There's no requirement to broadcast it. And further, just to be pedantic, it's an AP identifier, NOT a network one. (Because any network can have many AP's)
If you put up a sign that said - "The code to open the door is: ABC" - then prosecuted anyone who does, perhaps your argument is consistant. But I doubt you'd argue that. A SSID broadcast is an advertisiment of service. It's not a label. If you don't broadcast it, then it's a label.
You can turn SSID broadcasts off, and still connect. It's really quite easy to do. You just tell the wireless software to connect to your AP on channel X, and use SSID "ABC."
Now that isn't as convienient, but it can be done.
But if you broadcast (advertise) service, someone's going to assume you can connect to that service. If you don't want them to connect, you either use a capture portal, or you use a static IP assignment, or prevent the DHCP server from granting an IP.
But frankly, how I can know where that AP is actually located. In any reasonably dense location around here, my wireless card will detect anywhere from 4-12+ AP's. Probably more than half will be completely unsecure. So, do I just go knocking on doors until I find the right place? Or perhaps I ought to get out my directional wireless antenna and attempt to triangulate the AP, right?
I live in Portland OR, by the way - and we have a very vibrant open AP network community here. Many people leave their AP's open and really don't care if anyone connects to it. (Especially if they can ensure their machines aren't personally attacked... I don't agree with this stance, as I think it's foolish, but that's not the point.)
Finding the AP owner in any setting can be daunting. I rarely connect to someone else's AP, but if it advertises service, (SSID broadcast) and hands out IP's and doesn't filter traffic or offer a capture portal, I believe I'm legally reasonable in using it.
I tend to use SSL wrapped sessions via VPN and etc, but I still use it if I need to.
I find no need to ask, when the "sign" (SSID broadcast) is an invitation to use, and when the equipment explicitly grants me access and handles my traffic properly. I really have no idea if they intend to "share" or not, and probably, around here at least, it's a 50/50 chance. But they chose to ignore perfectly reasonable documentation, and run it open. That's nice. If you don't want to do that, go ahead and read a few more pages and use trivial steps to setup security.
In fact, I personally have a published document that explains all this in very clear terms - exactly what you need to choose for options and why. I have distributed this to literally thousands of people - it goes out in a marketing packet I send - and I can count on a SINGLE HAND the number of people who have taken this seriously and inquired further. (I just setup a capture portal for a client last week too, so it's not like I'm not aware of the possibilties.)
So, I simply don't have much sympathy to those who claim they didn't know. They didn't attempt in any serious way to find out. They, intentionally or not, left their equipment configured to share. If they don't want to share, there are easy steps to prevent it.
I mean, freak - google this "wireless internet secure" The very first link that comes up...
These days wireless networking products are so ubiquitous and inexpensive that just about anyone can set up a WLAN in a matter of minutes with less than $100 worth of equipment. This widespread use of wireless networks means that there may be dozens of potential network intruders lurking within range of your home or office WLAN.
The cafe owner has a sign up that says it's for customers only. The cafe owner charges people to use wifi who don't purchase anything.. you can't argue that the default router configuration should override the will of the goddamn cafe owner.
I forgot this...
None of the linked sources I read mentioned ANYTHING about the owner not intending the user to use it.
I quote...
Indeed, neither did Donna May, the owner of the Union Street Cafe. "I didn't know it was really illegal, either," she told the TV station. "If he would have come in (to the coffee shop), it would have been fine."
And no, it wouldn't have been fine. It would have required *EXPLICIT* permission, which just entering the coffe shop wouldn't have given. (I doubt he would have been prosecuted, but by the actual law, it requires "explicit" permission...and obviously SSID/DHCP acceptance isn't sufficient.)
So, to be safe in Michigan, you'd need to get written and signed - perhaps even notarized - permisson to actually be safe using someone's wifi.
Anything else puts you in jeopardy of a he said/she said prosecution, and if the jury/judge believes the testimony of the other party rather than you, you're screwed.
There's simply no evidence you got permisson.
And I'll say this. I've yet to see a WIFI client that doesn't work without SSID broadcast. (Can you give me an example of one that can't?)
Further, there's a million capture portals out there.
It seems to me that the law stares in the face of logic. It allows the "wifi owner" to shift the cost of configuing equipment properly to the user who innocently attempts to attach. (The fact of this case not withstanding - because it isn't clear to me exactly what the facts are...) If the AP broadcasts the SSID and gives a DHCP response - that's explicit permisson.
Perhaps that's not what you intended, but with a little looking in the docs, or a relatively small cost for a capture portal - it's trivially easy to configure.
If you're not willing to do that, and someone attaches to your system that you've left configured to give explicit permission - then IMO it's your problem - not the person who attaches.
Sure, it may be the law, but it's an incredibly stupid law that, IMO, isn't legally defenseable. SSID broadcast and IP via DHCP ***ARE*** explicit permisson. It may be permission you didn't intend, but you left it as it was.
Frankly, this law would make any "community" wireless system almost useless. It would require registration, or at least self-registration...and for a free service, it doesn't seem appropriate to force someone who wants to give away bandwidth to take additional steps to ensure people get additional "explicit" permission. (I suppose it could be done via wifidog - but to be practical, would require co-ordinated use of the auth system.) In short, it makes a community wireless, or an individual who intends to share bandwith very difficult.
I'd say it's a terribly stupid law, and IMO, a decent lawyer would be able to shred it to pieces. However, the costs will be substantial because it will almost certainly require a trip to an appeals court and a very long time.
If if you bloody put a sign up, saying "Come on in" and someone does, then you're just an idiot for putting the sign up, and the government would be skanks for prosecuting anyone who does.
Same with an AP that FREEKING BROADCASTS the SSID. It is absolutely a PUBLIC INVITATION to use the network. The DHCP response is an AFFIRMATION of your assent that the device may use the publicly advertised/broadcasted network.
What's an SSID? (Service Set ID) When it broadcasts, it IS advertising service. (WiFi Service here!)
You don't have to broadcast SSID's and without them, you can't attach to the Wifi Network. (Many routers offer the ability NOT to broadcast the SSID.)
But if your broadcast that you're offering service, you then answer in the affirmative when asked for a IP (DHCP) I simply can't see how anyone can consider this "unauthorized." Short of getting written, signed by the authorized agent of the WiFi Network that you (specifically) are authorized, you could be successfully prosecuted for "unauthorized" access, simply because you couldn't prove you'd gotten "authorized" access.
I mean damn. You BROADCAST an SSID. You futhter allow a DHCP address to be assigned to an unkown MAC address, and then forward and receive packets from it. The SSID broadcast is the AVDERTISING of the service. The granting of the DHCP request with an IP is the EXPLICIT permission to use the network.
If you intended it to be private, you either encrypt it, authenticate it, or block unknown MAC addresses, or fail to lease IP's to unkown clients.
But if you INTEND to let everyone use it, as an OPEN AP, you do just as the coffee shop did.
IBM is NOT a convicted monopolist in any of the markets SCO is competing in. (If you can say SCO is competing in ANY market, other than frivolous litigation.)
Further, IBM has persuaded, at least allegedly, it's competitors (BayStar Capital Management, Intel, Oracle, Computer Associates, Hewlett Packard and Novell) to put the hit on SCO. Monopoly (of which IBM isn't by far) simply won't fly here.
First there's a VAST difference between "no trust" and "distrust."
While I don't distrust everyone, I certainly "trust" few. That's a perfectly healthy and self preserving position. Those that earn my trust over time get more power over me. Those that violate that trust lose that power. Continuing to keep that trust requires accountability and transparency. I generally don't accept explainations of your actions to protect me, on the face value of "trust us, we're doing this for your own good." You will be required to explain to me what you did, how you did it, and why. If you can't do that, you're likely to lose power since you'll lose trust.
Next: Because ALL governments who had no real accountability and ultimate power were despot regimes, I think it's perfectly reasonable to be highly suspect when our own government becomes more and more authoritarian and less transparent. In short, there's adequate reason to DISTRUST a non accountable, non transparent government - any government, ours, theirs, or someone else's.
If you believe blind, unquestioning trust is reasonable, I'm sure China or Iran or Pakistan are great places to live. The old USSR was a good example.
The US in principle holds to the open, tranparent and accountability principles. Look at the Constitution and the Declairation of Independence. Both are freely laced with the "Never trust your government" mind-set. And for good reason. The founders had first hand experience of a Government who had no checks, no real accountability and certainly no transparency. They knew it resulted in evil.
The Government is *of*, *for*, and *by* the people.
When Government believes it no-longer has to respect the people, obey the people, and be accountable to the people, it's in violation of both the Declaration of Independence and the US Constitution. IMO, those responsible for that position are legally guilty of treason.
As a concrete example. The current law states that the EXCLUSIVE means of wiretapping outside of the criminal legal system requirements is the FISA court. When the executive branch ignores the law, they are legally in violation of their duties to uphold and enforce the law.
Now they can ask that the law be modified, or contest the law in court. But until a court strikes the law, or the legislative branch modifies the law, the executive branch is not allowed to ignore the law. That you'd trust a branch of government who is willfully breaking the law, as doing things in your best interest, I'd seriously question your intelligence. (It's kind of like sending the Nigerian scammer cash - "well yeah, he'd steal from someone else, but certainly he won't from me!" Oh, really - how interesting...)
Further, the courts are used to act as a balance against the executive braches of government. The court ensures, as a neutral party, that the request is balanced against the needs of the executive. It's kind of like a unanimous verdict in criminal cases. Sure, it's likely that some guilty people go free, just like the request of a criminal or FISA wiretap is a burden that probably lets some who *should* be wiretapped get away. But we'd rather err on the side of protecting the citizen from an overzelous government than opress the people because government couldn't be bothered to really care itself.
History shows far more abuse of the people BY government. Accountability of government, presumed innocence, presumed privacy and protection from survellience are the life-blood of a truely free society. Remove those and it's just a matter of time until actively evil government takes advantage and pillages the populace.
Perhaps you believe evil will never arrive, but I assure you it will. Without serious checks against government, that evil will be unchecked and what you "wish" wouldn't happen will. And you'll have to power or ability to prevent it. The end result is the loss of your "life, liberty and the pursuit of happiness." You know, those things that ar
That the "new" HP appears to be stamping out the "HP Way."
Perhaps Bill and Dave would have been less than amused at Sun's antics. But IMO they'd have considered it trivial and petty.
However the damage done to their own company by mindless expansion and aggrandization - well, lets just say they wouldn't have found that trivial and petty. More like heartless and ultimatly destructive to both the company and it's employees.
-GregThat the "new" HP appears to be stamping out the "HP Way."
Perhaps Bill and Dave would have been less than amused at Sun's antics. But IMO they'd have considered it trivial and petty.
However the damage done to their own company by mindless expansion and aggrandization - well, lets just say they wouldn't have found that trivial and petty...more like heartless and ultimately destructive to both the company and it's employees.
Someone who's willing to kill kids, women, civillians - pretty much anything, as well as die themselves - and these guys are supposed to care about their fellow citizens?
You must be retarded or something. Sheesh!
I might support a "force" based approach if we'd already looked at the major grievences the rest of the world has with us, and made a honest attempt to resolve those injustices where we could. (And frankly, IMO, the terrorist threat would virtually dissapear or be fairly easily contained through "police" enforcement efforts if we really did.)
But we won't. The cost to us would be unacceptable, and most of those here in the US would rather be rich and fat and happy than worry about what injustices we're imposing on others. Just look at the most recent items.
OBL (osama) - he grew from the neglect of Afganistan after we A) Destroyed Afganistan and left it in shambles after the Russians left. and B) Stayed in Saudi after we had to attack Saddam after he invaded Kuwait. (Which we almost green-lighted, BTW.)
Saddam. Ah, the enemy of my enemy. We climbed in bed with him because he was a useful foil on Iran.
Which brings me to the problem with Iran, now and then. Iran was another despot regeme we supported (The Shaw) because it served our interests - mainly oil security. He oppressed his people greatly, and they threw him out. Needless to say, they were not too impressed with his enablers - namely the US, and did nice things to our embassy staff.
So, when the US actually cares about the despicable things it does to the rest of the world and cleans up it's mess - then yeah, I'm up with the bomb the shit out of them meme. But until then, lets just call it what it is. A big ruthless bully who steals your lunch money and then beats you up because you complained about it.
Then use nothing. No question in my mind about it. I'd rather have no locks on my doors so that I know to leave nothing valuable in the place than the illusion of good security and leave my valuables about. Bad locks are IMO, worse than no locks - precisely because a lock implies security. If the locks' security is as bad as that in WEP, then no locks would be better.
Further... The additional cost to any small business by upgrading the infrastructure capable of WPA is trivial. In most cases, all that would need the upgrade, if any, would be the AP, as on the client Windows/OS does the crypto and is easily able to do WPA-AES/PSK.
If your small business can't afford the $100 bucks to upgrade your AP, then you've got lots more serious problems, and the sunk cost of WEP isn't a real consideration.
Lastly, what's the cost if your WEP is broken? $100 will sound like real chump change when compared to even a MINOR identity theft scheme, or worse, a good attorney to get you out of a jam. Even a single stolen check will probably run you a LOT more than the nominal cost of an AP or two.
Even with its inherent weaknesses, Wireless Encryption Protocols or WEP is still a good method for preventing attackers from capturing your network traffic. Less-experienced hackers will probably not even attempt to capture data packets from a wireless network that is broadcasting using WEP. Even if a hacker possesses the skills and tools necessary to crack WEP, it can be an extremely time-consuming process, especially when dealing with the newer 128-bit specification, which requires in excess of 500,000 captured data packets to even begin the cracking process. Not only is WEP a good way to ward off many would-be attackers, it is strengthened when used with other security techniques.
"Extremely time-consuming..." Huh, like sub 10 minutes for an active attack? That's "extremely time-consuming?"
It says WEP's got problems, but then portrays the caveats as though it was a tiny flaw in pratical terms. Bullshit. Rather than use WEP, use nothing, IMO. At least that way when the Cops/FBI/Secret Service come to haul your ass away, you can at least have some plausable denyal for what happened using your WiFi network.
If you're going to use some form of encryption, WPA is easiest and very secure, given decent PSK's. Open VPN is probably next.
Turning on WPA would be a pretty good bet, and from my quick scan of TFA, they DON'T EVEN MENTION WPA AT ALL!
VPN is better, but WEP is TOTALLY WORTHLESS. TOTALLY!
If you could tell someone to do ONE thing, it certainly ought to be to turn on WPA and use a long PSK. The article was a waste of time for the authors.
Frankly, anyone with even something as little as a fork will decimate any hijacker.
Honestly, they could rip off the cockpit doors and I pretty much guarantee that NO airliner would get successfully hijacked again.
The passengers would rip the hijacker to death with toothpicks if need be.
The whole boondoggle about "airport" security is a huge ruse. Simply said, no one will get hijacked again. Someone crazy might stab or attempt to harm a pilot, but there wouldn't be another hijacking in any case.
Frankly, it wouldn't surprise me to see a terrorist feed on the massive reaction to actually use our own reaction to bring down a plane - not from their action, but the over-reaction of the passengers and security. (The rules of fighting - to use the force of the attacker against them tend to re-enforce this idea.)
Note: This is a post speculating about theory. Please NSA leave the black helicopters at home. I'm certainly not the only guy to think this.
I don't entirely disagree with you. However, I think you paint a brush saying Clinton was a criminal, and so is GWB.
However, to take that metaphor a bit farther... Perhaps that's true, but it certainly appears as though WJC was a purse-snatcher and perhaps an arsonist. GWB is a rapist and pedophile who torutred his victims. Further, when accused, he didn't even try to avoid the charge, but stood up and said "Yup, and it was fun!"
Our rights are long gone. They are not coming back. And GWB went a very long way in removing them.
Sure, more than GWB is responsible, but I can't think of anyone in recent memory who has so powerfully evicerated our rights and gleefully claimed it was fun.
FWIW, having the *ability* to tap is far different than actually using it.
And using it when authorized and overseen by a neutral, independant party such as the FISA court, or a judge is far different than claiming some absolutely crazy crap, like, "it was authorized by the AUMF" or it's an inherent power in the constitution, or it's available for any president with W as their middle initial.
As an aside, if an AUMF allows that kind of crap, then the next one ought to come just about the same time the sun turns into a red dwarf.
Jeremy came at you as good as Winston Churchill dished it out.
So the story goes... Nancy Astor was a native Virginian who became Britain's first woman member of the House of Commons. In the 1930's she headed a clique in the House of Commons that found something to admire in Hitler's Germany. Churchill described an Astorite as an appeaser "who feeds the crocodile hoping that it will eat him last." One time shortly thereafter, Churchill found himself at Cliveden, the Astor mansion.
After dinner Lady Astor presided over the pouring of coffee. When Churchill came by, she glared and said. "Winston, if I were your wife, I'd put poison in your coffee." "Nancy," Churchill replied to the acid-tongued woman, "if I were your husband, I'd drink it."
You simply got out classed. Jeremy did it politely and clearly. Quit yammering and slink home with your tail betwixt your legs. You got 0wned.
Kind of like locking up folks without trial, at the say so of King George?
Or how about the people who claim Sheehan is "bordering on treasonous?"
Like the folks who claim we can't release the photographs and video from Abu Graib because it would make us look bad? (Ah, someone tell them we already do. Remind them of the barn door thing. Better yet, how about not murdering, raping and doing unspeakable things to ANYONE in the first place. "Rape rooms" as George calls them, indeed.)
That kind of "Freedom?"
Kind of hard to exercise freedom of speech when you're dead, or locked up in Guantanimo without recourse, or one of the ghost detainees, huh?
Freedom indeed.
The founding fathers wanted to protect us from the likes of the current administration. (I'll be the first to admit that the Dems aren't a whole lot better, but since that's all the opposition we have at the moment, I'll take what I can get.)
However, someone like Frist, or DeLay comes to mind - or GWB for that matter.
They rant and rave over Schivo - denying Schivo's choice, and over E stem cell research (though IIRC Frist has, dare I say it, flip-flopped on it) and abortion, plan B etc. However, they seem more than gleeful in strapping another guy in the electric chair and frying him - and often not even seeming to really care much about guilt or innocence.
(There's a whole mass of hypocritical issues in the above - choice, privacy, end of life decisions, juducial fairness, empowerment of the individual, government out of our lives, etc.)
I'm picking on Repubs right now, but that's the issues we're discussing. And frankly their behavior makes me want to throw up.
So, while perhaps it's wrong to throw all people like yourself under the bus as hypocrits, I see a lot of very public people, who other republicans and right-to-lifers have chosen as their leaders and I think the "real" right-to-lifers ought to be ashamed of that leadership. (As I think the religeous people ought to be also, as I think these same individuals make a mockery of God - blashphemy more accurately.)
Q Scott, has anyone -- has the President tried to find out who outed the CIA agent? And has he fired anyone in the White House yet?
MR. McCLELLAN: Well, Helen, that's assuming a lot of things. First of all, that is not the way this White House operates. The President expects everyone in his administration to adhere to the highest standards of conduct. No one would be authorized to do such a thing. Secondly, there -- I've seen the anonymous media reports, and if I could find out who "anonymous" was, it would make my life a whole lot easier. But --
Q Does he think it didn't come from here?
MR. McCLELLAN: But we've made it very clear that anyone -- anyone -- who has information relating to this should report that information to the Department of Justice.
Q Does he doubt it came from the White House?
MR. McCLELLAN: I'm sorry?
Q Does he doubt?
MR. McCLELLAN: Well, there's been no information that has been brought to our attention, beyond what we've seen in the media reports, to suggest White House involvement.
Q Will the President move aggressively to see if such a transgression has occurred in the White House? Will he ask top White House officials to sign statements saying that they did not give the information?
MR. McCLELLAN: Bill, if someone leaked classified information of this nature, the appropriate agency to look into it would be the Department of Justice. So the Department of Justice is the one that would look in matters like this.
June 10, 2004
Q Given -- given recent developments in the CIA leak case, particularly Vice President Cheney's discussions with the investigators, do you still stand by what you said several months ago, a suggestion that it might be difficult to identify anybody who leaked the agent's name?
THE PRESIDENT: That's up to --
Q And, and, do you stand by your pledge to fire anyone found to have done so?
THE PRESIDENT: Yes. And that's up to the U.S. Attorney to find the facts.
Note: His reply to fire anyone who leaked the agent's name? Yes.
So, there is a little wiggle room. Bush can claim that Rove didn't leak the name, which would be positively, I hate to say it, Clintonian.
So, go ahead and come up with little green men excuses why Rove isn't to blame - we all understand your squirming.
But clearly when no one was being directly blamed, the President and everyone else thought this was a very big deal. So big, GWB promised to fire anyone involved in leaking her name.
Yo, buckwheat. You actually read that wiki article you referenced?
Apparently not.
Summary: Goodwin's law simply states that the longer a thread goes on, the likelihood of a comparison to Hitler/Nazi's reaches 1. It (the "law" itself has nothing to do with ending the thread or losing the argument.)
Frankly, IMHO, it's a reasonable comparison given the vast "rewrite" of history SCO is attempting.
This, frankly, is insultingly awful as analogies go. The WAP is not broadcasting a signal that says "Hey, anyone, connect! My owner welcomes connections!" It's no more inviting "all" connections than a door with no notice on it. Would you pee in a closet simply because it has a door handle?
It is a required part of a WAP's operation that it negotiate with incoming connections, much as a door handle's operation requires it negotiate with the hand gripping it. To stretch this further and suggest that because it performs this negotiation stage, the owner is automatically inviting strangers to use it is absurd.
SSID broadcasts the existance of a service, namely the WAP. It's perfectly within the spec to turn off SSID broadcasts and quit broadcasting the existance of the service and the ID to use it.
Further, I connect with the SSID you're broadcasting, and I *request* an IP address via DHCP.
Your WAP, at your direction, leases me an IP address.
You're advertising a service, even if you're not aware of it. Further, when I request to use your service and ask for an IP, you provide it.
Ask and consent. Seems perfectly valid to claim a user is advertising a service and providing that service as requested.
Lastly, many make the point that the ISP has not agreed to allow the 3rd party to use the service. Perhaps. But who is providing the service. The bozo who hasn't configured his service/WAP properly. If the ISP has a problem, it's not with the 3rd party, it's with their customer with the misconfigured WAP.
It tends to align the interests of consumers and Microsoft.
Now, Microsoft basically knows that you're gonna have to buy Windows and Office. There's not a whole lot of incentive to fix either.
However, ponder the apps side first.
MS Apps makes Office for Windows, Linux/Wine, Mac OS, etc etc etc. They don't really care if they aid in selling more copies of Windows OS, they only make money on Office. So they run Office anywhere they can make money.
The OS side, meantime says - heck, we want everyone to develop apps on our platform. (It's the apps that sell the platform afterall.) If we provide uneven support for some app makers vs. others, then people will seriously consider building apps on another platform. Thus we'll give the best OS and the best platform support to all. We have nothing to gain by supporting MS Office the "best."
Now, perhaps Window OS and Office would remain the monopoly in this situation, even given a perfect implimentation. Thus would be unfortunate, but at least you would have the interests of MS and the buying public more aligned than they are now.
Right now, MS wants to sell you copies of BOTH OS and APPS. They'll use almost any means at their disposal to aid this. And this certainly isn't in the buyers interest.
There may be other ways to break up MS, but frankly this makes the most sense of any proposal I've heard.
Clearly, the ramifications from writing bad/buggy software are not enough to prevent it. If the risks were high enough - that you'd lose your job, your company would be sued into the ground - etc - then we'd see software that was really high quality.
For those that would rebut me, read Mark Minasi's "Software conspiriacy" - he's right on the money.
When users value and demand high quality software, then we'll get it. (And have a legal system that allows the buyer to hold the seller responsible.) Until then we'll get empty promises, ridden hard and put away wet.
And everyone who complained about it got modded down?/. pretty much sucks these days. It's a toss up betwixt the Nat. Enquirer or Slashdot. Frankly NE might have more technical value.
Slashdot Mirror
Damn - now someone tells me! :)
Thanks, that is the most concise and helpful definition I've heard.
Cheers,
Greg
There's no requirement to broadcast it. And further, just to be pedantic, it's an AP identifier, NOT a network one. (Because any network can have many AP's)
If you put up a sign that said - "The code to open the door is: ABC" - then prosecuted anyone who does, perhaps your argument is consistant. But I doubt you'd argue that. A SSID broadcast is an advertisiment of service. It's not a label. If you don't broadcast it, then it's a label.
You can turn SSID broadcasts off, and still connect. It's really quite easy to do. You just tell the wireless software to connect to your AP on channel X, and use SSID "ABC."
Now that isn't as convienient, but it can be done.
But if you broadcast (advertise) service, someone's going to assume you can connect to that service. If you don't want them to connect, you either use a capture portal, or you use a static IP assignment, or prevent the DHCP server from granting an IP.
But frankly, how I can know where that AP is actually located. In any reasonably dense location around here, my wireless card will detect anywhere from 4-12+ AP's. Probably more than half will be completely unsecure. So, do I just go knocking on doors until I find the right place? Or perhaps I ought to get out my directional wireless antenna and attempt to triangulate the AP, right?
I live in Portland OR, by the way - and we have a very vibrant open AP network community here. Many people leave their AP's open and really don't care if anyone connects to it. (Especially if they can ensure their machines aren't personally attacked... I don't agree with this stance, as I think it's foolish, but that's not the point.)
Finding the AP owner in any setting can be daunting. I rarely connect to someone else's AP, but if it advertises service, (SSID broadcast) and hands out IP's and doesn't filter traffic or offer a capture portal, I believe I'm legally reasonable in using it.
I tend to use SSL wrapped sessions via VPN and etc, but I still use it if I need to.
I find no need to ask, when the "sign" (SSID broadcast) is an invitation to use, and when the equipment explicitly grants me access and handles my traffic properly. I really have no idea if they intend to "share" or not, and probably, around here at least, it's a 50/50 chance. But they chose to ignore perfectly reasonable documentation, and run it open. That's nice. If you don't want to do that, go ahead and read a few more pages and use trivial steps to setup security.
In fact, I personally have a published document that explains all this in very clear terms - exactly what you need to choose for options and why. I have distributed this to literally thousands of people - it goes out in a marketing packet I send - and I can count on a SINGLE HAND the number of people who have taken this seriously and inquired further. (I just setup a capture portal for a client last week too, so it's not like I'm not aware of the possibilties.)
So, I simply don't have much sympathy to those who claim they didn't know. They didn't attempt in any serious way to find out. They, intentionally or not, left their equipment configured to share. If they don't want to share, there are easy steps to prevent it.
I mean, freak - google this "wireless internet secure"
The very first link that comes up...
I forgot this...
None of the linked sources I read mentioned ANYTHING about the owner not intending the user to use it.
I quote...
And no, it wouldn't have been fine. It would have required *EXPLICIT* permission, which just entering the coffe shop wouldn't have given. (I doubt he would have been prosecuted, but by the actual law, it requires "explicit" permission...and obviously SSID/DHCP acceptance isn't sufficient.)
-Greg
So, to be safe in Michigan, you'd need to get written and signed - perhaps even notarized - permisson to actually be safe using someone's wifi.
Anything else puts you in jeopardy of a he said/she said prosecution, and if the jury/judge believes the testimony of the other party rather than you, you're screwed.
There's simply no evidence you got permisson.
And I'll say this. I've yet to see a WIFI client that doesn't work without SSID broadcast. (Can you give me an example of one that can't?)
Further, there's a million capture portals out there.
It seems to me that the law stares in the face of logic. It allows the "wifi owner" to shift the cost of configuing equipment properly to the user who innocently attempts to attach. (The fact of this case not withstanding - because it isn't clear to me exactly what the facts are...) If the AP broadcasts the SSID and gives a DHCP response - that's explicit permisson.
Perhaps that's not what you intended, but with a little looking in the docs, or a relatively small cost for a capture portal - it's trivially easy to configure.
If you're not willing to do that, and someone attaches to your system that you've left configured to give explicit permission - then IMO it's your problem - not the person who attaches.
Sure, it may be the law, but it's an incredibly stupid law that, IMO, isn't legally defenseable. SSID broadcast and IP via DHCP ***ARE*** explicit permisson. It may be permission you didn't intend, but you left it as it was.
Frankly, this law would make any "community" wireless system almost useless. It would require registration, or at least self-registration...and for a free service, it doesn't seem appropriate to force someone who wants to give away bandwidth to take additional steps to ensure people get additional "explicit" permission. (I suppose it could be done via wifidog - but to be practical, would require co-ordinated use of the auth system.) In short, it makes a community wireless, or an individual who intends to share bandwith very difficult.
I'd say it's a terribly stupid law, and IMO, a decent lawyer would be able to shred it to pieces. However, the costs will be substantial because it will almost certainly require a trip to an appeals court and a very long time.
-Greg
If if you bloody put a sign up, saying "Come on in" and someone does, then you're just an idiot for putting the sign up, and the government would be skanks for prosecuting anyone who does.
Same with an AP that FREEKING BROADCASTS the SSID. It is absolutely a PUBLIC INVITATION to use the network.
The DHCP response is an AFFIRMATION of your assent that the device may use the publicly advertised/broadcasted network.
Damn, some people are simply morons. Sheesh!
-Greg
The heck it isn't! (Sheesh)
What's an SSID? (Service Set ID)
When it broadcasts, it IS advertising service. (WiFi Service here!)
You don't have to broadcast SSID's and without them, you can't attach to the Wifi Network. (Many routers offer the ability NOT to broadcast the SSID.)
But if your broadcast that you're offering service, you then answer in the affirmative when asked for a IP (DHCP) I simply can't see how anyone can consider this "unauthorized." Short of getting written, signed by the authorized agent of the WiFi Network that you (specifically) are authorized, you could be successfully prosecuted for "unauthorized" access, simply because you couldn't prove you'd gotten "authorized" access.
I mean damn. You BROADCAST an SSID. You futhter allow a DHCP address to be assigned to an unkown MAC address, and then forward and receive packets from it.
The SSID broadcast is the AVDERTISING of the service.
The granting of the DHCP request with an IP is the EXPLICIT permission to use the network.
If you intended it to be private, you either encrypt it, authenticate it, or block unknown MAC addresses, or fail to lease IP's to unkown clients.
But if you INTEND to let everyone use it, as an OPEN AP, you do just as the coffee shop did.
-Greg
IBM is NOT a convicted monopolist in any of the markets SCO is competing in. (If you can say SCO is competing in ANY market, other than frivolous litigation.)
Further, IBM has persuaded, at least allegedly, it's competitors (BayStar Capital Management, Intel, Oracle, Computer Associates, Hewlett Packard and Novell) to put the hit on SCO. Monopoly (of which IBM isn't by far) simply won't fly here.
SCO's claims are laughable.
You're clueless. Simply clueless.
First there's a VAST difference between "no trust" and "distrust."
While I don't distrust everyone, I certainly "trust" few. That's a perfectly healthy and self preserving position. Those that earn my trust over time get more power over me. Those that violate that trust lose that power. Continuing to keep that trust requires accountability and transparency. I generally don't accept explainations of your actions to protect me, on the face value of "trust us, we're doing this for your own good." You will be required to explain to me what you did, how you did it, and why. If you can't do that, you're likely to lose power since you'll lose trust.
Next:
Because ALL governments who had no real accountability and ultimate power were despot regimes, I think it's perfectly reasonable to be highly suspect when our own
government becomes more and more authoritarian and less transparent. In short, there's adequate reason to DISTRUST a non accountable, non transparent government - any government, ours, theirs, or someone else's.
If you believe blind, unquestioning trust is reasonable, I'm sure China or Iran or Pakistan are great places to live. The old USSR was a good example.
The US in principle holds to the open, tranparent and accountability principles. Look at the Constitution and the Declairation of Independence. Both are freely laced with the "Never trust your government" mind-set. And for good reason. The founders had first hand experience of a Government who had no checks, no real accountability and certainly no transparency. They knew it resulted in evil.
The Government is *of*, *for*, and *by* the people.
When Government believes it no-longer has to respect the people, obey the people, and be accountable to the people, it's in violation of both the Declaration of Independence and the US Constitution. IMO, those responsible for that position are legally guilty of treason.
As a concrete example. The current law states that the EXCLUSIVE means of wiretapping outside of the criminal legal system requirements is the FISA court. When the executive branch ignores the law, they are legally in violation of their duties to uphold and enforce the law.
Now they can ask that the law be modified, or contest the law in court. But until a court strikes the law, or the legislative branch modifies the law, the executive branch is not allowed to ignore the law. That you'd trust a branch of government who is willfully breaking the law, as doing things in your best interest, I'd seriously question your intelligence. (It's kind of like sending the Nigerian scammer cash - "well yeah, he'd steal from someone else, but certainly he won't from me!" Oh, really - how interesting...)
Further, the courts are used to act as a balance against the executive braches of government. The court ensures, as a neutral party, that the request is balanced against the needs of the executive. It's kind of like a unanimous verdict in criminal cases. Sure, it's likely that some guilty people go free, just like the request of a criminal or FISA wiretap is a burden that probably lets some who *should* be wiretapped get away. But we'd rather err on the side of protecting the citizen from an overzelous government than opress the people because government couldn't be bothered to really care itself.
History shows far more abuse of the people BY government. Accountability of government, presumed innocence, presumed privacy and protection from survellience are the life-blood of a truely free society. Remove those and it's just a matter of time until actively evil government takes advantage and pillages the populace.
Perhaps you believe evil will never arrive, but I assure you it will. Without serious checks against government, that evil will be unchecked and what you "wish" wouldn't happen will. And you'll have to power or ability to prevent it. The end result is the loss of your "life, liberty and the pursuit of happiness." You know, those things that ar
That the "new" HP appears to be stamping out the "HP Way."
...more like heartless and ultimately destructive to both the company and it's employees.
Perhaps Bill and Dave would have been less than amused at Sun's antics. But IMO they'd have considered it trivial and petty.
However the damage done to their own company by mindless expansion and aggrandization - well, lets just say they wouldn't have found that trivial and petty. More like heartless and ultimatly destructive to both the company and it's employees.
-GregThat the "new" HP appears to be stamping out the "HP Way."
Perhaps Bill and Dave would have been less than amused at Sun's antics. But IMO they'd have considered it trivial and petty.
However the damage done to their own company by mindless expansion and aggrandization - well, lets just say they wouldn't have found that trivial and petty
-Greg
Holy crap.
Someone who's willing to kill kids, women, civillians - pretty much anything, as well as die themselves - and these guys are supposed to care about their fellow citizens?
You must be retarded or something. Sheesh!
I might support a "force" based approach if we'd already looked at the major grievences the rest of the world has with us, and made a honest attempt to resolve those injustices where we could. (And frankly, IMO, the terrorist threat would virtually dissapear or be fairly easily contained through "police" enforcement efforts if we really did.)
But we won't. The cost to us would be unacceptable, and most of those here in the US would rather be rich and fat and happy than worry about what injustices we're imposing on others. Just look at the most recent items.
OBL (osama) - he grew from the neglect of Afganistan after we A) Destroyed Afganistan and left it in shambles after the Russians left. and B) Stayed in Saudi after we had to attack Saddam after he invaded Kuwait. (Which we almost green-lighted, BTW.)
Saddam. Ah, the enemy of my enemy. We climbed in bed with him because he was a useful foil on Iran.
Which brings me to the problem with Iran, now and then. Iran was another despot regeme we supported (The Shaw) because it served our interests - mainly oil security. He oppressed his people greatly, and they threw him out. Needless to say, they were not too impressed with his enablers - namely the US, and did nice things to our embassy staff.
So, when the US actually cares about the despicable things it does to the rest of the world and cleans up it's mess - then yeah, I'm up with the bomb the shit out of them meme. But until then, lets just call it what it is. A big ruthless bully who steals your lunch money and then beats you up because you complained about it.
Cheers,
Greg
Then use nothing. No question in my mind about it. I'd rather have no locks on my doors so that I know to leave nothing valuable in the place than the illusion of good security and leave my valuables about. Bad locks are IMO, worse than no locks - precisely because a lock implies security. If the locks' security is as bad as that in WEP, then no locks would be better.
Further...
The additional cost to any small business by upgrading the infrastructure capable of WPA is trivial. In most cases, all that would need the upgrade, if any, would be the AP, as on the client Windows/OS does the crypto and is easily able to do WPA-AES/PSK.
If your small business can't afford the $100 bucks to upgrade your AP, then you've got lots more serious problems, and the sunk cost of WEP isn't a real consideration.
Lastly, what's the cost if your WEP is broken? $100 will sound like real chump change when compared to even a MINOR identity theft scheme, or worse, a good attorney to get you out of a jam. Even a single stolen check will probably run you a LOT more than the nominal cost of an AP or two.
Cheers,
Greg
Turning on WPA would be a pretty good bet, and from my quick scan of TFA, they DON'T EVEN MENTION WPA AT ALL!
VPN is better, but WEP is TOTALLY WORTHLESS. TOTALLY!
If you could tell someone to do ONE thing, it certainly ought to be to turn on WPA and use a long PSK. The article was a waste of time for the authors.
Cheers,
Greg
Frankly, anyone with even something as little as a fork will decimate any hijacker.
Honestly, they could rip off the cockpit doors and I pretty much guarantee that NO airliner would get successfully hijacked again.
The passengers would rip the hijacker to death with toothpicks if need be.
The whole boondoggle about "airport" security is a huge ruse. Simply said, no one will get hijacked again.
Someone crazy might stab or attempt to harm a pilot, but there wouldn't be another hijacking in any case.
Frankly, it wouldn't surprise me to see a terrorist feed on the massive reaction to actually use our own reaction to bring down a plane - not from their action, but the over-reaction of the passengers and security. (The rules of fighting - to use the force of the attacker against them tend to re-enforce this idea.)
Note: This is a post speculating about theory. Please NSA leave the black helicopters at home. I'm certainly not the only guy to think this.
-Greg
I don't entirely disagree with you. However, I think you paint a brush saying Clinton was a criminal, and so is GWB.
However, to take that metaphor a bit farther...
Perhaps that's true, but it certainly appears as though WJC was a purse-snatcher and perhaps an arsonist.
GWB is a rapist and pedophile who torutred his victims. Further, when accused, he didn't even try to avoid the charge, but stood up and said "Yup, and it was fun!"
Our rights are long gone. They are not coming back. And GWB went a very long way in removing them.
Sure, more than GWB is responsible, but I can't think of anyone in recent memory who has so powerfully evicerated our rights and gleefully claimed it was fun.
-Greg
FWIW, having the *ability* to tap is far different than actually using it.
And using it when authorized and overseen by a neutral, independant party such as the FISA court, or a judge is far different than claiming some absolutely crazy crap, like, "it was authorized by the AUMF" or it's an inherent power in the constitution, or it's available for any president with W as their middle initial.
As an aside, if an AUMF allows that kind of crap, then the next one ought to come just about the same time the sun turns into a red dwarf.
-Greg
Oh, feeling a little pissy are we?
I'm chuckling away.
Jeremy came at you as good as Winston Churchill dished it out.
So the story goes...
Nancy Astor was a native Virginian who became Britain's first woman member of the House of Commons. In the 1930's she headed a clique in the House of Commons that found something to admire in Hitler's Germany. Churchill described an Astorite as an appeaser "who feeds the crocodile hoping that it will eat him last." One time shortly thereafter, Churchill found himself at Cliveden, the Astor mansion.
After dinner Lady Astor presided over the pouring of coffee. When Churchill came by, she glared and said. "Winston, if I were your wife, I'd put poison in your coffee." "Nancy," Churchill replied to the acid-tongued woman, "if I were your husband, I'd drink it."
You simply got out classed. Jeremy did it politely and clearly. Quit yammering and slink home with your tail betwixt your legs. You got 0wned.
Cheers,
Greg
Kind of like locking up folks without trial, at the say so of King George?
Or how about the people who claim Sheehan is "bordering on treasonous?"
Like the folks who claim we can't release the photographs and video from Abu Graib because it would make us look bad? (Ah, someone tell them we already do. Remind them of the barn door thing. Better yet, how about not murdering, raping and doing unspeakable things to ANYONE in the first place. "Rape rooms" as George calls them, indeed.)
That kind of "Freedom?"
Kind of hard to exercise freedom of speech when you're dead, or locked up in Guantanimo without recourse, or one of the ghost detainees, huh?
Freedom indeed.
The founding fathers wanted to protect us from the likes of the current administration. (I'll be the first to admit that the Dems aren't a whole lot better, but since that's all the opposition we have at the moment, I'll take what I can get.)
Cheers,
Greg
Good for your non-hypocritical ways.
However, someone like Frist, or DeLay comes to mind - or GWB for that matter.
They rant and rave over Schivo - denying Schivo's choice, and over E stem cell research (though IIRC Frist has, dare I say it, flip-flopped on it) and abortion, plan B etc. However, they seem more than gleeful in strapping another guy in the electric chair and frying him - and often not even seeming to really care much about guilt or innocence.
(There's a whole mass of hypocritical issues in the above - choice, privacy, end of life decisions, juducial fairness, empowerment of the individual, government out of our lives, etc.)
I'm picking on Repubs right now, but that's the issues we're discussing. And frankly their behavior makes me want to throw up.
So, while perhaps it's wrong to throw all people like yourself under the bus as hypocrits, I see a lot of very public people, who other republicans and right-to-lifers have chosen as their leaders and I think the "real" right-to-lifers ought to be ashamed of that leadership. (As I think the religeous people ought to be also, as I think these same individuals make a mockery of God - blashphemy more accurately.)
Cheers,
Greg
Oh, but funny, it's only recently that the crack heads on the right think it's inconsequential.
0 030929-7.html#1
0 040610-36.html
Back on Sep 29, 2003 there was a press conference at the WH.
Oddly enough they thought it was significant then. How come the change of heart now?
From: http://www.whitehouse.gov/news/releases/2003/09/2
Q Scott, has anyone -- has the President tried to find out who outed the CIA agent? And has he fired anyone in the White House yet?
MR. McCLELLAN: Well, Helen, that's assuming a lot of things. First of all, that is not the way this White House operates. The President expects everyone in his administration to adhere to the highest standards of conduct. No one would be authorized to do such a thing. Secondly, there -- I've seen the anonymous media reports, and if I could find out who "anonymous" was, it would make my life a whole lot easier. But --
Q Does he think it didn't come from here?
MR. McCLELLAN: But we've made it very clear that anyone -- anyone -- who has information relating to this should report that information to the Department of Justice.
Q Does he doubt it came from the White House?
MR. McCLELLAN: I'm sorry?
Q Does he doubt?
MR. McCLELLAN: Well, there's been no information that has been brought to our attention, beyond what we've seen in the media reports, to suggest White House involvement.
Q Will the President move aggressively to see if such a transgression has occurred in the White House? Will he ask top White House officials to sign statements saying that they did not give the information?
MR. McCLELLAN: Bill, if someone leaked classified information of this nature, the appropriate agency to look into it would be the Department of Justice. So the Department of Justice is the one that would look in matters like this.
They didn't say... "It's trivial. She's not a secret agent - everyone knew about it."
http://www.whitehouse.gov/news/releases/2004/06/2
June 10, 2004
Q Given -- given recent developments in the CIA leak case, particularly Vice President Cheney's discussions with the investigators, do you still stand by what you said several months ago, a suggestion that it might be difficult to identify anybody who leaked the agent's name?
THE PRESIDENT: That's up to --
Q And, and, do you stand by your pledge to fire anyone found to have done so?
THE PRESIDENT: Yes. And that's up to the U.S. Attorney to find the facts.
Note: His reply to fire anyone who leaked the agent's name? Yes.
So, there is a little wiggle room. Bush can claim that Rove didn't leak the name, which would be positively, I hate to say it, Clintonian.
So, go ahead and come up with little green men excuses why Rove isn't to blame - we all understand your squirming.
But clearly when no one was being directly blamed, the President and everyone else thought this was a very big deal. So big, GWB promised to fire anyone involved in leaking her name.
How, you spin a very different story.
Cheers,
Greg
Bush said
Yo, buckwheat. You actually read that wiki article you referenced?
Apparently not.
Summary:
Goodwin's law simply states that the longer a thread goes on, the likelihood of a comparison to Hitler/Nazi's reaches 1. It (the "law" itself has nothing to do with ending the thread or losing the argument.)
Frankly, IMHO, it's a reasonable comparison given the vast "rewrite" of history SCO is attempting.
Cheers,
Greg
This, frankly, is insultingly awful as analogies go. The WAP is not broadcasting a signal that says "Hey, anyone, connect! My owner welcomes connections!" It's no more inviting "all" connections than a door with no notice on it. Would you pee in a closet simply because it has a door handle?
It is a required part of a WAP's operation that it negotiate with incoming connections, much as a door handle's operation requires it negotiate with the hand gripping it. To stretch this further and suggest that because it performs this negotiation stage, the owner is automatically inviting strangers to use it is absurd.
SSID broadcasts the existance of a service, namely the WAP. It's perfectly within the spec to turn off SSID broadcasts and quit broadcasting the existance of the service and the ID to use it.
Further, I connect with the SSID you're broadcasting, and I *request* an IP address via DHCP.
Your WAP, at your direction, leases me an IP address.
You're advertising a service, even if you're not aware of it. Further, when I request to use your service and ask for an IP, you provide it.
Ask and consent. Seems perfectly valid to claim a user is advertising a service and providing that service as requested.
Lastly, many make the point that the ISP has not agreed to allow the 3rd party to use the service. Perhaps. But who is providing the service. The bozo who hasn't configured his service/WAP properly. If the ISP has a problem, it's not with the 3rd party, it's with their customer with the misconfigured WAP.
Cheers,
Greg
It tends to align the interests of consumers and Microsoft.
Now, Microsoft basically knows that you're gonna have to buy Windows and Office. There's not a whole lot of incentive to fix either.
However, ponder the apps side first.
MS Apps makes Office for Windows, Linux/Wine, Mac OS, etc etc etc. They don't really care if they aid in selling more copies of Windows OS, they only make money on Office. So they run Office anywhere they can make money.
The OS side, meantime says - heck, we want everyone to develop apps on our platform. (It's the apps that sell the platform afterall.) If we provide uneven support for some app makers vs. others, then people will seriously consider building apps on another platform. Thus we'll give the best OS and the best platform support to all. We have nothing to gain by supporting MS Office the "best."
Now, perhaps Window OS and Office would remain the monopoly in this situation, even given a perfect implimentation. Thus would be unfortunate, but at least you would have the interests of MS and the buying public more aligned than they are now.
Right now, MS wants to sell you copies of BOTH OS and APPS. They'll use almost any means at their disposal to aid this. And this certainly isn't in the buyers interest.
There may be other ways to break up MS, but frankly this makes the most sense of any proposal I've heard.
Cheers,
Greg
This is the "because we can" outcome.
If you can get away with crap, you will.
Clearly, the ramifications from writing bad/buggy software are not enough to prevent it. If the risks were high enough - that you'd lose your job, your company would be sued into the ground - etc - then we'd see software that was really high quality.
For those that would rebut me, read Mark Minasi's "Software conspiriacy" - he's right on the money.
When users value and demand high quality software, then we'll get it. (And have a legal system that allows the buyer to hold the seller responsible.) Until then we'll get empty promises, ridden hard and put away wet.
Cheers,
Greg
And everyone who complained about it got modded down? /. pretty much sucks these days. It's a toss up betwixt the Nat. Enquirer or Slashdot. Frankly NE might have more technical value.
Sheesh!