India IT a Limited Supply


Before founding my current company, I was on the technical staff for a large telecom provider.  In the early 1990’s about half of our tech team were hired on the H-1 visa’s  from India, all very sharp and good engineers.  As the tech economy heated up, the quality of our Engineers from India dropped off significantly, to the point where many were actually let go after trial periods, at a time when we desperately needed technical help.

The unlimited supply of offshore engineering talent evidently had its limits.  To illustrate I share the following experience.

Around the year 2000, in the height of the tech boom, my manager, also from India, sent me on a recruiting trip to look for grad students at a US job fair hosted for UCLA students.

In my pre-trip briefing we went over a list of ten technology universities in India, as he handed me the list he said,  “Don’t worry about a candidates technical ability, if they come from any one of these ten universities they are already vetted for competency, just make sure they have a good attitude, and can think out-of-the-box.”

He also said if they did not attend one of the 10 schools on the list then don’t even consider them, as there is a big drop off in talent at the second tier schools in India.

Upon some further conversations I learned that India’s top tech schools are on par with the  best US undergrad engineering schools.  In India there is extreme competition and vetting to get into these schools.  The dirty little secret was that there were only a limited number of graduates from these universities.  Initially, US companies were only seeing the cream of the Indian Education system.  As the tech demand grew, the second tier engineers were well-enough trained to “talk the talk” in an interview, but in the real world they often did not have that extra gear to do demanding engineering work and so projects suffered.

In the following years, many US-based engineers in the trenches saw some of this incompetence and were able to convince their management to put a halt to offshoring R&D projects when the warning signs were evident.  These companies seemed to be in the minority.  Since many large companies treated their IT staff, and to some extent their R&D staff, like commodities, they continued to offshore based on lower costs and the false stereotype that these Indian companies could perform on par with their in-house R&D teams.  The old adage you get what you pay for held true here once again.

This is not to say there were not some very successful cost savings made possible by Inidan engineers,  but the companies that benefited were the ones that got in early and had strong local Indian management, like my boss, who knew the limits of Indian engineering resources.

Pros and Cons of Using a Reseller for Networking Equipment


There are various advantages  for using a reseller when purchasing networking equipment.  There are also benefits to buying direct from the Manufacturer. Below we detail those trade-offs with some intelligent introspection.

 

Reseller: Logistics, the reseller holds local stock, and takes care of taxes, tariffs, currency fluctuation in your region.

Within the US and Canada  and other common trading partners, there may be no logistical advantage for ordering from a reseller over  a direct purchase; however if you are in a remote country where most products must be imported it is almost  a necessity. Some countries have less than above-board customs,  and taxation rules, dare I say bribes. In these cases,  a  local reseller who specializes in local corruption etiquette is a necessity .

Reseller: Local Support, easy to reach technical support in your time zone, training, returns, and trials.

A well-trained reseller who  exclusively  handles the product you are purchasing is essentially an extension of the Manufacturer. Think of Automobiles. This complex and expensive product to support, could not exist without a large dealer network. In the world of Networking equipment , some things are becoming  more of a  commodity , routers  ,firewalls, and thus, diminishing the need for a reseller. Buying through a channel and the associated mark up may not be worth the added value ,especially if the manufacturer  offers good direct support , and an overnight replacement policy.

Reseller: Pre Sale Product Knowledge, a good reseller will educate and explain options for the products they represent.

The potential downside here is that often the Reseller is motivated by the Equipment they give them better OEM incentives to sell, hence if they are selling more than one product line, they may actually downplay one over the other.

Reseller: Representation to the manufacturer , for new features, re-calls

The reseller often times can carry clout to represent you back to the Manufacturer since they represent many sales , they can be very  beneficial if you have a problem that needs to be resolved by the manufacturer .

Reseller:  Requirements for competitive bid, or government contract dictating approved venders

Companies that provide this type service are generally puppets set up by a government agency , often out of political need to create jobs.  If you work for a government agency that forces you to buy through an approved reseller , you are likely well aware of the game.

Reseller and Manufacturer: Personal Relationships

Having  a trusting relationship with the person you purchase equipment from is the tried and true way of doing business in many industries, and often these relationships trump all other factors.  I personally try not buy based on relationships because I feel it is a disservice to my employer, hence I keep them at arm’s length.

Manufacturer: Price Price Price

Buying direct from the Manufacturer should give a major price break. Any product purchased through a reseller channel is going to add a minimum 35 percent to the direct price and often even double or even  triple, depending upon the product and number of hops in the channel. OEMs and channels partners have had a love hate relationship since perhaps biblical times. As mentioned above, personal relationships are the key to most sales in many industries,  and for this  reason  manufacturers must rely on a local sales partner. On top of that, there are also agreements that manufactures sign so as not to undercut the local reseller price, hence the end customer has no choice but to purchase through a reseller. For many traditional products. However new companies  coming on the market are often going direct to get a pricing advantage, after you talk to your reseller for a product  be sure and do some research on your own and look for similar products sold direct, the price difference could be significant.

Manufacturer:Support

Why is it that Cisco’s best customers  are provided with direct engineering support?  The answer is simple, because it is better.  If you can get direct support take it.  I’ll leave it at that.

For Profit Wired Home Internet, is it Coming to an End?


mob

Low resolution ghost mode is where your video quality drops down to save bandwidth.  The resulting effect transforms once proud basketball players into a slurry of mush, as their video molecules are systematically destroyed.”

Last night, I was trying to watch a basketball game on my Hulu through my Business class Comcast line, which promises 20 meg down and 4 meg up.  Not only was my Hulu feed breaking up periodically, but my Drop Cam was going up and down constantly, and sending me emails that it was offline.  I checked my bandwidth through my NetEqualizer to find that I was not even pulling 6 megabits, less than 1/3 my contracted rate.   When  Hulu was not locking up completely, it was dropping down into low resolution ghost mode.  I have documented my Comcast findings before through various experiments. Clearly, Comcast has upstream congestion issues or is shaping selected video traffic. Either way I am at their mercy when trying to watch video on the Internet.

What options does one have for alternative Internet service in the Denver Metro area, or for that matter other Metro Areas around the country?

Option #1 Get Closer to the Source

Beam Internet directly via Microwave Link from a hot building. A friend of mine runs an ISP that does essentially this.  He buys large bulk bandwidth and from a point of presence rooftop downtown, he can beam internet via  point-to-point circuit, directly to your residence or building.  I called him out of desperation but I am not in line of sight for any of his services.

Option #2  Century Link

They constantly run commercials touting they are better than Comcast. I call them perhaps once a year or so, only to find out that my neighborhood is not wired for their high speed service.

Option #3  Use my unlimited T-Mobile as a Hot Spot 

Believe it or not, I actually did this for a while,  and the video service was a bit better than Comcast. The problem with this solution is that T-Mobile will drop your speeds down once you have consumed 24 Gigabytes in a month, and it will become useless for anything other than email.    (24 Gigabytes would be approximately 4 full length movies).

Option #4 Move

The city just to the North of me , Longmont, put in it’s own fiber ring to the curb. Early reports are that it works great, and that the residents love it. Since it is essentially a public utility,  there are no shaping games destroying your Hulu.  If you contract for 20 megabits, you get 20 megabits. And now the city of Boulder is considering doing the same.

With two nearby cities essentially kicking out their entrenched providers within a few miles of my home, I can see other municipalities quickly following suit.  Having good quality, affordable municipal Internet service is not just a luxury for a city, it is essential for economic development.  As I can attest, it will be a factor in where I choose to live the next time I move. I will not put myself at the mercy of Comcast again.

By Art Reisman

 

 

Top 5 Reasons Confirming Employers Do Not Like Their IT Guy


it guy

  • The IT room is the dregs
    Whenever I travel to visit with my IT customers, it is always a challenge to find their office.   Even if I find the right building on the Business/College Campus, finding their actual location within the building is anything but certain.  Usually it ends up being in some unmarked room behind a loading dock, accessible only by secret passage designed to relieve the building of cafeteria waste near the trash bins.   Many times, their offices are one and the same thing as the old server computer room, with the raised floor, screaming fans, and air-cooled to a Scottish winter.
  • Nobody knows you are in the building.  Often times I enter the building on the upper floors, the floors with windows and young well-dressed professionals trying to move up the ladder.  Asking these people if they know where the IT room is usually brings on blank stares of confusion and embarrassment.  To them, the IT guy is that person they only see when their computer fails with a virus.  Where he emanates from nobody knows, perhaps a trap door opens in the floor. I am not making this up.  The usually way I am instructed to meet the IT guy is tht they send me an e-mail instructing me to meet at some well-known landmark out front, like a fountain or statue with a rendezvous time.
  • You are expected to be an expert in Wireless technology. Let’s face it, the companies that make wireless controllers are sending out patches almost hourly. Why? Because they have no idea what works in the real world, and so you are part of the experiment.  The real fact is nobody is an expert in real-world wireless technology. As the IT guy, you can never admit to any holes in your wireless knowledge. If you are not willing to lie, there are plenty of people with no experience willing to make that claim with a straight face.  You just can’t be honest about this – because your boss has already told his boss you are an expert.  Here is the last paragraph of a recent article on Verizon’s trial with the latest 5G wireless….

Of course, 5G wireless has never been truly tested at scale in true market scenarios. There’s talk of gigabit capable speeds, but how would a single tower supporting fixed wireless 5G at scale compare to fiber and HFC based networks connected all the way to homes and businesses? No one really knows – yet.

Setting up a new wireless network with the latest technology is like a taking a physics test in wave propagation before you have taken the class, and expecting to pass.

  • You will never get rewarded if things work without issues.  I like to compare a good IT tech to a good umpire or a ref in a soccer game.  At best, if they do a perfect job, nobody notices them.   If I ran a big company, I would hand out bonuses to my IT staff for the days I did not need them, but I do not have an MBA. (see next paragraph)
  • Any time a  company hires a brilliant MBA from some business school, the first thing they do is explore outsourcing the IT staff.  Why ? Because nobody teaches them anything about IT in business school. They live in a fantasy world where some unknown third party with a slick brochure, and an unrealistic low-ball estimate, is going to care more about IT needs than the 4 poor schlubs in the basement who have been loyal for years. You and the in-house staff have always been on call, missing many weekends over the years, just to insure the IT infrastructure stays up, and yet the Harvard guy will shoot himself in the foot with outsourcing every time.

Together We Can Put an End to Pop Up Advertisements


Normally I would not advocate something like I am about to propose, but those pop up video advertisements are just killing me. Especially when I am using my wireless device as a hot spot,  these unwanted annoyances add insult to injury by draining my precious data usage. Yes, I have ad blockers on my browsers, but it is only a matter of time before they are subverted with some new technology. There is a better way to put an end to Pop up Advertisements but it will take a village to make a difference.

Believe it or not, the best way to put an end to unwanted advertisements is to click on them and then quickly abandon the resulting web page. Abandonments are the bane of the Marketing world. Here is why…

In traditional media a marketing team plays an advertisement/commercial for a known demographic at a fixed price, whether it be Television, Newspaper, Magazine, etc. They then measure the effectiveness of the advertisement by the increase in leads or sales over the period of time that the advertisement runs.

Digital pop advertisements are a bit different. It is a pay-for-click scheme where the advertiser gets charged by the click.  They blast these annoying advertisements to perhaps a million people with no real cost consequences, (other than fraud, but that is another story) because they do not pay unless people click on their ad.  As the people who click on the advertisements are very likely their target audience, this model is very efficient.  Advertisers love this model, as it allows them to essentially only pay advertising dollars to a self-qualified audience. After all, who clicks on an advertisement unless they have some level of interest in the product to start with?

However, if we consumers and web users rise up and just simply click on one or two web pop up ads a day that we have no interest in, the practice of bombarding us will come to end.

Why?  Because the cost of these extra clicks will make their advertising campaign much less efficient. The advertiser is looking for a return on investment, and the more clicks with no follow through sale that happen, the more unpalatable pop up ads will become.

If you too are annoyed by pop up ads, please share this article. Let us see if we can drive these advertisers back into the margins of our web pages, and get them out of our faces. I cannot do this alone.

Bandwidth Shaping Shake Up, Your Packet Shaper May be Obsolete?


If you went to sleep in 2005 and woke up 10 years later you would likely be surprised by some dramatic changes in technology.

  • Smart cars that drive themselves are almost a reality
  • The desktop PC is no longer a consumer product
  • Wind farms  now line the highways of rural America
  • Layer 7 shaping technology is now clinging to life, crashing the financials of a several  companies that bet the house on it.

What happened to layer 7 and Packet Shaping?

In the early 2000’s all the rave in traffic classification was the ability to put different types of bandwidth traffic into labeled buckets and assign a priority to them. Akin to rating your food choices  on a tapas menu ,network administrators  enjoyed an extensive  list of various traffic. Youtube, Citrix,  news feeds, the list was only limited by the price and quality of the bandwidth shaper. The more expensive the traffic shaper , the more choices you had.

Starting in 2005 and continuing to this day,  several forces started to work against the layer 7 paradigm.

  • The price of bulk bandwidth went into a free fall, much faster than the relatively fixed cost of a bandwidth shaper.  The business proposition of buying a bandwidth shaper to conserve bandwidth utilization became much tighter. Some companies that were riding high saw their stock prices collapse.
  • Internet traffic became invisible and impossible to identify with the advent of encryption techniques. A traffic classifier using Layer 7,  cannot see inside HTTPS or a VPN tunnel, and thus it is essentially becomes a big expensive albatross with little value as the rate of encrypted traffic increases.
  • The FCC ruling toward Net Neutrality further put a damper on a portion of the Layer 7 market. For years ISPs had been using Layer 7 technology to give preferential treatment to different types of traffic.
  • Cloud based services are using less complex  architectures. Companies  can consolidate on one simplified central bandwidth shaper, where as before they might have had several on all their various WAN links and Network segments

So where does this leave the bandwidth shaping market?

There is still some demand for layer 7 type shapers, particular in countries like China, where they attempt to control   everything.  However in Europe and in the US , the trend is to more basic controls that do not violate the FCC rule, cost less, and use some form intelligent based fairness rules such as:

  • Quota’s ,  your cell phone data plan.
  • Fairness based heuristics is gaining momentum, lower price point, prevents congestion without violating FCC ruling  (  Equalizing).
  • Basic Rate limits,  your wired ISP 20 megabit plan, often implemented on a basic router and not a specialized shaping device.
  • No Shaping at all,  pipes are so large there is no need to ration bandwidth.

Will Shaping be around in 10 years?

Yes, consumers and businesses will always find ways to use all their bandwidth and more.

Will price points for bandwidth continue to drop ?

I am going to go against the grain here, and say bandwidth prices will flatten out in the near future.  Prices  over the last decade slid for several reasons which are no longer in play.

The biggest driver in price drops was the wide acceptance of wave division muliplexing on carrier lines in the 2005- present time frame. There was already a good bit of fiber in the ground but the WDM innovation caused a huge jump in capacity, with very little additional cost to providers.

The other factor was a major world-wide recession, where businesses where demand was slack.

Lastly there are no new large carriers coming on line. Competition and price wars will ease up as suppliers try to increase profits.

 

 

The Exploitation of the American Tech Worker


Screen Shot 2016-04-05 at 10.07.59 AM

By Art Reisman
CTO http://www.netequalizer.com
I know what you might be thinking ,”Really? High tech workers being exploited?” And my answer is yes.  I’ll concede that this exploitation is not like the indentured servitude of the rubber barons of the late 19th century.  The players are more sophisticated, but the motives are the same.  Get a bunch of naive, young, impressionable people and waive a carrot with the possibility of riches and game on. Here is how it works.

Many top tech companies of today have started as more or less small unfunded garage shops, such as Google, Facebook, etc.  Venture capitalists have taken note of this, and they have also noticed how some of these young engineers will work day and night once they get sucked into thinking that their idea is the next Facebook.

The odds of any company growing into a valuation of a billion or more is quite small. What products will take off, what idea will get picked up on social media?  You just can’t predict this, but you can improve your odds by spreading your investment across a large number of infant startups.

From the investor standpoint, the equation makes sense. If you have a million dollars, you could perhaps fund one marginal existing company and hope they blossom; or you could take 50k and waive it front of 20 early stage startups who have not accomplished anything yet and are most likely running on fumes.

I see the articles 2 or 3 times a year in the local papers.  Boston alone has 50 start up incubators.  A typical investment company trolls these incubators, often sponsoring them, looking for promising, hard-working tech people with an idea and a prototype.  They offer them a small amount of cash, perhaps a nicer work space, advice, and so forth in return for a percentage of the fledgling company. Is this evil or wrong?  No, of course not. But there is the concept of subtle but very real exploitation going on here.  I’ll get to that part shortly.

A typical deal works something like this. Come to our incubator for the summer, we will give you office space, advice, and 50k for the three month period.  You’ll also get your company featured in a few newspapers and journals.  Local newspapers love giving free publicity to these incubators, especially if some big name VC is behind them.

Most likely 18 of these startups are going to fail through no fault of their own, it’s just their idea/product will go nowhere. One out of twenty might struggle along and create a small viable company with a niche market. And perhaps, just one will return 1000 fold or more on their 50k investment. That is the game.  Even that is a long shot, and you may have to play this game for several years before you hit that jackpot.

So now let’s take the 50k investment. Divide it by 3, for 3 months of summer and divide it again by 4, assuming the start up has four employees.  That breaks down to about 4k per person for three months, and most of these blokes are working 80+ hour weeks minimum, because they are chasing a dream. That is the culture of a tech startup.  Somehow, if you beat yourself into a tired frenzy, you are more likely to succeed, right?

Not really.  There are some people who do these insane hours, but the good ones are knocking off at 40 and are much more productive. But that is another article for another time.

Conservatively,  I can assign 300 hours a month per employee. That breaks down to about $4.50 an hour. Now granted, many of these tech startup people were working for free anyway before they struck a deal. So is this exploitation?

I don’t know, but take this into account – many of these investors are worth 100’s of millions or more and have multiple houses, boats, planes, etc. Essentially, when they buy a big stake in these start-ups, the engineers working for them now become their indentured servants.  Yes, the company employees are also driven by the potential of a big payout, but the odds are stacked against them.  Most will end up with a pile of credit card debt, and an old newspaper clipping for their resume.  I would hope that if I were the investor in this scheme I would make sure the people in the trenches made a living wage, perhaps $20 per hour?

Top Ten Article Teasers for May 2016


Screen Shot 2016-04-05 at 10.07.59 AM

By Art Reisman
CTO http://www.netequalizer.com

I was wound up and ready to write an interesting blog article today.  Problem was , I had a serious issue getting started.  I spent an hour or so with so many angles and things on my mind, that I just could not narrow it down and get started.  Then I had an out of the box idea.   I decided  to use my freedom as one of the Editors of this blog to make my article the list of headlines and associated teasers of all the article ideas in my head.  Who does that ?

Sorry if any of these leave you hanging.

Why do so many companies take technology advice from Gartner ? If their information was really that good, they would not need to be selling it.

The TSA is now talking about 3 hour lines at airports this summer. My instinct tells me this organization has realized a new-found political power. They control the airports and you must pay up if you want to fly.

Deep packet inspection. Is it dead ? A simple VPN tunnel renders it useless.

A competitor of ours, ETINC, has a really great explanation on why DPI does not work when trying to eliminate P2P . The case against Deep Packet Inspection.

Umpires and IT people nobody really likes them.

Do you hire two plumbers when one is sufficient to fix your sink ? No of course not . Your employer is no different they don’t want you on their pay-roll.

Mega Mansions and Bandwidth how much do we really need? I am expecting a tiny bandwidth movement where millennials compete on how small their bandwidth foot print is.

Does anybody pay for good content anymore ? I stopped reading Back Packer Magazine when their content every month became a list of product reviews .

How many people are moving to Colorado because weed is legal ?

The Home PC will be completely dead in 10 years.  Replaced by the PC in  Virtual Cloud.

 

 

Let us know if you want any of these expanded on for next week.

 

 

 

Why Is IT Security FUD So Prevalent


Screen Shot 2016-04-05 at 10.07.59 AM.png

By Art Reisman

CTO, APconnections
www.netequalizer.com
I just read an article by Rafal Los titled Abandon FUD, Scare Tactics and Marketing Hype.

In summary, he calls out all the vendor sales  presentations with slides citing all the statistics as to why you should be scared.  Here is the excerpt:

I want you to take out the last slide deck you either made, received, or reviewed on the topic of security.  Now open it up and tell me if it fits the following mold:

  • [Slides 1~4] – some slides telling you how horrible the state of information security is, how hackers are hacking everything, and probably at least 1-2 “clippings” of articles in recent media.
  • [Slides 4~7] – some slides telling you how you need to “act now,” “get compliant,” “protect your IP,” “protect your customer data,” or other catch phrases which fall into the category of “well, duh.”
  • [Slides 7~50+] – slides telling you how if you buy this product/service you will be protected from the threat du’jour and rainbows will appear as unicorns sing your praises.

Here’s the thing… did you find the slide deck you’re looking at more or less fits the above pattern? Experience tells me the odds of you nodding in agreement right now is fairly high.

And then he blasts all vendors in general with his disgust.

Ask yourself, if you write slide decks like this one I just described – who does that actually serve?  Are you expecting an executive, security leader, or practitioner to read your slides and suddenly have a “Eureka!” moment in which they realize hackers are out to get them and they should quickly act? 

I can certainly understand his frustration.  His rant reminded me of people complaining about crappy airline service and then continuing to fly that airline because it was cheapest.

Obviously FUD is around because there are still a good number of companies that make FUD driven purchases, just like there are good number of people that fly on airlines with crappy service.  Although it is not likely that you can effect a 180 degree industry turn you can certainly make a start by taking a stand.

If you get the chance try this the next time a Vendor offers you a salivating FUD-driven slide presentation.

Simply don’t talk to the sales team.  Sales teams are a thin veneer on top of a product’s warts. Request a meeting with the Engineering or Test team of a company. This may not be possible, if you are a small IT shop purchasing from Cisco, but remember you are the customer, you pay their salaries, and this should be a reasonable request.

I did this a couple of times when I was the lead architect for an AT&T product line. Yes, I had some clout due to the size of AT&T and the money involved in the decision. Vendors would always be trying to comp me hard with free tickets to sporting events, and yet my only request was this: “I want to visit your facility and talk directly to the engineering test team.”  After days of squirming and alternative venues offered, they granted me my  request. When the day finally came, it was not the impromptu sit down with the engineering team I was hoping for. It felt more like I was visiting North Korea. I had two VP’s escort me into their test facility, probably the first time they had ever set foot in there, and as I tried to ask questions directly with their test team, the VP’s almost peed their pants.  After a while the VP’s settled down, when they realized I was not looking to ruin them, I just wanted the truth about how their product performed.

FUD is much easier to sell than the product.

 

How to Make Your Own Speed Test Tool


Most speed test sites measure the download speed of a large file from a server to your computer. There are two potential problems with using this metric.

  1. ISPs can design their networks so these tests show best case results
  2. Humans are much more sensitive to the load time of interactive sites.

A better test of your perceived speed is how long it takes to load up a new web page.

 

If you have a MAC/ Linux server in your house (or windows with Perl installed)  you can use this simple tool to measure and chart  the time it takes to load a random Web page.

The code below is a Perl script which samples the CNN home page every 5 seconds and records the time it takes to load. The data is stored away in a file called /tmp/xlog.

#! /usr/bin/perl -w
$julian=`date +\”%s\”`;
print $julian;
$verbose=0;
open ($LOGF , ‘>’, “/tmp/xlog”);
for ($i=0; $i < 60 ; $i=$i+1)
{
sleep 5;
$julian=`date +\”%s\”`;
print $julian;
system(“{ time -p curl -o output.txt http://www.cnn.com 2>/dev/null; } 2> x”);
system ( “cat x | grep real > x2″);
$line= `cat x2`;
chomp($line);
@specials=split(” “,$line);
print “$specials[0] $specials[1] “;
print $LOGF “$specials[1] , $julian”;
}

 

I then took the raw data from my file and charted it using google docs.

Note: I had to use another tool to get the link saturation , and match that up in the chart separately,  but even if you don’t have your raw link saturation metrics available, you can see the actual load time it takes to bring up the CNN page using the data generated by the script below.

Notice, my load time was pretty quick at first, but then I started a big download from Knoppix and with my link saturated you can see this severely degraded the CNN load time , peaking out at 9 seconds.

 

chart

IT/Tech Geek New Year Resolutions


Here are my tech geek new year resolutions for 2016.  If you have a loved one or friends that could use some help breaking away from their tech induced coma please share.

In 2016 I resolve to:

  1.  change my shirt at least once a week and take a shower ( I have been pretty good at this most of the time)
  2. when working on my laptop, purposely let the power run down and then take a break when the low power warning comes on ( yes I actually do this)
  3. find a window to look out every 15 minutes and make a mental note that that those squirrels and birds out there have it rougher than I do. (just looked out the window and saw 3 squirrels under the bird feeder)
  4. clean the food crumbs and scuz off my keyboard and screen once a week. ( my track record in 2015 was abysmal, but the upside is that nobody will touch my laptop)
  5. stop doing support calls from public places like grocery stores and airports
  6. help a random stranger every day.
  7. call my mom
  8. not to break the glass on my phone more than 3 times this year ( 3 times last year was a record, 5 if you count my iPad)
  9. make one new friend that does not play video games
  10. remind myself that wireless networks are imperfect pieces of @#$@ and not to take it personally when they fail.

Amusing IT Stories


Anybody that has done IT support will appreciate this post. Feel free to tell us your stories…

Early on when we first started shipping pre-built NetEqualizer units, the underlying Linux server shipped with the factory default password of “password”. The first line of our installation instructions, in big bold type, instructed customers to re-set this password. I am one of those people that will open a box, and plug things in without reading directions, so I really can’t point fingers at customers that did not reset their password. Never the less, it makes a good story…

It was only a matter time before we started getting support calls about strange behavior on our systems.

Since we had a standard customized unique setup, it was easy to tell if system files had been altered, and that is usually where hackers struck. One day, we got a call from an irate WISP. Evidently, his upstream provider had shut down his link to the Internet because he was spewing massive amounts of spam. When he tracked the spam messages down to the NetEqualizer, he actually thought we were deliberately running a rogue spam server. To this day, even though we promised it was not us, he still thinks we had a side business of rogue spam servers. We could not convince him that his box had been hacked.

For my all time favorite we have to go to southeast Asia where we had a NetEqualizer (bandwidth shaper) in place. The customer kept calling saying it was not doing anything.  We got a look at a diagnostic and were able to confirm the customers observation. He was correct, our box was not doing anything. There was clearly no traffic going through our box.  It was also clear that there was another path through the customers network, because his network was up and running fine. We pleaded with the customer to send us a diagram of some kind, but he did not believe us, and continued to blame our box for being useless. We could clearly see that neither network interface was seeing any traffic, so there was no sense trying to help him.  At this point we just refunded his money and took the unit back. Short of flying to Asia and figuring out his routing, there was nothing we could do. About 6 months later, he calls, and is desperate to re-purchase the box he returned. Turns out as we suspected all traffic was going through his wireless router, but I have no idea why it took six months to figure that out. And frankly I don’t really want to know.

Over the past 10 years we have had this scenario at least 3 times maybe more.

Caller: “I have read all the manuals, hooked up all the interfaces, but the box is not passing any traffic.”

Support: “Did you power the unit up?”

Called: “Oh sorry, I forgot that step.”

In fairness to the customer, when you plug the power cord in there are some status lights that come on, but you still need to press the on/off button on the front to get it to boot up. :)

IT Security Business Is Your Frenemy


Is there a security company out there working in conjunction with a hacker, possibly creating the demand for their services? The old Insurance protection shakedown turned high tech? And, if so, how would you know?  I try to make it clear to our customers  that we are not in the security business for this very reason, but for most IT equipment and consulting companies security is becoming their main business driver.

If the world’s largest automaker will commit fraud to gain an advantage, there must be a few security companies out there that might rationalize breaking into a companies network, while at the same time offering them security equipment in order to make a sale.  Perhaps they are not meeting their sales goals, or facing bankruptcy, or just trying to grow. The fact is, IT investment in security is big business.   The train is rolling down the tracks, and just like our war on drugs, increased spending and manpower seems to have no measurable results.  Who makes more money, companies that make bank vaults, or the criminals that attempt to rob banks? I bet, if you add up all the revenue gleaned from stolen credit cards or other electronic assets, that it is pennies on the dollar when compared to spending on IT security.

Dear Comcast, Please Stop Slowing my iOS Update


Last week I was forced to re-load my iPad from scratch. So I fired it up and went through the routine that wipes it clean and re-loads the entire OS from the Apple cloud.  As I watched the progress moniker it slowly climbed from 1 hour, then 2 hours, then all the way up to 23 hours –  and then it just stayed there. Now I know the iOS, or whatever they call it on the iPad, is big, but 23 hours big?  I double-checked the download throughput on my NetEqualizer status screen, and sure enough, it was only running at about 60 to 100kbs, no where near my advertised Business Class 20 megabits. So I did a little experiment. I turned on my VPN tunnel, unplugged my iPad for a minute, and then took some steps to hide my DNS (so Comcast had no way to see my DNS requests).  I then restarted my update and sure enough it sped up to about 10 megabits.

To make sure I was not imagining anything I repeated the test.

Without VPN  (slow)

With VPN (fast)

So what is going here, does the VPN make things go faster?   No not really, but it does prevent Comcast from recognizing my iOS update from Apple and singling it out for slower bandwidth.

Why does Comcast (allegedly) shape my download from Apple?

The long story behind this basically boils down to this: it is likely that Comcast really does not have a big enough switch going out to the Internet to support the deluge of bandwidth needed when a group of subscribers all try to update their devices at once.  Especially during peak hours!  Therefor, in order to keep basic services from becoming slow, they single out a few big hitters such as iOS updates.

Application Shaping and Encryption on a Collision Course


Art Reisman, CTO APconnections

I have had a few conversations lately where I have mentioned that due to increased encryption, application shaping is really no longer viable.  This statement without context evokes some quizzical stares and thus inspired me to expound.

I believe that due to increased use of encryption, Application Shaping is really no longer viable…

Yes, there are still ways to censor traffic and web sites, but shaping it, as in allocating a fixed amount of bandwidth for a particular type of traffic, is becoming a thing of the past. And here is why.

First a quick primer in how application shaping works.

When an IP packet with data comes into the application shaper, the packet shaper opens the packet and looks inside.  In the good old days the shaper would see the data inside the packet the same way it appeared in context on a web page. For example, when you loaded up the post that you are a reading now, the actual text is transported from the WordPress host server across the internet to you, broken up in a series of packets.  The only difference between the text on the page and the text crossing the Internet would be that the text in the packets would be chopped up into segments (about 1500 characters per packet is typical).

Classifying traffic in a packet shaper requires intercepting packets in transport, and looking inside them for particular patterns that are associated with applications (such as YouTube, Netflix, Bittorrent, etc.).  This is what is called the application pattern. The packet shaping appliance looks at the text inside the packets and attempts to identify unique sequences of characters, using a pattern matcher. Packet shaping companies, at least the good ones, spend millions of dollars a year keeping up with various patterns associated with ever-changing applications.

Perhaps you have used HTTPS, ssh. These are standard security features built into a growing number of websites. When you access a web page from a URL starting with HTTPS, that means this website is using encryption, and the text gets scrambled in a different way each time it is sent out.  Since the scrambling is unique/different for every user accessing the site, there is no one set pattern, and so a shaper using application shaping cannot classify the traffic. Hence the old methods used by packet shapers are no longer viable.

Does this also mean that you cannot block a website with a Web Filter when HTTPS is used?

I deliberately posed this question to highlight the difference between filtering a site and using application shaping to classify traffic. A site cannot typically hide the originating URL, as the encryption will not begin until there is an initial handshake. A web filter blocks a site based on the URL, thus blocking technology is still viable to prevent access to a website. Once the initial URL is known, data transfer is often set up on another transport port, and there is no URL involved in the transfer. Thus the packet shaper has no idea of where the datastream came from, nor is there any pattern that can be discerned due to the encryption stream.

So the short answer is that you can block a website using a web filter, even when https is used.  However, as we have seen, the same does not apply to shaping the traffic with an application shaper.

%d bloggers like this: