> yes, you could set up your own community gateway and set up your own filtering
> rules on the gateway.. however, this would require some knowledge in
> networking and firewall configuration..

> it's relatively inexpensive as you can just use any old computer as a
> gateway.. install a special firewall linux distribution like
> http://www.smoothwall.org/.. configure it to block everything except approved
> sites..

> then, you'd just need to make sure that all community traffic flows through
> this gateway..

> Patrick, it sounds to me as if you should explain the geographical
> situation (how many computers, how far away) better. It seems that some
> here think of a local network connected to an ISP, which doesn't sound as
> if this was your case.

> Basically, it is the network connection that determines who can access
> what. If you have only a wire to the local gateway (typical in a LAN), then
> that's your only way to connect to the internet. Or if you have only a
> wireless point-to-point connection to the location where the gateway sits,
> then that's again your only way to connect to the internet.

> But if, as you mentioned, every location has their own connection to a
> satellite provider, things get a bit more complex, and you can't easily
> enforce people to access the internet through a gateway of yours: they are
> already connected to the internet through the satellite. (Of course you may
> also buy a corporate style point-to-point satellite link and again route
> all this traffic through your one gateway, but they probably are more
> expensive than straight internet access.)

> Gerhard

> To establish the VNO (Virtual Network Operator):
>
> VNO package includes:
> 1 Protocol Processor “PP”
> 1 Network Management Server “NMS”
> 1 RX/TX Line card
> $nn,nnnn fee
>
> For a small additional fee they can purchase Co-Location space to
> place a Policy router or other equipment needed to provide them the
> content filtering or other routing or filtering they desire.

> On Mon, 2006-06-26 at 21:47 -0300, Gerhard Fiedler wrote:
>> Herbert Graf wrote:
>>
>> > Since the router with VPN is their only connection to the rest of the
>> > internet only physical access can bypass it (unless they manage to hack
>> > the VPN router, possible, but easy enough to secure).
>>
>> I think this may be a downside of this approach. Patrick talked about young
>> boys with technical inclinations... I think it won't be long before one
>> finds out how to bypass the VPN router and hook up a computer directly to
>> the unfiltered internet on the WAN side of the router. Of course, if a
>> password is needed, then this may work.

> Obviously, physically securing the hardware is an issue, but I don't see
> that as a big issue.

>> This is basically the same as the satellite operator offer, with the
>> difference that with the satellite solution, there is no unfiltered
>> internet at the individual locations.

> But a benefit here is cost and ISP transparency. I'm a big believer in
> never setting something up that limits you to a particular ISP. By using
> a VPN solution and your own box you are ISP neutral, if they raise rates
> you can go to their competition with little issue. Cost is a big benefit
> as well since aside from the upfront cost (which isn't trivial, I
> admit), there is only the cost of administration, but can be very cheap
> since there's only one thing to configure.

>>> That was my thought as well. With a bit of web programming on it they could
>>> even update the white and black lists themselves, and have a means of
>>> sending updates around the other similar machines at the other communities,
>>> possibly by email or some form of auto-update.
>>
>> This sounds good - but I'd have some learning to do. I still don't
>> have the big picture yet - how do I get the colonies to access that
>> gateway - and no other? I'll do some more searching.

> My thought was that each colony would have its own gateway - I think that is
> going to be the only way you are going to get the filtering you are after,
> just as each company has their own firewall. A firewall type arrangement is
> effectively what you are setting up.

> Then each gateway connects to a convenient ISP, be it satellite, cable or
> dialup. You then arrange a convenient way of communicating your black and
> white list changes between gateways. This could be as simple as an email
> message to the gateway maintainers to say you have found a certain website
> to be suitable or unsuitable, and they manually update their lists as
> appropriate, to a fully fledged automatic update between gateways, although
> this latter method could result in one community setting a site to the white
> list, while another community sets the same site to the blacklist, and the
> automatic update results in confusion.

> I believe that this can be done by writing a Perl script and running it
> on an Apache server. The script
> could restrict access to acceptable sites and email only. It will have
> to be well-written to prevent bogging
> down the server.

> For those few users, a small server site, say in a home or church could
> do the job, as long as a T1 was
> available, with as few as two UNIX PCs. In essence, people would dialup
> or access that server only,
> and it would provide that service. But in my opinion, such a server
> would do well financially, as the open
> web is a cesspool of filth.

> The reason I say this is that a few years ago, a small office complex
> had its own servers & ISP, and it
> totally rejected porn sites automatically for everyone in the office
> complex, and I saw it work, down in
> a Melbourne, FL suburb.

> Carrying this further, there ARE ISP's that might perform this service
> for you, creating, running and maintaining
> the script, for an extra fee.  Ask around, especially servers that are
> managed by Perl programmers.

> --Bob

> Patrick Murphy wrote:

>>Hi everyone,
>>I have been asked to help come up with a "content-managed" Internet
>>solution for a few dozen Hutterite colonies in southern Manitoba,
>>Canada, and also for colonies in the midwestern USA; a total of
>>perhaps 50 to 75 colonies in North America. The Internet use would be
>>to have access to email and to a specific, limited list of sites.
>>  
>>
> Patrick,

> I read your posts and the subsequent follow-ups with great interest.

> I have a backgroup with a group of Christain 'plain-people' that is also
> seeking to understand how to deal with the internet.   If you are
> interested, I would like to discuss this in greater detail off-list.

> Aaron

> Good advice. I have one site that uses a Direcway "Business Class"
> connection. The throughput is horrible during certain times of the day
> and there are only three users with email at the location.

> Using a VPN connection from there to our main office for certain apps
> is very slow. I believe the nature of the encryption algorithms used
> to make the VPN secure really messes with the satellite equipments
> ability to efficiently compress the data.

> Tim

> Gerhard Fiedler wrote:

>> I'd advise to test anything satellite before committing to it. Satellite
>> internet connections don't necessarily behave like other connections.
>> You're not even allowed to open a VPN channel over some of them.

> Tim N9PUZ wrote:

>> Using a VPN connection from there to our main office for certain apps
>> is very slow. I believe the nature of the encryption algorithms used
>> to make the VPN secure really messes with the satellite equipments
>> ability to efficiently compress the data.

> Hadn't thought of that one. Sounds plausible.

> There's also the fact that many apps you run over VPN are designed for a
> LAN environment with very low latency. So they use many short data
> exchanges in a row -- quick on a LAN, but deadly slow on a satellite link
> with its 700+ ms latency. You can try that with Windows Explorer: barely
> workable over a VPN link between standard broadband locations in the US,
> almost not workable over a VPN link between standard broadband locations in
> the US and Brazil, and not workable if there's a satellite link it between.

> Gerhard

> On Jun 28, 2006, at 10:19 AM, Robert Ammerman wrote:

>> 1) At each colony have the LINKSYS router running LINUX
>>  with the following pieces in it...

> I'll be interested in hearing whether the linux software
> replacements for the linksys boxes include the sorts of
> filtering capabilities that you're looking for.  Open source
> software authors tend to support a political agenda that
> doesn't approve of anything that smells like censorship.
> (unless of course it's censorship of spam!)

> BillW

> Patrick Murphy wrote:

>> I just got off the phone with a Skycasters rep., a Satellite ISP. She
>> told me their latency is 1/3 of the satellite industry average,

> Now that is strange :)  See, the satellite latency is limited by the time
> the signal needs to get to the satellite and back. Since you want to be
> able to point an antenna to the satellite, it has to be a stationary
> satellite. The distance of a stationary satellite is pretty much fixed. So
> the only way she can claim a shorter latency is when she compares a
> satellite that's straight over your head with one that's just a bit above
> the horizon... Don't know where their satellites are, and I don't know
> where the "industry average" satellites are. But "1/3 of the industry
> average" sounds like marketing speak :)  Ask for latency in milliseconds.

> Patrick Murphy wrote:

>> I just got off the phone with a Skycasters rep., a Satellite ISP. She
>> told me their latency is 1/3 of the satellite industry average, and
>> that VPN's, and VoIP are well supported. I didn't ask for the latency.
>> I don't see how VoIP would work well with 700+ ms latency, which,
>> IIRC, I've read is the industry standard for satellite transmission.

> Ask a LOT of questions. I notice on one web page that mentions them
> that for some of their solutions they are re-selling Direcway
> services. Their VSAT service sounds interesting though.

> At 06:53 PM 6/29/2006 -0400, you wrote:
>>Re: VOIP and Satellite:
>>
>>
>>My daughter is on a mission trip in China this summer and calls us via
>> VOIP
>>from her computer to our POTS phone. I assume the link is goinig over a
>>satellite (even if it isn't its still about 12,000 miles+). The latency
>> is
>>very noticable, and irritating, but we are more than willing to put up
>> with
>>it to talk with her.
>>
>>Bob Ammerman
>>RAm Systems
>
> Bob, what's involved with getting that up and running? I just got the cell
> phone bill from my last trip to China, and at a rate exceeding >$10K/year
> it
> would be a bit financially painful to sustain that for a relatively long
> duration... and  my family isn't as comfortable with e-mail as I am, so
> something that interacts with POTS at this end would be very nice.
>
> Best regards,
>
> Spehro Pefhany --"it's the network..."            "The Journey is the
> reward"

> Patrick Murphy wrote:

>>>Ask a LOT of questions. I notice on one web page that mentions them
>>>that for some of their solutions they are re-selling Direcway
>>>services. Their VSAT service sounds interesting though.
>>
>> I want to mention your negative experience with Direcway to them.

> We had seen a demonstration of the system before we bought it so we
> knew what we were getting into. At the time it was the least costly
> alternative. We did not want to pay for a dedicated data line each
> month to serve a few users. The nearest town is about 18 miles away
> and the installation and ongoing costs would have been very high.

>> However, as I see it, the land line, long distance market is rapidly
>> changing. We are paying 4.5 cents a minute to call within Canada, but
>> the competition (i.e. http://www.telehop.com) is offering as low as 3 cents
>> (and only a flat $10 fee for residential!), so how much we should pay
>> monthly for a land-based, broadband Internet connection should take
>> this into account.

> It is a wild business. The one thing is to try and keep capital
> equipment costs low and avoid long term commitments if you can so
> changing as new things become available is easier financially.

> Patrick Murphy wrote:

>> Okay, I will. She did say something about proprietary compression
>> algorithms, but I'll ask her about milliseconds, next time. Lower
>> latency should result in faster uploading and downloading, if a large
>> file was being sent, right? So I could ask each ISP how long it should
>> take to send, say a 100 MB file?

> Latency refers to the amount of time between when a character or
> packet of data leaves your network, travels up through the satellite
> and back to Earth and is put back on the rest of the public Internet
> by the satellite service provider. You will probably notice longer
> latencies more in situations where many smaller packets are sent like
> checking email, filling out web forms, etc. Note that if you are doing
> something where you get a result it takes at least 2 x latency--one
> for your mouse click, etc. and the other for your result to be returned.

> The compression algorithms used are usually more effective when
> sending big blocks of data like files. There's a certain amount of
> "overhead" bytes associated with each packet of data sent. If the
> packet contains only a few characters or a single mouse click there's
> not much to compress. Most humans feel that they have received an
> instantaneous response from a machine or system if they get some form
> of feedback or result in under 100mS. Longer than that and the delay
> begins to become perceptable without actual measurement.

> I would stick to asking for an actual time in milliseconds as well as
> information on how they arrived at the figure. In my opinion the more
> open and forthright they are about their benchmark information the
> higher the probability you would be pleased with the results.

> On our Direcway system no sophisticated measurements are required to
> tell that it is much slower for certain applications like checking
> email. When your connection is through a terestrial network
> downloading a hundred emails appears like a continuous stream where
> they come one after another. Through the satellite connection it's
> readiliy apparent that each one is being received and acknowledged
> individually.

> None of this means you should not use any satellite based system. I
> would look carefully at any claims of my satellite is significantly
> faster than brand X.

> Tim

>>My daughter is on a mission trip in China this summer and calls us via
>>VOIP
>>from her computer to our POTS phone. I assume the link is goinig over a
>>satellite (even if it isn't its still about 12,000 miles+). The latency is
>>very noticable, and irritating, but we are more than willing to put up
>>with
>>it to talk with her.
>>
>>Bob Ammerman
>>RAm Systems
>
> Bob, what's involved with getting that up and running? I just got the cell
> phone bill from my last trip to China, and at a rate exceeding >$10K/year
> it
> would be a bit financially painful to sustain that for a relatively long
> duration... and  my family isn't as comfortable with e-mail as I am, so
> something that interacts with POTS at this end would be very nice.
>
> Best regards,
>
> Spehro Pefhany --"it's the network..."            "The Journey is the
> reward"