Email Delivery

Receive new posts as email.

Email address

Syndicate this site

RSS | Atom


About This Site
Contact Us
Privacy Policy


July 2011
Sun Mon Tues Wed Thurs Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

Stories by Category

Basics :: Basics
Casting :: Casting Listen In Podcasts Videocasts
Culture :: Culture Hacking
Deals :: Deals
Future :: Future
Hardware :: Hardware Adapters Appliances Chips Consumer Electronics Gaming Home Entertainment Music Photography Video Gadgets Mesh Monitoring and Testing PDAs Phones Smartphones
Industry :: Industry Conferences Financial Free Health Legal Research Vendor analysis
International :: International
Media :: Media Locally cached Streaming
Metro-Scale Networks :: Metro-Scale Networks Community Networking Municipal
Network Types :: Network Types Broadband Wireless Cellular 2.5G and 3G 4G Power Line Satellite
News :: News Mainstream Media
Politics :: Politics Regulation Sock Puppets
Schedules :: Schedules
Security :: Security 802.1X
Site Specific :: Site Specific Administrative Detail April Fool's Blogging Book review Cluelessness Guest Commentary History Humor Self-Promotion Unique Wee-Fi Who's Hot Today?
Software :: Software Open Source
Spectrum :: Spectrum 60 GHz
Standards :: Standards 802.11a 802.11ac 802.11ad 802.11e 802.11g 802.11n 802.20 Bluetooth MIMO UWB WiGig WiMAX ZigBee
Transportation and Lodging :: Transportation and Lodging Air Travel Aquatic Commuting Hotels Rails
Unclassified :: Unclassified
Vertical Markets :: Vertical Markets Academia Enterprise WLAN Switches Home Hot Spot Aggregators Hot Spot Advertising Road Warrior Roaming Libraries Location Medical Public Safety Residential Rural SOHO Small-Medium Sized Business Universities Utilities wISP
Voice :: Voice


July 2011 | June 2011 | May 2011 | April 2011 | March 2011 | February 2011 | January 2011 | December 2010 | November 2010 | October 2010 | September 2010 | August 2010 | July 2010 | June 2010 | May 2010 | April 2010 | March 2010 | February 2010 | January 2010 | December 2009 | November 2009 | October 2009 | September 2009 | August 2009 | July 2009 | June 2009 | May 2009 | April 2009 | March 2009 | February 2009 | January 2009 | December 2008 | November 2008 | October 2008 | September 2008 | August 2008 | July 2008 | June 2008 | May 2008 | April 2008 | March 2008 | February 2008 | January 2008 | December 2007 | November 2007 | October 2007 | September 2007 | August 2007 | July 2007 | June 2007 | May 2007 | April 2007 | March 2007 | February 2007 | January 2007 | December 2006 | November 2006 | October 2006 | September 2006 | August 2006 | July 2006 | June 2006 | May 2006 | April 2006 | March 2006 | February 2006 | January 2006 | December 2005 | November 2005 | October 2005 | September 2005 | August 2005 | July 2005 | June 2005 | May 2005 | April 2005 | March 2005 | February 2005 | January 2005 | December 2004 | November 2004 | October 2004 | September 2004 | August 2004 | July 2004 | June 2004 | May 2004 | April 2004 | March 2004 | February 2004 | January 2004 | December 2003 | November 2003 | October 2003 | September 2003 | August 2003 | July 2003 | June 2003 | May 2003 | April 2003 | March 2003 | February 2003 | January 2003 | December 2002 | November 2002 | October 2002 | September 2002 | August 2002 | July 2002 | June 2002 | May 2002 | April 2002 | March 2002 | February 2002 | January 2002 | December 2001 | November 2001 | October 2001 | September 2001 | August 2001 | July 2001 | June 2001 | May 2001 | April 2001 |

Recent Entries

Apple to Include Wi-Fi Direct in Next OS Release?
Meraki Offers Browser-Based Wi-Fi Sniffer
Turn Windows 7 into a Hotspot
Snow Leopard's Wi-Fi Improvements
Whisher Offers Wi-Fi Buddy Lists and a Lot More
Raymond Chander's Vista (The Big Wi-Fi Sleep)
Centrino Drivers Have Memory Leak, Now Fixed
Tropos Adapts to Handhelds
The Latest Community Wireless Tool
Linux Wireless Abstraction Layer Boosted in Kernel 2.6.14

Site Philosophy

This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator. Part of the FM Tech advertising network.


Entire site and all contents except otherwise noted © Copyright 2001-2011 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.

Powered by
Movable Type

Recently in Software Category

February 24, 2011

Apple to Include Wi-Fi Direct in Next OS Release?

By Glenn Fleishman

Apple's AirDrop file-transfer feature sounds an awful lot like it relies on Wi-Fi Direct: Wi-Fi Direct hasn't yet found its way into any desktop or mobile operating system as a built-in component. Wi-Fi Direct allows ad hoc-style connections between devices (computers, peripherals, mobiles, and others) using robust WPA2 security. Devices advertise services as part of the SSID broadcast, such as noting that they can be printed to.

AirDrop is a no-fuss way to swap files between two Macs running the Mac OS X Lion release, still in a preview/beta test phase. It notes specifically that it works wirelessly. I suspect Wi-Fi Direct underlies this. Apple already has Bonjour networking built in to all its computers, and relies on this feature being in most major printers. Bonjour announces services when you're connected to a network in a manner conceptually similar to Wi-Fi Direct.

AirDrop doesn’t require setup or special settings. Just click the AirDrop icon in the Finder sidebar, and your Mac automatically discovers other people nearby who are using AirDrop. You’ll even see contact photos for those who are already in your Address Book.

We'll find out eventually. Having Wi-Fi Direct built into an OS would mean opening up that OS to setup-free connections for printing, file transfer, tethering, and other purposes in a way that's much simpler than today's network connection and service configuration pains.

Update: I had a briefing with Apple. It is not Wi-Fi Direct, but it is awfully similar.

Posted by Glenn Fleishman at 2:33 PM | Permanent Link | Categories: Software | 4 Comments

February 12, 2010

Meraki Offers Browser-Based Wi-Fi Sniffer

By Glenn Fleishman

Meraki offers up a Java tool for viewing Wi-Fi networks around you: The Meraki WiFi Stumbler is a browser-based tool for using your computer's 802.11 adapter to scan the air around you and report the SSID, MAC address (BSSID), 802.11 standard (g, n, etc.), channel, signal strength, maker (if known from MAC address), and security standards used. This is the first browser-based tool that I've seen that replicates the functionality needed to make channel selection and siting choices.

Because of the Java requirement, the tool works only in browsers like Firefox, Internet Explorer, and Safari that support Java. For some reason, only Windows and Mac are currently supported; Linux is not, but that might relate to the state of monolithic driver support in the open-source kernel. You can use the stumbler without an Internet connection in Firefox 3.5 only.

I made a very short screencast showing how it works. Looks like I was wrong in what I said in the screencast: there were simply no 5 GHz networks in the vicinity for a long time (I spotted one later); my desktop Mac does have 802.11n capability.

Posted by Glenn Fleishman at 2:01 PM | Permanent Link | Categories: Software | No Comments

October 29, 2009

Turn Windows 7 into a Hotspot

By Glenn Fleishman

Clever use of built-in Windows 7 networking from Connectify: The beta version of Connectify for Windows 7 uses the OS's ability to create a software access point and a virtual Wi-Fi adapter while still remaining connected to an infrastructure Wi-Fi network. This Windows 7 feature virtualizes the Wi-Fi network connection, allowing a separate client and access point function to operate as separate virtual devices using the same radio channel and same hardware. Some advantages over ad hoc networking, just like with the upcoming Wi-Fi Direct technology, is the use of WPA2 Personal (AES-CCMP flavor) for securing the connection.

The work was originally developed by Microsoft Research, and is still apparently a little hidden in Windows 7, although available. Connectify apparently lets you take one or more WAN connections (like Ethernet, Wi-Fi, or 3G) and aggregate them into a single backhaul for the software AP, too.

Posted by Glenn Fleishman at 1:43 PM | Permanent Link | Categories: Software | 1 Comment

August 26, 2009

Snow Leopard's Wi-Fi Improvements

By Glenn Fleishman

Apple unleashes Mac OS X 10.6 Snow Leopard reviewers: While the next release of Mac OS X doesn't appear til Friday, Apple ended its embargo for reviewers and others who gained early access to the operating system update.

There are three notable changes related to Wi-Fi, none of them terribly significant.

First, the AirPort menu--the place from which you select networks--now shows signal strength for each nearby network. That's useful if you have choices or are troubleshooting coverage. Hold down the Option key before clicking the AirPort menu and Apple now reveals more information than the same option in Leopard, including channel, band, transmit rate, and the obscure MCS Index (an entry that defines encoding choices in use).


Second, the sleep mode in Snow Leopard is integrated with Bonjour discovery, the network protocol Apple uses to advertise services available on a computer. For Mac models released in 2009 (as far as I can tell), you can wake a computer remotely by connecting to a service like file sharing over Wi-Fi or Ethernet--so long as the Mac was connected to an AirPort Extreme Base Station or Time Capsule before it went to sleep. The base station acts as a proxy while the Mac is sleeping. (Macs from 2008 and before appear to only have the option to be woken over Ethernet.) You can read about all the details in an article I wrote this morning for the Mac publication TidBITS, AirPort Menu Improves in Snow Leopard.

Third and finally, you can have your current location and time set in the world via Wi-Fi. The Date & Time preference pane's Time Zone view has an option to set the time zone via the current location. This requires an active network connection, and almost certainly uses Skyhook Wireless data, as Apple already relies on that firm for iPhone Wi-Fi lookups.

Snow Leopard has a $30 price tag for those with Leopard installed; $170 for a bundle of Snow Leopard, iWork '09, and iLife '09 for Tiger users. However, the $30 updater will work with Tiger, too; it violates the user agreement, but Apple uses the honor system for enforcement since it already collected its profit margin when it sold you the computer.

Posted by Glenn Fleishman at 8:13 PM | Permanent Link | Categories: Software | No Comments | No TrackBacks

January 29, 2007

Whisher Offers Wi-Fi Buddy Lists and a Lot More

By Glenn Fleishman

Share your network with friends and colleagues without managing passwords, says Whisher, but that's just for now: Stealth startup Whisher comes out of the woods today with an approach for allowing simple access to secured networks at homes and small businesses, as well as free hotspots. Whisher requires the use of a "heavy" (read: large) client application that's available for Windows, Mac OS X, and Linux. The program handles account and password management; there's no configuration changes or firmware required for access points. "It's not about reflashing routers at all," said Ferran Moreno, Whisher's CEO and co-founder.

To share a network, you create an entry, enter its password (if any), and choose buddies that can access it. "You can create your own Wi-Fi community, by deciding with whom you share and when," Moreno said. Buddies must download and install Whisher, and create accounts. There's no cost for the software or this functionality. Hotspots that want to be open and free can still protect access via WEP and WPA, and use Whisher as the "bar to entry." (The trick is that each copy of Whisher has an encrypted database storing passwords for all open networks, and the passwords for buddy networks.)

Whisherscreen-1The buddy notion bypasses the need to provide friends and colleagues with your network password, or even co-workers in a small-business environment. The centralized management means a single change flows the modified password to your buddies, or to everyone for open networks.

Whisher is backed by Swisscom, one of the largest European hotspot network operators, and Benchmark Capital, investors in Tropos. The investment amount wasn't disclosed.

The application includes file transfer software and instant messaging, but both features are currently limited to allow exchanges only over the local Wi-Fi network for registered users. That limit means that someone who installs the Whisher application and doesn't register for an account can still access free hotspots, but if they want additional local features, they'll need to create an account. A hotspot can keep a CD or memory stick handy for customers to install the Whisher software, which doesn't require a restart under Mac OS X, at least, to get up and running.

Whisher represents a pendulum swing back from the Web-based gateway access that I would argue has plagued the hotspot industry. The gateway page took hold before 802.1X supplicants were a viable way to allow access. (Windows XP and Mac OS X have included supplicants for at least three years; Unix/Linux flavors have free and for-fee supplicants available.) If the hotspot concept started up today, it's pretty clear that a standard login methodology around 802.1X would be adopted for simplicity and security. (T-Mobile's Connection Manager uses 802.1X seamlessly, for instance, and has for years.) When you read complaints about how Wi-Fi doesn't work as a public access means, almost always the complaint is either with cost, or with the trouble in producing an authentication session through a gateway page. (I was just wrestling with AT&T FreedomLink's ugly approach to this on a recent trip.)

By putting the intelligence in client software, the company has to deal with supporting multiple platforms, but with the massive heterogeneity of Wi-Fi routers, that may be a simpler win than dealing with creating one's own firmware or pushing out custom routers, which has been Fon's approach.

(Moreno said he worked with Fon founder Martin Varsavsky, but left over differences in achieving similar communities and scale. Varsavsky disputes this over at Business 2.0. Moreno said that Whisher could absolutely work on top of Fon's network as an application to ease access, provide local network services, and even content based on location, as the software could do on any network. CTO and co-founder Mike Puchol has engaged in rather public Fon-baiting and criticism, including a lot of back and forth with Varsavsky in their respective blogs: Varsavsky, Puchol.)

Downloading an application used to be the kiss of death when broadband was scarce, and it sometimes seems antithetical to the Web 2.0 aesthetic of AJAX-based browser intelligence. The Whisher app ties into that, though, by using an embedded browser, and intra-program updates. "It won't be any more welcome page, enter your credentials, and so forth -- it will be a uniform experience," said Moreno, and that's really the key.

The company hopes to see revenue by leveraging its application as a way to deliver advertising for hotspot networks, and as a vehicle for hotspot and metro-scale Wi-Fi operators to resell service through a client that someone may already have installed. As with Devicescape's device-oriented model, Whisher will use Web-based accounts eventually to handle credit card numbers or other payment mechanisms, as well as other centralized account details. "We're leaving it open to be integrated with any WISP or any technology it has for authentication and billing and so on," said Puchol.

Comparing Boingo, Devicescape, Fon, and Whisher

Boingo: Software client for Mac OS X and Windows mediates access to aggregated partner Wi-Fi networks. A monthly subscription fee allows unlimited access via computer to US locations and some international locations. Many international hotspots have metered, negotiated per-minute or other rates. A new VoIP offering includes unlimited VoIP worldwide at participating locations. $22 per month or $8 per session, plus metered rates at some international locations (noted in their hotspot finder). Boingo has north of 60,000 hotspots signed.

Devicescape: Embedded software that Devicescape wants manufacturers to include in their handheld products, and that can be installed on some devices, allows access at public hotspots that require authentication by tunneling login information via DNS. The handheld device stores no authentication information, and uses the tunneled credentials and other details to perform the login; entering credentials and account details occurs at a Web site. Devicescape wants to establish the notion of per-device sub-accounts at hotspots and aggregators, allowing a single user to use more than one phone, game console, camera, and PDA--with perhaps different, small monthly rates for each--at the same time. Free, but requires accounts at hotspot networks. Supported networks include AT&T FreedomLink, Fon, and T-Mobile USA. (Support does not indicate the hotspot operator approves or works with Devicescape's system.)

Fon: Grassroots and commercial network built one at a time, with individuals flashing commercial, commodity gateways from Linksys and others with special firmware, or purchasing typically subsidized routers that are preconfigured. Network sharers, called Foneros, can choose to charge for access to their hotspot or share it for free. Those who charge receive half the revenue. Those who share can access any other shared Fon location for free. Non-Foneros pay for usage everywhere; those who share for free receive none of the revenue from non-members using their location. Fon's model may extend beyond flashed/custom routers soon with the release of Mac OS X software that turns a Mac into a Fon hotspot, allowing routing from a cell data network (cell operators uniformly disallow this in the US, but it would be difficult to track). Fon claims tens of thousands of active Fon hotspots, but I can't find a citation for their current count. Their mapping software shows registered users and active locations.

Whisher: Client application for Windows, Mac OS X, and Linux allows access to password-protected (WEP/WPA) public and private networks coupled with a Web-based account for management. Any Whisher user can access public networks; private networks require inclusion in a buddy list. No special hardware required. Free software, free buddy lists.

Posted by Glenn Fleishman at 3:35 PM | Permanent Link | Categories: Hot Spot, Security, Software | 5 Comments

December 13, 2006

Raymond Chander's Vista (The Big Wi-Fi Sleep)

By Glenn Fleishman

Windows Vista has a napping problem: I've been reading about an issue regarding low-power and brief sleep modes in "802.11" and "Wi-Fi" (used sometimes inaccurately as interchangeable commodities) for days now to understand what Microsoft did right or wrong in how they configured Vista to save battery power when using Wi-Fi. Ars Technica, as usual, has the right combination of technical detail and comprehensibility.

The story started as if Vista would "drain" batteries, which made little sense. Reading the original coverage in TechWeb and a Microsoft blog post on the matter didn't enlighten me. Why would any Vista setting use more power than XP SP2? Surely, XP SP2 has an optimized, but inferior set of options for Wi-Fi, because Vista is reported to offer better control over networking and wireless usage. (The Microsoft blog post has been deleted, by the way, with no placeholder. The TechWeb story has quotes from the blog.)

The discussion of "802.11 power save" made things even murkier. The Wi-Fi Alliance approved a test to certify part of 802.11e known as WMM (Wireless Multimedia). WMM as a whole deals with prioritizing packets in different queues so that voice packets can be given priority over ordinary data, and streaming data packets likewise. These queues are only part of the answer--ask Ruckus Wireless and others about that--but within 802.11e, there's an option for reducing power usage through cleverer brief naps while a transceiver isn't active. The alliance calls this WMM Power Save, and just a few devices currently carry that certification standard. (T-Mobile's HotSpot@Home service offers a D-Link router with WMM Power Save for this reason to preserve battery life on its UMA [unlicensed mobile access] handsets that work over Wi-Fi or cellular networks for calls.)

These tiny naps can add up. By catching a few milliseconds here and there, the Wi-Fi Alliance has estimated a 15 to 40 percent improvement in battery life over regular Wi-Fi. This will be significant in phones, games, and cameras where every electron counts.

So what's "802.11 power save"? Ars Technica notes that a power save mode appears in 802.11 specifications, and that different vendors have implemented this in different ways. Vista's default setting for its last version before the product was actually installed on hard drives heading to corporate customers was "Medium Power," which made adapters use this older, uncertified, non-interoperable mode. Because adapters and access points from different manufacturers--perhaps just different models--handle this power save feature differently, "Medium Power" would find APs sending packets when adapters were sleeping.

In the release to manufacture (RTM) version of Vista actually pushed out the door, the setting was change to "Maximum Performance," which disables sleep, and provides the most compatibility. It's unclear whether that setting would disable WMM Power Save--that might be implemented at a lower layer of the stack and only work with compatible devices.

Posted by Glenn Fleishman at 10:01 AM | Permanent Link | Categories: Software, Video

August 28, 2006

Centrino Drivers Have Memory Leak, Now Fixed

By Glenn Fleishman

Intel's security updates for its Centrino Wi-Fi adapters had a memory leak that affected performance: The bug has been fixed in a newer release available from Intel's drivers download page.

Posted by Glenn Fleishman at 4:28 PM | Permanent Link | Categories: Software

July 13, 2006

Tropos Adapts to Handhelds

By Glenn Fleishman

Tropos releases a software update for its mesh-networking hardware designed to improve interaction with handheld devices: The company said in a briefing earlier this week that Adaptive Mesh Connectivity Engine (AMCE) tweaks the mesh nodes' approach to dealing with different end-user devices on a packet-by-packet basis without any changes in the client hardware or software. Each packet, Tropos said, can have a different power output level, and can be customized with specific timing and framing characteristics that work best for a given device. The software is available today to Tropos users with support contracts. No hardware changes are needed.

Ellen Kirk, Tropos's vice president of marketing, said quite accurately, "There is no such thing as a standard Wi-Fi client." (It's also true that not all 802.11a/b/g devices are certified Wi-Fi, and thus a "Wi-Fi" device might not be that at all--it might not conform to interoperability standards required by that mark, which makes a "standard Wi-Fi client" an even harder mark to hit.)

The software also mitigates interference by analyzing the radio frequency noise floor and working around that to better "hear" incoming traffic and produce a usable outgoing signal of the right strength.

Later this year, Tropos will release an update that will use another bag of tricks--some of which I have heard of being deployed in enterprise-scale wireless LAN switched networks--that can force clients to associate with particular nodes rather than allowing the client its choice. While this is a hard-wired MAC (Media Access Control) issue that is very dependent on a particular implementation of 802.11 on the client, there are ways that access points can be clever enough to fool the adapter and make it stay put instead of hopping among multiple choices.

Earlier this year, Tropos released a set of extensions (TMCX) for customer premises equipment (CPE) device makers that would allow the CPE to talk to nodes and negotiate parameters and pass reporting and provisioning information. AMCE doesn't require CPE coordination to produce benefits, Tropos executives said, but rather reduces client variability on the network side by adapting to the Wi-Fi client's needs.

Posted by Glenn Fleishman at 3:25 PM | Permanent Link | Categories: Gadgets, Mesh, Software

March 29, 2006

The Latest Community Wireless Tool

By Glenn Fleishman

2hotspot goes public with its community-organizing Wi-Fi software: The company's software joins a growing array of tools that provide Internet connect sharing and community features, such as discussion boards and chats. The trend I've spotted is that the network is slowly assuming as much importance as the Internet: that is WLAN power is just as great as LAN power in the right place. (Cf., Pulse Point, PlaceSite.)

2hotspot offers a Windows (2000/XP/2003) software package that handles the community features. The setup works with several configurations, although the easiest is either to use a built-in wireless card to create the hotspot or to use a two-port Ethernet card to pass through a broadband modem connection and allow the software to facilitate its insertion into the process.

The software is free, but they've raised funding. Their model? Advertising on community content pages.

Posted by Glenn Fleishman at 11:16 AM | Permanent Link | Categories: Hot Spot, Software | 1 Comment

October 28, 2005

Linux Wireless Abstraction Layer Boosted in Kernel 2.6.14

By Glenn Fleishman

HP-sponsored wireless tools are revved to version 19 in latest Linux kernel: The Linux Wireless Extension and Wireless Tools are driven by HP project leader Jean Tourrilhes, who has a long and generous history in wireless driver work for Linux. The 2.6.14 kernel merges these projects into the kernel itself, making them more widely available with less effort.

Tourrilhes downplays this specific release, but notes that the 802.11 stack now includes HostAP and a set of Centrino drivers that required separate installation. HostAP allows a system to have the majority of features specific to infrastructure access point instead of the more typical ad hoc features available to computers with adapters.

Abstraction has always aided the ease of writing applications on top of drivers by reducing system-specific issues to code that addresses input/output and other housekeeping as a class. An application writer that can access an abstraction layer for any given feature in a driver, such as the improvement in statistics in this release, has less monkeying around to make their programs work with a wider array of hardware. The NDIS5.1 abstraction model in Windows XP is what led to much wider and simpler driver support than under any previous release.

Posted by Glenn Fleishman at 10:28 PM | Permanent Link | Categories: Software

May 2, 2005

Microsoft Adds WPA2 Support to XP

By Glenn Fleishman

Windows XP SP2 Talks WPA2, WPS: Microsoft released this update in the last day or so that adds built-in WPA2 support, including support fro AES via CCMP keys, certain forms of caching, and pre-authentication. It also adds support for WPS IE, a way to pass provisioning information to a client at a public wireless hotspot.

Posted by Glenn Fleishman at 8:12 PM | Permanent Link | Categories: Software

April 15, 2005

Sputnik Offers Dual-Radio APs

By Nancy Gohring

Sputnik is offering a dual-radio AP designed to work as a bridge repeater: Sputnik offers software that lets hotspot operators remotely manage hotspots. The new AP will let operators extend the range of their hotspots to cover larger areas. Sputnik also appears to be targeting the municipal market, arguing that its solution would be less expensive than today's mesh offerings. However, I wouldn't think that the Sputnik offering would be quite as flexible as the mesh deployments which allow for multiple hops enabling coverage to areas that are very hard to backhaul.

Posted by Nancy Gohring at 1:25 AM | Permanent Link | Categories: Software

March 4, 2005

In-Depth Review of Elektron, a Small Office WPA Enterprise Authentication Server

By Glenn Fleishman

Elektron LogoReduced IT burden, increased security for the smaller enterprise: The overall IT burden for small businesses has grown ever larger, which is why it's heartening to see the latest in an ongoing series of efforts by Wi-Fi-related software developers and Wi-Fi hardware manufacturers to provide enterprise-style network offerings with small-business pricing and knowledge in hand.

Elektron from Corriente Networks is a proud member of that family of goods. This RADIUS server is designed with one purpose in mind, rather than the Swiss Army knife approach of Windows 2003 Server or Mac OS X Server: Elektron secures wireless networks using WPA (Wi-Fi Protected Access) Enterprise, a flavor heretofore out of reach of those who couldn't spend thousands of dollars on server software and wanted the largest array of standard 802.1X client support.

WPA Enterprise uses a secured login for each user that's coupled with a unique, regularly updated, long encryption key. This eliminates the problem of a shared key being stolen or socially engineered out of an employee. It also avoids having to enter a new key on every computer on the network whenever the shared key needs to be changed. WPA Enterprise rotates around identity instead of a key.

By using a robust WPA key that's unique, the wireless network layer can be virtually assured of full protection from snoopers. The same amount of care needs to be taken with physical intrusion, in which a cracker gains access to the Ethernet network, but it eliminates over-the-air risks.

Elektron brings this to a small office using standard protocols and software and a server that works under both Mac OS X 10.2.8 and later and Windows XP, 2000, and Server 2003.

Read the rest of this review after the jump...

Read the rest of "In-Depth Review of Elektron, a Small Office WPA Enterprise Authentication Server"

Posted by Glenn Fleishman at 9:36 AM | Permanent Link | Categories: SOHO, Security, Software

February 18, 2005

Wi-Fi Mobile Workgroup Software

By Glenn Fleishman

Colligo offers software for secure, ad hoc workgroups: The software avoids the need for a central server for collaboration over Wi-Fi. Version 4.0, available later in February for $99 per user, secures transactions via IPsec, and offers the kind of group tools for chatting, file exchange, and white-board brainstorming. It can also work as an ad-hoc bridge to connect a group through one user's Internet access.

Posted by Glenn Fleishman at 11:48 AM | Permanent Link | Categories: Road Warrior, Software

December 15, 2004

Sputnik Adds PayPal, Broad Billing Options

By Glenn Fleishman

Sputnik Logo
Sputnik rolls out additional hotspot management features: Sputnik is the little company that could, and I don't mean it patronizingly. The company from its founding has continued to chart the course of best answering the needs of the customers that they find are most in need of their product. Sure, that's the way that all companies should work, but Sputnik has stayed small and focused and their "niche" product has increasingly broad applications as a result.

Their latest addition to their managed access point software package are two important billing options that provide hotspot operators with a great deal of flexibility in accepting payment from their customers at the least ongoing cost.

A PayPal module ($299, 100 APs, no transaction fees) integrates Sputnik's Control Center software into the massive payment system to allow one-time payments for use. Hotspot operators set the price. Interestingly, operators can also opt to work with a third-party, OurWebPortals, that can handle PayPal payments for hotspot access through the Sputnik system for a $50 setup fee and transaction fees based on monthly volume.

A more elaborate module integrates Control Center with Aria Systems' billing and customer management system for handling accounts and fees. This lets hotspot operators set up billing plans while customer can pay by bank transfer or credit card. Aria manages the account infrastructure. This module is $499 for up to 100 APs, with additional fees charged by Aria for their part of the equation.

Posted by Glenn Fleishman at 4:17 PM | Permanent Link | Categories: Hot Spot, Software | 2 Comments

November 23, 2004

PCTel licenses 802.1X Software Developer's Kit

By Glenn Fleishman

PCTel is releasing a package of code developers can use to include 802.1X in their applications: This might seem like a minor note, but it's significant that any software developer creating a program that requires Internet connectivity doesn't have to build an 802.1X stack from scratch, but can license it. (There may be others floating around I'm unaware of.)

With an SDK, as it's called, a software developer doesn't have to build, test, and maintain the code for what is a bit of a moving target for compatibility and standards inside an application that might be focused on other connection issues. For instance, a developer who wanted to release a software package aimed at hotspot users might license a VPN module, an 802.1X module, and other authentication modules, and only need to tie those together and test them as a system instead of maintaining separate codebases for each.

Update: Jim Thompson notes that for companies or projects that can use open-source code--which is a great way to go if your company can cope with those requirements--the Open1x project (Linux) and the derivation for Windows, Wire1x, could be an alternative to PCTel. Open1x doesn't support WPA yet, but the work they've done is quite impressive and ongoing.

Posted by Glenn Fleishman at 10:59 AM | Permanent Link | Categories: Security, Software

September 8, 2004

Boingo Offers Upgraded Connection Software

By Nancy Gohring

Boingo released today the latest version of its connection software: The new version supports 802.1x and Wi-Fi Protected Access and can import profiles from Windows XP, Cisco, and Agere utilities. Boingo will also release an updated software developer kit for its partners that develop custom-branded offerings.

With support for 802.1x, Boingo may be able to attract more business users. T-Mobile has positioned itself as the highly reliable, secure connectivity option for business users but according to a customer care agent the company supports 802.1x at some sites but not all yet.

Posted by Nancy Gohring at 9:44 AM | Permanent Link | Categories: Software

August 6, 2004

Microsoft's Service Pack 2 Says Existing Hotspot Logins Insecure

By Glenn Fleishman

Microsoft's Windows XP Service Pack 2 will be available soon, but they've got a little tweaking to do on their technical documentation: This page explains to developers how Wireless Provisioning Service (WPS) works. Never mind the fact that Service Set Identifier (SSID) is described as the Secure Set Identifier. More importantly, they overstate the current risk level for gateway-page logins at hotspots, a problem that WPS bypasses (with all Microsoft server and client components):

The current connection model for WISP signup and use is not secured. Most Wi-Fi hotspots are configured for open authentication and without data encryption. Users are generally required to launch a Web browser to initially sign up to the WISP service and for subsequent logins. WSP mitigates this threat by adding encryption and authentication to the communications between the client and the wireless network.

No, Mr. Gates, no, no, no. All authentication gateway pages I've visited are SSL-based, meaning that encryption (but not authentication) is already in the transaction. I don't know where they got the most from.

The SSL certificate has to be signed by an approved certificate authority, or a client's Web server would balk, and I haven't seen that kind of self-signed certificate problem that would allow man-in-the-middle attacks. (That is, if you were expecting to be warned about a self-signed certificate, then you might accept even a fake AP's certificate. But if you weren't expecting it, you probably wouldn't accept it.)

Browser based deployment is vulnerable to man-in-the-middle attacks, for example, by a malicious front-end server using a rogue access point. Users queried by this access point might unknowingly be giving away personal identification and credit card information. By eliminating the need for a Web login WSP reduces the vulnerability of WISP users to this type of attack.

This is definitely one of the coolest authentication elements of WPS. The transaction between XP SP2's WPS client and a WPS-equipped hotspot involves quite a lot of quasi-out-of-band confirmation. For instance, an SSL tunnel that's opened in one stage of the authentication is signed by a certificate authority already authorized in the WPS client. (So what's good for the goose should be good for the gander, above, in terms of Microsoft's characterization of hotspot authentication weakness currently.)

Without additional hotspot client software users can not easily detect hotspots and do not have a unified mechanism to sign up to them. It is not easy for users to find out information about the WISP or search for the hotspot locations for that WISP. If users sign up at one hotspot, they are not necessarily configured to automatically use the other hotspots. In addition, there is no standard mechanism to keep their provisioning and configuration information up-to-date.

Of course, this means that Microsoft expects its proprietary, single operating system with service pack, back-end requiring system to solve that problem--the unified mechanism is unified Microsoft software. I'm curious if they'll publish WPS as an open standard that could be overlaid onto FreeRADIUS and Open1x, for instance.

Add-on hotspot client software can help the user access that specific WISP’s network. However, add-on software can also conflict with the wireless services native to the operating system, or client software from other providers potentially causing interoperability problems, even instability of the system as they all attempt to control the wireless settings of entire system. Updates to the WISP configuration usually require updates to the client software. For these reasons, many corporate IT departments are reluctant to deploy 3rd party hotspot client software to their users.

Can I get a hallelujah? Praise Bill! This is part of the secret sauce that iPass and GoRemote bring to the table of the corporate enterprises they primarily serve. They customize their client software, and provide IT support for a unified platform that has security advantages, including policy enforcement (firewall must be on, VPN must be on, and other choices and combinations). Client software provided by other firms, like Sprint PCS's client (based on iPass's), isn't supported at the corporate level in the same way that iPass is: individual users can download and install it, and the authentication is through Sprint PCS's servers (in that case), not through an enterprise's existing authentication infrastructure, as iPass's is.

Now, don't get me wrong. WPS is a very interesting product, and we have to wait and see whether it gains real acceptance beyond those hotspot operators who have interest in the co-marketing dollars or other funds that Microsoft will surely offer. WPS as an idea--allowing a third-party authentication of a certificate coupled with XML-based transfer of standardized data--is a good one, and one that only the largest operating system seller in the world is in a position to distribute on the client side.

In addition to WPS, XP SP2 will include a wizard that will allow simple passing of Wi-Fi configuration information on multiple computers. This seems like a natural outgrowth of Microsoft's now-discontinued home Wi-Fi equipment's configuration tool, unique in encouraging a WEP key and unique in making it easy to configure other machines with the same key (albeit using a floppy disk).

The Wireless Network Setup Wizard provides a means for a Windows user to easily create and propagate network settings using an Extensible Markup Language (XML) schema and removable media.  In the future this XML schema may also be used to transfer settings for wide area networks (WANs), local area networks LANs, as well as wireless LANs (WLANs). However, the XML files created by the Wireless Network Setup Wizard for Windows XP SP2 will only be used to transfer configuration settings for WLANs.

Posted by Glenn Fleishman at 5:53 PM | Permanent Link | Categories: Hot Spot, Software

June 23, 2004

Boingo's Pocket PC Edition Available

By Glenn Fleishman

Boingo Wireless has released their Pocket PC client software for Windows Mobile 2003; Palm version to follow: Boingo has had a Pocket PC beta out for quite a while; their release version appeared today. A version for the Palm Tungsten C is due out this summer.

Posted by Glenn Fleishman at 1:45 PM | Permanent Link | Categories: Hot Spot, Software

June 4, 2004

SoftAP Brings Mac's Simplicity to Windows

By Glenn Fleishman

Apple has offered a software base station feature in its client software for nearly five years; PCTel now brings the same ease to Windows with Segue SoftAP: Under Windows XP, you can set up an ad hoc Wi-Fi network and then link that via Internet sharing to bridge an Ethernet, modem, or other connection to users connecting over Wi-Fi. But it's multiple steps and not really the same thing as creating a full software base station.

Segue SoftAP from PCTel will cost $19.95 when it goes on sale to individuals this month, and offers all of the security and networking features needed for a robust, computer client-based offering. Of course, contrast this offering versus a $30 to $80 dedicated access point, and it might seem like a less desirable offering unless you're a mobile or portable computer user who needs to set up Wi-Fi hotspots on an ad hoc basis. [link via Steve Stroh]

Posted by Glenn Fleishman at 10:58 AM | Permanent Link | Categories: Software

« Security | Main Index | Archives | Spectrum »