I can't help feeling smug and yet sorry all at once. This ZDNet UK article talks about "drive-by spamming"... spammers using unsecured wireless links to send spam. Ok, I'm definitely not the only person to have predicted this but I did blog it, back on 7/1/2002. I'm smug about that, but sorry that it's happening.

I was wandering through PC World again this week, picking up some bits and pieces and got talking to an assistant (a knowledgeable one for a change) about networking. I was looking for a switch and all they had were hubs... he understood the difference and fetched me one from stock. He asked me why I was sticking with 100B-T and wasn't putting in 802.11 and when I mentioned the security aspects he smiled. He said "I know, and you obvioulsy know, but we sell more Wi-Fi kit these days than ever before - it flies off the shelf."

Maybe one day there'll be a lawsuit against one of the Wi-Fi manufacturers for failing to warn, clearly and unambiguously, on the box: "This product will leave your network open to unauthorised access". Rather like the health warnings on cigarettes. We can hope....

Myths Of The Modern World, No. 201: Broadband connections are fast.

Here at work (where I am now), we have a broadband connection. In fact, we're shortly to have two when we put in ADSL to backup the existing Tele2 fixed wireless link. So on the days when I'm in the office, I take the opportunity to download anything I need that's large rather than strain the 24/7 56k dialup connection at home. And hey... despite all the adverts, despite the hype and especially despite the analysts who tell us that broadband connections are the key to video-on-demand... broadband can be deadly slow.

Of course, it's not the fault of the local link - a quick test to a friend who also has a fast connection via the same backbone provider as Tele2 use shows that we can both saturate our local links to the full, advertised capacity. It's just that the nature of the Net means that there will be multiple "hops" between you and any source of data you wish to access. Murphy's Law (Internet Routing Clause) states that at least one of these hops will be a bottleneck.

So, last night, in the interests of research, I tried some downloads. I tried some ISO images (of Linux distros) from a number of servers and I tried some streaming video from three different sites in the states (no, not that sort of streaming video!). In oen download I got great throughput - 30k to 40k bytes per second. On all the others and on all the streaming video links I got average throughput of well under 56k bits per second... usually the best I got was around 40k bits per second. Modem speeds. And whilst in the case of the ISO downlaods this may have been because the ftp servers throttled the connection, the video streams were advertised as being broadband - usually 200-odd k bits per second.

So, next time you see one of those annoying BT ads for broadband internet (especially annoying to those of us who can't get ADSL where we live), bear in mind that all it gives you is a wider on or off-ramp to the clogged-up motorway that is the Internet....

Well, work piles up and reduces blogging time, but that's ok... here's an article on C|Net about security in WiFi networks, raising again the same concerns I've logged here previously. It's nice to see a bit of a backlash against the uncritical acceptance of wireless.

Mesh networks... flavour of the month. Not such an original idea, that nodes in an ad-hoc wireless network all act as routers, relaying packets around for each other. Certainly it's a nice concept which could create very-wide-area ad-hoc networks in any place where a sufficient number of people have wireless devices. However, as is my wont, I started thinking about the downsides:

Billing: At some point, much of the traffic from wireless nodes is going to need to get to an Internet or other wired-network access point. Who is going to pay for that bandwidth? How might the users of wireless devices get billed for that access?

Availability: By it's nature, availability of a mesh network depends on ad-hoc groupings of devices that are under no central planning or control, so it's inevitable that "cold spots" will exist at the edges or in sparser areas. Consider the business area of a major city - what happens to a mesh network after 5pm when all the people leave? Or the restaurant-and-theatre zone in the early morning when nobody's around. One big fact about broadband that's emerged is that the always-available nature of the connection is at least as important as the speed. Mesh networks can't guarantee availability.

Security: Suppose I am Jo Malicious-Hacker and I walk into the middle of a mesh network with my wireless device. Perhaps I can tweak the routing parameters of my device so that other traffic favours using it as a relay. All that traffic that passes through my device can be logged by me. Yes, I'm sure lots of it will be encrypted (though the track record of vendors on implementing encryption is pretty lousy) but I can save it for later cracking. Some of it won't be, though, and I'll have full access to read and maybe even change that traffic.

Battery life: The battery life of wireless devices is a big deal. People (especially here in Europe) are used to the longevity of mobile phones which use a wide variety of tricks to conserve power and, more importantly, are not always sending and receiving data. Why would I want my wireless device, sitting in my bag or pocket, to spend my battery power on relaying traffic for people I don't even know?

References for mesh networks: Technical article from MobileMesh,
another from Comms Design and New Scientist on fixed-node mesh networks.

Cnet has this story about ISPs invoking their terms and conditions to prevent broadband users sharing their connections via wireless to anybody who happens to wander by. Another point where idealism and generosity meets the harsh world of big business. Well, since I've rambled on incessantly about the negative points of sharing access to your LAN via WiFi I guess one more Reason Not To doesn't hurt.

Bruce Ediger once wrote The only "intuitive" interface is the nipple. After that, it's all learned. And he's wrong

Now, afore everyone starts flaming me for defaming the greatness of a UI expert, let me clarify. I only want to take issue with the semantics of that much-misused term "intuitive". As with so many of these comments, this was started by a conversation with a friend who quoted Ediger to me and got me thinking. The quote is wrong because "intuitive" for interfaces means that one can work out an interface using the knowledge one already has. Replace "intuitive" with "instinctive" and Ediger would be right on the money. An instinctive interface is one that you know how to operate without being told. An intuitive one you learn, but the basic operations, visual cues and assumptions are the same as the other interfaces you encounter on the same platform.

What this leads on to is an observation on a problem that many people know about but which doesn't seem to ever get solved. This should be written in letters of fire (and probably on a Ring of Power, but hey, all we have is HTML): Engineers, including programmers, cannot design interfaces. In fact, most can't even design icons worth a damn, let along think through task oriented flows or click-routes. I should point out that I speak as a programmer for many years and I'm proud to call myself an engineer.

I see this failing mostly in the open-source world. Here there are many projects for which the code flows artistically, an elegant construction of objects interacting gracefully to perform their apportioned tasks but with user interfaces that would fail a first-year college UI design course. On occasion larger-scale projects such as KDE will involved designers and people who think about UI and achieve greatness but on the whole it's not a pretty sight. And it's this as much as anything that's making it difficult for Linux to get onto the desktop. Microsoft invest a lot of money in interface design. Maybe they don't always get it right but their tools are pretty damn intuitive; if you know how to work one, you have a damn good idea of how to work any of them. In contrast, there are open-source tools around which appear to have been written by programmers who were convinced that it was a good idea to write the entire interface from scratch according to their understanding of how it should operate. This is almost without fail a retrograde step.

Take Blender for example, which was at http://www.blender.nl/ a while back btu may have moved. An open-source 3d package with tremendous capability but with an interface that broke every rule in the book. The learning curve for it was so steep that there must be many people who never discovered just what it could do because the functions were hidden away behind obscure mouse movements and modes.

Wow... it's nice to spot a story. Here is a nice article on C|Net about the risks of opening up your wireless LAN to anybody who wanders past. Some lovely war stories of badly secured networks leaking data. Of course, I'm feeling smug because of the blog entry I wrote on June the 19th (following on from bending the ear of many people about the subject).

Once more with feeling: you leave your LAN open, whether it's a home network or a business setup and someone somewhere will find a way to take advantage of it. If that happens to involve lawbreaking, the trail ends with you. It's rather like setting up a callbox outside your home connected to your domestic phone line. Feel free to do it. And when someone makes an abusive call from that callbox, the buck stops with you.

I think the biggest opportunity for mayhem with WiFi is spamming. Consider - you have an open WiFi access point to your LAN. No doubt your ISP has a mail relay. Like a good, security-aware ISP, they have it set up so that they'll only send email from their subscribers, like you. This will almost certainly be done using source IP filtering. But anyone who hops onto your LAN using that nice open relay will appear to your ISP to be you and will therefore be able to send email at whatever rate your Net connection will support. Cheap and easy for the spammer, no need to keep looking for insecure mail relays in China when there's probably a nice open broadband connection within a few blocks. You saw it here first...

How really, terribly, thoroughly depressing.

Eric Raymond, author of The Cathedral And The Bazaar and Open Source luminary is someone who's work I've read with much interest over the years. I don't always agree with him but I've always repected his opinions as well thought out and a tribute to clear thinking. Now I find he has a blog at Armed And Dangerous. Reading down, I come across the entry called "The Elephant In The Bath-House". What a load of ill-informed, reactionary and fundamentally offensive homophobic nonsense he quotes. It's destroyed my faith in the ability of intelligent people to consider issues...

Probably not very appropriate for a blog that's about ideas... but anyone who swallows the "homosexuals=paedophiles" bigotry that he has... Ah, against stupidity the Gods themselves contend in vain.

Oh, and just before anyone goes making assumptions - I'm not gay.