[AusNOG] Conroy announcement on filtering

Adrian Chadd adrian at creative.net.au
Tue Dec 15 17:45:52 EST 2009 

10 CLS
20 PRINT "Do not attack this at a technical level."
30 GOTO 20

You can implement transparent HTTP interception and filtering with
no discernable increase in latency. You can implement the HTTP
filtering without slowing down busy sites when they're filtered
(eg the UK debacle when they filtered a specific corner of
wikipedia.) The fact that there have been public failures does not
mean this is technically infeasible, it means the companies
involved in implementing the filtering are doing the bare minimum
needed to meet the goal, rather than engineering it for a much
wider possible set of behaviours.

I've said this before and I'll say it again - currently generation
commodity PC hardware can and will forward > 1 gigabit of small
HTTP transactions with no noticable increase in latency when compared
to typical WAN delays (eg, when your link latency is already on the
order of a few milliseconds and the remote server is on the order
of a few tens of milliseconds.) About the only thing people tend to
misimplement/ignore is HTTP pipelining and -that- increasingly shows up
when doing HTTP latency testing (hi Javascript/AJAX and Flash applets!)

Current generation non-desktop hardware is most likely capable of
handling at least 4 gigabits of small HTTP objects, perhaps more if
you bother dumping work into parallelising the relevant NIC driver
and handling small packets more effectively.

Don't attack this at a technical level, or I'll just get off my
ass and solve it in FOSS at a technical level just to make sure
focus is shifted where it should be - ie, elsewhere.

2c,


Adrian

On Tue, Dec 15, 2009, Damien Gardner Jnr wrote:
> On 15/12/2009, at 3:42 PM, Roddy Strachan wrote:
> 
> >http://www.minister.dbcde.gov.au/media/media_releases/2009/115
> 
> Hrrm, so ISP's are going to start *having* to do transparent  
> proxying?  Does that mean every time anyone's web browsing seems a bit  
> slow, they can phone their ISP to complain? ;)
> 
> Hrrm, wonder how many complaints it'll take before the ISP's tell the  
> govt to shove it?  (and quite seriously here.. If the big ISPs turn  
> around and tell the govt that it's not economically feasible because  
> of the extra support required, can the govt really do anything except  
> back down and go hide in a corner?)
> 
> At home I pay the extra dosh to a 'real' ISP, rather than one of the  
> cheapo mobs like dodo or TPG, because I *hate* transparent proxies  
> with a vengeance - they're a web developer's nightmare, and just  
> generally horrible things to do anything but basic web browsing  
> through (seriously, HTTP isn't the only thing that runs over port 80!)  
> - and now the govt is legislating that my home internet connection HAS  
> to have a transparent proxy?? I shudder to think of the hassle it's  
> going to be for ISP's to implement this filtering??  Even assuming  
> it's done as I remember one of the ISP's did in the trial, and only  
> redirect traffic for IP's that blocked sites are hosted on, to capture  
> just those site's, that's still a fair bit of extra processing on the  
> routers, let alone having to also manage it at the proxy?
> 
> And the folks that *want* to look at this stuff are just going to use  
> one of the thousands of open proxies, or their $15/month linode to get  
> past the blocks anyway!
> 
> Don't get me wrong, I'm all for making sure our kids can't access  
> nasty stuff, but that's for me to do at home with the kids' segment of  
> the network (when they're old enough - their notebooks are just sleep- 
> time music, and audio monitors at the moment!), not for the govt to  
> force on us at the ISP level?!
> 
> Cheers,
> 
> DG
> 
> 
> Damien Gardner Jnr
> VK2TDG. Dip EE. GradIEAust
> rendrag at rendrag.net -  http://www.rendrag.net/
> --
> We rode on the winds of the rising storm,
>  We ran to the sounds of thunder.
> We danced among the lightning bolts,
>  and tore the world asunder
> 

> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $24/pm+GST entry-level VPSes w/ capped bandwidth charges available in WA -

More information about the AusNOG mailing list