On 2014-05-01 10:53, Bob wrote:

4. ...I was told by ICOM, a few years ago, that the ID-1s could not be meshed.  If the firmware could be reprogrammed to be compatible with Broadband-Hamnet, many of us may be willing to take the ID-1 off the shelf and get them on the air.
5. There are groups that have established links using ID-1s back to back ...

The most important thing to remember about two ID-1 radios communicating in DD-modes, is that they are "a long Ethernet cable over RF." That is all they are. If you have more than two ID-1 radios communicating in DD-mode, it is just like very long Ethernet cables connected to a common Ethernet hub. Note that I said an Ethernet "hub" rather than an Ethernet "switch". The distinction, while minor, is more appropriate considering "collisions".

Further, the ID-1 radio is just about as stupid as a piece of Ethernet cable. So long as it encounters a properly formed Ethernet packet (not necessarily a TCP/IP packet), it will send it, and on reception, reproduce it, whether or not the packet contained garbage. This has two ramifications:

Ramification #1: The architecture of your network is completely flexible, just like it is on the Internet. You can do anything you want. Caveat: you have to do it yourself with external equipment; the ID-1 will not do it for you. So, for any "use case" you want, you must (not should) design your network with just wires (eg, very long Ethernet cables). Then, when you are done, you "remove" the cable and replace it with two ID-1 radios. Just like the Ethernet cable in real life, there are certain limitations with the ID-1:

Line of sight; and
speed.

So, what are the advantages of the ID-1 over wire?

Distance to the next hop; and
frequency agility (move away from competing traffic). Since the ID-1 can be remotely controlled, we are going to be experimenting with this capability to increase the utility of the ID-1 in DD-mode.

In my opinion, asking the ID-1 to have "firmware ... reprogrammed to be compatible with Broadband-Hamnet" is missing both the point and flexibility of the ID-1. Rather than have the software in the ID-1, you can have it in the adjoining box. What adjoining box? Well, what are you trying to do?

Consider the "Universal Digital Radio" (UDRX-440) from "NW Digital Radio". Some buyers want it to be a complete "appliance" solution (eg, gateway, server, etc), and some just want it to be a "raw" radio. Well, with the ID-1 you don't get a choice: it's the raw radio. These days, little network devices (eg, Raspberry Pi) can be had for the price of an Icom programming cable (grin), and they can provide almost all the flexibility you need.

Ramification #2: There is no privacy or security. I'm not talking about data privacy/security; amateurs already know that's part of amateur radio. I'm talking about network security. Just like the ten-mile fictional Ethernet cable you can run from your house to your friend's house, someone can "cut" into the cable at any point, and not only see what you are transferring, but also can add a fictional "hub" and access your entire network (unless protected; see below), just like anyone else in your house or local LAN. That includes files on your local computers, unless you have taken precautions. The Icom ID-1 manual rightly gives a strong warning about this in several places.

Which brings me to configuration. In my opinion, the best way to set up an ID-1, is you keep your old "outdated" 10Mbps Ethernet routers (eg, Linksys BEFSR41 routers that were commonly issued by Verizon for DSL). You connect the LAN side to your home network, and the WAN side to the ID-1. This keeps the local LAN traffic off the air, and also provides network security via the built-in firewall in the router.

OK, so you and your friend Joe each have your ID-1 radios set up this way, so what can you do? Answer: nothing. You have to have a network service available on one or both the of the local LANs that you want to share (and to the entire world), and so you "punch" a hole in your firewall device, to forward network traffic to your server. Your server better have all the security you need, or you are going to be in trouble, and I don't mean with the FCC ...

If you think that the proper network and security design is too much work, then you should probably sell your ID-1, or just use it in voice (FM or DV) mode. I don't mean to be snippy, mean, or superior. These are exactly the issues that anyone running a proper service on the Internet has to face. The fact that it might be on a somewhat obscure portion of the Internet doesn't really provide any security. Even if you trust the amateurs you grant access to, doesn't mean that they have taken the proper security precautions in their home network's access to their regular Internet ISP. Some amateurs (not you; your friends ...) have a real capacity to think they know more than they do ...

OK, OK, it sounds like a lecture. Sorry; I used to teach basic networking at the UW in Bothell. I'll end with this true story:

Years ago, I found someone's mail server being used as an "open relay" (a common default configuration some twenty years ago) by some spammer. For some reason, I felt led to contact the administrator of the abused server, and he replied with much thanks. He told me that he had just installed Linux on a brand new server, using an IP address that had not been used before, and then went to breakfast before completing the server configuration. When he came back (about an hour later), his server had been discovered and was being used to send spam.

"Obscurity is no security"

-- Dean