Cool Ideas Fibre ISP – Feedback Thread 2

[daelm]

Please don't get me wrong, I'm not intending to attack you.

no offence taken.

1. i was being sarcastic, based on the heavy-handed branding around being a community rather than a business, a tight-knit band of brothers, supporting each other in tough times.

2. luckily i do have redundancy, and my work isn't wholly dependent on connectivity at home. however, my redundancy is light-weight and couldn't handle large transfers timeously. i was making a point, though, about the fact that any provider sells a network service, which means it is integral to their customers - it's not a walk-away deal - and so their outage is my outage, and lots of people too. it's the nature of the product.

 

[daelm]

technically, though, i no longer have a horse in this race, so i'll bow out soon.

 

[AfricanTech]

yes. i saw that. here's what it could have said:

Why should I, as a customer, be confident that you've taken steps to defend against this?

<insert answer here>

What will you be doing when this happens again? What can I expect from you and what's your commitment to that?

<insert answer here>

How are you planning to communicate with your community going forward?

<insert answer here>

How have you communicated in the past, and what are you learning from that?

<insert answer here>

What does it mean for me that you're under a targeted - and seemingly highly specific - campaign of attacks, continuing over months? Is there a reason you think that's happening?

<insert answer here>

What's your contingency plan to keep my service active? What unique and innovative steps, if any, are you taking?

<insert answer here>

What's your promise to me and how do I keep you honest to it? How are we going to hold each other accountable?

<insert answer here>

Hence the need for a communications company - I get that they've gone with the 'Zombie' attack theme (which is obviously not aimed at their technical customers, but I agree that they should have the above type of communication as well (given that they have actually answered quite a few of the above albeit in an oblique manner).

 

[daelm]

Hence the need for a communications company - I get that they've gone with the 'Zombie' attack theme (which is obviously not aimed at their technical customers, but I agree that they should have the above type of communication as well (given that they have actually answered quite a few of the above albeit in an oblique manner).

ageed. the zombie thing is a little cringe-y. and they did hint at some of the answers. what they're lacking is the accountability measures and the communications plan - the stuff that makes good on the brand promise - as well as any explicit commitment to being able to resist this and ensure service in the future.

anyway. i'm stealing time from work i don't want to do right now.

 

[lightpixel]

I find it hard to countenance that you purport that CI is playing the emotional card and you do precisely the same thing.

Quite honestly, if your work is fully dependent on working internet at home, you really should have some redundancy - not having it is quite simply negligent on your part. Said before, that the reason that I'm prepared to put up with outages like this one (outside of everything else) is that it's not mission-critical for me at home - it's an inconvenience when not available. If I was fully dependent on my livelihood, I would have backup facilities in place, the simplest of which would be to be on Openserve rather than Frogfoot.

Please don't get me wrong, I'm not intending to attack you.

Uhm, yes but if this was a EIGHT GRAND DFA cisp account you still would have been screwed. It was not just the R999 accounts affected.

So we now need two eight grand accounts each and LTE. J3sus. Just to work from home.

btw that was me being sarcastic.

 

[Hunted]

Thanks for Feedback @PBCool, don't worry about those who just don't get it. Appreciate your efforts to get us back to an working internet.

Again I'm not bowing to these DDOS-Aholes and I'm backing you all the way.

 

[Mike Hoxbig]

yes. i saw that. here's what it could have said:

Why should I, as a customer, be confident that you've taken steps to defend against this?



What will you be doing when this happens again? What can I expect from you and what's your commitment to that?



How are you planning to communicate with your community going forward?



How have you communicated in the past, and what are you learning from that?



What does it mean for me that you're under a targeted, and seemingly specific campaign of attacks, over months? Is there a reason you think that's happening?



What's your contingency plan to keep my service active? What unique and innovative steps, if any, are you taking?



Here's our promise to you and here's how you can keep us honest to it:

That's the business/pr way of handling it.

As someone who works in dev, I personally prefer the technical explanations given. But that's me. Others may prefer the pr approach to put their minds at ease.

What I do know is that if an attack of this magnitude hit one of the bigger guys, you most definitely would have gotten some genetic pr spin. And while that may have appeased some, it definitely would have pissed people like me off

I guess I'm saying there's no right way or wrong way, just somewhere inbetween that strikes the right balance between the two. And they need to find it, but it's not going to happen overnight. Which is pretty much what Paul said above.

You also need to remember that the company was founded by technical guys who have a passion for this stuff. They may not necessarily be the best people persons, as hard as they may try. I can empathise with that. So the suggestion about hiring a pr company during a crisis is a good one. But at the same time I would prefer that they don't lose their identity in providing us with some of the nitty gritty info. I don't want to deal with another Mweb or Telkom or Vodacom.

It's still a very young company and they've done extremely well with what they had. They definitely would have taken some lessons from this. I'm willing to give them a chance to improve, and I'm sure I'm not the only one. It's not fanboyism, it's about being a decent human and understanding what someone is going through. Many of us in tech have had it happen to us, and it's not nice being kicked when you're down and being made to feel like schit for something that's not your fault.

Given the size of the attack, it speaks to their technical ability that they managed to overcome it in a day and a half, probably without sleep, given the limited resources at their disposal compared to the bigger guys...

 

[AfricanTech]

Uhm, yes but if this was a EIGHT GRAND DFA cisp account you still would have been screwed. It was not just the R999 accounts affected.

So we now need two eight grand accounts each and LTE. J3sus. Just to work from home.

btw that was me being sarcastic.

Uh, no, at most, Openswerve as your FNO, failing that, LTE for backup.

Simply put, and ignoring the sarcasm , if your internet at home is mission-critical then you have to have redundancy else you're being negligent. You can't squeal about your ISP if you haven't done your bit as well - and putting mission-critical internet service eggs into one basket is not doing your bit.

 

[lightpixel]

How small is cisp? Are they working from this guy Paul’s garage. That’s actually a genuine question. Everyone here is talking as if there are two Noc guys employed Running this ISP.

 

[AfricanTech]

How small is cisp? Are they working from this guy Paul’s garage. That’s actually a genuine question. Everyone here is talking as if there are two Noc guys employed Running this ISP.

Hey, HP, Microsoft and Apple started in garages....

 

[daelm]

That's the business/pr way of handling it.

As someone who works in dev, I personally prefer the technical explanations given. But that's me. Others may prefer the pr approach to put their minds at ease.

agreed and disagreed

the technical explanation is informative - and i appreciate it, especially given that the work i'm actively avoiding by engaging on this forum involves describing a microservices architecture for a quasi-RFI, so it's informative enough to be distracting - but it's not a commitment, and it's not reassuring on the main questions: what, if anything, are you promising to do? why can i rely on you about this? what is my recourse if you don't follow through? what contingencies are you offering me when the schitt hits the fan? why you? what's up with that?

 

[daelm]

Hey, HP, Microsoft and Apple started in garages....

 

[km2]

thanks, fog. that was pretty much my whole point. i'm entirely sympathetic to the technical difficulties, but my working life was crippled, and i've received very little sympathy in return, despite being promised that i was joining a "community", filled with rich and extensive and personal communication. following that, it's been suggested that my lack of overt sympathy for the difficulty they were facing was letting our nation's schools down.

You thought you were joining a community, but it acts a bit more like a cult. Looks pretty similar from the outside with generally cheerful and enthusiastic people sharing their Cool Ideas stories, but as soon as you join and start questioning the way things work or bringing any kind of valid criticism that could make CISP look bad to outsiders, the Cool Ideas Orthodoxy Enforcers pile in. To be clear that's not on PBCool or TheRoDent, that's the other very enthusiastic members.

 

[TheRoDent]

How small is cisp? Are they working from this guy Paul’s garage. That’s actually a genuine question. Everyone here is talking as if there are two Noc guys employed Running this ISP.

Why don't you come visit us at No 1 Sturdee Avenue in Rosebank and we'll give you a guided tour of the "garage"?

 

[daelm]

You thought you were joining a community, but it acts a bit more like a cult. Looks pretty similar from the outside with generally cheerful and enthusiastic people sharing their Cool Ideas stories, but as soon as you join and start questioning the way things work or bringing any kind of valid criticism that could make CISP look bad to outsiders, the Cool Ideas Orthodoxy Enforcers pile in. To be clear that's not on PBCool or TheRoDent, that's the other very enthusiastic members.

pretty much though i don't really buy the community-schtick from anyone. i was just throwing that in because it's a bit overwrought when they use it to communicate. you summed it up pretty clearly in another thread when you said you just want to pay for internet that works reliably, not be conscripted into "some Good vs Evil conflict between CISP and some Random DDoSing Turds".

i can do without the lightsabres and the Rebel Army - i'm really just asking about the product failure.

 

[TheRoDent]

agreed and disagreed

the technical explanation is informative - and i appreciate it, especially given that the work i'm actively avoiding by engaging on this forum involves describing a microservices architecture for a quasi-RFI, so it's informative enough to be distracting - but it's not a commitment, and it's not reassuring on the main questions: what, if anything, are you promising to do? why can i rely on you about this? what is my recourse if you don't follow through? what contingencies are you offering me when the schitt hits the fan? why you? what's up with that?

It's a fine balance between communicating "too dumbed down" and "too technical". We got slated for not giving enough technical information during the prior incidents.

This time around we offered both options.

If you look at the timeline there is quite a bit of "what we are doing" in there, if you review http://bit.ly/65dayslater

As for the "why you...?" That is a great question. I'd love to know too. When engaging with DDOS vendors they all went "oooh, you have a network with gamers on it, here's a new price for you".

Some outright stated that networks with gamers get attacked more often.

Of course, all this needs to be take with a pinch of salt. There is no clear explanation as to why "us". And nobody will ever know. I will however say that we have had ransom requests but these simply seemed to be opportunistic in nature.

As to what we're doing, that is in the documents. In fact, I'm scared that having given out information of a technical nature it may make things worse.

But we're trying to be as transparent as we can. I don't believe in, or see any other way.

 

[lightpixel]

Hey, HP, Microsoft and Apple started in garages....

Why don't you come visit us at No 1 Sturdee Avenue in Rosebank and we'll give you a guided tour of the "garage"?

uhm that’s exactly my point. I have been there. We EXPECT you to mitigate. If your offices can be so slick so can your NOC.

Edit:
Time to start putting your money where your attitude is TheRoDent, better have your a game on when the next round comes.

I called your office today and cancelled and the support person could not even transfer the call to accounts. She literally could not used the phone. That is who was taking your calls on a Monday like today.

tells me everything about your slick pad In Rosebank. Substance over form. That’s what people want.

 

[Hunted]

uhm that’s exactly my point. I have been there. We EXPECT you to mitigate. If your offices can be so slick so can your NOC.

Edit:
Time to start putting your money where your attitude is TheRoDent, better have your a game on when the next round comes.

I called your office today and cancelled and the support person could not even transfer the call to accounts. She literally could not used the phone. That is who was taking your calls on a Monday like today.

tells me everything about your slick pad In Rosebank. Substance over form. That’s what people want.

Bye

 

[daelm]

It's a fine balance between communicating "too dumbed down" and "too technical". We got slated for not giving enough technical information during the prior incidents..

i don't think you need to dumb anything down. and i think that's a false dichotomy. business and technical communication aren't two lenses on the same thing. it's two different bodies of information. one is about what actually occurred on the network. you're good at that, though it's opaque to a non-technical reader. (i'll check with my gran tomorrow, but i'll give you 100-1 she doesn't understand it.) the other is about the business relationship you have: what you're going to do, what we can expect, the specifics of what you're committing, why we should believe you, and the specifics of what the metrics and recourse are.

the idea that there are two worlds here and ne'er the twain shall meet, is an unnecessary and endlessly frustrating red herring. outside your specific skill-set, you don't care at all about the mechanics of the product or service you're consuming: you care that it works, and when it doesn't you want to know that (and how) you can hold people accountable. if your dealership failed in servicing your car, repeatedly, over months, you wouldn't be on their forum arguing that servicing is hard and people should lighten up. you'd be on their doorstep demanding they make good, provide you with continuity of transport, and insisting that they final service be checked by an independent party. we're all like that when we're on the business end of the gun.

tl; dr: when you're failing to honour the commercial end of the contract an explanation of the failure is only part of the communication. the other part is remediation, and re-commitment to the terms. think about it: you'd hold me to precisely that standard if i stopped paying you, which is my end of the contract. there would be no forum debate about how hard it was for me that month, and how my accounts were drained by sim-swap bandits, and why that should entitle me to leeway.

 

[kripstoe]

Why don't you come visit us at No 1 Sturdee Avenue in Rosebank and we'll give you a guided tour of the "garage"?

Walking distance from our Jhb office. Do you have coffee?

Also, the SMS over the weekend and the DDOS Attack Update email was awesome. Much improved comms since the last round of issues.