…and around it goes

I usually stay away from discussing politics on my blog that do not relate to privacy, however a recent article on The Drudge Report is rather interesting. Regardless of where you stand politically and/or on the Health Care debate, if what is written is true then it’s a bit troubling to see ABC News pulling a Micheal Moore. There is more than one side of an issue, even if you may not agree with it.

In the effort towards full disclosure:

Politically I try to remain neutral and evaluate each issue independently. However, I suppose that due to my strong belief in personal freedom and privacy, along with my belief that big government just breeds bigger and more inefficient government, and that spending is something to track carefully so that you remain within a workable budget, that I may learn somewhat conservative/libertarian.  I am a registered Libertarian, it seems to fit best, although I do not agree with all of their beliefs.  I view extremism at any end as bad.

As for this particular debate, I’d love to see money we effectively waste elsewhere covering the health issue, health is important and costs are out of control.  I’m paying $700 a month to cover myself and my daughter and each year that premium goes up as do the copays and the coverage goes down along with the caps.  My taxes also go up with me seeing little in return.  That angers me.

Yet I also see how poorly the government handles health care where they already handle it (medicare/veterans administration/etc).  I also know as a business man that just throwing more money that you don’t have into a broken system has only one result, bankruptcy.
Idealistically, I’d love to see good government run health care that resulted in me and my family covered well at less of a cost.  Realistically, I fear we’ll get less and pay even more.

These issues continue, our proxies cannot access s.ytimg.com and we are getting nowhere with Google on the matter.  However, I have come up with a transparent workaround over the holiday weekend.  Basically, I’ve routed around the problem.  As a result, all proxies should now be working with YouTube.  We are still pursuing a direct fix with Google, but as with any large site it is difficult to get past the auto-responding scripts and first level support to reach someone with the technical knowledge to understand the issue and help find the resolution.

Well, the YouTube issue with loading s.ytimg.com worked for a couple of days after Google looked into it, now it’s back to not working again.  Another ticket submitted.

Both issues appear to be resolved. Our provider took care of the abuse issue and MySpace unblocked and although I have no official word yet, Google appears to have fixed the problem with youtube video and loading from s.ytimg.com.

I apparently made it past the auto-replies and level 1 support. I received a response and an explanation from MySpace. Due to unaddressed abuse they’ve blocked a /18 and caught one of our proxies in it. The ball is apparently in our provider’s hands to address the abuse, my ticket now moves to them (update: They responded that they are working on it).

In other news, Youtube is apparently having difficulty. This affects all proxies. It appears to be a routing issue inside Cogent to the YouTube demarc. YouTube apparently acknowledges the issue as a HD content problem on their web site and claims to be working on it, though I have not heard directly from them (I connect the HD to this because forcing youtube mobile works fine).

It is also near impossible to find meaningful contact at youtube (I think they are too busy with intellectual property issues, lots of contact points for that), and we’ve been around the block with Google before over a blogger.com block that went on for while, someone from EFF offered help and then it mysteriously resolved, so it will likely be a hoop jump until my ticket ends up with someone who understands it. However, it is very reproducible, so I hope their engineers see it soon anyway…or Cogent’s engineers…whomever turns out to be the responsible party here. Our provider has also submitted tickets to both.

Traceroute info for interested parties below. From one of the affected proxies to s.ytimg.com, which is where the YouTube issue lies:

traceroute to static.cache.l.google.com (208.117.252.23), 64 hops max, 44 byte packets

2 be-10-203-cr01.chicago.il.ibone.comcast.net (68.86.89.233) 1.230 ms 1.107 ms 1.030 ms
3 pos-0-0-0-0-pe01.350ecermak.il.ibone.comcast.net (68.86.86.34) 1.516 ms 1.941 ms 1.372 ms
4 te8-1.ccr02.ord03.atlas.cogentco.com (154.54.10.253) 1.159 ms 1.158 ms 1.150 ms
5 vl3498.ccr02.ord01.atlas.cogentco.com (154.54.5.1) 1.280 ms
vl3499.mpd02.ord01.atlas.cogentco.com (154.54.5.9) 1.236 ms
vl3498.ccr02.ord01.atlas.cogentco.com (154.54.5.1) 110.742 ms
6 te2-2.ccr02.mci01.atlas.cogentco.com (154.54.25.77) 98.764 ms
te4-3.ccr02.mci01.atlas.cogentco.com (154.54.6.201) 186.013 ms
te7-4.ccr02.mci01.atlas.cogentco.com (66.28.4.33) 187.062 ms
7 te8-4.ccr02.sfo01.atlas.cogentco.com (154.54.24.117) 245.207 ms 165.204 ms 203.756 ms
8 te4-4.ccr02.sjc01.atlas.cogentco.com (154.54.2.138) 167.668 ms 169.031 ms 212.580 ms
9 te7-4.ccr02.sjc03.atlas.cogentco.com (154.54.6.102) 144.196 ms 171.553 ms 216.095 ms
10 * * you-tube-llc.demarc.cogentco.com (38.101.188.170) 63.163 ms !X
11 * you-tube-llc.demarc.cogentco.com (38.101.188.170) 62.842 ms !X *
12 you-tube-llc.demarc.cogentco.com (38.101.188.170) 62.778 ms !X^C

Round three with myspace support appears to be silence. No response at all, I guess that they meant it when they basically said that they ignore all things they can’t duplicate. This means those of us with IP related issues are SoL.

So I fired off two more messages, another to support to trigger a new ticket and one via an online form I found when I set the User Agent string to a string myspace took as a WAP/Mobile device.

Changing the User Agent string to “Mozilla/4.0 (compatible; MSIE 6.0; www.cotse.net)” made MySpace believe it is a mobile device. When I did that I got this:

Unauthorized IP
You are trying to access Myspace Mobile from an unauthorized IP. If you have any questions or are seeing this message in error please go to http://www.myspace.com/index.cfm?fuseaction=misc.contact

This seems to show that MySpace is deliberately blocking this IP address, but why do so with a 302 redirect to Google for anything it doesn’t think is a mobile device? I included this information in my latest two support submits.

I think because these are technically two new tickets, I’ll call them round 1.1. It’s now wait and see.

I was not too surprised at receiving this:

“Thank you for contacting MySpace Customer Support regarding this issue.  After researching the issue further we were able to confirm that it is working properly for us on our end, therefore, this issue cannot be supported any further by us.“

Of course they cannot duplicate it, it is specific to originating from one of our gateway IP addresses.  Just that address that we can so far see, we cannot duplicate it on the other gateways we offer.  I won’t even get into the “why is someone playing with redirecting traffic from a privacy service proxy” yet and assume it’s still just in error or perhaps abuse handled unofficially.

So I started thinking, and realized that perhaps the issue was a control header I was missing.  One I left out in telnet that we also strip with our proxy.  A quick trip to web-sniffer.net was an easy way for an old memory to quickly get control headers to paste.   So I got headers that I knew worked with myspace from a quick jaunt using web-sniffer.net to Myspace, which returned the proper result.  I then logged into the gateway having the issue and launched telnet, typed the get and host, then pasted in the control headers one at a time with a [crlf] and got this (I sent them this output):

telnet www.myspace.com 80
Trying 63.135.80.46…
Connected to www-lb.myspaceweb.akadns.net.
Escape character is ‘^]’.
GET / HTTP/1.1
Host: www.myspace.com
Connection: close
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept-Encoding: gzip
Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7
Cache-Control: no
Accept-Language: de,en;q=0.7,en-us;q=0.3
Referer: http://web-sniffer.net/

HTTP/1.1 302 Found
Date: Fri, 15 May 2009 06:17:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Server: 3d62cc62080f32f4a700d4f1831f6894af9ce549b07733dc
X-AspNet-Version: 2.0.50727
Location: http://www.google.com
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 138
Set-Cookie: NSC_mc_xxx-tqmbti_80=441327433660;expires=Fri, 15-May-09 06:21:07 GMT;path=/

Again their server returns a 302 redirect to google.  I guess control headers are not the cause.  It appears to be IP specific.  So why is traffic from this proxy being redirected by their cluster?  Did MySpace configure this specifically because one of our users did something they don’t want?  If so, why not contact us first so we can deal with the user? Or why not direct to a page on MySpace explaining why the deny?

Is it an error somewhere in their config?  Were they compromised somehow and someone is testing on an inconspicuous privacy service?  Will they focus completely on the fact that I wasn’t thinking clearly and left the web-sniffer referer in my paste, go to web-sniffer.net, try myspace, and tell me they still can’t duplicate it and it works fine from web-sniffer?

Onto Round 3…

This issue is that myspace is serving a 302 redirect to all traffic exiting one of our freebsd gateways.  Their first response has been to blame a virus on my machine.  I sent this in reply:

# telnet www.myspace.com 80
Trying 216.178.39.11…
Connected to www-lb.myspaceweb.akadns.net.
Escape character is ‘^]’.
GET / HTTP/1.1
host: www.myspace.com

HTTP/1.1 302 Found
Date: Fri, 15 May 2009 05:47:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Server: c7778687c872ed52ea207c004910eb4f0b31131f60eacd5d
X-AspNet-Version: 2.0.50727
Location: http://www.google.com
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 138
Set-Cookie: NSC_mc_xxx-tqmbti_80=447b24653660;expires=Fri, 15-May-09 05:49:28 GMT;path=/

This clearly shows their cloud serving the redirect.  I’ll bet their first level support doesn’t understand it.  Let round two begin…

It’s always something, today I found out that myspace is redirecting all users from one of our gateways to google.  It’s not a DNS thing, either, their web server pool is serving the redirect.  I put a support request into myspace to find out why.  Perhaps some user was abusive, still I’d prefer they contact us so we can deal with the user rather than just shutting off access to thousands the way they have.  More as I know more.

This is a little scary for privacy.  It was bound to happen, everything is getting smaller in the move towards nanotech, but still scary none-the-less.  Imagine a spec of dust able to transmit your position everywhere.  I know the “I’ve got nothing to hide, I welcome all my privacy being stripped” folks won’t care, but the rest of us certainly do.  Even though I don’t do anything criminal, I don’t want to be able to be found at all times by anyone looking, especially if there are certain people I am ducking (”you told me you had to work and couldn’t help me shop, why are you at your fishing spot?”  I can’t think quick enough to answer that one).