Inch by Inch

Step by step i get closer to putting this thing live. I am working out some "flows"... checkout, new account setup, first zone, second zone... different redirects and wizards are needed for guidance. I am using PayPal IPN for the checkout so the you can go straight through from subscription to setup.

The biggest reason why you guys are not seeing anything is because of the cost of running 6 servers. I am getting as much done as i can before giving the provider the go... BTW- it's not the same provider hosting the free server. I have not been totally happy with their service. I am using ServInt. They host the www and forum, and they do a great job. Highly recommended.

I am going to spend 4th of July weekend in the Pocono mountains writing copy for the new website, then next week i took off from my day job to setup the public ip servers. As noted in a comment below, beta testers will get a coupon code for free service.

Back to work.....

Back On Track....

OK, i am done freaking out for the moment and i am back on track to get the new system up and running. I just finished v1.0 of the [optional] hotspot directory for the new website and will be finishing the checkout process and "first login" account setup in the next day or two.

Since i have made SMTP relay configuration available from zone control i was faced with an issue i have been pushing aside since the beginning.... security. It really hasn't been a big problem because there has been no sensitive data transferred, but since you can enter your SMTP username and password and download it to the zonecd, i needed to do something or cracker heads would be reeking havoc on the servers. So i am using arcfour (aka RC4) encryption with a 256 byte key to encrypt/decrypt the downloaded files. Premium subscribers will need to add a zone.crt file to the configuration media(floppy or USB drive) before booting the zonecd.

---------------- Begin Public IP Certificate -------------------
88bcbe5b578d6d60e3ab8a5518fdf4d41b3ce45e3b8bf751aaa0c1ab73247be0
9078260193a8b7cacac65ce9852dcff2370f2eaca66da389d07e17567c32d52b
054c7ad1156bf800c4307719886c31c1fa7dc6e8046fa6f641dc80fb6b988e6e
154abe698e43fb06408793515c654a3ca7e11a51408704d734f552a67ef0cb46
----------------- End Public IP Certificate --------------------


You will also still need to login and create the 32 bit hash "zone key" to pass to the server programs....

Back to work....

Few more features....

I added a few more features inlcuding SMTP relay configuration for the mail server on the zoneCD and i also added a queue system to zone control. The queue system will alert you when a configuration has been made that requires a service to be restarted on the gateway. Once you are ready, you can approve the configuration update and it will be downloaded to the gateway. If the upate will interupt service for the users, a broadcast message(smbclient - net send) will be sent to all [Windows] users on the network giving them 1 minute notice before making the update and restarting services. A completion log will be emailed to your support email address.

On another note, i've had a few questions regarding WRT usage. Yes, it will be supported, but i won't begin work on this until probably into August. We'll see how things go... I am feeling more "done" then last week, but there are still so many little things that need to be comlpeted...

To answer a few questions

First thank you for the enthusiasm about the new system! As you can see, i am being very fair with the pricing. I am not out to screw or take advantage of anybody.... i just need to cover costs and eventually pay my own salary so i can quite my day job and put 100% into public ip.


To answer a few questions:

I am still finishing up the new website, checkout, and the changes to the zonecd. I will start building the production servers next week and moving the programs over to the new servers. It looks like the system will be ready for beta testing early July... maybe sooner.

Pricing is per zone, or hotspot. The new system still has the same master type login with each zone available to the master login. A zone login can still be used to login for limited access, just like the current free server.

A support system will be in place for premium service subscribers. A third party knowledge base and ticket system will be implemented to handle support. You can still use the forum for general questions, but questions and problems with the public ip system will be handled directly with a support rep (gm?).

Back to work.......

New system and service packages.

Me being the dumb-ass that i am, i reset one of the routers on my LAN last night, now i can't get in remotely. I didn't notice last night because i run local dns for testing.... anyway - i will take advantage of this time to write a little about the new public system.... First, it's not free. the free server will still be available, but the services running on the new server will cost ya a lil' bit.

---

Basic Control ($7.95 per month $85 for the year)
Everything needed to provide a highly configurable, safe, secure, branded hotspot.

Registration

The registration system can be configured for anonymous access, require email address, require email validation, and require password (ticket system). Depending on how you configure user registration you will have a number of different screens displayed. For example if you configure your hotspot to allow anonymous access, and do not allow registration, then the "Terms of Use" will be displayed on the login page with a button that says "Agree". On the bottom of the login page will be an Account Login link for admins or users registered via Zone Control.

Email templates are available to customize the emails that are generated by the server. A Welcome Email, Forgot Password, and Email Validation email can all be customized.

A Ticket System is available if you would like to disable self-registration and automatically generate logins to be printed and distributed to visitors. The ticket will have the network name, username, ticket valid date and time, and a free form text description area for a very brief message. This option is activated when you select to not require passwords from your users. In place of a password the visitor must type the random characters displayed in an image file generated by the server.

Client Control

There are four user classes: Protected, Liberated, Trusted, and Super. Each user class can be assigned a predefined limit for bandwidth, data transfer, and usage time. Data and time limits can be configured on a daily, weekly, or monthly basis. Protected and/or Liberated classes can be configured to use the content filter. A default class defines what class a user is put into upon registration.

The content filter can be configured via zone control. Set the naughtiness limit, allow/block file extensions, ban/allow specific websites or urls - all from within zone control.

Changes to user settings are made within 60 seconds and do not require the user to logout.

Block mac addresses and usernames.

Define the network availability for each hour of each day. This may sound like more of a chore then a feature, but it's really not that bad. With this option you can keep visitors off your network during busy hours or closed times.

Accounting Constraints

Unauthenticated access can be configured via zone control. Enter a mac, ip and select a class to have a client bypass authentication.

Configure the server to use or ignore mac addresses and/or usernames when performing accounting. This is required when using shared username or the ticket system.

Temp limits can be used to increase the usage limits of a user for the remainder of the day without changing the user's permanent account settings.

System Features

Spot Check RSS feed is available to monitor the usage of your hotspot. Watch active user sessions, and system loads to always be on top of your spot. In the event of a gateway failure you will be notified not only in the RSS message, but the system will also email the details of the crash to your hotspot's support email address. You will be notified again upon recovery.

High Availability will keep your hotspot going and your users happy. Public IP's authentication and control system consists of six servers. A master server, three authentication nodes, and two network database nodes. The master server is used for configuration, updates, and development. The auth nodes are three synchronized slave servers. Updates that are made in the master server are pushed/replicated to the three authentication nodes(aka cerberus). The three nodes combined with the gateway programs provide high availability(failover) for your hotspot users and load balancing for the public ip system. The network database cluster is hosted on two servers and stores user and system data that comes into the public ip system from the gateways. User records, accounting records, and gateway updates are all stored in a data cluster for high availability. If one ndb node goes down the data will still be available from the other node.

An optional public Hotspot Listing is available. Very useful for new people finding your hotspot and for providing details to current users about network availability hours and other info.

Reports, reports, reports... One for usage, one for limit and blocks, and another for the content filter. You can apply date ranges and filter results by username, mac address, or ip address. You can also group the data by username, mac, or ip if you want to see more cumulative data. All reports also generate bar graphs and/or pie charts. You can also view summary reports for the number of logins per day, and time of day usage for the last four weeks so you can get an idea of your busy times.

Select a template style for your hotspot login, registration, etc.. Currently only two styles are available but more will be added as time goes on.

Networking

Private [wired] LAN access is blocked from wifi users (Super user class has access to entire network). You can also allow access to your entire wired network, or define a specific IP address and ports to allow access to a single or multiple computers on your network.

Proxy server configuration can be used to setup your gateway to used a proxy server on your network from within the comfort of zone control.

A shared network printer can be configured via zone control. If you provide an IP address of the printer, along with a small note to users the printer (among other things such as available time, transfer, hours, etc.) will be displayed in the users connection properties window upon login.

Custom Control ($10.95 per month $120 for the year)
All the features of Basic Control plus the ability to upload customized Smarty templates and files.
Download our sample templates and edit them to your specifications. Then upload and preview your pages before making them live!

Spot Control ($12.95 per month $140 for the year)
All the features of Basic Control plus access to our one-of-a-kind(afaik) support system.
On the 'Spot support is what it's called. What it does is allow you and your visitors to chat. In addition to chat, you will also have the ability to push urls and messages to users. You can have up to five operators, and as many canned messages and urls as you like.

Total Control ($15.95 per month $175 for the year)
You guessed it... all the features known to mankind available at your fingertips.

---

OK, that should be enough for now... there are many other improvements over the existing control server, but i would not consider them to be features in and of themselves.

Source Code Docs

I don't have any real docs for a howto yet. I will do what i can to produce some docs but time is tight right now. Maybe a wiki would be good for this........

I haven't done any more testing yet... i'll update again when i do.

WiFi['IP']['Dog'] Source Code

I really should not have put it up yet, but true to my word here it is http://www.publicip.org/mirror/dists/source/alpha/.

I need to do more testing because last night the redirect was failing. I am 99% sure i fixed the problem this morning, but i can't test it til i get home later tonight... there could also be other errors after the redirect that i haven't debugged. I also need to finish the connection window. The source code release will not have the same "connection client" that i have developed for the public system.

It's just seperating the source for release from what has been develped that has caused these issues to appear. Should be good reading anyway :-) I'll update the blog again tommorrow.

Three Months Later

And i'm back in the ZoneCD. Feels pretty good to have come full circle with the new system development. I still have stuff to finish, but i am feeling a little pressure come off...

As for the source code. I should have it ready tonight. A few little set-backs prevented me from uploading it sooner.

I have alot of explaining to do with the new system and what's it capable of... actually it might be easier to say what it can't do :) I'll be opening up more once i get to a point where i can devote time to discuss....

Source code availability

Source code for the new wifidog based authentication and control system will be available within the next day or two. I still have more work that needs to be completed, but it shouldn't effect anything that is not associated with the public ip system. Besides, I need to do this now before I go any further because the distro will not share the same directory structure for templates and library files as the production nodes.

I have just completed the programs that allow you to upload, edit and preview custom [smarty] templates. I am going to initially populate the private template directory with the "default" templates so you have a good foundation to start customizing if you choose to use this option.

Now I have more rsync stuff to do so these templates can be "published" to the auth nodes when they are ready. I already have rsync over ssh using keys working for the logo upload so it's just a matter of copying and tweaking that program (or maybe creating a class for rsync'ing). Not only for custom templates, but for me to use from the command line so I can maintain a single server and use rsync to update the nodes. This will be a much better way to develop and test new features as well. The "master" server will also act as a development authentication node. Myself and other testers will be able to point our gateways at the master server to test, then once I am satisfied with the results rsync the changes to the production authentication nodes.

Anyway, keep an eye out for source code... it's coming soon :-)