Technik News

Das Blog zu IT, Mobilfunk & Internet

WiFi

Downloading music over the SGAE’s WiFi

von

The SGAE (Sociedad General de Autores y Editores, or General Ass. of Authors & Editors), is Spain’s equivalent of the RIAA. I was rather amused by this video, where a couple of members of a TV show attempt and succeed at connecting to the SGAE’s WiFi network (it had no encryption enabled!), and download music – alledgedly pirated. They then add an extra twist by actually walking into the SGAE’s offices and asking to see someone, laptop in hand, saying they have just had an attack of good will and want to turn themselves in…

The audio is in spanish, but you will get the general idea even if you don’t understand the talk. My oppinion is that they shouldn’t have done this, as connecting to WiFi networks without the owner’s permission is illegal in most countries, Spain included – so they have actually provided potential prosecutors a perfect piece of evidence.

The Chumby – alarm clock? GPS navigator? no – WiFi device for $150!

von

Yesterday I read some news about Chumby, a new WiFi device being released soon, costing $150, and which looks like an alarm clock on steroids. It features a color screen, the ability to run widgets, hackable hardware, and a squishterface (just made that up, to try to describe the squeeze sensor that the soft case uses to provide user input).

The company behind the Chumby actively promotes hacking the product in any way you want, so this could become another Roomba, albeit cooler (yes, I know, the Roomba moves, so what!). I have signed up to try and get an early sample, let’s see if they consider my arguments.

A few words of constructive criticism – when creating an account, the country drop-down list is not in alphabetical order, so you spend quite a bit of time trying to find yours (US users will have it easy, as it is the default). Additionally, once the steps are completed, you are asked to enter the device ID and give it a name, after which you end up staring at a white page with the big black words: “Application error (Rails”. Whatever that means.

Microsoft Un-Wired – making WiFi easier to use?

von

I read a couple of days ago about an initiative by a small team of Microsoft coders to create a tool that will make managing WiFi connectivity easier, with features such as bookmarks, network management, a hotspot locator, and interestingly, a VPN solution.

On the surface, it looks like hotspot directories JiWire or WiFi411, but the VPN is what interests me. Currently, this is an expensive add-on service offered mostly to business users to secure their traffic while on public hotspots. If Microsoft can make VPN connectivity to secure traffic for any user, it would solve many problems, and give the Wall of Sheep at DEFCON a very hard time. My only doubt about this service is if and how much it will cost.

The blog entry talks about being in beta, and thus more features being in the pipeline, so this is one I’ll be watching with interest.

DEFCON 14 – A hacker’s paradise

von

I have just returned from a vacation, interluded by a couple of trips – one of them to DEFCON, the world’s largest hacker conference. This year, it ran at the Riviera hotel and casino in Las Vegas at the beginning of august.

There was plenty to see and do, from conferences as interesting as war-rocketing to an insight into the US-VISIT program, and it’s plans to implement RFID tags into the green visa waivers, or the 2D barcode receipts given out at airports.

I participated in the wardriving events, organised by Thorn, and which consisted of the Running Man and Fox Hunt competitions. Our team was led by Renderman, and we had some backup that put up some noise (fake APs, floods, etc.) to make the contest more interesting.

The Running Man started well, but unfortunately the other team tripped casino security by walking past their booth with a magmount omni antenna on each shoulder, a laptop, several WiFi cards dangling from their belts, a YellowJacket, and other gear – apparently, the IT guys freaked out, and they wanted the contest shut down. After the intervention of Ross and Priest, we were allowed to carry on, but limiting the search area to the venue, and not the whole casino. After the contest resumed, we found the Running Man in around 15 minutes, and won!

The second contest, Fox Hunt, consisted of a hidden WRT54G that was only on for 15 seconds every minute. One was supposed to locate the fox, connect to it, and change the SSID after brute-forcing admin account. 15 seconds to do all that is not a lot! So, our plan was to locate the fox….and make a run with it to a safe place, so we could kill the 15 second timer circuit, reduce the amount of RF leaking out and have a go at changing the SSID. The first part of the plan went well, but then the other team got slightly miffed, called Thorn, who in turn called us to go back to the contest table with the WRT so the other team could also have a go at it.

Interestingly, Thorn had taped the admin password to the bottom of the router, but neither team noticed it! In fact, the other team ended up brute-forcing the AP and changing the SSID. We contested that since when we removed and reapplied power to the AP, the SSID went back to its default, we had in fact won, but Thorn wasn’t having any of it. The contest was a tie, which was decided by the question “Who owns the OID 00:00:00?”, the answer to which is Xerox. We got it wrong, and so we lost. Next year we will be better prepared for sure.

Here are a few pictures from the event:

215968623_41bb4d0a52

Thorn and Renderman giving their presentation on the Church of Wifi, with CoWPatty, the WPA rainbow table generator, and the WRT54G mods, which included my WaRThog.

215972088_93d246f6a7

The war-rocketing guys, and their awsome rocket. I wonder how they got that thing past airport security.

219943777_5f1822fcfd

The WaRThog on the left, with two more of CoWF’s modified WRT54Gs.

219943269_35eee99859

If you used DEFCON’s wireless network to check your email, access your corporate network, etc., but didn’t use any form of security (VPN, SSH…), you are bound to be in the Wall of Sheep. It displays captured user names, passwords, domains and access methods – I actually had the two colleagues travelling with me show up here, even though I told them to not even open their laptops while at the con.

See you next year!

My last day as a Fonero – bye FON, hello future

von

Today is my last day as a Fonero, which is the way people registered in FON’s network are called (IMHO a rather ugly name). Why this decision? There are a number of reasons, and I have chosen to simply make a list.

  • The most important reason is that I have taken a position at a company that makes it unethical for me to continue participating in FON. I will no longer post on their forums; however, I will continue to post my thoughts about FON on my blog, and replying to Martin Varsavsky in his blog when I see it appropriate.
  • FON has been a downhill experience from day one. I ordered my “social” router, and got charged by PayPal, but no confirmation from the company, no tracking number, nothing. I emailed their support address, no reply. It eventually arrived, admitedly faster than the month or two some people were reporting on the forums. After a few futile attempts at configuring the router to work with my DSL line, and a couple of completely ignored emails to FON support, I simply gave up. The router is now waiting for a PCB to turn it into a WaRThog.
  • Every time I see a new crazy idea in Martin’s blog I feel more depressed about the FON project – does he really think WiFi is the way for homeless people to make a living, reselling VoIP services over Bluetooth? (don’t ask!). Where would he send them the money? Then there are the times when he takes a product and claims it was designed by FON, sometimes in secret collaboration with his backers Skype or Google. The latest is the Skype-compatible WiFi phone made by an Accton subsidiary – this is a design that Accton started way before FON even saw it, and way before Martin could have his logos photoshopped onto the mockups. As a matter of fact, out of the box this phone will not work at FON hostspots, as it lacks the browser required to perform user login – so they will have to work some magic.
  • The english and spanish forums are another source of disappointment, with daily posts from people complaining about the extremely poor support that FON is providing them. Some have even taken to posting comments on Martin’s blog to air their issues, something blogtiquette considers a no-no. I posted a few days ago about this particular issue.
  • They have followed an ill-conceived path to gaining publicity through bloggers, resulting in serious backslash from the spanish blogosphere (see here and here). Martin seems to think that by surrounding himself with top bloggers in exchange for dubious stock options or a seat in the board will get him a free ticket to stardom.
  • I believe that FON serves two purposes – one is to give a personal vehicle of shininess to Martin’s ego. See this post by Glenn Fleishman on FON’s crazy deal announcements, later called off as a lie by Speakeasy – typical example of how he manipulates a phone conversation into front-line news. Om Malik also reported on this particular issue. Martin is someone who cannot be seen as co-founding anything, but as a leader and innovator.
    Secondly, FON serves as an experiment for Skype and Google, who somehow convinced Index and Sequoia to go along. I don’t believe the two VC firms are into experiments, but FON would certainly provide good feedback to S & G about socializing WiFi, hardware distribution, and the adoption of the Bill model as a viable way to extend a WiFi network. Other stuff such as amount of logins at each location/router, number of registered users, daily passes sold, etc. would make nice colored graphs in the resulting corporate presentation.
    But, the problem is that FON is a huge fiasco in terms of hardware distribution, firmware development, public relations, and costumer support. I thus question the validity of any figures that come out of this rather expensive experiment.
  • Their firmware development process seems to be a closely guarded secret – but not for the same reasons Apple safeguards its own developments. FON started working with Brainslayer, the creator of DD-WRT, a free Linux distribution for Linksys (and other) routers. Apparently, Brainslayer was not very well treated by FON, and he parted to work in the Sputnik project, amongst other developments.
  • Just as Mark Evans did, I have voiced my concerns about FON’s business model and strategy – now that they finally launched the Bills, it looks more ill-fated than ever.

I find it really amazing how FON, with the $21.7 million they got in funding, cannot manage to hire a competent team of support personnel, outsource their obviously ill router redistribution system, and get some muscle behind the community effort. Martin Varsavsky is known in Spain for starting companies, pumping them up, and selling at the best possible gain – then leaving them behind with serious problems. Just look at what people think of Jazztel, or what troubles the Ya.com portal went through.

For me, the FON adventure is over, and a new, better adventure is starting. We will start disclosing things around the end of August, so if you want to stay updated, you are welcome to subscribe to the RSS feed.

How can FON expect to win?

von

Today I decided to attempt a second round at configuring the router FON sent me a few days ago, since my first out-of-the-box experience hadn’t been that good. Emails to tech support unanswered, which seems to be an endemic problem, as can be seen on FON’s forums, I finally gave up.

After plugging in the WRT54GS router as briefly described in the brief manual supplied with it (a third of one side of an A4 sheet of paper), I connect to the FON_HotSpot SSID detected by the MacBook. Fire up Firefox, and I’m promptly greeted with a welcome page that states the router could not configure itself, and thus has no connection to the Internet. It shows a few scenarios that one can check for problems, also suggesting one should consult again the third-of-a-page-handbook, and, failing all this, to try manual configuration of the router.

After about an hour of changing IP addresses of the WAN and LAN interfaces (and where is the WiFi interface? or is it linked to the LAN or WAN?), I have finally given up again. I’m not a networking überguru, but I know a bit about routing and setting up IP interfaces, and this thing just managed to get on my nerves. You cannot find a clear manual with diagrams of network connectivity, setups and scenarios, a description of the theory of operation of the hotspot, and as it has been shown, sending emails to FON support is usually futile. The forums are more helpful, but not because there is a healthy bunch of FON staff there, but because a number of talented and skilled individuals have taken upon themselves the task of helping others through the ordeal.

I’m sure that a lot, if not most, users that plug in the FON router can simply connect to it, register and start surfing, but in cases like mine, where I simply have a DSL router to which I plug in the FON router and it’s supposed to work – but doesn’t – a blank void is all there is left to stare at.

Maybe a last attempt will be to flash the new release of the firmware, once they have fixed the problems in v.0.6.6.

Bottom line is that FON cannot expect to create a WiFi planet with people roaming for free on the 1 million routers they are going to distribute, once they get their logistics right, based on complex hardware that requires from either skilled operators, or very good tech support and clear setup and troubleshooting guides. A couple of days ago, someone posted on the forum that FON was a beta company. How can a company class itself in beta? It can have a service in beta, but the company must be running, if not totally smooth, at least with agility and responsiveness, fixing its problems quickly and providing first-class customer service.