Years ago, I was working in a research camp in the high arctic, and the Arctic Ranger in our camp let me shoot his Lee Enfield. Amazing weapon, and the perfect thing for knocking down a polar bear. The amazing thing with the weapon I used, is that it had graphiti on the stock... Scratched into it, and nearly worn away was written "June 6, 1944." which to me indicates that the weapon had been used at Normandy. The serial number on the barrel also indicated that the weapon pre-dated the Normandy landings as well.

Eh? I always thought of my three sports (Skiing, Sailing, and SCUBA diving) as all being pretty nerdy sports... you need plenty of equipment, often with funny names, and know how to use that equipment properly (some more than others of course... when skiing, if your equipment doesn't work right, you faceplant... in Sailing, you don't go anywhere, and in SCUBA if your equipment isn't working, you might die).

Welcome to the new world...

You are wrong. At least one model of Meraki access point has a dedicated radio for this purpose. It attacks other wifi networks through a number of mechanisms, including pretending to be the AP under attack, to attract clients to it, sending spoofed de-auth packets to the clients of other APs, and other techniques to effectively conduct a denial of service attack on whatever other wireless network that may exist within its range. This is precisely what I was encountering on my network.

The main issue I have with this technology is that it can be set to attack all other wifi networks. If it was limited to protecting the SSIDs under its control, I would have less of an issue with it. IE if the wireless system is advertising the SSID "Marriott Convention Center" and someone else sets up a rogue AP using the same SSID, then that's fair game, as the person running the rogue AP is either clueless, or has nefarious intent. If it's attacking "Bob's iPhone Network" then that's another matter.

Because most of the more expensive hotels are catering to business travellers, who will moan, then just expense the cost of getting online.

Not quite true, the ISM bands are Unlicensed bands, not unregulated. In order to sell equipment used to transmit on these bands, the systems must be type approved. Part of this type approval process includes ensuring that the equipment in question will not cause undue interference to other users on the band. To me, sending rogue de-auth packets constitutes interference.

In Meraki's Air Marshal Whitepaper, they explicitly state on page 8 that Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’)..

I actually had this particular issue affect me. As a volunteer, I operate a community-wide network, including a widespread wifi network, at a retreat centre high in the mountains of WA. At this time, there is a significant mine remediation project going on in our valley, so we have leased out several buildings to the construction companies, who setup their own Meraki system. Unfortunately, they enabled Air Marshal, which then went on to attack our wireless network. Despite running WPA-Enterprise on our network, it was still successful in attacking our networks, and rendering them nearly useless. In the end, we had to flex our muscles as the landlord to get the feature disabled.

In my mind, the ability to attack adjacent networks should be illegal, and Cisco and the others should not be permitted to sell this technology to the general public. Rather the systems should simply alert on the presence of other wifi networks, and assist in locating them. Also, the wifi standards should really be updated to fix this type of vulnerability... in a WPA-Enterprise environment, clients should only respond to a de-auth packet encrypted/signed with the session key between the client and the AP its connected to.

Huh? How would accessing the programming tell when you were on vacation? The program/configuration that controls your stuff is stored on the device itself, not stored/run in the cloud. The only information stored in the cloud is how your remote/system is configured, not its state. Once you configure the device, if you're exceedingly paranoid, you can always firewall it off from the outside world, and it will continue to work.

The programming of the system is cloud based. The communications between the remote, the base, and your device occurs locally. The only ongoing cloud stuff comes in if you want to be able to use the app on your smartphone to control certain devices while you're away. If you don't want this functionality, nothing stopping you from firewalling off the base so that it can't communicate with the outside word.

Eh, not everyone does. I quite enjoy driving, I don't even mind being stuck in traffic, as long as I've got the CBC or NPR on the dial...

That said, I keep (handsfree) call short and sweet, and the only time I would ever check/send a text is stopped at a red light (which is still a ticketable offence here).

Did they find that? I'm sure we all want to meet the doctor... ;)

Vancouver, BC has a very extensive trolleybus network, with 265 active trolley busses. The system works quite well, and the busses do have battery backup, so they can go off the wires for short periods of time (to go around road construction, accident, pass a parked bus, etc...). As for the wires being ugly? I dunno, they're just part of the fabric of the city. There are some intersections though with rather impressive spider webs hanging over them. :)

Correct. We basically buy 1.6MHz on the satellite, and have our own private connection. Because it's SCPC (Single Carrier Per Channel) latency is typically 550ms, and the high priority QoS queue has very little jitter (on the order of 5 to 10ms). This makes the voice quality near toll quality, and very reliable.

For reference, over the past 24 hours, the folks on site downloaded 6GB and uploaded 2GB (including all the voice traffic), and this was a light day. I've had days when it's closer to 10GB downloaded (See patch tuesday). Anyhow the goal is to make it reliable, albeit slow, and in that we mostly succeed. I also deploy some measures to combat things like bittorrent and other P2P applications, just out of necessity to protect the network.

The site in question is actually in the US, north-central Washington State. The surrounding terrain is extremely rugged and federal wilderness. We've looked at fixed microwave, but that would require two self-powered mountain-top repeater sites (never mind the fact that one of them would actually have to be built in the Wilderness area, which would require an act of congress to approve). Also, conservative estimates put the price tag on the system at about $250k, and ongoing maintenance wouldn't be cheap either.

Heh, I operate one site that has ~60 people connected to 1.2Mbps/300kbps satellite, which also carries up to a dozen phone calls in the evening. Would we like more? sure, but the current system already costs $5000 a month (which is a pretty good deal for raw satellite capacity). Does it suck to use? sure, but once you give up on things like Youtube and put some strong QoS in place, it's remarkably useable assuming a little patience.

The biggest killer? sites like Facebook going https by default. Facebook used to cache really well. As soon as they went https by default, my cache hit rate dropped 50% or more. (It's also a BYOD environment, so I'm not doing SSL MITM etc...)

This is why man invented search domains. Yeah, they don't support multiple levels of DNS, but if you're running something that does that, you're doing it wrong(tm)