Feeds

Dismantling a Religion: The EFF's Faith-Based Internet

An Expert View

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

The Electronic Frontier Foundation likes to portray the internet as under attack. But the activist group is doing more to imperil its future than any of its favourite targets.

The latest salvo in the utopians' war is a report on Comcast's traffic management policies. It's an amazingly conflicted piece of work, bristling with fierce language (the term "forgery" is used 33 times in ten pages), but very light on substance.

At least the authors - attorney Fred von Lohmann, copyright specialist Peter Eckersley, and computer guy Seth Schoen - concede that Comcast has a legitimate interest in controlling bandwidth hogs.

"It is true that some broadband users send and receive a lot more traffic than others, and that interfering with their traffic can reduce congestion for an ISP," they write. Which leaves them, ultimately, only quibbling over the methods the cable giant uses.

Their complaint consists of a laundry list of suggested alternative mechanisms for dealing with congestion, that are either unworkable or only trivially different from the "Reset Spoofing" technique Comcast uses.

(Reset spoofing merely rations the number of Bittorrent seeding sessions a user can offer to the internet at a given time. It doesn't affect BitTorrent downloads, and in fact improves them for most users.)

Among the EFF's suggestions we find:

[Comcast] can set a limit on the amount of data per second that any user can transmit on the network. They can also set these limits on a dynamic basis, so that (1) the limits are gradually relaxed as the network becomes less congested and vice-versa and (2) so that the limits primarily slow the traffic of users who are downloading large to very large files that take minutes to transfer.

Here, the EFF confuses upload and download issues, erroneously assuming that cable modem (DOCSIS) networks have the same capabilities for managing upstream flows that they have for downstream ones - a serious error.

DOCSIS networks are grafted onto systems that were built to deliver analog television programs. They employ separate frequency channels for upstream and downstream traffic, and manage them very differently. In the downstream direction, where the cable company's CMTS controller is the only transmitter, traffic can indeed be managed dynamically and usage-sensitive limits used. This is the cable company's equipment and they can manage it as they see fit. Upstream traffic is completely different, however; it comes from multiple transmitters using equipment they may either own outright or lease from the cable company.

The multiple transmitter problem is thorny. While computers operating on other shared-cable systems such as co-ax Ethernet could see whether anyone else was transmitting before jumping on the cable, DOCSIS transmitters are unable to do so because of the separation of transmit and receive channels. The best they can do is wait for a time synchronisation message, take a random guess, and pray that their message (initially a request for bandwidth to the CMTS) will be transmitted successfully. If their prayer is answered, they're given a reserved time slot and everybody's happy. If their request for bandwidth collides with another computer's request for bandwidth, nothing happens and both have to try again, after a suitable delay.

The issue that destabilises cable modem networks is not strictly related to bandwidth: a lot of short packets are worse for the network than a smaller number of large packets consuming more bandwidth.

That's why the EFF's suggestion about dynamic bandwidth caps, even if it were possible to implement, wouldn't solve the problem. But it's not possible to implement in any case: DOCSIS 1.1 cable modems accept a hard bandwidth limit when they boot up and attach to the network for the first time, but it remains in place until the next reboot. This limit has to be set reasonably high (384 kbit/s) in order to provide good performance for the short bursts of traffic that are characteristic of web browsing and gaming. It should probably be supplemented by more sophisticated controls, and will be someday.

But for now, DOCSIS is what it is and does what it does, and no amount of screaming "forgery" is going to change it. Besides, the customers who've purchased their own DOCSIS modems shouldn't be treated as badly as the people who bought last year's Mac.

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
It's GOOD to get RAIN on your upgrade parade: Crucial M550 1TB SSD
Performance tweaks and power savings – what's not to like?
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
IBM rides nightmarish hardware landscape on OpenPOWER Consortium raft
Google mulls 'third-generation of warehouse-scale computing' on Big Blue's open chips
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.