Archive for July, 2007

Circular polarizers and daytime photography

Monday, July 30th, 2007

Earlier this year, it seemed to me as if I needed a circular polarizer for daytime shots. Last week at the 69th IETF meeting in Chicago, I think I proved myself right. Here are two photos of the Aon Center (I’m old enough that it will always be the “Standard Oil Building”) taken seconds apart. The shot on the right used a polarizer, and the reward is a deeper blue in the sky.

Aon Center (Chicago) shot polarized and unpolarized

(Yeah, I know that neither of the two photos are well-composed. However, the couplet is the best illustration from all the photos that I took because the angle of the shot relative to the sun was in the best possible position for maximum effect of the polarizer.)

Belly dancing and the IEEE 802 meeting

Wednesday, July 18th, 2007

Tonight (actually, I’m posting this early enough that it’s probably “last night” by now), Michael Williams put on an awesome get-together. In addition to some great Indian food, Michael and his wife organized a belly dancing show for us.

Yes, belly dancing. Here’s one of the better photos from the night, with a slow enough shutter speed to show off the action (and some post-processing to punch up the contrast):

Whirling belly dancer

The restaurant was a challenging shooting environment because the ambient light level was so low that a lot of the photos came out grainy. Even at ISO 1600, the ambient light required 1/8 – 1/15 second exposures. I tried using the camera’s built-in flash with a index card jury-rigged into a bounce card. A couple of times, it even worked really well, as with this shot of Frédérique with her back to the camera. With the flash, I was able to cut the shutter speed to 1/40 second, and freeze a wonderfully radiant smile:


The full gallery from the night is here. (You should also check out a couple of fun clean-up photos: the first dancer pictured above balanced a speaker stand on her head, even when the phone rang.)

Better 802.1X support for VoIP phones and “network paperclips”

Monday, July 2nd, 2007

One of the recurring annoyances with many 802.11 client devices is that they don’t support the best security protocols. Wi-Fi Protected Access (WPA) has two modes: the Personal mode based on pre-shared keys, and the 802.1X-based Enterprise mode. Well-known weaknesses in the former are not present in the stronger Enterprise mode.

One of the troubles with the lack of support for 802.1X is that it causes headaches for network administrators who are concerned about security, but need some widget to build their networks that doesn’t support 802.1X. I have often labeled many of these devices “network paperclips” because they are small, often inexpensive, and frequently, do a great deal to hold networks together. This morning, Jon Oltsik, the founding father of the OpenSEA Alliance picks up on the theme:

While the PC space is well covered, there is a new network-security frontier out there that remains barren. What about Internet Protocol phones? What about mobile devices? What about network-based appliances like printers?

Jon is getting uncomfortably (for the industry at least) close to an open secret about the Wi-Fi certification, too. There’s no requirement to support 802.1X to get Wi-Fi certification, and it’s often hard to tell from the product packaging whether the 802.1X/Enterprise methods of authentication are supported, or whether the product only supports the quicker-and-less-secure PSK/Personal methods. The Wi-Fi Alliance is working on the issue of how to reduce end-user confusion about security capabilities.

What brought all this to the front of my mind this morning is the much ballyhooed iPhone. There’s been a great deal of excitement about the dual 802.11/cellular capabilities of the device to speak VoIP, but it’s dead on arrival as far as most corporate networks are concerned. In a message to the Salsa-FWNA group this morning, Michael Griego writes about the disappointing wireless LAN security support on the iPhone:

Yes, it lacks 802.1x support out of the box, supporting only PSK security mechanisms. I was personally surprised at this and expect/ hope that this will change in one of the surely-soon-to-be-released updates since it should require only adding the supplicant software to make it work.

(Background note: Salsa-FWNA is an Internet2 group that is defining methods of federated authentication across university campuses. The group is making extensive use of 802.1X, which prevents the current iPhone from doing VoIP across campus boundaries.)

Like Michael, I also hope that Apple is working on an improved supplicant for the iPhone. If the iPhone runs MacOS X, it should be a straightforward port of the existing supplicant.

Finally, I’d like to make an offer for anybody reading this. If you have a device that needs to support 802.1X, but you’re not quite sure what to do (or just need a royalty-free code base), contact the OpenSEA Alliance and we’ll work with you on customizing the software to your device. Sufficiently interesting devices will be “self-customizing” once our developers get their hands on samples.