Tuesday, November 28, 2006
Wi-Spy Picture Album
Monday, November 27, 2006
Too cold?
He asks, "How weak have we become if we can't even tolerate temperatures up to, let's say, 30 centigrade?". My response is it's probably pretty weak if we can't tolerate a little cold, say 21 C?
It irks me because I'm from much further north and I'm quite comfortable in a server room kept at 13 C. I'm used to winter in Buffalo (snow depths measured in feet) and Chicago (sub-sub-zero wind chills). I actually suffer at 25 C.
My secondary response is to tell Harold to bring a jacket if he ever visits me. I won't visit him as there's only so much clothing I'm allowed (by law) to remove in public.
Oh, sorry: here's rough equivalents: 30C ~ 86F, 25C ~ 77F, 13C ~ 55F, 21C ~ 70F.
Sunday, November 26, 2006
Saturday, November 25, 2006
Friday, November 24, 2006
Wi-Spy Pic 4
What you're seeing is the traffic generated by my running "iwlist eth1 scanning" on the AP, over and over and over. Doing so revealed that the light noise between channels 10 and 13 isn't actually my neighbor's network. Rather, it's two neighbors' networks on channel 11. There was also another neighbor's network on channel 9 (weird choice).
I really need to get outside and map the neighborhood. I especially need figure out how much interference the video sender will cause if I leave it running on channe 4 (around channel 11 for 802.11 traffic).
Note to self: copy these pics into the wiki.
Thursday, November 23, 2006
Wi-Spy Pic 3
What you're seeing is a capture of the signals from each of the channels on my Grandtech AVW-1000 Video Sender that I use to send audio/video into the back of the house. The interesting part is channel 1 which obviously fails to conform to FCC interference regs. (It's an old piece of equipment though). The bad news is that I'm going to have to rethink my spectrum management now that I can "see" it.
Wednesday, November 22, 2006
Wi-Spy Pic 2
The red, yellow, green and orange dots are generated by my own access point, running in 802.11g mode on channel 6. The bar between channel 8 and 9 has me intrigued.
Tuesday, November 21, 2006
Wi-Spy Pic 1
The light noise scattered between 10 and 13 is actually a wireless network belonging to a neighbor, a few house up the street. I have no idea what that narrow band of signal between channel 8 and 9 is. Josh Wright had pointed out a similar band during a recent talk and indicated that it was a wireless camera. Maybe that's the case here too.
Weird spam
Do you see it? (Hint: look at the body but not the text.)
I've got a growing collection of messages in which someone has gone to the trouble of adding little colored threads. It is not a picture as the text is normal. Though the threads are included as part of a graphic, they are inline. If I resize the window, no scrollbars appear (unless there's too much text).
This is too weird. Anyone have any ideas on what it is?
Monday, November 20, 2006
Wi-Spy
I've been playing with it for the last half hour after spending the first half hour building the software (didn't really take that long to build but I had to chase down a few libraries) and eating dinner.
In any case, over the next few days I'll post snapshots of various types of traffic.
Wiki update
Sunday, November 19, 2006
Hypocrisy
Various vaguely-related questions about Mr. Balmer's comments:
- Why does this sound oddly familiar? (Okay, it's a leading question.)
- Does this have anything to do with the sudden reversion to that truly horrible TCP/IP stack in the new version?
- Do people yet realize that a covenant means that they won't sue but there's nothing to keep the originator from calling you a pirate, a thief, or worse?
- Does Mr. Ballmer believe that the only way his company can profit is to keep the communities alienated? (There is a not-small population that lives in both. I'm one of them.)
I hereby call for Mr. Ballmer to list the misappropriated intellectual property used in Linux so it can be removed and we can get on with life. (Who needs yet another court case where the claim is that Linus or one of his fanatics stole from so-and-so?) (It's been four years and we still don't know what was stolen from SCO.)
Call me a pessimist but I think that PJ and crew are going to have enough material to keep them busy for a decade or more.
Oh, and before I get beat up for being anti-MS, remember that I usually don't criticize the OS. Rather, it's the company's marketing tactics that I am vocal about.
When does it stop? One pont to keep in mind is that the same tactics used against the open source community are readily adapted to the shareware and freeware programmers on both sides of the fence. Once a company decides that lawsuits are a legitimate (in their view) source of revenue, they will eventually strong-arm anyone they think is profiting (financially or otherwise) without "paying tribute" (MS's phrase, not mine). It might also be called "vig".
Saturday, November 18, 2006
Using spackle to seal the bullet holes in your foot
The caption reads: "So where do I deploy my firewall now?"
My answer is: "You don't. You're screwed." And because each of those entities at the edge are likely to have similar looking networks, you're screwed.
En masse.
The decentralized border discussion has irked me for years because it makes some very bad assumptions concerning trust. Not trust in people, but in their behavior. Just about anyone that has worked network security for any large firm will tell you that people tend to drift towards practices which require the least activity on their part. In other words, people tend to procrastinate and some are downright lazy. Unless you can guarantee that each of those border entities conform to the letter and intent of your security policies, you're screwed.
En masse.
Your corporate network should reach farther than you can walk in 15 minutes and should only have users whose connection to your internal network can be terminated without a lawyer. The guy who has the power to hire and fire should also be within a 15 minute walk of your office (his pace, not yours).
Decentralized security (the transparent border) has been a rationalization used to spend less money on security and to justify the convenience of teleworking with minimal spending.
External people need access to a service or data set? Good. Stick that service in a DMZ and restrict who can access that. Even better, give them a laptop configured so that it is only capable of connecting to your DMZ. Block your internal users from accessing the DMZ too. If you have to supply access from between the internal network and the DMZ, use an application proxy and limit what can go through where, when (yes time limits) and how.
The only company whose network diagram should look like the picture above is one who gives away network access for free and doesn't require passwords. (In other words, they have no service or data set, only connectivity.)
Yeah, we're going to need identity-based security to be able to use IPv6, but that technology isn't available yet. And don't go pushing NAC at me. That only works when you own the network from end to end (i.e., it's centralized security and won't work with a decentralized network).
Gunnary writes that security models must mirror the changes in business and technology or it's going to be broken. I think he's over-simplified the issue. While the company's "mission" may change greatly (moving from selling sneakers to MP3 players), the reason that the network is there changes little (provide word processing and access to the database).
Decentralized security only works when your users cannot exert changes in any part of the network or even on their local system. If any one of them can connect their node to any other network then there's going to be trouble (ask CNN to tell the story about their senior management and the Welchia worm). If they can connect to yours and the other at the same time, you're screwed.
En masse.
Here's a hint: if you have a firewall like what Gunnar describes, with thousands of open ports, then your security domain is too big and your security policy is too generic. They should both be broken into communities of interest and protected as separate entities.
Don't believe me? Go interview any Fortune 500 company. I'm willing to bet they partition off specific pieces of the network from their own users, not to mention the rest of the world.
Friday, November 17, 2006
Zyxel AG-225H
Thursday, November 16, 2006
The truck
Update: It's on the newstands! Ethan's project is on page 151. Ironically, the cover has a pinball machine on the front of it which is what he's toying with now. For those that don't know, Ethan is the one who stood up RockTheSkillCrane.com.
Wednesday, November 15, 2006
Wi-Spy
IPv6 Security Issues
Tuesday, November 14, 2006
IJDE
Monday, November 13, 2006
Sunday, November 12, 2006
Indian Head?
Saturday, November 11, 2006
MyDoom
Also, would Stephanie Micheneau please review the need for response e-mails for detected infections? MyDoom forges source addresses and I do not run networked systems susceptable to W32 viruses. So please stop yelling at me... (heh)
More customer hell
- You're only buying basic capability. The ability to view those Hak5 or Digital Life vidcasts requires the purchase of additional plugins.
- Archos has a really crappy interface for obtaining those downloads. The font on my product key didn't readily indicate the difference in similar characters so I typed in "O" when I should have typed in "0" (see?). The interface isn't written to self correct.
- The interface has some serious logic issues. Using the activation code with a mistyped product key burns the activation code at the same time that it spits back an error code about the product key. In other words, you can't then fix the product key and legitimately use the activiation key with the good product key.
- The interface has no way to fix the above. Customer support's fix for this is to refund your purchase (something that takes a number of business days to occur).
- The interface is a piece of shit because it's just a digital front end to a manual process. I re-ordered the plugin at 1:45 today and they still haven't forwarded the purchase to processing (the site does have a tracking capability). Now that it's after "business hours", I have to wait until Monday to get this fixed. Needless to say, I'm on the road again, starting Sunday.
Really, a $20 purchase shouldn't be this much of a headache. If it's not fixed first thing on Monday, I'm considering siccing my wife on 'em. (heh)
Wednesday, November 8, 2006
Cox
One thing about monopolies. You can usually treat your customers as poorly as you can get away with, without the PUC stepping in. However, you can go too far. Point in case...
My wife ordered two DVR's from Cox Cable and even offered to pick them up at the local store. No, no, Cox insists on overnight shipping.
Three days later they're setting on our porch when we get home from work. One of them is missing it's power cord. After forty-five minutes of being on hold, we determine the other (obviously a refurb) can only display the schedule (no video).
One phone call later, we discover that they can't be shipped back, we have to take them in to the local store. This means that I either have to take a day off or burn a Saturday morning to visit the store.
Two days later, I'm standing outside the local store, waiting for it to open. Unfortunately, other people knew I was going to be there so they decided that they had to show their solidarity by also standing in line. Ahead of me.
Two hours later, I'm at the counter, explaining to the problem with the box to the guy behind the counter. He explains that due to a mix up at the warehouse, he cannot replace my box at this time and asks if I would like to schedule a visit to my house. A few questions later, I discover that I would be charged for this visit.
Five minutes later, I leave the store (with a receipt for the box I just turned in) with a promise that we would be called when a new box is available.
After a few stops at the local gas station, burger joint and shopping center, I arrive home to realize that I hadn't called my wife (when I left the store) to tell her "How The Cable Company Was Going To Fix Her DVR".
Fifteen minutes later, she's extracted a refund for the money paid for the service-so-far, a credit for $20, and a promise that the next available DVR would be shipped to the house. (Have I said that I am in awe of my wife sometimes?)
Five minutes later, I realize that the phrase "ship overnight" was used. (Have I mentioned that sometimes I'm a little slow on the uptake?)
Of course, three days later we arrive home to find that the delivery guy had left the box on the front porch again (we've asked them not to do that).
Ninety seconds later, we place the box on the dining table and open it to discover that the device delivered was a cable converter, not a DVR.
A split second later, I'm able to actually see the large capital letters as they pass through my wife's lips:AUGH!! (I think I know where Charles M. Shultz got the idea.)
Ten seconds later, my wife has dialed the phone to customer support. After the obligatory waiting period, during which the not-really-soothing hold-music is interrupted a number of times by your-business-is-important-to-us-please-hold messages, my wife has determined that: there are no DVR's available at this time as the ones available are reserved for people already on the list for replacement, there's been another mix up at the warehouse, we still don't want to schedule a visit, there's actually no supervisor on duty in the call center at the moment, the operator is unable to understand why my wife is angry, and, ooh!, a supervisor just walked in.
Two minutes later, my wife has a promise that someone will drive out to the house (from the only store in town) to hand deliver the DVR. (Have I said that I sometimes fear my wife?) Whether or not the device actually shows up remains to be seen. I'm not concerned about it though. In situations like this, I never am. It's always handled by my awesome/fearsome/loving wife who used to supervise customer support for a large Japanese conglomerate.
I will admit that I find these snafu's funny much, much earlier than she does. (I think that it's funny now.)
My advice to Cox: 1) Fire the guy in the warehouse (or the programmer that wrote the excuse generator). 2) Tell the poor schmuck who's delivering the box to smile and back away... 3) ...slowly... 4) ... from my wife. The dog only bites. 5) For lessons learned, write down that there exists an Ol' Girl Network (that didn't come out right but you get the idea), somewhat of a NANOG for current and former supervisors of customer service centers, where members have met at conferences, made friends, and know all of the office phone numbers and some of the home phone numbers of many of the OGN members. I doubt The Kevin Bacon Game works here (there's not that much separation) and, for me, "reach out and touch someone" has taken on a different meaning.
Uh, I did indicate that my wife can be scary sometimes?
Hint for those that still don't get it: my wife makes our Halloween costumes with a collection of t-shirts, cans of black and red spray paint, and whatever vehicle happens to be parked in the driveway. (We go as "road kill".) (The trick is to spray the tire as the vehicle is rolling.)
Update: The box was delivered. I discovered: he has a wife too, there really was a mix up at the warehouse (grain of salt needed here but...), and you can catch cold after getting extremely soggy, standing in the front yard, in the dark, in the rain, talking about your wife.
Tuesday, November 7, 2006
Monday, November 6, 2006
Wicrawl and Backtrack
The video of the Toorcon 2006 presentation can be viewed here (hi-res), here (lo-res), or downloaded here (note: slow download).
There is a claim that the tool will be included in the next Backtrack CD which, BTW, has a beta of BT 2.0 out. There is also a training site for BT and a demo video for the new disk.