March 24th, 2008

Fixing the unfairness of TCP congestion control

Posted by George Ou @ 1:05 am

Categories: Infrastructure, Mobile/Wireless, Net Neutrality, Networking, News, Technology policy

Tags: Algorithm, Application, Bandwidth, Network, P2P, TCP, Fairness, Bob Briscoe, Van Jacobson, Jacobson

Bob Briscoe (Chief researcher at the BT Network Research Centre) is on a mission to tackle one of the biggest problems facing the Internet.  He wants the world to know that TCP (Transmission Control Protocol) congestion control is fundamentally broken and he has a proposal for the IETF to fix the root cause of the problem.

The Internet faced its first congestion crisis in 1986 when too much network traffic caused a series of Internet meltdowns when everything slowed to a crawl.  Today’s problem is more subtle and lesser known since the network still appears to be working correctly and fairly.  But underneath that facade and illusion of fairness, a very small percentage of users hog most of the Internet’s capacity suffocating all other users and applications.
 

Solving the first Internet meltdown crisis

In October of 1986, the Internet began to experience a serious of “congestion collapses”.  So many computers were piling their traffic on to the network at the same time that the network came to a grinding halt and no one got any meaningful throughput.  By mid 1987, computer scientist Van Jacobson who is one of the prime contributors to the TCP/IP stack created a client-side patch for TCP that saved the day.  Every computer on the Internet - roughly 30,000 in those days - was quickly patched by their system administrators.

Jacobson’s TCP stack patch worked by causing a computer to cut the flow rate of its TCP stream in half as soon as it detects any packet loss.  Packets are lost whenever the routers relaying them receive more packets than they can forward and the router begins to randomly drop packets across the board.  But whenever a computer sees an acknowledgement that its packet arrived successfully, it quickly and continually increases its flow rate with every acknowledgement until it experiences another packet drop at which time it cuts its throughput in half again.  This became known as the AIMD (Additive Increase Multiplicative Decrease) algorithm where the sending computer is constantly probing for the maximum allowable bandwidth by repeatedly increasing throughput until it crosses a line and gets knocked down.

Jacobson’s AIMD algorithm also allowed a new TCP stream to open up and quickly rise to equilibrium where it attains the same flow rate as all other TCP streams.  Conversely when a TCP stream ended transmission, the extra bandwidth freed up would be evenly distributed amongst the remaining streams.  Van Jacobson’s patch was so successful that it became a part of the TCP standards and it hasn’t fundamentally changed for over 20 years and according to Bob Briscoe, Jacobson’s algorithm is the “fifth most cited academic paper in all of computer science”.

Under Jacobson’s algorithm which sought out to balance the flow rate (throughput) of each TCP stream, the system was more or less fair to everyone who wanted to use the network so long as everyone used an equal number of TCP streams.  Since people typically used one TCP stream at a time and people had limited usage on those time-sharing computers in the 1980s, Jacobson’s algorithm was adequate for the problems of that era.  While it was possible for someone to open two FTP downloads or uploads at a time and get double the total throughput than anyone else, this wasn’t a big problem when applications and operating systems were mostly limited to text and computers were limited to academic and large corporate institutions.  But as time went on and as the number of applications and users grew, it was only a matter of time before the fairness of the system would be exploited.

<Next page - Exploiting Jacobson’s TCP algorithm>

March 16th, 2008

Japan's ISPs agree to ban P2P pirates

Posted by George Ou @ 8:59 pm

Categories: Infrastructure, Net Neutrality, Networking, News, Technology policy

Tags: Internet Provider, Japan, File-trading, P2P, Internet Service Provider, Piracy, Internet, Internet Service Providers (ISPs), Peer To Peer (P2P), George Ou

Four of Japan’s largest Internet provider organizations have come to an agreement with copyright holders on how to tackle the illegal file trading on P2P (Peer to Peer) networks.  Comprised of about 1000 major and smaller Japanese Internet providers, the four organizations agreed to target flagrant copyright violators by first warning them and then banning them if their behavior doesn’t change.

According to the Daily Yomiuri Online, the Internet providers two years ago attempted to disconnect users anytime they detected the use of Winny (a popular Japanese P2P application) or any other file-sharing software.  But that ran afoul of the Japanese Ministry of Internal Affairs and Communications because of concerns of privacy and the providers abandoned that practice.  This time the Internet providers seem to have learned from the past and they’re going to be much more targeted by going after the most obvious transgressors of illegal file trading.

When the copyright owners see a list of IP (Internet Protocol) addresses downloading their copyrighted content, they’ll send that list of violators to the ISP (Internet Service Provider) and the ISP will warn and then ban the copyright infringers if necessary.  This method doesn’t involve any of that politically dreaded DPI (Deep Packet Inspection) since the copyright owner merely needs to look for their own content on the popular file trading sites and ask for a list of peers by merely participating in the file trade.  Not only does this method avoid privacy concerns, it also happens to be the most practical if not the only way of attacking the problem since many file trading applications are already completely encrypted against packet snooping.

Update 5:40AM - Just to make myself extra clear since many people refuse to believe that we are not talking about deep packet inspection here.  P2P in Japan like the latest “Perfect Dark” application (successor to Winny and Share) is already fully encrypted at both the protocol and data level.  That’s encryption is completely bypassed since the content owners merely need to download the Winny, Share, and Perfect Dark and look for their own content that’s being pirated.  Then all they need to do is connect to it as if they were a user and then download the content to see if it is indeed their content.  Then they already have a list of IP addresses that participated in that file exchange.  There’s no decryption, key cracking, or deep packet inspection going on here.

Japan is considered one of the most connected broadband nations on the planet with widespread 100 Mbps broadband service.  Many people in this country believe that by simply offering more capacity, there would be no need to manage the network since congestion problems would be gone.  But Japan teaches us that no matter how much capacity you throw at the problem, congestion will always be a problem and the vast majority of it will be caused by P2P traffic.

At the iGrowthGlobal Panel on Network Management on Capitol Hill (my recap here), I met Haruka Saito who is Counselor for Telecom Policy from the Embassy of Japan.  Mr. Saito was my fellow panelist and he shared the following data with the congressional and FCC staffers in the audience.  He presented the following data from the Japanese Ministry of Internal Affairs and Communications which had been studying the issue of Net Neutrality in Japan for more than a year.

[Updated 3:15PM - I had incorrectly stated that 1% consumes 63% of all traffic because I read the charts wrong.  The corrected text is in bold below.] As you can see, the utilization levels especially for uploads are dangerously high and that P2P traffic absolutely dominates both upload and downloads by a very large margin.  Winny, WinMX, and Share (a successor of Winny) dominates the P2P usage.  From this data, the P2P users that make up 10% of all Internet users in Japan hog ~75% of bandwidth resources and 1% of all Internet users in Japan consume 63% of that 75% share.  That means just 1% of users consume 47% of all the Internet traffic in Japan.  It’s no wonder the ISPs in Japan want a solution that cuts off the most egregious illegal file traders who also happen to be the biggest bandwidth hogs.

March 5th, 2008

AT&T's degrading service and my landlord's ban on Comcast

Posted by George Ou @ 8:14 am

Categories: Computing hell, Infrastructure, Net Neutrality, Networking, News, Technology policy

Tags: FCC, Comcast Corp., AT&T Corp., Service, Cable, Federal Government, Broadband Internet, Telecommunications, Personal Technology, Government

With all the negative attention headed towards Comcast lately, AT&T’s problems seem to be slipping below the radar.  Unfortunately for me, those problems are first hand for me as I’m personally suffering degradations in speed.  As if getting 1200 Kbps downstream on a so-called 1500 Kbps service and all those outage problems (example here and here) weren’t bad enough, my AT&T DSL service has declined.  I suppose I could count myself lucky compared to my Mom’s neighbor who only got 320 Kbps service after AT&T unilaterally and without permission “upgraded” his bill to the 1500 Mbps service without upgrading his performance.  Seem my DSLReports.com speed tests below.

The results above were performed at the nearest locations to my home and they were performed on idle servers with barely anyone using them.  That pretty much confirms the problem is on AT&T’s end and possibly on the last mile.  My Mother’s so-called 768 Kbps service only delivered about 330 Kbps but after the AT&T fixed some wiring problems outside the house, the performance went up to about 600 Kbps. I’ll have to call AT&T and see if they can do anything about my problems when I get back home.

It’s gotten so bad with my service that I’m actually starting to yearn for some of those “evil” TCP resets from Comcast to grace my router.  Even more frustrating is that Comcast might actually be offering DOCSIS 3.0 with 15 Mbps downstream and 2 Mbps upstream in my area, but I live in one of these draconian housing complexes that force us to pay for bundled inferior analog cable service even though I don’t use it.  The FCC has ruled against these types of exclusive contracts but I don’t think that can overturn my current situation.  I think I’m finally motivated enough that I want to start a petition with the neighbors to demand the right to use Comcast.  I’ll definitely have to bring this up the next time I go to Washington DC before Congress and the FCC.

Some people have told me that I should have looked at the contract before I moved in but it really isn’t that simple.  There are about a thousand homes in the same multi dwelling unit and we don’t have much of a choice on where we live when an old and small home in Silicon Valley is $650,000.  I do find it ironic that I’m now begging and fighting for the right to get Comcast service while others are fighting to kill Comcast.

This isn’t to say that Comcast is always good and AT&T is always bad although I’ve always gotten much better service from Comcast when I actually had a choice between the two.  But it is so critical that we have competition between the two so that they have to fight for my business.  The way it stands now, AT&T pretty much knows that I have no other game in my area and they have zero incentive to deploy U-Verse in my neighborhood let alone fiber-to-the-node like Verizon’s FiOS service.

What’s even more frustrating is that this isn’t a rural area problem since I’m in the heart of Silicon Valley with about 4000 homes jammed tight in a two block by two block neighborhood.  It would be a Verizon FiOS installer’s dream deployment with homes packed so tightly together.  With my landlord out of the way, I’d have DOCSIS 3.0 15 Mbps service to choose from and AT&T would prioritize jumping in here with U-Verse service.  These are the real problems facing consumers today and not whether a few bandwidth hogs get throttled or not and I hope others will join me in a worthwhile cause.

February 28th, 2008

Microsoft's free enterprise search is a must try

Posted by George Ou @ 2:21 am

Categories: Desktop, Infrastructure, Microsoft, News, Servers, Vista

Tags: Google Inc., Enterprise Search, Search Engine, Enterprise Search Engine, Microsoft Windows Server, Microsoft Corp., Search Result, Microsoft Windows, Search, Servers

At the Heroes Happens {here} event in LA yesterday which saw the launch* of Windows Server 2008, one of the relatively hidden gems of the event in my opinion was Microsoft’s free** Search Server 2008 Express.  It’s is a streamline install of Office SharePoint Server 2007 with almost all the enterprise search features that most users would want and is a must download for any Windows Server shop.

Even if you didn’t own Windows Server 2003, 2003 R2, or 2008, it would seem like a great way to build a very cheap enterprise search engine appliance with a minimal Windows Server 2003 or above license and a simple 1U server for less than $2000 which is a LOT less than a $30K starting price Google Search Engine appliance with a 500K document cap.  Update 7:28PM - Wiredguy in the talkback pointed out that Google’s Mini search appliance starts at $3K, but that only indexes 50K documents and it doesn’t tie in to Active Directory as seamlessly and lacks Exchange support.  If you’re a Windows shop with an IIS server sitting around with low CPU utilization which is quote common, adding Microsoft’s Search Server 2008 Express costs nothing.

So why would you want an enterprise search engine for your company or organization?  Windows Vista (and XP users who add Windows Desktop Search or Google Desktop Search) know how useful it is to have relatively instant indexed search results for any document or email in their computer.  But those benefits stop at the local computer because you don’t want every user crawling the network data resources redundantly since it would bring the whole network and server infrastructure to a halt.

An enterprise search engine gives you a centralized intranet website where users could go to a URL like search.mycompany.com and find any document in their entire corporate LAN (and to a lesser extent the WAN and some Internet sites due to bandwidth considerations).  Google’s online search engine is great but it’s stopped dead in its tracks at the corporate firewall and there’s no way it can search your Exchange or Lotus Notes mail server or your file server documents.  The enterprise search engine bridges an essential gap between desktop search and google.com.  Documents or emails that would have been glossed over and forgotten about instantly pop up on the enterprise search server.

The search results are security-trimmed and active directory integrated so that the user will only see the documents that they have permissions to access.  With an Intranet IIS web server set for seamless Active Directory authentication, the user merely goes to the search portal and they’re logged in automatically.  The server can also be tuned to crawl the network at off-peak hours with full or incremental searches.

Microsoft’s Search Server Express comes preloaded with the following search connectors.

• File servers
• Web sites
• SharePoint websites
• Exchange Server public folders
• Lotus Notes

To make Search Server 2008 Express work, you’ll either need a free SQL Server 2005 Express database backend or Microsoft SQL Server 2005 and above.  Using the free SQL Express will limit the server to 1 GB and 4 GB database size.  Under most document sizes, a 4 GB index should allow you to index more files than the 500K document cap imposed by the $30K edition of the Google Search Engine appliance.  Buying a SQL server license will still end up being far cheaper than buying the Google appliance.  No matter what your opinion of Microsoft, I think this is one of those things that’s definitely worth a try.  Enterprise search is finally affordable and it should become a fixture in any company’s server room or datacenter.

* This was also a 3-month post launch party for Visual Studio 2008 and 6-month pre-launch party for SQL Server 2008.

** People who already own a copy of Windows Server 2003, 2003 R2, or 2008.

February 26th, 2008

FCC hearings: Comcast versus Vuze

Posted by George Ou @ 5:56 am

Categories: Infrastructure, Mobile/Wireless, Net Neutrality, Networking, News, Technology policy, Video Conferencing, VoIP

Tags: FCC, Bandwidth, BitTorrent, Network, Comcast Corp., Broadband Provider, Broadband, Vuze, Congestion Problem, Free Press

The FCC held its hearing on Comcast’s Network Management practices at Harvard University yesterday.  Vuze executive Gilles BianRosa whose company filed one of the two FCC complaints against Comcast reportedly told the FCC yesterday that BitTorrent does not hog bandwidth.  Since most Internet experts would dispute that claim, I generated the following hard data on the bandwidth consumption of various applications that run on the Internet.

Note: Richard Bennett who was an expert panelist at yesterday’s hearings informed me that BianRosa claimed that BitTorrent didn’t exceed the contracted limit.  That however ignores the explicit “no server” clause in the terms of service and no broadband service was built to be fully saturated 24×7.  This is why commercial grade T1 lines that offer less than half the speed of broadband connections costing 8 times less are $400 per month.

Bear in mind that the data below is in reference to upstream (upload) bandwidth consumption in kilobits per second since that is the focus of these FCC hearings.  Also note that applications like web surfing hardly use the upstream at all since it’s primarily your clicks and URLs that are being transmitted to tell the web server where you want to go.

The following is a graph of the above chart

* Corporate VPN telecommuter worker using G.722 codec @ 64 Kbps payload and 33.8 Kbps packetization overhead
** Vonage or Lingo SIP-based VoIP service with G.726 codec @ 32 Kbps payload and 18.8 Kbps packetization overhead
*** I calculated that I Sent 29976 kilobytes of mail over the last 56 days averaging 0.04956 Kbps

It is interesting to note that before the advent of P2P applications, Broadband users were primarily downloaders and rarely did they ever upload.  It is for this reason that Broadband networks were built asymmetrically and heavily favored the downstream.  Servers in data centers with commercial-grade Internet connections served and transmitted content and consumers consumed that content by downloading them.

If you’re downloading video from a service like Apple iTunes, Microsoft Xbox Live Marketplace, Netflix, or YouTube, you’re only downloading and not uploading anything.  Those services pay a lot of money for their own datacenters filled with servers, their own bandwidth, and/or they pay services like Akamai to cache and distribute their content over the entire Internet.

Vuze on the other hand uses a different business model where they don’t pay for their own bandwidth and they expect their users to contribute their upload bandwidth to make the service work using the BitTorrent protocol.  Vuze basically gets free distribution because they enlist their own customers to be their servers and bandwidth providers using their own computers and broadband connections.  So instead of paying for commercial distribution, Vuze offloads their bandwidth on to the broadband providers.

<Next page - Exacerbating the Cable and Wireless spectrum scarcity>

Disclosure: Many people have asked me for the source of the data so I will put out the following disclaimer.  As I already indicated in the first paragraph of this article, I am the original source of those charts and graphs.  I’ve written extensively on VoIP bandwidth consumption as the former Technical Director of TechRepublic.  Before TechRepublic, I built and designed networks for a living.  I worked on the routing, the switching, and the traffic engineering of Intranet and Internet based networks.  The in-use bitrates I cited are detailed and include packetization overhead and they can be independently verified.

February 23rd, 2008

Why Satellite Internet service is so slow

Posted by George Ou @ 11:07 pm

Categories: Infrastructure, Mobile/Wireless, Networking

Tags: California, Satellite Internet, Satellite, Ping, Network Technology, Internet, Networking, George Ou

I was reading in the news today about an experimental geosynchronous communications satellite being launched by Japan and I got to wondering about why Satellite Internet service has such horrendous latency and is so slow.  So I drew up a little diagram above (click to see full resolution) and did some calculations on the distance traveled and how long it takes for light to take the four-way journey.  That’s because you have to go up to the satellite, then back down to the service provider, then back up to the satellite, and finally back down to you.  Seeing that circle represent the planet Earth gives you some perspective how far and high a geosynchronous orbit is.

Here are some interesting numbers I compiled and estimated

• 35,780 kilometer geosynchronous altitude
• 12,756.32 kilometer diameter of earth at the equator
• 12,715.43 kilometer diameter of earth at the poles
• 299792.458 km/s is the speed of light in a vacuum
• Just the speed of light delay is between 477 ms to 556 ms delay
• With equipment delay and congestion, we’re looking at 500 ms to 1000 ms delay for satellite Internet service.
• ~199862 km/s is the speed of light in glass
  (assuming glass is 1.5x slower than in vacuum)
• 39.6 ms theoretical ping from California to New York
• 80 ms is the realistic ping from California to New York
• 90.8 ms theoretical ping from California to Germany
• 180 ms is the realistic ping from California to Germany
• 100.8 ms theoretical ping from California to China
• 200 ms is the realistic ping from California to China

February 13th, 2008

Comcast traffic management issue before FCC

Posted by George Ou @ 9:57 am

Categories: Infrastructure, Net Neutrality, Networking, News, Technology policy

Tags: FCC, Bandwidth, Packet, Electronic Frontier Foundation, BitTorrent, Network, Comcast Corp., P2P, Problem, Verizon Communications Inc.

Today is the deadline for the FCC call for comments on the Comcast traffic management case brought about by a formal complaint from the Free Press and Public Knowledge.  As a former network engineer who designed networks and servers and as someone who has written extensively on these matters, I thought I would summarize the issues in a clear and concise manner.

Background
Independent groups last year found that Comcast was sending TCP RESET packets to BitTorrent seeders at various times of the day to cut back the number of upload sessions they could have.  A BitTorrent seeder is someone who is not downloading but acting as a dedicated and peer-to-peer file server.  BitTorrent downloads or uploads while downloading were not affected.  Various groups complained that this was possibly illegal protocol discrimination using forged TCP RESET packets while Comcast maintained that this was reasonable network management to assure fair distribution of bandwidth to all their users.

The upstream contention problem
A typical Cable broadband network such as Comcast operates under the DOCSIS 1.1 standard which offers 10 mbps of upstream bandwidth and 40 Mbps of downstream bandwidth bandwidth shared amongst the neighborhood.  Since the typical user has a static upstream cap of 384 kbps, it would be possible for 26 BitTorrent seeders and/or BitTorrent uploaders to completely jam the upstream pipe rendering the entire network unbearable.  Since a typical Cable broadband company provisions between 50 and 400 users (typically somewhere in the middle) per cable loop, it is possible for ~10% of the users can jam the entire upstream network which ultimately affects downloads as well since services can’t be asked for.  This is further complicated by the fact that DOCSIS networks use a reservation system for upstream traffic on a collision network.  Too many requests for upload slots and the requests collide and no one gets to transmit anything.

Accusations of discrimination
Some have complained that this was content discrimination.  But Comcast does not discriminate based on content; Comcast discriminates against excessive upstream usage that chokes up their entire broadband network.  The EFF complains that this was “protocol discrimination” against BitTorrent and other P2P (peer-to-peer) applications, but it is a fact that BitTorrent and P2P are the biggest upstream bandwidth users.  Since BitTorrent seeders who only continuously upload throughout the day can be reasonably classified as dedicated servers, they actually fall under prohibited services under Comcast’s TOS (Terms Of Service).

Blocking versus delaying
Comcast says they’re merely delaying BitTorrent seeders from uploading to their peers while their critics say they are blocking.  It is true that Comcast blocks BitTorrent seeds when the broadband network is very busy, but they do allow BitTorrent seeding at most other times of the day.  Network Engineer and Internet pioneer Richard Bennett explained this best in his comment to the FCC that since BitTorrent and other peer-to-peer applications all have the ability to resume transmission at where they left off, temporary blocking of seeders effectively acts as a delaying mechanism.  The file eventually gets served to the remote party outside of Comcast’s network intact.

Consumer versus commercial Internet connection
The reality is that Comcast customers were never blocked, throttled, or delayed from receiving any services; they were delayed from offering hosting services (BitTorrent seeding) that were technically prohibited to begin with under the terms of service.  Comcast’s consumer broadband service technically doesn’t have to act as a commercial hosting service to other customers in and outside of Comcast’s network so the fact that they permit seeding most of the day seems like a reasonable compromise.  Furthermore, BitTorrent users who are downloading are continuously uploading during the download without any delaying action so it isn’t as if Comcast refuses to participate in P2P uploads.

Blocking of Lotus Notes
Comcast’s network management mechanisms did have a bug in them that accidentally blocked Lotus Notes traffic, but this issue was fixed months ago when the issue was first brought to the attention of Comcast.  All software and hardware implementations have bugs and we expect the service provider to act in good faith and repair the problems as soon as possible.  In this particular case, Comcast appears to have acted quickly and properly by fixing the problems that blocked Lotus Notes.

The complaint to the FCC
The Free Press and Public Knowledge filed a formal complaint to the FCC to immediately enjoin Comcast from these network management practices before the merits are decided and the facts weighed.  This is an unreasonable request since Comcast customers would be harmed by network traffic jams due to the lack of any traffic management.  The Free Press and Public Knowledge also demanded fines of $195,000 per infraction which would amount to over $2 trillion dollars if we counted every Comcast customer.  This is obviously impossible since it exceeds the gross revenue of any corporation in the USA.

<Next page - Impractical alternatives proposed>

February 7th, 2008

RBAC problems wipe out AT&T DSL in California

Posted by George Ou @ 8:15 pm

Categories: Computing hell, Infrastructure, Networking, News

Tags: Role-based Access Control, DSL, AT&T Corp., Outage, Authentication, Manufacturing, Security, George Ou

If things weren’t bad enough last night with the computer problems I had, things got worse when AT&T decided to do an unannounced maintenance.  This was sort of similar to the massive network outage last year where the network goes down but they don’t even bother to tell their own first level support.  You call in to tech support and they tell you jump through a bunch of hoops and crawl under the table to find your cable modem model numbers and detach your router and all the usual nonsense.  Then they tell you that they might have to send a tech over the next day and how they won’t charge you if the problem isn’t on your end.  Well I knew the problem wasn’t on my side so I demanded to be escalated to level 2 support where they confirmed my suspicions.

It turned out that AT&T was doing a 6-hour (12AM to 6AM) “maintenance” on a dozen of their California RBAC (Role Based Access Control) systems this morning which is their PPPoE authentication servers.  This is exactly what I suspected since my DSL light was still on indicating that the link to the DSLAM was operational.  The last place I lived two years ago my AT&T (SBC back then) DSLAM would die once a week so I know a DSLAM outage when I see one.  This kind of service is ludicrous to me because if you’re doing this kind of authentication system maintenance, there should be redundant systems in place or they should simply let everyone on the network even if they can’t authenticate.  It’s not like anyone can steal DSL access that easily anyways and we’re talking a short period of time.  I’ve run my authentication servers for many years without ever having an outage and it’s ludicrous that AT&T would put their users through this nonsense.

In light of past cases where AT&T doesn’t tell level 1 support about these maintenance and outage issues and putting their customers through tech support hell, this seems to be a systematic breakdown in AT&T’s support infrastructure.  I don’t know what it’s going to take to knock some sense in to AT&T’s customer support, but this just isn’t acceptable.  It not only frustrates the level 1 support team and makes for unnecessary work on to the maintenance department; it’s just plain bad customer service.

January 30th, 2008

Painful lesson in OLPC mesh networking for Mongolians

Posted by George Ou @ 2:01 am

Categories: Computing hell, Hardware, Infrastructure, Mobile/Wireless, Networking, News

Tags: Network, Radio, Access Point, One Laptop Per Child Project, Mesh Networking, Wireless, Networking, George Ou

The Mongolians have had a painful lesson on mesh networking according to the OLPC current events webpage.  Broadcast storms in the overly dense mesh environment along with excessive mDNS broadcast traffic seem to have crippled the Gobi desert experiment.  Here’s an excerpt:

We have painfully discovered the limitations of the mesh and current collaborative software in Mongolia, where the convolution of the number of laptops with bugs #5335 (more mDNS traffic than expected) and #5007 (mesh repeats multicast too much) make the perfect storm, which prevents anybody from using the network. We will continue to improve the mesh performance, but clear guidelines are needed as to what network infrastructure to deploy under what conditions. Once a certain density of students is exceeded, a wired backbone and conventional access points will be required.

The limitations of mesh topology are well known in the wireless engineering community and I’ve raised the issue and pointed out the limitations last September.  Each mesh hop you add increases the propagation delay as well as multiply the radio traffic and congestion.  Performance on a mesh network is fundamentally many times slower than a non-mesh network and when the density gets high enough, the system simply breaks down.

When on a tight budget, I had always recommended the usage of a cheap $60 router running open source DD-WRT would have sufficed and you get a free router with it which you need for IP sharing anyways.  The addition of a high-powered antenna would allow the access point to hear distant signals from faint clients and it will amplify the broadcast signal.  A simple in-door $26 9 dBi antenna placed up high can easily cover a small school.  A $60 12 dBi outdoor antenna positioned on the roof would easily cover an entire campus.  If you put two centralized Access Points and large antennas on channel 1 and 11 (avoid adjacent channels because of channel bleeding) in the 2.4 GHz spectrum, you can load balance and have redundancy if one set of AP/antenna fails.

My fellow blogger and teacher Chris Dawson feels that the ability to do peer-to-peer collaboration with or without an Access Point has great potential.  But peer-to-peer wireless collaboration could have been done with regular ad hoc networking technology without the expense or problems of a full 802.11s mesh implementation.

The inclusion of full 802.11s stack has been challenging.  The need for a radio system that stays on and continues to forward packets even while the laptop is off added unnecessary expenditure to the OLPC XO and it unnecessarily drains the laptop batteries.  When you multiply this expense and complexity across all the clients and realize that the wireless access point comes free with the router, it becomes clear that this may not have been the best design decision.

January 18th, 2008

Don't believe the low bit-rate 'HD' lie

Posted by George Ou @ 3:57 am

Categories: Apple, Consumer electronics, Infrastructure, Microsoft, Networking, News

Tags: Video, Blu-ray, Mbps, HD, Corporate Communications, Hd Dvd, Marketing, Personal Technology, DVD, Home Entertainment

Update 6:00PM - Here’s what fake HD video looks like.

Last week at CES, Comcast announced their “HD” video on demand download service over its future DOCSIS 3.0 that allows 4 minute downloads of entire HD movies.  Attendees at MacWorld this week were told that disk-based HD formats like HD DVD and Blu-ray are essentially obsolete because you can simply download “HD” movies from your Apple TV 2.0 box on demand.  Microsoft started offering HD downloads for the XBOX360 starting in late 2006.  You can even watch “HD” videos from ABC right from the web.  There are even YouTube competitors that offer user uploaded “HD” content.  There’s just one minor little problem, it’s not HD.

As I’ve tried to educate my readers last year with my blog “Why HD movie downloads are a big lie“, these so-called HD movies use very low bit-rates compared to even standard definition DVDs let alone something like HD DVD or Blu-ray DVD.  Raw uncompressed 1080p video at 60 frames per second is about 3000 mbps so even HD DVD’s 28 mbps needs to be compressed about 107 to 1 with the H.264 or VC-1 codec.  By all reasonable standards this needs to be the minimum bit-rate for acceptable loss in quality on 1080p video.

Updated 4:30PM - Standard definition 480i DVD movies are typically 5 to 8 mbps (megabits per second) MPEG-2 whereas these so-called HD wannabes weigh in at a pathetic 1.5 to 4 mbps of 720p H.264.  Apple’s new HD service is capable of 4 mbps which simply isn’t enough to be considered HD.  XBOX360 downloads are 6.8 mbps 720p VC-1 so they’re semi-decent borderline HD.  Marketing will push the nicer sounding “720p” aspect of the video but they don’t tell you it’s way too compressed to offer good video fidelity.  Blu-ray has a maximum bit-rate of 40 mbps while HD DVD offers a maximum of 28 mbps.  Over the air broadcasts can be up to 24 19.38 mbps.

Modern video compression codecs like H.264 or VC-1 can hide these compression artifact problems much better than MPEG-2 video compression but there’s only so much it can do.  At best you might get away 50% more compression over older compression technology but 1.5 to 4 mbps H.264 will not be better than 8 mbps MPEG-2 under most video complexity requirements.  The only time 4 mbps 720p will look better than 8 mbps 480i is when the video on the screen is almost entirely stationary or it’s a low-complexity video such as animation movies.  Under most normal circumstances, the low bit-rate 720p so-called “HD” video will be inferior though many companies are betting that consumers won’t know any better. 

So the bottom line is that so-called “HD” video from Microsoft’s XBOX360 HD download service and Apple’s new Apple TV service or any other web download service is simply not HD by any respectable definition.  These companies cannot and should not use the “HD” name with video that is lower fidelity than standard DVD.  As for Comcast, there’s not much detail on it but I highly doubt it’s more than 4 to 8 mbps even on DOCSIS 3.0 because its 160 mbps total capacity is divided between 50 to 400 customers.  Only FiOS technology with its massive 620 mbps per 32-user capacity and possibly U-Verse (but slower than real time) has sufficient last-mile capacity to deliver true HD movie downloads at the quality of HD DVD and Blu-ray technology.

I’m not saying that you shouldn’t buy these services from Apple, or other services that offer low bit-rate 720p video downloads, but consumers must be aware of the fact that they’re slightly worse than a 1080p up-converted DVD.  Microsoft’s XBOX service is border-line HD that is slightly better than DVD but nowhere near 1080i over-the-air HD broadcast quality.

December 10th, 2007

Why metered Internet is a really bad idea

Posted by George Ou @ 4:42 pm

Categories: Computing hell, Infrastructure, Net Neutrality, Networking, Technology policy

Tags: Electronic Frontier Foundation, BitTorrent, Comcast Corp., Internet Service Provider, Plan, Internet Service Providers (ISPs), Internet, George Ou

The above image from Lauren Weinstein’s blog shows why metered Internet is a really bad idea and obnoxious.  It shows Canadian ISP Rogers Internet altering web pages to warn you when you go over 75% of your 75GB cap.  I checked on the Rogers website for the Toronto Ontario area and 1 mbps service was $33 CAD (worth more than US dollars these days) per month with a 60 GB monthly cap.  That effectively means you can only use BitTorrent for about 6 days out of the month.  Compared to the Australian plans which have 8GB noon to midnight caps that the EFF was touting as the “better” alternative to Comcast BitTorrent seed throttling, Rogers seems like a pretty good deal.  However, it’s still nowhere near as good as the US ISPs that don’t use metered internet plans.

There are plenty of price tiers in the US that work by limiting the rate at which you can download but not the amount you can download so it’s not like everyone is forced to subsidize the big bandwidth users.  You can get 768 kbps DSL plans in the US for $15/month which still allow you to theoretically download 248 GBs per month if you kept it running continuously.  This offers the best compromise where Internet usage isn’t stifled by constant fears of going over the limit or what time of the day it is like your cell phone.

My AT&T DSL plan is 1.5 (good for 1.2 mbps due to distance or line quality) costs $20/month with no metering.  I’ve also had Comcast in the past and they charged less than $40/month with roughly 5 mbps service and they didn’t have any gigabyte caps (excluding NNTP news server which doesn’t count as network utilization).  Comcast doesn’t even throttle BitTorrent uploads or downloads, they only limit the number of BitTorrent seed connections you can serve at a time to alleviate the network load.  Now is this really that bad of a trade-off to ensure that a few BitTorrent users don’t overwhelm the majority of users and make everyone suffer?  Even if you throttled BitTorrent upload/downloads by 50% throughput (which isn’t being done) and “only” allowed them to download 200 GBs per month instead of 400 GBs per month, is that really so unfair?

On a related note which I also posted as an update, the EFF has responded to me and others that I have misrepresented their position in my blog titled EFF wants to saddle you with metered Internet service.  I’ll let you be the judge of that so here is what they sent me and what they’re telling everyone else.

The article incorrectly states that EFF endorses legislation or regulation that would force ISPs or users to offer only metered services. The EFF report actually states that the *availability* of metered access alongside “all you can eat” plans, combined with accurate advertising by ISPs, is one alternative that might solve whatever congestion issues Comcast might be having (as the language you quote in your article expressly makes clear).

Nowhere in my blog post do I state EFF would force ISPs to *only* offer metered services?  All I said was “The EFF goes as far as touting the Australian model for broadband service” as a better alternative to Comcast’s current model and I included the Australian ISP link the EFF pointed to.  The plans that came up were mostly metered plans and some were very expensive unlimited plans.  Peter Eckersley even sent me an email touting this page where you pay $65/month AUD for a plan that gives you 8 GB of “pre-paid data” during noon to midnight [Update 12/12/2007 - Peter Eckersley emailed me saying he sent me the wrong link and had meant to link to this page which is $20 cheaper.  That's slightly better but the 8GB cap is still a horrible idea].  Since you can download 8 GBs in less than 2 hours at 10 mbps, you essentially give up using any BitTorrent from noon to midnight unless you want to pay $3/GB.  Even the off-peak rates are metered so you still have to be careful to turn off your BitTorrent client after 1 hour each day.  If you want 48 GB “pre-paid data”, you need to pay $120/month AUD and $3/GB over that amount.

Now consider Comcast’s offerings which permit you to download and upload unlimited data using BitTorrent with no throttling for a flat fee of $40 per month.  You can easily download 100 GBs and upload 10 GBs per month or more and Comcast won’t stop you or charge you anything extra.  The only thing Comcast does is occasionally scale back the number of BitTorrent seed connections (dedicated server mode) you can have even though Comcast’s TOS (Terms Of Service) prohibits servers of any kind.  My ATT DSL plan is less than $20/month and I can download 8 GB per day every day and not pay a single cent on overage charges so what is the EFF thinking recommending the Australian ISP model over Comcast’s “bad” model?

The EFF says what Comcast is doing is evil and that the Australian model is the better alternative even though it’s draconian compared to what Comcast or any other American ISP is doing.  It would certainly stop the BitTorrent usage during peak hours but at what price to the user?  The Free Press and Public Knowledge also think metered Internet is a better alternative but they go a step further and want to criminalize Comcast’s current operating model and fine them trillions of dollars.  So again I ask: Who is the EFF, Free Press, and Public Knowledge serving?  The RIAA and MPAA couldn’t buy this kind of anti peer-to-peer lobbying if they tried.

November 20th, 2007

Ruckus brings smart antennas to the enterprise wireless LAN space

Posted by George Ou @ 3:17 pm

Categories: Hardware, Infrastructure, Mobile/Wireless, Networking, News

Tags: LAN, WLAN, Access Point, Antenna, Ruckus Wireless, Ruckus 2942, MediaFlex, Wireless, LANs, Wi-Fi

Ruckus Wireless launched a new line of products for the small to mid enterprise wireless LAN space.  Ruckus was a maker of smart antenna technology specializing in smooth and reliable data delivery for IPTV applications but now they are extending this technology to the enterprise space.  In addition to smart antenna technology, Ruckus also implements wireless bridging and mesh technology in to these products.  Soon to follow will be 802.11n and dual-band 2.4/5 GHz access points.  See larger image gallery here.

Ruckus is going after the small to medium wireless LAN with a very simple web interface.  Based on the demos I’ve seen, it doesn’t require a lot of tweaking or a high degree of expertise with wireless LAN technology.  Four virtual access points for commonly used applications like guest, voice, and internal access are preconfigured and the administrator just needs to tweak a few settings such as priority.

Pictured left is the Zone Director 1000.  It is a wireless LAN access point controller that controls up to 6 smart antenna access points for the entry level model and up to 25 smart antenna access points for the high-end model.  The controller handles configuration on all the access points and automatically manages the channel allocation on the access points.  It also manages the software images on the access points so that software updates on the access points don’t have to be handled one at a time.

The higher-end Ruckus 2942 is designed to be ceiling mounted although it can be mounted against a wall since its antennas can propagate horizontally or vertically.  It features an ordinary FastEthernet port or an 802.3af PoE (Power over Ethernet) port.  That bulge on top houses the smart antenna that automatically optimizes its configuration for the node it’s communicating with.  For extra flexibility, the 2942 also features an RP-SMA external antenna connector.

This is the smart antenna for the Ruckus 2942 access point.  It features antennas that cover not only the horizontal direction but also the vertical direction which can form a directional beam equivalent to a 9 dBi antenna.  Coupled with the intelligent controller, the administrator simply needs to spread a few access points out based on user density and they don’t need to worry about spectrum management or complex and costly antenna installations.

This is the lower-end MediaFlex smart antenna access point.  It uses a similar design to the IPTV distribution wireless routers that Ruckus sells to the IPTV providers.  Unlike the 2942 antenna, the MediaFlex antenna only covers a 2D plane (with some leeway for up/down coverage) so the access point must be horizontally positioned.  The MediaFlex is smaller in size so it only has 6 dBi antenna gain compared to 9 dBi on the 2942, but that’s still better than the antennas included on traditional access points especially when you factor in the directional aspect of it.

Smart antenna technology
The benefit of a smart directional antenna is that it only amplifies to a single direction towards the device it’s talking to and not to anyone else.  Omni-directional antennas amplify signals in all directions for receive and transmit which makes them more susceptible to receive noise and more likely to generate noise for other devices.  Wireless signals coming from other devices from other directions will reduce the signal to noise ratio on a dumb omni-directional antenna but not on a smart directional antenna.  I’ve witnessed the efficacy of such a system first hand when I saw unbuffered UDP streaming video on a laptop sitting next to a noisy microwave oven and the smart antenna solution was able to overcome the problems while the dumb omni-directional antenna simply failed to deliver video.

In theory, it is possible to get a similar improvement using dumb directional antennas but that improvement is only aimed at a single direction.  Putting a mechanical rotation device on a fixed directional antenna can solve the direction problem but it’s very costly and complex and it can’t possibly change directions thousands of times a second to adjust to multiple clients.  The smart antenna uses an array of antennas facing a wide range of directions and software logically points the antenna by only using the portions of the antenna that generate the highest signal to noise ratio.

November 19th, 2007

Is it ethical to turn on wireless security for an open access point?

Posted by George Ou @ 4:11 am

Categories: Consumer electronics, Hardware, Infrastructure, Mobile/Wireless, Networking, Security

Tags: Router, Network, WPA-PSK, Access Point, Wireless Security, Wireless, Routers & Switches, Network Technology, Networking, George Ou

One of my readers sent me the following question and I thought it posed an interesting question on ethics.  I’ll post his email and then I’ll answer his questions.

I helped a friend move, and re-established her wireless network working with a new ISP. While working, I encountered 7 wireless networks (in addition to hers), 3 of which were wide open, 2 were SSID belkin and one called linksys, etc. It was the same old problem, they plugged the router in, said “hey we’re connected” and that was it. I want your opinion on this.

I connected to each one, then using 192.168.2.1, 192.168.0.1, etc, I connected to their wide open routers, then changed the network to be WPA-PSK and made the passphrase “Secure your network, you are totally unsecure”. I did not change the router password.

Worst case, I figure geek squad will be called, but maybe, they call their router helpdesk, and learn something. I still think pressure needs to be brought to bear on router providers to default to WPA-PSK, the last “wizard I ran” never even touched on securing the link.

I have little doubt that what I did was illegal, the same way it is illegal to open someone’s car door and turn off their lights, but was what I did wrong?

Besides the fact that what you did was illegal and would get you arrested if you were ever caught, turning off someone’s car lights does cost the owner a penny but saves them a bundle by saving their car battery.  But if the victim of your “good deed” needs to call Geek Squad to come and fix their router, they’re out a hundred dollars or whatever the going rate is for tech support.  In many cases I think the user will simply call tech support and find out that WPA-PSK was enabled, but there are people who will suffer economic damage.  Perhaps if you dropped an envelope with a letter explaining what happened with instructions on how to configure WPA-PSK for Windows or Mac, then the user won’t have to suffer agitation or a Geek Squad bill.

Using a random 10-character alpha-numeric upper/lower pass-phrase would be better since your pass-phrase would be known by everyone though the owner should be scared enough to learn how to change it themselves.  Changing the SSID would also be a good ideal.  That has nothing to do with security but it does prevent accidental connections between neighbors.  Changing the router default password is as important as enabling wireless LAN security.  Of course all these changes would have to be in the letter.

There have been proof of concept browser scripts that can go in to your router using the default password and change the router configuration.  Criminals simply need to change the DNS server on your router and redirect all of your DNS requests though proxy servers that can harvest all of your browser session and snoop on all of your communications.  This would be even worse than a PC root kit because it hijacks every computer on the network and you can’t clean it off the computer because it’s on the router.

Again I reiterate that breaking in to someone’s router (even if it’s to lock down their network) is ILLEGAL and you need to ask yourself if it’s worth the risk of going to prison.  But if you want to continue doing this, please consider the potential economic impact to the owner of the wireless network and at least drop a letter in their mailbox explaining how to fix it.  While I admit the damage is far lower than getting hacked by a real criminal, the law isn’t going to see it that way.  Personally I wouldn’t be caught dead doing this because I have nothing to gain and everything to lose.

Update 12:45PM - It seems the readers have spoken in the talkback and they are pretty much universally against changing someone’s wireless settings.  I personally don’t view it as negatively since I believe the dangers of leaving it open are greater, but I do think it falls on the side of unethical.  Changing the Wi-Fi settings will break things for the user and most cause them some real economic damage so the ethics of doing changing the Wi-Fi security is very questionable.  I think changing the password on the router so that the person doesn’t get hijacked by someone malicious wouldn’t be unethical since that doesn’t really break day-to-day operations like changing the Wi-Fi security settings.  I’ll add a poll to see what all of you think.

 Loading ...

 Loading ...

.

November 16th, 2007

How Rackable saves power with impeller fans

Posted by George Ou @ 5:14 am

Categories: AMD, Energy efficiency - green, Hardware, Infrastructure, Intel, Servers, Storage, Supercomputing

Tags: Fan, Data Center, Server, Trailer, Data Centers, Storage, Servers, Processors, Hardware, Data Management

Rackable Systems had their Ice Cube modular data center on display at the supercomputing conference this week.  I didn’t get to see it at IDF when it was parked outside so I grabbed a few photos and inspected the data center as it was parked in the corner of the convention center.  Pictured left is the back of the Ice Cube trailer.

The trailer has 1400U of half-depth rack space and can house 11200 CPU cores using dual-processor quad-core servers.

.

.

.

.

What’s unique about the Ice Cube is that its servers doesn’t need any fans because the massive impeller fans create so much of a vacuum that air flows through each of the servers to fill the vacuum.

The fact that the Ice Box can sit outside can often mean you can get free cold air in many parts of the country.  Each server is powered by DC which further saves you power since you don’t need to convert AC into DC multiple times.

Microsoft and others have been contemplating the possibility of just using modular trucks instead of building extremely expensive datacenters.

.

.

.

The picture to the left shows a covered impeller fan.  All the impeller fans in the Ice Cube trailer takes 5,000W combined but it can save you up to 25,000W of tiny fans you no longer need in those 1400 servers.  Not only does that save power, that’s 5600 fans you don’t need to worry about maintaining if they break down.

.

.

.

.

.

.

November 6th, 2007

A rational debate on Comcast traffic management

Posted by George Ou @ 10:08 am

Categories: Infrastructure, Net Neutrality, Networking, News

Tags: Cable Broadband, BitTorrent, Network, Comcast Corp., Cable, Network Technology, Networking, Telecommunications, Personal Technology, George Ou

Updated 8:00 PM
The discussion on Comcast actively resetting BitTorrent connections to manage its network for its cable broadband service has gotten hot in recent weeks and there hasn’t been a whole lot of accurate reporting on the subject because of the complexity of the issue. The subject of Net Neutrality has once again surfaced with Comcast’s actions being the latest rallying cry of Internet “discrimination”. This isn’t the first time an ISP was used as an example of Internet discrimination, extremists concocted a story that Cox was blocking Craigslist when the problem was arguably Craigslist own making all along.

Much like the debate on Net Neutrality, I sat on the sidelines for a while to get a handle on the situation. I had mixed feelings on the issue and I didn’t jump in until I saw the debate get out of hand with outright nonsense. Since June of 2006 I’ve written a series of articles on the issue of Net Neutrality culminating in “A rational debate on Net Neutrality” which I can proudly say got a lot of linking from reasonable proponents on both sides of the issue. Now that extremist groups like SaveTheInternet.com is lobbying the FCC to stop Comcast’s network management practices without fully understanding what they are asking for, I’m going to try and start a rational debate on the issue.

I will start by summarizing the Comcast situation and how it all started. Comcast was found to be actively resetting TCP connections on BitTorrent peer-to-peer file trading connections by forging TCP reset packets that appear to be coming from the BitTorrent peers. When most of us hear the term “forged TCP reset packets”, it sounds like Comcast has crossed the line of reasonable network management Comcast is guilty of application discrimination. So when word of this got out, all hell broke loose and the knifes were out for Comcast’s blood.

The Free Press has gone as far as demanding an FCC enjoinment before the merits are even decided and they are demanding fines of $195,000 per infraction which would amount to $2.3 TRILLION dollars if we only counted Comcast customers.

The FCC should act immediately to enjoin Comcast’s secret discrimination and, even before deciding the merits, issue a temporary injunction requiring Comcast to stop degrading any applications. Upon deciding the merits, the Commission should issue a permanent injunction ending Comcast’s discrimination. The Commission should also impose the maximum forfeitures to deter Comcast and other network providers and to ensure society is fully compensated for the harms imposed by Internet discrimination.

I have to admit that when I first heard about the issue, I too thought Comcast crossed the line of reasonable network management in to abusive behavior but after speaking to Richard Bennett who had a hand in creating some of the technology used to build the Internet, I’m not so certain that my initial assessment was correct.

<Next page - Web hogs plus shared cable equals network meltdown>

October 28th, 2007

AT&T DSL 1.5 mbps service = 0.3 mbps throughput

Posted by George Ou @ 10:05 am

Categories: Computing hell, Infrastructure, Networking, News

Tags: AT&T Corp., DSL Service, Kbps, Service, DSL, Broadband Internet, Network Technology, Telecommunications, Personal Technology, Networking

This hasn’t been a kind week to me when it comes to DSL service from AT&T as I’ve already gone through AT&T DSL setup hell earlier this week.  On Saturday when I set up a few extra things for my mother’s home, I ran some DSL speed tests (during non busy hours at a nearby test server at 19ms away) on the 768 kbps $15/month basic DSL service.  To my disappointment, the “broadband” connection performed at roughly 318 kbps.

This made me wonder if I should have her upgrade to the $20/month service which promises up to double the download performance.  Since my mother’s neighbor has the $20/month DSL service which supposedly gets up to 1536 mbps, I went over to his house to run the same speed test.  To my surprise, he got an average of about 310 kbps which is even slower than my mother’s connection even though he’s been paying $5/month more for quite some time.  Now as you can imagine this didn’t sit very well with either one of us so we both called AT&T tech support to see what’s going on.  I was told by AT&T that the basic $15/month service has a speed range of 224 to 768 kbps.  My mother’s neighbor was told that he should expect anywhere between 300 to 1536 kbps for his $20/month service.

Note: If you’re a DSL customer (or any broadband customer), it’s a good idea to run a speed test here at DSLReports.com and see how much throughput you’re actually getting for your money.

When I look at AT&T’s website and their advertising, only the higher throughput number is quoted with the “up to” phrase which means they’re technically covered legally though it’s quite deceptive in reality.  I have the same $20/month service at home and I’m getting around 1200 kbps service which is still significantly short of the 1536 kbps advertising and I’ve been told there is no higher speed DSL service because I’m situated too far from the DSL CO (Central Office).  But when I think about my Mother’s neighbor essentially paying $5 more for zero extra service, I have to wonder how many other AT&T customers get the same raw deal.  Ethically speaking, AT&T shouldn’t even offer the $20 service to customers who they know won’t get more than 768 kbps of performance.

I would have published this blog post last night except the DSL service here at my mother’s house has been down as of 1:00 AM (turns out I can’t use the line splitter/filter anymore for some reason.  Turns out that there’s noise in our outside box that they have to fix.).  On Thursday when my mother tried to set up her friend’s AT&T DSL account in the middle of the day and was speaking to the tech support person, she was told that she had to wait because the DSL service was down.  Outages seem to be a regular occurrence with AT&T/SBC and they seem to bounce their services anywhere from 5 minutes to an hour on a regular basis with zero explanation.  Earlier this year the service was out all night and I was told it wasn’t an outage because it was a scheduled maintenance and that somehow also excused them from notifying their customers.

The Comcast service where I lived - while more expensive at $35/month - had always been a lot more reliable and substantially faster at around 5 mbps and they don’t make you do this PPPoE nonsense.  Unfortunately I live in one of these backward housing complexes where the Senior citizens negotiated bundled basic analog cable and they locked out Comcast in our complex so AT&T is essentially the only game in town.  While AT&T DSL is one of the cheapest broadband services around, it’s also one of the crappiest.

Update - If getting no better service for paying extra money wasn’t bad enough, it turned out that my mother’s neighbor was actually switched from $15/month service to $20/month service automatically without his permission during his contract period.  At the time he figured it was no big deal so “1.5 mbps” service didn’t sound like a bad deal for an extra $5/month.  Yesterday when he found out he was being ripped off, he called AT&T and asked for an explanation and was told that the service is actually rated from 300 kbps up to 1536 kbps.  Since he was only getting 310 kbps which was essentially the same as my mother’s so-called 768 kbps service, he asked to be reverted back to the $15/month basic DSL plan.  To his surprise he was told by AT&T’s agent that he couldn’t do that and the $15/month service is only for new customers.  He had to demand to speak to a supervisor before he was allowed to revert to $15/month service.

Furthermore, my mother’s neighbor was sent a letter by AT&T telling him that his initial contract was up and that he would continue to get the same rate if he stayed on with AT&T.  But when the time came, his bill went up to $30/month for the same “1.5 mbps” 310 kbps service and he had to call AT&T to get them to follow through with their promise.  I have no problem believing his story because the same thing essentially happened to me and I had to call to get my price adjusted as well.  If we had not looked at our phone bills, we would have continued paying the higher rate.

Piling on the complaints, my mother told me that she was contacted this month the day by an AT&T salesperson to sign up for DSL the day after she already signed up for basic DSL service online.  When she told the salesperson she had already signed up online for basic DSL service, the salesperson told her that there was no basic DSL service any more and she needed to sign up for the more expensive $20/month service.  When she explained again that she had already successfully signed up for the basic service, the salesperson finally gave it up.

I’m pretty sure that these can’t be isolated incidents so be sure post in the talkback section below and share some of your broadband hell stories.

 Loading ...

 Loading ...

October 26th, 2007

Why spam can only be managed, not ended

Posted by George Ou @ 5:30 am

Categories: Infrastructure, Technology policy

Tags: Microsoft Corp., Difference, Bottom Line, Cyberthreats, E-mail, Spam, Security, Online Communications, Spam And Phishing, George Ou

Years ago when I was still a bit more naive, I thought we could end the spam dilemma if we would simply implement domain-level sender authentication using digital signatures.  In fact when David Berlind wrote  “Why spam could destroy the Internet” in November 2002, Berlind quoted me saying that every domain’s official SMTP server should digitally sign each message to prove the email came from that domain.  SenderID and Yahoo’s DomainKeys came out around 2004 gave me the satisfaction of knowing that I wasn’t alone in calling for domain-level authentication and DomainKeys is very similar to what I was proposing in 2002.  The difference is that I proposed using standard commercial digital certificates from commercial Certificate Authorities to distribute public keys whereas DomainKeys used DNS to publish its public key information.

I was so sure at the time that if we could only get people to use this system we would surely stop spam.  Microsoft’s Bill Gates gave me some company in 2004 when he proclaimed that “spam will be a thing of the past in two years’ time”.  As it turns out, we were both wrong and naive to say that we can stop spam because it’s like saying you can stop crime and the most we can ever hope for is to manage it to tolerable levels when there are determined adversaries who will do anything to get around any barrier you can put up.  I am coming clean on this now because there are still so people who believe that stopping spam is simple and that if it isn’t stopped, it’s must be the fault of the major ISPs and corporations for dragging their feet.

My colleague David Berlind blamed the spam problem on the big-four email vendors and declared rDNS (reverse DNS) and maybe SPF (Sender Policy Framework) the solution.  Now I’m certainly not trying to belittle David Berlind because his heart is definitely in the right place.  In fact, I’m essentially saying that Bill Gates and I were wrong to say that say that spam could be stopped and that it’s about time my colleague David Berlind takes a good hard look at the problem and stop implying that spam could be stopped if only we did XYZ.

The fundamental challenge here is that we’re will never stop spam because we will never go to the pure white-list model where we will only accept email from verified entities.  In fact there’s the little problem of human rights we have to deal with because words can get you imprisoned or executed in many countries.  I never gave much consideration to this issue in the past but I’ve given it some thought over the years and I’ve given in to the legitimate need for anonymous and decentralized email.

Why charging for email to stop spam is just plain dumb
One of the most commonly floated ideas for stopping email spam is that if only we charged a postage fee for every email ever sent, then the cost of spending spam would be so outrageous that it would deter spammers.  Not only will it not work, but there is the risk of abuse by some larger ISPs to charge users and legitimate companies for sending legitimate bulk email under the justification of stopping spam.  Why bother charging honest people for email when you can simply fine the bad apples and leave everyone else alone?For one thing, spammers don’t send the spam directly; they have their hijacked botnet armies send it for them.  These are personal computers (and some servers) that have been taken over with malicious software by criminal.  If anyone is going to pay, it will be the owners of those computers who pay.

The second most obvious thing that proponents of the email postage idea missed is that if you actually had such a massive billing scheme in place, it would have to have every sender registered with their credit card on file and every email ever sent had a digital signature that proves it was sent by the purported sender.  If this were the case, you would have already stopped spam without charging a dime for any emails because you can slap them with a massive fine if they ever dared send spam.  Why bother charging honest people for email when you can simply fine the bad apples and leave everyone else alone?

<Next page - The key to managing spam is reliable white-lists> 

October 25th, 2007

AT&T DSL setup hell - where did my public IP go?

Posted by George Ou @ 6:06 am

Categories: Computing hell, Consumer electronics, Hardware, Infrastructure, Networking

Tags: DSL, Router, AT&T Corp., IP, IP Address, Computer, Modem, PPPoE, Modems, Network Technology

One of the things I’ve noticed in recent years is how a lot of people I know were getting pigeon holed in to non-public IP addresses by their broadband provider.  Oh sure you can do your typical web surfing and you could probably even put up a router to share your Internet connection, but that put you in to a situation where you have to do two address translations which breaks a lot of advanced applications.  Luckily I haven’t been one of these pigeon-holed users lacking a real Internet address but my luck ran out when my Mother tried to set up her DSL this week.

I’ve probably wasted 8 hours trying to get the issue resolved and that doesn’t count the time my Mother wasted.  Of course much of that time wasted had to deal with other computer issues which I’ll cover in subsequent blogs, but I finally got it working and the solution wasn’t simple.  AT&T’s DSL tech support only made it worse by having my mother delete her PPPoE (Point-to-Point over Ethernet) client setting in Windows Vista and transferred the PPPoE client to the modem itself.  I had to spend almost an hour on the phone to get AT&T’s tech support to tell me how to change it back to normal so that the PPPoE client could either reside on the computer or a router and it was anything but obvious.  Of course they’ll give me the usual nonsense that “oh but it’s working right now” and that’s when I had to tell them to stop right there and that I wasn’t going to put up with a non public IP address.  Since he thought this meant static IP, he kept trying to say that this was a “dynamic IP” account which has nothing to do with whether an IP address is public or private.

WARNING: The following information is given as is and it has NO explicit or implied warrantee.  It is possible that you will lose your Internet connection if something goes wrong so please use this only if you’re comfortable making changes to your Internet broadband settings.  You should be comfortable making any changes with your computer in such a way that you know what you’re doing and you know how to reverse what you did in case you run in to any troubles.  Before you make any changes like this, you must know what your PPPoE username and password is and you must know how to configure your router or your Windows XP or Vista computer for a direct PPPoE connection to your modem.  You should also know how to set a static IP address of 192.168.1.10 in case you need to undo the changes to your DSL modem.  If you don’t know how to do these things or you have no idea how to set a static IP address, it’s probably a good idea that you stop right here and do not use the following guide.  You should also be prepared to contact your DSL provider if you run in to any problems.

Now how do you know if you’re set up without a public IP address?  If you’re connected directly to the modem from your PC, simply check to see if your IP address starts with a 192.168, a 10, or if it is between 172.16.0.0 through 172.31.255.255.  These IP addresses are not reachable from the Internet without translation and that means some software won’t work.  If you have a router plugged in to the modem sharing your Internet connection for wired or wireless users, you will need to log in to the router and check the router status page which should tell you your PPPoE status and the IP address it acquired.  If that IP address is one of the above, then you’re a pigeon-holed user and you won’t be able to use certain software and do certain things.

To fix the problem, I had to go in to the Motorola model 2210-02 modem’s web interface (located at http://192.168.1.254) which forces you to enter in some cryptic modem access code that you have to find on a label on the modem itself and go to the Advanced settings under “PPP Location” and change the setting to “Bridged Mode”.  Now one would think it should be set to “PPP is on the computer” which the description explains that this is when you want to run PPPoE on the computer or a personal router/gateway, but it needs to be set to bridge mode.  Then after you hit “save changes”, you probably want to wait for it to say it’s done and then power cycle the modem just to be safe.  When I say “safe”, I mean you need to do that in case the modem has locked itself to your computer’s MAC address which prevents your router from working (the cable broadband vendors like to do this).

Only after going through this complex setup, I could finally get the Windows Vista PPPoE client to work which means it will be a simple transfer of PPPoE settings to the wireless router to get the job done.

October 22nd, 2007

LifeSize rocks the HD conferencing world with affordable 720p solutions

Posted by George Ou @ 3:50 pm

Categories: Energy efficiency - green, Hardware, Infrastructure, Interop 2007, Video Conferencing

Tags: Solution, Microphone, Video Conferencing, Furniture, Video, HD, LifeSize Express, Corporate Communications, Marketing, George Ou

LifeSize Communications was the first company to release an HD conferencing solution which I covered at Interop Las Vegas spring 2005.  Now at Interop fall 2007 in New York, it appears that LifeSize has again rocked the video conferencing world by releasing 720p HD products at half the price of competing 720p solutions.  The LifeSize Express sells for less than $6K and is cheaper than many standard definition video conferencing solutions.  The new LifeSize Telepresence solution can be built for a quarter of the cost of competing Video Telepresence solutions.  [Update - See gallery here]

Pictured to the left is the newest low-cost LifeSize Express 720p HD video conferencing solution.  It will ship tomorrow on 10/23/2007 and it has an MSRP of $5,999 which is nearly half the price of competing 720p HD conferencing solutions on the market.  The LifeSize Express has dual-input capability and it has HDMI input and output which carries audio.  The 720p codec in this model is limited to 1.5 mbps.  The $5,999 price comes with microphone, remote, and camera.

Pictured above is the back of the LifeSize Express.  At this time the HDMI ports which carry digital audio and video capability don’t have HDCP compatibility which means you won’t be able to input commercial HD DVD or Blu-ray video in to the system since they require HDCP copy protection.  At this point in time that wasn’t really a priority and no other product on the market has HDCP protection either nor do they have the convenience of HDMI ports.

Pictured left is the new LifeSize Team MP product which ships tomorrow on 10/23/2007.  It has an MSRP of $8,999 and it adds 4-way continuous presence multipoint capability and supports up to 2.5 mbps.  At under $9000 the Team MP is about the same price as some competing standard definition video conferencing solutions.  Like the Express system it also supports a single camera and single display.

Pictured left is the LifeSize Room system which has been the flagship product for LifeSize for a year.  It supports up to 6-way continuous presence multipoint, VAS (Voice Activated Switching), and up to 5 mbps.  This model supports dual camera and dual screen.  Seen in the picture is a LifeSize IP phone which is powered by standard RJ45 802.3af POE (Power Over Ethernet) port.  The smaller microphones shown with the LifeSize Express and Team MP are analog microphones that go in to the microphone jack.

Pictured above is the new LifeSize Conference solution which is essentially a “Telepresence” solution without the display and furniture.  The solution is essentially two LifeSize Team MPs and one LifeSize Room system bound together by a controller.  It is extremely disruptive to the Telepresence market space because it sells for an MSRP of $39,999 when competing Telepresence solutions sell for $200K which includes the furniture and displays.

Since you can buy three 52″ flat panel LCD displays for $6K and some pretty nice custom furniture and video studio lighting for $14K, you can build a LifeSize Telepresence solution for about $60K.  As LifeSize CEO Craig Malloy explained it to me in a telephone conference today, you can build a house in Texas with the remaining $140K.  In the picture above you’re probably looking at $2000 of furniture and wall mounts and I can’t see why you would need anything more than this other than a brightly lit room which produces a much better picture quality.  This gets you the same video Telepresence quality of systems costing 4 times more money.

October 16th, 2007

$60 router + DD-WRT = high-end wireless router and switch

Posted by George Ou @ 4:14 pm

Categories: Build it yourself, Consumer electronics, Hardware, Infrastructure, Mobile/Wireless, Networking, Security

Tags: Wireless Router, Router, WHR-G54, Routers & Switches, Network Technology, Networking, Wireless, George Ou

Getting a high-powered wireless router with some high-end features is a lot cheaper than most people think.  In fact it doesn’t cost any more than a regular router needed to connect to the Internet which allows the sharing of IP addresses between multiple clients.  With the addition of DD-WRT, you can turn a cheap commodity router in to a high-end wireless router and switch.  With the addition of a high-powered antenna located high up in the air which amplifies the send and receive capability of the wireless access point, anyone can set up their own wireless hotspot service with a massive coverage area.

Pictured to the left is the Buffalo WHR-HP-G54 router that sells for as little as $60 at all the local electronics stores like Circuit City, Best Buy, and Fry’s or it can be ordered online.  The WHR-G54 sells for as little as $50 and is virtually identical except for the fact that the WHR-HP-G54 has a receive side amplifier which helps the router hear faint laptops coming in on long-range connections.  Both routers come with an RP-SMA antenna connector for external antennas which makes this router extremely flexible for wireless ISP and long-range bridging applications.  The WHR-HP-G54 also comes with a wall mounting bracket so that you can mount the device up high.

This particular router can run DD-WRT using this specific upgrade procedure.  DD-WRT can turn this cheap device in to an enterprise class product with enterprise features normally found in devices costing hundreds of dollars more.  Things you often don’t get on your consumer routers are features like VLAN (Virtual LAN) support on the switch, Enterprise Wireless LAN security support, QoS (prioritization), site-to-site VPN tunneling and VPN servers, Hotspot, and advanced routing features like OSPF and BGP.  You can see a full gallery here with all the important features of DD-WRT.

[Update 10/17/2007 - Readers have commented that the OpenVPN function is very nice too.  I'll also be looking at adding FreeRADIUS to this device and will follow up on it.]