Kevin Werbach notes yesterday on a killer app for Wifi inside businesses: Wifi-enabled PBXs. 

In other words, route their voice traffic within the company over the private WiFi network.  This would save mucho costs, and give the companies features and management capabilities they don't have today.

I wrote about this over a month ago, when TI rolled out a new lower power Wifi chipset.  An excerpt:

Most interesting about this product release is it signals the coming convergence of corporate PBX systems with cell phones.  Equip a corporate PBX system with VoIP over WiFi, and allow it to seamlessly roam to cellular networks when it is out of range of the corporate network, and you've got (a) a single device you can carry around with you that has one phone number, and (b) no cellular charges when you're within range of the corporate LAN.

Kevin, you're dead on - this will significantly enhance the capability and manageability of voice service, and it will also provide a very profitable business model for one or more carriers. Carriers now have a roadmap to a cost-effective service that incorporates the corporate PBX inside the office with cellular service when outside the office, all with the same phone number.

Verizon marks a change of policy with its announcement today that it would provide an optional Linksys DSL+WiFi router as part of a special package designed especially for sharing a DSL connection wirelessly.  Andrea Custis, group president -- sales and marketing for Verizon Advanced Services said in a statement, "Verizon doesn't charge extra for every computer you connect to a router, or any additional monthly router maintenance fees, the way many cable TV companies and other DSL providers do."

Verizon seems to skirt the line around public use of their home DSL products, by consistently stating that the wireless access is for use within a single subscriber's home.  In addition, Cory Doctorow at BoingBoing points out that Verizon's Terms of Service specifically disallow resale or activities (commercial or noncommercial) that constitute resale of service, at Verizon's discretion.  Ben Charney at News.com also wrote an article describing the new service.

Great to see a big carrier bundling WiFi into its DSL offerings, and explicitly stating that it can be used for home use.  Too bad they still leave things unclear when it comes to community wireless purposes.

I've read a lot about the new Google pagerank algorithm changes, and I've certainly noticed some negative changes.  One that struck me especially is the search for "hack google", which used to have me as the #1 result.  I tried it today, and found something very interesting - a new Google easter egg!

Some more research shows some other Google easter eggs:

Swedish Chef
Elmer Fudd
Pig Latin

Wow, I can't believe that it has been nearly a month since I last blogged.  I've been extremely busy, both with Sputnik-related work, and AOTC.  In the meantime, there has been lots of new interesting news in the wireless space and elsewhere.  I'll be posting a number of items in the next few days.  In the meantime, I'll plug a few other blogs that have been, ahem, more consistent with their coverage - The ever-popular 802.11b Networking News (the title is misleading, Glenn reports about all types of wireless, but focuses on WLANs), Alan Reiter's blog, Werblog (which often has interesting wireless and technology commentary), and a newcomer's blog, Cyberfrost.net, an interesting news blog on the wireless market, focusing on 802.11.

Wired's cover story this month is about Sky Dayton and Boingo. It's got the usual fare about WiFi, how it is going to change the world, and how Dayton is poised to capitalize on it.  At the same time, it points out the challenges:

The trouble with the Hot Spot plan: It assumes that the students, bohemians, and cubicle dwellers who hang at the local Java Hut will shell out $75 a month, or even the $7.95 onetime connect fee. At that price point, Boingo is likely to attract only the wealthiest of m-workers — few of whom spend time discussing Hobbes' Leviathan over cappuccino and a maple-nut scone.

Sputnik is mentioned as a competitor, even though we aren't in that business.  Hey, any press is good press, I guess.

The San Francisco Chronicle reports on the release today of Texas Instruments' latest WiFi chip, the TNETW1100B.  According to TI, it will consume on average one-tenth the power of existing WiFi chips, and it is half the size.  This is expected to increase battery life for PDAs as much as 25 percent.  To be specific, the energy reduction is down to 2 mW during standby mode. 

Most interesting about this product release is it signals the coming convergence of corporate PBX systems with cell phones.  Equip a corporate PBX system with VoIP over WiFi, and allow it to seamlessly roam to cellular networks when it is out of range of the corporate network, and you've got (a) a single device you can carry around with you that has one phone number, and (b) no cellular charges when you're within range of the corporate LAN.  This is an innovation that may not come from most of the the cellular incumbents, but I believe that an opportunity is brewing for the first carrier that does embrace the model - namely, huge corporate deals that will finally allow the carriers to break into the enterprise market.

Thanks to Sameer Verma for the link!

Black Alchemy has just released Fake AP, a set of perl scripts that allow a Linux box with 802.11b card to spew out thousands of fake 802.11b beacon frames.  Essentially, this is a wireless form of chaff, a common military defensive weapon that succeeds by fooling an attacker to attack a fake target.

Of course, this may give common tools like AirSnort and NetStumbler a headache, but still does not stop a determined attacker - as long as someone is legitimately using the real AP, their packets (with the correct SSID) will appear in a statistically significant sample of packets. 

Still, it may be a useful part of a multi-tiered security model, as described in my last entry.  It will certainly deflect most script kiddies and other people driving by just cruising for a connection.  But then again, why not just give those guests limited access to your net from the start?

The Atlantic has an excellent article by Charles Mann on issues surrounding computer security - and about security overall.  There is lots of good commentary throughout from one of the gurus of computer security, Bruce Schneier, author of Applied Cryptography and founder of Counterpane Internet Security. 

This is especially relevant in the context of the furor surrounding the security of wireless networks.  With all of the hubbub surrounding the crack of RC4 and WEP, and security questions surrounding 802.1x, there has been a scramble to find technological solutions to the problems introduced; namely that a determined attacker could hack into or listen in on a WEP-encrypted network with a few hours worth of data received from the access point, not to mention that most APs today are severely mis-configured out-of-the-box with regards to security. 

Schneier is one of the finest security analysts of our time, His monthly crypto-gram newsletter is required reading for anyone who is interested in network and computer security.  His book Secrets and Lies is a great introduction to these issues for the layman.  When I was designing Sputnik's security and management features, I found myself again and again thinking about his rational approach to creating systems that fail gracefully.  Some guidelines:

1. The network is fundamentally insecure
2. There is no such thing as 100% security
3. Create systems that fail gracefully
4. Ensure that systems do not fail catastrophically (e.g. SeaTac in the article)
5. Design security in depth
6. Remember the humans in the loop
7. There is always a tradeoff between security and flexibility
8. Give users and administrators a choice when making that tradeoff
9. Do your best to make it secure out-of-the-box

Here's an excellent quote by Schneier from the article:

"The trick is to remember that technology can't save you…. We know this in our own lives. We realize that there's no magic anti-burglary dust we can sprinkle on our cars to prevent them from being stolen. We know that car alarms don't offer much protection. The Club at best makes burglars steal the car next to you. For real safety we park on nice streets where people notice if somebody smashes the window. Or we park in garages, where somebody watches the car. In both cases people are the essential security element. You always build the system around people."

So, do we have to abandon our goal of perfect theoretical security?  Yes, I think so.  The more important goal is, "Does my system make it inconvenient enough for attackers that they attempt to attack via other means?", or "Does my system raise the cost of a successful attack high enough to be impractical?" and "Does my system make it easy for humans to monitor?"

Just some ramblings on the day after labor day...

VentureWire reports on the disposition of HereUare's subsidiary, WiFiMetro:

SALT LAKE CITY -- Ikano Communications, a provider of Internet
networking infrastructure and private-label Internet services, said it
has purchased the wireless network and software of hereUare, a San Jose,
Calif.-based wireless Internet service provider, for an undisclosed
amount of cash.

Ikano will operate the network under the Hotspotzz name, utilizing a backend software solution called Spotzz for the network's access control, accounting and auditing functions, along with roaming services, according to Broadband Wireless Online.

I've been following the interesting blogversation between Doc Searls, Dave Winer,  Larry Lessig, and Charles Cooper surrounding Larry's proposal to reduce the copyright of software to 10 years, and to hold source code in escrow so that it can be released after the 10 year copyright is over.

One point kept niggling at me, which was the proposition that Charles and Dave made that a 10 year copyright will seriously hurt small and independent software developers.  Charles writes:

I can't think of a better prescription for formalizing the existing constellation of power that favors the Microsofts and Oracles over the small and independent developers.

At this juncture in the history of the software industry, more so than ever before, 10 years doesn't amount to a hill of JavaBeans--not when you're attempting to build up brand, distribution and customer loyalty in an increasingly fragmented and competitive market.

Dave Winer puts it this way:

After giving it a bunch of thought, I think Lessig is going after the BigCo's, probably Microsoft. But he would also sacrifice the independent companies. If we have to publish our source code the users won't pay for it. Ten years isn't enough time to create a new market. So you wouldn't get any commercial innovation in this system. The BigCo's don't innovate.

Huh?  I don't get it.  I'm a software developer - I make my living through the creation of software, and all my experience and training tells me that these arguments just don't add up.  As a thought experiment, ask yourself how many pieces of software are you using that are 10 years old?  And when did you purchase that software?  I can't think of a single example of software that generated revenue 10 years after it was written, unless you're talking about software for the Space Shuttle or some other old piece of hardware; and even then, that software will have bug fixes and new features, more likely than not - and that code will be covered by the 10 year copyright law as well. 

Now ask yourself, how many old pieces of software would I love to have on my current desktop?  Hypercard, perhaps?  Or how about all those old games for the Atari or Intellivision consoles?  How many programmers would be able to learn and innovate on today's programming world if the source for those old non-revenue generating programs were part of the public domain?  How many old data files would you be able to unlock if you were able to run that old DOS accounting program on your current desktop?  What will happen 30 years from now when the MS Word file format is as anachronistic as a pile of punch cards?

Larry Lessig has written a response to Cooper's criticism, and I think he's dead on.   Lessig quotes an 1829 precedent that shows that the founding fathers felt that copyright terms had to be "limited" so that creative works would pass into the public domain "at as early a period as possible":

Why? Because the framers were keen to have others build upon creative work, after copyright assured the "author" a sufficient return for his or her creativity. They believed, in other words, in a public domain, and they required that copyright terms be "limited" so that the public domain would flourish.

Lessig then builds a strong argument to show how his proposal would actually help small, creative, individual developers, and help reduce barriers to entry into large, established markets while still giving the copyright holder a 10 year head start on new competitors.

Dave Winer makes another argument, which I'll call the "supply vs. demand" argument:

If the customers placed a sufficiently high value on having access to source code, or if they felt our copyrights lasted too long, of course we would have to do what they want us to, or retire from the market. So the proponents of this plan are trying to legislate what they haven't been able to gain in the market. It's a weak position for that reason.

I disagree. There's never really been true power or representation by customers in the market for source code and long-term support contracts - it is just too small, fragmented, and uninformed, especially in the desktop computer space.  Of course, big companies who make custom deals can get license terms changed, including access to source code, but we're not talking about a true level playing field in today's world.  Heck, we've had companies declared monopolies that still browbeat their customers with obnoxious clickwrap licenses and liability warranties that would be considered obscene if they were attached to a physical object like a car or a bridge. These actions are not signs of a healthy relationship between software developers and their customers.  Software, like privacy, has always been a supply-side game - the only recourse a customer has is to not play, and in many cases, that is impossible or untenable.

In short, reducing software copyright to a reasonable term would have a very positive effect for the software market and for its customers.  There would be an incentive to innovate, in order to keep opening up new markets and provide better and better code.  And future generations of computer scientists (and historians) would thank us - with this code in the public domain, we could join the other sciences and stand on the shoulders of giants, not stand on each other's feet.