Paul Boutin on music swapping. Burn, Baby, Burn : The real threat to the music biz isn't P2P it's CD-Rs swapped on the street. He goes on to note that "the iPod is a pirate suitcase nuke"... "With an iPod in my pocket, I don’t bother asking for CD recommendations anymore. I drag and drop my friends’ entire jukeboxes. Rip ’em now, decide what to play later. " [from: JB Ecademy]

Wired has an article about a possible vulnerability in WPA that allows a fairly trivial DoS (Denial of Service) attack.

Now, silly me, I would expect Wired to publish reasonably well researched and accurate articles, but most of it is the same old "Shock Horror - WiFi dangerous" twaddle.

Now maybe I'm missing something here, but what really puzzles me about all this is the belief that a wireless connection can ever be as secure as a wired connection. And even more than that, that a wired connection can be treated as implicitly secure. We all use SSL, SSH, VPNs and such like to access important systems one the internet. Why don't we just do the same when accessing the same systems over wireless? It seems as though the thinking got stuck somewhere that we don't need to use encryption inside the firewall and when we started using WiFi we just assumed that we'd be able to do the same thing. Then when WiFi was exposed as inherently insecure we threw our hands up in horror at what we'd done and blamed WiFi.

There's a classic example in the article. "This past summer, electronics retail store Best Buy, removed the wireless scaners in their stores because of the security risks associated with WEP. They were more concerned about outsiders getting their customers' credit card information" So Best Buy's systems were shipping credit card numbers over the wire unencrypted? And then they put in WiFi? Like DOH!

On the basis that bad security is worse than no security, I'm tending towards an approach that turns off all security on WiFi. Don't use WEP, WPA, MAC authentication, IP authentication or whatever else they come up with. Do all your security at the application level. If you start by assuming that the transport layer is always insecure, maybe then you'll be more careful about what you send over it.

Am I completely off beam with this?

BTW. Are there any verified instances of WEP being attacked and broken in the wild? How about verified instances of more mainstream hacker attacks being launched over WiFi? [from: JB Wifi]

While he wasn't handing out AIDS donations or being menaced by a giant condom, Bill Gates also talked at length about Web Services to the Indian developer community.Web services to usher in digital decade; Gates describes 'digital decade' to Indian developers
[from: JB Ecademy]

Wacky things to do with Google #23. Do a Google search on your post code. You might be surprised what turns up. [from: JB Ecademy]

Want Faster Data Transfer? Get WiFi Speed Spray ;) [from: JB Wifi]

A while ago I pointed to a US government site because it had the most amazing logo and strap line. A giant pyramid looking down on the earth, Scientia est Potentia (knowledge is power) and a brief to attempt to achieve "Total Information Awareness". It's head is one John Poindexter who some may remember from the Iran-Contra affair as the guy who was indited for selling arms to Iran to free hostages and then siphoning the profits to the Contras in Nicaragua. Now the fact that the organization's initials, IAO (for Information Awareness Organization) are also part of a Crowleyan magickal formula is surely a coincidence. So far this sounds like the rabid mumblings of a conspracy theorist. Great fun but it couldn't be serious, could it?

But then William Safire at the NY Times has written an article about the Homeland Security act in the US, You Are a Suspect that points out how extreme the act is. "Every purchase you make with a credit card, every magazine subscription you buy and medical prescription you fill, every Web site you visit and e-mail you send or receive, every academic grade you receive, every bank deposit you make, every trip you book and every event you attend — all these transactions and communications will go into what the Defense Department describes as "a virtual, centralized grand database." To this computerized dossier on your private life from commercial sources, add every piece of information that government has about you — passport application, driver's license and bridge toll records, judicial and divorce records, complaints from nosy neighbors to the F.B.I., your lifetime paper trail plus the latest hidden camera surveillance — and you have the supersnoop's dream: a "Total Information Awareness" about every U.S. citizen."

Then this morning I read a piece in The Times from Tina Brown that had this to say. "IS AMERICA going to shoot even further to the right? A student of these matters at Princeton gave me his considered judgment: “You. Have. No. Idea. By the end of the year there will be a hyper conveyor belt in place to move every possible wingnut cause like greased lightning through the judiciary. Abortion? You better live on one of the coasts. Environment? I’d invest in gas mask futures — and it has nothing to do with al-Qaeda, let alone Saddam Hussein. Ever try to breathe in Houston?” The only consolation for liberal Dems is that the voters will now get what they asked for.".

But we all know that the US has these weird paradoxes of a bill of rights, freedom of information act and a written constitution while also being a police state with more citizens in prison as a percentage of population than any other country and a government that is in bed with big business and thinks nothing of spying on it's citizens while trampling all over their rights (ahem!). And it could never happen here, right? Wrong! the only difference in the UK and the EU is that we don't make a fuss about it and don't hear about it.

I think what really upsets me about all this is the asymmetry and lack of transparency. Let's say the IAO collected all this information but instead of hording it, they put it all in a big seachable database on the web. Let's say that every CCTV camera was turned into a webcam. Now everyone could know everything about everyone. This is the central tenet of David Brin's The Transparent society. I happen to believe that this would make for a more sane society than the reverse. But it's a belief. And one that is unlikely to be tested.
[from: JB Ecademy]

I just came across (UK) CWNP Certification from KSYS. They've also got a good reference section on security issues, books, a WLAN Glossary and a WLAN FAQ. [from: JB Wifi]

There's a fascinating loop happening at the moment. There's an SMS spam going around that promises a free holiday in Paris if you phone a premium rate number (£12) from an outfit called MobileMore. this gets mentioned in an Ecademy blog. Google picks it up and amazingly we're a definitive source as there are NO other references to Mobilemore on the web. People who've been getting the spam have been searching Google and coming to us resulting in 30-40 hits in the referrer logs. [from: JB Ecademy]

Like something straight out of science fiction. News of Argentina's post-apocalypse economy.

Bruce Sterlng's last two blog entries have done an amazing job of pointing to links about Argentina's post-economy order. Thousands of people "roadblocking" the thoroughfares with tent cities erected in the middle of the main highways, millions living off shadow barter-economies that are circulating their own laser-printed, barcoded scrip, middle-class matrons destroying banks in rages over currency-withdrawal restrictions... [thanks, Boing Boing Blog]

Home laser printed bar-coded money for berter transactions sounds interesting. [from: JB Ecademy]

stevenberlinjohnson.com is the new blog from "Emergence" author Steven Johnson. [from: JB Ecademy]

Glenn has a great summary of WiFi security. Wi-Fi News: Weak Defense :

This next bit needs repeating. I've trimmed the text to just show the highlights. Click on the link above to see the full text.

What To Do in the Meantime
Encrypt links. Use secure protocols for all critical communication. eg SSH and SSL for everything but especially email.

Use 802.1x/EAP in enterprises:

Wireless access points stay outside firewalls. Locate all access points outside firewalls and require VPN (virtual private networks) connections between clients and internal servers.

Be wary in public: You never want to send plain text passwords or other data over a public network. Especially email passwords.

Which all sums up to "everything on wireless is insecure" So secure it at the application level, run an additional layer of security on top or arrange the network so that even if the wireless security breaks, there's still nowhere to go. [from: JB Wifi]

Unstrung - The world wide source for analysis of the global wireless economy : According to market analysis by Synergy Research Group (SRG), Worldwide Wireless LAN equipment sales were $465.1 million in the Third Quarter of 2002. What's more, Enterprise WLAN equipment sales were down almost three percent sequentially and down nearly 13 percent year-over-year, while SOHO/Home WLAN Equipment sales grew 21 percent for the quarter and were up 66 percent from the same period a year ago. Additionally, the SOHO/Home segment represented more than 58 percent of the total WLAN market, up from 56 percent in Q2.

3Q02 market share in SoHo and Home
Linksys 19.6%
Buffalo 15.8%
NETGEAR 15.5%
D-Link 15.5% [from: JB Wifi]

David Weinberger and David Isenberg write in USATODAY.com - Don't prop up phone firms; let them fail : Instead of spending billions of tax dollars propping up the telephone companies and delaying the inevitable, let them fail - and fast. By doing so, an astounding new era of telecommunications will be launched that is just as inevitable.

Joho also writes that they mis-quoted him where he said "the telephone network "was not designed" to handle anything other than voice data, USAToday edited it to say that it "can't handle" non-voice data."

EU Governments should take note, but you can be sure that several ex-national monopoly Telcos will get all sorts of handouts. [from: JB Ecademy]

For years, you've been able to use MySQL from inside PHP. Now someone's written a MySQL UDF that interprets PHP so you can use PHP inside MySQL. MySQL has already got a pretty complete set of the C runtime calls exposed as SQL commands, but this takes it a stage further. And it probably takes it completely over the top! [from: JB Ecademy]

The Distributed Proofreading site assigns random pages from scanned-in or re-keyed public domain texts that are being prepared for the Gutenberg Project library to volunteer proofers who correct the errors and check them back in. After a recent slashdotting, the sites pages proofed per day rate went from less than 1,000 pages/day to over 10,000. At this rate, they'll have the entire public domain up in jig time. [thanks, Boing Boing Blog]

Another amazing community project that could only happen in an Internet world. For those unfamiliar with the Gutenberg Project it's goal is to scan, store electronically and make available the entire body of writing that is out of copyright. One fascinating side effect of this is the Bookmobile. Brewster Kahle has fitted out a truck with a satellite link, computers and fast laser printers. He travels the USA, parks up and then prints out of copyright texts to order out the back of the van. 

  [from: JB Ecademy]

Andy Oram writes that the Schlotzsky's Deli announcement of free WiFi at their delis represents a Shift in the image of open Wi-Fi access He's absolutely right. We've moaned here before about the mainstream media's obsession with portraying WiFi as some demon hacker's paradise. We need a few more of these stories about people deliberately providing free access to provide some balance.

And by the way in case anyone hasn't worked it out yet, Warchalking is actually a huge geek joke and not something that happens much at all (at all) in the wild or anything to be scared of! [from: JB Wifi]

San Diego wireless net installs 72-mile 2.4-GHz link - Computerworld This is (I think) a new world record. I'm curious about the effects of latency. I understood that 802.11b had inherent limitations in some parts of the protocol where the round trip time of such a long link would stop it working. [from: JB Wifi]

WeRoam Launches WeRoam is a service of TOGEWAnet, a WLAN and GSM network integrator headquartered in Bern, Switzerland. I'm beginning to see stories like this one that talk about the convergence of cellphone SIM card technology with WiFi. I have to say I'm uncomfortable with this because it implies levels of corporate control that work against the inherent anarchism of WiFi. But having said that it may well make WiFi+GPRS(GSM)+PDA+VoIP commercially viable.  [from: JB Wifi]

Another micropayment system. Except that the Ginx: Nickel Exchange is peer to peer and aimed at private individuals paying each other rather than all of us paying big business for small things. [from: JB Ecademy]

Lots of links in the blogosphere to this story. Wired News: Napster Co-Founder's New Venture Plaxo. I guess in a world where everyone uses Outlook and Outlook Express it makes sense but it smells like spam to me. And there's not news yet on the bueinss plan and how he intends to make money from it. [from: JB Ecademy]