Live from Austin!

Once upon a time, back in the ancient history of the Internet–before the 1990s–domain names were carefully controlled and regulated. A single organization controlled each top level domain. If you wanted a domain name, you had to meet their requirements.

Often the policies enforced were quite picky. If you wanted a .uk domain name, you were required to actually be in the UK, for example. If you wanted a .org domain, you were required to be a non-profit organization. To be in .net, you were expected to be a network access provider or ISP.

A lot of people disliked the bureaucracy involved in domain registration, and objected to the fees charged. And so it was decided that the domain name system would be opened up. There would be many domain registrars for each major top level domain, all competing to give the best price and service. Anyone would be able to register a domain, with minimal bureaucracy. Domains would be bought, sold and transferred in a perfect Free Market.

At first, things looked good. The cost of registering a domain dropped rapidly. Rather than having to fax paperwork around and get signed documents from company directors, you could just register online with a credit card for whatever domain you wanted.

However, it quickly became clear that domains could have value. A small proportion of Internet users (around 5-10%) don’t seem to understand search engines or bookmarks. They find things by guessing domain names and typing them in. As a result, people found that domain names an idiot would guess first ended up with traffic, purely by existing. Suddenly instead of having to advertise your web site, you could buy a domain name that people would randomly visit anyway, and get instant traffic with no work required.

Domains like “sex.com”, “computers.com” and “cars.com” suddenly became very valuable, changing hands for large amounts of money. Some people weren’t very happy about it, but still, there was nothing wrong with it really.

Unfortunately, there were headline stories of domain names changing hands for millions of dollars. And suddenly, there was a gold rush. Everyone with a modem hurriedly registered every domain name they could think about.

This was a major pain. If you wanted to set up a web site, it became almost impossible to find a simple domain name that hadn’t been registered already. Almost all of them were unused, just a whois entry and nothing more, but if you approached the owner their eyes would light up with dollar signs and they’d demand extortionate rates for their “valuable property”.

Still, the situation was somewhat self-correcting. It did still cost $50 or so to hold a domain for a year, so eventually when nobody turned up to offer $100,000 for it, the holder would let the registration lapse and you’d be able to pick it up for $50.

Then someone invented banner ads. Suddenly, those unused domains could be used to make money. Domain registrations were still dropping in price, and there were ad companies who would pay you $0.01 each time you served up an ad to someone. $10 a year for a domain, and all you needed to do was show ads to at least 1,000 idiots who typed your domain in at random, and you’d break even.

And so suddenly, the Internet filled with junk web pages filled with ads and nothing else. There are now multi-million-dollar companies whose primary business is hoarding domains and filling them with content-free crap. Domain spam is now so mainstream that companies like Google actively encourage it.

The next step was obvious. Sure, you could think of a domain name that other people would be likely to guess at random, but most of those were already registered. So the domain spammers began watching the lists of domains that people failed to renew. So now, if a widely used open source project fails to renew its domain name, the page will suddenly be replaced with a spam site full of affiliate ads.

Not everyone appreciates ending up on a domain spam page, however. Plus, if your page doesn’t look like total spam, you might get search engine traffic, and boost your profits further. Hence, the new trend is automatic content generation.

Some domain speculators take the unsubtle approach, and simply rip off content wholesale. If you have a web site with significant readership (as measured by, say, technorati), someone will likely set up a spam site which copies the text of each post you make, covers it with ads, and re-posts it to one of their hoarded domains. Sure, it’s copyright violation, but the chances of getting caught are slim, and so long as you pick on personal web sites the chances of anyone going after you with a lawsuit are slim too.

(I don’t think it has happened to me yet, but if I include a made-up word that doesn’t appear on the web, like spozquak, I should be able to do a Google search in a month or two and see if anyone’s copied it.)

However, again thanks to the free market, there’s now a market for software that can generate moderately convincing looking content. You’ve seen it in spam e-mails, and now it’s being used to fill the web too. The first generation used random text generation, but now more sophisticated “auto content generator” software uses web feeds to pull in text, chops the text into individual sentences, and then recombines them based on keywords.

(So I guess I should clarify that spozquak is a great alternative to viagra, cures mesothelioma from asbestosis, and helps you make money at home.)

While the web was filling with crap, the domain name registrars kept competing in their free market. As the supply of new unregistered .com domains dried up, they had to think of new ways to pull in customers. The solution: trial periods. You can now register a domain name for a 5 day trial, see if it pulls in any suckers, and if not you don’t have to pay for it.

You can probably guess what happened next. Someone wrote software to repeatedly register domains for trial periods, automatically.

And so we arrive at today’s web, the ultimate result of applying unconstrained free market economics to the problem of naming web sites. It’s a world where every name you can think of is already registered and filled with spam, often by someone who isn’t even paying for the domain. A world where if you’re away on holiday when your domain name expires, it’s immediately filled with spam. A world where web searches return hundreds of pages filled with spam designed to look like content, ripped off from other people’s web sites.

Of course, there are a couple of things we could do that might help ameliorate the problem. They’re just utterly unacceptable to the free market faithful who make up the Internet’s core audience.

The first is this: Do not allow domain transfers between third parties.

You bought a domain? Great. You want to sell it? Can’t. I mean, you can’t sell your home address, your postal code or your telephone number, so why should you be able to sell a domain name?  Your friend wants the domain? Fine, you cancel it, he registers it for the standard price.

If you could sell telephone numbers, you’d see rampant speculation there as well. If you moved to Austin and wanted a 512 phone number so friends could call you without paying long distance fees, you’d probably have to buy one at auction for a few hundred dollars. Or if you were in Massachusetts and wanted one of the old 617 numbers so you’d look like a long-established business, you could end up paying thousands of dollars. But the phone company doesn’t allow reselling of phone numbers, so the problem doesn’t occur.

(It’s worth noting that you can sell toll-free numbers. And sure enough, you get rampant speculation in that chunk of the phone number namespace, with most of the good ones already taken.)

The second way to help reduce the damage caused by the free market in domains is to resurrect an idea from the 80s: that your domain registration is voided if you don’t actively use the domain. And by “use”, I mean more than simply putting up a blank page of ads.

I can tell that people are already sharpening their pitchforks and lighting their torches, but which is worse: a domain name system that doesn’t support your religious belief that a free market is the best solution to everything, or a free market domain name system where you can’t actually buy any domains you want and everything is full of spam?

Back in 1988, Dave Winer founded UserLand Software to sell a product called Frontier. It was a dynamic scripting system for the Mac. It was a bit odd; Dave was also the author of MORE, an outliner, and Frontier treated source code something like an outliner and something like a database. It was supposed to be quite good, but as of 1992 he wanted $250 for it, and if you were outside the US the price was jacked up by another 90%. So, I never bought it.

Then Apple introduced AppleScript. It did most of the important things Frontier did, and was free on every Mac. Dave Winer was furious. How dare Apple including a scripting language as part of the OS? Yes, they had added all the hooks to the OS, and he had used them for Frontier, but how had he been supposed to guess they were intending to use those hooks themselves? Sure, they were documented publically, but how dare Apple call them an “Open Scripting Architecture” when Dave wasn’t asked to help design them?

The rants have gone down in legend. The Mac was doomed now that Windows 95 had shipped. Apple’s best bet was to license Windows NT and make the Mac a graphical shell for it. Dave had spoken.

It was pretty clear that what Dave really wanted was for Apple to worship him. Of course, the nice gentlemen in Redmond were only too keen to invite Dave round for a chat about their plans and make him feel loved.

So before long, Dave was a Windows developer, had ported his software to run on PCs, and was eagerly drinking the .NET Kool-Aid.

Meanwhile, he had found a new niche for Frontier, as the basis of Manila, a content publishing system for the web. He started giving Frontier away for free, and gave away Manila free too.

Then after a year or two turned around and began charging everyone $899 a year for it. Not for upgrades, just for a license to use it. It must have seemed like a great business plan back in those dot com bubble days:

1. Give away software for free.
2. Once thousands of people are using it, tell them they have to pay you $899 a year to keep using it.
3. …
4. Profit!

Of course, it didn’t quite work. And as the famous saying goes, those who do not learn from history are doomed to repeat it.

Before long Dave Winer was universally acclaimed by Dave Winer as the inventor of weblogs. He started weblogs.com, running on Manila. The plan was to give people free blogging space in the hope that they would like it enough to purchase his rather expensive software subscriptions.

Needless to say, they didn’t. And after a while, UserLand Software decided they were tired of wasting money on the exercise, particularly since Dave had officially left the company. Of course, he still owns the company, and is a multi-millionaire… but those are minor details.

Dave reportedly tried to transfer the blogs to a new server in Cambridge, MA. However, it was time for his chickens to come home to roost–his software is all Windows-based, and when he loaded it onto the new server and tried it out, the system thrashed itself to death. To get scalability for a mere 3,000 users he would have had to buy an entire server farm of Microsoft systems. That was too much like work, so Dave pulled the plug. Without notice. 3,000 weblogs vanished overnight. He recorded a heartfelt audio goodbye, and hosted it at Harvard University’s expense.

But hey, he’s a reasonable guy. He says he will provide people with their data some time in July, if they ask nicely. Not sure why it’ll take him until July to offer backups by request only, given that his software has overnight backup as a standard feature, but hey, I’m sure he has a good reason, just like he has a good reason for not even offering a redirect from the blogger.com domain to the users’ new URLs. (He says his DNS server can’t handle 3000 hostnames. I guess he runs his DNS on Windows too.)

So anyway, my point is: when’s the last time you backed up your LiveJournal?

Update 2004-06-19

Dave Winer relented after people offered their hardware and bandwidth. Users will now have until September to sort out commercial hosting, and will get a redirect. Of course, there’s still the problem of either paying for commercial Manila hosting, or getting your data out of Manila somehow…

Update 2004-09-01

LiveJournal disabled my account. Yes, I had backed everything up.

My web hosting provider exploded. The company who supposedly bought their customer lists has failed to get things going after a week or two. So, I need a new web host.

Requirements:

• Linux or UNIX based
• SSH access and rsync for uploading my site
• Low monthly fees
• No price gouging for extra bandwidth
• Low or zero setup fee
• One domain, at least 3 subdomains
• At least 2 POP3/IMAP mailboxes
• A reasonable amount of space (50 MB or more)
• SpamAssassin

Nice-to-have features:

• Usenet/NNTP access and server
• Jabber server
• Logs and stats
• Search engine support for sites

I don’t need PHP, JSP, ASP, SSI, SQL, CGI, … Just static web pages, cheap. Also:

• I don’t need DNS hosting or domain registration, just the servers to point my existing domain at and a working MX or two.
• High uptime isn’t all that important; the odd day or so of downtime is fine.
• Phone support isn’t important.
• Technical hand-holding won’t be needed, obviously.

I’ve found:

• WebIntellects (attraction: unmetered bandwidth)
• DreamHost (attraction: Samba, WebDAV, streaming QuickTime)
• 123CheapHosting (attraction: cheap)
• Micfo.com (generous allocations yet cheap)

Frankly, I’d be tempted to do it myself if we weren’t planning on moving in the near future…

Verisign, possibly the most incompetent name registrar on the Internet (but that’s another story), have decided to leverage their monopoly control over the current de facto standard root DNS servers.

They’ve set things up so that any nonexistent domain name now maps to one of their servers. If you type a random bogus domain name like xyloturbot.com into your web browser, you now get Verisign ads and a pay-for-hits search engine.

This is bad for many reasons. Firstly, they’re violating at least four different RFCs, including the Requirements For Internet Hosts. Secondly, they made the change without warning, breaking many anti-spam systems that were checking to see if alleged sender e-mail addresses look valid.

As if that wasn’t bad enough, spam sent with completely bogus addresses now ends up queued indefinitely on many mail servers—rather than bouncing it immediately as it’s to an invalid sender, they can now resolve every single bogus address, so they’ll queue the mail and try delivering it for a couple of weeks. There are probably lots of servers out there that aren’t given much attention, that are now gradually filling up with spam thanks to Verisign.

Another problem is that it gives the Internet a single vector for massive virus infestation. Imagine if a hacker cracks the Verisign web server and puts a new Windows virus on that server for download—it could spread across the entire Internet in seconds.

Finally, what they’re doing is probably illegal under the anti-’cybersquatting’ laws passed in the USA. They are, after all, squatting on other people’s trademarked names, in order to make cash.

There are already patches for most DNS servers to permanently blackhole the Verisign machine in question. It took IBM less than a day to decide to blackhole all traffic to that server, and according to the software authors the clamor for patches has been enormous. It’ll be interesting to see how the crooks respond.

In the meantime, it seems to me that the best thing to do is take advantage of the situation. Since every bogus e-mail address now resolves, and since all the incompetently-managed open relay servers will end up sitting delivering e-mail to Verisign 24×7, why not generate a few hundred bogus e-mail addresses every day, link to them on well-trafficked pages (like this one), and wait for the spambots to harvest them? In fact, you may already have spotted me doing just that…