The company plans to pull all its gear from the poles starting 12-June-2008. The company's press release said it offered to give the network at no cost to an unnamed non-profit, as well as to the city, but claimed that "unresolved issues" led to the effort falling apart. EarthLink offered cash and more equipment, as well, in undisclosed quantities. Wireless Philadelphia, the non-profit in charge of managing the network provider and administering digital divide programs, was apparently not the non-profit mentioned.

EarthLink filed a lawsuit to allow it to remove its Wi-Fi nodes and cap its liability at $1m. That's a pretty hostile move, given that the city would have been the more likely party to feel aggrieved and file suit against EarthLink for failing to live up to the terms of their agreement.

EarthLink's claims of offering the network to "a non-profit" or the city for free skirts the issue that EarthLink may have certain liabilities for electrical power and other fees that haven't yet been paid; Wireless Philadelphia had agreed to pick up or defer certain charges as part of the deal that brought the network provider in. But without a completed network, and the contract therefore perhaps susceptible to being declared in default in court, it's unlikely that this will play out nicely.

And I'll say bluntly: If someone offered you $17m of outdated equipment on a network that never worked to specification that wasn't completed, and that already had known high annual costs, and which a private firm gave up as a bad job that they couldn't turn a dime on--would you take that deal? No. EarthLink will ultimately have to pay much more than $1m, I predict, and I suspect some of the settlement will leave gear in selected neighborhoods behind for more modest networking purposes. It's not going to be as easy as releasing a press release, although I haven't read the contract's provisions for this set of circumstances, and I'm not a lawyer.

The failure in Philadelphia, and EarthLink's exiting the entire muni-Fi business, represents the end of a bad model in which a company agreed to assume all risk and costs associated with building a public access network. When the assumptions were that networks would be cheaper and easier to build in 2005, and that citizens in many larger cities had few affordable broadband options, it made some sense to build a network on spec.

Three years into this, however, it's clear that that capital investment is 2 to 3 times higher than what was anticipated to reach a level of service quality that people will expect; that, when presented with potential competition, DSL and cable operators will slash prices and offer cheap 1-year or "lifetime" rates with long-term contracts; and that wireless broadband delivered via Wi-Fi isn't the best of ideas for indoor service.

Minneapolis may wind up being the only large city, if the network quality and subscriber rates play out, that has a public access network that works and produces a return.

Zipit gives away text messaging for a year, changes prices, options: The Zipit Wireless Messenger 2 (Z2) was introduced in Dec. 2007 with a number of interesting features for a messaging appliance targeted at teens--and their fretting parents. With no Web portal, the $150 device included unlimited Wi-Fi on Wayport's McDonald's network (now nearly 10,000 locations), and support for popular IM clients. It also included SMS with major cell carries, charging $5 per month for 1,500 incoming and 1,500 outgoing messages. Uptake must have been poor, as the manufacturer announced today that purchases until 31-July-2008 would include a year of free text messages. The company also modified its plan without noting that fact, increasing messages to a "reasonable personal usage" of 5,000 incoming and 5,000 outgoing messages per month. There are no overage charges. The service will now cost $30 per year instead of $5 per month for new purchasers starting 1-August-2008. That's a 50-percent price reduction (over $5 times 12), but it's often much cheaper to bill annually in advance.

Wi-Fi Alliance cited in WSJ as model for multipartner alliance: An interesting analysis in the Wall Street Journal's Business Insight section points to the Wi-Fi Alliance standards based, no-company-on-top approach as one that led it to win out through both technology and organization over other standards that might have taken precedence. I've been stunned over the years how a group that has a board comprised of the most powerful and competitive interests in this market segment, and which has hundreds of much smaller members, has managed to keep alive the notion of interoperability for the greater good of the industry and customers. 802.11n's long delay certainly threatened harmony--especially with some ugly proprietary slap-ons to 802.11g--but the alliance continues to keep the technology in equilibrium, while still allowing individual companies to differentiate their products with little difficulty.

If you have no clue what 802.1X is, read my recent technology primer first. If you’re already familiar with 1X, you’ve probably heard about some of the 802.1X additions- the 802.1AE (MACSec) and possibly 802.1af (the key agreement for MACSec)… but that’s just the tip of the iceberg, and what’s hiding underneath will knock your socks off!

We’re currently at the 802.1X-2004 edition, with the group working on the REV and hoping for an early-2009 release. When IEEE makes additions (such as AE and af) they’re just afterthoughts and changes tacked on to the end of the standard. But when they do a revision , as they are now, they’re opening up the whole can of worms and all parts of the standard are opened for evaluation and modification. Yee-haw!

So, what’s in this new revision and what can we expect from 802.1X-REV? That’s what I wanted to know, and I’m sure you’re curious too. I was lucky enough to catch a quick call with Paul Condon earlier this week and get some of the inside scoop. Paul is ProCurve Networking’s CTO, but more importantly for our purposes today, he’s the Vice -Chair of the IEEE 802.1 working group and is intimately involved in 1X and a variety of other networking, security and authentication standards.

1) Encryption & Key Exchange : The first goal in updating 802.1X was to add security with encryption, specifically on switch-to-switch links. Of course, with encryption comes the need for fast, secure key exchange, so we ended up with 802.1AE and 802.1af as answers to the first set of goals. The encryption will require hardware refreshes, and vendors are already gearing up for that. The benefits of encryption are pretty obvious, so I won’t bore you with that. There are some fun little gems hidden in the AE/af set though. Even without using the encryption piece, we’ll be able to use the key exchange as a means of quickly (in ~4-5 packets) authenticating (or re-authenticating) switches to one another after a reboot. It will be a critical piece for maintaining availability and integrity in the network. And w e can do this piece without a hardware upgrade, which is pretty nifty.

2) Same-Port Multiuser Support: Here’s where the 1X-REV sauce starts tasting really good. The new revision is leveraging some of its security updates to support multi-user modes on a single port. And no, not by using multi-tagged VLANs, this is way cooler than that. In theory, multiple PCs, phones or other connected devices can connect through a single port, which would essentially be running multiple instances of 802.1X, letting each communicate securely. It’ll be similar in practice to how wireless APs segregate and encrypt traffic between the AP and the endpoint. I’m sure at first we’ll see software-based endpoint encryption support and of course, move towards hardware encryption and see NICs with the capability baked in. That’s still down the road, but the road is getting shorter.

3) Network Advertisement/Selection : Now the 1X-REV sauce is the best you’ve ever had- you’re gonna want to put this stuff on everything ! :) The 3rd goal of the revision is to add support for network advertisements on the wired side- which would be a similar experience to selecting the wireless SSID from a list of ones available on your laptop. But, it’s happening on your wired switch. Wild, right? They’re going to leverage the EAPOL types here to communicate from client to network. Imagine the possibilities…

All these new functions and features give 802.1X numerous new use cases. I think you’ll see parts of these technologies leveraged in various parts of critical networks everywhere. Sponsor ballots come at the end of the year, and they’re hoping to see something solid and released in early 2009.

You can see why I’m excited. The 802.1X-REV may be the evil stepchild for a while, but it’s coming. When it does, it’s going to rock our little network worlds and flip our thinking about wired security and network segregation upside down.

Of course, you’ll be seeing more on this from me, so hang in there!

# # #

The Eye-Fi Explore product relies on Skyhook Wireless's system of analyzing the signal strength of nearby Wi-Fi networks to extrapolate latitude and longitude. Eye-Fi ties that into their system to stamp images with locations. This deal also ties into Wayport's domestic network of 10,000 hotspots, most of which are McDonald's outlets, allowing free uploading via those systems. The purchase price covers one year of hotspot service. You can upgrade an existing Eye-Fi to the new feature for a fee. All three products work with Mac OS X Tiger and Leopard, and Windows XP/Vista.

Because Skyhook needs a live Web connection to look up the Wi-Fi environment, Eye-Fi can store the Wi-Fi snapshot when the picture is taken, and manage inserting the appropriate photo metadata (EXIF format) at upload for Flickr and other services that support geotagging.

Geotagging is a very popular idea, something that I'm quite taken with because it pairs the act of taking a photograph with the location at which the picture is taken, making a digital photograph seem a little less untied to reality. But until now, it's been generally quite involved to match a picture with coordinates. A handful of specialized cameras embed GPS chips, and there's software to facilitate other methods, but the cost and battery drain of GPS chips have apparently so far kept it from being a widely deployed feature, while the wonkiness of alternatives doesn't appeal to mainstream users.

Sony once sold this wacky GPS companion (which I just found out isn't available in either released model) that would track your location over time, and use that information to geotag images via a special software program that let you pair its stream of data with your photographs.

Eye-Fi and Skyhook are doing something almost the same, since the camera isn't capturing the GPS data, and the Eye-Fi isn't applying the information live, much of the time. But it's eminently more usable than the Sony system, because the Eye-Fi handles the assembly seamlessly for you.

Now there's just one thing to worry about. Think about this: McDonald's are everywhere, and nearly all of the U.S. locations have Wi-Fi. The Eye-Fi uploads whenever it can, as long as the camera is turned on. You're geotagging images without any effort. Okay, got it? So...you call in sick to work, and run off to take some photos. Your boss, using RSS to subscribe to your Flickr feed, not only sees your pictures as you wander the town, unknowningly promiscuously uploading them via quick-serve restaurants' networks, but also knows precisely where you are.

This makes me suggest that you might set your Flickr upload preferences to keep images private and your geotagging preferences the same. You can then expose the images you want for public consumption. The Panoptican is...us!

So my next iteration of fun reading on security, logging and other topics.

1. 0x000000 blog has a neat post on security, word definition and all. It reminds us that "security is forever" since it is about people, not broken technologies. A quote: "And so we will never able to secure other people, they have to secure them self. And we know that they can't." Same blog also have a fun (but a little bizarre with a little 80s feel) interview with Richard Stallman.
2. Along the same line, discussion about security industry longevity is here at Gunnar Peterson's blog: specifically, he debates Mike R's semi-humorous prediction that in 2012 there will be 0 "security professionals." Indeed, secure networks + secure OS + secure apps < security.
3. Also a very fun read comes from DarkReading: "7 dirty secrets of the security industry." Example quotes: "The goal of the security vendor is not to secure, it's to make money" , "Security vendors want businesses to buy what they sell, so they push specific products to block specific threats "; it also discusses another facet of compliance vs security.
4. Fun - and as usual heated - debates about the "AV is dead" and "anti-anti-virus revolt" happen here. Is blacklisting  AV dead now? More dead than before? :-) Or just "limited",  but still very useful? BTW, Matasano opines on the subject here as well, calling it not a revolution, but a protest.
5. The next  Carnival of the Security Catalyst Community - April 22, 2008; as always fun. Next carnival Apr 29 is here and the last (so far) one is here.
6. Really good look at logging for developers is here. "all too often logging gets treated as optional and not necessary. In this column we will cover the essentials of logging []for developers!] from a security perspective"
7. Latest stolen account prices are posted here by AVERT Labs guys. Account with $16,000 goes for about 700 euros (!) Also, Finjan reminds us that top corporations are all owned.
8. ISP data retention rears its (ugly?) head again. Good business for LogLogic or privacy nightmare?
9. A fun read from Tizor Blog: "How did the TJX data breach happen? Part 1: Anatomy" A must read, with diagrams, etc. "After breaching the TJX wireless system, the attacker was able to gain administrative privileges to the RTS servers located at the TJX corporate headquarters in Framingham, MA."
10. A very good read from Greg Shipley: "Risk Management: Do It Now, Do It Right." A lot of interesting bits about CSOs, security technologies evolution, etc. "The journey continues. We invested hundreds of millions of dollars in intrusion-detection systems without a solid understanding of their relative effectiveness and total cost of ownership. The IDS craze led to reinvestments in intrusion-prevention systems that even today are only partially enabled, and PKI is still a bad word in many IT circles. There's no shortage of disappointments on other product fronts."
11. "Data Classification Is Dead?"  Rich Mogul explains why data classification by the owners is never going to fly... "Enterprise content is just too volatile for static tags to really represent its value. Even those of you in defense/intelligence don’t *really* do granular data classification. " This is a good reminder to shoe that just spout the propaganda "first, need to classify data." Can you hope to do "DLP" without it? Also, read this one from Rich as well: not only you can't classify, you often don't know who owns what.
12. Hot, hot, hot! "Snake Bytes " on DarkReading. "We are all in the business of stopping just enough crime to keep us in business." Wow! Definitely a must read.
13. Marcus Ranum on logging in Start Trek (read the whole thread): "What do you expect from a starship that runs on Windows-24k? Microsoft added support for syslog in 2348 - citing customer demand - but still
    has no Enterprise-class log architecture." :-)
14. Piece on PCI and log management where a vendor makes an idiotic faux pas by saying that "less than 1% logs are of interest." In reality, all (OK, most) logs are of interest under the right circumstances. And we almost never know which ones we'd need.
15. A fun blurb from a lawyer on PCI. Good conclusion too: "Regardless, now is the time for merchants to begin engaging their legal teams to address PCI compliance, and opening the lines of communication between the lawyers and security pros." He also fights the checkbox mentality by saying that  "merchants should not view their internal security personnel or QSAs as “rubber stamps” of PCI compliance." I am happy to see this lawyer basically say that if you ignore PCI, your ass is  0wned :-)

On that happy note - see you next time! :-)

Azulstar soon answered several RFPs and partnered up with major firms to bring Wi-Fi to Rio Rancho, N.M., Winston-Salem, N.C., Sacramento, Calif., and most notably Silicon Valley--a set of dozens of cities along with county government and private enterprise all wanting some kind of tiered Wi-Fi across 1,500 sq mi.

While EarthLink, MetroFi, and even Kite Networks (with their extensive Arizona buildout in Tempe launched a bit before any other large competiting network) seized the headlines, and later made news about their stalls, failures, and exits, Azulstar seemed quietly to sink into the sand. The Wireless Silicon Valley deal fell apart, as did Sacramento after efforts to get stakeholder and outside investment seemed to fail to materialize, and the marquee partners--Cisco, IBM, and Intel--just wouldn't step up to the plate to make the project move forward. Azulstar was the lead techology firm, but the money just didn't come. (Both California projects are moving forward with a different set of partners and expectations now.)

Rio Rancho was perhaps one of the biggest letdowns. City manager Jim Payne explained in an interview a few weeks ago, "They had a number of things that were going against them from the start, and they did make an attempt to meet the requirements of the contract." But Rio Rancho voted to not just terminate the contract after years of attempts to make the network work, but rejected a proposal from Azulstar a few weeks ago to switch over equipment on the poles. Azulstar now has to remove all its devices.

All of this might make the typical company head a bit depressed about his firm's future, and less than sanguine about the potential for wireless broadband to work at all. Not so for Tyler van Houwelingen, Azulstar's chief, and I have to admit that he convinced me that the wireless provider has a fighting chance, due to a good combination of timing, spectrum policy, and a large dollop of can-do spirit.

The Cloud partners with Devicescape for no-configuration connections: The Cloud will use their software and service to allow its users to connect to its hotspots and those of its roaming partners. There are 10,500 locations in The Cloud's own network. Devicescape's software is available for computer operating systems, as well as several mobile platforms. While Devicescape's software works across many networks without their direct promotion, the distribution of their package by the Cloud gives Devicescape more leverage with equipment makers, and makes use of The Cloud much easier for that network's customers, increasing retention and ostensibly signups.

Ruckus alleges patent infringement by partner NetGear: Ruckus Wireless did license its patents to NetGear for two models of the WPN824 router released by NetGear, but alleges in its lawsuit that NetGear released a subsequent model that wasn't covered by the deal. I rarely mention legal matters, but this is a unique case: hardware is involved and an existing partnership. The outcome could be expensive for NetGear if it's found to infringe, because this model (I don't know about the particular version) was one of the best-selling Draft N routers.

The service is enabled by JiWire, which has gradually transitioned itself from a site that developed a hotspot directory supplemented by editorial coverage and how-to's on wireless data, to one that's now hotspot directory plus hotspot advertising. The transition is interesting, as it reflects what I've seen on Wi-Fi Networking News: Wi-Fi is easier to use, as is cell data; costs for equipment is lower or you don't need to make a choice about equipment; and usage is up so far at hotspots that there's an audience there for commercial-based access.

MetroFi has famously declared free access to metro-scale services paid for by advertising to be unworkable; that may be so, given that they were the biggest proponent of it for a few years, and no other company followed them into that approach. However, metro-scale ad-supported Wi-Fi, in which residential and roaming users alike looked at banners and commercials in exchange for servcie is a far cry from the focused hotspot advertising market.

Hotspot ads involve a very open exchange between surfer and service, and JiWire pushes the watch-for-access model quite heavily. What's saving a few bucks worth to you? 15 seconds? 30 seconds? If so, we have a deal for you, they say, that also works for the advertiser and the service provider (and JiWire). It's not subtle; you have to watch the ad to gain access. But it seems like a reasonable exchange, with two hours' access up to a full day running $4 to $12 in the U.S. at paid locations. (Of course, I subscribe to Boingo Wireless's roaming service now, so I can bypass the ads in favor of paying $22 per month for unlimited usage, too. That's part of that tradeoff.)

(Disclosure: I own a very small number of share in JiWire as part of my early working relationship with them.)