Slashdot Mirror

Yes, Akamai published the list of manufacturers and models in their whitepaper: https://www.akamai.com/us/en/m...

Another reason to bemoan the discontinuance of Apple Routers: They are NOT on that list!!!

Yes, Akamai published the list of manufacturers and models in their whitepaper: https://www.akamai.com/us/en/m...

Akamai seems to corroborate the 8-million figure, which Hotstar reached on Tuesday. (They reached the 10-million figure on Sunday.)

Why? The problem is not in America but in Nigeria. America is the #2 country in IPv6 adoption, just behind Belgium, so we're not exactly lagging behind the world. Or, are you suggesting that Americans need to pay more to help out Nigerian 419 scammer princes?

Akamai State of the Internet Report 2017Q1 has United States average (IPv4) home Internet connection speed at 18.7 Mbps, up 22% year-on-year.

Actually the US is up to 10th place in the 2017 Q1 figures. It's unevenly distributed though, the US is 37th in >4 Mbps adoption. Even Russia got you beat in 33rd place. And I think that's reflected in a lot of the discussions here, either you got competition and it's great or you don't and it's terrible.

Or maybe a lot of people choose the lower speeds. The neighborhood where I live has ~60% of the people over the age of 50, and many are retired, and most are perfectly happy with Dish and 10 Mbps connections. They like it - it does what they need. Only a few of us have >100 Mbps connections because we want them. I think the average probably reflects most of this - it's high because of a smallish number of people who want lots of fast bandwidth, and most people are perfectly fine with 4-5 Mbps because you can chek e-mail, cruise Facebook, stream Pandora and watch Netflix without an issue.

Actually the US is up to 10th place in the 2017 Q1 figures. It's unevenly distributed though, the US is 37th in >4 Mbps adoption. Even Russia got you beat in 33rd place. And I think that's reflected in a lot of the discussions here, either you got competition and it's great or you don't and it's terrible. By the way, Akamai's figures are way below the national statistic on what people have. Here in Norway I see it reports the average connection as 23.5 Mbps. According to the national statistics the mean broadband connection is now 59.5 Mbps, the median 31.5 Mbps. Here 44% of the population is now on fiber and increasing rapidly, though the normal speed tier is still 100-150 Mbps. Gigabit is still very rare, even though it's available for quite many.

With lower prices, faster speeds and better service, you bet people would want municipal broadband. We've all seen what happens when there is no competition: the U.S. still isn't in the top ten of industrialized nations when it comes to broadband speeds (page 12 of the report).

I distinctly remember when my area got "competition" in broadband providers. Verizon came in and their CEO proudly stated, "We're not going to compete on price. We'll compete on quality." Well gee, thanks. To whom should I bend over for?

If Republicans would stop preventing broadband competition we'd be far better off. And before anyone wants to whine about being partisan, go take a look at the places which have outlawed municipal broadband. See the pattern?

This is harder than you would imagine because of "The Cloud" infrastructure. That destination is often a DNS alias and may perform load balancing or other tasks, also. Furthermore, with services like Akamai, an IoT manufacturer may not even control the addresses involved. Most firewalls do not do DNS lookups as part of the filtering rules because it would delay the connection by too much and negatively impact performance. You cannot cache the results because of the aforementioned scale-out and load-balancing capabilities of the infrastructure that are frequently required for IoT devices.

I am not a DDoS researcher -- but the previous largest DDoS I know of was the 602Gbps against the BBC

http://www.csoonline.com/artic...

Comparatively, during the 2016 olympics, 7.3 Tbps was served (presumably in addition to routine customer traffic) without substantial complaint.

https://www.akamai.com/us/en/m...

This DDoS was very possibly just another slightly-unusual-day-in-the-life of Akamai, but one that actually started to cost non-trivial resources (just like TFA stated).

Given the current structure of the internet, you asking any company to "handle it properly" for anything approaching the terrabit scale is absurd. There is no playbook for that -- there's only sysadmins making the most solid QoS decisions their background and knowledge permits, and infrastructure investments. Most likely, there's sysadmins shuffling capacity around while trying to protect paying customers.

How many full-time sysadmin-days should be dedicated to a gratis customer -- even one as important to the world as Krebs?

Akamai cached sites don't move between IPs. They are hosted on all of them. Anycast is used to direct your request to the DNS server nearest you, which then goes on to direct your actual HTTP request to the server nearest you. If the attacking computers are geographically located in a certain area, that area will suffer gravely, but other areas won't be affected at all.

As such, ANY Akamai hosted site is DDoS protected by nature. A few years ago, an iOS update was slugish to arrive. Afterwards, we were told that there were considerable slowdowns to web sites not hosted by Akamai. In other words, it was not that the Akamai network couldn't handle the load of many people downloading the update at once. The Internet couldn't handle that load.

There might be something technical I'm not aware of, but as far as I know, the DDoS protection product is a marketing thing, not a technical thing. You are, essentially, buying insurance against having to pay Akamai a whole lot of money for the DDoS traffic it served on your behalf. I am not 100% certain, but I do not think Akamai serve DDoS protected sites and regular CDN hosted sites differently.

Whether it is bad PR or not is not for me to say. I do think that a host provider that gives a pro-bono service has a legitimate claim to say that non-paying customers should not be costing it more than it is willing to give. On the other hand, I also agree that, in this case, the DDoSers won.

Shachar

P.S.
Akamai used to publish real time information on how much traffic the entire network was carrying. The page is still there, but it no longer carries that information. I don't know why.

Also, it's funny because of: https://www.akamai.com/uk/en/a...

Good PR: providing free hosting to a high profile and well liked journalist/commentator
Bad PR: apparently one of your most vaunted product offerings isn't good enough to keep one blog online

CAPTCHA: buffer (!)

...how you said that with a straight face. You do realize that the US average is no better than much of Europe, and in fact currently lags a fair bit of Europe (northern Europe in particular) by quite some distance, right? And given our penchant for putting internet access in the hands of government-mandated monopolies rather than in the hands of the people, if anything our speeds a decade hence will likely lag most of Europe by a significant margin. Only the completely delusional would forecast that we'd best it by an order of magnitude.

Here, do some reading:

https://www.akamai.com/us/en/o...

There has been quite a lot of progress in residential broadband too. The "Networks" tab of Akamai's IP adoption visualization page shows Comcast at 44%, TWC at 22%, and Sky Broadband at 53.5%, alongside the mobile carriers moving to IPv6.

The smartphone migration is also progress as it has helped to remove the old chicken-and-egg problem for IPv6. Why should websites take the effort to support IPv6 when the eyeballs aren't there? Well now the IPv6 eyeballs are there, and there's a lot of content for them: Google, Facebook, Wikipedia, Akamai, etc.

The Akamai State of the Internet Q1 2016 has a US average Internet bandwidth of 15 Mbps, which is far more believable.

I agree that there are plenty of people in the US with 50 Mbps+ (I have that myself), but there are still a lot of people on the end of long DSL loops who will never get higher than 5 Mbps.

...figure out the ping command. Sending packets? Only a mastermind.

There's a lot more to modern DDoS attacks via amplification / reflection than a bunch of ping packets (from 2013):

Recently, DDoS attacks have spiked up well past 100 Gbps several times. A common move used by adversaries is the DNS reflection attack, a category of Distributed, Reflected Denial of Service (DRDos) attack. To understand how to defend against it, it helps to understand how it works.

100 Gbps is staggeringly large and nearly impossible to defend against. "Well past 100 Gbps" is mind boggling. Didn't RTFA to see the scale of this DDoS, but the scale of them today is significant to say the least.

Here is a good example: https://http2.akamai.com/demo

I know AC I'm replying to was being funny, but major players like Akamai, which only uses multi-tenant data centers and sundry free colo, are also finding the ability to reduce greenhouse gases 90% per bit delivered over the last 6 years.

1. 1. Use a CDN and hope no one finds the origin domain or ips the CDN uses.
   Which as we can see from the article doesn't work due to the many ways they can be leaked.
   E.g., for www.example.com, try origin.www.example.com, ftp.example.com or IPs used in the past for www.example.com.
2. 2. Have the origin servers only respond to white-listed IPs. That white-list needs to include those of the CDN.
   Still suspectible to a volumetric bandwidth attack. I.e., attacks with enough packets to overwhelm the origin server(s) or the ISP link to those servers.
3. 3. Change your origin IPs periodically.
   Useless against a volumetric attack if they are just different IPs connected to the same uplink/router. Difficult to keep switching to use different ISP and each new provider brings its own problems.
4. 4. Have origin(s) capable of withstanding a volumetric attack.
   Not cheap. The XOR DDoS botnet has recently produced DDoS attacks up to 150+ Gbps.
5. 5. Use a BGP redirection service that routes all public internet packets whose destination IP address is the origin's through geo-graphically distributed scrubbing centers.
   Attackers sending traffic through the public internet to your origin are sending them to one of many scrubbing centers. The combined capacity on all these scrubbing centers can cope with volumetric attacks. The scrubbing centers will only forward desireable packets to the real origin using GRE tunneling.

Akamai's BGP redirection service has some restrictions typical of other services. E.g.,

• * A /24 prefix (Class C subnet) at a minimum. It needs to be is registered and belong to customer, as some ISP given not allow re-advertise.
• * A BGP (Border Gateway Protocol) and GRE (Generic Routing Encapsulation) capable router.
• * IP address space to terminate GRE tunnels located outside the prefixes you need to defend.

The only way to get around a bunch of these major attacks is by requesting new IPs for your servers and trying to mask those from being leaked.

If you use Akamai, you can turn on the G2O feature and configure your servers to check for it. Apache, Nginx, F5 load-balancers, IIS, and Varnish all have extensions to support it (though the last one is not, unfortunately, open-sourced — for purely bureaucratic reasons, I might add).

Then, even if the enemies find your origin, all their hits will cost you is computing a digest of the requested URI and issuing a 403 or whatever — no file-lookups, no database-lookups, very little bandwidth. I suppose, your server can still be punished, but it certainly raises the bar quite a bit for any attacker.

Today 100 Mbps is a standard pipe.

No, it isn't. As of Q1 2015 there was no country worldwide with an average connection speed of over 26 Mbps, and there wasn't even a country with an average PEAK connection speed of over 99 Mbps. For average connection speed, South Korea tops the list at 23.6 Mbps; Ireland is second at 17.4. For average peak speed, Singapore is at 98.5 Mbps; Hong Kong is second at 92.6 (South Korea is third at 79.0). Your purported "standard" is faster than the average PEAK speed in the best-connected countries in the world, though it's almost credible to say that in a handful of nations a pipe that's advertised at 100Mbps is standard.

But that's certainly not the case in general. The global average is 5 Mbps and peak average is ~30Mbps.

https://www.akamai.com/us/en/m...

Yet in even some of the poorest countries you can get 20Mbit connections with no cap for less money than you pay in the US.

Citation, please, because Akamai's State of the Internet mostly disagrees with you.

Yet in even some of the poorest countries you can get 20Mbit connections with no cap for less money than you pay in the US.

Citation, please, because Akamai's State of the Internet mostly disagrees with you.

The patch didn't need patching, there were two separate exploits, one discovered during a decode review prompted by the other. There were actually 6 CVEs published about this, all of which can be found here. Might want to get your facts straight before you spout off.

If your applications are passing executable code as user-specifiable data that then gets passed as environment variables to a forked process that then spawns a system call eventually involving Bash, then you should be glad the patch broke it, as it just revealed a massive security vulnerability within your application. If you need that application to remain functional while you patch the issue, roll back to the previous version of Bash and work under the assumption that the gaping security hole that you're calling an application has already been compromised, because what it's doing is so much worse than Shellshock. More to the point, if your application were passing executable code or commands in this manner, the likely scenario is that you have some sort of command processor on the other end parsing and executing them; if you're exploiting Shellshock to accomplish this, you deserve prison time for gross negligence for A) incorporating the vulnerability into your application and B) not disclosing it so it could be patched.

At any rate, it's not a Linux issue, it's a Bash issue. Again, since Bash can run on *anything*, that makes it and "anything running Bash" issue, including your precious Windows in the majority of server environments, where a POSIX layer like Cygwin or MinGW (both of which include Bash) is likely to be in use.

Furthermore, simply having Bash installed does not make a system vulnerable; there has to be some service listening that passes unsanitized user-specified data as environment variables to a system call eventually handled by Bash. So surprisingly few competently written applications do this; GNU dhcpd was one, I'll give you that if you can give me another.

Nonsense.

http://www.netindex.com/downlo...

http://www.akamai.com/dl/akama...

http://www.xconomy.com/boston/...

http://www.bloomberg.com/slide...

If you count the US on a state-by-state basis and compare with the rest of the world, US states would take most of the top-10 spots.

On the other hand, parts of Europe (and the EU) are poorly served in terms of telecom services, charging high prices, having low penetration, and/or being slow.

This is like claiming someone has the burden of proof in proving that nearly 90% of hacks are initiated from China, Russia, or eastern europe.

They absolutely have the burden of proof in proving that. Akamai's report from last year shows that the top 3 are China, Indonesia and... *drumroll* ...United States! In this case the question of how China is any more sketchy than USA, could also be asked again. They're in the same boat.

Akamai has several streaming media solutions. One example http://www.akamai.com/html/solutions/sola-vision.html

- Great Firewall of the UK, China, Iran and Russia
- Undersea cables cut in the Mediterranean knocking entire continents off the network
- Copyright collection agencies deciding what is allowed on the internet and what isn't with no public input or control whatsoever (HADOPI, GEMA, the list goes on for quite a while)
- Several nations' network speeds are so slow as to make the internet unusable for doing anything more than reading text
- Several nations don't have internet connectivity whatsoever (largely island nations, Southeast Asia and Africa)
- ICANN's support of non-English URIs and country-specific TLDs
- US laws like COPPA, CFAA, and the planned CISPA/SOPA, and a USTR hostile to internet freedom
- And this one has been important since the dawn of the internet: ICANN and IANA have always been based in the US and controlled by its government
- The top three biggest TLDs in the entire world (.com, .net, .org) are all administered in the US, and this has been used to establish jurisdiction over servers physically located in foreign countries. (See Megaupload, Rojadirecta, TVShack, and the Pirate Bay) -- frequently at the behest of private industry without due process of law

http://www.akamai.com/dl/akamai/q3_2012_soti_infographic.pdf
http://www.akamai.com/stateoftheinternet/

Average connection speed in the US is 7.2mbps. The absolute top is South Korea, with 14; I believe we're somewhere around 10th place, but you have to knock one or two places off since theyre counting Hong Kong as a country, which it really isnt.

http://www.akamai.com/dl/akamai/q3_2012_soti_infographic.pdf
http://www.akamai.com/stateoftheinternet/

Average connection speed in the US is 7.2mbps. The absolute top is South Korea, with 14; I believe we're somewhere around 10th place, but you have to knock one or two places off since theyre counting Hong Kong as a country, which it really isnt.

This cloud== distributed computing. Everyone else? Not so much.

Pretty sure they used a CDN or two to handle the traffic, and its possible the CDN uses a hybrid mode which works basically like combining a regular CDN server network with a p2p torrent network

Can you expand on what you mean by this, not many users have CDN client software installed to facilitate P2P..

I think he's talking about something like this:

http://www.akamai.com/client/

I recommend Akamai's services as a CDN for static content (eliminates a lot of load from your own servers), a proxy for dynamic content (shield/reverse proxy effect services) as well as a protection against (D)DoS attacks. They have a number of great case studies ( http://www.akamai.com/html/customers/index.html ) which are well worth the time looking through, as they have successfully mitigated attacks against small, medium and large websites. Their (repackaged) Kona Security Services are surprisingly good.

Actually, what we do is not at all related to indexing, nor is it related to locally-sensitive hashing (LSH). Hyperspace hashing, the central technique that underlies HyperDex, is a data placement technique akin to consistent hashing.

Air pollution is much better in the developed world than it was in the 50s, all paid for by the people who burn fossil fuels.

I.e., the pollution emitters used inequitable free trade to relocate to China and India. And we can't even say "Well, at least it isn't here!" 'cuz apparently the guy who was supposed to tell the wind to stop blowing got pink-slipped in the rush to offshore jobs.

Air Pollution Is Much Better in the Developed World Than It Was in the 50s", the movie.

Yahoos unite! There are jobs out there.

http://www.akamai.com/html/technology/visualizing_akamai.html

The ACTUAL report (and archives), but behind a reg-wall: http://www.akamai.com/stateoftheinternet/

all the pictures in the gizmag slideshow can be downloaded as one handy zip file.

The patent's abstract (a bit long to quote here) sounds like Akamai's business plan.

The patent was filed in October 1997. According to the company's history Akamai's founders were finalists in a 1998 MIT competition. Given that these things don't take shape instantaneously, there's a fighting chance they've got some documentation of prior art that would shoot down this claim forthwith.

http://en.wikipedia.org/wiki/Active_queue_management Implemented in most of the data-driven parts of e.g. 3G and 4G networks. Another aspect: http://www.akamai.com/ericsson

You know, I never cheated in college, as indicated by my 3.2 GPA, but hey, that GPA was all me and limme tell you how many times I've been asked about my BS in Computer Science GPA in the 6 years since I finished it: 0.

I did, however, download and use a couple problem solution in my Abstract Data Types class taught by Dr. Robert Blumofe shortly before he left UT to build Akamai. He had a policy that you could use any other works as long as you provided full references to those works.

What he should have thought about was actually changing his homework assignments between semesters because a group of my friends simply turned in homework assignments from the previous semester referencing fully their origination. LOL.

It describe itself as "Akamai: The Leader in Web Application Acceleration and Performance Management, Streaming Media Services and Content Delivery" (source : http://www.akamai.com/ )

We're a long way from anywhere and have only a limited amount of fibre connections to other countries (where I imagine most data will come from), this is reflected in the silly high prices we pay for data already ... So whilst it's great that we will have these kinds of speeds, how are we going to get data services fast enough to take advantage of them?

A lot of data/content can be cached on continent. Akamai claims that:
"Akamai routinely delivers between fifteen and thirty percent of all Web traffic, reaching more than 4 Terabits per second."
http://www.akamai.com/html/customers/index.html

Seeing is believing: http://mfile.akamai.com/97892/live/reflector:45683.asx?bkup=45684 Odds are the feed will cut out after a few seconds with how swamped it is now. Oh and if you're really interested here's one of the bottom of the BOP which is being watched so it doesn't explode. http://mfile.akamai.com/97892/live/reflector:31499.asx?bkup=31500

Seeing is believing: http://mfile.akamai.com/97892/live/reflector:45683.asx?bkup=45684 Odds are the feed will cut out after a few seconds with how swamped it is now. Oh and if you're really interested here's one of the bottom of the BOP which is being watched so it doesn't explode. http://mfile.akamai.com/97892/live/reflector:31499.asx?bkup=31500

I get good internet in Anchorage AK, and that city has half the population of the state. Actually, internet in Juneau, Anchorage, Fairbanks is pretty good and those areas make up about 70% of the state.

Same goes for Nevada, the bulk of the population are in Reno and Las Vegas, both have very good connectivity. Kansas has most of it's population to the east and theres alot of broadband there.

Better examples of states that suck for broadband would be the Dakotas, Montana, Wyoming, West Virgina or Hawaii. Non-centralized populations, vast distances or disruptive geography.

http://gigaom.com/2008/05/27/report-state-of-broadband-according-to-akamai/

Live map
http://www.akamai.com/stateoftheinternet/

Hmmm, considering Adobe's record of using Akamai's P2P client as part their Download Manager, which you have to use to download stuff from their store (or did at one time anyway). The thing runs in stealth mode, and I'd venture to guess that most users who have it installed don't know that they do, and don't know that they may *still* be sharing their bandwidth long after they downloaded their Adobe product.

Basically, I'd be fine with it so long as they give users a true opportunity for informed consent (not bury some sneaky clause in a EULA), AND give users control over how much bandwidth is used/when.

For example, if my laptop is connected off a 3G card, I don't want to share *any* bandwidth. And if I downloaded some content a week ago, time's up, I'm not sharing that thing anymore. And if I'm playing a lag-sensitive game, I don't want some background P2P client mucking with my bandwidth.

The fact that Adobe is putting this P2P stuff directly into their Flash player is problematic unless they do a *much* better job than in the past of respecting the fact that the computer and its bandwidth belong to the user.

Japan's average network speed right now is 50 Mbps.

My source says 7.9Mbps:

http://www.akamai.com/dl/whitepapers/Akamai_State_Internet_Q3_2009.pdf?curl=/dl/whitepapers/Akamai_State_Internet_Q3_2009.pdf&solcheck=1&ver=1&

It's easy to have an average of 50Mbps when your numbers are totally made up. A significant part of the US "gap" in broadband speeds appears to be that our providers lie less about how much bandwidth we really have.

Live streaming using H.264 seemed to work just dandy watching the State of the Union address on my iPhone while using the Whitehouse.gov iPhone app. Also seems to work great with MLB At-Bat on the iPhone as well. I watched many baseball games last season streaming live H.264 video to the iPhone.

But can you do it with a generic app which will connect to any server?

Try this site for some examples.