Print Story My Life as a Web Nazi
By Phil the Canuck (Mon Oct 20, 2008 at 06:56:46 AM EST) (all tags)
Filtering the undesirables.

It's been suggested in various places I frequent that my joy at having set up a filtering proxy here at work is a crime akin to slaughtering millions of people.  At least two people have used the word Nazi.  Without going into the common misunderstanding of what the Nazis were or the dilution of the word's meaning in modern times, I would like to defend myself.

We've needed one here for a long time.  Our internet T1 would get nailed to peak usage by 9:05 or so, and stay like that until well after I left.  It was annoying as hell for anyone using the internet for real work.  People were throwing away their office radios in favor of streaming media and the like.  We found instances of heavy P2P usage, which stressed our router as well as sucking up bandwidth.  People were using web mail to conduct business, a violation of company policy and probably the law of the land.

With the new phone system our two largest sites got 4Mb fiber connections that share both phone and data duties.  While this seems like a big bump, given the change to network structure it's actually a lot less.  Before, internal data came in to the main site behind the internet T1.  Now it comes in through the same pipe.  By the time I raised concerns over this (The Boss just figured 4 is better than 1.5, without considering the RTP and internal traffic issues) the deal was done.  We did have time to add a filtering proxy service into the mix.

Before Friday, when I put the filter in place, the internet would become nearly unusable at the same old 9:05.  Call quality complaints were regular occurances (although most turned out to be user or remote end issues, some were legit), at least a few per day.  QoS only takes you so far when your staff is streaming the world to their desktops.  It's too soon to call it official, but there have been no reported quality issues in almost 1.5 days of work.

What is official is the massive drop-off in internet usage.  I haven't been strict by any means, only blocking what I perceived to be the biggest bandwidth hogs and security threats.  Want to visit eHarmony?  Knock yourself out.  Good luck in your new career.  Want to download some new screensavers or download the crapware du jour?  Piss off.  Want to stream your favorite radio station to your desktop?  Too bad.  Want to watch last night's Survivor?  Get a DVR.

Don't give me the lecture about reliability of services, either.  Yes, we're a small IT shop working with relatively small amounts of resources.  We do an outstanding job though.  We're talking five nines here.  There's no reason for anyone to be tossing client data around Yahoo when our Exchange server hasn't had an unplanned outage in over two years (knock on wood).  Our email is probably more reliable than your webmail (and we offer webaccess for those people that feel the need to get in from anywhere).

Sometimes it's needed.
First they came for the Survivor viewers by georgeha (4.00 / 1) #1 Mon Oct 20, 2008 at 07:13:30 AM EST

Don't give away my plans... by Phil the Canuck (4.00 / 1) #11 Mon Oct 20, 2008 at 08:22:21 AM EST move everyone into an internet ghetto.

You're gonna move them all to K5? by wiredog (4.00 / 1) #14 Mon Oct 20, 2008 at 09:08:14 AM EST
That'll make Rusty happy.

Earth First!
(We can strip mine the rest later.)

We should tell them by StackyMcRacky (4.00 / 1) #18 Mon Oct 20, 2008 at 10:21:24 AM EST
how much Rusty appreciates photoshopped pics of his wife.

How's clock with that? by marvin (3.00 / 1) #20 Mon Oct 20, 2008 at 10:30:47 AM EST
I foresee a Stackina series in the future. Or would that be McRackina?

[ Parent ]
Clockina by ambrosen (4.00 / 1) #22 Mon Oct 20, 2008 at 11:10:18 AM EST

he'd be the first one to submit a photo by StackyMcRacky (4.00 / 1) #24 Mon Oct 20, 2008 at 11:45:39 AM EST
and would also laugh the loudest.

Plspostpixkthxbye by marvin (2.00 / 0) #25 Mon Oct 20, 2008 at 11:56:10 AM EST
Since he has access to the real Clockina, the use of Photoshop should be unnecessary.

Filtering. by blixco (4.00 / 2) #2 Mon Oct 20, 2008 at 07:14:52 AM EST
We just added a pretty basic filter to our network, and when I added "television and media" to the filter, it filtered

I already have an image problem being a gun-toting lefty liberal elitist in a government contractor office, but when I started to block The Truth?  OMG.

I whitelisted news sites, and everyone is almost willing to trust me when drudgereport gets blocked.

Now I can't buy credibility here.  Which is fan-fugu-tastic, since it means my network is running better and the crazies all hate me anyway.

Please by Phil the Canuck (4.00 / 2) #7 Mon Oct 20, 2008 at 08:15:21 AM EST
I'm Canadian.  Everybody already thinks I'm a communist.  

Well, if you were a Socialist by wiredog (4.00 / 2) #15 Mon Oct 20, 2008 at 09:09:06 AM EST
You'd be George W. Bush.

Earth First!
(We can strip mine the rest later.)

You Web National Socialist, you by marvin (4.00 / 1) #3 Mon Oct 20, 2008 at 07:15:24 AM EST
Would that be a better thing to call you then?

I hate streaming internet radio in the workplace. Useless waste of bandwidth. Given your situation, I'd have done the same, but maybe even moreso - I wouldn't see much need for eHarmony or Monster.

Streaming radio by ad hoc (2.00 / 0) #5 Mon Oct 20, 2008 at 08:02:13 AM EST
wouldn't be so popular if there were something available over the air that was worth listening to.

The three things that make a diamond also make a waffle.
Roll yer own by marvin (4.00 / 2) #6 Mon Oct 20, 2008 at 08:06:45 AM EST
I hear that some bright people invented some handy devices the size of a deck of cards. Reportedly, they allow one to carry hundreds, if not thousands of hours of music which is of superior quality to radio or streaming broadcasts, and they do not require any corporate bandwidth to operate.

Most radio sucks, but it's not like streaming internet radio is the only alternative. It has no place in a corporate environment with shared bandwidth.

[ Parent ]
I'm not disagreeing with you by ad hoc (2.00 / 0) #13 Mon Oct 20, 2008 at 09:03:23 AM EST
I'm making an observation.

But by rolling your own, you will only ever be exposed to things you already know. There are a bunch of things I'd never heard of if I didn't listen to RP from time to time. Yoshida Brothers and Rodrigo y Gabriella, to name just two. You'll never hear them on broadcast radio.

When I'm at my client's office, it's my stuff only, if I listen to anything at all. But at home (where I usually work), I mix it up. Mostly RP and Antioch (which isn't available anywhere else). and sometimes SomaFM Secret Agent, although their playlist is kind of short to listen to for too long. And, rarely, some others I find on Shoutcast.

The three things that make a diamond also make a waffle.
Radio by Phil the Canuck (2.00 / 0) #8 Mon Oct 20, 2008 at 08:15:51 AM EST
Most people were streaming local radio stations, or Sirius/XM.

[ Parent ]
That was meant for ad hoc by Phil the Canuck (2.00 / 0) #10 Mon Oct 20, 2008 at 08:21:28 AM EST
I was supposed to be telling you that the eHarmony/Monster thing isn't about need, it's about me not giving a rat's ass.  those aren't causing us (IT) problems.

[ Parent ]
T'was already clear by marvin (2.00 / 0) #12 Mon Oct 20, 2008 at 08:30:03 AM EST
I only mentioned it as a means of indicating that I am more of a control freak than you are.

Much much more.

Streaming local radio?!?! by ad hoc (2.00 / 0) #16 Mon Oct 20, 2008 at 09:12:37 AM EST
They wanted to save desk space by Phil the Canuck (2.00 / 0) #17 Mon Oct 20, 2008 at 09:32:20 AM EST
They got rid of their radios.

[ Parent ]
tragedy of the commons strikes again -nt- by clover kicker (2.00 / 0) #21 Mon Oct 20, 2008 at 10:44:03 AM EST

I stream broadcast TV. by ambrosen (2.00 / 0) #23 Mon Oct 20, 2008 at 11:11:27 AM EST
But not live, as that would mean I'd have to pay for a TV licence.

[ Parent ]
Out of interest, by komet (2.00 / 0) #4 Mon Oct 20, 2008 at 07:57:42 AM EST
how much do you pay for an Internet T1? That kind of speed has been unmarketable here for some time.

T1 by Phil the Canuck (2.00 / 0) #9 Mon Oct 20, 2008 at 08:19:51 AM EST
When last I checked we were paying $450/month for a full T1.  It wasn't so much the speed, as we have no legitimate need for that kind of bandwidth.  It was about the SLA and ability to host our crap in-house.  This is Buffalo, remember, not exactly the place for cutting-edge infrastructure.  We had delays on our phone system because they had to run fiber for our 4Mb connections into the neighborhoods.  It was T1 or business DSL/Cable, pretty much.

[ Parent ]
Buffalo isn't the cutting edge? by wumpus (2.00 / 0) #26 Mon Oct 20, 2008 at 01:25:28 PM EST
Why not? Last I heard, electricity was cheap, cold was free (usually), the ground stays put, and hurricanes don't drop by.

It might make sense to have a few days supplies for the odd "bury the whole building" snowstorm, but Buffalo has to be one of the perfect places for datacenters.


[ Parent ]
You'd think so by Phil the Canuck (2.00 / 0) #27 Mon Oct 20, 2008 at 02:03:56 PM EST
Although the cheap power is sold off to NYC, and the power infrastructure is abysmal anywhere but downtown.  Add to that the general economic malaise in the region and there is little incentive to deploy expensive telecom equipment that may never be used.

I am totally with you by StackyMcRacky (4.00 / 1) #19 Mon Oct 20, 2008 at 10:25:59 AM EST
I know a place that was about to order a 3rd T1 (due to traffic loads!) until a certain network admin started monitoring traffic.  He then blocked all streaming media and as if by magic, the network traffic dropped by 75%. 

I think I'd probably beat that by Phil the Canuck (2.00 / 0) #28 Mon Oct 20, 2008 at 02:08:14 PM EST
I'm seeing a 50% drop at peak times, but that traffic includes all of our internal WAN, website, and email stuff.  My gut tells me that's likely over 90% of our internet traffic gone.  It wasn't like there was a mystery as to what was causing it.  The Boss was giving speakers to people last year without telling me, so they could stream their radio stations.  Then I threw a fit and he realized what he'd done and sent an email banning the practice (which only served to tell more people that they were able to stream media and...). 

Frankly, that's a bullshit analogy. by ammoniacal (2.00 / 0) #29 Mon Oct 20, 2008 at 11:21:07 PM EST
Everyone knows that Token-Ring networks were a major tenet of National Socialism, and I seriously doubt you're using a Token-Ring network, right?

"To this day that was the most bullshit caesar salad I have every experienced..." - triggerfinger

I thought all the tolkein-rings were deactivated by Imperial Mince (4.00 / 1) #30 Mon Oct 20, 2008 at 11:47:34 PM EST
after that one ring got dropped in mount doom

This space reserved for whining like a little bitch and being sanctimonious.
Ah by Merekat (2.00 / 0) #31 Tue Oct 21, 2008 at 12:22:18 AM EST
Classic implementation of a "look, just don't take the piss and make me have to do this" policy.

Yep by hulver (2.00 / 0) #32 Tue Oct 21, 2008 at 07:04:28 AM EST
I'm thinking I might need something like that here.

I was standing over the shoulder of one of the senior developers looking through some code, when up popped from his task bar a little balloon. "Finished downloaded lost s3ep1" or something of that nature.

And here was me wondering why our network was dog slow. 
Cheese is not a hat. - clock
There is an old axiom by MohammedNiyalSayeed (4.00 / 1) #33 Tue Oct 21, 2008 at 07:18:41 AM EST

about giving an inch and taking a mile that is appropriate here. Left unchecked, any number of privileged white folk in any given workplace will start to take as granted the resources with which they dick around rather than do their jobs.

If they want to complain, you could always start charging them by bandwidth use, deducted directly from their paychecks. You want to use bit torrent all day? Congratulations! You know that paycheck you normally get? We're keeping that, and you now only owe us 37 dollars for the week.

You can build the most elegant fountain in the world, but eventually a winged rat will be using it as a drinking bowl.
My Office Has a Caste System by CheeseburgerBrown (2.00 / 0) #34 Wed Oct 22, 2008 at 10:11:54 AM EST
We have a fairly rigid caste-based filtering system at work in our offices here. Basically, if you work in a cubicle you can't do jack except use corporate e-mail and surf non-naughty, non-bandwidth intensive Websites, and FTP to a whitelisted group of known hosts.

If you work in an actual office or in the open concept area, you can do whatever you want -- streaming South Park, porn, BitTorrent, HuSi, instant messaging, video chat -- because it means the boss thinks you're cool.

This two-tiered system is generally described as grossly unfair, shamelessly elitist, a waste of resources, and bad for morale.

(But, of course, it's only the people out there in the cubicle farm who make such comments.)

I am from a small, unknown country in the north called Ca-na-da.
*shrug* by duxup (2.00 / 0) #35 Thu Oct 23, 2008 at 09:04:44 AM EST
You gotta do what you gotta do.    We went thru three phases of filtering at my workplace. 

Independent company during the .com days:  I don't think the IT guys even knew what P2P was, the network was open as it could be.  I played Quake 3 all night every night for a while.

Bought by some idiots:  Web filtering that was as random as it could be, some days the filter was working some not.  When it was working what was filtered and not was entirely random.  Some days web-email was blocked, some not.  Oh did the site include the word knife?  No you can't see that, category: weapons.  Oh yes you can surf a major gun manufactures website...  Oh here is an e-mail complaining to me in a very stern and misspelled memo from IT telling me that I (and "you people") call long distance too much, despite that being my job.

New West Coast Company: Fuck it, you're all adults and we have bandwidth.  Just don't be an idiot.  Enjoy your TV sites and all.  Except XboxLive and games!  No duxup when you bring your 360 in on the weekend it won't make it thru the firewall.  (I haven't actually asked about that, just seems like one of those can of worms things).

My Life as a Web Nazi | 35 comments (35 topical, 0 hidden) | Trackback