Summary: mobileconfig files allow enterprise (wi-fi) settings to be pushed to apple devices but the new Lion captive browser that takes over on captive portal networks, usually used to push out mobileconfigs, doest support them…

Ive been playing around with setting up mobileconfig files for our wireless users at Swansea University and testing with the new OSX 10.7 Lion has proven frustrating.

Some background: The mobileconfig file is a plist xml file that you can push out to clients to configure enterprise setting such as Wi-Fi, VPN and email. Its a great idea that works well, and as it works on the latest iPads, iPhones and OSX it will be really useful for our users.

Problem: Upon testing with Lion i discovered a new feature that has been introduced. A ‘special browser’ now appears upon connecting to a captive portal wireless network. This is similar functionality to the iPhones which was introduced a while back. It was useful on a iPhone as users could navigate to paywall or instructions page after connecting to a open captive portal network. See this blog post for a description of this.

The ‘special browser’ uses a User-Agent of CaptiveNetworkSupport wispr.

The problem is that most captive portal setup networks would push a mobileconfig file to usres through a web site on the portal. This mean users will get to the mobileconfig file on the ‘special browser’. And unfourtunatly the ‘special browser’ doesnt support the mobileconfig file type. fail. I dont think Apple thought this through…

Also, if you open a mobleconfig file from this new browser window, it open opens the default browser BEHIND itself. As the captive portal browser if forced to be on top, the browser appears behind it. If the default browser is Safari its no problem, but like many i had FireFox set as default which resulted with a save box you dont notice placed behind the captive browser.

Solution:The only neat solution i can think of atm is to stop the ‘special browser’ from loading when connecting to setup networks. The OS checks if the network is a captive portal by accessing:

http://www.apple.com/library/test/success.html

So you can either fake a DNS entry for apple.com and host the success.html yourself or you can poke a hole through your captive portal for the url.

This will stop the captive browser from loading and will mean a user needs to load their browser themselves and navigate to your mobileconfig destination.

It a shame that this happens, as it doesnt with the iPhone. Hopefully Apple will fix this soon.

Ive documented all this on my SU1X site: https://su1x.swan.ac.uk/osx_mobileconfig.php

There is more info on setting up and hosting your own mobileconfig file there.

During the process of developing a SU1X android app i came up with an interesting idea.

Basically, SU1X has historically used a static config.ini file coupled with the windows binary and some images to create a package that is customized to a institutions requirements and branding.

But with the medium of distribution for software and packages being completely different with android and a market place, this becomes more difficult. It would require a site administrator with the android SDK and some experience of compiling, signing and distributing apps to build a SU1X app for an institution. Also, a market place would be flooded with apps that do the same thing, just have different names and branding.

So, a solution that popped into mind was automatic configuration and branding discover by the app. A bit like the WPAD process (the DNS option, not dhcp) this could allow one ‘dumb app’ to be on the market place that could ‘search out’ its config based on a combination of a users email realm and ‘su1x-config’ for example.

I could also get the SU1X windows tool do follow the same process.

This will require some thought.

I was catching up on some net neutrality news and came across this:

In a direct response to the domain seizures by US authorities during the last few days, a group of established enthusiasts have started working on a DNS system that can’t be touched by any governmental institution.

http://torrentfreak.com/bittorrent-based-dns-to-counter-us-domain-seizures-101130/

It made me think, would be be better off losing the net neutrality debate and entering a net neutrality war!??!

During World War 2 there were significant scientific and technological developments made as a direct result of the fear and desperation generated by the war. Advances in cryptography and coding, radar, mathematics, nuclear energy etc, its a bit list…

Of course all these discoveries came at a unthinkable cost that no one would ever want repeated.

But if it was a new ‘cyber world war 1’ that we face, where casualties are not people but peoples ability to communicate freely, perhaps this would force developments like the one above, that would eventually result in the war being won by the ‘good guys’ fighting for net neutrality but result in a new internet that is completely resistant to any future attacks on net neutrality and humanities ability to spread information freely.

On November 23rd there was a debate in the house of commons, started by Claire Perry (Devizes MP), who believes ISPs need to offer a opt-in system to restrict access to pornographic material.

Ed Vaizey was in the house to chip in on the subject too. Thankfully he disagreed with Perry, and wanted a self-regulation system. Not that that is ideal either.

http://www.publications.parliament.uk/pa/cm201011/cmhansrd/cm101123/debtext/101123-0003.htm#10112343000002

Perry comes out with some notable remarks, one of which is:

The arguments for passive acceptance and self-regulation are past their sell-by date, and it is time to regulate the provision of internet services in this country

A call to regulate the internet in order to filter pornographic material. Also..

Why should internet service providers be any different from other content providers?

TV is a receive-only medium, as is cinema and film. You can not transmit on those mediums, only recieve. Which is what makes the internet fundamentally different. The fact they can all contain pornographic images and films does not mean they can all be regulated in the same way in my opinion.

Notably, the combined revenues of that business model are more than £3 billion a year, so it is a deeply profitable industry in which to engage.

Vaizey goes on to point out that ISPs may make significant profits, but we do rely on the profits to provide us with better broadband. I fear the combination of the DEAct costs and any other regulatory costs imposed on ISPs will only result in weakening the UK broadband infrastructure and/or forcing ISPs to develop ‘new techniques’ (phorm anyone?) to provide more profits. These techniques will no doubt also harm net neutrality.

Vaizey goes on to say:

I am very interested in the work of the Internet Watch Foundation, because I believe that it provides a model that is now well established and working effectively. The issue I particularly want to discuss with the IWF is whether its work, which has hitherto focused on child abuse content, can be widened to cover some of the other issues that my hon. Friend has raised this evening.

Here we go, expanding the IWF list. It was only a matter of time before this system gets abused and expanded to cover other things. Although im not too sure how it will cope with a list of 12% of all the worlds web sites (250M). It would take a while to pass that list around the ‘pipes’.

The scariest part of this rather scary debate, is the talk of expanding the closed IWF (Internet Watch Foundation) list to contain pornographic material, as this would be unmanageable and open to exploitation.

I don’t get the whole ‘universality’ thing. Maybe its his background in physics, but even though he does a good job of describing what he means by it, i still dont see the need in adding additional jargon to the topic of network neutrality. Especially when it adds nothing new to the debate.

But besides that, the rather lengthy article does a good job of describing the state of play in network neutrality from Sir Tims perspective.

http://www.scientificamerican.com/article.cfm?id=long-live-the-web

I am glad he makes effort to describe the difference of the WWW and the Internet. Neutrality is needed on a Internet Protocol level, with the WWW simply being the most popular application on IP at the moment.

Emphasis on the decentralised nature of the internet with respect to openness and specifically open standards is welcomed, and proves a sound foundation for justifying the need for network neutrality. The article has a slant towards linked data, but thats to be expected.

Sir Tim targets monopolies such as facebook and itunes for hijacking open standards and then creating closed ‘walled gardens’. He also criticises smart phone applications, and suggests while they are suitable now they will ultimately fail as a result of their closed nature.

I tend to agree with most points he makes, its a worthwhile read.

I have just read Ed Vaizey’s speech on net neutrality and he seems to have confused himself with the difference of the need for transparent network traffic management that facilitates a open and fair network, and traffic prioritisation that favours isp’s pockets and restricts creativity and innovation.

He sets out three principles for a debate on net neutrality:

1. Openness – Consumers should always have the ability to access any legal content or service.

OK, good start.

2. Transparency – This is a fundamental principle which will soon be enshrined in our own national regulations following the EU Framework Review.

Yea, ok.

3. The ability to support investment and innovation – Creating the content and networks of the future requires investment.

Oh ok, innovation and investment in content AND networks. This is two principles really. Innovation needs creativity, so supporting creativity is a good thing. Investing in networks? Hmm, ok not so sure thats a issue that net neutrality has to deal with. Wasnt that what the whole Digital Britain thing was about?

He goes on to say:

This means ISPs should be allowed to manage their networks to ensure a good customer service. It means allowing flexibility in business models. It means supporting competition.

OK that still acceptable to most net neutrality advocates. ISP’s do need to manage their traffic at times. Managing traffic to ensure everyone is not negatively affected by a security problem or a few over active users is acceptable to most, as long as the action of the ISP adheres to the first two principles of transparency and openness still.

The three principles he outlines are acceptable, although the third is a bit wobbly.

Here is where things go down hill:

We have got to continue to encourage the market to innovate and experiment with different business models and ways of providing consumers with what they want. This could include the evolution of a two sided market where consumers and content providers could choose to pay for differing levels of quality of service.

Oh dear. So this is why his third principle talks about investing in content AND networks. Looks like someone (ISPA?) is pressuring Ed to push for traffic prioritisation as a way of getting cash from content providers to enable ‘investment and innovation’ in ISP’s networks.

Is it a coincidence that the ‘ISPA Holds Net Neutrality Workshop at the Parliament and Internet Conference’ recently and asks this question:

…where delegates discussed views on traffic management and explored whether there is a need for more consumer awareness and protection.

Thats a good discussion to have, traffic management, yes…

Roy from O2 broadly supported the market competition angle and highlighted that prioritisation of traffic enables ISPs to offer tailored services that deliver the packages that their customers demand

Wait!?! How did they get from discussing traffic management to traffic prioritisation. They are not the same thing.

Ofcom made it clear that issues relating to freedom of expression were not for Ofcom to decide upon and had to be dealt with by Government.

Freedom of expression? Ok, so i guess it was accepted that traffic prioritisation is different to management and limits freddom of expression and creativity? Then ofcom palms off the responsibility to the Government. Is Ed’s speech the answer to the ISPA’s question?

Ed’s speech: http://image.guardian.co.uk/sys-files/Media/documents/2010/11/17/EdVaizey.pdf
ISPA link: http://www.ispa.org.uk/news/page_890_696c7a1f32abb3668a73b57ab39bebb8.html#2

The Digital Economy Act requires ISP to send out letters and then technically hamper subscribers suspected of breaking copyright law.

The BIS revealed that the costs of this process will be paid by 75% by right-holders and 25% by ISP’s.

ORG seem to think this will costs ISP’s around £120 million. [1]

If this is the case, ISP’s are going to be looking at ways to avoid this costs, or to recoup it.

The obvious way to avoid paying this 25% cost will be to stop subscribers accessing copyright content in the first place. I guess this is why the BIS has gone down the 25% route. To force the ISP’s down the path of breaking net neutrality principles in order to avoid putting prices up and losing customers.

ISP’s will not just absorb such a loss, they will either pass it on some way or try to avoid it by blocking traffic types. Or maybe this will force them down the tiered internet route like some ISP’s have already considered. Using the additional income from subscribers willing to pay for faster/prioritised access to cover the costs of hunting down copyright infringer’s.

Either way, i think this will just push ISP’s towards a dangerous path.

There has been a lot of talk about the Apple privacy policy lately, so i took a look: http://www.apple.com/privacy/

Under the title “Collection and Use of Non-Personal Information” it states “We also collect non-personal information… We may collect, use, transfer, and disclose non-personal information for any purpose… We may collect information such as .. unique device identifier, location…”

So apple does not consider location personal information, or the devices UID. So a trace of a device and its movements is not personal information and that data is possibly transferred or disclosed to third parties.

There have been numerous reports showing how location data can be easily used to identify a user. If the dataset is large enough, it doesnt take long to spot patterns.

I wonder if people would be happy for such devices to be installed on their cars, with the number plate used as the UID. And that data was made available to third parties. I know i wouldn’t like it, and i can image the ways it would be abused quite easily.

Why apple do not allow users to op out of such information being collected is frustrating, and i dont even use a apple product.

Im a big fan of geolocation and the web. In fact its a big part of my PhD research. I am looking forward to the integration of geolocation with facebook and the forthcoming apps that will result from this new meta data being available… From a researchers POV anyway.

But the cynical person in me thinks this changes things a bit. Now, my ‘friends’ on facebook know where i am in real time, where as before they knew about it the day later when i got home and had time to write about it on the internet.

From the facebook blog: “Starting today, you can immediately tell people about that favorite spot with Facebook Places. You can share where you are and the friends you’re with in real time from your mobile device.”

Its the ‘real time’ and ‘friends’ bit that is significant here. Facebook forgets that ‘facebook friends’ are not always ‘friends’. Do you regret adding any ‘friends’ to facebook now that they could know where you are in real time? Maybe you wont use the geolocation because of 1 of the 200 friends?

Its only a matter of time until someone will tell a ‘friend’ they are 10 miles away in a cinema for the next 3 hours and that ‘friend’ who knows where they live, and now knows the house is unattended, and also knows about all the fantastic new shiny things that are in the house thanks to some status updates, pays the house a ‘visit’.

#DEAct #Google and #Verizon all seem to have singled out #wireless internet access as a EVIL MEDIUM lately.

First the BPI ‘sponsored’ Digital Economy Bill (now Act) threatened the end of public wifi and hot spots, as they added confusion to the process of tracking copy right infringer’s down. There was a big outcry at first as it was thought wifi hot spots in hotels and libraries etc were going to be clamped down on, or the owners bullied and subjected to the penalties and possible punishment intended for the untraceable users crimes against humanity. Then after some good pressure form groups like the ORG this was watered down and clarified to the point where wireless hotspot owners WILL be considered ISP’s, but they will not be targeted (YET) as they have less than 400,000 subscribers.

Now across the pond in the USA wireless is being targeted in the net neutrality debate. It doesnt seem to be the lack of accountability that wireless can sometimes provide that is the problem this time, it looks like the physical layer differences of wireless to wired are being used as a illogical justification for the exception of network neutrality.

Any advocate of net neutrality who has a understanding of network administration realises there is a need for network infrastructure management in order to ensure a networks neutrality along with its functionality, security and integrity. But, the physical layer characteristics should not be used as a reason to ignore neutrality principles and apply more than the necessary network management techniques. Network Neutrality includes Physical Layer Neutrality as far as i am concerned, with the reasonable exceptions of possible variation in network administration in order to preserve neutrality for all.

Chris Riley from EFF has written a good summary of whats going on with wireless and net neutrality in the US : http://www.savetheinternet.com/blog/10/08/18/wireless-networks-are-different-because-special-interest-lobbyists-say-so .

September 2016
M T W T F S S
« Jul    
 1234
567891011
12131415161718
19202122232425
2627282930