Another security alert. Oh, the joys of embedded code.

---

Popular Linksys Router Vulnerable to Attack

A denial-of-service vulnerability in one of the most popular cable and DSL routers
allows an attacker to crash the router from a remote location.

The Linksys Group Inc.'s BEFSR41 EtherFast Cable/DSL Router with 4-Port Switch is
vulnerable to a remote DoS attack that requires the attacker to do nothing more
than access a specific script on the router's remote management interface. The
vulnerability affects all of the routers with firmware versions earlier than
1.42.7.

http://eletters1.ziffdavis.com/cgi-bin10/flo?y=eSkd0EXgz40DUm0ry20Ac [from: JB Wifi]

Slashdot | Building A Community Wireless Network From Scratch unusually good comments from slashdot. The main article can be found here about community wireless in Bristol. More comment later. [from: JB Wifi]

Dan Gillmor: Telecom strategy is take it or leave it Gillmor is talking about the USA, but his conclusions are applicable to Europe as well. He reasons that the solution to the price, slow rollout and monopoly control of broadband is first legislation to encourage public and private alternatives for the last mile problem and second to encourage Open Spectrum policies for Wireless. The second is particularly interesting. The success of WiFi is showing that particularly at high frequencies we can have an ordered exploitation of wireless spectrum without regulatory control over the allocation to providers and users. Technology is proving that spectrum doesn't have to be a scarce resource that must be carefully husbanded and so sold to the highest bidder. But I'm still not sure that it's an answer to Broadband provision at least in the short term. We don't yet have any good examples of WISPs (Wireless ISPs) being profitable or even reasonably successful. And all the current models still have high capital startup costs.

So to go back to the first point about public and private last mile investment. I find it ironic that the government of the day that first encouraged cable in te UK tried long and hard to get the cable companies to lay star-wired fibre. Sadly, this was too early in the Moore's law cycle and so prohibitively expensive at that time. But at least they did lay pipes in the road that would let them lay new wires relatively easily. Maybe we should be encouraging the cable companies to go back and offer a very high speed service as an alternative but with their current debt situation I can't see this happening. [from: JB Ecademy]

eWEEK - Print Article : Microsoft's Fitzgerald: Web Services Over the Hump Fitzgerald argues that the base Web Services protocols are now done and that the toolkits are in place to use them, so it's time to move into an implementation stage rather than sit there arguing about the protocols and approach. Something I wholeheartedly agree with.

Then he moves on to comparing the .NET environment with the Java environment. We get this which again is probably true. "So we continue to focus on high-volume, low-cost, mass-market, ride-the-high-volume hardware. Gartner [Inc.] did a piece this year where they said 80 percent of the spending on Java application servers has been wasted—where people are just over-buying functionality that they don't need. The current environment, where budgets are tight and people are trying to do more with less, is really forcing people to rethink writing a big check for infrastructure." And at this point I begin to wonder exactly what Java is good for. It's making serious inroads into the embedded processor market such as cellphones, but in the server development market it doesn't feel like it's proved it's point. There was a recent article about a speed comparison between Sun's reference application (The petshop store) in Java and an equivalent using other databases and platforms. One piece missing was a fully open source solution using something like Perl or Python with MySQL. I can't prove it by I have this sneeking suspicion that it would have beaten the pants off all of them.

The thing I find delightfully subversive about Web Services is that the core protocols are implemented in every language you can imagine. If you want to mix .Net, Java, Weblogic, Websphere development and applications into a loosely coupled whole, you can. And if you want to bolt in systems based on Perl SOAP::Lite, Python, Apache Axis, PHP, you can do that too. And the same goes for C++, and Delphi. [from: JB Ecademy]

IM compatibility closer to reality - Tech News - CNET.com : The Internet Engineering Task Force (IETF), the group that sets the technical standards for the Internet, gave the go-ahead to the creators of open-source instant-messaging application Jabber to create a working group based on that technology. This will be known as Extensible Messaging and Presence Protocol (XMPP). So this joins the IBM-Microsoft promoted SIMPLE. The IETF approved SIMPLE as a proposed standard in September. Then we have AOL announcing that AIM and ICQ will interoperate. The fragmented IM market is coming together slowly, but there's still plenty of room for consolidation and interworking. [from: JB Ecademy]

For those of us who spent our youth listening to Dub Reggae, here's the >>INFINITE WHEEL<< Dub Selecta!

An amazing piece of scholarship pulling together a large number of independent surveys of the computer software market. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! If you're trying to convince your boss to go with OSS/FS software, this would be a good report to wave at her. [from: JB Ecademy]

This story's actually about WPA but included are some stats from Gartner. ElectricNews.net:News:Wi-Fi Alliance toughens 802.11 security : According to research body Gartner Dataquest, worldwide wireless LAN shipments should increase by 73 percent in 2002, while revenue will increase 26 percent. Gartner predicts that by 2003, WLAN shipments will total 26.5 million units, up from 15.5 million units in 2002, while revenue will reach almost USD2.8 billion in 2003, compared to USD2.1 billion in 2002. Gartner analysts say the market will continue to experience healthy growth through to 2007.

So in very broad terms we have exponential growth in shipments, linear growth in revenue and falling profits. What seems to be happening is that falling prices due to competition is happening earlier and earlier in the price curve and before the early adopters have paid off all the capital costs with the initial high prices. This is a new form of economics isn't it?

I think I've seen some other figures that suggest that Wireless ethernet shipments are now 30% of all ethernet shipments but I can't confirm that. [from: JB Wifi]

WLAN Hot Spot Access For 3G Ericsson announces strategic partnerships to speed up market take-off for public WLAN. Ericsson chooses Agere and Proxim to jointly develop and supply telecom operators with complete end-to-end solutions for WLAN (Wi-Fi) access, integrating hot spot access with mobile 2G and 3G networks. [thanks, CYBERFROST.net]

On the surface this looks like a great idea. But for it to work, we'll need mass shipments of client hardware that supports it. Imagine a new PCMCIA card that does 802.11a+b as well as GSM and/or CDMA with identification and authentication via a standard cellphone SIM. We'd then be able to fire up the laptop and get access anywhere with the software and card choosing the highest speed available. It ought to be possible to choose an appropriate voice channel as well, VoIP if it's available, dropping back to cell if not. But like I said, to do this, we have to have a high installed base of these cards and we also have to have the same sort of roaming and cross charging arrangements that we currently have with cellphone operators. Meanwhile the WLAN industry is churning out  .11b and now .11a cards without all this. The operators won't have the same stranglehold over the technology that they enjoyed with cellphones during the 90s.   [from: JB Wifi]

Here's a map of the 12,647 access points in Manhatten compiled by wardriving every street. Note that this includes private, secured, private unsecured, commercial open and public open points. It was compiled by the Public Internet Project [from: JB Wifi]

I bet you didn't know that Microsoft makes Weblog Software! [from: JB Ecademy]

Two articles that have made me think this week. The first was Anatole Kaletsky in The Times. He was writing about democracy in the higher parts of the EU and comparing it with the USA. The EU is an extraordinary achievement in it's first 46 years but we have ended up with a situation where it is ultimately governed by an unnaccountable and unelected group of politicians each of which can go back to their populace and say "It's not my fault, it's all the others". This raises the question of where we can find the EU equivalent of the US Constitution and it's checks and balances. There's a huge difference here that the founding fathers were a bunch of revolutionaries who were trying to build something in stark contrast to the oppression they perceived of the previous system. The resulting constitution is a succinct model of clarity with a clear vision of a democratic future even if some of it has been whittled away by 200 years of case law and political double dealing. The EU though has been built by politicians with a vested interest in maintaining the status quo and increasing their own power. And we've allowed them to do it, because we (the populace) were largely uninterested in what they were doing.

The second piece was Simon Jenkins bemoaning the strait jacket that central government (and specifically) Prescott puts on regional government and particularly local City government in the UK. Most countries in Europe (and the USA) have found some balance whereby City level groupings can enjoy significant self government. The net result is places such as Barcelona re-inventing themselves as vibrant and forward looking places, while equivalents in the UK such as Manchester or Newcastle ultimately fail to move forward. That's a simplistic view that ignores the great strides that these places have made in small areas. But there seems no doubt that the obession with central control and ring fencing of finances is holding back our second cities.

Which all re-inforces a political belief that I've had for some time. Increasingly I think we have to find ways of governing at an appropriate level. That means making the big decisions at the big level but allowing room for the local decisions to be made at the local level. Which then means having the structures in place for EU, Country, Region, County/State, City, Town/Street. If we can achieve this, it will have a side effect on people's sense of belonging. And they may well have more sense of belonging to the smaller levels than to their Country. In real terms this might mean, say the Welsh thinking of themselves as Welsh, European and only third, British. [from: JB Ecademy]

Interesting short article from Doc Searls What I Learned on Linux Lunacy. Among other things, Doc is a journalist for Linux Today so he's not exactly a disinterested observer. The report is about a cruise of the Caribbean for the alpha geeks of the Linux community.

What caught my eye was this piece. "I'll confess to something here: for the last year or more, I've been a bit worried that Linux' quiet success threatened to make its story less interesting. Now I'm convinced there's a new story in the works--a much bigger one, at least for those of us called "suits" (like, say, the IBM guy). It's about the end of the software business as we know it, and the beginning of whatever replaces it.

The business we knew wanted software to be expensive, high margin stuff. It wanted to lock customers into dependencies. And it wanted to hold on to its position as the paradigmatic hot business category, the kind of business high-rolling investors would help drive to huge successes in the stock market.

That's over, and it's not because a pile of overfunded dot-com fantasies crashed to the ground. It's over because the market doesn't want it any more. The market wants something more like professional services--architects, designers and builders. Good businesses all, but not the kind that are "venture scale", as they say.

The market wants generic $200 workstations that run generic operating systems and generic productivity applications. They don't want to pay more for the applications than they do for the workstations. In fact, they don't want to pay for anything other than expertise. And they don't want that expertise tied up in stuff that nobody else is in a position to understand."

Now I made a fair bit of money in the early 90s running a software company so I'm quite sad to see this if it's true. And it's an issue I've thought long and hard about since then as I tried to work out how to repeat it. I have to say I think I agree with him. Linux in particular seems to me to be the TCP/IP of operating systems (in the same sense that Football is the TCP/IP of team sports). The entry price is low, it's "good enough", it has relatively low hardware requirements and almost surprisingly there seems to be no limit on it's scalability at the top end. As Linux spreads outwards displacing proprietary OS at the top, other Unix in the middle and Microsoft / Apple at the low end, you have to wonder where it will end. Will we be looking back in 10 years time complaining that despite the fact that Linux is ubiquitous and gets the job done, it's still rubbish and limiting where we go next? [from: JB Ecademy]

New Wi-Fi security would do little for public 'hot spots' Improved Wi-Fi security will do little to protect users of public access WLAN hot spots. Analysts recommend an extra VPN layer and personal firewalls. [thanks, Computerworld Mobile/Wireless News] It's good to see that the analysts and journalists are beginning to recognise some of the issues involved in using a public hotspot. You should:-
- Use a firewall like zonealarm
- Use a VPN to any private corporate systems
- Use SSL and authentication for collecting and sending email
That last one is quite problematic. Many people use their ISPs mailbox and SMTP server to deal with email but very very few ISPs support SSL and smtp auth. This has to change.

Meanwhile the proposal for a replacement for WEP is a real problem for the industry. WEP is broken, but it's also hardwired into all the hardware. Any short term changes have to work with existing systems with minimal updates. It looks like WPA may do the trick, but it still requires peer review. Until we have proper military grade encryption commonly available and implemented in a high proportion of hardware, I'd recommend leaving WEP off and using end to end encryption such as SSL which we do understand. Basically regard anything that goes over the WLAN as insecure. From that point of view WEP is a distraction and gives a false sense of security. Which brings us back to the start of this entry and the importance of securing your PC and securing the important applications. [from: JB Wifi]

Reiter's Wireless Data Web Log : has an analysis of US vs UK pricing particularly comparing T-Mobile and Wayport with Openzone. BT Openzone WiFi prices: Better and worse than the U.S... ...(With relatively few hotspots, BT is ripping off subscribers with its charge for unlimited use.)... On that last point, BT's recent deal with Costa will help, but they really need to move faster. If they are being held back by the effort involved in implementing prestige sites, this may mean developing a low end solution that is more like a self install franchise model for smaller outlets. [from: JB Wifi]

Boing Boing hits the jackpot again. I know I shouldn't just copy the post, but it's too good and doesn't need any commentary.
Spooky Web Zen: 10 urls for Halloween heebiejeebies Put down the kandy korn, fool, and hold on to your Aeron. Ten stupid, silly urls guaranteed to induce Web Zen satori long after that sugar high you're nursing wears off. Click 'em and cringe. Boo.
1. pumpkin music
2. candy dildos?
3. creepy eye game
4. satan's little helpers
5. satan's little helpers, part two
6. scary cats do japanese dress-up
7. pelorian cats
8. cat in a shell
9. i love you more than kittens
10. angry, scary, rock-n-roll kittens Discuss Thanks, Frank ! [thanks, Boing Boing Blog]

An amazing collection of blogging tools for the blogging fool at Weblogs Compendium [from: JB Ecademy]

I was just searching Google for WiFi weblogs and found this. Nuzee: Julian Bond's Blog What's that all about? There's my words from Ecademy collected via RSS and displayed on somebody else's website with my name on it! But with all the links in place pointing back to Ecademy.

I don't mind, but I don't ever recall being asked... [from: JB Ecademy]

News: Tech's newest trend--decentralization : COMMENTARY--What's the connection between Wi-Fi wireless networks, Weblogs and Web services? They are among the few technologies thriving amid the industrywide downturn. What's more, they are examples of the trend toward decentralization.

In the coming decade, decentralization will be the critical challenge for the technology, media and telecommunications industries. Each has developed with the assumption that powerful central forces will manage development. Enterprise IT has "big iron" servers and monolithic software applications; communications has carriers investing in huge infrastructure build-outs; and media has content owners controlling distributions channels.

These approaches are under siege--and not because there's a New Economy, or because information deserves to be free, or because of any fluctuation in the stock market. Centralized systems are failing for two simple reasons: They can't scale, and they don't reflect the real world of people. (my emphasis)

An unusually accurate and reasonable article from ZDNet and spot on. This is a drum (among many) that I've been banging for a while now. Perhaps we should be talking about the "End of Big" along with the "End of Free"! [from: JB Ecademy]

Some advice both for conference organisers and speakers for exploiting WiFi at conferences.Wireless LANs: Tips for Speakers

So has Olympia, Excel, and Earls Court got WiFi as part of the conference package? [from: JB Ecademy]