So, this morning for the first time I went online at a Starbucks hotspot. My car was in for an oil change, and I was on Park Street in Alameda. I was lucky in that my employer has an account with T-Mobile so I could get online for free (I was checking my work email after all). That got me thinking about free hotspots (not to mention the possibility of better cofee).

Tonight, I found a website that lists free hotspots in California. It also has some links to other places with lists, and a weblog for news about new sites coming online.

Interestingly, I noticed that there is a coffee shop on Park Street with free access (though I think that the name in the list is wrong – I suspect they mean JavaRama and not Jumpin’ Java). In addition to that, I noticed that the Pacific Coast Brewery in Oakland offers free WiFi, so it seems that WiFi is coming to bars here in the US as well as the pubs back home in the UK.

By the way, the site with the California list also maintains lists for other states, so if you’re somewhere else in the US check out your state too. If you’re reading this from outside the US, and you know of a good site that lists free WiFi in your country please leave a comment with the URL.

Thursday September 25, 2003 is Unwired Day. Intel is sponsoring a day of free wireless internet access at hotspots all over the world. There is a locator on the site that will let you find which hotspots, if any, in your area are offering free service for the day.

I even found one in East Grinstead (the town nearest to where I grew up in the UK), and I noticed that Woody’s, the Student Union bar at my university is also on the list. Of course, it wasn’t there while I was at Kent…

Instant802 Networks, the company I work for, had a booth at this year’s Intel Developer’s Forum event down in San Jose, California.

Here’s a photo of our booth, with my boss on duty:

The show seemed to be pretty busy, especially when compared to the Embedded Systems Conference earlier this year. I was so busy during my afternoon on the booth that I didn’t get much chance to walk around the rest of the show and see what was there. Anybody else that did, please leave a comment with your opinions of what you saw.

I was intending to give you some information on the results of the recent Wi-Fi shootout at DefCon in Las Vegas, but unfortunately the page, hosted on Earthlink, seems to have exceeded its monthly quota, and has been shut down.

For those that don’t know what this is about, it is a competition to see who can get an 802.11 connection over the longest distance. It is run in the desert outside of Las Vegas where there is space for about 40 miles separation between the two machines.

Anyhow, I have sent the folks that run the site an email to see if they’d like me to mirror the results page for a while, or if they have a new location I can point you all at. The grand prize winning team managed over 35 miles by the way.

Update: There is now a mirror of the original results site here on blueDonkey.org. Enjoy!

According to an article in the The Register, users of WiFi (wireless networking) are still not encrypting their connections. This is an interesting survey though as it moves away from the traditional WEP/no-WEP position: the people they surveyed (well, more like monitored) were using open access points at the Planet Expo in Boston.

The company that ran the experiment, AirDefense, monitored all traffic between the show’s attendees and the 141 open access points around the floor. They found that “Only three percent of e-mail downloads were encrypted on the first day of the conference, 12 percent on the second day.”

So, now the emphasis is moving away from making the link secure (kind of accepting that radio waves are inherently insecure perhaps?), and towards getting people to use encryption for their email and other sensitive traffic.

To be fair though, many of the people at the show may not have had the option to use secure email connections. Both my ISPs allow me to access my email via a POP3 connection from anywhere I can connect to the internet, but I don’t have any option for encrypting that traffic. My primary webmail service (Yahoo! Mail) does encrypt the login process I believe, but not access to the email itself.

If encryption is to be widely used for email, then what we need is an encrypted version of both POP3 and SMTP. Something modeled on the HTTPS standard perhaps since that has proven to be simple to use, and effective. Or do we go even further and move everybody to an encrypted version of TCP so that much of this traffic is encrypted by default.

This seems to be present in the new IPv6 standard (read this informative article on IPv6, including a section on the Authentication Header and Encrypted Security Payload mechanisms it provides). Perhaps we should move the US and Europe to this standard more quickly?