* Posts by Donn Bly

133 posts • joined 10 Jan 2008

Page:

Net neutrality victory: DC court backs full rules

Donn Bly

Re: @steve todd - you obviously have no experience in the area

Steve, you obviously have no experience in this area.

First, since broadband wasn't even an issue when most cable companies were started or when they were issued operating licenses, it is impossible to TRUTHFULLY state they they promised coverage and service levels - because those products didn't even exist then.

Competition does exist for broadband, but it exists between technologies - ie, Cable vs Telco. Cable companies don't compete between themselves, and landline landline carriers don't compete between each other, but cable and telco most DEFINITELY compete against each other.

I have watched two different local cities where I own property start down the road to municipal broadband. In both cases incumbent carriers had already made massive investments in infrastructure and were rolling out continuous improvements. In both cases the cities LIED to the public about the needs and in the investments that private enterprise had made. In both cases existing ISPs stopped investing, and in some cases abandoned existing infrastructure.

For you to say "bullsh*t" is, well, bullsh*t itself. Because unlike you I have personal experience. I was there.

0
0
Donn Bly

No. Telco vendors and others responded to consumer demand and increased speeds and capacity all on their own.They did so because the free market provided a financial incentive to do so, and without any such rulings or government interference.

If the GOVERNMENT had their way, access would have been limited to institutions of higher learning and defense contractors. You are, after all, talking about a ruling body that isn't the most technologically competent and thinks that you can get pregnant via a sexually explicit email, that an island will flip over if everyone stands on one side, or that if you place a standard bullet in a brass casing inside of a steel box that the steel will shield it and allow it to pass through a metal detector undetected..

Now, whether the major providers CONTINUE to advance, that is a matter up for debate. However, if the government removes all profit motive then vendors aren't going to do much of anything in the way of improvements. The only time they will improve is when it is cheaper to upgrade than maintain the status quo.

We have already seen in under-served areas that when municipal fiber networks are deployed that for-profit organizations reduce or exit the market, spending their expansion funds in areas where they can get a better return. Net Neutrality regulation - whether good or bad - is going to slow private deployments in those areas and FORCE the government to build out using tax dollars, probably via increases in USF and Rural Access funding taxes. Again, whether good or bad is a matter of debate, but it WILL be a consequence.

Personally, I saw the writing on the wall several years ago, which is why I sold my ISP while I could still do so at a profit, then hooked up to municipal fiber so that I could take advantage of the cheaper rates. If you can't beat 'em, join 'em.

4
24

Bloke flogs $40 B&W printer on Craigslist, gets $12,000 legal bill

Donn Bly

The "Jerk" (I would have used stronger language) doesn't have any lawyers, he represents himself.

Being from and in Indiana, I took a special interest in this case.

First, this "Jerk" isn't even from Indiana - He is Ukrainian here on "political asylum". Having gamed that system, he now tries to game all others.

Indiana, like most courts, has a policy in civil courts of "default summary judgement". Basically, if you get sued, and don't bother to even respond to the suit or show up when the hearing is held, then you are going to lose the case. To respond all you have to do is send the court a letter saying that you deny the claims.

It isn't that he "admitted" anything - that is just bad reporting, something that has been repeated elsewhere in many articles about this case. It is more factually described as a default "Nolo Contendere" / "No Contest" plea.

As such, the judge who granted summary judgement wasn't necessarily wrong,but the judge who didn't immediately overturn it on appeal was. After all, The "Jerk" couldn't even provide evidence of notice, which is a REQUIREMENT. It should have been tossed. Judges are human. They screw up. This one screwed up big time. At least the appeals court, after having actually LOOKED at the evidence, tossed it.

And yes, the seller COULD go after the Jerk and get damages, but that would have to be a separate suit - and he has already stated that he wants nothing to do with any more lawsuits.

Personally, I think we should find out what the Jerk was running from in the Ukraine. If it was legitimate political asylum I don't think that he would be advertising his location in the international press. Perhaps it is time to send him back.

26
0

Score one for the patent trolls: US appeals court says it's OK to shop for patent-friendly judges

Donn Bly

Re: Wait just a minute

This isn't a patent troll case - in this case both defendant and plaintiff are real companies that manufacture and distribute goods, and have done so for many years. This is a straight up infringement case.

Also in this case both the Defendant and the Plaintiff are in Indiana -- yet the Plaintiff wants to sue in Delaware court. That was the issue here. Convention holds that you sue in the district where the defendant resides.

(disclaimer: I too am in Indiana - which is why this case caught my attention)

1
0

Getty Images flings competition sueball at Google Image Search

Donn Bly

Re: I think they have a point here

> it should be pointing you to the place where the image is hosted.

Well, actually it already does, with the very first button being "Visit Page"

1
0

Amazon attempts rule fudge to take exclusive control of new dot-words

Donn Bly

I have seen a couple in passing, including one that I procured and set up for a friend's coffee house, but the vast majority of them are just spam sources to the point where I am weighting them as such with spam assassin rules.

8
0

Google found 760,935 compromised web sites in a year

Donn Bly
WTF?

Re: CSS breaches

WTF are you calling a "CSS Breach". While I have seen stylesheets hacked to include image urls from other compromised domains to avoid antivirus scans on the primary server, those types of attacks are definitely a minority.

0
0

Google yanks Chrome support for Windows XP, at long last

Donn Bly

Re: So much for Extended Support then..

Agreed - My home machine which I only use for light web surfing and remote desktop runs Vista, and has been stable doing to since day one. If it wasn't on a docking station with three additional monitors I probably would have replaced it, but why spend money to replace something that is (1) still supported and (2) does everything that I need it to do?

I've always got my tablet (Surface Pro 3, won as a door prize at a Microsoft event running Windows 10) if I truly NEED something that only runs in a more modern operating system.

0
0

Websites take control of USB devices: Googlers propose WebUSB API

Donn Bly

Re: Where to begin?

Or you could just get an independent scale/printer with its own network attachment. You can still connect your PC to it over the network, but you don't need to waste energy powering your PC to use it.

There are already PC-independent solutions; don't invent half-dependent solutions and pretend they're better.

So instead of having a IP with attached peripherals which gets its IP address via DHCP, you would instead prefer the novice PC user to self-install a switch, install and configure two rather expensive pieces of network-enabled equipment with static IP addresses, download and install the drivers and the application software, configure the application software with the static IP addresses, etc. -- and now you have three devices on your network to monitor instead of just one AND you have an application installed on your workstation that isn't part of the company standard.

-- or --

you would prefer a stand-alone proprietary solution, and have IT tasked with auditing and keeping this one-off piece of non-standard equipment on their network up to date, secure, and operational.

-- or --

The user can use a web-based application, connect to a cheap usb-attached scale and label printer, and IT doesn't have to worry about keeping the application up to date every time there is a change in shipping rates. There aren't any foreign devices on the network, and the only downloaded code is JavaScript that runs in the browser.

I don't know about your environment, but I would be seriously investigating the third option before discounting it.

Shadow seems to think this is about drivers and such. It isn't. It is about the ability to use web-based applications in place of native code APPLICATIONS. Think Google Docs vs Word.exe, not video card drivers. Right now any web-based application that needs that kind of functionality has to use security abominations like Flash or Java, or the vendor write some sort of custom protocol driver which will usually only work with some subset of available hardware to accomplish the task. All this API does is create a standard where a manufacturer can "web-enable" their devices and expose a subset securely to a third-party web application that uses the same API.

Nobody is saying that it is the best technology for every business solution. This is a technology that addresses an existing security hole in an existing niche market, and is extensible to new device classes. It defines a standard that allows for vendor interoperability, reducing lock-in to proprietary architectures. It allows software vendors to have a single, cross-platform application that truly runs the same on Mac, Windows, and Linux out of a single code-base because actual execution takes place on the server and not on the workstation.

The API is in its early stages, with a draft spec only two months old. It may or may not flourish, but is IS better than the existing methods, or at least aspires to be.

0
12
Donn Bly

Re: Where to begin?

If your current workstations and servers don't have access to the Internet, then they aren't running web applications, and as such would have no need for this technology.

Of course, if your current workstations don't have access to the Internet, just how are you posting to this forum?

3
9
Donn Bly

Re: Where to begin?

The web also has illegitimate uses alone with legitimate ones - by your thinking the entire web should be forbidden and nobody should be able to use it because someone made illegitimate use somewhere along the way?

I'd swear that none of you have even looked at the spec, or the explainer. If you had and even a basic understanding of it you wouldn't make these kinds of statements.

1
13
Donn Bly
Thumb Down

Re: @Donn Bly.

You are operating under a couple of fatal misconceptions.

1) Windows Update. If you plug a device into your windows computer, and it doesn't have the driver already installed, you know that box that pops up asking if you want to search for a driver? Pay close attention next time and you will see the button that says "check windows update for driver". Windows update is more than updating existing drivers, it is where most of the NEW drivers come from for your "plug and play" devices.

2) Downloading Drivers. This WebAPI is *not* about downloading device drivers. In fact, there is nothing in the current spec about downloading and installing ANYTHING. You go on and own about companies not including drivers or not being able to download drivers - but this is NOTHING of the sort. I can understand your confusion if you based your argument on the (factually inaccurate) line in the article about websites updating firmware.

This technology is about allowing manufacturers to expose their devices to web applications in a standard, secure way. Before you accuse someone about lack of critical thinking, you should at least have a basic understanding of the technology you are lambasting. Have you even READ the spec? There was a nice link to it at the beginning of the article. Try reading it, THEN discussing it.

2
13
Donn Bly
FAIL

Re: Where to begin?

Windows update takes the hardware id's and searches a database of compatible drivers, the underlying premise behind this is much the same except that it allows makers of specialized equipment to implement a similar system without relying on Microsoft. You want us to believe that you have never allowed windows update to search for and install a driver for a new piece of equipment, or update an existing driver?

This technology isn't designed to used on your USB Ethernet dongle, your CPU temperature sensor, or anything like that. Do you think that the manufacturer WANTS to provide servers and bandwidth to push a driver for a device like that every time you reboot? No, of course not.

This is an attempt to create a web standard API for directly accessing equipment connected via USB, for equipment specifically designed for that purpose, without having to use something like Flash or Java as a layer in-between. I for one WELCOME a secure alternative.

Real-life example: USB Attached scale & Printer. The ability to have a web/thin client application be able to weigh a package and generate a shipping label WITHOUT having to install specific drivers, without having to have the user click on anything every time it prints, etc. Right now you have to install the drivers, install the stand-alone software, which then has to use a web api to exchange information with the shipping company. This moves the API level so that the software and data can be stored on web server and nothing needs to be installed on the workstation other than a standard, reusable API layer which is restricted by device and destination.

Is this a solution for everyone and everything? Of course not. Nor is it intended to be.

Next time learn a little about the technology before you slam it, sometimes there ARE legitimate uses.

2
22

Microsoft adds 'non-security updates' to security patches

Donn Bly

Re: I'll jump in before everybody starts to state the obvious....

I ran into this today as well, countdown timers that windows would NOT allow them to abort. I also concur about GWX Control Panel, it saved the day for me on multiple machines today.

One of them was only a couple of blocks away so I walked over. Sure enough, even if I ended the task with task manager it automatically restarted. It would let me schedule the upgrade any time within the next 72 hours, or start immediately, but explicitly stated "once you set a time it cannot be changed".

It would NOT let me abort, it would NOT let me check for windows updates. My solution was to go into installed updates, remove KB3139929, let it reboot (which didn't do the install), then use GWX Control Panel to turn it off.

4
0

LastPass in 2FA lock down after 'fessing up to phishing attack

Donn Bly

Re: A real shame - a good product

Just to verify, why do you say that "export to CSV" was canned in LastPass? I still use LastPass, and I just checked and verified that the option to export to CSV is still there.

As a LogMeIn user, I wasn't too happy that they killed off the free edition, however, since I had a mix of free and pro they upgraded all of the free clients to pro for a year for no charge. Sometimes you have to take the bad with the good, but if you are going to preemptively trash a product because you THINK that they might change something then you are never going to use anything.

2
1

No escape: Microsoft injects 'Get Windows 10' nagware into biz PCs

Donn Bly
Alert

So, when this update comes down and trashes my Hamachi VPN (we've already tested and know that it doesn't work quite right, even though it is supposed to be compatible) who is going to pay for the remediation work to get the business back up and running?

16
0

Researcher claims Facebook tried to gag him over critical flaw

Donn Bly

There is a difference

There is a big difference between letting someone know that their door is unlocked, and using that unlocked door to ruffle through their underwear drawers to determine their preferences.

One is responsible, the other isn't.

As much as it pains me, I would have to side with Stamos. Wineberg admittedly made unauthorized use of a company's credentials on a third-party service (Amazon AWS) to gain further unauthorized access on that third-party service. It wasn't about discovering a bug, it was about seeing how far he could penetrate with the stolen credentials even AFTER he had already been paid for reporting the bug.

Furthermore, Wineberg did represent himself as a representative of Synack in his communications with Facebook when reporting the bug. I'm somewhat surprised that Facebook paid the bounty to him and not directly to Synack, and a CSO to CSO call between companies when unauthorized access is detected is certainly not out of the ordinary.

11
23

Hapless Virgin Media customers face ongoing email block woes

Donn Bly

Hard SPF Policy

A hard SPF rejection policy ( -ALL ) means that unless the email is being delivered to you by one of the listed sources, then it is completely disavowed by the sending domain and isn't legitimate. Such messages should be rejected with a 5xx response and never come close to your inbox.

2
0

EU urged to ignore net neutrality delusions, choose science instead

Donn Bly

Re: QoS != Net neutrality

Unfortunately, your definition of "Net Neutrality" does not match the definition that the lawmakers are using.

That really seems to be the biggest problem with Net Neutrality discussions on this site - everyone has a different definition because the term isn't a technical term to which we have an established definition. In fact, that was one of the points of this article.

While your definition is a good ideal, the government definition is less so. In their definitions, no traffic may be discriminated against based on origin, destination, or content. Similar, but VERY different. Because with their definition there is no such thing as priority traffic. Everything is equal. Yes, that means that your itunes traffic and your netflix traffic are equal, but so is your VoIP traffic and the spam email and the guy next door seeding torrents.

3
0
Donn Bly

Re: How can this "Markablejones" be so ill informed

First, on network management, while the GOAL isn't to prevent reasonable network management, in many cases it is an unattended side effect - stripping QOS so that SIP and HTTP traffic run at the same priority across peering points.

Lets look at your statement "ISPs will be incentivized to not upgrade their networks in order to sell priority delivery" and compare that to past actions.

Without "Net Neutrality" laws ISP's had the ability, and did, sell "fast lanes". Thus, if your argument held true, ISPs never upgraded their networks and we are all still on dialup. or ISDN, or 256K DSL, or... well, the point is that ISP networks are in a constant state of upgrade, and they did it even with fast lanes in existence. In fact, the extra money from those "fast lanes" may have actually helped drive those capital improvements.

Now, lets look at the second half of your argument, "The higher the price, the more easy it is for company's like Google and Netflix and Amazon to set barriers to market entry that price potential competitors out of the market".

Amazon and Google already paid high prices for entry - what you are suggesting is that others should not have to pay because Amazon and Google already have. Nonetheless, lets take that part at face value and look at the rest -- if there is that much money to be made selling "fast lanes", then additional companies (ie, ISPs) will be formed to take that money, increasing competition and driving down consumer costs.

Giddes may or may not be a shill - I don't know - but his arguments are just as valid, if not more so, than yours - and he at least signs his name to them.

2
2

Cobweb 'fesses up to failure to renew SSL certificate

Donn Bly
FAIL

Unencrypted Traffic?

An expired certificate still encrypts data.

If Mr Adrian Smith "Security Consultant" set up systems that allow the customers to bypass SSL, then that ability is there whether the certificate is expired or not - and the level of security has not changed.

While I suppose that it is POSSIBLE for someone to write some sort of client software that would downgrade to clear text should a certificate expire, it would seem to be a rather poor choice for system design. If the data must be secured, then a certificate error should force the connection to fail with no data exchanged.

With no actual details as to the certificate, how it was used, when it was issued, etc. we can only guess as to what happened, but I have more questions about the technical abilities of the consultant than I do about a hosting provider that lets a certificate on a control panel expire. That in turn leads to questions of motivation.

Mr. Smith will now have to justify exactly HOW his customers managed to exchange un-encrypted data even though encryption was available to them.

6
0

AT&T, Verizon probed: 'No escape from biz broadband packages'

Donn Bly
Terminator

Re: For the love of all that is holy THERE'S A BRIDGE FIRE!?

Not only would you let him, you would probably be giving him a "gentle" push so that he could join his friends a the bottom.

0
0

Amazon Echo: We put Jeff Bezos' always-on microphone-speaker in a Reg family home

Donn Bly

Re: Monopoly

While Amazon has a few partners like stub-hub already on-board with their products, there is nothing that prevents anybody else from developing a competing product. Amazon calls these things "Skills" as in you are adding additional skills/capabilities to their platform, and the SDK is free. They do require that you run a webservice back-end for it, and will even give you FREE hosting for the first million requests a month if you decide to use them for the hosting, but there is no requirement to do so.

The "cost of entry" is actually quite low. If anything, having an open SDK actually DECREASES the entry cost.

I am an Echo owner. Liked the first one I bought for home so much that I bought a second one for my office. It has completely replaced my alarm clock and radio, and I no longer use a computer for streaming music. I've also been playing around with its home automation capabilities, and have integrated it with a Samsung Smartthings hub where in turn all sorts of Z-Wave products can interface. So, if someone is at the door all I have to say is "Alexa, turn off the front door lock" and the magnetic lock on my front door is disabled for a few seconds, allowing the visitor to enter.

If I wanted to add voice command recognition to my door lock without using something like the echo, the cost would be significantly higher. Even if I didn't already have the echo, or the zwave hub and contact closure, those items have a combined cost under $300.

1
0

Virgin Media filters are still eating our email – Ntlworlders

Donn Bly
FAIL

Re: Banks generally explicitly state that they will never, ever email you

Uh, no. Many banks do email their customers - I get a dozen or so messages from mine every week. Messages that statements are available to download, messages saying that a wire transfer has been received, messages with electronic receipts from the ATM, messages with service announcements, etc.

I deal with several banks, at EVERY one of them sends me at least one email a month.

4
0

Hillary's sysadmin left VNC, RDP exposed to the internet - report

Donn Bly
FAIL

Re: Bah!

You say you haven't seen any evidence that anything was sourced from the server? I suppose you missed this, which was published here a little over a month ago

http://www.theregister.co.uk/2015/09/04/clinton_email_auction_twist_secure_hacker/

The problem is that a government official set up a server for the specific purpose of attempting to skirt the laws of the nation, got caught doing it, has KNOWINGLY made a number of untrue statements about it, left top secret, classified, and other confidential materials in the hands of those not authorized to access them, and went out of their way to obstruct other government officials from doing their job of securing the materials after the fact.

The knowledge that the server was implemented in an insecure manner is hardly surprising, given the overall situation.

5
0

Strike one – First net neutrality gripe against an ISP is nixed by FCC

Donn Bly

Re: As A Consumer, I Should Not Be Forced to Pay Twice

In this case, It wasn't that TWC was forcing CNS traffic onto slower connections, it was that CNS wanted a FREE connection directly to TWC which TWC declined to provide.

Peering means a mutually beneficial, bi-directional passing of data. If CNS bought a few OC3's to multiple providers in multiple cities, and agreed to route TWC traffic across them, then they would probably qualify for the free peering.

0
1

Oi, idiot fanbois. DON'T buy this gun-shaped iPhone case, mmkay?

Donn Bly

Of course it is a stupid idea - but so is any the mindset of many people (officers included) that anyone with a gun is a criminal.

3
7

Google harms consumers and strangles the open web, says study

Donn Bly

Re: Fools and Horses

> Then what happens when customers prefer the alternatives and reply to

> Google, "You will NOT be missed"?

Then we will have proved that Google is not and never was a monopoly, and that the claims against it are unjustified.

Good or bad, Google is # 1 because people actually LIKE it, or at least they like it better than the alternatives -- which really goes to show that there is no accounting for taste.

If someone builds a better mousetrap, people will abandon Google as they really don't have a stake in it.

2
3

Backpage child sex trafficking lawsuit nixed thanks to 'internet freedoms'

Donn Bly

badly implemented

It isn't even so much as a bad implementation. They filtered against known keywords, asked for age and rejected anything underage, and responded to individual complaints when they were raised. Additionally they protected user privacy (and their bandwidth) by re-sampling and compressing any images uploaded.

According to these girls and their lawyer (and presumably Mr. Orlowski) if I want to sell a "tiny rose vase" those keywords should flag it as sex traffic. I disagree.

Yes, they have a section for "escorts", but the purpose of the site isn't to facilitate the sex trade - the section is there so that the pimps don't put the ad under miscellaneous, yard sales, or any other "family friendly" section and turn those sections into something seedy.

They don't charge for ads and don't put advertising on the pages, so it isn't like they are making any money on the escort pages.

If anything, those ads assist law enforcement by providing a starting point for them to identify and prosecute the criminals.

27
5

Manchester car park lock hack leads to horn-blare hoo-ha

Donn Bly

Seriously?

Seriously? You press the lock button on the door (or console, depending on brand and model) and shut the door. I have never seen any vehicle that had electronic locks and a key fob that didn't also have a manual switch.

Now, I have seen a few models that required a fob to unlock the doors and didn't even have a keyway on the driver's door - but that doesn't prevent you from locking the rest of the doors.

This reminds me of the jokes about the [insert stereotype here] who couldn't unlock the door to their convertible and get in... when the top was already down.

1
0

'Right to be forgotten' festers as ICO and Google come to blows

Donn Bly

Google is the arbitrator because if the job was the prerogative of the ECJ then they would be in a position to directly censor your search results. Furthermore, like any other government entity they would eventually try to get out of doing any real work, and would just rubber-stamp the requests coming in without giving them any serious evaluation on merit (example: US Patent Office)

2
1

Tennessee sues FCC: Giving cities free rein to provide their own broadband is 'unlawful'

Donn Bly

No, Tennessee is saying that the FCC doesn't have the authority to regulate how a state governs its towns -- and they are right, the FCC doesn't. Congress may pass a law, which is then voted upon and approved by the representatives of the people - but the FCC is an appointed body without the power to usurp the power of the states to regulate their own cities.

The FCC has the right to regulate interstate communication, but its right to regulate INTRA-state communication is rather limited. Being federal does not automatically make the more powerful, Unless it crosses a state line, they really don't have a leg to stand on.

That being said, from what I understand the issue is that Tennessee has established territories in which a municipal utility can operate. Presumably this territory was defined as being an un-served or under-served area some time in the past. What Chattanooga wants to do is provide services outside of its territory, which Tennessee has regulations to prevent.

What SHOULD happen is that Chattanooga should go the state regulators and ask them to designate the under-served areas as part of their territory, then they would be free to expand into it. Instead, they wanted to do an end-run around the laws and regulations under which they were created.

The other problem is that they are an POWER company trying to provide communication services. They should have instead established a separate utility.

I don't have a problem with municipalities establishing broadband networks. I get my own connection though one, and am VERY happy with they service I am getting. But they need to be done right.

8
7

Bad news: Robo-cars will make you work BILLIONS more hours. Good news: In 2040

Donn Bly

Population Growth Rate

The population growth rate and transportation needs will be such that the number of existing manually driven vehicles will probably still be higher than current levels, even if half or more of the vehicles on the road are autonomous.

Even if all of the 4 (or more) wheeled vehicles are autonomous, the population density will drive more people to smaller vehicles - bicycles and motorcycles - which aren't going to be autonomous. Those people will still need insurance, so the insurance companies don't have anything to worry about.

As such, the number of mechanics, etc. necessary to maintain the vehicles will not decline.

5
0

Nokia boss smashes net neutrality activists

Donn Bly

So I quote the FCC's own published words, and you call me a troll clouding the argument. Do you think I just make this stuff up? The problem that your definition of neutrality isn't the same as the one that the politicians and the FCC are implementing. You are certainly right that isn't about giving priority to cars or VoIP.

If you read the FCC announcement, you will even see that the FCC fully acknowledges that a cable company can still prioritize their own VoIP over any other traffic, because that traffic is on their own network and not over the public Internet. Look on page 3 under "Broad Protection".

1
0
Donn Bly

You can vote me down all you want - but it isn't going to change the fact the FCC is making it illegal to have a committed information rate or quality of service on a broadband connection.

broadband providers may not favor some lawful Internet traffic over other lawful traffic in exchange for consideration of any kind

In order words, you, the hospital, or anyone else CANNOT pay more for better service.

Once the full rules are published ways will be found around it, most likely though private circuits and splitting hairs over definitions, but blame the FCC, not me.

0
7
Donn Bly

Re: @Donn Bly

I wish I was wrong - Per the FCC Announcement, "broadband providers may not impair or degrade lawful Internet traffic on the basis of content, applications, services, or non-harmful devices"

To identify and degrade Bit Torrent traffic in order to cut congestion, while not degrading other traffic, will now be illegal on all "broadband" circuits. Also, keep in mind that they did NOT put an exception for "reasonable network management".

The FCC hasn't made a lot of definitive statements, but the above is quoted word for word off of their own announcement.

0
2
Donn Bly

The answer is simple - providers should be forced to stop selling bandwidth that they don't actually have.

If say a hospital signs up to a deal for 1 gig broadband, then that's what they should get, instead the telco will give them a congested line with ridiculous contention rates that shares 1 gig bandwidth across 50/100 customers, sure it is "capable" of 1 gig but it will NEVER see that in real life.

You are right, that is the solution. However, it also also means that instead of sharing that bandwidth pool across 50 to 100 customers, each customer is going to have to pay 50 to 100 times as much for the bandwidth.

In reality, the pool is much larger - thus the multiplier is even higher.

2
0
Donn Bly

Re: He seems to have failed to understand

If VOIP packets get priority then ALL VOIP packets are treated equal, no matter where they came from.

VOIP packets are not allowed to have a higher priority then web browsing or bittorrent. Remember, Comcast running web traffic at a higher priority than bittorrent is one of the cases that started all of this.

1
10
Donn Bly

Surely then it's for the hospital to pay for a better connection? If I as a customer want to be able to download things quicker I pay more. Similarly if hospitals and others want a better QoS then they can equally pay for it.

Under the new "Neutrality" rules, an ISP isn't allowed to sell a "better" connection. In order to be neutral all must be equal.

2
12
Donn Bly

Nope, this is what happens when your definition of "neutrality" doesn't match up with the FCC's definition of neutrality.

FCC's Net Neutrality specifically BANS the use of packet prioritization on the public Internet - by packet protocol or content. The FCC gives lip service for VOIP and Heart Monitoring - but only when those services exist inside of a provider's network using separate, non-Internet channels.

2
13

Net neutrality victory: FCC approves 'open internet' rules in 3-2 vote

Donn Bly
Boffin

Smokescreen

Having finally read in full the FCC's announcement at http://www.fcc.gov/document/fcc-adopts-strong-sustainable-rules-protect-open-internet I have come to realize that this is all a smokescreen.

The announcement makes very specific and repeated references to how these rules will apply to "broadband Internet" - but a few weeks ago the FCC redefined broadband Internet to encompass a threshold of 25 MBit thereby excluding any technology less than that (DSL. ADSL, 802.11b wifi, etc, 3G wireless, dialup, etc.)

The way I read this, anything 25 MBit and over will be "open", but anything less than that can be restricted. Don't you love it how politicians like to play fast and loose with definitions to try to pull the wool over the public's eyes?

Also, while they had originally said that it did away with prioritization - they didn't. They forbid PAID prioritization. Prioritization for technical reasons (and they specifically listed Voip and Heart Monitoring as examples) is allowed. Thus, the ISP is free to put a policy in place that says "no single ASN may utilize more than 50% of our upstream bandwidth so as to leave room for everyone else", as long as it is done for the purposes of network management and not for selling additional services -- and I fully expect large providers to put such policies in place.

1
0
Donn Bly

Re: Thriving?

For Internet access, these huge corps have managed to merged and bought their way into monopoly positions. They have repeatedly offered assurances that these mergers and takeovers will result in better speeds and services for customers and, well, they generally haven't.

Really? Average Internet speeds haven't increased in the last 10 years where you live? I feel sorry for you. I pay less than half now for 16 MBit than I paid for 128K ISDN 20 years ago, and the service is more reliable. I would call that better speeds, lower cost, and better services.

0
2
Donn Bly
Unhappy

1930's rules or 1996 rules?

The 1996 rules were very specific to a "hands off" approach to the Internet - so no, you can't say that they are the 1996 rules.

Still, that is all we know. As of right now all we know is that they voted to approve, but we don't know any specifics. Everyone who is saying that it includes "this" or "that" is blowing smoke. We don't know WHAT is in the rules, or how they are defining any of the terms.

But if we can go by the public statements of Wheeler, what I can tell you is that it is going to signal a movement of hosting AWAY from the United States. After all, if as an ISP you are precluded to providing a "fast lane", that in turn makes it illegal to provide multiple levels of CIR under different SLA. Any company that wants and and willing to pay for better service will have to host outside of the USA. This will in turn shift the infrastructure investment away from the USA as well.

Still, without the 300+ pages of what they approved, nobody knows where we are headed -- and that will drive an investment slowdown as well.

2
0

FCC chair refuses to make net neutrality rules public before approval

Donn Bly
Holmes

Re: Republicans: Hey, tell us your plans so we can sink them.

I take it you prefer the "you have to vote on it before you can read it" stance the Democrat's took on the Affordable Care Act?

The United States is a Republic. We elect our representatives, who then are supposed to vote on our behalf. As such, as much as the populace (us) would like to know the details, we don't really need to know as we aren't the ones doing the voting. I can't really fault Wheeler there.

But this vote is especially important as the ones doing the voting in this case are not elected, they are appointed. The elected representatives which provide oversight of these appointed positions have asked for the information, and he has denied it. Those elected representatives, regardless of party affiliation, DO need to know, and trying to hide it from them is very disingenuous.

And, quite honestly, if the FCC's plans aren't seaworthy enough to survive pot shots from a few politicians who are more interested in pandering to lobbying groups then doing their jobs, then those plans probably DO need to be sunk. More likely, perhaps the weak areas would be exposed and corrected before the vote, resulting in better regulation.

1
0

Google reveals bug Microsoft says is mere gnat

Donn Bly
FAIL

Re: Totally exploitable on college campuses

You have totally misunderstood the nature of the bug. Putting an HTML or batch file in the folder would not trigger it. The server housing the share would have to be modified to send a specially-crafted response so that when a request to a specific file or folder on the share is made that the requesting workstation looks at a local file instead. The server never gains access to the files to which it redirects, only the workstation.

So, lets say that you either compromise an existing server, or set up a honeypot. On that server you create a share called "downloadme" and put a file called "passwords.txt" in it.

Now, when the unsuspecting user tries to notepad \\honeypot\downloadme\passwords.txt your compromised server can instead point them to a file on their C: partition, such as c:\boot.ini

The interesting thing would be if the user tried to delete \\honeypot\downloadme\passwords.txt and would instead delete their own boot.ini -- but tricking a user into deleting a file wouldn't be very easy.

The idea behind the HTML exploit using XMLHttpRequest is that the javascript on the HTML file could make a request to the mount point and get a file off of the C: drive -- however, as the code runs on the workstation and not the server the exploit could just as easily access the file directly without having to rely on the bug.

The same exploit running on a non-compromised server pointing directly to the local file would accomplish the same thing, and would actually be easier to implement. As such, labeling this as a "security bug" is stretching things a bit.

24
2

Broadband isn't broadband unless it's 25Mbps, mulls FCC boss

Donn Bly

Re: The heck with...

Broadband is a best effort service without a committed information rate. If you can a "minimum upload speed" then you have a committed rate, and it is no longer broadband. It make just as much sense to redefine "megabit" to something else. Come up with a new term and define it, invent a new word if necessary, but out officials need to quit trying to lie though obfuscation.

I'm tired of the government constantly changing definitions to apply rules and regulations to things to which the original rules and regulations were not intended to apply. Whether it is reclassifying broadband (originally 256K, now 4M, and soon 25M), a assault rifle (from fully automatic to an airsoft toy that looks "scary"), a drug lab (originally a complex and expensive refinery, now a soda bottle that you can stuff in your pocket), or the ever popular meaning of the word "is".

0
0

Dairy Queen cuts the waffle, says bank cards creamed in 395 eateries

Donn Bly

List not complete

The list of locations compromised, and the dates compromised, are larger than admitted.

On May 22 my daughters card was used at Dairy Queen in Auburn Indiana

On May 23 it was used at two online file sharing services to open accounts

The card was cancelled and a new card issued

On July 22 the new card was used at the same Daily Queen

On July 23 the new card was used to open accounts at two online sharing sites

The brand new card had only been used at 2 other locations prior to being used at Dairy Queen.

3
0

Windows 10's 'built-in keylogger'? Ha ha, says Microsoft – no, it just monitors your typing

Donn Bly
FAIL

Re: What if I'm testing forward compatibility for our bespoke software

If you are testing your software with sensitive, non-anonymized data, then it is your fault for violating the NDA and the ISO security standards.

3
4

Page:

Forums