Safe Options for Surfing While on the Road?

Sooner Boomer asks: "My oldest brother is an over-the-road truck driver. He subscribes to several wireless services at truck stops (Flying J, Pilot, etc.). I've tried to help him and educate him as much as possible, but he still has two problems; connectivity (poor signal strength) and security. His truck has a fiberglass shell, so that is not the problem. He has to run IE because this is the only browser supported for the log-in process. We've talked about wireless routers with reflectors on the antennas to boost signal strength, and to help with security. I'm still looking for better security though. Are there "live" linux browsers that can be run once a connection is made in windows? It's really gotten annoying because he has to reformat/reinstall about every two-three months. Ideas? Good trucker jokes?"

IE only?

[benj_e]

I've used my iBook at Flying Js all over the midwest. Safari worked fine to log on. Is he sure about needing IE to log on?

Re:IE only?

Maybe someone needs to get their head out of their ass and realize that only supporting IE for login is bad for everybody.

Re:IE only?

[shumacher]

And I've used my iBook and Firefox with Truckstop.net.

Anonym.OS

[non-poster]

A recent article on Slashdot talks about Anonym.OS, which is supposed to keep your web activities anonymous. Maybe he should look into it.

Trucker humor

[supersocialist]

What Does A Schneider Truck & An Orange Barrel Have In Common?
They both have a dirt bag in them!

Ohhhh... comedy gold!

Re:Trucker humor

[Chop]

What do you call a hooker with a mattress tied to her back?

An Owner-Operator

ok, a joke

[sfjoe]

Since I don't have any ideas for you, here's my trucker joke:

A truck driver stopped at a roadside diner for lunch and ordered a cheeseburger, coffee, & a slice of apple pie. Three bikers came in, and one grabbed the trucker's cheeseburger out of his hand and took a huge bite from it. The second biker drank the trucker's coffee, & the third biker wolfed down the apple pie. The truck driver didn't say a word, just paid the cashier & left.
When he was gone, the bikers snickered & congratulated each other for being such bad asses. As the cashier walked up, a biker growled, "He ain't much of a man is he?"
"He's not much of a driver neither," replied the cashier. "He just backed his 18 wheeler over three motorcycles."

He could use VMWare Player.

[zorkmid]

And just use the pre-built Browser Appliance virtual machine.

IE on linux

[JTorres176]

I use IE in debian using crossover office from Codeweavers. I have to travel now and again for work and some hotels use the same setup where it requires that you use IE to make your connection (and yes, safari works too, but I don't have a mac)

All I have to do is make a connection to google with IE, then I use FF for everything else.

Re:IE on linux

[antifoidulus]

If Safari works, would Konquerer? They are almost one and the same, though I don't know if you could run Konquerer or not...

Re:IE on linux

[JTorres176]

I tried Konq in a couple of hotels, and FF, neither of them worked. I'm not sure what the difference is.

Tried spoofing "user-agent" in firefox?

[FrankBlues]

User agent switcher is an extension for FireFox that will allow you to fake the "user-agent" string identifying your browser.

Re:Tried spoofing "user-agent" in firefox?

[Burz]

And if Firefox still doesn't work, you can still run Opera on Linux and use that browser's built-in agent switcher (actually I think it defaults to reporting as IE).

Its possibe you could find Opera more compatible with an IE-specific site.

trucker joke

[frangipani]

I'd tell you my trucker joke, but it's only semi-funny.

Re:trucker joke

[geminidomino]

Ok, the net really needs to adopt the "GOL" TLA... THAT was a groaner.

A few things..

[SillyNickName4me]

Well, this should be little different from securing any other Windows machine connected directly to a public network..

Indeed a router might help here, provided it also has some decent firewall functionality. I would myself go for a WRT54GL with OpenWRT, setup as a wireless client and with its wireless connection firewalled and doing address translation.

It would be very nice if you could get around the authentication problem by directly posting the authentication info with some script, woudl also remove the need for IE, but will probably take a bit of scripting in perl or the like, might even be able to solve this one with just some bash script and tools like wget. You'll have to figure out what the authentication page expects from the client. Makes you wonder of course why they aren't supporting WPA and 'enterprise authentication' so that clients get authenticated at the wireless network level and get to use proper encryption. Sould not be difficult to support considerig that many ISPs use some radius server for authentication already anyway and that is all they really need.

When using a router/firewall, the connection will stay up regardless of you rebooting the laptop, so you should be able to switch OS or whatever else you want to do.

But in the end, reinstalling Windows every few months should not be needed provided the WIndows machine has some important tools installed, such as a decent personal firewall, anti-virus tools and some adware/spyware blocker/remover.

Also, you can authenticate using IE, and then use Firefox for browsing I'd say, so unless there are other compelling reasons, I see no reason why running another browser would mean running another OS.

Of course, you could also use something liek vmware or such and run a live linux distro on top of Windows. Refer to the many 'which live CD to use' discussions of the last years for info on that, or just try a few.

Re:A few things..

[AnalogFile]

Since you named WMWare, I think there's another option: Install linux as host, then WMWare for linux and install Windows inside that.

Then use your fantasy.
You will probably be able to browse from the Linux host once the connection is up.
And failing that, you can still just use windows and avoid the reinstalls by saving a snap image of the virtual machine right past installation.

Sure, you'll loose all bookmarks and stuff as with a real reinstall.
But the reinstall process itself will be a blink (just a file copy).

Re:A few things..

[SillyNickName4me]

Running Windows as guest may be the smarter way to do this indeed, provided Linux runs well on that laptop (depends.. at times it works really well, at times it is a real pain)

Sure, you'll loose all bookmarks and stuff as with a real reinstall.
But the reinstall process itself will be a blink (just a file copy).

THe 'technically advanced' solution would be to run samba on Linux and use a roaming profile to store those things outside of the 'Windows world'.

Maybe a bit overkill for the situation, but also nicely makes for sharing a possible printer and the like between the 2 enviroments.

Maybe he needs this

[linuxwrangler]

http://radiolabs.com/products/wireless/waverv.php

VMWare

[alexjohns]

Go here. A free VMWare player that runs an image of Linux running Firefox. Once you're connected up, do all your browsing with that.

If it won't accept that, use the User Agent Firefox module to pretend you're actually running IE.

What is he actually doing that's causing him problems? Downloading spyware apps? Not sure there's a fix for that.

Just get a data plan

[LWATCDR]

Get a data plan and a PCICMA card from Verizon or Sprint and use that. A lot of the interstates are have EVDO coverage.

Re:Just get a data plan

[nb+caffeine]

I'm not a huge fan of the price of such services, but my dad has the Verizon service. We were camping at Watkins Glen, and were able to listen to the internet broadcast of the race we were watching. Has worked all over the east coast, quite nicely. something in the neighborhood of $80 though...

Re:Just get a data plan

[LWATCDR]

I agree but for a trucker he may get to write it off as a business expense. Also WiFi at truck stops currently isn't free. I just through it out as an option. Some cells will let you use them as a modem and just charge air time. Us it at night and on weekends and it is free.

Re:Just get a data plan

[itwerx]

Get a data plan and a PCICMA [sic] card from Verizon or Sprint...

I would recommend Sprint as they're the only carrier with an unlimited data plan.
      Also, if he already has a cell phone it's quite possible he can hook it up to his laptop via bluetooth or an adaptor cable.
      I travel a lot and have a PowerBook and Treo 650 connected via bluetooth. Interestingly, even though the Blazer browser is truly horribly slow, that is actually due to the proxy server they use for page-munging and not at all due to the data connection itself. From my laptop using it as a pure data connection I can get 100k-200k rates sometimes!

Re:Just get a data plan

[narcc]

Cellular One has an unlimited data plan ($15/m) and an unlimited minutes plan ($50/m).

Re:Just get a data plan

[nachoboy]

I would recommend Sprint as they're the only carrier with an unlimited data plan.

I just bought a new phone and plan with Cingular. Their unlimited data plan is $20/month, but well worth it for me as I use it for email, light web browsing, and even as a bluetooth modem for the laptop when there's no WiFi. I get a pretty solid 115k connection.

Re:Just get a data plan

[EvilJoker]

Verizon won't officially let you- if you don't have a PDA designed for tethering, they won't sell you a plan- I can get EVDO "dial-up" on my LG 8100, but they won't sell me a plan for it. They also don't charge data rates, because officially, I can't tether it :-D

Their reaction? Try to block the tethering...(took a minor hexedit to re-enable, nothing too bad)

A hitchhiker gets picked up by a trucker

[Fr05t]

A hitchhiker gets picked up by a trucker. After a while of small talk, the truck driver looks over at the hitchhiker and asks if he'd like to see something cool. The hitchhiker shrugs, and says ok. Then the driver reaches across to the glove compartment, opens it, and a small monkey jumps out. Very quickly without warning the truck driver punches the Monkey, and just as quickly the Monkey pulls down the truckers pants and gives him a blow job.

The hitchhiker is taken back by this, and just sits quietly trying not to look until the driver asks if he'd like to try. Nervously the hitchhiker replies, "Ok, but please don't punch me".

Re:A hitchhiker gets picked up by a trucker

Off topic? WTF? He asked for Trucker jokes!

VMware Browser Appliance

[Bravo_Two_Zero]

The best suggestion I can muster, short of many layers of security, is the VMware Browser Appliance: http://www.vmware.com/vmtn/vm/browserapp.html

As a sidenote, my nephew is doing the same thing, and his iBook works just fine. His employer has a contract with TA, which is where he has his personal wireless subscription. There's no IE-only problems there for him.

Firewall

[kbahey]

Which Windows is he using?

If he does not have XP, then install ZoneAlarm for him from ZoneLabs. There is a free version.

Re:Firewall

[horatio]

Its been about a year since I last used it, but ZA was a pain in the ass. It blocks things that I've told it not to block, and doesn't block things I've told it to block. It also doesn't work transparently - that is, when you say 'disable firewall' ZA doesn't disable itself, but still firewalls things. It doesn't seem to be related to my lack of being able to come up with the correct settings, but rather that ZA is just stupid sometimes. IIRC, it also dumps all of your open connections when enabling/disabling the firewall.

I've been much happier with Kerio (now Sunbelt) Personal Firewall. It installs easily, can run in auto or advanced/learn mode, and doesn't get in my way. One of my personal favorite features of Kerio is the ability to stop applications from launching other applications - ie, realplayer wants to launch realsched - mark the box 'create a rule' and say 'no'. KPF also adds some signature and hueristics checking to the packets, if you want it to.

Kerio was providing a 30-day trial (+30 some features disabled) without any hassle. Looks like Sunbelt wants your email address first, however.

FlyingJ only works with IE???

[Dr.Dubious+DDQ]

Odd - unless they've changed it in the last year, I'd been using Konqueror to get onto it just fine...

It's possible many of them just SAY the site "only works with IE" because that's all they test on, but if you ignore the message in some cases you may be able to get in anyway...

Why not run Firefox?

[Matt+Perry]

He has to run IE because this is the only browser supported for the log-in process.

If IE is only needed for the log-in process then he could close it and run Firefox after logging in. Logging in usually just allows traffic from a certain MAC address to use the network once authenticated.

Re:Why not run Firefox?

[ebbe11]

If IE is only needed for the log-in process then he could close it and run Firefox after logging in.

Or you could get him the IE Tab extension for Firefox.

SSH SOCKS proxy.

[SocialEngineer]

I have a guide on setting up a secure proxy through SSH here. I use this whenever I'm out on insecure wireless networks.

Re:SSH SOCKS proxy.

Two comments to your page.

First, you will likely see better performance by adding a -C to your ssh line to enable compression.
Somthing like ssh user@host -x -C -D8080

Second thing, in newer versions of firefox, you can enable the SOCKS5 to also perform DNS lookups via about:config and adding network.proxy.socks_remote_dns to true. This makes your browsing completely transparent.

Re:SSH SOCKS proxy.

[SocialEngineer]

Thanks! I'll look into your suggestions and update the article accordingly.

He needs a *good* firewall and some knowledge

[Fencepost]

The XP built-in one works, but if he's moderately savvy then I highly recommend that he get one that will block both outbound and inbound connections. I use Kerio Personal Firewall, but I know there are others out there as well.

Basically what he should do is treat it as learning for the first while and "teach" the firewall what applications are allowed to connect out. Email client? Let it connect out for SMTP/POP3/IMAP; *maybe* let it connect out on HTTP/HTTPS but I don't advise it. Firefox? Let it connect out. IE? Let it connect out, but possibly with limitations (I let it go but have an alert that displays when it's making connections). IM clients? Allow them to connect to the appropriate services. Anything else? By default it's blocked or at least asks for permission. Unknown apps get an alert popup so you'll know something's trying to get out since that's going to be the best indication of an infection on the system.

No security tools?

[DerekLyons]

I notice you don't mention any usage of security tools... If he must use IE, then build him a reasonably secure Windows system. (If he's reformatting/reinstalling that often, he's running a horribly configured system.) Get him Zone Alarm, and an AV program.

A stupid trucker joke

[j-turkey]

Since all of my ideas have already been stated, I'll offer a dumb trucker joke. It works better recited, but I'll try to convey it in text:

A queer couple is hitchhiking on the side of I-80, trying to get across the country to California. A big, friendly trucker stops to pick them up. He offers them a ride all the way to California, and they gladly hop in. After some time on the road and enough idle chit-chat to break the ice, one of the queer gentlemen says "oh my god, I have to fart".

The truck driver is completely unphased and says "go nuts!". The queer guy raises a cheek and emits a drafty sound, like "paaahhhhhhhhh". The second queer guy looks at his partner and giggles.

"That's not a fart! That's barely even a breeze." His partner turns back to face him.

"Can you do any better?" he asked. The second hitchhiker groans and strains and emits a slightly louder (but still barely audible) "paaaaaahhhhhhhhhhhh".

The big trucker lets a hearty laugh out and asks "who the hell taught you boys how to break wind?" Listen to this! The driver raises an eyebrow, as if he were contemplating his flatulence. After a short pause, he emits a loud, resonating fart that seemed to shake the entire cab. There is a slightly uncomfortable moment of silence. The queer couple look at each other and giggle, then they say to each other in unison "viiiirgin!"

Re:A stupid trucker joke

[karlto]

That is absolutely awful.

Thanks for brightening my day!

Don't logon as an admin

[Software]

Set him up so that he's not an admin. See Aaron Margosis's blog for details. Another option is to introduce him to the RunAs functionality, though it's not needed much if you set him up as a non-admin.

If you're willing to do a bit of legwork, you can use Windows as an administrator. It's much, much safer.

As much as I hate to say... wine?

[phorm]

I've run IE6 rather well under Wine, though it often requires some work to get up and running. If it is an issue of the browser requiring activeX or some other stupidity perhaps you could run IE under wine to get things up and running?

Poor Reception

[wahini]

If your trucker friend has metallic paint on his cab, that may be causing the reception problems. Either way, I would look for a wifi card that supports connecting to an external antenna so he can use an antenna mounted outside of his cab.

Re:Poor Reception

[Myself]

USB adapters have the virtue of not suffering signal loss from cable length. Hawking makes a nice one with a 6dBi directional panel on it. Glue a suction cup to the adapter, stick it in the window for RF-transparent positioning, and snake the USB cable back to wherever the laptop sits.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:ok, another joke

[Anne_Nonymous]

Q: What do you call a hundred dirty hippies in the back of a cattle truck?

A: A deadhead load.

For security

Hamachi, available at http://www.hamachi.cc/ or
OpenVPN, available at http://openvpn.net/

dropmyrights

[Lehk228]

use DropMyRights to lower IE to a LIMITED account privlidges.
Get it from Microsoft Here

no jokes, but how about some trucker songs?

[ksheff]

When most people think of trucker songs, they think of the ones recorded by Red Sovine. Dale Watson has a few good ones too. Here are a couple:

Truckin' Man
If I was a Truckin' Man, I'd be a gearjammer with a one-armed tan,
I'd spend my nights in the roadhouse, Days on the lost highway,
Hey, If I was a Truckin' Man, I'd have my radio screamin' on the A.M. band
All night drivin' by dashboard lights, If I was a Truckin' Man

I can't let my life slip away,
pushing these Number 2 pencils every day
This rat race don't fit into my plan, no, ma'am
I'm a'dreamin', schemin', If I was a Trucking Man,

(Chorus)

Well I'd sign my life away on the dotted white line,
Drinkin' my coffee, Smokin' my smokes all night
And if I get tired, I'll let Vinnie drive, if he can,
I'm a'dreamin', schemin', If I was a Trucking Man,

This one is kinda funny:

Truckin' Queen
If you ever get up to Oklahoma City
You'll here about a guy that thinks he's pretty
On channel 19 in year your ears
He's a long haul trucker, he's big and brawny
You can hear that sucker nearly every morning
Loud and proud, loud and clear

I got my night gown on
I got my pretty red panties on
and I'm ready to go in a minute

Trucking queen from OKC
He wears a negligee with red lame
He's always heard, but he's seldom seen
He's a trucking queen from OKC

He's got a string of white pearls around his big red neck
Scruffy beard and the hair on his back makes the negligee stick out kinda lumpy like
He ain't got no hair on the top of his head
But he's got a pony tail with a blue barrette
He wears pink lipstick
It gets smeared on his power mike

(Chorus)

Another alternative: VMWare Player

[Burz]

If Windows is installed natively on the computer, you can run one of the freely-available Linux VMs in VMWare Player. They even have a Linux setup solely for browsing.

So if IE under WINE/Codeweavers doesn't work with the signon for some reason, then VMWare would be my next resort.

Other Options

[mkosmo]

What about other options, such as cellular internet? Its cheaper nowadays, and is as simple as plugging in a pcmcia card. With this you can use it nearly anywhere, any time, at broadband speed... and youre not sharing the pipe with the other truckers. We all know what its like at a LAN party when one guy sucks all the available internet bandwidth for porn.... well if we had our own connection we wouldnt have to fear :)

Flying J, works fine with iBook / Ubuntu / Firefox

[timothy]

As others have noted, Flying J's service definitely doesn't require Windows or IE. It's also gotten better; I used to have a lot of trouble logging in with anything other than IE, actually, and luckily still had it on the OS X partition of my iBook's drive (which itself I luckily still had at that point ;)).

However, the big problem was actually reaching the login page itself; that login / signup page was reached by automatic redirection when you tried to attach to the wireless network. That is, you'd start your browser (IE, especially) and would after a minute or so, instead of whatever home page you would get on an open network, see the login screen instead. This had an address something like https://highpeedl/ogin/tonservices.com, and from that page you could sign up (or sign in), pay for more time, etc.

After that step was done, you could connect to any program which needed the connection -- it was just the establishment that was a pain. So I could use Mozilla, after connecting through IE.

I found that by bookmarking the actual login page address in Mozilla though, the problem went away: though automatic redirection didn't work under Mozilla (so you couldn't reach that login page by trying to hit google, say), by going straight to the login page, all was fine.

However, like I said, that was then. Now, I've had no problem with automatic redirection or logging in with an iBook running Ubuntu linux (it's an old iBook, and the original Airport works just fine with Ubuntu), and the biggest problem is that the coverage footprint at Flying Js is often poor.

timothy