Subscribe to RSS Subscribe to Comments

Cheesy Musings launches in Belgium

I just heard today that a new ISP is launching in Belgium along the lines as, it is and they will be selling fon friendly ADSL connections to Foneros in Belgium. Best of luck with the new venture, or even, ik wens je veel geluk toe!

Happy Birthday Fon!

Fon is a year old, which is quite old in internet time. They are celebrating by offering free Foneras to the USA, Canada and the UK so if you are in the UK and don’t have a Fonera yet then get on down to the Fon shop and order one for the princely sum of £0.00

Lotusphere 2007

I have just come back from an enormous conference in Orlando, Florida. It was the IBM Lotus Lotusphere conference, the third one I have been to and for the first time I was a speaker! The conference was attended by about 7,000 people, yes you heard correctly, a full 7 kilogeeks. I was presenting session BP204 Integrating Lotus Notes and we filled the room, I don’t know the numbers yet, but it looked like a couple of hundred people to me. There was a big free wireless cloud for all the attendees, it was creaking a bit, but that isn’t surprising given the vast numbers of people using it, many of whom were checking out the virtual Second Life conference that was running in parallel with the real thing.

Baked Camembert - very yummy

I had a rather ripe whole Camembert in the fridge so I decided I would try to cook it. I found this recipe for baked camembert on the site, basically the recipe is to bung it in the oven at 190C for 20 minutes. It worked perfectly and was exceptionally tasty. The only fault I could find with the recipe is that they claim it will serve 10-12 :-)

Why it is important to know what is in your Fonera

The Fonera router (or the Linksys for that matter) is basically a computer. It is running a proper Linux operating system, it is always running, and it is connected to a high bandwidth connection. All the Fon routers connect to Fon central on a regular basis (the heartbeat connection) to see if there are any updates or changes for it to install. This works by downloading then running a script as root. If the Fon central server was compromised for more than an hour it would probably be possible to tell every Fon router in the world to connect somewhere else for the heartbeat information. This would be bad. The central server could then be fixed but it would be too late. The entire network would be under someone else’s control. It would be an enormous, and very well connected botnet. I don’t want to do this, and I don’t want anyone else to be able to do this, so it is important that the source code is open so that everyone connecting a Fonera to their network can see how secure it is. I am mildly disappointed that there is a binary only Atheros module in there, however I don’t think this is critical for the security of the device, or indeed the network as a whole.

Open Source does matter, and it is inherently more trustable than closed source because you can verify it yourself, and so can lots and lots of other people. The current distribution method for the source is a large .tar.gz file, with this series of posts I am trying to make the critical bits of the source code more open and accessible to more people, this makes it more trustable, and potentially more secure (if issues are found and fixed).

Request for signatures regarding the Novell/M$oft pact

I’m not going to implicate myself in anyway other than to say read this, and if you think it makes sense you should probably register your opinion…

What’s in your Fonera - Part 2

One important part of any routing device is the firewall settings, for La Fonera these can be found in ./package/iptables/files/firewall.fon The settings are pretty well commented and I am not really an iptables expert so I will let the file speak for itself.

# Firewall script, specific for OpenWrt: permits traffic from chilli clients to Internet restricts inter-interfaces traffic
. /etc/
. /tmp/network-config

config_load fon


iptables -N NET_ACCESS 2>&- >&-
iptables -F NET_ACCESS

# WAN_HOOK will contain rules to restrict traffic to the wan network
iptables -N WAN_HOOK 2>&- >&-

# ChilliSpot
iptables -A NET_ACCESS -p tcp –dport 3990 -j ACCEPT

# DNS is always allowed from the tunnel
iptables -A NET_ACCESS -p udp –dport 53 -j ACCEPT
iptables -A NET_ACCESS -p tcp –dport 53 -j ACCEPT

# Access control for the hotspot
config_get wan access hotspot_wan
enabled “$wan” 0 || iptables -A NET_ACCESS -j WAN_HOOK

config_get lan access hotspot_lan
if enabled “$lan” 0; then
iptables -t nat -A POSTROUTING -o “$LAN” -j MASQUERADE
iptables -A NET_ACCESS -o “$lan_ifname” -j DROP

config_get wan access lan_wan
enabled “$wan” 1 || iptables -I FORWARD 1 -i “$LAN” -o “$WAN” -j WAN_HOOK

# allow regular wan traffic
[ -z "$WAN" ] || {
iptables -A NET_ACCESS -o “$WAN” -j ACCEPT
iptables -A NET_ACCESS -i “$WAN” -j ACCEPT

iptables -A NET_ACCESS -o “$LAN” -j ACCEPT
iptables -A NET_ACCESS -i “$LAN” -j ACCEPT

# drop everything that we haven’t explicitly allowed
iptables -A NET_ACCESS -j DROP

iptables -N INPUT_CFG 2>&- >&-
iptables -F INPUT_CFG 2>&- >&-
iptables -I INPUT 1 -i tun0 -p tcp –dport 80 -j DROP
iptables -I INPUT 2 -i “$LAN” -j INPUT_CFG
iptables -I INPUT 3 -i tun0 -j NET_ACCESS

iptables -I forwarding_rule 1 -i “$LAN” -j INPUT_CFG
iptables -I forwarding_rule 2 -o “$LAN” -j INPUT_CFG
iptables -I forwarding_rule 3 -i tun0 -j NET_ACCESS
iptables -I forwarding_rule 4 -o tun0 -j NET_ACCESS

# Drop all unmanaged traffic from the public interface
iptables -t nat -A PREROUTING -i “$WL” -j DROP

ACTION=ifup INTERFACE=wan sh /etc/hotplug.d/iface/20-firewall

What’s in your Fonera? Part 1

A new version of the firmware that runs in la fonera routers has been released, you can get this from the Fon website it comes as a 1.9MB file called fonera_0.7.1.1.fon, you can upload this to your router to install it.

I wanted to see what exactly is in this .fon file so I downloaded the source code. You can get this from here. This is an 88.7MB file called fonera.tar.bz2. (The .tar.bz2 extension means it is a compressed file for Linux known as a tarball, a bit like a .zip file). I uncompressed this and had a look inside.

First thing I noticed is the file dates are mostly October 4th 2006, I don’t think this is the source for version 7.1.1. I couldn’t find any indication of what version it actually is, which is a bit of a shame. I used the “find” command to produce this List of files in fonera.tar.bz2 so you can see the structure of it without downloading the whole thing yourself.

One part I was a bit surprised at was finding ./binary-only-modules/ar531x-wdt.o this is a binary driver for the Atheros AR531x chip which provides the wireless functionaility. The initial release of the source code for the Fonera was delayed for a while because Fon were working on GPL compliance with Atheros I guess they were hoping to get the source code to this module released, but failed in the end. Binary kernel modules are fairly common and I think are within the letter of the GPL if not the full spirit of the GPL.

(Read the article)

We need a cheesier theme

This blog is running on WordPress, quite a popular bit of blogging software. Right now we are using the standard theme it comes with (probably going to flick about between themes for a few days so that might not be true as you read this), only the colours have been slightly cheesified. There are lots and lots of WordPress themes out there, but so far not many globular melted cheesy looks, if anyone has a pointer to a suitable theme, or even wants to help create one, then please post a comment.

Remember the Rabbit phone?

Back in the early 90s there was a mobile phone service called Rabbit. The technology wasn’t the analog cellphone network, they were not trying to create a network of universal overlapping cell coverage like the other guys were. The Rabbit technology had a range of about 100m to the base station, you had to look for a rabbit sign to make a call. This sounds a bit rubbish these days, but you have to remember that this was started in 1989 and it was designed to compete with public callboxes, not with the cellphone networks which quickly grew up and boiled the unfortunately timed bunny.

This blast from the past is now being brought up to date with the Skype Wifi phone with La Fonera. Now I can see that this is a cool thing to have in your home, a digital cordless phone that has the call costs and quality of Skype (which has a much greater frequency response than a regular phone or even a SIP phone), and of course having a Fon hotspot is great too. The bit I don’t get is the idea of roaming about with it in search of hotspots. I can completely understand WiFi roaming with a laptop, if you find a hotspot you can stop and use it, if you don’t, you just work locally. With a mobile phone however there are two big reasons that this isn’t good enough, firstly it’s only function (well apart from silly games and perhaps a camera) is to communicate with other people whenever and wherever you might be. Secondly a phone also takes incomming calls, and you can’t really synchronise your visits to a hotspot to coincide with an inbound call.

I might still get one as a home device, but I certainly wouldn’t get one for the purpose it seems to be aiming at. Fon is cool, VOIP is cool, but VOIP+Fon is not a mobile phone network.

Based on FluidityTheme Redesigned by Kaushal Sheth Sponsored by Aviva Web Directory