Cable modem TV antenna experiment

"Windows 7 Annoyances" has a good discussion of wireless security. I had no trouble configuring my Linksys router.

"Windoze Annoyances" is redundant. Windoze is one big annoyance.

I got into one of those discussions on some forum. It might have been Annoyances, but I don't recall. My pitch line was the PSK (pre-shared key) style security sucks, because if I had access to just one machine on the network, which has the WPA2 pass phrase saved (and encrypted) in the registry, I could recover the hash and crack the encryption. Users also tend to write down passwords on post it notes, which can be found in most offices.

What's needed is a one time password, with a user unique login and password. That's exactly what WPA2-Enterprise does. You login with a user name and password. The RADIUS server authorizes the user, 802.1x authenticates the connection, and maybe additional authentication with an X.509 certificate on a flash drive. The wireless access point then delivers a one time maximum length password. The password is only good for the current session. Nothing to write down or sniff.

The problem is that few wireless routers and access points have built in RADIUS servers. You would need either a stand alone Linux box running FreeRadius: or an account on one of the assorted online RADIUS servers. For example: (Free for up to 10 users)

Router setup is fairly easy, if you know what the buzzwords mean, can follow instructions, and understand why one needs wireless security. The sometimes included setup disk is also handy, but I don't use it.

What happens next is somewhat predictable. One day, the internet goes down. You call your ISP asking for assistance. After dealing with the basics, it's still down, so support suggest your reset your router. Just press the little button in back and everything is back to defaults. Like magic, it works and you're on your way. The problem is that is also clears all the security. To AT&T's credit, they no longer do that. Same with most large ISP's. However, I'm constantly running into users that have reset their routers trying to solve a problem, and then was wonder why the whole neighborhood is using their wireless. I suggest you backup your working settings to a file. When your router goes nuts, reset it, restore the backup, and it should work.

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
Santa Cruz CA 95060 http://802.11junk.com 
Skype: JeffLiebermann     AE6KS    831-336-2558

As are Apple's filthy lies about their products, for which the company should be dragged into court and sued. I prefer an operating system where I can see what's going on.

For the author of this book, the principal "annoyance" is that Windows' default settings are rarely those that give the best user protection, or take the best advantage of the operating system's features.

This isn't new, of course. One Windows encryption scheme uses a permanent 128- or 256-bit encryption code that's essentially unfactorable (in any reasonable amount of time). It's used to pass a shorter single-session code that doesn't slow down the encryption/decryption process too much.

I used the setup disk, then went back and customized things.

I keep a record of my router settings. As I live by myself, it's not likely someone will get their hands on it.

Everyone lies, but that's ok because nobody listens.

I have my issues with Apple, few of which have anything to do with the product. The one that really bugs me is Apple's contention that it is "green" while it produces intentionally unrepairable and intentionally obsolescent products. I can take lies, overcharging, and even Made in China quality, but I don't like hypocrisy.

I prefer an operating system that works as advertised. I have no interest in becoming a programmer or hacker simply to use a product. If Windoze worked as one would expect, then I would have no need to see what was going on under the covers.

Yep. Both MS and Apple seem to believe that user convenience is more important than security or performance. Apple does a fair job of anticipating advances in hardware since it controls the hardware used on Apple products, while MS does it badly. For example, I just had to increase the size of my icon cache database because I added too many icons to my new oversized monitor. Such things are slightly worse in Vista, but better in Windoze 7. Some tweaks, mostly for XP:

I usually get into trouble commenting on security issues, so I'll be brief. If I can get physical access to a client machine on a wireless network protected only with a PSK (pre-shared key) encryption key, it will take me a few seconds to extract the information that I need to access the wireless network from your computah: The solution is for wireless router manufacturers to provide RADIUS services in their products, as I previous ranted. There are several good reasons why they don't do this, but if you want decent security, that's what will be required.

Good enough. Whatever works. I consider it a sign of weakness for me to read the documentation. Besides, if the product were any good and genuinely intuitive, it wouldn't need any documentation.

I recently setup a Linksys E2500 router. I had to read and "approve" three different repudiation of responsibility web pages before it would let me manually configure the router. Adding legal documents to the configuration process does not make it better, easier, or more secure.

The neighbors 17 year old slacker came over to my house and wanted me to make a color print of one of his class projects. He brought over the files on a flash drive, which I stupidly plugged into my machine without first inspecting. I spent part of the evening cleaning out the virus from my machine. Fortunately, the internet was temporarily off while I was juggling routers, so my address book didn't escape to the spammers. It was also the only one of my machines that had autorun and autoplay enabled. Convenience over security triumphs again.

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
Santa Cruz CA 95060 http://802.11junk.com 
Skype: JeffLiebermann     AE6KS    831-336-2558

After the nearest neighbor, the other neighbors are more than

3000 feet away.

How would I get the movies downloaded from Netflix to put on a flash drive to let him watch?

There's no obstruction of any kind between the houses.

That isn't what I'm talking about. I'm talking about operating systems that keep you from seeing what the computer is actually doing. The best example is the increasing tendency of Windows to make the hard drive and its contents "invisible".

mike kom med denne ide:

You should still have a "normal" acount and a superuser-account.

when you use the normal account, you will need the superuser-account password for installing.

Then you have time to think "Hey, why does this website want to install something to let me access this ... ?"

--
Husk kørelys bagpå, hvis din bilfabrikant har taget den idiotiske  
beslutning at undlade det.

Sure. It's called the "Hardware Abstraction Layer" by Microsoft. I forgot what Apple calls it, but it's part of their policy of "You don't need to know that". The only time I need to dive that deep into the system is when something goes awry or I want to trade some speed for reliability (such as turning on HD write cacheing). As long as the hardware is working, I don't see any benefit to me or the typical user of knowing what goes under the covers.

Now, if you mean invisible as in where the OS hides its configuration files and temporary workspace, yeah I can see a small problem. These tend to get bloated, corrupted, or undersized. A few days ago, I had to increase the icon cache database in Windoze because I dumped too many icons on my desktop. If Windoze (and others) hide some files and directories from the user, it's usually to protect them from (accidental) corruption. Not a big problem methinks.

However, if you want to see everything, just download and run UNHIDE.EXE as in: It was originally written to help recover from malware that hides file and directories making the machine unusable. Since there was no way to know what needed to be unhidden to recover, the program unhides everything. Have fun, and let me know when you accidentally trash or edit something important.

Incidentally, I come from a Unix background, where one does as little as possible as root (superuser). All work is done as an ordinary user. If a system file needs to be run, edited, erased, or moved, the user gets a temporary elevation in privledges using the su or sudo commands. This is not to isolate users, or protect user information. It's to keep the owner of the machine from accidentally trashing it. The same philosophy is slowly working its way into Windoze, in the form of "Run as Administrator". If you can't see every file and every directory, it's for your own good. I've had the OS catch me before making a major screwup more times than I care to admit.

--
Jeff Liebermann     jeffl@cruzio.com 
150 Felker St #D    http://www.LearnByDestroying.com 
Santa Cruz CA 95060 http://802.11junk.com 
Skype: JeffLiebermann     AE6KS    831-336-2558

Great! Thanks.

I insist on organizing the drives the way //I// wish to. My new machine has a

256GB SSD, plus a 2TB HDD RAID 5 array. I tried to reserve the SSD for the OS (and related software). I put as much software and data as I could on the HDD. Fortunately, Microsoft lets you move IE and mail files anywhere you want, so I moved them to the HDD. Thus, the system isn't constantly writing them to and erasing them from the "fragile" SSD.

I have no objection to this in Windows, either, as it reduces the chance of malware installing something nasty. However... there are certain "virtual" directories I can't look in. I don't like this.