True but if we’re trying to get the word out about the network and get people onto it it’ll be rather tricky if every post about maidsafe is blocked and censored.
Similar to stopping people from talking about Tor or BitTorrent tech–good luck to them.
Believe me, when the network is up and actually working, people will talk, share and use.
Of course they can. Any network traffic can be blocked. Indeed your ISP is highly likely to throttle and shape any unrecognised traffic e.g. my “unlimited” home connection provides 70Mbit for HTTP and HTTPS, everything else throttled to 1Mbit.
Simply encrypting (obfuscating) everything isn’t the answer - a government or especially ISP could block all unrecognisable packets or add 500ms latency to all of them. The way we’re going to work around this in RUDP v2 is to make the bottom layer wire level transport switchable, so RUDP v2 could use UDP, UDT or even TCP as its bottom layer transport while all upper layers don’t need to care. That way individual users get to choose according to their local network topology and ISP quirks.
So it could utilize pluggable transports, like tor does.
Could this open the market up for maidsafe’s own brand of router hardware? (I’m a CCNP engineer, so maybe a bit cisco brainwashed). Am I thinking along the right lines here?
That would be the hope, yes, though I would actually say it is more like how a SSL connection negotiates which protocol to use rather than true pluggable transports. Certainly in the next six months our sole goal is to make a substitutable RUDP v2 with the correct wire format changes that we won’t make future SAFE networks wire incompatible with near future ones.
It might sound easy to simply clone a library, but it is not. MaidSafe is allocating very significant resources for a company of its size to the RUDP v2 effort, indeed pretty much all the remote workers we just hired were intended for the RUDP project. The hardest problem is writing new code which doesn’t break all the other code hanging on it, and RUDP has pretty much all of the rest of MaidSafe code hanging on it as a dependency, so getting the design right will take some weeks of nothing but prototyping and brainstorming.
Software defined networking is coming anyway, so you can take some vendor hardware and program it to route any protocol you like.
That’s a long way away for MaidSafe though. Right now getting something good enough working for existing networking standards is hard enough!
Hi Niall, I know I am reviving a fairly old thread here but have been reading up on RUDP v2.0 and your post was the closest discussion to a question I have regarding robustness Vs ISP blocking and country level “traffic shaping” censorship that the Maidsafe network will inevitably face.
[quote=“ned14, post:14, topic:1851”]
Of course they can. Any network traffic can be blocked. Indeed your ISP is highly likely to throttle and shape any unrecognised traffic… Simply encrypting (obfuscating) everything isn’t the answer - a government or especially ISP could block all unrecognisable packets or add 500ms latency to all of them. The way we’re going to work around this in RUDP v2 is to make the bottom layer wire level transport switchable, so RUDP v2 could use UDP, UDT or even TCP as its bottom layer transport while all upper layers don’t need to care. That way individual users get to choose according to their local network topology and ISP quirks.[/quote]
Has any discussion been given to the idea of being able to disguise RUDP packets as other protocols? For example: Disguising Tor Traffic as Skype Video Calls.
I guess that any such a “chameleon” ability would best if it was very flexible. MaidSafe instances being able to semi-autonomously negotiate, change and update protocol “skins” rapidly and not just be limited to one hard coded type of protocol like skype video calls in the above example. Some protocols are very reluctantly messed with at the ISP level and quickly draw large negative community reactions if they are perceived to be messed with (I am thinking of the multi billion dollar gaming industry and vocal gamers here).
Only works so long as it is doesn’t become popular.
In any provider of any size, TCP and UDP packets are broken down on entry into internal wire protocols, and reassembled on exit to simulate as if the disassembly/reassembly hadn’t happened. This is done so the provider can provide very strong traffic guarantees internally to their network so they can manage load as TCP and UDP don’t provide traffic guarantees. This is how DDoS attacks can be “null routed” so quickly.
It goes without saying that during such packet processing that deep packet inspection happens as a matter of course, and rules to transform or otherwise fiddle with packets are very straightforward. Indeed on my home network here I have pfSense rewrite and modify all TCP and UDP packets entering and exiting my home network. Right now it is tracking 183 states out of 47000 maximum, and that’s on a VM with 512Mb of RAM (of which just 128Mb is actually being used). A commercial network switch scales many orders of magnitude higher, but costs correspondingly more.
Gamers are often very unaware of what happens to IP traffic between them and servers. Several packet conversions often happen as packets enter and exit networks. So long as latency variance remains low and packet loss minimal, no one need care how the actual wire transport is achieved.
Thank you for the detailed reply Niall.
Perhaps I am missing the obvious, but why would popularity be an issue? I would have thought that the more popular a protocol is then the more advantageous it is to mimic and hide within its traffic. If Maidsafe instances could negotiate and agree to disguise RUDP v2.0 packets with the tell-tale markers and timings of any popular protocols like skype calls, game etc, wouldn’t this then severely limit or complicate the ability of ISP/countries to detect the MaidSafe traffic, let alone block or add 500ms latency to it?
That is more or less the take away I gather from the SkypeMorph: protocol obfuscation for Tor bridges paper:
[quote]Attacks on SkypeMorph.In order to be able to block a SkypeMorph
bridge, the censor either needs to totally ban Skype communications, or
it has to verify the existence of SkypeMorph on a remote Skype node…[/quote]
[quote]SkypeMorph and Other Protocols. Our current implementation of
SkypeMorph is able to imitate arbitrary encrypted protocols over UDP.
The target protocol, Skype in our case, can be replaced by any
encrypted protocol that uses UDP as long as distributions of packet
sizes and inter-arrival times are available.[/quote]
The main network hardware vendors periodically update their packet type sniffing heuristics. They obviously only aim for the top 80% most common types. So if you’re popular, you’ll enter that top 80%.
You’re forgetting the simplest of all rules: if customer sends and receives more than X Mb per hour of some traffic type Y, throttle traffic type Y. So if you’re sending and receiving pretending to be Skype, then all Skype traffic gets throttled severely after some time based limit is reached.
You can then start mutating which traffic you spoof, but then you run in other very common type of rule: if customer sends and receives more than X Mb per hour to IP addresses not on this whitelist, throttle ALL non-whitelisted traffic. The whitelist tends to be the top 100,000 internet properties, so 98% of users will always get full speed and don’t see their cat videos choking. Only those doing peer to peer see throttling.
I keep saying this again and again: you cannot beat your ISP. They own and control the physical connection between you and the internet. They are god as far as you are concerned, and whatever they dictate you will comply because you have no choice. They can fiddle with the traffic, sniff your passwords, insert and remove content you see, use the router they gave you to scan your internal network for interesting things, and you simply have to take it.
Your only choices really are these: (i) live in a country which regulates this stuff and makes fiddling with your web page content or intruding into your home network a crime (ii) pay enough for your internet connection that you buy yourself out of lowest common denominator traffic management.
My internet connection here ticks both boxes. I have totally unfiltered unmetered unshaped 100% dedicated 70Mbit internet here in Ireland with a 99.9% SLA and money compensation for any time they don’t deliver. I also get the mobile phone of my own personal dedicated technical support person. But I am paying about twice the monthly cost that a residential user pays. I bought myself out of traffic management, and most ISPs anywhere in the world will offer some business package which does the same for an appropriately eye watering price. They are after all there to make money.
Thank you Niall your overview of the technicalities are appreciated and useful for the uninitiated (I have used pfSense bandwidth management in the past and respect the power of packet inspection). I agree that the perfect solution would be for everyone to have an ISP that does not meddle adversely with our internet traffic, and pressure our politicians to enshrine net neutrality rules into law. You are certainly one of the lucky few to have such an option available to you where you live.
I am a bit confused however, since you have stated above that something like Tor Pluggable Transports TPT are on the table for RUDP V2. Is that no longer the case? TPT has historically allowed some level of Tor communication in the face of aggressive ISP and country level blocking. Worst case a bad actor ISP bans the SafeNetwork and forces it to start mimicking other protocols. The bad actor ISP persists and does a blanket ban of a protocol SafeNetwork is mimicking, but it can then simply switch the protocol it mimics automatically in a game of cat and mouse. The real issue for the ISP however is that now it has a lot of upset customers using the blocked protocol(s) are made aware of the net neutrality issue and given the opportunity to vote with their feet and switch to more respectful ISP, if available. As you point out the bad actor ISP may have the power to win the battle but it will arguably lose the war, especially if there is choice in the market.
I see your point, @ned14. Thanks.
My question is, considering the attributes of the SAFE protocol and multiconnection character of transmission, does its character not compensate somewhat even for throttled speeds?
I think of torrents here, which can get remarkable results (comparatively) even on very slow connections.
Not to say that ISPs can’t hinder SAFE traffic. But can they realistically render it unusable?
Almost anywhere in the western world you can get a T3 line with a very hard SLA installed to your premises. A quick google search yielded http://www.t1shopper.com/ where prices begin from $3000 per month in the US. So I think you do have the option available in your area, it’s just you need to add a zero to the cost.
For reference, I’m paying about a thirtieth of that for a faster service, though with a weaker SLA and while my bandwidth is guaranteed, my latency and packet loss is only guaranteed outside a four hour window because my physical connection is shared. But then internet is much cheaper in Europe than the US because government provides most of the backbone out of public funds. In my case, the Irish government provided all the trunking from my house up to Dublin out of public funds, and my ISP leases space from the Irish government. This public investment was made to bring Ireland higher up the OECD internet rankings, as we used to be second from bottom.
That’s great for the users, but a higher ranking doesn’t mean the people are better off. Some certainly are, but some are poorer (say, those who had to pay for it but don’t use the Internet much). In fact it is more likely than not that on average the effect is negative (because if the market was large enough to justify these investments, the government would not have to step in).
Related to this topic, I am amazed that people are still discussing it. It’s a PoS equivalent of the question whether the gov’t could ban and block Bitcoin. It’s more likely that eurozone will fall apart.
I don’t really care about other people, I only care that I can stream the latest episode of Star Trek Continues to my devices flawlessly
But sure, we pay high taxes here and we get the accompanying public investment in infrastructure, and therefore a hefty subsidy in prices. In Europe we take away your income and give it back to you in some cheaper things not others.
Economics would disagree with you. For large very expensive infrastructure investments there is a discount rate applied by the market for uncertainty, so you always get underprovision of big expensive things like roads, hospitals etc if left to the market. What government can do is step in and guarantee the financing and therefore eliminate the discount applied by the market. The market then delivers the market optimal amount of the service.
That’s exactly what Ireland does in fact, unlike most European countries. The government backstopped the financing and it was actually a semi-state private company which implemented the infrastructure. When I say ISPs lease from the government, it’s actually a public-private finance partnership they rent from, so technically speaking all our backbone is privately owned and privately financed, just with a publicly funded risk guarantee.
No longer going to happen finally. We’re going to evict Greece from the Euro instead to punish them for not behaving like good European citizens. It’s all but decided, it’s just waiting for the Greek population to wake up to the fact their welfare which everyone over there is on is about to lose 60% of its value once they start paying it in scrip.
Once Greece is evicted and the local populace start burning and killing and raping one another as civilisation goes on pause for a bit, that will scare everyone else into behaving. Spain and France being the most important. I’m just hoping we don’t get yet more problems from that region which has started most of the wars in Europe since Napoleon.
Fair enough, that’s what Network Neutrality actually means.
It seems like the government does something useful, doesn’t it?
Whereas in fact it just takes money from people who - knowing that the risk/reward ratio isn’t good - would prefer not to partake in that investments, and forces them to invest (or implicitly finance it by taking on their share of public debt) anyway. And magically, out of nothing, there’s affordable network connectivity for everyone!
That may indeed be the strategy, but should that happen those who remain in eurozone should start pushing for their countries to exit sooner (on their terms) rather than later (and turn into Greece).
I agree this would motivate countries to leave the eurozone however y’all are assuming that Greece will fall apart and start having kiniption fits. Have you forgotten what happened to Cuba when THEIR economy went to shit? They pulled up their boot straps and started growing food, a whole urban agriculture revolution worth of it. Hell what about what happened during the Great Depress? Not every country has the stress response of a two year old.
This is not going to happen, Greece is geopolitically too important. If the West would fully abandon them China and/or Russia will be happy to offer them enough to not collapse in exchange for military access to Greece territory and such. But NATO interests ultimately take precedence over EU interests, so the West won’t fully abandon Greece.
Anyway, the mere fact that what you typed is a common way of thinking nowadays show what stupid disasters the EU and EMU are.
I know the geopolitics is fascinating, but is there anything to this technical question, @ned14?