VPN Clients Not Allowed On Residential Service

wayn3 writes "ComputerWorld reports here that two of the major cable companies have language in their terms of service that VPN clients are forbidden for "residential" class, forcing clients on their "business" offering which is at twice or more times the cost of residential service. Has any been bit by this, and do those companies consider SSH a VPN client? This would stop me from telecommuting since my company would not be able to afford the business service."

@home has that in its AUP but...

[StJohnsWort]

I do it anyway. what are they going to do, cut me off?

Re:@home has that in its AUP but...

[Binestar]

Actually, what they are doing here is to give themselves the out to do just that. Cut you off or force an upgrade (With corrosponding price increase) to business class account.

The easiest way for companies to do this (And I have already seen it as I work for a company who sells and maintains a VPN Solution) is to block UDP port 500, as well as IP Protocol 50/51. If they want to be really anal they also block TCP1443, but that would stop other ssl traffic not just the VPN.

Alot will also block IP Protocol 57 (SKIP) just to be thorough.

Why would they do this? Because business accounts use more bandwidth on average. Lets take your average non-tech, just someone who needs access to the internal server to do thier work. They work from home for a day and use more bandwidth in that day than they normally use in 2 weeks. This makes perfect business sense, and is well within thier rights. Just as it is within your rights to get another ISP.

Re:@home has that in its AUP but...

[aozilla]

So they're going to shut off a paying customer who isn't harming anyone? NO, they're not going to do that. That's kind of the point of his comment.

Re:@home has that in its AUP but...

[baptiste]

Why would they do this? Because business accounts use more bandwidth on average.

Bull. Show me stats - real stats that back this up. Residential users actually use more bandwidth than a business user @ home ever would. Gnutella, Browsing heavy graphical sites, etc. Most business users use VPN to check .... email. Maybe access a file server but how many files will they work on at once?

This is typical telco mindset being applied by cable companies - jack up business rates for the same service you provide to homes since you lose money on residential service. Then try to get as many folks on business lines as possible. Same thing happened with dial up - telcos wanted us to have business lines for hoem dialup users into our corporate networks - and we did - why? The IT managers wanted 'business class' support on these lines to get problems fixed faster - like it was gonna shut the company down if manager X couldn't dial in from home on his 2nd phone line and the telco hadn't committed to having it fixed by X hours. (um - what about the first)

I chuckle at all the ISP issues out there - just like banks - the bigger monoliths screw you while you get GREAT service and such from smaller ones. My ISP is a mom/pop phone company that got bought by another company that specialized in running mom/pops. We have excellent service (DSL), great rates, and they are pretty laid back about how you use it (no blocks - not even port 25, etc)

Re:@home has that in its AUP but...

[aozilla]

I understand that, but that's not what he signed. Yes, the TOS he signed says they disallow what he's doing.

I can sign something saying that I will kill myself. Doesn't make it legally binding. BTW, I highly doubt he signed anything, not that that's a requirement for it to be binding.

So they're going to shut off a paying customer who isn't harming anyone?

Although I agree with you that this is damn silly, yes. They legally can and could/will pull his plug should they want to crack down on this stuff.

Legally can is debatable. They are a monopoly in restraint of free trade. But I don't really want to get into that argument, cause I could see a court going either way.

My point (and I believe the point of the original commenter), is that they likely won't permanently cut off service to someone who is paying them a nice monthly fee and isn't harming anyone, especially if that person refuses to upgrade to a business level service. The clause is there as an excuse to shut people off who are bothering them in some way, not to be taken literally.

Remember when Netscape had a 30 day trial, then you were supposed to pay for it? Did they have a legal right to take it from you or sue you after 30 days? Yes (well, actually, maybe, but that's another legal question). Did they sue any consumers? Of course not. They actually encouraged consumers to break the "contract". Because it wasn't in their best interests to enforce it.

Re:@home has that in its AUP but...

[Binestar]

Doing a network sync or logging in does use quote a bit of bandwidth. But perhaps I was too general in my wording above.

When an ISP/Telco/Cable company sells to residential, they are doing that selling based on the fact that *MOST* residential users will be using the service after hours of the business users, and they provision bandwidth and hardware based on that. (I may even be off by saying most, I *KNOW* that the cable company I used to wrk for did just that though)

When a residential user is using the bandwidth during business hours regularly there is less capacity to oversell the bandwidth. (Meaning they sell the business accounts based on the fact that the majority of businesses are 8AM-6PM, and residential based on the fact that the majority of residential use is 5-12PM. This isn't a hard number, just the fact that on all the graphing and business models I've seen this is how it is planned, obviously there is some overlap.

By getting the users who are connected during business hours onto a business rate, and those connected during residential hours on the residential rate allows the company to know exactly what kind of bandwidth they will have available for the businesses and sell that bandwidth/QOS based on that.

It's all a law of averages, and overall a few residential users staying home for the day sick, or working from home won't affect the averages all that much, the users who just have a home office and are sending large files over VPN's for residential rates to deserve to pay the business rates.

Again, it is thier business, they have the freedoms to run it how they see fit so long as they break no laws.

Re:@home has that in its AUP but...

[aozilla]

Usual preface - IANAL.

IANALE.

BUT ... the contract itself does seem to be legal. He is giving up something (money) for a service (internet connection). As part of that arrangement, certain restrictions on the usage have been set, in the contract. When he signed the contract (or agreed via a website or by placing an order), he has agreed to all terms of the contract.

The contract itself is legal, in that there is consideration for both sides, but that doesn't mean that every single part of it is enforcible. It is quite common for contracts to include terminology giving up rights which are not enforcible. This is why most contracts include language that if one part is deemed unenforcible that the rest of the contract still holds.

There's no monopoly there - there are alternatives to this service. Maybe not as attractive, but there are alternatives.

The same could be said of Microsoft's monopoly In fact, the same was said, and a judge decided that this was not the case. I think it's clear that many cable companies have monopolies on high speed internet access in certain areas.

As for restraint of trade - huh? I'm not seeing this here. VPN is generally (key word there) used by businesses, or by individuals wanting to telecommute. These tend to use higher amounts of bandwidth during peak periods.

This is what the cable companies would like you to believe, but I seriously doubt this is the truth. Peak bandwidth on a cable-modem system does not occur during business hours. The costs associated with cable companies provision of bandwidth comes mainly from the peak bandwidth necessary, not the total bandwidth used.

The exception to the Robinson-Patman act that I assume you're thinking of reads "Provided, That nothing herein contained shall prevent differentials which make only due allowance for differences in the cost of manufacture, sale, or delivery resulting from the differing methods or quantities in which such commodities are to such purchasers sold or delivered". I don't think using a VPN qualifies.

Re:@home has that in its AUP but...

[Zathrus]

Certainly. But are you going to do this on a DSL link? I mean, really? Particularly a residential class one?

Companies pay big bucks for links for this kind of thing because they need the reliability, the right-to-scream, and the bandwidth (roughly in that order).

The original poster was pretty off kilter, that's for sure. If he's using his DSL for primarily business purposes it makes sense that the ISP should charge him for a business class service.

There have been many other good points brought up as well. Namely that if you are going to pay a premium for business class service, you should get something for that other than a larger bill. Namely, static IP, the right to run servers/VPN/etc, improved reliability and support, and maybe better bandwidth upstream.

Frankly, I'd get business class DSL if some of the above was offered. But right now my only real options for DSL are Earthlink (who we use) and Bellsouth. Earthlink doesn't offer an improved DSL package. Bellsouth offers "business grade" DSL - but it's still dynamic IP, multiple boxes behind a single NAT'd IP, no additional reliability guarantee, etc. Essentially you pay them more for no reason. No thanks.

Re:@home has that in its AUP but...

[baptiste]

But you take my post out of context. This whole story is about home users that use VPN to access work - not branch offices synching SQL DBs. A branch office SHOULD pay business class rates - fine. But few if any home users using VPN to log into work are going to do bandwidth intensive stuff. Yes, some will - some ALWAYS do, but in most cases the bandwidth usage is light - trust me - I managed a remote access group - our problem was never bandwidth for connected users - it was just the sheer # of users who wanted to be logged in at one time - but the traffic going into and out of the RA network was light even at our concetration point.

What's wrong with this?

[viking099]

I mean, you're using the connection for business purposes, you should be willing to pay for that. If your company can't afford it, then tough. It's not rocket science. Not only that, if you require 24-7 availability of your systems, you can always install a modem or two and connect that way.
If you require internet access for work, then you get a work account. If you require it for home, then it's a home account.
Hell, if you work from home, get the damn work account, then deduct the cost from your income taxes.

Re:What's wrong with this?

[hrieke]

Because, until we see the type of contract that the cable company is producing for the increase of QoS, we're just going to have to assume that (a) the QoS is the same as the home user, and (b) they are using the public's iqnorance to fill their coffers.
Now if they can solve (a), and say that business users have 5 nines uptime then the price difference is justified.

Re:What's wrong with this?

[jamesoden]

Wrong. Wrong Wrong. When you sign up with an ISP, they are providing general purpose internet connectivity. When you buy a business account, you are buying that and:

1) Better service (i.e. technical support).
2) Perhaps a static IP address.
3) Web hosting, email hosting for multiple
accounts.
4) Some other item that adds value to the service
thus justifying the added cost to you.

Also, business class service is meant for situations where more bandwidth needs to be allocated for your use (such as with a web server that gets many hits).

Differentiating your servous based on what applications you use, if the application does not use any more bandwidth that any other regular users use, is just unacceptable.

I personnaly do have a business account, but that was because I was willing to pay for a static IP.

Re:What's wrong with this?

[slakdrgn]

Granted for business purposes I can kinda see the reason (tho dun get me wrong I use VPN-1 for work a lot..) but what about the techie's who use vpn-1 at home.. ie.. I vpn into my friends network at his house all the time, sometimes to remote admin to the gaming server, when it decides to crash, or play 'round with some other things in the network.. this definatly is *NOT* business related.. and a lot of the reason he has it setup is for learning (certifications)..

Granted not a lot of people use vpn as personal, but what about the people that do? sometimes there are non-business related things u can use vpn for.. should they be penalized too?

~slak

Re:What's wrong with this?

[Nickodemus]

A[n internet] connection is a connection is a connection. Why does it matter what use you put your available bandwidth to? What difference does it make which port you send/recieve information on? It doesn't require any special service on their (the isp's) end to set it up. The ISPs are providing the same service to the residential customers, in this case, as they are the "corporate." All this is, is a way to make more money out of corporate customers.

Re:What's wrong with this?

[cdrudge]

But for the 3 times the cost of the service, what do I get? Do I get any type of guarantee that I'll have a connection? Do I get faster downloads or uploads? Is my connection on a different set of pipes that are not oversaturated at peek time? Do I get more IPs or are they static? Can I run other servers? No to all the above.

It is the exact same service, just that they turn the other way when you run a VPN. I agree that if you are a professional telecommuter, then yes, you can afford the $100 a month, have the company pay, or deduct it from your taxes. I occasionally have to call in to my company a do periodic support after hours. I'm not going to spend 3 times as much a month to use a telnet/ssh connection that consumes .01% the bandwidth of the neighbor brat downloading the ISO image of Debbie Does Dallas, Windows XP, and 500 MP3s at the same time.

Re:What's wrong with this?

[haplo21112]

OK...simple fact...becuase my company is builing VPN right now, and I have been in the middle of reasearching this stuff anyway...

Listen closely....
THERE IS NO DIFFERENCE! The cable compnaies are just screwing the end customer. They want that higher rate because you likely to use more bandwidth.
I Say this over and over...we need laws(because it seems like the only thing anyone listens to anymore, Commone sense, is dead in this country) that state to bandwidth providers, that that is what they do, and they can't control what you do with the bandwidth....especially since there is no DIFFERENCE!

Re:What's wrong with this?

[naChoZ]

Well said.

I work for one of these cm isp's. When a customer pays the business rate here they DO get better QOS, ability to call our business help desk (which staffs local people who are much sharper folks than the retards at the nation helpdesk for residential customers). They also get access to our other services, static ip, etc. We have even higher levels of service where your modem is basically watched ALL the time and if your modem goes down, there's someone on it before you can even pick up the phone, 24/7.

I know for a fact that probably 80% of the cm isp's out there aren't like us, but those of us who *are* customer satisfaction oriented cringe when we get lumped in with the ones who don't give a damn...

Re:What's wrong with this?

[twoflower]

Eighty bucks a month doesn't buy you five nines. Try eight hundred a month, or maybe more.

Re:What's wrong with this?

[viking099]

I can definately agree with this. A higher subscription cost would imply higher quality of service. But the fact of the matter is, if you are using the line _to conduct day-to-day business_, then you should pay the provider accordingly. It's part of the contract. I know that if I ran an ISP, and I found that a number of my clients were running their businesses from residential contracts, I would double check the contract (to make sure I wasn't about to break it myself), invite them to upgrade their service immediately, and if they refused, or cancelled the contract, I would send them a bill for the balance of the funds they defrauded from me.
It's no laughing matter to check your books and realize that 5% of your clients are being charged 1/3 of what they should be.
But yes, higher contract fees should mean higher QoS (even if it doesn't always come out that way :-) )

Re:What's wrong with this?

[bobKali]

Ok, first off they're selling me the bandwidth, and as far as I can see I'm completely within my rights to use as much of it as I like - that's what I'm paying for after all. It's none of my business if their business model depends on the majority of their customers not using all the bandwidth they're paying for.
Second, the network isn't going to give me any more bandwidth than I'm paying for, so it shouldn't matter what I'm doing with the bandwidth that I have.
Now, as far as the extras that a business account provides:

Tech support - don't need it, and they don't support Linux anyway.

Static IP address - the residential service gives me that anyway - and even if it didn't, I would be somewhat inconvenienced, but it's not something I care about.

Web hosting, email hosting, etc... - don't need it, don't want it.

other value added services - don't need them, don't want them, wouldn't use them.

So I have absolutely no use for the business service and I physically cannot use more bandwidth than their network will give me (which is what I'm paying for) so I don't see any reason for them to get all pissy about what kind of packets I'm sending over the bandwidth that I pay for.
Besides, I use Cox and I seriously doubt that they have the technical knowhow to navigate themselves out of a wet paper bag, much less figure out what applications I'm running on my computer at home.

Re:What's wrong with this?

[LinuxHam]

the only time one should be required to buy a business connection is if they're running that business on that connection, such as ftp, email, http, and other servers

EXACTLY. I ssh out to read my personal mail, and the wife uses Yahoo! Mail. I also use a VPN client for Notes and some Intranet surfing. The problem is, Comcast's service has been so shitty, that I literally had to put my cablemodem on X10 and cron it to bounce every 30 mins from 8am to 8pm and every hour 8pm to 8am just to keep the connection up. Otherwise, the connection would stall after anywhere from a half hour to a few hours.

Until they improve their qos, there's no way in hell I'm going to pay for an upgraded account. Especially now that they're trying to learn how to run their own network. I'll wait, thanks. Oh, and I haven't met a network yet that successfully blocks my VPN client. It looks just like SSL traffic, but trips the hell out of snort with Large Packet warnings.

Re:What's wrong with this?

[haruharaharu]

THERE IS NO DIFFERENCE! The cable compnaies are just screwing the end customer

Yeah, it's unfair, but they are an unregulated business and they can do that. If you want to try and regulate them as local broadband monopolies, then you have a leg to stand on, otherwise it's their perogative.

Personally, I don't have a big problem with it, provided there is an actual LOS guarantee.

Re:What's wrong with this?

[murdocj]

> It's none of my business if their business model > depends on the majority of their customers not > using all the bandwidth they're paying for. That business model makes your phone and Internet service MUCH cheaper than it would otherwise be. It's not that customers are "not using all the bandwidth they're paying for"... they are NOT paying for all that bandwidth. If they were, the service would cost more.

Re:What's wrong with this?

[ChristTrekker]

I agree. What providers should be saying is, "We supply you 512k (or whatever) maximum bandwidth. If you routinely use more than 25% (or whatever) of this, on average, you will be required to upgrade to business class service." Just be honest about it. If bandwidth usage is the concern, just say so. We all know flat rates are primarily for marketing; if it were possible, everything would be metered. As long as there are flat rates, some of us will get by with more than we're really paying for, because it's subsidized by those who get less than they pay for (but don't mind).

Most of us are not online 24/7 using the whole pipe, and our home servers don't get that much traffic. We should be able to get by with "residential" service, as long as we can survive an occasional slashdotting without being bumped to "business" class.

Re:What's wrong with this?

[Trekologer]

I couldn't have said it better myself.

I would go further and get your local or state consumer protection and/or public utility board involved.

Why? The cable companies have been advertising how you can have "always on" "faster than dial-up" internet connections. No where in those ads do they say that the price offered is only for "casual surfing" or anything like that. Plain and simple, the cable companies are engaging in "bait and switch"... advertising one service then saying "Hey, that's not really for you. You want this much more expensive service."

Or, if you just want to be sly, just use another port than the usual VPN one (80, 21, etc).

Re:What's wrong with this?

[Asgard]

Nothing is more annoying then getting a 11pm page, only to find that you'll have to spend 30 minutes driving to work to make a 5 minute fix to a system, then drive home again, when all you really wanted to do was fire up the VPN and do it from home.

Re:What's wrong with this?

[JoeShmoe]

The other side of this question is what about Microsoft's attempts to make VPN a standard part of the OS? Have you noticed how obvious they are being about it?

Back in NT4, it was like an add-on pack in some obscure sub-section of "Remote Access" basically treating it like modem connection.

Then in the 2000 era, it starts being a little more obvious, working hand in hand with Active Directory, having this big Network and Dial-Up Connections category with a wizard that hand-holds you through the VPN porcess.

And now in XP, it's a big bulbous icon right in the Networking dialog. In fact, half of the screen seems reserved for them, IE to make you feel left out if you don't have any VPN items. And now they are throwing in a small (4 user? 5 user?) server aren't they? Before you had to have an NT/2000 server to establish a VPN but I'm pretty sure from reading that Linking XBox story that plain old professional can now act as a VPN server.

Which brings me back to me point...hold long until Microsoft has us all automatically on VPNs any time we do anything over the Internet? Can a cable company really say "We support Windows XP" and at the same time say "We don't support the standard way it makes connections over the Internet."

- JoeShmoe

.

Re:What's wrong with this?

[tburkhol]

When you sign up with an ISP, they are providing general purpose internet
connectivity.

You may think this, but you'd be wrong. When you sign up with an ISP you are entering into a contract with them. You agree to do certain things, like pay them, and including anything else they care to put in the contract. They also agree to certain things, like provide bandwidth. If the contract says they'll provide bandwith, but not for http servers, then they're not obligated to let you run an http server over their network. If they exclude VPNs, then they can prevent you from running a VPN.

I just don't see what all the fuss is about. Everyone reads and understands the subscriber agreement before committing to the contract, right?

Re:What's wrong with this?

[BitterOak]

It may be that "business-class" gives you a few perks such as static IP and better QOS, but if you don't need those, you simply want to run a VPN client and don't use any more bandwidth than the neighborhood kids downloading MP3s and movies, then why should you have to pay more?

Imagine this situation: you go to a supermarket and buy a loaf of bread. The person ahead of you is buying a loaf of the same bread also. The checkout person asks the person ahead of you what she is planning to use the bread for. "To make sandwiches for my kids' lunches," she replies. "That'll be $1.95," replies the checkout girl.

Now you approach the register. Same question. "I'll be making sandwiches for my lunch," you reply. "Will you be taking this lunch to work?" "Err, yes." "Okay. That'll be $4.95"

Sounds reasonable to me

[SumDeusExMachina]

If you are telecommuting to your business, then perhaps you should be honest and start paying them for business-class service. After all, I doubt your business involves playing UT and downloading pr0n all day.

Seriously, who here runs a VPN that doesn't connect to their office? I can't really see a use for a VPN besides connecting widely distributed corporate offices and internal networks, which is most certainly deserving of business-class rates.

Re:Sounds reasonable to me

[0tim0]

Imagine you work from home sometimes and you use your home phone to make business phone calls. Do you think you should be prevented from making those calls unless your order "business" phone service?

I don't. And I think it's the same thing.

Personally, I say give me a bandwith limit and a QOS agreement and keep your nose out of my business.

--tim

Re:Sounds reasonable to me

[Lozzer]

Maybe the providers should be honest and start offering something to distinguish the home service (a network pipe with no QoS) to the busines service (a network pipe with no QoS that costs more). Then people might be think they are worth buying.

But no, in your strange deluded world, I should pay more to my network provider for the privillege of using some encryption software on my machine and some encryption software on the machine at work, because those encrypted bytes are so much heavier on the network than their unencrypted bretheren.

IHBT, fuckwit.

Re:Sounds reasonable to me

[baptiste]

I've got a VPN switch at my house to I can tunnel in from work if necessary - nuff said :) I have friends who tunnel in as well to access files on my box. So yes there are some folks who use VPN to do non business stuff. VPN is not some magic thing that requires business class service - hell you can use it (varely) over dialup. This is just an attempt to get more $$$ for the SAME service. Sur e- business class accounts might get better QOS - but obviously the folks using VPN from home DON'T NEED IT. Otherwise they woudl already have business class accounts. So don't rationalize this by saying they get more - they don't need it - they just need Internet access to get into work networks from home from time to time - its a total waste of money otherwise. Business class accounts are for businesses to access the net from their place of business.

Your company can't afford it?

[ManualCrank+Angst]

Let me get this straight, the company pays you enough that you can in turn pay $X for the service but they "can't afford" to additionally pay $X themselves (to make up the difference to the $2X price of business-class)? BS. Either you are exaggerating or the company is lying to you--they just don't want to pay for it.

That said, I don't think this is fair. I also don't think it is fair when a company *cough*Verizon*cough* offers "full Internet service* but then blocks ports on the router and outlaws servers in the TOS. If all they want to sell is a watered down, "just look at the pretty pictures and don't do anything technical" service that's within their rights--but then say so on the label.

Re:Your company can't afford it?

[thesolo]

Let me get this straight, the company pays you enough that you can in turn pay $X for the service but they "can't afford" to additionally pay $X themselves (to make up the difference to the $2X price of business-class)? BS. Either you are exaggerating or the company is lying to you--they just don't want to pay for it.

I work for a large (3000+ people) company in the Philadelphia region. The company currently supports telecommuting with broadband through VPN. Currently, they pay $39.95 per month for connectivity, plus $30 per month for outsourced broadband routers/firewalls. (The latter part I think is stupid, but I digress.) So for each person telecommuting, they pay roughly $70 per month

Now, increase that highspeed access from $39.95 to $95.00, and they would have to pay roughly $125 per month per person. If only 300 out of the 3000 people here telecommute, that's a cost of $37,500 a month, or $450,000 a year just for broadband users. At the previous price, it would be roughly $252,000 per year. Almost 200k more. That's a lot of money to just "find" in your budget. So what happens? Comcast loses money because my company suspends all high-speed telecommuting. So now instead of getting their extra 200k a year, they get nothing, and the people who benefited from telecommuting no longer can.

You know, if Comcast wanted all these people/companies to shell out $50 more per month, the LEAST they could do is remove that 128kbps upstream cap they enforce for business accounts. Its really annoying to transfer large files to work or VPN to a server when you can't send out over 15K/sec, peak.

Re:Your company can't afford it?

[viking099]

If your company can't afford to offer telecommuting services to its employees, then the company shouldn't offer it. Something like that is a luxury, not a necessity (remote connection is a necessity, for sure, but daily telecommuting is not).

If telecommuting is a requirement, then set up a bank of modems for the people who need to telecommute to use.

It all comes back to playing by the rules. If the ISP finds out, I'm pretty sure it'll cost more to the company than $200,000 to get their accounts in good standing.

How to classify a VPN?

[adadun]

The obvious question is "what classifies as a VPN?" A VPN is a Virtual Private Network which usually is constructed using a secure IP layer such as IPsec. While it is easy to scan for IPsec usage (it has it's own protocol number - even as TCP and UDP has), it is much harder to scan for other types of VPN solutions.

Even encrypted HTTP, HTTPS, can be used to build a VPN-similar type of thing (think "VNC"). Since HTTPS is used to encrypt on-line banking traffic, e-commerce sites and such, they cannot just stop everyone from using HTTPS.

Furthermore, since the data (by definition) is encrypted, it is impossible to peek at the data to determine if a data stream is "a VPN" or just some other HTTPS transfer.

The conlusion is that they will have huge problems trying to enforce this.

Re:How to classify a VPN?

[selectspec]

No doubt. Who cares what the cable company says. Tunnel with SSH. It's encrypted so they will never know.

Re:How to classify a VPN?

[mjh]

Yes, and some VPN's include features in order to get around NAT devices typically installed on home networks. For example, Cisco's VPN can communicate on the standard IPSec IP protocol, or if you're behind a NAT device, you turn on UDP encapsulation and all of your packets go from UDP port 10000 and to UDP port 10000.

Of course, I'm one of those lucky people who has a choice of cable modem at my house or several xDSL providers. So if the cable company ever decides to ban VPN's and if they ever figure out how to effectively enforce such a ban (doubtful) then I get to take advantage of competition.

The good news is for those of you without such a plethora of choices is that enforcement, AFAIK is currently impossible.

Re:How to classify a VPN?

[Waffle+Iron]

The only thing that ISPs will accomplish by attempting to restrict Internet usage by protocol will be to accelerate of Bill Gates' grand .NET plan to move every online operation to port 80. In the end, it's a waste of time.

Re:How to classify a VPN?

[doogles]

Yes, and some VPN's include features in order to get around NAT devices typically installed on home networks. For example, Cisco's VPN can communicate on the standard IPSec IP protocol, or if you're behind a NAT device, you turn on UDP encapsulation and all of your packets go from UDP port 10000 and to UDP port 10000.

And to make it even harder to track "VPNing" users,

The new Cisco VPN Client 3.5 has included a feature which allows you to wrap your IPSec packets in TCP (as opposed to their UDP approach that you outlined above). This is even better when you have a strict firewall that only permits certain TCP & UDP port numbers outbound.

Other then what could be considered an "unsual amount of traffic" (hrm, 56MB of data transferred during that single HTTP session?!) unless you were digging through the actual packets it sure would be tough to know.

Re:How to classify a VPN?

[Rick+the+Red]

Some of us don't have a choice. When my wife or I VPN to work (we work for different companies) we both must disconnect our firewall/home network and plug our laptops directly into the cable modem, because the VPN protocol our companies chose will not work with NAT. We have no control over that, our employers do, and they will not change protocols just for our convenience. They consider it a favor to offer us the option of VPN in the first place.

Those of you who say the employer should pay the difference between a home account and a commercial account are nuts, and obviously still in school. When you get a real job you'll see just what the real world is like. It's come to the office or you don't get paid, and if you are offered another option be happy for it, but don't expect your employer to subsidize it. As the economy tanks and workers become a dime a dozen, expect telecommuting to evaporate as well. Enjoy it while you can.

Re:How to classify a VPN?

[bluGill]

You need to find a better employer. Mine not only pays for my DSL line (and ISDN before at twice the cost and 1/4 the speed), they encourage me to work from home. When I really have to get work done my boss doesn't want co-worker's problems to interupt me.

where I live snow is a problem. Several times a year most people don't show up to work becuase there is too much ice, and most years at least once we close the entire plant because it is too dangerious to drive. So a work from home solution pays for itself.

Re:How to classify a VPN?

[Rick+the+Red]

Define "better employer". Does yours cover 100% of your medical expenses? We don't have a co-pay for anything, not office visits, not prescriptions. I'd rather have that and pay for my high-speed internet access so that I can work from home at my convenience (say, when the kid's sick).

Perhaps it's because you live in snow country, but around here (Seattle) telecommuting is still a luxury, not a necessity. Hell, Boeing just recently allowed it, and they damn sure aren't going to pay for it (glad I'm not there :-)

Re:How to classify a VPN?

[StenD]

I live in Austin, and while I do have medical co-pays, my employer also paid for ISDN until an Internet VPN was available, and will reimburse a home office phone line or a high speed data line if either are required. I haven't requested that my cable modem be reimbursed, as I have the residential service and use it for personal access, but if I were required to upgrade to the business service, I would certainly require, and expect to receive, reimbursement prior to continuing to work from home.

Re:How to classify a VPN?

[Rick+the+Red]

and will reimburse a home office phone line or a high speed data line if either are required.

That's the rub: For most jobs it's not "required". The only thing required is that you come to the office and do the work. Telecommuting is a luxury for most folks. If you're on the road all day they'll buy you a cell phone, laptop, whatever. But for most of us it's not in the job description, so the employer won't pay for it. I have yet to see a job description that says "telecommuting required."

Re:How to classify a VPN?

[clare-ents]

I live in the UK and my company pays for health insurance [not really necessary since the NHS is fairly good], 2Mbit ADSL. I had to buy my own computer though.

The argument was that as an ISP it's a damn site cheaper for them to buy it for me than it is for me to buy if off them. [no income tax, VAT, National Insurance etc]

They then made it so we could telecommute [or the Inland Revenue might suss...] , we got ADSL & the ability to work from home instead of a payrise too small to buy ADSL.

What if AT&T upped your phone bill?

[Demerara]

Girard said cable business-class service "is not any better than residential, yet they charge you more."

Imagine your phone company doubling your bill because they analysed your calls and decided you made a call to the office!!

I buy bandwidth. What I do with the bandwidth is nobody's business (obvious exceptions included..)

Re:What if AT&T upped your phone bill?

[bluGill]

True, but with a buisness line you get a listing in the yellow pages, and you typically make more peak time calls. (Yes a steriotypical teen might spend more time on the phone, but that is not peak hours)

Both make a buisness line more expensive, though I'm not sure that it is that much more.

Re:What if AT&T upped your phone bill?

[abe+ferlman]

I know. Just give me a god damned pipe and stay the hell out of my business.

AT&T cable cut out on me again last night. I see that their FAQ page has changed and now explicitly forbids servers- but how can you even be connected to the internet (inter meaning "between") unless you serve some traffic? Certainly you can't run the file sharing services that are driving their business without running a server.

I'm sure someone will respond and say something like "yeah, but it's in their best interest financially to do this". Well, yeah, but I don't give a shit about their bottom line. I am a pissed off customer. My gas company doesn't care which rooms I heat. My water company doesn't care what flavor kool-aid I make. I pay for 128k upstream bandwidth and goddamit I expect it.

Re:What if AT&T upped your phone bill?

[ianezz]

I buy bandwidth

It depends: if in your contract there isn't a clause stating the minimum guaranteed bandwidth, you really bought only the ability to use your ISP's network, and your ISP sells that at cheap prices only because it is confident that you won't use really much bandwidth (or that you won't have really much traffic).

Now, what IMHO is wrong is the assumption that people putting up a VPN would automatically generate a lot of traffic...

The analogy with voice calls is not really appropriate, since they use little bandwidth (quite less than 64kbps, thanks to compression)

Re:What if AT&T upped your phone bill?

[Rogerborg]

• I buy bandwidth.

Well (assuming you're with a cableco), that's not at all true. You contribute to paying for the overall bandwidth usage.

The issue here is that what cableco's want to do is charge by the byte, but they know that they need to market their product as flat rate to attract the mythical "average user" who does nothing but suck pay-per-view content from the cableco's portal (no, idiots, that's a cable TV customer, you already own that market).

So what they are doing (in the UK as well, where I am based) is writing clauses into the AUP's that are designed to prohibit the sort of things that high bandwidth users are likely to do, without actually mentioning bandwidth per se. The aim isn't primarily to stop those activities, it's to limit bandwidth usage either directly (by not bringing in traffic to servers) or indirectly (by punting the high usage customers).

The UK basically has three broadband providers, DSL from the monopoly telco, and cable modems from two cableco's. And that's it. The telco acts exactly like the cableco's highlighted here; abusive, obstructive, restrictive, incompetent and internally muddled. It's impossible to get a straight answer out of them on policies.

In contrast, the two UK cableco's are (currently) behaving strangely honestly. One of the two, NTL, brought in a blanket ban on all servers. In the outcry that followed, they reversed this, and instead made their policy clear; it's all about bandwidth (as above). They acknowledged that they would only pursue those customers who generated an unfair amount of external traffic, like were running a server that was constantly attracting more traffic than their cable could cope with, leaving packets to expire alone and unloved throughout the network. The other UK cableco, Telewest, recently sent out a huge email about their technical policies. It named names internally, it gave usage numbers, server details, it basically treated the customers as intelligent, informed people, and solicited feedback. "Tell us how you want us to develop your network," they said, and I think they meant it. They understand that a prerequisite to having customers is to have happy customers who aren't just sitting fuming and waiting for their contracts to expire. There will probably be some dissenting followups here, and it's certainly the case that NTL and Telewest do screw over some customers, but they are getting better.

So my point is that there are different ways of doing things. Marketing droids can be invited to consider that it's OK to talk about bandwidth usage upfront, as long as you make it clear that you're only concerned with extreme cases and not 95% of Joe Users. Technical guys can be made to realise that if you involve your customers and don't lie to them or dissemble, they will be more understanding when you have problems. Lawyers can be instructed to stick to the important issues when writing AUP's, and not to create sleepless nights for low usage customers who just want to set up secure remote access to their boxen.

Honesty, clarity. It's all we ask for, really. Target the users that are costing you money, do it directly, and don't make vague threats that will just piss off the 95% of low usage customers that you rely on to generate money.

Is that so hard to understand? NTL and Telewest in the UK get it.

Re:What if AT&T upped your phone bill?

[ryanvm]

I pay for 128k upstream bandwidth and goddamit I expect it.

Wrong - use your head man. If all of AT&T's customers used 100% their cable modem's capacity 24 hours a day, you would not be getting broadband for $40 a month.

A full T1 is (1.544 Mbps) usually comes in somewhere at about $1500/month. My cable modem from @Home (2.2 Mbps downstream / 128k upstream) costs $40/month. Is this starting to make sense to you?

Unless you want to pay $500/month for your cable modem, quit bitching that AT&T doesn't want you to saturate it with traffic 24 hours a day.

Re:What if AT&T upped your phone bill?

[jmauro]

A full T1 is (1.544 Mbps) usually comes in somewhere at about $1500/month. My cable modem from @Home (2.2 Mbps downstream / 128k upstream) costs $40/month. Is this starting to make sense to you?

Except they are AT&T. They would still be reselling to themselves a T1 that they already own. T1's are overpriced, because they existed when there was no real other technologies that can provide that rate. Telecoms like to sell T1s over DSL lines, because T1 charging rates are huge compared to the DSL line and the cost is about the same. This means huge profit. For some reason companies like that. Go figure. Yes, if people used the cable modem at full rate, probably nothing would happen. Packets would be dropped, service would slow, but it wouldn't really cost them any more money.

Re:What if AT&T upped your phone bill?

[jdcook]

"Just give me a god damned pipe and stay the hell out of my business."

Let's examine this, shall we?

"I'm sure someone will respond and say something like "yeah, but it's in their best interest financially to do this".

Nice straw man. I especially like the hat.

"I don't give a shit about their bottom line. I am a pissed off customer. My gas company doesn't care which rooms I heat. My water company doesn't care what flavor kool-aid I make."

Of course the gas company cares which rooms you heat. They gave you a "god damned pipe." But guess what? Different rooms and different people have different heating requirements. That's why they charge you by the cubic foot. And your water company probably charges by the 1000 gallons.

"I pay for 128k upstream bandwidth and goddamit I expect it.

Given your self-righteousness and your termination from AT&T, I'm guessing you didn't realy "pay for 128k upstream." More likely, you paid for a consumer service that gave you "up to" some amount of bandwidth (so when it goes to 5k they don't owe you anything since 5 is "up to" 128) and contained various restrictions in the TOS about what you could and could not do with the connection.

If you want the ISP to provide "a god damned pipe and stay the hell out of my business," then that is what you should purchase. Had you bought business service, you would not have been cut off. Don't complain that you didn't get what you didn't pay for. It's boring.

Re:What if AT&T upped your phone bill?

[imuffin]

Wrong - use your head man. If all of AT&T's customers used 100% their cable modem's capacity 24 hours a day, you would not be getting broadband for $40 a month.

He didn't say he wanted to use his maximum cablemodem bandwidth constantly - he said he expected the 128k he was guaranteed. By my calculations, that's less than 1/12th of the bandwidth of a T1.

What should be in the the TOS of cable companies is total bandwidth allocation. In Austin, Time Warner has nothing like that in their TOS. However, if you use "too much," they will shut you down and make you call in to have the service turned back on. When we asked how much was "too much," they wouldn't tell us - because they want the right to make arbitrary decsions.

A friend of mine tried to determine the maximum upstream bandwidth allowed before a customer is marked as "bad." I forget the exact numbers, but it was something like 10 gigs up in a month could cause your service to be shut off... I could do that with a 56k modem!

Re:What if AT&T upped your phone bill?

[Tipsy+McStagger]

Agreed. NTL really do get it..

Their tech's don't baulk when you say you're running linux - they ask you which kernel, distribution and dhcp client you're using ;-) They make notes in your account that you have a clue and talk to you intelligently.

And (last time I looked) their AUP says you can run whatever servers you like so long as they don't cause loads of traffic and they're secure - security is the users problem. Blueyonder seem a bit less with it. Although they're happyish to work with linux they do have issues with some servers and have the x many concurrent connections rule and you must know the person you're dealing with.

It's nice working with a company that has a clue and listens to you when you explain service outages to them.

Re:What if AT&T upped your phone bill?

[interiot]

Best post I've seen on slashdot this month.

Re:What if AT&T upped your phone bill?

[cnkeller]

A full T1 is (1.544 Mbps) usually comes in somewhere at about $1500/month.

We just had another T1 installed from MCI/Worldcom. We have multiple T1's from various ISP's as redundancy (so there is no discount for having multiple T1's from the same vendor). We're paying around $700-$900 (including a Cisco 2600), sorry don't know the exact number. I'm not sure when you last priced bandwidth, but it's a hell of a lot cheaper than you think it is. We're located in the middle of Silicon Valley, so it's a pretty wired area. I guess it could be more expensive if you live in the Outback or something....

Re:What if AT&T upped your phone bill?

[LinuxHam]

but how can you even be connected to the internet (inter meaning "between") unless you serve some traffic?

first let me say, I'm with you. I just want a pipe that I can do with as I please. i also refuse to pay comcast for upgraded service when their current qos sucks shit. I'm glad its free til Jan, and I'll start fighting with them after the new year if it keeps up.

I know you know this but, transmitting and serving are two different things. transmitting is just sending data - a normal function of a two-way conversation. serving indicates that you are listening for requests for information, and are supplying it in response to requests.

what kind of server is *required* for web and email, the two activities they want you to perform on the residential line? none, really. sure, some IRC servers require you to IDENT in order to allow a connection. That's not web surfing, and I've never once heard of a plug being pulled for an AUP violation b/c the guy was running an identd server.

you are allowed to transmit requests for data, and hold a normal two-way conversation supporting the reciept of the requested data. you can transmit email because you are initiating the requested transfer.

no one can come inbound to your box to request data, plain and simple.

Re:What if AT&T upped your phone bill?

[abe+ferlman]

I would prefer to live in a world where I was not in violation, technical or otherwise, of any rules. This is a major reason why I use free software to the maximum extent possible.

I don't intend to stop using IRC, even if it requires me to run identd. In fact, my feeling is that these companies deliberately advertise that you can use their connection for filesharing. When they crack down on people running kazaa and gnutella, they'll at least have a consistent stance, and they'll lose a lot of customers including me. The term server is not clearly defined, and your example of identd helps to make that clear.

Regarding the normal two-way conversation- what about uploading jpg files for a geocities home page? Does that count as serving data?

What if the "server" machine broadcasts connection attempts rather than waiting for incoming connections- is it a server then?

But my point is just that the rule is poorly thought out and a liability cover, which in the end will probably cause a few people to be unfairly targeted. It's much like the old sodomy laws- sure they're not enforced, until they are, which usually ends up being when there's a political issue being pressed. These are bad rules and should be done away with.

Bryon

where does it stop?

[CodeMonky]

What if I'm not using a VPN but just doing research on the web for work? Are the cable companies gonna stipulate that you can't do anything for a business from home, even browsing the web?

Re:where does it stop?

[rknop]

What if I'm not using a VPN but just doing research on the web for work? Are the cable companies gonna stipulate that you can't do anything for a business from home, even browsing the web?

All that you're supposed to be doing with it is downloading "digital content" and associated advertisements from major media companies. You're a home user, right? That means that you aren't supposed to be able to think for yourself or want to do anything creative or interesting with your computer and your internet connection. Remember, it's a cable modem. That means you're supposed to use it like cable TV. You want to pretend that you're a thinking individual, well, in this country, you gotta pay extra for that, because that's not what the economy needs of its citizens.

-Rob

Ssshhhh, don't tell Adelphia!

[dpilot]

Their TOS are terrible, and getting worse every rev. They have always had a 'no servers for the use of others' policy, and I've always run sshd because it's a server for my own use. On the last rev they disallowed 'any servers at all', which I didn't take seriously because IRC is broken without ident. Besides, technically ICMP could be considered both client and server, and the whole freakin' net is broken without it. Finally, my sshd is for my use only, and is configured and firewalled that way.

Also on the last TOS update they disallowed sucking feeds on their mostly-broken newsservers. They really don't know what they're doing, because in the grand scheme of things, they're just pushing those people to a sucking feed on an external newsserver, and eating their head-end bandwidth. Besides, an off-hours sucking feed would probably be more benign, and I'd be happy to adjust my cron setup to cooperate.

AFAIK they have no anti-VPN wording in their TOS, but IMHO that's only because they aren't clued in to its existence to forbid it.

IMHO, Adelphia wants to be in the 'TV for your computer' business.

Argument from personal incredulity is a fallacy

[ManualCrank+Angst]

"I can't really see a use for a VPN besides connecting widely distributed corporate offices and internal networks, which is most certainly deserving of business-class rates."

I can. I have family in the area, some with broadband of various kinds. If we shared files more (which will probably happen in the future), it would be nice if we could be hooked up on a VPN so we could just drag and drop to various locations, rather than emailing. It would be simpler and it would take up less bandwidth (one copy vs one upload + one download).

Re:Argument from personal incredulity is a fallacy

[LinuxHam]

If we shared files more [..], it would be nice if we could [..] just drag and drop to various locations, rather than emailing

sounds like WebDAV is perfect for you. someone hosts an apache web server, sets up some file space, and creates a DAV virtualhost. you can even run it over SSL and manage user ACL's just like any other virtualhost. Then all your family members (assuming they run windows) create web folders pointing to the URL. There are no private home directories, though. Everyone has full access to all files and directories.

Same old, same old.

[mrsam]

As long as people are complacent and accept these kinds of bully tactics from their providers, they really have no standing to complain about it later. Don't like the fact that your cable company wants to be your net.babysitter, and tell you what you can or can't do on the Internet?

Well, rewarding this kind of arrogant big-brother attitude by giving them even MORE money for business-class service is certainly going to encourage a change for the better, wouldn't it? Or, perhaps, you should tell them to shove their port filters, and their DHCP garbage, up their network interface, and switch to someone else who does indeed provides real internet connectivity.

People really need to vote with their feet, and stop agreeing to put on their Internet provider's straightjackets. There are ISPs who will sell you a residential class DSL service, with a static IP address, and let you run servers. That's real Internet connectivity.

Re:Same old, same old.

[Rogerborg]

Fucking saying fuck every second fucking word doesn't actually fucking address the fucking issue.

The issue is that what cable providers mean is that high bandwidth customers should pay more (which they should). But they're too chicken shit to say it, and instead choose to wrap it all up in convoluted small print (sorry, "small font", and what's that all about?) that is really just designed to let them punt high usage customers whenever they feel like it.

It's mendacious and dishonest, and that's the issue here.

Re:Same old, same old.

[TheSync]

The issue is that what cable providers mean is that high bandwidth customers should pay more (which they should). But they're too chicken shit to say it

Exactly - the fair alternative is "pay per bit," and we really don't want that, right? So maybe we should suck up the blocked port 80's and 25's, for right now.

Re:Same old, same old.

[Rick+the+Red]

There are ISPs who will sell you a residential class DSL service, with a static IP address, and let you run servers.

Not where I live. We're too far from the telco switch, and they're not going to build a switch in my neighborhood. Period. They told me so. We're so far from the switch that we can only get 24,000bps on dialup. 56K? What's that?

We were so happy when AT&T bought TCI and put some money into the cable system, and were overjoyed when they brought us @Home. Now they want to sell out to Cox or Comcast, the two Scrooges who would ban our telecommuting.

I can't wait for Teledesic to offer some competition. I'd gladly pay them $100 a month for modest service if I could use it anywhere on the planet.

Re:Same old, same old.

[Graymalkin]

Uh where does it say anywhere the internet is supposed to be free for anyone to use? Considering most of the internet's traffic exists of data lines owned by businesses I don't see where you get this idea from.

Re:Same old, same old.

[Graymalkin]

Hello? Phone companies have been charging corporate customers almost double for phone service for a very long time. Why? First business customers usually get better QOS than residential customers as well as access to real technical support, not the dumbass farms everyone else gets the number to. If they don't get this for their business class service their provider is just being shitty. Second telecommunications equipment IS FUCKING EXPENSIVE. Do you really think your 40$ per month for a cable modem even remotely covers the actual cost to your provider for you to have the damn thing? It's not dishonest to have a pricing scheme which aims to cover costs by charging those using their connection for business transactions. If the guy's company won't shell out a little cash for him to use business service then they're yanking him around. Everyone bitches about telephone and cable companies like they've got some fucking right to the coaxial and twisted pair wire strung through their city. Unless your municipality was the one fotting the bill out of your tax dollars you don't own it. Being you're using somebody else's network you should stop thinking you're so special and that they owe you somehow. It's a slashdot syndrom where people seem to think T1s ought to be free and that everyone should be able to install Linux on an old computer and have a server in their garage without paying so much as a subscription fee.

If they start sniffing packets

[C0vardeAn0nim0]

to determine if you're using a VPN client, you can always implement something like this.

Hey, is HTTP based, so how would they tell the difenrence ?

Telecommuting IS a Business activity...

[somethingwicked]

"This would stop me from telecommuting since my company would not be able to afford the business service."

If you are TELECOMMUTING then you ARE a business customer. The only difference is that you aren't PAYING as a business customer.

Everyone can argue about if there should be different "classes" of service, but that is the business structure the Providers have chosen.

There will be people posting here "I use VPN but not for business." With those people I agree: Simply claiming the using VPN makes you a "business" customer is unfair.

But in the case where you ARE using the service as a business but want to only get charged the residential rate:

Quit your whining and stop being cheap

A business has the right to charge you the rates they see as fair and you have the right to not use their convenient service and start driving to work.

So how are they going to find out?

[TheDarkRogue]

I personally use VPN on my cable line for access to my home box from school. The thing is that I Have firewalled out the rest of the world from accessing the ports the VPN Server uses for it's little Java client web server and the acctual server, Except for the place I am comming from. So unless my Cable provider does some strange thing with spoofing addresses they can't really see them. What they can't see can't hurt them. I am lucky enough though to not have either one of the "C" Cable internet companies so I really don't have to worry that much.

Actually, that analogy is relevant...

[chrome+koran]

While the phone company does not eavesdrop on you to see if you are making business calls, they do charge a much higher rate (nearly double) for business service than they do for residential service. (Call your telco and check.) However, since they don't really check, hundreds of thousands of tele-commuters have residential phone lines that are being used for business purposes almost exclusively.

Here's the point: Business usage (phone, cable, whatever) CAN be more costly to the provider because these users will scream louder and demand quicker restoration of service when something goes wrong (line failure due to snowstorm, flooding, you name it). They also threaten to sue for lost business revenues due to the company's failure to restore said service in what they think is a timely manner. Residential customers don't bring that baggage.

So, they don't really care if you USE the line for business, because you won't be able to file suit as in the case above -- according to the TOS you weren't supposed to be using it for that purpose anyway. BUT, if you want them to treat your service as an essential component of running your business, you have to pay business rates...which is not wholly unfair IMHO.

Re:Actually, that analogy is relevant...

[Fnkmaster]

This is reasonable - I am willing to pay a graded amount based on different guaranteed uptime and service levels from my ISP/ILEC/CLEC/CableCo for my internet access. Just spell it out to me, stop treating me like a fucking kid, and then KEEP your goddamned guarantees. Even my company, which pays through the rectum for real T1 service doesn't really get the service level or uptime we were promised (and our silly folks signed a deal that basically gives us minimal compensation for excess downtime).

If I have more downtime in a month than I am guaranteed, I expect the entire month for free. This should be at least a two or three sigma event, so it shouldn't be too costly for the involved companies to give me this.

Then give me an honest deal that says "Residential Service == guaranteed 98% uptime", "Business Service == guaranteed 99.95% uptime". Real business users WILL pay for the guaranteed 99.95% uptime, and home users, even those who casually use VPNs to transfer files to and fro from servers at work, or to log into some machines at work to do some compiles or testing, will probably stick with residential (unless they telecommute exclusive and their company needs them to be guaranteed available all the time).

Frankly, there's no excuse for anything else, and if residential service can't even be maintained at that sort of guaranteed service level, the provider doesn't deserve to stay in that business anyway (and I don't want to sign up with them).

Re:Actually, that analogy is relevant...

[TheSync]

While the phone company does not eavesdrop on you to see if you are making business calls, they do charge a much higher rate (nearly double) for business service than they do for residential service.

The reason for this is regulation. Business lines subsidize cheaper residential service. ILECs would prefer to charge everyone on a per-minute-used basis, but regulation generally breaks it up into unlimited home usage and business usage.

Re:Actually, that analogy is relevant...

[Russ+Steffen]

You left out the most important reason why residential phone service is less expensive than business service - residential service is subsidized by federal tax money. The phone company recovers most of the difference in cost.

DSL In Cincinnati

[skroz]

The ZoomTown (god I hate that name...) service in Cincinnati doesn't have this clause, but the way they've configured their NAT for residential clients "breaks" many VPN clients. The upgrade is, as stated in the article, about twice the cost.

SSH works fine, though, and a clever tunneling setup can bypass their silly MAT trap in a lot of cases.

Re:How the hell would they know?

[The+Ape+With+No+Name]

Well, probably the same way they can filter http and https: by origin and destination ports.

no, it doesn't..

[xeeno]

I'm a grad student. The resources at the university I attend suck (the gta office has 1 computer in it, a 486 with windows 3.1). If I want to do work I have to either go to one of the big labs (big, not quiet, lots of people, can't get stuff done) or use the small physics lab which isn't equipped worth a shit. The solution? My home machine, which is a $400 alpha running linux. I ssh from the physics lab and do whatever programming I need to do, or check my email, or whatever. End result, if you classify ssh in the vpn category and expect me to pay 10x what I pay for connectivity then you are a fool. I don't have any options here - I've tried to get real machines in the gta office, even ONE machine that's worth a crap in there - it's a lost cause.

Actually, It's Worse Than That

[StormyMonday]

I invesigated Comcast cable a while back, as I'm out of range for DSL. Their terms of service were, in a word, unacceptable.

• No VPN. I suspect that there would be problems with the dynamic IP address anyway.
• Nothing that remotely resembles a server is allowed.
• No "business usage" of any kind. It's worded so that it applies to checking office mail from home.
• They have the usual clause "we reserve the right to change the Terms of Service at any time, in any way, with no notice."
• (The real kicker) They explicitly claim ownership of all intellectual property that you generate and that passes through their network.

I suspect that you could get away with practically anything as long as nobody complained and you didn't generate too much traffic.

Oh, as to their "business solution"? DSL. Not an option. Near as I can tell, there is no such thing as "business class cable" Internet.

No high-speed internet for me. Sigh.

Re:Actually, It's Worse Than That

[bluGill]

(The real kicker) They explicitly claim ownership of all intellectual property that you generate and that passes through their network.

This is good. Now generate some illegal content (slander, or copyright violations), and then use as your defense "The cable company (which has deeper pockets) owns that content, so sue them not me.

Re:Actually, It's Worse Than That

[thesolo]

No VPN. I suspect that there would be problems with the dynamic IP address anyway. Nothing that remotely resembles a server is allowed. No "business usage" of any kind. It's worded so that it applies to checking office mail from home. They have the usual clause "we reserve the right to change the Terms of Service at any time, in any way, with no notice." (The real kicker) They explicitly claim ownership of all intellectual property that you generate and that passes through their network. I suspect that you could get away with practically anything as long as nobody complained and you didn't generate too much traffic.

FYI, I do use Comcast Broadband, I do run servers, I do use VPN. They don't enforce those rules at all.

BTW, when I signed up, they didn't have any clause about ownership of IP. That needs to be looked into. Chances are it will disappear as soon as someone tries to sue them for ownership of IP.

Re:Actually, It's Worse Than That

[Alsee]

They explicitly claim ownership of all intellectual property that you generate and that passes through their network.


The other items are typicial stupidity, but this item is beyond belief. Sounds like it rates a /. article of it's own. Could you please post the actual text of this clause? I'd love to see exactly how they worded it.

-

Re:Actually, It's Worse Than That

[truesaer]

Well, comcast uses @home, here is the AUP. It doesn't say no VPN, it does say no servers. It says that it is not to be used for commercial purposes. It in no way applies to checking office email from home.

The Intellectual property statement is this: "Through these actions, a user also authorizes Excite@Home and its distribution affiliates to reproduce, publish, display, transmit and distribute such content as necessary for @Home to deliver the content in a timely manner."

The actions they're referring to is posting content in the personal web space they provide. Obviously they need to transmit, etc. the content in order for people to view it on the web. They are not claiming ownership of anything that passes through their network.

No business can satisfy people who look at a regular AUP and see it in the most twisted and evil way possible.

Re:Actually, It's Worse Than That

[chinton]

Bad example. The CORPORATES are not coming into you home, stealing your pictures, then selling them. You are coming to them, purchasing a service from them, and agreeing to their terms. If these terms are not spelled out to you at the time of sale, then they are being evil-money-grabbers and you probably could get them in court. If they do let you in on the terms of service, then sorry, you agreed with it by buying into them.

Re:Actually, It's Worse Than That

[uradu]

> FYI, I do use Comcast Broadband, I do run servers, I do use VPN.
> They don't enforce those rules at all.

I'll second that. While their TOS might sound evil, as long as they stay on paper, who cares? Let's get real--in most markets you don't exactly have choice. You either get broadband and bend the rules, or "live by your principles" on 42kbps. Around here I do have a choice between Comcast and Bellsouth DSL, but on cable I can pull down Mandrake ISOs from UTK at sustained 330KBytes/s, and I doubt DSL comes close to that.

-

Re:Actually, It's Worse Than That

[Pig+Hogger]

(The real kicker) They explicitly claim ownership of all intellectual property that you generate and that passes through their network.

Encrypt early, dear, encrypt often.

Re:Actually, It's Worse Than That

[interiot]

Can't they then just claim common carrier status? I'm not sure how common carrier + we own everything turns out, but maybe it's sorta like... we accumulate so much IP every day that it's impractical for us to make sure all of it is legal.

Re:Actually, It's Worse Than That

[Erasmus+Darwin]

"While their TOS might sound evil, as long as they stay on paper, who cares?"

As long as they're willing to put it in writing that they won't enforce the clauses in the contract, I'd be happy. Otherwise, that's some pretty scary stuff, especially since universities have been known to enforce similar clauses to get interesting intellectual property from students.

I'll admit that I mostly believe that the clause is just some ill-conceived attempt by the DSL provider to just cover their own ass legally, but there's no reason to justify giving them such a potent and abusable weapon.

Re:Telecommuting IS a Business activity...

[sessamoid]

>>A business has the right to charge you the rates they see as fair and you have the right to not use their convenient service and start driving to work. This is valid so long as the business in question isn't a monopoly, such as Time-Warner or one of the Baby Bells, for example. Those rates are regulated because the state has agreed to give them a limited monopoly. If you don't have much choice in broadband connectivity, then I'd argue that they do not have the right to raise prices willy-nilly as suits their suits.

Don't you get it yet?

[FacePlant]

You aren't supposed to do anything on your cable modem connection except surf the web, read email, and be really impressed at how much faster than 56k it is.

They've all but said that outright. They don't sell bandwidth. They sell a high speed web surfing experience.

This should no longer surprise anybody here. Let's get over it.

Re:Don't you get it yet?

[billstewart]

Disclaimer: This is just my opinion, not AT&T's. If it were AT&T's opinion, I'd be wearing a suit and tie while typing it and have a law-degree shingle on my wall.

AT&T had to do a lot of work to get the network switchover done in a hurry, though they'd been planning for a while. You'd think cable TV systems would have a uniform infrastructure, and that so would the cable modem bits, but it ain't that way; most cable TV systems evolved a town at a time in places where the town council's decision criteria had a lot more to do with whose brother-in-law got the street-paving contract than on which company had really forward-looking clues about telecommunications, and the bigger cablecos that bought up the former town-by-town franchises were doing well to get MTV and Pay-Per-View working everywhere, and the cable-modem-cos were trying to take this non-uniform infrastructure plus whatever level of quality and uniformity the cablecos added and rapidly evolving technology and make deals with cablecos who mainly *were* focused on selling the MTV and PPV. Leave aside that some of them were busy dropping billions of dollars on search engine and greeting-card companies hoping that would catalyze the public into buying their service, while trying to maintain some control on the amount of Napster (which really *was* getting the public to buy their service but simultaneously needing to be tuned heavily to avoid trashing network performance while needing to be disavowed to prevent the TV-side of the cablecos from getting into intellectual property problems with them :-)

• Throttling your upstream bandwidth to 128kbps is reasonable - the technology is heavily asymmetric with limited upstream, and the anti-server rule was originally primarily because they didn't have the techology to limit individual users' upstream transmission rates.
  
• Throttling the downstream bandwidth reeks - I don't know how much total bandwidth they're dropping to each head end, but I'm surprised they'd want to cut it this far and face public backlash when that's one of their main competitive advantages over DSL.
  
• Static addresses? Not surprising to lose those - dynamic addressing is *much* easier for the carrier to manage, and they don't have to keep track of as much individual user information, plus it fits well with the standard MS and Linux client network support tools and strongly reduces support calls from users trying to set up their systems. It also makes it easier to run multiple client machines without a NAT box :-) It does also harass people who run web servers, but that's a job for Dyndns and similar services.
  
• RARP for Security? What a bizarre approach - anybody who uses it deserves to lose badly! There's no guarantee that a telnet client is even *on* an Ethernet-like network, and for security reasons it's not clear that that kind of protocol ought to be passing very far across a network.
  
• Reverse DNS - Is that what you meant? That's a much different issue. Reverse DNS should work, because there are *lots* of sites that use it for authentication. If you were confused, and this was what you really meant that they trashed, find a popular ftp archive that insists on it (I think ftp.uu.net does, for instance) and call them back and complain about that, since it's much more likely to be in the technicians Help-Desk-FAQ and triggers "things couch-potato users expect to work" reflexes instead of "sounds scarily technical" reflexes. :-)
  
• Support queue length - If that's a telephone waiting time, and not an email/web-response waiting time, that's *way* too long for a professional quality service, but remember that they've just had a couple of *really special* weeks, and some appallingly high fraction of their customer base is calling them.
  

Remember the Disclaimer. You're getting very sleepy, and you don't remember any relationship between the poster, who seems to work at "spambert.com" and any Big Telecom Companies. These aren't the corporate droids you're looking for. They can move along

leftover from excite

[Lumpy]

that has been there from day one. Excite is the ones forcing the issue and always have. Look at AT&T's TOS now that they sluffed off the leeches called excite. servers allowed, linux specifically mentioned and unofficially supported (as in they'll tell you the ip information instead of saying it all has to be dhcp or we'll kill you or the funny, the dns servers ip address is prepriatory information I cant tell you.)

I'm sure comcast and cox will get a clue when they also fling excite the bord later next year.

Re:leftover from excite

[Enigma2175]

servers allowed,

From http://help.attbroadband.com/faq.jsp?content_id=41 6&category_id=34&lobid=1

Can I Host a Server?
AT&T Broadband does not allow servers to be connected to the cable modem. This means that no computer in a personal network can be used as a server.

linux specifically mentioned

There is no mention of Linux in the AT&T Broadband Internet Subscriber Agreement, are you referring to a different document when you quote "AT&T's TOS"?

As far as I can tell, the only difference between the old service and the new service is that my bandwidth is now limited and latency to internet locations is higher. They still have a draconian subscriber agreement, to the point of telling me I can't even have servers on my HOME network. It also mentions that I am not allowed to NAT my home network to the internet. If I want to have more than 1 computer access the internet, I have to buy their "home networking solution" and pay $9.95/month. I am only allowed to connect 3 computers to the internet, if I want to connect more than that, I am SOL. If I NAT my computers, AT&T treatens to prosecute. From the subscriber agreement:

(g.) Theft of Service. Customer shall not connect the Service or any AT&T Broadband Equipment to more computers, either on or outside of the Premises, than are reflected in Customer's account with AT&T Broadband. Customer acknowledges that any unauthorized receipt of the Service constitutes theft of service, which is a violation of federal law and can result in both civil and criminal penalties.

Oh yeah, sounds like AT&T is a great benevolent father-figure and @Home is the bad guy. I am shocked that anyone would be taken in by such propaganda.

Re:leftover from excite

[theCoder]

AT&T Broadband does not allow servers to be connected to the cable modem. This means that no computer in a personal network can be used as a server.

Crap. I guess that means you can't connect any computer to the network, since they're all servers in some way. That whole peer-to-peer architecture of the Internet's a bitch isn't it?

(g.) Theft of Service. Customer shall not connect the Service or any AT&T Broadband Equipment to more computers, either on or outside of the Premises, than are reflected in Customer's account with AT&T Broadband. Customer acknowledges that any unauthorized receipt of the Service constitutes theft of service, which is a violation of federal law and can result in both civil and criminal penalties.

*checks cablemodem* Yep, it's only connected to one computer. It just so happens that that computer is connected to other computers. Yay for NAT! AT&T can't do a damn thing about it, because no matter how they spin it, there is only one computer connected to the "Service". Other computers are connected to the NAT box, but considering how masquerading works, they can't really be considered on the Internet, or really even using the service, since all the data is officially requested by the NAT box.

Besides, if they start claiming theft of service, just point to all the recent network outages and threaten to prosecute them for theft of YOUR service.

Re:leftover from excite

[Enigma2175]

you obviousally didn't read the post or the at&t changeover docs.

I most certainly did read the post, in fact I quoted most of it in my reply. I assure you I have also read all of the correspondance from AT&T concerning this matter. The official support site is http://help.attbroadband.net.

Linux is unoffically supported, Yeah, they'll mention unofically supported thing is a TOS, gawd you are dense

I don't really understand what you are trying to say here, since you were unable to form a coherent sentence. It's funny that you use a post so full of grammatical and spelling error to call me dense. As I stated before, there is no mention of Linux at all in the Official Subscriber Agreement, nor is there mention in the Acceptable Use Policy(AUP), which is directly contrary to what the parent post asserted as fact.

as for the servers part, they mention that you can allow others to access your computer but they are not responsible for being hacked, etc. and you cant do commercial or business. you obviously looked at a old or different services TOS. read the one you were sent retard.

The Subscriber Agreement that I quoted is dated December 6th, do you have a more recent copy? Can you supply a reference to such a document? They explicitly state on their support site that servers in any form are not allowed. AT&T Broadband's site seems to be the definitive reference for the terms of the service. You say I should "read the one you were sent retard", but AT&T has not sent an updated agreement. The only correspondance I have received from AT&T subsequent to the network changeover is a standard welcome message directing me to help.attbroadband.net, which is the source for my statements.

What the hell is the theft of service thing for? the yguy didint say that you could happily give it away... you sir are pretty damned stupid for a troll.

Nowhere did I state that the original poster said I could give away the service, and I don't intend to do so. However, I do like to distribute the service to other computers throughout my home, which the new Subscriber Agreement specifically prohibits (either on or outside the premises). I was using this as an illustration of the point that the new AT&T agreement is much more restrictive than the previous Excite@Home agreement. The original poster asserted that the opposite was true. I supplied links and references to prove my statements. I gave specific instances where the agreement is more restrictive. You submitted a badly written post with no information or references, full of degrading language and personal attacks. Then you have the audacity to call me a troll. You, sir, are the very definition of a troll. I regret replying to such an obviously goading post, but I am quite upset about the degradation of service I have experienced and I feel this an appropriate forum to express my disgust.

Re:Telecommuting IS a Business activity...

[richieb]

If you are TELECOMMUTING then you ARE a business customer. The only difference is that you aren't PAYING as a business customer

Why should that matter? Do you pay more for bus/train/toll because you are going to work, instead of to the movies?

You should pay for the service you're getting: bandwidth, IP address and quality of service. What you do with it is non of the ISP's bussiness.

unenforcable

[avdp]

I have had two different cable providers so far (comcast@home and Adelphia - I moved from Philly to Pittsburgh) and they both have these clauses. With both providers I used VPN to "dial-in" to work, and I have run servers (FTP and Web) - although not full time. They can't block the ports because there are other (legitimate) use for them.

I think they put these clauses in their contract so that *IF* you abuse of your priviledges, they have the rights to pull the plug. And even then, the only way they'd know is if everybody on your block complained of piss poor performance, and they decided to start investigate who is sucking all the bandwidth.

I have never gotten a call, email or letter from the providers complaining about this. I am not going to worry about it.

Re:unenforcable

[avdp]

Well, yes, there is a cap, but even then that doesn't mean that they would be happy if you maxed the cap 24 by 7 - which you'd have the potential of doing if you ran a successful website on it (or shared mp3 through it or something).

You have to remember you share the network with everybody in your neighborhood and the neighorhoods are not sized to allow all the users to max the caps all at the same time... So, they do have to put some restrictions on usage - however, as I said, as long as you don't abuse it, nobody is going to pick a bone with you.

Re:unenforcable

[avdp]

Lucky you!
I used to have pretty decent bandwidth with comcast@home (although nowhere near your numbers) but it's gone way down with Adelphia. But it's still better than dialup and for some reason I can't get DSL (eventhough it's available in the area)

Re:unenforcable

[avdp]

They are indeed jackasses for doing this without notice, however the reason I still think this is unenforcable is simply that you can runs these things on any port you want. Doesn't have to be port 80 for webserving - it's trivial for a client to specify another port. A little more complicated for FTP though as many client don't seem to give you the choice of specifying a port - but still.

Hmmmm

[cr@ckwhore]

Why does it matter? The way I see things in an ideal world, when I purchase a network connection from an ISP, it shouldn't matter how I use it. If my ISP started to regulate my network activities to that extend, I'd go find another ISP with no bullsh*t.

Paying for business behavoir is wrong.

[beldraen]

There is no identifiable difference between what I telecommute to do and what I do for home use except that what I do for home use requires a tremendously larger amout of bandwitch. I don't browse newsgroups at work. I don't pull ads off of Adcritic at work. I don't browse around to see what neat and new things are out there. In short, my business use ties up a hell of a lot of bandwidth than my play use does. The original reason for business class phone lines was to pay for the extra quality of service that should you have a problem with your phone line, they would attempt to fix it faster than anyone else's residential line. However, the quality of cable does not change for the increase in price. As an Excite@Home customer, the way I have been treated is just ridiculous. To think that I would pay more for no change in service is stupid, at best. This is why I think that DSL is going to win in the end, which I didn't think until recently. Cable has totally overloaded itself.

My two cents,
Chad

Assuming you have a choice

[brassrat77]

The choice is not using a different company. The decision is use broadband from THE company servicing your community under THEIR terms or revert to dial-up service.

*IF* you're lucky, you can "choose" between the monopoly cable company's service and the monopoly phone company's service. If you are REALLY lucky, you can get DSL from a CLEC or COVAD reseller. If you are insanely fortunate, you can get wireless service or your buddy next door has a T-1 you can tap into.

I live a few miles from AOL, mci/worldcom/uunet, and many other MAJOR data centers. Yet *my* choices are: Cable modem, overpriced IDSL service, ISDN, or modem. People living in spitting distance of the main MCI center can't even get my limited selection.

There is no choice, the broadband providers are well aware of that fact, and they are determined to keep it that way.

Re:Telecommuting IS a Business activity...

[DoorFrame]

No, but do you get charged more if you go to a movie and you're a business person as opposed to a student? Students pay less at movies then someone who works... even though you're both going to see the same movie.

The situation is the same. Residential people are less willing to spend money on internet connectivity and they are charged a lower price to entice thier usage of the system. business are willing to pay more and are charged accordingly.

god, i forget what the term is, but there's an economics word for this. old people and students get discounts in the real world, non-workers get discounts in the virtual one. annoying, but fair.

Roadrunner

[Ratbert42]

Ok. This is sick. I'm actually starting to like AOL-TimeWarner. The RoadRunner TOS used to prohibit VPNs (and game servers, web hosting, etc.) on residential service, though they rarely if ever enforced it. I just checked them again and the latest ones don't even mention it. Whoohoo!

Plus they recently added a nationwide dialup service. 10 hours / month for free, 99 cents an hour after that. In the past year I've had only three memorable outages and one was at 1am.

Do this make me sound like Scott Case's bitch or what?

Re:Roadrunner

[Junta]

I agree, for once I'm glad I'm an AOL-Time-Warner customer. I have mail server, web server, and an IPsec connection running without problems.

What is this dialup service you speak of, though? Does it mean that with the broadband access you can also use a phone line while on the road? I can't seem to find mention of this on their site... This is a feature I could find useful.

Back on topic, this story is an example of why it's bad for this sort of thing to be managed by a regulated monopoly. Where I live, the nearest DSL CO is too far away, so the only viable, affordable alternative is Roadrunner, but it's ok thusfar. However, if I was stuck with Comcast, I'd be pissed...

Re:Roadrunner

[1010011010]

Do this make me sound like Scott Case's bitch or what?

I've got Road Runner, and it's absolutely great. Reliable, cheap, fast, and unrestricted. The service may be provided by AOL/TimeWarner/CNN/Yap.com, but, so what? It's a good product at a good price. If this makes me Steve Case's bitch, so be it. :) But it doesn't actually, make me anything more than a satisfied customer.

Re:Communication types

[haplo21112]

OK,

Well how about if you provider is the only game in town(and please name the town with more than one cable system available to any random house)...you can't get DSL, and the Provider has these stupid clauses...and they only offer residential grade service, no business grade...frnakly I would pay more for a business grade line if the charges were reasonable say $100/MO, and it offered me, lower latency, higher bandwidth/throughput, and I could legitimately run the things I want too(really I just want my DNS, and Web ports back)...

Re:Telecommuting IS a Business activity...

[spongman]

hang on, how can it be that on one hand we have Microsoft, a company with far more competition in its marketplace than local phone companies which gets a multibillion dollar monopoly suit brought against it (by the largest monopoly in the world, i might add) mainly because its competitors get pissed off and fill the back pockets of corrupt politicians with 'lobby' money (whatever the fuck that's supposed to mean) and on the other hand we have these shitheads who, through the abuse of their monopolies on high-bandiwdth internet service are charging increasing rates for reduced services.

what's wrong with this picture?

higher prices and customer harm are signs of a real monopoly...

Re:Telecommuting IS a Business activity...

[Jburkholder]

>What exactly classifies as business use

I'll say that when the service goes out for an hour, any you say "shoot, guess I'll go iron my socks for a while and call support if it isn't back up when I'm done" then you are not a business customer.

If the service goes out for ten minutes and you are on the phone right away screaming at them to restore your service RIGHT NOW because every minute that goes by you are losing money, then you are a business customer.

Re:The decision is easy, then

[Graymalkin]

To use Earthlink's dial-up service from a cable account requires extra hardware. You need a rusty iron pipe to shove up your ass long enough to reach the nearest POP so an Earthlink employee can ram it farther into your behind. If you try dialing up away from home you better hope it isn't a period longer than about 18 hours total because they will begin the fourty dollars a minute charges. I mean this is understandable since your account in linked to a cable modem and you tying up a POTS line is wasting their service availability. Just don't use your dial-up for too long away from the safety of your cable modem.

Cablevision ROCKS!

[Algan]

After reading about this kind of shit on a daily basis, I'm so happy I'm with Cablevision. It looks like they are the last decent broadband ISP in the country. Grok this: download speeds between 3000-5000 kbps, uploads around 900kbps, and I'm talking peak time. Semi-decent tech support. Formally they don't allow servers but from what I hear they won't enforce it unless you generate enormous amounts of traffic. They are cool with Linux and other esoteric OSes (they won't provide support, but hey, who needs OS support). It's DHCP, but my IP stayed the same for the last 6 months. And all this for $30 if you have their TV package ($40 if you don't). I'll tell ya, if you're in NY, NJ or CT it can't get any better....

um, if you want support

[Jburkholder]

Jennie Moyer, a spokeswoman for Philadelphia-based Comcast, said her company "does not support VPN residential services," adding that teleworkers or their companies can purchase Comcast Pro service, which supports secure VPNs, at a cost of $95 per month compared with $39.95 per month for the residential broadband service.

Are they automatically changing your monthly rate because they detect you using a VPN? I didn't see that. Just don't call up and ask for help getting you VPN to work with their service unless you are willing to pay.

Did I miss something? This doesn't seem as bad as the write-up implies.

Re:Telecommuting IS a Business activity...

[richieb]

Because life isn't fair, and Internet access isn't a right, it's a product

That's right. Internet access is a product and I want to pay for the product. The product in this case is bandwidth and quality of service.

I'm willing to pay for that. Why should I pay more, for using less as a typical VPN/bussiness user, that some teenager who stays all day on Gnutella downloading videos?

Re:Telecommuting IS a Business activity...

[lythander]

The problem here is that most people who use VPNs to connect to their workplace aren't telecommuters, but people who need a file or to check mail or something simple on an infrequent basis. Relatively few people truly telecommute (i.e. work from home most or all of the time). This more expensive business use, as well as actually running a business (servers, whatever) should cost more. But it seems unfair for someone to have to shell out the extra dough so they can check their mail from home.

Obviously there are secure ways besides VPNs to implement this functionality, and eventually I think we'll see a move towards these. The question remains how will the enforce this prohibition? And if it's allowed on business connections, does that mean they'll support it, too?

See, the real issue here isn't "no you can't do that here," but that certain types of users call with certain kinds of questions, and this allows those answering the questions to segregate the questions so the right people can answer them. IP/SEC traffic requires certain very specific protocols and ports to be opened which may not normally be open on a standard ISP network. Most legacy hardware, and much current hardware doesn't support IP/SEC, so it cannot work. Your cable modem/router probably doesn't, unless it's high end or very new.

By prohibiting this activity on their "home" networks, they need not burn cycles explaining why "you can't do that, it just won't work," while really saying "our hardware can't handle it." The latter unfairly casts a negative shadow on an ISP who simply didn't design their network to handle this traffic, and perhaps doesn't see that as being cost effective to do.

So this is another attempt to cover themselves for not providing any sort of support for VPN, including enabling the funcationality on their hardware. It's like their not supporting more than one machine in your house, or not supporting linux on their cable network. It would cost them way more to do it right than it's worth. They aren't doing anything wrong, though they're not doing anyone any favors, either. They aren't likely to tell you to stop, just not to ask for help. IP/SEC may never work on these networks, but other VPN-like items will probably fly under the radar.

@Home/Cox policy vs reality

[puzzled]

The policy says ... roughly ... you browse web pages and most of it comes from their cache, thereby saving them big bucks. Anything else is forbidden.

In reality I have and continue to use ssh for unix connectivity without hearing a thing from them. I've used pptp in the past when I was forced to work on Evil Empire(tm) OSes and that worked fine. I've got some GRE stuff running now between Cisco boxes on cable modem and that is fine as well.

The only thing they really watch for here is overall transfer volume. Use a gig a day every day for a week and you'll get The Phone Call. Other than this monitoring they don't have the time, energy, or hardware to observe/filter anything else.

I'd say go ahead and use it as you see fit ... you're under the radar now and that radar isn't going to be seeing any capital investments over the next year or two.

bad Business activity...

[Erris]

I imagine that differential telco rates are a legacy of regulation. Once upon a time it would have made sense to subsidize residential service by charging profitable activities more. Fair enough, you knew about it up front, the charges were capped and it was used to support a public network.

The model no longer applies. First, there is no valid regulation. This is evident from the unilteral change clauses in TOS, which essentially say, "We have the right to screw you at will. Pay up or go away." Second, the private companies in question have no intention to subsidize anything. They are simply squeezing what they can from who they can. We no longer have regulated public telcos.

What we have is a cartel of rapists. In the best of all worlds, competition would come to the rescue and drive all of the greedheads out. In this world a small number of private interests have been given control of access to publically built networks and do not allow competition. The variable TOS are proof of their dishonesty and the high cell phone, long distance, cable and local phone bills you pay each month are the result.

What the fools don't realize is that regulation can return and that it can be made reasonable. They think they have been given this magic tollbox that they can squeeze and squeeze. The electric utility deregulation effort should sober them up. That they are pulling tricks like this shows that they are total fools. In time the public will get fed up, just like it did over Ma Bell's policies. People's expectations will change.

All that being said, I'd love to see the cable companies ban M$'s brand of bandwith hogging "VPN". Their tools are so sad. The IT folks tried one of those "services" on my machine a month ago. It was so slow that it was unusable. Bandwith capping would do this, as the goofey stuff uses megabytes of useless tranfers each second. The dinky little cable gets clogged up fast when people start using that trash.

Re:bad Business activity...

[TheSync]

What we have is a cartel of rapists...They think they have been given this magic tollbox that they can squeeze and squeeze.

Reality check: No one is getting full, unrestricted T1 Internet service for under $150 per month! (I know people who purchase bandwidth by the handful of T3s, they can't even get lower.)

The broadband providers have to go to utilize some set of restrictions to bring you the speeds that people want mainly for Web surfing. While they may be doing some stupid things to achieve this, the truth is that the broadband providers have laid out a HUGE fixed expense that they won't see a profit on for years, plus they are trying to figure out how to even be MONTH-TO-MONTH PROFITABLE on the bandwidth and operations side as well. Or maybe you didn't notice Excite@Home's bankruptcy...

If they are "rapists," maybe you should set up your own cable network, and prove it. You can rent power poles for $20 a year. Go stick up some cable around your neighborhood, and make deals with backbone providers!

Re:bad Business activity...

[mpe]

I imagine that differential telco rates are a legacy of regulation. Once upon a time it would have made sense to subsidize residential service by charging profitable activities more.

Well part of it would be that there are different guarentees of service and repair timescales on business vs residential telephone lines. At one time there may even have been different hardware on the line.
None of this history has anything to do with data transfer though...

Shielding Support -- true intention?

[rjamestaylor]

Are you sure this isn't just their way of not supporting your VPN? There are similar requirements that you use Windows or Mac OSes, Netscape/IE and these rules are simply to shield tech support from alternative OS/browser questions but I've never received a notice to shut off my Linux systems running SSH, CIPE, Apache (not on port 80), FTP, etc....I also don't call their support and ask how to configure httpd.conf...

Re:Telecommuting IS a Business activity...

[Pointy_Hair]

The real trouble here is the arbitrary application of a fee with no real value in return.

In some cases, yes you are right about VPN being a business activity. In many other cases there are home users that can take advantage of VPN access when their employer is not funding it, or provides a nominal kickback that is = to a $20/mo dialup fee. Or perish the thought, you run a VPN host at home so you can grab stuff off your personal machine when away.

I can agree with them nailing bandwidth hogs with a surcharge or higher (expensive) class of service. When I get tier 1 access from a GSP, I pay for volume and service level - and they don't care what the content is. I don't think it unreasonable to pass those charges down within reason.

Sure the phone company charges a higher business rate. But wait! they will put in a bare-bones 2nd line for $10/mo. That often gets used for fax (or dialup for broadband challenged). What they don't give you is a commercial level of service. Go figure.

Airlines charge higher business fares. Maybe because business travelers want to book at the last minute and make 6 itinerary changes during the trip. Cool... you get that extra service for a fee. If I plan a business trip in advance and get a restricted fare, they don't just upcharge because I used my corp AMEX. I just get the cheap fare and get upcharged if and when I need extras like last minute changes.

You Get What You Pay For - just don't charge me extra for crap I'm not using!!!

Sue them under Robinson-Patman?

[aozilla]

A seller charging competing buyers different prices for the same "commodity" or discriminating in the provision of "allowances" -- compensation for advertising and other services -- may be violating the Robinson-Patman Act. This kind of price discrimination may hurt competition by giving favored customers an edge in the market that has nothing to do with the superior efficiency of those customers. However, price discriminations generally are lawful, particularly if they reflect the different costs of dealing with different buyers or result from a seller?s attempts to meet a competitor?s prices or services.

http://www.ftc.gov/bc/compguide/discrim.htm

I have comcast, I dont see this in the TOS

[LordKronos]

I have comcast, and I dont see this written anywhere in the TOS, and Ive been looking at them for a while. I'm reading them here, and I see nothing about VPNs or that I interpret as VPN usage.

Ive been looking at these TOS for a while, becuase a whole lot of crap has been going on with comcast lately. Here are some of the email I've recieved from them lately.

They are changing mail services. This means my address changes from user@mediaone.net to user@comcast.com (or comcast.net, cant remember). No prob, EXCEPT the new addres becomes active Dec 29th, old address is deactive Dec 31s. This means we have 3 days to make the udate to all our online accounts, subscriptions, mailing list, etc. and what 3 days do we get? Sat, Sun, New Years Eve. If I have a problem making this update for one of my accounts, good luck finding someone to help, since most companies will be closed these 3 days.

Furthermore, until mid Jan, we will only have 1 comcast email address. What about those of us now that have 2 or 3 address. We only have 1 until mid Jan. I have an email, my wife has an email, some families have kids with emails. I guess someone in the household get left out in the cold for half a month (luckily for me/my wife, I've already transitioned to my own personal domain with email, so its not an issue for me, but Im sure it is for MANY, MANY people). They wont get email in that time, and what happens when they try to switch over one of their accounts in mid jan, and the system tells them "to confirm your update, we have send an email to your previous address. Please click the link in that email to complete your update".

What else have they told me lately...oh yeah. They send me an email all about how some home pages are going to change, something really minor. Then, burried 5 paragraphs down, they mention that, by the way, there will also be a new acceptable use policy effective Jan 1st, 2002 which "includes new information on several subjects, including use of bandwidth". Are they going to charge us for excessive downloads or uploads? I tried to look up these changes at the URL I posted above, but I see nothing about bandwidth. It says what I can/cant do, but nothing about how much of it I can do. Im puzzled. Are they getting worried about wireless neighborhood area networks?

What else...oh yeah. Im getting a new modem mailed to me that I have to hook up by end of year. According to them "This new modem will prepare your computer for upcoming Comcast High Speed Internet product enhancements including improved reliability and new features". I talked with some people, and came up with rumors that they are decreasing our upload speed to 128Kbit. I currently get 250Kbit up, and I know people that get almost 400Kbit up. I looked on their site, and nowhere do they mention upload speeds anymore, except on one pricing chart, they list the serivice as "1.5/128K" (1.5Mbit down/128Kbit up). Im afraid this new modem is their attempt to "upgrade" my upload speeds.

Oh, yeah, I almost forgot about the letter I got through postal mail last week...price goes up $5.

YEAH COMCAST!!!!!!

Re:Communication types

[alen]

Here in NYC many apartment buildings offer RCN and AOL Time Warner cable.

Re:Telecommuting IS a Business activity...

[aozilla]

god, i forget what the term is, but there's an economics word for this. old people and students get discounts in the real world, non-workers get discounts in the virtual one. annoying, but fair.

The "economics word" is "price discrimination". And under the Robinson-Patman act, it is sometimes illegal.

Re:Telecommuting IS a Business activity...

[abe+ferlman]

The Constitution doesn't guarantee you Fair, it guarantees you (and AT&T) Free. Fair is a socialist concept.

Actually, the constitution doesn't guarantee AT&T free, Dartmouth v. Woodward did that when it granted natural personhood to corporations. But you never hear conservative originalists braying about that one, do you?

Plus, the constitution grants the government the right to regulate interstate commerce and the right to provide for the general welfare. That includes fairness in commerce, Mr. "everyone I disagree with must be a commie".

Re:Telecommuting IS a Business activity...

[rjamestaylor]

Wow - a lot of angst in that post there...hope everything's ok...

Anyway, as a residential user who mainly uses his broadband connection to work from home I could not agree with you more. As a matter of fact, I could not agree with you at all. If it were not for the ability to control my servers remotely over my broadband connection then I would not HAVE a broadband connection. I don't do anything else online to justify the $50/mo expense. I hardly think I'm alone, and I doubt my provider would push this issue, either -- UNLESS I made demands for support ...or...*ding*

• [Lights On]

...try to sue my ISP for damage to my business becaue of some outtage or other service interruption.

My bet is that these clauses exist only as a defense from support requests / lawsuits.

What stresses their service more: CNN video streaming or SSH connections to my servers?

What's wrong? Business class doesn't exist.

[fizbin]

What little chance I had of sympathizing with the "no business use" restrictions of residential service vanished once I realized that residential service is ALL there is.

The places that talk about the restrictions on residential service seem to imply that just by paying more, one can sign up for a "business class" service that is essentially the same as residential service but without those restrictions.

Unfortunately, that's not the case. Business class service (except briefly for some of the areas served by Cox cable) over cable lines does not exist. It is a strawman that cable ISPs use to pretend that their restrictions on "business" use are somehow rational. This is a re-occuring thread in various @Home newgroups.

Hopefully having an article in ComputerWorld will produce more explicit explanation from cable ISPs about what exactly they mean by business use.

Consider that a common Comcast@Home commercial shows someone auditioning for an acting job halfway across the country through an @Home webcast. If that's not allowed, I smell a bait-and-switch lawsuit.

Re:Why waste your time with VPN????

[Junta]

Umm, this is the dumbest idea I have ever seen...
1) Bandwidth prohibitive. Term Server and Citrix are better than VNC, but the bandwidth requirement is still insane

2) "All you're sending is keystrokes, mouse movements, and video refreshes.." oh, is that all, that doesn't sound like anything important. Your argument I suppose is that with all that junk/noise going through, what could they possibly get? One thing is the keystrokes are easy, just grab packets that go in one direction and you have the video separated from mouse/keyboard events. All those passwords you type are suddenly in clear view. Since the downstream is essentially just video, then it's not too difficult to extract the sensitive information you are viewing. If telnet is insecure, this is even worse...

Using VPN is a very clean, efficient, and secure solution. Traffic is entirely encrypted, and the connection is transparent. Unlike what you suggest, VPN only sends what traffic is actually needed to be transferred between client and server, i.e. smb, nfs, http, ftp, whatever. For example, if modifying a Word document, you are *constantly* sending traffic back and forth, all of it somewhat sensitive with Term Server. With VPN, you pull down the .doc, modify it locally, and then push it back again as you save.

You really need to think things through before making a suggestion like this again. If I ever interviewed you for a sysadmin position, you would be turned down in a heartbeat based on this alone....

are you sure?

[Erris]

ATT owned a 25% chunk of excite. Did they use it to make excite suck? Are they now acting nice to fool you? Do you really trust the one true telco that charges by the second for voice communication and would like to keep it that way? I don't trust them any further than I can regulate them.

Really, I hope you are right but I'm afraid they are all a bunch of greedheads looking to stick it to you every way they can. Find me the words, "public interest" in any of the contracts.

There is very little business cable service

[anticypher]

I have colleagues who have worked on rolling out VPNs for telecommuters, and this has been their biggest headache. The problem comes from cablecos that restrict VPNs or servers but don't offer a service which allows it, at any price. Some block port 500 (as well as 25 in both directions, and 80 incoming) to enforce their ToSes, which just adds to the cost of troubleshooting and support.

I understand the rollout for a major US company has been stalled for the last two years because there is no @work version of @home in most markets, and now there is even less @home. About 30% of their employees were on cable systems who blocked ports, or randomly cut off accounts without warning. Negotiations were tried, and failed, since the cable companies just didn't have the business acumen to understand money being waved under their noses. They had settled on @home as the only viable service, and didn't want to build the extra reliability/stability necessary for @work, even if the margins were higher.

The other problem is that for the few cable companies who offer a business rate, the ToSes still don't allow VPNs or servers, nor do they offer Service Level Agreements or static IPs or allow NATing. About the only thing they offer is money back for when the service is down.

Until every cable (and DSL) company is forced to offer a TRUE business class of service, with acceptable TOSes, static IP (or multiple static IPs), no firewalling of any kind, etc, companies are going to be forced to use residential service for their telecommuters. Its just the state of broadband today, it may take years to shake out given the level of corruption of politicians in the US and the EU.

the AC

Re:Back to Bandwidth

[acceleriter]

Or is it going to be: "Your bandwidth usage is more than two standard deviations from the mean... which is not allowed under your residential use contract"

Dialup providers have been doing that forever (q.v. Prodigy, AT&T)--sending out warnings to people whose usage seems "excessive." They just didn't tell customers that they were using a two standard deviation test :).

Re:Wow.

[thetechweenie]

They block port 80 from the outside world. Other than that, I, like you, am happy with their service.

Re:Telecommuting IS a Business activity...

[Syberghost]

Plus, the constitution grants the government the right to regulate interstate commerce and the right to provide for the general welfare.

You complain about being tarred with the socialist brush, but you make the classic liberal mistake of conflating "promote the general welfare" with "provide for the general welfare?"

A lot of that may just by CYA kind of stuff

[Sycraft-fu]

Comapines often have rules that sound a little absurd, but are there to cover them. In this case I expect the reason has to do with lawsuits. IF you are using an internet conenction for bussiness uses, and it breaks, you are going to be more pissed off, and posibally sue them for lost money (the law provides for that). Well, if they are going to be open to that kind of liability, they want mroe money per month from you to cover for it. You pay more for better service as a bussiness because you need it. So the reason they prohibit this on a home account is so that if you ARE using it to do bussiness work, and you loose money because of an outage, they can say "well, the contract said you shouldn't be doing this, you need a bussiness account for that".

I'll give you another example, here are some selected acceptable usage policies from the dorms at my university:

"The provision of network services from user computers (e.g., BBS, Chat, DHCP, DNS, FTP, IRC, NNTP, POP2/POP3, SMTP, Telnet, WINS, etc.) is prohibited. Users who have a bonafide academic need to provide such services from their personal computer must have prior written authorization from ResComp administration prior to activating any such service(s) on the ResComp network."

According to this literally, you can be busted for having a personal FTP server to access your stuff from a lab. Do we bust people for this? Hell no, the reason for the policy is so that if someone is running a huge website from their dorm room and eating up bandwidth, we can make them stop. Many Linux users in the dorms have a number of personal servers on their computers and I've never seen any of them busted (I work for Network Operations).

"To conserve server resources for all users, pop mail clients (e.g., Eudora, Netscape Messenger, Outlook, Outlook Express, etc.), if set to automatically retrieve mail from the server, must be set to retrieve mail no more frequently than every thirty (30) minutes. Users may manually retrieve mail as frequently as they wish."

No, you won't get in any trouble if you set it yo 10 minutes. The purpose again, is just a CYA incase some moron sets it to once every 30 seconds or something.

"The residential network may only be used for legal purposes and to access only those systems, software and data for which the user is authorized. Sharing access to copyrighted software or other copyrighted material (including MP3 files from copyrighted music media and digitized video from copyrighted motion pictures, etc.) on the network is prohibited."

Makes sense, but some take it to mean that we police the network. We don't, and I'm sure plenty of this goes on. This policy is in there so if you do it, the RIAA/whoever whines about it, we can shut down the network conenction and refer you to this section of the code.

"Under no circumstances may users give others access to University systems."

Again, not a nazilike policy. If someone is in your dorm room and you have a remote X session open to a CS server or something, and you let them compile something on it, noone will know or care. IF you do something stupid like give out your login to said system, you'll get in trouble.

The rules sound a little stupid and strict at time because we want to protect ourselves from potential lawsuits and problems. I suspect these rules are for the same reason.

Info about Comcast business-class service

[dave_aiello]

Yes, Comcast does offer a business-class service. See the Comcast Business Communications site for more details. We have the Comcast business-class service. It works. We have discussed Comcast internet access issues extensively on CTDATA.com.

I love New Hampshire :)

[CrazyBrett]

I've got AT&T Broadband in New Hampshire, and I recently found out something interesting. Apparently, AT&T has different TOS restrictions for different states/areas. In other states, the subscriber agreement specifically forbids servers of any kind. In NH, it simply says "it is the sole responsibility of the customer to keep their machines secure, including configuring any servers they choose to run."

I found this out when I mentioned servers while talking to a tech support guy, and he told me that servers were prohibited. I challenged him to show me the clause in the agreement that said this, and he pointed me to a web site. On the site, it asks for your zip code, and you get a different version of the agreement depending on your location. He was looking at the Massachusetts version, and I was looking at the New Hampshire one. Apparently he hadn't been aware of the distinction either until then :)

-- Brett

A View from the Other Side

[Witchblade]

Having briefly worked as tech support for @Home, allow me to show a brief glimpse of why providers may want to do this.

An inordinate amount of cable internet support calls are VPN related. If you thought that clueless people having trouble connecting to their AOL email was a tech support nightmare, you've not seen anything until you get someone unable to connect to a VPN. A typical call would go like: "Dammit, why can't I get online!" After asking a few questions and running some tests it's made clear that the connection is fine, and they're able to connect through their desktop machine, just not their laptop. "Okay," I'd say, "It's probably just an error in the settings somewhere." I'd then proceed to describe how to open up the relevant controls in NT4 (it was always NT4...) "What? Are you kidding?!" they'd scream "This is my companies laptop and we're not allowed to touch anything on it!!!!!" "That's a problem, then," I'd say. "You'll have to have your sys admin check the settings for you then." "You're fucking kidding me! I'm in Redmond, WA and the company is in Denver! I work from home!"

The story was always the same: dumbass company gives employess laptops so they can work from home, and told them they had to get a broadband internet service, but didn't configure the machines for even DHCP or give the employees the admin passwords to configure things. You'd get that call about 20 times a day.

I'm so fucking glad I'm back in research. :)

Re:A View from the Other Side

[mj6798]

That seems like a simple support call to resolve. Start off by "log in as 'administrator' and ...". If they say "I can't do that", you point them at your configuration web page, tell them to tell their administrator to fix it, and end the support call. Takes less than a minute and would cost you almost nothing. That's no reason to impose draconian contractual terms.

Re:A View from the Other Side

[okigan]

Well this totaly differnt issue, If they (cable companies) would say that they do not provide any technical support for VPN related problems. What they are saying is that no VPN activity is allowed through there network, and that's what ticks me (and seems everybody else who is reading this post) !!!

Home business lines are treated as residential

[coyote-san]

"Business" lines are usually sold to brick-and-mortar businesses, e.g., a pizza shop, because they tend to use the phone far more than most residential customers. This requires more resources (switches, physical lines), and they are charged more. By the time a business has a PBX, the lines may be use constantly.

But then modems came along - and the telcos had to beef up their switching equipment because evening residential usage jumped way up. That's why there was a short-lived proposal for a modem tax. But the telcos eventually figured out that selling second (and third lines) for modems, teenagers and other heavy users was more profitable than that tax, and a lot less politically explosive.

Nowadays, I doubt many telcos care about home business use - during the day there's excess capacity in the residential areas since they're currently designed to handle everyone getting online in the evening.

Sigh.....VPN's are just another connection....

[Chanc_Gorkon]

My wife has a VPN for her work. While I do not expect to get "support" from the cable company fo r it, I do have enough knowledge to set the dang thing up. Also, my wife using what is essentially a terminal emulation program, uses almost ZERO, to very little bandwith when working. If I did pay for business in my area, while the service would not be better I would get some benefits such as a static IP and I would be allowed to run a server. I do believe that this is a bad policy. I bet that even their own workers probably break policy when the login to work from home to fix things (I bet that they get free service, but I would also bet that they don't get business class service for free). Too many people PAY for their own service so that they CAN dial up to work at home and at a decent speed too. I get free dial up at work, but because it's too frickin slow I pay alot more so I don't have to use the dial up (which was free for me you know). I would rather pay for my own rather then tying up my landline. Cable companies should put their enforcement efforts towards badwidth abusers and not folks just trying to read their work e-mail from home using a VPN.

If they do want to charge a bit extra to allow use of VPN's and work uses other then running a server at home I would not mind that in the least but I don't need to run a server at home. I don't NEED(or want) a static IP. I am actually happy with service as it is. I would pay say 5-10 extra just for the ability to do this, but not twice as much! Personally, I don't think they have to worry about folks using VPN's much cuz it just doesn't cause others to slowdown.

In fact, if you think about it, people telecommuting usually do it when you are at work also. Isn't during the day slower for them then say the hours between 7pm and 11pm??? They are using the network when it's NOT busy! They are not the cause of the slowdowns in prime time!

Issue is more complex than it appears

[dave_aiello]

My company became a customer of Comcast Business Communications over the summer, because our new office in Central New Jersey is out of range of DSL. We were very nervous about using a cable modem for our office's internet access. But, so far, things have worked out rather well.

We have posted a number of articles about our experience with Comcast internet access on our Web Site. Our latest article talks about the ComputerWorld article and our experience with both the business and residential Comcast cable modem services. Basically, we think that people who are serious about VPN use need the QOS guarantees and 24-hour tech support that Comcast offers to business users.

Re:Telecommuting IS a Business activity...

[5KVGhost]

And if cable companies and phone service providers were in free competition I would have no objection to your argument. Unfortunately most cable providers (in the US, at least) operate under monopolisitic contracts granted to them by state and local governments.

My choice in purchasing has been curtailed. In return, the cable companies are supposed to adhere to the terms of whatever contractual agreement was reached, under the oversight of those same goverment entities. In practice, however, the only consequence for ignoring their obligations, presuming whoever's in charge even catches on, is an occasional fine or strongly worded letter. There are exceptions, but the whole arrangement pretty much sucks.

And from what I hear DSL service isn't much better. Outside of cities or in areas with older lines availability and service is spotty at best, and the local telcos are generally not anxious to assist the competition in competing with them.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Wow.

[thetechweenie]

I guess I'll be making a phone call tonight! If they offered static IP's or a block of address space, they would be even better. Has anyone had any luck doing this?

So?

[uradu]

That's something solved by language such as "VPN access not supported", not by expressly forbidding it. Not supporting a certain service is a sign of limited human resources, whereas not allowing smacks of money grubbig.

-

So if you don't like it...

[Greyfox]

Go somewhere else. I went shopping when I was looking for DSL. Of about 10 ISPs I looked at, Speakeasy's web page was by far the most clueful and had the least odious terms of service. I pay them a hefty hunk of change each month for static IPs and 768 both ways. They stay out of my hair and have one of the most clueful tech support lines I've ever talked to. About the only thing they say I can't do in the TOS is run a porn site, and I'm willing to abide by that. If I want to set up www.livegoatporn.com, I'll lease a T1 to do it.

Re:Telecommuting IS a Business activity...

[roystgnr]

Oh, goody, someone just finished reading Atlas Shrugged...

If you don't like the way Company A sells their bandwidth, don't purchase from Company A.

How about, if I don't like the way Company A sells their product, I rescind the government granted right-of-way that allowed Company A to dig up countless miles of public and private property to bring their product to me?

Fair is a socialist concept.

So is eminent domain, but without it we wouldn't have any cables (or utilities) reaching our homes at all. If we're already granting corporate monopolies based on one socialist theory, why stop there?

Re:Fat cat's carry on rolling

[phillymjs]

Actually, there has always (for the 3 years I've had a cable modem, anyway) been this kind of language in the ToS, at least @Home's. It's been a while since I read it, but IIRC it's worded vaguely enough that you are technically verboten from using "residential class" cable modem hookups for ANY business purpose. I'm sure they do that mostly to hoodwink the gullible into upgrading their connection to "business class" if they want to do so much as check their work e-mail via Outlook Web Access.

I am of the opinion that since I'm paying for the connection, I will use it for whatever I Goddamned well please, within reason, and @Home can go f themselves. If @Home is too incompetent to keep their mailservers running reliably, or their irc server running at all, they sure ain't gonna catch me.

~Philly

What are you talking about?

[uradu]

> Why waste your time with VPN???? Use Term Server or Citrix

As if those are a quick drop-in solution--run the install and you're set. Using Terminal Services etc implies a fundamental architectural change in the way IS deploys applications. It's not something you do on a whim. OTOH, VPN access is pretty much a no-brainer add-on. IS installs the equipment, does the requisite security etc testing, and then employees simply access the same LAN resources that have always been there, just from home.

-

Re:Telecommuting IS a Business activity...

[Syberghost]

How about, if I don't like the way Company A sells their product, I rescind the government granted right-of-way that allowed Company A to dig up countless miles of public and private property to bring their product to me?

Ok by me. Go for it.

They block PPTP / GRE VPNs

[EvilMagnus]

All this talk about 'But how can they tell?' is driving me nuts. They don't have to tell if you're using a VPN or not ; they just block IP type 47 (GRE) packets. That's what Comcast does in certain regions - I know, as my company has run into this specific problem and been given this specific answer from them.

In case you don't know, your standard, Microsoft software-based VPN solution makes an initial connection over TCP port 1723, then sends all encrypted traffic in IP:47 (Generic Routing Encapsulation?) packets. Completely seperate from your normal, TCP/UDP web games/https/ftp traffic.

GRE is used for pretty much nothing but PPTP / software VPN, and it's easy to filter at the router. They don't need to packet sniff to see if you, personally, are trying to use a VPN. They just block the lot.

Re:Why waste your time with VPN????

[Junta]

I'm just saying that completely discarding VPN in favor of Citrix/Term server is stupid. Yes, the bandwidth isn't as bad as VNC, but it is still not as efficient as VPN approaches. Yes, it is useful for applications where your client lacks the hardware or software to run an application as good as through Citrix, and therefore can be used well *in conjunction* with a VPN, but by itself, not the most efficient/useful solution. You can have VPN running on the corporate router and provide a transparent tunnel through the firewall to privately addressable hosts with RDP and Citrix on them, which is a much more secure solution than sticking your RDP/Citrix boxes outside the firewall...
Additionally, RDP isn't very cross-platform, though Citrix and X11 are... Of course Windows X servers are not typically that great. When you can access smb/nfs natively, then you can pick whatever local OS/Application you want to modify the data, and are not just stuck with whatever is installed in the Citrix/RDP/X box.

Get another ISP!

[albamuth]

I know it may not be possible for your area, but hell, there are plenty of ISP's that do allow VPN, even AOL! My company has quite a few clients that access our systems via VPN so we let them know ahead of time: "if your ISP doesn't support VPN, switch!" And let them know why you switched, too. It won't be long until they get it through their thick skulls that singling out certain ports to charge access to isn't going to work.

More money, less bandwidth

[Jobe_br]

I researched business class offerings for Charter Communication's broadband offerings about a year ago and found the prices to be absolutely excessive. For business services, they were offering 256K d/l and 128K u/l for almost $150/month!

I bet if you check into the offerings by Comcast and Cox under business you'll find similar types of pricing schemes. It is absolutely outrageous. The local representative I talked with tried to convince me that I get a higher quality of service since problems with business customers are resolved with higher priority than residential customers. Unfortunately, in practice, this doesn't hold true.

In the two years I have been using cable broadband, the only outages I have experienced were outages that took place with equipment in NOCs, not problems with equipment on-site or in the 'last mile'. So priority would have done no good whatsoever - they'll fix the problem that is affecting thousands of subscribers just as quickly as they would if some of those subscribers were business customers (which I'm sure they are).

I presented this to the local rep and started getting attitude - why did this guy get defensive? Maybe he's used to dealing with types that can't call his company on their policies. I believe I certainly did.

Why pay between $150 and $250 per month for 256k-512k/128k service via cable when the local telco offers non-shared business class DSL at 768k symmetrical for less than $100 per month?!? I presented the local rep with those hard numbers and he gave me the lines about long waits for installing DSL ... which is why I would pay $50 to $150 a month more for the length of the service, so that I could be up and running in one week vs. two to three weeks? I think not.

Incidentally, the local telco hooks up business DSL far faster than is average in the DSL industry - I experienced two DSL hookups in Chicago (both residential) via Covad (local 'last-mile' was Ameritech, go figure) and found the waits and lack of service (status reports) unforgivable. Locally, however (Madison, WI) a business DSL line was installed at the same time that phone service was installed (new office) and the DSL was active by our move-in date (2-3 days later)- no problems there!

VPN isn't neccesarilly business related

[chinhdo]

I think what's wrong with the outright ban of VPN by either policy or blocking is that the cable companies are making decisions on what is and what is not appropriate residential Internet usage. VPN can and is being used for non-business purposes.

Those clueless morons!

[dcavanaugh]

These cable clowns won't give up until they turn broadband into a product that nobody wants. Why not get it over with and block ALL the ports? For $39.95/month you get port 80 unblocked. Then they could have a list price for any other port you might want unblocked. That would achieve their objective of bandwidth conservation, as well as reduced calls to the help desk! I would think it would be fairly easy to support a network if all the data were eliminated.

If some data still remains on the network after phase one of the plan, they move on to phase two, where you pay per hop. At the basic rate of $39.95, the maximum hop count is five. If you pay for "expanded basic" it goes to ten, and "business class" is unlimited (at least for the first three months)!

These guys would license the number of mouseclicks and keystrokes if they thought anyone would pay. I think it's all part of a huge conspiracy to make dialup service more attractive.

All joking aside, the real issue with VPN has nothing whatsoever to do with bandwidth. It is more about controlling the availability of ports and access to IP addresses that might otherwise be blocked. Carried to it's logical conclusion, you get a few people with commercial high speed connections and unrestricted access -- then a few thousand cable customers using VPN to circumvent access restrictions by the cable company. It still has nothing to do with bandwidth, because in an unrestricted environment this type of VPN would be unnecessary -- you would still have the same packets going to the same destination (probaby via a more efficient route).

If these guys have any brains, they are fearful of a P2P like utility that might facilitate the exchange of quasi-public VPN logons, which would create a "Massive Rogue Virtual Network" (MRVN). In the pefect nightmare scenario, we throw in a bunch of house-to-house 802.11b users that eventually hit a residential cable modem "gateway" that allows entry to the MRVN world. Of course, all of this could be solved with reasonable pricing and fewer restrictions, but they're not that smart.

I have just about had it with their incessant "dumbing down" of the service. As time goes by, broadband costs more and more while it delivers less and less.

Re:Those clueless morons!

[loraksus]

And you're going to switch to what? 56k? I don't think so.
They are capitalists and are going to milk you because they can - would you give away free money?

Re:Those clueless morons!

[dcavanaugh]

If they really dumb it down as much as they can, then YES I will go back to dialup, so will you. In fact, if AT&T bans VPN, I'm outta here.

Re:What happens...

[Junta]

Nothing, they get more money, so they could care less about what you do with it. They are just trying to get people to pay more money. Just like with WinXP, they are trying to get it so the "professional" edition is truly an upgrade to the "home" edition in every sense of the word. For 2k vs. ME, it wasn't the case as 2k wouldn't some apps designed for ME, so an upgrade isn't as popular as MS would like... Same principle here, you can get relatively good service for a good price, but for the niceties not used by common internet users, you pay a premium. VPNs are a target as the most widespread use of it is telecommuting, i.e. using your connection to earn profit, and the carrier wants a slice of the pie, whether they are entitled to it or not. Same deal with the ISPs prohibiting servers, they are afraid you'll set up an e-commerce site or a few banner ads and profit from selling services that the ISP is really providing. The more enlightened TOS say that while you are permitted to use servers and VPN, you must only use it for non-profit purposes. VPN is harder to know what the traffic is, so a blanket ban is more popular, though not more justified...

Getting what you pay for

[sterno]

My thinking is that if I should be able to have a menu of services to choose from and I should be able to pay mostly a la carte for those services. Right now if I got a cable modem I could get "home service" or "business service" which leaves me no room to get what I really want.

What would be ideal is if they provided a deal where you pay say $40 a month and get certain minimum specs and perhaps some restriction on what you were allowed to do with that connection. But if I'm willing to pay another 40 or 50/month, I should be able to get a static ip address or two, some better upstream bandwidth, and freedom to do what I want.

The problem right now is that there's no fine gradients in the system. Either you are paying $40/month with irritating TOS, bandwidth caps, etc, or you are paying $150/month+ for "business grade" service which I really don't need.

I just don't get it!

[mcrbids]

I have Pacific Bell DSL AKA SBC Internet.

Just spent 10 minutes TRYING to find an "Acceptable Use Policy" or something similar.

It's just NOT THERE... Really, it seems, they don't *care* what you do with your Internet Service! Basic rate is $50/mo, Biz use starts at $65. (I subscribed to a plan they no longer offer, a single static IP for $50/mo)

I know, I'm in bed with that evil monopoly, Pac Bell, but Hey! This is COOL! I've run my own DNS/Web/Mail/Proxy/NTP/etc Linux server for 2 years without a hitch. No complaints, nothin' - and reliable bandwidth to boot.

I *LOVE* these guys! (Even if they ARE an evil monopoly)

-Ben

Nothing new.

[ImaLamer]

This has been covered and discussed before but now I must ask another question.

If I use SSH on my own machine (or SSH to a shell account) do I get kicked?

One thing though I've noticed is that on Road Runner I've been getting kicked off from my Windows machine because it's using the cable modems USB feature to connect. I could see how easy it is to send a signal to the cable modem that simply says: "Turn Off"

Otherwise, VPN is something that has been not allowed on High Speed access for long now. My other question: How do they know what you are doing?

I seem to get 'kicked' while either accessing binary news groups or ANY filesharing service.

This reminds me of...

[DaoudaW]

This reminds me of a situation I was in about 20 years ago. I was looking to upgrade the memory on an NCR mini. NCR was telling me it would cost $5000, so I was looking for a third-party/used vendor. Eventually I found one which would sell me the board for $2000. But, fine fellow that he was, he told me that usually NCR had shipped the computers with memory maxed but had set the DIP switches to a lower setting and not documented how to change the settings. Ten minutes later, I had my memory for $0. Our local NCR rep was mad, but the contract was clearly in our favor.

An ISP provides customers bandwidth. They don't have to tell you how to use it most effectively or efficiently; they can even attempt to deny service to certain protocols. But if you or your company is able to use that bandwidth in ways that the ISP didn't envision, all they can do is go away grumbling. The fact is, it's their infrastructure that makes it all possible. So they either have to do some re-engineering or realize that innovative customers will always be ahead of the curve.

Many DSL ISP's don't support VPN either.....

[Newer+Guy]

I know for a fact that MSN doesn't and they're one of the biggest DSL ISP's.

Earthlink DSL - no problems so far

[Don+Keehotay]

'course I haven't actually READ the subscriber agreement... Ignorance is bliss.

Your company is CHEAP

[Proud+Geek]

They spend at least twelve million dollars a month on salary, yet they won't spend twenty thousand a month to conform to the terms of service of broadband services for their telecommuting workers? I realize that paying employees is closer to the heart of the company, but if they can't afford the spare change to work telecommuting properly they should just not support it as an option.

Re:What's the big deal with using NAT??

[TheAwfulTruth]

Not exactly, what's happening is that all the little 15 year old hackers in a neighborhood are getting togeather and sharing a single account between several residences. They are using the maximum throughput of the modem and paying only 1/10th the price. It is specifically because of this growing practice that AUP changes and in the future software changes will be made to make this impossible. THANK YOU 15 year olds!

I agree if it were all within your house, that's ok. But neighborhood lans are all the rage these days and they are using high bandwidth and paying very little for the priviledge. Get enough of that going on and you'll REALLY see the cable modems go bye bye.

It's the same reason you can't share your cable TV with the neighbors. I mean why not? The signal is there, who cares how much of it you use? Inside your own house? No prob. Share with the neighbors? They're stealing.

Re:Back to Bandwidth

[harlows_monkeys]

Which brings us back to the question of: What exactly am I paying for when I'm purchasing my home broadband connection?

You are paying for membership in a variable-sized pool of people who are sharing a downstream channel and an upstream channel, with the downstream channel having much more bandwidth than the upstream channel.

This difference in speed between upstream and downstream is part of the way cable works. They allocate frequencies below a certain point for the upstream, and frequencies above that point for the downstream. That certain point is constrained to being below the frequency of the lowest television channel, and places an upper limit on the upstream bandwidth the cable company can support. For downstream bandwidth, they can add more by simply using another TV channel (at the cost of being able to offer one less TV channel).

Much of cable company policy is aimed at dealing with that limited upstream. That's why most cable companies limit individual cable modems to 128 kbps upload speed, and that's why they limit servers.

You might think that limiting upload speed would be enough...why not let people try to run any servers they want, and let the 128 kpbs upload cap limit them?

The reason is that a couple hundred people saturating their 128 kbps slice of the upstream is enough to saturate the aggregate upstream.

When an upstream gets saturated, bad things happen to the downstream. TCP can't get ACKs through, and download speeds go way down.

This is why DSL tends to be more friendly to servers. Although DSL is shared, just like cable, the sharing starts on the ATM connection from the DSLAM to your ISP, not on the connection from your home to the DSLAM. The place where you have a speed difference between upstream and downstream with DSL is between your home and the DSLAM, and that part is not shared.

Point taken, but...

[codefool]

If I buy their "business service" is my cable is routed through "special" switches on a more reliable and fault tolerant network than my "residential service?" All they really want is a reason to charge more money for the same service.

PacBell Internet - no "terms of service"

[Animats]

PacBell Internet used to have a terrible "acceptable use policy", including a clause that said that you couldn't use the service to criticize PacBell. But it's gone. I can't find it on their site either.

However, they do claim that one of the advantages of DSL over cable modems is that some cable modems don't allow VPN use. So PacBell Internet has claimed in marketing literature that they allow VPN usage.

Re:block pings

[dpilot]

Pings already blocked, both in /proc and the firewall. For that matter, sshd only listens to places I might connect from, and that's also done both by config and firewall.

Because of the news TOS change, I've moved from leafnode to noffle, and have changed things around to make its behavior act like a conventional news client. And it stinks. I've seen leafnode wrapper scripts that give finer control to its downloads, and I may try that with noffle. At the very least, I still get the cache, so I can look back.

They can't find me by scanning, but that's not the point. I'm really trying to stick by the spirit of the TOS, yet not turn into an inet luser. I have ssh crammed down as tight as I can make it, and still have it *usable by me.* I'm working at tuning down my news cache to as 'interactive-like' as possible, and still get acceptable news response. (Right now it's interactive-like, but not acceptable.)

I just hope they don't get a clue about VPNs. There's been the discussion about business use. But my VPN use is occasional, normally my bandwidth is dominated by personal use. If the ratio were the other way around, I could see the requirement to get a business account. But the moment you get the Company to spring for it, they want to see Cost Justification, and you have to forswear your family even when at home.

Is this legal?

[trenton]

I've just read from other posters that there is no discernable difference between business and residential accounts. Sure, it's legal to set any price for any service (in accordance with any prevailing tariffs or whatever). But, I don't think it's legal to sell the exact same thing at two different prices and force people to switch to the more expensive offering. If you do indeed get something unique out of the business account, like a fixed ip, then it's okay.

Likewise, if there's no technical limitation or increased impact by you running a vpn as compared to any other allowed service, then I don't think they can force you to switch to business. Well, they can force you, but I think the FTC or some state authority might have something to say about it.

Get a better firewall/NAT box..or firmware upgrade

[billstewart]

Early cheap home NAT boxes trashed many VPN protocols, as well as trashing a number of other protocols. They've gotten better - many of the current products pass IPSEC to at least one LAN-side machine, and many of them pass a variety of other protocols as well (if you're using PPTP, your employer needs to get a better VPN, but check your firewall box anyway.) Some companies use proprietary tunneling products, but many of those products are just IPSEC with a proprietary authentication method, and can do ok on an updated NAT box.

Also, check if your NAT box has firmware upgrades available - several products such as Linksys originally shipped without VPN-transparency, but have later firmware you can flash-upgrade to add the capabilities.

As the economy tanks, you can expect some stupid and greedy employers to say "aha, we'll put the screws to our workers, get rid of perks, and make them show up at the office at 9:00 or treat them like that Neo guy". You can also expect some smart and greedy employers to say "aha, I need to get the most possible work out of my employees so I'll make it easy for them to work for ME anytime, anywhere, any way they can" and some extra-smart, extra-greedy employers to say "aha, in this economy I need all the productivity and creativity I can squeeze out of the few employees I can afford on my limited venture capital and annoyingly-low sales revenue, so I'll try treating them like *real*human*beings* and act like I respect them and spend the budget I can scrape up on productivity enhancers like fast network connections and good coffee and extra disk drives instead of $1000 chairs, especially since enticing them with stock options is a lot harder than it used to be." Of course, any manager, from the dumb to the extra-smart, will try to get around greedy cable-tv-company restrictions on applications :-)

SSHHHH! Be Vewwwy Quiet!

[billstewart]

Look, don't encourage them. Don't ask them questions when the default language in the contract says nothing and the obvious clueless corporate droid response is to say "No" and the smarter clueless corporate droid response is to say "No" and add it to the FAQ and Terms of Service so other people don't bother them with the issue again.

The main reasons they don't want VPN-like things are

• Clueless Corporate Greed - some of the cablemodemcos and some of the telco DSL companies want to get more money by charging extra for anything that looks business-related, and don't realize that that's not what the market wants, especially if they're not providing any better actual *service* for their business-priced offers.*
  
• Avoiding Support Headaches / Costs - somebody else, who used to do cablemodemco tech support, pointed out that they do get lots of difficult support calls from people whose corporate VPNs don't work right over cable modem service. One response said that the correct way to fix this is not to ban them, but to have an explicit "stuff you can try but we won't fix for you" list; the missing link you also need is to have a Technically Detailed FAQ about the network configuration. attached to the not-actively-supported list.
  
• Generic Cluelessness - "That's a really scary technical-sounding acronym! We don't want to have to even figure out what that *is*, much less what people might be doing with it!
  
• Business Cluelessness - Like *duh*, if people can get faster access to their work machines over cable modem, they'll buy cable modems from you instead of using dialup from the telephone companies, plus you get the benefit that teleworkers use a lot of their bandwidth at different times than game-playing kids.
  
• Blazing Business/Technical Cluelessness - The way to get lots of people to WANT your service is for the market to discover and popularize KILLER APPS, and if some of them look like servers, THAT'S JUST FINE as long as it doesn't totally trash your bandwidth. YOU probably won't discover the app - it'll just happen, like Napster, or be sold by someone else, like Quake - so YOU need to make it EASY for OTHER PEOPLE to develop that killer app for you.
  Because what you need most are Lots More Customers.

* Some of the business-class cable or DSL services actually do offer better-for-business service - better help desk response time or service quality, for instance, and in some cases higher bandwidth, plus obvious business-related services like more flexible billing, and bundled email and web services. It's tough for cable modems, though, because the fundamental service-scalability models behind the $40/month cost assume that It's Just Television, so the number of installation/repair technicians and trucks and help desk people assumes that if the service goes out on a snowy Friday night, you can read a book or talk to your kids or something and they'll fix it in the daytime after the storm's over and maybe credit you a few bucks or make HBO free for the next week. For a business client, you can put up with dial for a couple of days or read a manual or something, but actually providing business-server-class service isn't realistic; you'd have to provide a lot more trucks and technicians to make repair times much shorter.

Disclaimer: This is just my personal opinion, not my employer's, and it's Friday after 5:00 and I'm not wearing a suit, so don't bug them about it.