I think these guys are most probably:

1) using software to tap onto the built-in or external antenna's hardware using its CLI

2) doing some FFT, DSP, ... number crunching

3) presenting everything with a nice GUI

There are projects out there like DD-WRT and a excellent 9 dB and 12 dB antennas from Linksys

I think 1) and 3) are just labor once you have the information, I think KISMET opensourced 3) already, and 2) has been been mathematically documented to exhaustion

How come OS projects similar to wi-spy haven't sprouted yet?

How hard would it be to make out of a protocol analyzer (which all wireless routers are internally) and RF spectrum analyzer?

Am I missing something here?

Thanks
lbrtchx