Mozilla is looking at becoming a formal supporter of the Open Wireless Movement (https://www.openwireless.org/), started by the EFF. As a practical indicator of that support, I want to investigate the possibility of us providing an "openwireless.org" guest network in our offices where we already provide a "Mozilla Guest" guest network. That could be either as well as, or instead of, the current one. It seems that our hardware supports multiple network names at the same time. As I understand it, the Mozilla Guest network is passwordless - just connect and go. So it doesn't seem like there are T&C-acceptance issues here. But there may be things I'm not seeing. So fill me in :-) Another thing I am filing a bug on is having Firefox OS devices automatically connect to "openwireless.org" networks. The combination of this bug and that one might be very useful for Mozillians. Gerv
The current Mozilla Guest SSID used to be behind a captive portal, but is paswordless in some places because of a vendor issue. The plan is to have authentication on a captive portal again as soon as possible. For what I read on their website, Openwireless.org needs to be passwordless which might be an problem here if we just want to duplicate "Mozilla Guest" For an 100% passwordless SSID we might also need to talk to legal as in some places (e.g. France) it's illegal to have an open network. Otherwise, on a technical point of view this isn't complicated to do.
Arzhel, Thanks for the info. Yes, the idea of openwireless.org is that it's passwordless. So I guess I need to find out why we consider a captive portal is necessary. Who would know the answer to that question? Legal? Is Mozilla Guest simply routed to the Internet? I.e. if we did openwireless.org in parallel, would the two be basically configured identically from a routing and network topology perspective? If we can do this everywhere but France, I'd still consider that a big win - and we can even say in our blog post why we aren't doing it there. Can you point me at a reference for the problem in France? Gerv
The captive portal would be used to mitigate bandwidth abuse. We are implementing different solutions to complement or even be in place of the portal in the near future. DADVSI requires people to “secure" their own Internet connections. Article 14 ter A, mandated that Internet users should "secure" their Internet connection so that it is not used for transmitting copyrighted works illegally. We currently filter all but a small subset of TCP and UDP ports that are used primarily for Mozilla and related applications and services. The filter captures p2p services sufficiently. It is on my TODO to work with Legal on their official position for having an open SSID for our offices and any language that may be requested/required for any captive portal.  http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000000266350&dateTexte=  http://en.wikipedia.org/wiki/DADVSI#The_.22Vivendi_Universal.22_amendments
ravi: that's great to hear. Do you have any idea when you might be able to work something out with Legal? Is there a bug I can be CCed on? The Open Wireless Movement does have a network use policy for sites using the "openwireless.org" ESSID; it's here: https://openwireless.org/important-information Using a captive portal would make it harder for devices to log on and use the connection automatically, so I hope we can avoid doing that, by arguing that the ESSID gives people a clue as to where to look for any usage policies. Also, here's the Open Wireless Movement's page on the legal risks: https://openwireless.org/myths-legal Their analysis seems primarily focussed on the United States; perhaps one way we could support them is by providing advice on other jurisdictions. Gerv
:ravi: any news here? Is it possible that we could roll this out at the same time as the new Juniper system trailled in a recent Services newsletter? Gerv
I spoke to Jake about this when I was in MV. I am currently working through things with Legal. Gerv
Casual "any news?" ping.
Last I heard was from Jishnu on 10th of September; he was scheduling a meeting with Sylvie to discuss this. Gerv
Can you let me know the level of difficulty in deploying a new SSID, openwireless.org, to specific sites? The new current request is to do a test run in either SF or MTV. In addition to this, can let you let me know if the SNAT used for outbound access is different between guest and moco access? Thanks James
It's quite straightforward to deploy a new open SSID. We haven't looked much at rate limiting but it's possible and a nice opportunity to test it. More complicated would be to deploy a captive portal but I don't think it's what we want to do here. All the offices have a dedicated SNAT for guest.
Hi - I don't have any objections if we can do this in a non-confusing way. I've said it elsewhere, I don't see the upside and the objections I've heard before was confusion for users. Gerv - the right person to persuade is Albert Villarde and Sylvie through him. Please ping me to see if there are modifications to implementation if the justification works out - thanks.
Jishnu et al: We'll be looking at this and developing a change next week for implementation. There are a couple of research items that need to be completed prior to that. Someone for the network engineering team will update the bug with an implementation date. -James
This has been deployed in SF and Mountain View. We're monitoring it and will push the same to all the offices of everything is fine.
Arzhel: that's great news - thanks! Let me know how it works out. I'd love to (finally) be able to blog about this once it's rolled out. (Are we going to include the France office or not, given their laws?) Gerv
This SSID has been deployed to all our offices, 100% open.