Slashdot Mirror

For those who have not read the linked weblog entry, here are the reasons he believes it to be a GPL violation:

1) "One perfect example of this is Zebra, the advanced dynamic routing software package. By opening the firmware file directly, as well as by making queries through the makeshift ping interface mentioned earlier, we noticed that the zebra running on the WRT54G doesn't use the standard configuration file locations. This means that it must certainly be a modified binary." He also mentions that Linksys seems to have used a modified GCC to compile their software, "with a signature string of "GCC: (GNU) 3.0 20010422 (prerelease) with bcm4710a0 modifications"). That bcm4710 refers to the Broadcom chipset that this AP is actually made from."

2) Yes, the author DID email Linksys asking for the source code. You can read that message here. According to the update at the bottom of the weblog entry, he got a response shortly before midnight on 29 July, but it just said that the issue was being directed to second level support.

> Marin Civic Center. designed by Frank Lloyd Wright and featured in the movie Gataca (sp?). very cool architecture indeed. plus they have a great library with a dome cieling on the top floor.

on the Marin / Sonoma area:

Not sure about that movie, but it was in THX 1138.

Quickie Marin Fact: Ethernet cable used to run under the intersection of Kerner & Bellam Boulevards in San Rafael, linking (in the 80's) Pixar and ILM.

And might as well meet one of the NoCat folks up near Sebastopol & Santa Rosa, to get them to explain how they've used all sorts of elevation mapping to bounce Wifi access up into canyons and off of high points that are *miles* away.

Oh, and go to the Sonoma State University Library, to see the HUGE robotic book retrieval system

Another logging option popular with hotspot operators is NoCatAuth as it provides access controls and logging can be easily implemented.

Try looking at the picture next time. Even the text says so ... and the entire device just managed to squeeze inside.

A good linux sysadmin could setup a multihomed Linux server between his AP(s) and broadband and use NoCat authentication to block this sort of thing, while allowing surfing (or whatever else).

check out nocat. it implements a captive portal with traffic shaping and the ability to assign users to groups which get different classes of service.

NoCatAuth

There are at least a dozen different places a totally anonymous person can get free internet access in my town in very obvious places (that's not including hundreds I've located via wardriving). The easiest and fastest are the public library and the community college library. Speaking of which, my local community college has a nice open WiFi net. Better lock it down so the communists, err terrorists, don't hack any inappropriately connected resources (why should any vital US infrastructure systems EVER be connected to the internet?).

Why should every military base have it's own internet access? Sounds like suicide letting G.I. Joe order up ADSL and let him connect it to a secure network. ALL military internet access should be required to flow out a small handful of highly fortified internet connection points. Even modems should be banned. If the government had HALF a clue it wouldn't matter how insecure the internet was. Paraphrasing here, but it goes roughly like this: Remove the plank out of your own eye before you try to remove the splinter from mine.

Having said that, I believe if you're going to run an open AP, you need to do so responsibly. You need to filter SMTP access so someone doesn't use your bandwidth and IPs to use an open SMTP relay to spam folks (and yes, of course the SMTP relay shouldn't be open, but you shouldn't give them high speed anonymous access to it either). You should be able to account for who is using your internet access, if nothing more than a MAC address and email account. Yeah, a totally open WiFi network world wide would be cool, but each WiFi operator should be aware and able to shut down abusive behavior.

For my own "open" WiFi at freenet.artoo.net I use NoCAT to authenticate all users. Yeah, it wasn't as easy as unboxing an AP and plugging it in, but it wasn't that hard to configure, and now I know exactly who is connecting within any 5 minute sliding window (it uses pushed SSL auth to verify the original sign-on is still valid, and will block and force an SSL redirect to a login page if the original SSL auth isn't kept up). So, worst case is someone could wait for another WiFi user to go idle and spoof their MAC address, and they get 5 minutes of access.

Have you considered Nocat or Auth. Gateway?
No complicated setup or client component required, just a browser or SSH. They don't do encryption so you'll need to use encrypted channels(ssl, ssh, etc..).

This system is used AFAIK in Bryant Park. There's more information by Rob Flickenger the man behind the infamous pringles antenna.

Don
----

'Eatthepuddingeatthepuddingeatthepudding'

A captive portal with a MAC address whitelist and registration is the way to solve the first problem, nocat is pretty close to implementing that for free.

The second problem is one of physics so the FCC is the only recourse there.

Similar projects for Seattle, Washington and Sonoma County, California can be found here and here, respectively.

-Kaos

The wireless group in Houston is building even smaller boxes that are capable of doing everything that this box does. A HOWTO is being assembled here. They are using the Soekris Net4501 in combination with the DWL-520 802.11b PCI card to run Linux and push HostAP and NoCatAuth. The Soekris comes with 3 NICs and no moving parts!

There are a number of other interesting wireless projects which provide some cool / usefull features to 802.11 wifi networks:

NoCat Networks which implement QoS controls on user traffic giving priority to authenticated users.

Janus Wireless is working to improve mobile IP connectivity and integrated peer network services

IRIS which was mentioned recently and is perfectly suited for integration itno wireless networks for large amounts of reliable, distributed data storage.

MIT's GRID routing project which is probably the most similar.

The really cool uses will come when the integrated peer network / wireless network applications become popular an tandem with pervasive 802.11 deployment in homes and offices.

Here, check these guys out:

http://www.personaltelco.net

They (we) are setting up a free, wireless community in the Portland, Oregon Metro area. No banner ads, just a simple web-based authenticator (NoCatAuth) and a phat pipe.

Head down to Pioneer Courthouse Square in downtown Portland. Set your ESSID to 'www.personaltelco.net' and enjoy!

Why not get someone to sponsor the network without banners? Like the city or a deep pocket local corporation? You could use something like nocat to force users to see the name of sponsor and get them to agree to the AUP when they startup. But after that access would be unfettered. This model has worked for NYCWireless.

What about properly secured public/community wireless portals that use nocatnet for user authentication? they dont use WEP as it's useless for this kind of community access point. while nocatauth does quite well at making open portals available for members.

Let's take, for instance, a system like they have in hotels, where you have to log into a web page before you are even routed.

People are way ahead of you. Just check out NoCatAuth, at www.nocat.net

Check out Seattle Wireless and NoCat. They are quite advanced in similar projects.
Good luck, and make sure it's legal before you do it.br. Mihai

I would actually recommend this book to anyone who has more than a passing interest in wireless networks -- sure, there's a lot of nitty gritty details, but that's better than being short on information, right?

Anyhow, for those of you who are interested in setting up a public node, I definitely recommend you check out the NoCat project. It's an authentication/monitoring system for admins interested in having a little control over who accesses their wireless networks.

Another fun resource is the Personal Telco Project. There's lots of smart folks involved who can tell you everything you need to know about setting up wireless nodes with old abandoned computers and home built antennas. Yes. Wireless can be done cheaply.

Enjoy!

Rolling out a community network is a great idea and probably any network geek's dream. But DSL, oh my! Many wireless community networks have proved 802.11b is the perfect technology for this. These guys in Seattle are trying to cover the whole city and IMHO they're very likely to succeed.

So you want to roll out a network in a small city ? UseNoCat Auth for authentication, connect everything to the net, and already you'll be able to read slashdot while sitting in the middle of the street.

Rolling out a community network is a great idea and probably any network geek's dream. But DSL, oh my! Many wireless community networks have proved 802.11b is the perfect technology for this. These guys in Seattle are trying to cover the whole city and IMHO they're very likely to succeed.

So you want to roll out a network in a small city ? UseNoCat Auth for authentication, connect everything to the net, and already you'll be able to read slashdot while sitting in the middle of the street.

I setup a small AP in my apartment, only used by me, so far ;)

I used an old 486 laptop running Linux 2.4.18 (RedHat base) with an Orinoco Silver card, using 40-bit WEP (which to a cracker, is slightly inconvenient at best) and IPTABLES, MAC filtering with IPSEC 3DES and 1024-bit keys.

Be sure to use some kind of encryption better than WEP (like Checkpoint VPN, IPSEC, etc.) otherwise, it's only a matter of time before your users' account info is stolen.

Also consider the kinds of antennas used on the AP. I actually bought the 3 dB loop antenna (size of a 10" plastic ruler) but I don't even need it within my own apartment (100' radius). I use both 2.4GHz phone and microwave with no major problems in my access. Mind you, I'm not using the link for heavy-use or Internet/media streaming. Here are some links to sites that helped me:

• O'Reilly Network 802.11b Tips, Tricks, and Facts [Mar. 02, 2001]
• Dockapps @ Schuermann.org
• O'Reilly Network Recipe for a Linux 802.11b Home Network [Mar. 06, 2001]
• NoCatNet

Good luck with it, please post a link to your HOWTO when you get it running!

NoCatAuth is a project that attempts to address the security concerns of running subscription based wireless services. AFAIK though, it's designed so that you must build linux boxes to act as access points, it would take some hacking to get it to work with existing access points (most of which can be administered through snmp).

The NoCatAuth Nightly (bottom of the page) supports both RADIUS and LDAP authentication. This is fresh code, please report problems and/or send a patch :)

I just recently made the jump to the wireless world. I have to say, it's pretty nice being able to sit in bed, or on the sofa, or even out on the balcony, and still waste time reading /., chatting on IRC, and even doing real work. I'm actually upset I didn't jump back in October when I started a good 4-month stint of working from home every day for a single client.

So now, I had to make the same hard choices about networking security, and how to keep just anyone from accessing my WAP (a LinkSys WAP11... I wanted simple to set up)... Enter NoCatAuth.

I'm in the process of getting a box together to setup NoCat on, and until then, my WAP is sitting powered off for the most part, except for testing. Since I haven't gone through the actual install yet, I can't comment on its ease-of-use compared to the FreeBSD example in the article, but it seems to have several points going for it.

Namely, I like the idea of guerilla wireless communities, and the ability to grant certain individuals more access than others. A few friends and coworkers recently went wireless as well, and since I trust them enough to hook up wired to my own LAN, I trust them enough to connect wirelessly.

As for the "public", I'll likely open things up a bit once I've satisfied myself that connections are going only where *I* want them to go, instead of back into my internal network. Likely, I'll be blocking several outbound ports, but I'll have to see. I'll definitely need to go about making sure that anything sensitive is going over SSH or an IPsec tunnel (joy, finally a use for FreeS/WAN here).

If this article had come out maybe a few days earlier, I might have considered building a WAP instead of just buying one, but I'm happy with my choice.

I'd be happy to know about anyone else's experiences with setting up their own WAPs, either for purely internal access, or for public consumption, especially regarding issues such as security, NoCat, this FreeBSD-type AP, etc.

(Oh, for anyone else who started to tear their hair out because the LinkSys WAP11s don't really like to speak to normal SNMP tools, I discovered this utility that talks to it beautifully, with a text-mode interface)

That's right - we started with the great code that the NoCatAuth guys wrote, and made some patches to do things like tunneling and use a more secure SSL-based username/password token method, and re-released the code back to the community. Go check out the NoCatAuth project - they're doing some great stuff.

• NoCat.Net
• Bering Firewall

There is an abundance of information available out there, but its just finding it that can be a pain. I too less than two months ago knew jack about wifi, but now after _alot_ of reading, i can say i know what im talking about!

Probably one of the best starting points of info i found was NoCatFAQ, otherwise goto just about any Community wireless project and have a look at their info links.

Furthermore O'Reiley has a great book; "Building Community Wireless Networks", that has a lot of info about pretty much everything you want to know to get started! (in dead tree format too!! :])

Well, they set up a captive portal (NoCat.net) and tell every one that this is not a secure network and they shouldn't do anything stupid. Done.

Tom

Yer damn right. Have you taken a look at NoCatAuth yet? As it happens we're working on a C port that should run comfortably on one of these. Join the mailing list to find out more.

with all the unguarded wireless networks around the cities of the US, there's almost no need to pay for access anymore. just get a burly antenna ($70-ish) and move it around until you get a signal. it's free, and free is a good deal!

NoCat

Here are some URLs you might find interesting: HPWREN (featured here recently) have a 45mb backbone using western multiplex tsunami kit, and 802.11b access points. They use solar power and batteries to power some backbone nodes.

Some other people using mostly 802.11b kit who will have some information you can use: BAWUG PersonalTelco.net NoCat.net Freenetworks.org

Using 802.11b or similar tech, you should expect each wireless hop to add about 5ms of latency, maybe a little more depending on distance. You can quite easily build a repeater by connecting two bridges together by a X-over cable. You could probably do this with Linksys WAP11 or similar, but over this type of distance you will find it much easier to use something like the high-spec version of Cisco Aironet 350 bridges (the 100mW versions will push the signal a lot further - 25 miles with 24dBi antennas - you can use Cisco's own, alternatives include Superpass (based in Waterloo), HyperLinkTech and others.

Aironet bridges let you set the distance of the link which modifies timing parameters (a slight problem with standard 802.11b over long distances), and their security is better than WEP.

There's plenty of homebrew opportunities for antennas and other related kit, although I guess they're probably of more use to people who don't have a budget to play with (: There's a collection of links on this page with a particular focus on homebrew kit.

Here are some URLs you might find interesting: HPWREN (featured here recently) have a 45mb backbone using western multiplex tsunami kit, and 802.11b access points. They use solar power and batteries to power some backbone nodes.

Some other people using mostly 802.11b kit who will have some information you can use: BAWUG PersonalTelco.net NoCat.net Freenetworks.org

Using 802.11b or similar tech, you should expect each wireless hop to add about 5ms of latency, maybe a little more depending on distance. You can quite easily build a repeater by connecting two bridges together by a X-over cable. You could probably do this with Linksys WAP11 or similar, but over this type of distance you will find it much easier to use something like the high-spec version of Cisco Aironet 350 bridges (the 100mW versions will push the signal a lot further - 25 miles with 24dBi antennas - you can use Cisco's own, alternatives include Superpass (based in Waterloo), HyperLinkTech and others.

Aironet bridges let you set the distance of the link which modifies timing parameters (a slight problem with standard 802.11b over long distances), and their security is better than WEP.

There's plenty of homebrew opportunities for antennas and other related kit, although I guess they're probably of more use to people who don't have a budget to play with (: There's a collection of links on this page with a particular focus on homebrew kit.

"...your antennas would have to be at least 104 feet above the surrounding terrain, separated by 25 miles, pointed directly at the ground 12.5 miles away, with no intervening ground clutter."