Half-Elf on Tech

Thoughts From a Professional Lesbian

Category: How It Works

  • IMAP

    When I first got email, it was long before Hotmail was a reality, let alone this concept of unlimited Gmail storage. Email was tightly controlled and maintained, with ‘free’ accounts being unheard of. If you didn’t get an email with your college, you didn’t get email. High School students, like I was in the baby-internet days, didn’t need email. This worked out to a lot of advantages, keeping kids off the nasty places in the ‘net simply by virtue of requiring an email address to log in.

    Initially, we all used PINE for email and logged in via telnet into the server to access everything. ‘finger’ was a useful command, and you knew everything you needed to that way. I liked having all my email in one central location, since you always knew where to go to get it. But there were down-sides to this, of course. If the server was down, you had no way of reading your emails!

    Shortly thereafter we got access to Eudora and POP3 email. Post Office Protocol version 3 (POP3) let you download your emails to your computer, putting the onus on you for maintaining and deleting your mail. It was deleted from the server once you downloaded it, and it was only on your computer. Initially, I was able to stash everything on a single floppy, or two depending on how I felt about things, and Eudora was just as useful as I wanted it to be.

    For over a decade, I used POP3 and I was happy with it.

    This last year, I’ve been using webmail on my laptop, while leaving my desktop running some lengthy process, and then later downloading everything to the desktop. This shortly became inconvenient, and while I could copy everything between the computers, I didn’t really enjoy it, and it was becoming a pain in my ass to run the sync. Not to mention webmail when you have one account is fine, but when you have 5 or 10 (long story) you want to shoot someone.

    I’ve always known what IMAP did, but for whatever reason it never appealed to me. Basically, where POP3 downloads the email to your computer, IMAP (Internet Message Access Protocol) leaves it on the server and allows you to synchronize every time you access it.

    E-mail clients using IMAP generally leave messages on the server until the user explicitly deletes them. This alets multiple clients to access the same mailbox. Most e-mail clients support either POP3 or IMAP to retrieve messages; however, fewer Internet Service Providers (ISPs) support IMAP. Basically POP3 offers access to a mail drop. IMAP4 offers access to the mail store.

    Now there are downsides to IMAP. Once you delete that email and purge it, it’s gone. Forever. Quando is gone forever, sire (Only my father will get that reference *sigh*). And if your ISP takes a walk, you lose all your email forever. Except I really don’t keep a whole lot in my email any more, when I get around to it. I store bills and stuff for a while, but that’s really it. Everything else gets saved offline to a folder or deleted. If it’s something I need access to from multiple places, maybe I’ll keep it in the email for a while. But usually not.

    So for now, it’s IMAP for me.

  • Why Wiki?

    I like the site I have for my RPG a lot, but it’s very big and often unwieldy.

    So I started to think about the ways I could simplify it, make it easier to use and easier to navigate. The first idea I had was a Wiki. I want to point out that when I started with a CMS (which I still love for what it is), I spent a lot of days going ‘Oh, my head! I’ll never get this.’ So I expected the same here.

    What ended up happening, over the course of a month, was the realization that while the CMS is a little pain in the ass to navigate, it works better for what it needs to be. Everyone who uses it has a blog, and I’ve put so much effort into customizing it that really, the only part that would be helpful is if the ‘encyclopedia’ for the site was a Wiki. At that point, however, it wouldn’t be ‘linked’ with the CMS I have so I’m fucked. Not in a bad way, just in the ‘this works, it works 90% of the way I want, and there’s no reason to screw with it.’ If Slayer ‘reboots’ and we start a new game, I may try something different. CMS was an experiment, and it was successful.

    But … I do have another site that might benefit from an encyclopedia. About 150 individual pages of information, contextual and informational. Okay that was a little redundant, I’ve had a long week. But still 150 pages. And maybe, just maybe, updating it all, by hand, alone, is a bad idea. After all, there’s stuff I’ve never finished because I don’t have gobs of free time. And as proved by the forums on that page, people want to talk and help. So how can I combine that with an ‘easy’ to use back end, and a not-terrifying to use front end?

    Wiki.

    Okay, so it’s got a crappy admin side and if you’re not a coder you’re going to cry setting up MediaWiki, which I did and I am one. And some users are skeptical about how to create pages and … it’s been 2.5 months and of my 32 users (yes! 32!) four people (besides me) have added information. Hell, having one person add information is helpful to me, so I call it a success.

    There are 1314 total pages in the database. This includes pages about the Wiki, minimal “stub” pages, redirects, and others that probably don’t qualify as content pages. Excluding those, there are 291 pages that are probably legitimate content pages. Of the 291 pages, 150 or so came over as a direct copy/paste import (and some clean up), and 140 or so were added special to the wiki because I had more ‘flexible’ room.

    That flexibility is what drove me to Wiki. You know, when you make a new website, it’s a pain in the ass to link everything up the way you want it, and you have to come up with some sort of structure that will make sense to everyone and you hope they can follow it?

    Wikis piss that out the window and laugh at your ancestors.

    That’s a joke, son.

    Wikis aren’t linear. Wikis are fluid and organic. They grow in the direction they grow because there is information to grow in that path. Not to say there’s isn’t a rhyme and reason to the site, but a Wiki accepts the fact that things criss-cross and double back and take weirdo curves and twists when you’re not looking. Of my 291 pages, only 61 don’t link back to something else, and even so, I’m taking the time to go through those pages and cross-reference. Yes! That pain in the ass, time consuming project of ‘Doesn’t X refer to something over on Z?’ A Wiki links all those up with a simple, easy code [[Page Name]]. Thats it.

    Okay, if you’re an HTML coder (guilty), your brain has a moment of pain looking at this. Another fsking pseudo code language to learn? First HTML, then BB code and now Wiki Code? 90% of the HTML I’d want to use work on a Wiki. The only ‘argh!’ moment I have is with headers, and even then it was easy to fall into that code mind-frame.

    So what did I learn?

    To run a Wiki you have to let go of control. And that’s really hard. If you have a ‘normal’, let’s say traditional, website, you have a small number of people who can update the site. You have a set design the site maintains. You have templates and standards and such. For a Wiki, you have to step back and say ‘This is the site, this is how it looks. Please add more information, but we’d like to keep the feel we have.’ Yeah, you can follow along behind people and clean up what they do (some people use wacky grammar, others use l33t speak), but essentially you’re giving room for their voice.

    You can’t take that away once given.

    Well, you can, but you’d be an asshole.

    Running the Wiki has made me a ‘kinder’ person, sort of. I’m more laid back with people who post in perplexing grammar on the forums. I’m not going to be a firm rule-mistress. Okay, maybe on the Wiki I’ll be a little more the enforcer, but there’s no reason not to give people chances.

    Of course, I still can’t figure out what the hell “I love to but deberia to allow him grissom sara to love it also” means!

    By the way, why did I choose MediaWiki, over something more use friendly like TikiWiki or something ‘prettier’ or something easier to hack? Well, I actually tried out a handful of Wiki’s before I settled on this one. I’d load them, make a couple pages, toggle around and see what I thought. The one I picked was the one that felt right to me. You might think differently.

  • Sed quis custodiet ipsos custodies?

    Who watches the people who watch what I do on my computer?

    Like many corporations these days, my office has instituted a ‘no internet for personal use, thank you’ policy, which has trickled down to no use of personal email. I won’t begin to snark about how I feel there, since frankly, I can see both sides of it and I know it’s a matter of me not liking it.

    I still spend a significant time on the net, but frankly, I’m looking up information about the desktop, security, etc. And if I get yelled at for it, well, I’ll have to ask what they mean by ‘for work only’ since I think I’m not causing much harm and I’m still ass kicking my projects.

    Who keeps an eye on the people who are monitoring my internet usage?

    Who keeps an eye on the people who monitor the databases where my personal information is kept?

    The other day, while venting about something stupid at my office, we talked about the latest security breach at a major company (Lexis-Nexis). Personal information was shared all over the place. Credit card information, you name it, it was hacked. And no one knew how much stuff was snagged or who was affected.

    Pause and do that golf clap as you say ‘… Well done!’

    I’m considered a mild paranoid (I don’t think everyone’s out to get me, but I keep abreast of the issues in personal privacy/security). I was asked if I was worried. No, no I’m not. Because I know for $8 or so, I can dig up the personal information, credit card history and rating, criminal records, drivers information, and a slew of other things. And yes, I did mean $8. That’s the second lowest rate I could find for paying a PI type website to snoop. I’m pretty sure if I asked at my local spy shop- excuse me, locksmith- I’d get a better and more secure rate.

    Don’t think for a second I’m going to give my credit card information to a website that specializes in, oh, selling information. That’s right up there with Tossed Salad Man and shooting my own ass. But. I also tossed the idea of becoming a licensed PI for Illinois just to have access to the cool tools I know Veronica Mars uses. Yes, it’s a TV show, shut it. I’m just saying it would be cool to be able to pull up that information when I wanted to. For a monthly fee.

    But that has it’s own problem. What if you, like this poor woman in Florida had your Sheriff get your personal information from the DMV? Okay, so he could have gotten the information he wanted off of Google. Instead, he used a very legit tool for a squidgy reason. It’s not illegal per-say, but maybe it should be.

    What’s to stop a bank teller from looking up a neighbor’s bank account? What stops Mrs. Landingham my IRS person from taking my personal information and ripping me off?

    Social conscience.

    And we all know how reliable that is.

    I’ve known for years that anyone who knows my name can find out a shit load about me. A stalker could find my address and phone number, regardless that the latter is unlisted. Hell, I own a domain, and I know exactly how easy a whois would be for anyone looking for me.

    Not that I was a hell of a lot safer pre-internet. A couple phone calls, a trip to the DMV, and bam. After all, it has to be legal for a Repo Man to, well, repo. So the information must be accessible. It’s only logic. Next go look at colleges. Every last stinking one I’ve been to uses your SSN as your student ID. Easy to remember for the student. Easy to tie into databases for the school. And when I got a bill? Damned if my SSN wasn’t printed right there on my bill. Everyone knows (or should) that tampering with mail is a federal offense, but let me walk you through how my mail was delivered on my high school campus.

    1. Mail is sent to a PO Box
    2. Mail is picked up by a teacher
    3. Mail is sorted into two piles ‘Teacher’ and ‘Student’
    4. Student mail is put in a box
    5. Student assigned to mail takes the box to our unlocked, public mail boxes and sorts
    6. Students pick up mail

    We’re trusting three key elements here: the guy at the PO Box, the Teacher who gets and/or sorts the mail, the student who ‘delivers’ the mail.

    Yeah, your personal information has never been secure. It’s just faster to find now.

    It’s weird, but I’m going to bring this around to the Pope, so hold on for a sec.

    Bruce Schneier wrote a great article about Hacking the Papal Election, when he explains the ins and outs of how they vote. The short story is this: Hacking the Papal election is nigh impossible! The entire thing is manual, so no hanging chads or manipulated computers. Only the Cardinals are allowed in, and it’s not like you can play dress up and sneak in. You have to walk up, in front of everyone, to vote, and since the votes are counted twice and chucked if there are too many or too few, you can’t stuff the ballot. The only places where it might be easy to change votes is when the votes are counted the second time (the person could slight of hand a vote, though given the dresses- I mean robes– they wear, it’s hard), or when a transcriber writes the vote for a Cardinal who’s unable to write. And if you get caught doing that you get excommunicated. So not worth it.

    I bring this up because it goes back to social conscience. What ever you think about the Pope and Catholics, you can probably agree with me when I say that these Cardinals really want to do the best job they can. They’ve got so much shit thrown at them, from JPII being so damned popular to sex abuse and STDs that they need to get some positive spin on them. In their case, it’s freakishly reliable that they’re going to do the best they can. Now, I do think there’s a lot of bullying, bribery, promised, etc going on pre-vote, but I expect that. “If you vote for Cardinal Glick, I’ll tell everyone about the hooker you had in your room when we were just priests.” See, I’d totally do that shit, and you know they would too. I know the votes are secret, but you can’t expect me to believe people won’t try and persuade each other.

    How does this reflect on security and your personal information?

    It’s indirect, I admit, but follow this: Personal information which is compromised leads to identity theft, which can be used to commit voter fraud, which can re-elect George Bush, but which can’t be used to make an American the Pope.

    Yeah, you were worried about your money.

    Okay, look, here’s the real point of all this: You’re not safe. You never were and you’re really never gonna be. There are things you can do, starting with paying better goddamned attention. Get an email that looks iffy? Delete it. Buying stuff online? Make sure it’s from someone you can trust. Have a different password per site that you use in conjunction with your money. And be careful.

    You know that you can’t rely on the social conscience of others to not fuck you over, so all you can do is keep a close watch on what you do.

    After all, how is it any more secure to pay for your dinner with a credit card than it is to do so online? They take your card to a back room, run it through the card scan to make sure you can pay, and bring it back. Shit, they could photocopy it in that time, and they have an example of your signature!

    Which is why all my cards say ‘Ask for ID.’

    And people so rarely do.

    I don’t have the answers, but if this blog has scared you then I’ve done my job. Be aware.

  • How do people on the internet know who you are?

    This came up when someone on a bulletin board I frequent sounded a little freaked when the moderators said that they monitor people by their IP address. The problem this board was having was pretty simple, actually. People would sign up with multiple accounts for various reasons, and then over the course of time, reply to themselves. The moderators were complaining that they couldn’t understand why someone would want to have multiple IDs, and one or two of the users were complaining that the moderators knew their IP address.

    Stepping back for a moment, I realize that I’m pretty young, but for my entire life there have been computers. The first home computers showed up around the same time I did, and I really have to take a moment to consider life without the personal computer. Back when I was in elementary school, my grandmother had a DEC terminal hooked up over a phone cradle/modem to her company server to do the books over the weekends, and when I wanted French toast, I’d use the computer to balance books and she’d cook. Personally I think it’s a small miracle nothing went wrong.

    When I was in high school, my friends and I had found the magic of on-line gaming. Text only stuff, or sometimes dialup to a bulletin board system and news groups. None of us actually had our own accounts, and email was a mythical monster we all wanted but didn’t have. Shortly there after came things like Hotmail (back before it was Microsoft Hotmail) and college, which gave us all our own email addresses and virtual identities. Those college IDs had access to a tool I rarely see used now, finger. Via a UNIX terminal (accessed mostly by telnet), we could ‘finger’ a username and find out who the person was, where they lived, and if they’d updated it, what they were interested in. This was nothing compared to what homepages and domain names give us now, but then it was the best thing. We were people. We had identities. We had communities.

    Not far into college, I started to wonder how safe it was to have personal information like that all over the net. My father was working in risk analysis and assessment, so I suspect it’s only natural my thoughts drifted that way. It was at that point I started researching how my identity was maintained and who had access to it.

    How do people know who I am? Bizarrely enough, the first image that comes to mind when I think about this is an old “George Burns and Gracie Allen” radio sketch. Their accountant has come over to drink and commiserate with George and says that Gracie had just been by to do her taxes. He tells George that when he (the accountant) asked Gracie for proof of identification, she opened her compact, looked in the mirror and says ‘Yes, it’s me all right.’ Were it only that easy. In the ‘real world’ I carry IDs with me to say that I am who I say I am. At work, I have a badge with electronic access and a picture ID, to let me into rooms.

    It doesn’t translate all that clearly to the virtual world, however. Microsoft, at one point, had a Passport application that let you use one ID all across their myriad of networks. This has fizzled. Yahoo! had a Yahoo! Wallet feature that is still in use, though even websites that use Yahoo! to sell their wares hardly use it, it seems. The concept of a single point of contact for peoples’ money is unpopular to many people, and this should be surprising. Everywhere you look, people warn you about identity, and I see the lack of faith anyone has in submitting their personal information to one location as a heart warming experience. At last! People are aware!

    And yet, as evidenced by my experience on the bulletin board in the beginning of this tale, that’s not the case.

    People didn’t like Microsoft Passport for the same reason I don’t have Quicken learn all my passwords for my bank accounts. They make me use an additional password to access my other passwords. It’s easier for me to just keep a spreadsheet of all my passwords and use that, then memorize a third (or fiftieth) password. Realistically, this makes sense. Either you have one password (or password schema) for all your accounts, which makes them easier to hack, or you have a thousand different ones and struggle to remember them all. There’s no easy win.

    So on that bulletin board as mentioned above, you have an ID and a password. On the best systems, the moderators have no idea of your password (YaBB’s Gold version, which is a CGI board, actually saved passwords in clear-text!). And yet anyone who’s visited an online community knows that there’s a certain amount of people on the internet who have fun making your life stink. They like to post rude things that have nothing to do with the topic at hand, they insult you, they use language that makes the paint peal. Even if you don’t mind a bit of foulness, these are the people you look at in wonder. How on earth did they get out of elementary school?

    It’s the duty of the moderators to school those people in proper net etiquette. I’m not going to delve into what is and isn’t good posting, but my short comment on that is that it pays more to be as thoughtful of and respectful to your fellow posters as you would to someone you were talking to face to face. Listen to what they say and reply in an easy to understand manner. There’s a time and place for l33t speak, and you’ll know when it is (if you have no idea what that is, go to http://www.bbc.co.uk/dna/h2g2/A787917 and keep in mind some kid in England turned in a one page essay written like that, the f00).

    How you’re known on the internet is how the moderators can contact you and reprimand you for your wrong doings. Sounds fair, right? So how do they know? That’s surprisingly simple.

    1. Your ID
    People use IDs they can easily redeemer. I have the same account name at Yahoo, Hotmail and Gmail. If I was logged in as, let’s pretend, HintOfTheWeek_111, and I was making trouble, the moderator would likely run a quick Google on that ID and see if you were known elsewhere. When I had a hacker attack a board I moderate, doing that lead me to two notices right away. The first said that he’d done the attack before. The second included how to fix it. Very helpful.

    2. Your email address
    Most boards make you show an email address, at least to the moderators, when you sign up. This is, again, for accountability. They can use that email address and Google it as well, or they can just email you and chastise you. That’s my preferred method, by the way. A private ‘Hey, idiot’ always seemed more polite then being publicly brought to task on the boards where everyone can see it. Mind you, a lot of people sign up with freebie accounts, and never check them, which is why you end up looking at …

    3. Your IP address
    Every time you post to a bulletin board, every time you make an ID/Password on a website, check your web email (Gmail, yahoo, hotmail), every IRC session, online game, etc you log on to, your IP address is recorded. That’s the way the world works, and it’s the only way places have of holding people accountable for their actions. And if that scares you just a little, well good! You’re paying attention. Information is power, and you’re trusting the moderators to use that power wisely.

    On most bulletin boards, moderators would rather ban you from posting using your ID or your email address. The IP address is tricky. While, technically, it’d very easy to implement, it comes with some major drawbacks. Banning someone by ID or email means they can just make a new ID with a different email. Given how easy it is to make new email addresses, you can see how this is a problem for the moderators. The reason the IP banning is viewed as a last resort is that it causes a lot of damage to innocent bystanders. This has to do with how IP addresses are used, as well as what happens when people use dial-up and proxy servers.

    If you use dial-up, your IP address is going to change every time you connect to the internet. That makes it near impossible to ban you. If you use a proxy server (like the Northern people do at work), everyone shows up using the same IP address. You can verify this by getting a couple people around you to go to http://www.whatismyip.com/ and compare.

    This means if I, as a moderator, ban an IP used by a dial-up user, everyone else who uses that IP gets banned. And in all likelihood, the person I wanted to ban is on a new IP address and doesn’t care at all. If I ban an IP used by a proxy, everyone else who uses that proxy gets banned. In a way, it’s a no-win situation. The only solution for board moderators is constant vigilance. If two different user IDs with the same IP starts posting things that look way too similar, and are upsetting people the same way, then it’s probably the same person.

    What does all this mean for you? Now you know how you’re monitored, and in theory how to beat it. But that’s not enough. If the fact that the people who write viruses like Sasser can get caught isn’t enough of a hint, I’ll spell it out. Even if you’re using obfuscating tactics, you can get caught. To date, there’s no 100% fool-proof way of hiding who you are on-line. If you use a proxy server that used by a known troublemaker, you may find yourself unceremoniously banned. If you’re the bad person using the proxy, a court order can make them cough up your real IP address.

    Admittedly, there a many legitimate reasons to have two IDs on one bulletin board. There are many understandable reasons to use a proxy server. I’m not proposing a solution, but I feel that everyone should be aware of the reality of internet usage. In the age of heightened security concerns and identity theft, it’s important to know how some people are getting to know all about you.

    Before you get all scared, the amount of damage that can be done with your IP address, provided you’ve implemented the latest and greatest security patches from Macintosh, Microsoft or whatever other OS you might have, is minimal. They still need passwords and IDs to your computer, among other things. So if you’re essentially a decent person and you don’t knowingly break any laws, don’t panic about logging onto a bulletin board.

    On the flip side, assume that someone knows where you’re logging in from. It’s just safest.

    Helpful Links:
    What an IP address is
    Yahoo!’s explanation of IP addresses and privacy
    Determine what the rest of the world sees as your IP address
    What is ‘l33t’ speak?
    Home Computer Security

    PS: There’s a fairly humorous link I was given once, and it never fails to make me laugh. It’s a 1940’s style intro to posting on the internet: http://albinoblacksheep.com/flash/posting.php

  • 0.0.0.0

    An online friend of mine had a minor rant on a public chat channel we’re both on, about Verisign and their new ploy. It seems that they’ve goofed a little with the net and DNS, in a way that’s upsetting to most webmasters.

    By the way, before you think I’m this smart, I had to look up a lot of this, and my net-friend was VERY patient with explaining it to me.

    DNS is Domain Name System and is a distributed Internet directory service. DNS is used mostly to translate between domain names and IP addresses, and to control Internet email delivery. Most Internet services rely on DNS to work, and if DNS fails, web sites cannot be located and email delivery stalls. Basically it’s the numerical ‘address’ of your domain name. A DNS server holds a record of all those addresses and says ‘numerical address equals foo.com’ when you try to go to foo.com, and passes you to the server at the correct address.

    Example: Ipstenu.org has a numerical address (or IP address) of 64.91.224.2, so technically http://64.91.224.2 should take you there. Now if you clicked on that link, you know it doesn’t. That’s becuase that address is shared with a ton of other domains. Think of it as an apartment building, and 64.91.224.2 is the street address. Some people own their own homes, so their numerical address is the same as their domain name. I’m not one of them.

    Okay, so now we know what DNS is and why it’s a nice thing.

    So what happens if you go to a URL that doesn’t exist? Say http://swerqwrwrwere.org/? I’m at my office, so I get a fancy error page telling me “A DNS lookup error occurred. The host was not found.”

    “A DNS lookup error occurred. The host was not found.” simply means that the web server you’re trying to access does not exist, at least with the name that you typed. Check for a typo (computers are picky; the name must be exactly correct). This error might also mean that the site that you were using yesterday is no longer around; maybe the owner didn’t pay the bill. And sometimes sites simply “drop off” the Internet for a while.

    If I was at home, it’d be my browser beeping saying ‘Can not access site!’ In a way I like the office errors better. I get the error right away and bam, I know what’s up

    What about http://swerqwrwrwere.com? It should be the same thing, except that thanks to Verisign, it’s not anymore.

    Who’s Verisign? Well, they’re like the post office, to use my apartment/house metaphor above. They control the address numbers and what they translate too, for the most part. In the case of the house, it’s a direct relationship. Address number blah equals foo.com, end of story. In the apartment side, it says 64.91.224.2 is really Liquidweb, and hands the request to them, and it’s Liquidweb who sees your asking for http://ipstenu.org/blog, and passes the right data back to you. It’s an extra step.

    Verisign is not the only ‘post office’ around, but they’re the biggest.

    On September 15th, Verisign made a teeny change. Normally, when you go to a site that’s down or doesn’t exist, you get the DNS ‘whoops!’ error. As of the 15th, Verisign made a change that said ‘all fake .com and .net addresses point to THIS address, instead of nothing at all.’ This means that http://swerqwrwrwere.com and http://swerqwrwrwere.net now point to http://sitefinder.verisign.com/lpc?url=swerqwrwrwere.com &host=swerqwrwrwere.com and http://sitefinder.verisign.com/lpc?url=swerqwrwrwere.net &host=swerqwrwrwere.net instead.

    See that first part of the line: http://sitefinder.verisign.com

    Now if you go to a .com and .net domain that doesn’t exist, you get served up Site Finder, instead of an error message.

    Problem One: Ethics
    It’s not illegal, but it borders on unethical, since now Verisign has turned domain name typos into an advertising opportunity. Okay, so in the past typing Yahooo.com took you to a page someone else owned, but that was the point. They owned the typoed domain name, so you were really going to a legit website. Irritating as it was, it was right. Back to the address metaphor, just because 1235 Clark and 1235 Clerk street are similar and you went to the wrong one doesn’t make it the fault of the company that 1235 Clark is a restaurant and 1235 Clerk is a strip club. You should have read better.

    Problem Two: Net Traffic
    Currently, I can’t actually get to http://sitefinder.verisign.com from the office. Oh, sure, I can tell it exists, but I can’t reach it. Why? It’s too busy serving up pages for every URL that doesn’t exist. And you can bet some geeks are ‘erroring’ in their typing to slam the fuckers. This causes traffic on the net that really isn’t needed. This acts like a Denial of Service (DOS) attack on the DNS root servers. There are less than 20 in the world, and hammering them is a bad idea.

    Problem Three: Ownership
    Does Verisign actually own the domain name http://swerqwrwrwere.com or http://swerqwrwrwere.net ? No. So how come THEY get to decide where those names point to? They’re not the only fish in the sea, though yes they’re the biggest. The little fish must be pissed. This doesn’t actually infringe on the rights of the other, smaller, DNS hosts, and they can refuse to server up any pages from http://sitefinder.verisign.com (which I hope they do).

    Problem Four: Email
    One of the ways to avoid Spam is for an email server to check the URL of the sent email against the IP address. Does ‘1235 Clerk Street’ equal ‘Scarlett’s Gentleman’s Club’? Yes, okay, that’s legit. No, and the email is rejected. This ‘no’ error is commonly called a 550 error. What Verisign’s doing is effectively erasing the 550 error, by saying ‘1245 Clerk Street’ is a real place because when I go there, it says http://sitefinder.verisign.com … and now that spam email gets delivered because your email server thinks it’s legit.

    Going back to Verisign the post office, they host DNS servers, the big database of ‘address = company.’ The DNS servers hold that huge list, and when you request one not on it’s list, it passes you down it’s child servers until it finds a match. If there’s no match, it errors 550 and stores that for faster response later.

    It’s pretty complex.

    The summary is this: Verisign is making your typo into an advertising venue that increases lag time on the net and possibly can cause more spam to get through your filters. The only known cure is to block http://sitefinder.verisign.com on your personal blacklist.

    For More Information:
    VeriSign Hijacks Unused Domains
    All your Web typos are belong to us
    Inventor Says Search Service Won’t Break DNS
    Verisign’s post about the change