Interview with Alf Watt, Creator of iStumbler

Introduce yourself to our readers.

Before writing iStumbler I worked at various startups during the dot-com bubble in San Francisco. After the ‘big pop’ of 2001 I suddenly had a lot of free time and started writing iStumbler to develop my programming skills. Currently, I’m a stay-at-home dad and work on iStumbler and other projects when there’s a minute to spare.

iStumbler is the leading wireless discovery tool for Mac OS X. What makes it special?

Besides the wireless network detection iStumbler also allow you to monitor your Bluetooth devices and Bonjour Services in one simple interface. Some features, such as the ability to browse wide-area Bonjour domains and the recently released Spectrum Widget, don’t appear in any other application.

How many people use iStumbler? How many contribute to the project?

The web site averages well over 20,000 unique visitors a month, and I’m seeing roughly 30,000 downloads of each version. There are two kinds of contributors: Subscribers who pay for early access to new versions of iStumbler, and code contributors. In all, nearly 600 people have pitched in to help support the project as subscribers and we’ve had two code contributors, one of which is currently active.

A few months back you noted that iStumbler may stop being free. What led to that decision? Did this situation change your view on developing open source software?

This has been a tough decision to make, there is a feeling on the Web that when you offer something for free it should stay free. I’m not sure that’s entirely fair to content creators, but the sentiment definatly exists and factored into my final decision: the current feature set of iStumbler including AirPort, Bluetooth, Bonjour and the Location plugins will always be free and Open Source but future plugins will be part of an ‘iStumbler Pro’ package.

Publishing iStumbler has completely changed my view of Open Source development. While I still believe in Open Source there is a lot of work to be done in finding sustainable business models for smaller projects. The service model promoted by ESR really only works for enterprise open source and popular consumer packages like Linux distributions, it’s not a tenable option for a small ISV which markets directly to consumers. In fact, if you write a really useable piece of software, the service model works against you because users don’t need assistance!

What is the most interesting fact you’ve become aware of while developing iStumbler?

Watching the wireless industry has brought two things to my attention: UWB and Mesh. Much more than Wi-Fi these two technologies in combination provide a credible threat to the existing, centralized, telecom infrastructure. UWB brings massive bandwidth and power efficiency which, when applied to a Mesh Topology, could create a multi-gigabit wireless distribution network that will not require the expensive central offices and billing systems used to support existing phone and data carriers.

What’s your take on wardrivers? Some say they’re harmless while other label them as criminals.

It’s a very fine line. If I walk down the street and check all the door locks, am I a criminal? Probably, but the real offense doesn’t happen until I walk in the door and it becomes trespass. If you’re just war-driving for the fun of collecting the data and mapping it or whatever, then no real crime has been committed.

The bigger issues is people using open networks, often for a quick email or map check. While there is a ‘theft of service’ the actual value is going to be measured in fractional cents, so although a crime has technically been committed, no real harm is done. One of the features of iStumbler is designed to help with this thorny dilemma: networks tagged with a ‘.public’ extension are presented in the interface as begin open for public use, so there is no question of theft.

A significant part in the process of developing wireless networks is ensuring that the data on wireless devices is secure. What do you see as the biggest threats to that security?

Network Encryption schemes such as WEP, WPA and to some extent VPN. That may seem backwards, since they are all designed to protect data, unfortunately they are half solutions at best. Relying on WEP for security is a very bad idea; not because it’s easily broken but because it allows you to go on using insecure protocols like POP, IMAP and FTP. The second you leave that WEP protected network and use the open network at the coffee shop down the street you’re exposing your personal information.

The bigger issue with link layer encryption is that the open internet is not encrypted, encrypting the local link does nothing to secure your email or files in transit, for that you have to use SPOP, IMAPS, SCP or other end-to-end solutions. This pokes a huge hole in the argument for HotSpot VPN products, where your traffic flows out of the VPN providers network completely unencrypted.

People use wireless networks on a daily basis and are growing concerned about the possible threats. What advice would you give to mobile users so that they could make and keep their laptops secure on any network?

Hardening a computer hasn’t changed much since the early days of the Internet: turn off all services you aren’t using (this can be a challenge on Windows, Macs come secure out of the box), and secure the services you are using. Make especially sure that your email is using secure protocols and that you move files using SCP or SFTP and not generic FTP. Web access is fairly well secured by the HTTPS protocol but be wary of sites using basic auth. over insecure HTTP.

iStumbler Pro will have many features designed to help network users and administrators maintain secure computers on open networks; allowing them to make full use of the internet while maintaining high levels of data privacy and security. This ‘Open Stance’ approach to security focuses on using secure protocols and monitoring software to provide reliable point-to-point security and a real-time view of network activity.

Don't miss