Category: Technology policy
March 24th, 2008
Fixing the unfairness of TCP congestion control
Bob Briscoe (Chief researcher at the BT Network Research Centre) is on a mission to tackle one of the biggest problems facing the Internet. He wants the world to know that TCP (Transmission Control Protocol) congestion control is fundamentally broken and he has a proposal for the IETF to fix the root cause of the problem.
The Internet faced its first congestion crisis in 1986 when too much network traffic caused a series of Internet meltdowns when everything slowed to a crawl. Today’s problem is more subtle and lesser known since the network still appears to be working correctly and fairly. But underneath that facade and illusion of fairness, a very small percentage of users hog most of the Internet’s capacity suffocating all other users and applications.
Solving the first Internet meltdown crisis
In October of 1986, the Internet began to experience a serious of “congestion collapses”. So many computers were piling their traffic on to the network at the same time that the network came to a grinding halt and no one got any meaningful throughput. By mid 1987, computer scientist Van Jacobson who is one of the prime contributors to the TCP/IP stack created a client-side patch for TCP that saved the day. Every computer on the Internet - roughly 30,000 in those days - was quickly patched by their system administrators.
Jacobson’s TCP stack patch worked by causing a computer to cut the flow rate of its TCP stream in half as soon as it detects any packet loss. Packets are lost whenever the routers relaying them receive more packets than they can forward and the router begins to randomly drop packets across the board. But whenever a computer sees an acknowledgement that its packet arrived successfully, it quickly and continually increases its flow rate with every acknowledgement until it experiences another packet drop at which time it cuts its throughput in half again. This became known as the AIMD (Additive Increase Multiplicative Decrease) algorithm where the sending computer is constantly probing for the maximum allowable bandwidth by repeatedly increasing throughput until it crosses a line and gets knocked down.
Jacobson’s AIMD algorithm also allowed a new TCP stream to open up and quickly rise to equilibrium where it attains the same flow rate as all other TCP streams. Conversely when a TCP stream ended transmission, the extra bandwidth freed up would be evenly distributed amongst the remaining streams. Van Jacobson’s patch was so successful that it became a part of the TCP standards and it hasn’t fundamentally changed for over 20 years and according to Bob Briscoe, Jacobson’s algorithm is the “fifth most cited academic paper in all of computer science”.
Under Jacobson’s algorithm which sought out to balance the flow rate (throughput) of each TCP stream, the system was more or less fair to everyone who wanted to use the network so long as everyone used an equal number of TCP streams. Since people typically used one TCP stream at a time and people had limited usage on those time-sharing computers in the 1980s, Jacobson’s algorithm was adequate for the problems of that era. While it was possible for someone to open two FTP downloads or uploads at a time and get double the total throughput than anyone else, this wasn’t a big problem when applications and operating systems were mostly limited to text and computers were limited to academic and large corporate institutions. But as time went on and as the number of applications and users grew, it was only a matter of time before the fairness of the system would be exploited.
March 16th, 2008
Japan's ISPs agree to ban P2P pirates
Four of Japan’s largest Internet provider organizations have come to an agreement with copyright holders on how to tackle the illegal file trading on P2P (Peer to Peer) networks. Comprised of about 1000 major and smaller Japanese Internet providers, the four organizations agreed to target flagrant copyright violators by first warning them and then banning them if their behavior doesn’t change.
According to the Daily Yomiuri Online, the Internet providers two years ago attempted to disconnect users anytime they detected the use of Winny (a popular Japanese P2P application) or any other file-sharing software. But that ran afoul of the Japanese Ministry of Internal Affairs and Communications because of concerns of privacy and the providers abandoned that practice. This time the Internet providers seem to have learned from the past and they’re going to be much more targeted by going after the most obvious transgressors of illegal file trading.
When the copyright owners see a list of IP (Internet Protocol) addresses downloading their copyrighted content, they’ll send that list of violators to the ISP (Internet Service Provider) and the ISP will warn and then ban the copyright infringers if necessary. This method doesn’t involve any of that politically dreaded DPI (Deep Packet Inspection) since the copyright owner merely needs to look for their own content on the popular file trading sites and ask for a list of peers by merely participating in the file trade. Not only does this method avoid privacy concerns, it also happens to be the most practical if not the only way of attacking the problem since many file trading applications are already completely encrypted against packet snooping.
Update 5:40AM - Just to make myself extra clear since many people refuse to believe that we are not talking about deep packet inspection here. P2P in Japan like the latest “Perfect Dark” application (successor to Winny and Share) is already fully encrypted at both the protocol and data level. That’s encryption is completely bypassed since the content owners merely need to download the Winny, Share, and Perfect Dark and look for their own content that’s being pirated. Then all they need to do is connect to it as if they were a user and then download the content to see if it is indeed their content. Then they already have a list of IP addresses that participated in that file exchange. There’s no decryption, key cracking, or deep packet inspection going on here.
Japan is considered one of the most connected broadband nations on the planet with widespread 100 Mbps broadband service. Many people in this country believe that by simply offering more capacity, there would be no need to manage the network since congestion problems would be gone. But Japan teaches us that no matter how much capacity you throw at the problem, congestion will always be a problem and the vast majority of it will be caused by P2P traffic.
At the iGrowthGlobal Panel on Network Management on Capitol Hill (my recap here), I met Haruka Saito who is Counselor for Telecom Policy from the Embassy of Japan. Mr. Saito was my fellow panelist and he shared the following data with the congressional and FCC staffers in the audience. He presented the following data from the Japanese Ministry of Internal Affairs and Communications which had been studying the issue of Net Neutrality in Japan for more than a year.
[Updated 3:15PM - I had incorrectly stated that 1% consumes 63% of all traffic because I read the charts wrong. The corrected text is in bold below.] As you can see, the utilization levels especially for uploads are dangerously high and that P2P traffic absolutely dominates both upload and downloads by a very large margin. Winny, WinMX, and Share (a successor of Winny) dominates the P2P usage. From this data, the P2P users that make up 10% of all Internet users in Japan hog ~75% of bandwidth resources and 1% of all Internet users in Japan consume 63% of that 75% share. That means just 1% of users consume 47% of all the Internet traffic in Japan. It’s no wonder the ISPs in Japan want a solution that cuts off the most egregious illegal file traders who also happen to be the biggest bandwidth hogs.
March 5th, 2008
AT&T's degrading service and my landlord's ban on Comcast
With all the negative attention headed towards Comcast lately, AT&T’s problems seem to be slipping below the radar. Unfortunately for me, those problems are first hand for me as I’m personally suffering degradations in speed. As if getting 1200 Kbps downstream on a so-called 1500 Kbps service and all those outage problems (example here and here) weren’t bad enough, my AT&T DSL service has declined. I suppose I could count myself lucky compared to my Mom’s neighbor who only got 320 Kbps service after AT&T unilaterally and without permission “upgraded” his bill to the 1500 Mbps service without upgrading his performance. Seem my DSLReports.com speed tests below.
The results above were performed at the nearest locations to my home and they were performed on idle servers with barely anyone using them. That pretty much confirms the problem is on AT&T’s end and possibly on the last mile. My Mother’s so-called 768 Kbps service only delivered about 330 Kbps but after the AT&T fixed some wiring problems outside the house, the performance went up to about 600 Kbps. I’ll have to call AT&T and see if they can do anything about my problems when I get back home.
It’s gotten so bad with my service that I’m actually starting to yearn for some of those “evil” TCP resets from Comcast to grace my router. Even more frustrating is that Comcast might actually be offering DOCSIS 3.0 with 15 Mbps downstream and 2 Mbps upstream in my area, but I live in one of these draconian housing complexes that force us to pay for bundled inferior analog cable service even though I don’t use it. The FCC has ruled against these types of exclusive contracts but I don’t think that can overturn my current situation. I think I’m finally motivated enough that I want to start a petition with the neighbors to demand the right to use Comcast. I’ll definitely have to bring this up the next time I go to Washington DC before Congress and the FCC.
Some people have told me that I should have looked at the contract before I moved in but it really isn’t that simple. There are about a thousand homes in the same multi dwelling unit and we don’t have much of a choice on where we live when an old and small home in Silicon Valley is $650,000. I do find it ironic that I’m now begging and fighting for the right to get Comcast service while others are fighting to kill Comcast.
This isn’t to say that Comcast is always good and AT&T is always bad although I’ve always gotten much better service from Comcast when I actually had a choice between the two. But it is so critical that we have competition between the two so that they have to fight for my business. The way it stands now, AT&T pretty much knows that I have no other game in my area and they have zero incentive to deploy U-Verse in my neighborhood let alone fiber-to-the-node like Verizon’s FiOS service.
What’s even more frustrating is that this isn’t a rural area problem since I’m in the heart of Silicon Valley with about 4000 homes jammed tight in a two block by two block neighborhood. It would be a Verizon FiOS installer’s dream deployment with homes packed so tightly together. With my landlord out of the way, I’d have DOCSIS 3.0 15 Mbps service to choose from and AT&T would prioritize jumping in here with U-Verse service. These are the real problems facing consumers today and not whether a few bandwidth hogs get throttled or not and I hope others will join me in a worthwhile cause.
March 3rd, 2008
A geek's trip to Capitol Hill on Network Management
I appeared before congressional and government staffers on Capitol Hill for a panel on Network Management sponsored by iGrowthGlobal. This was my first time in Washington DC and while it was a little cold for my Californian bones, it was a beautiful city and seeing the capitol of the nation was certainly a worthwhile experience. One thing that struck me was how large and spread-out the Capitol was with so many Government buildings several miles apart.
The panel was moderated by Scott Wallsten, VP for Research and Senior Fellow of iGrowthGlobal. I met Mr. Wallsten at the Net Neutrality summit held at University of San Francisco last month where the two of us presented on separate panels. The rest of the panelists for this event were:
- Melvin Ammori, General Counsel, Free Press
- David Burstein, Editor, DSLPrime
- George Ou, Editor at Large, ZDNet
- Haruka Saito, Counselor for Telecom, Embassy of Japan
- Christopher S. Yoo, Professor of Law and Communications, University of Pennsylvania
Christopher Yoo -
After a brief introduction by Scott Wallsten who explained that the order of the presentations will be reverse alphabetical order, Christopher S. Yoo kicked off his presentation. Professor Yoo explained that networks, like roads, aren’t built for everyone to use them at the same time. Yoo gave the example that if a person wants to know how fast he can travel on a freeway, he wouldn’t know until he got there because we can’t predict exactly how many other people will be on the road at the same time. Yoo explained the difficulty in projecting network capacity and that we can’t always be right when determining whether more capacity or network management was the answer. Sometimes more capacity is the answer, sometimes network management is the answer and we shouldn’t lock ourselves in to one solution or the other.
Haruka Saito -
Next up was Mr. Haruka Saito from the Embassy of Japan. Mr. Saito explained that Japan had been studying and debating the issue of Network Neutrality in Japan for about a year and a half and he offered a lot of hard data gathered in Japan. Japan is one of if not the most connected nation in the world when it comes to broadband deployment with 100 Mbps fiber deployments and despite this abundance of capacity, even I was shocked that they were running in to congestion problems.
When the traffic chart was broken down in to color-coded regions showing application usage, P2P easily ate the lion’s share of resources and dwarfed everything else on the chart. Mr. Saito went on to explain that 1% of the users primarily through P2P consumed around 50% of the total capacity and this pretty much mirrors every other study I’ve seen elsewhere in the world regardless of capacity. The debate in Japan was who was going to pay for this excessive usage and whether the heaviest users should start paying more money.
George Ou -
Next up was me and I gave a presentation based on my Comcast versus Vuze and Comcast before the FCC article. After Mr. Saito’s presentation, it certainly made my job a lot easier showing my charts on how BitTorrent and P2P were effectively the primary bandwidth hogs. I explained that the vast majority of all web applications like Web surfing, YouTube, Apple iTunes video downloads, Xbox Live Marketplace video downloads, and other applications like email almost never use any upstream capacity. Even though there are applications like Skype High Quality Video Conferencing which can fully saturate the upstream pipe, its duration is relatively short which significantly lowers its average load on the network.
I then explained that Vuze using the P2P model shifts nearly all of its server, storage, and bandwidth costs to its customer’s computer and the broadband providers while all other video distribution services pay for their own distribution costs. Then I explained that Cable networks and Wireless networks are shared-medium networks that are constrained in capacity and that they weren’t built nor sold to be content servers for the rest of the Internet. Wireless networks are even more scarce in terms of capacity because of the scarcity of spectrum and many of the smaller ISPs would be put out of business if the Government made rules banning P2P throttling or P2P blocking. Without those smaller wireless ISPs that cover the rural areas that the larger companies don’t want to cover, those Americans living in rural America would be cut off from the Internet and possibly even their phone service. We have plenty of choices on getting content but few choices on broadband carriers and the Government must keep this in mind when making network management policies.
David Burstein -
David Burstein went up next to give his presentation though he didn’t actually have a presentation ready so he improvised the presentation. After indirectly but clearly referring to Professor Yoo as an “idiot”, Burstein told the audience that if only Comcast would upgrade to DOCSIS 3.0, then there wouldn’t be any need to manage the network. That seemed to fly in the face of the hard network traffic data that Mr. Saito presented indicating that even a 100 Mbps per home dedicated fiber network would have congestion problems due primarily to P2P traffic. Burstein continued to insist that a measly DOCSIS 3.0 network (which is 120 Mbps shared between a few hundred users) would somehow be immune to congestion problems.
Even stranger was Burstein’s testimony that it would only cost Comcast 10 cents per user per month to upgrade everyone to DOCSIS 3.0. When pressed where he got such a number, Burstein Then he admitted it was only a guess but insisted that until someone proves him wrong, then everyone should laugh in the faces of his doubters. I didn’t bother challenging Burstein on the spot since there were so many other things I wanted to say, but I will respond to him here.
If we take Burstein’s estimate at face value, then we would have to believe that a DOCSIS 3.0 CMTS (Cable Modem Termination System) along with a ~250 DOCSIS 3.0 cable modems could be had for a cheap total of $50 for the entire neighborhood per month. Now bear in mind that the typical DOCSIS 2.0 modem costs about $60 and a CMTS is about the size of a 40U rack and falls under the category of very specialized networking gear. A more common Cisco switch half the size would easily cost a quarter million dollars so it wouldn’t be surprising if a CMTS costs upwards of half a million dollars. With 500 users on a CMTS loop (Cable TV with typically half of them subscribing to cable broadband), the costs will at least be $1000 per user for just the CMTS and we haven’t even begun to look at the costs of upgrading the surrounding infrastructure to support the higher capacities and the cable modems.
[Update 3/4/2008 - Dave Burstein has asked me to issue a correction that he stated it was 10 cents per user PER MONTH. I do apologize for my error, but it doesn't really change the fact that the correct number from Burstein has little to do with reality. At 10 cents per user per month, it would take 10,000 months or 833 years to break even on a minimal $1000/user investment.]
Marvin Ammori -
Marvin Ammori from the Free Press went up and also improvised a presentation. He kicked it off with a cheap shot saying how he was glad that Professor Yoo and I didn’t bring a busload of chair warmers and attempted to paint the two of us as industry shills. Ammori then went on to build a straw man argument that he thought my position was that YouTube didn’t pay their fair share of the Internet. Ammori obviously never saw my article from last year where I ripped Ed Whitacre’s statements that Google didn’t pay their fair share on Internet connectivity. After Ammori finished his presentation, I let my displeasure be known that I spoke as a proud American citizen who was in Washington DC for the first time with no one paying me to speak.
One other interesting tidbit was the fact that Mr. Ammori who admittedly never heard of the word “BitTorrent” up until a few months ago claimed that BitTorrent will only do 4 upstream sessions. Since Ammori told us that he heard it from Professor Edward Felton [waiting for Ammori's clarification on who he heard it from], somehow that overturns my testimony that BitTorrent was a bandwidth hog that opened 10s of upstream sessions. The reality was that certain BitTorrent clients will default to 4 upstream sessions for each torrent, but multiple torrents meant multiples of 4. The other interesting claim that Ammori made was that BitTorrent was intelligent and kind enough to back off when your neighbor was trying to use something like a web or email application. Where exactly Ammori got this information wasn’t clear, but I’d like the Free Press to show me some documentation for a protocol that no one has ever heard before.
[UPDATE 3/4/2008 - Ammori emailed me that he didn't say it was from Ed Felton despite the fact that he mentioned Ed Felton's name in the closest proximity to as far as my memory is concerned. Ammori writes in his email that he had named David Reed, David Clark, and Ed Felton as the three expert witnesses he cited, but has so far refused to clarify which one told him that BitTorrent maxes out at 4 upstream sessions. Strangely, Ammori seemed a lot more confident of his source when testifying before the government to bolster his claims and discredit mine but now he refuses to clarify his source when he is shown to be wrong. At this point I don't know if Ammori was given the wrong information or didn't understand what he was told, but either way he gave bad testimony.
Instead of offering clarification, he took a few more shots at me the same way that he attacked Richard Bennett implying that we're somehow not qualified and that we're "brought in" by Comcast which has no truth. Then just as he did at the panel last Friday, he insists that his sources are better even though none of his sources have disputed anything I or Richard Bennett has said. Richard Bennett is one of the pioneers of the Internet and he's written some very informative and articulate articles on this matter and he's also faced off with Ed Felton in podcasts. You can hear the podcast for yourself but I think you'll find that Richard Bennett held his own against Ed Felton and Richard has far more expertise on this particular subject matter.
During his presentation, Ammori also tried to discredit the data I showed where P2P seeding was pretty much the only application that hogged the upstream. In the context of the hard data presented by Mr. Saito from the Japanese Ministry of Internal Affairs and Communications showing that P2P was undoubtedly the upstream and downstream bandwidth hog, it was shocking that Ammori would try to continue disputing that fact. Ammori basically argued that we can't really know if the charts I used (copy here) are legitimate or not and he made a habit of trying to discredit me with no factual data to counter. It will be interesting to see if he's willing to explain exactly which expert he was citing.]
During the informal panel debate after everyone had spoke, I brought up the fact that Comcast gives you web space to post content which operates 10 times faster than any BitTorrent seed. This apparently wasn’t good enough for Mr. Ammori and he felt that this was somehow impinging on his right to free speech since he couldn’t serve out high-definition video content from his own home. Never mind the fact that we’re in a unique time in history where for the first time user generated content on YouTube can have a huge impact on the election. Anyone can put up a political ad on YouTube and get millions of people to watch it if the video was clever enough, but the fact that Ammori couldn’t serve it in High Definition from his own home was somehow a violation of his first amendment. But the fact of the matter is that you can serve HD video from your own home if you pay for a commercial-grade Internet connection that allows you to host servers. What you don’t have the right to do is buy a cheaper residential-grade Internet connection, hog the scarce resources by serving content to the whole world and violate the terms of service.
So to sum it up, it was knee deep in politics experience but it was all worthwhile. I felt honored that I had contributed something to my Government and my Nation.
[Update 3/4/2008 - Since this post is obviously being told from my viewpoint, I will be happy to link to any of the other speaker's blogs rehashing their experience if they write anything regardless of whether I agree with them or not.]
February 26th, 2008
FCC hearings: Comcast versus Vuze
The FCC held its hearing on Comcast’s Network Management practices at Harvard University yesterday. Vuze executive Gilles BianRosa whose company filed one of the two FCC complaints against Comcast reportedly told the FCC yesterday that BitTorrent does not hog bandwidth. Since most Internet experts would dispute that claim, I generated the following hard data on the bandwidth consumption of various applications that run on the Internet.
Note: Richard Bennett who was an expert panelist at yesterday’s hearings informed me that BianRosa claimed that BitTorrent didn’t exceed the contracted limit. That however ignores the explicit “no server” clause in the terms of service and no broadband service was built to be fully saturated 24×7. This is why commercial grade T1 lines that offer less than half the speed of broadband connections costing 8 times less are $400 per month.
Bear in mind that the data below is in reference to upstream (upload) bandwidth consumption in kilobits per second since that is the focus of these FCC hearings. Also note that applications like web surfing hardly use the upstream at all since it’s primarily your clicks and URLs that are being transmitted to tell the web server where you want to go.
The following is a graph of the above chart
* Corporate VPN telecommuter worker using G.722 codec @ 64 Kbps payload and 33.8 Kbps packetization overhead
** Vonage or Lingo SIP-based VoIP service with G.726 codec @ 32 Kbps payload and 18.8 Kbps packetization overhead
*** I calculated that I Sent 29976 kilobytes of mail over the last 56 days averaging 0.04956 Kbps
It is interesting to note that before the advent of P2P applications, Broadband users were primarily downloaders and rarely did they ever upload. It is for this reason that Broadband networks were built asymmetrically and heavily favored the downstream. Servers in data centers with commercial-grade Internet connections served and transmitted content and consumers consumed that content by downloading them.
If you’re downloading video from a service like Apple iTunes, Microsoft Xbox Live Marketplace, Netflix, or YouTube, you’re only downloading and not uploading anything. Those services pay a lot of money for their own datacenters filled with servers, their own bandwidth, and/or they pay services like Akamai to cache and distribute their content over the entire Internet.
Vuze on the other hand uses a different business model where they don’t pay for their own bandwidth and they expect their users to contribute their upload bandwidth to make the service work using the BitTorrent protocol. Vuze basically gets free distribution because they enlist their own customers to be their servers and bandwidth providers using their own computers and broadband connections. So instead of paying for commercial distribution, Vuze offloads their bandwidth on to the broadband providers.
<Next page - Exacerbating the Cable and Wireless spectrum scarcity>
Disclosure: Many people have asked me for the source of the data so I will put out the following disclaimer. As I already indicated in the first paragraph of this article, I am the original source of those charts and graphs. I’ve written extensively on VoIP bandwidth consumption as the former Technical Director of TechRepublic. Before TechRepublic, I built and designed networks for a living. I worked on the routing, the switching, and the traffic engineering of Intranet and Internet based networks. The in-use bitrates I cited are detailed and include packetization overhead and they can be independently verified.
February 13th, 2008
Comcast traffic management issue before FCC
Today is the deadline for the FCC call for comments on the Comcast traffic management case brought about by a formal complaint from the Free Press and Public Knowledge. As a former network engineer who designed networks and servers and as someone who has written extensively on these matters, I thought I would summarize the issues in a clear and concise manner.
Background
Independent groups last year found that Comcast was sending TCP RESET packets to BitTorrent seeders at various times of the day to cut back the number of upload sessions they could have. A BitTorrent seeder is someone who is not downloading but acting as a dedicated and peer-to-peer file server. BitTorrent downloads or uploads while downloading were not affected. Various groups complained that this was possibly illegal protocol discrimination using forged TCP RESET packets while Comcast maintained that this was reasonable network management to assure fair distribution of bandwidth to all their users.
The upstream contention problem
A typical Cable broadband network such as Comcast operates under the DOCSIS 1.1 standard which offers 10 mbps of upstream bandwidth and 40 Mbps of downstream bandwidth bandwidth shared amongst the neighborhood. Since the typical user has a static upstream cap of 384 kbps, it would be possible for 26 BitTorrent seeders and/or BitTorrent uploaders to completely jam the upstream pipe rendering the entire network unbearable. Since a typical Cable broadband company provisions between 50 and 400 users (typically somewhere in the middle) per cable loop, it is possible for ~10% of the users can jam the entire upstream network which ultimately affects downloads as well since services can’t be asked for. This is further complicated by the fact that DOCSIS networks use a reservation system for upstream traffic on a collision network. Too many requests for upload slots and the requests collide and no one gets to transmit anything.
Accusations of discrimination
Some have complained that this was content discrimination. But Comcast does not discriminate based on content; Comcast discriminates against excessive upstream usage that chokes up their entire broadband network. The EFF complains that this was “protocol discrimination” against BitTorrent and other P2P (peer-to-peer) applications, but it is a fact that BitTorrent and P2P are the biggest upstream bandwidth users. Since BitTorrent seeders who only continuously upload throughout the day can be reasonably classified as dedicated servers, they actually fall under prohibited services under Comcast’s TOS (Terms Of Service).
Blocking versus delaying
Comcast says they’re merely delaying BitTorrent seeders from uploading to their peers while their critics say they are blocking. It is true that Comcast blocks BitTorrent seeds when the broadband network is very busy, but they do allow BitTorrent seeding at most other times of the day. Network Engineer and Internet pioneer Richard Bennett explained this best in his comment to the FCC that since BitTorrent and other peer-to-peer applications all have the ability to resume transmission at where they left off, temporary blocking of seeders effectively acts as a delaying mechanism. The file eventually gets served to the remote party outside of Comcast’s network intact.
Consumer versus commercial Internet connection
The reality is that Comcast customers were never blocked, throttled, or delayed from receiving any services; they were delayed from offering hosting services (BitTorrent seeding) that were technically prohibited to begin with under the terms of service. Comcast’s consumer broadband service technically doesn’t have to act as a commercial hosting service to other customers in and outside of Comcast’s network so the fact that they permit seeding most of the day seems like a reasonable compromise. Furthermore, BitTorrent users who are downloading are continuously uploading during the download without any delaying action so it isn’t as if Comcast refuses to participate in P2P uploads.
Blocking of Lotus Notes
Comcast’s network management mechanisms did have a bug in them that accidentally blocked Lotus Notes traffic, but this issue was fixed months ago when the issue was first brought to the attention of Comcast. All software and hardware implementations have bugs and we expect the service provider to act in good faith and repair the problems as soon as possible. In this particular case, Comcast appears to have acted quickly and properly by fixing the problems that blocked Lotus Notes.
The complaint to the FCC
The Free Press and Public Knowledge filed a formal complaint to the FCC to immediately enjoin Comcast from these network management practices before the merits are decided and the facts weighed. This is an unreasonable request since Comcast customers would be harmed by network traffic jams due to the lack of any traffic management. The Free Press and Public Knowledge also demanded fines of $195,000 per infraction which would amount to over $2 trillion dollars if we counted every Comcast customer. This is obviously impossible since it exceeds the gross revenue of any corporation in the USA.
February 7th, 2008
Podcast discussion on network management policies
I spent a little time chatting with some folks at the Technology Liberation Front doing a podcast today “Network Management Redux“. Sorry if I sounded a little groggy in the recording after the computer problems and AT&T DSL problems that kept me up all night.
I’ll be inviting some guests from some Washington Think Tanks for some of our own podcasts later on.
January 26th, 2008
Network Neutrality Summit at University of San Francisco
I will be speaking at the Network Neutrality Summit this morning at the University of San Francisco. They will be streaming this event LIVE at ustream.tv. Fireworks start at 9:00AM which is the panel I will be on with:
- Richard Clarke - AT&T
- Lawrence Spiwak, Phoenix Center for Advanced Legal & Economic Public Policy Studies
- George Ou - ZDNet
- Marham Erickson - Open Internet Coalition
- Timothy Wu - Columbia Law School
Hope to see you there or catch it live on the Internet.
January 9th, 2008
This ad brought to you via Bluetooth
I spoke to Tiffany Burns from iSign Media Corp at a CES party last night which offers some interesting if not controversial technology. This technology will send you spa, I mean advertisements to you via Bluetooth technology. Ms. Burns touted the fact that these ads were free since they weren’t eating up any cell phone time or racking up messaging charges, but my immediate reaction was what happens if the user doesn’t want to see the ad. Burns’ responded that the user can simply hit no on the yes/no dialog but I asked what if the user doesn’t even want to see these ads ever, not even the prompting. The response was to turn off Bluetooth which didn’t make me any more comfortable since people may not know or may not want to shut off Bluetooth on their cell phone.
Now I have my personal feelings about this technology but I want to hear what you have to say about this so I put up the following poll. Please feel free to comment in the talkback section too.
Loading ...December 10th, 2007
Why metered Internet is a really bad idea
The above image from Lauren Weinstein’s blog shows why metered Internet is a really bad idea and obnoxious. It shows Canadian ISP Rogers Internet altering web pages to warn you when you go over 75% of your 75GB cap. I checked on the Rogers website for the Toronto Ontario area and 1 mbps service was $33 CAD (worth more than US dollars these days) per month with a 60 GB monthly cap. That effectively means you can only use BitTorrent for about 6 days out of the month. Compared to the Australian plans which have 8GB noon to midnight caps that the EFF was touting as the “better” alternative to Comcast BitTorrent seed throttling, Rogers seems like a pretty good deal. However, it’s still nowhere near as good as the US ISPs that don’t use metered internet plans.
There are plenty of price tiers in the US that work by limiting the rate at which you can download but not the amount you can download so it’s not like everyone is forced to subsidize the big bandwidth users. You can get 768 kbps DSL plans in the US for $15/month which still allow you to theoretically download 248 GBs per month if you kept it running continuously. This offers the best compromise where Internet usage isn’t stifled by constant fears of going over the limit or what time of the day it is like your cell phone.
My AT&T DSL plan is 1.5 (good for 1.2 mbps due to distance or line quality) costs $20/month with no metering. I’ve also had Comcast in the past and they charged less than $40/month with roughly 5 mbps service and they didn’t have any gigabyte caps (excluding NNTP news server which doesn’t count as network utilization). Comcast doesn’t even throttle BitTorrent uploads or downloads, they only limit the number of BitTorrent seed connections you can serve at a time to alleviate the network load. Now is this really that bad of a trade-off to ensure that a few BitTorrent users don’t overwhelm the majority of users and make everyone suffer? Even if you throttled BitTorrent upload/downloads by 50% throughput (which isn’t being done) and “only” allowed them to download 200 GBs per month instead of 400 GBs per month, is that really so unfair?
On a related note which I also posted as an update, the EFF has responded to me and others that I have misrepresented their position in my blog titled EFF wants to saddle you with metered Internet service. I’ll let you be the judge of that so here is what they sent me and what they’re telling everyone else.
The article incorrectly states that EFF endorses legislation or regulation that would force ISPs or users to offer only metered services. The EFF report actually states that the *availability* of metered access alongside “all you can eat” plans, combined with accurate advertising by ISPs, is one alternative that might solve whatever congestion issues Comcast might be having (as the language you quote in your article expressly makes clear).
Nowhere in my blog post do I state EFF would force ISPs to *only* offer metered services? All I said was “The EFF goes as far as touting the Australian model for broadband service” as a better alternative to Comcast’s current model and I included the Australian ISP link the EFF pointed to. The plans that came up were mostly metered plans and some were very expensive unlimited plans. Peter Eckersley even sent me an email touting this page where you pay $65/month AUD for a plan that gives you 8 GB of “pre-paid data” during noon to midnight [Update 12/12/2007 - Peter Eckersley emailed me saying he sent me the wrong link and had meant to link to this page which is $20 cheaper. That's slightly better but the 8GB cap is still a horrible idea]. Since you can download 8 GBs in less than 2 hours at 10 mbps, you essentially give up using any BitTorrent from noon to midnight unless you want to pay $3/GB. Even the off-peak rates are metered so you still have to be careful to turn off your BitTorrent client after 1 hour each day. If you want 48 GB “pre-paid data”, you need to pay $120/month AUD and $3/GB over that amount.
Now consider Comcast’s offerings which permit you to download and upload unlimited data using BitTorrent with no throttling for a flat fee of $40 per month. You can easily download 100 GBs and upload 10 GBs per month or more and Comcast won’t stop you or charge you anything extra. The only thing Comcast does is occasionally scale back the number of BitTorrent seed connections (dedicated server mode) you can have even though Comcast’s TOS (Terms Of Service) prohibits servers of any kind. My ATT DSL plan is less than $20/month and I can download 8 GB per day every day and not pay a single cent on overage charges so what is the EFF thinking recommending the Australian ISP model over Comcast’s “bad” model?
The EFF says what Comcast is doing is evil and that the Australian model is the better alternative even though it’s draconian compared to what Comcast or any other American ISP is doing. It would certainly stop the BitTorrent usage during peak hours but at what price to the user? The Free Press and Public Knowledge also think metered Internet is a better alternative but they go a step further and want to criminalize Comcast’s current operating model and fine them trillions of dollars. So again I ask: Who is the EFF, Free Press, and Public Knowledge serving? The RIAA and MPAA couldn’t buy this kind of anti peer-to-peer lobbying if they tried.
December 6th, 2007
We need to calm down over the SAFE act
Updated 12/8/2007 - Slashdot had this eye-popping headliner “House Bill Could Criminalize Free Wi-Fi Operators” which linked to Declan McCullagh’s story “House vote on illegal images sweeps in Wi-Fi, Web sites“. The bill in question H.R.876 would enact huge fines for any wired or wireless ISP including home users with open Access Points who fails to report child pornography users.
I must admit after reading that story I was pretty furious and about to write a blog blasting the bill and Congress, but now I’m not so sure. Reader “faboidea” wrote this very intelligent rebuttal to McCullagh’s story which forced me to go and read the text of the bill. The following is an excerpt from the bill.
H.R.876 section 2258A
(f) Protection of Privacy- Nothing in this section shall be construed to require an electronic communication service provider or a remote computing service provider to–
- monitor any user, subscriber, or customer of that provider;
- monitor the content of any communication of any person described in paragraph (1); or
- affirmatively seek facts or circumstances described in subsection (a)(2).
So as you can see, no one is going to be required to monitor their infrastructure. You simply need to report any incidents of child pornography if you happen to come across it. So they only controversial part of the bill that I can see is that it has some retention rules that forces the private sector to retain child pornography images even after they’ve turned over the obscene material. These provisions probably need to be reexamined but we all need to calm down and read the bill before we freak out.
Update 12/8/2007 - The blogosphere seems to have gotten up in arms over this post in favor of the bill and against the bill. I want to clarify that I am not necessarily for this bill since I think a lot of the rules are already covered by other laws and there are clearly some places that this bill steps on some really shaky ground. It also adds tons of bureaucracy we don’t need and the retention rules being foisted upon the ISPs seem to go over board.
The rules which criminalize images of fully clothed children, depictions, and cartoons/animes can in some cases have merit but can also be easily abused since the line between legal and illegal is extremely difficult to define. For example, I remember reading about a controversial movie many years ago depicting an adult male doing it to a minor although nothing was shown explicitly. Does anyone who owns this DVD now become a child pornographer? Heck I even remember a TV movie set in WWII where the 12 year old character Ricky Schroder plays was raped by an adult in prison. Does that also qualify as an illegal depiction? On the other hand, it is possible to draw people so real that you can circumvent the laws if there are no rules against depictions so this isn’t an easy subject to tackle.
In any case, the only reason I wanted to post this note is because I wanted us to have a reasonable debate on this issue. I don’t know if this bill is right or necessary though clearly it’s one of those things that few politicians want to oppose since it’s “for the children”.
October 26th, 2007
Why spam can only be managed, not ended
Years ago when I was still a bit more naive, I thought we could end the spam dilemma if we would simply implement domain-level sender authentication using digital signatures. In fact when David Berlind wrote “Why spam could destroy the Internet” in November 2002, Berlind quoted me saying that every domain’s official SMTP server should digitally sign each message to prove the email came from that domain. SenderID and Yahoo’s DomainKeys came out around 2004 gave me the satisfaction of knowing that I wasn’t alone in calling for domain-level authentication and DomainKeys is very similar to what I was proposing in 2002. The difference is that I proposed using standard commercial digital certificates from commercial Certificate Authorities to distribute public keys whereas DomainKeys used DNS to publish its public key information.
I was so sure at the time that if we could only get people to use this system we would surely stop spam. Microsoft’s Bill Gates gave me some company in 2004 when he proclaimed that “spam will be a thing of the past in two years’ time”. As it turns out, we were both wrong and naive to say that we can stop spam because it’s like saying you can stop crime and the most we can ever hope for is to manage it to tolerable levels when there are determined adversaries who will do anything to get around any barrier you can put up. I am coming clean on this now because there are still so people who believe that stopping spam is simple and that if it isn’t stopped, it’s must be the fault of the major ISPs and corporations for dragging their feet.
My colleague David Berlind blamed the spam problem on the big-four email vendors and declared rDNS (reverse DNS) and maybe SPF (Sender Policy Framework) the solution. Now I’m certainly not trying to belittle David Berlind because his heart is definitely in the right place. In fact, I’m essentially saying that Bill Gates and I were wrong to say that say that spam could be stopped and that it’s about time my colleague David Berlind takes a good hard look at the problem and stop implying that spam could be stopped if only we did XYZ.
The fundamental challenge here is that we’re will never stop spam because we will never go to the pure white-list model where we will only accept email from verified entities. In fact there’s the little problem of human rights we have to deal with because words can get you imprisoned or executed in many countries. I never gave much consideration to this issue in the past but I’ve given it some thought over the years and I’ve given in to the legitimate need for anonymous and decentralized email.
Why charging for email to stop spam is just plain dumb
One of the most commonly floated ideas for stopping email spam is that if only we charged a postage fee for every email ever sent, then the cost of spending spam would be so outrageous that it would deter spammers. Not only will it not work, but there is the risk of abuse by some larger ISPs to charge users and legitimate companies for sending legitimate bulk email under the justification of stopping spam. Why bother charging honest people for email when you can simply fine the bad apples and leave everyone else alone?For one thing, spammers don’t send the spam directly; they have their hijacked botnet armies send it for them. These are personal computers (and some servers) that have been taken over with malicious software by criminal. If anyone is going to pay, it will be the owners of those computers who pay.
The second most obvious thing that proponents of the email postage idea missed is that if you actually had such a massive billing scheme in place, it would have to have every sender registered with their credit card on file and every email ever sent had a digital signature that proves it was sent by the purported sender. If this were the case, you would have already stopped spam without charging a dime for any emails because you can slap them with a massive fine if they ever dared send spam. Why bother charging honest people for email when you can simply fine the bad apples and leave everyone else alone?
<Next page - The key to managing spam is reliable white-lists>
October 11th, 2007
Green IT will get zero traction until IT pays the electric bill
There’s a lot of talk lately about Green Computing in IT circles Larry Dignan even points out that there may be some fatigue setting in because “Green” has become a lucrative marketing term. I spend a lot of time talking about energy efficient computing but there are times I feel like talking about green computing is falling upon deaf ears because there just doesn’t seem to be that much interest in it.
Having come from an IT background, I have a pretty good idea why this is the case with a lot of IT departments. The main reason I can see for this lack of interest is that many IT departments don’t pay the electric bill. At most they might pay some money for the data center rack space they lease but smaller IT departments simply convert an existing room in to a make shift server room with a mixture of rack-mount and floor standing servers. Facilities picks up the cost of electricity for those rooms as well as the rest of the building which powers and cools all the office equipment.
As a result of this typical arrangement, energy efficient computing simply doesn’t register with many IT departments because it simply doesn’t show up on their budget and it isn’t their problem. They’re concerned with procurement costs and that often means less efficient components and if it drives up the electric bill which includes all the extra cooling costs from the extra heat generated, that’s someone else’s problem.
Until IT gets billed for all the power it uses including the power used by the desktops and the extra power required to cool the building or IT takes over the power budget, energy efficiency will not be taken seriously. Desktop computers will not be forced to go in to S3 sleep state and only woken at night when updates need to be applied. It won’t be worth the trouble until they see it show up on their budget.
September 26th, 2007
Europe's new 'monopoly' tariff on Microsoft bypasses WTO
The European Commission has just levied a new $689,900,000 “fine” (read: tariff) on American software company Microsoft under the pretense of anti-trust which conveniently bypasses WTO agreements. The Brussels based think tank Globalization Institute has published a paper (PDF) where it recommends a ban on OS (Operating System) bundling for all PCs sold in Europe. At the end of the paper it writes:
Policy recommendation
This paper’s recommendation is that the European Commission should require all desktop and laptop computers sold within the EU to be sold without operating systems.
Scott M. Fulton, III wrote an excellent news piece here where he covers the key issues and points of views and our own bloggers John Carroll and David Berlind weighed in on the issue. Alex Williams of the Adam Smith Institute says “This neo-protectionist economic agenda is forming a policy cloak for the anti-Americanism of many European Commissioners, and it is European citizens who stand to suffer from it.” and I agree with him.
The Globalization Institute says their recommendation will produce more “choice” but I can’t possibly see how this would produce more choice when 90% of the population wants an Operating System (not necessarily Windows) bundled with their computer and they have no desire to install their own OS or pay someone to do it. I can even agree on a matter of principle that computer makers should be forced to sell no-OS computers as an easy option for consumers or businesses though the savings won’t be as big as some people think since hardware makers don’t pay full OEM (Original Equipment Manufacturer) pricing or anything close to it. But to tell European Consumers and they can’t buy a computer with a heavily discounted pre-configured Operating Systems is asinine in my opinion and it is the absolute antithesis of choice.
When a PC maker bundles Windows Vista Home and sells the entire computer to the consumer at $350, does anyone think they pay $100 single-quantity OEM cost let alone the $199 retail price? There’s absolutely no way and I would venture to guess that the true cost of Windows Vista Home is in the vicinity of $60 because Microsoft sells at a significant quantity discount. The computer comes with the OS and hardware qualified drivers integrated in to the system and everything works out of the box which is what 90% of the population wants. Dell (and other PC makers) have started offering users the option of getting Linux bundled with the PCs because of MARKET demand but now some Bureaucrats in Brussels wants to tell Dell and others that this is now going to be against the law?
The last time the EC (European Commission) in their infinite wisdom decided to ban the bundling of software forced Microsoft to ship a version of Windows without Windows Media Player installed. To the EC’s consternation, no one bought that crippled version of Windows and they kept buying Windows. Now some of these same people want to consider crippling PC companies and force them to sell worthless hunks of metal to people with no operating system installed and people will have to figure out how to install their own OS and device drivers or pay someone else to install it for them not to mention the additional cost of buying single-unit OEM OS.
The European Commission is frustrated that despite all their meddling these last few years, Microsoft has doubled their market share in the “Workgroup Server” market from 40% to 80% thought this is another one of those arbitrary definitions like the Apple iTunes monopoly definition. When you factor in all those unregistered or roll-your-own copies of Linux running in the market place, you can hardly declare Microsoft a monopoly in the server space. Within that narrowly defined market segment, perhaps the EC should consider the fact that people prefer paying $600 perpetual licenses for Windows Server plus a very occasional $250/incident support fee (typically 4 times a year for all Microsoft issues for my old company) over a $1300/year/server support contract for Red Hat Enterprise Linux. Those tens of thousands of copies of Linux being run by Google and millions more by other companies don’t count in the eyes of the EC when they need to define Microsoft a monopoly.
The EU Competition Competitor Neelie Kroes said that the EU now expects a “significant drop” in Microsoft’s overwhelming market share. In fact Kroes even hinted that perhaps somewhere around 50% but not exactly is the correct market share. Kroes’ spokesman Jonathan Todd clarified that:
“Once illegal abuse has been removed and competitors are free to compete on the merits, the logical consequence of that would be to expect Microsoft’s market share to fall,”
So I can translate this (via the contrapositive rule of logic) that if the market share doesn’t fall, then that “logically” must means that free competition doesn’t yet exist and illegal abuse must still be rampant. That leaves absolutely no other possible explanation for Microsoft’s dominant market share so what’s next if crippling PC makers doesn’t work? Will the EC then order ISVs (Independent Software Vendors) to port all of their applications to Linux with equivalent performance, functionality, stability, and validation if they wish to continue doing business in Europe? Where does the madness end?
I have no doubt some people are jubilant about the fact that someone is sticking it to Microsoft, but do they honestly believe that an EC that tastes the fruit of their fines (tariffs) will stop with just Microsoft? They’ve already declared Apple’s iTunes a monopoly so what is to keep them from imposing a new WTO-bypassing tariff on Apple? What happens when the EC declares Cisco a monopoly in routers because their market share is too big and not because they’ve actually broken any anti-trust laws? Will the EC come up with all sorts of creative remedies to force Cisco to drop their market share to ~50%? What happens when the EC declares Oracle a monopoly in their respective market? Should Intel’s market share be knocked down to ~50% too?
The American people and their politicians need to wake up to the fact that the EC is imposing tariffs under the guise of anti-trust merely on the basis of market share. Europeans need to realize that their politicians are doing no favors for them with these draconian rules and that they will end up paying higher prices and greater hassles. Trade is a two-way street and there will have to be repercussions and the side that has the trade surplus bleeds the most.
Loading ...September 25th, 2007
Why OLPC mesh wireless networking won't work
One of the touted features of the $200 OLPC laptop is the peer-to-peer mesh topology networking feature that can theoretically bring an Internet infrastructure where there is no network infrastructure. The problem is that peer-to-peer wireless LAN mesh topology sounds better than it actually works and there’s a good reason it isn’t used commercially.
[UPDATE 9/27/2007 - I should clarify that OLPC mesh technology applies to the XO laptop shown on the left or to the Intel Classmate [current version of Classmate doesn't support mesh]. Intel is also on the board of OLPC so it’s not OLPC versus Intel. Intel is also providing some help on technology based on the centralized Access Point and Bridge model. OLPCs can also work with centralized wireless LAN infrastructures and that is the point of this blog; that the two technologies work best together and that they’re not mutually exclusive. A $60 Linksys router running modified Linux and a $20 antenna can provide fast and reliable infrastructure for the entire school.]
The word “mesh” is traditionally highly regarded in the networking world because every IT student is taught in Computer Networking 101 that “mesh topology” is the most advanced form of networking. Mesh topology traditionally conjures up the image of multiple redundant links with high-performance distributed loads but that only applies to the wired networking world when multiple physical links are used to build the network. High-performance and load-distribution does not apply to wireless mesh topology especially when we’re talking about typical implementations that use a single radio and a single radio frequency. In fact, every wireless relay adds another hop and the relay action doubles the radio contention because the same data has to be retransmitted on the same radio frequency.
Even if we ignore the delay and contention problems of mesh topology wireless LANs, there’s an even more fundamental problem facing the peer-to-peer mesh technology being implemented in projects like the OLPC. The radios and antennas are so small that it would take hundreds of OLPC devices with perfect spacing to replace a single high-powered Access Point with high-gain antennas. Consider the illustration below where I compare OLPC laptops that are capable of transmitting up to 50 meters with their small 30mW radios and small antennas versus a centralized AP that’s capable of 400 meters range.
Mesh versus Access Point topology:
Note that I’m being very conservative with the 400 meter range with a 300mW Access Point because those things can easily go twice as far. But even with a mere 8:1 advantage in range, it would take more than a hundred OLPC laptops to cover the same area. If we’re talking about a more realistic 16:1 advantage in range, then it would take more than 400 OLPC laptops to cover the same area and they would all have to be spaced out perfectly. We also have the possibility of using 500mW radios and 16 dBi antennas for even longer range in rural areas. When we consider the fact that a single failure in one of the mesh nodes due to battery drainage, moving out of range, software hang will cause the entire mesh scheme to break, there simply is no way to get around the centralized architecture.
Last week at Intel’s IDF convention in San Francisco, Intel’s “World Ahead Program” was showing off some cheap commodity technology and blueprints that would empower schools with wireless networking and Internet access. These blueprints and part lists allow the schools to build their own wireless infrastructure with cheap off-the-shelf components. The all-in-one Wireless Access Point and Wireless Bridge box (dual radio) allows remote locations that lack wired Internet uplinks to bridge wirelessly to the central uplink. I came up a slightly modified version shown in the illustration below to show the flexibility of this architecture.
AP and bridged extension wireless LAN (full size):
With a few of these “towers” with sufficient transmit power and high-gain omni-directional antennas for client access and directional antennas for the backhaul; we can reliably cover a very large campus.
September 13th, 2007
Why the ban on mandatory RFID implants should be Federal
The California legislature recently banned employers from mandating RFID (Radio Frequency Identification) implants for their employees. While I’m glad I’m covered in my state, why isn’t this ban being implemented at the Federal level to cover every citizen? I’m not suggesting that we ban the devices; I’m suggesting that no one should be forced to stick on of these in their body just to get a job. I’ve covered the issue of RFID many times before and I’m not fundamentally opposed to RFID technology or RFID implants, but I do oppose the idea that anyone should be forced to implant one in their body and it would be just as offensive if my employer asked me to tattoo a bar code on to my forehead.
It would be just as offensive if my employer asked me to tattoo a bar code on to my forehead
Verichip RFID implants are worthless from a security standpoint because they’re essentially passing clear text data over the radio waves and it can easily be cloned. If it’s cloned, you’ll have to undergo knife treatment to get a new one unless the chip is reprogrammable. Even if Verichip stopped using clear text authentication and switched to strong NSA Suite B grade crypto, I wouldn’t want it inside my body. Is any material item in this world worth life or limb? If someone wants my access device and password at the point of a gun, I’d give it to them. I don’t want them to have to cut it out of my body.
Last summer there were some issues raised about the privacy and safety of RFID enabled passports. While the scenarios were arguably remote and the privacy concerns overblown because someone can copy the same information from a regular passport, there is no reason to have the RFID in the passport since an optical or contact based system would have the same effectiveness. RFID in the traditional sense gives you more flexibility and convenience because of its long wireless range but the usable range for RFID passports is literally a few millimeters away. RFID in the Passport implementation is effectively a contact based solution that has none of the flexibility but all of the security liabilities of a wireless solution.
What about the argument that we need RFID implants for our children? I have two kids and I can tell you that RFID isn’t going to make me feel any better. First of all, that RFID implant isn’t going to be a “LoJack” device for children and you’re not going to be able to track them down if they’re abducted unless you’re within a few feet of the child. Second, having the RFID implant might mean the abductor will cut it out of your child to take out the implant. I might consider an external device hidden in a watch or something that has an active transmitter with some effective range but implants are simply out of the question.
As critical of RFID as I am, I’m not so sure why some people are so anti-RFID that they don’t even want the devices to exist in the first place. RFID implants can make sense in medical areas. If it makes it easier for emergency workers to identify a patient’s special needs, that’s great so long as the consumer gets to voluntarily place it in their own body. There’s also new technology being developed for diabetics where the RFID sensor can wirelessly report glucose levels without you having to prick your finger every day. RFID inventory tracking and logistics can simplify and automate many things so we must distinguish between good RFID devices and bad ones.
August 23rd, 2007
Can owning a Wi-Fi Skype phone land you in jail?
A man in London was arrested for using an open Wi-Fi network from someone’s unsecured broadband link from a nearby house. Similar arrests have happened in the US and this makes me wonder: Can owning a Wi-Fi Skype phone land you in jail?
I was reviewing a Wi-Fi enabled Skype phone and an interesting thing happened when I took it on a trip. I was in an unfamiliar place and someone rang my review Skype phone and I answered the call as if I had a cell phone. But wait a minute, how did I manage to get a connection? After some further investigation I determined that the phone was automatically configured to connect any “open” (read unsecured) Wi-Fi network it can find. Of course the majority of users won’t ever bother changing the default settings and many won’t even know how to change it or what it implies if they don’t change it. Would this make them criminals in the eyes of the law since ignorance is never an excuse?
The issue of “open” Wi-Fi networks is something that any modernized society needs to work out. Of course there’s no question that if someone broke in to an even weakly defended Wi-Fi network that they’re at least guilty of bandwidth theft, but “open” networks are a very slippery slope. What happens if your computer happens to use the same SSID like “Linksys” or “Netgear” and your computer automatically connected to that network because it thought it was your home network? Does that make you a criminal? What happens if it’s a free Wi-Fi hotspot or you thought it was a free hotspot, does that make you a criminal? All these questions have to be answered but it’s another one of those issues that the law is grossly behind on.
August 10th, 2007
LinuxWorld 2007 goes green with Green Grid consortium
Fred Stack - Emerson Network Power, David Douglas - Sun Microsystems, Rich Lechner - IBM, Colette LaForce - Rackable, Andrew Kutz - Burton Group
Next generation data center and green computing were common themes at LinuxWorld 2007 and the Green Grid panel brought many of these issues to light. Pictured above is a panel of individuals who represent companies on the Green Grid consortium. The discussion mostly centered around issues of containing power consumption, corporate sales pitches, battle of words between Sun and IBM, and even something about the environment. See LinuxWorld 2007 hardware gallery.
Rich Lechner raised a very interesting point that the greenest computer is the one that doesn’t exist, but then he went on to give his obligatory spiel about IBM mainframes (presumably zSeries) and how they can consolidate a hundred conventional Linux servers (compiled for zSeries) on to a single mainframe. Others however challenged Lechner on the fact that while the software may be open, the hardware is proprietary. I also have to question if it’s really cheaper to buy a big proprietary mainframe when relatively cheap commodity quad-socket quad-core systems from Intel and AMD can easily host 32 or 64 virtual servers running Linux, BSD, or Windows compiled for generic x86 or x64.
Rackable’s Colette LaForce explained to me after the panel discussion that Rackable offers 40U racks which can support a total of 80 1U half-depth 2-socket quad-core x86/x64 servers using energy efficient DC (Direct Current) power distribution within the rack. A large amount of power is wasted before it even touches the server when we have to go through a separate UPS (Uninterruptible Power Supply) and power distribution system that outputs AC (Alternating Current) which has to be converted back to DC again by the servers power supply. Rackable mostly sells their products to large data centers and the customer usually orders servers by the rack with pre-cabled servers and rarely individually. Unlike HP’s c-Class blade servers, Rackable’s designs are not meant for you to fill the rack as you grow, they’re meant for you to fill the datacenter aisles with more pre-configured racks as you go. This design isn’t as flexible but it’s more cost effective for larger operations.
Lechner also made a notable comment that perhaps the first thing you do after you finish converting 3000 servers to 30 mainframes is to fire the guy who’s bright idea it was to architect the 3000 servers. Lechner argued that consolidating 3000 servers to 30 mainframes would shift CPU utilization from less than 10% on average to near full capacity and this would waste less energy because you don’t have 3000 servers doing mostly nothing. Andrew Kutz of the Burton Group acting as the moderator gave a good rebuttal that maybe that guy tried consolidating a bunch of things on to a single server and it blew up in his face. As someone who worked in the front lines of IT for many years, I can attest that the dirty little secret of consolidation is the increase of interdependencies that makes IT management far more difficult.
While things have improved substantially with the arrival of cheap virtualization and cheap multi-core hardware, issues still remain. Virtualization might solve some of the problems inherent in consolidation because it affords us logical separation in the software, but we still have to be aware of the fact that there are still more hardware interdependencies. Hardware downtime due to failure or maintenance now means IT has to contact every department that the tens of servers touches and get approval from each one of them for the most convenient time to take the server down. The problem is that the most convenient time for department A may not be the most convenient time for department B and it only gets more complicated as you share more and more hardware resources. These problems aren’t insurmountable, but they need to be acknowledged and dealt with. The recent shift to cheap hardware and cheap virtualization has changed the economics to be in favor of consolidation but there was a good reason why IT departments use to run everything as separate servers because it meant the least interdependency and the least impact whenever there was a hardware failure.
Sun’s David Douglas who was sitting next to Lechner wasn’t about to be outdone and he reminded the audience that Sun just released the new UltraSPARC T2 (codenamed Niagara 2). The UltraSPARC T2 allows the consolidation of 64 legacy SPARC-based servers to migrate on to a single T2 system through Solaris containers or LDOMs (Logical Domains). Douglas also boasted that Sun was one of the first to get the power company to offer energy efficiency rebates for Niagara based servers.
Note: The T2 chip has eight 1.4 GHz CPU cores, two pipelines per core, four threads per pipeline, eight crypto off-loaders, a 10-Gigabit Ethernet controller, and four memory controllers on a single monolithic 342 mm squared die built on a 65nm process.
Douglas also mentioned Sun’s energy efficient BlackBox project which is a datacenter in a standard shipping container. What makes Sun’s BlackBox efficient is that it uses water as a heat exchange mechanism. Since water is about 7 times more efficient in heat exchange over air, it reduces the amount of power consumption used for cooling. You basically pump cold water in to the BlackBox and warm water comes out.
Fred Stack of Emerson Network Power raised the bar even higher on cooling efficiency by saying that their chillers use a substance called 134a. While water might be seven times more efficient than air, 134a is seven times more efficient than water and it’s non-conductive which is a very desirable property if the coolant ever leaks on to the servers.
Someone in the audience asked when will corporations stop being so beholden to the almighty dollar and start prioritizing the environment more. One of the panelists answered that everything has to be driven by economics or else it is a nonstarter and I agree with them. “Green computing” has to mean a saving of green pieces of paper or else corporations and consumers won’t adopt it. Business should seriously consider moving the power budget under the IT departmentFortunately, consolidation through virtualization and the power savings it translates to is a win/win for everyone because it does save money and it lowers energy consumption.
Large datacenters are keenly aware of the energy consumption issues out of necessity because their power bills are through the roof and sometimes they’re up against an absolute ceiling on power utilization. Small and medium size businesses and organizations with server rooms may need a little motivation to conserve power. These IT shops often use pedestal-based servers and a mixture of rack-mount servers and they often never see the electricity bill since that may be handled by Facility’s budget. Business should seriously consider moving the power budget under the IT department and then they might get some motivation in containing energy costs through more efficient server rooms and desktop computers. Until then all the cries of green computing seems to fall upon deaf ears.
August 6th, 2007
How to protect your online privacy
If you want to avoid being compromised when using typical Wi-Fi hotspots that have no security, you can use the following table as a reference of protocols you should and shouldn’t use. The insecure protocols should be banned and never used again; the protocols on the right are the secure alternatives. Anyone who doubts this is a problem should look at the DEFCON Wall of Sheep.
Note that in order to use these secure protocols properly, only Digital Certificates that are signed by publicly trusted Certificate Authorities like VeriSign, Entrust, GeoTrust, or GoDaddy should be used on the server side. Here’s a tutorial on how to acquire, purchase, and install a Certificate on your Server for less than $20 a year. The use of expired or self-signed Certificates is forbidden because it forces and conditions the user in to ignoring Certificate warnings which is extremely dangerous. Clients don’t usually require Digital Certificates and they just need to be configured to point to the secure services.
| Insecure protocols (BAN usage) | Secure protocols |
| HTTP | HTTPS with SSL |
| POP (TCP: 110) | POP with SSL (TCP: 995) |
| IMAP (TCP: 143) | IMAP with SSL (TCP: 993) |
| SMTP (TCP: 25) | SMTP with SSL (TCP: 465) |
| FTP | FTPS or SFTP **** |
| Telnet | SSH *** |
| PPTP VPN | PPTP over SSTP VPN |
| ICQ | IM client configured for SSL |
| Skype (Proprietary PKI) | |
| SSL-VPN, L2TP*, IPSEC** | |
| SSH VPN tunneling *** |
* L2TP requires Server and Client side Digital Certificates.
** IPSEC can use Server and Client side Digital Certificates or pre-shared keys.
*** SSH is not SSL based but is very similar to SSL in principle.
**** FTPS is an SSL version of FTP, SFTP is SSH based version of FTP.
Unfortunately this is all probably too complex for the vast majority of users and the infrastructure needs to take a lot more responsibility by blocking the usage of insecure protocols. Services like HTTP can automatically be redirected to HTTPS but very few online services will do this. Google supports HTTPS mode if the user manually types in https://mail.google.com which almost no one does so that really doesn’t help the vast majority of users who don’t know any better.
Almost none of the so-called “Web 2.0″ providers care about your online privacy. For example, the following services have zero support for HTTPS and they’re all vulnerable to side-jacking.
- Google’s YouTube service
- Google Video
- Google Maps (you want people knowing where you live?)
- Google’s Blogspot
- Microsoft Hotmail
- Yahoo mail
- MySpace
What is going on here? I challenge these online services to start protecting people’s privacy and start using HTTPS for everything! [Update 8/8/2007 - Robert Graham of ErrataSec noted that SalesForce.com defaults to SSL mode and even lets companies block non-SSL connections to their own data. I would add that this is to be expected of any corporate Application Service Provider which charges a substantial monthly fee per user. What I'd like to see is every online service regardless of whether it's a subscription service or Ad driven service should protect people's privacy.]
Note: Anyone who tells you SSL and encryption is too expensive is living in the 1990s. Moore’s law has given us 2.4 GHz Quad Core processors from Intel for $280 and there are thousand-dollar encryption off-loaders that can encrypt multiple gigabytes of data per second! I don’t want to hear Google saying they can’t afford a cheap gigabit encryption off-loader for their Gmail service. I’m tired of hearing all the excuses.
As people’s lives become more and more centered around these online services and more and more people start using Wireless networking, this is a disaster waiting to happen. My voice isn’t enough and you the reader need to demand better security from your online service providers. I challenge the big three (Google, Microsoft, and Yahoo) to see who will be the first to provide secure HTTPS services by default. If they want to have an insecure version, let them host that under something like insecure.gmail.com and make people go out of their way to be insecure.
The first ISP that becomes secure-by-default will get my praise. I also want to see which major Hotspot provider or Municipal Wi-Fi service will implement the Secure Wireless LAN hotspot for anonymous users. Will it be T-Mobile or AT&T? I hope other bloggers, Journalists, and Editors to all do the same.
July 27th, 2007
Hey BusinessWeek, condoning piracy is wrong
I don’t know what Henry Chesbrough is thinking when he penned this opinion piece at BusinessWeek saying that “Microsoft should welcome piracy in India and China“, but his reasoning is shortsighted and irresponsible on multiple levels.
- Condoning piracy (especially those who profit from it) as a matter of principle is always wrong
- Pirated copies of Software (AKA Warez) is a cesspool of Malware that has serious repercussions to all of us
- Strategies like $3 Windows and Office are far more effective at combating Software Pirates, Malware, Microsoft’s competitors, and it actually makes money.
Condoning piracy is always wrong. I don’t know where Mr. Chesbrough’s sense of ethics went, but it’s never right to condone piracy especially those who actually make money selling pirated software. It doesn’t matter that those hardware dealers loaded software “at no charge” because those dealers added value to their products which made it easier to sell their hardware with larger margins. Of course I would never suggest Microsoft (or any Software company) sue poor individuals in third world countries or students for running illegal software when it’s impossible for those individuals to come up with the money.
A person in the third world can’t possibly pay a month’s salary for a copy of Windows when they can barely afford to survive. Few students are in a position to pay full price or even discount price for software and it’s a strategic investment to allow students to use your software because they become future paying customers. Microsoft knows this which is precisely why you’ll never see them raiding poor individuals and students. But Microsoft is absolutely within its right to go after the dealers who sell or bundle free software with hardware.
The other big problem is that pirated software almost always has some kind of root kit or back door embedded within it. This means that software pirates can not only make money selling someone else’s intellectual property, they also make money selling hijacked computers to the underworld. These armies of zombies will spam us will pump and dump stock scams, Viagra pills, Nigerian schemes, or blackmail us with the threat that they will shut us down with DDoS (Distributed Denial of Service) attacks. For this reason alone it would be crazy to condone software piracy.
Chesbrough isn’t entirely wrong from Microsoft’s business perspective. Shutting down piracy without offering a cheap alternative will ultimately hurt Microsoft’s business and drive users to Linux, Firefox, OpenOffice.org, and other Open Source software. While the Open Source world will cheer (another reason to be against piracy), it’s a serious problem for Microsoft’s future prospects. Microsoft’s $3 Windows and Office for Education is an absolute step in the right direction, but it really isn’t enough. Microsoft needs to offer OEM and Retail versions of Windows and Office that are localized to the country and restricted to run in those countries at prices that those markets will bear. If that means offering Chinese edition of Windows Vista for $3 and Office 2007 Home for $6 to the OEM vendors and maybe $6 and $12 for retail editions, then so be it.
Besides, selling a billion copies of $3 software to the third world is extremely profitable and it’s a lot better than making nothing and letting some criminal make $1 off each of those billion people. As those countries develop and become richer, their prices can be adjusted to reflect that. Nobody wants to buy pirated software if they have reasonably priced alternatives and just having an officially licensed copy of the software along with the user manual will be good enough to convince the majority of the market to come above board. This builds a long term user base that respects intellectual property rights who won’t have to serve as Malware infected bots. At the same time, Microsoft needs to adopt a carrot and stick approach and double up on its efforts to hunt down and punish those who would continue to sell or bundle Microsoft’s intellectual property.
George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.
SponsoredWhite Papers, Webcasts, and Downloads
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
- Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- See why AND is the new OR. Watch the video.
- The Creeps Are Coming: Are You Ready?
- See how much space you can save with our calculator.
- Stay current on the latest trends in our blogs.
Recent Entries
- Saying goodbye to ZDNet
- 55W PC power supply powering the dual-core computer
- Fixing the unfairness of TCP congestion control
- HDMI survival guide for home theater
- The cheapest way to do VoIP is still analog
Blogs From Our Sponsors
Top Rated
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
Archives
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
- Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
Enterprise Applications
- Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
- New Online Dashboard
-
- Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline
-
