Can Chips Revive the Internet Economy? Impressively optimistic Comdex keynote speech from Brian Halla, CEO of National Semiconductor "A glut followed the railroad boom, but it was followed by another wave of unprecedented growth as people began to come up with new ideas to make use of the foundation that had been laid, he explained. "We overbuild; we have a glut. That's where we are today. The period that follows after the glut is when the new ideas get incubated," he said."

So what do you get when you combine IPv6, with pervasive WiFi, with all the bandwidth and dark fibre that was laid during the boom years. The IPv6 makes every device addressable and reduces the need for NAT firewalls. The WiFi means all those little devices are part of the net. And if we can just find a way of coping with the debt, the bandwidth infrastructure brings connectivity costs down to the floor. Sounds like a great environment for innovation to me. [from: JB Wifi]

Rather interesting little article in El Reg about why the US doesn't get SMS TXT unlike the whole of the rest of the world. It's also an interview with Howard Rheingold who's done extensive personal and international research on the subject. The short answer is that it's the combination of a Monopoly (Qualcomm) and a Pigopoly (The Telcos) rejecting the godless and commie GSM in favour of their own home grown standard CDMA. It's the same answer you can give when asking why US Cellphones don't have Bluetooth. Or MMS. Or why you can't roam everywhere with one phone and one service provider. And why analog cellphone service won't die in the US. And so on. And on.

But then the US still uses NTSC (Never Twice the Same Color) for it's TV standard. ;)

DonchaJusLove free markets! [from: JB Ecademy]

NY has a project to Unwire Schools by installing WiFi in every classroom. With Blair announcing £1bn for broadband deployment in UK Government sites over the next 3 years and £6Bn for IT spend, maybe some of that money should be spent on deplying WiFi on the end of every line. [from: JB Wifi]

BBC NEWS | Technology | Blair pledges to kick-start broadband : UK Prime Minister Tony Blair has promised to give every school, university, hospital and doctors' surgery a high-speed link to the internet. At present many public services connect to the web through a telephone line, but the government wants more access to the broadband connections. The government is spending more than £1bn on broadband for key public services over the next three years as part of a £6bn investment in information communication technology.

Now how about putting a little of that money into siteing a free WiFi access point on the end of each one of those lines?

There's also talk about a 128Kb always on service over existing telephone lines, except that the BBC says it "will not offer the always-on advantage of true broadband." which I assume is a mistake. [from: JB Ecademy]

A report on 802.11g devices announced at Comdex. Comdex: New flavor of wireless LAN starts to emerge : For one thing, 802.11g products will have a much smaller price premium over 802.11b -- about 25 percent to 35 percent when products first arrive, as compared with about 300 percent for 802.11a products, he said. Longer reach and a greater ability to transmit through walls also are benefits of 802.11g over the other high-speed standard.

I can see a number of reasons why 802.11g will win out. It's backwards compatible with B. It uses a part of the spectrum that is already de-regulated. That's aprticularly important when Europe is dragging it's heels releasing the 5Ghz spectrum needed for 802.11a. But surely the biggest reason is price. No wonder then that the manufacturers are pushing the curve by releasing product before the standard is even cast in stone. Buffalo in particular is aiming for $99 cards and $199 access points for Dec delivery. And they're trying to satisfy consumers worries by offering to replace the hardware if standard changes can't be satisfied by firmware changes. All the other manufacturers (Linksys, Dlink, SMC, etc ) are playing the same game.

This really is an extraordinary market. Having 4 hardware manufacturers with equal market share is pushing it forwards incredibly fast. New products and price cuts are coming faster than in any other sector I can think of. And all driven by what is clearly a huge demand.

WiFi has proved to be extremely disruptive so far because it's largely a bottom up technology. And it threatens a whole range of established industries in the process. If the industry can work out how to seamlessly hand off between 3G, GPRS, and multiple WiFi sites, it will threaten a whole new set of industries. [from: JB Wifi]

lots of WiFi info from Comdex at DailyWireless [from: JB Wifi]

BuffaloTech announces December '54g' products

This is getting daft! The 802.11g (54Mbps in the same 2.4Ghz spectrum as 802.11b) standard is not due to be ratified until May 2003. And certification against the standard is not expected until well after May. But the market can't wait and is already producing chip designs and announcing products with Buffalo leading the pack by predicting Dec 2002 deliveries. This all reminds me of the modem manufacturer wars around 1990. This also sounds the death nell for 802.11a products doesn't it?

The other hazard with this is that the pent up demand will mean a very rapid price fall curve. I fully expect commodity pricing and hence the near disappearance of 802.11b designs by late next year. Which is not pretty if you're planning on spending money on hardware now. And it's particularly unpleasant if you're in the middle of rolling out a WISP hotspot solution. Can we expect T-Mobile, BT Openzone, Megabeam and others to throw out all the hardware they've just installed to repalce it with .11a or .11g hardware immediately?

And just to confuse all this further, Toshiba are planning 802.11a pre-installed in laptops in Dec. [from: JB Wifi]

Vodafone, Lufthansa Do WLAN Which says it all really. 55 airport lounges in Germany but with Vodaphones presence throughout Europe there's surely more to follow. [from: JB Wifi]

John Markoff's piece about WiFi in the NYTimes has been reported all over the place. But I particularly liked this tidbit. "In their candid moments everybody at the F.C.C. will tell you they are being pressured quite severely by various forces that are quite concerned about Wi-Fi," said Reed E. Hundt, a former chairman of the F.C.C. "They're worried that it is really a trenching machine that will uproot the entrenched forces." [from: JB Wifi]

Further to my rant this morning about email security and authentication, there's another catch. Lots of people use Norton Anti-virus. Unfortunately NAV doesn't understand the SMTP STARTTLS command. So if you're trying to connect to an SMTP server via SSL it kills the connection. The solution is to turn off NAV Email checking on sending email.

This is not great, because if you catch an Outlook Virus that uses Outlook's email sending code, it will still send. [from: JB Wifi]

In today's Times, that old fogey William Rees-Mogg argues with impeccable logic that if the UK became a Republic and elected a President the candidates would be The Queen, Richard Branson and Paddy Ashdown. :) By examining the question of who would stand, he pours scorn on the whole idea of the UK becoming a republic.

But I have a better question. If, as some believe, we have a Prime Minister who is playing the role of President, which Minister is playing the role of Prime Minister? [from: JB Ecademy]

The other story in the Times that caught my eye is a leaked report from the Pentagon that 53.9% of the US Armed forces who are over 20 years old are too fat to fight. Can I suggest the Atkins Diet? [from: JB Ecademy]

When you're out on the road and get Internet access, whether by GPRS, WiFi, a borrowed ethernet connection or maybe a borrowed PC, what's the first thing you do? Well apart from surfing the web, it's to check your email. To do that you need to login to your email mailbox, and then you need to send email. Now there's a whole series of road blocks waiting for you.

If you don't want to read all this, here's what you should do.
1) Demand that your ISP or company email supports SSL protected POP3/IMAP with SMTP AUTH
2) Moan at Microsoft for not supporting the open secure login protocols.
3) Moan at Microsoft for not supporting SSL in Outlook CE.
4) Route round them all by running your own mail server or clubbing together with friends to run a group server and configuring POP3 and SMTP AUTH with SSL.

And now some justification.

Let's ignore hotmail and other web based systems for a moment. First, you're almost certainly using POP3 or IMAP to get to your email mailbox. And second you're almost certainly using a Microsoft Email reader. This is where the problems begin. There are numerous open schemes and protocols for authenticating a login on POP3 and IMAP such as CRAM-MD5, DIGEST-MD5, KERBEROS_V4 and so on. But MS support only two. The first is to use plaintext. The second is a Microsoft proprietary format known as SPA or NTLM. There's limited documentation available for this, and so by no means all POP3 Servers support it. If you're logging in to a corporate Exchange server there's no problem. But if you're using a public or private ISP it's very unlikely that they support SPA/NTLM.

So now that you're sending your ID and Password in plain text, it really ought to be protected via SSL/TLS just as if you were sending a credit card number to an E-Commerce site. But again we have problems. SSL is supported by Outlook and Outlook Express but not by Outlook CE. So if you're using a Pocket PC PDA you're now out of luck. And even though SSL is baked into virtually all other email readers, again very very few ISPs provide it.

Having received your email you now need to reply and send email. The problems of spam mean that every SMTP server that receives email for sending on, uses some authentication to make sure that the email is coming from a known source (This is known as avoiding being an Open Relay). There are 4 common techniques for this; Known IP or wire, such as a dial up or direct connection; Restricting send to emails with a from address of the server's domain eg @iomartdsl.com; pop before smtp where if an authenticated pop session happened from the same IP within a few minutes, SMTP is accepted; And SMTP AUTH where an ID+Password is used just as for POP3/IMAP.

That last option of authenticating SMTP is obviously the most flexible and the same set of authentication options are available. And again MS readers support only plaintext and SPA. And again SSL is available. And again Outlook CE can't support it. And again very, very few ISPs support SMTP AUTH and SSL. The other routes all cause problems of one sort or another. Known connection doesn't work when roaming and if I hook a WiFi connection on the end of a known connection (like my DSL), then the source is no longer known. Forcing an email address domain is a pain in these days of multiple identities such as a work email address and a home email address. And POP before SMTP is dangerous when I'm sharing an IP address with the other users of a WiFi hotspot.

What's really irritating about all this is that SMTP, POP3 and IMAP are some of the oldest protocols on the internet. SSL securing of internet communications is almost as old as the web. Secure SMTP, POP3 and IMAP login either by a secure protocol or by cloaking it with SSL is well understood and only it takes a small amount of extra work when implementing a server.

So what do we do? well
1) Demand that your ISP or company email supports SSL protected POP3/IMAP with SMTP AUTH
2) Moan at Microsoft for not supporting the open secure login protocols.
3) Moan at Microsoft for not supporting SSL in Outlook CE.
4) Route round them all by running your own mail server or clubbing together with friends to run a group server and configuring POP3 and SMTP AUTH with SSL.

This rant came about because I discovered that Boingo now support PDAs and they provide an SMTP server so you can send email on the move. But they set it up to use plaintext authentication without SSL and using your Boingo ID and password. Whoops! Then I was pointed to a security vulnerability in SPA and a rant from a Server developer about how hard it was to support SPA. [from: JB Wifi]

Syndic8 maintains a database of newsfeeds available in RSS XML which are checked and validated. this weekend they hit 10,000 validated feeds. Ecademy has a number of feeds available; just look for the orange XML gifs on all the pages. Our DailEnews is built from reading 100 or so feeds from outside.

And if this means nothing to you, have a look at Amphetadesk and Aggie. These are desktop news readers that make it easy to read news from your favorite sources. [from: JB Ecademy]

Glenn Fleishman's new book on wireless networking for small networks at home and at work:
Wireless Networking starter kit is published Dec 9 in the US. [from: JB Wifi]

Some good advice from Esther Dyson on Email Etiquette. [from: JB Ecademy]

Jonathan Greensted reports from Seattle.

---

If Chicago is the Windy City then Seattle has to be the WiFi City...
 
This morning I woke at a friend's house, lent out of bed and check my email and IM via WiFi at his home. We decided to take breakfast at Starbucks and again WiFi was available. I went to the Microsoft Conference Centre and WiFi was there too. Lunch was in a bar/diner called Chilli's.  This is located at a mall which is WiFi enabled! Finally I'm heading out to Vegas for Comdex so I arrive at Seattle airport and yes you guessed it!   Seattle airport is WiFi enabled!
 
(The Seattle airport solution is very neat.  You instantly connect to the WiFi network however the firewall
blocks you until you've paid $6.95 for 24 hours access.  The solution is implemented by http://www.wayport.net/)
 
I doubt I've been off air for more than about 45mins so far all days and that was when I was driving so I couldn't really do email or IM anyway.
 
It is totally amazing.   The 3G boys ought to be very, very worried!
 
I'll let everyone know how Vegas compares for connectivity [from: JB Wifi]

Paul Boutin on music swapping. Burn, Baby, Burn : The real threat to the music biz isn't P2P it's CD-Rs swapped on the street. He goes on to note that "the iPod is a pirate suitcase nuke"... "With an iPod in my pocket, I don’t bother asking for CD recommendations anymore. I drag and drop my friends’ entire jukeboxes. Rip ’em now, decide what to play later. " [from: JB Ecademy]

Wired has an article about a possible vulnerability in WPA that allows a fairly trivial DoS (Denial of Service) attack.

Now, silly me, I would expect Wired to publish reasonably well researched and accurate articles, but most of it is the same old "Shock Horror - WiFi dangerous" twaddle.

Now maybe I'm missing something here, but what really puzzles me about all this is the belief that a wireless connection can ever be as secure as a wired connection. And even more than that, that a wired connection can be treated as implicitly secure. We all use SSL, SSH, VPNs and such like to access important systems one the internet. Why don't we just do the same when accessing the same systems over wireless? It seems as though the thinking got stuck somewhere that we don't need to use encryption inside the firewall and when we started using WiFi we just assumed that we'd be able to do the same thing. Then when WiFi was exposed as inherently insecure we threw our hands up in horror at what we'd done and blamed WiFi.

There's a classic example in the article. "This past summer, electronics retail store Best Buy, removed the wireless scaners in their stores because of the security risks associated with WEP. They were more concerned about outsiders getting their customers' credit card information" So Best Buy's systems were shipping credit card numbers over the wire unencrypted? And then they put in WiFi? Like DOH!

On the basis that bad security is worse than no security, I'm tending towards an approach that turns off all security on WiFi. Don't use WEP, WPA, MAC authentication, IP authentication or whatever else they come up with. Do all your security at the application level. If you start by assuming that the transport layer is always insecure, maybe then you'll be more careful about what you send over it.

Am I completely off beam with this?

BTW. Are there any verified instances of WEP being attacked and broken in the wild? How about verified instances of more mainstream hacker attacks being launched over WiFi? [from: JB Wifi]

While he wasn't handing out AIDS donations or being menaced by a giant condom, Bill Gates also talked at length about Web Services to the Indian developer community.Web services to usher in digital decade; Gates describes 'digital decade' to Indian developers
[from: JB Ecademy]