The accusations against Huawei and ZTE are that they have engineered back doors into every piece of equipment. Where the accusation against the NSA is that they have compromised Cisco equipment going to individual customers and suspect countries. I see a significant difference there. In the case of Huawei and ZTE it means you can pretty much never trust their gear. In the case of Cisco most of the world can trust their gear with the exception of people who are direct targets of the NSA.
Would someone please mod the above 'funny'. That was a joke, wasn't it?
I'm sure, given the previous revelations about us tapping our allies' leaders phones, that most of our allies are going to be quite leery of Cisco gear for quite some time. Also, It may well be that Huawei and ZTE have back doors, but where's the evidence? I'm sure multiple parties have disassembled their code and looked, but I haven't heard any corroboration. It's not like anyone took pictures of Chinese government operatives modifying the equipment.
Just because you got up-voted, doesn't mean your Troll is more honest and blatant than mine. It's more likely that it was more politically correct not to respond to the Obama like sociopaths part that appealed to the rat bag commie moderators. Still your part about "everybody loses" is too cynical for most air headed liberal fags. Care to take another crack at it?
I know you can't get +6, But another +5 below this one, would give real meaning to a "more livable and sustainable world".
Really, that line stopped me for a couple of minutes, it could catch on. But only with a +5.
Hey there AC. Not trolling. Just calling it like I see it. Not interested in up-mods or folks agreeing with me, just speaking my mind. The original AC (assuming that's not you), strongly implied that public transportation was some sort of evil plot. It's not. In many places (not, apparently, in Phoenix, AZ according to another AC -- I won't argue the point), public transportation is cheaper, more efficient, less CO2 emissions heavy and fosters more community interaction than everyone driving their own car.
That's what I think, and I don't give a rat's ass about the opinions of moderators or others -- unless they can provide concrete evidence as to why I should change my mind.
So disagree with me if you want. In fact, I'd love to have a spirited discussion about the value of public transportation. However, calling me a troll and the moderators "rat bag commies" and others (not sure who) "air headed liberal fags" doesn't, at least to me, constitute any sort of rational discussion. Which is, presumably, why you posted AC so you don't have to have your ad hominem attacks associated with a particular/. id.
In any case, you're welcome to your opinion and feel free to respond or not as you like. I have no axe to grind. Heck, go ahead and call me names too, if it makes you feel better. On the off chance you'd actually like to discuss real pros and cons of public transportation or the ways in which communities in the US have (or haven't) implemented quality public transportation, I'd be happy to engage.
In my part of the U.S. the paying customers would just collectively stomp the shit out of mr. Tengblad. But we don't have trains, or other energy and environment saving public transportation required for a more livable and sustainable world.. Everybody loses.
someone had to actually think that it was a good idea for that information to be publicly available. Sigh.
It isn't publicly available... The Brocade device that they highlight is a switch. Management ports for switches should not be exposed to the internet. Using "public" for snmp read-only community is a definite No-No. The Brocade device appears to support restricted views for SNMP community strings.
Simply put, a misconfigured device will always be a security risk. Hire better engineers.
Read the second link. The devices mentioned there are consumer grade cable/DSL modems, it's the non-technical end user who needs to hire better engineers? In those cases, it's the vendor who needs to hire better engineers.
As far as the Brocade devices are concerned (or any SNMP enabled device for that matter), Authentication data/encryption keys should *never* be exposed via a RO SNMP community, regardless of the type of device. Even if said device is for internal use only. Or were you unaware that at least 80% of corporate breaches are perpetrated by those on *internal* networks.
As for configuration, yes it's important to customize SNMP community strings and configure the device not to give out the keys to the kingdom. However, including sensitive information from the MIB for RO communities is just a dumb thing to do by default, regardless of the device.
IT folks should secure their devices, but it takes a special kind of stupid to enable access to private portions of the MIB via the RO community by default.
The vendors screwed up. That doesn't mean IT folks shouldn't secure their devices, but that does fuck all for consumers who wouldn't know an OID if it came up and smacked them in the head.
Complaining about V1 community strings makes as much sense as "discovering" that telnet is insecure.
Don't use V1 if you are concerned about this. There is no promise of security and never was.
The issue isn't the SNMP version, but that the MIB includes the passwords and encryption keys. Which makes this even worse -- it's not a bug, someone had to actually think that it was a good idea for that information to be publicly available. Sigh.
One of us needs to re-read TFA, because I read it as enterprise firewalls, I read where it said twice that they are not consumer devices, and where it said there are thousands (not millions) of them connected to the internet.
I was replying to the poster who said the devices shouldn't be connected to the Internet. I guess he didn't read either one of the linked articles.
I double checked and I see there are TWO links in TFS. The one I read focuses on load balancers. The other one does indeed talk about cable modems.
Yeah. I read the second link, not the first.:) Here's the bit I was referring to:
Heiland and fellow researcher Matthew Kienow also disclosed similar issues in the Ambit U10C019 and Ubee DDW3611 cable modems, as well as the Netopia 3347 series of DSL modems. The cable modems leak not only user names and passwords, but also WEP keys, WPA PSK and SSID information. The DSL modems, meanwhile, also leak WEP keys, WPA PSK and SSIDs.
I don't understand why people keep using the Boston bombings as an example of the system failing. The US had no reason to arrest or deport them. No amount of security will ever stop two brothers from setting off pressure cookers full of 4th of July fireworks in a crowd.
I think a better topic for discussion is the killing of al-Awlaki. Was he trying to organize attacks against Western targets? Was killing him wrong?
Identifying them quickly was an example of the system working, IMO.
IIRC, it was a bunch of Redditors going through photos that identified these guys, not our police/security/intelligence apparatus.
Authentication data/encryption keys should never be exposed via the read-only (public) SNMP community. This is just crappy implementation. Surprise, surprise. By now, SNMP v3 should be the only version implemented on *any* device, given that the standard was published in 1999.
According to TFA, most of the affected devices have been EOL'd, but are still in use and/or are for sale in secondary markets. Even so, I'd be surprised if any of these even existed before 2004, a full five years after the SNMP v3 spec was published. Sigh.
Okay I know, a huge number of devices from almost every manufacturer default to SNMP v1 or v2c with no encryption whatsoever. But that doesn't make it right, nor does it excuse the inclusion of private data in the public MIB. I'm just glad I don't have any of those devices.
Cry me a river. I'm sure that we could reduce that possibility ten fold if we placed cameras and microphones inside everyone's house. Does that mean we should do it? Absolutely not.
But, but...we have to destroy freedom in order to protect Freedom(tm)!
Why do you hate Freedom(tm) and America(tm)??
"Those who would give up essential liberties for..."
Ah, screw it! Apparently most people are fine with sacrificing any and all of their individual liberties and rights as long as the talking heads tell them it makes them more safe. Or, that changing this slide into totalitarianism in America is someone else's job.
There will always be the risk of people doing bad things in a free and open society. If there was not the ability for individuals and groups in a society to do bad things, then that society by definition would be neither free nor open.
Strat
I find it interesting (as some others have also pointed out) that we are spending enormous (we don't even know the full extent) amounts of money on the surveillance state, ostensibly to "protect" us from terror attacks. The probabilities say that you are many times more likely to die in or by an automobile than by a terrorist attack. They also say that you're more likely to die getting hit by lightning, or in your bathtub, let alone from heart disease. If "protecting" us is so important, why aren't we spending money in proportion to the probabilities? I'll leave the answer as an exercise for the/.er.
What difference does it make? Your upstream has so much bandwidth, and like many things it's oversold. If it weren't oversold, it would have to be much more expensive. For example, to not oversell, if they've got a thousand customers they'd have to have 20Gb/s throughout their system and upstream, and that probably costs more than you'd like to pay 0.1% of. Try pricing guaranteed rather than "up to" bandwidth sometime. Sharing is cheaper.
So, if somebody uses 1GB/month, that's about 500 seconds in a month that they're using the connection to the fullest, and you can fit a lot of 500 second-using people into a month without inconveniencing anybody. If you allow for people using an average of 100 (for 200 MB) seconds in a given two hours, you can fit 72 people into 20Mb/s bandwidth. You can't do that if people are constantly saturating their connections. A few people like you really aren't much of a problem, but if everybody tried using everything they paid for, either they wouldn't get it or they'd have to pay a whole lot more.
The customer probably wants data fast when the customer wants data, so having high bandwidth is an advantage even with a data cap.
An interesting point. However, that's part of the problem. As a networking guy, professionally, I always plan for peak usage, but expect that baseline usage will be be much lower. Doing so for a medium to large organization isn't directly comparable to doing so for an ISP, but the principles are the same. I'm sure that there are those here on/. that can speak directly to the issues facing ISPs.
Assuming that the ISP has built *their* internal network to handle peak loads (and if they don't, why not? I'd get fired if my customers were hobbled by poor connectivity on my internal network, and my links to the Internet at all my sites need to provide appropriate bandwidth, even if it is a bit slower during peak usage times), the bottlenecks will be at peering points with other ISPs.
Since we're talking about the big boys here (Comcast, TWC, Verizon, etc.), they generally have peering arrangements with each other and with other large providers. Generally, this is done with peering agreements.
From the link:
Peering agreement
Throughout the history of the Internet, there have been a spectrum of kinds of agreements between peers, ranging from handshake agreements to written contracts as required by one or more parties. Such agreements set forth the details of how traffic is to be exchanged, along with a list of expected activities which may be necessary to maintain the peering relationship, a list of activities which may be considered abusive and result in termination of the relationship, and details concerning how the relationship can be terminated. Detailed contracts of this type are typically used between the largest ISPs, and the ones operating in the most heavily regulated economies. As of 2011, such contracts account for less than 0.5% of all peering agreements.[1] (See examples below.)
These agreements don't generally involve billing each other unless the traffic is really asymmetrical. This was the issue with Comcast and Cogent (not Netflix), as Comcast complained that they were receiving enormously more traffic from Cogent (Netflix's primary ISP) than they were sending.
Of course, Comcast could just have allowed Netflix (as Netflix and other large data users do with other ISPs) to colocate caching servers inside Comcast's networks. But that's another kettle of fish.
Even if a large ISP needs to pay its peers for extra bandwidth at interconnection points, this is a very small percentage of their operating costs.
I guess the bottom line is that if an ISP can't support baseline usage at or near the speeds advertised, or can't at least provide a significant fraction of that speed during peak usage times, then they're marketing is d
And the vast majority of companies don't have those hyper-specialized needs. Hospitals: yes. Lawyers' offices: no.
You never worked for a law firm, have you? Data integrity, availability and security are paramount in firms larger than a few partners. This is made more difficult because many (not all) lawyers think they know everything and will happily dump gigabytes of confidential documents onto unsecured laptops and dropbox accounts, if you let them. And what if you represent defense contractors? Data must be secured in very specific ways and managed/monitored only by those with valid security clearances. I won't even address the liability issues associated with not ensuring attorney/client confidentiality. You have no idea what you're talking about.
An Internet provider should not be a content provider; there is an inherent conflict of interest. Forget Comcast's takeover of Cox, Comcast's actions against its competitors are the real problem here. The US needs an end to the local cable/telco monopolies/duopolies.
Absolutely. I'd go even further and say that the "last mile" owners, shouldn't be ISPs either.
In all fairness, why should you get 2TB of bandwidth for the same price as the other 90% who are using 500GB?
That's a significant difference. You should pay more.
Granted you probably are, because you probably have a faster connection. I think if they are going to cap, the cap should be larger for faster connections. If I buy a 3/1, it should be around 300gb, if I by a 15/5, it should be 5 times as much data too.
Bandwidth isn't data transfer. I pay for bandwidth. Bandwidth is data/time. If I'm paying for 20Mb/sec, what difference does it make if I download 20MB/month or 60TB/Month? Unless, of course, you have some sort of alternate agenda (like making it much harder to use media from the Internet rather than from the cable TV part of your business, or to restrict your customers from getting the service they've contracted and paid for). Since we already pay for the bandwidth, why shouldn't we be allowed to use it to its fullest? Just because many people don't use what they already pay for, why should those who do be penalized?
Your contract doesn't allow you to host servers (especially for commercial use) in your residential connection. So, you don't have a point.
Oh, and who said anything about commercial use? There are a myriad of applications (political speech, collaborative creative activity, social networking without personal data theft, intellectual interchanges, family communications and on and on) that can benefit from upload speeds/server hosting that have no commercial implications at all.
I have no issue with commercial vs. residential tiering. I do have a problem with restrictive and abusive corporate policies that limit speech, creativity and liberty.
That's strange. I host three different domains off of my residential Internet connection.
IMHO, this is because my ISP is not a content provider and has no incentive to limit their customer's access to the Internet. The TCP/IP suite of protocols (surprise!) was, despite the usage model that has been forced down most folks' throats, not designed to be exclusively client/server.
The problem is that most people don't realize the power and control they *could* have if they were given the opportunity. The Internet is, perhaps, the ultimate free speech mechanism, but we allow our corporate overlords to keep us from realizing its potential, with, among other things, the abusive contracts you mention.
More importantly, why is it that the ISPs that are content providers (whether they be cable companies or resellers of cable/satellite TV (like Verizon), restrict you from running servers? There are some good reasons to limit SMTP servers, as it's an insecure mechanism (despite strides that have been made vis a vis STARTTLS, SPF, Domain Key, etc.) which can be easily handled by routing emails through the ISP's SMTP servers. However, other than that, there is no inherent reason that servers should be restricted.
The ISPs that do this do so to protect the content distribution ends of their business, and to reduce their costs (not passed on to their customers, thank you very much) by throttling upload. That's not to say that users who wish to increase their upload bandwidth shouldn't pay for it, but other than the fact that ISPs want to control content (whether it be blogs, family websites, legitimate media distribution, or the "next big thing") and continue rent-seeking behavior without investing in infrastructure, there is no reason to throttle upload.
Granted, technologies like ADSL have those limitations built in (allowing ISPs to rape users for SDSL links), but fiber (as with Verizon FIOS) and other broadband mechanisms, have no such limitations, other than those imposed by those with a vested interest in imposing such limitations.
You say I have no point. I say that as long as you take the shit on rye you're being given, while being told it's prime rib, you are denying the real promise of the Internet. Can you say Stockholm Syndrome? Sure you can. I knew you could. [with apologies to Fred Rogers]
Data caps don't hurt uploads in basically all cases. Even in outside cases, there will be more down than up.
And that will be true when I'm offering my feature-length movie for sale as a download? My point is that everything these guys are doing is to maintain their power and monopoly to keep out competition. Do you believe competition is a bad thing?
Thanks for the clarification... Sounds like I may have read the situation incorrectly and reacted harshly. I apologize for that.
No worries. It's often difficult to pick up on nuance in a text-based environment like this. I believe we all have something to contribute. Enjoy your day.
Unless you're downloading games regularly, watching high def videos online, or torrenting stuff, data caps should never be a problem.
The trouble is a lot of people are now doing most of the above. People who aren't don't care about caps, since they'll never get close to 100gb a month without those three.
That's not really true. One of the big issues that no one is talking about (which is the real promise of an open/unfettered Internet) is that data caps (as well as server port blocking) limit the ability of the individual content producer (reasonably priced video recording equipment exists at prices that an individual can afford) to make their content widely available. That is a threat to the content providers who control the broadband internet services.
In addition, those content providers who want reasonable access to customers will need to either pay up or not be able to reach their target audience. Data caps also make cable TV more palatable, as it won't count against the data caps. It's the classic "rent-seeking" behavior of the monopolist. Nothing more, nothing less.
Didn't the FCC vote on net neutrality some time back and get slapped down by the courts saying they didn't have the authority to impose this?
What the court ruled is that since broadband providers are not classified as "common carriers," the FCC can't impose net neutrality rules on them. The solution (or at least part of the solution, cf. my post in another, related discussion) is, of course, to reclassify ISPs and broadband providers as "common carriers." Well, good luck with that. Although lobbying dollars would be more useful than luck. I've got a jar full of silver change, if that helps.
.
This was destined to pass from the day it was first proposed. All the public commenting was merely window dressing to make it appear as if there were public involvement. The content/broadband providers control the Internet (and apparently the FCC) in the United States, and this is their way of assuring they will stomp out any hint of real competition in the content creation/distribution markets and continue to do so ad infinitum and profit handsomely in the process.
Since you know so much about this (clearly much more than someone you've never met and whose knowledge and experience you have no information about), please explain how you *know* that there are no vulnerabilities or malware on *any* smartphones that might compromise the data in one of many different e-wallet apps. Also, please explain how you *know* that there will *never* be such vulnerabilities or malware. I'm an empiricist. I have an open mind. Convince me. Better yet, show me where, when and by whom all e-wallet app code, APIs, and general security of smartphones have been evaluated and certified [wikipedia.org].
In principle, I agree with you, but I would probably agree with you a lot more if you were weighing a secure system against a semi-secure system. As we have seen, however, the CC system is -extremely- insecure, and it is very, very easy for your credit card info to find its ways into the wrong hand. Unscrupulous store employees who install skimmers on CC swipers, online retailers who store CC information in an insecure manner (and you'll never know if they do until they get hacked). Maybe you just used your credit card at Target last year. I just got a free year's worth of credit card monitoring because of all the hacks and exploited flaws last year.
I don't see how the phone wallet would be worse.
You're absolutely correct. I never said that the current CC system was secure.
I was merely pointing out that, as is good infosec practice, if you expose something to the internet (as most smartphones are), you should expect it to get hacked at some point (e.g., the probability is non-zero). One poster pointed out that secure certificates protect your data, which is stored in a "secure" storage area on your phone. That may well be true. And since no certificate authority has ever been hacked (Oh wait, that's happened multiple times), there's nothing to worry about.
Also, it's interesting to me that some folks might think and assert that something is secure, without any objective analysis -- especially since there are well-defined and standardized mechanisms for such analysis. IMHO, claims that something is secure, if unsupported by independent analysis, are ill-informed opinions.
I don't question the potential convenience, or even the (relative) security offered by e-wallets, I'm just skeptical of the security claims and the (unstated) motives of those who champion e-wallets.
Slashdot Mirror
The accusations against Huawei and ZTE are that they have engineered back doors into every piece of equipment. Where the accusation against the NSA is that they have compromised Cisco equipment going to individual customers and suspect countries. I see a significant difference there. In the case of Huawei and ZTE it means you can pretty much never trust their gear. In the case of Cisco most of the world can trust their gear with the exception of people who are direct targets of the NSA.
Would someone please mod the above 'funny'. That was a joke, wasn't it?
I'm sure, given the previous revelations about us tapping our allies' leaders phones, that most of our allies are going to be quite leery of Cisco gear for quite some time. Also, It may well be that Huawei and ZTE have back doors, but where's the evidence? I'm sure multiple parties have disassembled their code and looked, but I haven't heard any corroboration. It's not like anyone took pictures of Chinese government operatives modifying the equipment.
Just because you got up-voted, doesn't mean your Troll is more honest and blatant than mine. It's more likely that it was more politically correct not to respond to the Obama like sociopaths part that appealed to the rat bag commie moderators. Still your part about "everybody loses" is too cynical for most air headed liberal fags. Care to take another crack at it?
I know you can't get +6, But another +5 below this one, would give real meaning to a "more livable and sustainable world".
Really, that line stopped me for a couple of minutes, it could catch on. But only with a +5.
Hey there AC. Not trolling. Just calling it like I see it. Not interested in up-mods or folks agreeing with me, just speaking my mind. The original AC (assuming that's not you), strongly implied that public transportation was some sort of evil plot. It's not. In many places (not, apparently, in Phoenix, AZ according to another AC -- I won't argue the point), public transportation is cheaper, more efficient, less CO2 emissions heavy and fosters more community interaction than everyone driving their own car.
That's what I think, and I don't give a rat's ass about the opinions of moderators or others -- unless they can provide concrete evidence as to why I should change my mind.
So disagree with me if you want. In fact, I'd love to have a spirited discussion about the value of public transportation. However, calling me a troll and the moderators "rat bag commies" and others (not sure who) "air headed liberal fags" doesn't, at least to me, constitute any sort of rational discussion. Which is, presumably, why you posted AC so you don't have to have your ad hominem attacks associated with a particular /. id.
In any case, you're welcome to your opinion and feel free to respond or not as you like. I have no axe to grind. Heck, go ahead and call me names too, if it makes you feel better. On the off chance you'd actually like to discuss real pros and cons of public transportation or the ways in which communities in the US have (or haven't) implemented quality public transportation, I'd be happy to engage.
Cheers!
In my part of the U.S. the paying customers would just collectively stomp the shit out of mr. Tengblad. But we don't have trains, or other energy and environment saving public transportation required for a more livable and sustainable world.. Everybody loses.
There. FTFY
someone had to actually think that it was a good idea for that information to be publicly available. Sigh.
It isn't publicly available... The Brocade device that they highlight is a switch. Management ports for switches should not be exposed to the internet. Using "public" for snmp read-only community is a definite No-No. The Brocade device appears to support restricted views for SNMP community strings.
Simply put, a misconfigured device will always be a security risk. Hire better engineers.
Read the second link. The devices mentioned there are consumer grade cable/DSL modems, it's the non-technical end user who needs to hire better engineers? In those cases, it's the vendor who needs to hire better engineers.
As far as the Brocade devices are concerned (or any SNMP enabled device for that matter), Authentication data/encryption keys should *never* be exposed via a RO SNMP community, regardless of the type of device. Even if said device is for internal use only. Or were you unaware that at least 80% of corporate breaches are perpetrated by those on *internal* networks.
As for configuration, yes it's important to customize SNMP community strings and configure the device not to give out the keys to the kingdom. However, including sensitive information from the MIB for RO communities is just a dumb thing to do by default, regardless of the device.
IT folks should secure their devices, but it takes a special kind of stupid to enable access to private portions of the MIB via the RO community by default.
The vendors screwed up. That doesn't mean IT folks shouldn't secure their devices, but that does fuck all for consumers who wouldn't know an OID if it came up and smacked them in the head.
Complaining about V1 community strings makes as much sense as "discovering" that telnet is insecure.
Don't use V1 if you are concerned about this. There is no promise of security and never was.
The issue isn't the SNMP version, but that the MIB includes the passwords and encryption keys. Which makes this even worse -- it's not a bug, someone had to actually think that it was a good idea for that information to be publicly available. Sigh.
One of us needs to re-read TFA, because I read it as enterprise firewalls, I read where it said twice that they are not consumer devices, and where it said there are thousands (not millions) of them connected to the internet.
I was replying to the poster who said the devices shouldn't be connected to the Internet. I guess he didn't read either one of the linked articles.
I double checked and I see there are TWO links in TFS. The one I read focuses on load balancers. The other one does indeed talk about cable modems.
Yeah. I read the second link, not the first. :) Here's the bit I was referring to:
So I guess we're both right. Good for us! :)
I don't understand why people keep using the Boston bombings as an example of the system failing. The US had no reason to arrest or deport them. No amount of security will ever stop two brothers from setting off pressure cookers full of 4th of July fireworks in a crowd.
I think a better topic for discussion is the killing of al-Awlaki. Was he trying to organize attacks against Western targets? Was killing him wrong?
Identifying them quickly was an example of the system working, IMO.
IIRC, it was a bunch of Redditors going through photos that identified these guys, not our police/security/intelligence apparatus.
Embedded devices have no business connecting to the internet.
You do realize that most of the devices identified are home routers and DSL modems, right? Their whole purpose is to connect to the Internet. Sigh.
Authentication data/encryption keys should never be exposed via the read-only (public) SNMP community. This is just crappy implementation. Surprise, surprise. By now, SNMP v3 should be the only version implemented on *any* device, given that the standard was published in 1999.
According to TFA, most of the affected devices have been EOL'd, but are still in use and/or are for sale in secondary markets. Even so, I'd be surprised if any of these even existed before 2004, a full five years after the SNMP v3 spec was published. Sigh.
Okay I know, a huge number of devices from almost every manufacturer default to SNMP v1 or v2c with no encryption whatsoever. But that doesn't make it right, nor does it excuse the inclusion of private data in the public MIB. I'm just glad I don't have any of those devices.
Cry me a river. I'm sure that we could reduce that possibility ten fold if we placed cameras and microphones inside everyone's house. Does that mean we should do it? Absolutely not.
But, but...we have to destroy freedom in order to protect Freedom(tm)!
Why do you hate Freedom(tm) and America(tm)??
"Those who would give up essential liberties for..."
Ah, screw it! Apparently most people are fine with sacrificing any and all of their individual liberties and rights as long as the talking heads tell them it makes them more safe. Or, that changing this slide into totalitarianism in America is someone else's job.
There will always be the risk of people doing bad things in a free and open society. If there was not the ability for individuals and groups in a society to do bad things, then that society by definition would be neither free nor open.
Strat
I find it interesting (as some others have also pointed out) that we are spending enormous (we don't even know the full extent) amounts of money on the surveillance state, ostensibly to "protect" us from terror attacks. The probabilities say that you are many times more likely to die in or by an automobile than by a terrorist attack. They also say that you're more likely to die getting hit by lightning, or in your bathtub, let alone from heart disease. If "protecting" us is so important, why aren't we spending money in proportion to the probabilities? I'll leave the answer as an exercise for the /.er.
Are you saying the WTC "attack" wasn't carried out by Silverstein, Bush, Cheney, et al?
Shel Silverstein was responsible for 9/11? I knew he was a slimebag. Those literary types are all alike!
What difference does it make? Your upstream has so much bandwidth, and like many things it's oversold. If it weren't oversold, it would have to be much more expensive. For example, to not oversell, if they've got a thousand customers they'd have to have 20Gb/s throughout their system and upstream, and that probably costs more than you'd like to pay 0.1% of. Try pricing guaranteed rather than "up to" bandwidth sometime. Sharing is cheaper.
So, if somebody uses 1GB/month, that's about 500 seconds in a month that they're using the connection to the fullest, and you can fit a lot of 500 second-using people into a month without inconveniencing anybody. If you allow for people using an average of 100 (for 200 MB) seconds in a given two hours, you can fit 72 people into 20Mb/s bandwidth. You can't do that if people are constantly saturating their connections. A few people like you really aren't much of a problem, but if everybody tried using everything they paid for, either they wouldn't get it or they'd have to pay a whole lot more.
The customer probably wants data fast when the customer wants data, so having high bandwidth is an advantage even with a data cap.
An interesting point. However, that's part of the problem. As a networking guy, professionally, I always plan for peak usage, but expect that baseline usage will be be much lower. Doing so for a medium to large organization isn't directly comparable to doing so for an ISP, but the principles are the same. I'm sure that there are those here on /. that can speak directly to the issues facing ISPs.
Assuming that the ISP has built *their* internal network to handle peak loads (and if they don't, why not? I'd get fired if my customers were hobbled by poor connectivity on my internal network, and my links to the Internet at all my sites need to provide appropriate bandwidth, even if it is a bit slower during peak usage times), the bottlenecks will be at peering points with other ISPs.
Since we're talking about the big boys here (Comcast, TWC, Verizon, etc.), they generally have peering arrangements with each other and with other large providers. Generally, this is done with peering agreements.
From the link:
These agreements don't generally involve billing each other unless the traffic is really asymmetrical. This was the issue with Comcast and Cogent (not Netflix), as Comcast complained that they were receiving enormously more traffic from Cogent (Netflix's primary ISP) than they were sending.
Of course, Comcast could just have allowed Netflix (as Netflix and other large data users do with other ISPs) to colocate caching servers inside Comcast's networks. But that's another kettle of fish.
Even if a large ISP needs to pay its peers for extra bandwidth at interconnection points, this is a very small percentage of their operating costs.
I guess the bottom line is that if an ISP can't support baseline usage at or near the speeds advertised, or can't at least provide a significant fraction of that speed during peak usage times, then they're marketing is d
Yeah. That can be a problem.
And the vast majority of companies don't have those hyper-specialized needs. Hospitals: yes. Lawyers' offices: no.
You never worked for a law firm, have you? Data integrity, availability and security are paramount in firms larger than a few partners. This is made more difficult because many (not all) lawyers think they know everything and will happily dump gigabytes of confidential documents onto unsecured laptops and dropbox accounts, if you let them. And what if you represent defense contractors? Data must be secured in very specific ways and managed/monitored only by those with valid security clearances. I won't even address the liability issues associated with not ensuring attorney/client confidentiality. You have no idea what you're talking about.
An Internet provider should not be a content provider; there is an inherent conflict of interest. Forget Comcast's takeover of Cox, Comcast's actions against its competitors are the real problem here. The US needs an end to the local cable/telco monopolies/duopolies.
Absolutely. I'd go even further and say that the "last mile" owners, shouldn't be ISPs either.
In all fairness, why should you get 2TB of bandwidth for the same price as the other 90% who are using 500GB? That's a significant difference. You should pay more. Granted you probably are, because you probably have a faster connection. I think if they are going to cap, the cap should be larger for faster connections. If I buy a 3/1, it should be around 300gb, if I by a 15/5, it should be 5 times as much data too.
Bandwidth isn't data transfer. I pay for bandwidth. Bandwidth is data/time. If I'm paying for 20Mb/sec, what difference does it make if I download 20MB/month or 60TB/Month? Unless, of course, you have some sort of alternate agenda (like making it much harder to use media from the Internet rather than from the cable TV part of your business, or to restrict your customers from getting the service they've contracted and paid for). Since we already pay for the bandwidth, why shouldn't we be allowed to use it to its fullest? Just because many people don't use what they already pay for, why should those who do be penalized?
Your contract doesn't allow you to host servers (especially for commercial use) in your residential connection. So, you don't have a point.
Oh, and who said anything about commercial use? There are a myriad of applications (political speech, collaborative creative activity, social networking without personal data theft, intellectual interchanges, family communications and on and on) that can benefit from upload speeds/server hosting that have no commercial implications at all.
I have no issue with commercial vs. residential tiering. I do have a problem with restrictive and abusive corporate policies that limit speech, creativity and liberty.
That's strange. I host three different domains off of my residential Internet connection.
IMHO, this is because my ISP is not a content provider and has no incentive to limit their customer's access to the Internet. The TCP/IP suite of protocols (surprise!) was, despite the usage model that has been forced down most folks' throats, not designed to be exclusively client/server.
The problem is that most people don't realize the power and control they *could* have if they were given the opportunity. The Internet is, perhaps, the ultimate free speech mechanism, but we allow our corporate overlords to keep us from realizing its potential, with, among other things, the abusive contracts you mention.
More importantly, why is it that the ISPs that are content providers (whether they be cable companies or resellers of cable/satellite TV (like Verizon), restrict you from running servers? There are some good reasons to limit SMTP servers, as it's an insecure mechanism (despite strides that have been made vis a vis STARTTLS, SPF, Domain Key, etc.) which can be easily handled by routing emails through the ISP's SMTP servers. However, other than that, there is no inherent reason that servers should be restricted.
The ISPs that do this do so to protect the content distribution ends of their business, and to reduce their costs (not passed on to their customers, thank you very much) by throttling upload. That's not to say that users who wish to increase their upload bandwidth shouldn't pay for it, but other than the fact that ISPs want to control content (whether it be blogs, family websites, legitimate media distribution, or the "next big thing") and continue rent-seeking behavior without investing in infrastructure, there is no reason to throttle upload.
Granted, technologies like ADSL have those limitations built in (allowing ISPs to rape users for SDSL links), but fiber (as with Verizon FIOS) and other broadband mechanisms, have no such limitations, other than those imposed by those with a vested interest in imposing such limitations.
You say I have no point. I say that as long as you take the shit on rye you're being given, while being told it's prime rib, you are denying the real promise of the Internet. Can you say Stockholm Syndrome? Sure you can. I knew you could. [with apologies to Fred Rogers]
Data caps don't hurt uploads in basically all cases. Even in outside cases, there will be more down than up.
And that will be true when I'm offering my feature-length movie for sale as a download? My point is that everything these guys are doing is to maintain their power and monopoly to keep out competition. Do you believe competition is a bad thing?
Thanks for the clarification... Sounds like I may have read the situation incorrectly and reacted harshly. I apologize for that.
No worries. It's often difficult to pick up on nuance in a text-based environment like this. I believe we all have something to contribute. Enjoy your day.
Unless you're downloading games regularly, watching high def videos online, or torrenting stuff, data caps should never be a problem.
The trouble is a lot of people are now doing most of the above. People who aren't don't care about caps, since they'll never get close to 100gb a month without those three.
That's not really true. One of the big issues that no one is talking about (which is the real promise of an open/unfettered Internet) is that data caps (as well as server port blocking) limit the ability of the individual content producer (reasonably priced video recording equipment exists at prices that an individual can afford) to make their content widely available. That is a threat to the content providers who control the broadband internet services.
In addition, those content providers who want reasonable access to customers will need to either pay up or not be able to reach their target audience. Data caps also make cable TV more palatable, as it won't count against the data caps. It's the classic "rent-seeking" behavior of the monopolist. Nothing more, nothing less.
Didn't the FCC vote on net neutrality some time back and get slapped down by the courts saying they didn't have the authority to impose this?
What the court ruled is that since broadband providers are not classified as "common carriers," the FCC can't impose net neutrality rules on them. The solution (or at least part of the solution, cf. my post in another, related discussion) is, of course, to reclassify ISPs and broadband providers as "common carriers." Well, good luck with that. Although lobbying dollars would be more useful than luck. I've got a jar full of silver change, if that helps.
Wow, what a surprise.
. This was destined to pass from the day it was first proposed. All the public commenting was merely window dressing to make it appear as if there were public involvement. The content/broadband providers control the Internet (and apparently the FCC) in the United States, and this is their way of assuring they will stomp out any hint of real competition in the content creation/distribution markets and continue to do so ad infinitum and profit handsomely in the process.
There. FTFY.
Since you know so much about this (clearly much more than someone you've never met and whose knowledge and experience you have no information about), please explain how you *know* that there are no vulnerabilities or malware on *any* smartphones that might compromise the data in one of many different e-wallet apps. Also, please explain how you *know* that there will *never* be such vulnerabilities or malware. I'm an empiricist. I have an open mind. Convince me. Better yet, show me where, when and by whom all e-wallet app code, APIs, and general security of smartphones have been evaluated and certified [wikipedia.org].
In principle, I agree with you, but I would probably agree with you a lot more if you were weighing a secure system against a semi-secure system. As we have seen, however, the CC system is -extremely- insecure, and it is very, very easy for your credit card info to find its ways into the wrong hand. Unscrupulous store employees who install skimmers on CC swipers, online retailers who store CC information in an insecure manner (and you'll never know if they do until they get hacked). Maybe you just used your credit card at Target last year. I just got a free year's worth of credit card monitoring because of all the hacks and exploited flaws last year.
I don't see how the phone wallet would be worse.
You're absolutely correct. I never said that the current CC system was secure.
I was merely pointing out that, as is good infosec practice, if you expose something to the internet (as most smartphones are), you should expect it to get hacked at some point (e.g., the probability is non-zero). One poster pointed out that secure certificates protect your data, which is stored in a "secure" storage area on your phone. That may well be true. And since no certificate authority has ever been hacked (Oh wait, that's happened multiple times), there's nothing to worry about.
Also, it's interesting to me that some folks might think and assert that something is secure, without any objective analysis -- especially since there are well-defined and standardized mechanisms for such analysis. IMHO, claims that something is secure, if unsupported by independent analysis, are ill-informed opinions.
I don't question the potential convenience, or even the (relative) security offered by e-wallets, I'm just skeptical of the security claims and the (unstated) motives of those who champion e-wallets.