Maybe I watch too much TV... but I can sware I seen these before.
I saw it last night on a rerun of Smallville where Lex Luther's father was using it to read a book.
But the coolest movie machine is the one that types out Braille from the screen as seen in Sneakers (kinda old but still nice movie). PLUS that guy could crack encryption from his fingers IN HIS MIND.
C'mon. Leave the moon alone. Why do you want to go stay there if there is not a good motivation to do it? There is no signs of life, and no probability of it. You can squeeze oxygen from the sand, but that's about it. This is more a sci-fi wet dream than it is a practical solution.
Rather go to mars. Mars has potential. Which begs the question: Can you sqeeze oxygen from red sand?
STP, in a nutshell, stops router loops from happening.
I call BS!
STP is a layer two protocol mostly implemented in Ethernet PHY switches to prevent SWITCHING loops from occurring. When more than one physical connection is present between switches, STP turns off a switching port to prevent the loop.
In modern telecoms networks, the switching architectures mainly use Frame relay, SDH / SONET, MPLS or ATM. These switching architectures do not use STP in any form, since they use virtual circuits to perform switching.
Also, consider this: IP packets have a hop count that is reduced accross routers. When it times out, the packet is dropped. This pretty much limits routing loops.
Everybody makes mistakes. That is how we learn and progress to a more experienced state of being.
By telling people not to make mistakes is letting them know that they cannot try out new and inventive, sometimes even shorter ways of doing things.
Unit testing is fine and should be encouraged, but really the thing you want to do here is make your build process do all the donkey work as much as possible, and let your programmers worry about the programming issues and doing things smarter and achieve the most with the least possible effort.
The build process can do the following, if you do it right:
-> Build the code to executable format and even CD ISO distributables (duh)
-> Do code indenting and formatting etc. to conform to a standard.
-> Do unit testing on code segments, and even tell you what % parts were not tested.
-> Scan the code for bad practices such as strcpy and unmatched mallocs.
-> Gather all your TODO's and your FIXME's into an output file.
-> Run the program live and do input fuzzing testing, with extended debugging logs.
-> Run nessus and other attack scripting languages to take care of the obvious issues.
With all these measures in place, it is a simple matter of having *somebody* go through the build logs and make a priority / TODO list, fixing security first and stability later, and the small imperfections last.
But alas. Nobody looks at the logs. Logs are boring. Thats why you have to keep them visible. Maybe via RSS, IM or email?
Re:Hacking is a lot like life...
on
Hacker Boot Camp
·
· Score: 1
Point being: like life, hacking can't be taught, it must be experienced.
AMEN!!
The only problem that most people don't realize is that there is a difference between perception and reality:
In reality, Bluetooth is a standard for radio communications between mobile accessories. The perception of the common man however (and back me up here), is that "the Bluetooth" is the Wireless headset that comes bundled with a cellular phone.
Likewise, if you are a "penetration tester" (sic... fortunate pun), it looks better on a tender document for a government job if you are a "Certified Ethical Hacker", versus the guy that knows what he is doing but does not have the paper behind him. Anyways, how would you compare information security services if they cannot be measured according to at least some form of baseline standard? These requirements are ALREADY stated in the tender RFP's. Who are you to argue with a potential client?
Maybe the big brains at the IEEE should come out with an RFP "e-parcel" protocol that uses an even THICKER envelop to send them pesky larger email messages.
This way the integrity of the message is protected from the evil onslaught of
IT managers, routers, switches and firewalls TEARING away at the packet.
The Internet started with plain old IP and then some idiots started using this "TCP" thing..
Adding layers = what the internet is all about!
Wanna provide developing nations a PC for under $100? DONATE your old PC. Stop being a let's catch the headlines bullshitter and adress the PROBLEM instead of YOUR CORPORATE EGO.
I think nanotech patents should be allowed, provided that they are printed on really small paper. The way patents are going nowadays, a whole tree will get killed just to get a printout and some poor old lady at the patent office will break her back when filing it, thereby requiring a nanotech cure in the first place.
Come on people, its not rocket science. Where my 50k?
Errr.... when you post something like that in a bad neighborhood like/. , I suppose that you're talking about the $50k that USED to be in your bank account?
i found valgrind extremely useful for tracking down memory allocation issues, some applications that are considered safe are not so safe at all when you "valgrind" them...
sweet, thanks for the heads up.. so it should be something along the lines of....
How many overworked and underpaid programmers are there out there that wouldn't give a sh1t if their code conforms to security measures just as long as their pay comes in and they stay out of trouble?
How many of those programmers to you trust to code for your system, people you have never met?
Yes, sloppy programming is bad, but in a commercial context with non-open source software this cannot be always monitored and controlled.
VM's are like the airbags in your car. You hardly notice them. But you are glad that they are around when the fit hits the shan.
Even MS-win and Ubuntu had vulns that were only recently discovered that has been around for a while. 90% of these Vulns were exploited because of simple buffer overflows caused by sloppy C programming.
Not all org's can afford top notch programmers, so the best approach is to implement systems that limits the amount of damage that they can do. Hence VM's.
Buffer overflows are only easy to prevent in C if you know the difference between strcpy() and strncpy() and a whole bunch of other functions. In Java and C# you do not even have to bother.
C'mon, remember the article on the Internet along the lines of Real men use Fortran, sissies use Pascal? Standards have indeed dropped and are dropping every day. It is not the people but the systems that are in control.
:) no dissing intended. I know the difference between pointer re-allocation and new object creation. What I intended to demonstrate was the different approaches one would take to achieve the same ends.. with a very specific demonstration. Of course if you want to nitpick, a another correct example of the equivalent C code to the Java code is:
char* bigstring = new char[256];
char* smallbuffer = new char[20];
delete smallbuffer;
smallbuffer = bigstring; //.. and eventually
delete bigstring;
Although, some unexperienced programmers would simply use strcpy(bigstring,smallbuffer);
What your response so eloquently also illustrates is that there are multiple interpretations to C code, where the interpretation variety to VM code is less.
To be quite honest, I've not programmed in C for a while..so it tends to be a bit rusty. My worst memory of C: Plugging a memory leak in the windows compilation of libnet.
Any programmer that used a VM based language knows that is B.S.
Compare:
strcpy(smallbuffer,bigstring);// C with size bigstring>smallbuffer >> buffer overflow
smallbuffer = bigstring;// Java with bigstring>smallbuffer : no overflow, smallbuffer garbage collected.
smallbuffer = bigstring;// C# with bigstring > smallbuffer : no overflow, smallbuffer garbage collected.
smallbuffer = bigstring # Python with pretty much the same... no overflow
The main point is garbage collection. One misplaced malloc() with no matching free() in the kernel can cause a memory hole that will keep on growing into infinity. Anyhow, if you do a ps v -A | cut -b "54-" on any linux machine you will see that the big culprits is not the kernel based components, but the gui based components.
Not all programmers are top notch, and sooner or later everybody slips up. VM's enable you to be sloppy and cleans up messes quite nicely.
Other than that, "putting your applications in a sandbox" is pretty much what is done with the Internet / Intranet split using firewalls. It is the default deny principle in working.
Sandboxing==Segregation==Layer of perimiter security. The more layers, the more security.
..that the cartoonist was none other than Salman Rushdie, who by no small effort had his own, albiet "plastic" defacement - and thus caused what will later be known as "The Great 2006 Defacement of the Internet and the rise of the great Middle Eastern Nations against the cartoons of the wicked west."
Fundamentalist Reactionaries vowed that they will never eat Apple Danish again.
Most of the tech articles I read mention IPv6 in the same sentence as 3G and WiMax - with good reason. In the Pc world this is not as much of a concern - we still seem to be getting along with the addr space - but in the cellular world the number of cellphones already out there would predict us running out of addressess soon.
The main issue with IPv6 is not the hardware / software support of it. It is the configuration and gradual cut-over from IPv4 that is. Plus it is compounded by the fact that most IT guys really only know IPv4 and have a vague idea of IPv6, especially its security concerns (quick question: how many colons in an IPv6 address again?)
The IPv6 issue is a concern when you have to cross firewalls, nat's etc. because of the complexity of the configuration. What operators tend to do is to get one or two vendors to supply equipment that is configured more or less the same. Thus, ops centers can fine tune the configurations and the system as a whole works with the minimal intervention.
If you had the same ops center manage a network with a lot of disparate equipment, the efficiency will most certainly drop and you will need a lot more operators!
Something like OpenWRT maayyyy be a solution, but don't get your hopes up: Last time I checked it didn't have accounting enabled. Cisco does not implement accounting in its cheaper routers for a reason: It differenciates its product lines.
I used to work for a Telco, and I know how the planning for DSL and other services go: You are right, the metro's are usually the first target, and it pans out from there. It is simply not economical to put down a $10k DSLAM and T1 to service 5 subscribers in some areas.
The only real solution in these areas is Wi-Fi mesh networks controlled by municipalities that have a dedicated shop and team to engineer, install and manage the net.
I had a same concept as the reselling hotspots a while back, but it could not fly because of all the disparities that needs to be taken care of. You really need a bunch of smart guys to get all the protocols to work in a non-uniform environment..
hmmm.. maybe I'm just being prejudiced about it. The cellular companies are pretty big over here compared to Wi-Fi access. Its just that if you compare un-optimised (read non-directional antenna) Wi-Fi access distances, vs. the access distances of Wi-Max and 3G, it just does not win out.
Wi-fi was designed as a short distance "pico cell". Companies have been trying for years now to extend its reach, with some success, but compared to the reach of a simple cell phone from a tower, they have not come close.
That is the speed / distance trade off right there.
What 3G and Wi-Max promises is greater speeds at greater distance than Wi-Fi could muster, including near line of sight. There is also a plethora of radio interference issues with Wi-Fi that 3G and Wi-Max just does not have like microwave ovens, bluetooth, etc. which limits the bandwidth throughput. With 3G and Wi-Max, the network is planned carefully, cells are split with directional antenae, frequency and timeslot issues are sorted, QoS via MPLS is planned throughout the backbone, etc.
Wi-Fi is certainly a nice technology, but the main advances came from hacker culture, and it is only an access mechanism. You have to get a heck of a lot of protocols to work together to provide the same functionality as 3G or Wi-Max. The other problem of course being that Wi-Fi addresses issues at the routing level which could have been dealt with at the switching layer and physical (read power level adaptation) with much more elegance.
Saying Wi-Fi is good enough is like saying everybody should drive a black Ford. It is only a small part of the protocol and services stack.
Also note that most Wi-fi equipment only supports IPv4 out of the box, and your broadband connection is also typically IPv4, with the access point producing a NAT'd range of IP addresses. 3G is designed for IPv4/6. With Wi-Fi, you will always be at the disadvantage of a NAT.
The way of thinking is also stunted, by limiting internet access to laptops, when the number of cellular subscribers dwarfs the number of internet users worldwide.
Our country has an Interception act , which makes it legal for the government to issue a court order for communications providers to tap wires. But the real doozie is:
Even if the Government cannot decrypt your communications (because you used SSL etc.) you can be FORCED by the court to reveal the encryption key required to decrypt the information.
Luckily, you have to be a reasonably bad ass criminal before they do something like that, and the Interception act makes it illegal to tap without a formal court order, even by the national intelligence agency. It is usually the intelligence agency's job to find out who did the spying. etc. etc.
Hence the snide remark against the US and those responsible in the article you mentioned who just trample the rights of their citizens and citizens of other countries.
But then again, this is a political issue vs. the technical one under discussion, but a good angle none the less.
Consider this: If an HTTPS server is compromised and spyware is installed on the computer, would SSL help? No.
Here, the definition of security is meant to be a relative one (as all security guys should know, security is always relative). Anyways, it is always much easier to break into the unmanaged (W)LAN than into the managed WAN. At least they knew afterwards that there was a compromise. How would you get proper forensics in a network where there is no responsibility and full anonymity?
ok, to nitpick a nitpicker::) Did you RTFA? The system under discussion does indeed work internationally.
What is is the ACTUAL current and projected coverage area versus that of the GSM and 3G systems?
I can get online from almost any restaurant or cafe in my neighborhood, which is about 90% of my usage.
Why limit yourself? sitting on the beach, at the pool or at your house is also nice..
See above. I would never care about handing over between cells.
Uhmmm.. lemme see... VoIP, cellular, PDA, Video over IP, smart cars....
This is why it's cheap.
Can't argue with that one..
So buy equipment with the same management interface if you care.
Are you suggesting that the system in question should be operated using equipment from a single vendor? (remember that the spec is loose in these areas, since it was not DESIGNED to be used this way in the first place)
You should be doing your own encryption (or using SSL) on anything that matters anyway. Do you trust the phone company?
As a matter of fact, I do. Once you get into an operator net, the environment is well managed, routers are inside secure exchanges, fibers cannot be tapped and this usually terminates in a hosting provider server room. The only way to peep is to physically splice the fiber. Plus, operators and hosting providers are the most clued up on security issues, since they have been handling these since the creation of time. Luckily, we do not live in America where the feds tap everybody's wired.
The most risk for MITM attacks (even untrusted certificate SSL) is biggest on the local LAN and even bigger on the WLAN. Do you always check for that little padlock? How many laymen know that they should check it? How many normal people would accept a "secure" certificate from an unknown source? And what about FTP? Normal people need to be protected from the issues they are not aware of. That is one of the reasons that balustrading is always above hip height. If it was lower, people would tip over..
Good engineering is making something usable by idiots.
IEEE 802.11 only addressed the technical and protocol levels of what is required here. In that respect it is superior to other acces mechanisms. HOWEVER, the billing, roaming, handover, switching, security, content adaption etc. that come standard with 3G was left out here.
Side note: If you have video traffic running over P2P, which you would have to do with NAT'd Wi-Fi, it would not be able to come even close to 3G with regards to speed, latency, jitter etc., since the 3G network does not have to jump the firewall and run the extra route. Plus, the existing switching layer is already adapted to handle QoS issues.
...Seriously.
The whole "Hotspot" thing is getting old. Really, how many people would use a system/service that:
1. Is not engineered to be accessable country-wide on a single bill and with possibilities of international roaming?
2. Is designed for SHORT distances from access points.
3. Cannot hand over between cells.
4. Is unreliable, no guaranteed uptime and no centralised management of links. (If a link goes down, who is responsible to fix it?)
5. Has no "standard" protocol etc. configuration EVEN FROM THE SAME VENDOR, which makes configuration and management difficult.
6. Is reputedly insecure, with WPA-2 just about impossible to set up for a layman, and WEP easily cracked?
...All of these services that we got used to with the plain old telephone system. Also, although services like 3G really have a terrible protocol stack, at least it provides the above. Let's also not forget Wi-Max and realise that these fools are living in the past.
The only good thing to come from Wi-Fi is community meshes.
ATM is the reason you have MPLS... the UK telecoms is chock and block full of Alcatel 7670 ATM/MPLS backbone switches (in essence there is not much difference between the two).
The only reason that IP trumped ATM is because it is much easier to understand, and there was a larger legacy of applications using IP.
The 25 - 30% cell tax was another problem, since people were not willing to pay for the bandwidth that was "wasted" to pay for enhanced QoS and latency.
But at least ATM gave you QoS guarantees which only recently started to emerge in newer IP networks.
What the story comes down to is the difference between the structure of operating systems of "router-like" machines (read Cisco / WinTel) and "switching-like" machines (read Alcatel / Siemens / Ericsson).
The switching machines are designed to treat a single piece of information end-to-end, the PC is not as efficient but a lot more generally applicable, period.
Anyways, why stop at video, when you can have immersive reality like Virtual Reality fiber backhaul meetings?
(first post)
I'm an ex-ATM network design engineer and have some experience on engineering the oversell ratio on ADSL networks running across a combined IP/ATM Telco backbone.
It boils down to this:
1. Advertise a speed of x Mb/s
2. Oversell the speed at the DSLAMs to get x/32 nominal speed / CBR
3. Oversell the speed on the ATM VC to mux 32 connections over an E1 / 2Mb/s link.
4. Oversell speed at the RAS to get x/512 CBR.
5. Divide download speed by 4-8 to get x/1024 CBR
6. Aggressively cache, even ignoring page update headers on some sites.
In effect, you usually get about 10kb/s nominal on a 512kb/s advertised link.
On the ATM network, the latency is very small, but the IP backbone introduces big latency that you do not have much control over.
What the Telco's should be doing:
1. Advertise the peak (PIR) and nominal (CIR) rates of the DSL connection IN BOTH DIRECTIONS.
2. Build DWDM/MPLS/ATM core networks END-to-END and advertise as such
Slashdot Mirror
But the coolest movie machine is the one that types out Braille from the screen as seen in Sneakers (kinda old but still nice movie). PLUS that guy could crack encryption from his fingers IN HIS MIND.
C'mon. Leave the moon alone. Why do you want to go stay there if there is not a good motivation to do it? There is no signs of life, and no probability of it. You can squeeze oxygen from the sand, but that's about it. This is more a sci-fi wet dream than it is a practical solution.
Rather go to mars. Mars has potential. Which begs the question: Can you sqeeze oxygen from red sand?
I call BS!
STP is a layer two protocol mostly implemented in Ethernet PHY switches to prevent SWITCHING loops from occurring. When more than one physical connection is present between switches, STP turns off a switching port to prevent the loop.
In modern telecoms networks, the switching architectures mainly use Frame relay, SDH / SONET, MPLS or ATM. These switching architectures do not use STP in any form, since they use virtual circuits to perform switching.
Also, consider this: IP packets have a hop count that is reduced accross routers. When it times out, the packet is dropped. This pretty much limits routing loops.
Everybody makes mistakes. That is how we learn and progress to a more experienced state of being.
By telling people not to make mistakes is letting them know that they cannot try out new and inventive, sometimes even shorter ways of doing things.
Unit testing is fine and should be encouraged, but really the thing you want to do here is make your build process do all the donkey work as much as possible, and let your programmers worry about the programming issues and doing things smarter and achieve the most with the least possible effort.
The build process can do the following, if you do it right:
-> Build the code to executable format and even CD ISO distributables (duh)
-> Do code indenting and formatting etc. to conform to a standard.
-> Do unit testing on code segments, and even tell you what % parts were not tested.
-> Scan the code for bad practices such as strcpy and unmatched mallocs.
-> Gather all your TODO's and your FIXME's into an output file.
-> Run the program live and do input fuzzing testing, with extended debugging logs.
-> Run nessus and other attack scripting languages to take care of the obvious issues.
With all these measures in place, it is a simple matter of having *somebody* go through the build logs and make a priority / TODO list, fixing security first and stability later, and the small imperfections last.
But alas. Nobody looks at the logs. Logs are boring. Thats why you have to keep them visible. Maybe via RSS, IM or email?
Superglue has already been taken.
I know! They will call it (drumroll)
BACTOBOND!
...parent's comment kinda like reminds me of this
AMEN!!
The only problem that most people don't realize is that there is a difference between perception and reality:
In reality, Bluetooth is a standard for radio communications between mobile accessories. The perception of the common man however (and back me up here), is that "the Bluetooth" is the Wireless headset that comes bundled with a cellular phone.
Likewise, if you are a "penetration tester" (sic... fortunate pun), it looks better on a tender document for a government job if you are a "Certified Ethical Hacker", versus the guy that knows what he is doing but does not have the paper behind him. Anyways, how would you compare information security services if they cannot be measured according to at least some form of baseline standard? These requirements are ALREADY stated in the tender RFP's. Who are you to argue with a potential client?
Maybe the big brains at the IEEE should come out with an RFP "e-parcel" protocol that uses an even THICKER envelop to send them pesky larger email messages.
This way the integrity of the message is protected from the evil onslaught of IT managers, routers, switches and firewalls TEARING away at the packet.
The Internet started with plain old IP and then some idiots started using this "TCP" thing..
Adding layers = what the internet is all about!
Wanna provide developing nations a PC for under $100?
DONATE your old PC.
Stop being a let's catch the headlines bullshitter and adress the PROBLEM instead of YOUR CORPORATE EGO.
I think nanotech patents should be allowed, provided that they are printed on really small paper. The way patents are going nowadays, a whole tree will get killed just to get a printout and some poor old lady at the patent office will break her back when filing it, thereby requiring a nanotech cure in the first place.
i found valgrind extremely useful for tracking down memory allocation issues, some applications that are considered safe are not so safe at all when you "valgrind" them ...
:)
sweet, thanks for the heads up.. so it should be something along the lines of....
wget -r -O - cvs.sourceforge.net | valgrind > known_vulns.txt
never too old to learn.
How many overworked and underpaid programmers are there out there that wouldn't give a sh1t if their code conforms to security measures just as long as their pay comes in and they stay out of trouble?
How many of those programmers to you trust to code for your system, people you have never met?
Yes, sloppy programming is bad, but in a commercial context with non-open source software this cannot be always monitored and controlled.
VM's are like the airbags in your car. You hardly notice them. But you are glad that they are around when the fit hits the shan.
Even MS-win and Ubuntu had vulns that were only recently discovered that has been around for a while. 90% of these Vulns were exploited because of simple buffer overflows caused by sloppy C programming.
Not all org's can afford top notch programmers, so the best approach is to implement systems that limits the amount of damage that they can do. Hence VM's.
Buffer overflows are only easy to prevent in C if you know the difference between strcpy() and strncpy() and a whole bunch of other functions. In Java and C# you do not even have to bother.
C'mon, remember the article on the Internet along the lines of Real men use Fortran, sissies use Pascal? Standards have indeed dropped and are dropping every day. It is not the people but the systems that are in control.
:) no dissing intended. I know the difference between pointer re-allocation and new object creation. What I intended to demonstrate was the different approaches one would take to achieve the same ends.. with a very specific demonstration. Of course if you want to nitpick, a another correct example of the equivalent C code to the Java code is:
// .. and eventually
char* bigstring = new char[256];
char* smallbuffer = new char[20];
delete smallbuffer;
smallbuffer = bigstring;
delete bigstring;
Although, some unexperienced programmers would simply use
strcpy(bigstring,smallbuffer);
What your response so eloquently also illustrates is that there are multiple interpretations to C code, where the interpretation variety to VM code is less.
To be quite honest, I've not programmed in C for a while..so it tends to be a bit rusty. My worst memory of C: Plugging a memory leak in the windows compilation of libnet.
Any programmer that used a VM based language knows that is B.S.
// C with size bigstring>smallbuffer >> buffer overflow // Java with bigstring>smallbuffer : no overflow, smallbuffer garbage collected. // C# with bigstring > smallbuffer : no overflow, smallbuffer garbage collected.
Compare:
strcpy(smallbuffer,bigstring);
smallbuffer = bigstring;
smallbuffer = bigstring;
smallbuffer = bigstring # Python with pretty much the same... no overflow
The main point is garbage collection. One misplaced malloc() with no matching free() in the kernel can cause a memory hole that will keep on growing into infinity. Anyhow, if you do a ps v -A | cut -b "54-" on any linux machine you will see that the big culprits is not the kernel based components, but the gui based components.
Not all programmers are top notch, and sooner or later everybody slips up. VM's enable you to be sloppy and cleans up messes quite nicely.
Other than that, "putting your applications in a sandbox" is pretty much what is done with the Internet / Intranet split using firewalls. It is the default deny principle in working.
Sandboxing==Segregation==Layer of perimiter security. The more layers, the more security.
..that the cartoonist was none other than Salman Rushdie, who by no small effort had his own, albiet "plastic" defacement - and thus caused what will later be known as "The Great 2006 Defacement of the Internet and the rise of the great Middle Eastern Nations against the cartoons of the wicked west."
Fundamentalist Reactionaries vowed that they will never eat Apple Danish again.
Most of the tech articles I read mention IPv6 in the same sentence as 3G and WiMax - with good reason. In the Pc world this is not as much of a concern - we still seem to be getting along with the addr space - but in the cellular world the number of cellphones already out there would predict us running out of addressess soon.
The main issue with IPv6 is not the hardware / software support of it. It is the configuration and gradual cut-over from IPv4 that is. Plus it is compounded by the fact that most IT guys really only know IPv4 and have a vague idea of IPv6, especially its security concerns (quick question: how many colons in an IPv6 address again?)
The IPv6 issue is a concern when you have to cross firewalls, nat's etc. because of the complexity of the configuration. What operators tend to do is to get one or two vendors to supply equipment that is configured more or less the same. Thus, ops centers can fine tune the configurations and the system as a whole works with the minimal intervention.
If you had the same ops center manage a network with a lot of disparate equipment, the efficiency will most certainly drop and you will need a lot more operators!
Something like OpenWRT maayyyy be a solution, but don't get your hopes up: Last time I checked it didn't have accounting enabled. Cisco does not implement accounting in its cheaper routers for a reason: It differenciates its product lines.
I used to work for a Telco, and I know how the planning for DSL and other services go: You are right, the metro's are usually the first target, and it pans out from there. It is simply not economical to put down a $10k DSLAM and T1 to service 5 subscribers in some areas.
The only real solution in these areas is Wi-Fi mesh networks controlled by municipalities that have a dedicated shop and team to engineer, install and manage the net.
I had a same concept as the reselling hotspots a while back, but it could not fly because of all the disparities that needs to be taken care of. You really need a bunch of smart guys to get all the protocols to work in a non-uniform environment..
hmmm.. maybe I'm just being prejudiced about it. The cellular companies are pretty big over here compared to Wi-Fi access. Its just that if you compare un-optimised (read non-directional antenna) Wi-Fi access distances, vs. the access distances of Wi-Max and 3G, it just does not win out.
Wi-fi was designed as a short distance "pico cell". Companies have been trying for years now to extend its reach, with some success, but compared to the reach of a simple cell phone from a tower, they have not come close.
That is the speed / distance trade off right there.
What 3G and Wi-Max promises is greater speeds at greater distance than Wi-Fi could muster, including near line of sight. There is also a plethora of radio interference issues with Wi-Fi that 3G and Wi-Max just does not have like microwave ovens, bluetooth, etc. which limits the bandwidth throughput. With 3G and Wi-Max, the network is planned carefully, cells are split with directional antenae, frequency and timeslot issues are sorted, QoS via MPLS is planned throughout the backbone, etc.
Wi-Fi is certainly a nice technology, but the main advances came from hacker culture, and it is only an access mechanism. You have to get a heck of a lot of protocols to work together to provide the same functionality as 3G or Wi-Max. The other problem of course being that Wi-Fi addresses issues at the routing level which could have been dealt with at the switching layer and physical (read power level adaptation) with much more elegance.
Saying Wi-Fi is good enough is like saying everybody should drive a black Ford. It is only a small part of the protocol and services stack.
Also note that most Wi-fi equipment only supports IPv4 out of the box, and your broadband connection is also typically IPv4, with the access point producing a NAT'd range of IP addresses. 3G is designed for IPv4/6. With Wi-Fi, you will always be at the disadvantage of a NAT.
The way of thinking is also stunted, by limiting internet access to laptops, when the number of cellular subscribers dwarfs the number of internet users worldwide.
Our country has an Interception act , which makes it legal for the government to issue a court order for communications providers to tap wires. But the real doozie is:
Even if the Government cannot decrypt your communications (because you used SSL etc.) you can be FORCED by the court to reveal the encryption key required to decrypt the information.
Luckily, you have to be a reasonably bad ass criminal before they do something like that, and the Interception act makes it illegal to tap without a formal court order, even by the national intelligence agency. It is usually the intelligence agency's job to find out who did the spying. etc. etc.
Hence the snide remark against the US and those responsible in the article you mentioned who just trample the rights of their citizens and citizens of other countries.
But then again, this is a political issue vs. the technical one under discussion, but a good angle none the less.
Consider this: If an HTTPS server is compromised and spyware is installed on the computer, would SSL help? No.
Here, the definition of security is meant to be a relative one (as all security guys should know, security is always relative). Anyways, it is always much easier to break into the unmanaged (W)LAN than into the managed WAN. At least they knew afterwards that there was a compromise. How would you get proper forensics in a network where there is no responsibility and full anonymity?
ok, to nitpick a nitpicker: :)
Did you RTFA? The system under discussion does indeed work internationally.
What is is the ACTUAL current and projected coverage area versus that of the GSM and 3G systems?
I can get online from almost any restaurant or cafe in my neighborhood, which is about 90% of my usage.
Why limit yourself? sitting on the beach, at the pool or at your house is also nice..
See above. I would never care about handing over between cells.
Uhmmm.. lemme see... VoIP, cellular, PDA, Video over IP, smart cars....
This is why it's cheap.
Can't argue with that one..
So buy equipment with the same management interface if you care.
Are you suggesting that the system in question should be operated using equipment from a single vendor? (remember that the spec is loose in these areas, since it was not DESIGNED to be used this way in the first place)
You should be doing your own encryption (or using SSL) on anything that matters anyway. Do you trust the phone company?
As a matter of fact, I do. Once you get into an operator net, the environment is well managed, routers are inside secure exchanges, fibers cannot be tapped and this usually terminates in a hosting provider server room. The only way to peep is to physically splice the fiber. Plus, operators and hosting providers are the most clued up on security issues, since they have been handling these since the creation of time. Luckily, we do not live in America where the feds tap everybody's wired.
The most risk for MITM attacks (even untrusted certificate SSL) is biggest on the local LAN and even bigger on the WLAN. Do you always check for that little padlock? How many laymen know that they should check it? How many normal people would accept a "secure" certificate from an unknown source? And what about FTP? Normal people need to be protected from the issues they are not aware of. That is one of the reasons that balustrading is always above hip height. If it was lower, people would tip over..
Good engineering is making something usable by idiots.
IEEE 802.11 only addressed the technical and protocol levels of what is required here. In that respect it is superior to other acces mechanisms. HOWEVER, the billing, roaming, handover, switching, security, content adaption etc. that come standard with 3G was left out here.
Side note: If you have video traffic running over P2P, which you would have to do with NAT'd Wi-Fi, it would not be able to come even close to 3G with regards to speed, latency, jitter etc., since the 3G network does not have to jump the firewall and run the extra route. Plus, the existing switching layer is already adapted to handle QoS issues.
...Seriously.
...All of these services that we got used to with the plain old telephone system. Also, although services like 3G really have a terrible protocol stack, at least it provides the above. Let's also not forget Wi-Max and realise that these fools are living in the past.
The whole "Hotspot" thing is getting old. Really, how many people would use a system/service that:
1. Is not engineered to be accessable country-wide on a single bill and with possibilities of international roaming?
2. Is designed for SHORT distances from access points.
3. Cannot hand over between cells.
4. Is unreliable, no guaranteed uptime and no centralised management of links. (If a link goes down, who is responsible to fix it?)
5. Has no "standard" protocol etc. configuration EVEN FROM THE SAME VENDOR, which makes configuration and management difficult.
6. Is reputedly insecure, with WPA-2 just about impossible to set up for a layman, and WEP easily cracked?
The only good thing to come from Wi-Fi is community meshes.
ATM is the reason you have MPLS... the UK telecoms is chock and block full of Alcatel 7670 ATM/MPLS backbone switches (in essence there is not much difference between the two).
The only reason that IP trumped ATM is because it is much easier to understand, and there was a larger legacy of applications using IP.
The 25 - 30% cell tax was another problem, since people were not willing to pay for the bandwidth that was "wasted" to pay for enhanced QoS and latency.
But at least ATM gave you QoS guarantees which only recently started to emerge in newer IP networks.
What the story comes down to is the difference between the structure of operating systems of "router-like" machines (read Cisco / WinTel) and "switching-like" machines (read Alcatel / Siemens / Ericsson).
The switching machines are designed to treat a single piece of information end-to-end, the PC is not as efficient but a lot more generally applicable, period.
Anyways, why stop at video, when you can have immersive reality like Virtual Reality fiber backhaul meetings?
(first post) I'm an ex-ATM network design engineer and have some experience on engineering the oversell ratio on ADSL networks running across a combined IP/ATM Telco backbone. It boils down to this: 1. Advertise a speed of x Mb/s 2. Oversell the speed at the DSLAMs to get x/32 nominal speed / CBR 3. Oversell the speed on the ATM VC to mux 32 connections over an E1 / 2Mb/s link. 4. Oversell speed at the RAS to get x/512 CBR. 5. Divide download speed by 4-8 to get x/1024 CBR 6. Aggressively cache, even ignoring page update headers on some sites. In effect, you usually get about 10kb/s nominal on a 512kb/s advertised link. On the ATM network, the latency is very small, but the IP backbone introduces big latency that you do not have much control over. What the Telco's should be doing: 1. Advertise the peak (PIR) and nominal (CIR) rates of the DSL connection IN BOTH DIRECTIONS. 2. Build DWDM/MPLS/ATM core networks END-to-END and advertise as such