and install precompiled packages if they want. This doesn't hurt reliability or security in the slightest. Preventing the other 1% from seeing the source is what hurts.
In short, the principle is "many eyeballs", not "every eyeball".
--
Re:But what's your point? (Score:2)
"WTF is your point?"
My point was that the cutoinary stance of the original message wasn't so out of line, and that the post I was responding to was potentially incorrect to state their were no scripts.
I didn't mean to imply that they nessecarily were collecting information, or that any other site wasn't doing so.
My point was just that the original statement which I was critiquing went to far. I was attempting to help that posts author understand that the claim "Certainly looks harmless enough to me." might be misguided.
Re:That is one reason to use Google (Score:2)
Since you have added a link to whitehouse.com from a highly rated site (slashdot) you are slowly making google think you want the wrong answer here...
They might want the proxy to track users, but only as a very secondary reason. The real reason is @Home has limited bandwidth to "real" national backbone ISPs, and using a local cache will help conserve that expensave (to them) resource. If they put caches close enough to the users it also reduces the load on whatever backbone they have built themselves.
AltaVista.com wasn't squatting (Score:2)
The company that regiestered it was named AltaVista. It was poor judgment on Digital's part not to name it something with a name already in use and a domain previously registered. Though the company that did own AltaVista.com later capitalized I'm sure they also encountered way more traffic than they were planning for on their website.
Altavista Domain Story [searchenginewatch.com]
He just does'nt need this domain (Score:2)
Re:He just does'nt need this domain (Score:2)
Re:Do you know what the "net" TLD is meant for? (Score:2)
I wonder if NSI's "reserve ALL TLDs with your name on them!" marketing could have just a little to do with the squatting thing, or the inappropriateness of others' domain names (ie, a for-profit .org) ... It's a wonder that the .edu space is still straight.
(heh... I recently got marketing from NSI telling me I should "register .NET and .ORG versions of your domain" too...)
--
That is one reason to use Google (Score:2)
Of course that means that I have to trust Google...
Incidentally (slightly OT) speaking of people tracking what you are doing and all that, what is the scoop with @HOME's proxy servers? The only reason that I can see for them wanting you to use their proxy server is to track users. And boy do they go out of the way to force people to use their proxy server!
Cheers,
Ben
Alex isn't a squatter (Score:2)
sides personally.
As far as I understood the issue, Alex was concerned that the OpenBSD people would make OpenSSH too focused on OpenBSD. Apparently talking with Theo de Raadt didn't help any. In an email to me he offered them DNS references from www/ftp/cvs
.openssh.org to any host(s) that Niels would supply, but he wanted to keep control of the domainname just incase it indeed would get focused on just OpenBSD. I conveyed that message to Niels, but don't know why this issue never got properly resolved. But I know the silly namecalling and the pointer at the
Paul Wouters
Re:Alex isn't a squatter (Score:2)
is using a common logical domainname to offer information. Alex wants the name to indicate free ssh implementations, and not just one single group developing one single implementation. You can then argue who should have the name but that is pointles, because the first-come first-server principle holds true in that case.
As for who thought of the name and who leaked out what, I have no clue nor interest.
Paul
Re:That is one reason to use Google (Score:2)
Then again, my @Home may be non-standard, a friend of mine downloaded a whole CD from me last week, and said "You must not have AT&T @Home" and I told him that I did. He was amazed because I don't have an "upload cap" which apparently others do, he was getting a steady 60K/second FTP'ing from an old CD-ROM drive on a P5-120 in my basement.
If it helps, I'm in Waterloo, Iowa and I'm on the 24.6.200.* subnet.
Does anyone know anymore about this? I've often wondered if I'm on a "main" subnet or something, since the DNS servers are 24.6.200.15 and 24.6.200.17, it just seems strange that they'd have 2 DNS servers for every subnet.
---
Thank you. (Score:2)
I like that one.
Whois the two YOURSELF! (Score:2)
'10/24/99 5:27am' and ending '10/28/99 6:18pm'.
Within this chat session I pasted the following:
<fries> Whois Search Results
<fries> Search again:
<fries> Whois Server Version 1.1
<fries> Domain Name: OPENSSH.ORG
<fries> Registrar: NETWORK SOLUTIONS, INC.
<fries> Whois Server: rs.internic.net
<fries> Referral URL: www.networksolutions.com
<fries> Name Server: NS2.KYARITSU.COM
<fries> Name Server: NS1.KYARITSU.COM
So I know it was prior. I think you should use the same whois server when doing your query. Otherwise you're comparing apples to oranges. Try using whois.internic.net and you'll see that this
person registered the domain 9 days before I registered OpenSSH.com
Domain Name: OPENSSH.COM
Registrar: CORE INTERNET COUNCIL OF REGISTRARS
Whois Server: whois.corenic.net
Referral URL: www.corenic.net
Name Server: CVS.OPENBSD.ORG
Name Server: NS0.FRIES.NET
Name Server: ZEUS.THEOS.COM
Updated Date: 25-oct-1999
Domain Name: OPENSSH.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS2.KYARITSU.COM
Name Server: NS1.KYARITSU.COM
Updated Date: 15-oct-1999
Please get your facts straight before suggesting
that I fell asleep and that I don't know what I'm doing when I determined that the OpenSSH.org domain was registered back in October when I attempted to register it and the domain registrars told me so..
BTW, just because the person who contributed
the registration money is in Peoria, IL, that does
not by any means suggest the project iself is
located here.
Re:Looks like de Joode's trying to make a point. (Score:2)
OpenSSH.com:
Record created: 1999-10-25 08:44:41
OpenSSH.org
Record created: 04-Nov-1999.
Hmm...
So how did he squat the domain and force them to register openssh.com 9 days after they registered openssh.com?
If there's a reason not to trust the whois record dates, I'll accept that as a refutation.
--Shoeboy
Re:Looks like de Joode's trying to make a point. (Score:2)
Now the openSSH groups argument rests on the claim that he registered it after learning of the existence of the openssh team. This info was apparently "leaked" rather than released. So it may be that Mr. de Joode had never even heard of the openssh project. Until we hear from Mr. de Joode, our only source of info is a group that has attempted to play to the paranoids in the audience with a load of security/privacy FUD.
--Shoeboy
Re:Abuse of the namespace... (Score:2)
>Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the
Yet Another example: att.com is AT&T, the company (and user@att.com is an employee); att.net is AT&T WorldNet Services and other ISP stuff (and user@att.net is a customer).
no link! (Score:2)
Pope
InterNIC servers have the wrong dates? (Score:2)
$ whois -h whois.networksolutions.com openssh.org
Registrant:
Open SSH Project (OPENSSH2-DOM)
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL
Domain Name: OPENSSH.ORG
Record created on 04-Nov-1999.
$ whois -h whois.internic.net openssh.org
Domain Name: OPENSSH.ORG
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: www.networksolutions.com
Name Server: NS2.KYARITSU.COM
Name Server: NS1.KYARITSU.COM
Updated Date: 15-oct-1999
I give up.
From the OpenSSH.org website: (Score:2)
http://www.deadly.org/article.php3?sid=2000030615
http://www.deadly.org/article.php3?sid=2000030603
http://www.deadly.org/article.php3?sid=2000030602
Who are you ?
.: I'm Alex de Joode, I operate the ZedZ ftp site which is propably the largest cryptography oriented ftp site in the world. I also ran an anonymous remailer for 4.5 years and currently host an anonymous remailer and operate an mail2news gateway so people can post anonymously to usenet. I'm in the process of setting up a new remailer.
Who are "they" ?
.: "They" are the OpenBSD core team represented by Theo de Raadt. [theos.com]
What's this document about ?
.: I received a lot of request to tell my side of the story, since it's impossible to reply to all people in detail, I decided to setup this page to answer the most common questions.
Why did you register openssh.org ?
.: The company I work part-time for allowed me to investigate the kickstart of a open/free ssh server client combo that was compatible with ssh1 and could run on Linux/Solaris.
The project title was, guess what ... 'openssh' ...
I learned from LWN that there was an other group working on an openssh version so I contacted Theo de Raadt and asked if he was interested in developing a port for Linux/Solaris. He told me that they were only interested in developing a version for OpenBSD.
I registered openssh.org and was trying to find someone to do the porting. Unrelated to my activities Damien Miller started a succesful porting effort for Linux/Solaris, so there was no necessety for my search to continue.
Why didn't you give away openssh.org to openbsd ?
.: Actually I tried. I mailed Theo de Raadt and told him I was willing to give control of the opensh.org to them provided they added links to other open/free ssh projects on 'their openssh.org' page.
Then why do you still have openssh.org?
.: Theo de Raadt first agreed and suggested I register http://www.freessh.org [freessh.org], which I promptly did, but later he canceled the deal telling me:
"We're not going to get ripped off by someone we don't trust".
What happend then (part 1) ?
.: Theo sent me some nasty emails and I didn't hear from him again untill the 1st of March. I offered other openssh developers the use of www,cvs,ftp and mail, but they declined. As a service to the community I rewrote the openssh.org URL to openssh.com so people would be transfered to that domain automaticly.
What happend then (part 2) ?
.: Theo sent me an email demanding I remove the mx records for openssh.org. Theo must have known this demand was impossible since rfc822 [faqs.org] requires that postmaster@domain is a valid email address. Without mx this is not the case, and I would violate this requirement.
We exchanged some email about/with the word please and we summarized the November email exchange.
And then ?
.: Theo sent me a message telling me he would post a banner on openssh.com to warn people, he would post a message to BUGTRAQ and there would be story on slashdot.org. Handing over the domain would stop that.
So what did you do ?
.: Nothing, I was surprised someone was trying to coerce me.
Did other people contact you ?
.: I received a sudden influx of messages most cc'ed to openssh@openssh.com requesting me to hand over openssh.org, some seemed to believe I was reading their mail, while others were angry they couldn't receive mail @openssh.org. Since I offered the use of www,cvs,ftp and mail to the openssh developers this strikes me as strange.
How is mail for openssh.org setup than ?
.: It's a virtual host that only accepts mail for postmaster@openssh.org, root@openssh.org, webmaster@openssh.org, all other mail will bounce. Since the mx points to the same host that used to run the remailer@replay.com, and still runs the remailer@hr13.zedz.net, sendmail is setup with 'LOGLEVEL=0', so not only do I not receive bounced mails, I don't even get a logfile of people who tried to send mail.
What do you think of the OpenBSD Announcement ?
.: They recommend caution since "there could be privacy issues, possibly data mining or building a mailing list of security conscious users". I feel this was sent 'in the spur of the moment'. If I wanted a to build a mailinglist of security conscious users or was dataming, the only thing I would have to do is mail all the users of the ZedZ ftp-site. As for the privacy issues, I've provided and still provide ways to anonymously access the Internet. But you decide.
Why do I suddenly get a seperate page at openssh.org ?
.: Damien Miller laid out his concerns about the seamless redirect from the openssh.org URL to the openbsd.com URL and requested me to remove the rewrite and to setup a seperate page. Which I did.
What happens next ?
.: I'm disappointed in the behaviour of one or two people but since my main goal is and always will be the spread of encryption products and the use of those products by end users, hence the building of the ZedZ ftp site, I'm willing to 'get over' that.
In order to facilitate the community I suggest to the OpenSSH/OpenBSD group that they supply me with a zone file and a secondary for openssh.org. I will instruct the primary DNS to fetch the zone file from the OpenSSH controlled secondary. It's up to the OpenSSH/OpenBSD group to configure the layout of the domain. If at a later stage 'the wounds' are healed and a mutual understanding, maybe even a mutual appreciation has been reached it's not impossible that the domain will be donated to the OpenSSH Project.
Since OpenBSD already uses ftp.zedz.net as primary ftp site for rsaref and cfs for instance (under it's old name utopia.hacktic.nl) this seems a reasonable and acceptable compromise to me.
Other whishes ?
.: A public apology from Theo would be nice. Also the OpenSSH.com site is very OpenBSD centric a change that would level the exposure of other OS's would be welcomed, but it's up to their webteam to decide.
Other things ?
.: Not at the moment.
How can I contact you ?
.: Just mail me at adejoode@zedz.net
Exit! Stage Left!
The real problems with domains. (Score:2)
At least.. (Score:2)
It's squatting, but not malicious squatting.
Alex de Joode == usura of replay (zedz.net) (Score:2)
Replay/zedz is unarguably the best privacy-related archive, and also widely mirrored. For crypto downloads, including SSH, it's simply great. I find the suggestion that Alex would want to strip us of our privacy by using a page that links to the "official" page quite ridiculous..
I don't know the reasons behing either Alex' actions, or the as-yet-unproven allegations of Mr. Bertrand, but I'm inclined to trust Alex somewhat more...
--
Controversy? (Score:2)
This is just like the traditional media, hyping non-events in order to get people interested.
[ c h a d o k e r e ] [dhs.org]
Re:Hold Your Opinions (Score:2)
Oh, and why should we trust that the real OpenSSH guys aren't mining data or building a list of security conscious users?
Why do we trust that they haven't inserted bogus code in the OpenSSH source? When is the last time you looked at the code, and compiled it yourself, rather than downloading the precompiled packages?
Re:Alex isn't a squatter (Score:2)
Domain-parking is evil. As are pathetic domain-registration "companies" such as easyspace whose MDs phone you at 2103 on a saturday to swear their heads off.
Re:Hold Your Opinions (Score:2)
Re:Yawn (Score:2)
Re:woah (Score:2)
Just being devil's advocate here.
Re:A possible way to solve this dispute (Score:2)
Re:Just a sence of things (Score:2)
Do you have any idea what the
Re:Hypocritical Linux Community (including /.ers) (Score:2)
Re:Abuse of the namespace... (Score:2)
Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address.
How about Jump.Net [jump.net] or Texas.Net [texas.net]?
Re:You mixed up your dates.. (Score:2)
1) OpenSSH.COM by OpenBSD people (25-10-1999)
2) OpenSSH.ORG 9 days later by our friend in Europe (04-11-1999)
3) OpenSSH.NET 12 days later by OpenBSD (16-11-1999)
The BSD guys went for
-- iCEBaLM
Re:You mixed up your dates.. (Score:2)
-- iCEBaLM
Re:Hypocritical Linux Community (including /.ers) (Score:2)
In this case, I feel about the same way about this case as I did about the very first such cases (mcdonalds.com and mtv.com). That is, the person who registered the domain did so in an attempt to utilize the popularity of the name of a product. Realistically, trademark or no, that's a slimy move.
In the case of, for example, etoy vs. etoys the etoy domain was there first, so they could not possibly have chosen that name to capitalize on the popularity of etoys.com.
As for "freedom" and "legality"... if something is legal, but morally repugnant to me, I don't accept it. The freedom issues don't enter into it. This guy is free to do whatever he wants, but we don't have to like it. Microsoft is free to write crappy software, but that doesn't stop us from complaining about it and using other products....
This is all, of course, pending hearing his side of the story. It could turn out that the OpenSSH project is not telling the whole story....
Re:A Proper Analysis of OpenSSH's proposed boycott (Score:2)
It is an observation in much the same way that "Have you stopped beating you wife?" is a question. It is more than a simple observation - it is an observation that will produce a negative opinion of Mr De Joode in the minds of the reader.
An observation couched in those terms is nothing more than an Ad Hominem attack. There is not an iota of evidence, or even reasonable grounds for suspicion, that Mr De Joode is doing anything untowards. Indeed, based on his reputation, previous work, and useful contributions to usenet and other places, the opposite conclusion should, initally, be drawn.
Paranoid, baseless, and derogatory "observations" that try to put pressure on him say more about the observer than the observed.
Re:Abuse of the namespace... (Score:2)
No, it's not, it's specifically what people were asked to do by IANA: to use .net addresses for all elements of the public network backbone, and .com addresses for everything else.
It may have escaped your notice, but /. is a commercial venture of Andover.Net, inc. Both 'slashdot.org' (which isn't a non-profit) and 'andover.net' (which doesn't own any part of the network backbone) are gross abuses of the namespace.
Changed Webpage (Score:2)
<html>
<head>
<title>www.openssh.org</title>
</head>
<body bgcolor="#FFFFFF"
text="#000000"
link="#000000"
vlink="#000000"
hlink="#000000"
alink="#000000"
>
<table align="center"
border="0"
cellpadding="0"
cellspacing="0"
width="525">
<tr>
<td colspan="1" align="middle">
<BR>
<BR>
<BR>
For information about free ssh implementations<BR>
please goto: <a href="http://www.freessh.org">http://www.freessh.
</td>
</td>
</tr>
<tr>
<td align="middle">
<BR>
<BR>
<BR>
For information about OpenBSD' OpenSSH implementation<BR>
please goto: <a href="http://www.openssh.com">http://www.openssh.
</td>
</tr>
</table>
Re:He just does'nt need this domain (Score:2)
As was stated on openssh.org's page, he offered to give them the domain -- he didn't say if that meant a domain transfer or just giving openbsd access to the records (I'll assume a transfer.) This then comes down to, "here, you can have this domain name." "No thanks, we don't trust you." "Fine, I'll keep my domain."
I will submit, 'OpenSSH' isn't really "open" if it's only for OpenBSD... maybe 'ssh.OpenBSD.org' is a better idea.
[It will never cease to amaze me how people can find the most worthless things to bitch about.]
Wait a minute.... (Score:2)
If I query whois.networksolutions.com (which is the master for openssh.org according to corenic), the date it was created was november 9.
If I query whois.corenic.net (which is the master for openssh.com) for openssh.org, it's oct 15.
Shouldn't I assume that corenic "lost something in the translation" from networksolutions rather than assuming that the master is bad? I mean, networksolutions can get the correct date from corenic for openssh.com
I'm perplexed (Score:2)
The only thing I can really see as a motive is the suggestion that the article makes - that he may be collecting information.
Does anyone else know what the purpose of this stand-off might be??
Louis Bertrand! (Score:2)
It is on his site, so if you worry about what was said: "This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution."
Personally I find the letter from Louis Bertrand a bit reckless, and the use of Slashdot as a tool to apply political pressure in bad taste.
It is similar to how etoy manipulated public opinion to influence the courts to get one over on etoys. There is no representation from the other side, and the wording in Louis Bertrand's letter is inflammatory, and unduly fear causing. (at least on the surface)
This thing is being handled very poorly by slashdot. They should have written up something with links to both sides of the story (i'm guessing personal politics got in the way).
This is not news for nerds, it is an electronic soapbox for friends and family of slashdot.
(Just because the message it comes from a developer of a respectable project, does not mean the developer is respectable himself.)
Just a warning...
Re:Don't restrict to com/net/org!!!!! (Score:2)
--
Re:Abuse of the namespace... (Score:2)
Find a name where you can get com, org, and net... (Score:2)
Live and Learn...
-- The easiest way to lose your freedom is to fail to exercise it! --
kernelnotes vs linuxhq all over again? (Score:2)
Rename to Open-SSH.org or TrueSSH.org and be done with it.
First things first (Score:2)
I guess the lesson is, register the domain name, then announce the project/company/whatever.
Stay one step ahead of the parasites.
What? No link? (Score:2)
New TLD's won't help (Score:2)
No sir, we should all go back to raw numeric IP addresses. Not dot-quads mind you but the new 128 bit hexadecimal raw numeric IPv6 IP addresses. Most of the pages people access these days are through search engines, anyway.
Yeah, but... (Score:2)
I just registered paratheoanametamystikhood.com. One of these days real soon now I'll have the energy to set up DNS servers for it.
Re:Mr. Fries explain this. (Score:2)
Mr. Fries explain this. (Score:2)
Please do not visit the
Those are pretty brutal accusations which you seemed not willing to react to. I would like to know why you claim this. Alex de Joode has quite a reputation, but that is because of his ftp-site at ftp.zedz.net. Still my favorite place for crypto. I have a really hard time beleiving that he would use this to start some mailinglist or do some datamining..... If he wanted to do that he would do better to just use the logs of his ftp..
So what do you think of Alex de Joode's response? (Score:2)
Squatter? (Score:2)
If I were Mr. de Joode, I'd be offended -- he simply doesn't appear to be squatting.
Take a look at http://www.openssh.org/org-vs-com/ [openssh.org]. This seems to outline his position very well, without resorting to name-calling.
meisenstRe:That's lame. (Score:2)
I could understand if he was squatting to get money but it doesnt look like this guy is out to make money off of the deal, he just registered the site. Just becuase OpenSSH wants the site doesnt mean that it deserves to get it. I *hate* doman squatters, but this seems like a legit use of the domain registration service. Is he trying to exhort money out of OpenSSH?
Anyway we have to be fair, and it sound like this guy is being fair.
Data mining? Looks fishy... (Score:2)
I decided to check out the HTML myself without a web browser, and I didn't see a link to the official website.. This is the HTML I got back (Superflous
<HTML>s removed):
<HEAD>
<TITLE>www2.terena.nl</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#CCCCCC">
<CENTER>
<IMG SRC="/html/lame.gif" border=no>
<a href="mailto:webmaster@alpha.terena.nl">webmaster
</CENTER>
</BODY>
</HTML>
Perhaps it shows different content to different web browsers?
Additionally, the image /html/lame.gif was lacking.
Re:OpenSSH dot.....umm.... (Score:2)
Seriously though, the whole marketing of the
Their ads state stuff like "When
I suppose I should make this on topic... The
That's lame. (Score:2)
DNS is already permanently ruined (Score:2)
Its been like this for a while and there isn't any going back. The best you can hope for is industry wide rules banning overt squatting (i.e., taking a domain name and then not applying it to a site for a year), or a rash of new TLDs to free up demand.
I'm personally looking for new TLDs - any type of squatting rule is likely to choke cyberspace in ridiculous lawsuits.
Do you know what the "net" TLD is meant for? (Score:2)
Re:.ORG's and .COM's (Score:2)
Not that it really matters now. You could call this site clownpenis.fart and people would still come in droves.
Re:Cybersquatting makes me sick (Score:2)
Re:Looks like de Joode's trying to make a point. (Score:3)
Certainly looks harmless enough to me.
Two questions... (Score:3)
Two: Why won't this guy just let them use the domain name? He's not using it for anything. This isn't a typical squatting case either, because he's not even trying to sell them the name. Though frankly, that frightens me even more; what could he want with the name, if he doesn't intend to sell it or to use it for a legitimate site?
Abuse of the namespace... (Score:3)
Yes, and I've only seen one ISP (UUNet) which actually uses that as their primary address. Many of the other big ISP's hold on to the
Your useage is no less an abuse than "slashdot.org", another ridiculous misuse of the namespace.
What, then, would you suggest Slashdot's URL be? "Slashdot.com" doesn't fit, because Slashdot isn't really a commercial venture (the ads notwithstanding). "Slashdot.net" doesn't work for the reasons you just said. "Slashdot.gov" and "slashdot.mil" are obvious problems as well.
That's the major problem with TLD's; there aren't enough of them. Then again, that's because they were created in a time when no one had really come up with the idea of personal Websites or Weblogs or anything like that. If the slashdot.org name is an abuse of the namespace, it only goes to show that the problem is with the namespace itself, not the users. The namespace needs to be changed to reflect the times. Until it is, there's nothing that can be done, and
Re:Looks like de Joode's trying to make a point. (Score:3)
That said, my problem with the OpenSSH.org thing isn't that he got there first, it's that he's using it to advertise his site knowing that OpenSSH.org is where people will go to try to find information about (surprise) OpenSSH. If they wanted his site they'd have gone to FreeSSH for obvious reasons. I know that I, for one, usually think ".org" when I think of OpenSSH or Open anything. Even if he does have a legitimate claim to the domain and he isn't trying to squat it for cash (which he isn't), it would still be a good jester to hand over the domain (especially since they offered to pay for it) as an offer of goodwill.
--
Reject
woah (Score:3)
I think is the unique case we should give the Zedz guys a chance to comment on the issue publically before jumping to conclusions (which we all have done and are guilty of).
While I totally value the opinion of the OpenBSD team and the OpenSSH team I think something along these lines without any comment from the other (in my opinion) well respected party involved is a bit harsh.
Re:Hold Your Opinions (Score:3)
Dead or Alive, Mr. de Joot certainly is in the right here. The openssh.org site is not in anyway harming openssh. They're even providing the courtesy of linking to the projects site. OpenSSH should be happy that they're getting that much. They should have registered all of the TLD's, but didn't see it as being necessary, and apparently, they thought the .com was the one they needed the most.
Even the U.S. government has not been able to get around this mistake. There's the infamous whitehouse.com site, which is still active.
If someone came to me and said that I had to give them one of my domains, because they felt they had some right to it I'd laugh in their face. Simply because you're an open source project does not excuse stupidity.
Beyond all this, we're talking about the former Replay.com site here, now zedz.net [zedz.net] which has provided for years a good many of us with free crypto systems. They were doing a service years before OpenSSH was even thought of.
I don't use OpenSSH on my machines yet, and I was considering switching, but due to this situation where it appears they're in the running for a Slashdot beanie for "Open source domain bully" I'm going to boycott the product, until they play nice.
Re:I think you might have missed something... (Score:3)
that Mr. de Joode is a real, honest-to-god security/crypto/privacy advocate with a great deal of knowledge and experience and a long history of service to the community.
I'd be curious to know how long stupid-dot is going to allow this sort of defamation to continue and how long it's going to be until they get their spleen yanked out in a court of law over something like this.
Come on, this is Alex de Joode! (Score:3)
The OpenSSH advisory says that they don't know his motives. They're absolutely correct; they don't know his motives at all. They correctly identify de Joode as the one who started xs4all.nl, and they correctly identify him as someone who advocates widespread use of cryptography, but they fail to mention that he is a privacy advocate. They also fail to give any rationale for their accusations other than that de Joode refused to sell them his property, which is meaningless.
Visit http://www.openssh.org/ [openssh.org] and judge his motives for yourself. Other posters have already discussed the ludicrousy of boycotting the web site so I won't repeat all of it here, but have a little think: Why would the OpenSSH group want you to think that openssh.org, who points to openssh.com and to one other site, is evil?
Agreed! (Score:3)
And, isn't an unconditional boycott a pretty good way to prevent people from actually looking at the site and deciding for themselves if it was set-up with bad intention?
what are you referring to? (Score:3)
A search for Open SSH? [google.com]
A search for "OpenSSH"? [google.com]
None of them return the actual site near the top, neither the
Pablo Nevares, "the freshmaker".
Hypocritical Linux Community (including /.ers) (Score:3)
If you are all as high and morally right as the drivel you so often spout you have an obligation to support Alex de Joode in his legal right to use the domain he registered. Too bad if FreeBSD didn't get there first - they have their chance 2 years from now to beat Alex to the renewal process (if he hasn't succumbed to the pressure by then and given it away).
Don't whine about people who work within the rules. If you don't like the way the domain registration process works, try to get the rules changed!
I also hate to say it but most of the whining seems to come from Linux user wannabes who want to put all their pent up frustration into ridiculous vocal support of any Linux based endeavour. Use your brains people. I think Linux is great, but I don't think everything Linux is great. Be more selective about what you support. Complaining about domain registration just because a Linux company is affected is really lame.
openssh.org owned by replay/zedz.net (Score:4)
The Zedz guys seem to be pretty good people as far as free software goes. Makes you wonder what they plan to do with the domain, and why they set it up as a forwarder to openssh.com
This reminds me of the whole LinuxHQ/Kernelnotes.org fiasco...
You mixed up your dates.. (Score:4)
$ whois openssh.com@whois.corenic.net
Record created: 1999-10-25 08:44:41 MET by CORE-80
$ whois openssh.net@whois.networksolutions.com
Record created on 16-Nov-1999.
$ whois openssh.org@whois.networksolutions.com
Record created on 04-Nov-1999.
So it was
1) OpenSSH.ORG by our friend in Europe (04-11-1999)
2) OpenSSH.NET 12 days later by the OpenBSD people (16-11-19996)
3) OpenSSH.COM a further 9 days later (25-11-1999)
I don't understand why they don't just use
---
Is it *really* that important? (Score:4)
-- Moondog
Jesus, Now slashdot is attacking their own! (Score:4)
Domain Names are first come first serve. I hardly see how an OpenSource advocate who registers a domain name in the org top level to be a squatter when he is using it for related purposes (or any purposes.. he paid for it, he was there first, He took the initative that the SSH group did not.) Big deal! They were caught sleeping.. they loose.
Like it or not (I don't much like it anymore) Slashdot has some power over this OpenSource comunity and this is a clear abuse of that power. The poor guy's web page is being flooded, his email box is being flooded with lamer flames and Slashdot is directly responsible by posting this story.
You've twisted the SSH announcemnt to incite anger among your members, You're using your members as a tool for your own personal attack on a person who was well within their rights to register a domain he felt he could use for his benefit.
Some animals are more equal than others?
PIGS
Today will be the last day I participate in this madness which is called Slashdot. Today is also the day that I buy that Dell computer instead of a VA Linux system.
They are a threat to free speech and must be silenced! - Andrea Chen
a slight bit of interest (Score:4)
Registrant:
Open SSH Project (OPENSSH2-DOM)
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL
Domain Name: OPENSSH.ORG
Odd.and the page is simply a link. Looks like this guy registered the domain name for the project. We need some more information on what this guy is doing before an honest opinion could be made.
A Proper Analysis of OpenSSH's proposed boycott (Score:5)
The name was taken by a someone not affiliated with the OpenSSH development team when news of OpenSSH was first leaked to the community.
Hmm, "when news of OpenSSH was first leaked." Let's look at those seven words, shall we? When was this news leaked?
Performing a search on this here web site (Slashdot for those not in the know) for "openssh" yieds two results. This very article, and one from November 18, 1999, entitled, "OpenSSH Project Now at openssh.com."
Next I moved to LinuxTod ay.com [linuxtoday.com]. They have articles for everything under the sun. Their first article mentioning OpenSSH is one at Security Portal dated October 27, 1999.
I search Google (both plain Google and the Linux subsearch), and they have never heard of openssh.
Finally, I visted the very site for this project, openssh.com [openssh.com]. Looking for an "about this project" sort of link, I clicked on the Project Goals [openssh.com] link right up at the top of the left column of links. What's that it says at the very bottom? "OpenBSD: goals.html,v 1.4 1999/11/17 14:14:15 provos Exp $" That looks much like a cvs (or related) entry. That date is November 11, 1999. I also visited the link to the devel mail list archives, and the earliest date there is November 16, 1999.
Looking at all these, I'd guess their formal announcement was around November 17. But the "leak" award goes to Security Portal on October 27, 1999. I'm sure they got their information from somewhere else, but I'm tired of searching.
Back to the letter, Mr. Bertrand says, "The OpenSSH developers wanted to register under the
Ok. Well that sure sounds unfortunate. Let's take a look at when they registered openssh.com, shall we? Returning to my favorite domain searching services, whois, it yields October 25, 1999, as the date the record was created. What's this, I see? That looks a lot like a date before the openssh.org was registered. It's even two days before the slight mention by Security Portal. So, they "settled" on the COM top level domain ten days before the ORG one was "taken by a someone not affiliated with the OpenSSH development team." Uh huh, sure thing buddy.
Next Mr. Burtrand discusses the owner of openssh.org, "Mr. de Joode has repeatedly refused requests to sell or turn the
Since when must anyone turn over a domain to anyone who asks for it? In my book, domain names are a first-come, first-served service. The OpenSSH group had plenty of time to register any domains they wanted. What if the real SSH group wants the openssh.com domain? Would you, Mr. Bertrand, be so giving and just surrender it?
Now comes the discussion of openssh.org's web site, "The OpenSSH.ORG web site currently is a blank page with a link to the official site."
Ok, this is somewhat true. Going to openssh.org [openssh.org], you are presented with a link to www.openssh.org. But Mr. Bertrand, did you really stop reading there and not see a few blank lines below (9 lines if you telnetted to port 80)? From openssh.org's page I quote, "For information about OpenBSD' OpenSSH implementation please goto..." and they link to the OpenSSH group's web site, openssh.com [openssh.com]. This ommission is purely ridiculous, Mr. Bertrand.
Finally, Mr. Bertrand pushes one of the hottest buttons in the community, privacy. "This is more than just a request to boycott: there could be privacy issues, possibly data mining or building a mailing list of security conscious users. We simply don't know Mr. de Joode's motives, and we recommend caution." Hmm, a very strong accusation. None of us like being spammed, tracked where we go, etc. So, I asked myself, "What data mining is openssh.org doing?"
Let's take a gander at the HTML source code. This site is afterally a mere two pages. There could be some JavaScript performing some hidden actions users won't see when just using Netscape (or other JavaScript enabled browsers). And there it is, plain HTML. What?! No fancy, shmancy Netscape Composer, FrontPage or other editor META tags? No META tags at all to con search engines to pointing to them instead of openssh.com. I find it refreshing that someone else codes HTML in plain, simple HTML. But I see nothing hidden here.
Ok, but I have my Netscape set to just accept all cookies. I could have been slipped one of those and now they have access to my whole hard drive, right (I'm kidding, of course)? Let's give the Netscape cookies file a good grepping, shall we?
316-1 Mon/11:55pm ~> grep -i ssh
317-1 Mon/11:56pm ~>
Hmm, exactly zero references to anything SSH related. I still haven't found any maliciousness. What about the "building a mailing list" bit? I've seen many sites with "Click here to receive our free newsletter" sort of links. No doubt many of them then give out your email address to every spammer in the universe. Is there any similar line in these web pages? Not that I can see, the bottom of the second page does contain a simple "For more information about freessh.org, please contact:" mailto link. I haven't sent an email to that address yet, so I can't say if it's a secret email net. But since I'm sending this analysis to Mr. Bertrand, I'll send one to that address as well with a brand new email address. If I get spammed there, I'll know who's to blame. If openssh.org really is using this link to catch people for a spam list, I must sahe's doing a poor job of it. At least claim you can get free porn if you send an email.
In closing, as Mr. Bertrand says "Any help or suggestions in breaking the deadlock are appreciated.", so I say, Mr. Bertrand, I sincerely hope you recosider your position, because well, it has no leg to stand on. A) You registered the
If a reasonable agreement between these two parties is made, that's great, but to seek out the outrage of the free software communities by deceiving them like this is not the way to go about it. I sincerely hope you reconsider your position Mr. Bertrand.
Thank you.
John Corey
Copies sent to both Mr. Bertrand and Mr. de Joode.
Whois the two. (Score:5)
openssh.com: "Record created: 1999-10-25 08:44:41 MET by CORE-80"
openssh.org: "Record created on 04-Nov-1999."
So, I'm no domain expert, only have one myself. But I think, correct me if I'm wrong, that the OpenSSH group registered the
This does sound like whining, and though it's nice to see a project like this hq'ed here in the Peoria, IL area, I will have to give my vote to the
You have to wonder (Score:5)
In this case at least, some of the blame lies with the OpenSSH project noy claiming the domain before announcing their project. I mean really, what does it cost? A whopping $15/yr to register?
Whats even worse is that this story posted on Slashdot could be interpreted as a veiled threat. Not cool. I'm all for OpenSource but this subtle bullying is BS in my book.
Yawn (Score:5)
Conclusion: WE MUST BOYCOTT!!! He might be doing something awful!!!
Am I the only one who doesn't understand this response? I think the motives of OpenSSH.com in posting this warning are every bit as strange and unfathomable as Mr. de Joode's in grabbing the site.
(Sorry for injecting a touch of sanity into a
--Shoeboy
Looks like de Joode's trying to make a point. (Score:5)
--Shoeboy
They already have openssh.net (Score:5)
$ whois openssh.com@whois.corenic.net
Registrant Todd T. Fries (template COCO-21730)
OpenBSD, the REAL open group
Record created: 1999-10-25 08:44:41 MET by CORE-80
$ whois openssh.net@whois.networksolutions.com
Registrant Todd T. Fries (template COCO-21730)
OpenBSD, the REAL open group
Record created on 16-Nov-1999.
$ whois openssh.org@whois.networksolutions.com
Registrant:
Open SSH Project (OPENSSH2-DOM)
Zaanstraat 250
AMSTERDAM, NL-1013 RZ
NL
Record created on 04-Nov-1999.
Looks to me like the "real" OpenSSH Project registered the dot com first, this other guy grabs dot org, then they got dot net. So why did they grab dot com first? Looks like they screwed themselves.
Anyway, what's the big deal? Even Network Solution suggests that you get all three dot com, dot net and dot org to "protect" your company. Only dodgy purists still stick to the old conventions.
Why even publicize this at all? All the documentation and downloads will use whatever the official openssh URL is anyway. The web already has a way of routing around misinformation.
Also, do open source project automatically have a right to the dot org? I think this is presumptuous. What makes any project "the official" openssh project other than when it becomes the de facto standard? Maybe this guy has a right to create another open source or proprietary "openssh" package.
Is this reallly squatting? (Score:5)
Just because the OpenSSH group happens to have want the name does not mean that they have a right to that name. I think that it is in very poor taste to boycott the OpenSSH.org. It seems almost arrogant in fact, to presume that just because Mr. Alex de Joode does not wish to deal with them with regards to the domain name, that he has ulterior motives. A simple message warning people that OpenSSH.org is not affilated with the OpenSSH group would have surely sufficed.
Re:Is this reallly squatting? (Score:5)
The post by the OpenSSH developers strongly implies they think they are solely entitled to OpenSSH.org. Wrong. Are we so quick to forget eToys.com versus etoy.com? Were no lessons learned?
It is unethical for a group to bully others just to acquire an asset. Mr. Alex de Joode has done nothing wrong except to own something the OpenSSH developers want. The OpenSSH developers should be reprimanded for believing they have some right to demand that Mr. Alex de Joode "sell or turn the
Hold Your Opinions (Score:5)
For that matter, if Mr. de Joot has simply not replied to any emails, it may be that he has passed away (don't laugh; it happened to Duane Blehme, a Macintosh shareware programmer years back).
It would seem to me that the wise things to do is to wait and hear from both sides. Remember the Uruguayan Linux fiasco awhile back? We don't really want a repeat of that hysteria, do we?