Author: Martin

When I recently configured a computer for Eduroam access in Vienna I took the opportunity to have a quick look at what’s in the air in Vienna University’s main reading room. It turned out that it was much more than I thought. In short, they use pretty much ALL available spectrum in the 2.4 and 5 GHz bands:

Continue reading 320 MHz of Wifi In Univiersity of Vienna’s Main Reading Hall

I was more than a bit annoyed when I noticed that whenever I restart the browser and load my website, the browser reaches out to Google to load a number of font files. What!?

Continue reading Removing Google Fonts On This Blog

Over the past years I’ve explored many ways how to combine my memories of computing of the 1980’s with my quest to better understand how a CPU works and using contemporary technology for the purpose. Here’s another cool approach to do this by emulating a Busch 2090 4-bit computer on an Arudino.

Continue reading A Busch 2090 Emulator on an Arduino

It’s been a while since I switched the final Windows based machine to Linux at my place. Admittedly there are a few things I still need Windows for but those can comfortably run in a Virtual machine on a Linux host or by using Wine, the Windows Emulation Layer for Linux. But time has come to go a step further once again.

Continue reading Uninstalling Wine – Bye Bye Windows Emulation Layer

Back in December 2015 I found my first public Wifi network at 32C3 that used a certificate instead of a common password, not so much for user authentication but for assigning an individual ciphering key to each device. Especially at a hacker conference that’s a plus as normal WPA encryption uses the same passphrase for everyone and hence attackers can decrypt the Wifi traffic of others if they know the common passphrase and have intercepted the authentication dialog. When recently being asked to configure a computer for Eduroam access, an international Wifi network at universities (for a world map see here), I found yet another flavor of Wifi certificate use that is highly interesting.

Continue reading Eduroam – Wifi With A Certificate And Cool Roaming Features

The Turkish Airlines Lounge in Istanbul is by all means one of the coolest places to stay at any airport around the globe. Well at least it was so far.  Apart from a nice interior one thing that is obviously absolutely crucial to me and many other business travelers is good Internet connectivity. And this is more and more difficult to get in that lounge.

While there is Wi-Fi in the lounge, OpenVPN and IPSec connectivity is blocked. No idea why but I’m probably not the only business traveler who is more than unhappy about this. At least I can use an SSH tunnel VPN that they (forgot?) to block to get my data safely through the network. Another option that has worked so far in the lounge is to tether my PC via a mobile device and one of the cellular networks there to the Internet. Unfortunately both times I’ve been there recently, Turkcell and Vodafone Turkey failed miserably.

Outside the lounge at the gates, both networks worked well so I decided to leave. Perhaps one of the companies involved in this cares and does something about the situation next time. Would be nice…

Back in 2011 I had my first in-flight Internet experience over the Atlantic with a satellite based system. Since then I’ve been online a couple of times during national flights in the US where a ground based system is used. In Europe most carriers don’t offer in-flight Internet access so far but an LTE based ground system is in the making which will hopefully have enough bandwidth so support the demand in the years to come. When I was recently flying to Asia I was positively surprised that Turkish Airlines offered Internet access on my outbound and inbound trips. Free in business class and available for $15 for the duration of the trip in economy class I was of course interested of how well it would work despite both flights being night flights and a strong urge to sleep

While most people where still awake in the plane, speeds were quite slow. Things got a bit better once people started to doze off and I could observe data rates in the downlink direction between 1 and 2 Mbit/s. Still, web browsing felt quite slow due to the 1000 ms round trip delay times over a geostationary satellite. But it worked and I could even do some system administration over ssh connections although at such round trip times command line interaction was far from snappy.

In the uplink I could get data rates of around 50 to 100 kbit/s during my outbound leg which made it pretty much impossible to send anything larger than a few kilobytes. On the return trip I could get around 300 kbit/s in the uplink direction when I tried. Still not fast but much more usable.

Apart from web browsing and some system administration over ssh, I mostly used the available connectivity to chat and exchange pictures with others at home using Conversations. While being mostly available, I noticed a number of outages in the link ranging from a few tens of seconds to several minutes. I’m not sure by what they were cause surely not due to clouds or bad weather above the plane… 🙂

While overall I was happy to be connected I have to say that like in the US, this system is not offering enough capacity anymore and it will become more and more difficult to offer a good customer experience without bumping up speeds significantly.

One of the major issues of public Wi-Fi hotspots is that they are usually unencrypted which makes users an easy target for eavesdropping. Some Wi-Fi hotspots use encryption but the PSK password is the same for all users. As a consequence an attacker that intercepts the authentication procedure can decrypt the traffic easily. This means that the only thing that can be achieved by using WPA2-PSK encryption in public hotspots is a weak form of access control by trying to keep the password within the group of authorized users. Good luck with that. Thanks to this post over at Heise (in German) I got aware that Dan Harkins of Aruba (now owned by HP) is trying to change this in the IEEE:

What Dan proposes in his “Opportunistic Wireless Encryption (OWE)” document presented back in September 2015 is to use a Diffie-Hellman Key exchange instead of WPA2-PSK when establishing a connection to the Wi-Fi Access Point. The difference between DH-Key exchange and WPA2-PSK is that the user does not have to supply a password and that an encrypted tunnel for which no shared secret is required is used to exchange a per-device encryption key. In other words, the proposed solution works in the same way as the key exchange used by https to secure web traffic today. No password needs to be given and the individual key that is exchanged through the encrypted tunnel ensures that an attacker can’t decode the traffic even if he intercepted the exchange (which is possible with WPA2-PSK). Two problems solved (no password, real encryption) at the same time.

Unfortunately it seems that there is no wide spread support for the idea yet. This document suggests there weren’t enough supporters in a meeting in January 2016 to include the idea in the next update of the 802.11 Wi-Fi standards. Let’s hope that this will still change as the current state of public Wi-Fi security is simply unacceptable.