As internet pioneers fight to preserve .org’s non-profit status, those in charge are hiding behind dollar signs

ICANN, ISOC, PIR and Ethos still refusing to provide details

Comment The controversial proposed sale of the .org internet registry to an unknown private equity firm will hit a critical decision point this week, and all the organizations in charge are refusing to talk about it.

On December 9, DNS overseer ICANN put a temporary halt on the sale by sending a letter to the organization that runs the .org registry, PIR, as well as its parent company, ISOC aka the Internet Society, demanding greater transparency over the sale to Ethos Capital as well as answers to a series of questions asked by the wider internet community.

That response is due this week and a response has apparently been sent but no one – not ICANN, ISOC, PIR or Ethos – will talk about it. We still don’t even have a list of the questions ICANN claims it asked.

"PIR has submitted responses to ICANN's request for additional information pertaining to the transaction with Ethos Capital, LLC,” ISOC told us, having asked PIR on our behalf.

“PIR is working with ICANN to release its original notice regarding the contemplated change of control and information it provided in response to ICANN's subsequent request. This information will be released in the coming days pursuant to the principles set forth in ICANN's Documentary Information Disclosure Policy."

We approached ICANN, pointing out that this response clearly indicates active discussions between the organizations as well as decisions being made on the basis of ICANN policies, and asked for comment. ICANN told us a day later that it wouldn’t comment.

In the meantime, a group of internet pioneers and former ICANNers – including its first chair Esther Dyson and former CEO Mike Roberts – have said they are setting up a new non-profit organization that they propose take over the .org registry in order to continue to run it as a non-profit, rather than convert to a for-profit corporation, as the Ethos Capital deal indicated.

Pressure tactics

Whether that is a serious proposition – or simply a way to apply pressure to ICANN to reject the sale – is unclear. There is currently no official record of the claimed corporation – the Cooperative Corporation of .ORG Registrants – despite representatives telling the New York Times that registration papers have been filed.

It is also unclear how or why ICANN would turn over control of one of the largest internet registries, with over 10 million names, to a new entity for no consideration. As the Ethos Capital deal makes plain, .org is worth over $1bn. The new corporation doesn’t intend to offer a bid: its sales pitch appears to be an appeal to the internet’s founding beliefs.

If ICANN did for some reason decide to hand over operation of .org to this new proposed corporation, it would also sound the death knell for the Internet Society, which derives between 85 and 90 per cent of its income from the registry.

As flawed as the Internet Society is – it purports to be a grassroots global organization but in actuality is more of a Washington lobby group for internet engineers – it is a critical component of the internet community’s effort to protect the overall neutrality of the internet.

The fact that some of the original ICANN staff, as well as CEO of the Wikimedia Foundation CEO Katherine Maher, Jeff Ubois of the MacArthur Foundation and Bill Woodcock of Packet Clearing House, are willing to go to the press with this proposal is a clear sign that many in the internet community have grown sick of the direction of the organizations that are supposed to be preserving the original intent of this inter-network.

The slow rot in those organizations – ICANN and ISOC key among them – have been apparent for years but its clearest indication is in the fact that they have all but abandoned a commitment to transparency.

Transparency; the lack of it

ICANN has an entire section in its bylaws dedicated to transparency; the idea behind which was that if the internet community could see exactly what was going on, it would be much harder for the organization to be swayed or corrupted by money and influence.

But as we have noted repeatedly for years, a failure by the ICANN community to force the organization’s staff and directors to act in the broader public interest, even when critical details have been dragged out of the organization, has led to an increasingly unaccountable organization that treats its own members with disdain.

That disdain led ICANN to actively ignore 98 per cent of its own community when it said that lifting price caps on the .org registry was a terrible idea. ICANN decided it knew best and repeated to itself that it didn’t want to be a price regulator and shouldn’t be in the position of setting market conditions.

But that was a decision reached without broader consultation or deliberation, with zero economic analysis, and by a small subset of people who just so happen to receive double-digit annual pay rises by the organization that profits from this approach.

ICANN was wrong to approve the lifting of price caps; a decision that led directly to the billion-dollar sale of .org to a private equity company set up by a former CEO. But its absolute refusal to admit fault has led the organization in the opposite direction: rather than apologize and learn, it formally decided last month that it was under no obligation to even listen to its community anymore. Incredibly, it stated as much in formal documents: so long as it read its own staff’s summary – and in this case the public comment period has been labelled a “sham” – then it has done its job, ICANN’s Board of Directors claimed.

Even though there is no doubt that several ICANN board members harbor significant concerns over that approach, the culture of the organization has moved from one that used to embrace open disagreement – in the words of its bylaws “operating to the maximum extent feasible in an open and transparent manner” – to one that punishes and bullies dissent within its ranks.

Money for old rope

Just this week, ICANN extracted $20m out of dot-com operator Verisign for nothing more than signing a presumptive contract renewal. The board did, and has said, nothing and the community has so far failed to even register concern.

This week, ICANN announced that it would now provide grants of up to $750 (on top of the free hotel room, flight, food, entertainment and per diems that dozens of official representatives receive) to attendees of its meetings to cover childcare costs and related expenses. ICANN’s next meeting in March will be held in holiday destination Cancun. The next in June will be in Kuala Lumpur. Then Hamburg in October. Last year it was Kobe, Marrakech and Montreal. Before that San Juan, Panama City and Barcelona.

The fact that the Internet Society has fallen under the same spell – convincing itself that it isn’t selling its soul but rather diversifying its income stream – is part of the same rot. And, again, the lack of transparency is stark.

ISOC officially had a non-stop 14-day board meeting about the .org sale. Despite the fact that that is a clear impossibility, details of that monster meeting are non-existent, beyond the fact it happened. Likewise .org operator PIR. What about the boards of both organizations? Independently minded individuals whose job is nominally to protect and preserve the public interest? They voted in favor of the sale.

And despite nearly two months of outcry from the community they represent, only one board member has been prepared to stick their head above the parapet and publicly state their view – and even then it was little more than a soft-sell blog post explaining why it was such a great deal. There was no mention of what one would hope were hard questions asked during the two-week board session.

Illusion of openness

Under pressure, representatives from ISOC, PIR and Ethos have given webinars and even given the occasional interview but the answers have been so buttoned up or covered in caveats that they have only increased concern. People know the illusion of openness when they see it.

More words does not equal more transparency, as a response [PDF] to three US senators earlier this week makes plain. Stuffed full of PR speak about “dedication to ensuring” and “commitment to investment”, the letter fails to provide any real commitment.

An illustration using the words I Can't Even

Hey, ICANN, if you need good reasons to halt the .org super-sell-off, here are two: Higher fees, more website downtime


More importantly it refuses outright to acknowledge or engage with the extensive criticism leveled at the deal. There is no surer sign that no attempt at listening is being made.

US Senator Ron Wyden (D-OR) knows as much, telling The Register today that “nothing in this response addresses my concerns that selling .org to a private equity firm would be a real blow to internet users and nonprofits. The assurances Ethos Capital makes about its purchase essentially boil down to ‘trust us.’ That’s not good enough. I will explore every avenue available to Congress to step in and ensure users and nonprofits are protected.”

The same pattern can also be found at the UK’s internet registry operator Nominet which had abandoned its charitable trust, undermined its own members, removed any vestiges of real transparency by killing off its board minutes and increasingly uses its unique position to raise prices to fund its CEO’s misguided business ambitions.

The truth is that whatever all those on the boards of ICANN, ISOC, PIR and Nominet tell themselves about their role and their actions, they know deep down that the compensation and the hotels, flights, five-star meals and status are not tied to being a good internet citizen and preserving its early ideals, but are payment for looking the other way, not asking too many questions, and keeping quiet when things get messy.

As laudable as the effort is to offer a better, non-profit alternative to selling off the .org registry to a private equity company, those efforts would be better spent forcing out those that have allowed the internet’s overseeing organizations to sink into corruption without saying a word. ®

Intel CPU interconnects can be exploited by malware to leak encryption keys and other info, academic study finds

Side-channel ring race 'hard to mitigate with existing defenses'

Chip-busting boffins in America have devised yet another way to filch sensitive data by exploiting Intel's processor design choices.

Doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU ring interconnects work, and found they can be abused for side-channel attacks. The upshot is that one application can infer another application's private memory and snoop on the user's key presses.

"It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," Paccagnella told The Register. "The attack does not rely on sharing memory, cache sets, core-private resources or any specific uncore structures. As a consequence, it is hard to mitigate with existing side channel defenses."

Side-channel attacks, like the 2018 Spectre and Meltdown vulnerabilities, exploit characteristics of modern chip microarchitecture to expose or infer secrets through interaction with a shared computing component or resource.

Continue reading

SolarWinds just keeps getting worse: New strain of backdoor malware found in probe

Plus: McAfee's in serious trouble over claimed cryptocurrency scam

In brief Another form of malware has been spotted on servers backdoored in the SolarWinds' Orion fiasco.

The strain, identified as SUNSHUTTLE by FireEye, is a second-stage backdoor written in Go which uses HTTPS to communicate with a command-and-control server for data exfiltration, adding new code as needed. Someone based in the US, perhaps at an infected organization, uploaded the malware to a public malware repository in August last year for analysis, well before the cyber-spying campaign became public.

Brandon Wales, acting director of the US Cybersecurity and Infrastructure Agency, warned it could take 18 months to clean up this mess, and that's looking increasingly likely.

Continue reading

Linus Torvalds issues early Linux Kernel update to fix swapfile SNAFU

‘Subtle and very nasty bug’ meant 5.12 rc1 could trash entire filesystems

Linux overlord Linus Torvalds has rushed out a new release candidate of Linux 5.12 after the first in the new series was found to include a ‘subtle and very nasty bug’ that was so serious he marked rc1 as unsuitable for use.

“We had a very innocuous code cleanup and simplification that raised no red flags at all, but had a subtle and very nasty bug in it: swap files stopped working right. And they stopped working in a particularly bad way: the offset of the start of the swap file was lost,” Torvalds wrote in a March 3rd post to the Linux Kernel Mailing List.

“Swapping still happened, but it happened to the wrong part of the filesystem, with the obvious catastrophic end results.”

So catastrophic that, as Torvalds explained, “you can end up with a filesystem that is essentially overwritten by random swap data.”

Continue reading

Remember that day in March 2020 when you were asked to get the business working from home – tomorrow, if possible? Here's how that worked out

IT pros from orgs large and small tell The Reg the tech delivered, mostly, but couriers and home Wi-Fi suddenly became your problem

Covid Logfile Brianna Haley was given one day to be ready to roll out Zoom for 13,000 users at over 1,000 sites.

Haley* is a project analyst for a large healthcare provider that, as COVID-19 marched across the world in March 2020, realised imminent lockdowns meant it would soon be unable to consult with patients.

And no consultations meant no revenue.

"I got called into a meeting at 7:30 or 8:30 on Monday morning and was told we had to get Zoom done by tomorrow," Haley recalls.

Continue reading

The torture garden of Microsoft Exchange: Grant us the serenity to accept what they cannot EOL

Time to fix those legacy evils, though.... right?

Column It is the monster which corrupts all it touches. It is an energy-sucking vampire that thrives on the pain it promotes. It cannot be killed, but grows afresh as each manifestation outdoes the last in awfulness and horror. It is Microsoft Exchange and its drooling minion, Outlook.

Let us start with the most numerous of its victims, the end users. Chances are, you are one. You may be numbed by lifelong exposure, your pain receptors and critical faculties burned out though years of corrosion. You might be like me, an habitual avoider whose work requirements periodically force its tentacles back in through the orifices.

I have recently started to use it through its web interface, where it doesn’t update the unread flags, hides attachments, multiplies browser instances, leaves temp files all over my download directory, tangles threads, botches searchers and so on.

Continue reading

Just when you thought it was safe to enjoy a beer: Beware the downloaded patch applied in haste

Let us tell you a tale of the Mailman's Apprentice

Who, Me? The weekend is over and Monday is here. Celebrate your IT prowess with another there-but-for-the-grace confession from the Who, Me? archives.

Our tale, from a reader the Regomiser has elected to dub "Simon", takes us back to the early part of this century and to an anonymous antipodean institution of learning.

Simon was working at the local Student Union (or "guild" as the locals called it), which was having problems with uppity education staff censoring the emissions of students. Simon was therefore commissioned to set up a fully independent newsletter.

"We had scored access to the Oracle user database," he said, "but only via the awful Filemaker Mac database. So I built a bridge to export it out to MySQL.

Continue reading

US National Security Council urges review of Exchange Servers in wake of Hafnium attack

Don't just patch, check for p0wnage, says top natsec team

The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China.

Microsoft revealed the attack last week and released Exchange security updates.

The Biden administration’s Cybersecurity and Infrastructure Security Agency (CISA) followed up with a March 5 general advisory encouraging upgrades to on-premises Exchange environments. Another advisory on 6 March upped the ante as follows:

Continue reading

Delayed, overbudget and broken. Of course Microsoft's finest would be found in NASA's Orion

In Space No One Can Hear You Scream (as Windows crashes again)

BORK!BORK!BORK! Getting astronauts to the Moon or Mars is the least of NASA's problems. Persuading Microsoft Windows not to fall over along the way is apparently a far greater challenge.

Spotted by Register reader Scott during a visit to the otherwise excellent Space Center Houston, there is something all too real lurking within the mock-up of the Orion capsule in which NASA hopes to send its astronauts for jaunts beyond low Earth orbit.

Clutched in the hand of a mannequin posed in the capsule's hatch is a reminder of both how old space tech tends to be and a warning for space-farers intending to take Microsoft's finest out for a spin.

Continue reading

NASA shows Mars that humans can drive a remote control space tank at .01 km/h

Perseverance takes first drive around landing spot named in honor of seminal sci-fi author Octavia E. Butler

NASA’s Perseverance rover trekked across Mars for the first time last Thursday, March 4, 2021.

The vehicle went four whole meters forward, turned 150 degrees to the left, then moved another two-and-a-half meters. The entire drive covered a whopping 6.5 m (21.3 feet) across Martian terrain. The journey took about 33 minutes.

The Register ran that through a calculator and deduces the nuclear powered laser-equipped space tank, aka Perseverance, sped along at the astounding velocity of .01km/h, quite a comedown from the 19,310 km/h at which it entered the red planet’s atmosphere.

In a press release, NASA said:

Continue reading

University of the Highlands and Islands shuts down campuses as it deals with 'ongoing cyber incident'

Ten letters, starts with R, ends with E, three syllables

The University of the Highlands and Islands (UHI) in Scotland is fending off "an ongoing cyber incident" that has shut down its campuses.

In a message to students and staff yesterday afternoon, the institution, which spans 13 locations across the northernmost part of the UK, warned that "most services" – including its Brightspace virtual learning environment – were affected.

"We are currently working to isolate and minimise impact from this incident with assistance from external partners. We do not believe personal data has been affected," said the university, adding: "The source of the incident is not yet known."

An email sent to students and published on UHI's website said that its Office 365, Cisco Webex, OneDrive, Teams, and email services, among others, were not affected by the apparent intrusion. Administrators reiterated they didn't believe personal data had been affected.

Continue reading

Biting the hand that feeds IT © 1998–2021