Uh oh...

On Jan 1, 10:37 am, atec77 <ate....DeleteThis@hotmaul.com> wrote:
>
> hands up those who can bypass proxy and ip filtering in under 5 minutes

....without root?

> How about the overhead on an already slow and sadly unresponsive
> connection system when compared with general overseas performance

Could you explain how subjecting traffic requests to increased
processing is going to have the effect of further reducing transfer
rates on a network where the limiting factor is the switching capacity?
 >> Stay informed about: Uh oh... 

Zebee Johnstone wrote:

> Well people still fail to learn that there's no point in technological
> solutions to social problems.
>
> Porn on the net is a social problem, trying to filter it just leads to
> silliness. Ask the inhabitants of Scunthorpe and Middlesex.
>
> Ask the various breast cancer charities. And I guess anyone born
> before about 1950 who is named Richard.

How is this proposed silly solution much different from previous gov't
offerings, net-nanny anyone?

My son implemented an internal filter once. A few days later he sent out a
email to all staff asking their views on a proposed Xnas function venue. He
got mad when no-one replied. His email was headed BIT (for Bekkers IT)
CHristmas party. The filter program saw BITCH and cancelled his post. Guess
how long we had that.

Theo
 >> Stay informed about: Uh oh... 

<intact.kneeslider.RemoveThis@start.com.au> wrote in message
news:8c95f959-fab1-4745-bb2f-ee062b4efb70@s8g2000prg.googlegroups.com...
> On Jan 1, 10:37 am, atec77 <ate....RemoveThis@hotmaul.com> wrote:
>>
>> hands up those who can bypass proxy and ip filtering in under 5 minutes
>
> ...without root?
>
>> How about the overhead on an already slow and sadly unresponsive
>> connection system when compared with general overseas performance
>
> Could you explain how subjecting traffic requests to increased
> processing is going to have the effect of further reducing transfer
> rates on a network where the limiting factor is the switching capacity?

Since the traffic being 'additionally processed' is presumably http traffic
(at least mainly) and the switching is tcp/ip there is no direct correlation
except in that adding a delay anywhere in the stream will make things
slower.

I suspect the real issue is the perceived number of hits which would need to
be looked up and approved/declined/redirected thereby causing the delays,
and that would be the same with either a whitelist or a blacklist, though
there are arguments about the level of effect of either.

I still think proper parental/peer supervision is most effective. And that
doesn't require IT skills. Just observation.. "Johnny, what is that you are
looking at?"

P
 >> Stay informed about: Uh oh... 

This message is not archived
 >> Stay informed about: Uh oh... 

GB wrote:
> "Peter Wyzl" <placebo DeleteThis @petergreen.id.au> wrote

>> I still think proper parental/peer supervision is most effective.
>> And that doesn't require IT skills. Just observation.. "Johnny,
>> what is that you are looking at?"
>
> If it weren't such an impossible dream (parents taking responsibility
> for their children - ha!) then it would be the *only* way that could
> possibly work. No amount of technology can resolve what is inherently
> a social issue.

I don't know about your, or anyone's, childhood, but my parents had little
control over where I was and what I was doing. Trying to hand that
responsibility to the gov't is pointless. Before this internetty gizmo, kids
had to rummage in the bottom of dad's wardrobe to get porn, or steal it off
the shelves at the newsagent. But don't imagine for a second they didn't
have any.

Theo
 >> Stay informed about: Uh oh... 

GB wrote:
> "Peter Wyzl" <placebo DeleteThis @petergreen.id.au> wrote in
> news:1Z3fj.31059$CN4.2846@news-server.bigpond.net.au:
>> I still think proper parental/peer supervision is most effective. And
>> that doesn't require IT skills. Just observation.. "Johnny, what is
>> that you are looking at?"
>
> If it weren't such an impossible dream (parents taking responsibility
> for their children - ha!) then it would be the *only* way that could
> possibly work. No amount of technology can resolve what is inherently
> a social issue.
>
>
> GB
The government doesn't need an additional mandate to regulate access to
the internet. Media are already censored to some degree in Australia.
All Conroy is trying to do is bring Internet access into line.

And I don't believe pornography is the driving force here anyway. The
pressure is coming from big media to close off access to torrents and
other file sharing sites. Closing off access to porn sites hurts the US
GDP, closing off access to music and video stealing helps the US GDP.

And whether it is a blacklist or whitelist system, doesn't it have to
happen at the top level Domain Name Servers? The ISP won't be
duplicating those databases. The cynic in me says that it will be the
bad users who want to access 'How To Commit Suicide' sites that will
suffer the latency, not parents and kids happily admiring school
yearbooks. So it will be a blacklist of some sort.

--
Cheers

Andrew
 >> Stay informed about: Uh oh... 

Andrew McKenna wrote:

> And whether it is a blacklist or whitelist system, doesn't it have to
> happen at the top level Domain Name Servers? The ISP won't be
> duplicating those databases. The cynic in me says that it will be the
> bad users who want to access 'How To Commit Suicide' sites that will
> suffer the latency, not parents and kids happily admiring school
> yearbooks. So it will be a blacklist of some sort.

Hmm.. I don't know what sort of search algorithm they'd have in place
for such a blacklist search, but surely the response time would be
longer on access to a site which was not blacklisted than a site which was.

Nev..
'04 CBR1100XX
 >> Stay informed about: Uh oh... 

Nev.. wrote:
> Andrew McKenna wrote:
>
>> And whether it is a blacklist or whitelist system, doesn't it have to
>> happen at the top level Domain Name Servers? The ISP won't be
>> duplicating those databases. The cynic in me says that it will be the
>> bad users who want to access 'How To Commit Suicide' sites that will
>> suffer the latency, not parents and kids happily admiring school
>> yearbooks. So it will be a blacklist of some sort.
>
> Hmm.. I don't know what sort of search algorithm they'd have in place
> for such a blacklist search, but surely the response time would be
> longer on access to a site which was not blacklisted than a site which was.
>
> Nev..
> '04 CBR1100XX
Yes, that makes sense, I hadn't thought it through properly. Try this:
you don't want to mess with the DNS database structure, so you put one
of IK's black boxes in front at the ISP which has a copy of the DNS
database with a full access flag field added and the IP addresses deleted.

Your request includes your flag status (full or restricted access),
which requires the same lookup at the ISP whether you're a good guy or a
bad guy: full access flag requests get passed through without checking
and the DNS resolves the IP. Restricted access flag requests only get
passed through if the black box flag matches and otherwise bounce.

Result: the good guys will observe some latency and the bad guys won't,
as you say.

To get round that you have to send the requests through to the black box
with the flag status unchecked, passing through all requests to
unrestricted sites and querying the access status of the user who wants
a full access site.

Result: the bad guys will observe some latency and the good guys won't,
but the system design sucks.

--
Cheers

Andrew
 >> Stay informed about: Uh oh... 

In aus.motorcycles on Fri, 4 Jan 2008 08:41:51 +0900
Theo Bekkers <tbekkers.DeleteThis@bekkers.com.au> wrote:
>
> I don't know about your, or anyone's, childhood, but my parents had little
> control over where I was and what I was doing. Trying to hand that
> responsibility to the gov't is pointless. Before this internetty gizmo, kids
> had to rummage in the bottom of dad's wardrobe to get porn, or steal it off
> the shelves at the newsagent. But don't imagine for a second they didn't
> have any.
>

I read Legman's 2 volume "History of the dirty joke" when I was about
13. Was right there on the bookshelf. My parents just said "Don't
take it to school."

So I showed it to friends outside of school.

One unintended result - I can quote punchlines of pretty well every
dirty joke anyone knows and watch who blushes.

Zebee
 >> Stay informed about: Uh oh... 

On Jan 4, 1:29 pm, Andrew McKenna
<NOcmorSPAM3....TakeThisOut@NObigpond.SPAMnet.au> wrote:
> Nev.. wrote:
> > Andrew McKenna wrote:
>
> >> And whether it is a blacklist or whitelist system, doesn't it have to
> >> happen at the top level Domain Name Servers? The ISP won't be
> >> duplicating those databases. The cynic in me says that it will be the
> >> bad users who want to access 'How To Commit Suicide' sites that will
> >> suffer the latency, not parents and kids happily admiring school
> >> yearbooks. So it will be a blacklist of some sort.
>
> > Hmm.. I don't know what sort of search algorithm they'd have in place
> > for such a blacklist search, but surely the response time would be
> > longer on access to a site which was not blacklisted than a site which was.
>
> > Nev..
> > '04 CBR1100XX
>
> Yes, that makes sense, I hadn't thought it through properly. Try this:
> you don't want to mess with the DNS database structure, so you put one
> of IK's black boxes in front at the ISP which has a copy of the DNS
> database with a full access flag field added and the IP addresses deleted.
>
> Your request includes your flag status (full or restricted access),
> which requires the same lookup at the ISP whether you're a good guy or a
> bad guy: full access flag requests get passed through without checking
> and the DNS resolves the IP. Restricted access flag requests only get
> passed through if the black box flag matches and otherwise bounce.
>
> Result: the good guys will observe some latency and the bad guys won't,
> as you say.
>
> To get round that you have to send the requests through to the black box
> with the flag status unchecked, passing through all requests to
> unrestricted sites and querying the access status of the user who wants
> a full access site.
>
> Result: the bad guys will observe some latency and the good guys won't,
> but the system design sucks.
>
> --
> Cheers
>
> Andrew

So I'm wondering if anonymizing HTTP proxies will be blacklisted.

If every request coming from a computer goes straight to an
anonymizing proxy using encryption, not only do you completely
circumvent the censorship, you create less work for the black box and
prevent intermediate parties from reading your packets...
 >> Stay informed about: Uh oh... 

the big dog wrote:
>
> So I'm wondering if anonymizing HTTP proxies will be blacklisted.
>

If the real purpose is to prevent copyright theft, then yes, since you
want to be able to prosecute the bad guys. So you would require the
black box to reject encrypted HTTP requests.

--
Cheers

Andrew
 >> Stay informed about: Uh oh... 

In article <aSgfj.31258$CN4.581@news-server.bigpond.net.au>,
Andrew McKenna <NOcmorSPAM3047 RemoveThis @NObigpond.SPAMnet.au> wrote:

> Yes, that makes sense, I hadn't thought it through properly. Try this:
> you don't want to mess with the DNS database structure, so you put one
> of IK's black boxes in front at the ISP which has a copy of the DNS
> database with a full access flag field added and the IP addresses deleted.
>
> Your request includes your flag status (full or restricted access),
> which requires the same lookup at the ISP whether you're a good guy or a
> bad guy: full access flag requests get passed through without checking
> and the DNS resolves the IP. Restricted access flag requests only get
> passed through if the black box flag matches and otherwise bounce.

Doing it as the name service level has some quite obvious problems...

Is flickr a porn site?

Are livejournal or blogger going to be classified as erotica?

How about google? yahoo?

Just how useful would the internet be to most people without access to
search engines?

big

--
"Everything you love, everything meaningful with depth and history,
all passionate authentic experiences will be appropriated, mishandled,
watered down, cheapened, repackaged, marketed and sold to the people
you hate." Mr Jalopy quoting Hooptyrides (on jalopyjunktown.com)
 >> Stay informed about: Uh oh... 

In article <cq9mn3tdhb0l7iqtfeiav4iajgbvod6ecm.TakeThisOut@4ax.com>,
John Tserkezis <jt.TakeThisOut@techniciansyndrome.org.invalid> wrote:

> It looks like it will be a blacklist type. With regular updates to
> cater for new sites and content as such). I really don't think a
> whitelist is viable.

Neither is a blacklist, at least not if you want it to actually _do_
anything...

Did you read the recent analysis of a new-ish botnet that was not only
hosting websites on random exploited windows boxes, but was also running
a short ttl dynamic dns system on them too? Randomly named websites
lasting as little as a few hours at a time advertised by spam already
exist.

Blacklist _that_...

big

--
"Everything you love, everything meaningful with depth and history,
all passionate authentic experiences will be appropriated, mishandled,
watered down, cheapened, repackaged, marketed and sold to the people
you hate." Mr Jalopy quoting Hooptyrides (on jalopyjunktown.com)
 >> Stay informed about: Uh oh...