Slashdot Mirror
80% of WiFi Networks are still Insecure, Kismet Author Says
acz writes "The brain and guts driving the development of Kismet is Mike Kershaw alias Dragorn, who works during the day on IBM mainframes and hacks code at night. Kismet is simply the best war driving tool out there plus it's free as in GPL and can even run on your linux PDA. In a recent interview posted on HERT today, he says: 'I've become entirely jaded towards security as a whole (or rather, people's complete lack of it) and not much surprises me when it comes to open wireless networks. ... the overall percentage of unencrypted networks is still at about 80%.'"
I leave an unencrypted access point open in the no-mans-land between my broadband modem and my router, on purpose. I think a lot of people do something like that, or even keep their whole LAN open to the access point, in order to promote free WiFi.
Shouldn't that be "insecure"? How someone could make this mistake in the day and age of internet dictionaries is unpossible to contemplate.
Am I the only one who heard Roxette to sing "I'm gonna get blitzed for some sex"?
Go for a drive around town running netstumbler or kismet. I can pick up two hundred access points in 5-10 miles, and the vast majority of them are unprotected... Probably more than 80%. Even more interesting than that is the fact that you can tell which people have actually tried to configure their access points. Many people are using default SSID's and no protection. Kind of scary if you ask me, but hey, it almost guarantees free internet in some neighborhoods.
I know in suburba the number is much higher as opposed to downtown San Francisco.
The key can easily be obtained and with the tools out there it is just as insecure as having the data unencrpted since its easy to fool the AP to giving you the key.
IPSEC is the way to go but my router and older system do not support it.
Linksys supports IPSEC but guess what?
There is a default admin password that anyone can use to log in. SO whats the point?
http://saveie6.com/
When I got my first wi-fi enabled laptop, I decided to wardrive down a busy road in a residential area. I picked up 11 APs along the way, one of which had been secured. The other 10 used the default SSID with no WEP. Whatever befalls the people with the unsecured APs is deserved for not reading the freaking manual. They have the mentality of "I plugged it in and it just works! Whoopee!"
There is a difference between "insightful" and "inciteful" other than spelling.
Ahh... digital extortion. "I secures dis here network, see, or Clamps here breaks into yous guyses computer and steals yur credit card numbers. Capice?"
I'm in the hole of the broadband donut.
Are we supposed to be securing our WiFi networks to stop people using them as SPAMming outlets and entry points to delicate data, or are we supposed to be leaving our WiFi networks open so we can share our connectivity and bring about a utopian world of high speed, anywhere connectivity?
(Yes, yes, I know, the right security for the right place)
Stuart
It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
With all of the controversy over who is responsible for downloads off of someones access point I will stay wired just to be safe. I can at least provide some kind of physical security over cat5 runs.
Got hosting
LOL, I went to high school with 'Kersh. I remember how he showed me the first UN*X I've ever seen, mkLinux on his PowerBook 3400. The man is single-handedly responsible for both my affection for Apple and for getting me into Linux. Not to mention that he showed my friends and I 'South Park' long before it was ever on TV (it was '97 or '98 when he showed us jesus-vs-santa).
:-)
Now he's the guy behind kismet, which I use to monitor WiFi at work.
Thanks 'Kersh! I wish you much success with career and hobby, and hope you find a real-life anime chick to settle down with. Send me some tentacle-shots when you do.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
Wireless networks have a lower Totacl Cost of 0wnership (TC0) !!!
Can someone answer the following:
* Why aren't WAPs shipped with encryption turned on by default?
* With many well-known strong encryption schemes, why was the weak WEP made standard?
LS
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
from the post:
from the article:
An insecure network and an unencrypted network are not the same thing. WEP is encrypted, yet insecure, while secure IMAP and SSH are secure by providing end to end encryption, instead of relying on the network to provide it.
-jim
Of course, that gets you an IP that lets you ping the firewall. More specifically, you can ping the dedicated NIC on the paranoid OpenBSD server that lets through connections to my Squid server (which requires authentication), my mailserver (which requires authentication), my DNS server, and my NTP server.
If getting an IP on my WLAN counts as "insecure", then count my network as bad. However, that's a bit too broad a brush for my tastes. In my setup WEP offers no advantages whatsoever so I never bothered with it, but I guess that makes me just another dumb newbie in their survey.
Dewey, what part of this looks like authorities should be involved?
Oh, ..
My photolog
A "lot" of people don't do that. The overwhelming majority of people who have WiFi have no idea or comprehension of setting up free WiFi for others when they put it in their home. This is /. so you might not be so out of the oridinary here, but in the general populace such reasons for that config are not statistically significant.
It pisses me off that in order to use Kismac fully, I have to get another wireless card - even though I have Airport Extreme. Just release the specs already - what is the point of keeping them closed source?
Sure, people who leave their wireless networks insecure are stupid, or naive. Same as people who leave their front doors unlocked.
But just because someone is dumb enough not to lock their front door doesn't mean you have the right to walk in there and take what you want. So can somebody please explain to me how wardriving is any different to cruising around the 'hood looking for unlocked front doors and then walking in to take what you want? Seems pretty criminal to me...
For those who want to participate in the "utopian ideal" of free access for all, maybe there is some way of indicating that you are willing to share your connectivity. You know, like "front door is open, please come in and take some cookies". The assumption should be that you are not welcome on someone's network unless it is indicated otherwise.
I wonder how many unpatched computers are connected to the wired web? Probably an equally scary amount. It seems to me that there are greater long term risks with this scenario. Most spammers and child pornographers unless they are your neighbor or using an antenna are not going to set up shop on your front lawn where as your unprotected wired box can be owned and operated by anyone in the world.
The WiFi data-link layer may not be encrypted in 80% of cases but that doesn't mean that encryption isn't used or enforced at a higher level. You can run VPN, SSL, ssh etc. quite happily over what might appear to be an 'insecure' WiFi link.
As WEP isn't that robust there seems to be little point in deluding oneself - thus many networks will be unencrypted at that layer by design rather than by default.
Tell me how many wireless networks you can associate with and actually use.
Most modern routers with 128-bit WEP aren't vunerable to the "weak-key" exploits. I have tried to crack my WEP key for the longest time, and have been unable to do so.
WPA is nice, but there are compatibility problems you have to look out for (Windows 2000 and OS 9 for example, and being unable to relay the signal via WDS)
In my the middle of Silicon Valley, I can see from my apartment complex about a dozen access points at once, and I can probably 95% of the time access the Internet through at least one. I've given up even paying for Internet access, cause I've always got it anyway. People just plug in their AP's turn them on, and if it works, thats the last time they touch it.
Everyone still seems to think WEP is easy to crack. It's not. On AP's 2+ years old new features have been implemented to dramatically reduce the amount of weak IV's given out. For fun, I tested our network here at work, where we have over 300 employee's and multiple access points. And yes, there are plenty of people actually using the wireless network. In 3 days I was only able to pick up 75 weak IV's in Kismet. You usually need in the range of 10,000+ to make a decent attempt at cracking WEP with current tools. Now, if you have the know how to use tools like wepwedgie, or know how to do packet injection using multiple 802.11b cards/devices with HostAP then you may have better luck. But chances are that if someone knows how to use these tools and has the time to do this, they can probably break your network some other way.
All those talks on network security sometimes bugs me. All those leftist trying as hard as they can to make the right wing extremist's job easy.
The lack of security over WI-FI is a good thing. Ever thought about the democratization of communications, WI-FI can bring you that, unsecure WI-FI WILL bring you that. With file encrytion files are safe (mostly) anyways, that's what we need to promote. Leaving your network open will just make it accessible by other people which, if they get the hardware themselves will make this network availlable to more and more people and so on.
In a few years when you wanna call someone you basically open iChat, MSN messenger, whatever, turn on rendez-vous or equivalent find your contact name and double-click. Get it?
Security isn't always a good thing, making everything locked just make sthe world harder to travel, some doors need to be opened.
In the very unllikely event that I win a huge amount of cash, dream number one is to get several WI-FI routers and configure them to enable a neibourhood network, hoping to change it into a city network and so on. I dream of the day communication will be democratized, free, for everyone.
Instead, as of now, the technology exist, it's there for everyone to grab, but they all stare at it, telling themselves: "too complicated and the router is around 200$CAN, it's expensive, I'd rather pay 30$ a month plus long distance and service fees for the rest of my life"...
I took extra care to lock down my WiFi network, just to be sure that none of the skr1p7 k1dd13s out ther could hacATZ#4#R%F^AA@!@5[CARRIER LOST]
HA! I just wasted some of your bandwidth with a frivolous sig!
Was messing around with my new wireless router yesterday. The thing has the ability to use WEP, which is decent enough to stop el-random-fuckwad from screwing up my network and abuse my internet connection. Anyways, I decide to check it out and I try to set up a random WEP keyphrase.
Turns out I need to cough up a random 10 character hex number. And remember it, too. Then I looked at 128bit WEP ecryption which required a 26 character hex number. I can't use my normal ( secure ) password because it contains non-hex characters and well... That's it, really. I could only enter hex characters which makes for a LOUSY key to remember. I then went "Fuck it." and used MAC adress whitelisting. Much more effective, too, even though it will require some work once/if I get people over here with wireless equipment...
Mind you, I'm not unfamiliar with computers. Random people would go "WEP? You mean the world wide web?" if you mention WEP. They just expect things to "work".
Hate me!
Visiting relatives in Manhattan (I can see Lincoln Center from their apartment...interesting area), I've been scanning with my iBook and KisMAC whenever I'm on the road.
So far, 452 WAPs, maybe 100 or so of them are encrypted
Quite sad, really.
I tend to wonder why people go nuts about 'unsecured' wi-fi. Alot of people WANT it to be available to others.
I agree that 'accidently' opening up your whole harddrive to anyone with a wi-fi card is not cool, I don't otherwise see much of a problem with the situation.
I will be setting up wi-fi soon. What I would like to do is set up multiple logins. The default public login would have capped bandwidth and otherwise no network access while my private logins would have all the bandwidth they can get and access to my shared files. I don't know if there is an easy way to do this or not, but a simple toolkit to achieve this would be great for people like me who would like to give some 'free' net access without sacrificing the whole network.
When using a Markov Chain text generator, it helps to have a seed length greater than one.
If you want really good Markov Trolls, I'd recommend a seed length of three; for a more schizophrenic feel, go for two.
Eloi, Eloi, lema sabachtani?
www.fogbound.net
Why back in my day, we didnt have such fancy security methods like these "wep keys"...
even though it's not a poll. My network doesn't work well enough to break into. I can't keep my own boxes connected. I guess the correct words are "incompetent clods" - meaning the people who made my router and my ISP.
Simon's Rock College
Last April (April 2004) I did it again ... and found about 66% of the networks DID use WEP. I guess I should go out and try it again -- I'll bet even more use it now.
Perhaps Austin is just more saavy?
Not that WEP automatically makes your network secure, but it makes it much much much more difficult to abuse, and pretty much guarantees that somebody will just go abuse your neighbor's WAP rather than try and break into yours. Things like locking down access to specific MAC addresses are snake oil -- sniffing for a MAC address and then using it later are quite simple. Only WEP (and things like IPSEC or VPNs) really get you much in the way of security.
I swear I'm not insane: It changes. It's always been "unsecure" on the main page, but on the story page it's been both "insecure" and "unsecure".
Unless there's some kind of absolutely bizarre caching thing going on...
Check it out for yourself. Two (cropped) screenshots here (not that they prove anything, but...):
Why aren't these articles ever about how great it is that we can all get on the internet practically everywhere? At no point in the whole interview does he talk about the benefits of open wireless, as well as people's abilities to seperate the wired and wireless connections pretty easily to do all their secret things wired, leaving free internet for anyone that wants it?
It IS possible to have an OPEN AP on the same connection as your ENCRYPTED wired environment, and the quick and dirty way costs about 30 bucks for an extra cheap router.
-non serviam-
I've noticed that even within the same city, the average number of unsecured access points isn't anywhere near constant.
In a heavily middle-class area, I've found numbers that agree with the article's 80% "unsecure rate".
However, I've found that in wealthier areas of my middle-class city that there is only about a 50% unsecure rate.
The actual reason for this still remains a mystery. I know that after several local newspapers featured articles on insecure wireless networks over a period of months, there was a noticeable increase in the number of secured wireless networks.
Whether this has anything to do with the wealthy being more informed is still guesswork at this phase.
...water is still wet.
I don't suffer from insanity, I enjoy every minute of it! --Longbottle
Is it designed to be easily set up so that as many users can start using this magic WiFi as soon as possible?
If it takes a long time to set up (ie users must perform certain lock-downs before the devide will work), maybe a lot of normal "appliance" users won't bother with it.
I wonder if the same thing can be said for Windows OS? If grandma next door has to do anything more than switching on the computer, she might not want to deal with it at all.
Uselessful technology (Air-Charged
Mine is similar except you have to open a PPTP VPN connection to do anything but make a DHCP request, and I require 128 bit encryption, do not allow unencrypted passwords, and do not allow any unencrypted traffic whatsoever. I'll hopefully get around to implementing ipsec soon so I don't have to use PPTP for more than key exchange, even, though a 128 bit PPTP connection is generally considered to be pretty darned secure.
You can't even ping yahoo or make a DNS lookup without connecting to my VPN, just how is that insecure?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
seemlessly,... it will stay "insecure"
Please check out this.
More specifically, you can ping the dedicated NIC on the paranoid OpenBSD server that lets through connections to my Squid server (which requires authentication), my mailserver (which requires authentication), my DNS server, and my NTP server.
What????
You provide WIDE OPEN completely UNAUTHENTICATED access to NTP and DNS?!?!? Do you have any idea how much damage a serious cracker if enough people take this devil-may-care attitude about network security, and just hand out accurate time information to anyone who asks? Not to mention name service <shudder>.
You, sir, are exactly the sort that is making it possible for malicious script kiddies to ruin the Internet for everyone.
You should be ashamed.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
You are right. Most people out there are as outlandishly geeked out there as you, yourself, and you! It's all about you and how everyone should be like you you you! If only I could be like you!
Im looking at about 6 wide open access points just sitting in my apartment.. all running with no encryption/access restrictions and default passwords on the AP's...
sometimes i realy wonder why i bother paying for my cable internet access when the negibors seem to be offering it for free;)
But we don't all live in shitty slums and need to bar our doors and windows to keep the crack addicts out.
Completely imbelievable.
-Looking for a job as a materials chemist or multivariat
- Some (like me) leave access points open to share. I believe this should be encouraged.
- But they do this carefully: I check logs. And I check traffic. And I watch if someone parks in my driveway with a laptop. And it's not easy to view my LAN while logged in (though browsing the web is easy).
- Open (unpatched MS) wired PC's are much easier to work on (no car in driveway) if you want to hack illegally. And there are many more open MS PC's in the world than WAP's, and they are ALL reachable to you right now, using the Internet - no wardrive needed.
- WEP security is a hassle (I can never even remember the port or password - and I know how it works. My neighbour does not even know he can access his WAP using a browser - let alone understands WEP.)
- Stories about illegal users sending spam or browsing child porn through open WAP's are usually made up - more rumour than fact.
- Some older access points do not support WEP, or not properly, so some users have no choice.
- Most WAP's (inluding mine) only broadcast a few metres outside, making illegal use very difficult indeed. My neighbour can use mine when his cable goes down, just as I can use his when mie goes down (different subnets!) - but we have to move to right beside our walls before it works...
Seems to me there are no simple black and white best codes of practice.Michael
---
BDOS ERR ON A:>
LMAO!
Sorry! I had to laugh. I read your comment, which was okay, AFAIC.
Then, I read your sig.
"You should be ashamed."..."Attack people, not ideas."
PRICELESS!!!
---anactofgod---
"Equal opportunity swindling - *that* is the true test of a sustainable democracy."
but if you want to live in constant fear of your neigbour, then please sit back, watch FOX news, vote for Bush, buy a few big guns, and keep away from any Mike Moore movies. I would pefer to live in a trusting society that has open networks that I can borrow when I open up my laptop.
Many folks seem to launch into the misinterpretation that 'unencrypted' == 'insecure'. It does not. Just because your box can talk at layer 2 or layer 3 on my wireless network doesn't mean it's going to be of any earthly use to you.
Case in point: wander around pretty much anywhere in the Haymarket, Ultimo and Broadway areas at the south end of the City of Sydney, Australia - you'll find literally dozens of open, unencrypted wilress access points, all with SSID "UTS WLAN". Natural next step for a geek is "Whoah! open wlan! I'm there!", fire up laptop, connect...
It's shortly after that that you realise that you've just helped yourself to an open, unencrypted, and completely useless wireless network belonging to the University of Technology, Sydney. You know this because no matter *where* you point your web browser, you always get the same page: "Welcome to UTS WLAN, enter your username/password to continue". If you manage to guess a username/password, then you'll get the same page, with red writing, saying something to the effect of "oops, no IPSEC tunnel, no cigar".
That network is opened, unsecured in that you can get your machine to talk on it without authentication, but you can't talk off of it without additional rights.
Now granted, there's holes in my story. One day, some clever kid is going to figure out that he can use the wlan as his own private routed trunk from one side of the city to the other, and then the owners of the network will have to block that. Second, how hard can it be to get a username/password pair out of a drunk undergraduate? Third, this lot isn't *really* in the spirit of the story - I've built the chinese cookware, I've found, literally, hundreds of wireless nets that really are open for all to see, most of them quite likely unintentionally so.
So yes, there are a lot of unencrypted wireless networks out there, but they're not all unsecured.
I find your ideas intriguing and I wish to subscribe to your newsletter.
I'm all for the idea of a free high-speed roam-anywhere wireless capability, but the threat of people using your connection for anything ranging from DDoS to spam is what keeps me from opening up my own router.
:) ]
:) ]
A solution that I can think of is to build the following capabilities & have them switched 'on' by default into each router:
1. Global list of black-holed sites (updated regularly over the internet) that includes anything unsuitable for kids: if you want to disable this, it would need intervention, so you'll at least have to RTFM about it.
[preventing it's use for pr0n]
2. Monitoring the amount of traffic from any one node (identified by its MAC address) to anywhere else: viruses, worms, DDoS tools SPAM-bots & such all exhibit typical patterns, and such patterns can be used to block out any node for a fixed amount of time, or permanently block it off.
[preventing it's use for SPAM, DDoS, & retarding the spread of viruses & worms]
3. Physical lock to supplement the default login/passwords used to login to the router & changing settings: wont let anyone login as admin without the key turned 'on,' and wont let you use the network until the key is removed.
[preventing random people from changing settings, while also preventing people from leaving the key in the 'ignition'
4. Switchover capability: the ability to 'talk' to other routers using standard protocols so that the user will be automatically switched from one router to the other transparently just like the cell-towers do with your mobile.
[allowing true roaming capabilities without windows popping up a stupid balloon telling you that one/more networks are in range]
5. [please add more points in your reply!
powers my home internet right now. My neighbor of course is oblivious, as long as he gets his pr0n. I am friendly enough to make sure his access point gets its firmware upgrades on time ;-)
If I ever setup an access point in my home, it'll be like that too: no useless WEP. Any stranger will be able to connect to my WAN effortlessly -- but it won't get them anywhere unless they have the key to make a VPN connection.
I have to point out, that Apple, the first company to ship a AP that people bought, do by default ask you if you want WEP during the initial setup. It's one of those get what you pay for things. Apple charges more for their AP, but, they have a team of engineers, interface designers, and cognitive psychologists working on their product. Linksys probably just had one of their engineers do the interface.
In my setup WEP offers no advantages whatsoever so I never bothered with it, but I guess that makes me just another dumb newbie in their survey.
The real problem isn't that people aren't using WEP (since any blackhat with a web browser to download the tools can crack WEP in a few hours at most.)
The REAL problem is that ALL low-cost "wireless gateway" appliances treat wireless nodes as part of the LOCAL network, when, of course, the wireless segment should be treated as another WAN (Internet) link, where the bad guys live, and where you have to authenticate yourself before connecting to the LAN. As long as this remains true, wireless will continue to be a huge security hole in most networks.
Unfortunately, the "business" networking vendors are more than happy with this arrangement, since it keeps savvy business users from buying their network gear at CompUSA or Fry's. The sad fact is that security comes at a very serious cost premium today - it shouldn't, but the factis that companies that value security will pay *much* more for it, so the vendors simply "de-feature" the mass market products to help justify "enterprise" capabilities such as this common-sense approach to wireless networks.
This won't change until one of the SoHo/Home market vendors gets a clue and decides that their buyers might actually like a wireless router that can protect the rest of their network. Why that hasn't happened yet is a mystery.
BTW: If anyone knows of a low-cost wirless router device that *can* treat wireless as an "outside" network, post a reply and let us know...
"The future's good and the present is nothing to sneeze at." - Roblimo's last
"(*) Percentage gathered from the pc running in my car that monitors all the time"
right. and how far does that car travel ? in which city ? and for how long ?
don't say 80% if it's not.
I have found that if you mix vendor implementations of security--NetGear, Dell's wireless internal card, Linksys cards--they often do not work with encryption enabled. I have tried going up to 128bit, down to 64/40bit, setting NIC restrictions and the like, but in the end, it often is just fruitless with encryption. So, I usually just keep NIC restrictions on. Some hope from the random attacker, but no real protection.
If you want us to use security, make it simple. Make is to that I can type in a phrase for EVERY implementation, and that it generates acceptable keys. I don't want to type in a phrase for one vendor, and then have to hack out what the keys are for another. Then, just make it work. I don't want any one vendors card different than any other. When I use a Base-T cable, it works, regardless of vendor. That's what we want, folks.
...tizzyd
It's like the place I grew up where noone would carpool with my mom because she was the only one in the group who _didn't_ have a gun in her car "for protection". Everything was fine until there were some stories about a carjacking in a different state; but everyone there went nuts thinking they needed guns. Same thing with everyone thinking they can't share wireless.
This isn't that hard. Filter MAC addresses. Don't broadcast your SSID. Enable 128-bit WEP encryption. Voila, your wireless network is useless to a wardriver and a pain in the ass to anyone who wants to legitimately hack into it and steal your data in particular.
I gave up trying to get WEP working with the 3Com card in my laptop, the Dabsvalue PCI card in another box, and my Adaptec AP. Yet my (rich) friends who bought their whole wireless setup in one trip to a single vendor say configuring WEP is no problem. Once you start mixing brands it's very hit or miss to configure WEP.
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
"BTW: If anyone knows of a low-cost wirless router device that *can* treat wireless as an "outside" network, post a reply and let us know..."
Pentium 133 Running Linux or BSD, with 3 NIC's, one for the uplink, one for the wired network and one for the wireless. You can probably get one used for around $20.
Is there some trick to getting KisMac to work on Powerbooks? It hangs after about 3-10 seconds for me, and I have to force quit it. Happens consistently, every time. (With an Airport Extreme card, which it claims to support.)
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
I know WEP isn't perfect, but seriously, if WEP is too complicated for you, it's not 'well, I'm not l33t and it should just work like my DVD player,' it's 'get the box, pack up your computer, and ship it back, cause you're just too stupid.'
First, you don't need to remember any-number-digit hex key. It's called get a pen and paper and write it down, numbnuts. Second, most consumer networking gear (linksys, netgear) will accept a plain language pass phrase which is then converted to a hex key, so you can use some word or phrase you'll easily remember.
Third, if WEP is like a cheap bike chain that is easily broken, MAC white listing is tissue paper. WEP can be cracked, but your average home wireless network takes weeks to produce enough interesting packets to crack a 128-bit key. MACs on the other hand, well, if your router only accepts connections from MACs on the white list, what do you think is one of the first things your computer sends out when establishing a connection? Right, its MAC, which are very easily changed/forged.
As far as 'it should just work,' people are not THAT stupid. (They're stupid, don't get me wrong, but not that stupid.) Folks know in the world of computers, some things need configuration. Outlook needs their POP account info to get their email, even if they don't know what 'POP' means. They know they enter their password to get their hotmail.
WEP is the same way. The router has this password. Whether it's a plain english passphrase or a 26-digit hex key, anything that wants to make a wireless connection needs that password. You set up each device once, and it's all set. WEP ain't that hard.
By my recent drive through downtown (from the park down Oak, on to the bridge) It was almost exactly 50/50. Of the 500 networks i hit, 245 were open.
The amusing part is I hit 200 networks in that last 1/8th mile right when you get on the bay bridge. That has to be the highest density of AP's on earth.
Or use this wep key generator. It's almost foolproof.
Amen.
Obviously, I'm in the minority here at Slashdot, but I've got to say, "So What! Why Should People Secure Their Wireless Network?" Sure corporations should or at least create set-ups where the wireless network is removed from the wired network and of course all that effort to secure the computers, but I've never understood the great push for security on a wireless networks.
For me I'm of the school that you shouldn't depend on your network for security for your computer. This view recently discussed by Jeff Schiller, MIT's Network Manager at Syllabus http://www.syllabus.com/article.asp?id=9193. I think he makes some great arguments.
Recently, it seems that people have just jumped on the bandwagon that YOU MUST secure your network, and I guess for the bevy of Windows users out there, with little options for ever successfully securing their computer, this is probably true and one way to get around it. But I find wireless network security to be the antithesis of what wireless connectivity promotes--freedom. So it makes great sense that people would not secure their networks.
Wired Networks by their nature are someone closed off, insuring their security or closing them off further is no big deal. You would expect to have to handle 2, 3, 5, 10 random clients on a wired network. Sure with laptops it happens more, but typically a wired network is somewhat more static in design. You have switches, ports, hubs--it's all very physical. So sure secure it.
But wireless networks promote freedom--you can use your laptop anywhere (anywhere with wireless). But security warps that message. Freedom has always had its limitations, but now the limitation is that someone else owns the air you need to use. What's the point of going to a coffee shop, an administrative building or even sitting on your neighbors porch with your laptop if you still can't get internet access when wireless connectivity is available.
Sure their should be tools to prevent abuse. I don't want someone to start downloading movies off my wireless network, but WHY WOULD SHOULD I CARE if they just use it. I expect the same reciprocity if I'm in the town square or at a coffee shop or just down the street at a friends.
Securing your network has become synonymous with securing your computer and its not. Someone decided that it was impossible to secure their computer, with all the software with bugs and wholes, with various operating systems working against your efforts. So the rallying cry became secure your network.
So fine. Secure your landline, but leave your wireless alone. Sure change the default settings, after all one neighborhood really shouldn't have 50 linksys access points. I'm all for letting people know whose wireless access point they're using. I'd don't want someone taking over my access point, but with various hacking tools, the effort is the same regardless if I've secured my access point.
But if Sue next door wants to use my wireless, go ahead. Don't ask me. Don't make me add you to an exception list or hand over a password. Just use it dammit and be respectful. It's there, and it doesn't really cost me anything more than what I'm currently paying to have you or 20-30 other guest using it.
Encryption, Authentication, and Authorization, and common sense work well enough for keeping the information I need to be secure, relatively secure. I'd rather have someone distracting by the beauty of playing Doom from their front porch using my access point, then banging on my access point try to hack my setup security so they can get free access, when I could have just offered it.
So I say, "Offer It!" Secure what you need secure and open everything else. It makes life easier, and produces good karma as well.
I was thinking what the heck is WIRED poster geek girl Cynthia Breazeal doing commenting on Wi Fi security ....
Must be the AI researcher in me...
... because we can't use WEP... With our router and the slews of hardware on our wireless router, we cannot seem to find a key configuration that works across every (Linux, Windows, Mac OSX) since there are just too many possibilities. Mac OSX of my sister's friend's PowerBook seems to be the HARDEST to configure.
Karma: Good, or bust!
Just because some one leaves their front door unlocked doesn't make them stupid or naive (though it does make the poster) It just means they don't live in America suburbia. The majority of the world leaves their doors unlocked (actually I would love to see statistics on if the majority of the world even has a door).
Also, as has been posted repeatedly wardriving does not actually indicate that some one even passed packets on your network, it just means they passed by and took note of the existence of you network. Think of them as WAP cartographers.
I use WEP on my home WiFi network despite it being a complete pain in the ass. No two vendors want to authenticate the same way so I have to jump through hoops to get a new system on my network. On my Powerbook with its AP Extreme card I have to use xwepgen to generate a hex key to input into the Airport settings. Trying to hook up a Windows system is ten times harder since different cards have different interfaces and not all of them work properly with Windows XP's native configuration.
If it was easier to implement WEP between different vendors' products more people would use it. Unfortunately the product lifetime of WiFi products is a whopping 6 months so drivers and firmwares are rarely updated significantly. If you want to switch from WEP to WPA, which is easier to work with between vendors, you usually have to buy a number of new devices. I'm not apt to plunk down $100+ every year on new WiFi equipment just to get it talking to other equipment. Vendors have no impetus to increase interoperability because they want you buying from a single source.
I'm a loner Dottie, a Rebel.
have a look here
I thought opinions were supposed to go in the comments Cowboy...
In any case, anyone who has used the BSD-airtools package would likely argue differently...
I browse at +5 Flamebait- moderation for all or moderation for none.
Uhm? Why does every one bitch about entering HEX keys. There is an option for a human readable ASCII key.
... why is HEX the default on most routers? Maybe more people would use WEP if they new they could use a passphrase. I have met countless people who are not complete neophytes who didn't know they could use ASCII.
Though thinking about it
Buy one consumer-grade wireless access point/router, and one consumer-grade router. The combination can be had for under $100.
All local machines go behind the non-wireless router. That router's WAN port is connected to one of the LAN ports of the wireless router, and the wireless router's WAN port goes to the Internet. Now you have the public Internet (unsafe), a wireless purgatory (unsafe in a different way), and a secure LAN (as safe as the non-wireless router/firewall box allows it to be).
Alternately, the non-wireless router can be a wireless router with the wireless features turned off.
but I guess that makes me just another dumb newbie in their survey.
You are correct. I can't think of how many times my friend and I have changed peoples settings on their linksys because they are so fucking stupid they don't even change the default admin password. We aren't destructive. We go around securing most of them, we'll change their router name to "Please learn about security" or similar..
How hard it is to enable MAC filtering? How hard is it to disable SSID, which is not needed at all for the wireless router to function properly? WEP might be shit but its better then nothing.
One day you will be arrested when cops come to your house charging you with downloading child pornography because you didn't secure your router. Or maybe you'll be arrested with attempting to hack nasa.gov, who knows...
Since you seem to think that security isn't important and sharing is. May I have your credit card number and social security number?
as a matter of fact it makes perfect sense to fear nice people. My neighbors all probably think that some nice fella is letting them use free bandwidth... I have their email passwords and even a snagged CC#.
It's the same reason smart parents teach their children to fear strangers. 99 out of 100 adults offering a child a ride in a car or some candy are genuinely nice folks, however the goods/services they offer hardly compete with the risk of getting snagged by some wacko.
Fear the nice, you'll end up surviving longer.
btw. stop looking at my tree.
I can't think of how many times my friend and I have changed peoples settings on their linksys because they are so fucking stupid they don't even change the default admin password.
If you decide to help me "secure" my network, which barely covers my own private property, be well armed.
How hard it is to enable MAC filtering? How hard is it to disable SSID, which is not needed at all for the wireless router to function properly? WEP might be shit but its better then nothing.
How hard would it be to stable my shoe to the ground? Pretty easy! But would security would that buy me? The same goes for your suggestion - would would adding lightweight encryption to the locked-down network gain? You can't just throw crypto at something and say "ooh, secure!"
One day you will be arrested when cops come to your house charging you with downloading child pornography because you didn't secure your router.
Which router? The OpenBSD firewall, or the WLAN router in the DMZ?
Since you seem to think that security isn't important and sharing is. May I have your credit card number and social security number?
Sure! Just come onto my property, sneak past my dogs, connect to my "open" WLAN, crack the bridged firewall, guess my SSH RSA key, and have at.
Dewey, what part of this looks like authorities should be involved?
This isn't exactly undetectable; when the real machine that owns the MAC makes traffic, chaos will break out, and I do monitor /var/log/messages
regularly.
So, the worst they can do then is passively monitor traffic. But guess what. Anything that matters is done via https anyway, so then they're left with having to crack 128bit SSL as well.
So I'm not worried. But I do appreciate two of my neighbours having open WiFi points so that I have a fallback for the few occasions when my ISP glitches.
Insecurity usually goes further than that. For instance, a friend of mine recently went to a fairly popular local place(name withheld to protect the innocent), and found that the wireless router still had the default password. She didn't do anything particularly nefarious, but a less scrupulous person easily could have.
And the l33t shall inherit the 34r7h.
...while the average citizen = default settings, usually insecure.Sitting in my home in my room with my new college laptop, playing Warcraft FT, it suddenly minimizes, to my amazment, with a dialog window saying "You may connect to the following wireless networks, yadda yadda yadda," and there were four networks, w/ SSID of D-Link, and linksys, w/out WEP, or 802.1x encription. Not even trying to wardrive for networks, four pop up and say, "JOIN ME, JOIN ME!!!!" If I had proper utilities, i could be bouncing off the four servers, and even the above average user probably wouldn't be able to see it.Note: I live in a suburb of Washington DC, so DC must not be tech savvy.
I am not using encryption on my accesspoint, and anyone with a laptop within 100 meters or so of my home can freely use my internet. What is wrong with that? I think it would be really great if everyone with broadband bought a AP and opened their broadband for everyone.
I find myself wondering how many 'war-chalkers' actually attempt to *use* the suppoedly open networks they encounter.
;)
Drive by my house, and you'll see what looks like an unsecured access point -- until you run into the firewall rules which bounce anything that isn't coming across a VPN. (Not that it matters, at least 5 of my neighbors have unsecured APs.
http://www.theboyz.biz/ Your source for computer parts and more!
If you're not living on the edge, you're just taking up space!
I'd like to connect 2 things to my laptop: a wireless card and a gps/serial device.
then press a few buttons, close the laptop lid, and drive. after the drive, press a few more buttons and have some chart or data file of which networks were open and at what lat/long.
or to that effect.
does this exist? I'm thinking that the laptop would go in a backpack or something, so it can't need user input while in 'batch discover/map' mode.
is there something like this?
--
"It is now safe to switch off your computer."
...and run an automated nessus/metasploit system for whoever takes me up on my generosity...
All's true that is mistrusted
When not job-hunting, I made a modest living helping the local businesses secure their open access points (which expiated some of the guilt over leeching on open WAPs). This led to more business as a tech support consultant, which kept me afloat and paid my motel bills until I found a permanent position.
Using NetStumbler and a DeLorme Earthmate GPS on a laptop, I identified open access points. Then I would approach the business and offer to secure their connection for a modest fee (usually $100). Only two businesses turned me away, but the rest were glad to have my services.
I've read some comments from people who intentionally leave their access points open. While I don't advise this, that's entirely up to you, and I'm sure that you understand the consequences. These small business owners that I worked with were not so aware of the ramifications. They bought a WAP, hooked it up, and were pleased with themselves when it worked. And with two exceptions, they were all horrified that someone 500 feet away from their office or store had access to their network and data.
Some tips if you want to do this:
I wouldn't want to do this full time, but for a few months I made a pretty decent living at this, enough to stay in a nice motel, eat lobster, and drink good scotch. When I was hired by a company that provided contract network administration services I had a nice stack of references (and new business for the firm, something that clinched the deal).
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
Having used (regularly) cain and abel, netstumbler etc. I'm beginning to think that security in a modern age (specifically related to the internet and subsequent technologies) may eventually become a cost to corporations and/or private developers that they no longer wish to entertain or even risk.
I see these continual "exploits" or taking advantage of someone that may not know better, or simply not even care, as being irresponsible on the part of the exploiter, not the exploitee.
I realize that security is paramount, however, the supposed hacker ethic that has been touted all these years has lead to countless intrusions and/or exploits, that in certain situations, are questionable.
For instance, some of the folks at the beginning of this comment list mention making their wireless connections available publicly. Does it mean that anyone with Network Stumbler should come along and hijack their connection and cause malicious attack? Come on. Script kiddies aside, I'm really sick of this irresponsibility factor that allows others to take advantage simply because someone else did not protect themselves 110%.
All you are doing is undermining the future of internet-based technologies (even if you think you are helping) because on a cost-based structure, companies and/or organizations will simply resolve that it's cheaper to no longer offer the service (with security flaws intact) than to offer the service at all.
Afterall, the internet itself (IP, DNS etc.) are open-source technologies to begin with. Sounds like the home team is facing-off against itself.
Not to mention the hypocritical nature of your actions.
For the longest time, I had an insecure wireless network in my home. It wasn't that I wasn't aware of the risk; it just seemed like a huge hassle. Getting my router set up and working with my cable modem and wired connections took enough time. Then, tweaking my laptop so it connected and worked correctly was a whole other headache. By the time i had that going, I was afraid I would screw it up again. It was a CompUSA generic brand router, so both the hardware and the software probably sucked, and I can't speak for Linksys or D-link customers. But securing my wireless network took a lot of rooting around in the options, changing settings and reading the manual over and over again. Securing the network should be MUCH easier and less intimidating.
Aluminum 12", recent version (i.e. last few months).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
and then bills the people who connect, with you acting as admin. Not free WiFi, but takes the idea of providing an open access point and make it managed. http://www.speakeasy.net/netshare/netshare.pdf/PDF for light overview
http://www.speakeasy.net/netshare/learnmore/
HTML version with some additional detail
http://support.speakeasy.net/cgi-bin/support.cfg/p hp/enduser/std_adp.php?&p_refno=030512-000240#admi n/
FAQ
GAFC. There are many many attacks that a decent cracker could do on your W-LAN. Four little words: Man in the middle.
Slackware, what else when it must be secure, stable, and easy?
...some perv with a laptop uses your open connection to distribute kiddie porn. Then the feds will come busting down YOUR door looking for the perp. Try explaining that one to your wife.
Like my wide, my WiFi barely works in the bedroom. I'm not worried about it working at the neighbors.
paintball
...a rather confusingly worded comment- Do you hold the door open for old ladies entering a shopping center? is a nice thing. everything else is a rude, selfish, or paranoid thing. and i am supposing when you say Only be nice when it's legislated. you are describing this person's behavior and not issuing a command. perhaps a better phrasing would be you're only nice if it's legislated". or are you tired of unwarranted niceness and wishing people would just stick to what is mandated by law?
A walk around the block with a WiFi-enabled iPaq finds no less than nine access points, zero of which are unencrypted.
Maybe the sample size is too small...
It doesn't matter your WLAN cannot actually be used from a third party. Still, all your traffic is boradcasted unencrypted. Yes, that includes Squid auth information, POP3, SMTP, etc. within your network and further on.
Is this the same guy who'se using your mailbox to send the VCR tapes of the same content? It's about as likely to happen. Better keep an assault rifle pointed at that mailbox, just in case.
Most of the AP's around my are are encrypted. I'd suggest that only about 25% are free of WEP. Part of this has to do with SBC DSL providing the '2wire' DSL routers that include WiFi (even if you don't need it) to their customers. I get about 1 open AP per 2 blocks of driving, but I get 2-4 WEP AP's per block.
Did you know 85% of people don't have bars on their windows yet? If you're in that category, you're just begging for someone to take advantage of that insecure enfironment to put porn in your house! Buy window bars before someone does this to you!
Our security seems to be working... the lads will be pleased. Incidentally, if you want to surf / send email, go into the labs in level 6, building 2, where the Engineering students have not yet mastered the subtle art of 'logging out'.
If someone did either of those things to me (opened my unlocked windows, or my unlocked network) and gave me shit about it, I'd come down on them as hard as I could too.
You might be jooking, but DNS is way more powerful than people realize. Witness the use of DNS for file sharing, DOS attacks, etc
Except the open free access point only serves on purpose, to let you get to their default page about signing up for access. I'm sure there are many instances of this and they skew the figures a bit.
I would like to note, that many support companies of WIFI manufacturer's, actually remove encyrption as part of their diagnostic process. I work for the support staff of one of the major manufacturer's, and it was actually part of my training to have customers disable WEP, and WAP security on their access points. Were not even allowed to walk customer's through the configuration of security on their devices. Why? Cuz they pay a tech $10-$12 dollars an hour to talk on the phone. Security takes about 20-45 minutes to explain and implement. So it costs a manufacture about $3.50 - $6.50(asuming zero additional overhead) to tell a customer how to secure their wireless network, and that's if they have to do it only once. Some of these access points retail for about $5.99 after rebates. How could these company's make a product and sell it for less then the costs of supporting it? That is what boggles my mind.
cracking a streetcab and wiring up a handset to it's considerably harder than joe sixpack turning on his xp machine and clicking the "connect" icon when his wireless card picks up a connection. tool.
I second that. It's gotten to the point that I refer to security as 'The Gloomy Engineering Discipline' (suggestions for a catchier phrase welcome) in a nod to economics.
The only certainty is that everyone gets 0wn3d eventually, and all one can really hope to do is delay that day and limit the damage caused. :(
--
"1. When was the last time someone 0wn3d your TV or VCR?"
Actually, I hope you do realize you've just proven the other guy's point. That computers are such a fragile tool, and for a lot of people they can cause more grief than good, is precisely the _problem_.
What Joe Average wants -- or for that matter what _I_ want -- is something that just does a certain job, with a minimum of fuss. Yes, like a TV or a VCR. If I want to read my email or play a game or whatever, I should just get straight to doing that, instead of having to babysit and secure a piss-poorly made tool.
"2. More complex systems require more complex instructions."
No, it's just a case of letting the idiots run the show. Plain and simple.
Other tools started complicated to use too. Owning a car used to require either being a skilled mechanic yourself, or being rich enough to pretty much hire one full time. Getting an early radio to work, or tune it to a station, was a time-consuming pain in the butt. Etc.
But you know what? Someone in those industries actually cared for the customer. (Or just about the bottom line. Competition is good at that.) Instead of whining about idiot users who can't even learn to use a radio right, they gave you channel presets, auto-scanning for stations, remote controls, and other such.
That's really the only problem with computers today. That instead of asking "how could we make this easier for Joe Average?", we're whining about how Joe is an idot and a luser who can't learn doing things our arcane way.
E.g., if we're talking about wifi, it would be a no-brainer to:
- have a nice wizard interface and walk him through securing the thing.
- make sure that security is enabled by default, and that Joe has to explicitly disable it, if he _really_ wants to run a public "download porn and warez anonymously" service.
- If the device has a default admin username and password, explicitly ask him to change it.
- But what if Joe forgets the password? No problem. Don't fscking have an unchangeable one hardcoded in firmware. Provide an easy way to change it, but which requires physical access to the device. E.g., have to open a lid and press a sunk reset button. After which again, make him change it.
Etc.
See, it didn't even require that much thinking.
But no, instead we'll just whine about how Joe is an idiot luser. Although it's not Joe who's the idiot there.
"3. Adding a wifi router to an existing computer setup is more akin to adding a VCR to an existing TV setup."
I'll direct you to your own point 1: when was the last time someone "0wn3d" your TV after that?
Or if we're talking unneeded complexity, when was the last time you had to become a security expert to add a VCR? Did you have to just know how to generate and share keys on them? And did you need to find that out on your own?
A polar bear is a cartesian bear after a coordinate transform.
There's another reason why your "adding a VCR to an existing TV setup" example is the prime example of what's wrong with computers today.
If you added the VCR wrong, you get feedback. It's obviously not working. You know you need to try again, or get help from someone who knows.
Whereas an insecure WiFi setup gives you no hint at all.
In the quest to _seem_ easy to use, but without actually having to invest in real ease of use, we're just covering up the problems and hoping that noone notices.
Everyone wants their device or program to look like it's just a trivial plug-and-play affair, so what do they do? Maybe actually invest in making it so? Nah, we'll stick to cutting corners instead. We'll make it plug-and-run-wrong (e.g., insecure by default or with a hard-coded admin account) and hope the user doesn't notice it's broken.
And when he does notice that for half a year he's been running a porn server _and_ a spam server _and_ his computer and connection were clogged... we'll just call him an idiot.
In reality, that's simply broken design, not the user's fault.
If TV manufacturers worked that way, instead of giving you digital tuners and a remote control, they'd just default to showing you one preset station so you hopefully don't notice when you've tuned it wrong. (And, hey, just think of the monopoly possibilities and raking the big ad bucks.)
A polar bear is a cartesian bear after a coordinate transform.
Just wanted to add my 50 öre.
I use WEP on my network. Still performance goes down instantly seeing dropped packets and stalls. This is even worse with WPA. I use an AP from a big vendor and have the latest firmware installed. Perhaps more people will use encryption when the implementations are actually stable enough to be useful?
Let's just hope that no sendmail or bind exploits are ever discovered... Oh wait
We run a few access points without encryption, just MAC address filtering for access control. Is that considered insecure?
The traffic from those points can not get to anything that is considered "secure" so we really don't care about someone sniffing frames of data.
We don't encrypt these particular access points since managing WEP keys sucks and WPA isn't supported by all our client hardware yet. (Also PEAP and LEAP are not supported on all our clients either).
I suspect these "non-encrypted" access points are considered insecure, when in reality there are some access controls in place.
-ted
I live in an apartment complex and I got broadband for myself and my roommate. Well eventually i gooked up a wireless router for his laptop and when I plugged in his wireless card there was no less than 20 open connections. So i bought myself a wireless USB adapter and cancelled the ISP.
I like this no security thing
As a daytime villain and evening peeping tom, I am amazed at the lack of precautions people take to stop the likes of me doing what I do. Sometimes all I need is a simple periscope. No infra-red, no extending ladder.I don't know what else I can do to make people close their curtains. Sometimes I feel like just giving up completely.
Sharing just feels too good to not do it from time to time. So I sometimes open mine up when my computers are off. Grannies on my street probably can't hack anything anyw... NO CARRIER
So in practise I can shell home from any access point which permits me to make DNS lookups.
See http://nstx.dereference.de/nstx/ for one software package this enables this.
The moving cursor writes, and having written, blinks on.
Suppose I want to be helpful to my next-door neighbour and let him share my network connection. If I do so deliberately I am breaking my ISP's terms of service. But if I just leave the wireless router at its default open setting and drop a couple of hints...
Indeed, if you have a wireless network and your outbound Internet link isn't congested, there is not much reason not to share it. You do of course use SSH and other secure protocols for your networking...
-- Ed Avis ed@membled.com
You may be absolutely right.
) that happened to come out today.
On the other hand, go read this article (http://www.miami.com/mld/miamiherald/9447281.htm
Then tell me it's not an issue. It sure means something to the family of the cop that got killed over it.
If the guy's got hollow-point bullets that will go through a kevlar vest, what's the chance that he would be willing to hack through your network to get his fill of child porn?
These kind of guys are the *exception*, but they are out there.
here in copenhagen i would say its about 80%
do use wep, and many use other measures as well.
(of course the other 20% is still enough to
find an AP most anywhere (hence this message(thanks!))).
You can actually see the results of wardriving some of these networks at. Check it out. I think our statistics say 83% are unsecured, and about 70% default.
Zhrodague.net - I do projects and stuff too.
"what's the chance that he would be willing to hack"
Nil. So low as to be practically nonexistent. Virtually zero. In fact I would guarantee the chances are MUCH higher that you'll get shot by a random idiot than have your network used for kiddie porn.
Now here's my question, what does this have to do with the discussion? So a pedophile shot a cop, how do you make the leap to "hack through your network to get his fill of child porn?" One has nothing to do with the other, despite any assertions you make to the contrary.
"Then tell me it's not an issue"
It's not an issue. IT'S NOT AN ISSUE. The only issue in this was the ammunition used to kill the cop, and why this guy had it.
Anyone out there have any suggestions for sending mail over an insecure wifi. My host has IMAP via ssh, but not SMTP. I don't want to use there secure webmail either.
I was looking at these people who have secure smpt only, hosting plans...
www.dyndns.org
www.smtp.com
but I am unsure how safe or reliable they are themselfs.
- google for hours
- search and read through forums for MANY hours
- write up your own list of errata that should have been done by the distro and writer that takes more hours
- now repeat 1 - 3 but with each and every component, driver, module, library, config file, distro, etc
Also don't forget that you must introduce actual trial and error testing of what you find out from your searching. At no time should you find any well tracked list of changes, errata, or requirements (or any other knowledge and "known issues") Known issues is something you gain from IRC chats and email lists that contradict each other. No solid "this is what works for version x.y.z as of this date."What REALLY sucks is that the alternative is either bloatware distros or Windows. "if you want to fix it then get busy and quit bitching" is usually the response here to which proof of the separation between logic & reasoning and that of technical skills is clearly displayed. Many try, but the "community" ignores attempts such as this in favor of chaotic, half assed, piles of random unverifiable or validated info in forums and email lists. These medium are not sufficient for tracking issues related to complex pieces of software, let alone operating systems and the endless possibilities of hardware and software combinations.
In the end, the real solution is to quit being snotty punks and fix the problem. Work with those that wish to make it better, don't trash it on some stupid 1337 principle.
Until then, you really can't bitch about Windows being so popular. Get it into your heads that most other people have lives that involve work, family, and other activities where they are never bored enough to hang around forums all day. They see a device they want to use. They may even be a developer, but they want to develop a specific component NOT spend all their time getting the base system up and running in which to develop on.
here we go
- usb devices
- 1394 devices
- sound
- graphics (more than just gaming btw)
- movies and movie editing
- tv tuning and other video in
- picture editing (but what about gimp? duh, perfect example of power combined with poor layout)
So, while Linux is far superior to most Windows based setups from a functional perspective we come to the "of course anything is possible" scenario. Given enough time and hacking, tweaking, and configuration (combined with all the time for research and testing mentioned above) you can make Linux do anything a Windows box can do but without all the crap.This is what makes it a hobby. Any person that builds a hotrod in their garage will testify to this. Yet ironically, the parts for the hotrod are mostly standardized and consistent as far as interfaces go. Plus the car drives like a car... only better.
Hey, how about those flash plugins for Firefox? And what if I want to listen to my XScreensaver sound? Lets not forget the sound modules for my nforce2 board. So, is it alsa or oss, and do I use esd or some other system. How much bloat can I load on my machine to make sure I can get the same functionality as a "monkey's" windoze box?
Those monkeys are looking smarter all the time because they understand the difference between wasting time and getting to work.
So, can Linux ever fall under the "it just works" banner? For many, they will actively sabotage efforts for this to be so even though ease of use (including admin and config) and the ability to have a feature packed, yet secure and stable system are _NOT_ mutually exclusive. Let me say again, they are _NOT_ mutually exclusive.
Based upon what knowledge Joe Sixpack has then logically those arguments are valid.
respond to ignorance with education. The sign of the person ashamed of their own stupidity is he that lashes out at the ignorance they themselves recently had.
"Jack asses" the arrogant prick says, yet offers no logical argument. They can often be heard using the kind of pseudo logic that is basically just deep thoughts covering their self interest and ego. That makes their own lack of judgement and reasoning seem ok then.
I consider it a service to the public, notwithstanding the obvious legal implications if somebody does something illegal using your net connection.
Last time I checked, the two chipmakers who refuse to reveal details to allow writing OS drivers were Broadcomm and T.I..
From the article, I see that Broadcomm is still one to stay away from. Any other chipsets to avoid?
I've left my window open all day hoping people would put porn in my house!
You laugh now... but just wait till the kiddiez start trading their warez via DNS TXT records. Yeah, just you wait and see. :-)