Monday, December 2, 2013

Zenbu Version 2.0

Hi everyone,

Summer looks to be in full swing and Christmas just around the corner. Many of you out there will likely be revving up for the busy season and just in time for you we have an
 early present that should hopefully help things go even smoother than always. Something new to do with Zenbu that we would like to share and hope that you will find helpful.

So, let us start with a token *drum roll* ~~~~!

We would like to announce the arrival of our latest firmware version, Zenbu 2.0! *Cue the introductory catchphrase*
A new version of the Zenbu firmware years in the making, as reliable as ever and ready to restrict data usage, to seek out new features and security, boldly going where no Zenbu firmware has gone before.

There are numerous improvements added for the convenience of hotspot operators and also some behind the scenes alterations which have tackled a number of both relatively common and very rare annoyances (while much of the modification and fine tuning is likely never to be noticed, we implemented them just because we could).
Of probably most convenience, operators can now turn their Zenbu router's WiFi on/off and change the channel (operational frequency) that it is broadcasting on via our website.
This version also allows us more insight into the state of a Zenbu router itself and the environment in which it is operating. So, in the unlikely event that a need for troubleshooting arises, we are already at least a few steps out of the dark (and that much closer to identifying an issue).

Last but not least... some of you may have noticed the change and be wondering what on earth is the following signal; "Zenbu XS [user+pass=zen]"

This is the same signal coming from the Zenbu router but utilising WPA2 enterprise encryption, encapsulating with PEAPv0 MSCHAPv2 and authenticating by IEEE 802.1X.
However, putting aside the details and keeping it nice and simple;
Essentially... the Zenbu XS signal is more secure!

(For those interested, some of the technicalities are located below.)


As the signal name implies, the username and password for connecting to the wireless signal are both 'zen'. (Note; this is not the key used for encryption of your transferred data.) Once connected, the procedure for logging in via Zenbu is the same as always.

So the next time you see one of these signals, if your device is capable of handling these security features, then give it a go! (and feel assured with the knowledge that at that point in time, the data that you are transferring through the air has an extremely robust padlock on it!)


We hope you all enjoy the summer.  So far so good!

Regards,

The Zenbu Team.


======================================
Technicalities
When connecting to the XS signal, by checking the security certificate, you can confirm that what you are actually connecting to is indeed an authentic Zenbu hotspot.
Furthermore, due to the nature of the security protocols being used, a number of unique keys are negotiated on connection. These are dynamically generated, specific to the user's current connection and only the user device and Zenbu system know these. No one / nothing else (not even the user).
In the case of signals using pre-shared WEP/WPA encryption keys (PSK) the key (for connection AND encryption) is the same for all devices connecting to the network and must be provided to anyone who wants to connect. For it to be a public WiFi hotspot, this pre-shared key would be disclosed to an ever increasing number of individuals... which effectively renders encrypting the data transmission pointless. i.e. the same as an open signal.

When a signal is open or effectively open like in the above case using shared keys, people can potentially snoop on the wireless traffic of those connected and see what they are up to. Note however that...
Even in this type of open or "shared key" environment any data that should be secured (like your online banking) is likely using SSL or other encryption methods anyway. This is because it needs to be encrypted as it traverses the internet where there are likely many more nasties than in your immediate environment!

[Secure sites starting with https are encrypted from end to end (which also includes over the wireless link). Encryption of data being sent between a device (client) and a secure website (server) is unrelated to the encryption of all Wi-Fi transmission between a device and a wireless router. In the case of SSL traffic over a 'secure' wireless link... the data is effectively double encrypted, for the wireless portion.]

Given the above, an open signal isn't really that much of an issue... but of course, people do like to see "secured" on their connection label.
So, with that in mind, we have opted for the only worthwhile option that provides a real security benefit in the public Wi-Fi environment Zenbu must operate in (rather than the false sense of security proliferated by pre-shared keys).

In the case where
 negotiation of dynamic, unique keys is performed upon connection (e.g. to Zenbu XS signal), as the master key is not known, snooping is a futile cause (beyond using a supercomputer to brute-force the lock... such a culprit would have no means of comprehending the garbled data).

Even if someone were to attempt disguising their device as someone else's (by MAC address spoofing) this would not get them the key required to decrypt the data being transmitted. Due to the dynamic variables involved upon key creation, they would merely generate a different set of keys for their own connection at that point in time.
The only method left is to try and create a fake hotspot that imitates the Zenbu signal and try to capture the keys that users provide when someone carelessly connects. Which of course brings us full circle. Checking the security certificate.
secure.zenbu.net.nz / secure.zenbu.net.au are our domains and only ours. If it shows our domain when connecting to the XS signal, then you can be sure that what you are connecting to is an authentic Zenbu hotspot. Otherwise... run for the hills!
======================================

Saturday, September 14, 2013

Mobile device usage trends and the repercussions.


Hi everyone,

As we gradually build up to that busy time of the year, I thought it would be befitting to provide some information about relevant trends and what is going on with the network as a whole. As such, following on from similar entries, here is a quick update containing some statistics.

First of all... We hit the 10 million connections mark! and with that milestone, a total of 359,135,308.09 MegaBytes (342.5 TeraBytes!) of data has been transferred through Zenbu systems since 2006.
"What is a Megabyte?"

=============================================
To do the cliche sales pitch often used for storage devices... that is;

Transferring, this Zenbu logo [gif] (2537 Bytes) 148,435,421,685 times!
This image of Ruapehu [jpg] (207,253 Bytes) 1,817,009,475 times!
This image of Rangitoto [jpg] (527,648 Bytes) 713,696,753 times!

Loading the list of "Zenbu Wireless Internet Wi-Fi Hotspots" [PDF] which is updated daily [490,666 Bytes = 0.4679 (4dp) MegaBytes @ 2013/09/13 1645] approximately ~ 767,488,810 times.

Sending the text from the world's longest novel 313,523,292 times!

[Guinness World Record] ("A la recherche du temps perdu" by Marcel Proust containing an estimated 9,609,000 characters = 9,609,000 bits = 1,201,125 Bytes = 1.1455 MegaBytes)

Several lifetimes streaming and listening to music in MP3 format!
2915.36 years @ bitrate [32 Kbits/s] (lowest possible quality of MP3)
971.79 years @ bitrate [96 Kbits/s] (somewhat low quality MP3)
728.84 years @ bitrate [128 Kbits/s] (mid range quality MP3)
583.07 years @ bitrate [160 Kbits/s] (mid range quality MP3)
485.89 years @ bitrate [192 Kbits/s] (often used high quality MP3)
291.54 years @ bitrate [320 Kbits/s] (highest possible quality of MP3)

According to the Youtube live encoder settings and dependent on the file format, video & audio codecs of the video being watched;
Between 133.27 and 310.97 years of [426x240] 240p Youtube videos!
(@ Bitrate MIN 300 Kbits/s MAX 700 Kbits/s)
Between 93.29 and 233.23 years of [640x360] 360p Youtube videos!
(@ Bitrate MIN 400 Kbits/s MAX 1000 Kbits/s)
Between 46.65 and 186.58 years of [854x480] 480p Youtube videos!
(@ Bitrate MIN 500 Kbits/s MAX 2000 Kbits/s)
Between 23.32 and 62.19 years of [1280x720] 720p Youtube videos!
(@ Bitrate MIN 1500 Kbits/s MAX 4000 Kbits/s)
Between 15.55 and 31.09 years of [1920x1080] 1080p Youtube videos!
(@ Bitrate MIN 3000 Kbits/s MAX 6000 Kbits/s)

A whopping 831.33 days of video feed at the maximum bitrate specified for Bluray video! [40 Mbit/s]

Or... perhaps of more relevance for those operators out there, you could simply watch this video (6,484,979 bytes) about mounting the Zenbu router (
WRT54GL) to the wall 58,069,681 times.

Oh the possibilities! ;)

=============================================
 
(Correlating this with the last time we checked; in the space of 9 months that is an increase of 3.6 million connections and 153,219,204 MB data transferred (about two fifths the total in just the last year.) ...and if I do say so myself, WOW!)


So now, with that big announcement out of the way let us move along.

Using the same method / sampling as in previous entries, below is a simple collation and breakdown on the device types and mobile Operating Systems that were used by people when visiting our website (page-views) this previous July.


As we can see, the expected shift towards mobile devices has steadily continued and page-views from such mobile devices now account for about 54% of the total page-views to our website. (This is an increase of 16% over the results reported a year ago in October 2012.)

While the number of desktop page-views per month having decreased (by about 10,000~20,000) does have a contributing effect to this trend, by in large the results are just plain due to the proliferation of mobile devices into the consumer market. Quite simply, an explosive increase in the number of page-views from such mobile devices.

Regardless of this enormous expansion in mobile device usage however, it would seem that the relative share of the mobile device pie by each of the Operating System has not really changed at all.
This can be seen by Apple's share having only increased by a fractional 0.72% (to approximately 63%). Likewise, while the Android and Apple smartphones have swapped places, they are still neck and neck.

But what are the effects of this steadily increasing trend towards mobile handheld device use and what does this mean for those of you who are operating / utilising Zenbu systems?
Well, to discuss this topic, I would first like to start off by debunking a common misconception regarding wireless signals and the hardware that propagates them...


So to start off, for those that may be under the impression that signal emission from your wireless routers (Zenbu included) and access points is diminishing in strength over time (aka 'ageing')
...this is not the case.

There are no moving parts in a router so mechanical 'ageing' is out of the question. If anything were to be 'ageing' it would be electrical and it would be first and foremost the capacitors (which over time, just like rechargeable batteries, hold less and less total charge).

Routers can however, get damaged and as a consequence die.
Note: You can increase the likelihood that your router will be damaged by placing it in unsatisfactory conditions such as;

* Temperatures under 0°C or over 40°C (heat stress damage! thermal expansion / compression! Do not put the Zenbu router in a freezer, a hot ceiling cavity, above a fireplace or over a cooking range.)
* 85%+ humidity (Rust is a big one especially near the ocean but regardless; Water and electronics are simply not compatible! Getting the router wet will likely short the components if electricity is flowing.)
* Connecting to dodgy electrical sockets + electrical surges. (This can fry ports, the internal radio, and often will just break your router.)


All the above things that will break your router... are totally unrelated to the strength of the wireless signal. You either have a working internal radio, sufficient electricity to power it and thus a current from the radio to the antennae... or you do not.
The EM radiation emitted by antennae are constant. The physics involved do not change. Sure, people can come along and physically damage the router but the things that may change over time are the;
  • Surrounding noise floor. (e.g. interference from the newly installed wireless equipment, other WiFi capable devices, etc. The more WiFi signals in the area, the more noise and as such interference there will be on the frequencies they operate.)
  • Placement and composition of materials in the environment. (Concrete walls, metal sheeting and objects, etc)
  • and the capabilities of user devices themselves.
    (While it may be stylish, metallic casing is a poor choice when it comes WiFi communication [and also cell reception for that matter]. Conductors, which most metals are, reflect almost 100% of radio waves within the first few atoms of the surface.)
(Note: Something that does not take place over time but happens instantly and will damage your routers internal radio resulting in a forever weak signal / no signal at all;
  • Replacing the antennae while the power is on.
  • Replacing the antennae incorrectly.
  • Replacing the antennae with something of poor quality.
We recommend coverage extension devices, connected to port 1 of the Zenbu router, over replacing the antennae for a good reason.)


So, given the increased number of mobile devices in use and understanding that mobile devices generally do not provide as robust wireless connectivity as their pc/laptop/usb dongle counterparts... it is expected that relatively the proportion of users that experience poor reception would increase (and with it the total number of complaints that the internet service is 'not working' or 'not good enough' will to).

This gradual increase in and shift of users to such mobile devices (and the resulting increase in aggregate floor noise) thus gives rise to an illusion that the signal strength is weakening over time and as a result the effective coverage reducing in radius.
The reality however is that, for the most part; users are trading off functionality for mobility and fashionability.

So in conclusion, what does this mean for operators and users?

For the operator;
Where wireless coverage may have been sufficient a few years ago, now there could be a necessity to install additional access points.
The areas that may or may not need further coverage would of course be determined by customer demand and your preference / discretion.

For the user;
Caveat Emptor. Not all devices are created equal. If WiFi receptivity is important to you, make sure to research what you are getting into by purchasing for example, 'a metal brick'.

Thursday, August 15, 2013

Zenbu design in the 'modern world'.

Hi everyone,

Hope we are all in good health. It would seem that the cold chills we were facing for a while there have passed and along with this new wave of comparatively warmer weather I would like to post our first blog entry in a while. (A bit of a long one so I have bolded the important parts.)

Today
's topic is regarding the perhaps not so well understood reason of;
Why Zenbu is designed the way it is and with what purpose in mind.
(Hopefully we can dispel some general misconceptions along the way.)


So without further ado, every now and then we receive remarks regarding it being 
'the 21st century' and that we have 'outrageous prices' (and were Zenbu an ISP providing internet to a contracted account holder, then I would likely agree).

However, Zenbu does not provide the internet connection that Zenbu hotspots are run off and as such 
in the conventional sense of the term,
we are not an Internet Service Provider.
What we do provide is a guest internet access system where the focus is placed on the controlling of access and data usage.

With that being said, I would like to explain why we believe Zenbu style systems are the only realistic way to provide fast and reliable public (= shared) internet access.


First of all, this exaggerated sense of technological advancement in the aforementioned remarks; what exactly is the source of this perception? Well, a simple hypothesis would be that it is likely due the fact that yes, internet [data allowances] & [data use] are increasing.

But... and a big but that is, the incongruence between expectations (due to the above skewed notion of advancement) with the reality of internet provision... is from the lack of understanding / awareness that the [internet speed] of our standard ADSL connection is not increasing proportionally.
ADSL speeds have not increased in New Zealand since it was introduced. As a matter of fact, upload speeds were actually faster when ADSL was first introduced!
- Yes, newer faster alternatives, such as VDSL and UFB have emerged.
- No, unfortunately, most places do not have access to such services.
(and for many locations the only option is still expensive and slow satellite connections.)

We find that, often reference is made to 'unlimited data plans' and the cost of residential broadband etc as reasoning for why prices should be lower or more data should be provided (usually requesting that it should also be free at that!).

Unfortunately, what is entirely overlooked is that these plans are not 
'unlimited speed plans' (such a thing does not exist) and that Zenbu operators are actually free to provide data at their own discretion and pricing. (Which is of course a judgement which only they can make.)

So taking that all into consideration, to be nice and concise, our explanation is basically;
[internet data allowances] not = [internet speed]
[internet data use] = [internet speed] x [time]

Increasing [internet data allowance] does not affect in any way the maximum [internet data use] possible in a specified amount of time. It just changes/removes an arbitrarily chosen number after which an ISP does 'something' (e.g. charge $ / throttle speed).

If a public hotspot operator decides to provide and people use more data on a connection that can only go the same maximum speed, the result will merely be an internet connection that is relatively more overloaded, slow and unreliable than it was previously.

More / unlimited data allowance does not change this reality.

Given that the purpose of Zenbu is essentially to protect an operator
's internet connection from being overloaded and allow public provision of a fast & reliable internet connection to multiple users simultaneously... the price of Zenbu credit purchased online is set at the lowest common denominator (currently satellite connections) that should sufficiently protect internet connections from being slowed down in this manner.


Sometimes we are told that, because devices these days have all sorts of software and apps on them that automatically sync, update, use the internet and consume lots of data... our system design is no longer relevant in the 
'modern world'.

Our response to this of course is; it is exactly for this reason,
(users are not controlling such things themselves, letting rogue software/apps, viruses/malware, p2p etc run wild and free... not applying the slightest bit of discretion when using a publicly shared internet connection)
that systems such as Zenbu are required more than ever.

Below are some quick calculations for reference purposes;

Standard ADSL
[10Mbit/s download] = 1220.703125 kb/s
[1Mbit/s upload] = 122.0703125 kb/s
100MB @ 10Mbit/s = ~1 minutes 24 seconds.
100MB @ 1Mbit/s = ~14 minutes.
1000MB @ 10Mbit/s = ~14 minutes
1000MB @ 1Mbit/s = ~1 hour 40 minutes

Ultra Fast Fibre
[100Mbit/s download] = 12207.03125 kb/s
[50Mbit/s upload] = 6103.515625 kb/s
100MB @ 100Mbit/s = 8.39 seconds
100MB @ 50Mbit/s = 16.78 seconds
1000MB @ 100Mbit/s = 83.89 seconds
1000MB @ 50Mbit/s = 167.77 seconds
10000MB @ 100Mbits/s = ~14 minutes
10000MB @ 50Mbit/s = ~28 minutes
100000MB @ (So on so forth.)

So on a fast ADSL broadband connection someone uploading a 200MB video to iCloud (or the equivalent) would consume the entire available bandwidth for about half an hour leaving everyone else running very slowly.

Fibre provides much faster speeds, yes.
Fibre provides more data over the same time to the same # of users, yes.
Does it stop a single user with unrestricted access from overloading the connection? No. (This is of course why purely 'time based' designs for public internet access are not a sensible idea.)

Given a finite amount of speed [x], [y] maximum amount of data can be transferred over [z] period of time. Introduce an unknown [n] number of users that [y] needs to be shared between and it becomes very quickly apparent that a means of restricting data usage is required.

If a single person wants to connect to a single internet connection then sure, it does not particularly matter how much data they use. (their usage does not affect internet speeds for anyone else).
However, public WiFi is a different story. In order to have many users connected simultaneously while maintaining good transfer speeds for all... data must be restricted.

A good way to put all of the above into perspective is;
An internet connection is like a water hose.
Many people just want to fill their glass with water and are done very quickly allowing others to also fill their glass with water ('light' usage) but then there are those who want to fill their entire pool with water and they sit their hogging the water for a long time ('heavy' usage). During that time, people that just wanted to have a drink are left to lick droplets of water on the pool side in order to quench their thirst.

You can increase the diameter of the hose & the number of hoses.
Users can also fill (house designers continue to build) bigger pools.
Unfortunately, the size of pools is increasing much faster than the diameter of our hoses and the 'fire hydrants' that were in mind when designing such pools are only available overseas.


Finally, to wrap things up, the topic of copyright infringement.

Beyond not providing internet at all (understandably not the preferred option), data restriction is the most effective method of curbing such illegal activity from taking place on your internet connection.
  1. Making data sufficiently expensive that it would cost the user more to download copyright material like movies, than it would to rent or outright purchase the product, removes the incentive of doing so in the first place. 
  2. Not providing sufficient data for a user to complete transferring of the files renders attempting to do so pointless and a waste of data. (movie files can be quite large) 
The reason we bring this topic up again is because we have received a few enquiries regarding some services which claim they can protect public internet providers (i.e. the broadband account holders) from potential copyright infringement charges.
All we have to say regarding this is that they either;
  1. Do not fully understand how the internet and the peer-to-peer networks for that matter operate.
  2. Do not understand that the "Copyright (Infringing File Sharing) Amendment Bill" applies only to peer-to-peer file sharing.
    (So "blocking" access to websites [which is likely to be ineffective anyway] does not actually impact on people's ability to use peer-to-peer file sharing software.)
  3. Or are just outright being misleading / purposefully omitting information / falsely advertising.
It is not possible to provide access to the internet in general and at the same time 100% stop users gaining access to parts of the internet. Blocking access to a website does not stop and is unrelated to illegal peer-to-peer file sharing.
You can implement censorship and blocking mechanisms which can indeed stop a majority of people, but anyone that does want access and has any technological know-how, will be capable of circumventing any such block. Note that peer-to-peer file sharing does not involve websites at all (it is people sharing files directly with each other) and the software that they use to do so is specifically designed to circumvent any possible block that may be in place.

Under the Copyright (Infringing File Sharing) Amendment Bill the account holder can be held liable for illegal peer-to-peer file sharing. The bill does not apply to websites at all.
(and yes, we agree, it is a ridiculous law... but let's not dwell on it.
The bright side is that no Zenbu operators have had a problem so far!)


Regards,

The Zenbu Team.