Posts by Henry Wertz 1

Pricey!

Looked great until I got to the price. I can't see plunking down like $2000 on a computer. Oh well.

Our state made good use of that!

Our fine state of Iowa made fine use of the Covid relief funds they received! They spend it on non-Covid-related IT spending. Not even good spending, they blew it on some vague cloud services contract for possible future use. Not even under the table, the governor basically bragged about how clever they were to figure out a way to divert the funds.

edit: Oof, didn't realize this article was almost a week old! Oh well.

Sounds OK to me

Sounds OK to me. Unlike Linux, where (other than systemd steadily borging things that have been the same for decades), it kind of builds on that UNIX tradition, and the newer tools build on that, and so on; a UNIX admin really could probably warp to present day from like 1990 and not have too much trouble finding their way around (and even administrating) a modern-day Linux box; don't get me wrong, the modern user can point out "Hey, there's an easier way to do this now" (the 1990-era user will be using command line tools, where there's now also GUI tools that under the hood are using the same command line tools to actually get the job done).

Windows? They love to move things around, change how things work (both internally and in terms of setting them up), deprecate features, sometimes without a full replacement in place, and so on (OK, I'll phrase it positively.. they love to "innovate"), so I do think a 1-year recert makes sense, and free instruction to keep people up to date is nice.

"I've wondered does Google pay TV makers and eink reader makers and auto systems money to use Android, or is it just some manager in a company thinks it's a better idea than vanilla Linux?"

I don't know, but I think it's usually some manager. I think in fantasy-land, they see all those apps that are on the phone, and think Hey! Look at all those free apps, wouldn't it be nice to have some of those on the eink reader or (god forbid) auto system. (Of course, the answer to that question is "no, it wouldn't be nice", and secondly that a lot of those free apps are not going to be free when they are being commercially embedded into your product, as opposed to an individual downloading them through Play Store.)

As for this Android IoT thing... in addition to Linux, and (I guess if you're twisted) that Win10 IoT thing or whatever, I would guess (given the product getting the axe is apparently slimmed down Android) you could probably get some variant of LineageOS (formerly CyanogenMod) on there. (In general, they specialize in porting newer android versions to phones that the phone developer has dropped support for... so, lazycorp only shipped Android 7 for your phone? Here, put on LineageOS equivalent to Android 9, enjoy! So I assume, if there was any demand whatsoever, they could probably ship the Android iot-style version too.)

Greasy. Double greasy.

Kind of greasy to offer a free service for the life of the printer, then rescind it. But, I do see companies offer a free service, realize it's going to cost them, then rescind it all the time; and in this case, it is costing real money when they have to send out ink (as opposed to some free services where the cost is the 0 incremental cost of running some services on a server that's already there.)

But auto-enrolling in a pay plan? GREEEAASY. I think at least in the state I live in, this is also illegal.

Targeted how?

So, do tell, if my RCS communications are end-to-end encrypted, what are they going to use to target targeted ads? Second, at least in US, virtually all sms advertising is illegal, and I doubt the courts will accept some "well, yes, it appeared in the text app but technically it's RCS not SMS carrying the text." The disadvantage (for them) from getting this baked in as a text replacement rather than yet another messaging app.

Yes and no, and ARM chromebook

Yes and no -- yes you do have this kind of DRM on the Mac, the fanbois saying they don't... I don't know why they're saying this. I have a MacOS VM, and it sure does have some DRM involved (signed binaries). That said... it's not like on some stock iphone or something where it's fully blocked. You can download an unsigned app, double click on it, it will not run, it says it's not signed and does not let you run it from that dialog box. But right click on the app and pick "open", then it gives a mild warning about it being unsigned and you can go ahead and install and run. (My guess is that this is stuck into the macos GUI and does not apply at all to UNIX-style running homebrew etc. to add UNIX apps to the system.)

Regarding CrossOver wine, the reason it's not 64-bit windows intel binaries running is (per Wine FAQ) due to an ABI incompatibility; windows guarantees some particular 64-bit register is not overwritten, macos does not make this guarantee so any app that assumes this register will not be clobbered will not work.

Interestingly, on this Chromebook I used (Acer Chromebook 13, a Nvidia Tegra K1 -- 2.1ghz quad-core ARM + 1 low-power core, and video about equal to a GTX 650, including working CUDA.) I threw Ubuntu onto that off an SDCard (16.04, but I got it upgraded to 18.04 with working nvidia drivers and CUDA still by holding back kernel and about a dozen interlocking xorg packages). Under qemu, you could actually run 32-bit and 64-bit Windows apps -- I installed qemu-static-x86-64, added i386 and x86-64 architectures for ubuntu packages, installed wine and it pulled in all the i386 (for 32-bit windows apps) and amd64 libs and stuff, installed it, and I could run some Windows apps -- both 32-bit and 64-bit, but the problem being only single-threaded apps -- due to ARM having weaker memory consistency than x86-64 and qemu not dealing with it at least then, multi-threaded apps did not work at all. Also ran a (binary-only .deb) driver for this canon printer that worked a treat through it (spent about 2-3 seconds CPU time per page, but that's way faster than the printer anyway), and had android devleopment toolkit running (mostly java, but the x86-64 helper apps it runs during builds and stuff worked fine, these miscellaneous apps only added about 5-10 seconds to a 10 minute build process for a rather chunky app.)

Scott Adams and personality cult

"Nearly half of the US willingly voting for Trump is one hell of a wetware hack. Even the once loved Scott Adams has gone from Pro-Trump (in a psycho don't-care-who-dies kind of way) to claiming that the US election was a coordinated nation-wide sham"

Yep, it's like some kind of personality cult. I don't get it at all; nutjob Trump lies, and like 40%+ of the population eats it up, and I mean like ridiculous North Korea Kim Jun Un type claims. He's claimed multiple times he knows more than scientists who are experts in their fields, and these people believe that. He's falsely claimed the economy is in the best shape it's ever been, a bunch of these people voted for him because they believed it despite the huge number of people out of work, stores closed and going out of business etc.. (obviously, with this Coronavirus outbreak the economy would not be in top condition no matter who was in office, but it's beyond ridiculous to claim it's in the best shape ever.) He's falsely claimed that coronavirus is under control thanks to his actions, despite the statistic being worse than they've ever been, and people have believed it! (Of course his "actions" have been to tell people they don't have to wear masks; get coronavirus and spread it throughout the white house; block the CDC and slow down the Coronavirus task force to a dead halt; argue with experts that he knows more about medicine than they do; and take credit for "operation warp speed", with the implication that drug companies would not be working on vaccines if he hadn't come up with the idea.. ok fine if he wants, I'll give him a pass on that one.) He's been asked about things he's said, claimed "I didn't say that", shown tape of him saying just what he said he didn't say.... and the Trump followers will claim the tapes must be fake, because Trump said he didn't say it! (Even when it's a clip from some TV show like The Apprentice, they'll claim somehow alll the recordings from the original run of these shows are faked!) These people take zero, and I mean ZERO, effort to evaluate any claims he makes, and if anyone claims he might be even slightly exaggerating about something, they'll claim they are a "far left liberal" or some nonsense and will not even spend 30 seconds on google to evaluate claims. I don't care how much I love a politician, if someone is like "That might not be true", I have zero problem googling and seeing if that's the case or not.

It pains me to say it, but my dad's a retired research scientist, as far as I can tell he found Trump's being an ornery racist asshole appealing, and was able to completely overlook that Trump is anti-science, anti-rights, fascist, and just not very intelligent. He completely disengaged his brain the last 4 years... I mean, really, it's impossible to discuss anything with someone when it's like "NIH (National Institutes of Health) funding has been cut a few times the last 4 years" "No Trump has not cut NIH funding, NIH funding has never been reduced." "Well, here's two years he reduced it.. this year to divert funding for the border wall, and this year just because; and 8 other times since 2000 that it's previously been reduced, per Google." "No, that's not true." Can't argue with that "logic".

cell phone anti-cloning

Title sounds unrelated but it's not!

With AMPS (analog) cell phones, the call was analog but if you made an outgiong call it would send (digitally but unencrypted) the phone's ESN, and what # to call; one could get the ESN (electronic serial number) off an existing phone, clone it into another, at which point it was making calls on the original phone owner's dime. Apparently cloning was a real pain especially in Detroit and Miami; some of these markets actually incorporated some kind of RF fingerprinting technology, clone the phone and the cloned phone would just get a recording saying to call some 800# for the phone co's anti-fraud department.

I would think the tolerances were much tighter now (especially given it's airplane safety equipment) than like a Motorola Startac, but... *shrug*. I imagine it must have been picking up (using late 1980s technology) small differences in caps, resistors, and oscillators on the individual phone that make it sound just a tiny bit different when it keys up, sends call info (and possibly characteristics of the sound during the call, if it took a call or two to block a phone?) I assume the ADS-B transmissions would have some variations to pick up on, from the plane having small variations in voltage, ripple current, miscellaneous RF noise possibly affecting the ADS-B transmitter a small amount, plus whatever variations the actual radios might have.

I'm not sure if you would have to pick up the transmission from multiple angles etc. for this to be reliable; presumably with the cell phone RF fingerprinting, it was not requiring seeing the phone signal from a bunch of angles etc.

Theoretical use case

I suppose, theoretically, you can have confidential info sitting there encrypted, pass it through the vsock encrypted, have that decrypt and process, re-encrypt the result and send back. You'd have full confidentiality, even if someone started yanking data off your "control" AWS image. That said... I can't quite piece together a use case for this for anything I'm planning to do. But, I assume it'll either be useful for people who need it; or it won't and will go away, no harm no foul.

Clever!

I think this is clever. As it stands here, you used to have food just sit on the shelf until it's at the "sell by" date then either a) go to a food bank or b) nobody at the store rotates stock and it stays on the shelf (they're supposed to, but I was in New Orleans a few years back, this grocery store I was at still had pre-hurricane-Katrina stuff on the shelf, it was like 5+ years past it's sell-by date. Gross!). More recently, they seem to have pushed those "sell by" dates right to the limit, bread will probably be moldy within a day of that sell by date and may well go straight to the trash.

They're smart about this kind of thing in Japan; for example, if there's an earthquake or similar disaster, the food/drinks vending machines will switch to "free vend"... this both keeps the food from spoiling (if power goes out, they won't refrigerate but have enough battery backup to vend their contents) and provides food and drink to people so there's somewhat less requirement for food aid if any area is hard hit.

That's what you get

That's what you get for buying Apple. Proprietary connectors and accessories, intentionally hard to repair, and artificial obstacles being put in the way when you do decide to repair despite the difficulty.

Cache?

Seems like you'd be able to use some kind of cache; I mean, I doubt you're deploying 100 different images in that 6 hours, it'd be 100 of the same image (or a few images). Seems like you'd REALLY want to cache that somewhere for speed purposes if nothing else. Must admit, I can't think of how I'd burn through like 16 Docker images an hour either.

(Edit: Didn't notice the thread on caching just above. But seriously, who would not want to use a cache if they're doing more than an occasional Docker pull?)

Replace battery much?

Replace battery much?

In case you aren't aware, without some kind of new battery technology, fast charging batteries is BAD for them and drastically cuts battery life! You charge your notebook battery over 4 hours or so.. I had a Gateway that did that, 8 year old battery had 92% of the capacity it had new. The typical 1-1.5 hours to charge from flat, that battery hits 90% capacity within a year or two and is between "totally dead" and maybe 50% capacity after 5 years. 20 minute charging? Expect to replace that battery every year.

I'd actually like the opposite -- an option on my computer and phone to tell them "it's going to be plugged in all night, take 6-8 hours to charge and preserve the battery please." I guess a few of the Lenovos have an option like that -- normal charge, slow charge, and a fast charge (which if I recall had some tattler built in so it'd void the battery warranty either after 1 or a few uses.)

Programming error? *rolls eyes*

Programming error? I'm rolling my eyes at that one. I don't do the cookie clearing anyway, but exempting themsleves and only themselves from it's not at all cool. Definitely not a programmer error either; but, at least (now that they've been caught red-handed...) at least they're fixing it instead of making some excuse about how it's not a problem or something.

"Except, of course, for the fact that the bug is rather hard to encounter since the buggy software is not compatible with Hyperflex in the first place, so I'd guess it's a bit difficult to encounter it."

They didn't say it's not compatible, they said it's not supported. (Of course, in this case it's REALLY not compatible.) It's very common for these enterprise products to support 1-2 versions of some dependency; just like normal software, sometimes it's very picky and really does need that version, usually they just don't want the support burden (for example, for both Java and Node.js, software will probably support Java 8, 9, 10, 11, 12, but they'd probably support a version or two even though it works with the rest.)

Racism is racism

"5. The approach to apply positive discrimination to correct negative discrimination until there's no discrimination does not become racism just because racists say so. The more intelligent definitions of racism expressly deny that there even can be a thing like racism against a privileged majority. Racism always works against underprivileged minorities in that they stay underprivileged minorities. Something like that cannot even happen to the privileged majority."

Racism is being treated differently based on your race, and this "more intelligent definition" is nonsensical and itself racist.

The US population is not all homogenized, so you can be a member of any race and go into neighborhoods where (in that neighborhood) you are the minority and possibly subject to racism (I've gotten off pretty light, worst I got was a few hispanic gentleman saying "Hey Santa Claus!!" as I went by... I do have the build, and the beard, as well as the skin color though so maybe that wasn't actually racist.). Here in Iowa (midwest US), people are almost excessively polite so about the worst you'd get is someone being "Iowa nice" (instead of saying "Hello, how you doing?" as someone walks by, you look up but don't say anything...) (Despite what my somewhat racist friend thinks... he's sure he's not racist but also sure that if he goes to "those neighborhoods", as a white guy in a mostly-black neighborhood he'll be robbed and stabbed. Actually go to those neighborhoods, there's just kids out playing basketball and riding bicycles and (weather permitting) adults out barbecuing.)

In case you wondered

In case you wondered, WTF is the point of this? My parent's Dish Network remote has this setup (but hopefully better security.) The way it works stock, it doesn't listen to a thing until you hit a microphone button on it (the button looks like an old timey barrel mic). I'd like to think it's this way for security; I guess that's possible, but let's face it, it was probably done that way just because running a mic on a remote 24/7 would run the batteries down too fast. (Google, Amazon, I'm looking at you -- having your little assistants spying 24/7 supposedly just to listen for "Hey Google" or "Hey Alexa"? No thanks, give me a button!) I don't use the mic, my dad LOVES hitting the button and saying "history channel" or "BBC America" or whatever to it.

Ha!

"I am still highly skeptical that the benchmarks for a processor that is used to put in mobile devices like the iPhone or iPad (with its tiny batteries, even smaller available space and no active cooling) can tell us anything about the performance of the processor that Apple will use in its first 'Apple silicon' laptops."

I'm not. Those things are so thin, it's not like it's going to get any more cooling than the phone would.

But seriously.. I ran a Acer Chromebook with quad-core ARMs (happily, until it disintegrated* ) The quad-core ARM on it ran great, it was a Tegra K1 which they did shoehorn into a tablet or two. I think they ran it about 10% faster than in the tablets. 20 hour battery life under light usage, and 12 hours even if I was like compiling etc. keeping those cores on most of the time. (Actually it had 5 cores, big.little, a slow core that it'd let run up to about 700mhz before it flipped on one of the fast ones instead, plenty to blink a cursor or run openoffice. It'd switch seamlessly, but I could manually force off the fast cores if I needed closer to 20 hours battery life than 12 and didn't mind a little sluggishness now and then.)

I was running Ubuntu so had almost entirely native software; I could run x86 under qemu, but it did run slow, best case is about 50% speed. That'll be the biggest thing on these Apple machines is having plenty of ARM software; macos is not Windows though, unlike Microsoft's... umm, whatever they're doing... with those ARM Windows systems, Apple XCode does already have solid support for compiling people's existing projects for ARM, so I expect plenty of ARM-native software to be out for it. Running an ARM with 90% emulated software would suck; running it with like 10% emulated, no problem at all.

*... seriously, after about 1.5-2 years usage, the case cracked, battery failed, keyboard started developing a few "bad" keys, charging connector got flakey, and the SD card I threw Linux onto failed (that one's not Acer's fault, they didn't supply the card), within like 2 weeks.. I guess kudos to whoever for having it wear out evenly?

Surface problems

Yes, I've seen this on earlier Surface machines. One, for example, had a wireless chip (a Marvell). I had the same chip in my Acer Chromebook (the one with the Tegra K1 quad-core ARM -- great battery life.) In Linux, the chip was temperamental (if it went bad I could unload and reload the driver with rmmod & modrpobe.) Eventually, networkmanager was updated to not even try to do network scans when it's already connected to a network, too many cards had various bugs doing this. My aunt had the Surface; Windows? Card worked fine, windows would get some update that changed the wifi stack a little, card would flake; driver update would come out, it was fine for a little while until an update updated the wifi stack a bit; in the end, the card ended up "running" at about dialup speed, with no further driver updates coming out for it (at least there hadn't been one for well over 6 months.) Unfixable, if you rolled back the automatic updates would reinstall the "faulty" update soon enough.

(I put "faulty" in quotes because this was not strictly speaking the update's fault, this card was simply way too picky in exactly when things were done, I think. However, you'd think when they shipped their own piece of hardware... really, they couldn't at least do a kludge and hold back the wifi updates for their own products that they don't work right on?)

dmca damage

be aware, dmca has a simple dispute process. and this includes being able to ask for damages for filing false dmca complaints (false in this case because showing a few seconds of a promotional clip for satirical or commentary purpose is about as clear a case of fair use as there is.) Almost 0 people are aware this even exists but it does.

btrfs...ugh, oh and i recommend s3qlfs

"while reducing the amount of expertise needed to deal with situations like running out of disk space"

"had to laugh, since when has running out of disk space required expertise? Delete the old shit you no longer/never need(ed)/wanted in the first place, or buy a bigger disk."

You'd think so wouldn't you? Until VERY recently, you could fill a btrfs disk, go to delete something, and find it will not even let you delete anything because (due to journalling or whatever) deletes initially require additional space. Also with deduplication, compression, etc., a deletion may not free space (you delete something, and there's another file with duplicate blocks or a snapshot or whatever.)

I used btrfs for a main filesystem on one system, and some external storage. Unlike several years back, I no longer had data corruption issues (I don't know what was going wrong, it's supposed to have data integrity checks and whatever else, but with compressed files every so often I could md5sum the same file and get the wrong response one run, the right one the next. ) But after virtually any unclean shutdown, I'd have it go read only at inopportune moments; the data integrity features would recognize when it hit whatever file that the thing probably powered down mid-write on, then go read only; even if you remounted and just wanted to delete the file, no dice, it'd go read only again; no fsck, and no clear description online on how to recover from that without reading everything off, reformatting, and putting everything back on.

What I've been using recently, s3qlfs (running on top of ext4). Long story short, on several storage drives (ext4 filesystem) I've made a "s3ql-fs" mount point, "s3ql-data" directory for it to store it's database and up to 10MB data blocks in (it supports cloud storage like S3 and 4 or 5 others, but I'm using it with the local disk storage backend). Put like a 50GB cache on there, away you go. It does deduplication and compression, only uses about 32MB of RAM, burns through a bit of CPU time but for example I have a 4TB USB external currently, with *looks* 4.34TB of stuff on it, using 2.77TB of space. I can run it off my "slowputer" (1ghz core solo) and it'll max out a USB2 disk whether running out of cache or not; on a more modern system, I get like 80MB/sec from the block storage and full disk speed (for spinning rust) out of the cache (or into the cache, the writes go into there too so you don't have any weird write slowdowns from deduplication).

On my home system I even threw some Virtualbox VMs on there and it works fine, saving all kinds of space.

Oh, and as a bonus.. the same type of power cuts or USB disk unplugging that hosed btrfs?Since I'm running ext4 as my "real" filesystem, fsck fixes virtually all ills, the base filesystem doesn't lose anything. The s3qlfs on top of it, if a file is cut off mid-write, it can go read-only trying to read it. Unmount s3qlfs, go to s3ql-data and "find -size 0", delete the 0-sized files, run fsck on the filesystem and it'll tell you which files were f'ed up (put them in lost+found too usually), remount filesystem and done.

Absurd

Gotta say, it sounds absurd that the action between pushing the doorbell, and having the doorbell ring, includes round trips to some off-site server and whatever the hell else. Being able to watch the video off-site, things like that... useful, and of course it'd be possible for a system to go down making this temporarily unavailable. These "internet of things" devices where ringing a doorbell, or flipping the light switch and have that turn on the light bulb, involves off-site communications, that's ridiculous and is the kind of product I won't buy.

Yeah good job...

I remember when they claimed .NET was going to be cross-platform and portable, when they were trying to displace Java. Good job...

Java, you can write some code for Java, run it under a JVM, and it runs. .NET.... well, worrying about accessing the registry aside, see the article; it really sounds like if you want cross-platform code you'd have more portable code writing C to POSIX standard, then throwing the if/thens in to deal with Windows, than you get using the supposedly-cross-platform .NET.

I think I have one of these

I think I still have one of these... don't know if it's Leapfrog, but some childrens tablet in a neon green bumper. On mine I went to "adult mode" (regular android) and put a bunch of wifi scanning tools and junk on it. Might be fun to see what something like that does with Android 7 8-).

Not seeing it

First, I'm not seeing Apple allowing this. It's just not how they do things.

"Some of you may at this point suggest DIY x86 Macs, aka Hackintoshes, as an alternative. It's certainly possible to create a Hackintosh but they are a faff to get running reliably, in my opinion. They're also problematic because Apple's T&Cs for macOS only permit the software to run on actual Macs, not whatever x86 box you've built for the job."

Actually I've found that a hackintosh-type setup on Virtualbox (and apparently vmware as well) are much less finicky; it's set to provide some set of hardware OSX can deal with, so you can then have whatever real hardware you want on your system; at that point your only hardware requirement is a new enough CPU (pre-2010 or so Macs can't run newer macos due to some CPU requirement, the same requirement still applies in a VM.) Totally unsupported due to those T&Cs.

X server

"GUI support has been promised."

I mean, a viable plan B* would be to run an X server (rooted or rootless) and configure the linux disto to use it. rootless, you run your individual GUI-using applications and windows would be providing the window border, the x app the contents of the window; rooted mode, you have a window with the whole desktop in it (gdm, xdm, and the like can provide a graphical login/password prompt and launch a desktop to a remote X terminal just as it does to the local linux console.)

*I assume "plan A" will be adding some KMS/xorg driver support... it'd be nice if they supported one of the existing drivers but just as likely adding a new driver.

Dumb

Dumb... not that someone thought "OnePlus" was "fake Apple." Dumb that customs is taking it upon themselves to begin with to decide that a product is "counterfeit" when it is in what is obviously the package it will be sold in, and that package in no way resembles the package Apple would use.

child care?

I think claiming indirect sex discrimination because they expect people to be available off hours and women are disproportionately responsible for child care, that argument is crap. There's nothing wrong with wanting a job where you're off work when you're off work, but one can't expect to be in a job that does expect that and say they shouldn't have to because of gender.

But every action IBM is said to have taken agaist her after that sounds quite improper so good on her for getting a settlement.

FRAND?

so judge is going to ignore the Non Discriminatory part of this? Huawei absolutelty deserves the favorable rates samsung got, FRAND demands they do not discriminate between Samsung and Huawei for pricing. This is seriously the point of it; since they have a patent integral to a specification (guaranteed volume), they are supposed to set a fixed reasonably low rate, not negotiate it per customer.

center of delivery

Center of academic delivery? But why? It's even called creative cloud, so it makes sense to have creative (art) students use it and not pay for the rest to have it.

That's crazy

That's crazy, I just can't imagine presenting commissions as being uncapped then capping them. After all, the person making what are (presumably in their view) excess commissions is making the company that much more in contracts they may not have gotten otherwise. Sounds greasy to me.

Who needs to test software anyway??

Firstly, having 2 years of photo edits on a slab, and only the slab, is straight up dumb. I wouldn't pay for some cloud thing either, but copy them to your computer now and then!!! Those islabs get screen cracks and are then unusable. I use rsync on my (Ubuntu) portables DAILY, it's too likely to have it get dropped or spontaneously fail for other reasons. These things happen.

Second... who needs to test software anyway apparently. I mean, damn. Missing a subtle bug is one thing, having it delete all your files? I mean, bloody hell.

Doesn't sound too bright

Doesn't sound too bright.

A) EBay *and* paypal DO send notices saying a purchase was made. So the bit about having no notification is false.

B) It's not their job to decide you didn't really want to buy something, or to ask "are you sure" a bunch of times. They DO have you go through several screens on the web site first, and they DO have anti-fraud systems -- but this purchase was not fraudulent, it was made from your computer on your account.

C) Obviously there's some way to cancel a purchase, particularly when nothing has been delivered. Waiting until it goes to collections is not the way to do it.

so...

so, essentially, to keep the great firewall from overloading, and due to high cost of int'l transit (due to this firewall) isps there are throttling incoming international traffic.