The panel on "The Future of ICANN and Control of the Web" looks rather intriguing and, given the panelists, might cause a few sparks to fly.
]]>People who diagnose and repair networks have long experienced the truth of that title - no matter where you happen to be, the test data you need to know can only be acquired by being somewhere else.
In my own experience at Wells Fargo in the 1980's I more than once had to run back and forth through the streets of the San Francisco financial district, often at 3am, to check circuits and devices on a malfunctioning network path.
Telco people long ago learned to incorporate "remote loopback" and remote testing capabilities into their devices. Internet people have not been as smart.
Today's state of the art of network troubleshooting is a individual practitioner, a person who has deep knowledge and experience with the net from the bottom to the top, who carries his/her own ad hoc toolkit of favored hardware widgets and software packages, and who is tired of being called at 3am to fix some routine network outage.
Today's net is filled with sorry excuses for equipment that can't recover from routine outages. How many home ADSL modems lock up every few days or whever the telco drops the phone circuit for a few moments? The usual repair is the old-fashioned, brute force, but quite effective power cycling of the unit. Why are not these devices designed so that they recycle themselves when they fail to perceive a flow of IP packets for an extended period of time? A little self-introspection and self-recovery could go a long way.
I've long been on the quest to build the Internet Buttset. My 1993 product Dr. Watson, The Network Detective's Assistant (DTWNDA) was a first step. (The sad story of why that product disappeared is something for another day.)
It strikes me that one thing that could be incorporated into internet devices, particularly devices used for testing and diagnostics, is something that I call "Serendipitous Data Collection".
The basic idea is quite simple - When a device needs a chunk of data, that device publishes a request in a well known directory. Other devices periodically look at the published requests. If one of those other devices happens to be in, or later happens to travel to, a part of the net where the requested data can be obtained that other device collects the data and holds it. That other device, if it comes near the directory, deposits that data into the directory. The original device may (or may not) subsequently notice the published data, pick it up, and use it.
The words "directory" tend to imply something more glorified than is really necessary. Consider handheld network testing devices that live in a charging/docking unit when not in use and that, when in use, are carried by network operations staff to various parts of an Enterprise network. The charging/docking station then becomes the interface to a simple repository of requests and answers.
It is a simple bulletin-board model. Security is not strong - which is why I tend to think of this in the context of network testing and diagnostic devices.
Network diagnostic and repair tools must often be exempt from the constraints of network security. This means that many of these tools would have to designed only to engage in intrusive or risky operations only when used by by people who are both trustworthy and skilled.
A surgeon's scalpel must be very sharp. A surgeon's scalpel can cause a lot of harm if misused. Network troubleshooting and repair require invasive tools that are able to cut into the network to reveal the inner workings. These tools could cause a lot of harm if misused. None of us would want a surgeon to operate with a dull scalpel; we accept that the value outweighs the risks. Similarly, we should not want the internet to be denied good repair tools just because those tools, if misued, could cause harm.
]]>I saw in the newspaper that Bea Yormark has died. Too soon.
I first met Bea back in 1981 at Interactive Systems in Santa Monica. I remember her Mercedes - dark blue paint and light blue smoke. And I remember one evening at softball when she was pitching; I hit a hard line drive that barely missed her - it brushed her ear ring.
I remained in contact with Bea after she moved to Washington DC with my Gaithersburg based co-worker at Interactive, Justin Walker, Curmudgeon at Large.
Not long afterwords I had my own romantic adventure; I became involved with a woman who lived in DC. It was a very complicated and very stressful time. But it was a time made much easier with the caring friendship offered by Bea and Justin.
I later moved to San Francisco A while later Bea and Justin also came west to Palo Alto. Even though we were only an hour drive apart, we did not remain in contact.
I've always intended to resume the contact. But always I was too busy.
But now she is gone. It is too late.
We've lost a good person.
]]>When Comcast sends a TCP Reset packet the TCP connection instantly dies. TCP Resets are internet ricin.
The BitTorrent application uses several TCP connections, so it is somewhat robust against Comcast's TCP-murderous rampages. But most other applications are not - a TCP Reset stops those applications dead in their tracks.
The sending of forged TCP Reset packets has as much to do with "network management" as shooting a bullet into the head of a hyper-active child has to do with "day care".
Is Comcast simply being too cheap to install in-band equipment that would do the the right thing, the thing consistent with the internet architecture: dropping packets while congestion is occurring and thus allowing the TCP connection to remain alive, albeit with reduced data flow? One such right way is called Random Early Detection - RED.
Comcast's behavior suggests that has installed much less expensive out-of-band equipment that can only shoot deadly TCP Reset packets. In other words it may well be that cause of Comcast's problems is that Comcast is too cheap to "do it right".
]]>There is a branch of fiction known as "Alternative History". These are stories of what might have been. What might have been had the British intervened on the side of the South in 1863? What might have happened had Khrushchev not backed down in Cuba in 1963? What might have happened had the Supreme Court not stepped into (onto?) the Florida presidential vote count in 2000?
In that vein I am about to engage in a bit of alternative history.
I am going to speculate about how the last ten years of internet history might have been had the US government, rather than deciding to renew the Network Solutions contract, had, instead, opted to drop its marionette strings and allow the forces of competition, innovation, and consumer choice to operate as we expect them to operate in an open, unregulated, competitive economy. In other words, what if the US government had not created ICANN?
Being an untrained and clumsy writer, I'm going to be blunt about foreshadowing the tale: Without an ICANN we would today have greater innovation in the internet name space. Domain name prices would be lower, consumer choice would be greater, and the internet would have greater resilience to failures than it has today.
The road we did not take would have been the better choice.
Is the dead hand of the past so strong that we are forced to live forever with that mistaken choice and never seek correction?
Shakespeare wrote, "[w]hereof what's past is prologue, what to come in yours and my discharge." Is the future really in our hands? Can we treat the choices of 1997 as mere prologue to a story not yet written?
Before starting, let us detour a bit and review the events that led to the ICANN of today.
There were two intertwined stories:
First was the story of the Cooperative Agreement with Network Solutions (a company that was subsequently acquired by Verisign and then, shrunk to a mere registrar, and sold off, with Verisign retaining the registry role.)
Second was the story of Jon Postel's test of the internet's domain name system.
Let's look at these stories:
The increasingly lucrative cooperative agreement under which Network Solutions (Verisign) was managing .com, .net, .org, and .edu was scheduled to expire in 1998. Under that agreement Network Solutions was obligated to deliver back to NTIA the tools and data necessary to transfer operations to another contractor or to the public.
In 1997 the US government agencies became concerned - some might say they began to panic. They felt compelled to chose between three ill alternatives:
The government felt that the second of these three choices - replacement of Network Solutions with another contractor - would require a formal procurement process that could take several years. Consequently this option was never seriously considered. One could wonder why the government did not consider combining the first and second options - one term of extension in order to give time to engage in a formal procurement. Whatever the answer, the fact is that replacement of Network Solutions was never seriously pursued.
This left two options - extend or relinquish.
The government people chose what they believed was the lesser of two evils - they chose to extend the Network Solutions contract. This choice was not unreasonable - the people who made the choice are well-intentioned, smart, and informed; but the option to relinquish would have required that they convince many less informed people in the executive and legislative branches of the US government that the nascent internet would be better left to private enterprise and choice. It seems that even those who hew to a "small government is a better government" point of view have a hard time letting go of government control over the internet. And few civil servants would risk being branded as "the man who lost the internet".
So, rather than ending the Cooperative Agreement, a product of a much different internet era, NTIA decided to give it a face-lift. In fact, the agreement has had its face lifted nearly a dozen times. The resulting miracle of bureaucratic plastic surgery remains in force to this day, a lifespan increase of over 300% so far and with no clear sign that it will ever end. This extension represents a government backed gift to Network Solutions, and its successor, Verisign, that by some estimates amounts to an income stream of nearly half a billion dollars every year.
In early 1998 Jon Postel decided to do a very good thing. Postel wanted to validate that the DNS was as robust as it was purported to be. Postel decided to run a limited test in the IP address from which root servers obtain their "zone files" would be altered. This was not a particularly radical test and, should things have gone awry, backing out would be both fast and easy. Also remember, this was in years before internet had obtained massive public visibility. What Postel did was quite in keeping with the pragmatic approach from which the internet grew - an approach in which one tests, learns, and improves. Nonetheless, the government went ballistic. Postel was threatened with severe legal, even criminal, sanctions. Postel, an employee of USC-ISI asked his employer for help; USC-ISI refused. Postel felt what anyone would feel - alone and afraid.
So Jon Postel, a California resident, asked for help. An attorney from Washington DC showed up on his doorstep; an attorney who does not seem to be able to demonstrate having a license to practice law in California. But despite that apparent lack, Postel accepted this attorney.
This attorney was from the Washington DC office of the Cleveland Ohio firm of Jones Day.
In 1997 NTIA began to emit strong pheromones that it wanted the law firm of Jones Day to create a nominally private corporation to assume the powers that NTIA was exercising, albeit without any apparent source of legal authority for the exercise of those powers. In other words, NTIA, an agency of the Executive Branch, wanted to induce the creation of a private body to do things that NTIA wanted done but for which NTIA did not have the legal authority to do itself. (The reader would not be alone if this suggests that NTIA uses ICANN in much the same way that the US State Department uses Blackwater.)
Jones Day responded (much to the benefit of its balance sheet: Jones Day's response has turned into a revenue stream that floods ever larger with every passing year. As ICANN's largest creditor, Jones Day yearly reaps millions of dollars in legal fees from the corporation that Jones Day created to serve NTIA.)
Postel's attorney from Jones Day started circulating drafts of a plan to form a body to be called ICANN. Each successive draft seemed to be the result of yet another hidden agreement with yet another round of unknown parties. Midway through this sequence, Jon Postel died. But his attorney survived. And further iterations appeared (as presumably more secret back room promises were made.)
NTIA, in an effort to appear open to other plans did allow other plans to be submitted; but it was pretty clear from various inchoate emanations that none of these had any hope and would have no weight except, perhaps, to slightly nudge the Jones Day plan. One of the most influential of these other plans was that of the Boston Working Group, a group with which I am affiliated. Our proposal is still visible on the net at http://www.cavebear.com/bwg/ As expected, the Jones Day plan won NTIA's nod of approval.
The fruit of this NTIA-Jones Day cultivation was a strange creation: ICANN, a thing neither fish nor fowl, not clearly private yet not clearly governmental, and like Prospero's Ariel able to operate beyond the normal constraints that restrain governmental agencies and the laws and economic forces that channel and limit private action.
A small number of incumbent interests find ICANN to be highly satisfactory and lucrative. However, most of us end up with something rather less pleasant: Anyone buying a domain name now pays a private internet tax to ICANN and domain name prices are massively inflated (by perhaps 35,000%) with regard to the actual costs. Others find ICANN as a body that restrains trade by denying their completely legal enterprises entre into the domain name marketplace or by subjecting their businesses processes to a small mountain of contractual gobbledygook.
NTIA and ICANN have effectively allowed the .com and .net top level domains to become the private property of Verisign. It is not often that a caretaker, like Network Solutions, is allowed to reward itself with ownership of the estate. By way of analogy it is as if the company that was hired to run the hotel at the Grand Canyon has been allowed to become owner of the hotel and the Grand Canyon. This is a rather bizarre twist, yet that is what has happened.
The cost to the community of internet users is enormous - Every year more than half a billion dollars is paid by internet users in the form of inflated and arbitrary domain name fees. And if that were not bad enough, internet innovation and imagination have been smothered on the altar of registry profits and trademark protectionism.
So much for the real history.
Let us turn back the calendar to 1997. Let us posit that NTIA has decided to let the cooperative agreement expire and has required Network Solutions (Verisign) to return the materials and data that it is obligated to return under the terms of that agreement.
And let us posit that NTIA has decided not to merely replace one face with another and instead has decided to open the door to enterprise and innovation by providing that name registration data to any and all comers.
And let us suppose that when Jon Postel ran his very sensible test that the US government did not cluck itself into a Chicken Little frenzy and demand that the net must be wrapped with a Procrustean regulatory system.
At this point perhaps you are hearing a voice in your head suggesting, or perhaps screaming, "there would have been chaos", this is an unbelievable alternative history.
Is it really unbelievable? It certainly was possible. What is chaos to one is often opportunity to another. Is it not one of the foundation stones of our social system that individual choice is to be preferred to both monopoly markets and government regulation?
What is unbelievable to this writer is that the US Government leapt to the conclusion that heavy regulation of the net was required without ever really considering how the net might be nudged, rather than bludgeoned, towards greater commercial stability.
J. D. Rockefeller, one of the greatest monopolists of all time, justified his destruction of his competitors, his imposition of rigid controls over the petroleum refining and transport industries, and his nearly imperial control of distribution channels and products on the grounds that he was merely "rationalizing" and "standardizing" the oil business.
Those who argue in favor of ICANN often use Rockefeller's argument - they justify ICANN's rigid regulation as a way to rationalize the marketplace of internet names so that the incumbents in that marketplace can be spared the discomfort of competition and the buyers of domain names relieved of the burden of having to make a choice between different offerings.
Do we want to "rationalize" the internet in same way that Rockefeller "rationalized" the petroleum refining industry of the 1870's?
I think not.
But I digress; let us return to our story:
Suppose that in 1997 NTIA decides it will allow the cooperative agreement to lapse at the end of 1998 and that six months prior to the expiration, and again at the time of expiration, NTIA will make a copy of the operational data available without charge or encumbrance. NTIA decides that 1998 would be a year of transition.
NTIA's decision does not eliminate Network Solutions; it merely removes Network Solution's monopoly. If Network Solutions chose to do so, it could continue its operations. But it would no longer be alone or given any preference or special privilege.
In other words, NTIA decides that at the end of 1998, at the end of the agreement, anybody who wants to run .com, .net, .edu, and .org would be free do so, using his/her own capital, using his/her own business plan, and at his/her own risk.
Remember the movie Spartacus? The rebelling slave army is captured and the Roman general asks "Who among you is Spartacus?" One by one every slave stands up and says "I am Spartacus".
In our tale the ending of the cooperative agreement would cause a similar scene: New vendors, and Network Solutions - everyone - would have stood up and said "I am .com", "I am .org", "I am .net".
None would be and all would be. There would be no legal ground to distinguish among the claimants. The would have to compete among themselves. Network Solutions would, however, been the Goliath.
How precisely this competition would have resolved itself none can say. But we can say with certainty that it would have quickly resolved itself as it always does when there is a lot of money on the table.
I suppose that those of you who are still with me will be
reminded of
the
cartoon in which some scientists have filled a blackboard
with equations. And in the middle of the board is a cloud
with the
words "Then a miracle occurs".
Am I suggesting that NTIA should have bet the internet of 1997 on a miracle? Yes, I am.
But it is no less betting on a miracle than we do every day when we allow electricity, food, fuel, and many other aspects of our normal lives to be handled by the miracle of private innovation and competition within the limits set by law.
Would there have been an uncomfortable bump? Yes, there probably would have been a period during 1997 when internet users wanting to acquire domain names would not know clearly from whom to buy them. Network Solutions, the former incumbent, would with almost certainty obtain the lions' share of the business, not unlike the way that the Baby Bells inherited most of the former Ma Bell (AT&T) customers when AT&T was split apart.
What forms might have coalesced out of this temporary period of fog and uncertainty?
Competing root systems? Cooperative, truly non-profit, registries? Co-op registries that operate by N of M consensus systems?
All of these, probably. Not all would have survived. Some would have failed.
Some internet users would have had an experience similar to that of people who bought tickets on low fare airlines and charters during the 1970: the carrier failed and they got stuck with a worthless ticket and a claim in bankruptcy court on the remaining assets of the bankrupt carrier.
In our alternative history some internet users will find that they have acquired domain names that do not resolve. There will be lawsuits for fraud. Domain name providers who are smart will quickly change their practices and contracts so that every domain name buyer is made fully aware of the risks in much the same what that buyers of securities in the US are provided with enough information to make informed choices, should they chose to do so.
January 1, 1999 would have dawned on a more stable situation:
Network Solutions would be the dominant provider of domain names with a firm grip on the .com, .net, .org, and .edu top level domains. Network Solutions would have simply bought out the competition.
The suite of root server operators would still have been unaffected, no one would have yet seen the Google-like opportunity that root and TLD servers provide.
However, and remember that this was during the height of the .com bubble, money was available for just about anything. And a lot of people would have thought that having their own top level domains would be profitable. (Even outside of our alternative history, we can see from ICANN's actual year 2000 new-TLD process that there was, in fact, a quite substantial interest in new TLDs.)
These new TLDs would have soon discovered that they would not even appear on the horizon of internet users until their TLDs were incorporated into the root zone published by Network Solutions - and Network Solutions would, understandably, not be quite willing to give that kind of aide and comfort to their would-be competitors.
By mid 1999 those who aspired to create new TLDs would have recognized that Network Solutions was not going to allow them a place in the sun and that the operators of the legacy root servers weren't particularly interested in making changes.
So by September 1999 we would have seen the deployment of the first competing root system run with as much capacity and competence as the legacy roots. However, given the venture funding behind the new TLDs, these new root operators would have had access capital for expansion and would have been created with the attitude to aggressively reach for opportunities.
One of those opportunities would be what we today know as the Google Model - selling marketing and advertising opportunities while creating a positive feedback loop to increase those opportunities by giving users a share of the proceeds.
In year 2000 the You-Root corporation, a privately owned, for-profit, root consortium, comes into operation in competition with the legacy root.
You-Root has a multi-faceted business plan:
You-Root gains market share as several ISP's, attracted to the idea of payments for sending DNS queries to You-Root, re-aim their servers. And large websites seeking to improve user perceptions of performance push to have their DNS zone data elevated into You-Root's servers.
You-Root cuts a deal with Microsoft in which, for exchange for real-time data for use in MSN, Microsoft will ship Windows with You-Root as the default root server group rather than the legacy root servers. A similar deal is made with Apple. In neither deal is it disclosed to the public in which direction any money payments were made.
Now other aspiring root operators want to get into the game. They follow You-Root's business model.
Soon the relationship between root server operators and TLDs begins to shift - those TLDs that are more successful at gaining registrants find that they become "must haves" and that they can get root server operators to pay them for inclusion rather than vice versa.
And all the while the Network Solutions/NTIA root zone becomes less and less popular because it has become like a cable TV system that only carries the ABC, CBS, and NBC television networks and does not carry new content like CNN, Comedy Central, or HBO.
By the latter part of 2001 several root systems are in full fledged competition, each trying to be carry more TLDs than its counterparts. The result of this competition being that every root system carries all available TLDs except those few that are stigmatized, as for example might happen if there is a trademark dispute over who has the right to use a given name as a TLD.
As the pornography industry expands communities of users realize that one way they can protect themselves is by asking root providers to offer tailored views of the DNS name space. You-Root and others begin to offer "family friendly" collections of TLD - they will, for example, include the .Disney top level domain but not .Sleeze.
Root providers will also offer TLD packages tailored for various religious, political, and social groups who, for whatever reason, want to build walls between themselves and those who are not part of their communities.
Some TLD operators will amplify this customer push for differentiation by by using contracts with their registrants as a means include or exclude certain types of content on websites found under their TLDs.
TLD operators begin to start looking for more ways to differentiate their offerings:
Eventually root zone files will begin to bulge as every large corporation decides that it wants its name to be a TLD. This will present technical challenges to root server operators to disseminate updates to root zone files. (However, as we know from real-life .com, this is a problem that is manageable, at least up to the present size of .com - over 70,000,000 names as of the date of this writing, January 2008.)
Competition among TLDs and root providers drives prices down and down and down.
By 2007 typical price to a consumer for a domain name falls to less than $0.25 per year, reflecting the actual mass scale of economies that obtain in DNS, particularly when there is no regulatory body imposing fiat registry rates an imposing its own tithe on name transactions in order to fund itself.
DNS resiliency is improved: In 1997 DNS was a single point of failure and attack for the internet. By 2007 there is a multiplicity of competing roots that provide deep redundancy against failure from natural or human causes.
DNS responsivity is improved - TLD operators recognizing that DNS query/response time is a significant component of the user perception of web site responsivity begin to push data and servers closer to users.
New TLDs are no longer an issue - those who want to deploy a new TLD can do so. But as with nearly every other kind of product offering, those who do this will have to expend time and effort to build their TLD visibility and do so with their own money (or that of their venture backers) at risk. Consumers of domain names will grow more aware of the risks of buying a name in these new TLDs.
Some TLDs will never grow beyond boutique offerings that are found in only a few root zones. Most of these will fade. Others will grow so that they become visible in nearly all root zones.
In the end we will have a marketplace that allows new TLDs to be born, to grow, to spread, and to die without any central regulatory apparatus.
It will be a marketplace much like that found in the world of cable TV, in which TLDs are similar to new TV channels. In the cable TV industry new channels must find a way to be included in the offerings of the cable and satellite providers. In some cases these new channels will obtain visibility and become viable, in other cases they will never obtain adequate acceptance and will either disappear or be merged into another. In the DNS industry, new TLDs must find a way to be included in the offerings of root providers else they will not gain sufficient visibility and use to survive.
And so ends our alternative history - a history in which we reach a stable, reliable DNS, both technically and economically, but without the heavy hand and cost of regulation.
Is this alternative now impossible or could we turn away from the regulatory system that has been imposed onto the internet by the US Department of Commerce via ICANN?
There are many people who think that DNS must be regulated and ossified into a single "authoritative" root.
There were many people who once thought the same thing about the voice telephone network. History proved them wrong.
And to finish on a final note that is neither hypothetical nor an alternative history:
One of the things that neither ICANN, nor governments, nor many users are not realizing is that someday enough people might wake up, question the dogma of the single "authoritative" catholic root. They, just like Dorothy in the Wizard of Oz, already have the power to overturn the status quo. Users of the net can simply, and without the need to ask permission from anyone or coordination with anyone, turn the technical knobs on their DNS software and make the entire legal, regulatory, and governance edifice fall to the ground - while the net keeps on running without missing a beat.
]]>Normally I would have stayed, participated, and written about what happened.
But, instead, last night I had to race home. This morning my wife and I had to make an excruciating choice. And, as a result, this afternoon a friend died.
My friend is cat, Moliere. He was almost 11 years old and came down suddenly with renal failure. We had to decide whether he would live (a short while) or die.
I held and comforted him as the injection was administered.
I felt him die.
He is dead; I am in shock.
At least it was fast - only a few seconds - and it seemed to be painless, rather in contrast to the reported effects of the method used on humans.
Yes, he is a cat, "only" a cat, merely a cat, not a person. I can only imagine the greater pain of those who have to face such decisions about human friends and loved ones.
So tonight Moliere lies buried between two trees on a small rise above Carbonera Creek in the woods where he so much loved to hunt and be a cat.
He lies buried with a copy of Tennyson's Crossing the Bar.
We miss him.
]]>ICANN continues to espouse an internet that exists only in its own image. An internet in which innovation and enterprise are forced to conform to ICANN standards of goodness.
In other words ICANN is attempting to impose onto the internet a set of constraints that would deny to new innovators the creative rights - in Jonathan Zittrain's words, the generative rights - that gave rise to the internet in the first place.
For example, ICANN's outgoing chairman made it quite clear that he believes that top level domain used for political purposes would be highly suspect.
ICANN continues to require that an applicant's finances and business plans must undergo ICANN investigation and approval.
ICANN continues to require that names be sold through ICANN accredited registrars - a requirement that makes utterly no sense except as a protectionist measure to maintain ICANN hegemony and ICANN revenue - not unlike the way that certain states require alcoholic beverages to be sold through state-run stores. It is a requirement that has absolutely nothing to do with the stability of the internet.
Right now I'm listening to ICANN's policy to replace the legal system with its own policy to decide who on the internet has the superior right to use a name as a TLD. ICANN is creating law; yet ICANN is not a legislature.
Moreover ICANN's policy creates a veto power for organized interests, particularly trademark interests, to throw so much chaff into the air that no new TLDs will ever survive the gauntlet.
What is particularly galling is that ICANN's new policy is the product of incumbents that have a strong interest in preventing any new TLDs.
]]>It's good that ICANN recognizes its ties to California.
I left Santa Cruz around noon. The weather was nice so I headed down the Big Sur coast.
Near Hearst Castle I came across something I had never seen before - several hundred elephant seals were on the beach next to the road. Apparently they have taken up residence there.
So, I arrived in LA - wow, I am so glad that I moved away - I don't have the stomach for the congestion, noise, and (perhaps from the fires) the pollution.
Tomorrow (Sunday) I'll head over to the ICANN meeting itself.
Let's see what's on the agenda...
Wow, somewhere between one quarter and one third of all of the meetings are closed to the public! Well, we have long known that ICANN takes its responsibility to be open and transparent with more than a few grains of salt. But this seems far more secrecy than is normal, even for ICANN.
But look at this this: The meeting of the At Large Advisory Committee (ALAC) is closed to the public! The meeting of the ICANN's company union is closed to its own membership. One would hope that this is a misprint. (Not that it matters much - I consider the ALAC to be a fraud upon the public and merely a means for ICANN to have a story, plausible to those who don't dig deeper, that ICANN has a means for the public to have a say in what ICANN does.)
I see that ICANN's board is meeting with the governments - the GAC. The junior high school/middle school that both Vint Cerf and I attended also had a GAC - the Girls Athletic Club.
Thinking of the GAC, I wonder whether ICANN is even aware of Sections 35000-35007 of the California Corporations Code - the Subversive Organization Registration Law - particularly section 35003(b). And given that ICANN is neither a "labor union or religious, fraternal, or patriotic organization, society, or association" section 35004 may not provide immunity.
Sure that statute is a hangover from an era when the US was highly xenophobic and suspicious of foreign.. wait a minute, that seems to describe the US today, not merely the US of 1953.
Perhaps that's the reason ICANN has shied away from holding meetings in its chosen home for nearly 3/4 of its entire existance.
]]>One of the toughest areas will be to reestablish the judiciary as a non-political branch of government.
That will be hard because most Federal judges are appointed for life, until impeached - or until they chose to retire.
Impeachment of judges, particularly when their offense is that of political leanings rather than truly overt acts, would be far more inflammatory than constructive.
But there is another way: Early retirement bonuses.
Private industry has long used the incentive of early retirement bonuses as a way to avoid layoffs. The employer usually offers employees a substantial bonus - sometimes several years of normal salary - if they voluntarily terminate their employment.
The new Congress could use that same approach to encourage Federal judges to give up their seats and create openings for new judges.
Suppose Congress were to enact a law that would give Federal judges a lump sum, tax exempt payment of $1,000,000, if they leave the Federal bench before the age of 60, $500,000 if they leave before the age of 65, and $300,000 if they leave before the age of 75.
This approach would be politically neutral. And the total cost would be about the same as a few days of fighting in Iraq.
]]>The headline is "Copy of Magna Carta to Be Sold".
The Magna Carta was born in year 1215 and it guaranteed many fundamental rights.
Those same rights are among those that our president has trampled into the mire.
This copy of the Magna Carta used to reside in the US National Archives.
Now it is being auctioned to the highest bidder.
It seems an appropriate, but sad, mirroring of reality that with the death of the rights guaranteed by the Magna Carta that the US copy should be relinquished by and sold.
(By-the-way, the text of the Magna Carta has long been available on my DNS server, not my website, and available via simple DNS query. And some people still think that DNS is only for addresses. )
]]>That former Chairman will have no legal relationship to ICANN; neither a director nor an officer nor an employee. Yet ICANN's voted to give this former chairman the power "to speak on behalf of ICANN". Absent a legally cognizable relationship this power is a non sequitur, an oxymoron.
And it could prove to be an expensive oxymoron for those directors who voted for it.
I note, in passing, that according to the minutes the vote of the board was unanimous, 12:0, and that the person who is soon to be that former Chairman was in attendance. Thus it appears that he did not excuse himself from this self-interested vote and did, in fact, vote to grant himself this benefit to be paid after his term expires.
Now why could this be an expensive oxymoron?
The United States tax code has provisions that are called "intermediate sanctions". These are draconian sanctions that are intended to strongly discourage Federal tax exempt corporations, such as ICANN, and their boards from granting excessive benefits to closely related parties, such as directors and executive officers.
A non-profit corporation such as ICANN has no business giving excessive benefits - ICANN is intended to benefit the community of internet users not to send former directors on junkets to Rio.
And the law says that the payment by tax exempt corporation such as ICANN of an excess benefit to a closely related party is frequently unlawful. And is there any doubt that a person who held the chairmanship of ICANN for the last six years is a very closely related party?
And what is this expense account to a former director, a person legally detached from the corporate body of ICANN, but an excess benefit?
Under the intermediate sanctions law, the gift may have to be disgorged and heavy "excise tax" could land on the directors who voted for this
And because it is a tax ICANN's insurance coverage may not apply to cover the tax that may land on the pocketbooks of ICANN's directors who voted for this boondoggle.
I've warned ICANN several times since 1999 about the risks of disregarding this law. To my way of thinking the only way that ICANN's directors and officers, and particularly their legal advisors, could claim that they did not know about this risk would be for them to admit that they have chosen not to know - a kind of self-inflicted naivety - about the legal context in which ICANN operates.
The board minutes suggest that ICANN's vaunted legal team didn't even mention the risk. But given my previous experiences with that team, I am hardly surprised. It's kinda ironic that at this same meeting ICANN voted a payment of $300,000 for 3 months legal fees to that team.
It is disappointing how frequently ICANN behaves in ways that make Enron look good.
]]>One can only wonder how the statement of work for this contactor was generated in advance of ICANN completing its new TLD criteria project. Is this yet another instance of ICANN's "staff" simply doing what it wants to do and ignoring ICANN's board and the community of internet users? There is definitely more than a hint of that smell.
In either case, ICANN's new TLD policy has grown beyond all rational bounds. All that ICANN should be asking is whether applicants will abide by well established technical standards and practices regarding their name servers.
In order to speed things along, I have taken the liberty of putting together the first draft of a form that ICANN could use to for TLD applications; this form also sets forth the basic terms of operation. The idea here is to dispense with all of ICANN's massively expensive machinery that reviews all of those irrelevant things that ICANN so loves to stick its nosy nose into. For example, ICANN has no more legitimate right or need to evaluate how a TLD will operate its front office registration systems than does the FAA to evaluate whether an airline serves Pepsi or Coke to its passengers.
So here it is:
Version 1.0
This form is for use by those people and organizations that wish to obtain a "slot" for a Top Level Domain delegation in the root zone file published by NTIA, ICANN, and Verisign as provided in agreements between those three entities.
A "slot" is a right to have an applicant selected character string placed into that root zone along with applicant provided name server information as necessary to activate a domain name system delegation from the NTIA/ICANN/Verisign root zone to the applicant's own name servers.
The character string proposed by the applicant must be a valid Domain Name "label" as defined by RFC 1035, the character set for the string must be a valid "ARPANET host name" as described in RFC 1035, and the string must conform to internationalized name requirements as described in "Guidelines for the Implementation of Internationalized Domain Names".
The applicant proposed character string must not have been previously used in the NTIA/ICANN/Verisign root zone.
The applicant must anticipate that in the event that this application is accepted that it will be required to provide operational name server information before the proposed name will be placed into the NTIA/ICANN/Verisign root zone.
The applicant must also anticipate that it will be required to perform yet unspecified activities with regard to Domain Name Security (DNSSEC) deployment.
Neither ICANN, NTIA, nor Verisign will review the semantics or other meanings or uses of the proposed string. The applicant is responsible for any and all conflicts. NTIA, ICANN, and Verisign reserve the right to promptly respond to any legally valid order ordering NTIA, ICANN, or Verisign to take an action regarding the status of the applicant's slot or proposed name.
Neither ICANN, NTIA, nor Verisign will require that applicant adhere to any particular business plan or any restrictions on the use of names it may subsequently place into its own servers under the delegation obtained via this application.
The applicant must, however, recognize that the internet spans many nations and that the applicant must conform its activities to the requirements and constraints of an evolving and sometimes conflicted background of national laws, regulations, and international agreements.
By making this application, the applicant explicitly recognizes each person and aggregate entity that makes use of the internet is an intended third party beneficiary who, by virtue of this application, is entitled to have standing to bring legal actions to enforce the obligations imposed directly or indirectly through this application.
The applicant must anticipate that ICANN may impose (and, over time, modify) technical obligations on the applicant's name server operations. These obligations will define how the applicant shall operate its name servers in accord with certain broadly accepted and utilized written technical standards.
The applicant must anticipate that ICANN may impose (and, over time modify) certain obligations of fair and equitable access to its domain name service, including, but not limited to, the following:
The applicant will be required to publish to the public a signed statement from an auditor skilled in the practice of preservation of business assets that describes and evaluates whether the applicant's actual business asset preservation practices are adequate to allow the applicant or a successor in interest to revive the applicant's name services and client base should the applicant or its systems suffer a human or natural disruption.
The applicant must recognize that the total number of top level domains, albeit large, is finite and that ICANN may impose constraints on the number of applications that may be accepted at any one time.
All applications, except those that are explicitly rejected, will be maintained in an active status.
ICANN reserves the right to utilize various mechanisms to chose among the active applications. Among these are auctions in which active applicants may bid for a slot or a lottery in which a limited number of random selections may be made among all active applications.
| Applicant Name: | ||
| Applicant Address: | ||
| Applicant email: | ||
| Applicant telephone: | ||
| Proposed string: |
It is bad enough that ICANN has stalled and stalled and stalled - for nearly a decade - on what ought to be a relatively easy task.
(As I have written before, ICANN should merely validate that an applicant for a TLD will adhere to broadly accepted written technical standards and practices relating to the operation of domain name servers. Anything beyond that is social and economic engineering, an area that should be prohibited to ICANN.)
Of course, when it comes to ICANN, those who pull the puppet strings - most particularly the incumbent TLD registries, who do not want any competition from newcomers and the intellectual property protection industry - have an interest in permanently maintaining the status quo. Consequently when it comes to TLDs ICANN is static.
Apparently some people are getting tired of ICANN's immobility - One of the year 2000 applicants who has spent the last 7 years in ICANN's limbo between acceptance and rejection has sent ICANN a letter asking for ICANN to live up to its promises. My guess is that we will soon be seeing similar letters from the 39 others who ICANN left in limbo back in year 2000.
The comments themselves reveal interesting things.
First is that form-letter submissions are not very persuasive. Many who commented simply regurgitated exact replicas. This is not to say that these people are insincere or that the opinions expressed in their letters are not very important. I'm merely pointing out that when arguing to a body that operate as if it were under siege, form letters feed the siege mentality's predilection to instantly reject anything less than servile agreement. In the future those who put forth form letters would perhaps be better served by creating a web tool that uses a database of pre-written phrases and combines them into a unique letter for each person.
Second is that both ICANN and many of those commenting seem bent on imposing their view of what the internet ought to be onto the rest of us. In their eyes ICANN is an engine of limitation rather than an engine of innovation.
Some, such as ICANN's chairman, believe that we have enough generic top level domains and no reasonable person could ever more. I'm sure that kind of view prevailed at United, Delta, and American airlines when Southwest and JetBlue were yet unborn twinkles in entrepreneurial eyes. Yet, had that view held back in the 1970's the internet would never have been born - why should we have permitted yet another communications medium; telephone, faxes, and telexes were clearly sufficient for the needs of any reasonable person?
And another comment suggests that by using names for TLDs that we risk exhausting opportunities in the future. That seems to be the "look at the pretty resource, but don't use it" approach. Given that we have more than 11,144,421,984,854,529,111,291,814,965,840,121,701,917,784,688,171,700,627,654,810,062,931,821,453,496,825,690,394,892,284,041,625 possible TLD names available, I sincerely doubt that we will be exhausting the space of creative opportunities very soon.
Then we have comments that argue that the internet is merely a dependent child of the trademark industry and that any name on the net should be subordinated to a rule that is best expressed as "trademark uber alles."
Pygmalion carved a statute so beautiful that he fell in love with it.
Procrusteas had a nasty habit of making everyone conform to his iron bed; if you were too tall, Procrustes lopped off your hands and feet; if you were too short, you were stretched on the rack.
Clearly some of ICANN's board members and some of those commenting are neo-Procrusteans who have fallen in love with the internet as it was during its glamour era - the days of the 1980's when the internet was believed to have been (but, in reality was not) a place of gentle beauty and halcyon peace.
But there is a deeper, and more ominous hue reflected in the comments - it is the hue of constraint, of foreclosure of ideas and innovations. It is a hue reflective of the kind of fundamental religious thinking that shoots canons at ancient statues and denies the right to exist to any but those who hew to the one true religion.
The statue of the internet that ICANN is carving is not lovely except to those who believe in rigidity and constraint and who would deny to others any freedom of imagination or creativity.
]]>The marketing dweebs must have taken over the asylum.
Java is a decent language.
But Java as a software production environment on Linux is a creeping, clunking disaster.
It's bad enough that someone who wants to download Java has to hack through Sun's jungle of Java acronyms.
For years it was made worse because on each Java version the file pathnames to the executables changed. And there seemed to be an undeclared war going on between Sun's Java and the GNU java tools.
And their Mozilla/Firefox plugin has always been a mystery wrapped in layers of incorrect documentation. And it seems not to run at all on 64-bit Linux.
Sun turned what should have been gold into schmutz.
Sun's fumbling of Java is one of the great unheralded, self inflicted, marketing disasters. Stupidity abounding. It reminds me of Lyndon Johnson's phrase about someone being so stupid that they could not pour a certain bodily fluid out of a boot even if the instructions were printed on the heel.
Sun was once a great company and once a great place to work.
Sun still has the occasional flash of brilliance (for example, its CPU chips.)
Java was a great and brilliant idea. A lot of work went into the design and into making it work. Java is great technology. But it is great technology that has been torpedoed by Sun's dim efforts at product marketing.
But SUNW to JAVA? That's like Ford renaming itself "Edsel" or Merck renaming itself "Vioxx".
By-the-way, I use Python.
]]>