Craigslist silently fixes their end in the Cox fiasco

Craigslist silently fixes their end in the Cox fiasco

Summary: What surprised me was the fact that Craigslist never acknowledged any issues on their end yet they fixed it silently after all the smoke had cleared. This is certainly good for Craigslist because anyone who wants to go to their website regardless of any problems with their Authentium personal firewall will be able to do so. But it still leaves one wondering why they fixed it now and not sooner when all the accusations of conspiracy were flying about.

SHARE:

For months, Craigslist had been held up as the poster child for what can happen in a world without Net Neutrality.  That poster child status expired last month when we found out what really happened was a simple technical glitch in a personal firewall from Authentium that Cox offered its customers.  The story that started it all which accused Cox Communications of deliberately blocking Craigslist to bolster their own classified has since been corrected yet the original conspiracy theory had long enough legs to reach the US Senate.

Throughout the ordeal, I tried in vain to get Craigslist to acknowledge their part in this because of the fact that their website was not conforming to best practices which triggered the glitch in Authentium's personal firewall.  The Craigslist website was behaving in an unusual way where it would tell the whole world it was too busy all the time.  Craig Newmark's (founder of Craigslist) position was that the responsibility for the glitch fell solely on the shoulders of Cox Communications and Authentium and that it was up to them to fix the problem.

Authentium had provided a beta fix within days of the original complaint in February but spent the next few months testing the software before it could be released to the general public.  Had Craigslist fixed their servers to behave according to best practice like everyone else on the web, the problem could have been universally fixed for all users with or without updated software from Authentium.  Last month when the final update for Authentium was released, the story finally died down but the actual problem didn't go away since it takes a long time for software updates to propagate to end users.

Yesterday when I was testing a new free network analyzer from WildPackets called OmniPeek Personal, I took a quick look at Craigslist.org and to my surprise it was fixed.  I checked with a few of my colleagues and they verified the results.  What surprised me was the fact that Craigslist never acknowledged any issues on their end yet they fixed it silently after all the smoke had cleared.  This is certainly good for Craigslist because anyone who wants to go to their website regardless of any problems with their Authentium personal firewall will be able to do so.  But it still leaves one wondering why they fixed it now and not sooner when all the accusations of conspiracy were flying about.

Topics: Software Development, Browser, CXO, Networking, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

22 comments
Log in or register to join the discussion
  • Paper tiger

    Yes George, you were right here, but being right about one case, which you persist in making all the case, does not mean you are right on your position on net neutrality.

    So kudos, but have you proved anything - NO. You've just pointed out that the example they gave was wrong. We'll only know the results of breaking Net Neutrality when they do it - all your engineering reassurances aside. In a last hope that you may be able to see a less than absolutist's position, think of programming. All the programmers insist that they've thought of everything (well the dumb ones anyway) until someone finds out a way to exploit or corrupt their work.

    Greed is a powerful motivator and every change brings its own dangers.
    TonyMcS
    • Just answer this one question then.

      Do you think it's right to outlaw the sale of Enhanced QoS? Let's keep it simple here and just answer this one question.

      I've stated my position clear that I DO NOT want to allow the ISPs to be able to block or deliberately degrade any legal services and this is precisely what the more sensible bills that passed the house do. I simply don't want to outlaw the sale of a critical technology. That is not an "absolutist's position" as you want to characterize it.
      georgeou
      • The Elusion gambit?

        George, this "simple question" tactic is an old lawyer trick to avoid the point. It isn't a simple problem with simple answers and that's the crux of the issue.

        The point that TonyMcS is making is that this major change of policy with regard to internet rules opens a complex can of worms; the implications cannot be wholly foreseen and a simple approach is exactly what has taken place.

        The telcos would like it to appear simple so that they can get it rushed through. But rushing it through without building in safeguards to deal with <i>for unforeseen problems</i> will be a huge gift to the telcos and potentially a huge blow to the internet.

        Once through, the telcos will be free to exploit any holes in the legislation. Defeating them will take court cases and new regs, with the telcos whining all the while about over-regulation and government interference.

        And "critical technology"? Critical to whom? This is oversell.

        The shoe should be on the other foot: Enhanced QoS is a proposition that should be more carefully examined before the rules are turned on their head.
        Langalibalene
        • Oh but THAT IS THE KEY point here

          People who are pushing "Net Neutrality" are actually trying to get some very short amendments in the form of Markey in the House and Snowe-Dorgan in the Senate. This is PRECISELY the issue that's being debated here. I support Net Neutrality that seeks to bar ISPs from blocking legal services 100%. The only issue I'm against is the specific Markey and Snowe-Dorgan amendment which explicitly outlaws the sale of QoS.

          Since this is the ONLY point of contention, it's only reasonable that I ask this particular question. Otherwise if Tony or you don't care to defend Markey or Snowe-Dorgan, then we are all in 100% agreement on the Net Neutrality proposals that we don't need these extra amendments.
          georgeou
        • Enhanced QoS is the status quo

          "Enhanced QoS is a proposition that should be more carefully examined before the rules are turned on their head"

          What are you talking about? Enhanced QoS exists in service level agreements today for companies willing to pay for them! It's not some evil new thing that was just invented.

          Since you?re knocking QoS and demanding that I justify it, then you are saying you want to outlaw its sale? But I thought you didn?t want to answer that question.
          georgeou
      • Re: Just answer this one question then.

        [i]Do you think it's right to outlaw the sale of Enhanced QoS?[/i]

        First, what is "Enhanced" QoS? How is it different from QoS? This is the first I've heard this term.

        Secondly, let's say the ISPs do have a right to sell QoS. Doesn't that imply they also have a right not to do? Don't they have a right to apply QoS rules to their own VoIP product and, some day, video product, but deny it to competitors? I mean, if you're going to treat QoS like it's property, the defining feature of property is the ability to exclude.

        Whether an ISP will make more revenue selling or denying QoS is not settled. Would my cable ISP make more revenue by selling QoS to Vonage, or by denying QoS to Vonage in an attempt to marginalize a rival while picking up more customers for its own VoIP product, enhanced by generous QoS rules? The point is, neither of us know what our ISPs are going to do with the "sale" of QoS. Or not sale.

        And we surely don't know if they will add capacity because the "sensible" bills in Congress give away the store asking nothing in return.

        Finally, here's a question for you: Should ISPs be able to deny QoS to any willing buyer?




        :)
        none none
        • I will answer you, but please answer my question

          #1 "enhanced quality of service" is used in section b3 of the Markey house amendment which explicitly outlaws the sale of QoS failed to gain enough votes.

          #2 "Secondly, let's say the ISPs do have a right to sell QoS. Doesn't that imply they also have a right not to do? Don't they have a right to apply QoS rules to their own VoIP product and, some day, video product, but deny it to competitors? I mean, if you're going to treat QoS like it's property, the defining feature of property is the ability to exclude"

          Of course they have a right not to sell it at all. ISPs don?t really need to implement QoS for their own VoIP services since it never leaves their own network so it?s low latency to begin with. ISPs by the fact that you?re directly connected to them are low latency to begin with. There is no way around this. But you?re not getting QoS to Skype, Vonage, Lingo, or other VoIP service providers now so it won?t be any better or worse. As for video delivery, I?ve stated before in my blogs on Net Neutrality that video doesn?t need QoS. Video needs three critical things which is multicasting, caching, and buffers. QoS is not one of them.

          #3 ?Whether an ISP will make more revenue selling or denying QoS is not settled. Would my cable ISP make more revenue by selling QoS to Vonage, or by denying QoS to Vonage in an attempt to marginalize a rival while picking up more customers for its own VoIP product, enhanced by generous QoS rules? The point is, neither of us know what our ISPs are going to do with the "sale" of QoS. Or not sale.?

          Vonage and companies like it operate without QoS today. Local ISPs already have the ultimate advantage in latency when it comes to Voice over IP services, but that hasn?t really allowed local ISPs to dominate the VoIP market. Outlawing the sale of QoS won?t change this one bit.

          #4 And we surely don't know if they will add capacity because the "sensible" bills in Congress give away the store asking nothing in return.

          Please back that up with something concrete.

          #5 Finally, here's a question for you: Should ISPs be able to deny QoS to any willing buyer?

          If an ISP doesn?t sell QoS features at all, sure they can deny it. If they do sell it to the general public, then any willing buyers should be able to buy it.


          I?ve answered all your questions so please answer mine. Do you want to outlaw the sale of QoS?
          georgeou
      • Answer some questions yourself.

        "Do you think it's right to outlaw the sale of Enhanced QoS? Let's keep it simple here and just answer this one question."

        Yes. Simple enough answer for you?

        "I've stated my position clear that I DO NOT want to allow the ISPs to be able to block or deliberately degrade any legal services and this is precisely what the more sensible bills that passed the house do."

        Yet that's exactly what you have said will happen. I believe you said something along the lines of "who cares if a page opens in 2.5 seconds instead of 2 seconds?" That is a tacit acknowledgement that taking bandwidth away from someone to enhance someone else's use of the network is a deliberate and intentional degradation of the service of those who don't pay extra.

        "I simply don't want to outlaw the sale of a critical technology. That is not an "absolutist's position" as you want to characterize it."

        That position seems pretty absolute. The criticality of the technology is dubious, but your position is most definitely absolute.


        I notice that you continually ignore a few problems with your QoS Holy Grail.

        1. QoS exists only as far as the network boundary. To go further, your ISP needs to have agreements with other carriers to honor [b]your[/b] QoS contract. What happens to your QoS if the agreements aren't there?

        2. You blithely assume that some corporate bean counter won't allow, or even encourage the selling of 700% or more of network bandwidth for QoS based on the assumption that the customers won't all be using their quota at the same time. What happens then?

        3. Even if your ISP sells only 50% of their network bandwidth for QoS, what about the provider in the middle? If they can only cover 10% of your ISP's QoS bandwidth due to QoS obligations to other ISPs, what happens to your ISP's other 40%, assuming it also needs to leave the ISP's network?

        4. What happens when the QoS contracts exceed whatever arbitrary network bandwidth limit you pull out of thin air? Is it 'Sorry, your corporation can't have QoS because your competitors bought it all?'


        Try answering some questions yourself.
        Letophoro
        • Sure thing

          First of all, thanks for answering that question even if it is about 3 weeks late from the time I first asked you. QoS is currently being sold to customers and you seek to outlaw that. I simply do not agree with you but that?s just my opinion and you?re entitled to yours.

          I'll answer your four questions.

          "1. QoS exists only as far as the network boundary. To go further, your ISP needs to have agreements with other carriers to honor your QoS contract. What happens to your QoS if the agreements aren't there?"

          Then your QoS is only good within your own ISP. While not ideal, it's better than nothing. I would love it if all the no-charge peering contracts would be extended to no-charge QoS, but that's still being worked on. In the mean time, I'd like the opportunity to buy this more limited form of QoS without the Government telling me I can't buy it. Even if I don't buy it, it's my choice. The biggest factor for most people is the router in their own house. Everyone knows when a family member starts using BitTorrent because it kills the upstream. This is why I use QoS in my own home on my own router.

          "2. You blithely assume that some corporate bean counter won't allow, or even encourage the selling of 700% or more of network bandwidth for QoS based on the assumption that the customers won't all be using their quota at the same time. What happens then?"

          Never mind 700%, ISPs all over the world routinely sell 7000% bandwidth. That's standard practice, but as I've said before I would love to mandate the disclosure of over-subscription ratios. QoS has nothing to do with this.

          "3. Even if your ISP sells only 50% of their network bandwidth for QoS, what about the provider in the middle? If they can only cover 10% of your ISP's QoS bandwidth due to QoS obligations to other ISPs, what happens to your ISP's other 40%, assuming it also needs to leave the ISP's network?"

          First of all, this is not how networks are built. But even if there are enough priority packets in a router?s queue to completely saturate a pipe (which is what you?re alluding to), the router will still allocate most of the bandwidth to non-priority traffic. You can?t build a network that will drop all best effort packets because that network will enrage the majority of your customers who don?t have QoS contracts. QoS is NOT a guarantee on priority, but a better chance to go first. But in this case, you?re obviously not satisfying your QoS customers so you would have to build more capacity if you wish to stay in business.

          "4. What happens when the QoS contracts exceed whatever arbitrary network bandwidth limit you pull out of thin air? Is it 'Sorry, your corporation can't have QoS because your competitors bought it all?'"

          This sounds like a REALLY nice problem to have if an ISP has so many customers that they can?t provide enough bandwidth. If said ISP really did have that many customers, it would be a good time to build more capacity because there is a substantial ROI. Any sensible ISP would be building more capacity if business was really that good.
          georgeou
          • Re: Sure Thing

            "First of all, thanks for answering that question even if it is about 3 weeks late from the time I first asked you."

            I've told you repeatedly from day one that I want all bits to be treated equally. So no thanks are necessary, unless you would care to back-date your thanks.

            Now on to the other stuff.

            "Then your QoS is only good within your own ISP."

            Then what's the point? Unless everything you want to do is on your ISP's network, you might as well not have QoS. I can pretty much guarantee that there is more outside of your ISP's network than is inside. As for your BitTorrent troubles, your QoS ends at your router. Your ISP is not concerned with how you prioritize your network.


            "Never mind 700%, ISPs all over the world routinely sell 7000% bandwidth. That's standard practice, but as I've said before I would love to mandate the disclosure of over-subscription ratios. QoS has nothing to do with this."

            It appears that you have misunderstood the question. Let's try a different tack. Without QoS, an ISP is providing only up to whatever bandwidth cap you bought with no guarantee of getting any bandwidth. That is the oversubscription that you speak of. A QoS contract is different in that it is a guarantee that a certain minimum amount of bandwidth will always be available. Now, if an ISP guarantees 700 people that they each have 1% of network bandwidth, that's guaranteeing more bandwidth than is available.

            For question 3 I believe that I phrased the question poorly. Let's assume a certain portion of your ISP's QoS traffic needs to transit another ISP's network. But, that other ISP's network is so saturated that they can only provide QoS for 1/5 of your ISP's needs, since they of course must provide for their own needs first. Does your ISP continue to charge everyone for QoS even though the other ISP simply cannot provide the QoS?


            "This sounds like a REALLY nice problem to have if an ISP has so many customers that they can?t provide enough bandwidth. If said ISP really did have that many customers, it would be a good time to build more capacity because there is a substantial ROI. Any sensible ISP would be building more capacity if business was really that good."

            Maybe, but nobody has ever complained that any ISP is too sensible. The grand idea driving this whole tiered internet scheme is that the telcos simply want to charge more to use the bandwidth already available. I can see many an ISP saying "Your contract is up, and the auction for your QoS bandwidth starts tomorrow unless you would care to pay us 5 times what you were paying before."
            Letophoro
          • Only if you don't understand QoS

            "Now, if an ISP guarantees 700 people that they each have 1% of network bandwidth, that's guaranteeing more bandwidth than is available."

            Only if you don't understand QoS. It simply doesn't work that way. QoS is NEVER a guarantee on delivery, it's a guarantee on a statistical bump up.
            georgeou
  • Maybe enough people not using Authentium had problems.

    If there was a widespread problem with accessing Craigslist outside of the Cox/Authentium [patch], they would investigate and fix it. I had no problem accessing Craigslist when I heard of the blockout, [url=http://www.zdnet.com/5208-11474-0.html?forumID=1&threadID=21737&messageID=413670&start=-38]and some Cox users were still able to access them by not using Authentium.[/url]

    Apparently, Craigslist had heard of enough people not using Authentium having trouble accessing them to proceed with the fix.

    Or maybe they were just blocking *you* out. In that case, I'd say they had every right.
    Mr. Roboto
    • Neither George nor others who worked on this were blocked

      I should know, I was one who of those additional people who verified the claims.

      Everyone who worked with George could see the website, they just got the Window ACK size of 0 which means that the site is busy.

      Infact, I haven't heard of any Cox customers who were actually blocked. But I am sure some existed.
      nucrash
      • You were also one of the people ignored by Craig

        Both of us asked Craig about this and he kept dodging the issue.
        georgeou
  • What a distraction! Tiered & bounded internet is about CONTROL

    This is such a red herring. I wish ZD Net would talk more about the real issues of control and power that underly the discussion of "net neutrality" vs "tiered." It's not just a question of free vs. pay. I have no problem with paying for services, and that's how the tiered internet people describe the problem. But it's an incredibly slippery slope that will rapidly lead to giant walls around information, snooping of data based on type, and enhanced controla and monitoring. Exactly the sort of network you DON'T want to be using every day. Please, let's talk about the real issues here and drop this silly story.
    FlexMobileFan
    • Fine, let's talk about the issues

      Tell me what Net Neutrality proposal you want to back.

      Is it the Markey and Snowe-Dorgan amendments?

      If so, explain to me why you want to outlaw the sale of QoS.
      georgeou
    • What is the slippery slope?

      Am I understanding your argument correctly? You seem to be saying that (1) tagging some packets for QoS and others for not-QoS identifies packets in ways not related to reassembling packets at the other end, a precedent for (2) tagging some packets as Approved vs Unapproved, or Safe vs Run-This-User-Thru-TIA-From-Now-On. Leaving aside questions of whether Our Glorious Enforcement Bureaucracies deserve such distrust, is that the slippery slope, or am I misunderstanding you?
      TJGeezer
  • Hey George...!

    First: How long do YOU think testing is necesarry?

    Second: How about a proper preparation for testing?

    Try to write your 'own' testspecification, with all branches covered (you'll need their specifications for it).... And execute it...

    Then make a comment about why it took them so long (6).
    Arnout Groen
    • Don't understand your question

      I do not understand your question.
      georgeou
      • I?ll rephrase,

        How long do you think testing is necessary?

        It?s just a general question, but it is minor lesson in learning what testing is about and why it takes so long?

        A simple basic rule is that time needed for testing takes 2.5-3 times longer than the time necessary to build something. So, if a developer needs a week to build a component for a service, it takes 3 weeks of testing!
        In the ideal situation, testing preparation starts when the developer begins building an application. In reality however, testing preparation starts usually when the build process is halfway thru.

        About writing your own test specifications with all branches covered:

        Step 1: Acquire (Interface) specifications or the use case from the developer or business analyst
        Step 2 A: Read the specs and mark specific variables.
        Step 2 B: Give formal comment about the document(s) and/or ask for clarification
        Step 3 A: Write down specific situations you?d like to test with each variable.*
        Step 3 B: Write down the expected output for each specific situation
        Step 4: Now write a test document about it. (This can be done at the same time with step 3).
        Step 5: Ask a colleague to give comment about your document. This is called a peer review.
        Step 6: Use the comment, given in step 5, to improve your test document.
        (Step: prepare input files needed for specified situations)
        Step 7: Execute your script
        Step 8: Compare the output of your script with the result
        Step 9: Write a report about the result, including your advice. GO /No GO
        Step 10: If the advice is positive, the program will be deployed.

        Note: There are several methods for testing specific situations. For more information, have a look here www.bcs.org/ or here http://www.bcs.org/server.php?show=nav.5732 for a general idea.

        Now, be a good boy and do your homework ;-) And if you're lucky, you may write that it takes to long.

        And if you'd like a peer review: arnout.groen@squerist.nl
        In that case: don't forget to include the developers specs.
        Arnout Groen