subject:"Re\: Impacts of Encryption Everywhere \(any solution\?\)"

On 30/May/18 22:49, Ben Cannon wrote:

> The reason you see one or two bars in inner cities in 2018, is that
> given fixed spectrum, bandwidth on the aggregate can only increase if
> you take many smaller lower power radios, and carpet the area with
> them.  
>
> The only other solutions are radically increase the power, or
> radically increase the width of the spectrum.

Not dissimilar problems with (SP) wi-fi scaling in dense applications.

My point is we don't generally have this issue in the major African
cities that I regularly visit, so any perspectives based on what the
U.S. may be going through cannot be wholesomely applied to other global
regions.

Mark.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-30 Thread Mike Hammett

*nods* The whole concept of SSL all of the things is severely misplaced... and 
the thread I caught exemplifies why. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Keith Medcalf"  
To: nanog@nanog.org 
Cc: "Mike Hammett"  
Sent: Monday, May 28, 2018 11:55:21 AM 
Subject: RE: Impacts of Encryption Everywhere (any solution?) 


>I'm also not foolish enough to think this thread will affect the 
>encrypt-everything crowd as it is more of a religion\ideology than a 
>practical matter. However, maybe it'll shed some light on technical 
>ways of dealing with this at the service-provider level or plant some 
>doubt in someone's mind the next time they think they need to encrypt 
>non-sensitive information. 

Good Luck, especially in light of the poo-for-brains at Google responsible for 
the Chrome browser who (wrongly) equate "secure" with Transport Encryption and 
"unsecure" with not having Transport Encryption; when all that Transport 
Encryption really implies is Transport Encryption and not much else. It has 
little to do with whether or not a site is "secure". Generally speaking, I have 
found that sites engaging Transport Security are much more "unsecure" (as in 
subject to security breaches and flaws) than those that do not engage Transport 
Security for no reason. 

However, the poo-for-brains crowd will get everyone to engage Transport 
Security so the will be called "Secure", whether trustworthy or not. 

--- 
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-30 Thread Ben Cannon

The reason you see one or two bars in inner cities in 2018, is that given fixed 
spectrum, bandwidth on the aggregate can only increase if you take many smaller 
lower power radios, and carpet the area with them.  

The only other solutions are radically increase the power, or radically 
increase the width of the spectrum.

-Ben

> On May 30, 2018, at 1:44 PM, Mark Tinka  wrote:
> 
> 
> 
> On 30/May/18 19:47, McBride, Mack wrote:
> 
>> Scott hit the nail on the head.
>> Hotel/café/mall wifi is generally horrible for the same reason urban 4g is 
>> horrible.
> 
> Urban 4G in Africa isn't that bad, actually. The factors are many - not all 
> users are on smart phones, or if they are, may default to 2G/3G more often 
> than 4G. Also, because data prices are not pocket-friendly in many cases, the 
> amount of time spent on the radio network for data is not significant.
> 
> On the other hand, I generally get poor coverage (i.e., 1 bar) even in urban 
> cities when I travel the U.S., particularly on AT, and sometimes, T-Mobile. 
> Never quite understood that, but I've been having a side discussion from this 
> thread with some mates that has shed some light, which makes a bit of sense 
> to me. So not sure if that's the issue you face, or if it's something else.
> 
> My point is while the technology has its intrinsic limitations, user patterns 
> and applications that differ between the developed and developing worlds may 
> have their part to play.
> 
> 
>> The backhaul and load on the available spectrum is usually excessive.
> 
> Spectrum, yes... see my previous response to K. Scott.
> 
> Backhaul isn't a major issue - pretty much, every MNO in Africa has their own 
> Metro and national fibre backbone; and in some cases, even their own 
> submarine backbone.
> 
> 
>> Carrier wifi is usually (but not always) equipped with decent backhaul.
> 
> Wi-fi offload has been attempted a few times by one or two MNO's in Africa. 
> But they can't decide between beta testing or launching. Bottom line is wi-fi 
> offload is not big in Africa, and yet the 3G/4G radio network is still able 
> to support traffic levels. I suspect it will become more popular as the radio 
> load increases, although one would say the MNO's are looking at 5G before 
> they consider wi-fi offload seriously.
> 
> 
>> However carrier wifi in stadiums usually suffers from problems with spectrum 
>> saturation.
>> Any wifi or 4G will eventually run out of available bandwidth on assigned 
>> spectrum.
>> Wifi has the advantage of being able to use smaller range restricted access 
>> points but
>> the stadium example shows why even that is limited when you have 40K people 
>> trying
>> to access the internet.
> 
> Agreed.
> 
> Mark.

Re: Impacts of Encryption Everywhere (any solution?)

On 30/May/18 19:47, McBride, Mack wrote:

> Scott hit the nail on the head.
>
> Hotel/café/mall wifi is generally horrible for the same reason urban
> 4g is horrible.
>

Urban 4G in Africa isn't that bad, actually. The factors are many - not
all users are on smart phones, or if they are, may default to 2G/3G more
often than 4G. Also, because data prices are not pocket-friendly in many
cases, the amount of time spent on the radio network for data is not
significant.

On the other hand, I generally get poor coverage (i.e., 1 bar) even in
urban cities when I travel the U.S., particularly on AT, and
sometimes, T-Mobile. Never quite understood that, but I've been having a
side discussion from this thread with some mates that has shed some
light, which makes a bit of sense to me. So not sure if that's the issue
you face, or if it's something else.

My point is while the technology has its intrinsic limitations, user
patterns and applications that differ between the developed and
developing worlds may have their part to play.

> The backhaul and load on the available spectrum is usually excessive.
>

Spectrum, yes... see my previous response to K. Scott.

Backhaul isn't a major issue - pretty much, every MNO in Africa has
their own Metro and national fibre backbone; and in some cases, even
their own submarine backbone.

> Carrier wifi is usually (but not always) equipped with decent backhaul.
>

Wi-fi offload has been attempted a few times by one or two MNO's in
Africa. But they can't decide between beta testing or launching. Bottom
line is wi-fi offload is not big in Africa, and yet the 3G/4G radio
network is still able to support traffic levels. I suspect it will
become more popular as the radio load increases, although one would say
the MNO's are looking at 5G before they consider wi-fi offload seriously.

> However carrier wifi in stadiums usually suffers from problems with
> spectrum saturation.
>
> Any wifi or 4G will eventually run out of available bandwidth on
> assigned spectrum.
>
> Wifi has the advantage of being able to use smaller range restricted
> access points but
>
> the stadium example shows why even that is limited when you have 40K
> people trying
>
> to access the internet.
>

Agreed.

Mark.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-30 Thread Ben Cannon

There are some interesting developments with sector (down to 30* or narrower) 
and multi-band, multi-radio, 4x4MIMO wifi gear lately.   Ubiquiti is making 
amazing strides in this space.  Watch 40k wifi connections in a stadium become 
the norm soon.

I disagree entirely, and counter that the residential traffic of a major city 
like San Francisco isn’t over a sustained 100GigE link or three.  There is 
ample backhaul and tremendous fiber bandwidth.  It’s just all in very slightly 
(sometimes by a block or less) the wrong places.  

For one, fiber is fixed and the audience is portable.  

But carrier backhaul solutions with last mile wireless delivery is going to 
continue to impress.

Watch this space.

(he says somewhat hypocritically over his gig symmetric GPON FTTH)

> On May 30, 2018, at 10:47 AM, McBride, Mack  
> wrote:
> 
> Scott hit the nail on the head.
> Hotel/café/mall wifi is generally horrible for the same reason urban 4g is 
> horrible.
> The backhaul and load on the available spectrum is usually excessive.
> Carrier wifi is usually (but not always) equipped with decent backhaul.
> However carrier wifi in stadiums usually suffers from problems with spectrum 
> saturation.
> Any wifi or 4G will eventually run out of available bandwidth on assigned 
> spectrum.
> Wifi has the advantage of being able to use smaller range restricted access 
> points but
> the stadium example shows why even that is limited when you have 40K people 
> trying
> to access the internet.
>  
> Mack
>  
> From: K. Scott Helms [mailto:kscott.he...@gmail.com] 
> Sent: Wednesday, May 30, 2018 11:10 AM
> To: mark.ti...@seacom.mu
> Cc: McBride, Mack ; b...@6by7.net; NANOG list 
> 
> Subject: Re: Impacts of Encryption Everywhere (any solution?)
>  
> Mark,
>  
> A couple of things, first that kind of utilization isn't feasible once 
> penetration rates in dense areas reach certain levels.  There's a reason that 
> NTT Docomo moved more than 70% of their data traffic to the 3.5 GHz band and 
> that reason is that there's not (nor will there be) enough wireless spectrum 
> to meet the needs of everyone with licensed space.  (That same use case is 
> why all the big North American providers are looking at CBRS.) Further, 4G/5G 
> is going to have trouble scaling to the kinds of network demands going 
> forward, again especially in dense areas.  While it's certainly possible 
> today to stream unicast video over LTE and will (for a while) even more 
> feasible over 5G the physics simply aren't with the wireless world.  
>  
> I'd say that your example of poor DSL performance isn't unique, it happens in 
> some spots in the US, but in general wired performance has much higher 
> individual and even higher aggregate capacities when correctly deployed.  I 
> doubt your hotel example is a poor deployment though, it's more likely that 
> the hotel owners are under paying for both the WAN connection and the WiFi 
> infrastructure.
>  
>  
> On Wed, May 30, 2018 at 1:01 PM Mark Tinka  <mailto:mark.ti...@seacom.mu>> wrote:
> 
> 
> On 30/May/18 17:11, McBride, Mack wrote:
> 
> > In high density urban areas last mile infrastructure (mostly copper) is 
> > considerably better than 4G. 
> > Localized carrier powered wifi is good as well but it is not and should not 
> > be confused with 4G.
> 
> I think it depends on what it is you're trying to do. If your
> application is linear IPTV streaming into your home, that probably isn't
> a great idea for any kind of non-wired media. On the other hand, in
> South Africa, where I live, it is routine to deliver video streaming
> services (Netflix, Youtube, ShowMax, e.t.c.) to one's home over 4G/LTE,
> to the extent that the service providers have special data plans that
> support these kinds of use-cases.
> 
> In South Africa, I generally find wi-fi in the hotels to be pretty bad,
> as the majority of them tend to be on ADSL backhaul, which averages
> between 1Mbps - 4Mbps to support several dozen or more rooms. A few
> hotels have migrated to fibre, but between guessing what last mile
> they're on and how they operate the wi-fi network, I ALWAYS prefer to
> tether my iPhone to my laptop and work when I'm on the road within the
> country. In all major cities, my 3G/4G performs a lot more reliably,
> better and predictably than most cafe, hotel or mall wi-fi. I don't even
> bother when hotels offer their wi-fi vouchers upon check-in.
> 
> With my 4G services (Vodacom and MTN), I can average between 30Mbps -
> 55Mbps when tethering, and that's plenty enough for me. I have a decent
> monthly data plan that I don't have to worry about running out. Of
> course, performance isn't as great if you're in a remote part of the
> country, b

Re: Impacts of Encryption Everywhere (any solution?)

On 30/May/18 19:10, K. Scott Helms wrote:

> Mark,
>
> A couple of things, first that kind of utilization isn't feasible once
> penetration rates in dense areas reach certain levels.  There's a
> reason that NTT Docomo moved more than 70% of their data traffic to
> the 3.5 GHz band and that reason is that there's not (nor will there
> be) enough wireless spectrum to meet the needs of everyone with
> licensed space.  (That same use case is why all the big North American
> providers are looking at CBRS.) Further, 4G/5G is going to have
> trouble scaling to the kinds of network demands going forward, again
> especially in dense areas.  While it's certainly possible today to
> stream unicast video over LTE and will (for a while) even more
> feasible over 5G the physics simply aren't with the wireless world. 

I don't disagree - fundamentally, one can't argue with the scalability
of wired media vs. any kind of wireless media. In (South) Africa, two
things are happening to scale out 4G:

  * Getting the regulators to issue new spectrum to MNO's. This is also
aided by the country's migration plans from analog to digital for
free-to-air TV, which will make new spectrum available for the
MNO's. However...

  * ... the above isn't moving at the pace the MNO's would like, which
is why they have become some of the most efficient mobile operators
in the world by re-farming existing spectrum and scaling that way.

>
> I'd say that your example of poor DSL performance isn't unique, it
> happens in some spots in the US,

As with the Internet, the technology is the technology regardless of
where it's applied in the world. ADSL scaling properties suffer in
Africa the same way they do in any other continent.

> but in general wired performance has much higher individual and even
> higher aggregate capacities /when correctly deployed./

No argument from me there. I use 3G/4G for data when I travel within the
country, as I mentioned before. When I'm at home, my FTTH service does
the job. When I'm in the office, my backbone does the job. Wireless will
never meet the demands, long-term, be it on 5G or 802.11ax. But for now,
3G/4G/LTE is the most appropriate technology for, pretty much, all of
Africa. And to be fair, it is not doing a half-bad job, across the board.

> /  /I doubt your hotel example is a poor deployment though, it's more
> likely that the hotel owners are under paying for both the WAN
> connection and the WiFi infrastructure.

I'm a network engineer - I can tell when the issue is a pretty bad wi-fi
setup, a pretty bad LAN switch, a pretty bad NAT44 translator, or a
pretty bad ISP.

I was in Paris in March for a conference, and I couldn't get the hotel
staff to understand that the problem with the hotel Internet was both a
combination of poorly deployed wi-fi on each floor + insufficient
capacity from their ISP. Their solution to me was, "Reboot your laptop
and check again".

I don't have the luxury of data roaming when I'm outside of South
Africa. When I'm in South Africa, tethering always works better, even
when the hotel wi-fi has moments of being decent.

Mark.

RE: Impacts of Encryption Everywhere (any solution?)

2018-05-30 Thread McBride, Mack

Scott hit the nail on the head.
Hotel/café/mall wifi is generally horrible for the same reason urban 4g is 
horrible.
The backhaul and load on the available spectrum is usually excessive.
Carrier wifi is usually (but not always) equipped with decent backhaul.
However carrier wifi in stadiums usually suffers from problems with spectrum 
saturation.
Any wifi or 4G will eventually run out of available bandwidth on assigned 
spectrum.
Wifi has the advantage of being able to use smaller range restricted access 
points but
the stadium example shows why even that is limited when you have 40K people 
trying
to access the internet.

Mack

From: K. Scott Helms [mailto:kscott.he...@gmail.com]
Sent: Wednesday, May 30, 2018 11:10 AM
To: mark.ti...@seacom.mu
Cc: McBride, Mack ; b...@6by7.net; NANOG list 

Subject: Re: Impacts of Encryption Everywhere (any solution?)

Mark,

A couple of things, first that kind of utilization isn't feasible once 
penetration rates in dense areas reach certain levels.  There's a reason that 
NTT Docomo moved more than 70% of their data traffic to the 3.5 GHz band and 
that reason is that there's not (nor will there be) enough wireless spectrum to 
meet the needs of everyone with licensed space.  (That same use case is why all 
the big North American providers are looking at CBRS.) Further, 4G/5G is going 
to have trouble scaling to the kinds of network demands going forward, again 
especially in dense areas.  While it's certainly possible today to stream 
unicast video over LTE and will (for a while) even more feasible over 5G the 
physics simply aren't with the wireless world.

I'd say that your example of poor DSL performance isn't unique, it happens in 
some spots in the US, but in general wired performance has much higher 
individual and even higher aggregate capacities when correctly deployed.  I 
doubt your hotel example is a poor deployment though, it's more likely that the 
hotel owners are under paying for both the WAN connection and the WiFi 
infrastructure.

On Wed, May 30, 2018 at 1:01 PM Mark Tinka 
mailto:mark.ti...@seacom.mu>> wrote:

On 30/May/18 17:11, McBride, Mack wrote:

> In high density urban areas last mile infrastructure (mostly copper) is 
> considerably better than 4G.
> Localized carrier powered wifi is good as well but it is not and should not 
> be confused with 4G.

I think it depends on what it is you're trying to do. If your
application is linear IPTV streaming into your home, that probably isn't
a great idea for any kind of non-wired media. On the other hand, in
South Africa, where I live, it is routine to deliver video streaming
services (Netflix, Youtube, ShowMax, e.t.c.) to one's home over 4G/LTE,
to the extent that the service providers have special data plans that
support these kinds of use-cases.

In South Africa, I generally find wi-fi in the hotels to be pretty bad,
as the majority of them tend to be on ADSL backhaul, which averages
between 1Mbps - 4Mbps to support several dozen or more rooms. A few
hotels have migrated to fibre, but between guessing what last mile
they're on and how they operate the wi-fi network, I ALWAYS prefer to
tether my iPhone to my laptop and work when I'm on the road within the
country. In all major cities, my 3G/4G performs a lot more reliably,
better and predictably than most cafe, hotel or mall wi-fi. I don't even
bother when hotels offer their wi-fi vouchers upon check-in.

With my 4G services (Vodacom and MTN), I can average between 30Mbps -
55Mbps when tethering, and that's plenty enough for me. I have a decent
monthly data plan that I don't have to worry about running out. Of
course, performance isn't as great if you're in a remote part of the
country, but that's not unique to South Africa.

Mark.
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-30 Thread K. Scott Helms

Mark,

A couple of things, first that kind of utilization isn't feasible once
penetration rates in dense areas reach certain levels.  There's a reason
that NTT Docomo moved more than 70% of their data traffic to the 3.5 GHz
band and that reason is that there's not (nor will there be) enough
wireless spectrum to meet the needs of everyone with licensed space.  (That
same use case is why all the big North American providers are looking at
CBRS.) Further, 4G/5G is going to have trouble scaling to the kinds of
network demands going forward, again especially in dense areas.  While it's
certainly possible today to stream unicast video over LTE and will (for a
while) even more feasible over 5G the physics simply aren't with the
wireless world.

I'd say that your example of poor DSL performance isn't unique, it happens
in some spots in the US, but in general wired performance has much higher
individual and even higher aggregate capacities *when correctly deployed.  *I
doubt your hotel example is a poor deployment though, it's more likely that
the hotel owners are under paying for both the WAN connection and the WiFi
infrastructure.

On Wed, May 30, 2018 at 1:01 PM Mark Tinka  wrote:

>
>
> On 30/May/18 17:11, McBride, Mack wrote:
>
> > In high density urban areas last mile infrastructure (mostly copper) is
> considerably better than 4G.
> > Localized carrier powered wifi is good as well but it is not and should
> not be confused with 4G.
>
> I think it depends on what it is you're trying to do. If your
> application is linear IPTV streaming into your home, that probably isn't
> a great idea for any kind of non-wired media. On the other hand, in
> South Africa, where I live, it is routine to deliver video streaming
> services (Netflix, Youtube, ShowMax, e.t.c.) to one's home over 4G/LTE,
> to the extent that the service providers have special data plans that
> support these kinds of use-cases.
>
> In South Africa, I generally find wi-fi in the hotels to be pretty bad,
> as the majority of them tend to be on ADSL backhaul, which averages
> between 1Mbps - 4Mbps to support several dozen or more rooms. A few
> hotels have migrated to fibre, but between guessing what last mile
> they're on and how they operate the wi-fi network, I ALWAYS prefer to
> tether my iPhone to my laptop and work when I'm on the road within the
> country. In all major cities, my 3G/4G performs a lot more reliably,
> better and predictably than most cafe, hotel or mall wi-fi. I don't even
> bother when hotels offer their wi-fi vouchers upon check-in.
>
> With my 4G services (Vodacom and MTN), I can average between 30Mbps -
> 55Mbps when tethering, and that's plenty enough for me. I have a decent
> monthly data plan that I don't have to worry about running out. Of
> course, performance isn't as great if you're in a remote part of the
> country, but that's not unique to South Africa.
>
> Mark.
>

Re: Impacts of Encryption Everywhere (any solution?)

On 30/May/18 17:11, McBride, Mack wrote:

> In high density urban areas last mile infrastructure (mostly copper) is 
> considerably better than 4G. 
> Localized carrier powered wifi is good as well but it is not and should not 
> be confused with 4G.

I think it depends on what it is you're trying to do. If your
application is linear IPTV streaming into your home, that probably isn't
a great idea for any kind of non-wired media. On the other hand, in
South Africa, where I live, it is routine to deliver video streaming
services (Netflix, Youtube, ShowMax, e.t.c.) to one's home over 4G/LTE,
to the extent that the service providers have special data plans that
support these kinds of use-cases.

In South Africa, I generally find wi-fi in the hotels to be pretty bad,
as the majority of them tend to be on ADSL backhaul, which averages
between 1Mbps - 4Mbps to support several dozen or more rooms. A few
hotels have migrated to fibre, but between guessing what last mile
they're on and how they operate the wi-fi network, I ALWAYS prefer to
tether my iPhone to my laptop and work when I'm on the road within the
country. In all major cities, my 3G/4G performs a lot more reliably,
better and predictably than most cafe, hotel or mall wi-fi. I don't even
bother when hotels offer their wi-fi vouchers upon check-in.

With my 4G services (Vodacom and MTN), I can average between 30Mbps -
55Mbps when tethering, and that's plenty enough for me. I have a decent
monthly data plan that I don't have to worry about running out. Of
course, performance isn't as great if you're in a remote part of the
country, but that's not unique to South Africa.

Mark.

RE: Impacts of Encryption Everywhere (any solution?)

2018-05-30 Thread McBride, Mack

In high density urban areas last mile infrastructure (mostly copper) is 
considerably better than 4G. 
Localized carrier powered wifi is good as well but it is not and should not be 
confused with 4G.

Mack

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ben Cannon
Sent: Wednesday, May 30, 2018 1:54 AM
To: Mark Tinka 
Cc: nanog@nanog.org list 
Subject: Re: Impacts of Encryption Everywhere (any solution?)

Thank you Mark for your excellent firsthand account.

I’ve observed this - the developing world (better? Same meaning but hey) does 
not miss copper infrastructure.  That was always bad and was always going to be 
bad now that 4G is here. There’s just zero reason now.   It’s an anchor.

-Ben

> On May 29, 2018, at 10:19 PM, Mark Tinka  wrote:
> 
> 
> 
>> On 29/May/18 20:01, Eric Kuhnke wrote:
>> 
>> The one thing that you CAN generalize about a great many developing 
>> nation telecom markets, which is different than the US and Western Europe:
>> 
>> Many urban locations have a complete absence of functioning last 
>> mile, legacy copper telecom infrastructure, which in a US city you 
>> would see used for ADSL2+ or VDSL2 or g.fast on old POTS phone lines, 
>> or
>> DOCSIS3.0/DOCSIS3.1 on 75 ohm coaxial cable TV plant. Leaving "4G" 
>> and various forms of fixed point to multipoint wireless, whether LTE 
>> based or not, as the only viable residential and SMB broadband service 
>> option.
> 
> And this is a bad thing, because?
> 
> Just because it is done differently doesn't mean it is any less 
> effective. Mobile phones have significantly overtaken all other forms 
> of physical infrastructure in most of Africa, and the amount of data 
> being generated as well as the growing rate of penetration is some of 
> the highest in the world.
> 
> MNO's have taken slightly different approaches to how they build and 
> scale for Africa (and other developing continents such as Asia) than 
> they have for other regions of the world where physical infrastructure 
> is more rife.
> 
> Personally, I'm glad that the remaining bits of copper plant in Africa 
> are losing steam as folk jump straight into 3G/4G and fibre in Africa.
> Coax was never really a hit in Africa (I know it was in Mozambique), 
> but glad we don't have to deal with that legacy either.
> 
> I am fortunate enough to live in a city where 4G/LTE is available, 
> with a reasonably-priced 100Mbps FTTH service to my house, as do many 
> others that live in major African cities where private companies are 
> not sitting around waiting for the gubbermint to catch up. Is there a 
> lot more that can and should be done? For sure! But things are happening...
> 
> Mark.
E-MAIL CONFIDENTIALITY NOTICE: 
The contents of this e-mail message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or legally privileged 
information. If you are not the intended recipient of this message or if this 
message has been addressed to you in error, please immediately alert the sender 
by reply e-mail and then delete this message and any attachments. If you are 
not the intended recipient, you are notified that any use, dissemination, 
distribution, copying, or storage of this message or any attachment is strictly 
prohibited.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-30 Thread Ben Cannon

Thank you Mark for your excellent firsthand account.

I’ve observed this - the developing world (better? Same meaning but hey) does 
not miss copper infrastructure.  That was always bad and was always going to be 
bad now that 4G is here. There’s just zero reason now.   It’s an anchor.

-Ben

> On May 29, 2018, at 10:19 PM, Mark Tinka  wrote:
> 
> 
> 
>> On 29/May/18 20:01, Eric Kuhnke wrote:
>> 
>> The one thing that you CAN generalize about a great many developing nation
>> telecom markets, which is different than the US and Western Europe:
>> 
>> Many urban locations have a complete absence of functioning last mile,
>> legacy copper telecom infrastructure, which in a US city you would see used
>> for ADSL2+ or VDSL2 or g.fast on old POTS phone lines, or
>> DOCSIS3.0/DOCSIS3.1 on 75 ohm coaxial cable TV plant. Leaving "4G" and
>> various forms of fixed point to multipoint wireless, whether LTE based or
>> not, as the only viable residential and SMB broadband service option.
> 
> And this is a bad thing, because?
> 
> Just because it is done differently doesn't mean it is any less
> effective. Mobile phones have significantly overtaken all other forms of
> physical infrastructure in most of Africa, and the amount of data being
> generated as well as the growing rate of penetration is some of the
> highest in the world.
> 
> MNO's have taken slightly different approaches to how they build and
> scale for Africa (and other developing continents such as Asia) than
> they have for other regions of the world where physical infrastructure
> is more rife.
> 
> Personally, I'm glad that the remaining bits of copper plant in Africa
> are losing steam as folk jump straight into 3G/4G and fibre in Africa.
> Coax was never really a hit in Africa (I know it was in Mozambique), but
> glad we don't have to deal with that legacy either.
> 
> I am fortunate enough to live in a city where 4G/LTE is available, with
> a reasonably-priced 100Mbps FTTH service to my house, as do many others
> that live in major African cities where private companies are not
> sitting around waiting for the gubbermint to catch up. Is there a lot
> more that can and should be done? For sure! But things are happening...
> 
> Mark.

Re: Impacts of Encryption Everywhere (any solution?)

On 29/May/18 20:01, Eric Kuhnke wrote:

> The one thing that you CAN generalize about a great many developing nation
> telecom markets, which is different than the US and Western Europe:
>
> Many urban locations have a complete absence of functioning last mile,
> legacy copper telecom infrastructure, which in a US city you would see used
> for ADSL2+ or VDSL2 or g.fast on old POTS phone lines, or
> DOCSIS3.0/DOCSIS3.1 on 75 ohm coaxial cable TV plant. Leaving "4G" and
> various forms of fixed point to multipoint wireless, whether LTE based or
> not, as the only viable residential and SMB broadband service option.

And this is a bad thing, because?

Just because it is done differently doesn't mean it is any less
effective. Mobile phones have significantly overtaken all other forms of
physical infrastructure in most of Africa, and the amount of data being
generated as well as the growing rate of penetration is some of the
highest in the world.

MNO's have taken slightly different approaches to how they build and
scale for Africa (and other developing continents such as Asia) than
they have for other regions of the world where physical infrastructure
is more rife.

Personally, I'm glad that the remaining bits of copper plant in Africa
are losing steam as folk jump straight into 3G/4G and fibre in Africa.
Coax was never really a hit in Africa (I know it was in Mozambique), but
glad we don't have to deal with that legacy either.

I am fortunate enough to live in a city where 4G/LTE is available, with
a reasonably-priced 100Mbps FTTH service to my house, as do many others
that live in major African cities where private companies are not
sitting around waiting for the gubbermint to catch up. Is there a lot
more that can and should be done? For sure! But things are happening...

Mark.

Re: Impacts of Encryption Everywhere (any solution?)




On 29/May/18 19:58, Eric Kuhnke wrote:

> Ethiopia is significantly different and unique, in its own unusual way,
> because of the government monopoly telecom. Other people can correct me if
> I'm wrong, but unless the situation has changed in the past two years, all
> small to medium sized ISPs in Ethiopia are mandated by law to be downstream
> of the government run telecom ASN. Also the government owned national
> telecom has a monopoly on all international fiber connections to
> neighboring countries (at OSI layer 1), and for things like STM/SDH or
> 1/10/ Gbps Ethernet L2 transport services to any location outside of
> Ethiopia.
>
> The Ethiopian Internet is also subject to significant censorship and
> attempted blockage of VPN and VoIP services.

Doesn't at all sound that different from China, North Korea, Saudi
Arabia, Iran or Myanmar... and in the case of international connectivity
openness, Swaziland...

Mark.

Re: Impacts of Encryption Everywhere (any solution?)




On 29/May/18 19:21, Owen DeLong wrote:

>> I admit that I haven’t been to Eritrea or Indonesia, but using Ethiopia
>> and Malaysia as stand-ins (which I have been to), I can say that while they
>> are the same internet, the level of development, the payment systems which
>> are usable via said internet, and other aspects of the daily use and 
>> capabilities
>> which can be utilized on the internet in those countries does vary greatly.
>>
>> For example, Apple Pay is somewhat ubiquitous in Canada. It’s virtually 
>> unheard
>> of in Ethiopia. My travels to Malaysia were not recent enough for me to 
>> comment
>> accurately on the current state of things.
>>
>> M-Pesa is widely accepted in Kenya, but not at all in the US or Canada.
>>
>> PayPal is popular in the US, but not so much in most of the rest of the 
>> world.
>>
>> YMMV.
>>
>> IPv6 is readily available on almost every mobile phone in the US. Less so in
>> Kenya or Tanzania, Eritrea, Canada, or Indonesia.
>>
>> While all connected networks are part of the same big I Internet, not all 
>> networks
>> are created or maintained equal and not all services on those networks are
>> ubiquitously available to all users of the big I Internet.

My point is the protocol is the same regardless of where in the world
you are; and the global nature of the Internet levels the playing field.
Who extracts the most out of it is a completely separate discussion.

What I am saying is there are different ways many countries do things.
Deciding on how computer communicate isn't one of them.

Mark.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Mike Hammett

"And these pockets of extreme isolation sound like a prime opportunity for a 
WISP or other disruption. " 

Which is what the OP of the thread I was looking at was doing, starting a WISP. 
They could get a 100 - 200 megabit/s per AP access network, but their link to 
the outside world is currently limited to one meg. For some reason mountain to 
mountain links weren't a viable option. I don't know the reason why. 

I was looking for ways of him getting the most bang for the buck out of the 
connection. I've got a couple ideas (Steam Cache, Squid in "bump in the middle" 
configuration, and a squid - squid tunnel with the low speed link in the 
middle). 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Ben Cannon"  
To: "John R. Levine"  
Cc: "NANOG"  
Sent: Tuesday, May 29, 2018 2:49:14 PM 
Subject: Re: Impacts of Encryption Everywhere (any solution?) 

Everyone in Haiti had a cell phone. Everyone. Even the poorest of the poor. 
They skipped the enormous expense of copper infrastructure. 

The world is very different in person. 

And these pockets of extreme isolation sound like a prime opportunity for a 
WISP or other disruption. 

-Ben 

On May 29, 2018, at 7:16 AM, John R. Levine  wrote: 

>> I am sure these third world nations have more important things to spend 
>> their money on rather than data plans and data devices. Things like food 
>> and medicine come to mind... 
> 
> My goodness, aren't we condescending. Since we're talking about Kenya here, a 
> few milliseconds of research reminds us that it's a significant agricultural 
> exporter. Agricultural development there is generally about better use of 
> existing land. 
> 
> You might also want to learn about M-Pesa, the mobile phone payment system 
> that everybody uses. Stores all have a sign with their M-Pesa number so you 
> can pay them, and there are kiosks all over Nairobi that will exchange M-Pesa 
> credit and cash. The 1GB data bundles I mentioned are large ones. You can get 
> 7MB for a day or 5MB for a week for 5c, which is plenty to check your 
> messages or look up farm prices. 
> 
> People in Africa may be poorer than we are, but they are just as smart as we 
> are, and they are just as able and interested in technology when it is useful 
> to them. 
> 
> R's, 
> John

Re: Impacts of Encryption Everywhere (any solution?)

> On May 29, 2018, at 12:49 , Ben Cannon  wrote:
> 
> Everyone in Haiti had a cell phone. Everyone. Even the poorest of the poor.   
> They skipped the enormous expense of copper infrastructure.
> 
> The world is very different in person. 
> 
> And these pockets of extreme isolation sound like a prime opportunity for a 
> WISP or other disruption.  

In some cases, this is a viable solution. In others, not so much.

There are places, for example, where one has to be concerned that your 
infrastructure will be creatively “recycled” by the locals when you aren’t 
looking. 

Also, deploying a WISP still requires the ability to bring Power to all and 
Wired Connectivity to some of your deployments.

As I mentioned earlier, Haiti is a relatively easy Wireless deployment 
topography. Try doing the same thing in the Nevada desert, where the iron rich 
base minerals combined with the alkali top soil creates a kind of RF sink-hole 
that causes walkie-talkies that go 3-5 miles anywhere else to fail in as little 
as 1/4 mile and that’s in the flat areas. Add in the mountains and you’ve got a 
real interesting deployment where you might need 4 or 5 base stations just to 
reach 1-2 customers.

There are solutions that can work just about everywhere, but there’s no one 
solution that works everywhere.

Owen

> 
> -Ben
> 
> On May 29, 2018, at 7:16 AM, John R. Levine  wrote:
> 
>>> I am sure these third world nations have more important things to spend
>>> their money on rather than data plans and data devices. Things like food
>>> and medicine come to mind...
>> 
>> My goodness, aren't we condescending.  Since we're talking about Kenya here, 
>> a few milliseconds of research reminds us that it's a significant 
>> agricultural exporter.  Agricultural development there is generally about 
>> better use of existing land.
>> 
>> You might also want to learn about M-Pesa, the mobile phone payment system 
>> that everybody uses.  Stores all have a sign with their M-Pesa number so you 
>> can pay them, and there are kiosks all over Nairobi that will exchange 
>> M-Pesa credit and cash.  The 1GB data bundles I mentioned are large ones. 
>> You can get 7MB for a day or 5MB for a week for 5c, which is plenty to check 
>> your messages or look up farm prices.
>> 
>> People in Africa may be poorer than we are, but they are just as smart as we 
>> are, and they are just as able and interested in technology when it is 
>> useful to them.
>> 
>> R's,
>> John

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Ben Cannon

Everyone in Haiti had a cell phone. Everyone. Even the poorest of the poor.   
They skipped the enormous expense of copper infrastructure.

 The world is very different in person. 

And these pockets of extreme isolation sound like a prime opportunity for a 
WISP or other disruption.  

-Ben

On May 29, 2018, at 7:16 AM, John R. Levine  wrote:

>> I am sure these third world nations have more important things to spend
>> their money on rather than data plans and data devices. Things like food
>> and medicine come to mind...
> 
> My goodness, aren't we condescending.  Since we're talking about Kenya here, 
> a few milliseconds of research reminds us that it's a significant 
> agricultural exporter.  Agricultural development there is generally about 
> better use of existing land.
> 
> You might also want to learn about M-Pesa, the mobile phone payment system 
> that everybody uses.  Stores all have a sign with their M-Pesa number so you 
> can pay them, and there are kiosks all over Nairobi that will exchange M-Pesa 
> credit and cash.  The 1GB data bundles I mentioned are large ones. You can 
> get 7MB for a day or 5MB for a week for 5c, which is plenty to check your 
> messages or look up farm prices.
> 
> People in Africa may be poorer than we are, but they are just as smart as we 
> are, and they are just as able and interested in technology when it is useful 
> to them.
> 
> R's,
> John

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Michael Hallgren

Morocco... Sure? Data points?

Le 2018-05-29 20:00, Owen DeLong a écrit :

It was a convenient example with which I had experience near Eritrea.

My statement would apply equally for say, Zambia or Morocco.

Owen

On May 29, 2018, at 10:58 , Eric Kuhnke wrote:

Ethiopia is significantly different and unique, in its own unusual
way, because of the government monopoly telecom. Other people can
correct me if I'm wrong, but unless the situation has changed in the
past two years, all small to medium sized ISPs in Ethiopia are
mandated by law to be downstream of the government run telecom ASN.
Also the government owned national telecom has a monopoly on all
international fiber connections to neighboring countries (at OSI layer
1), and for things like STM/SDH or 1/10/ Gbps Ethernet L2 transport
services to any location outside of Ethiopia.

The Ethiopian Internet is also subject to significant censorship and
attempted blockage of VPN and VoIP services.

https://www.google.com/search?q=ethiopia+internet+censorship=ethiopia+internet+censorship=chrome.0.0j69i57.2857j0j7=chrome=UTF-8

On Tue, May 29, 2018 at 10:21 AM, Owen DeLong > wrote:

>
> The Internet in Indonesia is the very same Internet in Eritrea, as it is
> in Canada. We can't quite split that…

I admit that I haven’t been to Eritrea or Indonesia, but using
Ethiopia
and Malaysia as stand-ins (which I have been to), I can say that while
they
are the same internet, the level of development, the payment systems
which
are usable via said internet, and other aspects of the daily use and
capabilities
which can be utilized on the internet in those countries does vary
greatly.

For example, Apple Pay is somewhat ubiquitous in Canada. It’s
virtually unheard
of in Ethiopia. My travels to Malaysia were not recent enough for me
to comment

accurately on the current state of things.

M-Pesa is widely accepted in Kenya, but not at all in the US or
Canada.

PayPal is popular in the US, but not so much in most of the rest of
the world.

YMMV.

IPv6 is readily available on almost every mobile phone in the US. Less
so in

Kenya or Tanzania, Eritrea, Canada, or Indonesia.

While all connected networks are part of the same big I Internet, not
all networks
are created or maintained equal and not all services on those networks
are

ubiquitously available to all users of the big I Internet.

Owen

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Randy Bush

> Ethiopia is significantly different and unique, in its own unusual
> way, because of the government monopoly telecom.

sadly, these are far from unique; not only in africa, but asia,
oceania, even alyc, ...

randy

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Eric Kuhnke

The one thing that you CAN generalize about a great many developing nation
telecom markets, which is different than the US and Western Europe:

Many urban locations have a complete absence of functioning last mile,
legacy copper telecom infrastructure, which in a US city you would see used
for ADSL2+ or VDSL2 or g.fast on old POTS phone lines, or
DOCSIS3.0/DOCSIS3.1 on 75 ohm coaxial cable TV plant. Leaving "4G" and
various forms of fixed point to multipoint wireless, whether LTE based or
not, as the only viable residential and SMB broadband service option.



On Tue, May 29, 2018 at 10:55 AM, Owen DeLong  wrote:

> 4G depends on Radio. Radio works very well in an environment like
> Hispañola (the island containing Haiti and Dominican Republic).
>
> You’ve got some convenient very high central locations, lots of nice
> conductive ground-plane salt-water surrounding the area, and very little
> terrain interference from those high points to the vast majority of the
> island.
>
> Africa has a much larger and more diverse geography. The water surrounding
> it is much much further from the central locations and the central
> locations are NOT proportionately has high above (and in some cases even
> below) the surrounding terrain.
>
> Africa also has a wide variety of political and cultural issues and
> multiple distinct political frameworks to deal with. (Haiti has only one
> and if you throw in all of Hispañola, you still only have 2).
>
> There are parts of Africa where 4G works relatively well. There are parts
> where you’re lucky if you can get anything at all. There are parts where
> electricity, indoor plumbing, and safe drinking water would be a novelty.
> (Of course that last one is true in Haiti as well).
>
> Indeed, I think the biggest thing to realize is that speaking of Africa as
> if it were a single place is as big a failure as speaking of Asia like it
> is a single place. Both consist of many countries, many cultures, a wide
> variety of terrains and geological and geographical features, and a great
> diversity of experiences to be had.
>
> Angola is as different from Zambia as Afghanistan is from Vietnam.
>
> Owen
>
>
> > On May 28, 2018, at 23:36 , Ben Cannon  wrote:
> >
> > Then Africa in particular is specifically disadvantaged - I spent a good
> deal of time in Haiti and 4G connectivity was abundant at good speeds, as
> were terrestrial fiber connections.
> >
> > Mirrors my experience in half a dozen other 3rd world countries.  Unless
> there’s something particularly oppressive about Africa?
> >
> >> On May 28, 2018, at 5:06 PM, Scott Weeks 
> wrote:
> >>
> >> --- mpet...@netflight.com wrote:
> >> From: Matthew Petach 
> >> On Mon, May 28, 2018 at 11:22 AM, Ben Cannon  wrote:
> >>
> >>> I’m sorry I simply believe that in 2018 with the advanced and cheap ptp
> >>> radio (ubiquiti anyone? $300 and I have a 200mbit/sec link over
> 10miles!
> >>> Spend a bit more and go 100km) plus the advancements in cubesats about
> to
> >>> be launched, even the 3rd world can simply get with the times.
> >>
> >> I do not think you adequately understand the economics of the
> >> situation.
> >>
> >> https://www.slideshare.net/InternetSociety/international-
> bandwidth-and-pricing-trends-in-subsahara-africa-79147043
> >>
> >> slide 22, IP transit cost.
> >>
> >> Your 200mbit/sec link that costs you $300 in hardware
> >> is going to cost you $4960/month to actually get IP traffic
> >> across, in Nairobi.   Yes, that's about $60,000/year.
> >>
> >> Could *you* afford to "get with the times" if that's what
> >> your bandwidth was going to cost you?
> >>
> >> Please, do a little research on what the real
> >> costs are before telling others they need to
> >> "simply get with the times."
> >> -
> >>
> >>
> >>
> >> Also, please don't just look at continental countries
> >> when researching.  Look at the small PICs (Pacific
> >> Island Countries).  For example, search the posts from
> >> Christian on Kiribati on the PICISOC list.  The cost is
> >> extraordinary and all the ego-flattering bloat rsk
> >> speaks (relevant part of the post id below) of in very
> >> expensive to download and is nearly impossible to stop.
> >>
> >> scott
> >>
> >>
> >>
> >> *
> >>> The problem (part of the problem) is that the people doing these
> foolish
> >>> things are new, ignorant, and privileged: they don't realize that
> bandwidth
> >>> is still an expensive and scarce resource for most of the planet. I've
> >>> said for years that every web designer should be forced to work in an
> >>> environment bandlimited to 56K in order to instll in them the virtue
> >>> of frugality and strongly discourage them from flattering their egos
> >>> by creating all-singing all-dancing web sites...that look great in the
> >>> portfolios they'll show to their peers but are horribly bloated, slow,
> >>> unrenderable in a lot of browsers, and fraught with security and
> privacy
> >>> problems. (Try pointing a

Re: Impacts of Encryption Everywhere (any solution?)

It was a convenient example with which I had experience near Eritrea.

My statement would apply equally for say, Zambia or Morocco.

Owen


> On May 29, 2018, at 10:58 , Eric Kuhnke  wrote:
> 
> Ethiopia is significantly different and unique, in its own unusual way, 
> because of the government monopoly telecom. Other people can correct me if 
> I'm wrong, but unless the situation has changed in the past two years, all 
> small to medium sized ISPs in Ethiopia are mandated by law to be downstream 
> of the government run telecom ASN. Also the government owned national telecom 
> has a monopoly on all international fiber connections to neighboring 
> countries (at OSI layer 1), and for things like STM/SDH or 1/10/ Gbps 
> Ethernet L2 transport services to any location outside of Ethiopia.
> 
> The Ethiopian Internet is also subject to significant censorship and 
> attempted blockage of VPN and VoIP services.
> 
> https://www.google.com/search?q=ethiopia+internet+censorship=ethiopia+internet+censorship=chrome.0.0j69i57.2857j0j7=chrome=UTF-8
>  
> 
> 
> 
> 
> 
> 
> On Tue, May 29, 2018 at 10:21 AM, Owen DeLong  > wrote:
> > 
> > The Internet in Indonesia is the very same Internet in Eritrea, as it is
> > in Canada. We can't quite split that…
> 
> I admit that I haven’t been to Eritrea or Indonesia, but using Ethiopia
> and Malaysia as stand-ins (which I have been to), I can say that while they
> are the same internet, the level of development, the payment systems which
> are usable via said internet, and other aspects of the daily use and 
> capabilities
> which can be utilized on the internet in those countries does vary greatly.
> 
> For example, Apple Pay is somewhat ubiquitous in Canada. It’s virtually 
> unheard
> of in Ethiopia. My travels to Malaysia were not recent enough for me to 
> comment
> accurately on the current state of things.
> 
> M-Pesa is widely accepted in Kenya, but not at all in the US or Canada.
> 
> PayPal is popular in the US, but not so much in most of the rest of the world.
> 
> YMMV.
> 
> IPv6 is readily available on almost every mobile phone in the US. Less so in
> Kenya or Tanzania, Eritrea, Canada, or Indonesia.
> 
> While all connected networks are part of the same big I Internet, not all 
> networks
> are created or maintained equal and not all services on those networks are
> ubiquitously available to all users of the big I Internet.
> 
> Owen
> 
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Eric Kuhnke

Ethiopia is significantly different and unique, in its own unusual way,
because of the government monopoly telecom. Other people can correct me if
I'm wrong, but unless the situation has changed in the past two years, all
small to medium sized ISPs in Ethiopia are mandated by law to be downstream
of the government run telecom ASN. Also the government owned national
telecom has a monopoly on all international fiber connections to
neighboring countries (at OSI layer 1), and for things like STM/SDH or
1/10/ Gbps Ethernet L2 transport services to any location outside of
Ethiopia.

The Ethiopian Internet is also subject to significant censorship and
attempted blockage of VPN and VoIP services.

https://www.google.com/search?q=ethiopia+internet+censorship=ethiopia+internet+censorship=chrome.0.0j69i57.2857j0j7=chrome=UTF-8

On Tue, May 29, 2018 at 10:21 AM, Owen DeLong  wrote:

> >
> > The Internet in Indonesia is the very same Internet in Eritrea, as it is
> > in Canada. We can't quite split that…
>
> I admit that I haven’t been to Eritrea or Indonesia, but using Ethiopia
> and Malaysia as stand-ins (which I have been to), I can say that while they
> are the same internet, the level of development, the payment systems which
> are usable via said internet, and other aspects of the daily use and
> capabilities
> which can be utilized on the internet in those countries does vary greatly.
>
> For example, Apple Pay is somewhat ubiquitous in Canada. It’s virtually
> unheard
> of in Ethiopia. My travels to Malaysia were not recent enough for me to
> comment
> accurately on the current state of things.
>
> M-Pesa is widely accepted in Kenya, but not at all in the US or Canada.
>
> PayPal is popular in the US, but not so much in most of the rest of the
> world.
>
> YMMV.
>
> IPv6 is readily available on almost every mobile phone in the US. Less so
> in
> Kenya or Tanzania, Eritrea, Canada, or Indonesia.
>
> While all connected networks are part of the same big I Internet, not all
> networks
> are created or maintained equal and not all services on those networks are
> ubiquitously available to all users of the big I Internet.
>
> Owen
>
>

Re: Impacts of Encryption Everywhere (any solution?)

4G depends on Radio. Radio works very well in an environment like Hispañola 
(the island containing Haiti and Dominican Republic).

You’ve got some convenient very high central locations, lots of nice conductive 
ground-plane salt-water surrounding the area, and very little terrain 
interference from those high points to the vast majority of the island.

Africa has a much larger and more diverse geography. The water surrounding it 
is much much further from the central locations and the central locations are 
NOT proportionately has high above (and in some cases even below) the 
surrounding terrain.

Africa also has a wide variety of political and cultural issues and multiple 
distinct political frameworks to deal with. (Haiti has only one and if you 
throw in all of Hispañola, you still only have 2).

There are parts of Africa where 4G works relatively well. There are parts where 
you’re lucky if you can get anything at all. There are parts where electricity, 
indoor plumbing, and safe drinking water would be a novelty. (Of course that 
last one is true in Haiti as well).

Indeed, I think the biggest thing to realize is that speaking of Africa as if 
it were a single place is as big a failure as speaking of Asia like it is a 
single place. Both consist of many countries, many cultures, a wide variety of 
terrains and geological and geographical features, and a great diversity of 
experiences to be had.

Angola is as different from Zambia as Afghanistan is from Vietnam.

Owen

> On May 28, 2018, at 23:36 , Ben Cannon  wrote:
> 
> Then Africa in particular is specifically disadvantaged - I spent a good deal 
> of time in Haiti and 4G connectivity was abundant at good speeds, as were 
> terrestrial fiber connections. 
> 
> Mirrors my experience in half a dozen other 3rd world countries.  Unless 
> there’s something particularly oppressive about Africa?
> 
>> On May 28, 2018, at 5:06 PM, Scott Weeks  wrote:
>> 
>> --- mpet...@netflight.com wrote:
>> From: Matthew Petach 
>> On Mon, May 28, 2018 at 11:22 AM, Ben Cannon  wrote:
>> 
>>> I’m sorry I simply believe that in 2018 with the advanced and cheap ptp
>>> radio (ubiquiti anyone? $300 and I have a 200mbit/sec link over 10miles!
>>> Spend a bit more and go 100km) plus the advancements in cubesats about to
>>> be launched, even the 3rd world can simply get with the times.
>> 
>> I do not think you adequately understand the economics of the
>> situation.
>> 
>> https://www.slideshare.net/InternetSociety/international-bandwidth-and-pricing-trends-in-subsahara-africa-79147043
>> 
>> slide 22, IP transit cost.
>> 
>> Your 200mbit/sec link that costs you $300 in hardware
>> is going to cost you $4960/month to actually get IP traffic
>> across, in Nairobi.   Yes, that's about $60,000/year.
>> 
>> Could *you* afford to "get with the times" if that's what
>> your bandwidth was going to cost you?
>> 
>> Please, do a little research on what the real
>> costs are before telling others they need to
>> "simply get with the times."
>> -
>> 
>> 
>> 
>> Also, please don't just look at continental countries 
>> when researching.  Look at the small PICs (Pacific 
>> Island Countries).  For example, search the posts from 
>> Christian on Kiribati on the PICISOC list.  The cost is 
>> extraordinary and all the ego-flattering bloat rsk 
>> speaks (relevant part of the post id below) of in very 
>> expensive to download and is nearly impossible to stop.
>> 
>> scott
>> 
>> 
>> 
>> * 
>>> The problem (part of the problem) is that the people doing these foolish 
>>> things are new, ignorant, and privileged: they don't realize that bandwidth 
>>> is still an expensive and scarce resource for most of the planet. I've 
>>> said for years that every web designer should be forced to work in an 
>>> environment bandlimited to 56K in order to instll in them the virtue 
>>> of frugality and strongly discourage them from flattering their egos 
>>> by creating all-singing all-dancing web sites...that look great in the 
>>> portfolios they'll show to their peers but are horribly bloated, slow, 
>>> unrenderable in a lot of browsers, and fraught with security and privacy 
>>> problems. (Try pointing a text-only browser at your favorite website. 
>>> Can you even read the home page?) 
>> 
>> 
>> 
>

Re: Impacts of Encryption Everywhere (any solution?)

> On May 29, 2018, at 00:05 , Scott Weeks  wrote:
> 
> 
> I believe you were responding to me, but it was really 
> hard to tell.  If so, here's the conversation...
> 
>> Also, please don't just look at continental countries 
>> when researching.  Look at the small PICs (Pacific 
>> Island Countries).  For example, search the posts from 
>> Christian on Kiribati on the PICISOC list.  The cost is 
>> extraordinary and all the ego-flattering bloat rsk 
>> speaks (relevant part of the post id below) of in very 
>> expensive to download and is nearly impossible to stop.
> 
> --- b...@6by7.net wrote:
> From: Ben Cannon 
> 
> Then Africa in particular is specifically disadvantaged 
> - I spent a good deal of time in Haiti and 4G connectivity 
> was abundant at good speeds, as were terrestrial fiber 
> connections. 
> 
> Mirrors my experience in half a dozen other 3rd world 
> countries.  Unless there’s something particularly 
> oppressive about Africa?
> --
> 
> 
> I guess I was more meaning in the Pacific, since I'm 
> from there.  And more particularly places like Kiribati, 
> Cook Islands, Marquesas and other far flung Pacific 
> Island Countries.  My apologies for the confusion. Hati 
> and other countries close to a rich mainland country 
> do not suffer the same issues due to geography.

While Haiti is clos-ER to a rich mainland country than those
you mentioned, I would not say that it lacks geographic
challenges. They might be a bit less since (more importantly)
fiber has to run past (and thus conveniently to) Hispañola
(the Island containing Haiti and the DR) in order to traverse
other destinations which obviously is not the case in the
areas you mention above.

Almost every area I am aware of in the developing world has
some combination of challenges which drive its continued
lagging behind more developed areas.

This can, by the way, include parts of developed nations which
are underserved due to geographic challenges such as some rural
areas of the united States as mentioned earlier.

These challenges can include any combination of economic,
geographic, geologic, terrain, cultural, political, population
density, etc.

One thing I have found very interesting in my travels…

Every area with challenges seems to think that their challenges
are so unique that solutions that have proven elsewhere cannot
possibly work for them.

Every area with challenges almost always has more in common with
the other areas with challenges than they perceive.

I guess it is easier to talk about why things will not work than
do the hard work of adapting solutions to the differences which
do matter.

Owen

Re: Impacts of Encryption Everywhere (any solution?)

Ah, the wonderful USF.

Here’s my take on USF. It’s a perfectly wonderful intent whose implementation 
has gone horribly horribly wrong.

Instead of equalizing economic incentives for infrastructure between rural, 
urban, and suburban areas, it has heavily tilted the incentives in favor of the 
highest densities that still qualify as rural while pretty much screwing over 
everyone else.

Extremely high density urban areas still have sufficient economic opportunity 
over lower infrastructure cost per user to attract some development. However, 
Suburbia is the biggest loser in this equation.

Don’t get me wrong… I’m perfectly fine with the idea that I need to make a 
small payment to subsidize delivery of decent network infrastructure to 
underserved areas. What bothers me is that I’m generally paying this tax to 
enable farmers in the middle of nowhere to have better network infrastructure 
than I can get at my own location.

I’m happy to subsidize equality of connectivity, but it galls me to have to 
subsidize GPON for others while there’s not even a glimmer of hope that anyone 
will usefully lay fiber in my neighborhood in the foreseeable future.

Owen


> On May 29, 2018, at 07:23 , ML  wrote:
> 
> $100M+ in federal dollars goes a long way.
> 
> 
> On 5/29/2018 10:17 AM, Mike Hammett wrote:
>> Is that PennRen\Kinber?
>> 
>> 
>> 
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> 
>> Midwest Internet Exchange
>> 
>> The Brothers WISP
>> 
>> - Original Message -
>> 
>> From: "Matt Hoppes" 
>> To: "Lamar Owen" 
>> Cc: nanog@nanog.org
>> Sent: Tuesday, May 29, 2018 8:27:17 AM
>> Subject: Re: Impacts of Encryption Everywhere (any solution?)
>> 
>> I am incredibly rural in Pennsylvania and pay about $.50 per megabit.
>> 
>>> On May 29, 2018, at 09:23, Lamar Owen  wrote:
>>> 
>>>> On 05/28/2018 06:13 PM, Matthew Petach wrote:
>>>> Your 200mbit/sec link that costs you $300 in hardware
>>>> is going to cost you $4960/month to actually get IP traffic
>>>> across, in Nairobi. Yes, that's about $60,000/year.
>>> I live in the US of A, and this is what 200Mb/s roughly would cost me as 
>>> well here in Rural Monopoly-land. Rural ILEC also has the CATV business, 
>>> and, well, they are _not_ going to run cable up here. I've actually priced 
>>> 150Mb/s bandwidth from the ILEC over the years; in 2003 the cost would have 
>>> been about $100,000 per month. As of five years ago 10Mb/s symmetrical cost 
>>> roughly $1,000 per month, the lion's share of that being per-mile NECA 
>>> Tariff 5 transport costs.
>>> 
>>> The terrain here prevents fixed wireless. The terrain also prevents 
>>> satellite comms to the Clarke belt (mountain to the south with trees on US 
>>> Forest Service property in the line of sight). I get 1XRTT in one room of 
>>> my house when the humidity is below 70% and it's winter, and once in a blue 
>>> moon 3G will light up, but it's not stable enough to actually use; it's the 
>>> speed of dialup. If I traipse about a hundred yards up the mountain to the 
>>> south (onto US Forest Service property, so, no repeater for me) I can get 
>>> semi-usable 4G; nothing like being in the middle of the woods with an 
>>> active black bear population trying to get a usable signal.
>>> 
>>> I'm paying $50 per month for 7/0.5 DSL (I might add that they provide 
>>> excellent DSL that has been extremely reliable) from the only ISP available 
>>> in the area.
>>> 
>>> I remember a usable web experience not too long ago on 28.8K/33.6K dialup 
>>> (it was quite a while before said ILEC got a 56K-capable modem bank). DSL 
>>> started out here at 384k/128k. On the positive side, we have a very low 
>>> oversubscription ratio, so I actually get the full bandwidth the majority 
>>> of the time, even video streaming. I also know all the network engineers 
>>> there, too, and that also has its advantages.
>>> 
>>> (Yes, I am aware that rural living is a choice, and there are things worth 
>>> a great deal more than bandwidth, that it's a tradeoff, etc.)
>>> 
>>> So it's not just '3rd-world' countries with expensive bandwidth.
>>>

Re: Impacts of Encryption Everywhere (any solution?)

> 
> The Internet in Indonesia is the very same Internet in Eritrea, as it is
> in Canada. We can't quite split that…

I admit that I haven’t been to Eritrea or Indonesia, but using Ethiopia
and Malaysia as stand-ins (which I have been to), I can say that while they
are the same internet, the level of development, the payment systems which
are usable via said internet, and other aspects of the daily use and 
capabilities
which can be utilized on the internet in those countries does vary greatly.

For example, Apple Pay is somewhat ubiquitous in Canada. It’s virtually unheard
of in Ethiopia. My travels to Malaysia were not recent enough for me to comment
accurately on the current state of things.

M-Pesa is widely accepted in Kenya, but not at all in the US or Canada.

PayPal is popular in the US, but not so much in most of the rest of the world.

YMMV.

IPv6 is readily available on almost every mobile phone in the US. Less so in
Kenya or Tanzania, Eritrea, Canada, or Indonesia.

While all connected networks are part of the same big I Internet, not all 
networks
are created or maintained equal and not all services on those networks are
ubiquitously available to all users of the big I Internet.

Owen

Re: Impacts of Encryption Everywhere (any solution?)



> 
> The http+signature data could then be cashed just fine, and stored in
> the clear.  The web site could determine what to serve up that way to
> maintain security.  All POST commands would have to be HTTPS (data from
> client to server), and of course sensitive information would be returned
> HTTPS only.

Makes a lot of sense, but…

Wouldn’t you also have to require that all GET commands (or at lest GET
commands for strings containing a ? character) be sent via HTTPS?

In many cases, there’s little difference between the data disclosure
of a POST form vs. the disclosure achieved with GET URL?attribute=value&…

Indeed, there are multiple libraries out there which allow one to treat
the variables from POST data and the variables from GET “query strings”
as virtually identical. I suspect that in most cases, the only reason
said libraries distinguish is to maintain namespace separation in case of
collisions (since query strings can also be applied to POST requests).

> Why doesn't that exist?

Because developers are lazy?

Owen

Re: Impacts of Encryption Everywhere (any solution?)

On 29/May/18 18:03, Eric Kuhnke wrote:

> Based on my experience a couple of years ago while in West Africa:
>
> If you look at the BGP adjacencies and bidirectional traceroutes for ISPs
> in Sierra Leone or Liberia; Freetown and Monrovia are both are logically
> suburbs of London. Just with much higher transport latencies via the
> submarine fiber link and then transport from UK cable landing station to
> the IX points in London.
>
> The situation is a bit different in Accra, Ghana which is a much larger and
> more economically developed market, and has IXes and ISPs that peer with
> each other domestically.

West Africa has generally lagged a little behind compared to Eastern and
Southern Africa, with regard to closing connectivity gaps within the
local and regional space. The good news is that places such as Ghana and
Nigeria have made excellent strides in fixing this, as you point out.

The work being done by AfPIF (part of ISOC), AFRINIC and a bunch of
country- and region-level NOG's has gone a long a way in promoting local
and regional connectivity through traditional and other means, and we
have seen the fruits of that labour.

Mark.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Eric Kuhnke

Based on my experience a couple of years ago while in West Africa:

If you look at the BGP adjacencies and bidirectional traceroutes for ISPs
in Sierra Leone or Liberia; Freetown and Monrovia are both are logically
suburbs of London. Just with much higher transport latencies via the
submarine fiber link and then transport from UK cable landing station to
the IX points in London.

The situation is a bit different in Accra, Ghana which is a much larger and
more economically developed market, and has IXes and ISPs that peer with
each other domestically.

On Tue, May 29, 2018 at 8:23 AM, Randy Bush  wrote:

> northerners who have never traveled pontificating about africa might, or
> might not, be interested in
>
> https://afrinic.net/blog/333-revealing-latency-clusters-in-africa
>
> randy
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Randy Bush

northerners who have never traveled pontificating about africa might, or
might not, be interested in

https://afrinic.net/blog/333-revealing-latency-clusters-in-africa

randy

Re: Impacts of Encryption Everywhere (any solution?)




On 29/May/18 17:09, Andy Ringsmuth wrote:

> If you’re in $TinyVillage in $PoorAfricanCountry, do you even have a bank 
> account or an online identity that could be stolen?

Bank accounts are so 2018...

    https://en.wikipedia.org/wiki/M-Pesa

Where've you been, man :-)...

Mark.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Andy Ringsmuth



> On May 29, 2018, at 9:44 AM, Leo Bicknell  wrote:
> 
> Basically, while you presented the "pro" side of unencrypted content
> (being able to cache), you didn't present any of the negative side.
> I have to wonder if the villagers were given a choice of faster
> internet, where 5% of them had their bank account cleaned out, and 5%
> had their identity stolen, or slower, secure internet which they would
> choose?

If you’re in $TinyVillage in $PoorAfricanCountry, do you even have a bank 
account or an online identity that could be stolen?

Just my $0.02 on this increasingly off-topic thread.


Andy Ringsmuth
a...@newslink.com
News Link – Manager Technology, Travel & Facilities
2201 Winthrop Rd., Lincoln, NE 68502-4158
(402) 475-6397(402) 304-0083 cellular

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Leo Bicknell

In a message written on Mon, May 28, 2018 at 09:23:09AM -0500, Mike Hammett 
wrote:
> However, this could be wildly improved with caching ala squid or something 
> similar. The problem is that encrypted content is difficult to impossible for 
> your average Joe to cache. The rewards for implementing caching are greatly 
> mitigated and people like this must suffer a worse Internet experience 
> because of some ideological high horse in a far-off land.
> 
> Some things certainly do need to be encrypted, but encrypting everything 
> means people with limited Internet access get worse performance OR mechanisms 
> have to be out in place to break ALL encryption, this compromising security 
> and privacy when it's really needed.

I'm going to take this question head on, as opposed to the many tangents
in this thread.

The Internet lived in the world you described, and a lot of people
learned a lot of things along the way.  Perhaps the most important
lessons:

- Users cannot be trusted to check if there is a "secure" indicator
  before sending sensitive information.

- Users cannot tell the difference between two "secure" sites, one of
  which is a phishing site that just happens to have a certificate.

- There is no algorithmic way to determine if mixed mode content is
  "safe".

- Web site operators seem incapable of maintaining white lists of 
  safe mixed mode content.

- Mixed mode content is not safe due to browser bugs.

- Once users have been trained that it's ok to send content via some
  insecure channels, it's nearly impossible to untrain them of it 
  later.

Basically, while you presented the "pro" side of unencrypted content
(being able to cache), you didn't present any of the negative side.
I have to wonder if the villagers were given a choice of faster
internet, where 5% of them had their bank account cleaned out, and 5%
had their identity stolen, or slower, secure internet which they would
choose?

Want a technological solution?  It exists!  Signed content.  I've always
been baffled why there isn't a way to serve up HTTP signed (but not
encrypted) content.  I'd imagine the way it would work is:

1) Initial connection had to be HTTPS encrypted to create a full
   encrypted channel.

2) Additional assets could then be downloaded as HTTPS, or as HTTP +
   Signature.  Signature must be from the same certificate as the
   HTTPS data.

The http+signature data could then be cashed just fine, and stored in
the clear.  The web site could determine what to serve up that way to
maintain security.  All POST commands would have to be HTTPS (data from
client to server), and of course sensitive information would be returned
HTTPS only.

Why doesn't that exist?

-- 
Leo Bicknell - bickn...@ufp.org
PGP keys at http://www.ufp.org/~bicknell/

signature.asc
Description: PGP signature

Re: Impacts of Encryption Everywhere (any solution?)

On 29/May/18 16:16, John R. Levine wrote:

>
> My goodness, aren't we condescending.  Since we're talking about Kenya
> here, a few milliseconds of research reminds us that it's a
> significant agricultural exporter.  Agricultural development there is
> generally about better use of existing land.
>
> You might also want to learn about M-Pesa, the mobile phone payment
> system that everybody uses.  Stores all have a sign with their M-Pesa
> number so you can pay them, and there are kiosks all over Nairobi that
> will exchange M-Pesa credit and cash.  The 1GB data bundles I
> mentioned are large ones. You can get 7MB for a day or 5MB for a week
> for 5c, which is plenty to check your messages or look up farm prices.
>
> People in Africa may be poorer than we are, but they are just as smart
> as we are, and they are just as able and interested in technology when
> it is useful to them.

It's pretty difficult to articulate this sort of thing unless someone
has actually traveled to and experienced a destination, and its peoples,
on their own.

Having had the opportunity to travel the world over the past 2 or more
decades, I've been eagerly disillusioned by what I thought a lot of
countries were either capable of, or not capable of. What I learned...
you can't armchair reality.

The Internet in Indonesia is the very same Internet in Eritrea, as it is
in Canada. We can't quite split that...

Mark.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Mike Hammett

I know who you have and it's easily found who you use. 

I was implying exactly what "ML" said". 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Matt Hoppes"  
To: "Mike Hammett"  
Cc: nanog@nanog.org 
Sent: Tuesday, May 29, 2018 9:24:41 AM 
Subject: Re: Impacts of Encryption Everywhere (any solution?) 

Multiple providers. I don’t think I should publicly name them for various 
reasons. You are a smart man though and can probably figure it out from BGP 
peering tables. 

> On May 29, 2018, at 10:17, Mike Hammett  wrote: 
> 
> Is that PennRen\Kinber? 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> 
> Midwest Internet Exchange 
> 
> The Brothers WISP 
> 
> - Original Message - 
> 
> From: "Matt Hoppes"  
> To: "Lamar Owen"  
> Cc: nanog@nanog.org 
> Sent: Tuesday, May 29, 2018 8:27:17 AM 
> Subject: Re: Impacts of Encryption Everywhere (any solution?) 
> 
> I am incredibly rural in Pennsylvania and pay about $.50 per megabit. 
> 
>>> On May 29, 2018, at 09:23, Lamar Owen  wrote: 
>>> 
>>> On 05/28/2018 06:13 PM, Matthew Petach wrote: 
>>> Your 200mbit/sec link that costs you $300 in hardware 
>>> is going to cost you $4960/month to actually get IP traffic 
>>> across, in Nairobi. Yes, that's about $60,000/year. 
>> I live in the US of A, and this is what 200Mb/s roughly would cost me as 
>> well here in Rural Monopoly-land. Rural ILEC also has the CATV business, 
>> and, well, they are _not_ going to run cable up here. I've actually priced 
>> 150Mb/s bandwidth from the ILEC over the years; in 2003 the cost would have 
>> been about $100,000 per month. As of five years ago 10Mb/s symmetrical cost 
>> roughly $1,000 per month, the lion's share of that being per-mile NECA 
>> Tariff 5 transport costs. 
>> 
>> The terrain here prevents fixed wireless. The terrain also prevents 
>> satellite comms to the Clarke belt (mountain to the south with trees on US 
>> Forest Service property in the line of sight). I get 1XRTT in one room of my 
>> house when the humidity is below 70% and it's winter, and once in a blue 
>> moon 3G will light up, but it's not stable enough to actually use; it's the 
>> speed of dialup. If I traipse about a hundred yards up the mountain to the 
>> south (onto US Forest Service property, so, no repeater for me) I can get 
>> semi-usable 4G; nothing like being in the middle of the woods with an active 
>> black bear population trying to get a usable signal. 
>> 
>> I'm paying $50 per month for 7/0.5 DSL (I might add that they provide 
>> excellent DSL that has been extremely reliable) from the only ISP available 
>> in the area. 
>> 
>> I remember a usable web experience not too long ago on 28.8K/33.6K dialup 
>> (it was quite a while before said ILEC got a 56K-capable modem bank). DSL 
>> started out here at 384k/128k. On the positive side, we have a very low 
>> oversubscription ratio, so I actually get the full bandwidth the majority of 
>> the time, even video streaming. I also know all the network engineers there, 
>> too, and that also has its advantages. 
>> 
>> (Yes, I am aware that rural living is a choice, and there are things worth a 
>> great deal more than bandwidth, that it's a tradeoff, etc.) 
>> 
>> So it's not just '3rd-world' countries with expensive bandwidth. 
>> 
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Matt Hoppes

Multiple providers. I don’t think I should publicly name them for various 
reasons.  You are a smart man though and can probably figure it out from BGP 
peering tables.

> On May 29, 2018, at 10:17, Mike Hammett  wrote:
> 
> Is that PennRen\Kinber? 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> 
> Midwest Internet Exchange 
> 
> The Brothers WISP 
> 
> - Original Message -
> 
> From: "Matt Hoppes"  
> To: "Lamar Owen"  
> Cc: nanog@nanog.org 
> Sent: Tuesday, May 29, 2018 8:27:17 AM 
> Subject: Re: Impacts of Encryption Everywhere (any solution?) 
> 
> I am incredibly rural in Pennsylvania and pay about $.50 per megabit. 
> 
>>> On May 29, 2018, at 09:23, Lamar Owen  wrote: 
>>> 
>>> On 05/28/2018 06:13 PM, Matthew Petach wrote: 
>>> Your 200mbit/sec link that costs you $300 in hardware 
>>> is going to cost you $4960/month to actually get IP traffic 
>>> across, in Nairobi. Yes, that's about $60,000/year. 
>> I live in the US of A, and this is what 200Mb/s roughly would cost me as 
>> well here in Rural Monopoly-land. Rural ILEC also has the CATV business, 
>> and, well, they are _not_ going to run cable up here. I've actually priced 
>> 150Mb/s bandwidth from the ILEC over the years; in 2003 the cost would have 
>> been about $100,000 per month. As of five years ago 10Mb/s symmetrical cost 
>> roughly $1,000 per month, the lion's share of that being per-mile NECA 
>> Tariff 5 transport costs. 
>> 
>> The terrain here prevents fixed wireless. The terrain also prevents 
>> satellite comms to the Clarke belt (mountain to the south with trees on US 
>> Forest Service property in the line of sight). I get 1XRTT in one room of my 
>> house when the humidity is below 70% and it's winter, and once in a blue 
>> moon 3G will light up, but it's not stable enough to actually use; it's the 
>> speed of dialup. If I traipse about a hundred yards up the mountain to the 
>> south (onto US Forest Service property, so, no repeater for me) I can get 
>> semi-usable 4G; nothing like being in the middle of the woods with an active 
>> black bear population trying to get a usable signal. 
>> 
>> I'm paying $50 per month for 7/0.5 DSL (I might add that they provide 
>> excellent DSL that has been extremely reliable) from the only ISP available 
>> in the area. 
>> 
>> I remember a usable web experience not too long ago on 28.8K/33.6K dialup 
>> (it was quite a while before said ILEC got a 56K-capable modem bank). DSL 
>> started out here at 384k/128k. On the positive side, we have a very low 
>> oversubscription ratio, so I actually get the full bandwidth the majority of 
>> the time, even video streaming. I also know all the network engineers there, 
>> too, and that also has its advantages. 
>> 
>> (Yes, I am aware that rural living is a choice, and there are things worth a 
>> great deal more than bandwidth, that it's a tradeoff, etc.) 
>> 
>> So it's not just '3rd-world' countries with expensive bandwidth. 
>> 
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread ML


$100M+ in federal dollars goes a long way.


On 5/29/2018 10:17 AM, Mike Hammett wrote:

Is that PennRen\Kinber?




-
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

- Original Message -

From: "Matt Hoppes" 
To: "Lamar Owen" 
Cc: nanog@nanog.org
Sent: Tuesday, May 29, 2018 8:27:17 AM
Subject: Re: Impacts of Encryption Everywhere (any solution?)

I am incredibly rural in Pennsylvania and pay about $.50 per megabit.


On May 29, 2018, at 09:23, Lamar Owen  wrote:


On 05/28/2018 06:13 PM, Matthew Petach wrote:
Your 200mbit/sec link that costs you $300 in hardware
is going to cost you $4960/month to actually get IP traffic
across, in Nairobi. Yes, that's about $60,000/year.

I live in the US of A, and this is what 200Mb/s roughly would cost me as well 
here in Rural Monopoly-land. Rural ILEC also has the CATV business, and, well, 
they are _not_ going to run cable up here. I've actually priced 150Mb/s 
bandwidth from the ILEC over the years; in 2003 the cost would have been about 
$100,000 per month. As of five years ago 10Mb/s symmetrical cost roughly $1,000 
per month, the lion's share of that being per-mile NECA Tariff 5 transport 
costs.

The terrain here prevents fixed wireless. The terrain also prevents satellite 
comms to the Clarke belt (mountain to the south with trees on US Forest Service 
property in the line of sight). I get 1XRTT in one room of my house when the 
humidity is below 70% and it's winter, and once in a blue moon 3G will light 
up, but it's not stable enough to actually use; it's the speed of dialup. If I 
traipse about a hundred yards up the mountain to the south (onto US Forest 
Service property, so, no repeater for me) I can get semi-usable 4G; nothing 
like being in the middle of the woods with an active black bear population 
trying to get a usable signal.

I'm paying $50 per month for 7/0.5 DSL (I might add that they provide excellent 
DSL that has been extremely reliable) from the only ISP available in the area.

I remember a usable web experience not too long ago on 28.8K/33.6K dialup (it 
was quite a while before said ILEC got a 56K-capable modem bank). DSL started 
out here at 384k/128k. On the positive side, we have a very low 
oversubscription ratio, so I actually get the full bandwidth the majority of 
the time, even video streaming. I also know all the network engineers there, 
too, and that also has its advantages.

(Yes, I am aware that rural living is a choice, and there are things worth a 
great deal more than bandwidth, that it's a tradeoff, etc.)

So it's not just '3rd-world' countries with expensive bandwidth.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Mike Hammett

Is that PennRen\Kinber? 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Matt Hoppes"  
To: "Lamar Owen"  
Cc: nanog@nanog.org 
Sent: Tuesday, May 29, 2018 8:27:17 AM 
Subject: Re: Impacts of Encryption Everywhere (any solution?) 

I am incredibly rural in Pennsylvania and pay about $.50 per megabit. 

> On May 29, 2018, at 09:23, Lamar Owen  wrote: 
> 
>> On 05/28/2018 06:13 PM, Matthew Petach wrote: 
>> Your 200mbit/sec link that costs you $300 in hardware 
>> is going to cost you $4960/month to actually get IP traffic 
>> across, in Nairobi. Yes, that's about $60,000/year. 
> I live in the US of A, and this is what 200Mb/s roughly would cost me as well 
> here in Rural Monopoly-land. Rural ILEC also has the CATV business, and, 
> well, they are _not_ going to run cable up here. I've actually priced 150Mb/s 
> bandwidth from the ILEC over the years; in 2003 the cost would have been 
> about $100,000 per month. As of five years ago 10Mb/s symmetrical cost 
> roughly $1,000 per month, the lion's share of that being per-mile NECA Tariff 
> 5 transport costs. 
> 
> The terrain here prevents fixed wireless. The terrain also prevents satellite 
> comms to the Clarke belt (mountain to the south with trees on US Forest 
> Service property in the line of sight). I get 1XRTT in one room of my house 
> when the humidity is below 70% and it's winter, and once in a blue moon 3G 
> will light up, but it's not stable enough to actually use; it's the speed of 
> dialup. If I traipse about a hundred yards up the mountain to the south (onto 
> US Forest Service property, so, no repeater for me) I can get semi-usable 4G; 
> nothing like being in the middle of the woods with an active black bear 
> population trying to get a usable signal. 
> 
> I'm paying $50 per month for 7/0.5 DSL (I might add that they provide 
> excellent DSL that has been extremely reliable) from the only ISP available 
> in the area. 
> 
> I remember a usable web experience not too long ago on 28.8K/33.6K dialup (it 
> was quite a while before said ILEC got a 56K-capable modem bank). DSL started 
> out here at 384k/128k. On the positive side, we have a very low 
> oversubscription ratio, so I actually get the full bandwidth the majority of 
> the time, even video streaming. I also know all the network engineers there, 
> too, and that also has its advantages. 
> 
> (Yes, I am aware that rural living is a choice, and there are things worth a 
> great deal more than bandwidth, that it's a tradeoff, etc.) 
> 
> So it's not just '3rd-world' countries with expensive bandwidth. 
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread John R. Levine


I am sure these third world nations have more important things to spend
their money on rather than data plans and data devices. Things like food
and medicine come to mind...


My goodness, aren't we condescending.  Since we're talking about Kenya 
here, a few milliseconds of research reminds us that it's a significant 
agricultural exporter.  Agricultural development there is generally about 
better use of existing land.


You might also want to learn about M-Pesa, the mobile phone payment system 
that everybody uses.  Stores all have a sign with their M-Pesa number so 
you can pay them, and there are kiosks all over Nairobi that will exchange 
M-Pesa credit and cash.  The 1GB data bundles I mentioned are large ones. 
You can get 7MB for a day or 5MB for a week for 5c, which is plenty to 
check your messages or look up farm prices.


People in Africa may be poorer than we are, but they are just as smart as 
we are, and they are just as able and interested in technology when it is 
useful to them.


R's,
John

Re: Impacts of Encryption Everywhere (any solution?)

I guess not all rurals are the same.

In my parts, being rural could mean not having a 2G/3G signal until you
have to climb a tree... not literally, but you get my point.

Mark.

On 29/May/18 15:27, Matt Hoppes wrote:

> I am incredibly rural in Pennsylvania and pay about $.50 per megabit. 
>
>> On May 29, 2018, at 09:23, Lamar Owen  wrote:
>>
>>> On 05/28/2018 06:13 PM, Matthew Petach wrote:
>>> Your 200mbit/sec link that costs you $300 in hardware
>>> is going to cost you $4960/month to actually get IP traffic
>>> across, in Nairobi.   Yes, that's about $60,000/year.
>> I live in the US of A, and this is what 200Mb/s roughly would cost me as 
>> well here in Rural Monopoly-land.  Rural ILEC also has the CATV business, 
>> and, well, they are _not_ going to run cable up here.  I've actually priced 
>> 150Mb/s bandwidth from the ILEC over the years; in 2003 the cost would have 
>> been about $100,000 per month. As of five years ago 10Mb/s symmetrical cost 
>> roughly $1,000 per month, the lion's share of that being per-mile NECA 
>> Tariff 5 transport costs.
>>
>> The terrain here prevents fixed wireless.  The terrain also prevents 
>> satellite comms to the Clarke belt (mountain to the south with trees on US 
>> Forest Service property in the line of sight).  I get 1XRTT in one room of 
>> my house when the humidity is below 70% and it's winter, and once in a blue 
>> moon 3G will light up, but it's not stable enough to actually use; it's the 
>> speed of dialup.  If I traipse about a hundred yards up the mountain to the 
>> south (onto US Forest Service property, so, no repeater for me) I can get 
>> semi-usable 4G; nothing like being in the middle of the woods with an active 
>> black bear population trying to get a usable signal.
>>
>> I'm paying $50 per month for 7/0.5 DSL (I might add that they provide 
>> excellent DSL that has been extremely reliable) from the only ISP available 
>> in the area.
>>
>> I remember a usable web experience not too long ago on 28.8K/33.6K dialup 
>> (it was quite a while before said ILEC got a 56K-capable modem bank).  DSL 
>> started out here at 384k/128k.  On the positive side, we have a very low 
>> oversubscription ratio, so I actually get the full bandwidth the majority of 
>> the time, even video streaming. I also know all the network engineers there, 
>> too, and that also has its advantages.
>>
>> (Yes, I am aware that rural living is a choice, and there are things worth a 
>> great deal more than bandwidth, that it's a tradeoff, etc.)
>>
>> So it's not just '3rd-world' countries with expensive bandwidth.
>>
> .
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Matt Hoppes

I am incredibly rural in Pennsylvania and pay about $.50 per megabit. 

> On May 29, 2018, at 09:23, Lamar Owen  wrote:
> 
>> On 05/28/2018 06:13 PM, Matthew Petach wrote:
>> Your 200mbit/sec link that costs you $300 in hardware
>> is going to cost you $4960/month to actually get IP traffic
>> across, in Nairobi.   Yes, that's about $60,000/year.
> I live in the US of A, and this is what 200Mb/s roughly would cost me as well 
> here in Rural Monopoly-land.  Rural ILEC also has the CATV business, and, 
> well, they are _not_ going to run cable up here.  I've actually priced 
> 150Mb/s bandwidth from the ILEC over the years; in 2003 the cost would have 
> been about $100,000 per month. As of five years ago 10Mb/s symmetrical cost 
> roughly $1,000 per month, the lion's share of that being per-mile NECA Tariff 
> 5 transport costs.
> 
> The terrain here prevents fixed wireless.  The terrain also prevents 
> satellite comms to the Clarke belt (mountain to the south with trees on US 
> Forest Service property in the line of sight).  I get 1XRTT in one room of my 
> house when the humidity is below 70% and it's winter, and once in a blue moon 
> 3G will light up, but it's not stable enough to actually use; it's the speed 
> of dialup.  If I traipse about a hundred yards up the mountain to the south 
> (onto US Forest Service property, so, no repeater for me) I can get 
> semi-usable 4G; nothing like being in the middle of the woods with an active 
> black bear population trying to get a usable signal.
> 
> I'm paying $50 per month for 7/0.5 DSL (I might add that they provide 
> excellent DSL that has been extremely reliable) from the only ISP available 
> in the area.
> 
> I remember a usable web experience not too long ago on 28.8K/33.6K dialup (it 
> was quite a while before said ILEC got a 56K-capable modem bank).  DSL 
> started out here at 384k/128k.  On the positive side, we have a very low 
> oversubscription ratio, so I actually get the full bandwidth the majority of 
> the time, even video streaming. I also know all the network engineers there, 
> too, and that also has its advantages.
> 
> (Yes, I am aware that rural living is a choice, and there are things worth a 
> great deal more than bandwidth, that it's a tradeoff, etc.)
> 
> So it's not just '3rd-world' countries with expensive bandwidth.
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Lamar Owen


On 05/28/2018 06:13 PM, Matthew Petach wrote:

Your 200mbit/sec link that costs you $300 in hardware
is going to cost you $4960/month to actually get IP traffic
across, in Nairobi.   Yes, that's about $60,000/year.
I live in the US of A, and this is what 200Mb/s roughly would cost me as 
well here in Rural Monopoly-land.  Rural ILEC also has the CATV 
business, and, well, they are _not_ going to run cable up here.  I've 
actually priced 150Mb/s bandwidth from the ILEC over the years; in 2003 
the cost would have been about $100,000 per month. As of five years ago 
10Mb/s symmetrical cost roughly $1,000 per month, the lion's share of 
that being per-mile NECA Tariff 5 transport costs.


The terrain here prevents fixed wireless.  The terrain also prevents 
satellite comms to the Clarke belt (mountain to the south with trees on 
US Forest Service property in the line of sight).  I get 1XRTT in one 
room of my house when the humidity is below 70% and it's winter, and 
once in a blue moon 3G will light up, but it's not stable enough to 
actually use; it's the speed of dialup.  If I traipse about a hundred 
yards up the mountain to the south (onto US Forest Service property, so, 
no repeater for me) I can get semi-usable 4G; nothing like being in the 
middle of the woods with an active black bear population trying to get a 
usable signal.


I'm paying $50 per month for 7/0.5 DSL (I might add that they provide 
excellent DSL that has been extremely reliable) from the only ISP 
available in the area.


I remember a usable web experience not too long ago on 28.8K/33.6K 
dialup (it was quite a while before said ILEC got a 56K-capable modem 
bank).  DSL started out here at 384k/128k.  On the positive side, we 
have a very low oversubscription ratio, so I actually get the full 
bandwidth the majority of the time, even video streaming. I also know 
all the network engineers there, too, and that also has its advantages.


(Yes, I am aware that rural living is a choice, and there are things 
worth a great deal more than bandwidth, that it's a tradeoff, etc.)


So it's not just '3rd-world' countries with expensive bandwidth.

Re: Impacts of Encryption Everywhere (any solution?)

On 29/May/18 10:40, Nick Hilliard wrote:

>  
>
> it's a term which refers to post-WWII militarily non-aligned
> countries, for example Kenya, Switzerland, Sweden or the DRC. 
> Obviously there is a clear correlation between mobile data coverage
> quality and political neutrality stances - I don't understand why you
> can't see this.

My refrain was tongue-in-cheek.

I know its etymology being rooted in military alignment. However, I'm
referring to it from the evolution of the term being associated with
poverty in recent years/decades. I've never quite heard anyone call
Switzerland a 3rd world country.

If someone thinks (lack of) political neutrality is a guaranteed measure
of mobile data coverage and penetration, the Chinese and Malaysians must
be doing something different; being 2nd and 3rd world countries and all
:-)...

But seriously, let's try to stay on-topic.

Mark.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Scott Weeks

I believe you were responding to me, but it was really 
hard to tell.  If so, here's the conversation...

> Also, please don't just look at continental countries 
> when researching.  Look at the small PICs (Pacific 
> Island Countries).  For example, search the posts from 
> Christian on Kiribati on the PICISOC list.  The cost is 
> extraordinary and all the ego-flattering bloat rsk 
> speaks (relevant part of the post id below) of in very 
> expensive to download and is nearly impossible to stop.

--- b...@6by7.net wrote:
From: Ben Cannon 

Then Africa in particular is specifically disadvantaged 
- I spent a good deal of time in Haiti and 4G connectivity 
was abundant at good speeds, as were terrestrial fiber 
connections. 

Mirrors my experience in half a dozen other 3rd world 
countries.  Unless there’s something particularly 
oppressive about Africa?
--

I guess I was more meaning in the Pacific, since I'm 
from there.  And more particularly places like Kiribati, 
Cook Islands, Marquesas and other far flung Pacific 
Island Countries.  My apologies for the confusion. Hati 
and other countries close to a rich mainland country 
do not suffer the same issues due to geography.

scott

ps.  lately the SW Pacific countries (Vanuatu, Solomons, 
etc) are getting it together on circuits to main islands 
in the group from help by NZ, AUS and the Asian 
Development Bank.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-29 Thread Ben Cannon

Then Africa in particular is specifically disadvantaged - I spent a good deal 
of time in Haiti and 4G connectivity was abundant at good speeds, as were 
terrestrial fiber connections. 

Mirrors my experience in half a dozen other 3rd world countries.  Unless 
there’s something particularly oppressive about Africa?

> On May 28, 2018, at 5:06 PM, Scott Weeks  wrote:
> 
> --- mpet...@netflight.com wrote:
> From: Matthew Petach 
> On Mon, May 28, 2018 at 11:22 AM, Ben Cannon  wrote:
> 
>> I’m sorry I simply believe that in 2018 with the advanced and cheap ptp
>> radio (ubiquiti anyone? $300 and I have a 200mbit/sec link over 10miles!
>> Spend a bit more and go 100km) plus the advancements in cubesats about to
>> be launched, even the 3rd world can simply get with the times.
> 
> I do not think you adequately understand the economics of the
> situation.
> 
> https://www.slideshare.net/InternetSociety/international-bandwidth-and-pricing-trends-in-subsahara-africa-79147043
> 
> slide 22, IP transit cost.
> 
> Your 200mbit/sec link that costs you $300 in hardware
> is going to cost you $4960/month to actually get IP traffic
> across, in Nairobi.   Yes, that's about $60,000/year.
> 
> Could *you* afford to "get with the times" if that's what
> your bandwidth was going to cost you?
> 
> Please, do a little research on what the real
> costs are before telling others they need to
> "simply get with the times."
> -
> 
> 
> 
> Also, please don't just look at continental countries 
> when researching.  Look at the small PICs (Pacific 
> Island Countries).  For example, search the posts from 
> Christian on Kiribati on the PICISOC list.  The cost is 
> extraordinary and all the ego-flattering bloat rsk 
> speaks (relevant part of the post id below) of in very 
> expensive to download and is nearly impossible to stop.
> 
> scott
> 
> 
> 
> * 
>> The problem (part of the problem) is that the people doing these foolish 
>> things are new, ignorant, and privileged: they don't realize that bandwidth 
>> is still an expensive and scarce resource for most of the planet. I've 
>> said for years that every web designer should be forced to work in an 
>> environment bandlimited to 56K in order to instll in them the virtue 
>> of frugality and strongly discourage them from flattering their egos 
>> by creating all-singing all-dancing web sites...that look great in the 
>> portfolios they'll show to their peers but are horribly bloated, slow, 
>> unrenderable in a lot of browsers, and fraught with security and privacy 
>> problems. (Try pointing a text-only browser at your favorite website. 
>> Can you even read the home page?) 
> 
> 
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Mark Tinka




On 29/May/18 04:55, Matthew Petach wrote:

>
> Math.^_^;
>
> 1GB of volume over the course of a month is 3kb/sec sustained
> throughput over the month.  (10*8/(86400*30))
>
> $5 per 3kbit/sec means that 155mbit link would cost...$251,100/month.
> (15500/((10*8)/(86400*30))*5)
>
> We call that "Time Domain Multiplexing-based profits".
>
> Comparing volumetric pricing with rate-based pricing
> is one of the best ways of tucking in *lots* of room for
> profit.:)

Actual bandwidth isn't bad at all - so that 1GB can go rapidly.

Practically, networks and customers all find ways to get that 1GB (or
50MB) to take them as far as it impossibly can.

Mark.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Mark Tinka




On 29/May/18 04:24, John R. Levine wrote:

>  
>
> Nonetheless, Safaricom sells entirely usable data plans.  A one day
> 1GB bundle on a prepaid SIM costs about $1, a monthly 1GB costs about
> $5.  They have 4G, it works, I've used it.
>
> What do they know that Telegeography (who made that slide) doesn't?

4G coverage is not country-wide.

A lot of folk still earn less than US$1/day.

Nairobi isn't Kenya...

Mark.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Matthew Petach

On Mon, May 28, 2018 at 7:24 PM, John R. Levine  wrote:

> In article  gmail.com>,
> Matthew Petach   wrote:
>
>> Your 200mbit/sec link that costs you $300 in hardware
>> is going to cost you $4960/month to actually get IP traffic
>> across, in Nairobi.   Yes, that's about $60,000/year.
>>
>
> Nonetheless, Safaricom sells entirely usable data plans.  A one day
> 1GB bundle on a prepaid SIM costs about $1, a monthly 1GB costs about
> $5.  They have 4G, it works, I've used it.
>
> What do they know that Telegeography (who made that slide) doesn't?


Math.^_^;

1GB of volume over the course of a month is 3kb/sec sustained
throughput over the month.  (10*8/(86400*30))

$5 per 3kbit/sec means that 155mbit link would cost...$251,100/month.
(15500/((10*8)/(86400*30))*5)

We call that "Time Domain Multiplexing-based profits".

Comparing volumetric pricing with rate-based pricing
is one of the best ways of tucking in *lots* of room for
profit.:)

Matt

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Mike Lyon

I am sure these third world nations have more important things to spend
their money on rather than data plans and data devices. Things like food
and medicine come to mind...

In none of the Starving Children in Africa commercials have I ever seen
anyone with a smart phone...

It appears Nairobi proper has decent cell coverage, but the outskirt
villages and such don't appear all that well covered. I am guessing these
are the poorer areas.

To check out the 3 cellular providers coverage maps in Kenya, check out the
maps located here:

https://opensignal.com/networks

-Mike

On Mon, May 28, 2018 at 7:24 PM, John R. Levine  wrote:

> In article  gmail.com>,
> Matthew Petach   wrote:
>
>> Your 200mbit/sec link that costs you $300 in hardware
>> is going to cost you $4960/month to actually get IP traffic
>> across, in Nairobi.   Yes, that's about $60,000/year.
>>
>
> Nonetheless, Safaricom sells entirely usable data plans.  A one day
> 1GB bundle on a prepaid SIM costs about $1, a monthly 1GB costs about
> $5.  They have 4G, it works, I've used it.
>
> What do they know that Telegeography (who made that slide) doesn't?
>
> --
> Regards,
> John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for
> Dummies",
> Please consider the environment before reading this e-mail. https://jl.ly
>
>

-- 
Mike Lyon
mike.l...@gmail.com
http://www.linkedin.com/in/mlyon

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread John R. Levine


In article 
,
Matthew Petach   wrote:

Your 200mbit/sec link that costs you $300 in hardware
is going to cost you $4960/month to actually get IP traffic
across, in Nairobi.   Yes, that's about $60,000/year.


Nonetheless, Safaricom sells entirely usable data plans.  A one day
1GB bundle on a prepaid SIM costs about $1, a monthly 1GB costs about
$5.  They have 4G, it works, I've used it.

What do they know that Telegeography (who made that slide) doesn't?

--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Scott Weeks

--- mpet...@netflight.com wrote:
From: Matthew Petach 
On Mon, May 28, 2018 at 11:22 AM, Ben Cannon  wrote:

> I’m sorry I simply believe that in 2018 with the advanced and cheap ptp
> radio (ubiquiti anyone? $300 and I have a 200mbit/sec link over 10miles!
> Spend a bit more and go 100km) plus the advancements in cubesats about to
> be launched, even the 3rd world can simply get with the times.

I do not think you adequately understand the economics of the
situation.

https://www.slideshare.net/InternetSociety/international-bandwidth-and-pricing-trends-in-subsahara-africa-79147043

slide 22, IP transit cost.

Your 200mbit/sec link that costs you $300 in hardware
is going to cost you $4960/month to actually get IP traffic
across, in Nairobi.   Yes, that's about $60,000/year.

Could *you* afford to "get with the times" if that's what
your bandwidth was going to cost you?

Please, do a little research on what the real
costs are before telling others they need to
"simply get with the times."
-

Also, please don't just look at continental countries 
when researching.  Look at the small PICs (Pacific 
Island Countries).  For example, search the posts from 
Christian on Kiribati on the PICISOC list.  The cost is 
extraordinary and all the ego-flattering bloat rsk 
speaks (relevant part of the post id below) of in very 
expensive to download and is nearly impossible to stop.

scott

* 
> The problem (part of the problem) is that the people doing these foolish 
> things are new, ignorant, and privileged: they don't realize that bandwidth 
> is still an expensive and scarce resource for most of the planet. I've 
> said for years that every web designer should be forced to work in an 
> environment bandlimited to 56K in order to instll in them the virtue 
> of frugality and strongly discourage them from flattering their egos 
> by creating all-singing all-dancing web sites...that look great in the 
> portfolios they'll show to their peers but are horribly bloated, slow, 
> unrenderable in a lot of browsers, and fraught with security and privacy 
> problems. (Try pointing a text-only browser at your favorite website. 
> Can you even read the home page?)

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Matthew Petach

On Mon, May 28, 2018 at 11:22 AM, Ben Cannon  wrote:

> I’m sorry I simply believe that in 2018 with the advanced and cheap ptp
> radio (ubiquiti anyone? $300 and I have a 200mbit/sec link over 10miles!
> Spend a bit more and go 100km) plus the advancements in cubesats about to
> be launched, even the 3rd world can simply get with the times.
>
> -Ben
>

Hi Ben,

I do not think you adequately understand the economics of the
situation.

https://www.slideshare.net/InternetSociety/international-bandwidth-and-pricing-trends-in-subsahara-africa-79147043

slide 22, IP transit cost.

Your 200mbit/sec link that costs you $300 in hardware
is going to cost you $4960/month to actually get IP traffic
across, in Nairobi.   Yes, that's about $60,000/year.

Could *you* afford to "get with the times" if that's what
your bandwidth was going to cost you?

Please, do a little research on what the real
costs are before telling others they need to
"simply get with the times."

Thanks!

Matt

Re: Impacts of Encryption Everywhere (any solution?)

I know the fixed wireless space quite well. If there's no Internet to be had, 
it doesn't matter how quickly you can distribute it. 

He did say that (for whatever reason), relaying off of mountain-top sites to 
get to better connectivity wasn't a viable option. 

The yet-to-be-deployed satellite constellations don't do anyone any good today. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Ben Cannon"  
To: "Mike Hammett"  
Cc: nanog@nanog.org 
Sent: Monday, May 28, 2018 1:22:27 PM 
Subject: Re: Impacts of Encryption Everywhere (any solution?) 

I’m sorry I simply believe that in 2018 with the advanced and cheap ptp radio 
(ubiquiti anyone? $300 and I have a 200mbit/sec link over 10miles! Spend a bit 
more and go 100km) plus the advancements in cubesats about to be launched, even 
the 3rd world can simply get with the times. 

-Ben 

> On May 28, 2018, at 10:57 AM, Mike Hammett  wrote: 
> 
> To be fair, most of the conversation is people not realizing the OP is in a 
> third world country and believe that 1 mbit/s isn't enough for a single user 
> much less a village. 
> 
> https://www.facebook.com/groups/ubntedgeos/permalink/1046305928855488/ 
> 
> 
> Also, I think it's 40 kilotbit/s per user (so probably dial-up), not 40 
> kilobit/s for the whole village. The whole village may very well have 1 
> megabit/s worth of dial-up connections, but everyone potentially able to go 
> to 1 megabit is a lot more useful than capping each to 40 kilobit/s. 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> 
> Midwest Internet Exchange 
> 
> The Brothers WISP 
> 
> - Original Message - 
> 
> From: "Grant Taylor via NANOG"  
> To: nanog@nanog.org 
> Sent: Monday, May 28, 2018 11:17:10 AM 
> Subject: Re: Impacts of Encryption Everywhere (any solution?) 
> 
>> On 05/28/2018 08:23 AM, Mike Hammett wrote: 
>> To circle back to being somewhat on-topic, what mechanisms are available 
>> to maximize the amount of traffic someone in this situation could 
>> cache? The performance of third-world Internet depends on you. 
> 
> I've personally played with Squid's SSL-bump-in-the-wire mode (on my 
> personal systems) and was moderately happy with it. - I think that 
> such is a realistic possibility in the scenario that you describe. 
> 
> I would REQUIRE /open/ and /transparent/ communications from the ISP and 
> a *VERY* strict security control to the caching proxy. I would naively 
> like to believe that an ISP could establish a reputation with the 
> community and build a trust relationship such that the community was 
> somewhat okay with the SSL-bump-in-the-wire. 
> 
> It might even be worth leveraging WPAD or PAC to route specific URLs 
> direct to some places (banks, etc) to mitigate some of the security risk. 
> 
> I would also advocate another proxy on the upstream side of the 1 Mbps 
> connection (in the cloud if you will) primarily for the purpose of it 
> doing as much traffic optimization as possible. Have it fetch things 
> and deal with fragments so that it can homogenize the traffic before 
> it's sent across the across the slow link. I'd think seriously about 
> throwing some CPU (a single core off of any machine in the last 10 years 
> should be sufficient) at compression to try to stretch the bandwidth 
> between the two proxy servers. 
> 
> I'd also think seriously about a local root DNS zone slave downstream, 
> and any other zone that I could slave, for the purpose of minimizing the 
> number of queries that need to get pushed across the link. 
> 
> I've been assuming that this 1 Mbps link is terrestrial. Which means 
> that I'd also explore something like a satellite link with more 
> bandwidth. Sure the latency on it will be higher, but that can be 
> worked with. Particularly if you can use some intelligence to route 
> different CoS / ToS / DiffServ (DSCP) across the different links. 
> 
> I think there are options and things that can be done to make this viable. 
> 
> Also, considering that the village has been using a 40 kbps link, 
> sharing a 1 Mbps (or 1,000 kbps) link is going to be a LOT better than 
> it was. The question is, how do you stretch a good thing as far as 
> possible. 
> 
> Finally, will you please provide some pointers to the discussion you're 
> talking about? I'd like to read it if possible. 
> 
> 
> 
> -- 
> Grant. . . . 
> unix || die 
>

Re: Impacts of Encryption Everywhere (any solution?)

Once you become sensitized to the HTTPS warnings because 
www.dickandfartjokes.com needlessly has SSL (or your printer or switch's 
management interface for those of us not needing to proxy SSL traffic), you now 
no longer notice that your bank isn't secure. Being hyper-sensitive about SSL 
causes one to miss things that actually matter. 

HTTP works just fine over a 40 kb connection. That's all I could get out of my 
dial-up that I shared to four other computers until about 2004 when I started 
my WISP. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: na...@jack.fr.eu.org 
To: nanog@nanog.org 
Sent: Monday, May 28, 2018 11:37:46 AM 
Subject: Re: Impacts of Encryption Everywhere (any solution?) 

The "do not search a culprit" stuff: 
What is the point with encryption ? 

If your users have a very-low bandwidth, they will get a crappy service, 
with or without encryption 
This is our world, our http-based internet is NOT made for a 40k connection 


The "tip stuff": 
If you simply do not care about encryption, or are willing to trade 
privacy for caching because you have no-bandwidth, you can simply break SSL 
It costs nothing, and you will not mind the "red lock" (remember: trade-off) 


The "philosophical stuff": 
About your last part, you are absolutely right, this is a sad situation, 
yet not true 

Niklaus Wirth (the pascal guy) said in 1995: 
"Software gets slower faster than hardware gets faster." 
This has never been so true .. 

On 05/28/2018 06:09 PM, Mike Hammett wrote: 
> I can't imagine rural third-country villages have much influence over the 
> departments of the appropriate companies to affect all of the junk getting 
> added to sites these days. 
> 
> I'm also not foolish enough to think this thread will affect the 
> encrypt-everything crowd as it is more of a religion\ideology than a 
> practical matter. However, maybe it'll shed some light on technical ways of 
> dealing with this at the service-provider level or plant some doubt in 
> someone's mind the next time they think they need to encrypt non-sensitive 
> information. 
> 
> The same goes for all development. My phone is significantly slower today 
> than a couple years ago when new without a significant change in the amount 
> of stuff that I run because developers are lazy and fill the space the latest 
> platforms offer them. 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> 
> Midwest Internet Exchange 
> 
> The Brothers WISP 
> 
> ----- Original Message ----- 
> 
> From: "Rich Kulawiec"  
> To: nanog@nanog.org 
> Sent: Monday, May 28, 2018 10:00:36 AM 
> Subject: Re: Impacts of Encryption Everywhere (any solution?) 
> 
> On Mon, May 28, 2018 at 09:23:09AM -0500, Mike Hammett wrote: 
>> Some things certainly do need to be encrypted, but encrypting everything 
>> means people with limited Internet access get worse performance OR 
>> mechanisms have to be out in place to break ALL encryption, this 
>> compromising security and privacy when it's really needed. 
> 
> There are better places to reduce traffic while simultaneously enhancing 
> security and privacy. The new EU version of the home page of USA Today 
> is about 20% the size of the one presented in the US -- because it's 
> had all the tracking and scripting stripped out -- with a concomitant 
> reduction in load time and rendering time. Much more drastic reductions 
> are available elsewhere, e.g., mail messages composed of text only are 
> typically 5% to 10% the size of the same messages marked up with HTML. 
> 
> The problem (part of the problem) is that the people doing these foolish 
> things are new, ignorant, and privileged: they don't realize that bandwidth 
> is still an expensive and scarce resource for most of the planet. I've 
> said for years that every web designer should be forced to work in an 
> environment bandlimited to 56K in order to instll in them the virtue 
> of frugality and strongly discourage them from flattering their egos 
> by creating all-singing all-dancing web sites...that look great in the 
> portfolios they'll show to their peers but are horribly bloated, slow, 
> unrenderable in a lot of browsers, and fraught with security and privacy 
> problems. (Try pointing a text-only browser at your favorite website. 
> Can you even read the home page?) 
> 
> ---rsk 
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Ben Cannon

I’m sorry I simply believe that in 2018 with the advanced and cheap ptp radio 
(ubiquiti anyone? $300 and I have a 200mbit/sec link over 10miles! Spend a bit 
more and go 100km) plus the advancements in cubesats about to be launched, even 
the 3rd world can simply get with the times.

-Ben

> On May 28, 2018, at 10:57 AM, Mike Hammett  wrote:
> 
> To be fair, most of the conversation is people not realizing the OP is in a 
> third world country and believe that 1 mbit/s isn't enough for a single user 
> much less a village. 
> 
> https://www.facebook.com/groups/ubntedgeos/permalink/1046305928855488/ 
> 
> 
> Also, I think it's 40 kilotbit/s per user (so probably dial-up), not 40 
> kilobit/s for the whole village. The whole village may very well have 1 
> megabit/s worth of dial-up connections, but everyone potentially able to go 
> to 1 megabit is a lot more useful than capping each to 40 kilobit/s. 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> 
> Midwest Internet Exchange 
> 
> The Brothers WISP 
> 
> - Original Message -
> 
> From: "Grant Taylor via NANOG"  
> To: nanog@nanog.org 
> Sent: Monday, May 28, 2018 11:17:10 AM 
> Subject: Re: Impacts of Encryption Everywhere (any solution?) 
> 
>> On 05/28/2018 08:23 AM, Mike Hammett wrote: 
>> To circle back to being somewhat on-topic, what mechanisms are available 
>> to maximize the amount of traffic someone in this situation could 
>> cache? The performance of third-world Internet depends on you. 
> 
> I've personally played with Squid's SSL-bump-in-the-wire mode (on my 
> personal systems) and was moderately happy with it. - I think that 
> such is a realistic possibility in the scenario that you describe. 
> 
> I would REQUIRE /open/ and /transparent/ communications from the ISP and 
> a *VERY* strict security control to the caching proxy. I would naively 
> like to believe that an ISP could establish a reputation with the 
> community and build a trust relationship such that the community was 
> somewhat okay with the SSL-bump-in-the-wire. 
> 
> It might even be worth leveraging WPAD or PAC to route specific URLs 
> direct to some places (banks, etc) to mitigate some of the security risk. 
> 
> I would also advocate another proxy on the upstream side of the 1 Mbps 
> connection (in the cloud if you will) primarily for the purpose of it 
> doing as much traffic optimization as possible. Have it fetch things 
> and deal with fragments so that it can homogenize the traffic before 
> it's sent across the across the slow link. I'd think seriously about 
> throwing some CPU (a single core off of any machine in the last 10 years 
> should be sufficient) at compression to try to stretch the bandwidth 
> between the two proxy servers. 
> 
> I'd also think seriously about a local root DNS zone slave downstream, 
> and any other zone that I could slave, for the purpose of minimizing the 
> number of queries that need to get pushed across the link. 
> 
> I've been assuming that this 1 Mbps link is terrestrial. Which means 
> that I'd also explore something like a satellite link with more 
> bandwidth. Sure the latency on it will be higher, but that can be 
> worked with. Particularly if you can use some intelligence to route 
> different CoS / ToS / DiffServ (DSCP) across the different links. 
> 
> I think there are options and things that can be done to make this viable. 
> 
> Also, considering that the village has been using a 40 kbps link, 
> sharing a 1 Mbps (or 1,000 kbps) link is going to be a LOT better than 
> it was. The question is, how do you stretch a good thing as far as 
> possible. 
> 
> Finally, will you please provide some pointers to the discussion you're 
> talking about? I'd like to read it if possible. 
> 
> 
> 
> -- 
> Grant. . . . 
> unix || die 
>

Re: Impacts of Encryption Everywhere (any solution?)

To be fair, most of the conversation is people not realizing the OP is in a 
third world country and believe that 1 mbit/s isn't enough for a single user 
much less a village. 

https://www.facebook.com/groups/ubntedgeos/permalink/1046305928855488/ 

Also, I think it's 40 kilotbit/s per user (so probably dial-up), not 40 
kilobit/s for the whole village. The whole village may very well have 1 
megabit/s worth of dial-up connections, but everyone potentially able to go to 
1 megabit is a lot more useful than capping each to 40 kilobit/s. 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Grant Taylor via NANOG"  
To: nanog@nanog.org 
Sent: Monday, May 28, 2018 11:17:10 AM 
Subject: Re: Impacts of Encryption Everywhere (any solution?) 

On 05/28/2018 08:23 AM, Mike Hammett wrote: 
> To circle back to being somewhat on-topic, what mechanisms are available 
> to maximize the amount of traffic someone in this situation could 
> cache? The performance of third-world Internet depends on you. 

I've personally played with Squid's SSL-bump-in-the-wire mode (on my 
personal systems) and was moderately happy with it. - I think that 
such is a realistic possibility in the scenario that you describe. 

I would REQUIRE /open/ and /transparent/ communications from the ISP and 
a *VERY* strict security control to the caching proxy. I would naively 
like to believe that an ISP could establish a reputation with the 
community and build a trust relationship such that the community was 
somewhat okay with the SSL-bump-in-the-wire. 

It might even be worth leveraging WPAD or PAC to route specific URLs 
direct to some places (banks, etc) to mitigate some of the security risk. 

I would also advocate another proxy on the upstream side of the 1 Mbps 
connection (in the cloud if you will) primarily for the purpose of it 
doing as much traffic optimization as possible. Have it fetch things 
and deal with fragments so that it can homogenize the traffic before 
it's sent across the across the slow link. I'd think seriously about 
throwing some CPU (a single core off of any machine in the last 10 years 
should be sufficient) at compression to try to stretch the bandwidth 
between the two proxy servers. 

I'd also think seriously about a local root DNS zone slave downstream, 
and any other zone that I could slave, for the purpose of minimizing the 
number of queries that need to get pushed across the link. 

I've been assuming that this 1 Mbps link is terrestrial. Which means 
that I'd also explore something like a satellite link with more 
bandwidth. Sure the latency on it will be higher, but that can be 
worked with. Particularly if you can use some intelligence to route 
different CoS / ToS / DiffServ (DSCP) across the different links. 

I think there are options and things that can be done to make this viable. 

Also, considering that the village has been using a 40 kbps link, 
sharing a 1 Mbps (or 1,000 kbps) link is going to be a LOT better than 
it was. The question is, how do you stretch a good thing as far as 
possible. 

Finally, will you please provide some pointers to the discussion you're 
talking about? I'd like to read it if possible. 

-- 
Grant. . . . 
unix || die

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Rubens Kuhl

On Mon, May 28, 2018 at 1:55 PM, Keith Medcalf  wrote:

>
> >I'm also not foolish enough to think this thread will affect the
> >encrypt-everything crowd as it is more of a religion\ideology than a
> >practical matter. However, maybe it'll shed some light on technical
> >ways of dealing with this at the service-provider level or plant some
> >doubt in someone's mind the next time they think they need to encrypt
> >non-sensitive information.
>
> Good Luck, especially in light of the poo-for-brains at Google responsible
> for the Chrome browser who (wrongly) equate "secure" with Transport
> Encryption and "unsecure" with not having Transport Encryption; when all
> that Transport Encryption really implies is Transport Encryption and not
> much else.  It has little to do with whether or not a site is "secure".
> Generally speaking, I have found that sites engaging Transport Security are
> much more "unsecure" (as in subject to security breaches and flaws) than
> those that do not engage Transport Security for no reason.
>
> However, the poo-for-brains crowd will get everyone to engage Transport
> Security so the will be called "Secure", whether trustworthy or not.
>
>
Actually, starting July Chrome will no longer say "secure" for sites with
Transport Security. It will only say "not secure" for sites without, so it
will no longer provide the false impression of equating Transport Security
with Application/Operational Security.


Rubens

RE: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Keith Medcalf



>I'm also not foolish enough to think this thread will affect the
>encrypt-everything crowd as it is more of a religion\ideology than a
>practical matter. However, maybe it'll shed some light on technical
>ways of dealing with this at the service-provider level or plant some
>doubt in someone's mind the next time they think they need to encrypt
>non-sensitive information.

Good Luck, especially in light of the poo-for-brains at Google responsible for 
the Chrome browser who (wrongly) equate "secure" with Transport Encryption and 
"unsecure" with not having Transport Encryption; when all that Transport 
Encryption really implies is Transport Encryption and not much else.  It has 
little to do with whether or not a site is "secure".  Generally speaking, I 
have found that sites engaging Transport Security are much more "unsecure" (as 
in subject to security breaches and flaws) than those that do not engage 
Transport Security for no reason.

However, the poo-for-brains crowd will get everyone to engage Transport 
Security so the will be called "Secure", whether trustworthy or not.

---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Matt Erculiani

In addition to the "bump in the wire" you could also enable larger frame
sizes downstream since you're already completely disassembling and
reassembling the packets. Large downloads or uploads could see overhead go
from 3% at 1500B to about 0.5% at 9100B. It's not much but every little bit
counts. (Preamble, Ethernet, IP, and TCP headers all need be sent accross
the circuit less often to get the same amount of data through)

Looking only at the throughput of L4 payloads, you get:
1500 MTU = 956 kbps
9100 MTU = 992 kbps

That almost adds a whole additional home if my math is correct.

-Matt


On Mon, May 28, 2018, 11:17 Grant Taylor via NANOG  wrote:

> On 05/28/2018 08:23 AM, Mike Hammett wrote:
> > To circle back to being somewhat on-topic, what mechanisms are available
> > to maximize the amount of traffic someone in this situation could
> > cache? The performance of third-world Internet depends on you.
>
> I've personally played with Squid's SSL-bump-in-the-wire mode (on my
> personal systems) and was moderately happy with it.  -  I think that
> such is a realistic possibility in the scenario that you describe.
>
> I would REQUIRE /open/ and /transparent/ communications from the ISP and
> a *VERY* strict security control to the caching proxy.  I would naively
> like to believe that an ISP could establish a reputation with the
> community and build a trust relationship such that the community was
> somewhat okay with the SSL-bump-in-the-wire.
>
> It might even be worth leveraging WPAD or PAC to route specific URLs
> direct to some places (banks, etc) to mitigate some of the security risk.
>
> I would also advocate another proxy on the upstream side of the 1 Mbps
> connection (in the cloud if you will) primarily for the purpose of it
> doing as much traffic optimization as possible.  Have it fetch things
> and deal with fragments so that it can homogenize the traffic before
> it's sent across the across the slow link.  I'd think seriously about
> throwing some CPU (a single core off of any machine in the last 10 years
> should be sufficient) at compression to try to stretch the bandwidth
> between the two proxy servers.
>
> I'd also think seriously about a local root DNS zone slave downstream,
> and any other zone that I could slave, for the purpose of minimizing the
> number of queries that need to get pushed across the link.
>
> I've been assuming that this 1 Mbps link is terrestrial.  Which means
> that I'd also explore something like a satellite link with more
> bandwidth.  Sure the latency on it will be higher, but that can be
> worked with.  Particularly if you can use some intelligence to route
> different CoS / ToS / DiffServ (DSCP) across the different links.
>
> I think there are options and things that can be done to make this viable.
>
> Also, considering that the village has been using a 40 kbps link,
> sharing a 1 Mbps (or 1,000 kbps) link is going to be a LOT better than
> it was.  The question is, how do you stretch a good thing as far as
> possible.
>
> Finally, will you please provide some pointers to the discussion you're
> talking about?  I'd like to read it if possible.
>
>
>
> --
> Grant. . . .
> unix || die
>

RE: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Steve Mikulasik

Look at the Steam cache project, the generic downloader can also cache Windows 
Updates and most gaming services. I imagine Windows Updates would eat a lot of 
traffic.

https://github.com/steamcache



From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett
Sent: Monday, May 28, 2018 8:23 AM
To: 'NANOG list' 
Subject: Impacts of Encryption Everywhere (any solution?)

Has anyone outside of tech media, Silicon Valley or academia (all places wildly 
out of touch with the real world) put much thought into the impacts of 
encryption everywhere? So often we hear about how we need the best modern 
encryption on all forms of communication because of whatever scary thing is 
trendy this week (Russia, NSA, Google, whatever). HTTPS your marketing 
information and generic education pieces because of the boogeyman!

However, I recently came across a thread where someone was exploring getting a 
one megabit connection into their village and sharing it among many. The crowd 
I referenced earlier also believes you can't Internet under 100 megabit/s per 
home.

Apparently, the current best Internet the residents of the village can get is 
40 kilobit/s. Zero oversubscription gets a better service to up to 25 homes. 
Likely that could be stretched to at least 50 or 100 homes and be better than 
what they currently have. Forget about streaming video, let's just focus on web 
browsing and messaging.

However, this could be wildly improved with caching ala squid or something 
similar. The problem is that encrypted content is difficult to impossible for 
your average Joe to cache. The rewards for implementing caching are greatly 
mitigated and people like this must suffer a worse Internet experience because 
of some ideological high horse in a far-off land.

Some things certainly do need to be encrypted, but encrypting everything means 
people with limited Internet access get worse performance OR mechanisms have to 
be out in place to break ALL encryption, this compromising security and privacy 
when it's really needed.

To circle back to being somewhat on-topic, what mechanisms are available to 
maximize the amount of traffic someone in this situation could cache? The 
performance of third-world Internet depends on you.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread nanog

The "do not search a culprit" stuff:
What is the point with encryption ?

If your users have a very-low bandwidth, they will get a crappy service,
with or without encryption
This is our world, our http-based internet is NOT made for a 40k connection


The "tip stuff":
If you simply do not care about encryption, or are willing to trade
privacy for caching because you have no-bandwidth, you can simply break SSL
It costs nothing, and you will not mind the "red lock" (remember: trade-off)


The "philosophical stuff":
About your last part, you are absolutely right, this is a sad situation,
yet not true

Niklaus Wirth (the pascal guy) said in 1995:
"Software gets slower faster than hardware gets faster."
This has never been so true ..

On 05/28/2018 06:09 PM, Mike Hammett wrote:
> I can't imagine rural third-country villages have much influence over the 
> departments of the appropriate companies to affect all of the junk getting 
> added to sites these days. 
> 
> I'm also not foolish enough to think this thread will affect the 
> encrypt-everything crowd as it is more of a religion\ideology than a 
> practical matter. However, maybe it'll shed some light on technical ways of 
> dealing with this at the service-provider level or plant some doubt in 
> someone's mind the next time they think they need to encrypt non-sensitive 
> information. 
> 
> The same goes for all development. My phone is significantly slower today 
> than a couple years ago when new without a significant change in the amount 
> of stuff that I run because developers are lazy and fill the space the latest 
> platforms offer them. 
> 
> 
> 
> 
> - 
> Mike Hammett 
> Intelligent Computing Solutions 
> 
> Midwest Internet Exchange 
> 
> The Brothers WISP 
> 
> - Original Message -----
> 
> From: "Rich Kulawiec" <r...@gsp.org> 
> To: nanog@nanog.org 
> Sent: Monday, May 28, 2018 10:00:36 AM 
> Subject: Re: Impacts of Encryption Everywhere (any solution?) 
> 
> On Mon, May 28, 2018 at 09:23:09AM -0500, Mike Hammett wrote: 
>> Some things certainly do need to be encrypted, but encrypting everything 
>> means people with limited Internet access get worse performance OR 
>> mechanisms have to be out in place to break ALL encryption, this 
>> compromising security and privacy when it's really needed. 
> 
> There are better places to reduce traffic while simultaneously enhancing 
> security and privacy. The new EU version of the home page of USA Today 
> is about 20% the size of the one presented in the US -- because it's 
> had all the tracking and scripting stripped out -- with a concomitant 
> reduction in load time and rendering time. Much more drastic reductions 
> are available elsewhere, e.g., mail messages composed of text only are 
> typically 5% to 10% the size of the same messages marked up with HTML. 
> 
> The problem (part of the problem) is that the people doing these foolish 
> things are new, ignorant, and privileged: they don't realize that bandwidth 
> is still an expensive and scarce resource for most of the planet. I've 
> said for years that every web designer should be forced to work in an 
> environment bandlimited to 56K in order to instll in them the virtue 
> of frugality and strongly discourage them from flattering their egos 
> by creating all-singing all-dancing web sites...that look great in the 
> portfolios they'll show to their peers but are horribly bloated, slow, 
> unrenderable in a lot of browsers, and fraught with security and privacy 
> problems. (Try pointing a text-only browser at your favorite website. 
> Can you even read the home page?) 
> 
> ---rsk 
>

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread William Herrin

On Mon, May 28, 2018 at 10:50 AM, Andrey Khomyakov
 wrote:
> My understanding is that some enterprises do decrypt traffic in flight with
> proxies such as bluecoat, though I'm not sure on the particulars of how
> that works.

PCs within the enterprise contain an enterprise-local root in their
certificate store. The proxy re-encrypts using a key whose ephemeral
cert chains up to the enterprise root.

Regards,
Bill Herrin

-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web:

Re: Impacts of Encryption Everywhere (any solution?)

2018-05-28 Thread Grant Taylor via NANOG


On 05/28/2018 08:23 AM, Mike Hammett wrote:
To circle back to being somewhat on-topic, what mechanisms are available 
to maximize the amount of traffic someone in this situation could 
cache? The performance of third-world Internet depends on you.


I've personally played with Squid's SSL-bump-in-the-wire mode (on my 
personal systems) and was moderately happy with it.  -  I think that 
such is a realistic possibility in the scenario that you describe.


I would REQUIRE /open/ and /transparent/ communications from the ISP and 
a *VERY* strict security control to the caching proxy.  I would naively 
like to believe that an ISP could establish a reputation with the 
community and build a trust relationship such that the community was 
somewhat okay with the SSL-bump-in-the-wire.


It might even be worth leveraging WPAD or PAC to route specific URLs 
direct to some places (banks, etc) to mitigate some of the security risk.


I would also advocate another proxy on the upstream side of the 1 Mbps 
connection (in the cloud if you will) primarily for the purpose of it 
doing as much traffic optimization as possible.  Have it fetch things 
and deal with fragments so that it can homogenize the traffic before 
it's sent across the across the slow link.  I'd think seriously about 
throwing some CPU (a single core off of any machine in the last 10 years 
should be sufficient) at compression to try to stretch the bandwidth 
between the two proxy servers.


I'd also think seriously about a local root DNS zone slave downstream, 
and any other zone that I could slave, for the purpose of minimizing the 
number of queries that need to get pushed across the link.


I've been assuming that this 1 Mbps link is terrestrial.  Which means 
that I'd also explore something like a satellite link with more 
bandwidth.  Sure the latency on it will be higher, but that can be 
worked with.  Particularly if you can use some intelligence to route 
different CoS / ToS / DiffServ (DSCP) across the different links.


I think there are options and things that can be done to make this viable.

Also, considering that the village has been using a 40 kbps link, 
sharing a 1 Mbps (or 1,000 kbps) link is going to be a LOT better than 
it was.  The question is, how do you stretch a good thing as far as 
possible.


Finally, will you please provide some pointers to the discussion you're 
talking about?  I'd like to read it if possible.




--
Grant. . . .
unix || die

Re: Impacts of Encryption Everywhere (any solution?)

I can't imagine rural third-country villages have much influence over the 
departments of the appropriate companies to affect all of the junk getting 
added to sites these days. 

I'm also not foolish enough to think this thread will affect the 
encrypt-everything crowd as it is more of a religion\ideology than a practical 
matter. However, maybe it'll shed some light on technical ways of dealing with 
this at the service-provider level or plant some doubt in someone's mind the 
next time they think they need to encrypt non-sensitive information. 

The same goes for all development. My phone is significantly slower today than 
a couple years ago when new without a significant change in the amount of stuff 
that I run because developers are lazy and fill the space the latest platforms 
offer them. 

- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Rich Kulawiec" <r...@gsp.org> 
To: nanog@nanog.org 
Sent: Monday, May 28, 2018 10:00:36 AM 
Subject: Re: Impacts of Encryption Everywhere (any solution?) 

On Mon, May 28, 2018 at 09:23:09AM -0500, Mike Hammett wrote: 
> Some things certainly do need to be encrypted, but encrypting everything 
> means people with limited Internet access get worse performance OR 
> mechanisms have to be out in place to break ALL encryption, this 
> compromising security and privacy when it's really needed. 

There are better places to reduce traffic while simultaneously enhancing 
security and privacy. The new EU version of the home page of USA Today 
is about 20% the size of the one presented in the US -- because it's 
had all the tracking and scripting stripped out -- with a concomitant 
reduction in load time and rendering time. Much more drastic reductions 
are available elsewhere, e.g., mail messages composed of text only are 
typically 5% to 10% the size of the same messages marked up with HTML. 

The problem (part of the problem) is that the people doing these foolish 
things are new, ignorant, and privileged: they don't realize that bandwidth 
is still an expensive and scarce resource for most of the planet. I've 
said for years that every web designer should be forced to work in an 
environment bandlimited to 56K in order to instll in them the virtue 
of frugality and strongly discourage them from flattering their egos 
by creating all-singing all-dancing web sites...that look great in the 
portfolios they'll show to their peers but are horribly bloated, slow, 
unrenderable in a lot of browsers, and fraught with security and privacy 
problems. (Try pointing a text-only browser at your favorite website. 
Can you even read the home page?) 

---rsk

Re: Impacts of Encryption Everywhere (any solution?)