"Melinda Shore" wrote in message
...
In article ,
Ted Mittelstaedt wrote:
As I am the chief technical head of an ISP I am pretty confident
in explaining this is unmitigated nonsense.

They know that. This was a gesture on Comcast's part and
showboating on Andrew Cuomo's. The media companies are all
over them.


The media companies saw a good thing going and as usual are
attempting to leverage it to FUD the general public away from
piracy. But they are johnny-come-latelys to this party.

In order to "detect" anything you have to examine all that data going
through the "wire" in the ISP.

Well, yes and no. There are several different approaches to
the problem, only a few of which require observing all the
data in a given flow.


A simplification. You must observe all packets in a link for
this to work, you may not have to inspect the entire contents
of each packet, only the ones of interest. But you do have to
examine every packet to see if it's a packet of interest.

Further, when you have redundant paths in the large backbones
there is no guarentee that all the packets in a given flow are going
to even be present on any given wire.

Also, most backbones engage extensively in peering. In a peering
arraingement much of the traffic on your wires isn't even owned
by you and you almost certainly don't have any contractural
permission to sniff it.

Well, the ISP's are currently MERELY
ROUTING that data (and all routing does is take the traffic from one
wire and send it out to another) with hardware that costs in the $100K
range - for a single device, not including the yearly service contracts -
and any ISP has to spare out routers, besides.

I believe the argument is that ISPs are making money by
selling services that include allowing users to move data.
And if you're doing any firewalling at all you're already
filtering content.


No backbones do any firewalling or filtering in the
core for the reasons I cited. Anyone doing filtering (ie: port 25
filters and suchlike) is doing it at the edges, both because
the reduced traffic volume makes it possible, and because
your only passing your own traffic there.

But that simply leads to a vast multiplication of these content
filters your talking about so the expense is even greater to
deploy something like this.

So to build this content filter, you START with at least of $100K of
hardware JUST TO MOVE THE TRAFFIC. Then add lots and lots
and lots of more CPU processing power to look inside the traffic
and examine it. And since this magical mythical filtering box that
doesen't currently exist [ ... ]

It does exist, actually, and we're working on applications
of fast filtering technology. We know how to do extremely
fast filtering.

Not at the traffic flows present in the backbones. When Juniper
starts releasing product that will do it, I'll take notice, until
then, it's just wishful thinking, or end-node technology only.

The issues here have less to do with
technology than it does with the business case and right now
there's not a business case for ISPs to do this. This may
or may not change depending on changes in the regulatory and
legal environment as well as whether or not ISPs want to get
into the business of selling content themselves (detect
protected content, offer the user the opportunity to buy it
legally with the ISP brokering it).


That idea has been kicking around the industry for a
couple years now. If film people would quit being so
ego-centric they would understand that this would never
fly - with the possible exception of the cable company
ISPs. Frankly I'd love that - every time that Comcast
does another trick like this, we get more DSL subscribers
from people fleeing Comcast.

And, knowing the cable companies they will only
do this if the movie studios foot the bill for installation and
maintainence of the equipment and pay them some sort
of monthly fee. But I guarentee that people will get around it.
If nothing else, you will seeing people setting up a video camera
to record the movie off the HDTV which will introduce enough
fuzziness and deviate the work so far from the original that
your filtering won't pick it up.

Even today I'm starting to see more and more distribution of
encryption keys along with the locations on rapidfile.com and
others. Your not going to be able to detect a work if it's
encrypted.

But, fundamentally the reason this will never work is the
film industry basically wants ISP's to become movie
distributors - but everyone else and their dog now is
already a movie distributor. I stop at the gas station and
walk in to pay the bill and there's DVD's behind the counter.
I stop at a fast-food joint and theres Redbox spitting out
DVD's for a buck and used DVD's for seven bucks. I
pick up my dry cleaning and there's
a coupon for a free DVD. My kid's school fund raisers
sell DVDs among other things. And now the film business
wants the ISPs to compete against all of those other people.
Why would an ISP subscriber pulling down a bittorrent of
"WALL-E" be willing to pay an ISP $5 for it, when they
can pay $15 for the DVD which comes on media that
isn't dye-based (and thus vanishes in 5 years) and comes
in a nice box with a pretty picture that fits on the shelf?
And why would the Walmarts of the world tolerate the
film studios allowing the ISP's to so severely undercut
their prices?

The regulatory situation is, clearly, very different in
other countries than in the US.

Only governments have that kind of money - the only filtering of
this magnitude currently going on on the Internet are the secret black
boxes the NSA puts on the overseas Internet links to look for
spies sending data - and overseas links carry a far less amount of
data than domestic links.

Wow. Ted! That's a little incorrect, don't you think?

Well, I forgot China and the Arab countries various political offices
and their filters, but I was speaking mainly of the US at that point.

But China is a whole nother can of worms - heck, their economy
runs off pirating I.P. I just don't see that they would be the least
interested in helping the movie studios get more legitimate copies of
their works out into the hands of the public. Rather, the reverse seems
to be the case.

My gut feeling is the film industry is going to have to rework the
way they distribute films entirely to where the profit is not made
in the distribution of the copies, but elsewhere in the system of
providing movies to the public. Years ago when the film studios
directly owned most of the movie theatres that was more the
case - then the studios sold off the theatres and decided to
make the money on the films. Just brainstorming here, but
why not allow every bona-fied purchaser of a movie to get a
code inside their DVD box that they can punch in to a website
that will paper-mail them a $5-off ticket price to the next
first-run movie in the theatre? Or allows them to login to
a special website that they can vote on possible storyboard
ideas for the sequel of the movie - and the majority votes
determine the movie story, rather than the movie director?

Ted

In article ,
Ted Mittelstaedt wrote:
The media companies saw a good thing going and as usual are
attempting to leverage it to FUD the general public away from
piracy. But they are johnny-come-latelys to this party.

Well, they're losing a lot of revenue. They've made some
poor decisions about distribution models but that really
doesn't justify stealing from them. There's certainly
precedent for ISPs to be required by law to capture some
data and turn it over to law enforcement. I think that's
probably the correct model for dealing with pirates, but
whatever. I'm an arms dealer in this war and don't identify
with either side particularly strongly.

A simplification. You must observe all packets in a link for
this to work, you may not have to inspect the entire contents
of each packet, only the ones of interest. But you do have to
examine every packet to see if it's a packet of interest.

The expense associated with packet inspection on hardware
that does packet inspection comes from "deep packet"
inspection and stateful inspection at variable offsets. You
only perform that kind of inspection in a subset of a
particular stream before determining that it is or is not of
interest. There is more to it than that, in terms of the
capabilities of the hardware, but not that changes the basic
description.

Further, when you have redundant paths in the large backbones

Well, that's your problem. Part of your problem, anyway.
There's no interest in putting these things on backbones.
You're making some architectural assumptions that are simply
incorrect. I wonder why you didn't think about the various
possibilities for sensor placement rather than jumping to
conclusions and focusing on one design that's flat wrong.

Kidding! I don't wonder.

I'll note that while you go on and on and on and on and on
and on and on and jesus christ do you go on and on, you
failed to identify the actual problem with the proposal. At
some point people involved in piracy are going to figure out
how to do encryption in a non-moronic way. Impressive,
*Ted!*
--
Melinda Shore - Software longa, hardware brevis -

Prouder than ever to be a member of the reality-based community

"Melinda Shore" wrote in message
...

I'll note that while you go on and on and on and on and on
and on and on and jesus christ do you go on and on, you
failed to identify the actual problem with the proposal. At
some point people involved in piracy are going to figure out
how to do encryption in a non-moronic way. Impressive,
*Ted!*

Uh, reread my last post:

"...Even today I'm starting to see more and more distribution of
encryption keys along with the locations on rapidfile.com and
others. Your not going to be able to detect a work if it's
encrypted...."

As for the rest of it - hey, have at it. Obviously you are positive
that the Internet works a particular way, you aren't interested in
finding out from people who actually run it how exactly it DOES
work, and you have a clear idea of what you want to build and
your slavering to build it. Great! Go do it! Then 3 years from now
when the idea has been ashcanned due to never working, maybe
Cisco will come along and buy the technology for pennies and
cherry pick the good bits out of it.

If you really want to build something that works, I would think
that you would want to put up your proposal in a public place
and beg very experienced people to pick it to pieces. Then
you would rework the parts that were explained wouldn't work,
and ask for the revised proposal to be picked apart again.

After a few iterations of that, you probably would have a
product that might actually work. But of course, it would be
a NIH product, and it sounds to me like that would be intolerable
to whoever is paying you to build this thing.

Ted

In article ,
Ted Mittelstaedt wrote:
As for the rest of it - hey, have at it. Obviously you are positive
that the Internet works a particular way, you aren't interested in
finding out from people who actually run it how exactly it DOES
work,

Hey, *Ted!*, I've written networking code you're almost
certainl running, I've chaired several working groups in the
IETF as well as the VoIP security group in the European
Telecommunications Standards Institute (where I also was a
member of the IP Camarilla in the TC SEC Lawful Intercept
Committee). Technology I developed has been standardized by
the ITU-T and PacketCable to support wiretap on cable
networks (thank you, thank you very much, I'm always pleased
to be of assistance to the community), and I work for a
company that basically prostitutes itself to its customers -
we pretty much don't build anything unless we've got
customers lined up in advance. I think we're in pretty good
shape on this one.

And, need I point out, I'm not the one who's working with
architectural models that range somewhere between faulty and
flat wrong, and that I'm not the one posting lengthy rants
based on incorrect assumptions. That is to say, I think I
have a lot better control over my argument than you've got
over yours, and if I were you I'd take my argument, sit it
down, and tell it to pull itself together. It's bordering
on the hysterical.
--
Melinda Shore - Software longa, hardware brevis -

Prouder than ever to be a member of the reality-based community

"Melinda Shore" wrote in message
...
In article ,
Ted Mittelstaedt wrote:
As for the rest of it - hey, have at it. Obviously you are positive
that the Internet works a particular way, you aren't interested in
finding out from people who actually run it how exactly it DOES
work,

Hey, *Ted!*, I've written networking code you're almost
certainl running,

Heh - I've never seen your name on any of -my- IOS loads.

And no, we don't run Lawful Intercept. The 12.3/12.4
code is terribly bloated. I keep trying it every once in a
while, but so far 12.2 still works better on our stuff. We only
run the 12.4 on 1800/2800 stuff at customer sites.

I've chaired several working groups in the
IETF as well as the VoIP security group in the European
Telecommunications Standards Institute (where I also was a
member of the IP Camarilla in the TC SEC Lawful Intercept
Committee). Technology I developed has been standardized by
the ITU-T and PacketCable to support wiretap on cable
networks (thank you, thank you very much, I'm always pleased
to be of assistance to the community),

Ah yes. Cisco loves those cable companies. My employer doesen't
sell cable they sell DSL. Nor are they a phone company nor do they sell
dialtone.

I'm sure it would make life easier for
a lot of people if the Internet collapsed into 4 or 5 "retail" ISPs
run by the RBOCS and the cable companies. No wonder you don't
like my posts.

and I work for a
company that basically prostitutes itself to its customers -
we pretty much don't build anything unless we've got
customers lined up in advance.

Why did Cisco buy Linksys, then?

I think we're in pretty good
shape on this one.


Except that Cisco lost the core router market to Juniper
years ago. The company is losing it's focus on what
the Internet really is. At one time they understood the
Internet was a community. Now they just want to bleed
money out of it.

And, need I point out, I'm not the one who's working with
architectural models that range somewhere between faulty and
flat wrong, and that I'm not the one posting lengthy rants
based on incorrect assumptions. That is to say, I think I
have a lot better control over my argument than you've got
over yours,

And, what is your argument, exactly? It seems to be that
somehow your employer is going to figure out how to
bribe/lobby the US government to require all ISPs who
aren't running voice (and thus subject to wiretapping requirements)
to pay lots of money to your employer for black boxes
that will make the MPAA real happy. And this is a Good Thing!

Ted

In article ,
Ted Mittelstaedt wrote:
Heh - I've never seen your name on any of -my- IOS loads.

I've never written IOS code. I'm referring to BSD code that
was picked up for inclusion in other Unix distributions and
eventually in Windows.

Ah yes. Cisco loves those cable companies.

We love our customers.

My employer doesen't
sell cable they sell DSL. Nor are they a phone company nor do they sell
dialtone.

What does that have to do with anything?
--
Melinda Shore - Software longa, hardware brevis -

Prouder than ever to be a member of the reality-based community