The carriers have the right to place limitation on the service they offer.
Of course they can. These restrictions are in the service contract that you sign in order to use their network.
So, if the carrier wants to ban web servers, they can either drop packets going to your device, or stop the device from operating a server in the first place.
The contract forbids me from doing certain things - if I do them then I am in breach of contract and they can withdraw my services. If they want, they can place technical limitations on their network so that I can't do something that would put me in breach of my contract anyway (or at least alert them to the fact that I'm doing something I shouldn't). What they have no business doing is placing restrictions on a device that I own that I can't remove.
The latter is much more efficient.
And far less secure. This whole thing reminds me of the idiots who put javascript password prompts on web pages rather than doing the authentication on the server side - it makes it trivial for someone to bypass the security and there's not a damn thing you can do about it.
No, you licensed access to the network you connect to with the iPhone.
Since the device vendor has no idea what your contract is with the network, they have no business restricting what you can and can't do with your own device.
No they can't. There's no way the network can prevent your phone from sending as much data as it wants. It can refuse to pass all of that data on to the internet, but by then it's too late, your phone has already taken up the wireless bandwidth. The only way to throttle your iPhone's "upload" usage is to put software on the iPhone that does it. They can throttle your download usage, but that would have little effect on a web server app.
Umm... Since the radio bandwidth allocation is mediated by the network, not the phone, there is nothing stopping the network simply not giving you that bandwidth. For example, in WCDMA the network hands out one or more PRNs to the device on the fly, to meet the device's bandwidth demands. The more PRNs you have allocated to you, the more bandwidth you get. Of course, the more devices there are wanting to use bandwidth, the more thinly those PRNs are spread between them. So if you have a misbehaving device, the network can simply stop allocating (as many) PRNs to it. Of course, whether they have the infrastructure in place to exercise this amount of control over the network is another question, but from a technical standpoint there is no reason why they can't do this.
So sure, the network can't ask your IP stack to stop chucking out UDP packets (or various other protocols) as fast, but it can throttle you in the data link layer.
As far as your web server example goes, that _is_ trivial to throttle at the IP level anywhere along the route - start chucking away a proportion of the TCP packets and the TCP stack will throttle back the transfer rate.
telecoms operators have always tried to maintain a tight grip on what devices can connect to their networks.
No. US telecoms operators have always tried to maintain a tight grip on what can be connected to their networks. This is not the case elsewhere in the world (although it is notable that with the advent of the iPhone, operators elsewhere in the world are starting to embrace anti-consumer ideas such as device-exclusivity contracts and refusal to unlock off-contract devices - one can only hope that the regulators get their finger out and put a stop to this).
And I think they are right to do so, allowing unrestricted software access to their network infrastructure might well be disastrous. Most computers have to connect via a modem, but the iPhone is the modem, so allowing software to access the hardware directly would remove this layer of abstraction and security.
You clearly don't understand how mobile phones are architected. A smartphone is basically a palmtop computer and a GSM/WCDMA modem in the same box. The computer part of it is _not_ (logically) the same device as the radiomodem, any more than a computer with a built in modem is. The "computer" side of a smartphone generally talks to the radio side through an interface that basically behaves like a serial port - i.e. it is controlled by standard AT commands.
Allowing a smartphone to run arbitrary software is no more a security risk than allowing a computer with a 3G dongle to run arbitrary software because the logical separation between the computer and the radio is still there.
We have rules about the capabilities of devices that can run on our roads, this is not much different.
Last time I checked, there were no laws that claim your car is unfit to be used on the road if you're using a third party stereo, or if you're using BP petrol instead of Shell. But these sorts of things are essentially what a lot of the restrictions are all about. Placing restrictions on what the _radio_ part of the phone is allowed to do is fair enough, but placing restrictions on what the user can do with the computer part of a device isn't acceptable to a lot of people.
THIS is the point of region locking. In some regions, that $50 disc is sold for the equivalent of $5. The region locking isolates each region so that shit like this can happen.
So let me get this straight - you think it's ok for vendors to prevent you importing their products in order to get them cheaper, but at the same time offshoring their workforce in order to get it cheaper?
They shouldn't be allowed to have it both ways - if a vendor wants to take advantage of the global employment market they shouldn't be allowed to restrict the global product market.
When you buy a computer, you're not buying just a device; you're also licensing software that makes that device work. So no, your first sale doctrine doesn't really apply because you're not just using a purchased item, you're buying hardware attached to a software license.
Nope. When I buy a computer I do exactly that - buy a computer. No software or anything. I then install the software of my choice on it.
However, even if that wasn't the case, you're still wrong - at the time of purchase, computer vendors do not present you with a licence agreement to sign. You hand over some money and you get a computer which may or may not have some software on it. At that point, you have _purchased_ everything that is in the box. You might even have an invoice to prove it (I've never seen an invoice that says "Licence to use Windows XP" - instead it will just have "Windows XP" as a line item). At this point, you can do anything with the bundled software that is allowed by copyright law - you have not purchased a licence, you have purchased a copy of the software (note: a copy, not the copyright, so you are still bound by copyright law).
Now, some of that software may have a technical limitation that requires you to agree to an EULA before using it, and that EULA may grant you waivers to the existing copyright law, or rescind rights that you already have such as the right to resell it (although it is debatable as to whether such clauses have any legal foundation in many jurisdictions). You do not have a legal obligation to agree to that licence - you can either choose not to use the software, or you can choose to bypass the licence by technical means without clicking the "I agree" button.
In any case, even if you were to agree to an EULA, proving this in court would be problematic since there is no signature on a bit of paper. The vendor cannot prove that it was you who agreed to it - the "I agree" button may have already been clicked by someone in the shop before you even saw the machine, or your child/dog/neighbour might have done it.
In essence, EULAs are a scare tactic rather than a legally enforceable contract - the vendors hope to scare people into complying with the EULA even though they probably can't make you.
It's very different to take those same devices, and use the existing software against its license to do something you want to do with it in order to violate the deal you got when you bought it.
That simply isn't the case. When someone buys an iPod, games console, CD, DVD, game, etc. they go into the shop and say "I want to buy this", and over some money and get handed the item in return. At no point in that transaction are they told "I'm sorry, you can't purchase that item but we can sell you a licence to use it instead". You are not bound by a licence agreement unless you actually agree to it, so no one is "violating the deal" since the deal was that you bought the *item* (not a usage licence) and thus you can do anything with it you like (subject to various statutory restrictions such as copyright).
Re:Geek funeral?
on
A Geek Funeral
·
· Score: 2, Interesting
In other words, they have the money invested, probably in low-risk form as we are talking of hundreds of years. It isn't bound to be melting away in a few moments:)
If you're investing over a long term, a wide portfolio of high risk investments tends to work better. Despite the chance of your investment losing a large amount of it's value in a market crash, there is also plenty of time for it to recover that value again. This is how pensions usually work - as you get closer to your retirement, your investment is moved into low risk investments since you can no longer afford the time for it to recover.
There is a good bit that could be done with software to help this, settings to revert to the edge network with gps off when asleep for more than a few minutes for example. Or even a button that allows to toggle low power mode.
Going through the settings turning this on and off is annoying.
Interestingly, the specs for the HTC Dream show that it has a longer standby time when using a WCDMA network than GSM. WCDMA uses more power than GSM when on a call though.
I'll assume you aren't trolling, and point out that disks work BECAUSE OF the air inside. The heads gain lift.
I'll correct that for you:
Current designs of hard disks rely on there being air inside in order to float the heads. But you wouldn't necessarily need to float the heads on air if you redesign the disk to suspend the heads in some other way (Off the top of my head, lets say a magnetic field. Of course, you'd have to make sure the magnetic field you suspend the heads in doesn't interfere with the magnetic field they are reading/writing). Also, air is just a fluid - it may be that you can find a different fluid to fill the drive with that has better properties for the job in hand (e.g. higher speed of sound).
I'm not sure which exhaustion counter you've been looking at. I've been keeping an eye on a number of exhaustion predictions for the past few years and they have been reasonably consistent (i.e. +/- 6 months). The allocation policies have been changed over the years and this has extended the amount of time we have, but not by much. Obviously exhaustion predictions can't take into account policy changes until they are at least visible on the horizon, so I do expect it'll be extended a bit more, but I'm honestly not expecting that extension to be more than a few months. New policies will also probably start making it much harder for people to get IPv4 addresses, so increasing the pressure to migrate onto IPv6 before the IPv4 addresses are exhausted.
there are no even halfway accurate estimates of that date.
And _that_ is why ISPs need to act now (actually, several years ago) to prepare themselves. This *is* going to happen, the longer they leave it, the more chance they will be caught with their pants down when it actually happens.
There are certainly short-term gains to be had by sticking your head in the sand and pretending that there isn't a problem. Unfortunately the cost of having to drop everything and roll out a whole new network at crunch time is going to be very expensive, far outweighing those short term savings. Sadly, business these days seems to be all about short term gains at the expense of long term viability.
What's going to happen is that the internet is going to be broken up by country, so that each country will have its own set of IP addresses for IPv4. So, the people that want genuinely global internet coverage will get IPv6, but those of us who just want to be in one country can use the smaller, simpler and more efficient IPv4
I think if that were to happen you'd very suddenly realise that a lot of the services you use aren't hosted in your own country and you'd be off to get yourself an IPv6 connection.... Frankly, I can't see that ever happening though.
There is practically *no* security provided by a NAT.
Unless your ISP is compromised
Your ISP doesn't have to be compromised. Many cable systems are set up so that the cable segment is basically a bus and the cable modems are bridges. Anyone on that segment can adjust their routing appropriately.
Also, even if you're not on such a network I don't think it's a particularly good idea to trust that another party's network is secure.
the combination of using non-routed addresses and dropping source routed frames (as everyone and their mom does by default) means that a NAT does provide some significant security. Attacks generally rely on packets reaching their destination.
No... No it doesn't. The ability to track the state of all the connections and drop packets that don't belong to any that were established by a local machine gets you the security. It just so happens that NAT requires that you implement this underlying framework, but keep this framework and remove the NAT and you still have about as much security. The only thing NAT gets you over and above this is to hide your internal network topography, which is of questionable value and turns out to be very harmful to a lot of legitimate stuff many people want to do.
In some cases yes, in some cases no. FTP is just stupid no matter how you slice it, sorry.
No, FTP isn't stupid - it was invented before firewalls were thought of and did the job it was designed to do very well. However, most people don't use the full functionality of the protocol and can therefore get away with something more simplistic that plays better with these newfangled firewall things.
Most newer protocols have some facility for NAT traversal, or at least work with a SOCKS proxy.
NAT traversal is flakey at best - even the STUN RFC admits that it is not, nor can it be, reliable. STUN (and other forms of NAT traversal) are a best effort way to make the best of a bad job and they work most of the time, but by no means should they be considered a good solution.
As for SOCKS, I've not seen anything using especially recent protocols provide any kind of support for SOCKS proxies. Certainly when it comes to applications that need to use UDP, whilst SOCKS 5 does support UDP I've never actually seen anything try.
Now that's just being silly. Most people aren't going to be influenced by such a lesson, because they fundamentally don't care about such issues.
They start to care after they lose all their data and pay for their computer to be cleaned of malware for the tenth time.
Car analogy alert: people don't care that putting diesel into their petrol car is bad. Oh wait, yes they do when they have to pay lots for it to be fixed.
Also, router manufacturers do have to build _some_ security into their products. They will always do the bare minimum they can get away with, but once you take away NAT, the bare minimum happens to be a hell of a lot better than what we have now.
I disagree with your contention that most routers don't offer stateful firewalls; check the age of your information, most of them do now.
As recently as a year ago I was finding that a lot of the consumer routers did nothing to stop me accessing the LAN from the WAN port, so long as I had tweaked my routing appropriately (i.e. if you have 192.168.0.0/24 on the LAN and the router's WAN port is 1.2.3.4/24 then I can plug a machine into the WAN port as 1.2.3.5/24 set to route to 192.168.0.0/24 via 1.2.3.4 and get access to anything on the LAN. This is because the routers weren't *blocking* incoming traffic that didn't match any existing connections - i.e. they were just using the SPI functionality to drive the NAT engine rather than to drive a firewall as well).
Artificial? Not really - the scarcity of IPv4 addresses is real. Yes, a lot of it is caused by the rather address-wasteful way that IP subnetting works, but that is hardly an "artificial" scarcity, it is just an artefact of how the protocol works.
and ip names
Presumably by "IP names" you mean domain names? There is no scarcity here the DNS system can cope with a practically unlimited number of domain names.
that the ISP's can rort a fortune out of their users for a service that costs them less to provide than the cost of billing their customers for it.
I'm not seeing any ISPs around here ripping off their users to provide IPv4 addresses. In fact, every ISP I've ever used has been happy to hand out small IPv4 networks to their users at no extra cost. I currently have a/29 global scope IPv4 network hanging off the end of my ADSL. Most ISPs worth a damn in the UK will give you a/29 for free with no questions asked, and usually anything up to a/27 if you can provide some justification for the need.
Sure, some ISPs rip people off for the cost of domain names, but there is plenty of competition in the area - the ISPs pick up business from clueless people who know no better, everyone else goes to the cheap mainstream registrars. This has nothing to do with scarcity any more than you might claim that a high street PC shop like PC World can rip clueless customers off because computer hardware is "scarce", even though the clueful customers are buying their hardware from elsewhere at a fraction of the price.
an a tightly controlled web where peer to peer traffic is being squeezed out.
Except it isn't. In fact, quite the opposite is happening - peer to peer applications are rapidly gaining a significant share. Things like peer to peer filesharing, VoIP, games, etc. are the things that will drive IPv6 since they require an agnostic network that makes no distinction between client and server. Other drivers for IPv6 are the multicast support (a big factor for streaming TV services), mobile portability (increasingly important as people roam between networks with their mobile gadgets), etc.
IPv6 will _never_ be allowed into the current mix.
Its already _in_ the current mix. Sure, it hasn't made a significant impact yet, but there was a time when the web wasn't significant, peer to peer file sharing wasn't significant, and VoIP wasn't significant.
I'm afraid I think you're wrong - in a couple of years time the IANA IPv4 pool will be exhausted and the choices will be simple: adopt IPv6 or get squeezed behind layers and layers of ISP-based NAT. With the current mix of peer to peer technologies, there is a large chunk of the user base for whome that is unacceptable (those of us who use VPNs, VoIP, remote management, etc. on a day to day basis), thus there will be a significant market for ISPs offering IPv6 connectivity. Sure, IPv6 connections may well be more expensive than the run of the mill NATted home IPv4 connection, but there are already a significant number of people who pay more for better connections so I don't see this as a big problem.
less than 5% of residential internet connections allow IPv6
Untrue. Very few residential internet connections will do *native* IPv6, but 6to4 works reasonably well. What this basically means is that you can still roll out IPv6 on your internal network and you can still reach IPv6 services on the internet, it's just that the traffic is tunnelled across your ISP inside IPv4 packets until it gets to your nearest 6to4 anycast gateway.
NAT/IP Masquerade has worked well for scaling IPv4 in every conceivable application to date...
Except it hasn't, NAT is a kludge that happens to work with simplistic client/server protocols in common use (such as HTTP). It doesn't even work well with some old standard protocols, such as FTP, without protocol-specific packet mangling.
NAT breaks pretty much all peer-to-peer protocols, which are rapidly becoming more common. Want to do VoIP, or start a direct file transfer between 2 IM clients? If you have NATs in the way then that gets unreliable. STUN makes things work a lot of the time, but even the STUN RFC admits that it is not, and cannot be, reliable. Systems like Skype try to hide these problems by abusing unfirewalled clients to route traffic between NATted clients (often without the unfirewalled user's knowledge), but the problems still exist and such "solutions" start to fall to pieces as the proportion of unfirewalled hosts dwindles.
what makes them think it won't work for the "smart grid"?
I'm guessing that the electricity supplier is going to want to be able to talk directly to your electricity meter, etc. Having a NAT in the way makes this less reliable since they won't be able to talk to it unless the meter has already initiated the connection through the NAT.
Or to put it differently, do you really want every appliance in your house directly addressable from anywhere in the world?
Do not confuse global addressability with global reachability. Assigning every device a globally unique address is valuable, even if it is on an isolated network. It makes it easier to connect 2 isolated networks together when you realise that you actually need them to not be so isolated from each other.
That said, I can think of a number of appliances that I wouldn't mind being globally reachable: My MythTV system is already globally reachable - if someone mentions a TV programme that sounds interesting, I can use the web browser on my phone to tell it to record that programme. I wouldn't mind my oven to be internet addressable, so I could remotely ask it to turn on and cook my dinner in time for me getting home. Being able to turn my heating on when I'm at the airport after coming back from holiday would be useful. Taking things a bit further, if I could ask my fridge what I'm running out of when I'm in the supermarket, I could save some hassle.
After all, what could possibly go wrong?
There are obviously security concerns to be addressed. But at the same time, designing a network so it *can't* be extended in the future seems somewhat short sighted.
throw out routers? haven't ciscos been ipv6-capable for at least a decade now?
Pretty much (although you might have to buy a firmware upgrade... but then if you aren't running a recent firmware you're probably infested with security holes anyway).
those that aren't probably don't NEED to be, anyway.
That's rather untrue though. If you're going to deploy IPv6-only systems then *all* the routers on the network need to do IPv6. Yes, this even includes the home DSL routers, most of which currently on the market *still* have absolutely no IPv6 support, even though we only have about 2 years until IANA runs out of IPv4 addresses. Anything else is going to involve kludging things to work through IPv4 to IPv6 gateways, or tunnelling IPv6 over IPv4 to bypass the non-compliant devices.
The whole IPv4 address exhaustion problem is a really good example of people sticking their heads in the sane and hoping the problem goes away - most ISPs seem to not be interested in preparing their networks for IPv6 at all (PlusNet told me that they had no plans to roll out *any* IPv6 support over the next few years and EntaNet seem to have halted their IPv6 trials). Some time towards the end of 2011 there will be a "sky falling" moment similar to what we saw at Y2K when ISPs realise they are basically screwed and are going to have to do an expensive rush-job of deploying IPv6 over their networks in just a few short months.
not everything needs a world-wide public address. NAT 'security' is actually a Good Thing(tm).
Argh! Please will people stop spreading this crap. There is practically *no* security provided by a NAT. You get security from stateful packet inspection. NAT requires stateful packet inspection to work, but there is no significant security advantage (and many really serious operational disadvantages) provided by running NAT instead of just a stateful firewall. Also, most home NAT routers provide no stateful firewalling, only the limited stateful tracking required to make NAT work, and can therefore easily be bypassed by anyone on the upstream segment (which may be a few hundred random members of the public in the case of some cable setups).
Security is better served by doing proper stateful firewalling, and this is probably best achieved by removing NAT from the equation so that people don't have a false sense of security. Removing NAT also solves a lot of operational problems, as there are an increasing number of protocols that can't be made to work well through NAT (and whilst many people regard this as a flawed protocol design, there are sound reasons for designing these protocols in this way).
Also think about it. Do you realllllllllllllllllllly want your power grid to be tied to the real internet?
Well, maybe not, but there are still big advantages with using IPv6 even if it isn't on the public network. For example, you can use addresses that are guaranteed to be globally unique - this means no readdressing problems when you suddenly decide 2 completely independent networks need to talk to each other.
This is what has stunned me about the telephone industry - they are spending billions on replacing their antiquated SS7 networks with IMS networks. The IMS protocols were _designed_ to be run over IPv6 (but of course, IPv4 and IPv6 are so similar that they have actually been made to work on both), but most of the telcos are rolling out IPv4 networks. Nothing like spending vast amounts of money to replace one obsolete network with another.
IPv6 is an established and proven technology, there really aren't many good reasons not to use it in a new network.
IPV6 is a waste of time in the 'utility' market.
I'm not sure how it can be described as a "waste of time" since that would imply it would take longer to implement than an IPv4 network. If you're starting from scratch and not having to interoperate with the existing internet, an IPv6 network takes no more time to implement and is a bit of a no-brainer (getting a much more future-proofed network at almost the same cost). Unfortunately it seems that a lot of people in charge of such projects do indeed have no brains.
eBay - £143. It's in perfect condition, came with all the accessories and manuals in a box, etc. Then I unlocked it for about £15 and stuck a Three SIM in it (because their PAYG tariff suited me best). Didn't really see the point in spending hundreds of pounds more on a brand new phone in exactly the same condition.
Works for me, although I was a bit annoyed to find that Vodafone's "mobile broadband" tariff (£15/GB, no expiry date) claims not to support voice calls, which is why I ended up on Three instead of Voda. Whether or not this claim is true I'm not sure, because I know for a fact that the T-mobile "mobile broadband" packages (which come as a SIM+dongle, the same as the Voda ones) will carry voice calls just fine if you stick the SIM in your phone, but I didn't feel like paying the £30 up-front cost for a Voda SIM+dongle just to find out.
You're also comparing a plan that works for you because of your usage.
Isn't that the point though? Most people just take the plan the NMO offers them because they believe they have no choice (or at least, don't bother to investigate the alternatives), even if that plan is extremely ill-suited for their needs. If I bought a smart phone on a contract then I would be tied into a very expensive deal that isn't suited to me, because the NMO offers no other choice.
It doesn't seem disingenuous to compare a plan that works well for me with the best contract that T-mobile could offer me. Everyone has different needs: this is a point that the NMOs seem to miss, not everyone wants to send a million text messages a day and spend their entire life making voice calls. I'm not suggesting that this would work well for everyone, what I am saying is that it is worth shopping around and finding a plan that works well for you rather than just buying a contract from the very limited selection the NMO wants to offer you.
You don't use 600 SMS messages in 3 mos. I can hit 500 (mostly incoming from friends, calendar reminders, etc...) in 1/2 month
We don't pay for incoming SMS messages in europe (for some reason we have the notion that third parties shouldn't be able to cost you money without your authorisation), so your point here is moot unless you _send_ over 600 messages in 3 months.
Anyways, it doesn't sound like you actually use your phone very much, so that lower cost plan works for you.
I use my phone a lot, just not a huge amount for voice calls. I use the internet a lot from it and I use it as a palmtop computer a lot. The voice calls I do make generally get routed over VoIP anyway since these can be gatewayed to the PSTN at a lower per-minute cost than the carrier charge and integrates with my home phone system. This is why the NMO's assumption that anyone who wants a smartphone also wants to spend hundreds of hours a month making voice calls and sending SMS messages is bogus - most of my smartphone usage doesn't involve the NMO at all so why should they expect me to pay an expensive contract for services I'm not going to use?
since when was taking something you didn't pay for and aren't authorized to have legal.
Who said anything about not paying for it? My carrier allows tethering...
There is no tethering option available for android phones in US (sprint verizon AT&T).
1. I'm not in the US. 2. I have no idea why you think what type of phone you own makes any difference to your contract - my contract with the carrier doesn't specify anything about what sort of phone I use (other than that it must be a WCDMA capable phone) and there is also nothing preventing me using my phone on whatever carrier I feel like.
Note Apple only secured the config file carriers use to enable tethering.
It appeared from the article that this affected all the iPhones, even those which are unlocked. The device vendor has no business restricting tethering on a phone for which they cannot know the terms of the contract. (Actually, I would argue that the device vendor has no business ensuring their customers don't break a third party contract, for that is up to the third party to ensure).
Disclaimer: I do not own, nor would I want to own an iPhone.
At the end of the day using a smart phone is generally expensive no matter what.
Rubbish. Using a smart phone is generally expensive if you're an idiot, don't shop around for decent prices that suit your situation and are stupid enough believe that you're getting that "free" phone for free.
I have an HTC Dream. It cost me under £160 to buy outright (no contract) including the cost of unlocking it. Into which I put a Three PAYG SIM. Every time I top up my account balance, I get 600 inclusive SMS messages, "unlimited" inclusive on-network minutes and 150MB of inclusive data. These freebees expire after 3 months. Once my inclusive data is used up, I pay £5 per 2GB per month.
In reality, I don't really use any of the inclusive on-network minutes and don't come anywhere close to using 600 SMS messages in 3 months. I also usually route voice calls over VoIP (over 3G or Wifi). So basically I tend to spend under £5/month on average. That makes the TCO of the phone and service under £250 over 18 months. This is pretty favourable compared to the contract price T-mobile offer the HTC Dream under (ISTR the cheapest was about £100 for the phone and £20/month for 18 months at the time, giving you a TCO of about £600 over 18 months.). So just going into the T-mobile shop like the mindless masses do would have cost me almost 2.5 times as much, tied me into T-mobile for 18 months and given me no option to use any other NMO.
So yeah, if you don't use your brain and just fall for the sales patter then owning a smartphone is expensive. But shop around a little and it starts to become much more reasonable.
Unfortunately the NMOs provide no way to officially transfer the ownership of a phone, so if you buy a used phone the original owner can still phone up their NMO, report it stolen and have the IMEI blocked. And I don't expect the NMOs actually *want* to make it easy to transfer ownership of a phone, so this probably won't change any time soon. What the NMOs should be concerned about though is a type of insurance fraud that seems to be rife at the moment: sell your (insured) phone on ebay, report it as stolen and get a free replacement.
What is actually needed is to separate the organisations dealing with the anti-theft measures from the organisations that make money from selling new devices. Maintenance of the blocked IMEI database should be handled by a separate (probably partly governmental) organisation who has no vested interest in selling new phones and can handle legitimate transfer of property, maybe in a similar way to how buying/selling cars is handled.
Slashdot Mirror
The carriers have the right to place limitation on the service they offer.
Of course they can. These restrictions are in the service contract that you sign in order to use their network.
So, if the carrier wants to ban web servers, they can either drop packets going to your device, or stop the device from operating a server in the first place.
The contract forbids me from doing certain things - if I do them then I am in breach of contract and they can withdraw my services. If they want, they can place technical limitations on their network so that I can't do something that would put me in breach of my contract anyway (or at least alert them to the fact that I'm doing something I shouldn't). What they have no business doing is placing restrictions on a device that I own that I can't remove.
The latter is much more efficient.
And far less secure. This whole thing reminds me of the idiots who put javascript password prompts on web pages rather than doing the authentication on the server side - it makes it trivial for someone to bypass the security and there's not a damn thing you can do about it.
No, you licensed access to the network you connect to with the iPhone.
Since the device vendor has no idea what your contract is with the network, they have no business restricting what you can and can't do with your own device.
No they can't. There's no way the network can prevent your phone from sending as much data as it wants. It can refuse to pass all of that data on to the internet, but by then it's too late, your phone has already taken up the wireless bandwidth. The only way to throttle your iPhone's "upload" usage is to put software on the iPhone that does it. They can throttle your download usage, but that would have little effect on a web server app.
Umm... Since the radio bandwidth allocation is mediated by the network, not the phone, there is nothing stopping the network simply not giving you that bandwidth. For example, in WCDMA the network hands out one or more PRNs to the device on the fly, to meet the device's bandwidth demands. The more PRNs you have allocated to you, the more bandwidth you get. Of course, the more devices there are wanting to use bandwidth, the more thinly those PRNs are spread between them. So if you have a misbehaving device, the network can simply stop allocating (as many) PRNs to it. Of course, whether they have the infrastructure in place to exercise this amount of control over the network is another question, but from a technical standpoint there is no reason why they can't do this.
So sure, the network can't ask your IP stack to stop chucking out UDP packets (or various other protocols) as fast, but it can throttle you in the data link layer.
As far as your web server example goes, that _is_ trivial to throttle at the IP level anywhere along the route - start chucking away a proportion of the TCP packets and the TCP stack will throttle back the transfer rate.
telecoms operators have always tried to maintain a tight grip on what devices can connect to their networks.
No. US telecoms operators have always tried to maintain a tight grip on what can be connected to their networks. This is not the case elsewhere in the world (although it is notable that with the advent of the iPhone, operators elsewhere in the world are starting to embrace anti-consumer ideas such as device-exclusivity contracts and refusal to unlock off-contract devices - one can only hope that the regulators get their finger out and put a stop to this).
And I think they are right to do so, allowing unrestricted software access to their network infrastructure might well be disastrous. Most computers have to connect via a modem, but the iPhone is the modem, so allowing software to access the hardware directly would remove this layer of abstraction and security.
You clearly don't understand how mobile phones are architected. A smartphone is basically a palmtop computer and a GSM/WCDMA modem in the same box. The computer part of it is _not_ (logically) the same device as the radiomodem, any more than a computer with a built in modem is. The "computer" side of a smartphone generally talks to the radio side through an interface that basically behaves like a serial port - i.e. it is controlled by standard AT commands.
Allowing a smartphone to run arbitrary software is no more a security risk than allowing a computer with a 3G dongle to run arbitrary software because the logical separation between the computer and the radio is still there.
We have rules about the capabilities of devices that can run on our roads, this is not much different.
Last time I checked, there were no laws that claim your car is unfit to be used on the road if you're using a third party stereo, or if you're using BP petrol instead of Shell. But these sorts of things are essentially what a lot of the restrictions are all about. Placing restrictions on what the _radio_ part of the phone is allowed to do is fair enough, but placing restrictions on what the user can do with the computer part of a device isn't acceptable to a lot of people.
THIS is the point of region locking. In some regions, that $50 disc is sold for the equivalent of $5. The region locking isolates each region so that shit like this can happen.
So let me get this straight - you think it's ok for vendors to prevent you importing their products in order to get them cheaper, but at the same time offshoring their workforce in order to get it cheaper?
They shouldn't be allowed to have it both ways - if a vendor wants to take advantage of the global employment market they shouldn't be allowed to restrict the global product market.
When you buy a computer, you're not buying just a device; you're also licensing software that makes that device work. So no, your first sale doctrine doesn't really apply because you're not just using a purchased item, you're buying hardware attached to a software license.
Nope. When I buy a computer I do exactly that - buy a computer. No software or anything. I then install the software of my choice on it.
However, even if that wasn't the case, you're still wrong - at the time of purchase, computer vendors do not present you with a licence agreement to sign. You hand over some money and you get a computer which may or may not have some software on it. At that point, you have _purchased_ everything that is in the box. You might even have an invoice to prove it (I've never seen an invoice that says "Licence to use Windows XP" - instead it will just have "Windows XP" as a line item). At this point, you can do anything with the bundled software that is allowed by copyright law - you have not purchased a licence, you have purchased a copy of the software (note: a copy, not the copyright, so you are still bound by copyright law).
Now, some of that software may have a technical limitation that requires you to agree to an EULA before using it, and that EULA may grant you waivers to the existing copyright law, or rescind rights that you already have such as the right to resell it (although it is debatable as to whether such clauses have any legal foundation in many jurisdictions). You do not have a legal obligation to agree to that licence - you can either choose not to use the software, or you can choose to bypass the licence by technical means without clicking the "I agree" button.
In any case, even if you were to agree to an EULA, proving this in court would be problematic since there is no signature on a bit of paper. The vendor cannot prove that it was you who agreed to it - the "I agree" button may have already been clicked by someone in the shop before you even saw the machine, or your child/dog/neighbour might have done it.
In essence, EULAs are a scare tactic rather than a legally enforceable contract - the vendors hope to scare people into complying with the EULA even though they probably can't make you.
It's very different to take those same devices, and use the existing software against its license to do something you want to do with it in order to violate the deal you got when you bought it.
That simply isn't the case. When someone buys an iPod, games console, CD, DVD, game, etc. they go into the shop and say "I want to buy this", and over some money and get handed the item in return. At no point in that transaction are they told "I'm sorry, you can't purchase that item but we can sell you a licence to use it instead". You are not bound by a licence agreement unless you actually agree to it, so no one is "violating the deal" since the deal was that you bought the *item* (not a usage licence) and thus you can do anything with it you like (subject to various statutory restrictions such as copyright).
In other words, they have the money invested, probably in low-risk form as we are talking of hundreds of years. It isn't bound to be melting away in a few moments :)
If you're investing over a long term, a wide portfolio of high risk investments tends to work better. Despite the chance of your investment losing a large amount of it's value in a market crash, there is also plenty of time for it to recover that value again. This is how pensions usually work - as you get closer to your retirement, your investment is moved into low risk investments since you can no longer afford the time for it to recover.
There is a good bit that could be done with software to help this, settings to revert to the edge network with gps off when asleep for more than a few minutes for example. Or even a button that allows to toggle low power mode.
Going through the settings turning this on and off is annoying.
Interestingly, the specs for the HTC Dream show that it has a longer standby time when using a WCDMA network than GSM. WCDMA uses more power than GSM when on a call though.
Do the seconds not cancel, giving you 32,846,889,856 beards?
I'll assume you aren't trolling, and point out that disks work BECAUSE OF the air inside. The heads gain lift.
I'll correct that for you:
Current designs of hard disks rely on there being air inside in order to float the heads. But you wouldn't necessarily need to float the heads on air if you redesign the disk to suspend the heads in some other way (Off the top of my head, lets say a magnetic field. Of course, you'd have to make sure the magnetic field you suspend the heads in doesn't interfere with the magnetic field they are reading/writing). Also, air is just a fluid - it may be that you can find a different fluid to fill the drive with that has better properties for the job in hand (e.g. higher speed of sound).
I'm not sure which exhaustion counter you've been looking at. I've been keeping an eye on a number of exhaustion predictions for the past few years and they have been reasonably consistent (i.e. +/- 6 months). The allocation policies have been changed over the years and this has extended the amount of time we have, but not by much. Obviously exhaustion predictions can't take into account policy changes until they are at least visible on the horizon, so I do expect it'll be extended a bit more, but I'm honestly not expecting that extension to be more than a few months. New policies will also probably start making it much harder for people to get IPv4 addresses, so increasing the pressure to migrate onto IPv6 before the IPv4 addresses are exhausted.
there are no even halfway accurate estimates of that date.
And _that_ is why ISPs need to act now (actually, several years ago) to prepare themselves. This *is* going to happen, the longer they leave it, the more chance they will be caught with their pants down when it actually happens.
There are certainly short-term gains to be had by sticking your head in the sand and pretending that there isn't a problem. Unfortunately the cost of having to drop everything and roll out a whole new network at crunch time is going to be very expensive, far outweighing those short term savings. Sadly, business these days seems to be all about short term gains at the expense of long term viability.
What's going to happen is that the internet is going to be broken up by country, so that each country will have its own set of IP addresses for IPv4. So, the people that want genuinely global internet coverage will get IPv6, but those of us who just want to be in one country can use the smaller, simpler and more efficient IPv4
I think if that were to happen you'd very suddenly realise that a lot of the services you use aren't hosted in your own country and you'd be off to get yourself an IPv6 connection.... Frankly, I can't see that ever happening though.
There is practically *no* security provided by a NAT.
Unless your ISP is compromised
Your ISP doesn't have to be compromised. Many cable systems are set up so that the cable segment is basically a bus and the cable modems are bridges. Anyone on that segment can adjust their routing appropriately.
Also, even if you're not on such a network I don't think it's a particularly good idea to trust that another party's network is secure.
the combination of using non-routed addresses and dropping source routed frames (as everyone and their mom does by default) means that a NAT does provide some significant security. Attacks generally rely on packets reaching their destination.
No... No it doesn't. The ability to track the state of all the connections and drop packets that don't belong to any that were established by a local machine gets you the security. It just so happens that NAT requires that you implement this underlying framework, but keep this framework and remove the NAT and you still have about as much security. The only thing NAT gets you over and above this is to hide your internal network topography, which is of questionable value and turns out to be very harmful to a lot of legitimate stuff many people want to do.
In some cases yes, in some cases no. FTP is just stupid no matter how you slice it, sorry.
No, FTP isn't stupid - it was invented before firewalls were thought of and did the job it was designed to do very well. However, most people don't use the full functionality of the protocol and can therefore get away with something more simplistic that plays better with these newfangled firewall things.
Most newer protocols have some facility for NAT traversal, or at least work with a SOCKS proxy.
NAT traversal is flakey at best - even the STUN RFC admits that it is not, nor can it be, reliable. STUN (and other forms of NAT traversal) are a best effort way to make the best of a bad job and they work most of the time, but by no means should they be considered a good solution.
As for SOCKS, I've not seen anything using especially recent protocols provide any kind of support for SOCKS proxies. Certainly when it comes to applications that need to use UDP, whilst SOCKS 5 does support UDP I've never actually seen anything try.
Now that's just being silly. Most people aren't going to be influenced by such a lesson, because they fundamentally don't care about such issues.
They start to care after they lose all their data and pay for their computer to be cleaned of malware for the tenth time.
Car analogy alert: people don't care that putting diesel into their petrol car is bad. Oh wait, yes they do when they have to pay lots for it to be fixed.
Also, router manufacturers do have to build _some_ security into their products. They will always do the bare minimum they can get away with, but once you take away NAT, the bare minimum happens to be a hell of a lot better than what we have now.
I disagree with your contention that most routers don't offer stateful firewalls; check the age of your information, most of them do now.
As recently as a year ago I was finding that a lot of the consumer routers did nothing to stop me accessing the LAN from the WAN port, so long as I had tweaked my routing appropriately (i.e. if you have 192.168.0.0/24 on the LAN and the router's WAN port is 1.2.3.4/24 then I can plug a machine into the WAN port as 1.2.3.5/24 set to route to 192.168.0.0/24 via 1.2.3.4 and get access to anything on the LAN. This is because the routers weren't *blocking* incoming traffic that didn't match any existing connections - i.e. they were just using the SPI functionality to drive the NAT engine rather than to drive a firewall as well).
an artificial scarcity of ip numbers
Artificial? Not really - the scarcity of IPv4 addresses is real. Yes, a lot of it is caused by the rather address-wasteful way that IP subnetting works, but that is hardly an "artificial" scarcity, it is just an artefact of how the protocol works.
and ip names
Presumably by "IP names" you mean domain names? There is no scarcity here the DNS system can cope with a practically unlimited number of domain names.
that the ISP's can rort a fortune out of their users for a service that costs them less to provide than the cost of billing their customers for it.
I'm not seeing any ISPs around here ripping off their users to provide IPv4 addresses. In fact, every ISP I've ever used has been happy to hand out small IPv4 networks to their users at no extra cost. I currently have a /29 global scope IPv4 network hanging off the end of my ADSL. Most ISPs worth a damn in the UK will give you a /29 for free with no questions asked, and usually anything up to a /27 if you can provide some justification for the need.
Sure, some ISPs rip people off for the cost of domain names, but there is plenty of competition in the area - the ISPs pick up business from clueless people who know no better, everyone else goes to the cheap mainstream registrars. This has nothing to do with scarcity any more than you might claim that a high street PC shop like PC World can rip clueless customers off because computer hardware is "scarce", even though the clueful customers are buying their hardware from elsewhere at a fraction of the price.
an a tightly controlled web where peer to peer traffic is being squeezed out.
Except it isn't. In fact, quite the opposite is happening - peer to peer applications are rapidly gaining a significant share. Things like peer to peer filesharing, VoIP, games, etc. are the things that will drive IPv6 since they require an agnostic network that makes no distinction between client and server. Other drivers for IPv6 are the multicast support (a big factor for streaming TV services), mobile portability (increasingly important as people roam between networks with their mobile gadgets), etc.
IPv6 will _never_ be allowed into the current mix.
Its already _in_ the current mix. Sure, it hasn't made a significant impact yet, but there was a time when the web wasn't significant, peer to peer file sharing wasn't significant, and VoIP wasn't significant.
I'm afraid I think you're wrong - in a couple of years time the IANA IPv4 pool will be exhausted and the choices will be simple: adopt IPv6 or get squeezed behind layers and layers of ISP-based NAT. With the current mix of peer to peer technologies, there is a large chunk of the user base for whome that is unacceptable (those of us who use VPNs, VoIP, remote management, etc. on a day to day basis), thus there will be a significant market for ISPs offering IPv6 connectivity. Sure, IPv6 connections may well be more expensive than the run of the mill NATted home IPv4 connection, but there are already a significant number of people who pay more for better connections so I don't see this as a big problem.
less than 5% of residential internet connections allow IPv6
Untrue. Very few residential internet connections will do *native* IPv6, but 6to4 works reasonably well. What this basically means is that you can still roll out IPv6 on your internal network and you can still reach IPv6 services on the internet, it's just that the traffic is tunnelled across your ISP inside IPv4 packets until it gets to your nearest 6to4 anycast gateway.
NAT/IP Masquerade has worked well for scaling IPv4 in every conceivable application to date...
Except it hasn't, NAT is a kludge that happens to work with simplistic client/server protocols in common use (such as HTTP). It doesn't even work well with some old standard protocols, such as FTP, without protocol-specific packet mangling.
NAT breaks pretty much all peer-to-peer protocols, which are rapidly becoming more common. Want to do VoIP, or start a direct file transfer between 2 IM clients? If you have NATs in the way then that gets unreliable. STUN makes things work a lot of the time, but even the STUN RFC admits that it is not, and cannot be, reliable. Systems like Skype try to hide these problems by abusing unfirewalled clients to route traffic between NATted clients (often without the unfirewalled user's knowledge), but the problems still exist and such "solutions" start to fall to pieces as the proportion of unfirewalled hosts dwindles.
what makes them think it won't work for the "smart grid"?
I'm guessing that the electricity supplier is going to want to be able to talk directly to your electricity meter, etc. Having a NAT in the way makes this less reliable since they won't be able to talk to it unless the meter has already initiated the connection through the NAT.
Or to put it differently, do you really want every appliance in your house directly addressable from anywhere in the world?
Do not confuse global addressability with global reachability. Assigning every device a globally unique address is valuable, even if it is on an isolated network. It makes it easier to connect 2 isolated networks together when you realise that you actually need them to not be so isolated from each other.
That said, I can think of a number of appliances that I wouldn't mind being globally reachable: My MythTV system is already globally reachable - if someone mentions a TV programme that sounds interesting, I can use the web browser on my phone to tell it to record that programme. I wouldn't mind my oven to be internet addressable, so I could remotely ask it to turn on and cook my dinner in time for me getting home. Being able to turn my heating on when I'm at the airport after coming back from holiday would be useful. Taking things a bit further, if I could ask my fridge what I'm running out of when I'm in the supermarket, I could save some hassle.
After all, what could possibly go wrong?
There are obviously security concerns to be addressed. But at the same time, designing a network so it *can't* be extended in the future seems somewhat short sighted.
throw out routers? haven't ciscos been ipv6-capable for at least a decade now?
Pretty much (although you might have to buy a firmware upgrade... but then if you aren't running a recent firmware you're probably infested with security holes anyway).
those that aren't probably don't NEED to be, anyway.
That's rather untrue though. If you're going to deploy IPv6-only systems then *all* the routers on the network need to do IPv6. Yes, this even includes the home DSL routers, most of which currently on the market *still* have absolutely no IPv6 support, even though we only have about 2 years until IANA runs out of IPv4 addresses. Anything else is going to involve kludging things to work through IPv4 to IPv6 gateways, or tunnelling IPv6 over IPv4 to bypass the non-compliant devices.
The whole IPv4 address exhaustion problem is a really good example of people sticking their heads in the sane and hoping the problem goes away - most ISPs seem to not be interested in preparing their networks for IPv6 at all (PlusNet told me that they had no plans to roll out *any* IPv6 support over the next few years and EntaNet seem to have halted their IPv6 trials). Some time towards the end of 2011 there will be a "sky falling" moment similar to what we saw at Y2K when ISPs realise they are basically screwed and are going to have to do an expensive rush-job of deploying IPv6 over their networks in just a few short months.
not everything needs a world-wide public address. NAT 'security' is actually a Good Thing(tm).
Argh! Please will people stop spreading this crap. There is practically *no* security provided by a NAT. You get security from stateful packet inspection. NAT requires stateful packet inspection to work, but there is no significant security advantage (and many really serious operational disadvantages) provided by running NAT instead of just a stateful firewall. Also, most home NAT routers provide no stateful firewalling, only the limited stateful tracking required to make NAT work, and can therefore easily be bypassed by anyone on the upstream segment (which may be a few hundred random members of the public in the case of some cable setups).
Security is better served by doing proper stateful firewalling, and this is probably best achieved by removing NAT from the equation so that people don't have a false sense of security. Removing NAT also solves a lot of operational problems, as there are an increasing number of protocols that can't be made to work well through NAT (and whilst many people regard this as a flawed protocol design, there are sound reasons for designing these protocols in this way).
Also think about it. Do you realllllllllllllllllllly want your power grid to be tied to the real internet?
Well, maybe not, but there are still big advantages with using IPv6 even if it isn't on the public network. For example, you can use addresses that are guaranteed to be globally unique - this means no readdressing problems when you suddenly decide 2 completely independent networks need to talk to each other.
This is what has stunned me about the telephone industry - they are spending billions on replacing their antiquated SS7 networks with IMS networks. The IMS protocols were _designed_ to be run over IPv6 (but of course, IPv4 and IPv6 are so similar that they have actually been made to work on both), but most of the telcos are rolling out IPv4 networks. Nothing like spending vast amounts of money to replace one obsolete network with another.
IPv6 is an established and proven technology, there really aren't many good reasons not to use it in a new network.
IPV6 is a waste of time in the 'utility' market.
I'm not sure how it can be described as a "waste of time" since that would imply it would take longer to implement than an IPv4 network. If you're starting from scratch and not having to interoperate with the existing internet, an IPv6 network takes no more time to implement and is a bit of a no-brainer (getting a much more future-proofed network at almost the same cost). Unfortunately it seems that a lot of people in charge of such projects do indeed have no brains.
Where did you find the phone for that price?
eBay - £143. It's in perfect condition, came with all the accessories and manuals in a box, etc. Then I unlocked it for about £15 and stuck a Three SIM in it (because their PAYG tariff suited me best). Didn't really see the point in spending hundreds of pounds more on a brand new phone in exactly the same condition.
Works for me, although I was a bit annoyed to find that Vodafone's "mobile broadband" tariff (£15/GB, no expiry date) claims not to support voice calls, which is why I ended up on Three instead of Voda. Whether or not this claim is true I'm not sure, because I know for a fact that the T-mobile "mobile broadband" packages (which come as a SIM+dongle, the same as the Voda ones) will carry voice calls just fine if you stick the SIM in your phone, but I didn't feel like paying the £30 up-front cost for a Voda SIM+dongle just to find out.
You're also comparing a plan that works for you because of your usage.
Isn't that the point though? Most people just take the plan the NMO offers them because they believe they have no choice (or at least, don't bother to investigate the alternatives), even if that plan is extremely ill-suited for their needs. If I bought a smart phone on a contract then I would be tied into a very expensive deal that isn't suited to me, because the NMO offers no other choice.
It doesn't seem disingenuous to compare a plan that works well for me with the best contract that T-mobile could offer me. Everyone has different needs: this is a point that the NMOs seem to miss, not everyone wants to send a million text messages a day and spend their entire life making voice calls. I'm not suggesting that this would work well for everyone, what I am saying is that it is worth shopping around and finding a plan that works well for you rather than just buying a contract from the very limited selection the NMO wants to offer you.
You don't use 600 SMS messages in 3 mos. I can hit 500 (mostly incoming from friends, calendar reminders, etc...) in 1/2 month
We don't pay for incoming SMS messages in europe (for some reason we have the notion that third parties shouldn't be able to cost you money without your authorisation), so your point here is moot unless you _send_ over 600 messages in 3 months.
Anyways, it doesn't sound like you actually use your phone very much, so that lower cost plan works for you.
I use my phone a lot, just not a huge amount for voice calls. I use the internet a lot from it and I use it as a palmtop computer a lot. The voice calls I do make generally get routed over VoIP anyway since these can be gatewayed to the PSTN at a lower per-minute cost than the carrier charge and integrates with my home phone system. This is why the NMO's assumption that anyone who wants a smartphone also wants to spend hundreds of hours a month making voice calls and sending SMS messages is bogus - most of my smartphone usage doesn't involve the NMO at all so why should they expect me to pay an expensive contract for services I'm not going to use?
since when was taking something you didn't pay for and aren't authorized to have legal.
Who said anything about not paying for it? My carrier allows tethering...
There is no tethering option available for android phones in US (sprint verizon AT&T).
1. I'm not in the US.
2. I have no idea why you think what type of phone you own makes any difference to your contract - my contract with the carrier doesn't specify anything about what sort of phone I use (other than that it must be a WCDMA capable phone) and there is also nothing preventing me using my phone on whatever carrier I feel like.
Note Apple only secured the config file carriers use to enable tethering.
It appeared from the article that this affected all the iPhones, even those which are unlocked. The device vendor has no business restricting tethering on a phone for which they cannot know the terms of the contract. (Actually, I would argue that the device vendor has no business ensuring their customers don't break a third party contract, for that is up to the third party to ensure).
Disclaimer: I do not own, nor would I want to own an iPhone.
it may also be easy to rob a bank but that doesn't make it legal.
Since when was tethering illegal?
At the end of the day using a smart phone is generally expensive no matter what.
Rubbish. Using a smart phone is generally expensive if you're an idiot, don't shop around for decent prices that suit your situation and are stupid enough believe that you're getting that "free" phone for free.
I have an HTC Dream. It cost me under £160 to buy outright (no contract) including the cost of unlocking it. Into which I put a Three PAYG SIM. Every time I top up my account balance, I get 600 inclusive SMS messages, "unlimited" inclusive on-network minutes and 150MB of inclusive data. These freebees expire after 3 months. Once my inclusive data is used up, I pay £5 per 2GB per month.
In reality, I don't really use any of the inclusive on-network minutes and don't come anywhere close to using 600 SMS messages in 3 months. I also usually route voice calls over VoIP (over 3G or Wifi). So basically I tend to spend under £5/month on average. That makes the TCO of the phone and service under £250 over 18 months. This is pretty favourable compared to the contract price T-mobile offer the HTC Dream under (ISTR the cheapest was about £100 for the phone and £20/month for 18 months at the time, giving you a TCO of about £600 over 18 months.). So just going into the T-mobile shop like the mindless masses do would have cost me almost 2.5 times as much, tied me into T-mobile for 18 months and given me no option to use any other NMO.
So yeah, if you don't use your brain and just fall for the sales patter then owning a smartphone is expensive. But shop around a little and it starts to become much more reasonable.
Unfortunately the NMOs provide no way to officially transfer the ownership of a phone, so if you buy a used phone the original owner can still phone up their NMO, report it stolen and have the IMEI blocked. And I don't expect the NMOs actually *want* to make it easy to transfer ownership of a phone, so this probably won't change any time soon. What the NMOs should be concerned about though is a type of insurance fraud that seems to be rife at the moment: sell your (insured) phone on ebay, report it as stolen and get a free replacement.
What is actually needed is to separate the organisations dealing with the anti-theft measures from the organisations that make money from selling new devices. Maintenance of the blocked IMEI database should be handled by a separate (probably partly governmental) organisation who has no vested interest in selling new phones and can handle legitimate transfer of property, maybe in a similar way to how buying/selling cars is handled.