2011 April


 EFF advocates open WiFi

April 28, 2011


The EFF (electronic frontier foundation) recently posted an article entitled “Why We Need An Open Wireless Movement” which got slashdotted a bit and then (as usual) replied to by a bunch of people that all whined “yeah, I’m going to my door kicked in and my gear confiscated”.

The EFF article was actually quite decent, and wasn’t really so much about LEAVING WIFI AP’s OPEN as it was about “WiFi that is open and encrypted at the same time” which is what many slashdot posters got wrong completely.

I will refer to my post about OpenAccess Networks to explain why the EFF has potentially defined a problem for which many solutions exist already.

When Google deployed  WiFi in Mountain View, CA and when Neology deployed WiFi in Hatfield, PTA, we both released a VPN client (http://en.wikipedia.org/wiki/Google_WiFi) that used PPTP/L2TP to secure an internet connection across completely open access points.

Google did it for security reasons, Neology did it in order to create a “carrier pre-select” environment across an “open network”. Security is but one reason. Billing and ISP/carrier pre-selection is a very important “other” aspect.

In my view there is no need for a “new” Layer2 protocol, such as WPA/WPA2/WPA3/WPPP_facebook_3/ (insert new acronym here).

There are already many standards that allow for roaming, privacy and “remote access” over Ethernet, whether encrypted or clear-text.

A WiFi access-point should be Layer2 — basic Ethernet Access. In the same way a GSM roaming provider provides access to their base station — basic PDP access.

PPTP, L2TP, and many other IP encapsulations has solved 99% all of the encryption issues, tunneling issues, carrier selection issues, roaming, accounting and other challenges…

All in a  a model that’s standards’ based, and easy to understand and widely supported.

And this was done — 10 year ago already ! VPDN — VPDN multihop — and other families! I think that many network engineers have have just not really understood what it MEANS.

Not many people seem to have cottoned onto the basics of this yet, except for 3G carriers  that actually use L2TP to tunnel between a “home” network and a “visited” network.

Consumer Access Points’ don’t  really need that much work to work towards this “nirvana”, since most of them run Linux in any case.

Shared Access

Create a QoS policy for “roaming/encapsulated” access and decide how much of your broadband you want to “share for roaming”. Potentially, allocate a dedicated SSID to this function…

The backhaul for “roaming access” is provided  with a p-t-p encapsulated  IP that is allocated by the carrier (via the tunnel)  and thus the entire conduit and tunnel becomes the carriers’  responsibility.

This should satisfy the slashdot OMG! crowd, since the carrier simply extends it’s own network to your L2 Wi-Fi access point.

This is pretty much how cellular/3g roaming works already, in practice. You could even charge them money for access to your SSID!  (cue loads of ridiculous VC investment).


Someone (maybe me) just needs to create a web-2.0-ish presentation and half-arsed application and some VC spin, and a little bit of OpenWRT customisation to make it work. It’s not really rocket science.

You get a tunnel back to your “home” network via a foreign carrier. This is still “carrier pre-select” 😉

Private Access

A separate  QoS  policy for “home/encapsulated {at} home(.)access” can override the general internet access provided by your home network and give priority, and bandwidth reservation to you, the paying customer (if your access point does not provide multiple SSID’s).

Preferably if your home router’s WiFi driver allows, we create a multiple  SSID’s on your router — one for “roaming” that backhauls to a  carrier network with encapsulated connections, and another that is your “home” network. This is a simple matter of policy routing, and some iptables magic, and HTB queues.

This way, you can share your broadband (controlling how much to share to carriers), and still keep your home network private without all the tunneling shlepp.



It’s sharing WiFi on steroids.



It’s not that hard. It’s pretty much how The Onion Router works as well, except we didn’t have to re-invent the wheel.

It’s not rocket science

The bottom line is that a new protocol isn’t required. The protocols, architectures and designs that meet these requirement exist already. They exist for 802.16E ASN Gateways and 3GPP GGSN’s.



All that we as humans with 802.11 Access Points need to do is agree on some commercials.


And we don’t need a facebook “magic” to make it work either. Just some radius, some ppp, some l2tp, or pp2p and linux, and policy routing, and maybe a beer with some faces… Once a month.


Sharing your Wi-Fi is social networking to the extreme. This is what created JAWUG, the largest “free” network across Johannesburg.

I’m all for  EFF movement towards  “Social WiFi”.




I’m just not  convinced that the “problem” hasnt been solved already…

All that’s really required is some programming, motherfucker.



Uncategorized | Leave a comment


 I forgot, what was the point of this website again ?

April 18, 2011

More Vodacom RED fail.



Nicely contrasted with some RED.

Uncategorized | Leave a comment


 Vodacom – Discovering old fail with RED

April 4, 2011

After noting the Techcentral post about the new Vodacom rebranding and having seen some of them new advertisements on TV tonight, I decided to give my old favorite — “My Vodacom” a try again.





Just to be greeted with the usual fucking fail.


Of course, I should have realized that CSS changes was not going to change the way their crap works. Same fail. Just surrounded with RED this time.

Then I noticed some of the URL parameters.


I never realized they were using Vignette.  Whomever made that architecture decision – good luck…

Uncategorized | Leave a comment