inside aebrahim’s head

The folks over at the Mozilla Digital Memory Bank kindly took the time to interview me last November. I just noticed that the interview transcript has been posted online last month.

A couple of weeks ago I was talking to Yusuf about setting up wireless internet access at my workplace for guests. In the past we had them plug into our wired network, but the downside of this is that unless you have very expensive DNAC equipment like InfoExpress, or have static NAC configured (very cumbersome), your guests are clients on your main office network and can wreak havoc if their computers have viruses or are otherwise exploited.

Network infection via guests is a real vector and one of which companies should be very afraid. Ideally guests would always be on a separate VLAN.

One way to acheive this is to use a FON router to sandbox guests into a separate VLAN. The FON routers have two SSIDs, a private one that is WPA2 protected that gives full access to the local network, and a public SSID that is (by default) completely separate from the main network and guests on this VLAN cannot talk to computers on the main network, only through to internet IP addresses.

Using the friends and family feature of FON, you can set up a custom username and password that your office guests can use to authenticate on the public SSID (multiple logins with a single credential is possible).

This kills two birds with one stone because you not only have secure access to your own network via WPA2 (which is generally considered to be unbreakable using today’s technology) and you offer guests wifi access to the internet without allowing them access to your internal network.

A couple of things are on my FON wishlist:

• Seamless handover between FON access points on both public and private SSID
• Proper resolution of NetBIOS names on the private SSID (even though its on a different subnet from the main network)
• Better tolerance for old network drivers (this is a big one because in quite a few cases clients using older drivers could not connect to FON even though they could use other wifi networks - older Intel drivers in particular seem to be a problem)
• More powerful customisation options for the FON portal
• On the La Fonera+, allow the extra wired ethernet port to optionally connect to the public FON network instead of the private network

One other thing to bear in mind is that if you choose this solution, you allow anybody to use your bandwidth when authenticated through the FON network. Depending on your corporate policies, this may or may not be a problem for you. If bandwidth is the only issue, on the public SSID you can optionally limit this to as little as 512Kbps to make sure that guests don’t hog your pipeline.

With the great success of the iPhone and iPod Touch, you’d think Apple would be sitting pretty as the king of wireless networking. Plus, Apple has a reputation for making relatively complicated tasks more user friendly by having more streamlined UI than the competition.

However, my experience with Apple’s networking products has been pretty disappointing. Not because they don’t work well (they do), but because they are the most confusing and user-unfriendly wifi products I have used, ever.

My first foray into Apple’s wifi products was the Time Capsule. The idea behind this is excellent, to have NAS built into the router so that backup for Mac users is painless by just having to flip a switch to turn Time Machine on. Whether the user is plugged in or not, this still works behind the scenes, eliminating the biggest barrier to having regular users back up.

The idea is great; the implementation, well, not so smooth. Out of the box, the Time Capsule seemed to work okay, until I tried connecting via wifi. This didn’t work at all, no matter what I did. It would connect, and then drop, and I’d then have to reset the router and then rinse, repeat, ad infinitum. I found others on forums had the same problems, with no solution. In the end, this magically started working a few weeks later with a firmware update to 7.3.1. That’s nice, but you’d think that basic wireless connectivity would have been better tested before release.

Today I picked up an Airport Express so that I could extend the range of the network to cover our entire apartment. This device also shipped with what I would consider broken firmware, and I had to upgrade to 7.3.1 before it would do anything useful. It’s now working okay (I think), but only after about an hour of tinkering.

My main beef with Apple is that the documentation is so simple. When it works, it works great. When it doesn’t work, you just have to scratch your head and go to Google, because God forbid Apple have any useful troubleshooting resources online to scare the non-tech saavy users away.

One point which I find thoroughly confusing is that the Airport Express has an option to either participate in a WDS or to “Extend wireless network”. Both of these options appear to be variations of the same thing, but I can’t figure out what the difference is between the two of them. A lot of people are asking the same question.

After a lot of searching, I still don’t know what the difference is, except that maybe the option to “Extend wireless network” is sort of like WDS on steroids. However, I have no idea and there’s no information on this that I can find. Apple doesn’t explain this anywhere either, even though both the options are obviously different.

The most important question I have which is as yet unanswered is whether either of the two options supports seamless handover of clients between different access points on the same network.

Long story short: Apple wifi products work great once they’re configured. Good luck trying to get them configured correctly.

In other news, India has caught up with Intel and AMD and is now producing dual-core “devices” locally.

According to the South China Morning Post, HKBN, a broadband provider in Hong Kong is rolling out a 100Mbps consumer broadband service (paid registration required). Some excerpts from the article are as follows:

“Hong Kong Broadband Network on Tuesday unveiled a new 100Mbps broadband service it claims is the fastest for residential users in Hong Kong. The company also demonstrated a premium one gigabit per second service that will be available by the second quarter of next year.”

“However, users paying the $268 per month will benefit from the 100Mbps bandwidth only when browsing local-based content - for international content the bandwidth is limited to 20Mbps. Users wanting the full 100Mbps bandwidth for international access will have to pay $1,980 per month.”

“With HKBN’s new super-fast services upload and download speeds are the same.”

All prices are in Hong Kong Dollars. HK$7.8 = US$1.0.

This is really great news for all of us in Hong Kong. Being able to browse overseas sites at “only” 20Mbps is fine with me, especially if its coming with a price tag of only US$34/month. Also of note is that bandwith is symmetric, which is amazing.

This is what happens when you have a market that has over 10 broadband providers who fiercely compete for your business. They even plan to roll out GigE service to home users who are willing to pay for it.

I’m looking for a version of AIM that will run on my Nokia 6600 (or AIM compatible client). The version on AIM.co.uk is freely downloadable, but locked to the O2 network. I found another version on my-symbian.com that looks the same, but costs USD20.

If anyone knows of a free solution, I’d be most appreciative if you could let me know. Ideally there would be a single client that supports AIM, ICQ and MSN simeltaneously. Something like Trillian, but that works on the Nokia 6600. I’d actually be willing to pay for something like that. If not, then free applications that support them separately would be good too.

UPDATE: After some more digging, I’ve found Agile Messenger. It does exactly what I’m looking for, and it’s free. It’s a Jabber based client, so it supports AIM, MSN, ICQ, Yahoo! Messenger, and the Jabber protocol. It also runs on pretty much any mobile platform. Also from Agile Mobile is the Agile Lie Detector. It looks so cool!

So I’m trying to call my fiancee in India over my Vonage phone, and I get the following message from the Indian local-end of the VOIP call:

“This facility is not available on your telephone. [Insert Hindi version of previous statement]. [Insert Bengali version of previous statement].”

No matter how much I keep trying, it still happens. It’s not the first time either. But this time I was annoyed enough to call Vonage and ask them to please fix the problem.

My tech support conversation went something like this:

TS: Hi, what can I do for you today?

Me: Hi, I’m having a problem calling certain mobile numbers in India, I’m getting a message from your Indian local end provider saying that “This facility is not available from your telephone”.

TS: Sorry, we don’t provide voicemail in India.

Me: Yes, I know, it has nothing to do with voicemail. The message is from your local provider in India.

TS: I’m getting a lot of static right now on your end [probably because I'm downloading something while I'm on the phone], I’m going to push a new firmware out to you. I think that will solve your problem and your calls won’t get dropped.

Me: No, that won’t help me. What happens is that when I place a call from here, it gets routed to India, and in India, a local call gets placed from your VOIP provider to the number I want to call. That last step is failing. You can push me a new firmware if you want, but it certainly won’t help me solve my problem. Usually this happens at night or during the early morning, and when it happens it happens for hours at a time and I can’t get through.

TS: [It dawns on him that I might actually be having a real issue.] What times does this happen? It sounds like you’re trying to connect at peak usage times.

Me: It happens usually very early morning, like 2:00AM or so through the late morning. It seems unlikely that you’re getting a lot of calls placed at 2:00AM Central.

TS: Well, it’s probably a peak usage time issue.

Me: That’s possible. But it’s not acceptable to me that just because it’s a peak usage time, my phone calls should not go through. When I place a call, I expect that it will go through. Whether or not it is a peak usage time and you have the appropriate call capacity is an issue for your technical staff, not for me.

TS: [Is quiet for a few seconds.] I’m going to escalate this to our Tier 3 tech people, hold on a minute so I can get you your ticket number.

Me: [Waits.]

TS: Can I get the number you’re trying to call?

Me: 9198313xxxxx

TS: You mean 0119198313xxxxx?

Me: Yes. [Obviously.]

TS: Your ticket number is xxxxxx.

Me: Thanks.

TS: [Seems like he's waiting for me to say something, but then says:] Is there anything else I can help you with today?

Me: No, that’s all. Thanks.

TS: Bye, sir.

Me: Bye.

I’m somewhat hopeful that my issue might actually get resolved, but it would be nice if these tech support people didn’t treat us like idiots when we call in with a real problem. I thought it was pretty obvious what the problem was, but yet before he took me seriously, he tried to tell me:

a) They don’t have voicemail in India. Well duh…
b) He’d push a firmware update to me. This is going to help how?
c) It’s a peak usage time. Sorry, not my problem. That’s what I’m paying them to deal with.

And after that, I had to explain to him what the problem was. Nice reversal of roles there.

In all fairness, aside from this one issue I’m having with calling my fiancee in India (which as you can imagine is a big deal to me), I’m very happy with their service. The line quality is good, and I’ve not had any other problems. If any of you are planning on signing up for Vonage (yeah I know, my post is a shining review ) please do let me know, and I can refer you. We’ll both get a month free.

I just thought I’d mention a web server I’ve been testing, Cherokee. It’s a pretty handy webserver, very compact and apparently very fast at serving static files (better than Apache, even). It’s still very much in beta and there is quite a way to go before I’d consider deploying it on a production machine, but from the way things are looking, it has promise. The development team usually hangs around on irc.gimp.net #cherokee — so drop by there if you have a chance to test out Cherokee and have some feedback. The page says that it works under Cygwin as well, which it is supposed to, but the latest releases don’t actually compile on Cygwin, but it’s a known bug and will hopefully get fixed soon.

One of the main attractions of this server is that it can be run as a non-root user and doesn’t need to be installed by a superuser, which is a nice bonus. There is also a Cherokee community on Orkut, so feel free to check that out as well.

I set up Samba today on my Linux machine so that I could use it as a file storage location and map a network drive from my Windows XP laptop, which was running out of hard disk space. I made my home directory on Linux a readonly Samba share, and I set up iptables on the Linux machine to accept connections of state NEW on port 445/tcp and 445/udp only when coming from my Windows laptop. So now I basically have an extra 25GB of storage space for about 5 minutes of work. Not to mention that the access speed over 100Mbit LAN is basically as fast as my laptop’s local hard disk. Yup, that’s how slow my laptop hard disk is. Seeking is obviously slower, but once it gets going, movies play fast enough that they’ll never skip, and I could easily burn a CD off the network and never worry about a buffer underrun.

While writing this entry, I just came up with an interesting thought: what if I actually built Firefox over the network, meaning have the source and object files on a network drive, and just bring them over to my computer for processing? I wonder if that would actually compile faster than if everything was local. I think I’m going to have to try that out at some point and see. Definitely seems like an interesting experiment.

All in all I had a good day, went for a swim as well which was nice and relaxing. Then undid all the exercise goodness by having a Dominos dinner.