Oh, and don't even get me started on requirements that belong in cartoons and comic books, not the real world of engineering.
I recall spec testing a label that was supposed to go on a part in an Abrams tank.... seems the spec was written for an aluminum part on an older tank. They had a hissy fit when I returned a puddle of congealed plastic with a label sticking out of it.
You cannot possibly enjoy a peice of software WITHOUT loading it into memory in the first place. That is an intrinsic property of running code or "software".
This is actually written into the copyright act, stating that loading a licensed copy of software into memory in order to run it is a protected act. The judge ruled that because using Glider violated the EULA, the license was invalid & therefore the memory copy was not offered the protection of the clause.
This actually got me thinking, even Linux has it's vulnerabilities from time to time, but I could argue it's MORE vulnerable because of all those Ubuntu Live CD's people have lying around. I've known a few people that have resorted to one of these Live CD's in times of dire need (i.e. when windows has decided to break) and one guy even used one for a few months because his HDD died on him - but how do you patch THOSE?
Why would you bother? A live CD can only be infected upon creation. After that, any infection is automatically removed when the computer is shut down & the ramdisk is closed.
As for using an old disk for installs, the big advantage is that most Linux install CD's assume you know what your doing & have a minimum of exposure - letting you install/start the services you need. From my experience, MS turns most of the stuff on, presumably on the theory you're too stupid to do it yourself if you should ever want to.
I can prove that PV=NRT is incorrect as it both fails to properly account for mixed gases as well as fails to predict any transitional cusps (liquification, reactivity, or plasma transition).
Negative proofs exist in abundance. Positive results from experimentation simply become additional datapoints in the verification process. As shown in the example where it does function for a single given gas between cusps - to within experimental error in most cases.
Now instead of the IT dept (me) querying our email archival system or exporting PSTs from users mailboxes, we now have to hire a PI who knows absolutely nothing about our network, our users or our mail system to find and produce what the courts are looking for.
Nope, you would be investigating the contents - text/timestamp searching the Email - but you wouldn't be reviewing or analyzing the data - you would pass all email meeting the requirements to your company lawyer who would do the review & analysis. All 3 criteria have to apply. Additionally, your example doesn't trigger any of the 4 criteria stated under (a)(1).
For your argument to be valid, then a PI would have to be required whenever a court ordered snail mail turned over from a companies files.
I have to go through the logs to find the hole. So now it's down to me to prove that I didn't *intend* to find out who the phisher was. That's a real fine point I'd on the whole rather not have to stand on, thanks.
Section (a) governs. Were you hired to obtain or furnish information regarding the cause or responsibility for damage to property or were you hired to fix it. If you were hired to fix it, you don't need a PI license.
Subsection (a)(1)(B) casts a really wide net, when combined with the subsection (b) that was added. It's basically defining what constitutes an "investigations company", and a literal interpretation of the law as written could apply to a lot of people that aren't investigating a crime.
It's not basically defining what constitutes an 'investigations company' it is explicitly defining one. If you are hired to do computer work that satisfies (a)(1)(B) then you're a PI - and no, asking questions in an interview doesn't trigger that clause either - even if that's your sole job in a company. The clause that worries most sane techs is:
(D) the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property
As applied to virus scans etc. However (b) requires that you provide information based on
review and analysis of, and the investigation into the content of, computer-based data
Fortunately, most virus work doesn't cover the analysis of computer based data - you investigate the contents in question looking for viri you don't usually analyze the files they are attached to, nor do you usually attempt to review the patterns etc of it's actions. Even if (b) were to apply, you rarely accept employment for the purpose of providing that information - it's incidental to the repair process.
If my computer crashes and I use disk diagnostic software to analyze the data on my hard drive to investigate why it's not working I've investigated by analyzing the data.
Usually not. You've analyzed the structure of the disk most likely. Unless the software is running crc checks on the individual files as well.
I just did all that.
Seems to me you failed to investigate the contents of the data. You've checked the integrity of the data, but not it's contents.
I have a software utility that diagnoses my disk drives, it does so by scanning the drive and analyzing the data on it.
Again, usually not, it analyzes the structure of the data, not the data itself. It verifies that the folders are intact & self consistant and the data shows referential integrity as defined by the checksums in the directories.
So now I need software to unformat the drive and recover the data. It does this by analyzing the data, my private data. If I lived in TX and paid someone to do it for me they just broke the law unless they are licensed to investigate, and I broke it by hiring them.
No, because you hired them to recover your data, you did not hire them to provide you with information regarding the '(D)cause or responsibility of... loss.. or damage of property'. Clause (b) doesn't override clause (a), it simply clarifies that people who perform acts covered under (a) on computers are included.
According to your argument, your car mechanic needs a PI license because he tells you that your head gasket blew because you forgot to top off the radiator fluid. If the investigation into the cause is incidental to the resolution of the problem, you do not 'accept employment to provide information', which is the governing clause in (a).
It creates an issue in that you would not be allowed to install Lowjack without a PI license, which will probably be overlooked, but other than that, unless you make a habit of going to court, the law won't affect you.
Nope, section (a) says you have to be employed to provide information on 1 or more of 4 categories of information to qualify. Being employed to install software which will at some future time provide that information by itself doesn't qualify. Additionally if you're employed to install the software, your not employed under section (b) to 'review & analyze' the data.
I actually am going to be quite critical of the law though, since Computer Forensics shouldn't be the same class as more traditional forensics and bodyguarding.
It's certainly not in the same group as bodyguarding - which - per the section involved - isn't covered under a PI license either. However, it most certainly is in the same class as physical forensics - same requirements for standards, same requirements for chain of custody, same requirements for just about everything & the same goals.
I'm going to need a citation for that. Not reporting a crime isn't, in/most/ areas actually a crime in and of itself. Aiding or abetting is but simply observing a criminal act and not reporting it is not a crime to the best of my knowledge
Mandatory reporting laws are in effect for many professionals - Doctors, Teachers, Clergy, Social Workers, and a few other professions are required to report any signs of child abuse under "CAPTA". Some states use a blanket 'any person' rather than the CAPTA list.
Ref:
Does it fall under "unreasonable search and seizure" without a warrant?
Judicial rulings for search & seizure have long held that they only apply to the government & people acting as agents for the government. If you find child porn & turn it in, then it's admissible evidence, and there are no repercussions. If the police come to you & ask you to check for it when Mr. Perv brings his PC in, then you're an agent of the govt & it gets tossed.
The likelihood of someone successfully suing you for 'invasion of privacy' or 'exceeding granted access' would depend on why they gave you the PC - If they gave it to you to replace the power supply & you find child porn buried in the HD, then they have a good case. If they gave it to you to do virus removal, then it's much less likely since they gave you permission to search the contents of the HD.
We can't afford universal health care because imagine the tax dollars that would be spent; but we can pay for this kind of arbitration? And how exactly is having a PI license going to better the situation at hand, which is obviously that tech people can unethically snoop through customers' files? Does having a license magically make this ok? Does it somehow imply an agreement by the customer that their files are open for review, while without a license, this agreement does not exist?
Did you bother to read the interview - it has the text of the law - section (b) is the new bit: (unordered lists don't seem to be bulleted anymore)
SECTION 4. Section 1702.104, Occupations Code, is amended to read as follows:
Sec. 1702.104. INVESTIGATIONS COMPANY.
(a) A person acts as an investigations company for the purposes of this chapter if the person:
(1) engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information related to:
(A) crime or wrongs done or threatened against a state or the United States;
(B) the identity, habits, business, occupation, knowledge, efficiency, loyalty, movement, location, affiliations, associations, transactions, acts, reputation, or character of a person;
(C) the location, disposition, or recovery of lost or stolen property; or
(D) the cause or responsibility for a fire, libel, loss, accident, damage, or injury to a person or to property;
(b) For purposes of Subsection (a)(1), obtaining or furnishing information includes information obtained or furnished through the review and analysis of, and the investigation into the content of, computer-based data not available to the public.
Companies working in the intrusion detection & cleanup field should be licensed - they are doing PI work - just because they're using a PC instead of shoe leather doesn't change that.
Note that the average IT guys in a company that have to do the cleanup themselves aren't tagged under this law since they don't trip the principle clause: "engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information related to". They accept employment to make the system work. The very narrow class of professionals who specialize in & are hired to obtain or furnish information on "(C)the location, disposition, or recovery of lost or stolen property" or '(D)the cause or responsibility for... loss... or damage to property' are PIs.
Could the wording have been better - probably, but not by much. The initial portion of the law excludes most IT workers, just as it excludes the average mechanic when he needs to find 'the cause or responsibility for... damage to property' when your car breaks down. If your job is to fix & maintain something then you haven't been hired to "obtain or furnish, information related to".
To finish the though, I'm not sure why the DA chose to pursue 1st degree in this case to begin with. Circumstantial evidence makes for a hard case - proving intent with circumstantial evidence has got to be a nightmare.
I do not believe the evidence presented to the jury by the DA adequately accounted for the burden of proof that the murder of Nina Reiser was premeditated.
By way of reference, my first wife's mother was murdered by an ex-boyfriend.
It is a known fact that he purchased a shotgun from a store 2 days before he killed her
despite having a restraining order
despite being out on bail for 'menacing with a pistol' (while under the restraining order) - he had handcuffed her to himself & was holding a gun to her head.
It is a known fact that he purchased camoflage gear including faceblack the day before he killed her.
It is estimated from the number of cigarettes & the volume of water bottles & piss that he waited at least 12 hours outside her appartment.
It is known that he cut the phone lines to the building.
He was tried under 2nd degree murder as a crime of passion. I think he's has been out for about 3 years now. DA's do not like 1st degree murder cases - even when they're easy.
I've had women, including my wife, ride in various cars of mine for over twenty years now. None of them have bled in any significant amounts inside any of the cars I've owned during that period. Also, no bleeding episodes in my car were followed up by the removal of half the seats in the car or the washing of the inside of my car.
Damn you must have much more dexterous/less crazy friends than I do, I can count at least 3 trips to the hospital that required a thorough washing of the inside of the car to try & get the blood out. 1 axe, 1 branch to the face, & 1 tentstake pounded through a foot - I still don't know how exactly that one works but I do believe beer was involved.
I want to be able to pick up the phone, dial 911, and yell "FIRE!" and then run out the door. I hope to never use that feature, but I buy insurance too.
You do realize that dialing 911 turns off the GPS block on your phone? As of about 4 years ago, all cell phones in the US are required to have GPS capability before they are allowed to be connected to the network. Last I checked the US had 85% coverage for E911 which can read that as part of the call.
Now VOIP is different in that you can take your VOIP tag with you - go to work, bring your house phone along. That makes it impossible to track for E911 services.
I admit I took violin & cello for 3 years - it was that or sing & nobody should be subjected to that.
But can you detect a Stradivarius without knowing it is one?
Yes, a trained professional can pick a Strad' out of a crowd of violins just by the tonal qualities. The resonances & harmonics have a distinctive gestalt.
And telling it apart from a Guarnerius or Amati?Or even a good quality modern instrument?
Dito.
There is a good bit of knowing it is an expensive instrument in hearing a big difference.
No, there is a difference that you can clearly see in the waveforms between a good instrument and a great instrument.
A good player on a good day with a cheap violin can sound better than that same player on a bad day with a Stradivarius.
God no. Ignoring the sense of pacing, emotion, and the hundreds of details a violinist can put into a piece, a cheap violin sounds just that - cheap. Even on a bad day, a mastercrafted violin has a sense of warmth & a clarity of tone that a cheap instrument can't match. It's like saying a trashcan lid is just as good as a Zildian cymbal.
That being said, there is a diminishing return & once you get into those instruments that are made by the masters of their craft, then the differences become minute. The difference between an instrument hand crafted by a master of the art & any mass produced ones will be detectable.
On the much broader platform of the internet, there is no universally determinable MORE IMPORTANT data. Example: How is a phone call from one kid about the smell of farts (VOIP data) more important than a video about Ron Paul's efforts distributed via P2P? There is no qualitative value that can be placed on the data beyond any data that may be important to simply maintain network function.
I'm not sure you bothered to read his response. A phone call by it's definition is latency sensative a video distributed by p2p is latency agnostic. The data of one isn't necessarily more important than the other - however the order & latency in which it's delivered is more important to the one than to the other.
Placing priority on one form of data over another is equitable to discrimination in some aspects. What if your favorite gas station was run by people who put qualitative values on race, and thus denied your race access to buy gas, or at least limited your use? Better yet, what if you bought an all-you-can-eat buffet ticket, and when you show up, only vegetarians are allowed to eat all they want because the owner places vegetarian values over omnivorous values?
Just to be clear, I think you chose some of the dumbest analogies possible - specifically because neither address the root of the decision process - a specific requirement of the process which affects the outcome. In your gas analogy you compare data transfers - with the blatant assumption that all protocols are equal in their requirements. Perhaps you should rethink it & work from the other angle - If the gas station only has 50 gallons of gas left, would you like it if they made sure that the guy who's on empty gets a gallon so he can get to the next station or should the guy filling up his 6 ATVs get all of it? Does it matter to you which person you are?
As for your buffet analogy, it's just bizarre. Probably because you are remaining deliberately obtuse regarding the differences in protocol needs. I really can't come up with any food related situation for an all you can eat buffet where one group is time sensitive & the other isn't. When all else fails let us resort to cars.
You & someone else are in an accident. You have a leg that's broken with a compound fracture. The other guy has a severed femoral artery. Life flight can only take 1 person & the ambulance has to take the other. Both of you have to get to the hospital. Both of your conditions are life threatening. The difference is he has to get to the hospital now, you have to get to the hospital before infection sets in. Guess who gets a chopper ride?
In short QoS isn't about claiming data is more important when carried by one protocol versus another. It's about recognizing the technical structure of the protocols makes some time sensitive and others insensitive and accommodating those needs into the packet dropping/queuing decision process when congestion occurs.
How can you tell if someone is using a secure SSL connection for work related purposes (Email, large file transfers, terminal services) and someone that is using SSL for bit torrent?
Quite easily actually: Someone using a secure SSL connection for work related purposes isn't going to open 15-30 connections to different servers & push data over all of them at the same time. For instance, I am sitting at my desk right now with 11 open ssl connections to different servers. At any given time, I am sending data on at most 3 of them. I am receiving data from 6 others since they are running monitoring scripts.
Flip this & look at a torrent. 10-30 connections open to different servers. A large number (usually at least 50%) will be transmitting data simultaneously. Another chunk will be receiving data only, and the last chunk will be both receiving and transmitting. This difference in traffic patterns is fairly easy to distinguish & hence filter.
And how can you tell the difference between someone downloading the latest torrent of a Linus or BSD distro for their company server for his work and say someone downloading movies?
This is true, in an encrypted P2P transfer, you cannot determine the contents.
And if you can't, why would you take away preference to people not legitimately using P2P even and give it to those who quite possibly are illegally downloading using some old fashion method like FTP?
Because a centralized protocol like FTP is self limiting. An FTP server is only going to push out it's maximum bandwidth & up to it's monthly allotment - this is peanuts in comparison to a P2P protocol sharing the same data amongst 10K people.
It is harmful. It sets the precedent that the ISP can now charge providers of services on the internet for preferred paid access
Um, no. The technique in question is source& destination agnostic/protocol sensitive. That means that prioritizing is done solely based on the type of tansfer not where it's coming from or going to. Have a VOIP packet - send it to the front of the queue. Have a P2P/FTP/HTTP packet - end of the line. When QoS was propositioned, this is how it was designed to work - highly interactive protocols get bumped to the head of a queue, non interactive ones get pushed to the back. This makes VOIP, streaming video, etc cleaner with lower latency, whereas HTTP, FTP, etc become more likely to have an occasional packet dropped & with higher latencies - which are basically irrelevant to non interactive protocols.
A 500ms delay in a FTP packet is non detectable - the protocol will reassemble the file correctly even when the packets come in out of sequence. To a VOIP call, that same 500ms delay is a dropped packet & a hole in the conversation.
QoS done properly is a valuable tool for administrating a network, done improperly, it's an administrative nightmare valuable only the the bean counters.
Slashdot Mirror
Crap, and all this time I've been mounting the drive & chrooting into it to make sure all the shadow files & log files update correctly.
I recall spec testing a label that was supposed to go on a part in an Abrams tank .... seems the spec was written for an aluminum part on an older tank. They had a hissy fit when I returned a puddle of congealed plastic with a label sticking out of it.
This is actually written into the copyright act, stating that loading a licensed copy of software into memory in order to run it is a protected act. The judge ruled that because using Glider violated the EULA, the license was invalid & therefore the memory copy was not offered the protection of the clause.
Why would you bother? A live CD can only be infected upon creation. After that, any infection is automatically removed when the computer is shut down & the ramdisk is closed.
As for using an old disk for installs, the big advantage is that most Linux install CD's assume you know what your doing & have a minimum of exposure - letting you install/start the services you need. From my experience, MS turns most of the stuff on, presumably on the theory you're too stupid to do it yourself if you should ever want to.
I can prove that PV=NRT is incorrect as it both fails to properly account for mixed gases as well as fails to predict any transitional cusps (liquification, reactivity, or plasma transition).
Negative proofs exist in abundance. Positive results from experimentation simply become additional datapoints in the verification process. As shown in the example where it does function for a single given gas between cusps - to within experimental error in most cases.
Nope, you would be investigating the contents - text/timestamp searching the Email - but you wouldn't be reviewing or analyzing the data - you would pass all email meeting the requirements to your company lawyer who would do the review & analysis. All 3 criteria have to apply. Additionally, your example doesn't trigger any of the 4 criteria stated under (a)(1).
For your argument to be valid, then a PI would have to be required whenever a court ordered snail mail turned over from a companies files.
Section (a) governs. Were you hired to obtain or furnish information regarding the cause or responsibility for damage to property or were you hired to fix it. If you were hired to fix it, you don't need a PI license.
It's not basically defining what constitutes an 'investigations company' it is explicitly defining one. If you are hired to do computer work that satisfies (a)(1)(B) then you're a PI - and no, asking questions in an interview doesn't trigger that clause either - even if that's your sole job in a company. The clause that worries most sane techs is:
As applied to virus scans etc. However (b) requires that you provide information based on
Fortunately, most virus work doesn't cover the analysis of computer based data - you investigate the contents in question looking for viri you don't usually analyze the files they are attached to, nor do you usually attempt to review the patterns etc of it's actions. Even if (b) were to apply, you rarely accept employment for the purpose of providing that information - it's incidental to the repair process.
Usually not. You've analyzed the structure of the disk most likely. Unless the software is running crc checks on the individual files as well.
Seems to me you failed to investigate the contents of the data. You've checked the integrity of the data, but not it's contents.
Again, usually not, it analyzes the structure of the data, not the data itself. It verifies that the folders are intact & self consistant and the data shows referential integrity as defined by the checksums in the directories.
No, because you hired them to recover your data, you did not hire them to provide you with information regarding the '(D)cause or responsibility of ... loss .. or damage of property'. Clause (b) doesn't override clause (a), it simply clarifies that people who perform acts covered under (a) on computers are included.
According to your argument, your car mechanic needs a PI license because he tells you that your head gasket blew because you forgot to top off the radiator fluid. If the investigation into the cause is incidental to the resolution of the problem, you do not 'accept employment to provide information', which is the governing clause in (a).
Nope, section (a) says you have to be employed to provide information on 1 or more of 4 categories of information to qualify. Being employed to install software which will at some future time provide that information by itself doesn't qualify. Additionally if you're employed to install the software, your not employed under section (b) to 'review & analyze' the data.
It's certainly not in the same group as bodyguarding - which - per the section involved - isn't covered under a PI license either. However, it most certainly is in the same class as physical forensics - same requirements for standards, same requirements for chain of custody, same requirements for just about everything & the same goals.
Reference Here
Mandatory reporting laws are in effect for many professionals - Doctors, Teachers, Clergy, Social Workers, and a few other professions are required to report any signs of child abuse under "CAPTA". Some states use a blanket 'any person' rather than the CAPTA list.
Ref:
Judicial rulings for search & seizure have long held that they only apply to the government & people acting as agents for the government. If you find child porn & turn it in, then it's admissible evidence, and there are no repercussions. If the police come to you & ask you to check for it when Mr. Perv brings his PC in, then you're an agent of the govt & it gets tossed.
The likelihood of someone successfully suing you for 'invasion of privacy' or 'exceeding granted access' would depend on why they gave you the PC - If they gave it to you to replace the power supply & you find child porn buried in the HD, then they have a good case. If they gave it to you to do virus removal, then it's much less likely since they gave you permission to search the contents of the HD.
Did you bother to read the interview - it has the text of the law - section (b) is the new bit: (unordered lists don't seem to be bulleted anymore)
Companies working in the intrusion detection & cleanup field should be licensed - they are doing PI work - just because they're using a PC instead of shoe leather doesn't change that.
Note that the average IT guys in a company that have to do the cleanup themselves aren't tagged under this law since they don't trip the principle clause: "engages in the business of obtaining or furnishing, or accepts employment to obtain or furnish, information related to". They accept employment to make the system work. The very narrow class of professionals who specialize in & are hired to obtain or furnish information on "(C)the location, disposition, or recovery of lost or stolen property" or '(D)the cause or responsibility for ... loss ... or damage to property' are PIs.
Could the wording have been better - probably, but not by much. The initial portion of the law excludes most IT workers, just as it excludes the average mechanic when he needs to find 'the cause or responsibility for ... damage to property' when your car breaks down. If your job is to fix & maintain something then you haven't been hired to "obtain or furnish, information related to".
To finish the though, I'm not sure why the DA chose to pursue 1st degree in this case to begin with. Circumstantial evidence makes for a hard case - proving intent with circumstantial evidence has got to be a nightmare.
By way of reference, my first wife's mother was murdered by an ex-boyfriend.
He was tried under 2nd degree murder as a crime of passion. I think he's has been out for about 3 years now. DA's do not like 1st degree murder cases - even when they're easy.
Damn you must have much more dexterous/less crazy friends than I do, I can count at least 3 trips to the hospital that required a thorough washing of the inside of the car to try & get the blood out. 1 axe, 1 branch to the face, & 1 tentstake pounded through a foot - I still don't know how exactly that one works but I do believe beer was involved.
You do realize that dialing 911 turns off the GPS block on your phone? As of about 4 years ago, all cell phones in the US are required to have GPS capability before they are allowed to be connected to the network. Last I checked the US had 85% coverage for E911 which can read that as part of the call.
Now VOIP is different in that you can take your VOIP tag with you - go to work, bring your house phone along. That makes it impossible to track for E911 services.
I used to be able to tell the connection speed from the squawk during the handshake - way too much time doing tech support.
Yes, a trained professional can pick a Strad' out of a crowd of violins just by the tonal qualities. The resonances & harmonics have a distinctive gestalt.
Dito.
No, there is a difference that you can clearly see in the waveforms between a good instrument and a great instrument.
God no. Ignoring the sense of pacing, emotion, and the hundreds of details a violinist can put into a piece, a cheap violin sounds just that - cheap. Even on a bad day, a mastercrafted violin has a sense of warmth & a clarity of tone that a cheap instrument can't match. It's like saying a trashcan lid is just as good as a Zildian cymbal.
That being said, there is a diminishing return & once you get into those instruments that are made by the masters of their craft, then the differences become minute. The difference between an instrument hand crafted by a master of the art & any mass produced ones will be detectable.
Slashdot - the unofficial church of Rube Goldberg.
Um not even a bill in congress has to be in English. You can conduct a jury trial in Ancient Sumerian if you could find translators to do so.
I'm not sure you bothered to read his response. A phone call by it's definition is latency sensative a video distributed by p2p is latency agnostic. The data of one isn't necessarily more important than the other - however the order & latency in which it's delivered is more important to the one than to the other.
Just to be clear, I think you chose some of the dumbest analogies possible - specifically because neither address the root of the decision process - a specific requirement of the process which affects the outcome. In your gas analogy you compare data transfers - with the blatant assumption that all protocols are equal in their requirements. Perhaps you should rethink it & work from the other angle - If the gas station only has 50 gallons of gas left, would you like it if they made sure that the guy who's on empty gets a gallon so he can get to the next station or should the guy filling up his 6 ATVs get all of it? Does it matter to you which person you are?
As for your buffet analogy, it's just bizarre. Probably because you are remaining deliberately obtuse regarding the differences in protocol needs. I really can't come up with any food related situation for an all you can eat buffet where one group is time sensitive & the other isn't. When all else fails let us resort to cars.
You & someone else are in an accident. You have a leg that's broken with a compound fracture. The other guy has a severed femoral artery. Life flight can only take 1 person & the ambulance has to take the other. Both of you have to get to the hospital. Both of your conditions are life threatening. The difference is he has to get to the hospital now, you have to get to the hospital before infection sets in. Guess who gets a chopper ride?
In short QoS isn't about claiming data is more important when carried by one protocol versus another. It's about recognizing the technical structure of the protocols makes some time sensitive and others insensitive and accommodating those needs into the packet dropping/queuing decision process when congestion occurs.
Quite easily actually: Someone using a secure SSL connection for work related purposes isn't going to open 15-30 connections to different servers & push data over all of them at the same time. For instance, I am sitting at my desk right now with 11 open ssl connections to different servers. At any given time, I am sending data on at most 3 of them. I am receiving data from 6 others since they are running monitoring scripts.
Flip this & look at a torrent. 10-30 connections open to different servers. A large number (usually at least 50%) will be transmitting data simultaneously. Another chunk will be receiving data only, and the last chunk will be both receiving and transmitting. This difference in traffic patterns is fairly easy to distinguish & hence filter.
This is true, in an encrypted P2P transfer, you cannot determine the contents.
Because a centralized protocol like FTP is self limiting. An FTP server is only going to push out it's maximum bandwidth & up to it's monthly allotment - this is peanuts in comparison to a P2P protocol sharing the same data amongst 10K people.
Um, no. The technique in question is source& destination agnostic/protocol sensitive. That means that prioritizing is done solely based on the type of tansfer not where it's coming from or going to. Have a VOIP packet - send it to the front of the queue. Have a P2P/FTP/HTTP packet - end of the line. When QoS was propositioned, this is how it was designed to work - highly interactive protocols get bumped to the head of a queue, non interactive ones get pushed to the back. This makes VOIP, streaming video, etc cleaner with lower latency, whereas HTTP, FTP, etc become more likely to have an occasional packet dropped & with higher latencies - which are basically irrelevant to non interactive protocols.
A 500ms delay in a FTP packet is non detectable - the protocol will reassemble the file correctly even when the packets come in out of sequence. To a VOIP call, that same 500ms delay is a dropped packet & a hole in the conversation.
QoS done properly is a valuable tool for administrating a network, done improperly, it's an administrative nightmare valuable only the the bean counters.