Friday, 17 November 2017

DoS attacks, sorry

I'd love to be able to blog in detail about denial of service attacks, what works, what does not, what we can or cannot do, but it would be mad to do so.

Suffice to say that anyone that wants to, and has a few bitcoins to spare (or fractions thereof) can engage one of the many botnets that exist and DoS the hell out of almost anyone, no matter how big.

It is unusual for an ISP to actually be the target, so much so that we did not cope well at all. We have all been working hard all day, and we all feel knackered. This attacker has caused the problems he wanted to cause, he has upset customers, and disrupted an ISP. Whack-a-mole does not really explain today adequately.

A customer had even ordered pizza for the staff, which is appreciated.

We still have much work to do even if the attack has now stopped, and we hope it has. Not only undoing loads of temporary hacks that cause their own issues, but planning for the future and how to handle things better in future.

At the end of the day we are a small ISP and we try to do a good job for our customers. It is a shame when we cannot do that, and if anything we, or I, did upset anyone I am sincerely sorry for that.

And, of course, I am sorry that our customers have suffered.

OK I get it, enough is enough

Just in case someone felt my last blog post was dick waving about how good our network is, and I think it is good, I do accept that any network can be DoS'd to hell.

I get it, OK.

Thursday, 16 November 2017

Pushing the limits

We are deploying some new LNSs at A&A, three of them so increasing the eight live LNSs to eleven. This will happen over the next few days.

Why? Well, we are hitting some amazing levels of traffic - we seem to have actually exceeded 1Mb/s average peak usage per customer.

This is a metric which we discovered is used by the likes of BT Wholesale, and a few years ago, at over 100kb/s we were a really high usage ISP on their network - the highest at the time.

Basically you look at the peak usage, which for us is now in the evening, and divide by number of customers, simple as that. Bear in mind, at that peak time, pretty much every one of our business lines (which is a lot of our customers) will be idle.

Even so, that average is getting to the 1Mb/s. That is amazing. I am shocked. We have multiple 10G links to peers, and multiple 10G links to one carrier, and extra 1G links going in right now to another carrier, and more LNSs. All in aid of not being the bottleneck.

This really is the netflix generation taking off, and it is a challenge for ISPs. We are coping, and we are making sure we stick to our "not the bottleneck" aims. But it means some quick work to extend the capacity with staff on site today installing new LNS hardware.

We know that Talk Talk are working on expanding their network, no doubt seeing the same increases, and we are working with them to make the best use of that new network as soon as possible. Thanks to those customers testing things with us.

It seems not long ago the maximum a customer could manage, a far cry from average, was 64k ISDN. How times change.

With new links to BT going in, we expect to make tariff changes over the coming weeks to make "terabyte" just another level on all of the Home and SoHo packages, with easy regrades, and balancing of traffic over multiple lines. (Not for 20CN, sorry)

If you want Internet access that works, and keeps up with the ever increasing usage, you know where to come :-)

Wednesday, 15 November 2017

Flat Earth

I am confused by these people that say the earth is flat. There is a Flat Earth Society (with members all around the globe). There are conventions. It seems odd.

Now, let me say right away, I have no issue with fiction. There are groups of people that meet up, and create social organisations, all in support of some fiction, like a book or TV series or some such. One excellent example is Trekkies. These people go to conventions and clubs and have uniforms, and all sorts. It is amazing. It is, however, an escape from reality. We all like to get engrossed in a fiction of a book or a TV show or a film. All of the people involved in being Trekkies know it is "make believe". They do it, and it is fun, but it is not reality and they know it, even when dressing up as their favourite characters. I don't think a single one of them thinks there is actually a Starship Enterprise in orbit or that they are on the crew, or that they are actually a Klingon. They are a bit too much for me (and I like Star Trek), but they are not actually crazy - they have a fun hobby. They have a fun social group. Well done to them.

There are a lot of these fiction and fantasy type clubs and organisations - they create a common focus for a social group. We all want to be part of a group - and a liking and appreciation for some specific fantasy or fiction helps forge such groups and friendships. It is important. I rather like those that follow Terry Pratchett and discworld. That is a flat world too. It is not Earth!

But even those people will not think they actually live on discworld or have magical powers. They know it is fiction and "make believe" and fun.

It is quite amusing listening to my 4 year old grandson - he has a grasp of "pretend", and will sometimes "explain" to me that something is "pretend" if I play along too convincingly. Well done to him for understanding at such a young age. He still likes to pretend though. It is fun!

But this "flat earth" bunch seem different. Some will be "playing along" for fun, I am sure, but not all. Some seem to be sincere! They are people that somehow genuinely believe the world is flat? Yes, the world we live on! The one that we have pictures of from space. The one we can literally fly around on a plane for a small fee. With time zones and everything. The concept of a "flat earth" dates back a long time - and if you really lived your whole life in a mud hut communicating with a village of 100 people and no more you could believe it. But the concept was debunked millennia ago in so many ways, and today people have actually gone outside this earth and looked at it from space, from the moon even. We actually have satellite communications. People watch Sky TV beamed from a satellite that would only work if the world was what it is! They probably watch flat earth conspiracy bullshit via Sky TV even - how is that for irony?! There is no question whatsoever on this point.

So if the "flat earth" bunch were like Trekkies, playing a game, make believe, that would be fine. But it seems they are not. Either that or I am falling for a huge wind up. Am I?

If we accept the premise that there are actually people out there, and a lot of them, that actually believe the earth is flat - and even more - they believe that all of the evidence that proves otherwise is somehow part of a global conspiracy (to what end?), what does that mean?

Is it a problem if there are such people?

I think so. I think it is, at the very least, a clear symptom of something very wrong with society and the education system that such people could exist outside some sort of mental health facility.

Surely the most basic of education would cover this, and the basic science of the world in which we live. I bet I would have a hard time convincing my 4 year old grandson the world was flat - he has google earth on his iPad and loves it. He may be happy to "pretend" for a game, but he is not that daft so as to believe it.

To be clear, I have no issue with Trekkies or anything similar. They know it is make believe. They are "having some fun". We all like to escape from reality to some fiction. But when you start believing your fiction then you are mentally ill, sorry, plain and simple. If you actually thought you were Mr Spock from the Starship Enterprise, and persistently asserted that in real life, you stand a good chance of being locked up, and for good reason. Sorry, not "locked up", but "assigned to receive appropriate mental health treatment".

How is it that anyone asserting the earth is flat is not simply sectioned? Have a doctor go to a conference and literally sanction people and have them carted away? How is this not so?

To be fair, if you have absolutely zero scientific background, have never flown anywhere, or read about time zones (or read anything), and you are really poorly educated, you could fall for this. So explain to someone the reality of the world in which we live (the globe on which we live) and they understand, good. But if they won't understand then they are either educationally subnormal or mentally ill. How can it be anything else?

Is this not like religion?

Well, good point! A point someone made when I tweeted this. Personally I don't understand how people fall for religion. However, religion is somewhat clever. It never asserts something that can be categorically disproved, well, usually not. It will assert something which cannot be disproved because proving a negative is generally not possible. So it leaves a window for doubt among the gullible. So I am not going as far as saying that religious people are nut cases, not quite.

But even a religious person that claims god spoke to them and told them to kill their son, and so they did it, will get locked up - it has happened. Obviously, if that had been a story from a bible, it would somehow not be a case of mental illness, but in reality and in the here and now it is seen as such.

In some ways, maybe religion falls in to the same category as Trekkies. Maybe not, as I suspect a lot of people do not realise religion is all "make believe" as well. I bet a lot do though, even though they "practice" religion. They must know it is all "make believe" just to feel better, surely?

It is, perhaps, telling that no religion (as far as I know) proclaims the earth to be flat! They are not that daft. Tell me if one does :-)

Monday, 13 November 2017

🎶 The Internet is really really great... 🎶

I do not watch much conventional TV so rarely see adverts, however I have noticed on the rare occasions I catch TV in another room, or radio in a car (I don't drive either), there appear to be adverts running to advise people of the dangers of entering personal details on the Internet.

I am not sure if these are public service adverts or run by a bank or what, but they are an important message. Checking the web site is secure, is the site you think it is, and why they are asking for details.

Always be wary of web sites asking for personal or banking details!

Except, of course, when it is a porn site, because they are being forced by UK law to ask for details to verify age, or link you to some age verification system that asks details, even when not purchasing anything from the site!

The Open Rights Group rightfully raise concerns over the age verification companies (here). There are also serious issues over competition for age verification services, possible monopoly which may price some sites out of the market, and the AV services run by the main porn site provider, so no real separation of identity from porn preferences.

This is bad, but for me the bigger issue is the number of scams that will be out there. If it becomes normal to have to enter personal details or bank details to prove your age then there will be no end of scam sites offering free porn, or simply redirecting from a fake site to a free site that does not ask after it gets details. They will quote, and even link to, the UK legislation and information sites I am sure, just to add credibility.

And when someone gets charged £10 for some dodgy age verification site, really, how many people will own up to being duped? Especially if the porn in question is even remotely embarrassing or "specialised". Though the issue is bigger than just random charges, that personal data then gets sold on a black market and exploited. Depending on the sites it may be used to blackmail people. Leaked data from actual sites has already led to suicides - this will be way worse.

And none of this "solves" the supposed social issue, if there is an issue to solve even. What we need is better sex and relationship education in schools, simple as that.

But, to add a slightly lighter note, don't forget, as Avenue Q have said...

Sunday, 12 November 2017


I did say I was trying to learn Ada.

Well, I thought I would explain that it is a bit stalled, sadly.

I have managed to read a lot of the Barnes book on Programming in Ada 2012. Well, over half anyway. I read a lot whilst on a cruise!

It is a tad more verbose than I am used to, but overall I would have to say it does look good. The very strong typing, and the fact that all types allow value range controls, all make for much safer code. Even the multi-tasking looks interesting.

I have got to the stage that I would like to try using it, and that is where I have come unstuck, sadly.

Obviously, if I wanted to simply code some abstract program, much as one would on a Computer Science course, then of course I could use Ada. Sadly, such simple self contained abstract programs with no more than basic text input and output are pretty much academic now. Nobody does INPUT and PRINT to communicate to the user, they use a range of libraries, web sockets and web pages, javascript, all sorts. And that is just the user side, the back end is all libraries for mysql, or B2B XML, or libcurl, or something else.

A lot of the code I work on, and code I start from scratch even, is run on a linux environment. I have a load of our own C libraries which we use extensively, but of course linux has a lot of C libraries that are used for all sorts of things. I am not against re-working our own libraries - some of the key ones are XML manipulation and SQL front end for the standard client library. I am sure both can be done in Ada with no problem, but I am not re-working OpenSSL from scratch in Ada.

The problem is that to use these from Ada I would have to find or code interfaces or new libraries. That is going to make a huge hurdle for any code I need to write. I get the impression that there are some Ada wrappers and libraries available, but I am struggling to find them.

I mean, is there an Ada library for mysqlclient interface, or openSSL for TLS? Heck, what about something really simple to start with like popt library? There must be a good Ada XML library?! If I can find libraries or wrappers for a large list of key functions that we use regularly on linux then maybe I can start using Ada, but right now it is not looking promising.

There is one closed project we work on, and have for many years. It is a project where every library and functions is written from scratch, including the operating system. It was suggested long ago that maybe we should use Ada, and I decided against it. In hindsight maybe that was a mistake, as it would have been a perfect case where we did not rely on any external systems and could have started from scratch in Ada. That project is the FireBrick. There is even some chance we may start using some Ada modules in future... But that would have been cool - a complete operating system from scratch all based on Ada. I am kicking myself for not doing that when we started now. Sorry Cliff.

If I do make more progress, I'll let you know, but for now it is stalled.

Saturday, 11 November 2017

Is this getting out of hand now?

This is to try and maybe spark some debate, and as always I am interested in some views here.

There seem to be an awful lot of accusations of historical sexual abuse or harassment flying around, and I noticed today that George Takei (Sulu from Star Trek) has had some sort of allegation of something from 40 years ago. I am not even going to bother looking it up.

So it struck me that there are clearly issues here, not only with actual cases of sexual abuse going unreported for so long, but also the cases where people are simply "jumping on the bandwagon" hoping for some settlement. Even where something did happen, I really find it unbelievable that either party could accurately remember what happened 40 years ago - the way memory works it will have changed your memory of what happened quite a lot over time, if you remember at all. The same goes for any witnesses.

So how on earth can this be fixed? Well, I suggest a simple time limit - perhaps 10 years (or 10 years after the victim becomes an adult if that is longer). Even 10 years seems a long time for clear memories in what is almost always one person's word against another.

But don't shoot me down just yet - I am not trying to be insensitive. I am not in any way saying this as a way for perpetrators to get away with sexual assault, in fact quite the opposite.

Clearly, and this is where I am doing my armchair psychology, the victims in such cases feel they cannot come forward. As time goes on, there is nothing to change that view - no impetus to make them come forward, except perhaps when something is in the news, even relating to the same perpetrator. Without that impetus the victim has to live with this memory forever and the constant "should I say something?" feeling and dread.

If, however, there is a time limit, there is am impetus. There is a deadline, and that could encourage people to finally come forward, even if right on the time limit. If they choose not to, then they at least no longer have the "should I say something?" feeling as they chose not to in the time they had, so it is "settled", mentally. Maybe they can move on?

But it could mean that perpetrators get dealt with sooner as well. Instead of justice coming to them 40 years later it is only 10. Indeed, maybe it should be shorter like 5 years?

This would have the other side effect of stopping these crazy made up claims from decades ago, and also make it slightly easier for the poor investigators that are trying to unravel such cases. 10 years is a long time for memories to be clear, but when you start talking 40 years, it must be impossible for anyone to prove anything. One really long time scales you even run the risk that possible witnesses are now dead! These accusations then go unresolved and can be extremely damaging for the accused who equally cannot prove they are innocent. You end up with trial by media in effect.

Is that a crazy idea?

Droning on

Around a year ago I got a drone, and did the right thing and did training, passed a flight test, got insurance, and got (or rather A&A got) a PfCO from the CAA to allow commercial drone operations.

As a company we do like to dabble, and have been involved in many interesting ventures like this over time. Even so, we have not pushed this a lot and in spite of several enquiries we have not managed to sell any commercial drone operations this year. Which is a shame. The one operation we ran internally involved a slight incident with a tree sadly. The insurance was good and paid out.

Even so, not all ideas have to be an immediate success. Our engraving business took around two years to pay for itself. Our 3D printing business is getting close to paying for itself. Our card printing stuff is actually picking up nicely now. Many of these sidelines are also useful in the business (e.g. we engrave front panels for FireBrick FB6000s we make, and use some 3D printed items in the office, and print cards for routers we send out, etc). We have used aerial shots of the office as well, for the business.

However, I have decided that we won't renew the PfCO and insurance. I have not taken the aerial photography off the web site, on the basis that if we do get a reasonable job we can renew the PfCO and insurance.

It is a bit of a shame really, and I largely put it down to a degree of over regulation. I appreciate a lot of the rules are for safety, and that makes sense. But a lot of the rules are not - e.g. one can fly a drone without camera (which is just as dangerous) in many more places than one with a camera.

The real bummer for me is that even after the training and the tests and the permission and getting the insurance, I cannot even simply take aerial shots of my house! To do so would mean getting permission from several neighbours, some of which are not going to give it (we do have at least one rather odd neighbour).

Now I appreciate that allowing someone to pop to the Apple store, get a drone, and start flying around is not very safe, but I have had the training and got the PfCO and insurance. I understand the DPA issues. I can quite safely fly a drone over my property without flying over my neighbours (although I am allowed to if over 50m even without their permission, the problem is taking off and landing!). So why make the rules so restrictive and nonsensical? It is crazy.

If I can't even do that simple thing, a shot of my own house where we were having work done in the garden, how the hell can we sell services to people?

I'd like to see the rules changed. Yes, make drones identifiable and pilots accountable and insured, that is all fine. Have a test you need to pass - that is fine. It is not different to driving a car. But I don't need my neighbours permission to drive passed their house, for dogs sake!

Friday, 10 November 2017

Automatic Compensation for Broadband faults

OFCOM consulted on this earlier in the year and we raised a number of concerns over it - not the principle, which is sound, but the implementation. One of our main suggestions was that it would be simple if Openreach paid out automatically for the specific issues covered, and carriers and ISPs simply passed this on.

Well, in a round about way, it seems that may be what we can now do. OFCOM just published their decision (here). It mentions our response quite a lot. It outlines an industry scheme run by BT, Virgin Media, Sky, TalkTalk and Zen Internet to pay out £8 for a day service is not repaired (total loss of service), £25 for missed appointment, and £5 per day for delayed installation.

We know there is work going on with Openreach to manage the interface (XML B2B stuff) to allow this whole process to work. We are asking our carriers today (BT Wholesale and Talk Talk Business) to confirm they will pass on what they get from Openreach.

Whilst AAISP are definitely not part of this scheme, we are more than happy to have Openreach work out that they have delayed a repair, missed an appointment, or delayed an install, and either directly, or via wholesale carriers, send us the compensation and we will pass on to end users. We'll need to work on the interface to make that work, but hopefully that will not be too hard. Assuming the carriers pass it on, and we can automate it, we will simply add a credit note on to the customer account, which if paid by Direct Debit and it makes the account in credit, will mean an automatic BACS refund of actual money to the customer within a few days.

Even so, the OFCOM response does have some oddities - such as no compulsion on wholesale and back-haul carriers to pass on compensation at all! We'll see what they say.

P.S. Of course we also hope this will mean Openreach improve services so as to avoid having to pay compensation anyway, and this will be of benefit to all ISPs and customers, not just those in the scheme.

Thursday, 9 November 2017

Better broadband

As our customers will know, at AAISP, we take the quality of the broadband service we provide very seriously, and one of the things we do is an LCP echo every second on every line.

Whilst that may not mean much to some people, what it means is we are constantly testing the link to each and every customer every second to see if there are issues.

Even though we are comparatively small compared to the big players like BT retail, we spot issues in back-haul networks before almost anyone else because of this monitoring. There are other ISPs using FireBrick, so we are not alone, but possibly one of the biggest ISPs using FireBricks, and collating the data over thousands of lines.

Over the years we have seen some really interesting issues, mostly with BT, but even with Talk Talk back-haul we have seen some issues. It is really good that both carriers are prepared to work with us to get issues resolved - although it can be an uphill struggle to get issues recognised initially.

The long grass.

One of the very first issues we found, many years ago, is something called "long grass". It is actually what made us start testing all lines all the time. It got that nick name because the latency response on our graphs is green at the bottom. The long grass was spikes of green at frequent but irregular intervals. These spikes of as much as 50ms occasionally were enough to interfere with VoIP calls.

It took months to get to the bottom of it, and ended up being some Juniper routers which seemed to stall for 50ms when they updated routing, e.g. when someone connected or disconnected a line (which is why the spikes are a bit random). They provided BT with a patch and it was finally fixed. As I say, this was years ago.

Only our monitoring, being able to put together a complete and exact list of the hundreds of lines impacted by this allowed it to be pinned down to specific makes of router. Also, the fact the same pattern of grass appeared on lines connected to the same specific router was also a clue. Almost any other ISP monitoring would not have picked up the issue at all, let alone made that connection.

As an aside, this level of issue is so specific, it is hard to see the likes of OFCOM ever understanding that this could count as a "fault" in any way. Even BT struggle to define this sort of thing as a "fault" and had it been just one line we would not have got them to fix it, which is a shame.

Dripping blood.

Another issue is congestion which results in packet loss, and that slows down lines quite a lot. Called "dripping blood" because we show loss as a percentage from the top of the graph in red. Even 1% of random packet loss can have a big impact on TCP file transfers. This is something that can happen for lots of reasons, but when we manage to correlate to a specific BRAS, metronode, exchange, or even cabinet, we can help ensure the issue is resolved.

On one occasion BT found they had some serious issues within their core network as a result of our monitoring and reporting to them. Again, like the long grass this impacted every ISP using BT back-haul. They had faulty / dirty fibre links, and had some serious misconfigurations on some ports and aggregate links. We had sight of the report to BT directors but sadly could not have a copy - and our monitoring graphs which we provided to BT were key throughout the report.

We had a similar issue on Talk Talk early on, a congested exchange. Turned out to be misconfigured port at 100M not 1G (or was it 1G not 10G, I forget). They fixed within the hour if I recall, thanked us, and ran a script that found half a dozen other similar errors where congestion was not yet happening.

Working with Talk Talk.

We have addressed many issues, especially in BT, simply because of the number of years we have been using them. Talk Talk have had fewer issues, and the main one has been some congestion for some customers. This has cropped up several times and been addressed with various workarounds. However Talk Talk are taking this as seriously as we want them to and they now have a new back-haul network using new Juniper LTSs. This should sort the various capacity issues we have seen and ensure the service is the quality it should be.

The fact we have had issues over the last couple of months is telling in the Think Broadband speed test survey where we were not the highest quality rating of 0.1, but only 0.2, last month. This is a big concern, and probably down to these issues. We were still the fastest FTTC provider they tested though. Whilst November may not be better we hope we are back to best quality metric in December, and of course retaining our top spot for fastest FTTC. Having this sort of independent and impartial testing is very important for ISPs like us, and far more than just blowing our own trumpet.

Today we are testing with some customers on the new Talk Talk platform, and expect to switch over once they are properly ready in a couple of weeks. We are one of the first on the platform, so this testing is important. Obviously those using the new platform may find the lines get kicked off or reset whilst TT are working on this, but so far the testing is going well, and they can always move back at any point.

Not just us...

So, overall, we are keen to work with carriers to ensure their network is the best it can be and so ensure our service is the best it can be. If that happens to make things better for other ISPs and their customers, so be it. As long as our customers have the best, we are happy.

The shame, the failure...

Sometimes one has a chance to be smug.

I really thought this was one of those times.

As is usual, on release of the latest shiny shiny from our friends at Apple, my son was there on his browser at 8am on the 26th trying to order a new iPhone X.

He was cursing. He could not get to the site initially as it was too busy. The Apple shopping App was not help. He could not get the Apple upgrade programme to work. He ended up faffing with a finance thing, and finally, in spite of all his efforts and fast typing, even only a few minutes after 8am, he got a date of end of November to early December.

I had a lie in, and around 9am, I decided, what the hell, I'll order one, and yay, end of November to early December. They provide a one week window of expected delivery.

However, a friend then told me that "Apple business have separate stock, you could get one on the 3rd".

I thought - yay, I can oversleep and be smug, I'll order from them, and cancel the other order.

So I checked, and we spoke to Apple business. It was a bit like...
  • Ordering starts 8am on 31st October...
  • OK, so how do we order
  • Send us an email
  • When, 8am?
  • No you can send now (this was the 30th)
  • OK so what happens at 8am
  • We send off the orders
  • Does it matter that we only ordered now and not earlier
  • No, they all go in a pool
  • OK so when will we get it
  • Well, they'll start shipping from 6th Nov
It was not clear if they meant shipping on 6th to arrive 7th, or shipping to arrive on 6th, or whatever. On 31st they confirmed the order had been sent at 8am. But we called on 3rd and were told they will tell us when we can expect it, on the 6th.

You can guess the rest I bet.
  • On 6th - no we don't know
  • On 7th - no we don't know
  • On 8th - no we don't know
  • On 9th - no we don't know
  • On 10th - no we don't know - but do keep chasing!
  • On 13th - no we don't know
  • On 14th - no we don't know
  • On 15th - no we don't know
This is really poor Apple. I know you have to allocate stock and there is a list but how hard is it to say when it will arrive, as an estimate. They manage it in retail. If it is going to be like 25th November, just damn well say so.

Sadly my smugness at having one on 3rd, or even 6th, has been thwarted by increasing amounts of time passing. I guess we'll see, and cancel whichever takes longer.

I feel I have massively had my smugness taken away. Even if I do get mine before my son, it will only be a few days, and the smugness will have diminished to a wry smile at best.

Damn you Apple!

BTW, Victoria got one on a contract, and got it on the 3rd, and out smugged us both.

P.S. Yes, I ordered one for my son too so that after I was smug I could cheer him up.

Wednesday, 8 November 2017

CISCO & FireBrick?

As ever this is very much my personal opinion... I hope it makes sense.

I used to be somewhat in awe of the likes of CISCO. After all they made these big routers and profession kit that everyone uses. When we started making FireBrick routers I felt a bit like we were sort of a Mickey Mouse company by comparison. Just a few developers working on hardware and software, and doing it from scratch, following RFCs, even making an operating system from scratch.

But oddly, over time, that view has changed both ways. I am actually feeling that what we make is very much "proper" in so many ways. We are out there, and A&A run an ISP on largely FireBrick kit. Many small ISPs use the same kit, and loads of end users make use of FireBrick firewalls. It works. But of late we have some CISCO switches in the A&A network. I sort of swore I would never use anything but FireBrick, but we have not got 10Gb/s FireBrick switches yet, so we had to get them. I wish we had FireBrick 10Gb/s switches to be honest :-)

They are actually pretty good. I will say one thing for CISCO, they can make some impressive hardware. Some fast switches and fast ASICs in their routers. We are not a patch on that. Our hardware is fast but is designed to do software routing very fast. So we are there at a few Gb/s, and CISCO are there with boxes that do way way more. We're getting there - the 10Gb/s+ box is on the drawing board, obviously. But we will never manage anything like CISCO's top end, well, probably not. We can hope.

But using CISCO kit has been a challenge. It has quirks and bugs and things that will drive you mad. I never realised this until we started using it. We have seen error cases, in one case a significant A&A outage, that seems largely attributable to the switches playing up in odd ways. CISCO TAC (the support side) is expensive, but a necessary cost with CISCO kit.

I do not see our hardware equalling CISCOs top end, as they have very fast kit, but I see our hardware working well at the level it is designed to work.

Do I see CISCO software on a similar level? Well, I am beginning to think so in some ways. CISCO have way more software, and way more things they do in their kit. We have focused on what we need for the products and added lots of features, but nothing like the features CISCO have. The down side is that CISCO have loads of old and legacy code and protocols to maintain. We have less code, and newer code to maintain. So this makes things a tad more equal in terms of things that can go wrong.

We are looking at a quirk in the CISCO switches today, and will be tomorrow. An odd L2 or L3 routing issue. It should not happen, and will be a lot of head scratching and may involve calling TAC. I am sure it will be resolved, but it is a good example of the sort of problems one can have. If we had the same problem on FireBrick kit we would know a lot more, but that stands to reason. We are not without issues, obviously, but I would not say we have more than CISCO.

So with all of this I was rather interested in the views of a potential customer recently, which sort of fits with how I now feel about companies like CISCO, and comparing to FireBrick.

Firstly the customer was keen to use FireBrick as he needed IPv6 that works properly. Now, I have not tried any CISCO kit with IPv6 - we are using switches at present with a small amount of IPv4 BGP to carriers, and that is it. But the view is that FireBrick have been doing IPv6 for like a decade. Our current code base was designed with IPv6 from scratch. IPv6 is in serious use in A&A using FireBrick kit. One advantage of not having all that legacy code. So actually we were seen as more "mature" in handling IPv6, which is good news. Score one for FireBrick.

Secondly, for the scale of operation the customer needs, we can do the job with the 2Gb/s capable FB6000 series, but we are more expensive than a CISCO box that can do the same. There is not quite the same second hand and used market for FireBrick as with CISCO (yet). But that is until you factor in TAC. The support for CISCO is not cheap, and suddenly we came out on top on price when considering only a few years of support. Just our policy on free s/w updates is a huge win. So score again for FireBrick.

So here I am, well down the line in terms of FireBrick as a product and a company, many years of work (almost two decades), and I realise that we are a "contender". Our code and our hardware is far from Mickey Mouse, and even the big players have their off days and their issues. I realise that we have a really good product, and it seems from the enquiries and recent sales that customers are seeing this too.

We are still going, and the new FB2900 product is due out real soon now (boards exist, EMC testing passed, stuff on order, even rack mount kits!). We are starting on the new FB9000, with is a 10Gb/s+ ISP grade router and LNS. The future is looking bright.

P.S. Sitting down with print outs of CISCO configs and marker pens, and half an hour later we found the smoking gun - actually a config error on our part. Very odd config attributed to someone that does not work for us now, but we all have a much clearer understanding of how it works now, and the problem we were chasing is fixed and not a CISCO bug - phew.

Tax avoidance

Once again I got in to a long thread on the book of face, and so I thought I would consider my ideas on this and condense them down a little. The issue is this meme:

So what do I think they are trying to say? I think the message is that we are wasting resources chasing benefit fraud when we should be spending effort chasing tax evaders.

Sadly I see a lot of problems with this graph, and that comparison.

For a start, even if you assume the figures are right, the comparison is of apples and oranges. The resources spent chasing benefit fraud are not the same resources spent considering tax avoidance issues or chasing tax evasion. They are separate groups of people with separate roles. So why compare them - it is not like we can "steer the countries resources" from one to the other in any meaningful way. Ultimately things like benefit fraud are worth chasing if the amount saved by doing so is more than the cost of the people doing the chasing, simple equation! Things like changing laws to reduce tax avoidance is a matter for parliament - a group of people that do not spend any time chasing benefit fraudsters. So again, not a sensible comparison in any way at all.

But there are other issues, like what is the point of "benefits unclaimed" in this at all? It is green for some reason, perhaps because it should be below the line - the country and tax system do not "lose" as a result of benefits unclaimed. In fact they gain, seemingly a lot. If this is about where it is worth spending resources so as to improve the taxes collected (which seems to be the point of comparing with tax evasion), then it seems to be suggesting we spend some effort making benefits more complex and harder to claim (some would say that is exactly what is happening).

Then we have the big issue (which seems more controversial) of the amounts included in the tax evasion column. The heading is "tax evasion" but the columns say "avoided and evaded and uncollected". Well that is three very different issues. Uncollected is incompetence in HMRC that needs addressing. Evaded is illegal and needs work by HMRC to collect and/or prosecute. Avoided tax is legal and does not need any work by HMRC or the people that chase benefit fraud - it is a matter for the likes of parliament to consider changes to the laws on tax. We have no idea which of those there are represented or to what extent in those columns.

Also, to a large extent, estimating the amount of tax avoided is just silly. It is trying to work out what could have been paid if people had chosen to structure their business and tax affairs in a less sensible way. But why assume anyone would do that and how stupid do you have to assume they will be? As that will impact the figure. Do you go as far as assuming they won't but some duty free scotch next time they travel and include that tax in the figure?

And what avoidance do you include - there seems, from the Facebook debate, to be different types of tax avoidance, and some (like investing in an ISA, or buying duty free scotch) which are "OK" and some (like having an off shore company in a low tax country) which are apparently not OK. So which are included in the "avoided" figure? All? Some? Only those "morally wrong" somehow.

It is interesting how those that say there are some tax avoidance ideas that are "wrong" seem to pick those which are unavailable to themselves. Someone on PAYE is happy with the paying in to an ISA,  paying in to a pension, or even buying a bottle of scotch, but not with running an off shore company. It seems the "moral" choice here is "anything I could not do" (usually because doing so is simply too expensive).

One rather odd point came up, with an area of tax avoidance that is just in the "cannot do that myself" category for most people... My company does a lot of R&D, and we make an R&D tax claim. All correct and legal. It means we get a nicely reduced corporation tax bill. I know one company that pays no corporation tax as they do a lot of R&D, but still makes a healthy profit.

One person felt this was "reasonable" because we were doing the R&D anyway. Indeed, he specifically asked if we do R&D in order to reduce our tax bill.  It seems he would consider it "unreasonable" if we had chosen to do the R&D simply to save on tax.

Now that really does seem odd, as the whole point of the R&D tax savings is to encourage companies to do more R&D. The tax system is set up on the assumption that businesses will change what they do so as to reduce tax - that they will invest more in R&D so as to be able to make this tax claim.

Yet that very action is seen by some as "unreasonable".

I struggle to see how the tax system, or anyone, can assume companies will somehow not create off shore companies, and so on, if legal to do so, but will assume that companies will invest more in R&D if it saves tax. Both done to save tax in a legal way.

Indeed company directors are meant to act in the interests of the members of the company (shareholders) and so have an obligation to do what is in their best interests, legally.

But basically, the graph is a pile of shit, and makes no meaningful comparison of anything.

Tuesday, 7 November 2017


I have been pondering the meaning of "friends"...

Of course, the first thing I have to say is that just because the above picture has my friends Mike and Simon does not mean anything in any sort of ranking of friends, it is just that I have that picture of the three of us on the "friends" couch in a studio in LA (well, maybe that does say something). That said, they are two of my best friends and have been for many years.

But I was pondering the different sorts of friends we have. Over the years I have had many friends, and perhaps a key aspect of such friendship is that we do things socially as well as in other contexts. People you meet for a meal, or a drink, at the very least.

I have had many "work friends" that I have met socially, been to their houses, met their kids, etc, but the second I left the job and town in which I worked with them we did not keep in touch. It is strange that can happen, both ways around, and is not like we hate each other, just the social and work interaction is no longer there... In some cases, meeting now, after decades, would be strange and awkward.

There are friends I have made due to proximity in terms of where I live, but that is not actually that many people. I expect historically the local community was far more important than in the information age in which we now live. I doubt count any direct neighbours as "friends" especially, sorry.

There are friends I have made due to a social proximity as they are friends of relatives or other friends. I have a few of those. I am, of course, friends with all my kids partners. This is a sort of half way between the relatives you cannot pick and the friends you can. Sort of friends by proxy almost. Sorry if that sounds bad to some. I am happy to say I am friends with you all, obviously. Would I have met you and been friends if not for my kids - maybe not. That is not saying anything bad about you in any way. Friendship can only happen by proximity and exposure and interaction.

There are friends from work, and their indirect friends. There are friends I meet due to work, like those that attend LINX and LONAP meetings and so on. Many I would call friends. Many I rarely meet, especially out of this contexts.

There are friends on the Internet, some of which I have never even met. That is where things get interesting in many ways - the web of friends transcending any locale these days.

There are friends from some weird historical connection that are still there somehow. Friends that happened for any of the above reasons but manage to persist.

But all friends have different reasons for being friends, and different levels to which they will go as friends, and different resources they can provide as friends (and conversely levels of resources I can provide to them). That may be simply "prepared to go for a meal with them", or much much more.

Mike and Simon are a strange pair - I met via work, as customers, but I have met their families, stayed at their houses, and they have stayed at mine. We have met socially on many occasions. We interact most days, or at most weeks. I know they "have my back", I mean if I was like "Holy crap, shit hit fan, can you lend me £50k" then both would step up, and I would do the same for them, no questions asked. That said, it seems horrible putting a price on friendship as I just did, but in many ways it is a measure you can use.

But I have have a few friends I fail to keep in touch with as much as I should, who are as much friends as Mike and Simon if not for the long pause in communications and friendship.

Keeping up a friendship can be hard work, but a real friendship probably does not need "keeping up" that much, and in that respect I can count many other friends. some of which I have not gone to dinner with for years.

Of course the most interesting of friendships are those you have with your relatives, such as my kids. One of those we cannot avoid if we wanted to, and all want to make work as well as we can. Perhaps they are the best friends...

Monday, 6 November 2017

NAT is evil, and really, not a good firewall, honest

I have been busy today with some new code on the FireBrick for two protocols (RFC6886 and RFC6887) which provide ways to get through NAT and firewalls.

What's the problem?

The original design of the Internet had all device's interfaces having a globally unique IP address that could send and receive packets on the Internet as a whole. This is great but for two small flaws: (a) There were not enough IPv4 addresses for that, and (b) Code is stupid, and hackers are not, and so we need firewalls.

So the classic scenario is a network (home or office) behind a router which does NAT and has one external IPv4 address (which may or may not occasionally change).

Please! NAT is not a firewall!

And yes, even FireBricks allow this set up, doing basic NAT on all outgoing sessions as well as allowing a wide variety of mapping configurations - if you can be bothered to set them up.

The classic scenario has a pretty simple router and simpler end users where they do not want the hassle of configuring mappings, and so this causes issues with anything on your network which would like an "incoming connection" to get to it.

NAT is evil!

NAT is a problem for so many reasons. It stifles development of protocols. It just makes life difficult. The usually answer is, of course, use IPv6.

The problem is that people still need the fire-walls. So even on IPv6 you have to ask how the incoming connections get past the fire-wall?

The solution!

Have a protocol so devices on your LAN can tell your router to map or allow some incoming connections. Simples!

This started with uPnP (Universal Plug 'n' Play). Yes, 'n' should be 'and' and so it should be uPaP, but what the hell? My understanding of uPnP is it is a can of worms, so we have steered clear of that, sorry.

However, there is more. There are newer protocols. NAT-PMP (Network Address Translation - Port Mapping Protocol), and PCP (Port Control Protocol, not angel dust, honest).


The NAT-PMP (RFC6886) protocol is beutifily simple. Really, it is very very simple - it is a UDP packet sent from a device on your LAN to your router which can ask one of two things: (a) What is my external IP address?, and (b) Please map something to this port on my address. The latter can be TCP or UDP, and allows a suggestion of the external port to assign if possible as well as setting a timeout. The mapping has a lifetime and can be renewed. The reply says which external port was assigned.

That is it. IPv4 only, but incredibly simple for server (router) and client. Noddy in the extreme.

I love it for its simplicity - it has taken literally a few hours to implement on FireBrick. The hard part is making it so fire-walling rules can decide which mappings are allowed.

But you do have to think of security here - let's be clear: ANY DEVICE on your LAN can send a single UDP packet to allow incoming connections to ANY DEVICE on your LAN!

Yes, in theory, "third party" requests are not allowed, but the router has no way to know if a source IP (and even MAC) is spoofed on a LAN. A virus or rouge app able to send UDP packets can just open up your LAN just like that! Really, NAT is not a fire-wall!

This is why we decided to make the FireBrick allow configurable fire-wall rules to decide what mappings are allowed...


What about IPv6? Well the answer is RFC6887 PCP (Port Control Protocol) which provides some cool extra features. The main one is handling IPv6, but in theory it could talk over CGNAT as well, and allows it to do a few more things.

Firstly the "what is my external IP" has gone, in favour of "what external IP was allocated this time for this mapping". Very sensible when considering things like CGNAT which may have many external IP addresses.

It then has the two main types of request - one is to create an new incoming mapping to a port (just like NAT-PMP) but the other is to create a new explicit outgoing mapping and get confirmation that it worked, and what external IP and port have been used. The latter is easy (just send a packet) but harder to control what ports or see what ports and IP have used, so PCP solves that nicely.

It is also designed to allow for the internal and external IP and ports to match (which could just as easily apply for NAT-PMP in theory) to allow simple firewall holes to be made where there is no NAT (as is normal for IPv6, obviously). NAT is evil, after all.

It is slightly more complex, so I may code support tomorrow. Again, fire-wall rules to define what is allowed and not.

PCP allows for explicit third party mappings to be made, and suggests a gateway should not do them unless expressly told to allow them. But they are still just a UDP packet, so again ANY DEVICE on your LAN can send a single UDP packet to allow incoming connections to ANY DEVICE on your LAN!

Which is a risk, obviously.

It's all in the app!

One thing that took me a while to realise is that it is not down to the operating system of the machine or console - e.g. does Windows support NAT-PMP and/or PCP, etc. It is down to the application.

An application can send the message to open a port, simple as that. So actually it is down to which applications support these protocols.

I suspect for the likes of game consoles, where this can be important for hosting games, this may be console dependant rather than per game - I hope so. We will see :-)

Sunday, 5 November 2017

Burning an Openreach van effigy will clearly fix the broadband.

Interesting news article on BBC about burning an effigy of an Openreach van.

Firstly I would like to say I have some sympathy for anyone that has to endure slow broadband speeds. It is a pain. I have been there. In fact I was lucky when I managed to start using ISDN at 64k after being on 28.8k modems - a big step up from 1200/75 modems I first used. I would say I am lucky now that I am on real glass, but that is more down to paying many thousands for a fibre to be dug in rather than luck.

These days there is a lot more content on the Internet, and there is one key thing that generally needs several megabits of capacity - that is streaming video in real time.

Sadly, publicity may get change in this case, which is not really fair on everyone else in the same situation. Good luck to him, and well done if it does.

But let's pull apart the article a bit here, as it does not quite seem right...

BT said Templeton in Devon is extremely rural, which made the rollout of fibre broadband "more challenging". It said it was working hard to find alternative ways of bringing faster broadband to residents, including a community fibre partnership and a mobile broadband solution.

Well, yes. A small town, needing many kilometres of roads or fields dug up to lay a fibre, and possibly for a handful of houses - simple economics - the cost of doing that is way more than the revenue you get from it for many many years. If the residents don't agree, they are welcome to get the road dug and a fibre laid - there are companies that will do that for them. It will be many thousands of pounds per household I expect and only work if they all pay it. It is a shame, but the last few rural areas will be the last to get roll out of such things. I am glad BT are trying to work with them on improvements.

Mr Linden said "It's incompetence of the first order... but we all had a great evening watching the bonfire."

That puzzles me. BT are not incompetent generally, and they can lay a fibre, and will, for the right money. This is not a result of incompetence, it is a result of economics. I will be more than happy to provide Mr Linden with 1Gb/s fibre optic broadband to his home in Templeton if he wishes, for the appropriate fee (many many tens of thousands of pounds), and I'd use Openreach to do it. So not actually incompetence at all.

With a speed of 0.7 megabits per second, Mr Linden says - like many others in the village - he cannot stream anything and is only able to look at emails and occasionally browse the internet.

OK, so he can do browsing, and email, and other things but not stream video in real time. 0.7Mb/s sucks, I agree, but it is not unusable. You can access the Internet. It is a good case where an ad blocker would help matters, I agree. Pretty much all things apart from live streaming video are actually possible, but slow. See below, there are things that can be done...

Adam Short, who moved to the village about 18 months ago, said he helped create the van effigy - marked with the words "won't reach" - on the floor of his barn. "We knew it was terrible before we moved, but we hoped there would be a solution," he said.

Hang on, he knew it was terrible before he moved? He "hoped" a solution magically happen? If you moved there and knew the situation beforehand and made an informed choice, really, WTF have you got to moan about?

"Trying to run my business from home is nigh on impossible at times, and I'm one of the lucky ones because I have a 4G signal on the roof with some specialist kit.

This is even more odd, in my view. He moved there, and runs a business from home using the Internet. He knew it was slow. But why would it be impossible - I run a business as we don't need live streaming video - we use web pages, and email, and things using way less bandwidth, all of which are possible.

Also, hang on, he has a solution, some specialised kit (?) to get 4G. So why is he moaning about this. He "hoped" there would be a solution, and, err, there is one, and he has it? What am I missing here?

"It also has an impact on the children in the village as it's restricting their homework."

OMD! (Oh My Dog, I have a dog) this is actually the "think of the children" argument. Please, what homework needs live video streaming? No way, sorry.

What can be done?

There are many ways this could be improved.
  • A really simple start is some line bonding. We have dealt with people in small villages and they struggled to get 1Mb/s on a line, so had 4 lines bonded. Worked really well. A&A can do that. Costs a bit more, but nothing like fibre dig costs.
  • They could club together and work on a community fibre initiative (what the BT man suggested), but it will cost.
  • Anyone could get a fibre service for an arm and a leg - just depends how much they want it.
  • There are point to point wireless systems - I have a friend in a small village who paid a farmer the other side of the valley that could get FTTC to have a radio link on his roof. Now my friend has over 160Mb/s in just this sort of village.
  • Satellite is available - it is shit latency but as far as I know it does work and will do 10Mb/s type speeds. It works anywhere you can see the sky and is not stupid money.
  • 4G and mobile solutions exist - one of the people in the village even has this.
So sorry I sound less sympathetic now - the story starts off well, but then almost every quote in the story is wrong in many ways, and it sounds more and more like a pure publicity stunt.

Hopefully they will find more solutions soon...

Saturday, 4 November 2017

Stargate Gods?

I am a bit of a fan of sci-fi, and have, of course, watched Stargate SG-1, Universe, and Atlantis. All great Sci-Fi, even with many flaws (6 points in space, FFS).

I was pondering the Stargate view on "gods". I think it is actually quite interesting, to be honest.

The basic story, back to basics, is that the Goa'uld are a parasitical (snake like) creature that needs a human (or something similar) as a host and pose for the local population as a "god". They have advanced technology, and supposedly posed as a variety of gods (and even the "devil") on Earth over the millennia.

So it makes you wonder on any sort of definition of "god". Purely due to technology, which the Goa'uld keep secret (even from Jaffa), they can create the impression of being gods. But is superior tech all that you need to meet such a definition? Perhaps it is?

What is interesting is that the worshipers in this case have a tangible god, which nobody on Earth has. They can see their god, and the acts he performs (using high tech), so there are no agnostics as they know the power the gods have, and presumably no atheists either (but that depends on definition of "god"). Given that they exist (in the show) the Goa'uld are more tangible and plausible "gods" than anything any Earth religion has to offer.

But as time goes on, the followers are convinced to recognise them as "false gods", and simply technologically advanced aliens that they are. Yay for the rebellion!

So what next? Well the show goes on to discover "ascended" life forms. These are formerly people (ancients) that have ascended to a "higher plane" and now are pure energy. One of the main characters (Daniel Jackson) even manages it, and by a convent plot twist he even comes back. They have control over natural forces and more power than the technology of the Goa'uld but all done without using technology.

Surely these count as actual "gods"? They even have a code of conduct preventing them interfering, except when the script really needs then to do so, and so are like Earthly gods that do fuck all to actually help people. That has to be the hallmark of a "real" god, surely?

We then have the Ori that never got the memo on not interfering and rule a whole galaxy by force, gaining power from worship somehow. Surely they must be actual gods, with the power, and the tangible and evidentiary presence?

Then the show goes even more whacky with Stargate Universe, and the idea that the ancients (that ascended later) found a "message from god", or at least some meaningful structure in the background radiation from the big bang. An intelligence at the start of time. Maybe that signifies a (the) real god?

Interestingly, they encounter (or rather don't) aliens that made a solar system and returned some settlers to them (only to re-live how they died?!). Maybe they are gods too?

What really got me, while watching all of this, was not any of these so called gods, they all meet a definition of a "god" in a context, but the acting of the Americans in many places that assumed there is some "one true god", the "in god we trust" crap they have on the dollar - that type of deity. Of all the acting and fiction, the way they talk about one god of one religion on Earth, one of thousands, is what made me cringe and feel it was the fiction is it. Sadly, I think a lot of Americans actually think like that. Oh well.

P.S. Perhaps what I am trying to say here, in any debate on religion, is you probably need to start by defining what you think a "god" actually is, before you can say whether there is a "god", and whether such a "god" is doing its job and/or worthy of any praise.

Thursday, 2 November 2017

Net Neutrality

I am hopefully doing a short piece on this on Saturday on TalkRadio, but my blog gives me a chance to go in to a bit more details.

I have mentioned this before, but now I know a lot more, and I had not fully appreciate that this is law, now. It has been since April 2016, and OFCOM were given the responsibility for enforcing it in June 2016. The law is directly from EU regulation so does not need to be transcribed in to UK law to apply. That also means it may "vanish" when we leave the EU - we have yet to see.

The key part is this: "Providers of internet access services shall treat all traffic equally, when providing internet access services, without discrimination, restriction or interference, and irrespective of the sender and receiver, the content accessed or distributed, the applications or services used or provided, or the terminal equipment used."

There are a handful of caveats, such as complying with a court order or law to block something, or reasonable and necessary traffic management measures. So, for example, we sort of prioritise smaller packets when a link is full to a customer so that services like DNS and VoIP which (unlike TCP) do not easily re-transmit can work well on a full link. This is the sort of thing we can do, and customers actually want. That said, we even allow control of that with settings on our control pages.

But what is this all in aid of? Why have these rules?

The problems are mostly theoretical, in that the worst case scenario is that you have to pick ISP based on which services you want and then have to buy specific packages for different services. One ISP could favour a particular streaming media company and make all the rest slow or block them even. Or they could make access to one service "unmetered" and charge for access to another. All of this counts as "discrimination", or "restriction", or "interference" respective of the sender or receiver.

Basically, that would be bad - a bit like having to choose your electricity provider depending on which brand of TV you use.

Initially when this all came out I was "wow, IPv6 will be mandatory now" and was shot down by people pointing out the guidelines say an ISP is still providing an Internet Access Service if they allow access to "virtually all" end points. The guidelines have one paragraph on this saying they consider an IPv4 only ISP is doing so. But the guidelines do not cover the fact that such an ISP is discriminating such traffic and effectively blocking access to IPv6 only web sites, a separate issue, and, in my view, a break of the regulations. At present the blocked sites are few and far between, or possibly mostly Chinese, but as time goes on it will be more and more of the Internet. At some point this has to count.

I tried to explain this all to someone recently, and they quite sensibly could not see why ISPs would do this, but then the next day Vodafone launched this... "The first big change is the introduction of Vodafone’s new Passes for Pay Monthly subscribers, which means you pay a set fee and then can enjoy “endless” data usage of certain specific apps on your Smartphone (e.g. Facebook Messenger, WhatsApp, Spotify and Viber etc.).". They are not alone as an ISP in Portugal is doing similar.

The key bit there is "specific apps". Note "applications" in the very wording of the regulation! I.e. they are "discriminating" which things will be free to use as much as you like, and which will not be - clearly a blatant breach of the net neutrality regulation that has been in place for over a year!

It seems to me that differential pricing based on sender or receiver or application is exactly the sort of thing that net neutrality is there to stop. It also impedes new entrants to the market that somehow have to get on Vodafone's list for specific packages (possibly even for a fee?).

The real test now is whether OFCOM have the teeth to do anything about it? They have the power, but do they care?

P.S. Thank you Vodafone for launching this now so as to highlight why we need net neutrality - now do the right thing and scrap it so you comply with the law please.