ICANN’s Public Whois vs The EU

ICANN will have a month to stop exposing private registrant data in their public whois, thanks to GDPR.

The Register:

The Whois public database of domain name registration details is dead.

In a letter [PDF] sent this week to DNS overseer ICANN, Europe’s data protection authorities have effectively killed off the current service, noting that it breaks the law and so will be illegal come 25 May, when GDPR comes into force.

It’s one of those “big if true” moment but i guess the fact that approximately 700 million people live in EU, should make ICANN pretty much have to follow this or, i don’t know, retroactively drop EU citizens access to their .com domain names, like what EU plans to do to UK citizens after Brexit?

Yeah, don’t think so. If this comes to fruition and ICANN really fully shutdown the current whois service and turns it into an opt-in, consent-based system, it’s a pretty fundamental change that will require a huge amount of work from all the sides involved, and a month deadline is rather tight. With how the current model of ICANN verification works, the weather forecast is cloudy with a side of PANIC felt by end users who suddenly see their domain suspended after not properly responding to the consent request.

I wouldn’t say that it’s not a welcome change though. Seeing how increasingly bad the abuse that a domain owner can receive after having their private data exposed through whois, this would add some level of hassle to the automation in spammers data collecting process, as well as killing the privacy as a service model of domain privacy, which in my opinion should be a shady remnants of the past.

Still, probably a good idea to read the opinions of people who are against this, such as this write up by Brian Krebs.

Cloudflare DNS

From Cloudflare blog:

Cloudflare’s mission is to help build a better Internet. We’re excited today to take another step toward that mission with the launch of 1.1.1.1 — the Internet’s fastest, privacy-first consumer DNS service

Nice to see another alternative for reputable public DNS resolvers other than OpenDNS (owned by Cisco) and Google, both of which have been known to track you, which Cloudflare promised not to do.

I myself am a proponent of running your own DNS resolver, one that supports DNScrypt if possible, but this is definitely still a welcome news.

Email Application Hell

Working in a hosting industry as a customer service rep, you’ll find that 8 out of 10 issues reported has to do with emails.

Take a look at a person with zero computing experience, and ask yourself, if they want a website, where they should go to.

You might think a drag and drop site builder is a good idea. Something where they can just add or remove website components like Lego, where even if things can go wrong, dealing with the aftermath is as easy as re-adding the block.

But look at the typical guide of setting up IMAP/POP3/SMTP client, and there are simply too many pitfalls where the drop is quite deep.

On the face of it, it’s easy enough. You just need to know the incoming/outgoing mail server, their ports, your username and password. In theory, this looks really easy, especially to someone with years of computer experience.

But no. Your client want to set up an email on iPhone, and your server requires outgoing mail authentication? Don’t worry, Apple made sure you’ll always have a job as Tech Support by putting ‘(optional)’ on both fields for outgoing mail server.

The server uses full email address as the username? Wait, is it username or email address then? Email applications don’t use similar term, so get ready for the users entering just the username part of the email address, making sure that their IP keeps getting blocked on the server for wrong login details.

What the hell is “Secure Password Authentication”, and should the client have it enabled? Don’t worry, your opinion and your server capability to support it is not relevant, client will enable it anyway, because it’s “secure”, right?

The password is wrong/mistyped/not even filled, and your server is set up to block an IP after a certain amount of login attempt failed. Client is screaming and trying to ask them to retype the password is hard, as they’re sure they got it right. At this point, you ask them to just reset the password.

Congratulations, you have created an even bigger problem. You managed to get the client to update one email application password on one device, but not the other 3, which is sharing the IP and will now forever create an IP block loop unless you whitelist their IP or get them to somehow go through each and update every single device.

These are just small details that made up most of the errors when dealing with email application setup.

Even with Webmail, For cPanel Mail specifically, i lost count of the amount of client that’s confused about their default webmail setup.

Doesn’t believe me? Here’s what happened when you login to your cPanel webmail for the first time:

What is this grey screen and what should i do?

Okay, i clicked the got it button. Now what should i do? Which of these three foreign name and logo should i choose, and what made them difference? Can’t you just pick for me?

(At this stage, lots of clients actually just scroll down, possibly due to decision fatigue, and just assume that they must do something, other than actually clicking the icon, or “set as default”, “whatever that means”)

Okay i clicked Horde/Roundcube/Squirrel mail. Why is this so hard?

As a bonus, let’s say you forgot your password for cPanel based webmail, and you wanted to reset your password. Well what do you know, there is a reset password link in the login form:

What the user doesn’t know is that reset password will never actually reset his email password as it will reset a completely different password entirely.


Of course, i’m exaggerating. It really isn’t that bad, just require a bit of patience.

But looking at the state of everything that has to do with email reminded me quite a bit that this is truly the dinosaur of the internet. The UI might have been handcrafted by a 23 year old hipster from Portland who exclusively eats Soylent, but the back end and its ecosystem still feels very 1993.

PureVPN Helping The FBI

Interesting. From The Register:

And that’s where the surprise came in – at least for those that believed a VPN is a complete protection: “Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses” (those IP addresses were at Lin’s work and home addresses).

Techcrunch Being Techcrunch

Techcrunch writer Josh Constine, on the post about the shutdown of AIM:

So, farewell to AIM and my embarrassing screen name KDog313. Being a teenager will always sound like one of your incoming messages.

Techcrunch writer Taylor Hatmaker, 10 hours later (awesome name btw):

Sharing old credentials online is a bad idea. From a security perspective, old AOL logins are a potential goldmine of personal details for anyone trying to hack your accounts.

Cloudflare Came to The Rescue

DSLReports:

Cloudfare has begun banning websites that coverly embed cryptocurrency miners into their website code to boost website revenues.

After the dailystormer brouhaha, i guess we’re starting to see cloudflare becoming the police of the internet. Makes sense, since their product use cases really does cater to shady website (and legit ones too of course, but shadier ones needs cloudflare the most). Anyway, good move by cloudflare. I just worry that with the scale of their operation, they might become too powerful too not become evil in the not too distant future. Facebook and Google’s history came to mind.

Cryptocurrency Finally Found The Right Product Market Fit.

So the best news that i hear last week is that The Pirate Bay, the pirate’s favorite never-say-die torrent indexer site, has implemented a feature(?) in which a visitor to the site will share their CPU resources to mine some cryptocurrency for the site.

Following that news, some news sites started reporting that this “feature” is actually already in place in some other, non-shady, non probably-get-yourself-arrested-if-you-use-it site as well. Oddly enough, the site that use this feature is the official website for Showtime, a cable television channel in the US.

Now, after trying to find out more about what the hell is going on, i found a site called Coin Hive, which makes flash based advertising that took over your whole screen looks like it is sent gift-wrapped direct from God itself. An easily implementable js based coin miners for your own site!

This is the future folks. I myself can’t wait to dedicate a special PCI-e slot for a GPU so that i can pay to pirate the next episode of Game of Thrones. In fact i’m looking forward to it.

Expiration of a Good Idea

One concept that I find valuable is that good ideas are fragile, and needs protection from the people higher up the chain in an organization.

The gist of it is that for an idea to survive the process from being born to this world from the head of some lowly staff, on the very bottom rung of an organization, to being discussed and made priority on the very top of the food chain, is a very rare trait that only the very best organization have.

It’s one of the reasons why startups are able to scale and grow so quickly. Ideas are the seeds of growth, and it can’t really run by itself to the place where it can be executed and turned into a real result. It needs to be carried and executed, by the whole organization if possible.

In a startup, a newly hired guy can directly throw out their ideas into the minds of people that can actually make decisions, and execute. In a large organization, especially if it was rife with internal politics and competitions, ideas became dangerous, it is subversive, simply because it can create change, and change is the enemy of a known working bureaucracy. So it dies, probably in mid-management.

But of course, it’s easy to think about this in abstract terms. In the real world, the how is sometimes more important than the why. Saying ideas die because of mid-management is the equivalent of explaining why food go bad if you don’t refrigerate, but if your environment is without electricity, how can you find the solution?

Well, people make do. And so does an organization. The fact that due to the food going bad, 20 people are now lying sick in bed, will cause you, or, to get out from this hypothetical situation, the organization, to find a solution to the problem. That’s when something changes. Now it begins.

It happens in Blackberry, it happens in Nokia, it happens everywhere when a business gets disrupted. But the problem is that these organizations then found out that the good ideas have already expired. Even when they adopt the good ideas, sometimes through the shotgun approach of just doing it all and see what sticks, they failed. So they fold.

That’s why I like Apple’s, or, well, Steve Jobs approach to this problem. He came in knowing that good ideas are still there, but he needs the financial report to look good. So what he did is ingenious. He fired a bunch of people, but individually interview several people, and he kept the people that he thinks still have good ideas that can be saved. One of them is Jony Ive.

Noticed that this isn’t a systemic solution to a systemic problem. It’s a very individual approach, subjective and very un-friendly to business school graduates, simply because of how unpredictable it is. It’s not scalable, hard to repeat. The ironic thing is that it is exactly hard to repeat because of how big of a conviction the people higher up the food chain needs to have over their own decisions, their people, and their execution.

Apple didn’t do what Yahoo did under Marissa Mayer, bought companies for billions in the hopes that it can rescue Yahoo. It didn’t do Blackberry, halfheartedly trying to execute their own half-baked touchscreen OS and then gave up halfway. It certainly didn’t do Nokia in trying to sell itself to Microsoft and hiding it under the guise of executing a courageous strategy.

It believes in its own people, its characters, its story. It has a pretty strong idea of what Apple actually is and it executes on their firmly held beliefs until it’s successful. iPhone didn’t sell crazily when it was first released. iPod too, and even the Mac. iMac G3 brings some money to Apple but Mac market share is so tiny it’s laughable. But the company, again believes in its own ideas and executes. They iterate again and again firmly on the back of the good ideas of their employees and nothing else.

But that’s Steve Jobs. He has enough conviction in his own little world, and has gone through a process where he values idea more than the execution (see: Steve Jobs early darling, the Lisa & Macintosh vs Apple II), and managed to find balance.

And Apple did it. It managed to come back. As far as I know, there’s been no other company or CEO that managed to do this, at least in an industry as fast-paced as hardware and software.

So no, I don’t believe ideas have an expiration date. What caused these organizations who is suddenly open to suggestion to fail is not that the ideas had gone bad, it’s simply because they lack beliefs. In this way, ideas in organizations are like religion. It ceases to exist once you stop believing in it, not because it suddenly goes bad.

Art is Supposed to Make You Feel Something

On Youtube there are several channels that dedicates itself to streaming music 24/7 for free. Typically these channels, at least the ones that i stumbled upon, play music that are royalty free, or made by artists who are just starting their careers and want a place where they can promote their stuff for free.

One thing that’s interesting to me though, is how forgettable these songs are.

I don’t know exactly why, probably because they are made to fit a certain mood, typically to “chill”, since i noticed the biggest channels are called “Chillhop Music” and the other is deep house, which is another name for “i want to party but i have 3 essays due so i want to both party and study at the same time”, but anyway, they really do reminded me of elevator music. The kind where you drop in an elevator or an airport, said to yourself, “well this is nice. I’m relaxed somewhat by this droning sound followed by announcement of a delay, now i’m pissed”, but you never remember what it is that were playing even 5 minutes after you came out of it.

Now, the problem is, some of the music that they’re playing on these channels are legitimately good, especially if you were paying attention. But i just for the life of me can’t remember the name of the artist or anything about the song 10 minutes later. So i wonder why.

I got my explanation along with a punch to the gut when i close the tab, and play some real music that were well reviewed, and that i truly enjoy. Something like Dr. Dre’s The Chronic, Kanye West Late Registration, Sondre Lerche’s albums, or even Tyler’s latest album. They’re just pulling you in, hypnotically, telling you to drop everything and focus on the music. Even Kanye’s Yeezus, probably his most mixed-reviewed work, is unforgettable. It’s just forcing you to have an opinion about it. It does not allow you to forget.

But of course I can be biased. These are albums that i have listened to hundreds of times, so of course i remember all of the little details in Dre’s G Thang. But then i still remember listening to Sgt Pepper the first time.

It’s of course truly ridiculous to compare music played in a youtube channel called Chillhop with The Beatles, but my point still stands. Music, the good ones, forced you to remember it. It supposed to forced you to feel some type of ways about it.And it’s the same thing with all creative endeavor. If you can’t remember it, it’s probably for a very good reason, or bad, depending on how you look at it.

Googling

The last time i actually signed up to a forum for the sole purpose of asking a question was probably in 2008. In those days, Alltop is still a hip new thing, Guy Kawasaki is the guy to follow on Twitter, and Twitter, well, Twitter was still fun.

I remember having multiple forum accounts and being pretty active. Not anymore. These days, anytime i do have a question about anything, i can just enter my question on Google, and the answer is there, usually asked by someone who seems to have a bit more faith in his peers than i am.

The last sentence is really what sparks the idea about this post. I discovered that while working on this new job that i have, with the scale of people that came in and with me having to juggle priorities around, i have to think pretty quick. When i can’t find the answer to something technical, usually google is the place to go. And usually the first search result already contains the answer. Whether it’s from Stack Overflow, Quora, Reddit, whatever. There’s always this one guy who actually want to ask people the answer to something that he doesn’t currently know.

I then realized that what i did was actually just repeating something that i actually don’t know if it was true or not. Well, 9 times out of 10, it should work, you know, assuming. But i noticed that my faith in Google’s algorithm has reached this peak where the machine no longer just provided me with the information to curate, but it also has decided for, or at least help me reach a quick conclusion of what is a true information and what is not.

Like in a more personal setting, for example, if i was stuck with 10 people, 9 of them i know for sure are more knowledgeable than me, i’d still have more skepticism than what i hold against my googling result. I google, therefore i know the answer. But the people answering those questions are still people. They have their faults, their mistakes, their biases. And i sure as hell won’t trust someone named DragonPHP in the real world.

It’s the same thing with Facebook. You came on there, and someone posts a long-ass tirade about politics, and you think to yourself, who is this? I never met this guy once in my life. But what do i or you know, right? Facebook algorithm has decided that his post was important enough to appear on top of your news feed, so they must be right.

The funny thing about this as well is how easy we (well, I) will unconsciously prefer the result at the top and will think that they are definitely the better ones. If the result at the bottom is different, well, something must not be right with their answer. The top answer is the right one. It must be, right? I mean, how can it be wrong?