With the current uproar about Internet neutrality, and the perhaps appropriate misgivings about the Google and Verizon proposal to the FCC, it seems timely to weigh in on this issue that has the potential to affect us all.
I've posted on this topic before, and after carefully reading through the Google posts about the deal here's where I stand:
First, the Verizon/ Google deal allows classification, and prioritization by class, of the traffic on the Internet. It also makes a concession to 'legal use' but leaves out the definition of what a legal use is. While it may make sense on the surface (who doesn't want their VOIP calls to be clear?), this classification is actually a bad thing because it de-democratizes the traffic on the Internet, and puts the control of what packets go where and how fast into the hands of a very small handful of carriers. Additionally it allows provisions for de-prioritizing (or even simply dropping) packets if they're 'illegal'. Can you hear the peer-to-peer sites being shut down already? Because there's nothing legal about filesharing, right? Wrong. As one example, most Linux distributions use BitTorrent to distribute their CD images because the files are huge, and hosting bandwidth is expensive. Why not use the power of the Internet to spread that load amongst the thousands of Linux users out there? But ISP's absolutely hate peer-to-peer - they see it is a bandwidth hog that is only used for illegitimate purposes.
Today, a packet on the Internet is just a packet. The core routers at Level3 or Comcast or Verizon don't care whether it's a SIP packet bound for your VOIP provider, or a Peer 2 Peer packet shared by your music (or Linux) loving neighbors, or a VPN packet bound from your workstation to your office as you work from a coffee shop. The routers move the packets along with no regard or care for what the packet is, or where it's going.
Now imagine that your ISP is allowed to de-prioritize your VPN traffic, because more users want to watch Hulu or Netflix at the same time as you're trying to work. Suddenly your ability to work is severely impacted because you, and your usage pattern at that moment, is in the minority. Is that fair? You pay your bill every month like everyone else, right? But because you're in the minority, your traffic gets pushed down the scale.
Of course, the above example presumes that everything is working just as the carriers expected it to. However, that's rarely the case. For example, many peer-to-peer sites have already modified their traffic to look just like regular web surfing traffic (HTTP). Why? Because firewalls often (try) to block peer-to-peer by attempting to classify the traffic just like Verizon and Google would like to do. So, the file sharing sites simply modify their traffic patterns to look just like HTTP. Now, the firewalls not only have to look at the ports involved in the traffic, they actually have to try to decipher the packets o and determine whether it's really a web page, or if it's peer-to-peer masquerading as a web page. Once they figure that out, guess what's next? You guessed it... encrypting the traffic so that the snooping firewalls can't 'see' in to the packets on the fly to see what they're all about. It's a constant cat-and-mouse game that ends up accomplishing very little and wasting unbelievable amounts of effort, CPU cycles and money. Because today, despite the ISPs best efforts, guess what still accounts for the vast majority of Internet usage? You guessed it: peer-to-peer.
Finally, the deal they struck applies *only* to wired Internet service (meaning, in large measure, Cable and DSL, FIOS, etc.). Their deal gives a free pass regarding *any* FCC intervention to wireless Internet providers (um, like Verizon Wireless, maybe?). This doesn't sound like a big deal - after all anyone who's used any Cellular based Internet services knows that it's horrifically slow. That may be an argument that allowing traffic shaping would be, if not desirable, then at least permissible, right?
Wrong. And here's why: a large number of industry analysts agree that Wired internet will account for a smaller and smaller fraction of the overall Internet user base as the wireless (cellular based) carries continue their testing of 4g and LTE, technologies that push well north of 100mbps to the end point. That sounds like a huge gimme to the cellular industry to me - the only requirement for the cellular carriers is some undefined transparency in what they prioritize or (perhaps more importantly) de-prioritize. If the majority of users within 10 years are going to be using the Internet via a cellular network, it would seem pretty obvious that the same rules should apply to all, no?
So here's my takeaway, based on my own experience as a network engineer for a small Cable ISP: Leave it alone. Let users police their own bandwidth, at their gateway device. That will allow them to prioritize VOIP, or HTTP, or VPN as it comes in to their network, and do the same for packets as they leave their network. Once that packets hits the Internet however, it's on it's own and subject to the bandwidth limitations of the networks between it's source and destination. But it's on equal footing with the billions of other packets winging their way across the ether, as it should be.
Thanks to Dan Allen who alerted me to this series of attacks! Links to the original articles at the bottom of this article.
You may be aware of the recent spate of attacks against GoDaddy hosted WordPress sites. After doing a bit of research, it appears that successful attacks are not limited to GoDaddy hosted accounts, or WordPress installations. Further, the successful exploits appear to be limited to systems with shared hosting (e.g. many sites on one server).
To my eyes, it looks more like it's a javascript injection that is enabled by an installed PHP application. Specifically, it looks like it may be a vulnerability that is created when sites are running the CGI version of PHP rather than running PHP as an Apache module.
We stopped running the cgi version of PHP at least 5 years ago, as it creates security vulnerabilities that are difficult to mitigate. Many hosting companies use it because it allows them to 'jail' user websites, and keep a better level of separation between them, which is beneficial when hosting a large number of sites on a single system. Since we run only about 50 domains on our server, and access is tightly controlled, we made the decision to move to Apache2 and mod_php fairly early on.
At this time, I believe that our webserver is protected from this attack. We use mod_php on the server, and we only host a (comparably) small number of sites. We stay current with updates, and we're running an updated version of PHP that is not part of the standard CentOS distribution.
We will continue to monitor this situation carefully, and will update this page as we learn more.
Feel free to e-mail us with any questions or use the Contact Us page!
References:
[1] http://blog.sucuri.net/2010/05/reply-from-godaddy-regarding-latest.html
[2] http://www.GoDaddy.com/securityissue
[3] http://blog.sucuri.net/2010/05/second-round-of-godaddy-sites-hacked.html
[4] http://www.tgdaily.com/security-features/49744-go-daddy-counters-php-hack-attacks
The 'Net neutrality debate took an interesting turn today, where the US Court of Appeals sided with Internet Service Provider Comcast, agreeing with their assertion that the FCC had no authority to enforce network neutrality on an unregulated service. While this feels like a setback for Net Neutrality, it will likely ...turn out to be just the opposite, as the likely outcome will be that Congress will in turn explicitly grant the FCC the authority it doesn't currently have, and Net Neutrality will become law and not just policy.
"Comcast swung an ax at the FCC to protest the BitTorrent order, and they sliced right through the FCC's arm and plunged the ax into their own back." -Ben Scott, policy director for the public interest group Free Press
Read more here at the Associated Press website: http://hosted.ap.org/dynamic/stories/U/US_TEC_INTERNET_RULES?SITE=TXDAM&TEMPLATE=HOME.html&SECTION=HOME
For those not aware, rbTechnologies is preparing for our next phase of growth by building a brand new office connected to our current space in East Montpelier. After looking carefully at options for buying, building elsewhere or renting space, we decided that expanding our current space was the best way to continue to achieve our goal of delivering unequalled expertise at the best possible value.
Once the decision to expand was made, plans began to coalesce fairly quickly - early this spring, we had our basic layout designed. We went through teh financing process, closed in June, and on Independance day weekend, Rubin celebrated by spending 24 hours running a backhoe to dig the trench for the frost walls of the new space.
As of today, the frost walls are poured, and the forms are stripped. The next steps are to backfill the walls, pour the new radiant slab, and then start putting up walls and framing the new building! We hope to have the space 'dried in' (walls up, doors and windows installed, roof on and weathertight) by fall. We'll post photos occasionally as the work progresses, and there will of course be an Open House once we're all moved in!
Ah, Fairpoint. On one hand I feel genuinely bad for the poor folks who are answering the phones there; their hands must tremble every time they take a call.
On the other hand, that company has managed to foul things up on an almost unimagineable scale.
First it was the Verizon/ Fairpoint email cutover... whoops, you no longer have any email. But we'll re-create your account for you... our bad. Seriously, Fairpoint?! Has no one in that company ever heard of imapsync?!
Last week, I received a notice in the mail from FairPoint that my long distance records had been lost in the cutover and that they were simply going to drop the charges for last month's calls. I'll bet that was a costly error for them - not so much on our side as we don't make a lot of calls, but there are plenty of companies out there that make a thousand dollars of long distance calls every month... But they're so flush with cash, they can afford it (not).
Then came the random disconnects. My fiance's bridal shop (Shaline Bridal, at 27 State Street in Montpelier http://shalinebridal.com) was mistakenly disconnected on a Friday night. Callers were given the dreaded "This number is not in service, please check the number and try again". She called in to FairlyPointless "customer service" and was told that the "programming department" would have to fix it. On Monday. Now this is a bridal shop that is in full swing right now with brides dropping off their dresses and calling to schedule appointments. Saturday is the busiest day of the week. Brides calling to check on dress and receiving a disconnected message are perfect candidates for "breathe into the paper bag" therapy, especially in light of current economic outlook and general consumer confidence. She explained the situation to the "customer service" representative who looked up the number and came back on the line to tell her that the problem was one that only the "programming department" could remedy, and further that the programming department was closed. Until Monday. What?! After expressing how damaging this could be to her business, the customer service rep was unsympathetic and she was told that there was absolutely nothing to be done until Monday. I took over the call, and after talking in circles with the operator for a few minutes, I eventually was *hung up on* after I made a mildly snarky comment about their commitment to their customers and botched cutover from Verizon (no cursing, and I was very careful not to direct anything at the operator). I called back immediately and was told that the magical and closed-for-the-weekend programming department would have the line back on within the hour. Huh. "Public Service Board? Yes, I'm calling with yet another complaint about Fairpoint..."
Last Thursday (March 12th), between our 2 Fairpoint business phone lines, my partner and I received 5 separately mailed, and different bills. 5!!! Do we get to pick which one to pay?! I'll pay the small one I think. On second thought, I think maybe I won't pay any of them until Failpoint sorts this mess out. I've spent enough time on hold already.
Yesterday here at the office, we got our new SIP trunks activated by SimpleSignal. Calls are routing and the lines are working just fine for everyone... except (you guessed it) FairlyPointless subscribers. They are routed to the old phone line, which no longer works. I called SimpleSignal, and was on the phone with an engineer within 2 minutes. They told me to call Fairpoint and ask them to pull our number from their switch and network server. I did so, and was told that they needed me to call the business office (which had closed right about the time I started sitting in FairPoints call queue) to "say goodbye" (I swear to God that's what the rep said!!!). I was pretty sure that the port of the phone number would be sufficient to indicate that I was no longer using the service, as that's what all the phone number porting forms said when I signed them but who knows... I guess they want to be broken up with in person. "Hello, Public Service Board? Yes, it's me again."
The amazing thing is that while all this is going on, Fairpoint's stock is sinking like a stone (it was at $0.35/share last I checked). Their market cap is at under $50mil and you can buy a controlling interest in this useless company for under $25Mil. For that money, you could almost buy the company, pull the damn phone lines off the poles and sell the copper on the scrap market! Hello, Warren Buffet? Would you like to show the world how to run a phone company? These guys have done a fine job of showing how *not* to do it.
At this point I can only hope that their end comes quickly and mercifully, and whoever picks up the pieces does a better job. And as for the Vermont Public Service Board, seriously, What the Hell were you thinking?! You guys let this deal happen, and signed off on the merger, despite loads of testimony that this was an impossible task that was bound to fail.
And I used to think Verizon was bad...