Slashdot Mirror
Sandvine CEO Says Internet Monitoring a Necessity
Khalid Baheyeldin writes in with a CBC interview with the CEO of Sandvine, Dave Caputo (bio here). Sandvine is the Waterloo, Ontario-based company that provides the technology that Comcast and other ISPs use to overrule Net neutrality by, for example, injecting RST packets to disrupt Bittorrent traffic. Caputo says, among other things, that Internet monitoring is a necessity. Some of the comments to the interview are more tech-savvy than the interviewee comes across.
And we can sell you just the product you need for that.
upon the advice of my lawyer, i have no sig at this time
http://redhatcat.blogspot.com/2007/09/beating-sandvine-with-linux-iptables.html [blogspot.com]
If you are running linux or a linux based router with iptables give this a try. My speeds returned to pre-sandvine levels.
"If you are using a Red Hat Linux derivative, such as Fedora Core or CentOS, then you will want to edit /etc/sysconfig/iptables. First, make a backup of this file. Next, open this file in your favorite text editor. Replace the current contents with this, substituting 6883 with your BitTorrent port number:
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
#Comcast BitTorrent seeding block workaround
-A INPUT -p tcp --dport 6883 --tcp-flags RST RST -j DROP
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#BitTorrent
-A INPUT -m state --state NEW -m tcp -p tcp --dport 6883 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 6883 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Reload your iptables firewall with service iptables restart. You should now see a great improvement in your seeding.
If you are using Ubuntu or another non-Red Hat Linux derivative, then place the following in a file and execute that file as root.
#!/bin/sh
#Replace 6883 with you BT port
BT_PORT=6883
#Flush the filters
iptables -F
#Apply new filters
iptables -A INPUT -i lo -j ACCEPT
#Comcast BitTorrent seeding block workaround
iptables -A INPUT -p tcp --dport $BT_PORT --tcp-flags RST RST -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#BitTorrent
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport $BT_PORT -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport $BT_PORT -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
Your firewall is now configured and you should have great upload speed now. You will have to run this script every boot, by the way. One easy way is to call the script at the end of /etc/rc.local."
A few years ago, while browsing around the library downtown, I had to take a piss. As I entered the john, a big beautiful all-American football hero type, about twenty five, came out of one of the booths. I stood at the urinal looking at him out of the corner of my eye as he washed his hands. He didn't once look at me. He was "straight" and married -- and in any case I was sure I wouldn't have a chance with him.
As soon as he left, I darted into the booth he'd vacated, hoping there might be a lingering smell of shit and even a seat still warm from his sturdy young ass. I found not only the smell but the shit itself. He'd forgotten to flush. And what a treasure he had left behind. Three or four beautiful specimens floated in the bowl. It apparently had been a fairly dry, constipated shit, for all were fat, stiff, and ruggedly textured. The real prize was a great feast of turd -- a nine inch gastrointestinal triumph as thick as a man's wrist. I knelt before the bowl, inhaling the rich brown fragrance and wondered if I should obey the impulse building up inside me. I'd always been a heavy rimmer and had lapped up more than one little clump of shit, but that had been just an inevitable part of eating ass and not an end in itself.
Of course I'd had jerkoff fantasies of devouring great loads of it (what rimmer hasn't?), but I had never done it. Now, here I was, confronted with the most beautiful five-pound turd I'd ever feasted my eyes on, a sausage fit to star in any fantasy and one I knew to have been hatched from the asshole of the world's handsomest young stud.
Why not? I plucked it from the bowl, holding it with both hands to keep it from breaking.
I lifted it to my nose. It smelled like rich, ripe limburger (horrid, but thrilling), yet had the consistency of cheddar. What is cheese anyway but milk turning to shit without the benefit of a digestive tract? I gave it a lick and found that it tasted better then it smelled. I've found since then that shit nearly almost does. I hesitated no longer. I shoved the fucking thing as far into my mouth as I could get it and sucked on it like a big brown cock, beating my meat like a madman. I wanted to completely engulf it and bit off a large chunk, flooding my mouth with the intense, bittersweet flavor. To my delight I found that while the water in the bowl had chilled the outside of the turd, it was still warm inside. As I chewed I discovered that it was filled with hard little bits of something I soon identified as peanuts. He hadn't chewed them carefully and they'd passed through his body virtually unchanged. I ate it greedily, sending lump after peanutty lump sliding scratchily down my throat. My only regret was the donor of this feast wasn't there to wash it down with his piss. I soon reached a terrific climax. I caught my cum in the cupped palm of my hand and drank it down. Believe me, there is no more delightful combination of flavors than the hot sweetness of cum with the rich bitterness of shit. Afterwards I was sorry that I hadn't made it last longer. But then I realized that I still had a lot of fun in store for me. There was still a clutch of virile turds left in the bowl. I tenderly fished them out, rolled them into my hankercheif, and stashed them in my briefcase.
In the week to come I found all kinds of ways to eat the shit without bolting it right down. Once eaten it's gone forever unless you want to filch it third hand out of your own asshole -- not an unreasonable recourse in moments of desperation or simple boredom.
I stored the turds in the refrigerator when I was not using them but within a week they were all gone.
The last one I held in my mouth without chewing, letting it slowly dissolve. I had liquid shit trickling down my throat for nearly four hours. I must have had six orgasms in the process. I often think of that lovely young guy dropping solid gold out of his sweet, pink asshole every day, never knowing what joy it could, and at least once did,bring to a grateful shiteater.
From TFA:
For every five megabits they sell you for $40, they buy a quarter of a megabit because they're planning on you not using your computer 24/7. They count on you being away at work or being asleep. They simply cannot provision that five megabits because that costs way more than what they're selling it to you for. They need people not using the internet for it to work at $40 a month. (Emphasis added)So let me get this straight--poor planning on their part somehow does constitute some form of emergency on my part?
If you haven't been down-modded lately, you aren't trying.
Sacred cows make the best hamburger.
I'll admit I only skimmed the article so maybe it's explained earlier that he's had some kind of stroke that's messed with the speech centre of his brain resulting in this problem. Or maybe he's just an idiot.
Spelling mistakes, grammatical errors, and stupid comments are intentional.
As stated in the article is that the ISP's are selling you 1 megabyte while really buying you 1/4th of a Megabyte... Network monitoring is in other words necessary to ensure you in other words only use 1/4th of a Megabyte for every Megabyte you buy. It's right there in his argument!
Yes, Internet monitoring is a necessity.[1] No, injecting anything into someone who doesn't wish to have his stuff interfered with is not only not a necessity but quite frankly an outrage. Remember people, just because one thing is a necessity doesn't mean that something more must also be necessary. This is a slippery slope. To be honest I was expecting more logical integrity from Dave Caputo whom I've always respected and liked personally but who has apparently started to be blinded by his corporate agenda. What a shame, Dave. What a shame.
Karma: Positive (probably because of superiour intellect)
but if it speeds up my Internet connection, then I'm all for it. I really don't need to suffer slow surfing and downloads just because some bandwidth hog wants to download a half dozen DVDs everyday, the legality of which is not my concern as much as the impact on QOS for the rest of us. Want unlimited downloading? PAY FOR IT.
Where is it written that it is all-you-can-eat? It's like going to a buffet, gorging yourself on all the food, and then knocking over the food table like a bull in a china shop. F us? No, F YOU
There used to be this honour system on the internet called "published ports."
It's an antiquated honour system now because there's plenty of application developers that have no honour.
Oh yeah? Well back in my day we had an honor system called "don't screw with my freaking packets while they travel over your routers that I'm paying you to use". If y
That sums it up. It's all of 'our' Internet, and its lucidness and capacity to re-adjust is part of its design. If you want a big-gulp download, you should get what you pay for-- subject to the randomness off aperiodic congestion, just like a freeway.
I'm guessing you weren't around or were kicking your siblings in the playpen when the Internet was designed. We believe in getting what we paid for, in a neutral, unbiased delivered fashion. All other attempts at control in our opinion, is not only illegal, but contradictory to the philosophy of egalitarian use, and in some corners, reason for revolting.
---- Teach Peace. It's Cheaper Than War.
Honestly, I'm SHOCKED!
If you want news from today, you have to come back tomorrow.
So you can't provide those fantastillion megabits per sec for 40 bucks. Ok, I can see that. How about ... I dunno... selling what you can sell?
Trying to sell something and hope that the customer won't use it is at the very least false advertising. Personally, I'd call it fraud.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I think that blocking bittorent is a horrible offense against net nuetrality and that Comcast really is just falsely advertising. They try to sell you a connection for a ton of money and than not let you use it....how is that fair.
Comcast is simply ripping people off and refusing to upgrade their network.
I blame comcast but I don't really blame sandvine. Someone is going to make the software whether its sandvine or "Network Management Unlimited" (wow not a bad idea for a new startup :P). He is just making software. He is just as much of an exploiting douchbag as the people who make the bandwidth hogging programs if you think about it.
Its comcast that are money hungry exploiting bastards who just want to exploit the fact that they are a monopoly.
After all,it isn't but a single step to go from "We are doing RSTs to save our network!" to "We can use this technology to "guide" our customers to our services and to our affiliates and to "discourage" them from using our competitors and make even greater profits!".
Mark my words,the Internet will end up a bunch of "walled gardens" like in the days of AOL and Compuserve. The amount of bandwidth they give you for "non-affiliated" services will be so pathetic as to not matter. They will offer the few big boys like Google a free pass to keep them from fighting it while the rest can just starve. The days of a wild and free Internet are coming to a close IMHO. And the world will be a much worse place for it. After all I'm sure that each "garden" will have their own "free" news feed where only approved views will be heard and the corporate spin will always be considered gospel. But that is my 02c,YMMV
ACs don't waste your time replying, your posts are never seen by me.
destroying sandvine is a necessity.
ISPs should never muck with a TCP stream. They're entitled to send ICMP messages. ICMP Destination Unreachable has codes for things like "(13) Communications Administratively Prohibited" and "(10) Destination host administratively prohibited". Then at least the user knows 1) that somebody along the route didn't like the packet, and 2) who to blame. There's a right way to do this, and sending an RST isn't it.
Client software may not pass all the ICMP info up to the user, but that could be fixed easily enough.
How about just telling the customers EXACTLY what they're paying for?
For $40 you get a guaranteed MINIMUM bandwidth of X with a potential to burst to Y.
If you want more, you pay for more.
FTFA:
"Caputo: Here we are, a company founded on improving the quality of the experience of the internet and trying to make the world a better place."
Come on... The company is founded on maximizing revenue for ISPs. Who does he think his audience is? Oh, and I didn't realize bandwidth throttling was improving everyone's quality of life! And here I thought others were doing this. Congratulations on finding a way to make the world a better place and line your pockets at the same time!
Churning means the loss of customers to other service providers. In other words, the opposite of customer retention.
Service providers can combat churn by having some sort of mechanism to make it hard to switch. For example, an email address tends to keep you using the provider of that email address because people don't want to go through the hassle of changing.
Engineering is the art of compromise.
Don't feed the troll. /thread.
This isn't about companies saving money on provisioning.
This is about a deep fear in some circles of people
getting together in egalitarian groups to do mysterious
and no doubt evil things.
This is about preventing people from having the power
of independent thought and action.
This is about spying to identify those who try to
move out of their assigned channel.
Clearly, a cold war is going to be needed here, and
the key weapon is going to be steganography.
Where are we going and why are we in a handbasket?
> If you look at that underlying transmission protocol[TCP], when you send a flow of packets â" if they're getting through â" they get bigger until you get congestion, then the packets get smaller. The idea of flow control in the internet has been a tenet of it since day one.
I find it funny he chose to reference TCP flow control as some sort of ancestor of deep packet inspection. Part of TCP control flow's purpose is to enforce fair usage, ie 'net neutrality'.
Yea... this whole argument is nonsense. The 10-30+ mbps he is talking about isn't something you'll see all that often in the US, maybe with FiOs, and I dunno how good their service is.
But we pay for 7 mbps down from cox, and the only time I ever see anything near that number is in a speed test. Most normal web surfing, file downloads, etc, 1-2 mbps down is the highest we're gonna see.
So these RST packets, or anything else they do that keep us from consuming our full bandwidth potential... are just a kick in the nuts. We already don't get the service we pay for, not even close. We do sleep and go to work. Sometimes I think my old Speakeasy 768k sdsl was better than what COX sees fit to deliver, and I can't say that I know anyone in the US who doesn't have slow internet at times, internet dropping (far more often than would be acceptable for telephony dropping)... the notion of further interrupting this traffic flow that is clearly crap is silly.
Of course a netadmin has to monitor traffic. How else to assure good service? But what information is necessary and how it should be used ought to be carefully governed by ethics. Unfortunately, these ethics are not well known, and frequently violated by the concept of "owner privilige" (often might makes right). Essentially ignoring any notion of customer rights and treating employees as serfs. Both have been known to rebel for cause.
It is the deplorable state of IT ethics that is the root cause of many of these controversial actions.
Nobody on slashdot is stupid enough to believe that we shouldn't get what we pay for and that the alternative is to get even less of what we already pay for.
The fact that an ANON makes this post is very telling of itself.
Maybe with that philosophy we should all go back to dialup for 40$/month. yeah, that'll slide real smooth.
Meanwhile, how about undersell instead of oversell! WHAT AN IDEA! Maybe that might allow people to actually you know, expand like any smart business and not end up backtracking nonstop like comcast has been doing for the past few years of this crap?
I've been a professional executive secretary for 16 years now. In that time, I've worked directly for 12 CEOs, several VPs, and other lesser execs. As part of my job, I've seen the penises of a number of these men. And if there's one thing in common, the louder the CEO, the smaller his genitals.
One guy in particular was a real smug bastard. He'd insult people left and right. He'd make outrageous claims about just about everything. He was extremely opinionated. I lost my job working for him because I laughed out loud, accidentally, at his erection. It was two inches long, tops. But not only that, he only had one testicle, so his scrotum was miniaturized.
Likewise, there was one very polite and gentlemanly CEO I worked for. He was the most respectable man I have ever known. In fact, I only saw his erection by accident, at a waterpark he'd brought the entire company to. While napping near the pool, he popped a massive erection. It was at least 10 inches long, and very thick. Later while apologizing to me about the incident, he explained that he hadn't ejaculated in over a week because his wife was out of the country, and he refused to masturbate.
His first sentence is that he thinks looking at everyones digital-internal communications is the most difficult, and therefore he wanted to do it because of it being the most difficult problem to solve.
From the article:"CBCNews.ca: During the panel discussion, you sounded more like a technologist than a business executive, where you're more in tune with what you're actually making as opposed to selling it. What do you consider yourself? Caputo: I'm very passionate about our technology and I'm pretty passionate about the concept with which Sandvine was founded on, and that was to improve the quality of the experience on the internet. When we first set down that path, the idea of looking at every packet⦠we said this is the most difficult problem that we could possibly imagine. The internet is so big, so vast, so continuous. And then we said that's "cool." We're going to attack a problem where we can't imagine there's a more difficult problem. I take nothing away from rocket scientists or biologists who are trying to cure cancer, but in our domain we really couldn't think of a more difficult problem, and that really excited us."
What the hell is that about? Did anyone jump when they read the first part of the article and saw that?
Stop with the damn caps and the unknown variables. I want to see an ISP with a basic monthly fee and pay-as-you-transfer rates.
Exemple: you pay 10$/month for your connection if you do less than 10 GiB of transfers, and you pay 1$ per additionnal 10 GiB.
You make less than 10 GiB download+upload during the month, you pay 10$. You upload+download for 100 GiB, you pay 19$. Not expensive enough? I have no idea. Change the price per GiB as needed, I have no idea how much ISPs are paying for their bandwidth.
"Read your contract - the ISP may say unlimited; but the DON'T guarantee a bandwidth."
Actually, most ISPs I've ever used, from Bellsouth to TW to Verizon to Comcast, guarantee you the bandwidth rate *TO THEIR SERVERS AND ROUTERS* and from there they can't guarantee jack shit. To their routers and servers and to other computers inside of their network, I've almost always obtained maximum data throughput. Get outside of that network and my average speed drops to about 3mbit.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Here's my whole wallet right now!!!!!!
I strongly suspect the CEO is hoping to do another PixStream... sell out to a big player and walk away with a small fortune as the former company gets ripped to shreds by the new owners. He cares not about the words coming out of his mouth, he's a sales guy. He sells businesses, takes his golden handshake and moves on to the next target.
The funny thing is a lot of Sandvine employees were former PixStream employees, so either the perks are fantastic, or these people are easily duped.
-Billco, Fnarg.com
Anybody have this guys E-mail Address, home address, phone numbers? Just curious.... No reason.
All packets MUST be treated equally. That is the first mistake. When an ISP says that they will deliver "unlimited" Internet to you, they must actually do this. "Unlimited" is not vague or ambiguous in the context in which they have used it. They must give me unlimited service, or a service without limitations, boundaries, restrictions, or controls. I did not come up with the unlimited part, they did.
I was sold a 6 Mb/s connection from Embarq, which means that with unlimited service I should be able to transfer 6Mb/s * 60 seconds * 60 minutes * 24 hours * 30 days, which is right around 2 TB of data transfer per month.
My neighbor was also sold this same package. We pay the same price. How can you determine which of our packets get priority? Can our packets be anything but equal?
This is why the "bandwidth hog" argument is so ludicrous. I cannot "hog" the bandwidth, nor can my neighbors. We all paid for a service, we all have equal rights to it.
This SHITHEAD just said it right here in plain English. Their business model is based on not actually delivering what they sold you. The "more" they don't deliver the more profitable they are. No wonder the ISP's have such an interest in figuring out the "problem". He is even more of an ass with his cavalier attitude about it. "Well that is just the way it has always been and it's okay". That attitude is why nobody trusts their ISP and these companies. It is so clearly greed that drives them.
What an ass. If you read between the lines here, he is basically saying that the fact ISP's are trying to figure out how to more effectively deny us the service we have been sold leads to greater business opportunities for his company. I'm shocked.
I hate to be somebody that just complains about a problem without offering solutions. Well the solution to this is very simple. Stop selling unlimited Internet. START being honest with your customers.
It does not take a rocket scientist to figure out that 10 homes in a neighborhood each with a 10 Mb/s connection require a 100 Mb/s pipe connected to all of them to deliver the bandwidth. Telling each one of them that they have unlimited use of those 10 Mb/s connections is a flat out lie. There is no way that could work without raising the price by 10 times.
If the reality is that there is only 20 Mb/s coming into the neighborhood then they should sell it with a 2 Mb/s floor and a 10 Mb/s ceiling. They will guarantee that you can at least get 2 Mb/s dedicated just for you, but be able to burst up to 10 Mb/s "depending on conditions". That would be honest at least. You would know that if your neighbors are not using the connection, you might be able to get some pretty good porn 5 times faster than normal, but the worst
If the CEO of a company tells you that the world needs things that serve the purpose that his companys products can provide and you don't find something wrong with that, then you get a big fat "FAIL" tattooed across your forehead.
Seriously... Sandvine, Phorm, NebuAd? We as the consumer have totally lost. In-network-spyware. Get the hell off my internets.
Kind of funny, reading the previous posts I'm reminded of a lot of the bad press that Fydor received when he created nmap. Sandvine simply created a tool. It's the ISP's that chooses to use it for good or abuse it.
Over subscription has been a standard ISP business model since we've had ISPs. In the old days we simply let the streams normalize themselves because data is data and TCP is extremely robust.
The problem you have today is ISP's selling VoIP. VoIP is far more suseptable to data latency than DNS, HTTP, etc. Rather than just "the Internet feeling slow" you experience dropped calls, echo, sounding like you are talking into a tin can, etc. For the typical end user they are far more likely to recognize this as abnormal than their browser taking 10 seconds to load a site. This means they are far more likely to call a support person to complain. More calls to support means you need more staff. More staff means less $$$ on the bottom line.
So the problem is not so much Sandvine as it is the ISP's themselves. They are trying to use the same resale models while failing to take into account that they are now offering services that will not function within those models.
Correction: TCP/IP packets do not get "bigger" as the quoted article states and Vint never would have made such a comment. If there is no congestion TCP/IP will permit more packet transmissions (of the same size) without requiring a pause in transmission (read up on TCP window size and scaling for more info). Don't know if Sandvine or the reporter borked this concept.
Just tell their ISP to censor their own Internet connections with the same software they develop. We'll see what they'll be saying after that.
There - FTFY
Causation can cause correlation
Would it be illegal to send by email a threat, or an extortion, or some other nasty content to oneself? Would it be a conspiracy if I planned out a crime via email with myself? Stupid, yes, especially if the Feds gets involved, but illegal?
As the security folks have been telling us from the start: What's "necessary" is end-to-end encryption for all traffic.
Yes, this costs a bit of extra cpu time on both ends. But any other "solution" is bogus. Any unencrypted packet allows your ISP, and anyone else along the path between two sites, to examine your traffic and "manage" it.
To encourage this, we should be teaching everyone to always use https:// at the start of all URLs.
Maybe we could encourage the apache people to make port 443 the default, rather than 80. Or, as a stopgap, make it listen on both ports by default, with occasional helpful hints that port 80 will soon be deprecated.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.