Archive for May, 2007

Above Las Vegas at night

Wednesday, May 30th, 2007

How much do I like Interop? To answer that question, I usually point out that it’s in Las Vegas, but I go anyway in spite of the venue. I’ve made the the annual Interop pilgrimage nine times in the past decade. Last week at the close of the show, I made my way to Mix, the nightclub on the 64th floor of THEhotel in Las Vegas. The view was astounding, in part because you can look down at the bright light on top of the Luxor.

As with almost every other city I’ve been to, Las Vegas looks better at night. From Mix, I assembled a four-shot panorama of the Strip. Here’s a small excerpt from it:

Las Vegas Strip from the Mix nightclub at THEhotel

The photo was made possible by my new Canon SLR. I didn’t try taking a tripod up to the nightclub, and in any case, there’s a glass wall that I had to shoot over. To handhold the camera, even rested on the glass, required that I pull out all the tricks to keep the image steady. The shots were all taken at a speed of ISO 1600, and I’m sure that the fact I was using an image-stabilized lens didn’t hurt.

If you found the shot above attractive, you might be interested in the Las Vegas gallery, which also includes a couple of photos from the House of Blues Foundation Room at the top of the original Mandalay Bay tower.

Lessons from building the Faraday Cage at the Interop Labs

Tuesday, May 29th, 2007

With Interop over, it’s worth jotting down a few lessons about the Interop Labs Faraday cage. First, the results were better than I expected, given the difficulty of building a complete RF shield. Based on measurements we took using both test tools and laptop-based tools, it appears that our cage provided about 40-45 dB of shield, which is a good amount given our abbreviated time and limited materials budget. For comparison, the VeriWave test chambers are guaranteed to provide at least 80 dB of shielding (though the number appears to be much higher in practice).

  • 802.11 shielding: 40 dB of shielding is good enough to provide a substantial reduction in the number of visible APs. Even before the show started, it was possible to see 300 to 400 APs immediately outside the door of the cage. With the door closed, we could reduce that number to 20-30, which includes the four APs that were powered on inside the cage.
  • Mobile phone shielding: The cage did cause some signal loss for cell phone signals, but the service came through loud and clear. Occasionally, some phones would exhibit the loss of one bar, but I don’t believe there is a standard indication for what a bar means between vendors, or even between different phones from the same vendor.
  • Related to the first point, the team from DiVitas found the cage extremely useful. Their demonstration of an fixed/mobile convergence application depended on having “reasonable” 802.11 service to set up a call on 802.11, and then degraded service to hand the call over to the voice network. Our cage provided that without any difficulty, and even allowed people to hear that voice quality on 802.11 can be better than voice quality on cellular networks.

After going through the process, we did learn a few lessons:

  • Buy, don’t build. We had to spend lots of time fiddling with the cage, and there were complicated entry/exit procedures for making sure that the door was adequately screened. Various flaps had to be secured in particular ways to get maximum shielding.
  • Related to the previous point: Don’t buy from us. We had fun building it, but this is not a vocation for us.
  • Materials matter. The cage was made of aluminum screen because it is inexpensive material, but aluminium has properties that are suboptimal for a project like this. Aluminium naturally forms a protective oxide layer. In aerospace, that’s cool. In Faraday cage manufacture, it’s not. The aluminium oxide is an insulator, so we saw resistances across the outer mesh screen approach an ohm if the current had to cross sheet boundaries. Aluminium is a difficult material to work with, since it melts at 660 °C, but its oxide melts at 2054 °C. In practice, we were unable to join the metal sheets together directly because we didn’t want to try brazing (and we lacked equipment which could generate the requisite heat anyway); we ultimately settled for “sewing” the sheets together with copper wire as shown in the photos included with original post.
  • Complete screening is hard. Our first attempt was to keep the cage completely isolated from everything, with only a power drop. However, putting Ethernet cables in to the cage did not seem to change the screening effect at all. Ethernet is tightly twisted to resist carrying interference, but it can still act like an antenna. There are two possible conclusions: we did a perfect job putting the Ethernet in, or the cage leaked enough that there was no incremental penalty from the Ethernet cables. We’ll go with the latter choice.
  • As a sign that the cage leaked even without the Ethernet, we did not notice any difference between (1) no Ethernet cables, (2) one Ethernet cable, (3) one Ethernet cable with a snap-on ferrite core, or (4) two Ethernet cables, one of which had a snap-on core. For demonstration purposes, we put two cables in to the cage, but a “real” cage should take penetrations much more seriously.
  • Grounding didn’t matter. The electrical contractor set up a ground wire for us from the show electrical system, but connecting it did not make a difference in the effectiveness of the cage. Our suspicion is that the ground wire was good enough to act as an electrical safety, but that it had high impedance to the ground itself. In the end, we decided to leave it connected because it “looked cool.”

The credit card fraud detection system versus C.J.W. Holdings

Tuesday, May 29th, 2007

Over the holiday weekend, I received a call from somebody claiming to be a fraud investigator with one of my credit cards. I was suspicious of the call because the call didn’t come through with Caller ID. (Yes, I know it’s easy to forge, but I figured a scammer would be sure to block it.) She asked if I’d made a purchase from “J.W. Holdings,” but the line went dead shortly after she asked the question. I thought the call was a scam and made a mental note to report it after return from some errands in the morning.

During my shopping trip, the card was declined, so I figured that the call had been legitimate. When I called up and spoke with the fraud investigators, they asked me if I had made an Internet purchase from C.J.W. Holdings for $84.97. Since I was on my computer at the time, I ran a Google search on the company. Interestingly, Google turned up this complaint page, which sounded suspiciously like my situation, except that my credit card company’s fraud systems had flagged the transaction. The amount was even the same!

I have to say, I’m impressed with the fraud detection system. I took the piece of plastic to Montreal two weeks ago and charged a single meal with no difficulty. Even though I charged the ticket on another card entirely, the system somehow recognized the charge in Montreal was legitimate. (I assume it’s because the card was present for the transaction.) The previous time I had a credit card blocked, it was also the result of fraud. Somebody tried to charge almost $900 worth of merchandise at the New York Heroes gift shop. Oddly, it also occurred while I was on a foreign trip. Fraud detection systems have correctly caught the two bogus transactions out of thousands in the past decade while letting all of the legitimate charges go through. As I said, I’m impressed.

Hotel security through annoyance

Friday, May 25th, 2007

I was in Las Vegas this past week for Interop, where I stayed at the Luxor with the other Interop Labs team members. The Luxor has a “security” system for guests which requires that you have a valid key card to use the elevators to go up to the guest rooms. The system is only marginally better than the “show a key card at the elevator bank” system that other hotels use.

You see, every key card unlocks every floor. I was on the seventh floor, but the elevator didn’t require a key from the seventh floor to enable a stop on the seventh floor. If you want to get on to any floor, just get on the elevator with somebody else and wait for them to “unlock” the elevator before you press the button for your desired floor. (If you’re lazy like me, you can also let other passengers unlock the elevator buttons before you hit the button for your floor, too.)

High-tech home ec: Building a Faraday cage at the Interop Labs

Tuesday, May 22nd, 2007

As part of the VoIP demo at year’s Interop Labs, we’re building a Faraday cage. Last year, I did some basic research into quality of service using WMM by recording voice samples over the air, using the wireless traffic at the show floor for background noise.

This year, the team wanted to do something a bit more controlled. We had questions about how well WMM worked when more than a single call was prioritized. To control for the many variables of wireless traffic on the trade show floor, we needed to isolate the VoIP testing from everything else. During the staging event, Jed Daniels built a prototype Faraday cage to keep the show floor out, and our background traffic in.

Building a walk-in cage is a lot harder than building a small prototype. Faraday cages work best when they are a single conductive surface, but the walk-in cage was big enough that we had to join sheets of mesh. To improve conductivity between panels, we wound up “sewing” sheets together with copper wire.

Needles are not well designed for pulling wire through a small-aperture mesh, so we needed to sew in two-person teams. Here’s me working with Jed, pulling copper wire through the mesh as we sew along the base:
Sewing the cage, outside view

Here’s the reverse view, looking over Jed’s head towards the outside.
Sewing the cage, inside view

Here’s a shot of the final result, with Jed and an engineer from Veriwave working on the test tool to generate controlled background traffic for our demonstrations:
Jed in the cage

Finally, after all that work, we felt the need to “make our mark,” so all the people who worked on the cage sewed initials in to the front panel:
Initials in the cage
(From the upper left to the lower right, the initials are Jed Daniels, Mike McCauley, Matthew Gast, J.J. McNamara, Jerry Perser, Bill “WEJ” Jensen, and John Balogh.)

Secure VoIP demonstration at Interop

Wednesday, May 16th, 2007

Last month, the Adminsistrative Office of the United States Courts released the 2006 wiretap report (main report in PDF format). There are two extremely interesting points.

First, the third paragraph of the introductory page, which reads:

Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that reporting should reflect the number of wiretap applications granted for which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant to the court orders. In 2006, no instances were reported of encryption encountered during any federal or state wiretap.

(Steve Bellovin, via Eric Rescorla.)

Second, on page 11 of the PDF (under the section “Summary and Analysis of Reports by Prosecuting Officials”), we learn that the federal government doesn’t encounter computers all that often:

The electronic wiretap, which includes devices such as digital display pagers, voice pagers, fax machines, and transmissions via computer such as electronic mail accounted for less than 1 percent (13 cases) of intercepts installed in 2006; 6 of these involved electronic pagers, and 7 involved computers.

For comparative purposes, the report notes that 1,839 wiretaps concluded in 2006.

Most voice communications are not encrypted. The exception is mobile telephones, which are encrypted only on the radio link. (Mobile phone wiretaps, however, generally take place at the switching office, where the voice traffic is not encrypted.) This certainly includes most VoIP calls today, and is a reason that is often cited for the lack of use of SIP-based services on corporate networks. Most VoIP data is transmitted using the Real-Time Protocol (RTP), which does not encrypt payload data. The Secure Real-Time Transport (SRTP) offers a potential solution, and implementations are now available.

After that very long introduction, I’d like to point out that the Interop Labs next week will have an interoperability demonstration featuring SRTP. It’s open to the public, so if you happen to be on the show floor, stop on by!

As a completely shameless plug, you can also see the Open1X supplicant in the iLabs, which is now supported by the newly-formed OpenSEA Alliance.

Easier to be a professor?

Wednesday, May 16th, 2007

Many years ago in college, I took Bill Ferguson‘s macroeconomics class, using Greg Mankiw‘s textbook. During one lecture, I remember Professor Ferguson stating something to the effect that “Mankiw can get away with that because he’s much smarter than most other economists.” Therefore, it was interesting to see Mankiw admit his weaknesses, as well as that being a professor is easier than being a student.

Sunrise, sunset (not of the Fiddler on the Roof variety)

Monday, May 14th, 2007

There’s an old adage that the best pictures are taken within half an hour of sunrise or sunset. My obsession with photography is now bad enough that I am annoyed with taking pictures during the middle of the day, and I try to be out and about around sunset. As an example of what the mid-day sun costs you, compare this picture of mine from the Sri Mariamman Temple in Singapore:

Sri Mariamman Temple, midday

To the picture at The colors in my photo are washed out and lack the “wow” factor of the real-life vibrant colors.

Enter, which has a world clock that has sunrise and sunset times for most of the major cities in the world. I can tell that I’m going to be visiting the site frequently.

OpenSEA launches!

Monday, May 14th, 2007

Today, the OpenSEA Alliance launched, with the objective of developing a cross-platform open source 802.1X supplicant. I was fortunate enough to be part of the initial group, both as an individual and representing one of the founding companies.

Any time you get multiple companies together, it can be challenging coming to consensus. We were helped immensely by Cliff Schmidt from the Apache foundation, and were lucky to be able to draw extensively on his expertise.

One of the few thorny issues that was outside of Cliff’s immediate expertise in law was deciding on a name. Naturally, he helped assist the group in selecting a name that was not already in use and could be legally protected, but we still had to come up with a name within those broad criteria. “OpenSEA” was my suggestion, originally proposed to come up with a middle ground between a name that was specifically tied to 802.1X and a more general name. Officially, “SEA” stands for “Secure Edge Access,” but unofficially, we’re using the “open sea” phrase to indicate that changes at the network edge will have profound effects on the way networks are built and managed. As a fun point, we get the ability to give nautical-themed code names to our projects.

Starting the organization was quite educational, and I’m glad I participated. In addition to getting agreement on how to structure the organization, there’s a lot of start-up work to do to incorporate, get a bank account, and so on. At our first meeting last week, I was elected to the board of directors for a two-year term, ending in 2009. I’m concurrently serving a one-year term as corporate secretary.

So, the easy work is done, and the organization is running. The challenge now is to make it successful. Right now, the group depends on volunteer labor. As part of the process of starting OpenSEA, I learned from a colleague that the Wi-Fi Alliance started in much the same way, but it has now become successful enough that it has a professional staff. While OpenSEA probably will not be as well-known as Wi-Fi, it can certainly become successful enough to outgrow volunteers.

A very appropriate flight number to the IEEE meeting

Sunday, May 13th, 2007

On the way to the IEEE meeting, I looked at my ticket. Due to the vagaries of airline fares and schedules, I was forced to connect. American Airlines flight 802 goes from Dallas to Montréal, where the meeting is held. Somehow, it seems appropriate that I’m taking flight 802 to the 802.11 meeting.

(Somberly, I should note that American Airlines no longer operates flight 11.)