At 02:16 AM 4/3/02 -0800, Bill Stewart wrote: >At 05:51 AM 04/02/2002 -0800, Major Variola (ret) wrote: >>And Morloch: your replacing DNS (as a vulnerable point of >>failure/control) is a good idea. >>you'll have to write a browser plug-in, or background daemon that >>modifies the resolver's behavior, or extendable resolver. You could >>append to Windows (et al) "hosts" file, and the normal resolver would >>pick that up. I'm surprised there are no attempts to do that, but then, >>there's the Network (aka FAX) Effect operating here. Does that >>baptista.god fellow write code? > >Doesn't take much in the way of code - most Windoze versions are >willing to let you tell them up to three DNS servers to use, >though sometimes on dialup connections you'll have to haggle with them >about whether to accept DNS server addresses from the dialup >instead of your dedicated ones. That means that as long as you've >got some DNS server other than 127.0.0.1 to resolve queries for you, >you can simply point your PC there.
Very good. (BTW, kinda a neat trick for sleazeware to replace the first DNS so that it can sell redirected name services..) There is the common problem that the DNS owners can track your queries, but your solution requires only a single change. (Too bad the bozo who got busted for selling .usa names didn't run a server, he might have had a legal chance.) Nonetheless, here's a first draft of a proposal for the Fully UnCentrallized Authority for Naming and Numbers using the local host table. It includes a DOS script which uses wget and some utilities. FUCANN Fully Un-Centalized Authority for Naming and Numbers (*) Rev 1.0 First, a parable: You arrive in a place where you can't read the language. The tourist maps have been printed by a nasty government with a monopoly on map-making. You want to eat, but all the business names on the tourist map that are in your language are those approved by the map-maker. So you get a trusted friend to give you an overlay, a clear foil labelled with *his* names and recommendations. You read his label for "noodle shop" on the foil and then mark the location on the tourist map. You find a taxi and point to the tourist map where your friend's overlay said the good food is. "Tourist map" = government DNS. "Taxis" = routers. "Street addresses" = IP addresses. "Overlay foils" from your friend are the FU Naming System host table overlays. Friends = FUNS "root servers". You can overlay several foils, from different friends. The last one you overlay overrules lower foils. Since you choose your friends, and the order you query them, you are the authority over your own name space. One friend edits his foils by hand. Another lets anyone add to his foils, and further allows "hierarchical" editing because when someone adds "noodleshop" to his foil, they get a password allowing only them to refine their definitions --thin.noodleshop, wide.noodleshop, etc. Of course, if a more trusted friend, whose foil overlays the first's, overrides a name, you see the more trusted name. Problem: DNS is run by governments, subject to "social malfunction" (censorship). Solution: use an naming system where the user chooses whose namespaces he overlays. Everyone is ICANN. Implementation: PCs, Macs, etc have a local "hosts" file which is consulted by the OS's name resolver before the resolver queries the government DNS. By adding IP & name pairs to this hosts file, we override government naming authority with that of our own choosing. This resembles the old Sun "Yellow Pages" hosttab replication ("NIS" after BT thrashed Sun about "YP"). A Client runs a FUCANN Daemon which periodically queries hosts listed in a local FUCANN Root Server List "froots.txt". Root Servers listed later in froots.txt override earlier FRoot Servers. Users edit their froots.txt file using any text editor. Users' FU Root Server list "froots.txt" contains lists of URLs. The URLs point to "fhosts.txt" files which are in the format of the standard "hosts" file, i.e., 12.34.56.78 foo.bar Note that fhosts.txt files can override even government names, e.g., 12.34.56.79 amazon.com because the hosts file (into which they are merged) is consulted first. Anyone can be a FU Root Server and there is no global conflict resolution. The end-user performs conflict resolution when he orders the name of Root Servers in his local "froots.txt" file. This allows anyone to create their own top level domains, merely by listing names in their exported fhosts.txt file. It is up to each Root Server to resolve any conflicts in their fhosts.txt file ---either by deciding manually, or a first-come first-served scheme (with authentication for name-refinements if they want, allowing DNS-like hierarchical management), etc. A local Fdaemon does this loop forever: For each URL in froots.txt, retrieve the fhosts.txt file Merge it, uniquely, with the local hosts file Sleep froots.txt file: http://www.fred.com/fhosts.txt http://www.frank.com/fhosts.txt http://98.76.54.32:81/fhosts.txt Note that any transport could be used to obtain fhosts.txt files -email, ftp, etc. Note that future versions might send file-differences only, using compression. They might also use HURLs, Hyper-URLs, which specify other protocols --e.g., text to voice to POTS phone, 802.11blah guerilla nets, FAXes, etc. ------- "Can we do it?" Yes, ICANN -Frob the Builder A prototype Windoze directory contains: uniq.exe -standard utilities sort.exe awk.exe wget.exe froots.txt -list of URLS, later ones are higher priority foil.awk -script (see below) foild.bat -FUCANN daemon (this one does not run forever) (see below) fmerge.bat -script to merge wget-retrieved URL file into (see below) c:\windows\hosts foil.awk: ............................................................ {printf "fmerge %s %s \r\n", $0, $NF} ............................................................ foild.bat: ............................................................ @echo off echo Foil NS Daemon echo rem Temporary FoilNS batch file > f.bat rem EXTRACT URL, FILENAME... / is delimiter awk -F / -f foil.awk froots.txt >> f.bat rem RUN TEMP BATCH FILE f.bat ............................................................ fmerge.bat: ............................................................ @echo off echo Foil Merge rem Requires: wget, uniq, sort echo Getting %1, then merging %2 rem GET FILE wget %1 echo We got %2 type %2 rem CONCAT FILE INTO HOSTS rem BACKUP copy c:\windows\hosts c:\windows\prevhosts copy c:\windows\hosts hosts echo Old local hosttab: type hosts rem CONCAT type %2 >> hosts echo Before Merging: type hosts type hosts | sort | uniq > thosts echo After Merging: type thosts copy thosts c:\windows\hosts rem CLEAN UP del %2 del thosts echo FMerge is done. ............................................................ Some comments from anonymous colleages: >This is what I learned from the shyster panel on Codecon 2002: >Developers must have ZERO control over the use of their software We don't need no stinkin policies, we don't need no stinkin authorities, and we don't need no stinkin' Finn tellin' us when to fork... ----- >Which brings us to the issue WTF would any ordinary people use FUCAN in the first place. What is the killer app ? > >It is NOT having a top-level domain name .david . Small people do not care for that, corps care about easy to use names that are 1) easy to memorize and 2) by their uniquness give importance to the brand. Informal tribes do not give fuck for that. > >I think that the first app would be something that pinpoints moving targets, which is where DNS fails. Moving targets have to be constantly tracked, by humans. The only thing worth sharing are brain cycles. Machine cycles are free. > >So, integrating neo-napster host locations (I have app that points my "discontinued" napster client to one of several hundred napster servers) or gnutella nodes with static URLs would be neat. Usable. > >Then vanity, of course. Kids would go for these domains that you can reach ONLY if you participate in FUCAN distribution. And thy would be local. Gangs would love it. > >Then SIGs. Many fundamentalist groups would find it sexy to redirect URLs of enemy sites to PC pages. Anti-porn crusaders could re-map ALL porn sites to jesusneverejaculated.com . Anti-globalists would find is sexy to redirect amazon.com to local PC bookstores among themselves. > >In general, all users would be more or less "illegal", in the sense that DNS can not cater for their needs since adversaries have ways of influencing DNS. > >The fact that this is all "among consenting adults" will probably give some leeway and time to develop FUCAN before it becomes illegal. And if it gets any measurable success it will become illegal - either through new laws or existing ones (WIPO and trademarks can easily be used to mark FUCAN as a tool for circumventing IP laws - absurd, yes, but it didn't stop them before.) > >On technical issues, I think that having HURL (Hyper-Universal record locator) is paramount. It should be able to point to ANY existing address space, computerized or not. ISBNs (plus page number - interesting service, making specific pages available, for a fee). Street addresses (think AP). Telephone numbers. Bank accounts. License plates. Prepaid phone cards. Anuthing. ------ (*) Thanks to anon..