Slashdot Mirror
ISP Restrictions Based on Hardware/Software?
An anonymous reader writes "IT Architect magazine is reporting that ISPs are working towards a greater restriction of a customer's right to run what may be 'insecure' software. From the article: 'A greater threat is that ISPs may try to restrict the customer's side by denying access to machines based on their hardware or software configuration. [...] former head of cybersecurity, White House terrorism advisor Richard Clarke even said it should be made mandatory to quarantine malware.' Something that may also come as a surprise to some is that Microsoft is completely against this censorship of internet access. 'According to Chief Privacy Officer Peter Cullen, Microsoft is against ISPs doing anything that would restrict customers' choice of software. And he says this isn't just about the impracticability of demanding that data centers patch everything on the second Tuesday of the month. Laptop and home users also have the right to run an insecure PC.'"
Depending on your definitions, banning malware could mean banning Windows!
At the risk of pointing out the obvious, but - does it surprise anyone that the maker of the #1 target for malware writers is actively campagining against ISPs downthrottling infected users' PCs? I mean, if customers found out that Microsoft Windows = your ISP cuts down your rate, are people more or less likely to buy Windows? Their actions seems like obvious good buisness practice to me.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
What if the user is behind a SOHO router? It will be hard to figure out what the client's OS/version is. Try using www.grc.com and their ShieldsUp.
Anyways, this being the US, such practice will be considered discriminatory especially if poorer families cannot afford the latest M$ tax.
couldn't Microsoft's ISP (MSN) claim any open source software was "insecure"?
I think this is the only article on slashdot, that had anything positive to say about microsoft. This is the problem when you try to protect people. ISP regulating what I put on my computer and run online is not what we need. People should be allowed to run whatever they want to on their computers.
The real question is, is the open source community against it?
LINUX ONLINE POKER: Linux Poker
....or they are afraid that most Windows machines will eventually be shut off from the internet and OSX/Linux will run free
Of course Microsoft would object to this proposal. Any objective analysis (which the ISPs are certain to do) would put Windows high on the list of vulnerable systems. No matter how much Microsoft tries, it's always hard to configure a Windows system to be both secure and capable of easily running the software most users want to run without glitches. Putting a hardware firewall in front of it's just as bad from Microsoft's point of view: you're still telling users they have to spend more money and do more work to use Windows on the Internet. By contrast, many of the competing systems (Max OSX, *nix) are at low risk and would pass most security checks easily out of the box. No way does Microsoft want ISPs making it easier to put a Mac or a Linux box on the Internet than a Windows box.
Personally I don't care why Microsoft is against it - I'm sure they have their own agenda, but the enemy of my enemy is still my friend. If Microsoft are against it, it almost certainly won't happen - they have enough clout.
Anyway, such a law would be pandemonian, it would require international standards etc etc - it would never work...
1. It's impractical -
I can see how the White House might deal with this sort of restriction, but an ISP dealing with thousands of customers that don't WANT to cooperate - not to mention, there would be an absurd number of software and hardware iiterations, hacks, etc, all of which they'd have to deal with.
2. It's unfair -
I should be able to run the software I want on the hardware I want, as long as I'm not producing malware. A restriction on rights for security is inconsistent with democractic ideals, especially with the qualifier that the security doesn't necessarily protect rights.
http://www.TheGamerNation.com/Forums
"Cable Tech Support, John speaking. How can I help you?" "Yeah... I can't get my internet connection to work" "I'm sorry, you have a p2p client on your PC. Please uninstall this program to enable your internet connection." Not that I'm concerned about it, I'm sure 15 seconds after they do this someone will have a work around but still... don't try to say that you are doing it for "malware" purposes
I keep telling myself I'm not the desperate type.
I want on the OpenBSD-only ISP.
Trolling is a art,
It is becoming increasingly obvious that the large ISPs are out to put a strangle hold on the "Services" they deliver. There will be problems with VOIP caused by port restrictions, Others will stop offering basic services like nntp access. They have taken the view that the network is theirs and that they will dictate what is run over them with consumers being and endless cash cow that can be milked for access to "Premium" applications.
Microsoft is against ISPs doing anything that would restrict customers' choice of software.
That is a right they want to reserve for themselves (via their "Trusted Computing" DRM and similar).
that Microsoft would want to prevent people from being punished for using an insecure OS...
It's because they're for choice right? I mean, every time I turn around I hear about a new Red-Hat exploit which has allowed a worm to spread into millions of computers around the world, causing massive amounts of bogus traffic and driving up costs for ISPs.
> Laptop and home users also have the right to run an insecure PC
Absolutely. But do they have the right to abuse the ISP's network by sending spam/DDoS attacks etc?
Run what you may on your PC, but if you are using the network infrastructure owned and maintained by your ISP, you have to adhere to their Terms of Service, and they should have the right to enforce those terms of service.
If you don't like your ISP's TOS, find a different one. But don't confuse you right to run an insure PC with your right to abuse your ISP's network -- you do not have the latter.
I can understand why Microsoft would be against it.
Imagine if people suddenly got booted off and told it was because their computers needed repair, then they'd find out what's wrong (spyware/viruses) and why (holes in Windows), and then some of the more intelligent ones would investigate alternatives like Apple and Linux.
Personally, I'm all for quarantining computers that are spreading spam/worms/problem-of-the-month, so long as these restrictions don't spread to keeping people from using Linux and Apple.
Companies that institue such a policy would also have to be responsive, so that if an account that is kicked off performs the needed repairs, they are quickly given service back. Even better, the users in question should be warned prior to a service shutoff and given x number of days to repair it.
Yes, but do they have the right to run an insecure PC connected to the Internet? When their insecure PC, if it gets 0wned, is going to have adverse consequences for others on the Internet?
An analogy: I have the right to drive a car that fails safety inspection - on my own land. I do not have the right to drive it on the public roads, where it can endanger others. (Of course, this analogy breaks down, because the government mandates the safety inspection, and the government owns the roads, and in the Internet case, it's not the government that mandates the safe PC, but rather the ISP... and the ISP owns the "road" that I'm putting the unsafe PC on, or at least the road I use to access it... hmm, maybe the analogy isn't that bad.)
"Laptop and home users also have the right to run an insecure PC.'"
Apparently running an insecure PC is now a right. That's the funny thing about rights. So many to pick from, and more on the way.
Agents: Please do NOT perform the requested actions again. You will seriously hurt yourself!
I can see why ISP's would want this (less zombies, etc.), but I don't believe they'd all be able to sit down and agree on standards. Likewise, if my current provider makes say running Windows XP SP2 a requirement, there's no doubt I can go elsewhere and find some other provider that would let me run Linux. Now when we reach the point where there's only a handful of ISP's (esp. if they're regional), we will have a problem.
Sadly, PS/2 was yet another victim of USB, which doesn't care what you plug into it, the electrical slut.
[1] at the corner of 40th and Plum: "40 miles out in the middle of nowhere, plumb out in the sticks..." If this isn't familiar to you, try "out where God lost his shoes". If these don't mean anything to you, you probably can't drive down a state highway and identify the type of animal based on the smell of the building they're housed in.
I have nothing against blocking those who *are* infected--they're lagging the rest of the net with their crap and they need to shape up.
The real problem is banning those who "might be" infected because they don't run an approved version of Symantec or Norton Antivirus. What software I run is none of their business.
But, remember this. FTA:"Worse, ISPs might base their lists on commercial considerations. So while custom enterprise applications are locked out, Sony's rootkit gets through.". It would appear to me that MS has nothing to worry about here. This is more of an attempt to lock out OSS and other nonDRM'ed software.
There is no right to do anything with anyone else's property or for them to provide a service they don't want to.
On the other hand, an openly competitive market generally won't see companies trying to reduce services or increase fees -- competition is what gives consumers what they want at the price they're willing to pay.
If we allow our government to regulate the Internet, you better believe the market will be disturbed by enough regulations that we WILL see restrictions such as these -- regulations always serve the interests of the now mandated monopolies instead of the end consumers.
If a few big ISPs decide they want to restrict services for certain users -- let them! The little ISPs will gain enough business to give them a nice profit. Seems like a win-win to me.
Wouldn't the OSS and Mac people be against this because they're supposedly for CHOOSING alternatives to Windows and not FORCING people to change (unless you count Apple's weird advert campaign to get peopel to "change" to OSX).
I rather see this coming from people that know and are actually involved in the telecomunications industry, instead of being imposed by some clueless senetors that barely know what the Internet is.
As Libertarian types are fond of pointing out, "your rights end where my rights begin". By definition, your "rights" cannot involve the unconsented participation of others, nor can your "rights" tread upon mine.
You have every right in the world to run an insecure PC. But as soon as you plug that insecure PC into the Internet and it starts spewing spam and viruses to my computer (and my neighbor's, and my company's, and my ISP's...), you've just crossed a line. You've infringed upon everyone else's right to not pay bandwidth fees for your viruses and spam, and you've also infringed upon everyone else's right to not spend their time dealing with viruses sent out by your zombified Winbox.
Saying that one has the "right" to run an insecure PC on the Internet essentially boils down to saying that one has the "right" to spam and send viruses willy-nilly. Since that, of course, is what insecure PCs end up doing!
With spending like this, exactly what are "conservatives" conserving?
It'd just force everyone to replace the firewall they already have with one that is capable of running the ISP's agent. Nice multibillion dollar, perpetual entitlement from the network Santa Claus.
Look, make a mesh. Decentralise. No-one should consider themselves part of the internet unless they've got at least 3 independent paths to neighbours with at least 3 independent paths etc.
ISPs, Telcos, are symptoms of antiquated centralist thinking.
In the real world, restrictions like this will be used to keep people from running Linux (or *BSD, or anything but Windows).
Mod me down, but you know it's true. They'll say that GNU/Linux systems are not "trusted" (as in "Trusted Computing"), and that will be that. Only niche geek-friendly ISPs like Speakeasy will continue welcome *nix users.
With spending like this, exactly what are "conservatives" conserving?
So what happens if you run Linux? How would they check? It cannot happen; any *nix like OS is screwed if this comes to fruition.
And no, I don't think that this will happen.
I would hope that the ISP would set the policy, and not mandate mechanisms.
E.g. don't send spam, but run whatever you want to run.
In any case, I would think that if you want to run stuff badly enough, you'll find a way to spoof.
Until we get DRM, trusted boot and Palladium-like technologies everywhere --- then you won't be able to spoof your OS or software.
http://www.thebricktestament.com/the_law/when_to_
"And he says this isn't just about the impracticability of demanding that data centers patch everything on the second Tuesday of the month."
But yet that's what they demand... And we're stuck doing it every Tuesday night in a maintance window between mid-night and six am...
In retrospect we have to patch our FreeBSD boxen like 2 times a year.
Oh really? How will open software get on the "trusted" list, and will the required client-side agent run on the particular distro of Linux/OSX/BSD/x that you happen to be running?
One line blog. I hear that they're called Twitters now.
Side #1: Microsoft is terrified of this because it will set a precedent whereby an ISP will be able to cut people off based on the ISP's view of their software configuration. So, ISPs will be able to threaten to kick Microsoft in the balls unless they get favorable treatment (RE: cheaper prices), and home users will be able to demand that tainted machines get knocked off the web until they're fixed (which will mostly affect MICROSOFT). Microsoft, God bless 'em, is naturally against the whole thing.
;)
Side #2: The TRUE result of this will be that lazy ISPs (read: most ISPs) will just lock out anything that doesn't match some piece of shit filter they put in place. So, a fully patched Microsoft or Apple box will probably be able to connect, but my Slackware box will NOT. And when I call tech support, the retard who takes my call will say "SlackWHAT? You can't run that on our network, for, uh... SECURITY reasons. Why don'cha run Winders like everyone else?" And I will be forced to resort to cruel, mocking language, upsetting his supervisor and getting me absolutely NOWHERE.
So, naturally, I'm against this bullshit too.
Farewell! It's been a fine buncha years!
Laptop and home users also have the right to run an insecure PC.
When you sign on with most of these services, you agree to some sort Terms of Service, which usually include "I will not hack other people". It seems that they could just fall back on having snort hanging around, and if it recognizes a significant amount of trips from a single machine, that it throttles the upload/blocks the port/etc. That would take care of most services.
The owner of the account should be contacted regarding this, and if they can't get in touch with them for some period of time, you block all traffic from them. (Which should get a call pretty quickly)
Now, the ISPs need to have a very simple page describing what they are blocking and how to not get blocked. ie, get patched, leave your firewall on, etc... you follow these you're good to go... you don't follow these, you put yourself at risk of violationg your TOS
I'm normally against these sorts of things, but if it can be kept transparent, I'm not sure I see a problem.
I've said it before, I'm saying it now, I'll say it every time someone tries to enforce security on The Internet:
THE INTERNET IS NOT SECURE
By connecting to it you must expect to be probed, attacked, sniffed, decrypted, spammed, hacked, and denied service. In order to avoid these things either you must not connect to it, or you must take measures that degrade its performance in order to eliminate some of these possibilities. But you will never make it secure, because it is not secure.
If you want a secure network, you will have to start over from scratch.
Argh, this was a reply to the post above the one my big fat mouse clicked reply on.
One line blog. I hear that they're called Twitters now.
"If you don't like your ISP's TOS, find a different one. But don't confuse you right to run an insure PC with your right to abuse your ISP's network -- you do not have the latter."
"When everything's a right, nothing is a right."
Don't these guys compete with each other? This is capitalism for godness sakes!! Shouldn't competition be able to keep ISPs from neglecting your rights? If they all do it, would it be possible to change that?
How can you be your own ISP? All you need is to be able to connect to real internet, with speed for enough people. Could a community of geeks pool money together to get their own? Or mabey start your own ISP company?
I don't know....wish someone was proactive.
i for one, welcome our new internet overlords.
Anons need not reply. Questions end with a question mark.
The other concern Microsoft may well have is that if you can only run "approved" OS' on the Internet, it will kill their beta programs and may well make it harder to roll out service packs. After all, it changes the version ID, so won't be an "approved" OS any more. If nobody patches their system, for fear of being disconnected from the Internet, it will be Microsoft that suffers.
What about Linux users? Well, there's always the IP Personality patch. This disguises your OS, so that common methods of fingerprinting your computer will return the OS identity that you choose. You can always make a Linux box look like Windows XP or whatever.
That's probably another concern of Microsoft. Linux distributions can be easily modified to fool such restrictions and existing Linux users will likely install the necessary patches. This could make Linux more attractive to the Walmarts of the world (fewer customer complaints) and also to corporations (no risk of unexpected downtime, due to ISPs not keeping up).
I'm all for these restrictions, because they don't apply to Open Source software - masquerading as other software is already quite standard. Only closed-source vendors and closed-minded customers have anything to be scared of, and I've no problem with them being scared silly by Homeland Security.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
...blah blah blah, of course Microsoft is against it blah blah blah...
But this IS a horrible practice? Restricting people's internet access based on their computer? Does anyone see what is wrong with this or are you all going to complain about MS?
...why I pay Speakeasy almost $100 per month for an Internet connection. It's exactly for stuff like this. Speakeasy has made an entire business around giving people a completely open pipe with no restrictions, and it's the ISPs like this that I will patronize. Sure, $14.95 as a teaser rate sounds wonderful, but not to me when I consider the PPPoE travesty, port blocking, draconian ToS and the returning attitude of "we're the phone company; we don't have to care."
Well, Microsoft is no doubt concerned about ISPs who include branded browsers as part of their install kit restricting or blocking access to the 'net from IE (which is 98% insecure). A wholesale switch to either Moz or Opera isn't the answer (but abandoning IE can't hurt), but both could use somewhat increased market share. A 3-way race with no eventual winner is probably the best possible outcome.
High-speed Road Trip (18.000KPH)
...Is the one argument that prior post seem to be hitting around.
The internet is cool, popular, necessary for communication, and all of those things. (2^99999999 more words to confirm this statement can be found by googling) There also is plenty of paranoia regarding spyware, the identity of persons / bots listening to your ports, when why, et cetera. There have been in the past, wide paranoia about hidden microphones that were "required" to be installed in the PC.
There are plenty of ISPs that are ready, willing, and able, to turn over your communication habits to any requesting government agency, patriot act or USA Act or not. What is to stop these ISPs to require that you install a software / hardware combination that is, (though sold as a firewall / antivirus package) in effect, a local "carnivore"?
apropos: in order to prove I wasn't a script, I had to type the word "prophecy" in the text verification box.
Virus/trojan/spyware infected pc? i doubt they'd care
Using an OS not supported by the ISP? same
Running a website that criticizes the ISP? definately
Running IRC? nah
Running a webserver that contains unpopular political views? possibly
Getting any kind of legal threat regarding a customers pc? sure, who needs proof anyway
Using NAT? yes if they thought you might get a bigger connection otherwise
Running p2p software? maybe
Running any kind of server that might be in competition with the ISP? yup
Using VOIP from another company? now we're getting somewhere
Its probably more about restricting services to protect their income than protecting their customers or any other bullshit they claim is the reason.
This idea can be a potential danger to Linux users. Yes, Linux is much less susceptible to malware than Windows. However, Windows will be always defended by Microsoft but there is no body to protect Linux users. Any minor public doubt in Linux safety for ISPs has a chance to result in a major action to ban access from Linux boxes.
Google: A Patriot's Letter
One line blog. I hear that they're called Twitters now.
And, as pointed out in the article, how will custom proprietary apps get on?
The whole thing sounds like a ridiculous idea when you start thinking about the repurcussions. ISPs have no way of knowing what percentage of their customers are running software that's not on a particular whitelist --- until the day they implement the policy, at which point all hell breaks loose and some of their best customers run to the competition.
It also isn't obvious how they can really detect all the software on a computer. Are they really going to look at every file foo.bar on my hard disk to see if it would really run if you did a `perl foo.bar'? And remember, malware authors are specialists at hiding their software.
It would make a lot more sense to analyze traffic. If a certain user starts sending 10 million e-mails a day all of a sudden, just shut off his access and wait for him to get on the phone and talk to you. Another, possibly complementary option would be just to impose upstream and downstream traffic limits (maximum peak and maximum monthly?), although a lot of ISPs don't want to advertise that they have limits or reveal what they are.
The article sounds very suspect to me. Lots of vague statements like "the required technologies are now becoming available." Oh yeah? What are they called? Who's selling them? Which ISP's have tested them?
Find free books.
screw it all... im going back to smoke signals.
Anons need not reply. Questions end with a question mark.
What's bound to happen is some morons at an ISP will declare that you can't run a computer unless you run their prescribed antivirus and firewall software. Since Linux and Mac users can't run it, they'll be disqualified.
There is no right to do anything with anyone else's property or for them to provide a service they don't want to.
Hmmm, on the surface your comment sounds reasonable and very patriotic. Underneath though, most everything seen as having some kind of national interest is, one way or another, eventually usurped by the gov't. The recent 911 service for VOIP providers requirement is one example of how they start. Regulation is their controlling mechanism.
On the other hand, an openly competitive market generally won't see companies trying to reduce services or increase fees
You are assuming the market you are describing is competitive. Many are not. Most mature markets are an oligopoly. This kind of "perfect" market thinking is politically expedient. Practically, it only builds greater wealth for the priveledged few at the expense of many by maintaining an illusion of "infinite opportunity."
-- competition is what gives consumers what they want at the price they're willing to pay.
No. A business finds a price at which there are willing buyers. Competition has nothing to do with it and is avoided at all costs. This kind of political rhetoric is very patriotic, but hijacks basic economic principals to serve some political need.
The little ISPs will gain enough business to give them a nice profit.
No. They typically will not. Either they will be regulated into oblivion or be sequestered into tiny non-threatening businesses. Again, this kind of political rhetoric sounds really good and is supposed to be what America is all about, but it is not reflected in reality. Please get involved in local politics and you will see that your ideals come nowhere near the reality.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
And, as pointed out in the article, how will custom proprietary apps get on? Easily - They rock up to the bureau of certification, pay the X thousand dollar testing fee and wait for the results.
Not Meta-modding due to apathy.
Either that or the little ISP's will take this as a cue to add restrictions of their own. The smaller ones generally make less profit, so anything they can do to reduce your cost to them, they'll do it.
Just like the safety/efficiency regulations for automobiles, computers will fall into the same category over time.
Accept it and find another way to keep it free.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
"Laptop and home users also have the right to run an insecure PC."
Which raises a great philosophical question, one which has raged since the beginnings of civilization: Where do you draw the line between personal freedom and rights versus the rights and good of the whole of the people?
For example- I'm a car nut and I would LOVE it if I could drive whatever I feel like welding together!! But in my state, and most of the US, cars have to be inspected and insured. It's a filter for what we as a society allow to be on the network of roads and highways. (makes for safer but boring driving...)
... that the ISPs have been unable to secure their side.
It can't p[ossibly have anything to do with the customers side seeing how the truth of the third user interface is being so well kept from the consumer.
That user interface is the ports, the doorway to integrating software components.
Its been called many things, but its essence is the same. That of being the access point of integration.
Of course all the wrong intent users know about... the virus, worm, spyware, malware, etc...writter make use of ports to infect any system.
I recall some politican wanting to fine users who's computer helps to spread such bad stuff, regardless of whether or not the users were aware of it..
What really should be an eye opener here is the ability of ISPs to determine your systems configuration....
Now isn't that in essence an invasion of your system?
They obviously would have much better success in securing their system than imposing restriction on the consumer due to the ISPs failings...
For who in invilved in any exchange thru the internet, but the ISPs.... making them responsible for firewalling the internet, not the consumer.
Microsoft is against ISPs doing anything that would restrict customers' choice of software
Bullcrap!
Microsoft's ISP screws a lot of people. Case in point: I helped a little ole' lady move from win98 to a mac mini. She had been a qwest user since the uswest days but then one day qwest decided to switch her to MSN because Microsoft pays them off... they migrate her pop account to an msn account and send her the msn client which totally craps her computer out...
Anyway, the MSN client isn't available for Mac anymore, not that she'd want to use it. I was hoping to just set her up with safari, iphoto and the apple email client. Except, you can't get regular pop or IMAP access with MSN (despite some hopeful threads I found hinting that you can call up and complain). You can only use Outlook or Webmail(hotmail).
So, in short, she can't take advantage of iPhoto to easily send pictures over email (via a standard email client) and it's generally a crappy situation.
So, yeah, Thanks for looking out for us M$!
Every time I recompile or patch? Damn, that's going to be a long debug cycle!
One line blog. I hear that they're called Twitters now.
According to Chief Privacy Officer Peter Cullen, Microsoft is against ISPs doing anything that would restrict customers' choice of software.
If anyone's going to do that they're the ones who want to be doing it!
I want on the OpenBSD-only ISP.
Really? I'd prefer to be on the OpenBSD-only ISP. So, your car "needs washed", your output "needs printed", and your version of the beginning to Hamlet's soliloquy is "Or Not! That is the question!", right?
(Yeah, yeah, I'm a grammar nazi and will be modded down accordingly for defending the American/English language. Whatever.)
OK, so this post is going to sound like an anti-MS troll, but:
"Microsoft is against ISPs doing anything that would restrict customers' choice of software. And he says this isn't just about the impracticability of demanding that data centers patch everything on the second Tuesday of the month. Laptop and home users also have the right to run an insecure PC.'"
Plenty of people buy a new computer when their old one is too slow -- even if that slowness is due to malware and bloat.
Requiring people to have a well-configured computer would decrease sales of new PCs, since people would experience extended life for their hardware.
Thus, MS no longer gets the 'MS tax' on the new PCs not being sold.
Not only that, but this raises the specter of greater public awareness of just how insecure Windows is. MS can't afford to have the Joe Sixpacks of the US realize that they are better off without MS.
This is one case where the anti-MS paranoia seems to apply.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
The big ISPs see this as a way of controlling the market. Right now internet access is a commodity. They will do anything in their power to change this. Even if this means pushing congress to pass anti-terror laws to make it happen. Think of all the things they could do - One example...limit VOIP.
Thoughts?
You know I dont post much here but I am beginning to read less and less of slashdot do to the number of people who has to cut microsoft every time they are mentioned. I only see jelousy and hatred towards MS. A lot of child acting without any legitiment arguments about the articles. Come on people its just microsoft. get over it.
The real reason microsoft is against this:
They've got nothing to gain by being behind it - ISP control doesn't give MS a profit, while local control over each computer means that MS can peddle their own anti-Spyware, AV, firewalls, etc, that DO turn them a profit. And lets face it - if MS doesn't support it, it probably won't happen on a large scale.
OTOH, MS looks cool by being against it, especially among the regularly MS bashing circles (Read: Slashdot)
This is yet another utilitarian move from MS. No suprises here.
http://www.TheGamerNation.com/Forums
Correct. And not only for the reasons you mention (unless that's what you mean by sequestering). The single biggest reason the small ISPs won't be able to fight this with better service is because they lease their lines from the big Telcos. Guess what will happen when the little ISPs start to get more customers due to their better service? The large Telcos will simply filter the ISPs traffic in just the same way they filter their individual customers traffic, or the ISPs will suddenly find themselves with technical problems that the Telcos just won't be able to resolve. The end result is that the small ISPs will never be able to gain enough power to threaten the large Telcos. Unless Wi-Max actually delivers. And even that's not a given.
I know this because it happened to me. Speakeasy, my favorite geek ISP with super-friendly terms of services, had to downgrade my connection speed because SBC, which owns the local phone loop, was not going to fix the problem at the local phone switch. The only reason I'm staying with Speakeasy is because I refuse to pay SBC a red cent. I'm quite sure the majority of people who will have this happen to them will switch to SBC, where the problem will magically disappear.
Face it - competition in the telecommunications realm is a fantasy, perpetuated by SBC and Co. Whatever they decide will come to pass. And, unless you have a couple millions lying around to buy your own politicians, there's not a damn thing you can do about it.
Those who can, do. Those who can't, sue.
It sounds like another mouth to feed too. What is their client going to do: Audit the hard drives every boot (and removable media when mounted) or watch every running process to see if it's approved?
One line blog. I hear that they're called Twitters now.
how this article was written 3 days from today.
Huh, the French telecom market is heavily regulated. Now I understand why I only have a 20 Mbits/s connection with free VoIP (no charge to landlines in the country), televison over IP and a 1GB webspace, all for $29 a month (and not a single port blocked!)
And judging by the reaction you got from someone else you rattled a cage. Always a good sign. You are quite right, being on a leaf node as the bitch of some telco is hardly being part of a network. But sadly meshes are only practical in urban areas (under present technology and legislation). We have a growing mesh infrastructure in the UK which to all intents and purposes (on American scales) is one great urban sprawl. It's far more in the spirit of a real internet. Each owner controls their node. End to end traffic is encrypted. Routing is a hilarious nightmare of a caper but in the end it works because the protocols work. Once you separate your transponder/router from your gateway it really does fly along, everyone gets exceptional bandwidth most of the time (and every now and then some improbable combination of collisions and dead nodes makes it all die for a while) If your outdegree is in the range 3-10 and you've friendly reciporacle terms with everyone else then its a dream. Problem is, getting ordinary folk to update their firmware in wireless routers everywhere aint easy. Then you have the problem of traffic between widely separated chunks of mesh (2 cities in the USA or Australia example) which need to collectively buy fiber or use an existing telco. If the internet fragments into a multi tier net as some predict it won't necessarily be along the lines of high and low bandwidth, it may well be it splits into more local chunks of mesh that don't even connect to the backbones.
2 2/wirelessmesh.html
Small cellular radio
i) packet radio in 2m band
ii) 2GHz omnidirectional wireless
Line of sight
i) infra red
ii) narrow beam microwave (cantenna)
read this: http://www.oreillynet.com/pub/a/wireless/2004/01/
I don't want them to know what I'm running anyway. Why should they get to know everything that goes on in my computer?
I'll just tell them it's a Windows screensaver. Failing that, I'll just gross them out until they give up and go home.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Me: The network seems to be down, is there an estimated time fore repair?
ISP: Hang on let me check some things.
(brief conversation in which I can't conceal that I have a HW firewall.)
ISP: In order to proceed you have to connect your PC directly to the cable modem.
Me: are you insane?
ISP: In order to proceed you have to connect your PC directly to the cable modem.
Me: I don't want to do that.
ISP: In order to proceed you have to connect your PC directly to the cable modem.
Me: don't you realize that is a bad idea?
ISP: In order to proceed you have to connect your PC directly to the cable modem.
Me: Bugger off. I'm sure service will resume eventually.
Yeah - My ISP should enforce security
"Laptop and home users also have the right to run an insecure PC."
And what about the right of an ISP not to play host to a myriad of spam-sending, DDOSing zombies because users refuse into install Windows service packs? Internet access is not a right, it is a privilege. If a user cannot be bothered to let automatic updates run on his Windows box, it should be entirely within the rights of said user's ISP to restrict said user to only accessing the internet on TCP ports 80 and 443.
ISP's would love to control what you do with the connection. They'd love to give preferential speed for sites who pay for that right. It will only fly a little way...
First, ISP services are getting more and more competitive. The old bell companies are getting better at providing higher speed over their copper, the cable companies are getting more reliable, the cell providers are getting broadband rolled out (I've used Verizon's and gotton 1mb download rates according to dsl reports in two cities), and the power companies are soon to be providing IP over that network. In short, ISP's will find that those who restrict access will gain less customers.
As far as providing higher speed for those companies that pay for it? Well, I could see some premium content going that way -- when NBC starts "releasing" a 60 minute ER with commercials embedded in it for PC based viewers instead of broadcasting it at one time, sure, they may well pay Time Warner for higher bandwidth access to that market. Beyond that? It would have to either be extremely broad and cheap -- in which case sites will host at dedicated centers like ServerBeach more often or else it won't fly because the majority of content people want will be at other sites. If its narrow, it will fail. If its wide, who cares?
The only comment I'd make in support of some of these rules -- the right to host is NOT in your consumer braodband contract. If you want to host, lease a T1 or sign a commercial contract with your broadband carrier. Its a cost of doing business. You are either in business or not. Decide. I used to pay for a business grade "hosting allowed" connection to my home. As server space has become a commodity item, I now have a home user connection and house my customer facing stuff on a rented linux box at ServerBeach. Both are valid ways to go.
AP
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
verizon wireless is already doing this over their unlimited broadband 500kbps wireless data plan for 60 bucks a month restricts the user from ANY large upload or downloads. here, this quoted from verizon's website.
PROPER USES:
"Unlimited NationalAccess/BroadbandAccess:
Subject to VZAccess Acceptable Use Policy, available on www.verizonwireless.com. NationalAccess and BroadbandAccess data sessions may be used with wireless devices for the following purposes: (i) Internet browsing; (ii) email; and (iii) intranet access (including access to corporate intranets, email and individual productivity applications like customer relationship management, sales force and field service automation).
SUCH USE DESCRIBED BELOW WOULD BE SUBJECT TO TERMINATION OF SERVICE CONTRACT
Unlimited NationalAccess/BroadbandAccess services cannot be used (1) for uploading, downloading or streaming of movies, music or games, (2) with server devices or with host computer applications, including, but not limited to, Web camera posts or broadcasts, automatic data feeds, Voice over IP (VoIP), automated machine-to-machine connections, or peer-to-peer (P2P) file sharing, or (3) as a substitute or backup for private lines or dedicated data connections."
could it be that the world WIDE web is just too wide for many goverments? maybe if we are not carefull about what we allow to be removed, there will be nothing worth removing. we only need look to china to see how the web can be restricted, and with the help of free world companies. suppose you shut down isp's who don't filter out child porn or racist propoganda? that sounds like a good idea don't it? after that how about the isp's that allow pirate d/l's on p2p networks. maybe after that you shut down isp's that allow you to use a browser that blocks ads, then where will the fox run? are these ideas farfetched, maybe, impossible, no certainly not. its all in what we allow them to take in the way of our freedoms. we are as a people willingly giving up our freedoms in the name of safety from terrorist and that says to me the terrorist have won.
I'll probably get flamed for suggesting this, but here goes. (Taking my tinfoil hat off for a moment)
It is entirely possible that we could end up with a practical series of guidelines for what constitutes a properly secured computer, enforced by the ISP doing some sort of automated hacking of the connection (what to do if a problem was found is an issue for further discussion). If we end up with a minimum feature set for things like firewall, anti-spyware, anti-virus, etc. then Windows would still be less secure than OSX or Linux, because of its basic design philosophy, but at least it would be forced to have some sort of Internet Condum between its disease-prone OS and the rest of the world (Hey, that'd be a cool product name, say "Norton Internet Condum").
If the goal is really a secure internet, then you merely have to look where the rubber meets the road and test for vulnerabilities. A white list is totally unworkable, and doomed to failure. I worked at a company that tried just such a white list back in the early 90's for its intranet, and changes to the internally developed software alone drove the administrator crazy.
Why is Microsoft against it? Because they don't want someone saying "You can't add that feature to Windows or IE because it puts the whole Internet at risk". Microsoft loves adding features to their OS and applications that sound good on paper, but end up being a security nightmare. And that's without taking stuff like buffer overruns into consideration.
So, this could be a good thing for anyone using the Internet, and bad for companies like Microsoft, but not for the reasons people are writing.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
Dude. If you want people to take you seriously, you need a few less carriage returns and a few more paragraphs in there. The only way to look more crackpot would be if you'd wrote it in ALL CAPS.
Some ISPs don't like to support you if you aren't running Mac or Windows. They won't kick you off but they won't give you tech support.
Ha! Even on Windows, they'll probably insist that you install their client spyware while logged in as an admin user. "Well gee willikers Mr ISP, I never do that with software that I don't trust. I practice safe computing! Why can't it run with Guest access?"
One line blog. I hear that they're called Twitters now.
Personally I'm against any kind of online restriction (even if it means siding with Microsoft :P). But I don't think anyone who has a truly secure computer (meaning, a computer not running Windows) is in any danger.
ISPs want money, and they're not going to crush their customers for using "insecure platforms" unless they really are insecure. Plus, it's not like any mission-critical hardware in any ISP worth it's bandwidth runs Windows-- they'll mostly be powered by some *nix-like OS. Sure, initially their tech support probably won't be too clued-in to the world of open source, but if they want to keep their customers, the ISPs will make sure that they get clued-in, and fast. Even if the management and tech support people aren't top-notch technically, the people in the middle-- the real heart of the ISP-- know what they're doing. Restricting the software that's similar to that used to power the ISP itself would just be stupid.
Finally! A use for the sony rootkit besides cheating!
c:\program files\
c:\$sys$banned programs\
Thanks for savoing us Sony!
But Cox Internet has now outright refused to provision customers with a Motorola SURFboard SB1000 or SB1000D cable modem. Says they require newer hardware. Although they are grandfathering in existing customers.
I found this out when I brought my cable modem over to my brother's in order to help diagnose his problems. It connected to the network, but then all HTTP traffic was redirected to a page saying to call Cox for support. Cox tech claims their software won't allow them to provision that model because it is too old.
Turns out, my brother's ethernet connection on his cable modem was blown. Luckily for him, Cox gave a 1 year warranty on it since they sold it to him.
I'm just wondering how long before Cox pulls something on me like DirecTV tried and made my hardware stop working then claimed the issue was on my end.
Quarantined connections are a very, very good thing. Corporate networks already do this -- there is, if I recall, a Cisco client which enforces router rules based on the security software installed on the PC. Windows RRAS can enforce a quarantine network based on whether or not the connecting machines are patched up-to-date. Captive portal software allows only authenticated users to connect to the greater network -- same with VPN tunnels.
All of these things work in a very good, and non-censoring way: they require the user connecting to the network, to take certain "safe computing" steps. Requiring virus/spyware protection is overkill (I for one have never run spyware or virus protection, and have only had one spyware infection that required a reformat and two viruses -- in 11 years of being connected to networks unprotected. All of those infections were 3+ years ago.) but requiring that computer users, say, don't broadcast worm packets and don't have unpatched security holes, is a very good thing.
It's one thing for the ISP to shut off people for downloading certain types of content, it's another if the user is abusing the network resources. Similar to, a phone company won't cut your line for calling people they might not agree with the opinions of -- but if you, say, wardial your entire neighborhood on a daily basis, they have some recourse against you.
Overall, the ISP restricting access to its network to people who aren't infected and are secure, is only a good thing -- on every possible front. And, from the stand point that Windows updates generally are denied to people using pirate copies, it will reduce software piracy rates as well. There's no excuse for people to still be broadcasting the Sasser worm, other than the fact that it isn't worth their time to fix it. This will make it worth their time, to no longer be a deliberate nuisance to everyone else.
...that we never hear from the "current" head of Cybersecurity?
All these intelligent remarks seem to come from former heads.
tasks(723) drafts(105) languages(484) examples(29106)
"Life is too short to humor morons."
Life is too short to humor "experts".
That is going to suck big-time.
Imagine you're a poor-programmer, who one day might be the next Bill Gates. The only thing standing your way is the ability to experiment and so long as you can do that on your own computer, of your own cobbled together design with your own software all you need is a net connection and you're fine, you're on track.
Enter "Earthlink" (for lack of a better handy name) who decides to embrace Intel, and says, you have put this application on your computer to use our service. If you install anything on your hard drive, or your system that could adversely effect a) our monitoring of your system and b) our beliefs regarding what is stable and what is not, you can use our fantastic DSL for $20 a month. Otherwise, you'll have to go somewhere else.
Now imagine Earthlink just purchases your local phone company, or has an exclusive partnership with them to be the only provider in town who can give you DSL.
Instant need to move, or find a new connection that will be exponetially more expensive (satellite for example) which may demand the same kind of lousy restrictions.
Instantly you turned your future Bill Gates into something else, because near Neo-Bill is unable to participate in the design of new software to the best of his ability. Congradulations unregulated ISP-nutcakes! Shesh.
"Love is like pi - natural, irrational, and very important." (Lisa Hoffman)
I disagree with those who say that non-Microsoft OS's are going to be banned, or that everyone will be forced to use an "approved" list of applications and devices. It would be ridiculous and a very poor PR move on the part of ISPs and, yes, Microsoft, to announce to the world that if people want their precious Internet, they will have to bow to them. I don't post much, but I do read a lot of articles here, because I like the news and discussion about aspects of technology, and from reading TFA and the following discussion, I draw my own conclusions.
I did a 6-month internship with a national ISP called CopperNet. They're based in my hometown, and serve all over the country except in my area. I don't know why. As part of my internship, I "shadowed" the CopperNet Customer Service Manager, and spent most of my hours there listening in on calls with Tech Support agents. Also, I got to sit in on a very critical department head meeting, which was called by the president to coordinate a response to the Worm of the Month, one of the earlier Sober variants. This one in particular rated 5 out of 5 on Symantec's virus outbreak report... very fast-spreading, borks up the computer good, and is all over the place ITW (in the wild).
Some of their customers had been infected with it, and CopperNet was in the process of a) getting off Earthlink's blacklist, because customers were complaining that their e-mail to Earthlink users was being bounced, b) diagnosing and helping infected customers get the worm squished, and c) managing a TEMPORARY block-list of users who they believed to be infected.
And at my college, all students are provided with wireless and high-speed Internet access for no extra cost beyond room and tutition, with some restrictions. One of those restrictions is that they will deny Internet access if you are known to be infected with a virus or are the source of malicious traffic. They also run some kind of remote security scanner on connected computers several times a day. I choose to block this inbound traffic with my firewall, but I understand that many people are oblivious about computers, and that this security scanner, while it can be considered an invasion of privacy, is doing the job of mantaining a baseline of security to be responsible stewards of the freedom the Internet gives us.
The bottom line is: Some users are stupid, and that will always be a constant, no matter what OS or ISP they use. If the user doesn't know how or refuses to ensure that his or her computer is being sufficiently secure in order to avoid hurting other users, then someone has to minimize the effects of the user's lack of security know-how, until such time that the user is secure enough to be a responsible citizen of the Internet, regardless of their operating system or service provider of choice.
Windows...
and gthe rise of Macintosh will once again reign superior.
I mean, how many people use this "windows" dos-clone, anyway? about two?
In my area both Verizon and Comcast offer Internet service, and both will refuse to install on systems with less than 128MB RAM. Verizon installs something called "IP Insight" which sounds like malware, and Comcast's installer adds loads of DLLs into Windows.
The ISP's first responsibility is IP egress filtering. The ISP must validate the outgoing source IP address of each packet. This at least prevents the most annoying types of denial of service attacks. Most competent ISPs do this now, although some of the cable guys are weak in this area.
The ISP's second responsibility is outgoing mail rate limiting. That's enough to slow down zombie-based spam. If the outgoing mail rate exceeds some reasonable threshold, the user should get a phone call, even if the phone call is automatically generated.
The ISP's third responsibility is incoming mail spam filtering. This should include virus filtering.
Incidentally, ISPs which block outgoing TCP ports should return an ICMP message (type Destination Unreachable, code Communication Administratively Prohibited). At least then you know what's going on, and who's doing the filtering.
>The only comment I'd make in support of some of these rules -- the right to host is NOT in your consumer braodband contract.
The problem is that some ISPs come down on people running even small private servers hosting a few photos for their friends to see, game servers, and other things that are to be expected from people who have a connection to the Internet.
An Internet connection is a two way street; you should be able to host content as well as receive it. Granted, you shouldn't be expected to run a large bandwidth-intensive commercial website on a residential broadband connection, but I really hate to see ISPs harass their users for running small personal sites from their connections. If it's not illegal or sucking down a lot of bandwidth, let it be.
-Z
In the same vein, I would not support a law that allows ... the customer to (ab)use the network hardware an ISP owns.
The point of contention here is what constitutes abuse. If I have a job that requires high-speed access to the Internet from home, and the official position of both local high-speed ISPs is that use of any operating system other than a "Trusted" version of Microsoft Windows or a "Trusted" version of Mac OS X constitutes abuse, then should I just change jobs? How can I find another job in this economy?
If they don't consider SELinux secure enough, they'll lose customers and that'll hit their bottom line
O rly? Compared to users of Microsoft Windows family operating systems, users of SELinux and OpenBSD are statistical noise, and losing their business is acceptable collateral damage if the reduction in malware support costs from adopting a Windows-or-Mac-only policy outweighs the marginal earnings from allowing those users to subscribe and connect.
There's that and the fact that people usually have choices, even if they don't like all of them.
For example:
1-No internet.
2-Dialup.
3-Satellite.
4-DSL.
5-Cable Internet.
6-ISDN.
7-Leased line. e.g. T1 or better.
8-Wireless ISP (no I'm not talking about "sharing" someone elses connection).
9-Post Office (I wish I was kidding but some things can be done this way).
Now someone shooting for the commercial expectations on a Wal-mart budget is doing to be intentionally restricting their choices, but the choices (by definition) are still their. AND...if your work requires Internet, then most ISPs have special "business" class service which their boss will naturally be paying, so really any "choice" issue isn't even the workers problem.
Now when we reach the point where there's only a handful of ISP's (esp. if they're regional), we will have a problem.
This may in fact be the case. Now that the FCC has defined DSL as an "information service", this may give the ILEC the right to boot other DSL ISPs off the ILEC's copper. Then you end up with a duopoly, and in that case, "go[ing] elsewhere and find[ing] some other provider" would involve expensive real estate transactions.
And if they want to limit the ports (which would be a lot more than 80/HTTP), then I'll take my business elsewhere.
Once the local telephone company and the local cable company have limited the ports on their residential high-speed Internet access plans in the same way, "taking your business elsewhere" would involve expensive real estate transactions and possibly even breaking family ties. Are you ready to take such measures? Or if I am missing something, what am I missing?
ISPs want money, and they're not going to crush their customers for using "insecure platforms" unless they really are insecure.
It's a question of marginal revenue.
Plus, it's not like any mission-critical hardware in any ISP worth it's bandwidth runs Windows-- they'll mostly be powered by some *nix-like OS.
www.verizon.net is running IIS 5.0 on Windows 2000, and so are a lot of other web servers on the same domain.
Not the traditional ISP's, but like in a college environment. My brothers college uses the "Cisco access agent" type of software that does not alow him on the network unless he has all the windows patches, is running norton antivirus, is logged in, and has windows firewall on
ta-daaaa .... ippersonality-20020427-2.4.18.tar.gz (on http://ippersonality.sourceforge.net/download.html )
Great stuff. Or what am I missing?
open (SIG, "</dev/zero"); $sig = <SIG>; close SIG;
As an admin for an ISP, I can safely say that Microsoft Windows users are safe from descrimination by us. As the parent mentioned, 99.9% of our users are running Windows. The problem arises when customers want to run some super-wiz-bang email client and expect the ISP to support it.
Spend an hour on the phone with someone trying to explain that you're not blocking their access to email but that you just don't know how to configure their software. This goes for almost any software that accesses the internet. I've been asked to troubleshoot problems with p2p apps, instant messaging clients, firewalls, spyware scanners, obscure Linux distros, outdated software (windows 3.1), and microwaves (yes, I've talked a customer through setting the time on their microwave...I was bored)
I actually had a conversation with my brother tonight about this very topic. Technology is so easy to obtain, everyone thinks they're qualified to use it. My broadband customers frequently plug their gateway into the lan side of their router (at least two users per day.) Of course, it's my fault that they didn't (can't) follow the picture-book instructions. Personally, I'd like to see the good-old-days return, when computer users knew how to use their computers. The days when calling tech-support was a last resort are long gone....people now call tech support in order to turn their computer on.
"Lame" - Galaxar
Come on now. "Government regulation is always a bad thing"? Is he really advocating complete anarchy in all things? Smells like a troll to me. I guess he was just being too subtle for this crowd.
Keith
I remember at my college one day they severely locked down the network. Only a few ports were available. UDP and ICMP were cut off. Amazingly, our internet access FLEW after that. I talked with one of the admins, and he said at the height of unblocked access, 85% of the University's traffic was malware related. Something needs to be done. However, it does _not_ need to be government forced. This is really just smart business for the ISP. Want to create a network up to 4 times as effective without any pipe upgrades? Create an infastructure that can identify malware causing boxen and isolate them. Actively scanning boxes for software version X is impractical. Passivly listening to random samples of traffic and analyzing for common malware traffic and banning users who are actually infected is a better idea. I'm really suprised I haven't seen any prodcuts out there that do this.
If an officer ever threatens to taze you, say you have a pacemaker.
Besides, some techniques of malware detection/prevention are based on OS (windows) vulnerabilities. Once I had a start page of IE changed by the provider to the page that said: you're infected. Rediculous! (Needless to say, Firefox and Linuxbox deflected this IPS's attack.)
May Peace Prevail On Earth
... inside a town is also a restriction of our rights - we should all have the right to drive those cars even with 300 km/h , even in front of schools, even at 14 years of age, even withour proper brakes and even if the car is loaded with 10 tons of flammable fuel ...
...
It's all a matter of balance
This is a most exelent littel movie clip that explains the issues in terms a non computer geek can understand. It well made and it realy points out the real issue. Trust...
http://www.lafkon.net/tc/
Warning: I am not an expert on unreleased versions of Windows. That said:
You're describing a "worst-case" situation, many years down the road, where all pieces of software have a special key/signature given by the controller of the platform (probably MS in this case). Before the situation can occur, "legacy" software must be re-written or otherwise processed to allow it to run inside the "Trusted" platform. Additionally, all new software must go through the same process as well, so all those handy little utilities we all love (think Hijackthis)... essentially cease to be made, since they won't run without an offering, likely to be rather substantial, to the DRM gods.
On top of that, your system cannot phone home to ANYONE without software to tell the hardware what to do. Again, not an expert here, but I've heard absolutely nothing regarding any actual product with the capabilities you describe being even developed at this point - perhaps with good reason, though, as you'll kindly recall the revolt against the Intel's vaunted processor serial number which was going to do a lot of the very things Trusted Computing is supposed to do, regarding identification using hardware.
So, while I do well imagine that the situation you describe is the ideal end goal for some of the powers that be, we, the general populace, aren't even close to needing to start panicking/revolting yet. That is, unless you have links to sources that say otherwise......
Having lived in a dorm at Northwestern University, I can tell you it is a royal pain when your ISP tries to protect you (and really its own network) from malware.
Northwestern blocks all connections from your computer until you open a web browser. When NU sees a request to some server on port 80, it then redirects you to its netreg page and records your mac address. If this is the first time Northwestern has seen your Mac address, it will scan your box for 'vulnerabilities' and record your student id. If NUIT (Northwestern University Information Technology) has seen your make address, it will "redirect you shortly" - an IE only feature.
Even better is that the site used to do the initial login is limited in its browser support. links (elinks/lynx/etc) is not supported, making bootstrapping Gentoo a pain (the answer is to boot with a livedistro first). Getting WAPs/routers to work is even more fun.
In theory this is used to protect students and the network from viral attacks. In practice, NUIT only seems interested in taking disciplinary action against illegal downloads. (Independent of any legal proceedures, Northwestern often bans students from the network.)
Dealing with a shitty ISP is something I don't want to experience again.
(As a side note: Northwestern passwords are limited to 8 characters. How serious can they really be about protecting us?)
My school uses Cisco Clean Access (go ahead, Google it) to block Windows users without all of the Windows updates off the network. It makes most of the campus (students) very very unhappy. However, it is making more people switch.
Most ISP's include a hosted web area where users can share files and pictures. Granted, its a simplistic environment without database or back end scripting capability -- but as you say, simple.
The simple fact is the way they provide $30 broadband, is to assume non commercial use as the basis for their own build out. Their contract for the service reflects this, and they expect to hold you to those terms.
Since they've found that locking out ports doesn't work, that contracts don't work, and saying please doesn't work, they've resorted to severe limits on upload speed. This blows for those of us with home connections and hosted servers because it can take 10 times as long to move content upstream to the hosted environment for distribution now - and all because people can't abide by the rules they sign up for.
Ah well.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
...Isn't there an abuse departement for each and every ISP out there, for that purpose? I mean, I am allowed to do what I want with my computer because I *bought* it, I can even wear it as a hat if I want to! So if a user somewhere else in the country makes bad use of his computer/internet access, it shouldn't be my problem, and I expect to not have to pay for his/her behavior! The only way I think the article would make it legal would be if we did't buy our computers, but rent them instead.
printf($randomline(sigs.txt) \n "-- "$randomline(authors.txt));
-- myself
Worse, ISPs might base their lists on commercial considerations.
Wasn't there some denial of access going on recently by smaller ISPs who didn't want their users to have telephone access over the internet?
Now suppose you are an aspiring software developer who comes up with a killer app you start beta testing from home.
Now suppose your own ISP separately begins developing a similar idea and while doing competition / market research sees your beta out there..
Access denied? (for "security" reasons of course (lol))
Ensuring certain security settings is one thing. Detecting software running and denying access is an entirely different can of worms.
Separately, there certainly have to be national security issues worth considering.. by the appropriate people of course.
We have created a great country but balancing freedom and security is an ongoing challenge.
Cogito Ergo Sum
Sure, you do have the right to run an insecure PC, run an adware ridden piece of crap to your heart's content, most people seem to think those fifty billion popups and 14 minute boot times are normal. Doesn't mean you should do it....
Its when I start getting spamcop complaints, and reports of intrusion attempts on other people's pc's that we start to have a problem. Then I have to cut you off from the internet (I work for an ISP), acceptable use policy says nothing in it about infesting the internet just because you aren't smart enough to keep your pc a little more secure.
If you owned a house next to mine, and you let it fall into disrepair, and become a huge fire hazard, sure, I guess that is your right to do so. If it actually catches fire, and spreads to my house, then we have a problem, because now, your neglect has caused damage to somone else's property. Same on the internet, if you become a threat to your neighbors, I will simply isolate you until you are no longer a problem.
--Nuintari
slashdot : where an opinion can be wrong.
What a load of FUD. I came home from Christmas break, my parents computer had slowed to a crawl (adware - my siblings play a lot of flash games on sites I would call questionable; banner ads with spyware). Out of curiocity I decided to download Norton on my machine and see if there was anything running in the background (you can get the full version free for 15 days; just need a unique email address each time. I refuse to run a virus scanner/firewall/etc 24/7 on principle). My system was COMPLETELY clean - and it has been up for over a year. Not hard to do, less than 15 minutes of tweaking after installing windows will do it. I dont have a firewall, or adware/spyware/virus software. Use Firefox if it makes you feel safer but IE works fine too... stop the fud, Windows is a mature OS and XP with the default firewall/automatic updates can hold its own.
-everphilski-
That depends entirely on how you can tell. If the method is your silly Cisco router which checks for this or that piece of Windoze shit, it sucks. If the method is detecting obvious spam and worm broadcasting signatures, great. Detecting spammbots is getting tricker all the time because the spammers are smart enough to not want damage the user's performance enough for the user to want to fix the computer. ISPs have been turning off blatantly broken computers for a while and it is a very good thing.
Windows updates generally are denied to people using pirate copies, it will reduce software piracy rates as well.
How do you equate the two without advocating some really stupid and lazy method of punishing people for not having whatever Bill Gates wants you to have right now? A check which provides that kind of solution will outlaw all the software that's actually secure.
Friends don't help friends install M$ junk.
Microsoft wants to be able to say what you use on your computer. Microsoft wants everyone to use Internet Explorer, Outlook, and Office. This intiative would transfer that power to the ISP. An ISP could tell their customers to use Firefox, Opera, Thunderbird, or OpenOffice. Microsoft sees this as a power play, not as a freedom of choice issue. Microsoft can drape itself in the concept of freedom here, but that is only a means to an end.
1. Shut up. We don't give a shit what you think.
2. Fuck off. It's none of your business what's in our packets.
3. Start routing packets. The only reason you're kept around for.
- ...have a right to dump pollution into the local water supply
- ...have a right to dump litter on public roadways
How are these two very different from an insecure PC spewing out pollution and litter?I am so happy that Microsoft is stepping up to defend my "right" to have an insecure PC.
I think the comparison to pollution and litter is a particularly good one. Like litter, if I were the only one doing it, it would not really matter. If I were the only one dumping pollution into the air, it wouldn't matter. If I had the only insecure PC, it wouldn't matter. (If I were the only spammer, it wouldn't really make much difference. So comparing spam to litter/pollution is also interesting.)
Like both litter and pollution, the real problems of the insecure PC only occurs once many people are doing it. Even though some people don't litter or pollute (or maybe even go further and recycle, etc.) the problem still exists because of the critical mass of people who continue to pollute.
It is as if Microsoft is defending my right to both litter and pollute.
The price of freedom is eternal litigation.
'Laptop and home users also have the right to run an insecure PC.'
Your right to run an insecure PC ends where my network infrastructure begins.
http://trustedcomputing.org/ , click on products.
Just a note on the GP's post, According to the Trusted Computing Group's website, TC does not directly support and is not intended for the implementation of DRM, and is completely opt-in for the user. Of course, opt-in doesn't mean much if your ISP forces you to use it, and if they build a framework that lets other software implement DRM easily, then it might as well be DRM itself. Stallman calls it "Treacherous Computing." Bruce Schneier's point of view on TC was that it could be bad, but it's not inherently evil, and that the Trusted Computing Group's reccomendations for implementing TC looked alright, but when Microsoft released their own Best Practices documentation, it left them a lot more room for abuse. That's just my 2 cents from what I've read.
Oo-oo-oo-ooh! "Deal with it." How very mature of you. Boy, I'm just going to stop criticizing improper English usage now, oh boy oh boy. Yessir, you surely told me. Sorry -- languages evolve. You sure told me, oh boy!
And, no, your ability to use Google to find olde English impresses me not. Deal with it.
Be great for an ISP, choose a E-mail program and browser to support and throttle back EVERYBODY who doesn't use THEIR choice. If people call in just say the reason they are having issues is because they aren't using browser X or email program Z.
What if they don't like Linux and block all linux users or throttle back anybody who acccesses a known Linux repository? Hard to mask that.
ISP tells you what you can run. If it isn't THEIR choice your outta luck.
Moral of the story: ISPs have been screwing around with traffic for years. This is not new. Should pass we legislation forcing them to stay neutral? Maybe. I'd hate to see the spam if they didn't do this, as much of a headache as it is.
Me: Yes I would like to report a problem with my cable internet...
Tech Support: We have a troubleshooting procedure that we require our users to go through...
Me: No problem, I will take any steps you ask but will you please LISTEN to me for 2 MINUTES first...
Tech Support: Uh, OK - But you'll still have to go through our troubleshooting steps...
Me: Ok. I was using the internet fine until about 8:23pm last night when all of a sudden I lost the connection... This appeared to happen right about when the house 2 doors down started blazing REALLY BIG! I suspect the charred and melted cable behind the house 2 doors down might have something to do with it....
Tech Support: Ok. We'll get someone out there to fix it...
Me: Don't you want me to go through your troubleshooting procedure?
Tech Support: No. That will not be necessary.
Most recent DSL support call:
Me: I am setting up my DSL connection and I left the e-mail at work. Can you give me the gateway, primary ip address, subnet mask, and primary DNS?
Tech Support: That's all!!!??? I would be glad to talk you through the setup process...
Me: No thanks the DSL modem indicates that it has an established link I just left the setting details behind and I am too impatient to wait till tomorrow to set it up...
Gotta love sitting on hold 20 minutes to ask less than 1 minute worth of questions...
...According to Chief Privacy Officer Peter Cullen, Microsoft is against ISPs doing anything that would restrict customers' choice of software.
What, something like writing web pages to stop a particular browser from viewing them? *cough*Opera*cough*
While you can mask your fingerprint, what will most likely happen is you have to run an 'applet' to gain access ( remember netzero? ).
That will be harder ( not impossible of course ) to fake.
And if you get caught, dont be suprised if its a CRIME, and the feds swoop down on you aferwards.
---- Booth was a patriot ----
What I've noticed lately is ISPs handing out a software suite that's supposed to secure your machine. It runs on Windows and OS/X. Only. And it acts as a layer between you and the internet, a layer that the ISP can detect.
Luckily, even though my ISP does hand out some of this dorkware, they don't REQUIRE it yet. I just run my Linux boxen and ignore the poor, orphaned CD. But, I worry that one day, this may no longer be possible.
In this case, the "piece of shit filter" is the call/response between the ISP and its weird dorkware. See how that works?
If your ISP starts requiring you to run some piece of shit software that only works on Windows, what exactly are you going to do about it? Your local neighborhood isn't going to be a large enough population for Linux to be custom-patched for you. And if all the ISPs are doing it differently, trust me, Linux WON'T be patched for it. Besides, the ISP might turn around and say that patching your Linux to fool their "filter" violates their TOS, and bing, it's game over.
It's a problem.
Farewell! It's been a fine buncha years!
The ISP's won't have to. Someone will have to put all of the NSA's code through an evaluation -- otherwise, it won't get a one of the Trusted Computing Platform signatures. Microsoft has been through some level of Common Criteria Evaluation -- they might be able to swing a Trusted signature on their evaluated code. But SE Linux? Someone will have to put down the bucks to get it through an evaluation -- if it can pass.
Something that confuses many people: Secure != Trusted or vice versa. Trusted means full audit of every security relevent piece of information (you've heard of the need for a paper trail on voting? It's the same thing). W/o a detailed audit trail, there is no trust. Furthermore, there has to be validation that the code that is "validated" is the code that's running on the computer and that the code does what it says it will do.
This usually requires auditing of development practices to give some assurance against "backdoors". Even the tools used for development need to be validated to _some_ level -- as those tools could be written to introduce a back door in the object code that isn't present in the OS source code.
People are naive if they think just providing "security", on an OS or on an electronic ballot box, will qualify as "trustworthy".
Given sufficient motivation, resources and time, anything less than a full eval of source, development methodology, build tools and environment will allow for either computer or voter box fraud.
Given the current state of NSA wiretaps on US citizens, I think the case can be made that the NSA might develop a secure OS that shouldn't be taken, on face value, to be at all trustworthy.
-l.
There were also some leaked memos that went into more detail. I don't know if they're still on the Web anywhere, but this story from The Register describes them.
There are no TPM/TNC-based authentication systems available yet, but plenty of companies sell software-only versions. (These can be spoofed, of course.) The most well-known is Cisco's Network Admission Control ("the self-defending network"). They're intended mostly for LANs, but some vendors are already suggesting that they be used by ISPs (especialy in Wi-Fi hotspots).
I'd be extremely interested in seeing the Pentium with an onboard TPM, as this is something Intel has denied. (They sell motherboards with third-party TPM chips, but claim not to be integrating it with the CPU itself.)
Either that, or they just want to ensure that people can still legally run Windows. Either way, though, I'd have to say that if Micro$oft is against censorship no matter what else they've done you have to at least support them on that one.
This coming from a Linux hacker who hasn't run a Micro$oft operating system on any of his computers for several years now.
Creative misinterpretation is your friend.
Interesting. It could be that the chip-architect article is mistaken, but it was right about Yamhill, and also mentions an Intel patent that involves an on-chip crypto engine. (I think it means #6542981 [PDF], not the one referenced.) Alternatively, Intel could be lying, or just have changed plans since 2003.
But the two aren't really incompatible. The circuitry that the monograph points to is allegedly part of La Grande, Intel's proprietary version of Trusted Computing, not a TCG-compliant TPM. That’s even worse in a way, as it would mean software that only runs on an Intel CPU (and an Intel chipset: La Grande will also require a TPM and AMT, a proprietary technology in Intel network cards).
On-CPU crypto might also have something to do with trusted components. The TCG's long-term plan is to have some form of hardware signing/encryption in everything, not just a single chip in every PC. Most of the focus so far is on graphics/sound cards (for DRM) and keyboards/mice (to stop hardware sniffers), though.
I was aware that the TCPA predates the official announcements about Palladium, etc., but I thought that meant technical work. It's disturbing that the White House and the BSA were involved so far back, and that they chose the immediate aftermath of 9/11 to talk about it publicly.