Thursday, November 20. 2008
....(thank you for that gem of perception Mrs Gump).
As someone who makes no attempt at hiding his total contempt for the complete stupidity of the current bunch of morons posing as a federal government in Canberra, even I have to recognise that in a democratic society enough people voted, presumably after carefully considering what they were doing, to empower what must be the dumbest ever collection of uneducated no-hopers to make decisions on their behalf.
My own credentials for labeling Stupid Stephen and Crazy Kevin as totally clueless in terms of comprehending either the fabric or delivery of the internet in Australia go back to the day after those bozos were elected - so nothing I say here is of the 'Johnny come lately' bandwagon joiners such as the most recent people to spit the dummy on that pair of moron's stupidities. Michael Malone for instance:
Oh dear - poor love - he's wasted his time and money on his posturing via the Terria bid (what a total piece of nonsensical 'wankery' that was!) and now he's setting himself up as the chief posturer on the other election sound bite 'policy' of Internet filtering. Perhaps someone should tell him that he wasn't elected to any government position and he can't make arbitrary decisions about popularly supported elections issues - it's called DEMOCRACY - not geekish elitism (if you can actually use those two words together).
Irrespective of what Mr Malone, or anyone else thinks or says, 50.0000001% (or whatever it was) of the people who voted in the last election voted for the people who promised them an NBN and the end of (child) pornography web access. They also voted for a whole raft of other lunacies that the Labor left apparatchiks put forward which are actually even more stupid than the National Broadband Nightmare and "no child will be able to access web pornography by December 2009" - the Dudd must be channeling that previous Labor Idiot - Bob Hawke as to who can be remembered for making the most irresponsible comment by an Australian Prime Minister.
So back to Mr Malone's pointless posturing - I particularly liked:
"We're going to participate in the trials because we intend to break it."
Oh dear - sorry love - nothing that you/iinet do (nor what anyone else does) is going to break anything or demonstrate anything that is meaningful in any way. What Krudd and SS want actually can be done, more or less, for the targets they are aiming at - being the children and young adults known to or associated with the cross bench Senators they have promised to do this for. It's politics - stupid; it has nothing to do with what you/your technical advisers either know or believe they know and, contrary to the statements in the referenced article, it is quite possible to 'filter out' even quite determined access to any web site, and again contrary to the comments in the referenced article, it's quite possible to block access to any specific type/stream/user list traffic if someone with the authority (like the Federal Government who have passed the appropriate legislation) authorises that to happen.
Of course, you can pass legislation and deploy a police force to ensure the legislation is enforced but that won't stop drug dealing, car theft, burglary or rape - or access to child pornography via the internet. It will reduce it.
Similarly you are quite correct that no legislation and the subsequent enforcement of that legislation will eliminate the exchange of child pornography but, unless I have misunderstood what SS and CK are saying they have a mandate to do, they aren't claiming what you are putting in their mouths (and, bear in mind, this criticism of your childish 'straw man' umbrage is coming from someone who believes those two people's every utterances are complete hog wash).
As Steve W has pointed out in his blog, any IP address can be null routed which will prevent any 'casual user' from inadvertently reaching that IP address's contents - which as I understand it is the purpose of the exercise - not what you are claiming it to be. Achieving the ability to eliminate all but determined access to a list of web sites will meet the important Senators' requirements and allow SS and Krudd to point out that they've delivered on their election promise without any cost to any ISP (including iinet) or the tax payer and without slowing down any other traffic in any way.
Will this mythical list being null routed prevent 'determined' access to a child pornography distribution ring's hideous content? - of course not - but how many children and teenagers are going to know how to access those secretive sources? How many of them who do know how to do that are not already corrupted beyond redemption by the total failure of every other aspect of their upbringing to date?
Simple answer - none.
"What's good for a six year old boy is not going to work for a 15 year old girl who needs to do research for high school assignments. A one-size fits all approach to filtering will never work," Mr Malone said.
What a truly pathetic piece of plain misinformation cloaked in sanctimonious grandstanding. Null routing will almost certainly block some incredibly minute (to the point of being beyond calculation) number of "non child pornography" related content but that's completely irrelevant as you would well know.
So - null routing (a no cost/no traffic delay) "solution" will do everything that SS and CK claimed it will in their election 'manifesto' and, of course, it will not in any way interfere with the sick minded people who use the internet to traffic their filth. But then it was never intended to.
If the Federal Government wanted to go further then, despite the comment that:
"Mr Malone said that the $44 million the Government is purporting to spend on ISP filtering would not be nearly enough to cover Australia's more than 700 ISPs".
If you understood current DPI technology and how to write the associated scripts related to the tracking/blocking/diverting of particular types of data and particular destination or source addresses (should the Federal Government actually have that information which I wouldn't be able to comment on) then you would, or at least should, know that you can, with minor speed degradation that would be unnoticeable to any user other than the measurement fanatics, prevent even the most closely guarded traffic from reaching its destination (as well, of course, of actually detecting it's true source - something that a determined authority might find much more cost effective in "fighting the war on child pornography" that current expenditures are failing to do).
I may well be wrong, I often am, but I would put the cost of using the next generation of DPI based equipment at something like a once off cost of 50 cents per internet user - which, probably by total coincidence, would be around the $A44 million currently estimated for the purpose.
Personally, I think the whole concept of any government wielding such total control of what its electorate can and can't access is abhorrent and only truly stupid people (a title for which SS and CK clearly qualify) would even think of inflicting such dangerous controls in a democracy.
However to attempt to say that it COULDN'T be done TECHNICALLY and at a REASONABLE COST is just as stupid as the people who say they want to do it in the first place.
So - I guess iinet will go ahead and try and "wreck" this stupid trial (perhaps Mr Malone has mistaken his importance in the country's decison making hierarchy and he thinks HE is the elected governent from the way he speaks?) - Exetel will try and show them that null routing will achieve all their political intentions (as regards the cross bench Senators) even if this means helping them wriggle off the hook of one of their more senseless election winning inanities. It will be better to null route (at no dollar or speed cost) a few thousand web sites than have inflicted either your or their ideas of how packet control should be deployed.
PS: I guess it just isn't Michael Malone's day:
Not only is it becoming clearer to him that doesn't he run the Federal Government his outspoken legal interpretations have allowed his company the opportunity to spend a lot of money seeing if he is right in his legal views too.
Display comments as (Linear | Threaded)
You might want to fix the ITWire hyperlink in your post. It's currently pointing to a 404 Not Found.
On the issue of null routing, Internode's Mark Newton points out that:
"Of all the techniques available, this one has one of the highest false-positive rates. Once a virtual server on a shared IP address is blackholed, all the other virtual servers on the same IP address become unreachable too.
"Large content hosting environments running servers behind layer-4 switches can have literally tens of thousands of web sites sitting behind a single IP address. When any one of those is blackholed, all the others are rendered unreachable too."
So my understanding is that far from only blocking a minute number of websites, it could wipe out huge swathes of quite legitimate content.
I do note that you're anti cleanfeed and are just exploring solutions should it become law. But it just looks totally unworkable.
The link works for me.
Null routing has never produced that effect in our experience.
If you think about it for more than a few seconds you might form a different view of the inherent illogic in such a statement.
Then again.....you might be quite correct.
This is true. Content distribution networks which are used for caching and load balancing share IP addresses for many hostnames.
The big issue for me is who will be policing the list. This might be about childporn today, but then soon enough politically inconvenient material will be added to the list.
(Not that I'm worried as I have the ability to use VPN tunnelling to colocated servers overseas to browse whatever the hell I want, but I am worried for my compatriots.)
The ITwire link actually points to http://johnl.blogs.exetel.com.au/v on my browser.
I work for a company that provides filtering services to schools, and one of the things that amazed me when I started was the speed at which students will discover and share new anonymous proxies that exist to get around the already existing filters.
We plan to join the trial, and one of the things I want to look at is how many of the blocked URL's point to vhost machines that should otherwise be allowed. I'm sure the vast majoity don't, but I would be surprised if it's all.
I, along with everyone else who comes from the 'industry' and has children, fully understand that "children" are familiar with a huge nummer of ways of finding the most incredible filth on the internet and will easily find there way round any 'road blocks'.
However - that isn't the point - at least as I understand it.
Such children are already irredeemably "corrupted" if they use those skills to access child pornography sites - they are already "lost" through inept or criminal parenting and inept and criminal education.
The point of 'filtering initiatives' is to prevent'easy' access to filth sites - at least that's my understanding.
Federal and State laws haven't prevented rape, theft or unlawful violence - does that mean legislators should stop trying to bring more order to our socities?
(or I would have thought it was obvious).
A few geeks/ISP CEOs grandstanding their pathetic knowledge of simple traffic manipulation is irrelevant.
While null routing isn't a significant load on routers, as others have mentioned, identifying a web and other content via a single IP address isn't effective anymore. Organisations who administer the Internet's resources, such as APNIC, have been strongly encouraging web hosting entities to use "name-based" hosting (i.e. the supplied URL is used to determin the web content to reply with), rather than IP address based hosting, since 2000. You can see discussing of the issues here:
To say it isn't effective is not exactly correct - the IP block will certainly prevent access to the intended site, and also to any other site sharing that hosts IP address. So perhaps 'overly effective' would be a better way to phrase it.
I consider an effective solution one that solves the problem it's attempting to to solve it well and completely. The solution should not cause external effects outside of the scope of the problem, or, if it does, those effects are not negative (e.g. has unintended consequences, incurs external costs etc.) to the system that the problem and the solution is surrounded by.
Null routing does not solve the problem of filtering Internet content. It only solves the problem of preventing access to an IP address. Null routing only partially solves the problem of trying to filter Internet content, and should it be used, it has negative impacts to systems outside the problem it's trying to solve - it may also prevent access to quite legitimate and legal content.
"Overly effective" implies that the solution is doing more than it should. IOW, the solution is either using up more resources than necessary (e.g. time, money, energy etc.), or having effects that are greater than what is required. If those effects are neutral, the solution is still excessive, and maybe a less resource intensive solution exists, or maybe no effective solution exists. If the effects outside of the problem being solved are negative, then the solution is also excessive. An "overly effective" solution isn't actually effective at solving the problem.
External PHP Application