“Go Daddy no longer supports SOPA”

Perhaps in response to a redditor-led boycot on the company, Go Daddy “no longer supports SOPA” as of today. Good for them, whether inspired by the possibility of losing business or otherwise, for listening to their customers, and good for the customers, for voting with their money. SOPA and the PROTECT IP Act are draconian bills that have no business in our law books. I’m not against the notion of attacking criminals, simply against the methods outlined in the bills.

That being said, I don’t support retcon‘d publishing. Go Daddy made a statement in support of SOPA and PROTECT IP. They’ve removed that statement “in an effort to eliminate any confusion about its reversal on SOPA.” For the record, here is the content of that statement as cached on my browser hours before the deletion.

58a165bb5975163bb1f8e90cbf57e0e7 GoDaddy_Position.tar.gz

Go Daddy’s Position on SOPA
Date Submitted: 12-22-2011 by GoDaddy Expert

Many of our customers have asked us about our position on the Stop Online Piracy Act (SOPA). Below are statements from Go Daddy Executive Vice President, General Counsel and Corporate Secretary, Christine Jones. We’ve made them available here on our blog so all our customers can read our position.

Go Daddy is the world’s largest domain name registrar with more than 50 million domain names under management. Go Daddy has a full time presence in Washington D.C. and takes an active role in policy development that impacts the Internet, particularly issues having to do with children.

Included in Go Daddy’s legislative efforts is the Stop Online Piracy Act (SOPA). We have worked with the House Judiciary Committee to make changes we believe are necessary and have made attempts to work with the rest of the leaders in the Internet ecosystem to ensure the final version of the bill is acceptable to everyone involved. We have a unique view into the dangers and economic damage caused by foreign websites dedicated to infringing US intellectual property, including injury and death from fake consumer goods and drugs. So, we will continue to work with Congress, our friends in the Internet community, and intellectual property holders, to make progress on this extremely important issue.

Online Copyright Laws Won’t Prevent a Flourishing Internet

Written Oct. 28, 2011.

This week, the House of Representatives introduced its long-awaited bill, H.R. 3261 (the Stop Online Piracy Act), aimed at protecting the intellectual property of hard-working Americans, U.S. business and the American public from the harm that necessarily flows from the purchase of counterfeit products.

It’s a welcome step in the right direction, and we at GoDaddy.com applaud the leadership in the House Judiciary Committee, the House Judiciary Subcommittee on Intellectual Property, Competition and the Internet and the Senate Judiciary Committee, for taking decisive, bicameral and bipartisan action.

The debate about the contents of this bill, and its companion bill in the Senate, the PROTECT IP Act, has been heated in recent weeks, as companies within the Internet ecosystem have rallied to lobby against the passage of legislation which might hold us accountable.

That myopic view has never been shared by Go Daddy.

In our view, Internet policy should strive to balance the sometimes competing goals of the global free flow of information (which is clearly critical to U.S. businesses), with enforcement of the rule of law. We don’t see those competing goals as mutually exclusive, but rather, complimentary. In fact, that balance is essential to a flourishing, yet safe, Internet.

Why some members of the Internet ecosystem do not believe it is their responsibility to participate in finding that balance is unclear to us. We’ve found that balance in the past in the child protection and counterfeit pharmaceuticals contexts, for example, where we voluntarily take action against customers whose websites or domain names violate the law. So far, none of our voluntary action has stifled legitimate capitalism online. And neither will robust intellectual property enforcement.

The question should be how, not whether, we develop a notice and takedown regime in a responsible and responsive way. At Go Daddy, we are proud of our best practices and believe that they exemplify a model for the rest of the ecosystem. In 2010, we voluntarily took action and shut down more than 30,000 illegal online pharmacies. And, I spend a great deal of my working (and non-working) hours each day working to keep the Internet a better and safer place, especially for children.

And we are responsive to intellectual property holders, even absent a clear mandate by Congress to take action.

This debate does not have to be paralyzing. We certainly shouldn’t be suppressing free speech, but the Internet should not function as the Wild West either. We need to be focused on developing codes of conduct that reflect compromise. To do this, everyone in the Internet ecosystem needs to be committed to taking voluntary action. And everyone must understand that if we are unwilling to act responsibly, that Congress has a duty to step in.

While increasing demands on intermediaries are less than desirable for all of us, we can’t just turn a blind eye to illegal conduct online. If we don’t want the government to be the gate-keeper, then we have to set expectations for ourselves. And those expectations must respect the predicament that U.S. businesses and American consumers are facing — that they are getting duped, that their intellectual property is being stolen and that the Internet ecosystem has a duty to help.

As the debate intensifies in the coming weeks, I hope that all of us in the Internet ecosystem can work together to solve this problem. That is, after all, the American way. And it is the only way forward.

Why a Modified SOPA Makes Sense

Written Nov. 15, 2011.

Today, the House Judiciary Committee will be hearing testimony in support of the “Stop Online Piracy Act” (SOPA). Both Houses of Congress should move expeditiously to pass this bill or similar legislation. American businesses shouldn’t go another day without protection against the theft of their intellectual property. And the protection of U.S. consumers is even more urgent.

It is ironic that some companies that initially opposed the enactment of the Digital Millennium Copyright Act (DMCA) are now saying that it is working just fine, and that its notice and takedown procedures are sufficient to protect the rights of intellectual property holders. Although we believe that the DMCA works well in some respects, its remedies are limited in that it does not address trademark infringement, nor does it offer a mechanism to bring enforcement actions against illegal foreign-based sites. It seems to me to be inherently obvious that we need new legislation to combat the problem at hand. The solutions outlined in SOPA clearly present a thoughtful and comprehensive approach. Congress should work to pass this important piece of bipartisan legislation forthwith.

Go Daddy currently has over 50 million domain names under management, and is the number one domain name registrar in the world. We are also the largest worldwide mass-market hosting provider – currently providing hosting services for millions of websites. We employ more than 3,400 Americans – mostly in Arizona, Iowa, and Colorado, and we’re expanding. All this to say that we have serious equities at play here, and the risks are just as real for us as they are for others in the Internet ecosystem. We have legitimate businesses, American jobs, and loyal customers at stake. But, we’re still standing up and shouting from the rooftops that online counterfeiting and piracy is a problem that needs to be addressed by a comprehensive and thoughtful solution. American jobs and consumer trust are at stake.

Go Daddy has made it a high priority to use its position as the world’s largest registrar and hosting provider to make the Internet a better and safer place. As such, we have a large 24/7 Abuse Department whose mission is to preserve the integrity and safety of Go Daddy’s network by investigating and shutting down websites and domain names engaged in illegal activities. We work with law enforcement agencies at all levels and routinely assist in a wide variety of criminal and civil investigations. We are also quick to respond to public complaints of abuse. We also continue to lead the charge to stop the proliferation of rogue online pharmacies and websites selling counterfeit medications. We founded and co-chair the Board of Directors of the Center for Safe Internet Pharmacies, an alliance of private industry actors working together to eviscerate the online sale of counterfeit and otherwise illegal prescription drugs. (And, even more ironic is the fact that many of the loudest anti-SOPA voices in the tech community are founding members of CSIP.) We are responsive to copyright and trademarks holders alike – regardless of a clear mandate to do so. We take each instance of illegal activity very seriously and devote high priority to ensuring that websites containing illegal content are removed from our network. We do this in support of American businesses and U.S consumers, and because it’s the right thing to do. But, some international actors don’t share the same ethos, and law enforcement and U.S. intellectual property rights-holders currently have no way to address this growing threat. There is no question that we need these added tools to counteract illegal foreign sites that are falling outside the jurisdiction of U.S. law enforcement.

As much as some would like to paint a bleak picture, this debate is not about Hollywood vs. Silicon Valley. This debate is about preserving, protecting, and creating American jobs, and protecting American consumers from the dangers that they face on-line. Americans should have ready access to purchase legitimate American products. But, this debate is also about how the Internet ecosystem can work together to make the Internet a safer place, while still allowing for job growth in multiple sectors.

Whether we’re talking about copyright or trademark, counterfeit software, pharmaceuticals, or American-made apparel, toothpaste or Christmas tree lights, U.S. businesses are getting robbed and U.S. consumers are getting duped. You can still search for “drugs without a prescription” and yield natural search results for scores of illegal on-line pharmacies. We still see legitimate ads being placed on illegal sites dedicated to offering infringing movies or music. And thousands of sites still offer counterfeit products, many of which affect the health and safety of consumers. These sites are easy to locate, and you can still use your credit card to buy the products they sell.

But the debate in recent weeks has not been about the facts or the impact on U.S. businesses, or the dangers to consumers. It’s been about who could be found liable and who has to do the work to shut these sites down. We won’t get very far by resorting to the denial of responsibility or the pointing of fingers. And the substantive arguments that have been put forth are just not credible.

When the PROTECT IP Act was introduced, a number of tech engineers marched to the Hill and exclaimed that Senator Leahy (D-VT) was about to break their Internet. The theory was that allowing the Attorney General to seek a court order compelling an ISP to filter so that infringing sites’ URLs would not resolve, would force people to use alternative DNS. And by using alternative DNS, the users would subject themselves to malware and perhaps worse. This would wreak havoc on the DNS system and jeopardize DNSSEC. But, it’s hard to imagine that the limited times per year that the Attorney General seeks this remedy for a site dedicated to infringement will result in a mass exodus away from DNS as we know it. I have to believe that the average person doesn’t want to commit a crime. The people who seek to use alternative DNS to do so may just get what’s coming to them. I don’t wish malware on anyone, but we all know that criminals will always find a way.

The House bill also provides that if other methods are employed to disable access, ISPs won’t be required to filter at all. If they don’t have the technological capability to filter, and it would be an economic burden to add such capability, then they don’t have to take action. So, it does not seem to me that this legislation will cause a mass exodus away from the current DNS system. I told the House Judiciary Committee when I last testified on this issue that filtering would not be as effective in fighting infringement as blocking at the Registrar level, and it won’t. Indeed, we prefer removing the DNS filtering provisions, and have proposed changes to the Bill to fix that issue. But, still, even as currently written, SOPA is not going to “break the Internet.”

The opposition has also argued that SOPA amounts to censorship and that it will undermine our ability to oppose censorship by oppressive nations. This bill cannot reasonably be equated with censorship. This bill promotes action pursuant to preexisting criminal and civil laws. Not only is there no First Amendment concern, but the notion that we should turn a blind eye to criminal conduct because other countries may take oppressive steps in response is an affront to the very fabric of this nation – that we abide by a set of laws, regardless of what actions other countries choose to take or not take. Noted First Amendment expert, Floyd Abrams, testified before the House Judiciary Committee with me last time and opined that nothing in the legislation would impose a prior restraint on free speech. And in a recent letter to the Committee, he re-iterated that position. I vote for upholding our rule of law over doing nothing because we are scared of reprisal from oppressive or undemocratic nations.

Some have gone so far as to argue that rights-holders will be able to sue if there is one page of infringing material amidst “millions” of legitimate pages. This assertion runs contrary to the intent of Congress, the plain language of both the Senate and House bills, and is not a fair reading of either piece of legislation. The Senate’s standard for action is a site “dedicated to infringement.” SOPA’s standard is similar. It is unfathomable to me how one page amidst a million could possibly qualify under any such standard. It is not at all clear to me that this section should trouble Internet companies. I don’t believe that an American Internet company is going to be in danger of being starved of revenue because of one infringing page on their site. If they are afraid of that action, and agree that the page or subdomain is illegal, then by all means – take the page down and be done with it.

In a letter sent yesterday to Judiciary Committee leaders in both houses, eight Internet companies put Congress on notice that they cannot support the PROTECT IP Act and SOPA as currently written. While these companies agree with us that the Bill’s stated purpose – providing additional enforcement tools to combat websites devoted to stealing intellectual property – is important, they do not provide specific suggestions about how to improve the Bill’s language to make them more acceptable.

Their concerns now appear to center around “new uncertain liabilities,” private rights of action, “technology mandates that would require monitoring of websites,” and undermining the safe harbor provisions in the DMCA.

“Liabilities” in SOPA are anything but uncertain. If you are a site operating in violation of current U.S. federal law, then you can be starved of revenue or shut off to U.S. consumers. There are safe harbors from liability for any Internet intermediaries who are asked to cooperate. And there are Due Process procedures in place for Intermediaries contesting any requested courses of action. It’s unclear what “liability” is of concern to our friends in the Internet ecosystem. And, let me be clear, they are our friends. But, the worst that could happen to an Intermediary would be a financial penalty for just completely ignoring a court order. I’m sure that these responsible companies would never take that course.

It is true that SOPA provides for a limited private right of action. It allows for the owners of U.S. property to ask Internet intermediaries to stop making money by advertising on illegal websites stealing their U.S. property. So, I’m not quite seeing the basis for the concern.

There is also no mandate for anyone to “monitor websites.” What is required is action when an intermediary is provided notice of illegal activity. No one is asking the Internet community to police the Internet. They are just being asked to act responsibly when properly notified.

Finally, the safe harbor provisions of the DMCA provide for immunity after a notice and takedown procedure is initiated. How does that differ from SOPA which provides for the same protections?

The notion that the solutions that have been put forth will break the Internet, or that certain legal businesses will go off-line because of new mandates, is utterly unconvincing. SOPA goes a long way toward fixing the existing problems. But, like any piece of legislation, there is always room for some improvement. But improvement will only come through collaboration. The House Judiciary Committee has worked to listen to the concerns of those who oppose these bills and to address them. It’s time for those who have worked to oppose the bill to see if there is some common ground to be had. Then, Congress should make those improvements as necessary, and move to pass this bill.

The purpose of this legislation is to target foreign sites that are stealing U.S. property. No one is arguing that the purpose is invalid or unjust. If the mechanisms by which we get there need to be tweaked, then let’s have that discussion. Let’s stop with the hyperbole and get down to the brass tacks. We need to find a way to preserve American ingenuity. Starting from a place of common ground will allow us to have the conversation about how best to achieve those goals. SOPA is a needed tool to get the ball moving. As President Clinton has said, there’s nothing wrong with America that can’t be cured by what’s right about America. So, let’s get to it – together.

Dropbox Security Flaw

Read about it here. I try not to republish content, but the pertinent bit is this:

Newton’s concept, tested on a Windows machine, uses Dropbox’s own configuration files; configuration data, file/directory listings, hashes which are stored in numerous SQLite database files located in %APPDATA%\Dropbox. Inside one file lies a database row containing a users “host_id”, which is used to authenticate each individual user.
Modifying this file and changing the host_id to that of another Dropbox user automatically authenticates the account, providing complete access to that person Dropbox until the user realises that there is a new computer in the “Linked Devices” section of the Dropbox website.

As you should Dropbox or no, encrypt sensitive data with an out of band key (password/phrase/yubikey/token).

Personally, I agree with Dropbox’s statement that if an attacker was able to gain access to your local files, that gaining access to the dropbox’d files is already a lost battle. However, gaining access to the dropbox account without a password is where I have issue. In either regard, I will continue to promote dropbox as the best cloud based replicator out there.

Dropbox for Teams

WHAT?! https://www.dropbox.com/teams. Just click on it.

This is Awesome-Sauce in response to user requests for enterprise ready dropbox, Dropbox for Teams allows IT organizations to deploy dropbox to end users in SAAS fashion.

That being said, I’ve been short on posts lately on account of some severe workload. Will post more soon.

dropbox.com

I wanted to bring up Dropbox.com to your attention. I wanted to share what I thought was a fantastic company that’s basically taken the concept of JungleDisk and moved it one step further. How? Instead of really cheap (Jungledisk), dropbox is free for the first 2 gigs. This, combined with the below usability features, results in rapid growth in user adoption. As of January, the company has over 4 million users. That’s over 8 Petabytes of potential disk space usage if every user was a free 2GB plan.

All of the public infrastructure is hosted at AWS, and can thus scale with the userbase. As Amazon charges anywhere from $0.055 to $0.150 per GB (pricing structure), each free user consumes from $0.11 to $0.30 per month. Even with 6.25% utilization of 8 Petabytes, Dropbox.com pays the $0.105 per GB rate, Given their next paid upgrade is for 50 GB and costs $9.99/month, one paid customer can support the storage fees for up to ($9.99 − 50 clients × $0.105) ÷ $0.21 = 22 clients covered in the cost of a single paid user, at full utilization of each user. However, most users won’t be using their full utilization (think Google mail), and their business model becomes more lucrative.

Starting with dropbox is simple. Download the client, register your account, and a folder is created where you can drag and drop your data. All data in this folder is replicated to dropbox servers, and to all dropbox client nodes that you link to your account.

The application ships with an intuitive user interface (no S3 accounts to configure, as this is done for you), and a rich feature set that includes automatic versioning, automatic syncing, cross-platform compatibility, intuitive web publishing, and a simple pricing model.

The one feature that really stood out however, was how they garner feedback for this actively developed product. Users can navigate to https://www.dropbox.com/votebox, where they can submit suggestions that get voted on and commented upon. This popularity contest likely helps the company focus on what projects need developing next.

All in all, this is an exciting company to be a customer of, and I would recommend y’all take a look at it too, as this appears to be what proper execution of a good idea looks like.

Kudos dropbox.com on a product well done.

Why 100Mbps Does Not Mean 100Mbps Transfer Rates

You will not always see 100Mbps upload/download speeds even with a 100Mbps port. Much of the slowdown occurs because as packet travel distance increases, so does latency, which has a large detrimental effect on large file transfers. For smaller files, like those associated with not-too-graphical web pages, this has less impact. Without getting too technical, this is because file transfer protocols that use TCP require that the recipient respond with confirmations of data received, and this is one reason that file transfers over longer distances are slower, in direct proportion with the increase in response times.

See http://www.internetworkexpert.org/2008/12/19/how-to-calculate-tcp-throughput-for-long-distance-links/ for a more in-depth discussion on this.

Most download accelerators are able to increase transfer rates by simply employing multiple TCP pipes that dump into the same file. This doesn’t solve the TCP window size problem, but takes advantage of what the uplink is capable of handling. Most modern browsers do this automatically, so download accelerators are really not a necessity any more.

You may wish to optimize your per-TCP connection transfer rates though. To do so, determine your optimal TCP window size based on the expected latency of your most bandwidth intense client-base (see the calculator at the above link). Then, based on that, adjust your TCP/IP stack to adjust below:

To tweak Windows 2008 TCP Window Scaling, please refer to the following:

http://www.minasi.com/newsletters/nws0802.htm

http://www.speedguide.net/read_articles.php?id=2574

Note that Windows 2008 doesn’t allow you to tweak settings like 2003 did. You can make the system adjust it “more aggressively,” but you can’t hard code numbers in.

To tweak Windows 2003 TCP Window Scaling, please refer to the following:

http://articles.techrepublic.com.com/5100-10878_11-5034413.html

You may wish to also try: http://www.speedguide.net/tcpoptimizer.php

To tweak Linux TCP Window Scaling, please refer to the following:

http://www.speedguide.net/read_articles.php?id=121

Note that many other factors come into play for bandwidth calculation. In a hosting environment, your server must compete with other servers in the data center to reach the core routers and from there, must concentrate in various nodes and exchanges to reach a packet’s destination. Along the way, routers must prioritize and queue packets for transmission. We can check the health of this process by performing a traceroute between “slow links.” Network congestion at any one of these nodes can reduce overall transfer rate. On either one of the endpoints, disk I/O, or other system stress may be a bottleneck.

All in all, an 100Mbps, or even an 1000Mbps uplink will not provide transfer rates greater than what the network fabric in between the source and destination can handle, and not greater than what the server / client can negotiate within the TCP pipe.

#18 Feb 2010 – Edited for spelling/grammar.

#24 Mar 2010 – Updated link for 2008 tuning.

Next Page »