Sad to see him leave Ubuntu, but XPRIZE will no doubt benefit. He's always seemed to be a great motivator for a community, and a level headed guy that can balance the conflicting interests and passions. I think Ubuntu has improved from his participation, but he has been there awhile (especially in tech). Maybe some new blood could also help Ubuntu.
I understand that, but it still doesn't address the include:xxx condition I outlined above. If we use an application service provider that sends email on our behalf, I have to get that provider to setup a custom header in the outbound email with a private cert I have generated for them. With SPF I can simply use an include: xxx to specify that I also trust vendorx.com to send mail for mydomain.com. I was inquiring if there is a facility for DKIM to support such a mechanism, which it doesn't seem like there is.
I can take a hardline with the ASPs and require they allow stamp the mail with my DKIM, but if you're not a large enough customer chances are they will say tough deal with it or go somewhere else.
How would that work with trusted partners who may send mail on your behalf? With SPF I can use an include:xxx to define relationships with other systems. With DKIM it seems I would need the partnered system to stamp the sent mail or relay off of our originating servers for DKIM attribute addition (something that might not always be possible). Is there an elegant workaround?
I use them, and what I've found is that they have a very marginal effect (if any) on spam catch rates on your inbound mail. However, they do have a great side benefit. They significantly reduce backscatter, keep yourself off of blacklists, and provide some control of you, your employer, or your client's identity on the web. SPF records provide a mechanism to limit who can spoof as you (as long as recipient servers adhere to them). If you have a risk to yourself or interested parties that someone might spoof your domain (banks!), then SPF provides a means to insure the chain of custody (to an extent).
I do think overall SPF has helped to prevent forged domain letters, but those are less and less common (for those that publish spf). The spammers now either rely on forged domains without DKIM or SPF (why not use both!!) or they send from their own controlled botnet domains and publish legit SPF for themselves as well.
I honestly don't know too much about Mandriva these days. I was an avid Mandrake user until they stir up (some time back).
Looking at the latest release notes there are some interesting things. Looks like a lot of work into 1 click install of codecs, firmware, etc...
I would still hypothesize that OpenSUSE would have the better KDE4 experience, due to the work done to KDEify Firefox and OpenOffice (though I do see Mandriva uses Go-OO). The OpenSUSE Build service as well seems to keep a lot more software options packaged for SUSE then other RPM variants (with of course Ubuntu leading the charge for prepackaged binaries).
I think I might give Mandriva another look though since it has been so long since I considered them.
Package management was god-awful in the Suse 10 release too, but I'm assuming that's been fixed by now.
It has been fixed, thank god! OpenSUSE 10 made the horrible mistake of trying to wedge in the redcarpet (ZENworks for Linux) stuff. It went horribly horribly bad. They lost a lot of people as dependency hell ensued. 10.1 was a complete rewrite of how they handled packages, and with zypper standard now (even with Yast). It's not just fixed but it is the best RPM distro at handling packages, IMO.
OpenSUSE has one of the best KDE4 setups. They've done a lot of work into making KDE4 really shine. The Firefox KDE integration is AWESOME, and not something I am sure the other distros are shipping with. There is also additional work above and beyond stock on OpenOffice and such. A great attention to detail on the theming (not that you can't change that on Ubuntu and Fedora).
Zypper is hands down the best RPM tool and I would say on par or superior to Apt. Definitely a step over yum.
Nomad provide an RDP server for Linux that supports Compiz, not sure if that's been ported to other distros.
iFolder (if you care about that) is so far only packaged for SUSE, I believe.
Also Yast is great to administer your system if you're not command line friendly. It used to be atrocious, but now is very much decent. I still don't use it that much, but it has an appeal to people (especially our Windows friends). Overall it's a solid distro and I would say on par with Ubuntu and others.
The parent is absolutely right. We don't have enough details to really make a recommendation, but if the question is 'can rsync replicate 12 TB with an average rate of churn over a 1 Gbps link reliably'? The answer is an emphatic and resounding YES!
I used to maintain an rsync disaster recovery clone that was backing up multiple NetWare, Linux, Unix, and Windows servers to a central repository in excess of 20 TB over primarily 100 Mbps links. We found that our average rate of churn was 1% / day which was easily accomplished. It was all scripted out with Perl and would notify on job status each night or failures. Very easy to slap together and rock solid for the limited scope we defined.
When you get into more specifics on HA, DR recovery turn around times, maintained permissions, databases and in use files, versioning, etc.. things can get significantly more complicated.
To me this sounds uninteresting. Caprica is toast, and any kind of day to day drama will always have this overtone of futility. How much of the day to day drama and plot points will be completely irrelevant given how the future plays out in BSG proper.
I mean the show kind of set itself up as a, oh crap starting over, thing. Do the day to day trials and tribulations of the show's Montague and Capulet equivalents even matter to fans?
I wouldn't be surprised if most Linux servers were defaced because of poor configurations, by home users. How many have the needed skill to do it well and really secure? How many home users wish to pay for IIS? Probably not many.
Exactly, how many virtual host web server businesses offer IIS for their $5/month subscribers. I haven't seen any, it's all Apache and I can guarantee most of those people are amateurs. The web guided installs of things like phpMyAdmin, Drupal, etc... and the lack of knowledge must certainly contribute significantly to the Apache stats from TFA.
I think you missed my comment's point.. I was actually complementing MS for implementing some smart ideas and kind of jesting that it took them long enough! Anyway not to feed the trolls but;
Powershell is object oriented, bash isn't. No stealing of ideas there.
Yes, but I was really just trying to say, "YES! Finally a capable shell!" If you want OO paradigm for scripting in Linux it's not like you're stuck with Bash.. See Perl; Python; Etc..
The IIS 7 config file now allows you to make changes to the configuration without needing to restart the server, IIRC Apache still needs to have its daemon restarted.
Not true! Apache's graceful restart will finish serving the current request with each thread and then restart that thread picking up the new config. I'm not sure but I would imagine that is how IIS would have to do it. You can't very well load a new config in mid HTTP request.
apachectl -k graceful
Also, note that Microsoft did Unix (Anyone remember Xenix?) way back before the was a Linux, so, other than right out of your arse, I don't know where you get this whole "idea stealing" thing.
Umm ATT Bell Labs did it before MS and Linux was based on that paradigm. And no, lol no one remembers Xenix...
That aside, I find it funny how when Microsoft impliments an idea existing elsewhere it's called ripping someone off, but when some OSS project, or OSS-friendly company gets burned by patent violations (because the idea exists elsewhere), it's bloody murder, and the patent holder is evil. Roight.
Wow way to take offense to a comment that was meant more as a WAY TO GO MS then a MAN MS YOU STEAL! So what company or idea has been burned by patent violations so far? Name an example, because last I looked MS hasn't filed any violations and SCO lost. As for my own, not a lawyer, personal opinion the software patent system is definitely flawed... so then there's that of course.
You *do* know that Microsoft existed before Windows, right? And that Windows 1.0 wasn't graphical, at that, right?
Sure I know that. Of course, you do realize that MS didn't write DOS they bought it and extended it. It seems as a company they tried their hardest to kill the command line since only to regress now. Interesting how it all comes full circle like that.
Oh fuck, XML configs. Let's take human-readable text and turn it into XML, thus destroying its readability.
While I agree with you, I think MS wasn't thinking of humans reading and editing the XML by hand. They were undoubtedly expecting people to use the IIS Manager and it's probably easier for the programmers to generate the configs out of IIS Manager if it is a structured format like XML. Harder to systematically generate.conf if you don't know about neat things like Perl Config::General I suppose.
Powershell (Bash), XML Based IIS config (apache.conf), Hyper-V (Xen), GUI less installs (init 3 (or 2 on some systems))...
Hey Microsoft, Linux, BSD, etc... called they want their ideas back! Actually though I'm really glad to see this stuff. It really is a step in the right direction, and even if it isn't my platform of choice, a good idea is a good idea.
This has been known for awhile, but I'm assuming the program referenced just makes it easier.
At any rate, this is why I really wished SIP would have required a mandatory encryption scheme. Skype does, but I'd rather use a protocol that's open and interoperable. SIP does have encryption provisions (SRTP, TLS, etc..), but they are a bit difficult and not widely used (so completely pointless). It should have been something mandatory, though I can understand that encryption latency would have ramifications on the call latency and overhead.
Because there are 3 already in Detroit pursuing it too.
Actually 4 with Tesla Motors. Tesla quickly realized that while they may know a lot about how to produce kick ass electrical drive systems, computerized mechanics, and battery grids; they had a lot to learn about how to produce complete automobiles. It's a great move because they can gain industry experience and quickly ramp up simply by picking up the big 3's droppings as they downsize. I work right by the Rochester facility actually (though I've yet to see their new Sedan prototype).
P.S. not to mention I keep hitting their help wanted ads!
If you choose not to run a virtualization layer, that doesn't (as far as I know) make you any safer from rootkits like Blue Pill.
Approaches like Blue Pill and Vitriol are dependent on the existence of hardware virtualization. You don't have to be running under it to be exploited, it just has to be present and enabled.
So if you meant not running as in disabling VT-x and SMV functions, then it would indeed make you safer from VM type rootkits.
However, if you meant not running as in not running a virtualized guest OS, then no it wouldn't matter one way or the other really. Running virtualized would probably make you safer overall in that case because there is another layer of difficulty involved in virtualizing the guest for the rootkit function.
So I don't think that the existence of these rootkits is an argument to say that virtualization layers will increase or decrease security.
Yes the host has to be in a state to load the rootkit regardless, but this can be easier then you assume (especially on your Windows based platforms). Security is layered and it's nice to know that if the box is compromised in that way that at least the rootkit should be easier to detect/remove then if it were a VM based rootkit.
I guess the argument goes back to does hardware virtualization like VT-x open up avenues for system exploit beyond what is present without VT-x. I would surmise it does, but whether this applies to virtualization in general, or the transparent hardware virtualization options presented by VT-x is another discussion.
Isn't that more of an argument against an OS on the bare hardware?
No, the parent asked what is insecure about VT-x and/or SVM. Both of which provide attack vectors for VM-type rootkits, which are quite serious. VT-x and SVM are designed to be transparent to the guest so these are hard to detect.
As to your point, If an existing hypervisor is there already this is probably not effective. Perhaps a VM rootkit could emulate a ring-0 environment to nest itself as a virtual instance on the host while still virtualizing the guest. There is also the potential that a security vulnerability in the isolation of the current hypervisor could be exploited to allow the rootkit to embed itself within, or supplant, the existing hypervisor. So still security avenues exist, though they become more remote.
What's not secure about SVM? What's not secure about VT-x?
VT-x and SVM provide paths for rootkits to integrate and hide. New rootkits like Blue Pill and Vitriol utilize SVM and VT-x to virtualize the host platform and remain undetected and immune from removal. They're not widespread, but an attack vector exists, which implies the security concerns over them.
There is not one recorded/public example of someone breaking out of the isolation of a virtual environment! I dare someone to demonstrate otherwise, and I will eat my words.
From the link: "It could allow a malicious hacker to sidestep the virtual machine and exploit the underlying operating system.".
Anyway I think that you do make a point. Exploiting the underlying OS isn't as much as exploiting the guest OS in the virtual instance. Interesting stuff like Blue Pill (which is hotly debated in security circles ATM), poses unique risks to virtual environments.
Still, I would say Theo is dead on. Virtualization makes a lot of sense, but that doesn't mean you should assume you gain anything from a security perspective. Think of it this way. Every layer of complexity in your environment adds another attack vector... Virtualizing an operating system provides an additional complexity over running the same operating system native. Makes sense to me that there would be additional security concerns. Even Intel VT itself has been proposed as a source of potential security concern.
While I absolutely hate your circuit switch analogy for TCP, since regardless that the conversation can be considered a stream, it is still packet switched no matter how you look at. I do see your point on common carrier status.
The issue I take with this is that there are a myriad of ways to handle this problem. Forged packet RST is not the answer. There are plenty of options at their disposal, but they have chosen one that not only spoofs my identity but is very disruptive. What is wrong with response queuing and traditional QoS methods?
What if it were a protocol less resilient then Bittorrent?
SIP for example, which I still think Comcast was playing with against Vonage. I know slippery slope is a logical fallacy, but I lose a lot of faith in my carrier when they play man in the middle games with my content. In addition, their refusal to admit to their customers what they are doing is inexcusable. I pay for the service, I should receive notice if they're going to decide to gimp a part of it I actively use (in a legal way).
Of course back in 1920 who knows what would have held up in trial, but that is probably a line more likely to be said by the Stanley salesman with a nod and wink.
Just using the obligatory auto analogy to illustrate how marketing has always worked.
Slashdot Mirror
Sad to see him leave Ubuntu, but XPRIZE will no doubt benefit. He's always seemed to be a great motivator for a community, and a level headed guy that can balance the conflicting interests and passions. I think Ubuntu has improved from his participation, but he has been there awhile (especially in tech). Maybe some new blood could also help Ubuntu.
Here's to seeing good things from Jono at XPRIZE.
The best part about that team revealing this, was hearing NPR / CNN / BBC and others say Goatse in their broadcasts. Priceless!
I understand that, but it still doesn't address the include:xxx condition I outlined above. If we use an application service provider that sends email on our behalf, I have to get that provider to setup a custom header in the outbound email with a private cert I have generated for them. With SPF I can simply use an include: xxx to specify that I also trust vendorx.com to send mail for mydomain.com. I was inquiring if there is a facility for DKIM to support such a mechanism, which it doesn't seem like there is.
I can take a hardline with the ASPs and require they allow stamp the mail with my DKIM, but if you're not a large enough customer chances are they will say tough deal with it or go somewhere else.
How would that work with trusted partners who may send mail on your behalf? With SPF I can use an include:xxx to define relationships with other systems. With DKIM it seems I would need the partnered system to stamp the sent mail or relay off of our originating servers for DKIM attribute addition (something that might not always be possible). Is there an elegant workaround?
I use them, and what I've found is that they have a very marginal effect (if any) on spam catch rates on your inbound mail. However, they do have a great side benefit. They significantly reduce backscatter, keep yourself off of blacklists, and provide some control of you, your employer, or your client's identity on the web. SPF records provide a mechanism to limit who can spoof as you (as long as recipient servers adhere to them). If you have a risk to yourself or interested parties that someone might spoof your domain (banks!), then SPF provides a means to insure the chain of custody (to an extent).
I do think overall SPF has helped to prevent forged domain letters, but those are less and less common (for those that publish spf). The spammers now either rely on forged domains without DKIM or SPF (why not use both!!) or they send from their own controlled botnet domains and publish legit SPF for themselves as well.
I honestly don't know too much about Mandriva these days. I was an avid Mandrake user until they stir up (some time back).
Looking at the latest release notes there are some interesting things. Looks like a lot of work into 1 click install of codecs, firmware, etc...
I would still hypothesize that OpenSUSE would have the better KDE4 experience, due to the work done to KDEify Firefox and OpenOffice (though I do see Mandriva uses Go-OO). The OpenSUSE Build service as well seems to keep a lot more software options packaged for SUSE then other RPM variants (with of course Ubuntu leading the charge for prepackaged binaries).
I think I might give Mandriva another look though since it has been so long since I considered them.
Package management was god-awful in the Suse 10 release too, but I'm assuming that's been fixed by now.
It has been fixed, thank god! OpenSUSE 10 made the horrible mistake of trying to wedge in the redcarpet (ZENworks for Linux) stuff. It went horribly horribly bad. They lost a lot of people as dependency hell ensued. 10.1 was a complete rewrite of how they handled packages, and with zypper standard now (even with Yast). It's not just fixed but it is the best RPM distro at handling packages, IMO.
Eww 10.0... shudder.
Sure a few reasons;
OpenSUSE has one of the best KDE4 setups. They've done a lot of work into making KDE4 really shine. The Firefox KDE integration is AWESOME, and not something I am sure the other distros are shipping with. There is also additional work above and beyond stock on OpenOffice and such. A great attention to detail on the theming (not that you can't change that on Ubuntu and Fedora).
Zypper is hands down the best RPM tool and I would say on par or superior to Apt. Definitely a step over yum.
Nomad provide an RDP server for Linux that supports Compiz, not sure if that's been ported to other distros.
iFolder (if you care about that) is so far only packaged for SUSE, I believe.
Also Yast is great to administer your system if you're not command line friendly. It used to be atrocious, but now is very much decent. I still don't use it that much, but it has an appeal to people (especially our Windows friends). Overall it's a solid distro and I would say on par with Ubuntu and others.
The parent is absolutely right. We don't have enough details to really make a recommendation, but if the question is 'can rsync replicate 12 TB with an average rate of churn over a 1 Gbps link reliably'? The answer is an emphatic and resounding YES!
I used to maintain an rsync disaster recovery clone that was backing up multiple NetWare, Linux, Unix, and Windows servers to a central repository in excess of 20 TB over primarily 100 Mbps links. We found that our average rate of churn was 1% / day which was easily accomplished. It was all scripted out with Perl and would notify on job status each night or failures. Very easy to slap together and rock solid for the limited scope we defined.
When you get into more specifics on HA, DR recovery turn around times, maintained permissions, databases and in use files, versioning, etc.. things can get significantly more complicated.
The fact that there is a difference at all shows we and they were two distinct species.
I'm no geneticist, but it seems that couldn't be true. Wouldn't every evolutionary change signify a change in the genome?
At what point do you define a new species.. now 1% is probably enough to classify as that, but what about 0.01%?
I'm in agreement, but not for your reasons.
To me this sounds uninteresting. Caprica is toast, and any kind of day to day drama will always have this overtone of futility. How much of the day to day drama and plot points will be completely irrelevant given how the future plays out in BSG proper.
I mean the show kind of set itself up as a, oh crap starting over, thing. Do the day to day trials and tribulations of the show's Montague and Capulet equivalents even matter to fans?
You can't really expect to pull out on a certain date.
Really? I always heard pulling out was 80% effective, though in my opinion that's not high enough. Oh wait, are we talking about the same thing?
I wouldn't be surprised if most Linux servers were defaced because of poor configurations, by home users. How many have the needed skill to do it well and really secure? How many home users wish to pay for IIS? Probably not many.
Exactly, how many virtual host web server businesses offer IIS for their $5/month subscribers. I haven't seen any, it's all Apache and I can guarantee most of those people are amateurs. The web guided installs of things like phpMyAdmin, Drupal, etc... and the lack of knowledge must certainly contribute significantly to the Apache stats from TFA.
I think you missed my comment's point.. I was actually complementing MS for implementing some smart ideas and kind of jesting that it took them long enough! Anyway not to feed the trolls but;
Powershell is object oriented, bash isn't. No stealing of ideas there.
Yes, but I was really just trying to say, "YES! Finally a capable shell!" If you want OO paradigm for scripting in Linux it's not like you're stuck with Bash.. See Perl; Python; Etc..
The IIS 7 config file now allows you to make changes to the configuration without needing to restart the server, IIRC Apache still needs to have its daemon restarted.
Not true! Apache's graceful restart will finish serving the current request with each thread and then restart that thread picking up the new config. I'm not sure but I would imagine that is how IIS would have to do it. You can't very well load a new config in mid HTTP request.
apachectl -k graceful
Also, note that Microsoft did Unix (Anyone remember Xenix?) way back before the was a Linux, so, other than right out of your arse, I don't know where you get this whole "idea stealing" thing.
Umm ATT Bell Labs did it before MS and Linux was based on that paradigm. And no, lol no one remembers Xenix...
That aside, I find it funny how when Microsoft impliments an idea existing elsewhere it's called ripping someone off, but when some OSS project, or OSS-friendly company gets burned by patent violations (because the idea exists elsewhere), it's bloody murder, and the patent holder is evil. Roight.
Wow way to take offense to a comment that was meant more as a WAY TO GO MS then a MAN MS YOU STEAL! So what company or idea has been burned by patent violations so far? Name an example, because last I looked MS hasn't filed any violations and SCO lost. As for my own, not a lawyer, personal opinion the software patent system is definitely flawed... so then there's that of course.
You *do* know that Microsoft existed before Windows, right? And that Windows 1.0 wasn't graphical, at that, right?
Sure I know that. Of course, you do realize that MS didn't write DOS they bought it and extended it. It seems as a company they tried their hardest to kill the command line since only to regress now. Interesting how it all comes full circle like that.
Oh fuck, XML configs. Let's take human-readable text and turn it into XML, thus destroying its readability.
.conf if you don't know about neat things like Perl Config::General I suppose.
While I agree with you, I think MS wasn't thinking of humans reading and editing the XML by hand. They were undoubtedly expecting people to use the IIS Manager and it's probably easier for the programmers to generate the configs out of IIS Manager if it is a structured format like XML. Harder to systematically generate
Powershell (Bash), XML Based IIS config (apache .conf), Hyper-V (Xen), GUI less installs (init 3 (or 2 on some systems))...
Hey Microsoft, Linux, BSD, etc... called they want their ideas back! Actually though I'm really glad to see this stuff. It really is a step in the right direction, and even if it isn't my platform of choice, a good idea is a good idea.
This has been known for awhile, but I'm assuming the program referenced just makes it easier.
At any rate, this is why I really wished SIP would have required a mandatory encryption scheme. Skype does, but I'd rather use a protocol that's open and interoperable. SIP does have encryption provisions (SRTP, TLS, etc..), but they are a bit difficult and not widely used (so completely pointless). It should have been something mandatory, though I can understand that encryption latency would have ramifications on the call latency and overhead.
Because there are 3 already in Detroit pursuing it too.
Actually 4 with Tesla Motors. Tesla quickly realized that while they may know a lot about how to produce kick ass electrical drive systems, computerized mechanics, and battery grids; they had a lot to learn about how to produce complete automobiles. It's a great move because they can gain industry experience and quickly ramp up simply by picking up the big 3's droppings as they downsize. I work right by the Rochester facility actually (though I've yet to see their new Sedan prototype).
P.S. not to mention I keep hitting their help wanted ads!
If you choose not to run a virtualization layer, that doesn't (as far as I know) make you any safer from rootkits like Blue Pill.
Approaches like Blue Pill and Vitriol are dependent on the existence of hardware virtualization. You don't have to be running under it to be exploited, it just has to be present and enabled.
So if you meant not running as in disabling VT-x and SMV functions, then it would indeed make you safer from VM type rootkits.
However, if you meant not running as in not running a virtualized guest OS, then no it wouldn't matter one way or the other really. Running virtualized would probably make you safer overall in that case because there is another layer of difficulty involved in virtualizing the guest for the rootkit function.
So I don't think that the existence of these rootkits is an argument to say that virtualization layers will increase or decrease security.
Yes the host has to be in a state to load the rootkit regardless, but this can be easier then you assume (especially on your Windows based platforms). Security is layered and it's nice to know that if the box is compromised in that way that at least the rootkit should be easier to detect/remove then if it were a VM based rootkit.
I guess the argument goes back to does hardware virtualization like VT-x open up avenues for system exploit beyond what is present without VT-x. I would surmise it does, but whether this applies to virtualization in general, or the transparent hardware virtualization options presented by VT-x is another discussion.
Isn't that more of an argument against an OS on the bare hardware?
No, the parent asked what is insecure about VT-x and/or SVM. Both of which provide attack vectors for VM-type rootkits, which are quite serious. VT-x and SVM are designed to be transparent to the guest so these are hard to detect.
As to your point, If an existing hypervisor is there already this is probably not effective. Perhaps a VM rootkit could emulate a ring-0 environment to nest itself as a virtual instance on the host while still virtualizing the guest. There is also the potential that a security vulnerability in the isolation of the current hypervisor could be exploited to allow the rootkit to embed itself within, or supplant, the existing hypervisor. So still security avenues exist, though they become more remote.
What's not secure about SVM? What's not secure about VT-x?
VT-x and SVM provide paths for rootkits to integrate and hide. New rootkits like Blue Pill and Vitriol utilize SVM and VT-x to virtualize the host platform and remain undetected and immune from removal. They're not widespread, but an attack vector exists, which implies the security concerns over them.
Makes sense to me.
There is not one recorded/public example of someone breaking out of the isolation of a virtual environment! I dare someone to demonstrate otherwise, and I will eat my words.
How do those words taste?.
From the link: "It could allow a malicious hacker to sidestep the virtual machine and exploit the underlying operating system.".
Anyway I think that you do make a point. Exploiting the underlying OS isn't as much as exploiting the guest OS in the virtual instance. Interesting stuff like Blue Pill (which is hotly debated in security circles ATM), poses unique risks to virtual environments.
Still, I would say Theo is dead on. Virtualization makes a lot of sense, but that doesn't mean you should assume you gain anything from a security perspective. Think of it this way. Every layer of complexity in your environment adds another attack vector... Virtualizing an operating system provides an additional complexity over running the same operating system native. Makes sense to me that there would be additional security concerns. Even Intel VT itself has been proposed as a source of potential security concern.
While I absolutely hate your circuit switch analogy for TCP, since regardless that the conversation can be considered a stream, it is still packet switched no matter how you look at. I do see your point on common carrier status.
The issue I take with this is that there are a myriad of ways to handle this problem. Forged packet RST is not the answer. There are plenty of options at their disposal, but they have chosen one that not only spoofs my identity but is very disruptive. What is wrong with response queuing and traditional QoS methods?
What if it were a protocol less resilient then Bittorrent?
SIP for example, which I still think Comcast was playing with against Vonage. I know slippery slope is a logical fallacy, but I lose a lot of faith in my carrier when they play man in the middle games with my content. In addition, their refusal to admit to their customers what they are doing is inexcusable. I pay for the service, I should receive notice if they're going to decide to gimp a part of it I actively use (in a legal way).
That would be libel...
Of course back in 1920 who knows what would have held up in trial, but that is probably a line more likely to be said by the Stanley salesman with a nod and wink.
Just using the obligatory auto analogy to illustrate how marketing has always worked.