On Fri, 5 Jun 1998, Michael van Elst wrote:

Hiding the changed: lines definitely breaks every system that keeps _copies_ of the entries because it is impossible to update entries from these copies without trashing the existing entries.

And if you make the changed: line availables optionally then those who want to use addresses will quickly figure out how to get them.

Perhaps the displayed/retrieved version of the "changed" field should include a message-id instead of the e-mail address? These are supposed to be unique, and usually contain a hostname/FQDN that is probably sufficient to identify the updater. I am assuming that the vast majority of people make updates using e-mail... Joe -- Joe Abley <jabley@clear.co.nz> Tel +64 9 912-4065, Fax +64 9 912-5008 Network Architect, CLEAR Net http://www.clear.net.nz/

On Sat, 6 Jun 1998, Joe Abley wrote:

Actually, thinking about it, why is the changed field "id" an e-mail address at all? Given that most (all?) records are protected to some degree by maintainer fields, surely anything good enough to identify the changer to his fellow maintainers would do?

It can also be useful to the site itself since it documents which of n people actually did the last update.

Michael van Elst <mlelstv@xlink.net> writes:

Hiding the changed: lines definitely breaks every system that keeps _copies_ of the entries because it is impossible to update entries from these copies without trashing the existing entries.

I do not understand that one. It is quite possible to send an object more than once the the update process. This will result in a NOOP update as documented in http://www.ripe.net/docs/ripe-157.html#toc27. It does not clobber anything. What am I missing?

And if you make the changed: line availables optionally then those who want to use addresses will quickly figure out how to get them.

Gabor's argument was about users with no clue (or scripts) finding addresses in output returned by whois. This would be prevented. Also we can add the usage of this flag to our heuristics which detect patterns in whois queries. Daniel

It is my belief that the only info that should be public is the latest info available, not the historical changes. To the one that called me lamer...As far as being called a lamer, that attitude is not appreciated. Its been my experience that many spammers have built up hierarchies, which are hosts that have sub-domains that are all part of the same spamming organization. For legal reasons, anyone and everyone that is related to an IP Address or related higher domains or IP routes are included in the anti-spam message, that way noone can say later, they didn't know or weren't notified about the law. I'm not going to attempt to try and determine to what extent host providers are involved with a spamming operation. In fact, many hosts have acquired "anti-spam" complaint/ticket type emails as a response program to complaints and are using this just as a "front" and have no intention of responding to eliminate spammers on their networks... Therefore, it makes sense to let as many persons associated with lower level domains that are sourced as spammers in order that they (being in an admin position) can forward the complaints and use them to help identify and isolate spammers. Further, I am not going to assume that any IP information contained in a "spam" is indeed a spam. That is for the relative admins and techies to go through their own logs to determine the true origin of the spam. I do agree that historical changes should be limited to ISP/IAP techs, but the rest of the database must remain open for persons to use that information to locate and identify persons and organizations that are along the IP routes. It's like getting a harassing letter from a PO Box owned by a commercial enterprise and not being allowed to get the name and physical address of the company that rents the box. Here, in the US, the public has a right to get almost all information about persons that are responsible in any private company, for many different reasons. Any ISP/IAP organization that receives a dis-proportionate amount of complaints against a sub-domain or host, should take a look at why that particular host or secondary provider has such a high percentage of spammers on their net. Perhaps, they need to change their poicies on spam to keep their site from being a desirable place to spam from. As far as the charge about the spam complaints being spam themselves, that is a non-argument. The email generated in response to spam is an infintesimal amount compared to the spammers that generate 25,000 emails per hour. If you'd like to reply with intelligent subject matter, and knock off the name calling crap, I'd welcome a sincere discussion of these subjects. For an example, you may wish to re-visit how rs.internic.net handles their database information. Very concise, and generally only contains the most recent information that is pertinent to the proper identification of current admin, billing, tech contacts, and IP Addressing/Server Information. Change stuff as history is not included. I'd love to see the extraneous material removed from your ripe.net lookup databases... then perhaps only those persons that really need to know would be contacted.

I agree that this needs attention. The whole changed: functionality should be reviewed.

I agree that a short term measure could be to suppress changed information unless explicitly requested. This would also allow us to check the whois query logs for those requesting it ...;-). Does anyone know if this would break any knows scripts or uses of the database?

Daniel

...

kissg@sztaki.hu writes: Dear folks,

Nowadays I can see a new style of anti-spam fight.

...

So these uneducated lamers multiply the amount of spam and harras > a dozen of peoples who are not responsible for the original junk mail > and the spam relays. > The lamers cannot diffrentiate the "responsible

If the victim gets some junk mail, (s)he retrieves all database objects (including *rt) relative to ALL hosts, domains, and IP addresses that can be found in the mail header, > and s(he) send complaining mails to ALL the fifty e-mail addresses > found in the database objects (including the *ch field). :-( persons" and those > who maintain the database records itselves. > > > My first radical suggestion is: > Let's delete the *ch field from the database objects. > > However I know that there should be some info about the > history of records. > > a few raw ideas: > - modified database software that hides the *ch field. *ch's could > be retrieved with some extra efforts only > - some coded ID instead of e-mail address. Ordinary peoples couldn't > decode it but authorized ripe-ops could. (E.g. via WWW or e-mail) > This info shouldn't be public. > > What is your opinion? > > (Personally I've changed my jobs years ago but my e-mail address > can be found in hundreds of *ch fields. So I hate the > anti-spam spam as well than the spam itself.) > > > Regards > > Gabor >

s/James Leonard BRG Customer Service - Belltown Research Group, Seattle, WA USA http://www.speakeasy.org/~belltown SPAM=NET TRAFFIC OVERLOAD=TELECOM $URCHARGE$=GOVT. TAXE$

Al these uses are not very well served by the 'changed:' field right now. People can change them at will (fun to confuse people), the timestamp is not UTC (very annoying for people living in other timezones) and it doesn't provide the time of changes (interesting if you make more then one change a day).

I think we look at this field in a very different way. For all I care it could be my own internal person-id and date that is indecipherable to anyone else. It doesn't matter to me about UTC either because my own time zone doesn't change... perhaps this would matter to an international backbone provider with NOC's in multiple time zones... so I guess I can see that point, but only if you happen to be such an entity. Why even define it to be an email address? Why not just make it change: company-internal-id company-internal-date-fmt

On Sat, 6 Jun 1998, David Kessens wrote:

But people that are querying your data are coming from different time zones, whether you like it or not. My database 'person:' object is stored in the RIPE database from the times when I was still working at the RIPE NCC. Now, I have a 9 hour time difference. The working area of the RIPE NCC is quite big and it does go over many time zone boundaries. Replies regarding the 'changed:' attribute discussion came from people at the US east coast, west coast, new zealand and europe ...

I guess I was questioning whether there is a reason for someone else to have this information. I guess there are reasons why someone trackingdown a routing problem might be interested in when something changed. But if that is the case, then why is the time signature generated at source? I should send a changed: line with an id-code of some sort, which could be company internal; the database should generate a UTC time sig at the instant of the update. Otherwise the date sig is pretty pointless. I can personally remember working out a large database change in a file over a couple days before sending it. So that dates were when I generated the data, not when I updated the database. Well, I may have fixed them, but you get the point.