[AusNOG] Conroy announcement on filtering

Damien Gardner Jnr rendrag at rendrag.net
Tue Dec 15 18:05:21 EST 2009


On 15/12/2009, at 5:45 PM, Adrian Chadd wrote:
> 10 CLS
> 20 PRINT "Do not attack this at a technical level."
> 30 GOTO 20

*grin*

> You can implement transparent HTTP interception and filtering with
> no discernable increase in latency. You can implement the HTTP
> filtering without slowing down busy sites when they're filtered
> (eg the UK debacle when they filtered a specific corner of
> wikipedia.) The fact that there have been public failures does not
> mean this is technically infeasible, it means the companies
> involved in implementing the filtering are doing the bare minimum
> needed to meet the goal, rather than engineering it for a much
> wider possible set of behaviours.

I guess I'm not so concerned with latency, as doing horrid things with  
caching (we had one site where we had to basically force every php  
page load to append a ?blah=$randomnumber because a certain adelaide  
ISP (no, it wasn't 'node :) ) was caching so hard that they were  
ignoring no-cache and expiry headers!), and with expecting *HTTP* to  
be spoken on port 80..  Flash media server is one very common example  
of traffic on port 80 being both HTTP, and proprietary FMS-talk..

> Don't attack this at a technical level, or I'll just get off my
> ass and solve it in FOSS at a technical level just to make sure
> focus is shifted where it should be - ie, elsewhere.

For me at least, the issue is at a technical level (ok, yes, it's at  
other levels, but I can work around the actual restriction of my  
browsing by simply opening safari which is already set to tunnel  
through one of my linodes) - I can see my support calls going through  
the roof from real estate agents whose live video streaming from their  
house auctions have stopped working for some random bidder, because  
that bidder is on some cheapo ISP who just forces all port 80 traffic  
through squid, without having it setup 'properly'  (aka so that squid  
recognises non-http, and grabs the destination address from the OS  
kernel and just acts as a plain TCP proxy..)..  Maybe this isn't an  
issue anymore, but it was 2 or so years?

Cheers,

DG

Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net -  http://www.rendrag.net/
--
We rode on the winds of the rising storm,
  We ran to the sounds of thunder.
We danced among the lightning bolts,
  and tore the world asunder

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20091215/1a2f7127/attachment.html>


More information about the AusNOG mailing list