Anarchy-X anarchyx@identi.ca

We need better public WiFi standards. Our current system of bootstrapping WiFi sucks.

The typical mechanism for public WiFi is this: you connect to an unencrypted SSID in your local airport or cafe. When your computer does a DNS lookup of any address, the IP that is returned is that of a local (or tunneled) authentication gateway. "Welcome to Fakename WiFi, click here to accept the terms of service, give us your username and password, pay us $5.95 for the next 20 minutes." Your computer can't look up any other servers until you go through whatever dance the access-point owner wants you to.

This has never worked well, but it's getting worse.

The Internet doesn't work on a single protocol (shock!). Computers do lots of things when they connect to a network -- like try to send and receive email or connect to chat servers. Even those program that do use HTTP for their protocol may be using a Web API and won't have a browser interface. All of these will fail (usually) if the poisonous DNS system is in place.

For computers that have local DNS cache (which I highly recommend -- it can really accelerate your computing), your cache either tries to route around the lies the access point is telling you, which doesn't work, or gets filled with wrong answers, which also doesn't work.

Mostly, though, the problem is that more web sites than ever are switching to 100% HTTPS. When you try to connect to this kind of site in the purgatorial state of early connection to public wifi, you'll either get a complete browser failure, or a warning that the site is corrupted and that something fishy is going on. Which it is.

Our 802.11x standards have been around for a decade and a half. It's time that they started reflecting the reality of the network they're on -- a mix of public and private access points, with requirements for each ones. We're dealing with requirements for TOS acceptance, authentication or payment at a much higher layer in the network than makes any kind of sense.

Maybe I should switch to using simpler devices, in which the firmware has long been analyzed and has no probability of a backdoor.

Get myself a C64, a ZX Spectrum or at least an old DOS computer.

I don't see a problem there, as long as there are clear lists of "these clients support voice calling", "thse clients support blackboard", "these support whatever".

I like diversity.

Regarding Vitamin A and Vitamin C, it is so easy to get them in your diet that if you aren't, you probably are eating total crap to begin with, which is in itself indicative of badness. :-)

Remember Troll The NSA? Maybe we should do a similar thing by sending tons of encrypted random data by mail, IM, HTTPS etc. -- so that the agency won't have enough resources to decrypt it all.

http://www.theonion.com/articles/poll-majority-of-americans-approve-of-sending-cong,33752/

Since when did the Onion report REAL news?

Grrr. So, I think I know what's been happening with identi.ca.

1. The pump.io process has been throwing errors due to running out of file handles.
2. When the errors are thrown, the cluster child is dying.
3. When all the cluster children are dead, the parent is still running, so forever isn't kicking over the server.

I think I've fixed the problem; we'll see if it works.

• I increased the number of file handles. One of those terrible hazing rituals that sysadmins have to go through. Boo.
• I updated the pump code such that if a cluster child dies, the parent starts a new one. This should keep all cylinders running, I hope.

Thanks for your patience; sorry for the problems.

And here's a clickable link: https://github.com/e14n/pump.io/wiki/FAQ

Nobody's pointed out that identi.ca is 100% SSL now.