There's nothing definitive, but the regulations that govern Part 15 devices like Wi-Fi and Bluetooth require extremely low signal strength in client devices -- effectively 10 to 1000 times less than a cell phone signal. I have some concerns that we'll find that a cell phone against your brain might have been a bad idea, but a Wi-Fi device across the room is only a few orders of magnitude above background thermal noise.
Not political dangers, not legal dangers, but health risks. This is an unshielded piece of metal that's surely producing signal all over the place. Wi-Fi is microwave radiation. While it's not a big deal for the tiny antennas in cards or bigger antennas that are found on access points, when you start boosting the gain and have directional focus, it's critical for your long-term well being to not spend extended periods of time (or, for higher-gain antennas, any time whatsoever) in the "blast" of the beam. There are well-documented health risks from microwave radiation exposure but only at high levels and short distances.
Because this ad hoc device hasn't been checked out in any fashion, it's possible that even with it facing away from you, you could be subjecting yourself to cellular damage from the microwave radiation. I wouldn't recommend this. The cantenna design is much simpler and safer. Other ad hoc designs at least have parameters that prevent so much signal spew. This one worries me.
The teenage girl is a reference to the smiling, cigarette-smoking woman Lynndie England pictured pointing at a humiliated Iraqi man's genitals, and the fact that she and her smiling comrades will take the fall for Donald Rumsfeld and the rest of the chain of command.
I'm not saying that every service works for every at the right price yet. What I'm pointing out is that the service pricing is trending downward. Most of the cell data plans either recently upped their data rates or dropped their prices. You can get unlimited GPRS for $20 a month now, for instance. Boingo is one of three aggregators of hotspot access all of which require Windows clients, but it's the only one currently with an unlimited monthly plan at a fixed rate.
Actually, you're not totally on target with prices here. The day rates are too high, I agree; that's got to change. But if you don't need month-to-month rates, you can get a pretty good deal today. T-Mobile cell subscribers pay $20 per month for unlimited Wi-Fi use with a 1-year commitment; it's $30 per month if you're not a cell subscriber with a 1-year commitment.
Boingo Wireless resells Wayport's service for $21.95 per month (month to month, no cancellation fee; $34.95 per month after 12 months) along with several thousand non-Wayport locations, but not yet including T-Mobile. (Tell T-Mobile you want it!)
It's very clear that a $20 per month rate for unlimited U.S. Wi-Fi is in the cards for the near future from several cell companies and aggregators like Boingo -- it'll happen.
But it's also pretty easy to find free locations if you think $20 to $40 per month is too high. The for-fee locations are ever more appealing to business travelers of which there are apparently about 40,000,000 in the U.S.
I'm with you, chrome. The whole point of RAND (reasonable and non-discriminatory) terms is that companies that have intellectual property that they are either required as part of company policy or believe is wise of them to protect, can participate in standards development -- but only if they agree to RAND. If you don't agree to RAND, you can't corrupt the IETF, IEEE, or other bodies by later claiming high fees.
In many ways, Cisco is being a good citizen by saying, you can reliably go ahead and implement this stuff that uses our patents because we agree to RAND. This means, as chrome says, that Cisco is making sure that the rights are locked up, are licensed cheaply and reasonably, and that they have spent the legal $ to ensure so.
Apple sells so much of its gear direct at list price that they might be making $70 on a $99 AirPort Extreme Card (now bundled with all PowerBooks as part of the basic price) and $200 on a $249 Base Station!
First off, these guys aren't the first: a company called DotSpot (read my article) launched six weeks ago. Second, if you don't want the ads, don't use the free service. Spam is unsolicited commercial whatever that you're the unwilling recipient of. Terms of service are different. If you sign up for a free ISP and then promise to spam you, it's not spam. If they don't disclose they spam, it is spam.
WaReZ folks have ways to deal with that, tho'. They are tight cabals, so someone acting that way would probably be locked out of future sharing arrangements.
I have the idea that WaReZ folks are going to get several Gmail accounts, fill them with WaReZ, and widely distribute the passwords for these various accounts so that people can connect and download them.
One article noted that this band would require the use of cognitive radios to reduce interference far below the threshold of Part 15's normal "don't interfere, accept interference" standard.
The LEAP problem is pretty egregious because PEAP and EAP-TTLS are in wide use -- both of which encrypt the authentication process protecting against just sucking down a transaction for offline analysis. PEAP was supposedly supported by Microsoft and Cisco, but I don't see how Cisco is supporting it by releasing EAP-FAST, which is an alternate approach that's not as strong as PEAP. (PEAP is also supported by Mac OS X 10.3, just by the way, as well as third parties who made 802.1X authentication software clients.)
But remember that this problem isn't limited to LEAP. As Robert Moskowitz of ICSA Labs wrote last November, poor WPA preshared key passphrase choice can allow WPA keys to be cracked. WPA (Wi-Fi Protected Access) is a fix to WEP that involves dramatically more complexity and sophistication in deriving per-packet keys.
However, if you choose a dictionary-crackable passphrase of under 20 characters in WPA, you hit the same problem as LEAP: a cracker can trigger a deauthentication, capture the reauthentication in less than a minute, and then crack at their leisure.
WPA-PSK will probably only be used in home and small office networks, where passphrases may be poorly chosen. I have spoken to manufacturers about changing the presentation layer: don't let users pick bad passwords. So far, to no avail. Not even a recommendation from the Wi-Fi Alliance.
WEP was weak (not broken) by design: when the spec was being designed, the US government still had its onerous cryptographic export restrictions (classifying them as munitions) and one person involved in setting the WEP spec said they erred towards weakness in part because of that climate, and in part because they didn't have computational juice available. The broken parts are just broken, but the strength was intentional.
On the Chinese front, you're way off base. The problem is that the Chinese government requires that foreign companies provide their intellectual property (chip designs, etc.) to one of a dozen Chinese firms that are licensed to create WAPI. So it's not a matter of just adding code to firmware, in which case it might be Yet Another Redundant Standard. Instead, the Chinese government is requiring that non-Chinese firms essentially give away their technological advances.
What killed ergonomic keyboards? Lawyers, sort of. Our U.S. legal system makes the fact that you sell a product that is "safer" (for some people) a factor in litigation against the "dangerous" old keyboards. So my understanding is that many companies, even those successfully selling ergonomic keyboards, were convinced to stop to avoid huge trolling lawsuits from users of older or simultaneous non-ergonomic keyboards.
Since Microsoft has been partially funding SCO (through fees or licenses or other alleged funding activities), does their deal with Sun (which has some relatively significant Linux/open source interests, but not as much as IBM and HP) mean that Microsoft backs off from SCO's defense?
It seems like some footnote in the $1.7 billion cash deal and partnership announcement should be that Sun has Microsoft's contractual assurance that they won't threaten Sun's Linux business through supporting SCO.
It's one thing to run aggressive spam reporting filters. It's another to have no procedure that can get you out of the doghouse. My father and I run a very very small commercial service for monitoring the rank of various books at Amazon that's sold to authors. They pay for the service. It's double opt-in. We keep records of each sign-up and each opt-in confirmation, as well as payment records.
AOL banned our URL but not our email. The error said the URL in our messages couldn't be sent to AOL addresses. We contacted our three (yes, just three) AOL subscribers and asked them to try to use AOL's tools to make sure our email went through, but they didn't have any options that helped.
I contacted AOL, spoke to a guy who believed what I had to say, and I sent email including a variety of details to a Yahoo (ironic) address that they obvious use for disposable purposes and change from time to time. No response. A week later, I email there again as a follow-up. No response.
So what are we to do? Convince AOL subscribers to switch to another ISP? Nope.
Chris said in email that he's been migrating servers so that content is offline at the moment. I have no doubt that he did break the story--it's too bad it didn't get picked up then. I wound up reporting about it in part because I was contacted by some folks in Austin (quoted in the story) who were concerned that AMD hadn't responded to them. Chris is part of the Austin Wireless group.
You can also use JiWire's hotspot directory advanced search page. Click the "free" button at the bottom of the search bar just above "Get Hotspots" and it only returns free locations. (Yes, I'm affiliated with JiWire, but this is good advice, no?)
I found your post in researching this story, and I give you full credit for having posted something about it so early. However, we talked to about 15 people for this article by phone and email, and made sure they were willing to go on the record with specific details.
Slashdot Mirror
There's nothing definitive, but the regulations that govern Part 15 devices like Wi-Fi and Bluetooth require extremely low signal strength in client devices -- effectively 10 to 1000 times less than a cell phone signal. I have some concerns that we'll find that a cell phone against your brain might have been a bad idea, but a Wi-Fi device across the room is only a few orders of magnitude above background thermal noise.
Not political dangers, not legal dangers, but health risks. This is an unshielded piece of metal that's surely producing signal all over the place. Wi-Fi is microwave radiation. While it's not a big deal for the tiny antennas in cards or bigger antennas that are found on access points, when you start boosting the gain and have directional focus, it's critical for your long-term well being to not spend extended periods of time (or, for higher-gain antennas, any time whatsoever) in the "blast" of the beam. There are well-documented health risks from microwave radiation exposure but only at high levels and short distances.
Because this ad hoc device hasn't been checked out in any fashion, it's possible that even with it facing away from you, you could be subjecting yourself to cellular damage from the microwave radiation. I wouldn't recommend this. The cantenna design is much simpler and safer. Other ad hoc designs at least have parameters that prevent so much signal spew. This one worries me.
The teenage girl is a reference to the smiling, cigarette-smoking woman Lynndie England pictured pointing at a humiliated Iraqi man's genitals, and the fact that she and her smiling comrades will take the fall for Donald Rumsfeld and the rest of the chain of command.
I'm not saying that every service works for every at the right price yet. What I'm pointing out is that the service pricing is trending downward. Most of the cell data plans either recently upped their data rates or dropped their prices. You can get unlimited GPRS for $20 a month now, for instance. Boingo is one of three aggregators of hotspot access all of which require Windows clients, but it's the only one currently with an unlimited monthly plan at a fixed rate.
My point, in brief: pricing is heading down.
That's $12 per month for unlimited access to their entire network.
Actually, you're not totally on target with prices here. The day rates are too high, I agree; that's got to change. But if you don't need month-to-month rates, you can get a pretty good deal today. T-Mobile cell subscribers pay $20 per month for unlimited Wi-Fi use with a 1-year commitment; it's $30 per month if you're not a cell subscriber with a 1-year commitment.
Boingo Wireless resells Wayport's service for $21.95 per month (month to month, no cancellation fee; $34.95 per month after 12 months) along with several thousand non-Wayport locations, but not yet including T-Mobile. (Tell T-Mobile you want it!)
It's very clear that a $20 per month rate for unlimited U.S. Wi-Fi is in the cards for the near future from several cell companies and aggregators like Boingo -- it'll happen.
But it's also pretty easy to find free locations if you think $20 to $40 per month is too high. The for-fee locations are ever more appealing to business travelers of which there are apparently about 40,000,000 in the U.S.
I'm with you, chrome. The whole point of RAND (reasonable and non-discriminatory) terms is that companies that have intellectual property that they are either required as part of company policy or believe is wise of them to protect, can participate in standards development -- but only if they agree to RAND. If you don't agree to RAND, you can't corrupt the IETF, IEEE, or other bodies by later claiming high fees.
In many ways, Cisco is being a good citizen by saying, you can reliably go ahead and implement this stuff that uses our patents because we agree to RAND. This means, as chrome says, that Cisco is making sure that the rights are locked up, are licensed cheaply and reasonably, and that they have spent the legal $ to ensure so.
Apple sells so much of its gear direct at list price that they might be making $70 on a $99 AirPort Extreme Card (now bundled with all PowerBooks as part of the basic price) and $200 on a $249 Base Station!
Boeing charges from $500,000 to $1,000,000 per plane. They also spend $300M/year to lease transponder space on satellites.
First off, these guys aren't the first: a company called DotSpot (read my article) launched six weeks ago. Second, if you don't want the ads, don't use the free service. Spam is unsolicited commercial whatever that you're the unwilling recipient of. Terms of service are different. If you sign up for a free ISP and then promise to spam you, it's not spam. If they don't disclose they spam, it is spam.
Google hasn't discussed any limits yet, and that's one of the issues. They say they won't monitor content or usage.
WaReZ folks have ways to deal with that, tho'. They are tight cabals, so someone acting that way would probably be locked out of future sharing arrangements.
I have the idea that WaReZ folks are going to get several Gmail accounts, fill them with WaReZ, and widely distribute the passwords for these various accounts so that people can connect and download them.
Gigabytes for free = untraceable free WaReZ.
One article noted that this band would require the use of cognitive radios to reduce interference far below the threshold of Part 15's normal "don't interfere, accept interference" standard.
The LEAP problem is pretty egregious because PEAP and EAP-TTLS are in wide use -- both of which encrypt the authentication process protecting against just sucking down a transaction for offline analysis. PEAP was supposedly supported by Microsoft and Cisco, but I don't see how Cisco is supporting it by releasing EAP-FAST, which is an alternate approach that's not as strong as PEAP. (PEAP is also supported by Mac OS X 10.3, just by the way, as well as third parties who made 802.1X authentication software clients.)
But remember that this problem isn't limited to LEAP. As Robert Moskowitz of ICSA Labs wrote last November, poor WPA preshared key passphrase choice can allow WPA keys to be cracked. WPA (Wi-Fi Protected Access) is a fix to WEP that involves dramatically more complexity and sophistication in deriving per-packet keys.
However, if you choose a dictionary-crackable passphrase of under 20 characters in WPA, you hit the same problem as LEAP: a cracker can trigger a deauthentication, capture the reauthentication in less than a minute, and then crack at their leisure.
WPA-PSK will probably only be used in home and small office networks, where passphrases may be poorly chosen. I have spoken to manufacturers about changing the presentation layer: don't let users pick bad passwords. So far, to no avail. Not even a recommendation from the Wi-Fi Alliance.
WEP was weak (not broken) by design: when the spec was being designed, the US government still had its onerous cryptographic export restrictions (classifying them as munitions) and one person involved in setting the WEP spec said they erred towards weakness in part because of that climate, and in part because they didn't have computational juice available. The broken parts are just broken, but the strength was intentional.
On the Chinese front, you're way off base. The problem is that the Chinese government requires that foreign companies provide their intellectual property (chip designs, etc.) to one of a dozen Chinese firms that are licensed to create WAPI. So it's not a matter of just adding code to firmware, in which case it might be Yet Another Redundant Standard. Instead, the Chinese government is requiring that non-Chinese firms essentially give away their technological advances.
What killed ergonomic keyboards? Lawyers, sort of. Our U.S. legal system makes the fact that you sell a product that is "safer" (for some people) a factor in litigation against the "dangerous" old keyboards. So my understanding is that many companies, even those successfully selling ergonomic keyboards, were convinced to stop to avoid huge trolling lawsuits from users of older or simultaneous non-ergonomic keyboards.
Somebody just read that New Yorker article on European height, didn't they?
Since Microsoft has been partially funding SCO (through fees or licenses or other alleged funding activities), does their deal with Sun (which has some relatively significant Linux/open source interests, but not as much as IBM and HP) mean that Microsoft backs off from SCO's defense?
It seems like some footnote in the $1.7 billion cash deal and partnership announcement should be that Sun has Microsoft's contractual assurance that they won't threaten Sun's Linux business through supporting SCO.
First, I'm using terminology that's standard.
Second, you're opting in through two different methods, which is why I like the term. So perhaps "double method opt-in" would be more accurate.
Any opt-in mechanism that doesn't confirm some part of an identity (even, "this email is unique") is single method, even if it has multiple steps.
It's one thing to run aggressive spam reporting filters. It's another to have no procedure that can get you out of the doghouse. My father and I run a very very small commercial service for monitoring the rank of various books at Amazon that's sold to authors. They pay for the service. It's double opt-in. We keep records of each sign-up and each opt-in confirmation, as well as payment records.
AOL banned our URL but not our email. The error said the URL in our messages couldn't be sent to AOL addresses. We contacted our three (yes, just three) AOL subscribers and asked them to try to use AOL's tools to make sure our email went through, but they didn't have any options that helped.
I contacted AOL, spoke to a guy who believed what I had to say, and I sent email including a variety of details to a Yahoo (ironic) address that they obvious use for disposable purposes and change from time to time. No response. A week later, I email there again as a follow-up. No response.
So what are we to do? Convince AOL subscribers to switch to another ISP? Nope.
Chris said in email that he's been migrating servers so that content is offline at the moment. I have no doubt that he did break the story--it's too bad it didn't get picked up then. I wound up reporting about it in part because I was contacted by some folks in Austin (quoted in the story) who were concerned that AMD hadn't responded to them. Chris is part of the Austin Wireless group.
You can also use JiWire's hotspot directory advanced search page. Click the "free" button at the bottom of the search bar just above "Get Hotspots" and it only returns free locations. (Yes, I'm affiliated with JiWire, but this is good advice, no?)
Which cafe was this? I'd like to do some follow up (I wrote the story linked to this).
I found your post in researching this story, and I give you full credit for having posted something about it so early. However, we talked to about 15 people for this article by phone and email, and made sure they were willing to go on the record with specific details.
You get credit for the scoop!