From rob at oreillynet.com Wed Aug 1 18:42:12 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 1 Aug 2001 10:42:12 -0700 (PDT) Subject: [BAWUG] Found tons (literally) of wireless stuff for auction (fwd) Message-ID: This just in from BAWUG. Wow. --Rob ---------- Forwarded message ---------- Date: Wed, 1 Aug 2001 10:00:50 -0700 From: Tim Edwards To: BAWUG Subject: [BAWUG] Found tons (literally) of wireless stuff for auction http://www.dovebid.com/auctions/browsewebcast.asp?AuctionID=941 I stumbled across this by accident from a tip on another mailing list. It looks like they have pallets full of 2.4Ghz antennas, outdoor enclosures, etc. I saw one lot of 648 WaveLan Gold turbo cards. The only bummer is that its in Kentucky, but you can arrange shipping. The auction is Friday. tim =-=-=-=-=-=-==-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Tim Edwards, Chief Engineer tim@lifelike.com LifeLike Productions, Inc. http://lifelike.com 2330 Marinship Way, Suite 120 415.332.9442 x218 Sausalito, CA 94965 fax 415.332.0108 =-=-=-=-=-=-==-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -- general wireless list, a bawug thing [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless From rob at oreillynet.com Wed Aug 1 20:22:54 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 1 Aug 2001 12:22:54 -0700 (PDT) Subject: [Fwd: WebSIG WAP mtg in Aug-know about this?] Message-ID: I got this in the mail. Anybody into WAP? I'd rather have 11Mbps for free, thanks... =) --Rob -------- Original Message -------- Subject: WebSIG WAP mtg in Aug-know about this? Date: Fri, 27 Jul 2001 23:14:05 -0700 From: Paul Larkin To: Rob Flickenger Hi, has this already made the NoCATnet rounds, or should it, or do you(se) already know? 14 Aug (Thurs.) the Sonoma County WebSIG has as its monthly meeting "Designing Web Pages for the Wireless--WAP: Wireless Application Protocol", "featuring Steve Kruse, former chief evangelist at Baltimore Technologies & is a member of the PKI Forum." More info at www.SonomaWebSIG.org From adam at sonic.net Wed Aug 1 21:35:18 2001 From: adam at sonic.net (Adam) Date: Wed, 1 Aug 2001 13:35:18 -0700 Subject: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] References: Message-ID: <001e01c11ac9$7ab31570$0201a8c0@hector> Are people really serious about WAP still? I thought, with the economy and all, that everyone was supposed to have sobered up from their punch-drunk. Progress never sleeps I guess ;) -Adam ----- Original Message ----- From: "Rob Flickenger" To: Sent: Wednesday, August 01, 2001 12:22 PM Subject: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] > > I got this in the mail. Anybody into WAP? I'd rather have 11Mbps for > free, thanks... =) > > --Rob > > -------- Original Message -------- > Subject: WebSIG WAP mtg in Aug-know about this? > Date: Fri, 27 Jul 2001 23:14:05 -0700 > From: Paul Larkin > To: Rob Flickenger > > Hi, has this already made the NoCATnet rounds, or should it, or do > you(se) already know? 14 Aug (Thurs.) the Sonoma County WebSIG has as > its monthly meeting "Designing Web Pages for the Wireless--WAP: > Wireless Application Protocol", "featuring Steve Kruse, former chief > evangelist at Baltimore Technologies & is a member of the PKI Forum." > More info at www.SonomaWebSIG.org > From rob at oreillynet.com Wed Aug 1 21:43:18 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 1 Aug 2001 13:43:18 -0700 (PDT) Subject: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] In-Reply-To: <001e01c11ac9$7ab31570$0201a8c0@hector> Message-ID: On Wed, 1 Aug 2001, Adam wrote: > Are people really serious about WAP still? I thought, with the economy and > all, that everyone was supposed to have sobered up from their punch-drunk. > Progress never sleeps I guess ;) I've heard that things are much more interesting with WAP in Japan, where phones run java and have color touch screens. But in the states, there isn't much going on... --Rob > ----- Original Message ----- > From: "Rob Flickenger" > To: > Sent: Wednesday, August 01, 2001 12:22 PM > Subject: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] > > > > > > I got this in the mail. Anybody into WAP? I'd rather have 11Mbps for > > free, thanks... =) > > > > --Rob > > > > -------- Original Message -------- > > Subject: WebSIG WAP mtg in Aug-know about this? > > Date: Fri, 27 Jul 2001 23:14:05 -0700 > > From: Paul Larkin > > To: Rob Flickenger > > > > Hi, has this already made the NoCATnet rounds, or should it, or do > > you(se) already know? 14 Aug (Thurs.) the Sonoma County WebSIG has as > > its monthly meeting "Designing Web Pages for the Wireless--WAP: > > Wireless Application Protocol", "featuring Steve Kruse, former chief > > evangelist at Baltimore Technologies & is a member of the PKI Forum." > > More info at www.SonomaWebSIG.org > > > From adam at sonic.net Wed Aug 1 23:18:35 2001 From: adam at sonic.net (Adam) Date: Wed, 1 Aug 2001 15:18:35 -0700 Subject: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] References: Message-ID: <001a01c11ad7$e7d6cf30$0201a8c0@hector> Ah yes... DOCOMO. I saw some really cool prototypes a while back. Color, touchscreen, video, Java... the whole SMS thing is really big too. Learning to type everything really fast with one hand and a limited number of keys is supposedly a sign of being a hipster. WAP has it's place I guess... it's somewhere between the last-mile and the last-three feet. I'd like to think our group is trying to close the gap that makes WAP possible. I could be wrong here. Anybody care to comment? -Adam ----- Original Message ----- From: "Rob Flickenger" To: "Adam" Cc: Sent: Wednesday, August 01, 2001 1:43 PM Subject: Re: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] > > On Wed, 1 Aug 2001, Adam wrote: > > > Are people really serious about WAP still? I thought, with the economy and > > all, that everyone was supposed to have sobered up from their punch-drunk. > > Progress never sleeps I guess ;) > > I've heard that things are much more interesting with WAP in Japan, where > phones run java and have color touch screens. But in the states, there > isn't much going on... > > --Rob > > > ----- Original Message ----- > > From: "Rob Flickenger" > > To: > > Sent: Wednesday, August 01, 2001 12:22 PM > > Subject: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] > > > > > > > > > > I got this in the mail. Anybody into WAP? I'd rather have 11Mbps for > > > free, thanks... =) > > > > > > --Rob > > > > > > -------- Original Message -------- > > > Subject: WebSIG WAP mtg in Aug-know about this? > > > Date: Fri, 27 Jul 2001 23:14:05 -0700 > > > From: Paul Larkin > > > To: Rob Flickenger > > > > > > Hi, has this already made the NoCATnet rounds, or should it, or do > > > you(se) already know? 14 Aug (Thurs.) the Sonoma County WebSIG has as > > > its monthly meeting "Designing Web Pages for the Wireless--WAP: > > > Wireless Application Protocol", "featuring Steve Kruse, former chief > > > evangelist at Baltimore Technologies & is a member of the PKI Forum." > > > More info at www.SonomaWebSIG.org > > > > > > From jnye20 at t-3.cc Fri Aug 3 02:27:12 2001 From: jnye20 at t-3.cc (Jeff Nye) Date: Thu, 2 Aug 2001 19:27:12 -0600 Subject: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] In-Reply-To: Message-ID: Hello, Does anyone know of a loadable module for the WRP image that supports Prism2 cards? Please respond ASAP! Jeff From steveh at oreilly.com Fri Aug 3 19:34:15 2001 From: steveh at oreilly.com (Steve Hazelwood) Date: Fri, 03 Aug 2001 11:34:15 -0700 Subject: Ultimate Antenna Page Message-ID: <4.3.2.7.2.20010803113227.00af7e50@pop3.west.ora.com> For all the formulas and how to's on microwave antennas http://www.qsl.net/n1bwt/contents.htm _________________________________________________________________ Steve Hazelwood Returns Coordinator O'Reilly & Associates, Inc "Ask Someone Who Knows" www.oreilly.com Phone 800.998.9938 x766 -- Fax 800.997.9901 _________________________________________________________________ From rob at oreillynet.com Fri Aug 3 23:10:25 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Fri, 3 Aug 2001 15:10:25 -0700 (PDT) Subject: Monthly Meeting, 8/6/01 Message-ID: Hello all-- It's that time again. Come to the monthly NoCat Wireless meeting this Monday, 8/6 at O'Reilly & Associates. We'll get started at 6:30, and go until about 8:30. For directions, see http://nocat.net/directions.html . This month: * NoCatAuth (our open source catch-and-release portal) turns 0.30! Try it out for yourself at the meeting. * OSCon wireless recap: the top five things NOT to do when providing wireless access. Plus wackiness and tomfoolery with a Stylistic, a couple of radios, and the hotel network. * NetStumbler demo: Find out Who's doing What with this free network discovery and mapping tool. ...Plus the usual assortment of wireless shenanigans. Let me know if there's any interest in Pizza, and I'll order it. See you there! --Rob From larkin at jps.net Sat Aug 4 21:41:48 2001 From: larkin at jps.net (Paul Larkin) Date: Sat, 04 Aug 2001 13:41:48 -0700 Subject: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] References: Message-ID: <3B6C5E0C.7D1E6D55@jps.net> I don't know. I hadn't decided which meeting to attend (NBLUG meets at the same time and date). If you can email a question to me, that you would ask yourself to the WAP "expert" (?) speaking at the WebSIG, and if there's any others who would rather attend NBLUG, I would attend the WebSIG with questions from you(se). Or, if I choose to go to NBLUG, I could get the expert's email address-or you could, via the WebSIG's contact person. Jeff Nye wrote: > Hello, > Does anyone know of a loadable module for the WRP image that supports > Prism2 cards? Please respond ASAP! > > Jeff From mslimmer at veritas.com Sat Aug 4 21:53:09 2001 From: mslimmer at veritas.com (Max Slimmer) Date: Sat, 4 Aug 2001 13:53:09 -0700 Subject: stylistic memory Message-ID: I found a source for memory for the stylistic 1000. 8mb $32 http://www.datamem.com/fujitsu.asp Max Slimmer Solutions Architect eMail: Max.Slimmer@veritas.com DR/Business Continuity Office:(707)823-4156 VERITAS Software Inc. Cell: (707)280-9299 From perdo at sonic.net Sun Aug 5 10:18:41 2001 From: perdo at sonic.net (Jason Pippin) Date: Sun, 5 Aug 2001 02:18:41 -0700 Subject: [NoCatNet] Monthly Meeting, 8/6/01 References: Message-ID: <000c01c11d8f$9e90c0a0$0200a8c0@thunderbird> I can just imagine all these guys on the forum saying to themselves "moron" Thank you Dale Newman for the clue. Blessed not "Crucial PC150 Cas 2" but "Corsair PC150 Cas 2" I don't even think Crucial makes PC150, being a micron direct OEM dealer, certainly not at cas 2. Cas 2 150 is not even available in dim sizes exeeding 256mb. While pc133 cas 2 will run at pc150 cas 3, there is no good reason to do this. You have not actually increased your memory bandwidth but have overclocked your pci bus to overclock your processor. Fortunatly the Thunderbird at 1.2 and above come multiplier unlocked at the factory, making overclock by fsb adjustments unneccessary. If however you have memory that will not have to be run at higher latency margins (cas 3 @ 150) and select pci and ide devices that tolerate higher pci bus speeds the gains achieved can be substantial. Even the best PCI devices get tempermental at speeds as low as 39 mhz, which equate to 156 fsb with a 1/4 PCI diviider. Since the first "quality" pci card to have trouble at those speeds is the popular sound blaster live! series, and they carry known potential IDE data corruption issues, I simply do not recomend them. That makes my motherboard choice, the KK266, an even better candidate since it has c-media onboard audio supporting dolby 4.1, in turn fully supported under linux. Save $100 pass go and rip mp3s. Interestingly, Iwill plans on integrating a phillips chip supporting dolby 5.1 on a higher end version of the KK266, which I cannot find on any linux hardware compatibility lists. Ultimately, a computer running 10.5/133fsb @ 1400 is much slower than a computer running 8.5/165 @ 1400 unless it has a severely crippled integer logic unit and an overly long pipeline to achieve an artificially high, but extremly marketable, absolute clock speed and a 400 mhz fsb damn the spell cheker, full speed ahaed. From bbrady at 10fold.com Sun Aug 5 20:45:53 2001 From: bbrady at 10fold.com (Bill Brady) Date: Sun, 05 Aug 2001 12:45:53 -0700 Subject: Is you 8/6/01 meeting open to the public Message-ID: This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_F7ADAC6C.05640221 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I'm interested in starting a community sponsored wireless newtork in Marin = county. May I attend your meeting? Thanks! Bill Bill Brady TenFold Corporation www.10fold.com voice: 415-271-0434 fax: 415-789-1389 textpage: bbrady@myvzw.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the TenFold Postmaster (postmaster@10fold.com). ********************************************************************** --=_F7ADAC6C.05640221 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
I'm interested in starting a community sponsored wirele= ss=20 newtork in Marin county. May I attend your meeting?
Thanks!
 
Bill
 
 
 
Bill Brady
TenFold Corporation
www.10fold.com
voice:  &nbs= p;   =20 415-271-0434
fax:         &= nbsp;=20 415-789-1389
textpage:  bbrady@myvzw.com


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the TenFold Postmaster (postmaster@10fold.com).
**********************************************************************
 --=_F7ADAC6C.05640221-- From paul at klodepark.com Mon Aug 6 04:22:07 2001 From: paul at klodepark.com (Paul) Date: Sun, 5 Aug 2001 22:22:07 -0500 Subject: [NoCatNet] Monthly Meeting, 8/6/01 References: <001f01a8fd7d$90f91360$0100a8c0@sonic.net> <20010805124016.B27904@zouave.sonic.net> <001001a8fe75$b034d7c0$0100a8c0@sonic.net> Message-ID: <001901c11e26$f9261e60$0701a8c0@nsmicro.com> PCMCIA wireless card question. On the Seattle Wireless site both the Cisco/Aironet and the Compaq Card (WL100?) show up as a 100mw card. http://seattlewireless.net/index.cgi/HardwareComparison Anyone have good experiances with the Compaq card? Is is just relabeled? or is the Seattle wireless info wrong? The compaq web site appears about useless for info on this card. From rob at oreillynet.com Mon Aug 6 06:25:27 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Sun, 5 Aug 2001 22:25:27 -0700 (PDT) Subject: [NoCatNet] Is you 8/6/01 meeting open to the public In-Reply-To: Message-ID: On Sun, 5 Aug 2001, Bill Brady wrote: > I'm interested in starting a community sponsored wireless newtork in > Marin county. May I attend your meeting? Thanks! Of course! All of our meetings are open to the public. Where do you live? What do you have in mind? =) --Rob From colin at marquardt-home.de Thu Aug 2 07:49:05 2001 From: colin at marquardt-home.de (Colin Marquardt) Date: 01 Aug 2001 23:49:05 -0700 Subject: [NoCatNet] [Fwd: WebSIG WAP mtg in Aug-know about this?] In-Reply-To: (Rob Flickenger's message of "Wed, 1 Aug 2001 13:43:18 -0700 (PDT)") References: Message-ID: Rob Flickenger writes: > On Wed, 1 Aug 2001, Adam wrote: > > > Are people really serious about WAP still? I thought, with the economy and > > all, that everyone was supposed to have sobered up from their punch-drunk. > > Progress never sleeps I guess ;) > > I've heard that things are much more interesting with WAP in Japan, where > phones run java and have color touch screens. But in the states, there That's imode, not WAP. Almost full HTML AIUI. Cheers, Colin -- YYURYYUBICURYY4ME. From terry at nycwireless.net Mon Aug 6 14:54:15 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Mon, 6 Aug 2001 09:54:15 -0400 Subject: [NoCatNet] Monthly Meeting, 8/6/01 Message-ID: <002101c11e7f$48087c00$170a0a0a@elfnyh1> The card referenced on the SeattleWireless site is the old compaq card, and probably no longer available as new through retail channels.. The new one WL110 is just a rebranded Lucent Card, i.e. just 30mW, not 100mW. The PCI version is just a PCMCIA Lucent Rebranded in a PCI carrier. --Terry > On the Seattle Wireless site both the Cisco/Aironet and the Compaq Card > (WL100?) show up as a 100mw card. > > http://seattlewireless.net/index.cgi/HardwareComparison > > Anyone have good experiances with the Compaq card? Is is just relabeled? or > is the Seattle wireless info wrong? The compaq web site appears about > useless for info on this card. From phanson at mail.ns-micro.com Mon Aug 6 17:14:02 2001 From: phanson at mail.ns-micro.com (PLH-NSM) Date: Mon, 6 Aug 2001 11:14:02 -0500 (CDT) Subject: [NoCatNet] Monthly Meeting, 8/6/01 In-Reply-To: <002101c11e7f$48087c00$170a0a0a@elfnyh1> Message-ID: So is the "old" Compaq WL100 a 100mw card? -Paul On Mon, 6 Aug 2001, Terry Schmidt wrote: > The card referenced on the SeattleWireless site is the old compaq card, and > probably no longer available as new through retail channels.. The new one > WL110 is just a rebranded Lucent Card, i.e. just 30mW, not 100mW. The PCI > version is just a PCMCIA Lucent Rebranded in a PCI carrier. > > --Terry > > > On the Seattle Wireless site both the Cisco/Aironet and the Compaq Card > > (WL100?) show up as a 100mw card. > > > > http://seattlewireless.net/index.cgi/HardwareComparison > > > > Anyone have good experiances with the Compaq card? Is is just relabeled? > or > > is the Seattle wireless info wrong? The compaq web site appears about > > useless for info on this card. > From terry at nycwireless.net Mon Aug 6 17:43:35 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Mon, 6 Aug 2001 12:43:35 -0400 Subject: [NoCatNet] Monthly Meeting, 8/6/01 References: Message-ID: <005401c11e96$efc09d30$c47a5c42@ELFNY05> Yes the "old" Compaq WL100 (both PCI and PCMCIA) are 100mW. http://www.seattlewireless.net/index.cgi/CompaqCardComments "I tried out the wl100 (pcmcia version) on a loaner CompaqIpaq by walking around my node with the diagnostic tools. The card doesn't appear to have the range of the CiscoAironet or the LucentWirelessCard, but it may be an artifact of the PDA itself. It would be interesting to test this out in an actual laptop or ipaq with linux installed." --MattWestervelt The Compaq WL100 is still available new at some locations $128: http://www.pricegrabber.com/search_getprod.php?masterid=216383&search=wl100& ut=a04fa2a155d725c0 but just spend the $30 bucks more and get the Cisco 350 series 100mW card with the best receive sensitivity in the market for $158.26. What I have learned though is that receive sensitivity is often more important than output power. http://www.freenetworks.org/index.cgi/ReceiveSensitivity 30mW = 15dBm vs 100mW = 20 dBm a difference of 5 dbm The Cisco & Lucent card have a receive sensitivity of -94 dBm at 1mbps, while a Addtron card has a receive sensitivity of -80 dBm at 1mbps, a difference of 14 dBm, much bigger than the power difference between a lucent and a cisco. --Terry From Steven Lybeck" Hey everyone, I'm a high school student at El Molino out here in Forestville. Myself and a few friends are interested in coming to the meeting tonight and hopefully contributing some work to this project, so I was just wondering if there's anything we should/can bring tonight to help out. We're all very proficient with pcs and are learning networking/etc... so whatever we can contribute, it would be nice to know. Thanks! Steven Lybeck steven@epochmedia.net http://www.epochmedia.net/ _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From rob at oreillynet.com Mon Aug 6 21:13:36 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Mon, 6 Aug 2001 13:13:36 -0700 (PDT) Subject: [NoCatNet] Meeting tonight In-Reply-To: <007301c11eb3$8abe6f80$8a665d3f@lybeck> Message-ID: On Mon, 6 Aug 2001, Steven Lybeck wrote: > I'm a high school student at El Molino out here in Forestville. Myself > and a few friends are interested in coming to the meeting tonight and > hopefully contributing some work to this project, so I was just wondering if > there's anything we should/can bring tonight to help out. If you have one, bring your laptop and 802.11b gear. Wireless access will be provided (hopefully. =) Also bring a couple of dollars for Pizza if you're gonna eat it. > We're all very proficient with pcs and are learning networking/etc... so > whatever we can contribute, it would be nice to know. The priority right now (as far as I'm concerned) is getting nodes online. We'll be going over exactly what you need to do that tonight. See you there! --Rob From rich at testingrange.com Mon Aug 6 23:44:08 2001 From: rich at testingrange.com (Rich Gibson) Date: Mon, 6 Aug 2001 16:44:08 -0600 (MDT) Subject: Shameless Plug... In-Reply-To: <001f01a8fd7d$90f91360$0100a8c0@sonic.net> Message-ID: > > References: Rich Gibson, fellow nocatter, who owns the system I've described > and Evan, Owner of the Electronic Warrior on 4th ave Santa Rosa, who owns 4 > similar systems I built and will upgrade 20 more over the next few months. I totally support Jason. The system that I have totally rips. It is so cool that for the first two weeks I didn't want to leave the house, even to go diving. (but that 60 gb drive is mighty small :-) Rich Gibson Rich@testingrange.com http://www.testingrange.com From redrover at sleepydog.com Tue Aug 7 16:58:29 2001 From: redrover at sleepydog.com (John Morehead) Date: Tue, 07 Aug 2001 08:58:29 -0700 Subject: Risks in hosting a Nocat node Message-ID: <5.1.0.14.2.20010807082649.0382fdd0@mail.monitor.net> I plan to set up a node for our nocat community wireless project. In our meetings we have briefly discussed some of the risks involved in doing this (i.e., bandwidth hogging, home network intrusion, using my internet connection to perform some kind of electronic vandalism). We have also talked about ways that these risks might be minimized (bandwidth throttling, gateways and filtering). Does anyone see other ways that I would be exposed by hosting a nocat node? Are the risks that we know about adequately addressed? I especially want to make sure that I am not opening some back door to my home network. I am satisfied that the authentication model proposed by Rob and Schuyler is workable for our community wireless project. It is a good clean design that handles user authentication well. I can't think of an easy way to defeat the system, provided everything is working as advertised. I know that others have similar concerns to mine, and I am interested to see what other folks think about this. John ~ ~ w o o f ~ ~ w o o f ~ ~ http://sleepydog.com ~ ~ From marcm at lectroid.net Tue Aug 7 17:33:24 2001 From: marcm at lectroid.net (Marc Matteo) Date: Tue, 7 Aug 2001 09:33:24 -0700 Subject: [NoCatNet] Risks in hosting a Nocat node Message-ID: <004d01c11f5e$ade9eba0$6501a8c0@lectroid.net> Well, I've only been lurking on this list for a short time, I'm from (east of) Sacramento and am looking to start or be involved in a community wireless network up here. Anyway, I've wondered about those very same security issues. Unfortunatly, I haven't yet looked at the NoCat software to see exactly how it works but I've addressed most of the security issues in my own mind (I rolled my own equivilent to the WRP for my own use) but one issue that I wonder about is shenanigans within the wireless network itself. Am I correct in assuming that NoCatNet is essentially ad-hoc based? If that's the case, is there anything stopping User-A from directly attacking User-B? If not and User-B gets attacked on your network, what are YOUR liabilities? I've thought about adding Snort or something to the wireless gateway but I'm not sure how effective that would be (can you run in promiscuous mode on a wireless net?) and even if it worked what could you do to stop the attack. Just my musings... Marc From jlf at speakeasy.org Tue Aug 7 11:07:17 2001 From: jlf at speakeasy.org (Josh Feinstein) Date: Tue, 7 Aug 2001 10:07:17 -0000 Subject: Bizarro world (i.e. Starbucks) nocatauth Message-ID: I was in my friendly neighborhood cafe this morning at a window table facing the Starbucks across the street, when I stumbled onto their ver$ion of nocatauth. I'm not sure of the etiquette regarding sending attachments to the list, so there's a screenshot at http://www.speakeasy.org/~jlf/mobilestar_login.jpg -- they seem to have a similar setup, issuing IP addresses freely but redirecting to their login page if not yet authorized. Josh From mattgould4 at yahoo.ca Tue Aug 7 23:45:41 2001 From: mattgould4 at yahoo.ca (Matt Gould) Date: Tue, 7 Aug 2001 19:45:41 -0300 Subject: Regarding http://nocat.net/nocatrfc.txt Message-ID: <918A63AA3909D311A8E70060B06A54052C62E4@NAVITRAKSRV01> A couple questions/comments on this: - with your MAC-address-determined DHCP-assigned IP address idea, will all gateways be instructed to restrict traffic to that unique 10.x.x.x IP address as soon as traffic from that address is detected on another gateway? For example, a gateway could have a very short timeout (1-5 sec.) that checks with the Auth server to make sure that there is no traffic from that IP on any of the other gateways (that the original user has roamed onto). If you don't do this, then someone who is packet sniffing on a gateway would be able to "steal" that IP and use it when the authenticated user leaves, for as long as the "long" Auth timeout is.. Does this make sense? - assuming that the central Auth server has already authenticated a specific user (MAC address) and assigned an IP (based on that MAC address). When the user roams to another gateway, the old gateway is instructed to stop passing traffic through for that user? If this isn't the case, illegitimate users could pass traffic through a different gateway than the authenticated user is on, presumably forever if the real user stays on one gateway 24/7, and the illegitimate user can then stay on another gateway as well. If this isn't the case (old gateways are instructed to restrict access as soon as the authenticated user starts passing traffic through new gateway, which notifies the central Auth server of this) then illegitimate users would be able to force Denial of Service by using the same IP address to pass traffic through any gateway on the system, forcing the gateway that the authenticated user is on to block their traffic. - what do you do for devices that don't have a web browser, such as the Symbol 802.11b IP phones? I assume that in this case, the central Auth server can be set to always allow traffic from that MAC address? - can the central Auth server instruct all gateways to ignore traffic requests from banned MAC addresses (say, from someone grabbing the IP address that is permanently assigned as "open" to a browserless device like a wireless VoIP phone), or is it too easy to spoof MAC addresses with wireless LAN cards? - what do you do if the person running a gateway has a DSL connection that uses a NAT configuration whereby a 10.x.x.x address is assigned via DHCP to the client, but tied to a real IP at the headend? My DSL provider (ILEC in Eastern Canada) does this. Is the software on the gateway device able to assign a 10.x.x.x IP to the 802.11b card but also have a 10.x.x.x address from the wired LAN card (possibly even the same address) and not confuse the two? - just one more - do most 802.11b card drivers support default networking "scanning" so that the card will pick up any AP, any channel, any SSID without having to have it specified? I used a Cisco 350 card for a while, and I don't think it did this. Is the intention that various wireless freenets who use the NoCat package all use the same SSID, and therefore require users wishing to use that network to manually define the SSID in their driver settings? thanks, MAtt Matt Gould Navitrak International Corporation 1660 Hollis Street, Suite 904 Halifax NS B3J1V7 mgould@navitrak.ca (902) 429-1438 From paul at klodepark.com Wed Aug 8 01:02:52 2001 From: paul at klodepark.com (Klodepark) Date: Tue, 7 Aug 2001 19:02:52 -0500 Subject: [NoCatNet] Way off Topic - Linux Xfree86 References: <918A63AA3909D311A8E70060B06A54052C62E4@NAVITRAKSRV01> Message-ID: <000b01c11f9d$77dd4180$0701a8c0@nsmicro.com> I hate to go way off topic - however I am trying to get my Fujitsu Color Stylistic 1200 working wireless and am wondering if anyone can tell me where to download a Xfree86 config file (3.x.x or 4.x.x). Or email me a copy. Thanks -Paul From schuyler at oreilly.com Wed Aug 8 01:15:51 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Tue, 07 Aug 2001 17:15:51 -0700 Subject: [NoCatNet] Regarding http://nocat.net/nocatrfc.txt References: <918A63AA3909D311A8E70060B06A54052C62E4@NAVITRAKSRV01> Message-ID: <3B7084B7.30481992@oreilly.com> Matt Gould wrote: > > ... someone who is packet sniffing on a gateway would be > able to "steal" that IP and use it when the authenticated user leaves, for > as long as the "long" Auth timeout is.. Does this make sense? Yes, this is a known potential issue, which is why we recommend setting the hard gateway timeout to something like 10 mins or less. As soon as the gateway times out the connection, there should be no way a bad guy can renew it. As for MAC-hashed DHCP assignments, that was something proposed for a mobile IP solution that we've kind of felt isn't quite worth the effort needed to really make it work. Right now, if you want to roam between NoCat nodes, you'll have to get a new lease and log back in. Realistically speaking, how often do people think this will be a considerable inconvenience? > - what do you do for devices that don't have a web browser, such as the > Symbol 802.11b IP phones? I assume that in this case, the central Auth > server can be set to always allow traffic from that MAC address? Yes, but if that MAC address is discovered (and it is public information), it can be used by a would-be bad guy. At present, I don't know of any wireless cards with alterable MAC addresses, but if they don't exist already, it's only a matter of time. If there are any other ways of accomplishing authentication securely in the absence of HTTPS and/or SSL, I'd be interested to hear about it. > - what do you do if the person running a gateway has a DSL connection that > uses a NAT configuration whereby a 10.x.x.x address is assigned via DHCP to > the client, but tied to a real IP at the headend? My DSL provider (ILEC in > Eastern Canada) does this. Is the software on the gateway device able to > assign a 10.x.x.x IP to the 802.11b card but also have a 10.x.x.x address > from the wired LAN card (possibly even the same address) and not confuse the > two? Well, you'd use a different private address on the inside, like 172.16.x.x. However, this is a problem for NoCatAuth, in that the Auth Service needs to be able to connect back to your gateway process. Ordinarily, this would be accomplished by enabling port forwarding on the public side of your firewall, but in this case the telco owns the public side of your firewall. There are only two solutions we've found to this problem. Either (a) the gateway ALSO connects out over HTTPS to the Auth Service to discover the outcome of the client's authentication (so-called "connect-forward", to distinguish from the auth service's "connect back" to the gateway), which would mean we'd need to deploy SSL etc. to the gateways also; or (b) you tunnel all traffic to/from the gateway to a live IP somewhere else on the 'Net. We used vtun for (b) while hacking in the hotel at OSCon, and although it required a kernel patch and was bandwidth intensive, it did work. Our vtun configuration and initialization scripts are included with the NoCatAuth distribution as one example of how this can be accomplished. Realistically speaking, more and more of the Internet is being NAT'ed, and (a) is probably the more reasonable solution. It would make the existing authentication scheme more complicated (and more failure prone), but it could be made to work. We elected not to do it only because we feel the scheme described in the white paper would be easier to implement. As such, "connect-forward" gateway notification will probably be implemented at some point, and in the meantime, patches are most certainly welcome. > - just one more - do most 802.11b card drivers support default networking > "scanning" so that the card will pick up any AP, any channel, any SSID > without having to have it specified? AFAIK, if you set your card's ESSID to "ANY", you should be able to associate to any bona-fide AP with WEP turned off (which is what we recommend). SDE From rob at oreillynet.com Wed Aug 8 01:39:17 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Tue, 7 Aug 2001 17:39:17 -0700 (PDT) Subject: [NoCatNet] Regarding http://nocat.net/nocatrfc.txt In-Reply-To: <3B7084B7.30481992@oreilly.com> Message-ID: On Tue, 7 Aug 2001, Schuyler Erle wrote: > Matt Gould wrote: > > - just one more - do most 802.11b card drivers support default networking > > "scanning" so that the card will pick up any AP, any channel, any SSID > > without having to have it specified? > > AFAIK, if you set your card's ESSID to "ANY", you should be able to > associate to any bona-fide AP with WEP turned off (which is what we > recommend). Some cards (like the Xircom) will scan to any available network if the ESSID is left blank. Check your radio docs for how to do this; I haven't encountered a card that doesn't support the "gimme any network" concept. --Rob From mslimmer at veritas.com Wed Aug 8 04:17:59 2001 From: mslimmer at veritas.com (Max Slimmer) Date: Tue, 7 Aug 2001 20:17:59 -0700 Subject: Stylistic memory Message-ID: It turns out that the 8mb of memory I ordered for $35 is no longer stocked, so they are supplying 32MB instead for the same price. I told them that would be OK :-) Any one interested http://www.datamem.com/fujitsu.asp Max Slimmer Solutions Architect eMail: Max.Slimmer@veritas.com DR/Business Continuity Office:(707)823-4156 VERITAS Software Inc. Cell: (707)280-9299 From marcm at lectroid.net Wed Aug 8 05:14:24 2001 From: marcm at lectroid.net (Marc Matteo) Date: Tue, 7 Aug 2001 21:14:24 -0700 Subject: [NoCatNet] Regarding http://nocat.net/nocatrfc.txt References: <918A63AA3909D311A8E70060B06A54052C62E4@NAVITRAKSRV01> <3B7084B7.30481992@oreilly.com> Message-ID: <001d01c11fc0$9b7061e0$0ddfa8c0@lectroid.net> > Yes, but if that MAC address is discovered (and it is public > information), it can be used by a would-be bad guy. At present, I don't > know of any wireless cards with alterable MAC addresses, but if they > don't exist already, it's only a matter of time. Interestingly enough, the Orinoco Client Manager up until their latest Summer release had this functionality. It seems to be suddenly gone now :). Marc From benh at jpj.net Wed Aug 8 14:06:19 2001 From: benh at jpj.net (Ben Hockenhull) Date: Wed, 8 Aug 2001 08:06:19 -0500 Subject: [NoCatNet] Regarding http://nocat.net/nocatrfc.txt In-Reply-To: <3B7084B7.30481992@oreilly.com> References: <918A63AA3909D311A8E70060B06A54052C62E4@NAVITRAKSRV01> Message-ID: >> - what do you do for devices that don't have a web browser, such as the >> Symbol 802.11b IP phones? I assume that in this case, the central Auth >> server can be set to always allow traffic from that MAC address? > >Yes, but if that MAC address is discovered (and it is public >information), it can be used by a would-be bad guy. At present, I don't >know of any wireless cards with alterable MAC addresses, but if they >don't exist already, it's only a matter of time. Cisco Aironet cards support the setting of a user-defined MAC. The Lucent cards did as well. In fact, just about ANY ethernet card, wireless or not, will allow changing of the burned in MAC address. It's just a question of how easy the driver and client software make this. MAC address athentication is convenient, but far from actually secure. Ben From mgould at navitrak.ca Wed Aug 8 16:03:48 2001 From: mgould at navitrak.ca (Matt Gould) Date: Wed, 8 Aug 2001 12:03:48 -0300 Subject: FW: ptp digest, Vol 1 #260 - 14 msgs Message-ID: <918A63AA3909D311A8E70060B06A54052C62E8@NAVITRAKSRV01> Thanks for your replies to my questions yesterday, gents. You might find this interesting... cheers, Matt -----Original Message----- From: Matt Gould [mailto:mattgould4@yahoo.ca] Sent: Wednesday, August 08, 2001 11:57 AM To: ptp@lists.spack.org Cc: bob@cringely.com; larry@spack.org Subject: Re: ptp digest, Vol 1 #260 - 14 msgs Adam, you might want to add this to the PTP "todo" list... I've been thinking about it for a while, and I can forsee it becoming an issue in the future for free community wireless networks. Create a positioning statement / press release / media kit that can be used if (I suspect when) DSL and cablemodem providers change their terms of use to disallow bandwidth sharing. Most contracts don't make any mention of it, but some do say that you can't connect more than one computer. When most of these legalese was designed way back, I suspect that it was some Marketing genius' idea of leaving things open to gouge people in the future for home LANs. I used for work for the telco (on a TV-over-DSL product, actually), and I know what goes on there. They couldn't put together a decent home networking offering to save their lives (they best they came up with was CAT5 stapled to your baseboard by a $50/hr technician), and backbone bandwidth costs are not really taken into costing considerations (ie. increased costs from bandwidth sharing). I suspect that telcos who offer DSL won't do anything about revising their terms of use until some fool in Marketing starts panicking everyone by passing around free wireless networking project URLs and claiming that they're going to lose their customer base (which hopefully they will). I think then they'll make a rash move of revising their terms of service so that they can harass people doing WLAN projects from their residential DSL service. As long as they've got significant market share, they can get away with it without worrying too much about customers jumping to competitors, especially if their competition toes the line... This is one of the reasons I think it would be useful to be able to design a Gateway/Auth Portal solution (like the nocat.net setup) that allows gateways to VPN/IPSec their traffic out onto the internet, and send it to a central VPN box (could also be the Auth server) somewhere that performs that actual backbone internet connectivity. This way, telcos and cablecos can't snoop packets and determine that there's a big NAT network being run on the end of their residential broadband service. I think that when telcos/cablecos start revising their terms of service, it would be useful to have a canned response already prepared by PTP and others that would address some of the fundamental issues surrounding free wireless networks in a way that is understandable and appealing to casual observers. Marketing types at telcos generally shit themselves when newspapers and the general public start calling to ask "why are you trying to short circuit community wireless networking projects that are trying to extend essential connectivity to have-nots who can't afford access or to whom access isn't available because _you_ chose not to extend your network footprint", or something like that. Maybe Robert Cringely might write something up. I've read a few of his "I, Cringely" columns and he's very eloquent and adept at crafting pieces that get readers "envisioning" the scenarios that he constructs. (see: http://www.pbs.org/cringely/pulpit/pulpit20010802.html) :) cheers, Matt > > Message: 1 > Date: Tue, 7 Aug 2001 14:39:54 -0700 (PDT) > From: Adam Shand > To: > Subject: Re: [ptp] Tribune article > Reply-To: ptp@lists.spack.org > > > > The photo in the article is just great! Having Adam in sneakers and on a > > residential roof sets a grassroots tone for the story. > > i wish i didn't look like a converse commercial. i should have had my > docs on :-) > > > "Group members have yet to achieve even one home-to-home antenna hook > > up" - is that right? I thought there were at least a couple point to > > point links up. > > this is correct, depending on how you look at it. see my other response. > > > sharing them is great but Ill bet 99% of DSL end-user agreements > > forbid sharing the connection. > > actually that is not (yet) true. there is nothing forbiding any form of > reuse in my dsl contract. with cable modems our non-legal opinion is that > so long as you aren't reselling you're in the clear. > > > Overall this is a great article with lots of accurate insight and lots > > people getting their turn in the spotlight. Plus that photo is really > > cool :). Congrats, guys. > > i actually wish they'd used oen of the pictures looking the otherway so > you could actually see mt. hood and my line of site. but yeah, it's a > nice picture. > > > ps. Adam did you intend for the shmoo group to get free advertising? > > nope, i only have one laptop, but i'm not upset about it :) > > adam. > > __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From rob at oreillynet.com Wed Aug 8 19:26:40 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 8 Aug 2001 11:26:40 -0700 (PDT) Subject: [NoCatNet] Stylistic memory In-Reply-To: Message-ID: On Tue, 7 Aug 2001, Max Slimmer wrote: > It turns out that the 8mb of memory I ordered for $35 is no longer stocked, > so they are supplying 32MB instead for the same price. I told them that > would be OK :-) They did the same thing to me. Only I ordered the $60 16Mb ram (and got 32Mb instead!) Think I'll put in an order for a couple of those 8's... I'm sure we'll find a use for Stylistic ram. --Rob From rob at oreillynet.com Wed Aug 8 19:27:41 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 8 Aug 2001 11:27:41 -0700 (PDT) Subject: [NoCatNet] Stylistic memory In-Reply-To: Message-ID: Correction: They've removed the 8 and 16Mb, and have reduced the 32Mb to $35! woo-HOO! --Rob On Tue, 7 Aug 2001, Max Slimmer wrote: > It turns out that the 8mb of memory I ordered for $35 is no longer stocked, > so they are supplying 32MB instead for the same price. I told them that > would be OK :-) > Any one interested http://www.datamem.com/fujitsu.asp > > Max Slimmer > Solutions Architect eMail: Max.Slimmer@veritas.com > DR/Business Continuity Office:(707)823-4156 > VERITAS Software Inc. Cell: (707)280-9299 > From rob at oreillynet.com Wed Aug 8 20:33:56 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 8 Aug 2001 12:33:56 -0700 (PDT) Subject: BAWUG meeting for August Message-ID: This was just posted to BAWUG. Anybody else up for the trip next Thursday? I've been to the last two, and they're quite good (lots of people, lots of topics covered...) As it's in Oakland, there will likely be carpooling... --Rob ---------- Forwarded message ---------- Date: Wed, 8 Aug 2001 12:13:30 -0700 From: raines To: wireless@lists.bawug.org Subject: Re: [BAWUG] Meeting? The August BAWUG meeting will be held the evening of Thursday, August 16, at Swan's Market Cohousing in downtown Oakland, CA. 1 block from 12th St. BART (12 minutes from downtown SF) or AC Transit "A" Transbay bus from SF and dozens of local lines; plenty of onstreet parking; a short walk from the ferry from SF. Note that RSVP is REQUIRED for this meeting for security and so we can provide enough chairs and, for those who want it, food. To get the address and directions, write to one of the following addresses: If you would like a homemade vegetarian dinner available for you at the meeting (Gazpacho soup, spinach salad, bread, and ice cream, donation $5), write to: bawug-dinner-rsvp@swansmarket.com The deadline for dinner RSVPs is Wed 8/15 midnight. If you just want to come for the meeting and don't want the dinner (folks are probably going to the Pacific Coast Brewery across the street afterwards for drinks [they make an excellent Root Beer as well] and pub food), write to: bawug-rsvp@swansmarket.com Please send one RSVP per message, with the attendee name on the subject line (no message body is necessary). The autoresponder may be offline for periods up to a few hours/overnight or during the day, so RSVP early enough to allow time to get your confirmation/directions. Event schedule (preliminary, subject to change): 7:00 - 8:15 pm: Introductions, Q&A, and discussion - outdoors in Swan's Market courtyard 8:15 - 9:45 pm: Relocate indoors to Swan's Market Cohousing Common House for PlayaNet demo, Francie Miller on FCC regulatory issues, Steve Rubin on Parts-R-Us); dinner available for those who RSVPd requesting it. 9:45 - 10:15 pm: Wrap up, clean up, relocate to Pacific Coast Brewery Please, everybody, if you think you're likely to attend, please write to one of the above addresses to get driving/transit directions and notes on the site; RSVPing sooner rather than later will let us plan ahead better. For those of you with browser-based email, that's bawug-dinner-rsvp@swansmark et.com for dinner or bawug-rsvp@swansmarket.com without. If you can't wait 'til after 8 for dinner, you might consider coming to the East Bay early and eating in Suruki's restaurant (Japanese noodles & sushi) downstairs in the building or at one of the many spots a block away in Chinatown. If you have any questions, you can write to me at raines@burningman.com. This event is not affiliated with Burning Man, so you can leave your body paint at home. Raines your host -- general wireless list, a bawug thing [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless From adam at sonic.net Wed Aug 8 20:48:51 2001 From: adam at sonic.net (Adam) Date: Wed, 8 Aug 2001 12:48:51 -0700 Subject: New BVS Gear Message-ID: <003001c12043$2669a540$0201a8c0@hector> Following a post from the BAWUG list I noticed that BVS has a new product for those *extremely rich with money to burn* "WarDriverz" among us. If you're bored with hanging a Pringles can out your sunroof and scanning with netstumbler(.com) then this may be the product for you... http://www.bvsystems.com/Products/WLAN/Locust/locust.htm You can tool around your neighborhood and map/log data with this handy "Drive-Study Analyzer" in total style. Then again netstumbler ain't such a bad idea... -Adam From schuyler at oreilly.com Wed Aug 8 21:34:52 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Wed, 08 Aug 2001 13:34:52 -0700 Subject: FW: ptp digest, Vol 1 #260 - 14 msgs References: <918A63AA3909D311A8E70060B06A54052C62E8@NAVITRAKSRV01> Message-ID: <3B71A26C.E71E8B1A@oreilly.com> > This is one of the reasons I think it would be useful to be able to design a Gateway/Auth > Portal solution (like the nocat.net setup) that allows gateways to VPN/IPSec > their traffic out onto the internet, and send it to a central VPN box (could also > be the Auth server) somewhere that performs that actual backbone internet connectivity. > This way, telcos and cablecos can't snoop packets and determine that there's a big NAT > network being run on the end of their residential broadband service. Like I said, we've done this, and it does work *sort of*. The hitch is that now you have one source of bandwidth that needs to be paid for somehow, and can be turned on and off at someone else's will, rather than a distributed collection of bandwidth "wells" that individuals pay for on their own, and share with a collective or larger community. Co-lo arrangements often have you paying by the bit, to boot. I'm certainly not against the idea, but it seems to me that the overhead, both socioeconomic and bandwidth-wise, make this unreasonably difficult, and obviate most of the advantages of community wireless networking. I'm definitely interested to hear other people's thoughts about it. SDE From bbrady at 10fold.com Wed Aug 8 22:43:50 2001 From: bbrady at 10fold.com (Bill Brady) Date: Wed, 08 Aug 2001 14:43:50 -0700 Subject: Group buys for MMCX - N Pigtails? Message-ID: This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_431904D3.0D6C0A25 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable With Adam's guidance the other night I found the info I need on the FCC web= site. The antenna connectors for the MXF-C900323 (GemTek) radio inside my SMC7004= AWBR are MMCX Did I miss any group buys for MMCX to N Pigtails? Any in the offing? I also need an "Orinoco style" to N pigtail. Thank! Bill bbrady@10fold.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the TenFold Postmaster (postmaster@10fold.com). ********************************************************************** --=_431904D3.0D6C0A25 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
With Adam's guidance the other night I found the info I= need=20 on the FCC web site.
The antenna connectors for the MXF-C900323 (GemTek) rad= io=20 inside my SMC7004AWBR are MMCX
 
Did I miss any group buys for MMCX to N Pigtails?
Any in the offing?
 
I also need an "Orinoco style" to N=20 pigtail.
 
Thank!
Bill
bbrady@10fold.com
 


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the TenFold Postmaster (postmaster@10fold.com).
**********************************************************************
 --=_431904D3.0D6C0A25-- From bbrady at 10fold.com Wed Aug 8 22:49:25 2001 From: bbrady at 10fold.com (Bill Brady) Date: Wed, 08 Aug 2001 14:49:25 -0700 Subject: Deals on dishes from YDI Message-ID: This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=_88D2CF1E.01600629 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hello Everyone, Thank you for your participation in YDI Email list. We value all of our cur= rent and future customers. One of the ways that we do this is passing on to you special deals we get. = YDI has made a large purchase of 24dBi grid dish antennas from one of the B= ell companies that no longer plan to deploy Wireless Broadband. Our part nu= mber on these is G2424. These are very similar to our PT2424 grid dish antenna that sells for $179. http://www.ydi.com/pt2421-24.asp=20 The only difference is the G2424 features a galvanized coating instead of t= he powder epoxy paint on the PT2424. Quantity 1-99 for $49 each UPS Ground in the continental US is $40 for up to 5 antennas. For the great= est savings you should order in groups of five. SUPER SPECIAL 100 piece bulk pack for $39/antenna. Shipping anywhere in the continental U= S for $400 for the lot. There are only a couple thousand antennas available and we expect them to g= o fast at these prices.=20 We have NEW a price reduction for the Diamond WLAN cards at $99 http://www.ydi.com/wireless-lan-card.php=20 As well as NEW Diamond USB w. RF cable for $199 http://www.ydi.com/diamond-usb.asp=20 Please contact your salesperson or call=20 Sales: 1-888-297-9090 (EAST) =20 Sales: 1-800-664-7060 (WEST) ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the TenFold Postmaster (postmaster@10fold.com). ********************************************************************** --=_88D2CF1E.01600629 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hello Everyone,
 
Thank you for your participation in YDI Email list. We value all of ou= r=20 current and future customers.
 
One of the ways that we do this is passing on to you special deals we = get.=20 YDI has made a large purchase of 24dBi grid dish antennas from one of the B= ell=20 companies that no longer plan to deploy Wireless Broadband. Our part number= on=20 these is G2424.
 
These are very similar to our PT2424 grid dish antenna that sells for= $ 179.
http://www.ydi.com/pt2421-24.asp<= /A>=20
The only difference is the G2424 features a galvanized coating instead = of=20 the powder epoxy paint on the PT2424.
 
Quantity 1-99 for $49 each
UPS Ground in the continental US is $40 = for=20 up to 5 antennas. For the greatest savings you should order in groups of=20 five.
 
SUPER SPECIAL
100 piece bulk pack for $39/antenna. Shipping anywher= e in=20 the continental US for $400 for the lot.
 
There are only a couple thousand antennas available and we expect them= to=20 go fast at these prices.
 
We have NEW a price reduction for the Diamond WLAN cards at $99
http://www.ydi.com/wirele= ss-lan-card.php=20
 
As well as NEW Diamond USB w. RF cable for $199
http://www.ydi.com/diamond-usb.= asp=20
 
Please contact your salesperson or call
Sales: 1-888-297-9090=20 (EAST) 
Sales: 1-800-664-7060 (WEST)
 
 


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the TenFold Postmaster (postmaster@10fold.com).
**********************************************************************
 --=_88D2CF1E.01600629-- From michael at civis.com Wed Aug 8 23:05:30 2001 From: michael at civis.com (Michael Codanti) Date: Wed, 8 Aug 2001 15:05:30 -0700 Subject: [NoCatNet] Group buys for MMCX - N Pigtails? References: Message-ID: <02eb01c12056$3d0b1fa0$911e3589@ohsu.edu> This is a multi-part message in MIME format. ------=_NextPart_000_02E8_01C1201B.904F3380 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I have a couple MMCX to N-male pigtails in stock for $17.65, I also have = plenty of Lucent to N-Male pigtails for $19.65. (Plus shipping of=20 course.) Michael ----- Original Message -----=20 From: Bill Brady=20 To: >=20 Sent: Wednesday, August 08, 2001 2:43 PM Subject: [NoCatNet] Group buys for MMCX - N Pigtails? With Adam's guidance the other night I found the info I need on the = FCC web site. The antenna connectors for the MXF-C900323 (GemTek) radio inside my = SMC7004AWBR are MMCX Did I miss any group buys for MMCX to N Pigtails? Any in the offing? I also need an "Orinoco style" to N pigtail. ------=_NextPart_000_02E8_01C1201B.904F3380 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I have a couple MMCX to N-male pigtails in stock for $17.65, I also = have=20
plenty of Lucent to N-Male pigtails for $19.65.  (Plus shipping = of=20
course.)

     Michael
----- Original Message -----
From:=20 Bill = Brady=20
To: >
Sent: Wednesday, August 08, = 2001 2:43=20 PM
Subject: [NoCatNet] Group buys = for MMCX -=20 N Pigtails?

With Adam's guidance the other night I found the = info I need=20 on the FCC web site.
The antenna connectors for the MXF-C900323 = (GemTek) radio=20 inside my SMC7004AWBR are MMCX
 
Did I miss any group buys for MMCX to N=20 Pigtails?
Any in the offing?
 
I also need an "Orinoco style" to N=20 pigtail.
 ------=_NextPart_000_02E8_01C1201B.904F3380-- From rich at testingrange.com Thu Aug 9 07:04:12 2001 From: rich at testingrange.com (Rich Gibson) Date: Thu, 9 Aug 2001 00:04:12 -0600 (MDT) Subject: Geocoding Application In-Reply-To: Message-ID: I have created a MySQL based geocoding application, available at: http://www.testingrange.com/geo/geocode2.cgi If you enter an address within Sonoma County, the program will return the information about the block of that address, including latitude and longitude of the two ends. The data comes from the Census bureau Tiger data files. Try it out, and let me know how it works. There are 48,937 'blocks' in the database. I am also working on a point to point elevation display/calculation tool based upon the Digital Elevation Model (DEM) files that are available at the URL we were given at the last meeting: bard.wr.usgs.gov Rich Gibson Rich@testingrange.com http://www.testingrange.com From redrover at sleepydog.com Thu Aug 9 14:29:04 2001 From: redrover at sleepydog.com (John Morehead) Date: Thu, 09 Aug 2001 06:29:04 -0700 Subject: [NoCatNet] Geocoding Application In-Reply-To: References: Message-ID: <5.1.0.14.2.20010809061842.03940630@mail.monitor.net> Rich: Your application works very nicely. I believe that the two coordinates returned describe a line down the middle of the street from one address to another. If I interpolate my house number, the position corresponds closely with what I got using a gps. I think the difference may be in the fact that I took the gps reading at the southernmost edge of my property - about 150' from the center of the street. John At 12:04 AM 8/9/01 -0600, Rich Gibson wrote: >I have created a MySQL based geocoding application, available at: > >http://www.testingrange.com/geo/geocode2.cgi > >If you enter an address within Sonoma County, the program will return the >information about the block of that address, including latitude and >longitude of the two ends. > >The data comes from the Census bureau Tiger data files. > >Try it out, and let me know how it works. There are 48,937 'blocks' in >the database. > >I am also working on a point to point elevation display/calculation tool >based upon the Digital Elevation Model (DEM) files that are available at >the URL we were given at the last meeting: > >bard.wr.usgs.gov > > > >Rich Gibson >Rich@testingrange.com >http://www.testingrange.com ~ ~ w o o f ~ ~ w o o f ~ ~ http://sleepydog.com ~ ~ From jeffnye20 at yahoo.com Fri Aug 10 00:37:04 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Thu, 9 Aug 2001 16:37:04 -0700 (PDT) Subject: [NoCatNet] Error with the WRP In-Reply-To: Message-ID: <20010809233704.6022.qmail@web14008.mail.yahoo.com> Ok we purchased wavelan cards and wavelan adapters so the WRP should work. We did make this work on a laptop! We now want to use it with a PCMCIA adapter and this is our attempt. However I am getting some wierd errors. I can ping on the ethernet subnet or my internal network but I can't ping my external subnet or the wireless. When I try to ping on the wireless card it times out and displays the following message. wvlan_cs:eth1 Tx timed out! Ressetting card wvlan_cs: MAC addres on eth1 is 00 02 2d 28 b6 f8 And it repeats until you remove the card and re-insert it. Any suggestions please? On boot I get the following messages I included the whole screen just so you could see it boot: Aug 6 17:09:09 (none) daemon.info cardmgr[53] executing: 'modprobe wvlan_cs' wvlan_cs: WaveLAN/IEEE PCMCIA driver v.0.6 wvlan_cs: (c) Andreas nehaus wvlan_cs: index 0x01: Vcc 5.0, irq9, io 0x0400-0x043f wvlan_cs: tegistered netdevice eth1 wvlan_cs: MAC address on eth1 is 00 02 2d 28 b6 f8 aug 6 17:09:09 (none) daemon.info cardmgr[53]: executing: './network start ethe1' wclan_cs: MAC address on eth1 is 00 02 2d 28 b6 f8 Aug 6 17:09:09 (none) daemon.info cardmgr[53]: + up: Resolver Error 0 (no error) Aug 6 17:09:09 (none)daemon.infor cardmgr[53}: exiting 70fiewall Enabling IP forwarding on 10.10.10.27/255.0.0.0 ... Locking down eth0-static ... 99greeting Welcome to WRP Share and Enoy! My .cfg is configured as follows: ### Notify later shells that wrp.cfg is in effect. WRP_CFG=$0 # Don't change. ### Where to look for WRP packages. # #PACKAGES="/floppy/packages/* /cdrom/packages/*" PACKAGES="/floppy/packages/*" ### Mount a CD-ROM? From where? # # MOUNT_CDROM="/dev/hdb" MOUNT_CDROM="" ### Network interfaces to bring up in /etc/rc.d/??network # LOCAL_INTERFACES="eth1-wireless" EXTERN_INTERFACES="eth0-static" ### Allow incoming connections on external interfaces on the following ports. # # ALLOW_INCOMING="sshd ntp" ALLOW_INCOMING="" ### PCMCIA options # # Which pcmcia chipset? Nearly all are i82365. #PCIC=tcic PCIC=i82365 SCHEME=default ### Some sample network interface definitions. # eth0-static () { DEVICE="eth0" IP_ADDR="192.168.1.5" NETMASK="255.255.255.0" BROADCAST="" GATEWAY="" MODULE="ne io=0x300 irq=5" # Optionally specify a kernel module, with optional symbol values. # Default to letting ifconfig worry about which module to load and how. } { #eth0-static () { # DEVICE="eth0" # # You can specify the specific module to load, with optional parameters, here. # This isn't necessary if your ethernet device is a PCMCIA card. # # MODULE="ne io=0x360" ifup () { /sbin/pump -i $DEVICE ; } } eth1-wireless () { DEVICE="eth1" ## # Network parameters ## IP_ADDR="10.10.10.27" NETMASK="255.0.0.0" BROADCAST="" ifconfig lo 127.0.0.1 ifconfig lo netmask 255.0.0.0 ## # Wireless parameters ## # # All clients must agree on the ESSID to see each other # ESSID="OWN" # # WEP key # # Enter either as a s:string of five (40bit) or thirteen (128bit) chars # or as a hex key directly. # # Examples: # # KEY="s:coool" # KEY="s:YourPaswdHere" # KEY="0123-4567-ab" # # Operating mode: Ad-Hoc or Managed (most likely Ad-Hoc, unless you # need your wireless card to sync to an access point for some reason.) # MODE="Managed" # default to Ad-Hoc # # Rate defaults to autosense, but can be forced to 1M, 2M, 5.5M, or 11M # RATE="" # default to auto # in fact, we should set it up here so that most # everything in /etc/pcmcia/wireless can be set here (SDE) # Yep. RSN. (RJF) ## # DHCP settings ## # # DHCP_RANGE takes the start and end IPs and assigns from this pool. # Make sure that the pool exists in your subnet definition above. # # DHCP_RANGE="10.0.1.100 10.0.1.200" # DHCP_NETWORK="10.0.1.0" # DHCP_DOMAIN="your.domain.here.com" # DHCP_DNS_SERVERS="1.2.3.4, 5.6.7.8" } #ppp0-dialup () { # DEVICE="ppp0" # MODEM="/dev/ttyS0" # IDLE_TIMEOUT="" # default to 'never disconnect' # RETRY_TIMEOUT="5" # USE_PEER_DNS="yes" # DEFAULT_ROUTE="yes" # DEMAND_DIAL="yes" # INIT_CMD="" # default to 'ATZ' # DIAL_CMD="" # default to 'ATDT' # CHAT_SCRIPT="" # defaults to /etc/ppp/chat, which is autogenerated # POP_NUMBER="555-1212" # PPP_USER="" # PPP_PASSWD="" # ifup () { respawn /sbin/pppd & ; } #} Please advise PLEASE! I am really desperate and throw myself at the feet of you oh gods of the WRP!!!! My network structure is as follows --------------- | Client 1 | | 10.10.10.21 | | 255.0.0.0 | --------------- | | --------------- | Access point| | 10.10.10.20 | | 255.0.0.0 |------------ --------------- | | ~ ~ | -------------------------------- | Router (WRP) | | ETH0 ETH1 | | 192.168.1.5 10.10.10.27 | | 255.255.255.0 255.0.0.0 | -------------------------------- | | ------- | HUB |---------------------- ------- | | | | | --------------- --------------- | Client 2 | | Client 3 | | 192.168.1.1 | |192.168.1.2 | |255.255.255.0| |255.255.255.0| --------------- --------------- __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From rob at oreillynet.com Fri Aug 10 01:16:21 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Thu, 9 Aug 2001 17:16:21 -0700 (PDT) Subject: [NoCatNet] Error with the WRP In-Reply-To: <20010809233704.6022.qmail@web14008.mail.yahoo.com> Message-ID: On Thu, 9 Aug 2001, Jeff Nye wrote: > Ok we purchased wavelan cards and wavelan adapters so > the WRP should work. We did make this work on a > laptop! Hooray! > We now want to use it with a PCMCIA adapter > and this is our attempt. What kind of PCMCIA adapter are you using? Chipset? PCI or ISA? I've used WRP successfully with an ISA adapter / Vadem chipset... If you're getting timeout errors, this typically indicates a resource conflict (check your IRQs and base addresses to be sure you're not sharing with another device.) I'm curious about your network layout... Are you using an actual hardware wireless access point? If so, what do you need WRP for? --Rob > --------------- > | Client 1 | > | 10.10.10.21 | > | 255.0.0.0 | > --------------- > | > | > --------------- > | Access point| > | 10.10.10.20 | > | 255.0.0.0 |------------ > --------------- | > | > ~ > ~ > | > -------------------------------- > | Router (WRP) | > | ETH0 ETH1 | > | 192.168.1.5 10.10.10.27 | > | 255.255.255.0 255.0.0.0 | > -------------------------------- > | > | > ------- > | HUB |---------------------- > ------- | > | | > | | > --------------- --------------- > | Client 2 | | Client 3 | > | 192.168.1.1 | |192.168.1.2 | > |255.255.255.0| |255.255.255.0| > --------------- --------------- > From schuyler at oreilly.com Fri Aug 10 01:29:08 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Thu, 09 Aug 2001 17:29:08 -0700 Subject: [NoCatNet] Error with the WRP References: <20010809233704.6022.qmail@web14008.mail.yahoo.com> Message-ID: <3B732AD4.34DBAAA9@oreilly.com> Jeff Nye wrote: > > Ok we purchased wavelan cards and wavelan adapters so > the WRP should work. We did make this work on a > laptop! We now want to use it with a PCMCIA adapter > and this is our attempt. However I am getting some > wierd errors. I can ping on the ethernet subnet or my > internal network but I can't ping my external subnet > or the wireless. When I try to ping on the wireless > card it times out and displays the following message. > > wvlan_cs:eth1 Tx timed out! Ressetting card > wvlan_cs: MAC addres on eth1 is 00 02 2d 28 b6 f8 > > And it repeats until you remove the card and re-insert > it. Any suggestions please? Sorry, I've looked all this over, and I have no clue. IRQ conflict between the PCMCIA adapter and some other card on your mobo, maybe? Esp. if it worked fine on the laptop. SDE From schuyler at oreilly.com Fri Aug 10 01:58:11 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Thu, 09 Aug 2001 17:58:11 -0700 Subject: [NoCatNet] Risks in hosting a Nocat node References: <5.1.0.14.2.20010807082649.0382fdd0@mail.monitor.net> Message-ID: <3B7331A3.F726AD7@oreilly.com> John Morehead wrote: > > Does anyone see other ways that I would be exposed by hosting a nocat node? Are the risks > that we know about adequately addressed? I especially want to make sure that I am not > opening some back door to my home network. Well, we think we've covered all the bases, but of course we're open to having the code audited. In particular the gateway process has to run as root in order to update firewall rules, which could be sticky. We've got a setuid wrapper planned to address this particular issue. As for other backdoors, we figure that if you run no other services on the gateway besides NoCat, and maybe sshd and/or DNS, you should be fine. (Keeping in mind that BIND tends to have more holes than your average pasta strainer.) Marc Matteo wrote: > > Am I correct in assuming that NoCatNet is essentially ad-hoc based? If > that's the case, is there anything stopping User-A from directly attacking > User-B? If not and User-B gets attacked on your network, what are YOUR > liabilities? Well, ad-hoc was our original preference. Subsequent evaluation of the options reveals your concern, plus poor cross-vendor interoperability in IBSS (ad-hoc) mode. Also, most people's wireless configurations default to BSS (managed) mode. Rather than have to educate the populace on how to switch back and forth, we've begun advising people to use managed mode on their wireless gateways. Now that access points have really dropped in price, this isn't nearly as costly as it used to be. Apparently, there are also firmware tricks you can play with the cheaper APs to give them higher-end functionality... As for liability to the wireless clients, hrmmm... the software is provided without warranty. Presumably the service would be as well. Perhaps a disclaimer somewhere on the auth service is indicated. Anyone have one handy? SDE From jeremy at baymoo.org Fri Aug 10 05:11:04 2001 From: jeremy at baymoo.org (Jeremy Cooper) Date: Thu, 9 Aug 2001 21:11:04 -0700 (PDT) Subject: [NoCatNet] Geocoding Application In-Reply-To: Message-ID: On Thu, 9 Aug 2001, Rich Gibson wrote: > > I have created a MySQL based geocoding application, available at: > > http://www.testingrange.com/geo/geocode2.cgi > > [ ..... ] > > I am also working on a point to point elevation display/calculation tool > based upon the Digital Elevation Model (DEM) files that are available at > the URL we were given at the last meeting: Hey Rich, that's great! I just want to add a word of warning about the DEM files: the best vertical resolution you can download for the Sebastopol area is 30 meters! That's very coarse for the kind of work we're doing. (But given all the trees in the area, maybe a 100 foot fudge factor isn't such a bad idea after all?) -J From rob at oreillynet.com Fri Aug 10 07:03:59 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Thu, 9 Aug 2001 23:03:59 -0700 (PDT) Subject: Stylistic + ATA Flash == coooool Message-ID: Well, I've got a Stylistic 1000 running Linux 2.4.5 and booting off of a 32Mb ATA flash card. This one also has the $35 ram upgrade (of 32Mb). So, total cost of a node, running the NoCatAuth software, with a nice sector antenna and watertight case: Stylistic: $75 32MB RAM: 35 32MB Flash: 55 Ethernet: 15 Ethernet: 15 RG-1000: 200 Pigtail: 18 11dB Ant.: 65 Ammo Can: 16 ---- $494 If you're willing to go IBSS mode (say, on a point-to-pont shot) or if we ever figure out software AP mode, you can knock $125 off of that. Skip the pigtail (solder in your own) and save another $15. If you're going point-to-point, use a $5 Pringles can and save another $60. If you're willing to do all of that, it would bring the cost down to $294 per node. TOTAL. That's for gear that can support as many simultaneous users as a single channel can support (at least 20, in my experience), running a captive portal, with QoS and firewalling, and battery backup, with no airtime charges EVER, all at 11Mbps. < Muahahahahahahahaaaa (!) > Yes, we'll bring one to the next meeting. And we should have two or three coming online this weekend... My, how I love to see a project come together. --Rob From aklougbo at yahoo.com Fri Aug 10 10:41:28 2001 From: aklougbo at yahoo.com (Aime) Date: Fri, 10 Aug 2001 10:41:28 +0100 Subject: COMPAQ WL100 PCMCIA CARD WITH WRP References: <20010809233704.6022.qmail@web14008.mail.yahoo.com> Message-ID: <002701c12180$a2625b90$0b01a8c0@armanda> Did someone on this list succeed to use the PCMCIA COMPAQ WL100 card with WRP ? it contains PRISM2 chip. If yes can you tell me where to get the driver or send it to me ? Thanks in advance ----- Original Message ----- From: "Jeff Nye" To: "Rob Flickenger" ; Sent: Friday, August 10, 2001 12:37 AM Subject: [NoCatNet] Error with the WRP > Ok we purchased wavelan cards and wavelan adapters so > the WRP should work. We did make this work on a > laptop! We now want to use it with a PCMCIA adapter > and this is our attempt. However I am getting some > wierd errors. I can ping on the ethernet subnet or my > internal network but I can't ping my external subnet > or the wireless. When I try to ping on the wireless > card it times out and displays the following message. > > > wvlan_cs:eth1 Tx timed out! Ressetting card > wvlan_cs: MAC addres on eth1 is 00 02 2d 28 b6 f8 > > And it repeats until you remove the card and re-insert > it. Any suggestions please? > > On boot I get the following messages I included the > whole screen just so you could see it boot: > > Aug 6 17:09:09 (none) daemon.info cardmgr[53] > executing: 'modprobe wvlan_cs' > wvlan_cs: WaveLAN/IEEE PCMCIA driver v.0.6 > wvlan_cs: (c) Andreas nehaus > > wvlan_cs: index 0x01: Vcc 5.0, irq9, io 0x0400-0x043f > wvlan_cs: tegistered netdevice eth1 > wvlan_cs: MAC address on eth1 is 00 02 2d 28 b6 f8 > aug 6 17:09:09 (none) daemon.info cardmgr[53]: > executing: './network start ethe1' > wclan_cs: MAC address on eth1 is 00 02 2d 28 b6 f8 > Aug 6 17:09:09 (none) daemon.info cardmgr[53]: + up: > Resolver Error 0 (no error) > Aug 6 17:09:09 (none)daemon.infor cardmgr[53}: exiting > > 70fiewall Enabling IP forwarding on > 10.10.10.27/255.0.0.0 ... > Locking down eth0-static ... > > 99greeting Welcome to WRP > Share and Enoy! > > > My .cfg is configured as follows: > > ### Notify later shells that wrp.cfg is in effect. > WRP_CFG=$0 # Don't change. > > ### Where to look for WRP packages. > # > #PACKAGES="/floppy/packages/* /cdrom/packages/*" > PACKAGES="/floppy/packages/*" > > ### Mount a CD-ROM? From where? > # > # MOUNT_CDROM="/dev/hdb" > MOUNT_CDROM="" > > ### Network interfaces to bring up in > /etc/rc.d/??network > # > LOCAL_INTERFACES="eth1-wireless" > EXTERN_INTERFACES="eth0-static" > ### Allow incoming connections on external interfaces > on the following ports. > # > # ALLOW_INCOMING="sshd ntp" > ALLOW_INCOMING="" > > ### PCMCIA options > # > # Which pcmcia chipset? Nearly all are i82365. > #PCIC=tcic > PCIC=i82365 > SCHEME=default > > > ### Some sample network interface definitions. > # > eth0-static () { > DEVICE="eth0" > IP_ADDR="192.168.1.5" > NETMASK="255.255.255.0" > BROADCAST="" > GATEWAY="" > MODULE="ne io=0x300 irq=5" > # Optionally specify a kernel module, with optional > symbol values. > # Default to letting ifconfig worry about which > module to load and how. > } > { > #eth0-static () { > # DEVICE="eth0" > # > # You can specify the specific module to load, with > optional parameters, here. > # This isn't necessary if your ethernet device is a > PCMCIA card. > # > # MODULE="ne io=0x360" > > ifup () { /sbin/pump -i $DEVICE ; } > } > > eth1-wireless () { > DEVICE="eth1" > > ## > # Network parameters > ## > IP_ADDR="10.10.10.27" > NETMASK="255.0.0.0" > BROADCAST="" > ifconfig lo 127.0.0.1 > ifconfig lo netmask 255.0.0.0 > ## > # Wireless parameters > ## > > # > # All clients must agree on the ESSID to see each > other > # > ESSID="OWN" > # > # WEP key > # > # Enter either as a s:string of five (40bit) or > thirteen (128bit) chars > # or as a hex key directly. > # > # Examples: > # > # KEY="s:coool" > # KEY="s:YourPaswdHere" > # KEY="0123-4567-ab" > > # > # Operating mode: Ad-Hoc or Managed (most likely > Ad-Hoc, unless you > # need your wireless card to sync to an access point > for some reason.) > # > MODE="Managed" # default to Ad-Hoc > > # > # Rate defaults to autosense, but can be forced to 1M, > 2M, 5.5M, or 11M > # > RATE="" # default to auto > > # in fact, we should set it up here so that most > # everything in /etc/pcmcia/wireless can be set > here (SDE) > > # Yep. RSN. (RJF) > > ## > # DHCP settings > ## > > # > # DHCP_RANGE takes the start and end IPs and assigns > from this pool. > # Make sure that the pool exists in your subnet > definition above. > # > # DHCP_RANGE="10.0.1.100 10.0.1.200" > > # DHCP_NETWORK="10.0.1.0" > # DHCP_DOMAIN="your.domain.here.com" > # DHCP_DNS_SERVERS="1.2.3.4, 5.6.7.8" > } > > #ppp0-dialup () { > # DEVICE="ppp0" > # MODEM="/dev/ttyS0" > # IDLE_TIMEOUT="" # default to 'never disconnect' > # RETRY_TIMEOUT="5" > # USE_PEER_DNS="yes" > # DEFAULT_ROUTE="yes" > # DEMAND_DIAL="yes" > # INIT_CMD="" # default to 'ATZ' > # DIAL_CMD="" # default to 'ATDT' > # CHAT_SCRIPT="" # defaults to /etc/ppp/chat, which > is autogenerated > # POP_NUMBER="555-1212" > # PPP_USER="" > # PPP_PASSWD="" > # ifup () { respawn /sbin/pppd & ; } > #} > > > Please advise PLEASE! I am really desperate and throw > myself at the feet of you oh gods of the WRP!!!! > > My network structure is as follows > > --------------- > | Client 1 | > | 10.10.10.21 | > | 255.0.0.0 | > --------------- > | > | > --------------- > | Access point| > | 10.10.10.20 | > | 255.0.0.0 |------------ > --------------- | > | > ~ > ~ > | > -------------------------------- > | Router (WRP) | > | ETH0 ETH1 | > | 192.168.1.5 10.10.10.27 | > | 255.255.255.0 255.0.0.0 | > -------------------------------- > | > | > ------- > | HUB |---------------------- > ------- | > | | > | | > --------------- --------------- > | Client 2 | | Client 3 | > | 192.168.1.1 | |192.168.1.2 | > |255.255.255.0| |255.255.255.0| > --------------- --------------- > > > __________________________________________________ > Do You Yahoo!? > Make international calls for as low as $.04/minute with Yahoo! Messenger > http://phonecard.yahoo.com/ _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From brad at linuxbofh.com Fri Aug 10 19:23:33 2001 From: brad at linuxbofh.com (Brad Cox) Date: Fri, 10 Aug 2001 11:23:33 -0700 Subject: [NoCatNet] Risks in hosting a Nocat node In-Reply-To: <3B7331A3.F726AD7@oreilly.com> Message-ID: <20010810112333.C8813@linuxbofh.com> On Thu, Aug 09, 2001 at 05:58:11PM -0700, Schuyler Erle wrote: > Well, we think we've covered all the bases, but of course we're open > to having the code audited. In particular the gateway process has to > run as root in order to update firewall rules, which could be > sticky. We've got a setuid wrapper planned to address this > particular issue. As for other backdoors, we figure that if you run > no other services on the gateway besides NoCat, and maybe sshd > and/or DNS, you should be fine. (Keeping in mind that BIND tends to > have more holes than your average pasta strainer.) Well, I don't want Schuyler and Rob to think I've fallen off the face of the planet here, so: Instead of using BIND, you could use djbdns, it has a security guarantee and a much smaller footprint (source code: BIND is 3MB+, djbdns is 85KB [121KB to do it 'right']), which should help if you want to embed. http://cr.yp.to/djbdns.html http://cr.yp.to -The djbdns/qmail prophet (I tend to suggest Dan Bernstein [author of djbdns and qmail] solutions to problems [BIND and sendmail] on a regular basis.) -- Brad Cox, KB1CZQ http://www.linuxbofh.com brad@linuxbofh.com Beware of a tall black man with one blond shoe. From rob at oreillynet.com Fri Aug 10 19:24:33 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Fri, 10 Aug 2001 11:24:33 -0700 (PDT) Subject: [NoCatNet] Stylistic + ATA Flash == coooool In-Reply-To: <003101c12181$0dd846a0$0b01a8c0@armanda> Message-ID: On Fri, 10 Aug 2001, Aime wrote: > what is Stylistic 1000 in fact . > I ve seen talking about it in several mail already. > Where can I find a picture of it It's a small tablet PC available on the surplus market (you can get them at HSC in Rohnert Park CA, or online from various places...) It's a 486 DX4/100, with a Lithium Ion battery, Monochrome LCD display, serial, parallel, VGA, IrDA, PS/2 Keyboard port (no actual keyboard), and three PCMCIA slots (one is to boot from, either a PCMCIA hard drive or ATA Flash). Only 8Mb RAM on the board, but it is upgradable to 40Mb total. Picture a slightly clunky laptop with no keyboard. Well worth the price, if you can get your hands on one. Here's a couple of pictures of one being used as a repeater: http://www.oreillynet.com/~rob/pix/stylistic --Rob > ----- Original Message ----- > From: "Rob Flickenger" > To: > Sent: Friday, August 10, 2001 7:03 AM > Subject: [NoCatNet] Stylistic + ATA Flash == coooool > > > > > > Well, I've got a Stylistic 1000 running Linux 2.4.5 and booting off of a > > 32Mb ATA flash card. This one also has the $35 ram upgrade (of 32Mb). > > > > So, total cost of a node, running the NoCatAuth software, with a nice > > sector antenna and watertight case: > > > > Stylistic: $75 > > 32MB RAM: 35 > > 32MB Flash: 55 > > Ethernet: 15 > > Ethernet: 15 > > RG-1000: 200 > > Pigtail: 18 > > 11dB Ant.: 65 > > Ammo Can: 16 > > ---- > > $494 > > > > If you're willing to go IBSS mode (say, on a point-to-pont shot) or if we > > ever figure out software AP mode, you can knock $125 off of that. Skip > > the pigtail (solder in your own) and save another $15. If you're going > > point-to-point, use a $5 Pringles can and save another $60. If you're > > willing to do all of that, it would bring the cost down to $294 per > > node. TOTAL. > > > > That's for gear that can support as many simultaneous users as a single > > channel can support (at least 20, in my experience), running a captive > > portal, with QoS and firewalling, and battery backup, with no airtime > > charges EVER, all at 11Mbps. > > > > < Muahahahahahahahaaaa (!) > > > > > Yes, we'll bring one to the next meeting. And we should have two or three > > coming online this weekend... My, how I love to see a project come > > together. > > > > --Rob > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > From adam at sonic.net Sat Aug 11 00:22:12 2001 From: adam at sonic.net (Adam) Date: Fri, 10 Aug 2001 16:22:12 -0700 Subject: [NoCatNet] Geocoding Application References: Message-ID: <002401c121f3$492cd910$0201a8c0@hector> Actually the bard.wr.usgs.gov site does have 10 meter DEM's. The thing they don't have is a recent DOQ. That would really be cool. We could see buildings and trees if we had access to that. They do seem to have DOQ's for everything else. Bummer :( Could be a leftover from the Cold War seeing as we do have some large microwave communications gear in the heart of the major metro area. Again that's just an observation ;) What were you thinking of using for the display end of your app? VRML or straight up OpenGL? There's a working group doing GIS with VRML called GeoVRML http://www.geovrml.org , but I don't know what the status of that project is. and here's a cool article from O'Reilly Network on GPS and OpenGL. http://oreilly.wirelessdevnet.com/pub/a/wireless/2000/12/08/gps_palm.html Cool stuff for sure. I've been playing around with the Sebastopol DEM's a little bit. It would be nice to be able to plot points and find LoS using these tools. Of course a web interface would be the way to go ;) -Adam ----- Original Message ----- From: "Jeremy Cooper" To: "Rich Gibson" Cc: Sent: Thursday, August 09, 2001 9:11 PM Subject: Re: [NoCatNet] Geocoding Application > > > On Thu, 9 Aug 2001, Rich Gibson wrote: > > > > > I have created a MySQL based geocoding application, available at: > > > > http://www.testingrange.com/geo/geocode2.cgi > > > > [ ..... ] > > > > I am also working on a point to point elevation display/calculation tool > > based upon the Digital Elevation Model (DEM) files that are available at > > the URL we were given at the last meeting: > > Hey Rich, that's great! I just want to add a word of warning about the > DEM files: the best vertical resolution you can download for the > Sebastopol area is 30 meters! That's very coarse for the kind of work > we're doing. (But given all the trees in the area, maybe a 100 foot fudge > factor isn't such a bad idea after all?) > > -J > From rob at oreillynet.com Sat Aug 11 00:43:35 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Fri, 10 Aug 2001 16:43:35 -0700 (PDT) Subject: [NoCatNet] Geocoding Application In-Reply-To: <002401c121f3$492cd910$0201a8c0@hector> Message-ID: On Fri, 10 Aug 2001, Adam wrote: > The thing they don't have is a recent DOQ. That would really be cool. How about this: http://www.mapquest.com/cgi-bin/ia_find?link=btwn/twn-map_results&map_increase=1&uid=uey2h5x8ndp2q7qd:zgqrylgwa&aphoto=1&SNVData=3mad3-9u,hr%3bbgq6al%3d%3d2l1ral5.hqu%3b%28FJVVF%17BWIN%40%2bY%12%40%2b%11E%3a%28_%3dGG_lrr210%28.90ag10y_1.lq%286,qej%7cynbgmej,fwgf-d.mj72s-EDP%13EJQQX%12%24%2bR%17%24%2bF%15,3bj%7cn&pcat= --Rob From rich at testingrange.com Sat Aug 11 04:56:30 2001 From: rich at testingrange.com (Rich Gibson) Date: Fri, 10 Aug 2001 21:56:30 -0600 (MDT) Subject: [NoCatNet] Geocoding Application In-Reply-To: <002401c121f3$492cd910$0201a8c0@hector> Message-ID: The DOQ's are cool! I downloaded the tomales bay set, and am able to see where we go halibut diving. I suspect that they are coming on line as they get them up, rather than a specific plot (but I have been wrong before!) As for visualization...I was thinking of just a boing 2D elevation of the line of site between the entered points :-( But then I also was thinking that the data, plus our node database, would allow us to generate 'possible' NoCat coverage maps. (And all with a web interface) Cheers, Rich Rich Gibson Rich@testingrange.com http://www.testingrange.com On Fri, 10 Aug 2001, Adam wrote: > Actually the bard.wr.usgs.gov site does have 10 meter DEM's. > > The thing they don't have is a recent DOQ. That would really be cool. We > could see buildings and trees if we had access to that. They do seem to have > DOQ's for everything else. Bummer :( Could be a leftover from the Cold War > seeing as we do have some large microwave communications gear in the heart > of the major metro area. Again that's just an observation ;) > > What were you thinking of using for the display end of your app? VRML or > straight up OpenGL? > > There's a working group doing GIS with VRML called GeoVRML > http://www.geovrml.org , but I don't know what the status of that project > is. > > and here's a cool article from O'Reilly Network on GPS and OpenGL. > > http://oreilly.wirelessdevnet.com/pub/a/wireless/2000/12/08/gps_palm.html > > Cool stuff for sure. I've been playing around with the Sebastopol DEM's a > little bit. It would be nice to be able to plot points and find LoS using > these tools. Of course a web interface would be the way to go ;) > > -Adam > > > ----- Original Message ----- > From: "Jeremy Cooper" > To: "Rich Gibson" > Cc: > Sent: Thursday, August 09, 2001 9:11 PM > Subject: Re: [NoCatNet] Geocoding Application > > > > > > > > On Thu, 9 Aug 2001, Rich Gibson wrote: > > > > > > > > I have created a MySQL based geocoding application, available at: > > > > > > http://www.testingrange.com/geo/geocode2.cgi > > > > > > [ ..... ] > > > > > > I am also working on a point to point elevation display/calculation tool > > > based upon the Digital Elevation Model (DEM) files that are available at > > > the URL we were given at the last meeting: > > > > Hey Rich, that's great! I just want to add a word of warning about the > > DEM files: the best vertical resolution you can download for the > > Sebastopol area is 30 meters! That's very coarse for the kind of work > > we're doing. (But given all the trees in the area, maybe a 100 foot fudge > > factor isn't such a bad idea after all?) > > > > -J > > > > From Steven Lybeck" This is a multi-part message in MIME format. ------=_NextPart_000_00D4_01C12364.74595D80 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hey everybody, I'd like to know what my options are for shooting from a single point to = 4 specific points. I realize that normally this would not be difficult, = but the single point (El Molino high school with bandwidth dying to be = shared) can not be seen from any of the four points. There is a hilltop = which can be seen from all 5 points, and my question is what kind of = equipment can I put on the hill to split the one signal and shoot it at = each of the 4 client points. As I don't own the hill, I'd rather not = have to ask to put power-consuming equipment there, so I'm wondering if = instead there is some way to physically split the signal 4 ways and then = rebroadcast each with a different antenna. If my description makes no sense whatsoever, and you're still interested = in helping me, I've got a an ariel photograph covering all 4 client = points (not the correct terminoligy, what is?) and the gateway at the = high school. Thanks very much for any information you can offer! `````````` Steven Lybeck steven@epochmedia.net Epoch Media http://www.epochmedia.net/ ------=_NextPart_000_00D4_01C12364.74595D80 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
Hey everybody,
 
I'd like to know what my options = are for=20 shooting from a single point to 4 specific points. I realize that = normally this=20 would not be difficult, but the single point (El Molino high school with = bandwidth dying to be shared) can not be seen from any of the four = points. There=20 is a hilltop which can be seen from all 5 points, and my question is = what kind=20 of equipment can I put on the hill to split the one signal and shoot it=20 at each of the 4 client points. As I don't own the hill, I'd = rather=20 not have to ask to put power-consuming equipment there, so I'm wondering = if=20 instead there is some way to physically split the signal 4 ways and then = rebroadcast each with a different antenna.
 
If my description makes no sense = whatsoever, and=20 you're still interested in helping me, I've got a an ariel photograph = covering=20 all 4 client points (not the correct terminoligy, what is?) and the = gateway at=20 the high school.
 
Thanks very much for any information = you can=20 offer!
 
``````````
Steven = Lybeck    =20 steven@epochmedia.net
Epoch = Media        http://www.epochmedia.net/=
 
------=_NextPart_000_00D4_01C12364.74595D80-- _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From Steven Lybeck" This is a multi-part message in MIME format. ------=_NextPart_000_0020_01C12373.E64CF960 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable I've been in contact with a guy who has in-stock about 75 of these = Fujitsu Stylistic 1000's and he's willing to sell them for $59 each with = free shipping if we order 20. So if we can get together an order this = big (I realize it's a pretty large number, but maybe some of you are = setting them up as repeaters or cheap access points and might want = several). I found this guy through Amazon.com auctions,=20 http://s1.amazon.com/exec/varzea/ts/exchange-glance/Y04X0553137X7882135/q= id=3D997675896/sr=3D1-3/ref=3Daps_sr_a_3_3/102-6088264-9672138 where he is selling a few Stylistics that are probably going for 70 or = 80 dollars. He's located in New York, and can be reached by email at = Thebuyerscorner@aol.com . Anyways if any of you are interested in this, just post what you'd want = to buy on the nocat list here. Also, I've never organized or been part of a group buy before, so if = anybody wants to give me some tips and pointers they're certainly = welcome! `````````` Steven Lybeck steven@epochmedia.net Epoch Media http://www.epochmedia.net/ ------=_NextPart_000_0020_01C12373.E64CF960 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
I've been in contact with a guy who has = in-stock=20 about 75 of these Fujitsu Stylistic 1000's and he's willing to sell them = for $59=20 each with free shipping if we order 20. So if we can get together an = order this=20 big (I realize it's a pretty large number, but maybe some of you are = setting=20 them up as repeaters or cheap access points and might want=20 several).
 
I found this guy through Amazon.com = auctions,=20
h= ttp://s1.amazon.com/exec/varzea/ts/exchange-glance/Y04X0553137X7882135/qi= d=3D997675896/sr=3D1-3/ref=3Daps_sr_a_3_3/102-6088264-9672138<= /DIV>
where he is selling a few Stylistics = that are=20 probably going for 70 or 80 dollars. He's located in New York, and can = be=20 reached by email at Thebuyerscorner@aol.com = .
 
Anyways if any of you are interested in = this, just=20 post what you'd want to buy on the nocat list here.
 
Also, I've never organized or been part = of a group=20 buy before, so if anybody wants to give me some tips and pointers = they're=20 certainly welcome!
 
``````````
Steven = Lybeck    =20 steven@epochmedia.net
Epoch = Media        http://www.epochmedia.net/=
 
------=_NextPart_000_0020_01C12373.E64CF960-- _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From terry at nycwireless.net Mon Aug 13 07:09:52 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Mon, 13 Aug 2001 02:09:52 -0400 Subject: NocatAuth v.40 problem Message-ID: <000201c123bf$674511b0$170a0a0a@elfnyh1> When I run the NoCatAuth I get the following error message. I'm just using the stock NoCatAuth with just a gateway install, and the default nocat.conf (I changed all the system parameters to match the default settings). I get the following error messages: [root@localhost root]# [2001-08-13 02:04:17] Resetting firewall. [2001-08-13 02:04:17] Use of uninitialized value in scalar assignment at /usr/local/nocat/lib/NoCat/Firewall.pm line 27, line 1. [root@localhost root]# cd /usr/local/nocat [root@localhost nocat]# more nocat.log [2001-08-13 02:04:17] Gateway running on port 5280. Can't call method "fileno" on an undefined value at /usr/local/nocat/lib/NoCat/Gateway.pm line 53, line 1. System is a Redhat 7.2 beta Roswell with the latest Linux 2.4.8 kernel compiled. Any suggestions on how to fix this? --Terry From schuyler at oreilly.com Mon Aug 13 08:21:19 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Mon, 13 Aug 2001 00:21:19 -0700 Subject: [NoCatNet] NocatAuth v.40 problem References: <000201c123bf$674511b0$170a0a0a@elfnyh1> Message-ID: <3B777FEF.7F0D99BA@oreilly.com> Terry Schmidt wrote: > > When I run the NoCatAuth I get the following error message. I'm just using > the stock NoCatAuth with just a gateway install, and the default nocat.conf > (I changed all the system parameters to match the default settings). > > I get the following error messages: > [root@localhost root]# [2001-08-13 02:04:17] Resetting firewall. > [2001-08-13 02:04:17] Use of uninitialized value in scalar assignment at > /usr/local/nocat/lib/NoCat/Firewall.pm line 27, line 1. You might be missing a firewall parameter in your nocat.conf. Likely culprits are InternalDevice, ExternalDevice, LocalNetwork, AuthServiceAddr, and DNSAddr. DNSAddr is optional, but may trigger this warning if commented out, which is a bug and will be fixed in later versions. > [root@localhost root]# cd /usr/local/nocat > [root@localhost nocat]# more nocat.log > [2001-08-13 02:04:17] Gateway running on port 5280. > Can't call method "fileno" on an undefined value at > /usr/local/nocat/lib/NoCat/Gateway.pm line 53, line 1. This error most often crops up when a gateway process is already running, and another tries to start and bind to port 5280. Since the first one is already bound to 5280, the second one fails silently, with this error. Arguably, this isn't the most descriptive means of throwing this error, so I'm glad you brought it to our attention. This will be fixed in the next rev. If 'killall gateway' followed by '/usr/local/nocat/bin/gateway' doesn't make things work as expected, please please please let us know. Thanks for your bug reports. Meanwhile, we might just release the fixes related to these bug reports as v0.41 later on tomorrow (Monday), if that's fine by everyone. If anyone has issues with "release early and often", I'd love to hear them. SDE From terry at nycwireless.net Mon Aug 13 17:52:51 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Mon, 13 Aug 2001 12:52:51 -0400 Subject: [NoCatNet] NocatAuth v.40 problem References: <000201c123bf$674511b0$170a0a0a@elfnyh1> <3B777FEF.7F0D99BA@oreilly.com> Message-ID: <005401c12418$641b4b90$170a0a0a@elfnyh1> Ok, the problem was I was missing the DNSAddr in the nocat.conf. I added that, and it worked. The Gateway sign in process crash IE on MacOS X though. I'm not sure if this happened because the gateway couldn't get to the Auth server, and thus returned some erroneous code crashing IE, or if it is because the NoCat software is not compatible with IE. This was as far as I got, but it did redirect the Mac Client to the auth.nocat.net server and prompted me for a login. When I logged in is when it crashed. One thing to keep in mind. IE 5 on both Mac OS X & 9.1 will not accept self signed SSL certificates. Stupid IE. Now my additional questions. I'm using the NoCat gateway behind another NAT Linux box. What port forwarding commands do I need to implement to on the NAT machine (both IPtables and IPChains, I'm currently using ipchains.) Next version stuff I would like to see: * I like how the gateway part basically works out of the box. I didn't modify anything except for the DNS entry and it works, and modifying the DNS entry should be fixed in the next version. * In the instructions it says you need to export 3 variables (PERLIB5, NOCAT, and PATH). I didn't need to do this, and hopefully we change these instructions so it is optional, and hopefully not necessary. * Can the installation process be modified so it add a /etc/init.d/nocat and /etc/rc3.d/S60nocat, etc... Also I (as NYC Wirless and also Personal Telco) would like to see a third install option as active portal. Differences in Active Portal mode: * No auth server is needed * after the user accepts the AUP they are let out onto the internet * SSL is not needed (or is it). Some clients will be able to have a web browser, but not an SSL web browser. For example people using Handsprings with 802.11b modules. We have two active members here in NYC who uses them. * optionally the server goes out and give the AUP / splash page, otherwise it displays a local AUP / splash page. Sidenote: I know some NYC wireless members (an probably Personal Telco members) are going to be interested in running their WLANs as Captive Portals rather than Active Portals. I want to facilitate this also, so I would be interested in setting up a permanent fault tolerant Auth server in conjunction with auth.NoCat.net with the database replicating between the two. Just something to keep in mind for the long run. --Terry -- off to go buy more wires for building wireless networks. Where have all my crossover cables gone. From rob at oreillynet.com Mon Aug 13 19:02:56 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Mon, 13 Aug 2001 11:02:56 -0700 (PDT) Subject: [NoCatNet] NocatAuth v.40 problem In-Reply-To: <005401c12418$641b4b90$170a0a0a@elfnyh1> Message-ID: On Mon, 13 Aug 2001, Terry Schmidt wrote: > Ok, the problem was I was missing the DNSAddr in the nocat.conf. I added > that, and it worked. Cool. That was only a warning, and will still run without it (i.e., if you're running a local caching DNS server, which is probably a good idea.) It will definitely be fixed in the next release. > The Gateway sign in process crash IE on MacOS X though. Interesting. We didn't have an OSX box to test with, although we did have an OS 9.1 w/ IE5. It worked fine after telling it that the SSL cert was okay. We're applying for a registered cert this week, so that shouldn't be an issue shortly anyway. It *shouldn't* be crashing IE, though... I believe I can get my hands on an OS X box to test with, hopefully before the next release. > I'm using the NoCat gateway behind another NAT Linux box. What port > forwarding commands do I need to implement to on the NAT machine (both > IPtables and IPChains, I'm currently using ipchains.) Just forward TCP port 5280: In Linux 2.2.x: /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L $REAL 5280 -R $NAT 5280 You can get ipmasqadm from http://juanjox.kernelnotes.org/. This might even work in 2.4 with the ipchains compatibility built in, but I'm not sure. I can't find an example just now on how to do it natively; I'll post it when I find one. These examples will be included in the next release as well (there's all sorts of fun and strange stuff in that nocat/etc directory!) > * In the instructions it says you need to export 3 variables (PERLIB5, > NOCAT, and PATH). I didn't need to do this, and hopefully we change these > instructions so it is optional, and hopefully not necessary. These are only necessary if you move the installation out of /usr/local/nocat, and if the system tools and gpgv aren't in your PATH by default. I suppose the instructions could be a bit clearer (and will be next round.) > * Can the installation process be modified so it add a /etc/init.d/nocat and > /etc/rc3.d/S60nocat, etc... Good point. It's on the list. > Also I (as NYC Wirless and also Personal Telco) would like to see a third > install option as active portal. > Differences in Active Portal mode: > * No auth server is needed > * after the user accepts the AUP they are let out onto the internet > * SSL is not needed (or is it). Some clients will be able to have a web > browser, but not an SSL web browser. For example people using Handsprings > with 802.11b modules. We have two active members here in NYC who uses them. > * optionally the server goes out and give the AUP / splash page, otherwise > it displays a local AUP / splash page. Here's a question: how do we know that the user is finished with their session, if they don't login? Ideally, we will do a soft timeout with ping, but this isn't implemented yet (again, on the list, but not ready yet.) Would a timeout be an acceptable compromise until the soft pings come together? What's a reasonable timeout value (say, half hour)? > I know some NYC wireless members (an probably Personal Telco members) are > going to be interested in running their WLANs as Captive Portals rather than > Active Portals. I want to facilitate this also, so I would be interested in > setting up a permanent fault tolerant Auth server in conjunction with > auth.NoCat.net with the database replicating between the two. Damned straight. This thing should be indestructable, and preferably live on separate networks entirely. The current auth system is co/lo'd (no, it's not running on a 386 on my home DSL line. ;) The backend is MySQL, so there's no reason we couldn't replicate to other servers. One requirement is that all auth services need to have their own SSL cert. Another issue is going to be dealing with what happens when one goes down (the current gateway code only forwards the user to the auth service specified in the nocat.conf... Either dynamic DNS or the ability to pull from a list of permitted auth services is in order...) Do we want roaming by default? As it stands, any member with a status flag set to non-zero is considered a co-op member, and otherwise is a public class user. We could use this flag to specify which group(s) the user belongs to, although this starts getting complicated to manage. Personally, I think that if you're a co-op member somewhere, you should be one everywhere (as long as we trust our co-ops. =) What do you think? Anyway, look for a release in the next couple of days to address these issues... --Rob From michael at civis.com Mon Aug 13 19:23:51 2001 From: michael at civis.com (Michael Codanti) Date: Mon, 13 Aug 2001 11:23:51 -0700 Subject: [NoCatNet] NocatAuth v.40 problem References: Message-ID: <01da01c12425$1a405c60$911e3589@ohsu.edu> > Here's a question: how do we know that the user is finished with their > session, if they don't login? Ideally, we will do a soft timeout with > ping, but this isn't implemented yet (again, on the list, but not ready > yet.) Would a timeout be an acceptable compromise until the soft pings > come together? What's a reasonable timeout value (say, half hour)? I would say even shorter than that, if it can be based on traffic... In the document from the message I forwarded below they say that the implicit logoff time should be NO MORE than 5 minutes of inactivity... The smaller the window, the less likely someone is to be able to sneak in and use someones auth when they are done. > Anyway, look for a release in the next couple of days to address these > issues... I can't wait to get a chance to start playing with it. Michael ************************************ Message from BAWUG group about Captive Portals and W-ISP roaming: > OK cats, > > Remember the thread from last April/May about the > WECA-aligned/affiliated group named 'WISPr' who was looking to > standardize 'roaming' betweeen 802.11 ISPs? > > Well, it looks like they're about to release a 'Best Practices' doc. > > Status of this Memo > This document specifies an Internet Best Common Practices for the > Internet community and solicits for comments, suggestions and > improvements. This document does not specify an Internet standard of > any kind, but does rely on the operational application of > standards-based protocols and methodologies. Distribution of this > memo is unlimited pending ratification of the WECA board and release > by the WISPr chair. > > Abstract > WISPr is a working group of WECA members who have come together to > develop the recommended operational practices, technical architecture, > AAA framework, and settlement parameters needed to enable subscriber > roaming among Wi-Fi Internet service providers (WISP). The primary > objective of this group is to provide a seamless user experience as > relates to access, availability, performance, billing, technical > support, and customer service when roaming on another provider's > network. > > The original is in Word97 format. I've made it available as well as > an HTML-converted version: > > ftp://smallworks.com/pub/Wisprdraft_0808011.doc > ftp://smallworks.com/pub/Wisprdraft_0808011.html > > I haven't scanned the Word version for viri, etc. (I don't run > Windows any longer.) Cavet downloader. > > -- > C++ is like jamming a helicopter inside a Miata and expecting some > sort of improvement. -- Drew Olbrich From terry at nycwireless.net Mon Aug 13 19:51:06 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Mon, 13 Aug 2001 14:51:06 -0400 Subject: [NoCatNet] NocatAuth v.40 problem References: Message-ID: <002c01c12428$e90698e0$c47a5c42@ELFNY05> > Cool. That was only a warning, and will still run without it (i.e., if > you're running a local caching DNS server, which is probably a good idea.) > It will definitely be fixed in the next release. For me it wasn't a warning, because I wasn't running a local DNS cache. It just stopped it from working. How about if the setting is not set to automatically use the nameserver entries in /etc/resolv.conf. > Interesting. We didn't have an OSX box to test with, although we did have > an OS 9.1 w/ IE5. It worked fine after telling it that the SSL cert was > okay. We're applying for a registered cert this week, so that shouldn't be > an issue shortly anyway. It *shouldn't* be crashing IE, though... I > believe I can get my hands on an OS X box to test with, hopefully before > the next release. I'll test it again and see why it crashed. I wasn't able to get it working over the wireless (because for some reason the SMC ethernet card wouldn't talk to the apple airport base station over a crossover cable, and the SMC ethernet card wouldn't talk to a hub. It's probably a full duplex problem). > Just forward TCP port 5280: Is there anyway that the Gateway can be redesigned not to need port forwarding. This will really hamper the rollout in the longer term if we have to reconfigure every NAT box between the gateway and the auth server. I would put this the list as a high priority item. I was truely amazed how easy the installation went, especially considering it is still in beta. Congratulations to everyone who worked on it! I looked at the nocat.conf file, and changed all the settings on th system to match the conf file instead of changing the conf file (just subneting on wireless side, and eth1 vs eth0). All it then required was: For everyone else. Simpe NoCat Auth instructions on redhat 7.1, 7.2: 1. Install the 2.4.8 Linux Kernel with IPTables (also called Netfilter) enabled. [This is probably the hardest part] 2. Make sure your eth0 your internet connection (or change nocat.conf) 3. Make sure your your eth1 your NAT/Wireless network (or change nocat.conf) 4. Use IP address 10.0.1.1 for the Gateway on the NAT network, and a subnet mask of 255.255.255.0 (or change nocat.conf) 5. uncompress nocat tarball. 6. make gateway 7. edit /usr/local/nocat/nocat.conf and add the DNS entry (should be fixed in next release) 8. /usr/local/nocat/bin/gateway & Done > Here's a question: how do we know that the user is finished with their > session, if they don't login? Ideally, we will do a soft timeout with > ping, but this isn't implemented yet (again, on the list, but not ready > yet.) Would a timeout be an acceptable compromise until the soft pings > come together? What's a reasonable timeout value (say, half hour)? The model for the active portal is sightly different than the captive portal. You are not concerned about someone spoofing your connection and trying to get throught the gateway under your identity because anyone can just logon and click yes on the AUP and get the same priviliges. 1. User associates with the network, get DHCP address, loads web browser, and get redirected to AUP/first page (doesn't have to be SSL since your not passing any data you mind being sniffed). 2a. User clicks yes on AUP, and IPTables is updated to let that MAC address out the internet for 1 day. The only reason why I want a 1 day timeout on the logon is that I want them to read the first page/aup in case it is updated. Also allows for splash page in case the node is sponsered by someone. Splashes will be very tasteful and small though, and will not put up any additional windows. 2b. If the user clicks no on the AUP, then they are just allowed to local network resources. [Sidenote: I want to make these public networks valuable onto themselves without a connection to the internet (ala SeattleWireless a little bit). I want people to be able to do network installs of Debian, FreeBSD, etc from a mirror on the local gateway server. I want to be able to enjoy services off of the local gateway machine at the full 11mbps (or real world 4mbps).] If the IPtables is doing the authetication/verification of passing network traffic based on MAC addresss and not IP address, then I don't really care much about the timeout so just set it at one day. In the active portal mode, I'm not concerned much about people trying to jump in on someone else's connection/signon because anyone can sign on just by clicking yes, and get the same priviliges as the person they just tried to spoof. If you want to do the hard work to find out how to spoof your mac address and get out to the internet without clicking yes on my AUP, then so be it, I'm not going to try and stop you. RIDS is going to be responsible for stopping malicious traffic, not the active portal. Michael Codanti posted that the time limit should be 5 minutes for the Captive portal. That is fine for the captive portal model where you are trying to ensure that a malicious user doesn't try and tag on to the end of an authenticated user. For the active portal model you don't really care to much about stopping a malicous user from doing that. Your not using the active portal as a security device, you are just using it as a legal device, and a first page splash screen. > Damned straight. This thing should be indestructable, and preferably live > on separate networks entirely. The current auth system is co/lo'd (no, > it's not running on a 386 on my home DSL line. ;) The backend is MySQL, > so there's no reason we couldn't replicate to other servers. One > requirement is that all auth services need to have their own SSL > cert. Another issue is going to be dealing with what happens when one goes > down (the current gateway code only forwards the user to the auth service > specified in the nocat.conf... Either dynamic DNS or the ability to pull > from a list of permitted auth services is in order...) I have a place for a NYC based auth server at a client's site. It would be dual-homed on two business class DSL lines (one 1.5mbps SDSL, and one 7mbps ADSL, different CLECs incase Verizon forgets what uptime means, or Covad goes under). I'm sure as time goes forward someone would volunteer some better connected colo-space. I have no problem paying for a SSL cert for the NYC auth server. I think how the gateway should work so that it should have a list of permitted auth servers, and should just go down them in order if the first one fails. Can MySQL do encrypted replication? > Do we want roaming by default? As it stands, any member with a status flag > set to non-zero is considered a co-op member, and otherwise is a public > class user. We could use this flag to specify which group(s) the user > belongs to, although this starts getting complicated to > manage. Personally, I think that if you're a co-op member somewhere, you > should be one everywhere (as long as we trust our co-ops. =) Roaming on could be a simple option in the gateway. (Enable inter-group roaming option) I think roaming should be on by default, as long as we have some method to ensure that the co-op member database is accruate. I guess this will require someone to hand validate a co-op members. One of the great thing about our groups is that we already work together to a high degree. (And that we all have different fortes). Another topic of discussion: Now what makes a person a "co-op member"? If they put up a node? What about if you can't put up a node? Can a node owner get 5 of his friends "co-op member" status since he put up a node? Are there minimum requirements for nodes? --Terry From frankb at efball.com Mon Aug 13 21:20:28 2001 From: frankb at efball.com (E Frank Ball) Date: Mon, 13 Aug 2001 13:20:28 -0700 Subject: [NoCatNet] signal-splitting questions In-Reply-To: <00d701c1239f$21a331c0$c5665d3f@lybeck>; from stellar678@yahoo.com on Sun, Aug 12, 2001 at 07:24:49PM -0700 References: <00d701c1239f$21a331c0$c5665d3f@lybeck> Message-ID: <20010813132028.A25959@zouave.sonic.net> } On Sun, Aug 12, 2001 at 07:24:49PM -0700, Steven Lybeck wrote: } } I'd like to know what my options are for shooting from a single point to } 4 specific points. I realize that normally this would not be difficult, } but the single point (El Molino high school with bandwidth dying to be } shared) can not be seen from any of the four points. There is a hilltop } which can be seen from all 5 points, and my question is what kind of } equipment can I put on the hill to split the one signal and shoot it at } each of the 4 client points. As I don't own the hill, I'd rather not } have to ask to put power-consuming equipment there, so I'm wondering if } instead there is some way to physically split the signal 4 ways and then } rebroadcast each with a different antenna. You could use a 5 way power splitter/combiner. The PCMCIA card connects to one port and the four antennas connect to the other ports. You will get about 8 to 9dB of loss between the card and each antenna from the splitter, more for the cabling. This loss will affect both transmitted and recieved signal, so that will really hurt your range since your losing almost 90% of your signal. I did a quick check in an out of date Mini-Circuits catalog and they don't have any 5 way splitters that go to 2.5G, but an 8 way with SMA connectors was $140 which gives you a ballpark price. Compare this performance with 25dB gain antennas to using no splitter and a much less directional antenna that can hit all four sites and compare the overall gain. Or you could put in 4 PCMCIA cards, or some combination inbetween. I have no idea how far apart the sites are. -- E Frank Ball efball@efball.com From terry at nycwireless.net Mon Aug 13 22:55:51 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Mon, 13 Aug 2001 17:55:51 -0400 Subject: NoCat Auth .40 gateway report Message-ID: <005001c12442$b946c930$170a0a0a@elfnyh1> Ok, I got the gateway up and running. Here is a report of my testing of it: Windows 2000 SP1 IE 5.00.3315.1000 SP2 128bit Functions ok. Logout button is broken. "Page cannot be displayed" One suggestion is that you may want to make the nocat login agent window a quicksand window (so that when you close it, it just opens up another duplicate one), thus forcing the user to use the logout button. MobileStar does this. Windows 2000 SP1 Netscape 4.77 128bit Functions ok. Logout button is broken. "There was no response. The server could be down or not responding" Still lets me through the gateway after I have selected logout button Mac OS 10.0.4 Internet Explorer 5.1 Preview Release 5.1b1 (3048) Graphic Images do not display After logon The applicaiton Internet Explorer has unxpectedly quit. The system and other applications have not been affected. Mac OS 10.0.4 Running in Os 9.1 compatiblity mode Internet Explorer 5 Graphic Images do not display After logon Security failure. Data decryption error. System Partially Locks Must force quit the finder Mac OS 9.1 IE 5.0 (2022) with time and date improperly set Graphic Images do not display Just clicking on Logon without putting in any login or password Error "Security Failure. Data decryption error." Hard system lock. must ctrl-alt-delete Mac OS 9.1 IE 5.0 (2022) with time and date properly set Error "Security failure. data decryption error." Lets me through the gateway. Nocat auth agent window loads but is empty/blank. Mac OS 9.1 Netscape 4.75 Functions ok. Logout button is broken. Please let me know how I can help with the NoCat Auth software. --Terry From michael at civis.com Mon Aug 13 23:08:59 2001 From: michael at civis.com (Michael Codanti) Date: Mon, 13 Aug 2001 15:08:59 -0700 Subject: [NoCatNet] NocatAuth v.40 problem References: <002c01c12428$e90698e0$c47a5c42@ELFNY05> Message-ID: <033b01c12444$8e0123e0$911e3589@ohsu.edu> > The model for the active portal is sightly different than the captive portal. > You are not concerned about someone spoofing your connection and trying to get > throught the gateway under your identity because anyone can just logon and click > yes on the AUP and get the same priviliges. > 1. User associates with the network, get DHCP address, loads web browser, and > get redirected to AUP/first page (doesn't have to be SSL since your not passing > any data you mind being sniffed). > 2a. User clicks yes on AUP, and IPTables is updated to let that MAC address > out the internet for 1 day. The only reason why I want a 1 day timeout on the > logon is that I want them to read the first page/aup in case it is updated. > Also allows for splash page in case the node is sponsered by someone. Splashes > will be very tasteful and small though, and will not put up any additional > windows. > > Michael Codanti posted that the time limit should be 5 minutes for the Captive > portal. That is fine for the captive portal model where you are trying to > ensure that a malicious user doesn't try and tag on to the end of an > authenticated user. For the active portal model you don't really care to much > about stopping a malicous user from doing that. Your not using the active > portal as a security device, you are just using it as a legal device, and a > first page splash screen. I really think we want them to have to accept the AUP everytime they come in.. We are using it as a CYA policy, and for the time it takes them to click through is well worth it.. How do you know that it is the same person coming back 10 hours later? Also, how would the NoCatAuth know it is the same person? I am assuming we will set the DHCP to a 10 minute lease time (or less)... So maybe the NoCatAuth can check and see when the DHCP lease has expired, and log the user out, that way it doesn't have to watch for traffic any other way. In fact like Adam suggested, NoCatAuth should have an option to deny access to anyone who's IP and MAC don't match the local DHCP server. (I say option, because you are allowing people to use a different DHCP server) Then if the DHCP server could notify NoCatAuth when a lease expires... I think this would help in making a secure system... What does everybody else think? Michael From rob at oreillynet.com Tue Aug 14 00:44:01 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Mon, 13 Aug 2001 16:44:01 -0700 (PDT) Subject: [NoCatNet] NocatAuth v.40 problem In-Reply-To: <002c01c12428$e90698e0$c47a5c42@ELFNY05> Message-ID: On Mon, 13 Aug 2001, Terry Schmidt wrote: > For me it wasn't a warning, because I wasn't running a local DNS cache. Ah yes. > How about if the setting is not set to automatically use the nameserver > entries in /etc/resolv.conf. The DNS server passthrough should point at a trusted, secured DNS server. Pointing it at your ISP's DNS server could potentially be a bad thing, as you're now allowing unauthenticated requests to pass through to it (if it's running BIND 8, someone could theoretically root it from the wireless.) I suppose if it issues a warning to the effect of "Warning: DNS server not found, using default from /etc/resolv.conf" at startup that it would be okay... The installation instructions *are* there for a reason. =) > Is there anyway that the Gateway can be redesigned not to need port > forwarding. This has been a matter of much debate. The only way we've come up with is to do connect-forward from the gateway, which is non-trivial. The big issue is, how can the auth service trust that the wireless gateway is legitimate? We don't want to pass sensitive information to the gateways, and we don't want to deal with secret key management issues if we can help it. One way of implementing it that we've talked about is this: * User gets a lease, and gets redirected to the auth service * Gateway detects this and immediately connects to the auth service as well, and asks for the outcome of the transaction keyed by the random token that was issued to the client * The server holds the connection open long enough to send its response to the gateway, signed with its GPG key. This won't scale to thousands of simultaneous users, as each pending auth verification would require an open TCP stream. But on a small scale, it might work. Intermediary network strangeness would kill connections as well (where the connect-back is pretty robust, and can be retried...) > This will really hamper the rollout in the longer term if we have to > reconfigure every NAT box between the gateway and the auth server. The reasoning behind leaving the connect-forward implementation until later is that people probably shouldn't be running a free wireless gateway from NAT'd networks that they can't put port forward rules on (i.e. hotel networks, at schools, from behind corporate firewalls, etc.) If you really want to do that, use vtun to make yourself a real IP address, or wait until connect-back gets implemented (again, see nocat/etc/). Patches, as always, are welcome. ;) > I was truely amazed how easy the installation went, especially > considering it is still in beta. Glad to hear it! We're getting really close to an actual release (once more people start jumping on it and break it...) > Simpe NoCat Auth instructions on redhat 7.1, 7.2: > ... Neat. I'd like to spiffy this up and include it in the next INSTALL doc (with full credit to you, and your permission, of course.) > The model for the active portal is sightly different than the captive > portal. You are not concerned about someone spoofing your connection > and trying to get throught the gateway under your identity because > anyone can just logon and click yes on the AUP and get the same > priviliges. Ah, an Open Portal. Should be very straightforward to run, especially with a one day timeout... We currently track the users by interface, IP address, and MAC address. Packets will not flow unless they match all of the above, for the person who logged in (i.e. no IP camping, sending bad packets down the wire, etc.) We could just keep track of that information, and expire the FWMark flag after a timeout, so it will revert to displaying the splash screen. I think we could get that in by the next minor release. The ping soft timeout will probably take a little longer. > I have a place for a NYC based auth server at a client's site. It would be > dual-homed on two business class DSL lines (one 1.5mbps SDSL, and one 7mbps > ADSL, different CLECs incase Verizon forgets what uptime means, or Covad goes > under). That sounds great. The auth service install isn't anywhere near as clean as the gateway install, but it's not too terrible. I'd be happy to help you get one going, but you might want to wait until the release stabilizes a bit. We're still adding features. > Can MySQL do encrypted replication? Not natively, but it works great over an SSH tunnel. > Another topic of discussion: Now what makes a person a "co-op member"? > If they put up a node? What about if you can't put up a node? Can a > node owner get 5 of his friends "co-op member" status since he put up a > node? Are there minimum requirements for nodes? You've got to come to a consensus for you local group. Right now, we have six co-op members, as they've all contributed SOMETHING (bandwidth, coordinated a group buy, setup for the meetings, wrote software, are running a node, whatever.) Our group is exceedingly informal, your mileage may vary. But, I trust your judgement in establishing coop status requirements for NYC. Just like I trust Matt W. and Matt P. and Matt A. and Adam S., etc... I'm happy to defer to the locals to figure out what works best for them. --Rob From schuyler at oreilly.com Tue Aug 14 00:46:56 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Mon, 13 Aug 2001 16:46:56 -0700 Subject: [NoCatNet] NocatAuth v.40 problem References: <002c01c12428$e90698e0$c47a5c42@ELFNY05> <033b01c12444$8e0123e0$911e3589@ohsu.edu> Message-ID: <3B7866F0.83D7D007@oreilly.com> Michael Codanti wrote: > > I really think we want them to have to accept the AUP everytime they come > in.. We are using it as a CYA policy, and for the time it takes them to > click through is well worth it.. How do you know that it is the same person > coming back 10 hours later? MAC address. Since this isn't a security feature, so what if people can spoof? > In fact like Adam suggested, NoCatAuth should have an option to deny access > to anyone who's IP and MAC don't match the local DHCP server. (I say option, > because you are allowing people to use a different DHCP server) Then if the > DHCP server could notify NoCatAuth when a lease expires... Not a terrible idea, but it depends on a pretty big "if" ... probably require hacking on a DHCP server. (*looks around for someone who's done that recently*) Anyway, I really want to avoid tying the implementation to *too* many external programs. I'd be curious to hear further exploration of this idea, though, and patches are always welcome. SDE From schuyler at oreilly.com Tue Aug 14 03:49:52 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Mon, 13 Aug 2001 19:49:52 -0700 Subject: [NoCatNet] NocatAuth v.40 problem References: Message-ID: <3B7891D0.EA32DE4C@oreilly.com> Rob Flickenger wrote: > > > Is there anyway that the Gateway can be redesigned not to need port > > forwarding. > > One way of implementing it that we've talked about is this... Another, slightly more robust, way is this: * User gets a lease, gets redirected to the auth service. * User authenticates to the auth service, gets redirected back to the gateway. * Gateway knows that the user has already tried to authenticate to the auth service, so it holds the user connection open, while it initiates an SSL connection to the auth service to find out what the result was. The gateway doesn't necessarily have to authenticate to the auth service, since the auth service knows its IP. (Which is, yes, spoofable.) * Auth service now has to keep track of who logged in when, and the gateway and auth service now need to have a common notion of what time it is. Given this, the auth service could verify or deny that the user in question had actually logged in, with the PGP-signed message or not. * The gateway could then *either* redirect the user on their way, *or* send them back to the auth service to try again. Hopefully, it is evident that this method requires a lot more of the gateway in terms of CPU time, bandwidth, and prerequisite software. We really felt that our original connect-back solution was more robust than this "connect-forward", but if there's enough demand, we could be persuaded to accept patches or maybe hack something together. > Ah, an Open Portal. Should be very straightforward to run, especially > with a one day timeout ... I think we could get that in by the next minor release. The ping > soft timeout will probably take a little longer. I concur. > > Another topic of discussion: Now what makes a person a "co-op member"? > > If they put up a node? What about if you can't put up a node? Can a > > node owner get 5 of his friends "co-op member" status since he put up a > > node? Are there minimum requirements for nodes? > > You've got to come to a consensus for you local group. Right now, we have > six co-op members, as they've all contributed SOMETHING... But, I trust your > judgement in establishing coop status requirements for > NYC... I'm happy to defer to the locals to figure out what works best for them. One possibility that occurred to me is this... We really could use the "membership" field to indicate which group a user is a validated member of. That way node owners could elect to allow member-class access to groups of their choice, or they could offer access to the magical "ANY" group (a la ESSID) ... I'm all for using a unified database to put the power into the hands of the node owners. I would even be in favor of shipping NoCatAuth with the MemberGroups parameter set to "ANY" by default... Then we could allow local co-op admins to offer their standard "stamp of approval" to anyone in the common database, without having to worry about whether other groups are adhering to the same standards. Sort of a web of trust kind of thing, to which each node can subscribe as fully as they care to. Thoughts, comments, flames? SDE SDE From schuyler at oreilly.com Tue Aug 14 03:55:49 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Mon, 13 Aug 2001 19:55:49 -0700 Subject: [NoCatNet] NoCat Auth .40 gateway report References: <005001c12442$b946c930$170a0a0a@elfnyh1> Message-ID: <3B789335.9D396E12@oreilly.com> Terry Schmidt wrote: > > Ok, I got the gateway up and running. Here is a report of my testing of it: > > Windows 2000 SP1 IE 5.00.3315.1000 SP2 128bit > Functions ok. > Logout button is broken. "Page cannot be displayed" What does "broken" mean? Also, is there any way we can get more specific data on the error messages? > One suggestion is that you may want to make the nocat > login agent window a quicksand window (so that when you close it, it just > opens up another duplicate one), thus forcing the user to use the logout > button. MobileStar does this. Hrm, I find it annoying when websites do this, but maybe it wouldn't be a bad idea for the NoCat Auth stuff to do it, on account of there being a good reason for it, and all. Thoughts, anyone? > Mac OS 9.1 IE 5.0 (2022) with time and date improperly set I thought we tested this with OS 9.1? "Someone throw me a fricken bone here..." ;-) Seriously, I'm not a Mac user. Please, tell me what to do to fix it and I'll fix it. Or submit a patch. :-) > Mac OS 9.1 Netscape 4.75 > Functions ok. > Logout button is broken. Again, what's meant by "broken"? Image doesn't come up? Can't click on it when it does? Can click on it, but page reloads and nothing happens? Thanks so much for your testing and bug reports. We'll lick 'em, I tell ya! SDE From rob at oreillynet.com Tue Aug 14 06:50:22 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Mon, 13 Aug 2001 22:50:22 -0700 (PDT) Subject: [NoCatNet] NocatAuth v.40 problem In-Reply-To: <3B7891D0.EA32DE4C@oreilly.com> Message-ID: On Mon, 13 Aug 2001, Schuyler Erle wrote: > One possibility that occurred to me is this... We really could use the > "membership" field to indicate which group a user is a validated member > of. That way node owners could elect to allow member-class access to > groups of their choice, or they could offer access to the magical "ANY" > group (a la ESSID) ... Heh. Cute. The only problem with ANY is that it's an all-or-nothing (i.e., either I'm a nobody, or a NoCat, or an ANY. What if I'm a PTP and Seattle member, but nothing else?) We could always do bit math, using the status flag 0 as public, and 255 as ANY. That could accomodate up to eight groups to roam between (we'd have to go to two chars to support more.) Plus we'd have to agree on the numbering scheme. But it could work, and the math would be simple and extensible. > I would even be in favor of shipping NoCatAuth with the MemberGroups > parameter set to "ANY" by default... I like that. You don't like it, READ THE FINE MANUAL. > Then we could allow local co-op admins to offer their standard "stamp of > approval" to anyone in the common database, without having to worry > about whether other groups are adhering to the same standards. Sort of a > web of trust kind of thing, to which each node can subscribe as fully as > they care to. Very good. Leave it up to the node owners! --Rob From schuyler at oreilly.com Tue Aug 14 07:03:53 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Mon, 13 Aug 2001 23:03:53 -0700 Subject: A Million Points of Light (was: NocatAuth v.40 problem) References: Message-ID: <3B78BF49.3D4FF410@oreilly.com> Rob Flickenger wrote: > > On Mon, 13 Aug 2001, Schuyler Erle wrote: > > > One possibility that occurred to me is this... We really could use the > > "membership" field to indicate which group a user is a validated member > > of. That way node owners could elect to allow member-class access to > > groups of their choice, or they could offer access to the magical "ANY" > > group (a la ESSID) ... > > Heh. Cute. The only problem with ANY is that it's an all-or-nothing > (i.e., either I'm a nobody, or a NoCat, or an ANY. What if I'm a PTP and > Seattle member, but nothing else?) We could always do bit math... Bit math, hell. We set up a many-to-many relationship in the database between users and co-ops, so as many co-ops can certify you as care to. Then, when you authenticate to the auth service, it reports (for example): Class SeattleWireless PersonalTelco This will either match or not match the nocat.conf configuration option on the *gateway* (for example): AcceptMembers SeattleWireless NYCWireless In this case, the Seattle and PTP groups certify you as a member. The node you're connecting to accepts Seattle and NYC memberships. Bingo, you're in. Of course, the following configuration will accept any membership for member-class service: AcceptMembers ANY (Or perhaps the absence of an AcceptMembers configuration will have the same implicit effect.) Web of trust, you see, or, not quite a web, but something with multiple sources, like a thundercloud of trust or something... Anybody got a good term for this model? How about a notion as to how or why it might be a bad idea? Anybody got a better idea? Recalling, of course, that our main design principle is KISS... SDE From terry at nycwireless.net Tue Aug 14 17:18:23 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Tue, 14 Aug 2001 12:18:23 -0400 Subject: NoCatAuth continued discussion References: Message-ID: <005a01c124dd$4405d5d0$170a0a0a@elfnyh1> Take off the todo list to test the Gateway behind a NAT device. I've tested it and it works with the port forwarding commands that Rob sent me. Just for the records I was using Debian 2.2r3 with Linux 2.2.18 kernel and IPChains as the NAT device. Rob Flickenger said: >The reasoning behind leaving the connect-forward implementation until later >is that people probably shouldn't be running a free wireless gateway from >NAT'd networks that they can't put port forward rules on (i.e. hotel >networks, at schools, from behind corporate firewalls, etc.) If you really >want to do that, use vtun to make yourself a real IP address, or wait until >connect-back gets implemented (again, see nocat/etc/). Patches, as always, >are welcome. ;) Understood. I'm more of the camp of the Active Portal philosophy, which doesn't require the port forwarding behind NAT devices, but I wish also to be fully supportive of the Captive Portal philosophy. I wish to see both succeed. In order for these Captive portals to be everywhere it needs to be very easy to install. I forsee the Captive Portal being used in the BAWUG custom dual pcmcia computer on a board APs. I forsee the Captive Portal being used in simple cdrom distrubtions of gateway machines. Just drop it in, and your old pentium 133 with dual nics get converted to a free community wireless gateway. Both of these can be easily used by newbies. Newbies may not know how to or want to go into their NAT device and change the portforwarding rules. The NAT device may be of limited functionality, and only support port forwarding of well know ports, like 80. Maybe the port-forwarding-less version can be a v2 feature. I really like the design of the current system as it is secure, simple, and clean, and don't want to complicate it with my ideas. >The DNS server passthrough should point at a trusted, secured DNS server. >Pointing it at your ISP's DNS server could potentially be a bad thing, as >you're now allowing unauthenticated requests to pass through to it (if it's >running BIND 8, someone could theoretically root it from the wireless.) I >suppose if it issues a warning to the effect of "Warning: DNS server not >found, using default from /etc/resolv.conf" at startup that it would be >okay... The installation instructions *are* there for a reason. =) Ahh. Understood. Your suggestion about having it default to /etc/resolv.conf if nothing is specified in the .conf file with the warning sounds like the best solution to brainless installs. Regarding the NYC fault tolerant Auth Server. This sounds like a great idea. I'll wait until the next release to do this. I like the fact that this is a universal solution to the captive/active portal issue, and I want to make it easy and reliable for anyone to use it. Regarding the web of trust multiple AcceptMembers idea of Schuyler Erle: This is perfect. That way node owners, and local groups can say, "Hey we know that SeattleWireless is doing their database part right, we trust them, so all their co-op members get to use our system to. That TimbuktoWireless group has screwed up there database and allows anyone to be a co-op member, so we aren't going to accept their members with reciprocity, instead they will have to use the public access. My perl programming skills are basically non-existent, so I will reside my self to testing and documentation. --Terry From terry at nycwireless.net Tue Aug 14 17:28:24 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Tue, 14 Aug 2001 12:28:24 -0400 Subject: [NoCatNet] NoCat Auth .40 gateway report References: <005001c12442$b946c930$170a0a0a@elfnyh1> <3B789335.9D396E12@oreilly.com> Message-ID: <007101c124de$23ea6cb0$170a0a0a@elfnyh1> > > Windows 2000 SP1 IE 5.00.3315.1000 SP2 128bit > > Functions ok. > > Logout button is broken. "Page cannot be displayed" > What does "broken" mean? Also, is there any way we can get more specific > data on the error messages? > Again, what's meant by "broken"? Image doesn't come up? Can't click on > it when it does? Can click on it, but page reloads and nothing happens? When you click the logout button nothing happens. Eventually you get the standard IE error message that "Page cannot be displayed" because it has timed out. After you click the logout button, you can still get through the gateway. I don't know if it is supposed to disallow your internet pass-through access after you have selected log-out, or if it waits for the timeout.??? I'll try to give more detailed error reports in the future, and try and find out why it failed. I just wanted to post a quick summary of my usage of the NoCatAuth gateway. --Terry From rob at oreillynet.com Tue Aug 14 18:03:31 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Tue, 14 Aug 2001 10:03:31 -0700 (PDT) Subject: [NoCatNet] NoCat Auth .40 gateway report In-Reply-To: <007101c124de$23ea6cb0$170a0a0a@elfnyh1> Message-ID: On Tue, 14 Aug 2001, Terry Schmidt wrote: > When you click the logout button nothing happens. Eventually you get the > standard IE error message that "Page cannot be displayed" because it has > timed out. After you click the logout button, you can still get through the > gateway. Hmm. That shouldn't be. As far as logging out goes, were you going to the same site you had open originally (after clicking logout), or did you try a new site? The firewall rules as they're written don't drop established connections, just new ones. Most browsers have 'keep-alive' enabled, and leave a TCP stream open to the web server for some timeout value... This is arguably a bug in logout, and I'm working on refining the rules. Of course, if you could connect to new sites after logging out, this is definitely a problem. In our tests (with MacOS 9.1 + IE 5) it worked as it should... I'll ask our Mac guy exactly what version of everything he was using. --Rob From michael at civis.com Tue Aug 14 18:26:16 2001 From: michael at civis.com (Michael Codanti) Date: Tue, 14 Aug 2001 10:26:16 -0700 Subject: [NoCatNet] NoCatAuth continued discussion References: <005a01c124dd$4405d5d0$170a0a0a@elfnyh1> Message-ID: <00a101c124e6$39918280$911e3589@ohsu.edu> > Take off the todo list to test the Gateway behind a NAT device. I've tested > it and it works with the port forwarding commands that Rob sent me. Just > for the records I was using Debian 2.2r3 with Linux 2.2.18 kernel and > IPChains as the NAT device. Great! Now I haven't had a chance to try it yet, but should NoCatAuth work if the NoCatAuth box is a NAT box as well as running the NoCatAuth service? Michael From rob at oreillynet.com Tue Aug 14 19:21:26 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Tue, 14 Aug 2001 11:21:26 -0700 (PDT) Subject: [NoCatNet] NoCatAuth continued discussion In-Reply-To: <00a101c124e6$39918280$911e3589@ohsu.edu> Message-ID: On Tue, 14 Aug 2001, Michael Codanti wrote: > Great! Now I haven't had a chance to try it yet, but should NoCatAuth work > if the NoCatAuth box is a NAT box as well as running the NoCatAuth service? The Gateway box is by definition a NAT box. The Auth Service can do whatever it wants, as long as it's addressable. Let's keep this simple: In order for the system to work, two connections need to be made. First, a user must be able to make an SSL connection to the Auth Service, through the Gateway. Second, the Auth Service must be able to connect back to the Gateway over a TCP port (5280 by default.) You could run the entire system (Gateway + Auth Service) behind another NAT if you like... That would require your Auth Service to either be in sync with the main database through some other channel, or just run your own database. Picture this: ________ _________ __________ | | | | | | | Client | 10.0.1.x | Gateway | 192.168.1.x | AuthServ | | | | | | | | -------- --------- | ---------- | ________ | | | Router | | (NAT) | -------- | | 208.201.239.x | ________ ( ) ( Net ) ( ) -------- Here, clients would be double-nat'd (which isn't a problem, with good nat implementations) and the Gateway would consult an AuthService on the same subnet. Hence, no need to change forwarding rules on the Router (which you might not have access to anyway.) This will only work if you're using a private database, or are sync'd to the master Auth Service db. As long as these connections can be made (client->SSL on AuthServ via the Gateway, and AuthServ->Gateway:5280) everything should work fine. I hope that answers your question! =) --Rob From rob at oreillynet.com Tue Aug 14 19:42:01 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Tue, 14 Aug 2001 11:42:01 -0700 (PDT) Subject: A Million Points of Light (was: NocatAuth v.40 problem) In-Reply-To: <3B78BF49.3D4FF410@oreilly.com> Message-ID: On Mon, 13 Aug 2001, Schuyler Erle wrote: > We set up a many-to-many relationship in the database between users and > co-ops, so as many co-ops can certify you as care to. ... > Then, when you authenticate to the auth service, it reports (for > example): > > Class SeattleWireless PersonalTelco This is very cool. Let's do it. --Rob From rich at testingrange.com Tue Aug 14 20:16:51 2001 From: rich at testingrange.com (Rich Gibson) Date: Tue, 14 Aug 2001 13:16:51 -0600 (MDT) Subject: [NoCatNet] Re: A Million Points of Light (was: NocatAuth v.40 problem) In-Reply-To: Message-ID: I agree! Rich Gibson Rich@testingrange.com http://www.testingrange.com On Tue, 14 Aug 2001, Rob Flickenger wrote: > > On Mon, 13 Aug 2001, Schuyler Erle wrote: > > > We set up a many-to-many relationship in the database between users and > > co-ops, so as many co-ops can certify you as care to. > > ... > > > Then, when you authenticate to the auth service, it reports (for > > example): > > > > Class SeattleWireless PersonalTelco > > This is very cool. Let's do it. > > --Rob > > > From jeffnye20 at yahoo.com Tue Aug 14 20:10:11 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Tue, 14 Aug 2001 12:10:11 -0700 (PDT) Subject: [NoCatNet] NoCatAuth continued discussion In-Reply-To: Message-ID: <20010814191011.66634.qmail@web14008.mail.yahoo.com> I don't know how I missed this on your website before. Could someone give me a quick once over with what this product is supose to do? Also I never did hear anything back on getting the WRP up and running! I tried switching around IRQ's but still cannot get the WRP working with the PCMCIA adapter. (PCI, THE CHIPSET ELUDES MY MEMORY!) Just by way of refresher the error was a Tx timeout error or something like that! Please advise and let me know what this NoCatAuth is! Jeff __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From terry at nycwireless.net Tue Aug 14 20:47:24 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Tue, 14 Aug 2001 15:47:24 -0400 Subject: [NoCatNet] NoCatAuth continued discussion References: <20010814191011.66634.qmail@web14008.mail.yahoo.com> Message-ID: <005801c124f9$f0e60e70$c47a5c42@ELFNY05> > Please advise and let me know what this NoCatAuth is! Read the Website, Archives, and white paper: http://nocat.net/nocatrfc.txt Basically the NoCathAuth is a Captive portal with a secure design against rogue wireless gateways, rouge authentication servers (people have to look at certificates), and rouge wireless clients. Captive Portal Definition: http://www.personaltelco.net/index.cgi/CaptivePortalDefinition http://www.personaltelco.net/index.cgi/CaptivePortal Basically it works like this. Someone associates with your wireless access point, dhcps for an address, loads a web browser, gets redirected to the Authentication server, logs in, and the firewall rules get updated on the gateway. From jeffnye20 at yahoo.com Tue Aug 14 22:37:01 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Tue, 14 Aug 2001 14:37:01 -0700 (PDT) Subject: [NoCatNet] NoCatAuth continued discussion In-Reply-To: <005801c124f9$f0e60e70$c47a5c42@ELFNY05> Message-ID: <20010814213701.33435.qmail@web14003.mail.yahoo.com> Terry, Thank you I found that very helpfull! Sounds like what I was working on with win2k. I had a cerificate authority already built I was just having problems rolling it to Linux machines. I was also toying with the idea of using a kerberos solution...but I will try yours. Again Thank you! PS please help if you can with our WRP problems. The card has a TX timeout when you try and ping. We have already tried changing IRQ's to no avail. We are using older pentium 133 with a PCI to PCMCIA ADAPTER. Thanks again. Jeff --- Terry Schmidt wrote: > > Please advise and let me know what this NoCatAuth > is! > > Read the Website, Archives, and white paper: > http://nocat.net/nocatrfc.txt > > Basically the NoCathAuth is a Captive portal with a > secure design against rogue > wireless gateways, rouge authentication servers > (people have to look at > certificates), and rouge wireless clients. > Captive Portal Definition: > http://www.personaltelco.net/index.cgi/CaptivePortalDefinition > http://www.personaltelco.net/index.cgi/CaptivePortal > > Basically it works like this. Someone associates > with your wireless access > point, dhcps for an address, loads a web browser, > gets redirected to the > Authentication server, logs in, and the firewall > rules get updated on the > gateway. > __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From terry at nycwireless.net Tue Aug 14 23:51:44 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Tue, 14 Aug 2001 18:51:44 -0400 Subject: NoCatAuth NAT port forwarding error message Message-ID: <001701c12513$b2df0090$0c01000a@elfnyh4> Something for the NoCatAuth documentation FAQ: Q: I get an error message on the client saying "Authentication error: Bad file descriptor " after typing in my login name and password on the NoCat auth server. What does this mean and what are some possible solutions. A: You may be running the NoCatAuth Gateway behind a NAT device. You will need to port forward port 5280 to the NoCatAuth gateway. The command in Linux is "ipmasqadm portfw -a -P tcp -L $internet_ip 5280 -R $nocatauth_ip 5280". Question to the group: Is this mailing list the appropriate place for a technical discussion of the NoCatAuth program, or should this be taken off-list or to a NoCatAuth list? --Terry From mattgould4 at yahoo.ca Wed Aug 15 00:32:37 2001 From: mattgould4 at yahoo.ca (Matt Gould) Date: Tue, 14 Aug 2001 20:32:37 -0300 Subject: [NoCatNet] Regarding http://nocat.net/nocatrfc.txt Message-ID: <918A63AA3909D311A8E70060B06A5405321DD5@NAVITRAKSRV01> Hi guys, a couple more questions. I'm wondering if anything like the NoCat Gateway and Auth packages is available for other platforms? I'm trying to get a free community wireless project going in Halifax, but am leaving for the UK in a couple weeks, so I wanted to try to plant the seeds before I go. There are some very good reasons to continue it from the other side of the pond, though: 1) downtown Halifax is quite densely populated, with a perfect concentration of regular wood frame housing (for some reason not much brick in Eastern Canada) and larger apartment buildings, such that larger (5-20) story apartments are perfect for antennas, but not to dense to block signal propagation 2) excellent DSL available here - $40/m for 3 Mbit down, 1 Mbit up ADSL, with very decent footprint in the metro area. 3) large student population (three universities in downtown Halifax, including Saint Mary's, Dalhousie, Mount Saint Vincent, Daltech, etc.) 4) Fibretek, local cabling company and Lucent reseller has agree to spot me equipment for the project (APs and loaner PCMCIA and USB clients) if enough interest is expressed. They're probably ok with scaling it to many AP site, as well. In return, I told them I'd list them as a preferred reseller on the website, and they'll give me a pool of equipment that I can sell directly to interested people (immediate fulfillment) with payment handled through them. This works out quite well, especially with Lucent aiming for extremely competitive pricing 5) finally, I've got two roommates who are enthusiastic about continuing the project, with my support, while I'm overseas. Anyway, enough rambling. I'm writing you guys for some advice, because I'd like to be able to get the project going without requiring a high level of technical ability (specifically, Linux configuration) or capital outlay. What I have in mind is for people with DSL service to be able to add a second NIC to a windows box, connect an Orinoco AP-1000 (if provided by Fibretek) or Linksys WAP11, and an omni or directional antenna (easily shipped within Canada from www.superpass.com). Ideally, they'd be able to install specially modified connection sharing software on a Windows platform that will function similarly to the NoCat project. What I have in mind for the minimal and optimal functionality is: Minimum: All APs that are part of the project use the same SSID (probably hfxwireless.net, for people war driving and such) and by default allow full open access, IP addresses assigned by a DHCP server in the connection sharing software. MAC addresses that have been assigned IPs are logged in a simple text file. This can be easily done with Microsoft connection sharing, Sygate, etc. A little more: AP gateways perform more elaborate logging (volume recording, etc.) and deposit the data in a central location (could even be a text file that gets appended to by FTP), central MAC blacklist file that all gateways can use to block access (file updated when any gateway operator reports abuse) Optimal: mirror NoCat Gateway/Auth functionality - but again, with multiple platform support for gateways. I'm thinking along these lines, because it would make it a lot easier to establish gateways, without requiring the operators to install Linux (right away) or have a dedicated gateway box. I think this would accelerate the project, for all the reasons I mentioned above (particularly the demographics of Halifax), and because I suspect that a wide range of people would be very enthusiastic about the project if I can get the word out, but won't stick unless they can contribute with a very low capital outlay (CAN$300 AP cost, $100 for accessories including an antenna), and minor technical requirements (hacked Sygate install or something like that). As far as I can tell, there is almost no 802.11b activity in Halifax, despite its size (over 300,000). I've been encouraging the director of University Computing and Communications at Dal (~10,000 students) for over a year now to experiment with establishing a campus wireless network (Dal campus is geographically distributed in three campuses, all in or around downtown Halifax - http://www.mapquest.com/cgi-bin/ia_find?link=btwn/twn-map_results&zoom_in=1& uid=u5req3qmi1u0c7pd:zg0zba5rb&aphoto=0&SNVData=3mad3-0.fy%28wr0qf1_%29yb0u6 7%3bpq%7cs9z,p7%3b8aq.hqu%3b%28_V%17%13JM%17O_W%15%28_R%17%285qyrwh%3a_0ly72 u%3aa%3bwh%7c2%24hgv%28l3iedgv%245l1t%3b8&pcat=), and he's shut me down continuously (but I'm thinking that once I get a community wireless project off the ground here, perhaps he'd be willing to put an Auth box on the campus network that would provide backbone connectivity [Dal is right on the CA*Net - www.canarie.ca - backbone] and secure tunneling to all the Gateways, because I wouldn't be surprised if MTT [DSL provider] freaks out when the project starts to take off and writes up something up in their AUP about bandwidth sharing. I agree that it's unlikely, but having worked there for a year and seen some of the genius maneuvers they've made, I wouldn't be surprised. This Auth box for backbone bandwidth might just work, as I think the UCIS director hates the phone company even more than he hates uppity students bugging him about campus wireless LANs!) The telco here, MTT, is completely devoid of any technology-inspired people. They recently merged with the other three Atlantic Canada telcos, and are majority owned by the biggest in Canada, Bell Canada (BCE). Any talented people in the organization have been fleeing in a steady stream for the last year that I was there as a result of an executive with total lack of vision or leadership. So, they're not to be counted on for deploying anything at all evolutionary. I worked in the digital TV group (TV over DSL), and got absolutely nowhere with my efforts to implement home networking (wireless and HomePNA) into the product offering. (By way, Ross, I was able to get a Cisco Aironet 350 kit working fabulously with multicast MPEG-2 at about 4 mbit/s off the ADSL network, and view it on the STB provided with the service [wired] as well as multiple laptops [wireless] with a multicast MPEG decoder, and no jitter!) Anyway, I'd appreciate your advice, as taken collectively you guys represent, in my opinion, a substantial segment of the innovators in free community wireless networking (although I'm sure I've missed lots of people). I'm most curious to know if something is available for Windows that will perform connection sharing, out of the box, with a wireless network, but able to be modified so that essential features can be added (to mirror the NoCat functionality). I think this would remove a large barrier that community wireless faces for interested observers who get excited and want to contribute, but can't manage the more elegant technological solution. If I can use something like this (me being non-technical as far as Linux goes) to spread community wireless connectivity here - as I am, as far as I can tell, the most enthusiastic person I've found in Halifax (about community wireless networks) - I'd be thrilled. Feel free to send this off to your mailing lists, if you think readers might be able to contribute. thanks, Matt Matt Gould wrote: > > ... someone who is packet sniffing on a gateway would be > able to "steal" that IP and use it when the authenticated user leaves, for > as long as the "long" Auth timeout is.. Does this make sense? Yes, this is a known potential issue, which is why we recommend setting the hard gateway timeout to something like 10 mins or less. As soon as the gateway times out the connection, there should be no way a bad guy can renew it. As for MAC-hashed DHCP assignments, that was something proposed for a mobile IP solution that we've kind of felt isn't quite worth the effort needed to really make it work. Right now, if you want to roam between NoCat nodes, you'll have to get a new lease and log back in. Realistically speaking, how often do people think this will be a considerable inconvenience? > - what do you do for devices that don't have a web browser, such as the > Symbol 802.11b IP phones? I assume that in this case, the central Auth > server can be set to always allow traffic from that MAC address? Yes, but if that MAC address is discovered (and it is public information), it can be used by a would-be bad guy. At present, I don't know of any wireless cards with alterable MAC addresses, but if they don't exist already, it's only a matter of time. If there are any other ways of accomplishing authentication securely in the absence of HTTPS and/or SSL, I'd be interested to hear about it. > - what do you do if the person running a gateway has a DSL connection that > uses a NAT configuration whereby a 10.x.x.x address is assigned via DHCP to > the client, but tied to a real IP at the headend? My DSL provider (ILEC in > Eastern Canada) does this. Is the software on the gateway device able to > assign a 10.x.x.x IP to the 802.11b card but also have a 10.x.x.x address > from the wired LAN card (possibly even the same address) and not confuse the > two? Well, you'd use a different private address on the inside, like 172.16.x.x. However, this is a problem for NoCatAuth, in that the Auth Service needs to be able to connect back to your gateway process. Ordinarily, this would be accomplished by enabling port forwarding on the public side of your firewall, but in this case the telco owns the public side of your firewall. There are only two solutions we've found to this problem. Either (a) the gateway ALSO connects out over HTTPS to the Auth Service to discover the outcome of the client's authentication (so-called "connect-forward", to distinguish from the auth service's "connect back" to the gateway), which would mean we'd need to deploy SSL etc. to the gateways also; or (b) you tunnel all traffic to/from the gateway to a live IP somewhere else on the 'Net. We used vtun for (b) while hacking in the hotel at OSCon, and although it required a kernel patch and was bandwidth intensive, it did work. Our vtun configuration and initialization scripts are included with the NoCatAuth distribution as one example of how this can be accomplished. Realistically speaking, more and more of the Internet is being NAT'ed, and (a) is probably the more reasonable solution. It would make the existing authentication scheme more complicated (and more failure prone), but it could be made to work. We elected not to do it only because we feel the scheme described in the white paper would be easier to implement. As such, "connect-forward" gateway notification will probably be implemented at some point, and in the meantime, patches are most certainly welcome. > - just one more - do most 802.11b card drivers support default networking > "scanning" so that the card will pick up any AP, any channel, any SSID > without having to have it specified? AFAIK, if you set your card's ESSID to "ANY", you should be able to associate to any bona-fide AP with WEP turned off (which is what we recommend). SDE Matt Gould Navitrak International Corporation 1660 Hollis Street, Suite 904 Halifax NS B3J1V7 mgould@navitrak.ca (902) 429-1438 From rob at oreillynet.com Wed Aug 15 00:44:52 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Tue, 14 Aug 2001 16:44:52 -0700 (PDT) Subject: [NoCatNet] NoCatAuth NAT port forwarding error message In-Reply-To: <001701c12513$b2df0090$0c01000a@elfnyh4> Message-ID: On Tue, 14 Aug 2001, Terry Schmidt wrote: > Question to the group: Is this mailing list the appropriate place for a > technical discussion of the NoCatAuth program, or should this be taken > off-list or to a NoCatAuth list? I've been thinking of setting up an Auth development list... If the traffic bugs enough people, I may get around to doing that. But I haven't heard any complaints yet, and I'm already subscribed to five or six wireless related lists already... =) If anyone would rather see this discussion in another list, let me know directly. Otherwise, this is fine with me. --Rob From schuyler at oreilly.com Wed Aug 15 01:02:44 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Tue, 14 Aug 2001 17:02:44 -0700 Subject: [NoCatNet] Regarding http://nocat.net/nocatrfc.txt References: <918A63AA3909D311A8E70060B06A5405321DD5@NAVITRAKSRV01> Message-ID: <3B79BC24.AAFF237D@oreilly.com> Matt Gould wrote: > > I'm wondering if anything like the NoCat Gateway and Auth packages is > available for other platforms? Well, I don't really use Windows. If someone wants to port NoCat Auth to Windows and send me patches, they'll enjoy my undying gratitude. The same goes for FreeBSD (et al.), except that, given what I know about Windows and the BSDs, I think a BSD port is going to come along a lot sooner... In fact, ISTR Matt Peterson volunteering to help with that... Matt? ;-) > ... I think this would remove a large barrier that > community wireless faces for interested observers who get excited and want > to contribute, but can't manage the more elegant technological solution. Ultimately, I think we intend to ship a bootable CD-ROM based on either Slackware or WRP that includes all of the drivers, with the NoCat Auth gateway installed, and a sensible default configuration (which could be overridden by editing the ISO or by adding a floppy to the mix). I don't think that we can make it any simpler than this, but would burning a CD and then just popping it in the drive of the machine you want to use as your gateway suffice for your purposes? SDE From rob at oreillynet.com Wed Aug 15 01:06:49 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Tue, 14 Aug 2001 17:06:49 -0700 (PDT) Subject: Canada Unplugged (was: Regarding nocatrfc.txt) In-Reply-To: <918A63AA3909D311A8E70060B06A5405321DD5@NAVITRAKSRV01> Message-ID: On Tue, 14 Aug 2001, Matt Gould wrote: > I'm wondering if anything like the NoCat Gateway and Auth packages is > available for other platforms? Currently, we're working on getting a BSD port going. If you know any windows programmers, please forward them to our site (I don't know of anybody capable enough to pull it off in Win*.) You make some good points about the dedicated box being a barrier to widespread use. To that end, we're working on the following: * Tiny Linux distro (built on WRP) that will fit in 32Mb, and boot either an ATA Flash, Compact Flash, or CDRom. You write the image to your media, change a text file for configuration, boot it in a machine with two NICs (no hard drive needed!) and that's it. * Cheap host hardware solutions: the Fujitsu Stylistic 1000, for example, is a fully capable 486DX4/100 that runs the Gateway software quite well, and costs less than $100. We're also working with a local board designer to come up with a single board PC that is built to our specifications, that should be available for about $250. * Software AP mode: eliminate the need for a hardware AP, and use a cheap client PCMCIA card instead. We've got the Linksys WPC-11 running in a Stylistic, serving a Software AP + the Gateway. Total cost for the node, complete with 11.5db sector: $250. I agree, a Windows port would be ideal to get masses of people started quickly. But Linux is fast, free, stable, the software is already largely developed, and is about to become as easy to use as sticking a CDRom in a drive and booting it... And it just so happens that that's what we know how to program. It sounds like Halifax is ripe for getting a community project going. Call a meeting, start a mailing list, and see if you can get interested people together. Probably the best way to get some attention is to GET SOME NODES UP. We can help with the tech, but you'll have to get people in your area excited about it if your project is gonna get anywhere... Good luck! --Rob From schuyler at oreilly.com Wed Aug 15 02:48:02 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Tue, 14 Aug 2001 18:48:02 -0700 Subject: [NoCatNet] NoCat Auth .40 gateway report References: <005001c12442$b946c930$170a0a0a@elfnyh1> <3B789335.9D396E12@oreilly.com> <007101c124de$23ea6cb0$170a0a0a@elfnyh1> Message-ID: <3B79D4D2.86B73189@oreilly.com> Terry Schmidt wrote: > > > > Windows 2000 SP1 IE 5.00.3315.1000 SP2 128bit > > > Functions ok. > > > Logout button is broken. "Page cannot be displayed" > > When you click the logout button nothing happens. Eventually you get the > standard IE error message that "Page cannot be displayed" because it has > timed out. After you click the logout button, you can still get through the > gateway. I don't know if it is supposed to disallow your internet > pass-through access after you have selected log-out, or if it waits for the > timeout.??? After discussing it with Rob, I think the problems you were having with the "Logout" button relate to the NAT'ing firewall you were running the gateway behind. The auth service generates the Logout URL from the external IP of the gateway, which would have been on the public side of your firewall. When you clicked the logout button, your browser probably tried to connect to port 5280 on the external interface of your firewall, and, of course, without the ipmasqadm rules in place, your firewall didn't know what to do with the connection, so it just dropped it. Please, if you can, turn on the port forwarding on your external firewall (which ISTR you had success with) and try the "Logout" buttons again, and let us know if they work as advertised or not. Thanks so much for doing this testing for us. SDE From terry at nycwireless.net Wed Aug 15 06:07:16 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Wed, 15 Aug 2001 01:07:16 -0400 Subject: [NoCatNet] NoCat Auth .40 gateway report References: <005001c12442$b946c930$170a0a0a@elfnyh1> <3B789335.9D396E12@oreilly.com> <007101c124de$23ea6cb0$170a0a0a@elfnyh1> <3B79D4D2.86B73189@oreilly.com> Message-ID: <00a701c12548$287b3240$170a0a0a@elfnyh1> > Please, if you can, turn on the port forwarding on your external > firewall (which ISTR you had success with) and try the "Logout" buttons > again, and let us know if they work as advertised or not. Thanks so much > for doing this testing for us. I'm unclear what additional ports do you want me to forward to the NoCatAuth Gateway machine? SSL? HTTP? Please let me know and I will retest this. Ok, so I hooked up the NoCatAuth Gateway directly to the cable modem line (no NAT) here are the test results: Windows 2000 IE5. Functions Properly, including skip and logout button. Windows 2000 Netscape 4.76 Functions Properly, including skip and logout button. Mac OS 9.1 IE 5 Same problem as before (NetCat Login Renewal Agent box is blank/empty, but allows you out to the internet), so I couldn't test the logout button. IE 5 still does not display the graphics. The sources for the graphics are /forms/auth_logo.gif, /forms/login.gif, /forms/skip.gif, at the url of aut.nocat.net/cgi-bin/login?....... Mac OS 9.1 Netscape 4.75 - functions properly. Skip button works now and it didn't before. Mac OS X IE 5 Preview Release 2 still crashes after clicking on login. Also doesn't display graphics. Mac OS X running in Classic Mode IE 5 locks after clicking login with error message "Security failure. Data decryption error." Mac OS X running in Classic Mode Netscape 4.75 - functions properly, including skip and logout button --Terry From terry at nycwireless.net Wed Aug 15 06:13:41 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Wed, 15 Aug 2001 01:13:41 -0400 Subject: [NoCatNet] NoCat Auth .40 gateway report References: <005001c12442$b946c930$170a0a0a@elfnyh1> <3B789335.9D396E12@oreilly.com> <007101c124de$23ea6cb0$170a0a0a@elfnyh1> <3B79D4D2.86B73189@oreilly.com> <00a701c12548$287b3240$170a0a0a@elfnyh1> Message-ID: <00b701c12549$0c6747a0$170a0a0a@elfnyh1> One additional comment about my testing. In Mac OS X, you can run programs in their native mode (OS X programs) or in Classic mode (OS 9.1 programs). Basically what OS X does, is load a complete OS 9.1 os to run the older applications (kinda like the vmware under linux). Any time you see me referring to "Classic Mode", the computer has loaded OS X, but is running an OS 9.1 application by loading a virtual machine with OS 9.1 running under OS X. I'm not a Mac expert, I just have one lying around after using it for testing for a client, and because I wanted to see OS X running. --Terry From jeffnye20 at yahoo.com Wed Aug 15 15:22:12 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Wed, 15 Aug 2001 07:22:12 -0700 (PDT) Subject: [NoCatNet] Canada Unplugged (was: Regarding nocatrfc.txt) In-Reply-To: Message-ID: <20010815142212.15064.qmail@web14002.mail.yahoo.com> > You make some good points about the dedicated box > being a barrier to > widespread use. To that end, we're working on the > following: > > * Tiny Linux distro (built on WRP) that will fit in > 32Mb, and boot either > an ATA Flash, Compact Flash, or CDRom. You write > the image to your > media, change a text file for configuration, boot > it in a machine with > two NICs (no hard drive needed!) and that's it. > Let me know when this is a stable and workable solution with a few more supported cards. Other then that the WRP is the concept I would suggest for the masses. > * Cheap host hardware solutions: the Fujitsu > Stylistic 1000, for example, > is a fully capable 486DX4/100 that runs the > Gateway software quite well, > and costs less than $100. We're also working with > a local board designer > to come up with a single board PC that is built to > our specifications, > that should be available for about $250. Keep me in the loop on this I have some boys local who might be able to help with this. > > * Software AP mode: eliminate the need for a > hardware AP, and use a cheap > client PCMCIA card instead. We've got the Linksys > WPC-11 running in a > Stylistic, serving a Software AP + the Gateway. > Total cost for the node, > complete with 11.5db sector: $250. Can I get your specifications and setup readme? As well as were you got the sector. > > I agree, a Windows port would be ideal to get masses > of people started > quickly. But Linux is fast, free, stable, the > software is already largely > developed, and is about to become as easy to use as > sticking a CDRom in a > drive and booting it... And it just so happens that > that's what we know > how to program. This is the key to getting the masses on. Linux and BSD are better routers then windows because they have little to no overhead. If you really want a windows based solution you can just use your ICS and share your ethernet to you DSL but good luck providing authentication unless you move to win2k. Unless you get free copies from microsoft like myself then you will be spending a lot for each gateway. But I can tell you it works I am doing it right now. At least until these guy can perfect the WRP to were I can use it. I would much rather have a surplus pentium 133 as my router rather then my pentium 1 gig. JEff __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From rob at oreillynet.com Wed Aug 15 20:01:24 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 15 Aug 2001 12:01:24 -0700 (PDT) Subject: NoCatAuth v0.42 out. Message-ID: A new minor release of the Auth system is out. From the README: -=-=-=-=-=-=- 08/15/2001 (v0.42) Largely a maintenance release, with a new firewall feature: IncludePorts and ExcludePorts (see INSTALL and sample nocat.conf for details). Also Fixed the DNSAddr specification bug, added some port forwarding examples in etc/, an init script, and more documentation. Yes, we're still Beta, but getting better all the time! -=-=-=-=-=-=- Thanks to Terry for pointing out the DNSAddr bug (and the continuing extensive testing!) Schuyler is going to be offline for a couple of days, so major changes (i.e. soft ping timeouts and Open Gateway mode) will have to wait until the next release, hopefully in a week or two. Enjoy! --Rob From rob at oreillynet.com Wed Aug 15 23:19:50 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 15 Aug 2001 15:19:50 -0700 (PDT) Subject: Howto updated (fwd) Message-ID: We've been included on Jean Tourrilhes' page for the Auth stuff. Check out his links; he has some great resources up at hp. He's got a whole new section on VPN solutions... --Rob ---------- Forwarded message ---------- Date: Wed, 15 Aug 2001 14:58:48 -0700 From: Jean Tourrilhes Reply-To: jt@hpl.hp.com To: rob@nocat.net Subject: Howto updated Hi, I've done another update of the Howto. I've added a few stuff there and there, and most importantly I've added NoCat in my new "security" section : http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html#security I let you find the other changes... Another note : on your page, you have a link to the Wavelan driver release notes. I think this link is wrong and what you really want is the Wavelan-IEEE driver release notes available at : http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wavelan-IEEE.html Have fun... Jean From matt at peterson.org Thu Aug 16 08:04:56 2001 From: matt at peterson.org (Matt Peterson) Date: Thu, 16 Aug 2001 00:04:56 -0700 (PDT) Subject: [NoCatNet] Regarding http://nocat.net/nocatrfc.txt In-Reply-To: <3B79BC24.AAFF237D@oreilly.com> Message-ID: On Tue, 14 Aug 2001, Schuyler Erle wrote: > Matt Gould wrote: > > > > I'm wondering if anything like the NoCat Gateway and Auth packages is > > available for other platforms? > > Well, I don't really use Windows. If someone wants to port NoCat Auth to > Windows and send me patches, they'll enjoy my undying gratitude. The > same goes for FreeBSD (et al.), except that, given what I know about > Windows and the BSDs, I think a BSD port is going to come along a lot > sooner... In fact, ISTR Matt Peterson volunteering to help with that... > Matt? ;-) ;) I've been following the mailing list threads and tarball builds, however I'm short on time to work on porting these beast over until after Burning Man. > > ... I think this would remove a large barrier that > > community wireless faces for interested observers who get excited and want > > to contribute, but can't manage the more elegant technological solution. > > Ultimately, I think we intend to ship a bootable CD-ROM based on either > Slackware or WRP that includes all of the drivers, with the NoCat Auth > gateway installed, and a sensible default configuration (which could be > overridden by editing the ISO or by adding a floppy to the mix). I don't > think that we can make it any simpler than this, but would burning a CD > and then just popping it in the drive of the machine you want to use as > your gateway suffice for your purposes? Ya, I like the idea of a custom CD image based upon some web page form fields. -- Matt Peterson another.geek.without.a.life matt@peterson.org http://matt.peterson.org/ ------------------------------------------------- From terry at nycwireless.net Thu Aug 16 17:52:53 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Thu, 16 Aug 2001 12:52:53 -0400 Subject: [BAWUUG-CaptivePortal] NoCatAuth References: Message-ID: <02b301c12673$e58a5fb0$170a0a0a@elfnyh1> I'm using nocat's user database, and will be continuing to do so. Here is the grand plan though. (Comments and questions are welcome) To install a fault tolerant replicating mysql nocat auth server in NYC. The NoCatAuth will be designed to allow a list of other auth servers. If one times out it will just move to the next one. The database will replicate via SSH encrypted tunneled mysql. There will be database fields to specify which community wireless networking group you are a part of (i.e. NYCwireless, NoCat, PersonalTelco, SeattleWireless, etc.) Each group will dictate their own requirements for becoming co-op members. This shouldn't be much of a problem because for the most part each group knows the other groups. If not, then read below. Each node operator / group will be able to decide what groups they are going to reciprocate the co-op member benefits of other groups. If there is no reciprocation between you group and the node you are currently on, you will have to use the public level of access. This allows you to say, "Hey that group in Yadda Land is letting just anyone join their co-op group without actually contributing anything. You can be a member just by signing up on the web page with no requirements. I don't want there members getting co-op status on my network." When I say NoCatAuth gateways, I don't necessarily mean gateways that are running on the NoCat network. NoCatAuth gateways can run in on the NYCwireless network, or any other networks. The default setting for NoCatAuth gateways is to reciprocate to ANY groups (meaning all available groups). Basically I want to be fully support of both the Open/Active Portal (no authentication required), and Captive Portal (authentication provided), because some people in NYCwireless are going to want to do it one way, and some people are going to want to do it another way. The NoCatAuth will also support the Open Portal mode. It should be the one stop gateway/auth server solution for all the groups, and it is looking like it will accomplish that. I hope this clears things up. Schuyler came up this this detailed concept, and Rob and I fully support and agree with it. [Rob if I'm wrong let me know]. Adam, what do you think? --Terry ----- Original Message ----- From: "Adam Shand" Cc: Sent: Thursday, August 16, 2001 12:36 PM Subject: Re: [BAWUUG-CaptivePortal] NoCatAuth > > I know this list hasn't gotten traffic in a while, but I just wanted > > to update everyone. > > just cause i haven't had time to dig into it yet ... do you have your own > mysql database setup or are you authenticating against nocat's user > database? From larry at spack.org Thu Aug 16 19:26:31 2001 From: larry at spack.org (Adam Shand) Date: Thu, 16 Aug 2001 11:26:31 -0700 (PDT) Subject: [BAWUUG-CaptivePortal] NoCatAuth In-Reply-To: <02b301c12673$e58a5fb0$170a0a0a@elfnyh1> Message-ID: > There will be database fields to specify which community wireless > networking group you are a part of (i.e. NYCwireless, NoCat, > PersonalTelco, SeattleWireless, etc.) long range thoughts here ... if we're going to do this, is it worth making this centralized database the master list of community nodes as well? if i can ever track down casey (sigh ...) we could make the flash map stuff use that as the sql backend. not sure if this is a good idea or not... just a thought. > The default setting for NoCatAuth gateways is to reciprocate to ANY > groups (meaning all available groups). i think that's a good default. it might be worthwhile to eventually support different levels of global access to differentiate between levels of registered users. for example "user joe" might have just registered and be a hacker ... however terry is well known and people would probably we willing to trust him anywhere. some form of informal karma system or something would work fairly well. the only other issue i have is geographic specific privledge levels ... or i guess node level permissions. for example i want to give my neighbor 256k access to my dsl line cause he helps me pay the monthly fees ... but anywhere he isn't special and should be treated as normal. > I hope this clears things up. Schuyler came up this this detailed > concept, and Rob and I fully support and agree with it. [Rob if I'm > wrong let me know]. Adam, what do you think? sounds good to me. i'm still not thrilled with mysql (ldap has secure replication built in!) but i won't quibble ... i'll learn sql :) anyway ... thanks guys, you're really helping make "this happen". adam. From michael at civis.com Thu Aug 16 19:37:32 2001 From: michael at civis.com (Michael Codanti) Date: Thu, 16 Aug 2001 11:37:32 -0700 Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth References: Message-ID: <011201c12682$831ffc40$911e3589@ohsu.edu> > the only other issue i have is geographic specific privledge levels ... or > i guess node level permissions. for example i want to give my neighbor > 256k access to my dsl line cause he helps me pay the monthly fees ... but > anywhere he isn't special and should be treated as normal. There are currently three levels of service: 1) Node owners 2) Trusted Co-Op 3) Open Public You can specify bandwidth for each level, and it looks like they are adding port restrictions that will end up for each level So I think NoCatAuth will work great for everything we need. We just have to get it up and running and start trying to break it, and expand it's capability Michael From terry at nycwireless.net Thu Aug 16 19:47:20 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Thu, 16 Aug 2001 14:47:20 -0400 Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth References: Message-ID: <043b01c12683$e2a8d050$170a0a0a@elfnyh1> Notice - I'm going to stop cross posting to the captiveportal@lists.bawug.org because it is basically a dead list. If you are interested in captive portal discussion, join the Nocat mailing list. http://nocat.net > long range thoughts here ... if we're going to do this, is it worth making > this centralized database the master list of community nodes as well? if > i can ever track down casey (sigh ...) we could make the flash map stuff > use that as the sql backend. This is definitly a good idea, and once you have the sql server up, it is very simple thing to add an additional database. The complex part is the front end. Speak up soon, because I am betting that the NYC fault tolerant auth service will be going online within the next month or two. Having the specs and requirements of the list of community nodes database will ensure not having to redo work. Though this can always be added at a later time. > i think that's a good default. it might be worthwhile to eventually > support different levels of global access to differentiate between levels > of registered users. for example "user joe" might have just registered > and be a hacker ... however terry is well known and people would probably > we willing to trust him anywhere. some form of informal karma system or > something would work fairly well. Basically the way that NoCat has the sytem work, is you only become a co-op member if you contribute something to the group. Right now Rob says that can be just about anything for the nocat group, such as putting up a node, writing documentation, coordinating a group buy, donating something. This co-op membership is not about "user joe" coming to the PersonalTelco meeting, saying "hi", and thus getting a co-op member account. It is about encouraging people to contribute to the co-op. If "user joe" wants to use an access point, and he is not a co-op member because he hasn't contributed anything, then he can just logon as the general public (with the skip login button). He will get whatever access the node owner has decided the public should get. Maybe that is port 80 only at 5kbytes/sec or maybe that is full access at full speed. It is the node owner's decision. Basically as far as I know it there are three classes of members. (Rob and crew correct me if I'm wrong). General public, co-op members, and node owners. So in summary the informal karma system is contributing to the group, thus that is why it is a co-op. If your not a co-op member you have to take whatever access the node owner decides you will get. Also if I'm well know everywhere, then I can probably get a co-op account with SeattleWireless, Nocat, etc. > the only other issue i have is geographic specific privledge levels ... or > i guess node level permissions. for example i want to give my neighbor > 256k access to my dsl line cause he helps me pay the monthly fees ... but > anywhere he isn't special and should be treated as normal. This gets complex. If your neighbor is paying for part of the DSL for a co-op node, then shouldn't he also get co-op member status so he can use other nodes. > sounds good to me. i'm still not thrilled with mysql (ldap has > secure replication built in!) but i won't quibble ... i'll learn sql :) Step up to the plate, and we can make this thing a LDAP install instead. It will require people doing work on the NoCatAuth package in conjunction with LDAP. There is no requirement in the NoCatAuth software now that you have to be using mysql. NoCatAuth is very flexible as to the database backend. I myself have experience with mysql, and not LDAP, so that makes it easy to setup a mysql database fault tolerant server in nyc. If no one else steps up, Rob and I will probably continue to use mysql because that is what we are comfortable with. --Terry From larry at spack.org Thu Aug 16 20:05:53 2001 From: larry at spack.org (Adam Shand) Date: Thu, 16 Aug 2001 12:05:53 -0700 (PDT) Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth In-Reply-To: <043b01c12683$e2a8d050$170a0a0a@elfnyh1> Message-ID: okay. i've sub'd ot the nocat list :-) > This is definitly a good idea, and once you have the sql server up, it > is very simple thing to add an additional database. The complex part > is the front end. rather then create a new table i was thinking that it could be incorporated into the existing database. based on what michael said there is already node level information so why not include geography type info there. and sadly i think we have to assume that casey's mapping software is dead. i've been sending him an email every couple weeks since the summit and haven't heard a thing really ... > (Rob and crew correct me if I'm wrong). General public, co-op > members, and node owners. so when you click "signup" on the nocat homepage your get an account. is that a general account or a co-op account? > Also if I'm well know everywhere, then I can probably get a co-op > account with SeattleWireless, Nocat, etc. it would be cool if co-op members were honoured by default. > This gets complex. If your neighbor is paying for part of the DSL for > a co-op node, then shouldn't he also get co-op member status so he can > use other nodes. probably but can i customize their bandwidth restrictions so they get more then they normally would only at my node? > Step up to the plate, and we can make this thing a LDAP install > instead. It will require people doing work on the NoCatAuth package > in conjunction with LDAP. There is no requirement in the NoCatAuth > software now that you have to be using mysql. NoCatAuth is very > flexible as to the database backend. I myself have experience with > mysql, and not LDAP, so that makes it easy to setup a mysql database > fault tolerant server in nyc. If no one else steps up, Rob and I will > probably continue to use mysql because that is what we are comfortable > with. i will happily setup the ldap schema etc if people are intersted in this as an alternative. if i'm doing it for my own excitement i'd rather just learn mysql. :-) if people think ldap is a good/better idea then i'll happily work with people to make taht work. adam. From terry at nycwireless.net Thu Aug 16 20:21:01 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Thu, 16 Aug 2001 15:21:01 -0400 Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth References: Message-ID: <04a201c12688$96112bc0$170a0a0a@elfnyh1> > rather then create a new table i was thinking that it could be > incorporated into the existing database. based on what michael said there > is already node level information so why not include geography type info > there. The database is of co-op members, not locations. The only geographic information is what group you are a part of. These are two seperate tables, and probably databases, though they can relate to each other. > and sadly i think we have to assume that casey's mapping software is dead. > i've been sending him an email every couple weeks since the summit and > haven't heard a thing really ... Oh well, it was pretty. Offer him cash. > so when you click "signup" on the nocat homepage your get an account. is > that a general account or a co-op account? You get a public account. I just confirmed this because my test account that I created on the website shows up in the NoCatAuth logs as public. > > Also if I'm well know everywhere, then I can probably get a co-op > > account with SeattleWireless, Nocat, etc. > it would be cool if co-op members were honoured by default. They are. The default mode will be to honor all the other groups. As a node owner you have the option to specify what groups you want to reciprocate to, but by default it will be all. > i will happily setup the ldap schema etc if people are intersted in this > as an alternative. if i'm doing it for my own excitement i'd rather just > learn mysql. :-) if people think ldap is a good/better idea then i'll > happily work with people to make taht work. I know pretty much nothing about ldap, so I can't comment. I will use (& learn a little) of whatever the group consensus is. From terry at nycwireless.net Thu Aug 16 20:23:57 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Thu, 16 Aug 2001 15:23:57 -0400 Subject: NoCatAuth Feature Requests Message-ID: <04a301c12689$00666490$170a0a0a@elfnyh1> > > This gets complex. If your neighbor is paying for part of the DSL for > > a co-op node, then shouldn't he also get co-op member status so he can > > use other nodes. > probably but can i customize their bandwidth restrictions so they get more > then they normally would only at my node? One feature I would like to see in NoCatAuth is a configuration entry for MAC addresses that don't get prompted for a login. I know that this is a security hole. It will be disabled by default. It will have a big warning messages in the config file. The reason I want this is that I know people will want to be able to setup their access point, but not want their wife to have to sign in everytime she uses her laptop at the access point in her house. This feature should work for both the open and captive port. Also perhaps we should create a 4th class for people who press the skip button. Right now they are marked as "UNKNOWN" and given the class "public". Maybe making a class "unknown". --Terry From larry at spack.org Thu Aug 16 20:29:04 2001 From: larry at spack.org (Adam Shand) Date: Thu, 16 Aug 2001 12:29:04 -0700 (PDT) Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth In-Reply-To: <04a201c12688$96112bc0$170a0a0a@elfnyh1> Message-ID: > Oh well, it was pretty. Offer him cash. yeah, i tried that. :-( > You get a public account. I just confirmed this because my test > account that I created on the website shows up in the NoCatAuth logs > as public. okay so who "promotes" your account to a co-op member? > I know pretty much nothing about ldap, so I can't comment. I will use > (& learn a little) of whatever the group consensus is. lets stick with what works, if we find a limitation with mysql and think ldap is a solution i'll happily help make that work. i'm just bitching cause i hate sql. terry you might have to hold my hand through getting it working and secured. :) adam. From larry at spack.org Thu Aug 16 20:40:18 2001 From: larry at spack.org (Adam Shand) Date: Thu, 16 Aug 2001 12:40:18 -0700 (PDT) Subject: [NoCatNet] NoCatAuth Feature Requests In-Reply-To: <04a301c12689$00666490$170a0a0a@elfnyh1> Message-ID: > The reason I want this is that I know people will want to be able to > setup their access point, but not want their wife to have to sign in > everytime she uses her laptop at the access point in her house. This > feature should work for both the open and captive port. it can't hurt, cookies over ssl might be a more secure way of doing this in the long run. > Also perhaps we should create a 4th class for people who press the > skip button. Right now they are marked as "UNKNOWN" and given the > class "public". Maybe making a class "unknown". anonymous? adam. From terry at nycwireless.net Thu Aug 16 20:56:36 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Thu, 16 Aug 2001 15:56:36 -0400 Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth References: Message-ID: <04f101c1268d$8fe2bc50$170a0a0a@elfnyh1> > > You get a public account. I just confirmed this because my test > > account that I created on the website shows up in the NoCatAuth logs > > as public. > okay so who "promotes" your account to a co-op member? This is up to each group to decide. It will probably be the group coordinaters, or some member of a group designated to do that. The great thing is that this leaves it up to each group to decide who is a co-op member and how to promote people. Nobody wants me dictating how someone else's group should be run. The other great thing is that if someone is running the co-op membership like asses I can just say, ignore that's group's co-op members roaming on the NYCwireless network. Another fact is that I trust you, and Rob, and Matt W, and Matt P, and Matt A, to be good group coordinaters. > > I know pretty much nothing about ldap, so I can't comment. I will use > > (& learn a little) of whatever the group consensus is. > lets stick with what works, if we find a limitation with mysql and think > ldap is a solution i'll happily help make that work. i'm just bitching > cause i hate sql. terry you might have to hold my hand through getting it > working and secured. :) Ok, cool, does this mean you'll start running mySQL on maus and I can move the NYCwireless site to some PHP-Nuke or geeklog setup?? --Terry From michael at civis.com Thu Aug 16 21:10:21 2001 From: michael at civis.com (Michael Codanti) Date: Thu, 16 Aug 2001 13:10:21 -0700 Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth References: Message-ID: <015901c1268f$7a9be360$911e3589@ohsu.edu> > rather then create a new table i was thinking that it could be > incorporated into the existing database. based on what michael said there > is already node level information so why not include geography type info > there. I think it contains users only at this point. You specify node owners in the config files of each individual node. > probably but can i customize their bandwidth restrictions so they get more > then they normally would only at my node? Yes, like I said above the node owner classification is setup on the node itself. Michael From larry at spack.org Thu Aug 16 22:01:01 2001 From: larry at spack.org (Adam Shand) Date: Thu, 16 Aug 2001 14:01:01 -0700 (PDT) Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth In-Reply-To: <04f101c1268d$8fe2bc50$170a0a0a@elfnyh1> Message-ID: > This is up to each group to decide. It will probably be the group > coordinaters, or some member of a group designated to do that. sorry wrong question. *technically* how do you do this? is there an admin interface, raw sql queries etc. how do i (as the master of the server) delegate this ability/permission to someone else? > Ok, cool, does this mean you'll start running mySQL on maus and I can > move the NYCwireless site to some PHP-Nuke or geeklog setup?? hey, i sense vested interests!! :-) yeah yeah ... okay. i just take no responsibility for running the damn thing. if i install mysql give you mysql admin rights will you do what needs to be done? adam. From rob at oreillynet.com Thu Aug 16 22:28:23 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Thu, 16 Aug 2001 14:28:23 -0700 (PDT) Subject: [NoCatNet] NoCatAuth Feature Requests In-Reply-To: <04a301c12689$00666490$170a0a0a@elfnyh1> Message-ID: On Thu, 16 Aug 2001, Terry Schmidt wrote: > One feature I would like to see in NoCatAuth is a configuration entry for > MAC addresses that don't get prompted for a login. As it is, you could add those rules manually to firewall.linux, to tag certain MACs as Owner (or even Co-op) class. It would be handy to have this specified in the nocat.conf to make it completely brainless... I'll put that on the TODO (along with the flashing warning lights and klaxons going off...) > This feature should work for both the open and captive port. It will. Just tag the MACs with a different FWMARK and you're in. > Also perhaps we should create a 4th class for people who press the skip > button. Right now they are marked as "UNKNOWN" and given the class > "public". Maybe making a class "unknown". There are actually four classes right now. The FWMARK 4 is for people who haven't even clicked skip yet, and are unknown (the "UNKNOWN" message in the web browser is just an artifact, and should probably be changed to something prettier.) Anything with FWMARK 4 is allowed SSL to the auth system and optionally port 53 to a DNS machine (as defined in the nocat.conf). All other traffic is prohibited. The Public class is for anyone who has clicked skip, or has registered and logged in but isn't approved as a co-op member yet (and who also isn't listed as an Owner on the gateway in question.) Co-op is for someone who has logged in successfully and has their status flag set (soon to be with the names of the co-ops they belong to, currently to non-zero.) And Owner is a Co-op or Public user who has logged in and is listed on the gateway's internal Owner list (again, as specified in nocat.conf.) What would another class of service do for us? I could see possibly a "roaming" class, although I think that's probably overkill for quite a while. Maybe a "blacklist" class, to turn off known bad radios, but as MACs are malleable, I don't think it'll be all that useful... What do you want to do with another class? --Rob From terry at nycwireless.net Thu Aug 16 22:40:06 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Thu, 16 Aug 2001 17:40:06 -0400 Subject: [NoCatNet] NoCatAuth Feature Requests References: Message-ID: <070e01c1269c$058dfe70$170a0a0a@elfnyh1> > As it is, you could add those rules manually to firewall.linux, to tag > certain MACs as Owner (or even Co-op) class. It would be handy to have > this specified in the nocat.conf to make it completely brainless... I'll > put that on the TODO (along with the flashing warning lights and klaxons > going off...) Cool. Thanks. I just want to make this a brainless as possible solution so it will have a high success factor. > What would another class of service do for us? I could see possibly a > "roaming" class, although I think that's probably overkill for quite a > while. Maybe a "blacklist" class, to turn off known bad radios, but as > MACs are malleable, I don't think it'll be all that useful... A blacklist class would probably be smart as it would prevent the malicous person who isn't smart enough to change their MAC address. > What do you want to do with another class? Something to differentiate a public user who has registered, and someone who just pressed the skip button. I know there is not much difference between the two since the public user who is registered and not a co-op member has not much more verification, but it does allow a node owner to encourage registration. --Terry -- who is finally down to one email in the inbox. -- damm wait two more messages just came in. From rob at oreillynet.com Thu Aug 16 22:45:12 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Thu, 16 Aug 2001 14:45:12 -0700 (PDT) Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth In-Reply-To: Message-ID: On Thu, 16 Aug 2001, Adam Shand wrote: > sorry wrong question. *technically* how do you do this? is there an > admin interface, raw sql queries etc. how do i (as the master of the > server) delegate this ability/permission to someone else? Heh. Good question. Right now, it's commandline mysql, baby... =) Seriously, that tool hasn't been written, but is in the works. As far as node (geographic) data in the database goes: There is a node table, but it's currently unused. The intent is to have a many-to-many relationship between co-op members and the node table. Ultimately, when you login, you'll be able to add / delete / edit whatever nodes you are responsible for. And, if you're and "admin" for a particular community group, you'll be able to "op" pending co-op member wannabe's into your group. Of course, figuring out who's an admin is largely a political decision rather than a technical one... But I envision a bunch of admins for each group, and probably getting a notification (either by email or when they sign in) with how many people have tried to sign up as members and are awaiting blessing. You could even make that a function of your monthly meetings: part of the agenda would be to go over the subscription list and even vote on who gets made a member. Make the process as formal or informal as you want; it's just a bit in a user record. Hell, even make it a requirement of membership: show up at a meeting, state your case, and take a vote. But, these tools aren't written yet. Damn, look at that! Seventeen people have signed up, and I only know a couple of them. Looks like it's time to get the user management tools going, eh? =) --Rob From schuyler at tridity.org Thu Aug 16 22:45:29 2001 From: schuyler at tridity.org (Schuyler Erle) Date: Thu, 16 Aug 2001 14:45:29 -0700 Subject: [NoCatNet] Canada Unplugged (was: Regarding nocatrfc.txt) References: <20010815142212.15064.qmail@web14002.mail.yahoo.com> Message-ID: <3B7C3EF9.1DD9B685@tridity.org> Jeff Nye wrote: > > ... At least until these guy can perfect the WRP to were I can use > it. I would much rather have a surplus pentium 133 as > my router rather then my pentium 1 gig. Patches welcome. SDE From larry at spack.org Thu Aug 16 22:52:49 2001 From: larry at spack.org (Adam Shand) Date: Thu, 16 Aug 2001 14:52:49 -0700 (PDT) Subject: [NoCatNet] Re: [BAWUUG-CaptivePortal] NoCatAuth In-Reply-To: Message-ID: > But, these tools aren't written yet. Damn, look at that! Seventeen > people have signed up, and I only know a couple of them. Looks like > it's time to get the user management tools going, eh? =) we all chomping at the bit :) adam. From larry at spack.org Thu Aug 16 22:56:38 2001 From: larry at spack.org (Adam Shand) Date: Thu, 16 Aug 2001 14:56:38 -0700 (PDT) Subject: [NoCatNet] NoCatAuth Feature Requests In-Reply-To: <070e01c1269c$058dfe70$170a0a0a@elfnyh1> Message-ID: > A blacklist class would probably be smart as it would prevent the > malicous person who isn't smart enough to change their MAC address. also apparently recent client software will no longer allow windows users to change their mac. that means that it's just that little bit harder for the script kiddies. > Something to differentiate a public user who has registered, and > someone who just pressed the skip button. I know there is not much > difference between the two since the public user who is registered and > not a co-op member has not much more verification, but it does allow a > node owner to encourage registration. i'd like to see this as well. adam. From terry at nycwireless.net Thu Aug 16 23:01:05 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Thu, 16 Aug 2001 18:01:05 -0400 Subject: Eagerly awaiting NoCatAuth's release References: Message-ID: <081501c1269e$f28b7ac0$170a0a0a@elfnyh1> > > But, these tools aren't written yet. Damn, look at that! Seventeen > > people have signed up, and I only know a couple of them. Looks like > > it's time to get the user management tools going, eh? =) > > we all chomping at the bit :) He is not kidding. I have a know of a bunch of people how will make their access points public, once they have some bit of control for it. The NoCatAuth client is going to be a great solution for this, no matter if you want to run it in Captive mode or Open Mode. I'm very excited about it. I just ordered a Stylistic 1000 today, in addition to the Stylistic 1200 I already have. The 1000 is actually better for what we want to do since the hard drive is a removable PCMCIA version, so you just stick it in a laptop, and disk image the latest version of whatever you want. The 1000 will work great for a NoCatAuth gateway. It is also a good test version of the eagerly awaited Peterson APs. The 1200 has an internal 2.5 inch hard drive that take a little bit of work to remove and has an easy to tear cable. Not good for doing a lot of updates and testing. --Terry From nboblitt at luminee.com Thu Aug 16 23:32:48 2001 From: nboblitt at luminee.com (Nate Boblitt) Date: Thu, 16 Aug 2001 15:32:48 -0700 Subject: [NoCatNet] Eagerly awaiting NoCatAuth's release In-Reply-To: <081501c1269e$f28b7ac0$170a0a0a@elfnyh1> Message-ID: > I just ordered a Stylistic 1000 today, in addition to the Stylistic 1200 I > already have. The 1000 is actually better for what we want to do since the > hard drive is a removable PCMCIA version, so you just stick it in a laptop, > and disk image the latest version of whatever you want. The 1000 will work > great for a NoCatAuth gateway. It is also a good test version of the > eagerly awaited Peterson APs. So here's a lamo question, would the Peterson APs be a software AP on a Cisco Aironet card or the Sokris board? I know some of us in several of the groups have the Prism 2 software AP working but haven't heard much about this lately. Maybe I'll work with Rob on getting some of this admin/html pages done for NoCatAuth. Right now we are just done our main programmer and graphic artists as they are both out of town for a few days. But maybe we can get some prelim admin pages done this weekend... Nate From tehanu at sonic.net Fri Aug 17 19:27:27 2001 From: tehanu at sonic.net (Matthew Morgan) Date: Fri, 17 Aug 2001 11:27:27 -0700 Subject: I need help on project: Repeaters and AP's? Message-ID: <200108171820.f7HIKBh10535@buzz.sonic.net> Greetings, I was at the BAWUG meeting last night and appreciated all of the resources and information people shared. I asked a question last night that was not completely answered, so I will ask it here again: I am trying to set up a long shot PTP connection from a POTS 56K ISP connection over a range of hills to a rural village. The distance is estimated at around 25km (I will be able to confirm this soon as maps are on their way. Assuming the distance is 25km, and also recognizing the presence of much vegetation and the diverse topography, I understand that it will be very difficult to set up a reliable connection. I am not an E.E. grad (unless you're referring to environmental education!), but I learn quick and like to tinker. I am also not committed to using 802.11b on the 2.4Ghz spectrum, but I thought for simplicity sake (i.e. not requiring that I learn how to build a radio and modem in a different frequency), I wanted to use off the shelf parts and use a solution that was easy to implement on mixed hardware (pc and mac laptops/desktops, etc). The intranet at the local village will be hard wired, thus I only need to connect the hard-wired network from the village, to the telephone line in the town. I am under the impression that repeating bridges will be the answer for both the diverse topography, and variable vegetation. I would like to keep the setup as close to FCC regs as possible, but I'm not too concerned if the power is fudged a little bit as the area is remote, and the antennas will most likely be high gain uni-directional yagis or parabolics. As I see it, I need an access point in the town with a dial up modem to make the connection to the 56k isp service. This access point must then be able to transfer the signal to wireless and send it up the hill to a series of repeaters (1, 2, or 3 at most) before being received by a wireless to wired ethernet AP bridge in the village. I had originally thought that I could use Orinoco AP500's at the two end-points and AP1000's as repeaters (because they had two card slots). But now I am a little concerned that this setup will not work as some people mentioned that an AP1000 cannot act as a repeater. Now, I understand that Orinoco's "Outdoor Repeaters" are basically AP1000's with a firmware update and an activation key, but I don't think I can afford the licensing costs. Therefore, I'm unsure how to proceed. I think that, in sum, I can afford about 2000 on the project, but would really like to see the main equipment come in at around 1200-1500. I am about to receive a wavepoint II to start tinkering with, but I don't figure this will be able to work as a repeater. I also have two macs with airport cards (no base station) to test the wavepoint with. Other than that I have my limited skill (I don't know linux or bsd but I'm not afraid to learn it if I need to), my visa card, and hopefully, your useful advice. Specifically I am asking for the following: Is there another better suited alternative to 802.11b? Assuming I go with the 2.4Ghz stuff: What brand/model of equipment would you recommend for the job? (I was leaning towards Orinoco for cost and compatibility issues (mac/pc), but I understand Aironet is the preferred for power reasons (100mw)?) What kind of antennas? How to supply power to the repeaters (solar I assume, and its ok if the device is only on for certain lengths of day: i.e. it can be down at night) Here are the physical parameters: ~25km shot Mountainous/Hilly topography (hilltops are available for repeater placement) Lots of vegetation And other priorities (in order of importance): Cost (I will home build what is most time/cost effective, i.e. antennas, connections, solar power, outdoor enclosure) Simplicity (in both implementation and support) Reliability (particularly in reference to "burlyness" of antenna connections and hardware in general) Regulations: I'd like to stay as low power (gain) as possible, ok to fudge a bit, but I don't want to be cooking passing pigeons with the yagi : ) Bandwidth (not much of an issue as the connection is 56k anyway, I understand that DSS is stepped, so even the lowest rate 1mb/s works fine) I don't expect you all to create a plan for me, but advice, particular on the repeaters, is really essential. THANKS Matthew Morgan "There is a crack in everything, that's how the light gets in" -Leonard Cohen From frankb at efball.com Fri Aug 17 19:54:26 2001 From: frankb at efball.com (E Frank Ball) Date: Fri, 17 Aug 2001 11:54:26 -0700 Subject: [NoCatNet] I need help on project: Repeaters and AP's? In-Reply-To: <200108171820.f7HIKBh10535@buzz.sonic.net>; from tehanu@sonic.net on Fri, Aug 17, 2001 at 11:27:27AM -0700 References: <200108171820.f7HIKBh10535@buzz.sonic.net> Message-ID: <20010817115426.B5508@zouave.sonic.net> On Fri, Aug 17, 2001 at 11:27:27AM -0700, Matthew Morgan wrote: } } but I learn quick and like to tinker. I am also not committed to using } 802.11b on the 2.4Ghz spectrum, but I thought for simplicity sake (i.e. } not requiring that I learn how to build a radio and modem in a different } frequency), I wanted to use off the shelf parts and use a solution that } was easy to implement on mixed hardware (pc and mac laptops/desktops, } etc). The intranet at the local village will be hard wired, thus I only } need to connect the hard-wired network from the village, to the } telephone line in the town. I am under the impression that repeating } bridges will be the answer for both the diverse topography, and variable } vegetation. I would like to keep the setup as close to FCC regs as } possible, but I'm not too concerned if the power is fudged a little bit } as the area is remote, and the antennas will most likely be high gain } uni-directional yagis or parabolics. If you study for a few days and take a test you can get a ham radio license. The IEEE802.11b band is 2.400-2.485 GHz. With a ham license you can use the band from 2.390-2.450 GHz with upto 2000 watts. The lower channels in the 802.11b band seem to overlap. Lots of info at: http://www.w5yi.org/Part97A.htm -- E Frank Ball KC6WUG efball@efball.com From terry at nycwireless.net Sat Aug 18 19:34:12 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Sat, 18 Aug 2001 14:34:12 -0400 Subject: Stylistic 1200 and 1000 Memory Sources References: <3B7E4FC2.6304.155DD16D@localhost> Message-ID: <000f01c12814$61bb8220$170a0a0a@elfnyh1> For the stylistic 1200 go to http://www.coastmemory.com You want the LGED64U/064/G3V60 64 MEG 144 PIN 3.3V EDO SO DIMM 8X8 BUILD $28.00 It is under the Laptop SODIMMs section. You'll have to go into the bios to have it recognize the new ram after you install it. After upgrade the RAM total is 80 megs. I did this upgrade and it works great. For the stylistic 1000 go to http://www.datamem.com/fujitsu.asp You want the DM62 218 32MB memory upgrade $35 (my mistake $35 without shipping) There is 8 megs soldered on board, and maybe 8 megs in the expansion slot, depending on what stylistic 100 you get. Replace the 8 megs in expansion slot with 32 megs for a total of 40 megs ram. --Terry From jeffnye20 at yahoo.com Sun Aug 19 05:02:47 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Sat, 18 Aug 2001 21:02:47 -0700 (PDT) Subject: [NoCatNet] Stylistic 1200 and 1000 Memory Sources In-Reply-To: <000f01c12814$61bb8220$170a0a0a@elfnyh1> Message-ID: <20010819040247.13137.qmail@web14004.mail.yahoo.com> Just for those of us outside your local could you guys hook us up with the full stats on that new router you built. If memory serves it used the WRP and your auth server? Send me the specs and the average cost starting with nothing! Jeff --- Terry Schmidt wrote: > For the stylistic 1200 go to > http://www.coastmemory.com > You want the LGED64U/064/G3V60 64 MEG 144 PIN 3.3V > EDO SO DIMM 8X8 BUILD > $28.00 > It is under the Laptop SODIMMs section. You'll have > to go into the bios to > have it recognize the new ram after you install it. > After upgrade the RAM > total is 80 megs. I did this upgrade and it works > great. > > For the stylistic 1000 go to > http://www.datamem.com/fujitsu.asp > You want the DM62 218 32MB memory upgrade $35 > (my mistake $35 without > shipping) > There is 8 megs soldered on board, and maybe 8 megs > in the expansion slot, > depending on what stylistic 100 you get. Replace > the 8 megs in expansion > slot with 32 megs for a total of 40 megs ram. > > --Terry > __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From paul at klodepark.com Sun Aug 19 15:33:15 2001 From: paul at klodepark.com (Paul) Date: Sun, 19 Aug 2001 09:33:15 -0500 Subject: [NoCatNet] Stylistic 1200 and 1000 Memory Sources References: <3B7E4FC2.6304.155DD16D@localhost> <000f01c12814$61bb8220$170a0a0a@elfnyh1> Message-ID: <000d01c128bb$e208afa0$0701a8c0@nsmicro.com> FYI Someone posting at www.linux-hacker.net (Fujitsu 1200 board) is setting up a group buy for the 64mb SODIMMs for the Stylistic 1200 at $30 shipped. -Paul ----- Original Message ----- From: "Terry Schmidt" To: "Michael Codanti" Cc: Sent: Saturday, August 18, 2001 1:34 PM Subject: [NoCatNet] Stylistic 1200 and 1000 Memory Sources > For the stylistic 1200 go to http://www.coastmemory.com > You want the LGED64U/064/G3V60 64 MEG 144 PIN 3.3V EDO SO DIMM 8X8 BUILD > $28.00 > It is under the Laptop SODIMMs section. You'll have to go into the bios to > have it recognize the new ram after you install it. After upgrade the RAM > total is 80 megs. I did this upgrade and it works great. > > For the stylistic 1000 go to http://www.datamem.com/fujitsu.asp > You want the DM62 218 32MB memory upgrade $35 (my mistake $35 without > shipping) > There is 8 megs soldered on board, and maybe 8 megs in the expansion slot, > depending on what stylistic 100 you get. Replace the 8 megs in expansion > slot with 32 megs for a total of 40 megs ram. > > --Terry > From michael at civis.com Mon Aug 20 18:24:09 2001 From: michael at civis.com (Michael Codanti) Date: Mon, 20 Aug 2001 10:24:09 -0700 Subject: NoCatAuth References: Message-ID: <01c401c1299c$ec5adfa0$911e3589@ohsu.edu> I am thinking of putting NoCatAuth on the Toshiba 430CDT, which with the dock I can get 1 ethernet and 3 wireless cards in. If I hooked each card to a 120* sector, that would make a really nice central POP. Can NoCatAuth deal with three 'internal' networks at this point, or would that need to get added to it at a later time? Michael From schuyler at oreilly.com Mon Aug 20 19:03:28 2001 From: schuyler at oreilly.com (Schuyler Erle) Date: Mon, 20 Aug 2001 11:03:28 -0700 Subject: [NoCatNet] NoCatAuth References: <01c401c1299c$ec5adfa0$911e3589@ohsu.edu> Message-ID: <3B8150F0.E9EE45DB@oreilly.com> Michael Codanti wrote: > > Can NoCatAuth deal with three 'internal' networks at this point, or would > that need to get added to it at a later time? You'll have to hack the bin/firewall.linux script by hand. Alternately, if Rob goes for it, we could patch the firewall code to accept a whitespace-separated list of network addresses/masks in nocat.conf, and include this feature in the next release. Thoughts, anyone? SDE From rob at oreillynet.com Mon Aug 20 19:22:00 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Mon, 20 Aug 2001 11:22:00 -0700 (PDT) Subject: [ptp] Stylistic 1000's (fwd) Message-ID: More Stylistics. He's got a discount at 15 ($41.36 + shipping) so he's doing a group buy. Anybody interested? --Rob ---------- Forwarded message ---------- Date: Mon, 20 Aug 2001 08:42:55 -0700 From: Michael Codanti Reply-To: ptp@lists.spack.org To: ptp@lists.spack.org Subject: [ptp] Stylistic 1000's There is a person on eBay selling Stylistic 1000's for $46.95 (buy-it-now price) These are little tablet computers, 486DX100, 8Megs, 340Meg PCMCIA Harddrive, 2 open stacked PCMCIA cards, B&W reflective screen (good outdoors).... Memory can be expanded to 40 megs for about $35. The NoCat people are using the 1000's and 1200's for their NoCatAuth gateway among other things.. The guy is willing to give us about a 10% discount if we ordered 15 from him, and I am finding out how much shipping would be.... Do we have any people that are interested, or should I just get one for myself? Michael -- the personal telco project - http://www.personaltelco.net/ un/subscribe: http://lists.personaltelco.net/mailman/listinfo/ptp/ archives: http://lists.personaltelco.net/pipermail/ptp/ From adam at personaltelco.net Mon Aug 20 19:20:19 2001 From: adam at personaltelco.net (Adam Shand) Date: Mon, 20 Aug 2001 11:20:19 -0700 (PDT) Subject: [NoCatNet] NoCatAuth In-Reply-To: <3B8150F0.E9EE45DB@oreilly.com> Message-ID: > You'll have to hack the bin/firewall.linux script by hand. > Alternately, if Rob goes for it, we could patch the firewall code to > accept a whitespace-separated list of network addresses/masks in > nocat.conf, and include this feature in the next release. Thoughts, > anyone? is there any reason *not* to do this (other then time spent to do it)? it seems that it only buys us flexibility and doesn't cost us anything. adam. From rob at oreillynet.com Mon Aug 20 19:31:20 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Mon, 20 Aug 2001 11:31:20 -0700 (PDT) Subject: [NoCatNet] NoCatAuth In-Reply-To: Message-ID: On Mon, 20 Aug 2001, Adam Shand wrote: > > You'll have to hack the bin/firewall.linux script by hand. > > Alternately, if Rob goes for it, we could patch the firewall code to > > accept a whitespace-separated list of network addresses/masks in > > nocat.conf, and include this feature in the next release. Thoughts, > > anyone? > > is there any reason *not* to do this (other then time spent to do it)? > it seems that it only buys us flexibility and doesn't cost us anything. It's just a little complex. For added sanity, we're checking the interface AND the ip address AND the mac address of each outgoing packet. We could forego the interface checking to buy us a simpler configuration (and ease of adding new interfaces.) As it stands, the rules could get quite baroque trying to keep track of who came in from where. I think the only risk that might expose us to is people forging packets coming from another interface, but the likelihood of that happening is probably pretty remote. If you have an immediate need, hack your firewall.linux script. It'll likely be a while before the next major release (think Burning Man!) but if I can come up with a simple way of adding this, I'll do it in the next week or so. --Rob From rob at oreillynet.com Mon Aug 20 19:40:13 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Mon, 20 Aug 2001 11:40:13 -0700 (PDT) Subject: Apple PR Message-ID: Here's Apple's list of "AirPort Service Providers": http://www.apple.com/hotnews/articles/2001/08/onthego/ Hmm, WayPort, MobileStar, AirWave, Surf & Sip... Where's NoCat? ;) --Rob From terry at nycwireless.net Mon Aug 20 19:48:14 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Mon, 20 Aug 2001 14:48:14 -0400 Subject: [NoCatNet] NoCatAuth References: Message-ID: <00a101c129a8$aae148a0$c47a5c42@ELFNY05> > It's just a little complex. For added sanity, we're checking the interface > AND the ip address AND the mac address of each outgoing packet. We could > forego the interface checking to buy us a simpler configuration (and ease > of adding new interfaces.) As it stands, the rules could get quite baroque > trying to keep track of who came in from where. This is sounding like a lot of work to get it done right. I would put this as a lower priority compared to the other things on the Captive portal list (Open Portal, fault tolerant auth servers, etc), since the amount of people using 3 wireless interfaces will probably be really small. One other solution that can probably be used to make the Captive Portal work across 3 wireless interfaces without changing the captive portal code, is to bridge the 3 wireless interfaces together and put them all on the same subnet. Since your using bridging, you won't be decrease the amount of total bandwidth available (it is sorta like switching). The only downside is that it increases your broadcast domain (which can be a good thing depending on what services you are offering where), and it would allow someone on one wireless interfaces to try and do bad things to a person on a different wireless interface (same vulnerability that Rob mentioned). This is probably the simple and best solution. Also this way if someone roamed from one wireless interface to another wireless interface, their connections would be maintained perfectly (a definite plus). --Terry From jeffnye20 at yahoo.com Mon Aug 20 19:57:49 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Mon, 20 Aug 2001 11:57:49 -0700 (PDT) Subject: [NoCatNet] NoCatAuth In-Reply-To: <00a101c129a8$aae148a0$c47a5c42@ELFNY05> Message-ID: <20010820185749.10432.qmail@web14007.mail.yahoo.com> > > This is sounding like a lot of work to get it done > right. I would put this as a > lower priority compared to the other things on the > Captive portal list (Open > Portal, fault tolerant auth servers, etc), since the > amount of people using 3 > wireless interfaces will probably be really small. I don't know about that I can think of at least three of my current nodes that would be better with this piece of functionality. > > One other solution that can probably be used to make > the Captive Portal work > across 3 wireless interfaces without changing the > captive portal code, is to > bridge the 3 wireless interfaces together and put > them all on the same subnet. > Since your using bridging, you won't be decrease the > amount of total bandwidth > available (it is sorta like switching). The only > downside is that it increases > your broadcast domain (which can be a good thing > depending on what services you > are offering where), and it would allow someone on > one wireless interfaces to > try and do bad things to a person on a different > wireless interface (same > vulnerability that Rob mentioned). This is probably > the simple and best > solution. Also this way if someone roamed from one > wireless interface to another > wireless interface, their connections would be > maintained perfectly (a definite > plus). I agree mainly because I want all members of the seperate wireless interfaces to see each other. Otherwise what is the point? BIGGER the network gets the better! More complex of course but SWEET! Jeff __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From earthsea at sonic.net Mon Aug 20 20:03:54 2001 From: earthsea at sonic.net (Matthew Morgan) Date: Mon, 20 Aug 2001 12:03:54 -0700 Subject: FHSS or DSS Message-ID: <200108201856.f7KIuWg00546@prop.sonic.net> Wouldn't an FHSS system be a better choice for a PTP connection linking two wired networks together? If so, has anyone worked with the Proxim Rangelan2 FHSS boxes? The bandwidth is narrower, but they run at 500mW! Am I missing something or is FHSS a better technology for long distance PTP connections then 802.11b? I know everyone wants to use WiFi for easy compatibility with neighborhood roaming networks, but for a closed, PTP transmission, I'm thinking FHSS would be better suited? Also, does anyone know if you can set up Rangelan 2's as repeaters? What must the box be capable of doing in order for that to work? Sorry for my ignorance but I always thougth that AP's could bounce traffic from one AP to another, but I get the sense that this is not the case? "There is a crack in everything, that's how the light gets in" -Leonard Cohen From earthsea at sonic.net Mon Aug 20 20:08:03 2001 From: earthsea at sonic.net (Matthew Morgan) Date: Mon, 20 Aug 2001 12:08:03 -0700 Subject: Repeating AP's Message-ID: <200108201900.f7KJ0fg02537@prop.sonic.net> Sorry to harp on the same line, but... Which ap's can be used as repeaters? My list so far: WAP11 w/ firmware update What other AP's can accomplish this? Can Aironet 350's do this? What about Orinoco AP1000's? OR, to make this easier, what do you look for on the specifications table that verifies if the Access Point in questions can bridge the wireless signal from one AP to another (i.e. no clients, just acting as a repeater from one AP to another)? Thanks "There is a crack in everything, that's how the light gets in" -Leonard Cohen From benh at jpj.net Mon Aug 20 20:02:11 2001 From: benh at jpj.net (Ben Hockenhull) Date: Mon, 20 Aug 2001 15:02:11 -0400 (EDT) Subject: [NoCatNet] Repeating AP's In-Reply-To: <200108201900.f7KJ0fg02537@prop.sonic.net> Message-ID: > What other AP's can accomplish this? Can Aironet 350's do this? What > about Orinoco AP1000's? The Aironet 4800, and Cisco Aironet 340 and 350 series can all act as wholly wireless repeaters. Ben From tehanu at sonic.net Mon Aug 20 20:11:30 2001 From: tehanu at sonic.net (Matthew Morgan) Date: Mon, 20 Aug 2001 12:11:30 -0700 Subject: FHSS or DSS Message-ID: <200108201904.f7KJ48L26370@ultra.sonic.net> Wouldn't an FHSS system be a better choice for a PTP connection linking two wired networks together? If so, has anyone worked with the Proxim Rangelan2 FHSS boxes? The bandwidth is narrower, but they run at 500mW! Am I missing something or is FHSS a better technology for long distance PTP connections then 802.11b? I know everyone wants to use WiFi for easy compatibility with neighborhood roaming networks, but for a closed, PTP transmission, I'm thinking FHSS would be better suited? Also, does anyone know if you can set up Rangelan 2's as repeaters? What must the box be capable of doing in order for that to work? Sorry for my ignorance but I always thougth that AP's could bounce traffic from one AP to another, but I get the sense that this is not the case? Thanks "There is a crack in everything, that's how the light gets in" -Leonard Cohen From tehanu at sonic.net Mon Aug 20 20:11:50 2001 From: tehanu at sonic.net (Matthew Morgan) Date: Mon, 20 Aug 2001 12:11:50 -0700 Subject: Repeating AP's Message-ID: <200108201904.f7KJ4TL26544@ultra.sonic.net> Sorry to harp on the same line, but... Which ap's can be used as repeaters? My list so far: WAP11 w/ firmware update What other AP's can accomplish this? Can Aironet 350's do this? What about Orinoco AP1000's? OR, to make this easier, what do you look for on the specifications table that verifies if the Access Point in questions can bridge the wireless signal from one AP to another (i.e. no clients, just acting as a repeater from one AP to another)? Thanks "There is a crack in everything, that's how the light gets in" -Leonard Cohen From jim at SmallWorks.COM Mon Aug 20 20:41:13 2001 From: jim at SmallWorks.COM (Jim Thompson) Date: Mon, 20 Aug 2001 14:41:13 -0500 Subject: [BAWUG] FHSS or DSS In-Reply-To: <200108201904.f7KJ48L26370@ultra.sonic.net> References: <200108201904.f7KJ48L26370@ultra.sonic.net> Message-ID: <15233.26585.469453.279134@zaphod.smallworks.com> Matthew Morgan writes: > Wouldn't an FHSS system be a better choice for a PTP connection > linking two wired networks together? Why do you suppose that it would? > If so, has anyone worked with the Proxim Rangelan2 FHSS boxes? Um, yes. We did a couple days of co-interference and performance testing at D/FW in October of 1999. Prox RL2, 802.11 FHSS, 802.11 DSSS (various vendors) were all in attendence. > The bandwidth is narrower, but they run at 500mW! Perhaps you should stop and ask yourself 'Why so much power?' Could it possibly be that the RL2 technology doesn't have the processing gain of 802.11b? You might also want to remember that reach does not increase linearly with power output. > Am I missing something or is FHSS a better technology for long > distance PTP connections then 802.11b? I know everyone wants to use > WiFi for easy compatibility with neighborhood roaming networks, but for > a closed, PTP transmission, I'm thinking FHSS would be better suited? Why do you think this? FHSS is a) slower, b) more expensive, (these days), and c) your vendor selection is much, much narrower FHSS *might* be better suited where there are a lot of other FH signals around, but in the testing we did, the co-interferece was about equal in terms of PERCENTAGE reduction in throughput and distance. That is, if the co-interferce caused a 15% in througput at a given distance, then both the 11b system and the FHSS (or RL2) system suffered about the same amount of channel 'loss'. The difference is, of course, that 85% of 11Mbps (or even 6Mbps) leaves a lot more channel to work with than 85% of a 1.5Mbps channel. Within 6 months of the above-mentioned D/FW co-interference testing, Mobilestar, a former Proxim loyalist (possibly because Proxim was an early investory in Mobilestar) had started singing the 802.11b song. I also saw a Proxim RL2 card go completely berzerk in a presumed brown-out failure mode due to buggy laptop software, and knock the FHSS 802.11 AP off the air, while I maintained connectivity with the of Aironet 4800 that I had setup. > Also, does anyone know if you can set up Rangelan 2's as repeaters? > What must the box be capable of doing in order for that to work? Sorry > for my ignorance but I always thougth that AP's could bounce traffic > from one AP to another, but I get the sense that this is not the case? Not always no. Further there is no standard for this, its a vendor-by-vendor proprietary hack. Jim p.s. you do know that Proxim isn't exactly "friendly" wrt 802.11b, right? From danf at croatoan.croatoan.org Mon Aug 20 22:33:45 2001 From: danf at croatoan.croatoan.org (Dan Fitzpatrick) Date: Mon, 20 Aug 2001 14:33:45 -0700 Subject: [BAWUG] FHSS or DSS In-Reply-To: <200108201904.f7KJ48L26370@ultra.sonic.net>; from tehanu@sonic.net on Mon, Aug 20, 2001 at 12:11:30PM -0700 References: <200108201904.f7KJ48L26370@ultra.sonic.net> Message-ID: <20010820143345.P37538@croatoan.croatoan.org> Here's my $0.02: I used to have a PTP link using the Breezecom 3mbps stuff (AP-10D and a SA-10D). I used this link for about a year as my only source of access for my house. This link is about 3.7 miles long within Santa Clara Valley. About a year ago I replaced it with an Airport and a gold card in a PCMCIA adapter. The FHSS radios were very reliable but slow (I got no more than 1.5 mbps through put vs. the 3.5 mbps I get now). However I do get more packet loss with the DSSS radios than I did with the FH (about .2% vs. less than .1%) I'm not biased toward either system. Both are reliable within my standards. In the future however, I don't see myself using any more FHSS gear. It's expensive (My link cost about $3000 vs. the $800 for my current setup), slow and a technology that I feel wont be gaining much market share any time soon. -- Dan Fitzpatrick From jeffnye20 at yahoo.com Tue Aug 21 00:41:52 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Mon, 20 Aug 2001 16:41:52 -0700 (PDT) Subject: This thing any good? In-Reply-To: <200108201904.f7KJ4TL26544@ultra.sonic.net> Message-ID: <20010820234152.79629.qmail@web14005.mail.yahoo.com> Hey just wondering if this thing is any good? http://www.nxgenstore.com/nxgen/itemdesc.asp?CartId=7772001GHYCV81&ic=848333415&tpc= Just looking to bridge a couple computers to a wireless link in infrastructure mode. I tried the WRP but as it turns out there were some hardware problems that we were unable to overcome! So what do you guys think of this ORINOCO WIRELESS DESKTOP ETHERNET ADAPTR? WWW.nexgenstore.com search "ORINOCO WIRELESS DESKTOP ETHERNET ADAPTR" Let me know, Jeff __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From jordan at infothecary.org Tue Aug 21 01:39:31 2001 From: jordan at infothecary.org (Jordan Hayes) Date: Mon, 20 Aug 2001 17:39:31 -0700 (PDT) Subject: [NoCatNet] This thing any good? Message-ID: <200108210039.f7L0dVW15677@web.thinkbank.com> I have one of these, but haven't tried it yet. This is a way to connect an Ethernet device to the wireless fabric. If it's just a computer, why not put in a card directly? This product is really more useful for devices that you can't put a card into; I'm going to use mine for an Axis WebCam. Why not use an AP? /jordan From rob at oreillynet.com Tue Aug 21 01:46:10 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Mon, 20 Aug 2001 17:46:10 -0700 (PDT) Subject: [NoCatNet] This thing any good? In-Reply-To: <20010820234152.79629.qmail@web14005.mail.yahoo.com> Message-ID: On Mon, 20 Aug 2001, Jeff Nye wrote: > Hey just wondering if this thing is any good? > > http://www.nxgenstore.com/nxgen/itemdesc.asp?CartId=7772001GHYCV81&ic=848333415&tpc= It's okay for what it is: a tiny, low power box whose only mission in life is to bridge an ethernet to wireless and ultimately to an AP. Drawbacks: * Expensive ($200, without a card! You will need an ORiNOCO silver or gold to make it work.) * Slow (field reports of 2Mbps / second max) * No real IBSS, just BSS sync to an AP (it claims to support IBSS, but I couldn't make it work.) * Flaky firmware (just try fiddling with the MAC address!) * One device at a time (will *NOT* connect to a hub over the wire) * Discontinued after 12/01, according to Agere Good: * Quick boot (about three seconds) * Reliable once it's up (I used one for about 9 months with zero trouble, after an hour or two to configure it.) * Small and quiet * External antenna connector is easy to get at So, if you can get your hands on one, and don't mind dropping $300 for a simple bridge, it could work for you... --Rob From jeffnye20 at yahoo.com Tue Aug 21 03:40:14 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Mon, 20 Aug 2001 19:40:14 -0700 (PDT) Subject: [NoCatNet] This thing any good? In-Reply-To: <200108210039.f7L0dVW15677@web.thinkbank.com> Message-ID: <20010821024014.68245.qmail@web14003.mail.yahoo.com> We are tyring to come up with a setup that makes it easy for multiple clients on the LAN to connect to the wireless. Will this not work? What if you NAT it going in? Let me know! Jeff __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From jeffnye20 at yahoo.com Tue Aug 21 03:48:46 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Mon, 20 Aug 2001 19:48:46 -0700 (PDT) Subject: [NoCatNet] This thing any good? In-Reply-To: Message-ID: <20010821024846.50325.qmail@web14008.mail.yahoo.com> Rob, Will it allow multiple client connectuions if there gateway is set to it? What we really want is something like the CPE router. But that is a $450 setup when it comes right down to it. We have racked our brains trying to correct the TX timeout error with the WRP but to no avail. I would like nothing more then to keep the installation cost down but there a lot of people out here who aren't technically minded that want on to the network. I want to help them get on but I need a system they won't have to worry about and one that allows multiple clients to connect without wireless cards. Trying to keep total install under $400. Do you know any other way of doing this? I am really desperate to find a good means of connecting them to the network. WAP11 are cheap but I can't figure a good way of making multiple AP's talk with clients connecting as well. Frusteration has ensued and many of the people are begging me to get them on so they can blow their buddy away in Counter-strike. Or whatever they are doing. The problem is that non of them are technical enough to figure this stuff out and have all turned to me to solve their problems for them. I am working as hard as I can but after this long the only real working solution is on a W2k server. I am not going to install server on everyones box...think of the costs alone. So I release this plea to help in anyway you can before I loose my mind! (Getting closer now!) Jeff __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From jeffnye20 at yahoo.com Tue Aug 21 04:45:50 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Mon, 20 Aug 2001 20:45:50 -0700 (PDT) Subject: OK Status of easy node on the CHEAP? In-Reply-To: <01Aug17.145421pdt.119048@sleepy.gtdev.com> Message-ID: <20010821034550.63135.qmail@web14004.mail.yahoo.com> Ok, I am reaching the end of my rapidly fraying rope. I need to setup several people in my neighborhood with directional links to my omni. I have the AP working nicely and a few people connected with PCI to PCMCIA adapters and Orinoco's. Now comes the hard part. The majority of the remaining people know nothing about computers accept that they like gaming and other network type activities. I believe that the network is better if there are more people...correct me if I am wrong. So I need an easy installation that is maintenance free or very low maintenance for the rest of the neighborhood. Now I have tried the WRP and am still working on it to try and get it to work. However, I am now getting to the point that a hardware based solution would be wonderful. I looked into CPE routers but $450 is a touch much in my opinion. (by the way teletronics is EVIL NEVER DO BUISNESS WTH THEM!) So I want to open up a thread that discusses the real solution to this problem. Go ahead list the outrageously priced solutions but lets try and find some low cost ways of bringing wireless to the masses with low maintenance. Couple questions, the Stylistic! Now I know this is a a tablet PC and I read the specs. Am I correct in assuming WRP would run on this? Where can I buy 10-30 of them on the cheap? Obviously there will not be enough Stylistics for all the nodes on any of our networks but finding who designed the motherboard and if they can still make it might be worth while? Can a WAP11 at the client side node (reference to client infers a directional link to omni) bridge them to the network? What limitations? Does anyone else here hate Teletronics? Lets face it we can all work together to create a pefect network. I am not talking about NoCat or SWN I am talking about the Wireless network that will overtake the internet. Kind of like internet Version 2. Done the way it ought to be done FAST. We are on the cutting edge of a project that could very well bring the world even closer together. It is amazing when you think about it. Sorry about getting all wierd there I just can see a lot of good coming out of all of our groups working together on this. Lets Web cam our meetings work closely with each other on Development. Let me know what you think... but if you want to reply to the more philisophical mood in this email use a different thread something like...."Jeff Nye Has Lost his Blessed mind!" that would work! Peace, Jeff __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ From brock at nanson.org Tue Aug 21 04:47:14 2001 From: brock at nanson.org (Brock Nanson) Date: Mon, 20 Aug 2001 20:47:14 -0700 Subject: [NoCatNet] [ptp] Stylistic 1000's (fwd) References: Message-ID: <00ce01c129f3$f9787f60$0101a8c0@private.network> Hi guys! I've been lurking for 4 or 5 weeks now and I've noted the great interest in these Stylistic units. What is the biggest attraction? Size? Cost? or the PCMCIA abilities built in? I've used old 486 boat anchors for some time now as Linux Router Project firewalls, and in some cases, FreeS/WAN VPN gateways. Would I find that what you are doing functions in much the same way, but with the addition/replacement of a wired NIC with a wireless card? That is, would I feel 'at home' putting a software WAP together? Like so many things, looking from the outside in, the learning curve looks so incredibly steep. The simple questions just don't seem to have readily accessible answers, just the complex ones! Thanks, Brock ----- Original Message ----- From: Rob Flickenger To: Sent: Monday, August 20, 2001 11:22 AM Subject: [NoCatNet] [ptp] Stylistic 1000's (fwd) > > More Stylistics. He's got a discount at 15 ($41.36 + shipping) so he's > doing a group buy. > > Anybody interested? > > --Rob > > ---------- Forwarded message ---------- > Date: Mon, 20 Aug 2001 08:42:55 -0700 > From: Michael Codanti > Reply-To: ptp@lists.spack.org > To: ptp@lists.spack.org > Subject: [ptp] Stylistic 1000's > > There is a person on eBay selling Stylistic 1000's for $46.95 (buy-it-now > price) These are little tablet computers, 486DX100, 8Megs, 340Meg PCMCIA > Harddrive, 2 open stacked PCMCIA cards, B&W reflective screen (good > outdoors).... Memory can be expanded to 40 megs for about $35. The NoCat > people are using the 1000's and 1200's for their NoCatAuth gateway among > other things.. > > The guy is willing to give us about a 10% discount if we ordered 15 from > him, and I am finding out how much shipping would be.... Do we have any > people that are interested, or should I just get one for myself? > > Michael > > > -- > the personal telco project - http://www.personaltelco.net/ > un/subscribe: http://lists.personaltelco.net/mailman/listinfo/ptp/ > archives: http://lists.personaltelco.net/pipermail/ptp/ > From jim at SmallWorks.COM Tue Aug 21 06:32:10 2001 From: jim at SmallWorks.COM (Jim Thompson) Date: Tue, 21 Aug 2001 00:32:10 -0500 Subject: [BAWUG] Re: [NoCatNet] This thing any good? In-Reply-To: References: <20010820234152.79629.qmail@web14005.mail.yahoo.com> Message-ID: <15233.62042.883998.257738@zaphod.smallworks.com> Rob Flickenger writes: > * Discontinued after 12/01, according to Agere Nomadic Technologies (or something like that), the company that built these (they were OEMed by Agere/Lucent) was purchased by 3Com. -- C++ is like jamming a helicopter inside a Miata and expecting some sort of improvement. -- Drew Olbrich From matt at peterson.org Tue Aug 21 06:50:41 2001 From: matt at peterson.org (Matt Peterson) Date: Mon, 20 Aug 2001 22:50:41 -0700 (PDT) Subject: [BAWUG] Re: [NoCatNet] This thing any good? In-Reply-To: <15233.62042.883998.257738@zaphod.smallworks.com> Message-ID: On Tue, 21 Aug 2001, Jim Thompson wrote: > Nomadic Technologies (or something like that), the company that built > these (they were OEMed by Agere/Lucent) was purchased by 3Com. Indeed (image quality sucks, cause I was using an Axis 2100 as a "digital camera"). P.S. Dam, we're cross-posting whores. -- Matt Peterson another.geek.without.a.life matt@peterson.org http://matt.peterson.org/ ------------------------------------------------- From rob at oreillynet.com Tue Aug 21 18:51:42 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Tue, 21 Aug 2001 10:51:42 -0700 (PDT) Subject: [NoCatNet] [ptp] Stylistic 1000's (fwd) In-Reply-To: <00ce01c129f3$f9787f60$0101a8c0@private.network> Message-ID: On Mon, 20 Aug 2001, Brock Nanson wrote: > I've been lurking for 4 or 5 weeks now and I've noted the great > interest in these Stylistic units. What is the biggest attraction? > Size? Cost? or the PCMCIA abilities built in? Yes, all of the above. Plus they're rugged, come with their own display, and even have a three-hour battery. For $50, they kick serious keester. > I've used old 486 boat anchors for some time now as Linux Router Project > firewalls, and in some cases, FreeS/WAN VPN gateways. Would I find that > what you are doing functions in much the same way, but with the > addition/replacement of a wired NIC with a wireless card? Yep, you can use it that way. If you want to build a wireless gateway under Linux, check out Schuyler's article: http://www.oreillynet.com/pub/a/wireless/2001/03/06/recipe.html Or possibly our Wireless on a Floppy: http://nocat.net/ezwrp.html If you're new to 802.11b, we also have the beginnings of a FAQ up here: http://nocat.net/faq.txt Good luck, --Rob From rob at oreillynet.com Tue Aug 21 19:04:59 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Tue, 21 Aug 2001 11:04:59 -0700 (PDT) Subject: Fwd: Wireless spectrum debate (fwd) Message-ID: Saw this on BAWUG. Interesting communication theory debate down there... --Rob ---------- Forwarded message ---------- Date: Tue, 21 Aug 2001 10:26:41 -0700 (PDT) From: Matt Gould To: ptp@lists.spack.org, wireless@lists.bawug.org Subject: [BAWUG] Fwd: Wireless spectrum debate Here's a forward of an email I sent to some friends with the attached thread from David Farber's IP list (www.interesting-people.org, I believe) discussing reallocation of ISM frequencies to licensed use - I believe the UK and Germany were mentioned. There are four attached emails - read from the bottom up. cheers, Matt --- Matt Gould wrote: > From: Matt Gould > Subject: Wireless spectrum debate > Date: Mon, 20 Aug 2001 19:02:01 -0300 > > Remember I was saying that unlicensed spectrum wireless is going to be big > news? It's going to be huge news if wireless carriers start lobbying > governments to redesignate unlicensed spectrum bands to licensees so that > they can protect their $100b investment in 3G spectrum by eliminating > competition from myriad unlicensed wireless operators, both personal (like > community free wireless projects such as www.personaltelco.net) and > commericial (like www.wayport.com and www.mobilstar.com). > > I think that if regulators really try to do this for the 5 Ghz band - the > one that is relatively unused, but will be intensively used by the next > generation of unlicensed spectrum wireless equipment, 802.11a - the debate > just may develop to the point where it becomes the focus for ideological > warfare on the right of the public to use of public radio frequency > spectrum, the dominance of corporate influence to avoid market pressures for > themselves, and the lack of foresight in government auction fever for 3G > spectrum. Attached are a couple emails from the IP mailing list, from some > pretty influential economists, engineers and even wireless industry > equipment makers. > > cheers, > Matt > > > > <> > <> > < FCCand my Co-Director, Penn Initiative on Markets, Technology and Policy>> > < Co-Director, Penn Initiative on Markets, Technology and Policy>> > > Matt Gould > Navitrak International Corporation > 1660 Hollis Street, Suite 904 > Halifax NS B3J1V7 > mgould@navitrak.ca > (902) 429-1438 > > > ATTACHMENT part 2 message/rfc822 > From: David Farber > Reply-to: farber@cis.upenn.edu > To: ip-sub-1@majordomo.pobox.com > Subject: IP: makes perfect sense Hong Kong, U.K. mull licensing WLAN spec > trum > Date: Mon, 20 Aug 2001 15:21:07 -0300 > > > >Date: Mon, 20 Aug 2001 09:42:04 -0700 > >To: farber@cis.upenn.edu > >From: Bob Hinden > >Subject: Re: IP: Hong Kong, U.K. mull licensing WLAN spectrum > >Cc: ip-sub-1@majordomo.pobox.com > > > >Dave, > > > >Makes perfect sense. The operators who spent so much money on 3G spectrum > >are worried (or at least they should be worried) that WLAN will do to them > >what the current cellular deployment did to Iridium. By the time that 3G > >gets deployed, WLAN will already serve the places where most of the > >customers (and revenue) is. > > > >Bob > > > > For archives see: http://www.interesting-people.org/ > > ATTACHMENT part 3 message/rfc822 > From: David Farber > Reply-to: farber@cis.upenn.edu > To: ip-sub-1@majordomo.pobox.com > Subject: IP: Another not competely different view -- A response to Faulhab > er > Date: Mon, 20 Aug 2001 13:40:35 -0300 > > Gerry is well aware of some of the options enabled by modern technology -- > like SDR etc. We he and I , as well as Dave Reed believe that rethinking is > in order and all start with a position which will, from past experience, > change as the debate unfolds. > > Dave > > Co-Director The Penn Initiative for Markets, Technology and Policy > > >Date: Mon, 20 Aug 2001 12:07:46 -0400 > >To: farber@cis.upenn.edu, "Gerald Faulhaber" > >From: "David P. Reed" > >Subject: A response to Faulhaber > > > >Dave - feel free to send to IP if you want, but I think it is important to > >take issue with a key aspect of Prof. Faulhaber's comments about the > >utility of a market in allocating spectrum. While I agree that the old > >(GOSPLAN?) model doesn't work well, to go to a "spectrum as property" > >model quickly could be even worse, because it is based on a *very* > >seriously flawed metaphor. We can and must do much better than this. > > > >Let me preface this comment with a caveat: I am a very strong advocate of > >markets as allocators of resources. Where such markets can be made to > >work, they are simple and incredibly effective. We should use them much > >more than we do - where they apply. > > > >But the electromagetic fields (whether used for communications services, > >information distribution services, or location services like GPS, radar, > >or LORAN) do not have the physical properties that can properly be managed > >by a market of the sort that Faulhaber advocates. > > > >Rather than a legal system based on a faulty understanding of the physics > >and network properties of communications, we need a much better > >approach. We need one that looks forward to the deployment of > >technologies that are only in their early states, rather than one that > >looks backwards to a metaphor based on the primitive, narrow-band, > >point-to-point radio techniques known in the early 20th century. > > > >What is essential to a property market is that the resource (property) > >being allocated be: > > > >1) naturally subdivided or subdividable without appreciable loss, into > >individually transferrable units, > > > >2) relatively expensive to create or produce, > > > >3) where the transferrable units are can be used independently without > >impinging on the value of other units. > > > >Land, gold, etc. fit these criteria reasonably well. > > > >Electromagnetic fields (excited by antennae) do not. > > > >Historically, the US (with other countries following close behind) came up > >with its "spectrum policy" in a hurry, after the Titanic disaster showed > >that there was a public interest in making sure that radios were operated > >in the interest of public safety and public values. > > > >But the structure being used today is very much out of date, and does not > >conform to what we understand about the properties of communications > >through our physics and our sciences of information (information theory, > >communications theory and computing sciences). Though the old licensing > >model for spectrum allocates bands in ways that superficially resemble the > >subdivision of property among users, this is not well-matched to the > >physics or technology of modern communications systems, especially those > >that include networking and computational elements. > > > >There are three serious problems with trying make the metaphor of > >"spectrum" as "property" work. > > > >1) SUBDIVISION IS WASTEFUL. Dividing spectrum up by "frequency" is done by > >inserting an arbitrary guard-band between users, along the dimensions of > >frequency (the narrower-band the signal, the larger the proportion of its > >band allocated to unused "guard-band"), power (the wider the variation of > >power among stations in a band, the more low-power stations are displaced) > >and space (most of the geographic area allocated to stations sharing a > >frequency is in the areas of weakest signal at the periphery of their > >range. This means that subdivision is NOT without loss, and in fact the > >more subdivided the spectrum is *by the current policy approaches* the > >more waste of capacity there is. > > > >Simple approaches discovered relatively recently, like OFDMA (orthogonal > >frequency division multiple access), recognize that by using a better > >*architecture* that requires serious cooperation among e-m field users, > >much of this waste can be avoided. But OFDMA is an architecture for > >sharing that does not subdivide spectrum into independently marketed > >pieces. Instead it creates a common communications channel that can be > >allocated in real time among users, giving them much more effective > >utilization. > > > >2) NETWORKING CREATES VALUE, PARTIONING DESTROYS VALUE. Network value can > >scale according to an increasing returns model: as more stations > >interoperate, the value available to all increases faster than the number > >of stations. The scaling laws now called "Metcalfe's Law" and "Reed's > >Law" are examples of the increasing returns enabled by network > >architectures. The main result of increasing returns is that there is a > >huge cost to "balkanizing" networks - reducing their interoperability. For > >example, Metcalfe's Law would have clarified the societal cost of the > >business decision by Telefunken and Marconi in the days of the Titanic - > >Marconi operators were not allowed to communicate with Telefunken ones, > >and vice versa. By dividing the world in half, the total "value" > >according to Metcalfe's Law was 1/4 as large. Dividing interoperability > >into 8 independent operators would similarly divide the value available to > >stations by 64. Thus, even early regulation required - at least for > >public safety - that the networks be interoperable, and carry emergency > >traffic for each other's customers. > > > >Today, we know how to make networks of all types interoperate. It's that > >magical virtual "ubernetwork" we call the Internet. Yet a mere > >subdivision of spectrum, auctioned of to non-interoperable communities is > >hardly likely to result in interoperability - instead it seems that the > >more likely result is a collection of tiny walled gardens with > >t(r)ollbridges between them, vastly reducing or eliminating > interoperability. > > > >(footnote: theoretically, we can also make location-service networks > >interoperate as well - so we don't depend on flaky systems like the > >marvelous-where-it-works GPS. The "Interlocate" architecture is begging to > >be developed IMHO, if we don't auction off all the spectrum too soon). > > > >And this will vastly undervalue the resources available. > > > >3) PROPERTY RIGHTS INHIBIT INNOVATION THAT WOULD IMPLY DIFFERENT > >STRUCTURES. Innovation in physical communications has only recently begun > >to yield technologies that a) don't fit the "narrowband" fixed spectrum > >allocation well at all, and b) provide vastly more effective and efficient > >use of spectrum for new applications. Here I'm talking about adaptive > >software-defined radio, cooperative joint detection, adaptive ad-hoc > >networks, ultra-wideband (time-domain) modulation, etc. What's common > >about all of these technologies is that they are inherently co-operative > >systems that share a common electromagnetic field among many users, > >dynamically cooperating to share that field more efficiently than any > >static allocation makes possible. Combintations of these approaches are > >likely to provide systems that give total systems capacity that grow > >perhaps as fast as linearly in the density of stations. Traditional fixed > >spectrum allocation provides a system capacity that does *not* grow with > >station density - it stays flat at best, and more commonly declines. > > > >Taken together these three observations, which arise only in situations > >where spectrum is shared under an architecture that does not balkanize > >spectrum, mean that the market system Faulhaber proposes risks > > > > a) blocking valuable innovations, > > > > b) suboptimizing the allocation of a public resource, and > > > > c) creating a set of unnecessary "bottlenecks" that create wealth > > while > > degrading the potential value that could be available to the > > public > > under a different economic allocation. > > > >For an example of (c) - a real-time market in "information capacity" can > >be built where stations cooperate in real time to allocate capacity using > >software defined radios and internetworking. This can be run as a > >"market", but since the units being traded would be "messages", they could > >be priced directly in terms of their utility. And if the systems > >architecture can produce much more capacity for "messages" by new > >technology and cooperation rather than balkanization, the overall utility > >will rise in proportion to the cooperation exhibited. Thus the incentives > >would be aligned to allocate capacity towards its real value, and more > >importantly to incent the creation of new value using cheap means such as > >internetworking. This would combat the alternative strategy sought by > >owners of mis-designed property rights - that of using their monopoly to > >maximize returns while blocking effective arbitrage/bypass strategies that > >would lower the value of their property. > > > >The creation of a sensible economic structure for these new radio > >architectures based on networking and computation will be a > >challenge. Prof. Faulhaber is clearly aware of some of the potential, but > >I'm afraid that the property rights auction approach is *not* the only > >economic model that is available, and in my opinion it is far from the > >right one. > > > > > >- David > >-------------------------------------------- > >WWW Page: http://www.reed.com/dpr.html > > > > > > > > For archives see: http://www.interesting-people.org/ > > ATTACHMENT part 4 message/rfc822 > From: David Farber > Reply-to: farber@cis.upenn.edu > To: ip-sub-1@majordomo.pobox.com > Subject: IP: more on A view of the Spectrum for the formerly Chief Econ > omist, FCCand my Co-Director, Penn Initiative on Markets, Technology an > d Policy > Date: Sat, 18 Aug 2001 19:49:47 -0300 > > > >From: "Gerry Faulhaber" > >To: "Robert J. Berger" , > > "David Farber" > > > >Date: Sat, 18 Aug 2001 16:15:19 -0400 > > > >Absolutely! The property rights model is at least as flexible as the > >government license model; but we have to get it right, not just for SDR but > >for technologies of the future we haven't even thought of yet. But then, > >property rights tend to evolve with new needs (this certainly happened with > >land, e.g.). But lots of hard work needs to be done to get it right. > > > >Gerry > > > >----- Original Message ----- > >From: "David Farber" > >To: "Robert J. Berger" > >Cc: "Gerry Faulhaber" > >Sent: Saturday, August 18, 2001 3:21 PM > >Subject: Re: IP: A view of the Spectrum for the formerly Chief Economist, > >FCCand my Co-Director, Penn Initiative on Markets, Technology and Policy > > > > > > > That is exactly why Gerry and I wanted the PIMTAP -- to provide an > > > environment in which to look at such issues in the context of policy > >making > > > > > > Dave > > > > > > At 12:18 PM 8/18/2001 -0700, you wrote: > > > >Glad to see that Professor Gerald Faulhaber at least mentions > > > >technological alternatives like Software Defined Radios (SDR) and > > > >Ultrawideband. I'm concerned though that he is just assuming that it > will > > > >fit in with a spectrum market economy. I am concerned that there has > not > > > >been given enough tought on how non-traditional technologies that > > > >themselves share spectrum fairly without a market can fit in. > Especially > > > >with people who are putting up legal "barbed wire" to not allow any > > > >spectrum sharing... > > > > > > > >-- > > > >Robert J. Berger > > > >UltraDevices, Inc. > > > >257 Castro Street, Suite 223 Mt. View CA. 94041 > > > >Email: rberger@ultradevices.com http://www.ultradevices.com > > > >Voice: 408-882-4755 Fax: 408-490-2868 > > > > > > > For archives see: http://www.interesting-people.org/ > > ATTACHMENT part 5 message/rfc822 > From: David Farber > Reply-to: farber@cis.upenn.edu > To: ip-sub-1@majordomo.pobox.com > Subject: IP: A view of the Spectrum for the formerly Chief Economist, FCC > and my Co-Director, Penn Initiative on Markets, Technology and Policy > Date: Sat, 18 Aug 2001 15:17:47 -0300 > > From: "Gerald Faulhaber" > > Dave-- > > The "spectrum shortage" is one of the great hypes of 2001, and at least in > the short run is bogus. There are a few wireless markets (e.g., New York > City) in which spectrum is short, but generally there is no national > spectrum shortage. Further, existing analog carriers have been slow in > converting their analog (inefficiently used) bandwidth to digital, which > could give them more capacity without new spectrum being allocated to these > markets. > > Much of the noise has been generated by the perceived need for 3G > applications, touted as broadband to the pocket. Again, keep in mind the > hype factor: even if successful, 3G is very unlikely to ever provide more > than 144 Kbps downstream, not the 2-3 Mbps claimed by early fevered > proponents. And as DoCoMo has shown, much of the mobile demand can be met > via a relatively narrowband channel: SMS, weather, stock quotes, e-mail, > etc. We all know that nobody's gonna watch movies on their cellphone, OK? So > demands that we need to greatly expand the amount of spectrum available > to wireless in the next few years is largely bogus. A bit more would be > helpful, but let's get serious. > > But the long run problem is more serious. If voice wireless is ever to > become a true competitor to wireline voice, or if true wireless broadband > (mobile or not) is to be realized, then we are going to have to use our > spectrum much more efficiently than today. The problem: how we allocate > spectrum. The US and every other country in the world allocates spectrum by > government fiat: we'll give this much to the police, this much to broadcast > TV, this much to cellphones, etc. For most uses the government also says who > gets the spectrum and what they are allowed to use it for. Only for > cellphones does the government actually sell the spectrum (actually, it > doesn't actually sell the spectrum; it auctions very limited rights to use > it). You will recall GOSPLAN in the old Soviet Union, which allocated > resources among competing interests? Well, that's the model we seem to be > using. The government decides who gets what, and the political lobbying is > intense. > > Well, guess what? We don't have to do it this way. We have this thing called > a market economy, in which valuable stuff gets bought and sold, as it moves > to its highest valued use. Resources, such as computers, automobiles, real > estates, and maybe eventually spectrum, are privately owned (subject to > limitations on interfering uses) and traded. We sing the praises of how > efficiently the market allocates resources (with well-known exceptions) but > somehow we don't get the message with spectrum. And what does it lead to? > Shortages and political lobbying, as we see today. If we are to avoid > shortages and political handouts to favored constituents in the future, we > need to move away from our GOSPLAN system and marketize the spectrum. Let's > put *all* the spectrum into the market: some can be owned by private firms > and people, and some can be owned by local, state and Federal governments > for their use. But any and all of it should be available for sale, so it can > move to its highest valued use without waiting for the approval of > government bureaucrats. > > - Some may decry this as squandering a "national resouce" that should belong > to all the people. Really? More so than, say, land? Should the government > own all the land and parcel it out to farmers, industry, individuals on the > basis of "need?" Thank God we don't do that. > > - Some may decry this as unworkable due to interference problems: "spectrum > is different." Is it different than land? There are many things I can't do > on my land because it "interferes" with my neighbor's right to use his land, > such as build an asphalt plant in a residential neighborhood. We have real > property laws to handle this, including zoning, and I am sure the same thing > will happen if we marketize spectrum: your property right to use the > spectrum will be limited in frequency, power, direction, spillover into > neighboring bands, and perhaps time of day. In short, everything that now > goes into an FCC license can also be specified as a property right (rather > than a government restriction). > > - And some may decry the loss of unlicensed spectrum, the equivalent of > public lands in which anyone can play (subject to some rules). But this > need not be lost; after all, the government provides public parks even in a > regime of private property. I expect the government would retain (or > actually buy) some "public park" spectrum for unlicensed use, continuing to > enable the great innovation that has occurred in this space. And some > private owners may encourage unlicensed uses as well (for a fee); after all, > we have private parks as well as public parks. > > Of course, technology is constantly challenging what we mean by spectrum > use; software-defined radio and ultra-wide band seek to use the spectrum of > other licensees on a non-interfering basis, either by only using it when the > licensee is not using it, or transmitting at very low (non-interfering) > power levels. This contravenes the "barbed wire" model of private property, > but that's OK. If property rights are carefully crafted to account for such > spectrum sharing (fee-based or not), a market-based system could adapt to > these new innovations (as Dave has been advocating). In short, a property > rights-market driven model can deliver the terms and conditions we need to > accomodate the technology as well or better than the licensing model, but > harnessing the dynamic forces of the market to ensure spectrum is used > efficiently, rather than the current inefficient political/bureaucratic > process. > > When a resource is not that valuable, we can afford the GOSPLAN solution of > political/bureaucratic allocation. But spectrum is too valuable for this; we > need to re-think the foundations of our spectrum management policy and get > the government out of this business. The US has championed the market model > (again, where appropriate) and been highly successful doing so. It's time to > move from a centrally-planned GOSPLAN to a dynamic market in order to meet > this country's spectrum needs most efficiently. Let's get on with this > transition, taking full cognizance of technical issues involved. > > Professor Gerald Faulhaber > Business and Public Policy Department > Wharton School, University of Pennsylvania > Co-Director, Penn Initiative on Markets, Technology and Policy > formerly Chief Economist, Federal Communications Commission > > > > For archives see: http://www.interesting-people.org/ > __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- general wireless list, a bawug thing [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless From terry at nycwireless.net Thu Aug 23 22:09:05 2001 From: terry at nycwireless.net (Terry Schmidt) Date: Thu, 23 Aug 2001 17:09:05 -0400 Subject: Comment on NoCat RFC - Roaming IP problem Message-ID: <002301c12c17$d7b11060$c47a5c42@ELFNY05> At the bottom of the RFC you have a section on a roaming IP problem. The proposed solution is a hacked DHCP server. Here is another possible solution. Every wireless gateway use the following configuration: Network 10.0.0.0 Netmask 255.0.0.0 DNS & Gateway 10.254.254.254 Then each individual node is assigned a range of addresses in it's dhcp server that it is allowed to route. Such as 10.0.0.1 - 10.0.0.254 (254 addresses should be enough for one access point, but a wider range can be used). Each wireless gateway get's a different range. This way one a client walks from within range of one wireless gateway to another, they can still use the same IP address. There won't be an IP address conflicts either. When the client renews it's address, it switches to an address that the wireless gateway they are at is allowed to distribute. Only benefit it doesn't have that the hacked DHCP server does, is that you don't always get the same IP address. Benefit over the hacked DHCP server is not having to run a hacked DHCP server. Comments, flames? --Terry From adam at personaltelco.net Fri Aug 24 03:15:49 2001 From: adam at personaltelco.net (Adam Shand) Date: Thu, 23 Aug 2001 19:15:49 -0700 (PDT) Subject: [NoCatNet] Comment on NoCat RFC - Roaming IP problem In-Reply-To: <002301c12c17$d7b11060$c47a5c42@ELFNY05> Message-ID: > Every wireless gateway use the following configuration: > Network 10.0.0.0 > Netmask 255.0.0.0 > DNS & Gateway 10.254.254.254 i have an message drafted with exactly this suggestion as well. the only difference was i like the low address to be the gateway (10.0.0.1) and i think that the gateway and the dns server should be seperate ip's because they maynot always be the same boxes in all instances. this technique is very similar to a proposal isp's tried to push through as an rfc in the mid 90's. basically they tried to create .local domain which exists with certain stub hosts and ip ranges for all service providers. thsi would have greatly simplied roaming and re-iping hasssles for isp's and their customers (ie. all isp's use 10.1.1.1 as their gateway , 10.1.1.2 as their dns server, 10.1.1.3 as their outbound mail server etc). > Then each individual node is assigned a range of addresses in it's > dhcp server that it is allowed to route. Such as 10.0.0.1 - > 10.0.0.254 (254 addresses should be enough for one access point, but a > wider range can be used). Each wireless gateway get's a different > range. i was thinking a /26 (64 usable ips) will be more then adequate for most access points. if itn's not then increasing the range should be trivial. in fact since there is no routing required we don't even have to chop them up on bit boundries (though we probably should). i say give /27's to people and let them ask for more when they need them. > Only benefit it doesn't have that the hacked DHCP server does, is that > you don't always get the same IP address. Benefit over the hacked > DHCP server is not having to run a hacked DHCP server. i like this idea a lot. damn you for beating me too it :-) adam. From rob at oreillynet.com Fri Aug 24 19:42:22 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Fri, 24 Aug 2001 11:42:22 -0700 (PDT) Subject: [ptp] Cringely Column on Dry Pair and 802.11 (fwd) Message-ID: Interesting stuff from Cringely (by way of Portland)... --Rob ---------- Forwarded message ---------- Date: Thu, 23 Aug 2001 21:50:09 -0700 From: Sam Churchill Reply-To: ptp@lists.spack.org To: ptp@lists.spack.org Subject: [ptp] Cringely Column on Dry Pair and 802.11 People were talking about "dry pair" earlier. I guessed that it was a point-to-point twisted pair connection. But Bob Cringely goes beyond "dry pair" to propose a community networking sceme based on it. http://www.pbs.org/cringely/pulpit/pulpit20010823.html I give Cringely lots of credit for innovative thinking and the ability to communicate. I think he's on to something here. What it is I'm not exactly sure... -------- Roll Your Own Not Only Can You Do Your Own DSL, Here's How to Become a Broadband Tycoon a= t the Same Time By Robert X. Cringely This is the week I said we'd roll our own DSL. On the surface it looks like a daunting task, but it is actually not that hard at all =97 if you can get past the many regulatory loopholes. But why would you even want to do such = a thing? Well maybe DSL isn't available in your area. Maybe you want a significantly cheaper alternative to a T-1 line. Or just maybe you and the kid down the block want to play networked games at warp speed. Well here is how to do it. DSL is nothing but a pair of copper wires down which bits are pushed. DSL companies go to great lengths to explain how hard this is, but it really isn't. The trick is grabbing the signal off the phone line before it gets t= o the local phone switch where a band-pass filter limits the frequencies that pass through to 3300 Hz. Outfits like Covad and the other fast-fading national DSL providers use their CLEC (Competitive Local Exchange Carrier) status and presence at the local telco Central Office (CO) to do just that -- grab the signal before it gets wacked. But there is another way to keep the signal from being messed with and that's by ordering-up from the phone company what's generally called a "dry copper pair.".......... ------------ --=20 the personal telco project - http://www.personaltelco.net/ un/subscribe: http://lists.personaltelco.net/mailman/listinfo/ptp/ archives: http://lists.personaltelco.net/pipermail/ptp/ From bhrbek at bextreme.net Sat Aug 25 01:02:39 2001 From: bhrbek at bextreme.net (Bob Hrbek) Date: Fri, 24 Aug 2001 19:02:39 -0500 Subject: [NoCatNet] [ptp] Cringely Column on Dry Pair and 802.11 (fwd) References: Message-ID: <001b01c12cf9$41322a10$0205050a@centralsupport.net> I wasn't really that impressed. This is just a culmination of the info that is already on the internet. Odessaoffice.com had a guy that did the SDSL stuff a year ago. Yeah, when it is put together they way Cringely did, it sounds romantic (yeah I like computers) but it really is nothing all that new. The twist was just they he said it in a way that many could understand it eaisly. Btw, I've been playing with two WAP11's and the bridging is way two simple and very cool. cheers -bob hrbek ----- Original Message ----- From: "Rob Flickenger" To: Sent: Friday, August 24, 2001 1:42 PM Subject: [NoCatNet] [ptp] Cringely Column on Dry Pair and 802.11 (fwd) > > Interesting stuff from Cringely (by way of Portland)... > > --Rob > > ---------- Forwarded message ---------- > Date: Thu, 23 Aug 2001 21:50:09 -0700 > From: Sam Churchill > Reply-To: ptp@lists.spack.org > To: ptp@lists.spack.org > Subject: [ptp] Cringely Column on Dry Pair and 802.11 > > People were talking about "dry pair" earlier. I guessed that it was a > point-to-point twisted pair connection. But Bob Cringely goes beyond "dry > pair" to propose a community networking sceme based on it. > http://www.pbs.org/cringely/pulpit/pulpit20010823.html > > I give Cringely lots of credit for innovative thinking and the ability to > communicate. I think he's on to something here. What it is I'm not exactly > sure... > -------- > > Roll Your Own > Not Only Can You Do Your Own DSL, Here's How to Become a Broadband Tycoon at > the Same Time > > By Robert X. Cringely > > This is the week I said we'd roll our own DSL. On the surface it looks like > a daunting task, but it is actually not that hard at all - if you can get > past the many regulatory loopholes. But why would you even want to do such a > thing? Well maybe DSL isn't available in your area. Maybe you want a > significantly cheaper alternative to a T-1 line. Or just maybe you and the > kid down the block want to play networked games at warp speed. Well here is > how to do it. > > DSL is nothing but a pair of copper wires down which bits are pushed. DSL > companies go to great lengths to explain how hard this is, but it really > isn't. The trick is grabbing the signal off the phone line before it gets to > the local phone switch where a band-pass filter limits the frequencies that > pass through to 3300 Hz. Outfits like Covad and the other fast-fading > national DSL providers use their CLEC (Competitive Local Exchange Carrier) > status and presence at the local telco Central Office (CO) to do just > that -- grab the signal before it gets wacked. > > But there is another way to keep the signal from being messed with and > that's by ordering-up from the phone company what's generally called a "dry > copper pair.".......... > ------------ > > -- > the personal telco project - http://www.personaltelco.net/ > un/subscribe: http://lists.personaltelco.net/mailman/listinfo/ptp/ > archives: http://lists.personaltelco.net/pipermail/ptp/ > From rob at oreillynet.com Sat Aug 25 04:45:57 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Fri, 24 Aug 2001 20:45:57 -0700 (PDT) Subject: Broken Mac MSIE pix fixed Message-ID: Okay, it looks like we've got the Mac broken image problem fixed for OS 9.1 + IE5. We don't have an OSX box handy, but can probably get to one tomorrow at some point. If anybody gets a chance, give it a go and let us know how it looks... For future reference (if you run your own auth service), add the following to your virtualhost entry on the Auth server: SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ...and something like this to your global configuration: SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache Yes, this info will be included in the next release. Enjoy! --Rob From rob at oreillynet.com Tue Aug 28 22:30:14 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Tue, 28 Aug 2001 14:30:14 -0700 (PDT) Subject: Parasitic grid? Hah. In-Reply-To: Message-ID: On Tue, 28 Aug 2001, Jim Oksvold wrote: > How about free use for basic e-mail and surf , - > and the possibility to pay/donate for broadband access? Hence, the co-op idea. A cooperative of node owners could encourage people to participate (rather than freeload) by offering better service to members than they do the general public. Sure, just anybody can check a web page at a throttled 64k, but co-op members get highspeed, unfettered access to all of the nodes, even in other cities... In exchange for which they maintain a node, or donate bandwidth, or hold a meeting, or help with any of the thousands of things necessary for community projects to happen. The 'Parasitic grid' term is a smokescreen. What we're doing could only be parasitic if access was being somehow stolen from the "rightful users". But that's not the case at all with a wireless node: there is a node owner, who pays for equipment, keeps up their own link, and presumably pays their phone bill every month. The telco would like to have people think otherwise, but I'm certainly going to hold them to my contract. I pay for 1.544Mbps guaranteed, every month. Those are my (potential) bits, and I'll do with them what I like, thank you very much. Of course, I know that consumer networks are drastically oversold, and if everyone demanded their full bandwidth (like the run on the banks in the '20s) things would collapse. But that's certainly not my probem; I'm not offering contractual agreements (that I can't keep) to the public for cash. I think that this fear of being called on their collective marketing bluff is what is really making 3G types shake in their expensive shoes. Yes, if you want to access the Internet, someone has to pay duty to the Telco eventually, because the Internet "happens" on equipment largely owned by the Telcos. But I don't believe it costs an average of $40 per site per month to make it happen (we're doing it in Sebastopol for one-time cost of hardware + electricity over 802.11b right now, at higher speeds than PacBell offers... And we only have a couple of guys working on it in their spare time!) If you don't like this state of affairs, build your own network. Seriously. In Seattle, you have a unique geographic advantage: rolling, densely populated hills with relatively few obstructions (i.e., trees.) Setup a parallel network to "The Internet", offer your own services, cache popular data, and drain every miniscule DSL and Cable modem for all they're worth... It's easy to forget that worthwhile things happen that aren't on "The Net"... Put them on your own network. Those are the most worthwhile ideas I've seen come out of SWN: the Internet is becoming expensive and dumb. Make your own. --Rob From adam at personaltelco.net Tue Aug 28 22:41:30 2001 From: adam at personaltelco.net (Adam Shand) Date: Tue, 28 Aug 2001 14:41:30 -0700 (PDT) Subject: [NoCatNet] Parasitic grid? Hah. In-Reply-To: Message-ID: go rob! i've had almost exactly this conversation with three or four reporters over the last couple weeks. the "parasitic" thing is yet another attempt to discredit us and make us look like napster. we *PAY* for what we use, it's not our fault that isp's make their money by over subscribing. further even if providers change their residential cable/dsl aup's we don't care. we'll buy business dsl or a t1 or whatever. it doesn't matter. dsl is residential dsl is just the most cost effective means to an end right now. as a side note i have heard that the consume guys in london have dub'd themselves a parasitic grid ... while i support them totally i think this term might do us all a dis-service. adam. > The 'Parasitic grid' term is a smokescreen. What we're doing could > only be parasitic if access was being somehow stolen from the > "rightful users". But that's not the case at all with a wireless > node: there is a node owner, who pays for equipment, keeps up their > own link, and presumably pays their phone bill every month. The telco > would like to have people think otherwise, but I'm certainly going to > hold them to my contract. I pay for 1.544Mbps guaranteed, every > month. Those are my (potential) bits, and I'll do with them what I > like, thank you very much. Of course, I know that consumer networks > are drastically oversold, and if everyone demanded their full > bandwidth (like the run on the banks in the '20s) things would > collapse. But that's certainly not my probem; I'm not offering > contractual agreements (that I can't keep) to the public for cash. I > think that this fear of being called on their collective marketing > bluff is what is really making 3G types shake in their expensive > shoes. From ben at algroup.co.uk Wed Aug 29 13:09:15 2001 From: ben at algroup.co.uk (Ben Laurie) Date: Wed, 29 Aug 2001 13:09:15 +0100 Subject: [NoCatNet] Parasitic grid? Hah. References: Message-ID: <3B8CDB6B.F7D53C2D@algroup.co.uk> Adam Shand wrote: > as a side note i have heard that the consume guys in london have dub'd > themselves a parasitic grid ... while i support them totally i think this > term might do us all a dis-service. Err, no we haven't! Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From adam at personaltelco.net Wed Aug 29 18:24:41 2001 From: adam at personaltelco.net (Adam Shand) Date: Wed, 29 Aug 2001 10:24:41 -0700 (PDT) Subject: [NoCatNet] Parasitic grid? Hah. In-Reply-To: <3B8CDB6B.F7D53C2D@algroup.co.uk> Message-ID: > > as a side note i have heard that the consume guys in london have dub'd > > themselves a parasitic grid ... while i support them totally i think this > > term might do us all a dis-service. > > Err, no we haven't! hrm, interesting. here's why i believed that. analysys is the group that recently wrote the paper informing 3G operators how to deal with 802.11b competition and "parasitic p2p networks". apologies if i've been mis-representing you. adam. Date: Wed, 22 Aug 2001 13:00:42 -0700 (PDT) From: Adam Shand To: Monica Paolini Subject: Re: your mail > If you have any comments/questions let me know - I will be happy to > hear. Hi thanks for the copy. I'm kinda frantic right now but I'm interested in what you guys have to say and will read it as soon as I have a chance. > PS: Terry was not too pleased that I called free-access networks > parasitic -that's the way a lot of people refer to in the UK (and they > are typically enthusiastic about it, despite the negative connotation > of the word) -so do not take offence, I promised Terry I will avoid > the name in the future (at least in the US)! Yeah, we talked about that a little, I can't say I was thrilled either :-) I admire the Consume guys a lot but the focus of many of the wireless communities groups in the USA is a little different, or at least a little less confrontational then Consume's dramatically anti-telco stance. Adam. From ben at algroup.co.uk Wed Aug 29 18:45:14 2001 From: ben at algroup.co.uk (Ben Laurie) Date: Wed, 29 Aug 2001 18:45:14 +0100 Subject: [NoCatNet] Parasitic grid? Hah. References: Message-ID: <3B8D2A2A.E3B9A66A@algroup.co.uk> Adam Shand wrote: > > > > as a side note i have heard that the consume guys in london have dub'd > > > themselves a parasitic grid ... while i support them totally i think this > > > term might do us all a dis-service. > > > > Err, no we haven't! > > hrm, interesting. here's why i believed that. analysys is the group that > recently wrote the paper informing 3G operators how to deal with 802.11b > competition and "parasitic p2p networks". Monica is talking out of her orifice - I've never heard the term before. It may be used "enthusiastically" by 3G operators, of course :-) > apologies if i've been mis-representing you. No problem. Cheers, Ben. > adam. > > Date: Wed, 22 Aug 2001 13:00:42 -0700 (PDT) > From: Adam Shand > To: Monica Paolini > Subject: Re: your mail > > > If you have any comments/questions let me know - I will be happy to > > hear. > > Hi thanks for the copy. I'm kinda frantic right now but I'm interested in > what you guys have to say and will read it as soon as I have a chance. > > > PS: Terry was not too pleased that I called free-access networks > > parasitic -that's the way a lot of people refer to in the UK (and they > > are typically enthusiastic about it, despite the negative connotation > > of the word) -so do not take offence, I promised Terry I will avoid > > the name in the future (at least in the US)! > > Yeah, we talked about that a little, I can't say I was thrilled either :-) > I admire the Consume guys a lot but the focus of many of the wireless > communities groups in the USA is a little different, or at least a little > less confrontational then Consume's dramatically anti-telco stance. > > Adam. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From rob at oreillynet.com Wed Aug 29 21:43:56 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 29 Aug 2001 13:43:56 -0700 (PDT) Subject: Meeting...? Message-ID: So, we're down to less than a week 'till the regularly scheduled meeting. Unfortunately, we can't use the ORA facilities (as we're gearing up for our move...) Any ideas on where to host the next meeting? We could just give it a miss this month (we're pushing 30+ people as of the last meeting...) I've had one offer for a venue, but we could probably only take it if we keep the meeting small... --Rob From adam at personaltelco.net Wed Aug 29 21:52:41 2001 From: adam at personaltelco.net (Adam Shand) Date: Wed, 29 Aug 2001 13:52:41 -0700 (PDT) Subject: [NoCatNet] Meeting...? In-Reply-To: Message-ID: > Any ideas on where to host the next meeting? We could just give it a > miss this month (we're pushing 30+ people as of the last meeting...) > I've had one offer for a venue, but we could probably only take it if > we keep the meeting small... not sure if this is any use but we've had trouble in portland finding meeting space close to down town so what we've been using is resturants meeting room space. some charge but a lot of them will give it to you for free so long as you spend X dollars in food/drink. our experience is that 30 people will spend close to $200 pretty easily in a couple hour meeting held around dinner time. adam. From Monica.Paolini at analysys.com Wed Aug 29 22:47:02 2001 From: Monica.Paolini at analysys.com (Monica Paolini) Date: Wed, 29 Aug 2001 14:47:02 -0700 Subject: [NoCatNet] Parasitic grid? Hah. In-Reply-To: <3B8D2A2A.E3B9A66A@algroup.co.uk> References: Message-ID: <5.1.0.14.0.20010829143157.040abcf0@rook.analysys.co.uk> Ben, here is one source you can check: http://www.cochrane.org.uk/opinion/views/employeeupdate.htm Also for non-UK sources: http://80211b.weblogger.com/ http://www.infoworld.com/articles/hn/xml/01/08/24/010824hnfreewireless.xml (searches of standard search engines show more references to parasitic networks) I personally have no attachment to the term and in fact I am not using it any more since I realize that some people may get offended by it and I do not find it is very useful to discuss about terms when the facts are way more interesting. Monica (expressing my personal views here, even though using my work email address) At 18:45 29/08/2001 +0100, Ben Laurie wrote: >Adam Shand wrote: > > > > > > as a side note i have heard that the consume guys in london have dub'd > > > > themselves a parasitic grid ... while i support them totally i > think this > > > > term might do us all a dis-service. > > > > > > Err, no we haven't! > > > > hrm, interesting. here's why i believed that. analysys is the group that > > recently wrote the paper informing 3G operators how to deal with 802.11b > > competition and "parasitic p2p networks". > >Monica is talking out of her orifice - I've never heard the term before. >It may be used "enthusiastically" by 3G operators, of course :-) > > > apologies if i've been mis-representing you. > >No problem. > >Cheers, > >Ben. > > > adam. > > > > Date: Wed, 22 Aug 2001 13:00:42 -0700 (PDT) > > From: Adam Shand > > To: Monica Paolini > > Subject: Re: your mail > > > > > If you have any comments/questions let me know - I will be happy to > > > hear. > > > > Hi thanks for the copy. I'm kinda frantic right now but I'm interested in > > what you guys have to say and will read it as soon as I have a chance. > > > > > PS: Terry was not too pleased that I called free-access networks > > > parasitic -that's the way a lot of people refer to in the UK (and they > > > are typically enthusiastic about it, despite the negative connotation > > > of the word) -so do not take offence, I promised Terry I will avoid > > > the name in the future (at least in the US)! > > > > Yeah, we talked about that a little, I can't say I was thrilled either :-) > > I admire the Consume guys a lot but the focus of many of the wireless > > communities groups in the USA is a little different, or at least a little > > less confrontational then Consume's dramatically anti-telco stance. > > > > Adam. > >-- >http://www.apache-ssl.org/ben.html > >"There is no limit to what a man can do or how far he can go if he >doesn't mind who gets the credit." - Robert Woodruff From kthomas at alumni.williams.edu Thu Aug 30 01:49:31 2001 From: kthomas at alumni.williams.edu (Kenneth Thomas) Date: Wed, 29 Aug 2001 17:49:31 -0700 Subject: embedded board with PCMCIA? Message-ID: <5.0.2.1.2.20010829174716.01f1b808@retrieva.com> OK, the Stylistic is nice and all, but surely there's an embedded board out there that'll run linux and give us some PCMCIA ports somehow. If nothing else, PC/104 is $200-300 in quantity. Anyone had any ideas/breakthroughs on this? -Ken From josh at starmail.com Thu Aug 30 01:19:33 2001 From: josh at starmail.com (Josh Palmer) Date: Wed, 29 Aug 2001 17:19:33 -0700 Subject: [NoCatNet] Stylistic group buy Message-ID: <003901c130e9$74719ac0$55dbf7a5@mshome.net> This is a multi-part message in MIME format. ------=_NextPart_000_0030_01C130AE.C56296E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I just wanted to know where we were with the stylistic group buy, i was = hoping to get one. So if whoever was taking care of that group buy could = let me know how i can be a part of it i'd appreciate it. Also, were we = gonna get some more ram for it too, or what? Thanks a bunch... Josh Palmer josh@starmail.com ------=_NextPart_000_0030_01C130AE.C56296E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I just wanted to know where we were = with the=20 stylistic group buy, i was hoping to get one. So if whoever was taking = care of=20 that group buy could let me know how i can be a part of it i'd = appreciate it.=20 Also, were we gonna get some more ram for it too, or what? Thanks a=20 bunch...
 
Josh Palmer
josh@starmail.com
------=_NextPart_000_0030_01C130AE.C56296E0-- From rob at oreillynet.com Thu Aug 30 04:11:00 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 29 Aug 2001 20:11:00 -0700 (PDT) Subject: [NoCatNet] embedded board with PCMCIA? In-Reply-To: <5.0.2.1.2.20010829174716.01f1b808@retrieva.com> Message-ID: On Wed, 29 Aug 2001, Kenneth Thomas wrote: > OK, the Stylistic is nice and all, but surely there's an embedded board out > there that'll run linux and give us some PCMCIA ports somehow. If nothing > else, PC/104 is $200-300 in quantity. Troll through the BAWUG archives. There's an effort to get a $250 board with 4 pcmcia slots into production... Check out http://www.soekris.com for a board you can buy today for under $300. And nice though a single board PC will be, the stylistics are 486DX4/100 machines, complete with 40Mb ram + flash + battery backup + display for $100 - $175, depending on where you shop. It's gonna be hard to beat that price, especially since you can go out to serial, parallel, or even IrDA if you want to... If you need faster, you can even get a 1200 for under $200, and I believe those are Pentium class... What *don't* you like about the Stylistic? =) --Rob From rob at oreillynet.com Thu Aug 30 04:33:33 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 29 Aug 2001 20:33:33 -0700 (PDT) Subject: NAT Net (was: 'Parasitic grid') In-Reply-To: Message-ID: On Wed, 29 Aug 2001, erik wrote: > The problem is when coming in from the 'Net to seattlewireless. How do > I connect to the 10.20.1.151 from the Internet through nat? For most things, it's just not practical. NAT effectively turns the 'net into TV. BUT, if you're friendly with a gateway owner, and wanna do web service, there is one possibility we've been kicking around... Using Apache, mod_rewrite, mod_proxy, internal DNS, and NameVirtualHost entries, you could setup something like this on a gateway machine: NameVirtualHost * ServerName some.website.name.net ProxyRequests On NoCache * RewriteRule (.*) http://private-10-net-server.net/$1 [P] Now then: assuming that you register your some.website.name.net to the EXTERNAL of the gateway owner, and your private-10-net-server.net is registered in the SWN internal DNS to your static 10.x.x.x IP, you could serve it from inside. The gateway will serve the client request, proxy back, and return the data to the 'net. You could have a bunch of these entries with minimal impact on the gateway. Technically, it could be done on pretty cheap hardware and a minimal amount of effort on the part of the gateway owner, but socially you'll have some issues (i.e., the gateway owner is gonna be held responsible for all traffic served from their IP address.) So if you serve up w@r3z / pr0n / is0z / DvDz / whateverZ on a private addx, it's still the gateway who'll get shut down. But it *could* be done. > at a guess? ~7 simultaneous mp3 downloads before the owner gets really > annoyed. That's what throttling is all about... Node owners force out co-op members, co-op members force out the general public. To paraphrase NYC: unused bandwidth is wasted bandwidth. What do I care if some music l33ch is grabbing all of the bits that I'm not using, as long as I can take my bits when I want them. Hell, if I were clever, I might setup a transparent proxy to keep a copy of everything copied through my node, to sift through later for interesting bits. It's my node, and I'll do what I like with it! Screw TiVo, I'll put what humans like in my own library... ;) --Rob From rob at oreillynet.com Thu Aug 30 04:42:21 2001 From: rob at oreillynet.com (Rob Flickenger) Date: Wed, 29 Aug 2001 20:42:21 -0700 (PDT) Subject: [NoCatNet] Stylistic group buy In-Reply-To: <003901c130e9$74719ac0$55dbf7a5@mshome.net> Message-ID: On Wed, 29 Aug 2001, Josh Palmer wrote: > I just wanted to know where we were with the stylistic group buy, i was > hoping to get one. I believe it already happened. Check with the PersonalTelco list; I believe Michael Condati was setting it up. Are you local (Sonoma County)? I might have one for you... > Also, were we gonna get some more ram for it too, or what? I believe the going rate is $35 / 32Mb. I can't recall the URL; look through the archives at http://archive.nocat.net. --Rob From jeffnye20 at yahoo.com Thu Aug 30 05:54:17 2001 From: jeffnye20 at yahoo.com (Jeff Nye) Date: Wed, 29 Aug 2001 21:54:17 -0700 (PDT) Subject: [NoCatNet] STYLISTICS? In-Reply-To: Message-ID: <20010830045417.40456.qmail@web14001.mail.yahoo.com> Speaking of that group order I ordered two and still haven't seen them. Who do I email? Jeff __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com From vortex at free2air.net Thu Aug 30 12:03:27 2001 From: vortex at free2air.net (Adam Burns) Date: Thu, 30 Aug 2001 07:03:27 -0400 Subject: NAT Net (was: 'Parasitic grid') In-Reply-To: References: Message-ID: <01083007032703.01262@boojum.free2air.net> free2air.org has been doing exactly this (and other similar tricks) since= =20 January hosting http://newsfilter.co.uk and other projects. =2Eadam On Wednesday 29 August 2001 11:33 pm, Rob Flickenger wrote: > On Wed, 29 Aug 2001, erik wrote: > > The problem is when coming in from the 'Net to seattlewireless. How = do > > I connect to the 10.20.1.151 from the Internet through nat? > > For most things, it's just not practical. NAT effectively turns the 'n= et > into TV. > > BUT, if you're friendly with a gateway owner, and wanna do web service, > there is one possibility we've been kicking around... > > Using Apache, mod_rewrite, mod_proxy, internal DNS, and NameVirtualHost > entries, you could setup something like this on a gateway machine: > > NameVirtualHost * > > > ServerName some.website.name.net > > ProxyRequests On > NoCache * > > RewriteRule (.*)=09http://private-10-net-server.net/$1 [P] > > > Now then: assuming that you register your some.website.name.net to the > EXTERNAL of the gateway owner, and your private-10-net-server.net is > registered in the SWN internal DNS to your static 10.x.x.x IP, you coul= d > serve it from inside. The gateway will serve the client request, proxy > back, and return the data to the 'net. You could have a bunch of these > entries with minimal impact on the gateway. > > Technically, it could be done on pretty cheap hardware and a minimal am= ount > of effort on the part of the gateway owner, but socially you'll have so= me > issues (i.e., the gateway owner is gonna be held responsible for all > traffic served from their IP address.) So if you serve up w@r3z / pr0n= / > is0z / DvDz / whateverZ on a private addx, it's still the gateway who'l= l > get shut down. > > But it *could* be done. > > > at a guess? ~7 simultaneous mp3 downloads before the owner gets real= ly > > annoyed. > > That's what throttling is all about... Node owners force out co-op > members, co-op members force out the general public. To paraphrase NYC= : > unused bandwidth is wasted bandwidth. What do I care if some music l33= ch > is grabbing all of the bits that I'm not using, as long as I can take m= y > bits when I want them. Hell, if I were clever, I might setup a transpa= rent > proxy to keep a copy of everything copied through my node, to sift thro= ugh > later for interesting bits. It's my node, and I'll do what I like with > it! Screw TiVo, I'll put what humans like in my own library... ;) > > --Rob From vortex at free2air.net Thu Aug 30 12:11:15 2001 From: vortex at free2air.net (Adam Burns) Date: Thu, 30 Aug 2001 07:11:15 -0400 Subject: [NoCatNet] Parasitic grid? Hah. In-Reply-To: References: Message-ID: <01083007111504.01262@boojum.free2air.net> On Tuesday 28 August 2001 05:41 pm, Adam Shand wrote: > as a side note i have heard that the consume guys in london have dub'd > themselves a parasitic grid ... while i support them totally i think th= is > term might do us all a dis-service. > > adam. consume might just run with media soundbite publicity over the term, but = only=20 as any anti-media terrorist organisation should. sleep easy, =2Evortex From ben at algroup.co.uk Thu Aug 30 07:14:06 2001 From: ben at algroup.co.uk (Ben Laurie) Date: Thu, 30 Aug 2001 07:14:06 +0100 Subject: [NoCatNet] Parasitic grid? Hah. References: <5.1.0.14.0.20010829143157.040abcf0@rook.analysys.co.uk> Message-ID: <3B8DD9AE.C56E1B26@algroup.co.uk> Monica Paolini wrote: > > Ben, > > here is one source you can check: > > http://www.cochrane.org.uk/opinion/views/employeeupdate.htm Errr, right - by Peter Cochrane, who is, err, Chief Technologist for BT, who are just a teensy few billions down on 3G licences. > Also for non-UK sources: > > http://80211b.weblogger.com/ This one is just a reference to the Inforworld article... > http://www.infoworld.com/articles/hn/xml/01/08/24/010824hnfreewireless.xml And that's the article that started the discussion... > (searches of standard search engines show more references to parasitic > networks) All, no doubt, referring to the recent discussion. > I personally have no attachment to the term and in fact I am not using it > any more since I realize that some people may get offended by it and I do > not find it is very useful to discuss about terms when the facts are way > more interesting. How convenient. So much easier than defending the indefensible, eh? Cheers, Ben. > > Monica > (expressing my personal views here, even though using my work email address) > > At 18:45 29/08/2001 +0100, Ben Laurie wrote: > >Adam Shand wrote: > > > > > > > > as a side note i have heard that the consume guys in london have dub'd > > > > > themselves a parasitic grid ... while i support them totally i > > think this > > > > > term might do us all a dis-service. > > > > > > > > Err, no we haven't! > > > > > > hrm, interesting. here's why i believed that. analysys is the group that > > > recently wrote the paper informing 3G operators how to deal with 802.11b > > > competition and "parasitic p2p networks". > > > >Monica is talking out of her orifice - I've never heard the term before. > >It may be used "enthusiastically" by 3G operators, of course :-) > > > > > apologies if i've been mis-representing you. > > > >No problem. > > > >Cheers, > > > >Ben. > > > > > adam. > > > > > > Date: Wed, 22 Aug 2001 13:00:42 -0700 (PDT) > > > From: Adam Shand > > > To: Monica Paolini > > > Subject: Re: your mail > > > > > > > If you have any comments/questions let me know - I will be happy to > > > > hear. > > > > > > Hi thanks for the copy. I'm kinda frantic right now but I'm interested in > > > what you guys have to say and will read it as soon as I have a chance. > > > > > > > PS: Terry was not too pleased that I called free-access networks > > > > parasitic -that's the way a lot of people refer to in the UK (and they > > > > are typically enthusiastic about it, despite the negative connotation > > > > of the word) -so do not take offence, I promised Terry I will avoid > > > > the name in the future (at least in the US)! > > > > > > Yeah, we talked about that a little, I can't say I was thrilled either :-) > > > I admire the Consume guys a lot but the focus of many of the wireless > > > communities groups in the USA is a little different, or at least a little > > > less confrontational then Consume's dramatically anti-telco stance. > > > > > > Adam. > > > >-- > >http://www.apache-ssl.org/ben.html > > > >"There is no limit to what a man can do or how far he can go if he > >doesn't mind who gets the credit." - Robert Woodruff -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From adam at personaltelco.net Thu Aug 30 08:36:50 2001 From: adam at personaltelco.net (Adam Shand) Date: Thu, 30 Aug 2001 00:36:50 -0700 (PDT) Subject: [NoCatNet] STYLISTICS? In-Reply-To: <20010830045417.40456.qmail@web14001.mail.yahoo.com> Message-ID: > Speaking of that group order I ordered two and still haven't seen > them. Who do I email? if you ordered them through michael codanti he's in portland and was at our meeting tonight. the deal is that we're buying them from someone on ebay with *zero* reputation so we're waiting to see if we get screwed. if the first lot arrives as advertised there will be a second order purchased shortly after. adam. From brad at linuxbofh.com Thu Aug 30 22:13:47 2001 From: brad at linuxbofh.com (Brad Cox) Date: Thu, 30 Aug 2001 14:13:47 -0700 Subject: [NoCatNet] embedded board with PCMCIA? In-Reply-To: References: <5.0.2.1.2.20010829174716.01f1b808@retrieva.com> Message-ID: <20010830141347.B7349@linuxbofh.com> On Wed, Aug 29, 2001 at 08:11:00PM -0700, Rob Flickenger wrote: > And nice though a single board PC will be, the stylistics are 486DX4/100 > machines, complete with 40Mb ram + flash + battery backup + display for > $100 - $175, depending on where you shop. It's gonna be hard to beat that > price, especially since you can go out to serial, parallel, or even IrDA if > you want to... If you need faster, you can even get a 1200 for under $200, > and I believe those are Pentium class... The 1200 is a Pentium 120. I picked one up on ebay for $154 including shipping (the guy was selling 10). It is the B&W version, but the guy included a ton of other stuff (port replicator, keyboard, a stand, 2 floppy drives [internal and external], a pcmcia 33.6k modem). The one I got (er am getting) has 24M ram and a 2.1G disk. -- Brad Cox, KB1CZQ http://www.linuxbofh.com brad@linuxbofh.com Good day for a change of scene. Repaper the bedroom wall. From nboblitt at luminee.com Thu Aug 30 23:27:46 2001 From: nboblitt at luminee.com (Nate Boblitt) Date: Thu, 30 Aug 2001 15:27:46 -0700 Subject: Upcoming Meeting! Monday September 3rd In-Reply-To: Message-ID: So as some of you know ORA facilities are being used for "the move" so we are stuck finding another meeting location. We did manage to reserve a place that seats at least 35, its the Round Table "Back Room". So here's the info: Location: Round Table Pizza 131 So Main St. Sebastopol (from 12 and 116 intersection head one block south on 116, roundtable is in the building on the Burnett and 116 intersection) Time/Date: Monday September 3rd, 6:30-9:30pm Food: There will be pizza available, we'll probably just let people order whatever they want once people showup. Topics: NoCatAuth - What Beta state is it in Nodes - we need more up, any volunteers?! Point To Point Presentation - we did a short link this last weekend that we have lots of pictures for. Questions - How to setup wireless for your situation, ask away! Any other topics. So see everyone there on Monday evening. Nate From paul at klodepark.com Fri Aug 31 02:33:52 2001 From: paul at klodepark.com (Paul) Date: Thu, 30 Aug 2001 20:33:52 -0500 Subject: [NoCatNet] STYLISTICS? References: <20010830045417.40456.qmail@web14001.mail.yahoo.com> Message-ID: <004601c131bc$fe0779c0$0701a8c0@nsmicro.com> I think the group buy was trashed by the guy setting it up. This guy had a bunch on ebay (I bought 2 which should be here Fri according to the UPS site) Milleniumelect@aol.com Going rate from him is $46 for the first $40 for 2nd, 3rd etc. Shipping was $12 for the pair. I'm not going to recommend or slam him as I have not seen the units yet. Plus it looks like his ebay account has been closed - probably not a good sign : - ( -Paul ----- Original Message ----- From: "Jeff Nye" To: "Rob Flickenger" ; Sent: Wednesday, August 29, 2001 11:54 PM Subject: [NoCatNet] STYLISTICS? > Speaking of that group order I ordered two and still > haven't seen them. Who do I email? > > Jeff > > __________________________________________________ > Do You Yahoo!? > Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger > http://im.yahoo.com > From michael at civis.com Fri Aug 31 04:25:03 2001 From: michael at civis.com (Michael Codanti) Date: Thu, 30 Aug 2001 20:25:03 -0700 Subject: [NoCatNet] STYLISTICS? In-Reply-To: <004601c131bc$fe0779c0$0701a8c0@nsmicro.com> Message-ID: <3B8EA11F.30805.4BA7CC@localhost> > I think the group buy was trashed by the guy setting it up. > > This guy had a bunch on ebay (I bought 2 which should be here Fri according > to the UPS site) > > Milleniumelect@aol.com > > Going rate from him is $46 for the first $40 for 2nd, 3rd etc. Shipping was > $12 for the pair. > > I'm not going to recommend or slam him as I have not seen the units yet. > Plus it looks like his ebay account has been closed - probably not a good > sign : - ( Yep, that's the same guy I was doing the group buy from... End cost for what I got was $45/each including shipping. Mine are supposed to be here Tuesday, but the guy doesn't really respond to emails. In addition to his 3 eBay accounts being suspended (he opened a fourth) his PayPal account has been locked.. He has some sorta far fetched stories about why everything has happended and why it is taking an extra week to get them, but it COULD be true.... Please let me know if you actually the yours from him on Friday, and what condition they are in. Michael From paul at klodepark.com Fri Aug 31 19:09:18 2001 From: paul at klodepark.com (Paul) Date: Fri, 31 Aug 2001 13:09:18 -0500 Subject: [NoCatNet] STYLISTICS? References: <3B8EA11F.30805.4BA7CC@localhost> Message-ID: <000f01c13248$0d8d9060$0701a8c0@nsmicro.com> Success! Both received & both work. Very crappy packing but neither were damaged and they do work. These only shipped half-way across the country - not all the way across the country however (I'm in Milwaukee, WI) -Paul ----- Original Message ----- From: "Michael Codanti" To: Cc: Sent: Thursday, August 30, 2001 10:25 PM Subject: Re: [NoCatNet] STYLISTICS? > > I think the group buy was trashed by the guy setting it up. > > > > This guy had a bunch on ebay (I bought 2 which should be here Fri according > > to the UPS site) > > > > Milleniumelect@aol.com > > > > Going rate from him is $46 for the first $40 for 2nd, 3rd etc. Shipping was > > $12 for the pair. > > > > I'm not going to recommend or slam him as I have not seen the units yet. > > Plus it looks like his ebay account has been closed - probably not a good > > sign : - ( > > Yep, that's the same guy I was doing the group buy from... End cost for > what I got was $45/each including shipping. Mine are supposed to be > here Tuesday, but the guy doesn't really respond to emails. > > In addition to his 3 eBay accounts being suspended (he opened a fourth) > his PayPal account has been locked.. He has some sorta far fetched > stories about why everything has happended and why it is taking an > extra week to get them, but it COULD be true.... Please let me know if > you actually the yours from him on Friday, and what condition they are in. > > Michael >