Slashdot Mirror
Responsible Wireless Access For Your Access Point
bgood writes: "O'Reilly Network has an interesting article on authentication for wireless networks. The author discusses both the technical aspects, specifically NoCatAuth, and the overall context of why someone would choose (or not choose) to monitor or track the use of their wireless network. While geared towards network neighborhoods, the article definitely has applicability in more formal settings."
All your first posts are belong to me!!!!!!!!!!!!!
How did CmdrTaco get his name? We now know more of the story.
The story goes something like this. Rob Malda always liked tacos. He would eat them every day. Rob would also shove taco shells up his ass. Since CowboyNeal loved to spank Rob (and Rob enjoyed being spanked by CowboyNeal), the taco shells would be smashed driving the shards into his puckered filthy anus.
Like most Mexican food, the tacos gave Rob lots of farts and shit coming out of his ass. The farts stank everything up so much so that Hemos (the name Hemos as we know came from the two words he and homos) and the rest complained constantly. The only relief was when RMS would come over to suck their dicks since RMS stank worse than Rob since he hasn't taken a bath or shower in over 20 years.
The other problem was the shit coming out of Rob's ass. One problem was that Rob was a shit dribbler. (This was a result of the smashed taco shells in his ass. You could think of it as a miniture version of the anus of the goatse.cx guy.) That meant that whereever he went in the slashdot compound there would be a small layer of shit on the floor. (You know that everyone in the slashdot compound is naked so Rob never shit in his pants unless he went outside.)The other problem was that the toilet was always clogged from when Rob needed to take an actual shit meaning that JonKatz would have to piss and shit outside. Needless to say the neighbors did not appricate this leading to JonKatz's arrest many times. (It's too bad that he wasn't kept in jail.) This problem was eventually solved by letting JonKatz shit out stories on slashdot. What??? You thought that JonKatz's stories came from a part of his body other than his ass????
It was later discovered that Rob was a toilet slave. He enjoyed eating other people's shit. Instead the rest of them force fed him his own shit. Rob would also lick the floors clean. Thus, he commanded the taco for its entire life cycle (from both ends of his body no less) earning the name Commander Taco. This was later shortened to CmdrTaco.
Digital Divide? The only divide Linux can bridge is the crack of my ass, when I use it to wipe my ass clean.
OPEN SOURCE PROGRAMMERS STINK
2 51 &mode=thread
Slashot admits the truth here:
http://slashdot.org/article.pl?sid=01/10/25/219
As we already know open source programmers stink, both at their jobs, and in general. Take RMS for instance. He can't get a job as a real programmer so he starts the FSF. He also hasn't taken a bath or shower in over 20 years making him stink in general. Living in a dark cave doesn't help either. I don't want to know what is crawling around in his hair.
I'm sure there are people at your office who are just like RMS if they can hold their jobs. You know they are close because you can smell them. You are spending hours of overtime fixing their code.
For anyone reading this post none of this is a suprise. However, slashdot is a bastion of open source programmers. That is why the code is so bad, and its the only website that you can smell over the internet because it reaks!!!!
What was suprising to me (and to you I'm sure) was that slashdot admitted in the above linked article that open source programmers stink.
I commend slashdot for admitting the brutal yet honest truth.
Digital Divide? The only divide Linux can bridge is the crack of my ass, when I use it to wipe my ass clean.
... would be if you could easily set aside a certain percentage of your bandwidth (say 10-15%) for use by other people, and more if its available. That way you aren't taking a backseat to freeloaders on your own network, but you also aren't curring people off whenever you start a big, bandwidth-heavy transfer.
___
Cogito cogito, ergo cogito sum.
wtf is wrong with you fucking shit-samplers?
post, dammit!!!!!!!
i have a smaller than average penis.
-s.
Otoh, any marketing folks from Verisign reading here? Could be a whole new niche...
NeighborCert (tm)
Yet another crppling bombshell hit the beleaguered *BSD community when recently IDC confrmed that *BSD accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as further exemplified by failing dead last in th recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all, having lost 93% of its core developers.
Let's keep to the facts and look at the numbers.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.
Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: *BSD is dead
The major problem with access points are the ACL rules, and no the auth process. Even 128bit keys can be sniffed and cracked, the only mildly effective method for security of the AP is IPSEC on IP, and MAC address based firewall rules.
Microsoft has been on to this stuff for years.
Ever wonder why not more people care? Because your ideas are so unoriginal!
I live near Sonoma County and heard about the community networks, problem is that using a anything other than a regular computer with a wireless 802.11b device can't get access. I had my Ipaq with linux installed, and with a good signal. Maybe it just needs tweaking.
"Get them before they get....
I would gladly open up my wireless network, but the firewall/switch/access point puts the wireless network on my side of the firewall. That kindof defeats the whole purpose of the firewall - Sure it's secure from 99.999% of the internet, but people can get in via wireless. Ideally, I'd like to manage the rules between the wireless part and my wired desktop computer, but I guess that would require the purchase of a real firewall. It's a shame; it would just take a little more software!!
HIV Crosses Species Barrier... into Muppets
- All clients get immediete dhcp lease with minimal bandwidth from local gateway
- client optionally posts credentials via SSL to auth service (using server SSL, no client cert required, although this could save steps)
- auth service sends PGP-encrypted credentials in a message to local gateway
- local gateway decrypts and validates data from master and matches to client credentials
- client is upgraded with more bandwidth, or other goodies (if he's neighborly
:-)
All in all, sounds like a cool perl script to me!Welcome to my Cable[2Mbps] WAP kind neighbor!
1) Login as Anonymous Terrorist.
2) Login as Registered Patriot (same as above, only more inconvenient)
3) Login as Port80 Leech-Only.
4) Login as Power-Tripping Network Admin.
5) Exit and try down the street.
Power to the Peaceful
You don't like the truth about you being exposed????
Digital Divide? The only divide Linux can bridge is the crack of my ass, when I use it to wipe my ass clean.
Wow, people need to implement authentication so that haxors with laptops don't drive by in their Hondas(YES, most hackers are ASIAN) and go about their evil business. I never thought of that. In other news, CmdrTaco likes GUYS!! I'm shocked and stunned!!
Here's the deal: Wireless networks are wireless. So any fool that can recieve a signal can get into your network. If you didn't know this then you are a mother fucking cock gobbling cum stain chicken shit faggot.
Thank you.
I see a lot of this on /. . Can you explain why? Isn't it boring to write dumb stuff on the web that nobody reads? You'll be modded down and it will disappear. Why do this?
That which does not kill me only makes me whinier
What model router/switch/accesspoint are you using?
I plan on using NoCatAuth in the future but currently I have my 802.11 network setup free and clear (minus a simple wep key that is only on for a joke reason (ask me what the key is :)).
I don't really have to worry much about the bandwidth because no one that would use a wireless freenet comes into my area of town. Most of them have their own dsl, thats the irony of setting it up so far. If your in Santa Rosa near railroad square and you want free access (while traveling etc) send me an email.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
The Linksys BEFW11P1 - router+firewall+wirelessAP+printserver
Also, the version without the printserver but with more local wired outputs (3 vs. 1) looks similar, but is totally different! Mine has a crummy PCMCIA antenna, the other has 2 nice external antennas. (Same price for either)
HIV Crosses Species Barrier... into Muppets
Something that requires the use of HTTP and human intervention just to get IP-level access is no good. Your laptop can't connect itself up and poll for mail without manual intervention. Back to the drawing board.
1. i can get into the country immediately
2. i can optionally show ID to get a VISA
3. send my info to FBI
4. you get back to me on that
5. i get to screw your wife and you get mine.
good plan man.
Do you like gladiator films? Have you ever seen a grown man naked?
C - A language that combines the speed of assembly with the ease of use of assembly.
GRANTS PASS, Ore. (AP) - Ken Kesey, who railed against authority in ``One Flew Over the Cuckoo's Nest'' and orchestrated an LSD-fueled bus ride that helped immortalize the psychedelic 1960s, died Saturday. He was 66.
Kesey died at Sacred Heart Medical Center in Eugene, two weeks after cancer surgery to remove 40 percent of his liver.
After studying writing at Stanford University, Kesey gained fame in 1962 with ``One Flew Over the Cuckoo's Nest,'' followed quickly with ``Sometimes a Great Notion'' in 1964. He went 28 years before publishing his third major novel.
With Neal Cassady, hero of Jack Kerouac's beat generation classic, ``On The Road,'' behind the wheel, and a pitcher of LSD-spiked Kool-Aid in the refrigerator, Kesey led a group of friends known as the Merry Pranksters on a 1964 trip to the New York World's Fair. The journey was documented in Tom Wolfe's 1968 account, ``The Electric Kool-Aid Acid Test.''
``There was a lot of the frontiersman in him, an unwillingness to accept conventional answers to a lot of profound questions,'' said Pulitzer Prize winning novelist Larry McMurtry, who was in a Stanford writing seminar with Kesey. ``We argued and debated a lot of things. But I never would not listen to him, even if I thought some of what he said was gobbledygook, because there would always be the perception of genius if you waited him out.''
When the Los Angeles Times honored Kesey's lifetime of work with the Robert Kirsh Award in 1991, Charles Bowden wrote that ``Anyone trying to get a handle on our times had better read Kesey. And unless we get lucky and things change, they're going to have to read him a century from now too.''
``Sometimes a Great Notion,'' widely considered Kesey's best book, tells the saga of the Stamper clan, rugged independent loggers carving a living out of the Oregon woods under the motto, ``Never Give A Inch.'' It was made into a movie starring Henry Fonda and Paul Newman.
But ``One Flew Over the Cuckoo's Nest'' became much more widely known because of a movie that Kesey hated. It tells the story of R.P. McMurphy, who feigned insanity to get off a prison farm, only to be lobotomized when he threatened the authority of the mental hospital.
The 1974 movie swept the Academy Awards for best picture, best director, best actor and best actress, but Kesey sued the producers because it took the viewpoint away from the character of the schizophrenic Indian, Chief Bromden.
Kesey based the story on experiences working at the Veterans Administration hospital in Palo Alto, Calif., while attending Wallace Stegner's writing seminar at Stanford. Kesey also volunteered for experiments with LSD.
Another member of the Stegner seminar, poet, essayist and novelist Wendell Berry, keeps a picture of Kesey, himself, and friend Ken Babbs on his desk in Port Royal, Ky. The photo was taken during a visit last fall to Oregon.
``He was one of the few people I ever knew who could stand straight up without putting his hands in his pockets or leaning on anything,'' Berry said. ``He was free-standing in that way, if you know what I mean. That told a lot about him.
``He was a man, as far as I could tell, totally without pretense. He never was pretending to be somebody he wasn't. And he never pretended to be the man he was,'' Berry said.
After ``Cuckoo's Nest,'' Kesey continued to write short autobiographical fiction, magazine articles and children's books, but didn't produce another major novel until ``Sailor Song'' in 1992, his long-awaited Alaska book, which he described as a story of ``love at the end of the world.''
``This is a real old-fashioned form,'' he said of the novel. ``But it is sort of the Vatican of the art. Every once in a while you've got to go get a blessing from the pope.''
Kesey considered pranks part of his art, and in 1990 took a poke at the Smithsonian Institution by announcing he would drive his old psychedelic bus to Washington, D.C., to give it to the nation. The museum recognized the bus as a new one, with no particular history, and rejected the gift.
In a 1990 interview with The Associated Press, Kesey said it had become harder to write since he became famous.
``Famous isn't good for a writer. You don't observe well when you're being observed,'' he said.
In 1990, Kesey returned to the University of Oregon - where he had earned a bachelor's degree in journalism - to teach novel writing. With each student assigned a character and writing under the gun, the class produced ``Caverns,'' under the pen name OU Levon, or UO Novel spelled backward.
Among his proudest achievements was seeing ``Little Tricker the Squirrel Meets Big Double the Bear,'' which he wrote from an Ozark mountains tale told by his grandmother, included on the 1991 Library of Congress list of suggested children's books.
``I'm up there with Dr. Seuss,'' he crowed.
Fond of performing, Kesey sometimes recited the piece in top hat and tails accompanied by an orchestra, throwing a shawl over his head while assuming the character of his grandmother reciting the nursery rhyme, ``One Flew Over the Cuckoo's Nest.''
Born in La Junta, Colo., on Sept. 17, 1935, Kesey moved as a young boy in 1943 from the dry prairie to his grandparents' dairy farm in Oregon's lush Willamette Valley.
After serving four months in jail for a marijuana bust in California, he set down roots in Pleasant Hill in 1965 with his high school sweetheart, Faye, and reared four children. Their rambling red barn house with the big Pennsylvania Dutch star on the side became a landmark of the psychedelic era, attracting strangers in tie-dyed clothing seeking enlightenment.
Furthur rusted away in a boggy pasture while Kesey raised beef cattle.
Kesey's son Jed, killed in a 1984 van wreck on a road trip with the University of Oregon wrestling team, was buried in the back yard. Kesey also wrestled in college.
Kesey was diagnosed with diabetes in 1992.
In a recorded message on Kesey's office phone, Babbs said: ``Ken Kesey, a great husband, father, granddad and friend. Done in by a bum liver. As always, he gave it a great fight, but his body pulled its last dirty trick and done him in. If he has one legacy it is for us the living to carry on with courage, compassion, generosity and love.''
On the Net:
Kesey information: http://www.intrepidtrips.com
Good. I was going to scream if this was another article whose only set of instructions began 'right click on Network Neighborhood'.
Free Java games for your phone: Tontie, Sokoban
Hello. I might be considered an "insider" in this field. I work at a semi-large ISP where we provide wireless connectivity using BreezeCom network equiptment. Employing large (from 9-24 inch) antennas, and uni-and omni-directional antennas mounted on prominent structures, we are able to send up to 3Mb/s to hosts.
The security here is terrible. We use no authentication via radius or any other method. Anyone with a 802.11 network card, and a sufficient antenna could steal connectivity, and we could not currently tell.
There exists ways to detect this, by monitering the MAC addresses connecting to the APs on the towers, but this is not employed. Neither is each radio catalogued, and IPs, for the most part, are assigned by the DHCP server with no logging.
I do not know if this is typical of most wireless companies, but if it is, then things should be ripe for the taking. I'm posting anonymously, because my company has a history of firing and suing for less
.
...does slashdot suck so badly?
I was modded down as overrated while I was rated a 1? What a jerk.
"Taco-snotting" is a term used by Rob Malda of Slashdot, otherwise known as CmdrTaco, to refer to the practice of sucking off a homosexual man (or unwilling heterosexual) and blowing the semen back out his nose onto the other man's face or body. Usually a long stream of semen is left on CmdrTaco's face, dribbling out of his nose: hence the term, "Taco-snotting."
Have you ever been Taco-Snotted?
Unfortunately, yes. I met CmdrTaco at an Open Source convention and he invited me back to his room for a game of Quake. When I got to his room, he jumped me and tied me to his bed, naked. He Taco-snotted me three times over the next two hours, sucking me to orgasm then snotting my semen onto my face, in my mouth, then again on my belly.
CmdrTaco invited several of his Open Source convention (or rather, Open Sauce convention, man sauce) buddies over to continue the snotfest. Linux Torvalds raped my ass with his monolithic kernel, and Anal Cox used his network stack in various unspeakable ways.
Why am I getting emails from CmdrTaco asking me if I would enjoy a round of Taco-snotting with him?
You may have recently received an email similar to the following: You most likely accidentally forgot to uncheck the "Willing to Taco-snot" checkbox in your preferences. Whenever CmdrTaco gets bored, he roams through the Slashdot database, penis in hand, looking for people who might enjoy being Taco-snotted. And this time, he found you. Lucky you.
CmdrTaco probably already got the hots for your semen, and there's no escaping a geek in hear, so it's probably too late, but you can possibly rectify this situation. To remove yourself from the listings, log into your Slashdot account, go to your user page, click on You, and uncheck the box next to "Willing to Taco-snot."
I can't stop receiving these emails from CmdrTaco!?
Probably not. If you indulge him in a Taco-snot or two, he might leave you alone. You might also want to look into mail filtering, or purchasing a heavy, blunt object to ward off rampaging homosexual geeks in heat. Trust me, when they charge... oh, the humanity. If he gets you, and you let him Taco-snot you, he might chain you up in his basement and use you as his sex slave for the rest of your life, or until he accidentally drowns you in cum while using you as his sex pony in a "circle-snot." It very nearly happened to me.
What is a "Circle-snot"?
A "circle-snot" is a Taco-snotting circle-jerk: When CmdrTaco, CowboiKneel, and Homos get together and Taco-snot each other with their gooey, hot and sticky cum, spooging all over each other's faces and bodies until they're covered with their sticky, sweet man juice. Roblowme usually provides extra lubricant; he owns a limo service and has ample supplies of motor oil and axle grease.
To complete the circle, Michael, Timothy, and Jamie sometimes join in, dressed in Nazi Gestapo uniforms, jack boots, and leather gloves. They all then proceed to snot each other's cum and whip each other's asses with riding crops and cattleprods until their pasty, white geek bodies are exhausted from all the passionate, homosexual revelry.
Does Jon Katz get involved in this? I thought he was a paedophile, not a homosexual.
Actually, he's a homosexual paedophile. He's also a coprophiliac, and a zoophile. Jon Katz is somewhat of a loner and doesn't involve himself in circle-snots. Mr. Katz usually engages in a game called "Katz juicy-douching" with his harem of little boys, which involves administering an enema to himself of little-boy urine, spooging the vile muck from his ass into a plastic bag, then slathering the goo all over his little boy's chained up and naked bodies. Unwilling boys are tortured until they comply and allow Mr. Katz to juice-douche them for the rest of their lives.
As I already said, Mr. Katz is also a zoophile. As if the sexual escapades with the little boys aren't enough, Jon usually enjoys his juicy-douches best when his penis is firmly planted in a goat's anus. He also is rumoured to get off on making his little boys eat the goat's small, bean-like turds.
Are you getting hard writing this?
Why, yes.
No, thanks. I'm already Taco's boi toi.
$Id: tacosnotting.txt,v 1.3 2001/11/09 23:48:44 wipo Exp $
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
Sounds like you need to create another side to your network.
If you have one machine running a firewall with the public internet connection (that is, it has a real IP address), you can have one set of rules for computers that you trust, one for wireless access. The wireless network has different rules for Owner, Co-Op, and Public, and does not have to use the same firewall rules as your wired network. You can still block the wireless access (different blocking for each group, ie owner might have access to the wired network, Co-Op and Public do not).
Stateful firewalls do not have to filter only one direction, and you could not run No-Cat without a stateful firewall.
Troll Like a Champion Today
NoCatAuth is unnecessary...
802.1x is the standard to follow
Of course, 802.1x needs to have the ability to pass authentication of to a third, external party (like Verisign) added to the spec., but that's a simple matter of sematic and coding (which, of course, is trivial).
You know... I expected more from the IEEE, but, hey, from what I understand they're handing out EE degrees these days like lollypops to children.
The biggest issue for freenets, IMO, is liability - if someone wanders past your access point and sends a huge amount of spam, or starts a DoS attack on remote sites, you may well find your ISP cuts off your access. In the worst case, you might be legally liable under various anti-spam or other laws.
Just as ISPs have contracts with their customers, and authenticate them, it may end up being necessary to have contracts with your freenet users and to authenticate them. Of course, if they are friends it may be enough to just authenticate them... IANAL but something that indemnifies you against lawsuits etc would be very useful.
This goes against the freenet ideal but unfortunately providing Internet access can be a legal minefield.
The AUP on my @home account explicitly forbids sharing the service with "third parties." I can either pay for up to 5 distinct IP addresses ($6.95 extra) or I can use a Linksys router and then there is no limit in how many computers I connect as long as they are all within my household.
:-(
My linksys is currently sitting in a box waiting for me to put in on eBay. It is a great piece of work, but my company installed a checkpoint firewall and the router won't work with our VPN even if I put the machine in the DMZ.
I am planning on switching my assigned PC at work for a laptop, and What I would like to have is a wireless access point that works as a hub or switch, not as a router. And I want something that won't allow access to the access point unless there is some real encryption. This way I can have wireless access for my household and I don't have to worry about @home killing my account for violating AUP. I cannot afford to lose my broadband since we don't have DSL around here yet
Any suggestions?
Pedro
----
The Insomniac Coder
The thing that I have to wonder about in all of this is potentially nasty liability that having an open access point may open you up to.
We have all read the stories of the FBI busting people's doors down and confiscating equipment because they were suspected of a heinous act, be it hacking, kiddie-porn, etc.
Hell, just inviting a few thousand of your closest friends to join your pyramid scheme is usually enough to get your ISP to cut your connection with no warning. Do you really want to risk becoming spam central?
The last thing I want is my door being busted down because of what an anonymous freak with an 802.11 card did from behind MY IP address!
Although I applaud the generosity of the people who provide the so-called "community networks", I would have to think they are just opening themselves up to a world of hurt.
And then later:
No, it also requires Javascript. I'm sure I could script a workaround, but it's one more damn thing to go wrong. And if ubiquitous 802.11 existed, I'd want to use it primarily for ssh, not web. Reading between the lines, 'the public' would not be allowed to ssh. This scheme is oriented towards the idea that internet==web, and of course everyone has javascript.
On the whole, however, I'm impressed by this system. The idealistic idea of free open wireless was threatened by the possibility of anonymous abuse and bandwidth hogging. Nocat appears to make it viable, even in the face of real-world threats. This could have far-reaching effects in undermining the emerging broadband monopolies. The ability to charge for unrestricted access could lead to financially healthy networks with lots of upstream bandwidth. And the ability to use before buying means that you would already know a network's reliability and coverage.
Lastly, I'm a little concerned by the centralization of power implied in the article. If I read it correctly, there is a single trusted authentication service at nocat.net. If the nocat scheme takes off, this center will be a natural target for foes of the internet such as MPAA/RIAA/etc. I hope that if the system takes off, multiple authentication sites will emerge.
it's all GPL'd so you could start your own authentication server. There's nothing stopping you. It's also set up so that groups could roam from group to group. Say you're from Seattle and you're in NYC. You should be able to get co-op status.
And both of those are totally different to the WAP11, which has wireless and one wired output. (The WAP11 supports wireless network bridging to similar units, both point-point and point-multipoint).