<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>On 15/12/2009, at 5:45 PM, Adrian Chadd wrote:</div><blockquote type="cite"><div>10 CLS<br>20 PRINT "Do not attack this at a technical level."<br>30 GOTO 20<font class="Apple-style-span" color="#000000"><font class="Apple-style-span" color="#144FAE"><br></font></font></div></blockquote><div><br></div>*grin*</div><div><br><blockquote type="cite"><div>You can implement transparent HTTP interception and filtering with<br>no discernable increase in latency. You can implement the HTTP<br>filtering without slowing down busy sites when they're filtered<br>(eg the UK debacle when they filtered a specific corner of<br>wikipedia.) The fact that there have been public failures does not<br>mean this is technically infeasible, it means the companies<br>involved in implementing the filtering are doing the bare minimum<br>needed to meet the goal, rather than engineering it for a much<br>wider possible set of behaviours.<br></div></blockquote><div><br></div><div>I guess I'm not so concerned with latency, as doing horrid things with caching (we had one site where we had to basically force every php page load to append a ?blah=$randomnumber because a certain adelaide ISP (no, it wasn't 'node :) ) was caching so hard that they were ignoring no-cache and expiry headers!), and with expecting *HTTP* to be spoken on port 80.. Flash media server is one very common example of traffic on port 80 being both HTTP, and proprietary FMS-talk..</div><div><br></div><blockquote type="cite"><div>Don't attack this at a technical level, or I'll just get off my<br>ass and solve it in FOSS at a technical level just to make sure<br>focus is shifted where it should be - ie, elsewhere.<font class="Apple-style-span" color="#000000"><font class="Apple-style-span" color="#144FAE"><br></font></font></div></blockquote><div><br></div>For me at least, the issue is at a technical level (ok, yes, it's at other levels, but I can work around the actual restriction of my browsing by simply opening safari which is already set to tunnel through one of my linodes) - I can see my support calls going through the roof from real estate agents whose live video streaming from their house auctions have stopped working for some random bidder, because that bidder is on some cheapo ISP who just forces all port 80 traffic through squid, without having it setup 'properly' (aka so that squid recognises non-http, and grabs the destination address from the OS kernel and just acts as a plain TCP proxy..).. Maybe this isn't an issue anymore, but it was 2 or so years?</div><div><br></div><div>Cheers,</div><div><br></div><div>DG</div><div><br></div><div><span class="Apple-style-span" style="font-size: 12px; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Damien Gardner Jnr<br>VK2TDG. Dip EE. GradIEAust<br><a href="mailto:rendrag@rendrag.net">rendrag@rendrag.net</a> - <a href="http://www.rendrag.net/">http://www.rendrag.net/</a><br>--<br>We rode on the winds of the rising storm,<br> We ran to the sounds of thunder.<br>We danced among the lightning bolts,<br> and tore the world asunder</div><div><br></div></div></span></div></body></html>