Saturday, September 26, 2009

Free west seattle wi-fi

Finally got a secondary wi-fi setup at home for guests, iPhone users, and neighbors who need to borrow it.  Like Bruce Schneier, I just think it's the neighborly thing to do.  Until now, I couldn't allow it because my main wi-fi needs encryption to keep interlopers off my LAN.  But, the secondary wi-fi is in a DMZ so all that is accessible is the Internet.

SSID:  hellohansenview


* Hansen View is the official name of my neighborhood.

Curious if anyone else out there vends open wi-fi for the interloper?

I've borrowed some neighbor's open linksys many a time to get info on the Internet when my DSL is down.  But these days, most are encrypted, which makes me sad.

Thursday, September 24, 2009

Obama does not go far enough with financial regulation

I work for a company that is 'too big to fail' and that is a scary prospect.  Here's another thing on the list that I don't agree with Obama about.  I like him a great deal, but don't think he's as progressive as he was billed...

Hopefully congress can see through this and will pass some decent legislation regarding overhauling the so-called PATRIOT act and other things that Obama has not taken a very strong stand on.

Volcker: Obama Plans Maintain 'Too Big To Fail'
A top White House economic adviser says the Obama administration's proposed overhaul of financial rules preserves the policy of "too big to fail," and could lead to future bailouts.

Former Federal Reserve Chairman Paul Volcker said Thursday that by designating some companies as critical to the broader financial system, the plans create an expectation that those firms enjoy government backing in tough times. That implies those financial companies "will be sheltered by access to a federal safety net," he said.

Monday, September 21, 2009

Why I hate my 2wire DSL modem

Recently, all Internet connectivity decided to stop working at home.  I tracked the problem down to my 2wire 2700HG-B DSL modem that was the more reliable of the two (my other is an Actiontec gt701-wg) that was just dropping packets into the ether somehow.  So, I put my Actiontec back in service briefly, only to be reminded of how flaky it was, stopping responding to even pings to the LAN interface every once and a while.  I ended up bricking the Actiontec in trying to do a recovery installation to it so I could clear out the flash completely to see if that would make it more reliable.

So, it was spend-5-hours-to-get-the-2wire-working-again.  Toward the end of the 5 hours, I asked myself why the WAN configuration was different, and I think that the 2wire (from AT&T; bought on ebay) did a firmware auto-upgrade on me and that hosed everything up so that it did not operate correctly with the same configuration as before.

So, I had to borrow some neighborhood wi-fi time to research how to get a similar configuration with the new firmware.  I succeeded in getting outbound Internet working at about 2am and left well enough alone.  It seems as if you can change a little setting and all of a sudden everything stops working.  Highly temperamental. 

But that left inbound Internet not working, which was okay for a few days.  I just decided to make an attempt (while I'm trying to obtain a motorola 3347 to replace it) to get inbound Internet working again even with a sub-optimal configuration.  I was not able to get the routed subnet to work at all inbound.  The firewall on the 2wire just does not work right inbound.  Even if I set it to disable the firewall inbound for the routed subnet, no packets come into the LAN.

So I abandoned the routed subnet and went with a sub-optimal SNAT configuration, along with editing routing the public IP to an internal IP.  Which still didn't work because the stupid firewall on the 2wire still did not allow packets to come in even in DMZplus mode.  So, next step was to do port "pinhole" configuration in the firewall to allow the services I wanted inbound.  Okay, that works.  This all of course required me to first wait forever for the local LAN device to be magically re-detected by the 2wire so that I could actually configure the IP allocation and firewall settings...  Why, oh why, can you not just manually specify what the stupid IP address is you want for the local device?  Auto detection is not easier if it does not work as expected or is not reliable people!

The most ridiculous thing was then that the 2wire seems to do SNAT not only inbound, but outbound as well!  So when it sees a packet come from a host behind the firewall with a private IP, like, that it NATs outbound to a public IP, say, it actually SNATs the packets before applying the firewall rules so it turns the outbound packets into requests _from_ -- totally munging up the distinction of LAN/WAN IPs and preventing any meaningful ability to configure rules to allow traffic to route out to the public IP but back into the LAN device from the intranet.  You see these fun messages int he event log:  "IP Source and Destination Address are the same, Packet Dropped"  Just dumb.

So back in to configure additional SNAT and routing rules with a virtual interface to prevent packets from leaving the LAN and being dropped by the 2wire.  Ugh.
  • Destructive auto-update
  • Inflexible firewall
  • Inflexible NAT/routing (and doesn't even work right)
  • Occasionally stops responding to packets on the LAN interface (but still on the WAN interface)
  • Inflexible addressing options for wireless, etc.

Sunday, September 6, 2009

Study: Who Causes Bicycle Deaths? (90% of the time, motorists)

The Daily Dish | By Andrew Sullivan
Who Causes Bicycle Deaths?

What the Internet knows about you - scary

This site is a demonstration that makes use of CSS and/or javascript tricks (noscript will not help you) to show the kind of information that your browser leaks about you, if someone was to want to look for it.

e.g. if a site wanted to see if you had visited their competitor's sites, they could use this technique to peek into your browser history.  Or maybe they want to see if you've ever been to a popular pr0n site.  Or maybe your employer wants to see if you've visited wikileaks, etc.

What the Internet knows about you