I chose this provider in 2007, for its cheap connection and its high-reliable international connectivity.

In these two years I experienced some minor problems with them, mainly due to the incumbent Telecom Italia, who is still responsible for my last mile access to the network.

Today I talked with other users, and it seems that, even this time, it’s Telecom Italia’s fault.

Anyway, since I need a reliable connection, I decided to move to another provider and technology, and today I dropped a mail to E4A, a local provider here in Veneto and Trentino.

E4A offers broadband radio internet, by using EU’s HiPERLAN/2 technology, an ETSI standard whose main differences with IEEE 802.11 reside in the MAC layer, in the QoS handling, and in security (HiPERLAN uses Triple DES encryption).

I am waiting for their technician to call me to fix an appointment and see if my house is covered by their service (if there’s LOS between my balcony and their BTS).

I will keep you updated with more news as soon as possible.

One of the problem you may face while using Instant Messaging on your mobile device is the problem of priorities. It may happen that, while being connected on your iPhone or Android, you switch on your laptop and login to your favourite Instant Messenger. This way, you will have two connections open at the same time: where will your incoming messages routed to?

Clients and providers

Not all IM will work with multiple sessions. So far, I only tested Jabber/XMPP and Google Talk, and I will only talk about them. Plus, from my personal point of view, I chose to use my XMPP and GT accounts through Adium on the Mac and Beejive on the iPhone.

Thanks to XMPP openness, priority management is not tied to a specific client or service, and any XMPP-compliant IM client will handle it. So, since there are plenty of other clients that can support XMPP ‘resource priorities’, you can choose your favourite.

How it works

XMPP is an open IM standard, adopted by many IM providers. Google Talk is based on a proprietary implementation of XMPP, so it inherits many of XMPP’s features.

An XMPP service provider gives you a user-id in the form user@server.tld. This is you JID (Jabber ID), and it is used to identify your account. For instance, if you’re using Google Talk, your JID is username@gmail.com.

Every time you login on a Jabber/XMPP server, your client will send to the server your “Resource Name”. You can change your Resource Name by simply adjusting the settings of your Jabber client. Since XMPP allows different simultaneous sessions under the same JID, the Resource Name is used to identify the specific device connected to the server.

For instance, if your Resource Name on your laptop client is laptop, then one of your contacts can send a message to your laptop by sendind a message to your JID/RN (username@gmail.com/laptop), even if you’re connected through different devices at the same time.

Along with the Resource Name, you can assign to each client a “priority”. Priority is used to solve conflicts whenever a message is sent to your JID, the Resource Name is not specified by the sender, and you’re connected with multiple clients.

The Priority is an integer number ranging from 0 to 127. 0 is the lowest priority, 127 the highest.

As an example, you can imagine that you’re connected both with your iPhone (RN: mobile, PRIORITY: 1) and your Adium client (RN: SteveLaptop, PRIORITY: 3). If a message is sent to your username, it will be delivered only to your Adium client, since it has a higher priority than the iPhone. But, once you disconnect with your laptop, the only connected client of yours is your iPhone, with priority 1. From now on, all your messages will be delivered only on the iPhone, until another client will sign on with a higher priority.

Cool! But…

Yeah, I know, it’s cool. But unfortunately, as I said before, Google Talk is only  a proprietary implementation of XMPP, and all this stuff does not work very well.

First, Google servers will change any Resource Names you will set by adding to it an hex string. This way, all pros related to the use of Resource Names are killed.

Plus, Google servers does not take into account priorities. If you’re connected through multiple clients, any new conversation will be sent to all devices, until you reply from one of them. From that moment on, all the following messages will be routed only to the device you’re using.

I know, it sucks.

What can I do?

If you want a good Jabber/XMPP account with a correct XMPP implementation, you can sign up to one of many public (and free) XMPP providers. I suggest you to use the oldest one, Jabber.org.

It is important to say that all public XMPP providers (even Google Talk) are interconnected, so you can apply for an account at Jabber.org and then talk with your friends using Google Talk, since your XMPP will route your messages to the recipient XMPP server, just like mail servers works.

And you? What do you think about Mobile IM? Which is your favourite IM account and which XMPP provider do you use?

I surfed on the Vodafone.it site, and I found out the Samsung SHG-L770V, an HSDPA (3.6 Mbps), UMTS phone, with radio (with RDS functionalities), Bluetooth and a 2Mpixel camera, sold at 149 euros with a special promotion.

So I decided to let the Nokia N73 die and on Saturday I went into a Vodafone One store in Verona, with only one thing in my mind: never, ever, pay more that 150 euros for a phone. Unless it’s not a phone.

I bought it, I put on my Vodafone SIM card, and started using it.

I have to say I was very surprised: it has a beautiful display, with very readable text and clear images, a long-lasting battery and an FM radio with RDS (I never found a phone with RDS, but I think it is the first thing that should be supported in a radio).

Unfortunately it cannot work with Apple’s iSync on my Mac, but I think this is more Apple’s fault.

I also tried to use the tethering function, connecting the phone to the Macbook Pro (USB cable included) and using it as a HSDPA modem. Right now is 9am, I am sitting down at the table on my balcony and this is the result of my speed test:

A good bandwidth, if you think that this is UMTS and the signal is around 50%.

The only real problem is the price of the internet connection: Vodafone Italy only offers two packages: 400 sessions (15-minutes-sessions) for 30 euros/month or 60 sessions for 15 euros/month. I made my test using a 1-month-free voucher (400 sessions package) that a friend gave me, but I think I will not use on a regular basis unless Vodafone changes tariffs.

Bluetooth works very well, the phone has a live autocomplete function that lets you type only the first digits of a phone number and it will automatically search for that number in your address book and recent-call list.

Unlike my previous branded phones, this one has a really tiny branding, not so heavy and not so ugly. The phone also charges while connected with the USB cable, so you can charge it with your laptop and not to worry about its battery while connected to the internet.

The camera is not good, and photos are not so wonderful. I don’t care that, but if you really need a phone making photos, this one is not for you.

The cell phone reception is slightly worse than the N73 one: it shows only a few bars inside my house, while the old N73 was at “full coverage”.

Anyway, if you’re looking for a good phone, with usueful features, at a good price, I certainly recommend this one.

If you own an AG241 you probably know that once you’re connected on a ADSL2 line the status page shows “NOT TRAINED”, or you’re aware of that huge negative SNR value when the copper twisted pair is disconnected.

I’ve searched for months to find a good alternative firmware to fix this, like I did with my WRT54GL and DD-WRT. It seemed like I had to live with the original firmware forever, but after weeks of searches and with the help of Saint Google I found this.

It’s Phoenix BI Firmware, a good alternative to the original one, which provides detailed status pages, new DSL modulation support and a lot of bug fixes. In this page you can read a detailed description of it.

I’m using this version on my home DSL2 since 6 months, and it works perfectly. If you want to use that, be very careful with the upgrade, since you have to choose the right version for your device and it can take some time and also brick your router.

But if you have some skills in this, it’s worth the time!

To tell the truth, I am among the second ones: wouldn’t it be great if in every place you can visit you could find an open wireless network to check your email, blog, feeds and so on? That’s why I’m a Fon member, and why I share my connection at home through a Fonera router.

But in these last weeks I’m also trying to keep my wireless router (a Linksys WRT54GL) open with free access (no WEP, no WPA or WPA2, …), allowing my guests and occasional users to connect to the web, while in the meantime trying to avoid my neighbours’ leeching.

The key point is: I completely agree in sharing wireless with other users, but not with regular selfish leechers that greedly sink your connection with tons of downloading.

I know that the my “open your wifi” invite sounds a little bit crazy, but my opinion is that you don’t defeat the enemy by locking yourself in a little dark room: it’s not closing your wifi (and leaving all your ports open) that you’re safe.

As you may know, there are several ways to secure a wireless connection. From weakest to safest:

• Disabling SSID broadcast: very weak, during the handshake the SSID is transmitted in clear, and all your communications will be in clear.
• Selective MAC-address access: MAC address can be spoofed, and anyway all the communication will go in clear.
• WEP: very weak, it can be broken in less than one hour, since the key generation that will provide seeds to the RC4 algorithm is not so smart, even if RC4 by itself is safe. Traffic is encrypted, but not in a safe way.
• WPA: stronger than WEP, it can be broken only by capturing an handshake session, and trying an offline brute-force attack. If you choose a “good” password, it is reasonably safe. Traffic is encrypted.
• WPA2: better than WPA, the safest as of today, traffic encrypted.

So, what kind of threats can you meet in opening your wireless? I tried to fill a list of reasonable threats, and subsequently tried to take some countermeasures. Here’s the list.

1) Open Wireless = “ACME Free Bird Seed”?

As I mentioned before, one of the first thing you can notice when you open your wireless is your neighbours regularly stealing your connection. If they grab all your “free bird seed” (I did not find any suitable free-bird-seed image to put here…), you can use your router’s MAC ACL (Access Control List), putting their MAC address in the blacklist so they can no longer connect. If they are above the common user-level, they can always try to change their MAC address, but you can always block their new address.

2) Split your WiFi

The key point in opening a wireless is that you’re not only allowing everybody to connect to your network, but every single bit you send (except for the ones protected by some security protocols) will go through the air completely in clear, without any kind of encryption. An attacker can use a sniffing software (like Wireshark) to read all the webpages you load, your mail and so on.

This is the only point that blocked me from opening my wireless for a while: my privacy.

A good move you can take to avoid this is splitting your WiFi into two networks. Maybe your router is one of the many ones supported by the DD-WRT firmware, a free professional-like firmware that allows you (among many other possibilites) to create different “virtual networks”. My router supports DD-WRT, so I used it to create two different networks within the same radio transmitter: a protected one (with WPA2) for me, and a free one for my guests completely open and separated from the other network and the Ethernet part of my private net.

With this kind of configuration you can offer free wifi while keeping your traffic protected (if somebody is interested in this, please comment to this post (or write me) and I will post a tutorial about this).

If you can’t split your wifi, there are some other methods to build a secure channel over an insecure wireless link: if you have some skills in networking, you can setup an IPsec tunnel or an SSH tunnel to your SSH or IPsec capable router, or through another server on your wired private network (if you’ve one). This is also recommended if you frequently use public and unknown AP with your laptop.

3) Blocking Traffic

If you’re worried about what your “guests” can download, or if you’re worried to receive a cease-and-desist lettere from your provider (P2P docet), you can always selectively block some services. On my public wifi signal, the only allowed traffic is HTTP/HTTPS, mail protocols (POP3, IMAP and SMTP and their encrypted versions), some IM protocols (AIM, JABBER, MSN, …) and SSH.

You can setup these rules inside your router’s firewall. In my router, since the firmware is linux-based, this is provided by iptables.

In this way somebody connecting to my wireless can only surf, check email and do some “SSH-ing”, while all P2P protocols are blocked by default. You can also make some bandwidth throttling, but I preferred to leave full bandwidth.

4) Security?

At this point you’ve provided a good level of insurance against attackers, providing free internet (you can look at yourself as a 21st century Good Samaritan), and in the meantime ensuring confidentiality for your own data and traffic.

Ok, I know what you’re thinking: there are a lot of other possible threaths, like somebody downloading pedo-pornographic movies through HTTP and so on. You can have technically also legal problems, since in some countries (like in Italy, where I am) you shouldn’t allow somebody to connect to a WiFi AP if you don’t ask him his ID card and register it (thanks to the post 11th September anti-terrorism Pisani Law). I know all these things. But I think that if we take care of all possible problems we can have in life, we will not live happy. :)

And you? What do you think about opening your wifi? Do you think I’m totally crazy?

So we went to Speedtest.net mith my Macbook Pro and this is the result of some tests between Trento and Rome:

The first thing we noticed is that there is a bandwidth cap for each user, since the download bandwidth is floating between 1Mbps and 2Mbps, and it is the same even if more than one user is downloading at the same time. But the frightening value is the upload one: in some moments we reached about 20Mbps, and it seems that there is no cap to this upload bandwidth.

Since in Italy the best upload bandwidth you can have with a consumer offer is around 512kbps on a DSL line, you can aware of how much me and Nicola were surprised! Usually providers sells DSL connections to consumers, and optical fiber connections only to business entities, and in Italy we end up having broadband download connections choked by narrow upload bandwidth.

Just to give an idea, here’s another test I made from my home DSL connection:

This should be a 7Mbps/384kbps, but since there’s a very high load on the DSLAM, I can reach only 3.7Mbps (in the evening speed decreases till 1Mbps or less)…

So I wanted to restore the original firmware, but the tutorial on the DDWRT wiki doesn’t work, since it does not take into account the recent modification in the boot script introduced after the v24 RC7. If you apply the old recovery, your La Fonera will boot only once, then at the next reboot it will not start, because of the modified boot file created in the DDWRT flashing.

So, if you’ve flashed your La Fonera (only 2100 Foneras) with the most recent version of DDWRT (v24 RC7, v24 final, …) and want to return to the original FON Firmware, you have to:

• Download the original 0.7.1.1 firmware, already patched for this kind of flashing
• Go to the RedBoot prompt
• Give the following commands:

ip_address -l 192.168.1.254/24 -h 192.168.1.2
fis init
load -r -v -b 0x80040450 rootfs.squashfs
fis create -b 0x80040450 -f 0xA8030000 -l 0x00700000 -e 0x00000000 rootfs
load -r -b %{FREEMEMLO} kernel.lzma
fis create -r 0x80041000 -e 0x80041000 vmlinux.bin.l7

• Consider that some commands can take up to 20 minutes to be executed, so DO NOT disconnect your Fonera. After this, you have to use the fconfig command, and set the boot parameters according to these ones:

RedBoot> fconfig
Run script at boot: true
Boot script:
.. fis load -l linux
.. exec
Enter script, terminate with empty line
>> fis load -l vmlinux.bin.l7
>> exec
>>
Boot script timeout (1000ms resolution): 10
Use BOOTP for network configuration: false
Gateway IP address:
Local IP address: 192.168.1.254
Local IP address mask: 255.255.255.0
Default server IP address:
Console baud rate: 9600
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

• To end the flashing process, type:

fis load -l vmlinux.bin.l7
exec

Your Fonera will reboot and in a couple of seconds you will have your original Fon firmware.

Searching through tons of webpages I’ve found that if you want to disable your private signal you can choose between:

• COMPLETELY DISABLE PRIVATE SIGNAL: go to the onboard Fonera administration page and put as private SSID a single blank space. Then, reboot the Fonera and your private signal will vanish. If you want to make some changes to the configuration after having turned off the MyPlace, you still have your web administration available at Fon webpages, or you can connect to the Fonera through the LAN side using the usual 169 IP address. If you still want another way to access the admin pages a third option is available: reset your Fonera.
• SWITCH OFF PRIVATE SSID BROADCAST, BUT KEEP PRIVATE SIGNAL ACTIVE: you should go to the Fon website, and put the word OFF as SSID. Your private signal will survive, but its SSID broadcast will be switched off.