As much as I like SSH (it's probably my most used tool), an IPSEC based VPN should give better performance. Have a look at http://sites.inka.de/bigred/devel/tcp-tcp.html/ for a brief explanation of the problems with tunnelling TCP over TCP.
My favourite SSH trick is using SSHFS along with AUTOFS to automagically connect to other servers' filesystems. Again, not the best performance, but as long as the server is running an SSH daemon, you're good to go.
To be honest, I hadn't really considered DNS poisoning. With any luck, the SSL certificate will throw up a problem when the hostname doesn't match the certificate, so an attacker would have to compromise the certificate as well.
Could you please provide an actual example where this has happened? I quite happily run an open WIFI and I think people are just fear-mongering when they say things like this.
Just apply some QOS so you're guaranteed to get as much bandwidth as you want and other people can use whatever's spare. You can't bank the unused bandwidth on unlimited connections, so you might as well let someone else use it if they want.
If people are happy to share the remaining bandwidth then I'm quite happy for them to drop their service. I've already paid for my agreed bandwidth, so I'm not cheating the ISP out of anything. If their business model relies on re-selling the bandwidth that I've already paid for, then that's their problem.
I doubt that could ever happen as ISPs would fall foul of that law every time. An IP address does not identify a person - you'd need more evidence to convict than that. Have you got an example of someone being convicted without any evidence being found on their computer?
I'm quite happy for random strangers to use my wifi - I've never seen any significant bandwidth being used for me to be concerned about it. I'm not convinced that restricting MAC addresses is worthwhile as I'd then have to explicitly allow people/guests/devices to use the open network and it's easy enough for MAC addresses to be spoofed anyway, so it's only pretend security.
If everyone did as I do, then there'd be less need for 3G data plans. Also, not every wifi device supports mobile broadband, so sometimes it's just convenient to be able to use an open wifi.
I refuse to be scared by their implied threats. If they can get a warrant to search my house, then they can try to find whatever the warrant was issued for. Otherwise, they have no rights on my property and I won't bow down to them just to be a "good citizen".
I've got a Virgin Media router (to the cable broadband) that I set up the open WIFI on, and a Buffalo WZR-HP-AG300H that I use for the WPA2 WIFI connecting to my home LAN.
To be honest, my setup is overkill as the Virgin Media router supports running a WPA2 and a guest network and the Buffalo DD-WRT router can also do the same thing. I like the extra range and throughput of the Buffalo router (it's the quickest consumer router I could find) and it also runs on 2 separate frequencies.
On the other hand, if you're on an unlimited broadband deal, you can't bank unused bandwidth, so you might as well let other people use it (with appropriate QOS so that they don't cause a problem with your own access).
I refuse to bow down to the idea that an IP address resolves to a person. If you've got a log somewhere with an IP address and some "illegal" file, you've got to prove that it was me. It's easy to fake logs and typically ISPs don't perform security checks on their workers. If you accept that you have responsibility for anything done with an IP address that was assigned to your router, then you open yourself up to all kinds of spoofing attacks. They need proof, not just an IP address log.
The answer is 2 networks. One open and advertised with no access to other devices, and the other WPA2 (hidden if you like) and secured. You can throttle down the open one if you get any bandwidth problems.
But there wouldn't be any evidence of wrongdoing on your PC, so they'd have to get some more evidence. IP addresses do not correspond to people - you need more than just a log entry to convict someone.
Use HTTPS Everywhere https://www.eff.org/https-everywhere/> and make sure that any confidential data is over https and then it doesn't matter that the WIFI is un-encrypted.
What I do is use a WPA2 network that all my devices use and an open network for guests to use that is firewalled from accessing the other network. That gives me the best of both worlds.
My attitude is that if I'm out and about and want to get WIFI, I'd like other people to provide open guest networks, so it makes sense for me to provide one for other people to use.
WTF? I have no idea what you are on about regarding Arstechnica (I know it's some kind of news site, but that's about it). I think you've confused me with someone else.
It's a useful baseline though, as you can guarantee that every user of that OS will be able to make use of that feature. How else would you compare them?
I can't believe I'm replying to *THE NAME THAT MUST NOT BE SPOKEN*, but here goes:
I'm well aware that you can add all kinds of software to Windows, but that doesn't mean that it's included with Windows (on the disk or in the standard software repository). Cygwin provides an entire userland of linux software, but I wouldn't consider that to be part of a standard Windows install.
To take it to the extreme, I could download, for free, a Linux CD and run it within Windows, but that doesn't mean that Windows includes those features.
I was just going by "is it on the CD?" for judging whether it's included in the OS. However, I would also include "Is it in the standard repository?" as being part of the OS package.
I agree, it's pretty trivial to install putty as long as you have internet access and administrator credentials and are sat in front of the machine in question.
Putty isn't really "part of" Windows (nor is Cygwin) although I've used it and it's a good piece of software. You might not see the need for other file systems, but why shouldn't Windows at least support reading from different filesystems? To my mind, filesystem support should be part of the OS.
We can nitpick any OS to death, and it's fun to do as well;)
Granted, I'm not a typical desktop user. Maybe I should have gone for things like spreadsheet software, PDF reader etc. You can add them, but they don't come with Windows. Also, where's the software repository so that I can install software from a known "good" source and have updates to all my software applied with just a couple of clicks?
I've actually found driver support in Windows to be extremely flaky. I've had old hardware refuse to work under Windows 7 as the only driver available is a 32bit WinXP one. I've heard stories of scanners and printers not working in Windows 7 - I don't know if they're true or not.
My experience of loading WinXP onto laptops is typically painful - load the OS, then search the manufacturer website for the relevant network driver/AHCI storage driver. Put the drivers onto a usb storage key or DVD and then attempt to install them. Reboot, get a blue screen as I've forgotten to switch the BIOS back into AHCI mode etc.
My experience of loading Ubuntu onto laptops is typically easy - boot from USB or CD, install the OS and everything is working. Sometimes (if the wireless chipset requires a proprietary driver) I've had to use a LAN cable to connect to the internet and run the "Additional Drivers" program to fix wireless, but that's easy enough.
My view is that I don't care what OS other people run as long as we're all using standards that don't care what OS we run.
Yes, you can use Putty, but my point is that it doesn't come with Windows. You can also install Cygwin to add an ssh server, but I don't consider that to be part of Windows.
My experience with WinXP is that the support for UDF and ISO9660 is non-existent. I believe that there's some support for them in Windows 7, but I don't know how easy it is to copy a dvd in Windows 7 or if it's possible withouot extra software.
To be honest, I wasn't including extra software as part of the Windows OS - I was comparing what you get when you install Windows vs what you get when you install e.g. Ubuntu. As such, MS Word is not part of Windows - you usually pay extra for it.
Slashdot Mirror
As much as I like SSH (it's probably my most used tool), an IPSEC based VPN should give better performance. Have a look at http://sites.inka.de/bigred/devel/tcp-tcp.html/ for a brief explanation of the problems with tunnelling TCP over TCP.
My favourite SSH trick is using SSHFS along with AUTOFS to automagically connect to other servers' filesystems. Again, not the best performance, but as long as the server is running an SSH daemon, you're good to go.
To be honest, I hadn't really considered DNS poisoning. With any luck, the SSL certificate will throw up a problem when the hostname doesn't match the certificate, so an attacker would have to compromise the certificate as well.
Not if they find evidence on your computer that you downloaded it.
Could you please provide an actual example where this has happened? I quite happily run an open WIFI and I think people are just fear-mongering when they say things like this.
Just apply some QOS so you're guaranteed to get as much bandwidth as you want and other people can use whatever's spare. You can't bank the unused bandwidth on unlimited connections, so you might as well let someone else use it if they want.
If people are happy to share the remaining bandwidth then I'm quite happy for them to drop their service. I've already paid for my agreed bandwidth, so I'm not cheating the ISP out of anything. If their business model relies on re-selling the bandwidth that I've already paid for, then that's their problem.
Here in the UK AFAIK, they'd have to have a warrant to search for CP, so if they found a bong, they wouldn't be able to use it as evidence.
Just my curiosity, but why did you remove public access?
I doubt that could ever happen as ISPs would fall foul of that law every time. An IP address does not identify a person - you'd need more evidence to convict than that. Have you got an example of someone being convicted without any evidence being found on their computer?
I'm quite happy for random strangers to use my wifi - I've never seen any significant bandwidth being used for me to be concerned about it. I'm not convinced that restricting MAC addresses is worthwhile as I'd then have to explicitly allow people/guests/devices to use the open network and it's easy enough for MAC addresses to be spoofed anyway, so it's only pretend security.
If everyone did as I do, then there'd be less need for 3G data plans. Also, not every wifi device supports mobile broadband, so sometimes it's just convenient to be able to use an open wifi.
I refuse to be scared by their implied threats. If they can get a warrant to search my house, then they can try to find whatever the warrant was issued for. Otherwise, they have no rights on my property and I won't bow down to them just to be a "good citizen".
I've got a Virgin Media router (to the cable broadband) that I set up the open WIFI on, and a Buffalo WZR-HP-AG300H that I use for the WPA2 WIFI connecting to my home LAN.
To be honest, my setup is overkill as the Virgin Media router supports running a WPA2 and a guest network and the Buffalo DD-WRT router can also do the same thing. I like the extra range and throughput of the Buffalo router (it's the quickest consumer router I could find) and it also runs on 2 separate frequencies.
On the other hand, if you're on an unlimited broadband deal, you can't bank unused bandwidth, so you might as well let other people use it (with appropriate QOS so that they don't cause a problem with your own access).
I refuse to bow down to the idea that an IP address resolves to a person. If you've got a log somewhere with an IP address and some "illegal" file, you've got to prove that it was me. It's easy to fake logs and typically ISPs don't perform security checks on their workers. If you accept that you have responsibility for anything done with an IP address that was assigned to your router, then you open yourself up to all kinds of spoofing attacks. They need proof, not just an IP address log.
The answer is 2 networks. One open and advertised with no access to other devices, and the other WPA2 (hidden if you like) and secured. You can throttle down the open one if you get any bandwidth problems.
But there wouldn't be any evidence of wrongdoing on your PC, so they'd have to get some more evidence. IP addresses do not correspond to people - you need more than just a log entry to convict someone.
Use HTTPS Everywhere https://www.eff.org/https-everywhere/> and make sure that any confidential data is over https and then it doesn't matter that the WIFI is un-encrypted.
What I do is use a WPA2 network that all my devices use and an open network for guests to use that is firewalled from accessing the other network. That gives me the best of both worlds.
My attitude is that if I'm out and about and want to get WIFI, I'd like other people to provide open guest networks, so it makes sense for me to provide one for other people to use.
driver support for virtually all hardware in existence
so I was supplying a counter example.
I wasn't aware it could read them - I've always had trouble with it not being able to open .ISO files. Can it write to them as well?
WTF? I have no idea what you are on about regarding Arstechnica (I know it's some kind of news site, but that's about it). I think you've confused me with someone else.
It's a useful baseline though, as you can guarantee that every user of that OS will be able to make use of that feature. How else would you compare them?
I can't believe I'm replying to *THE NAME THAT MUST NOT BE SPOKEN*, but here goes:
I'm well aware that you can add all kinds of software to Windows, but that doesn't mean that it's included with Windows (on the disk or in the standard software repository). Cygwin provides an entire userland of linux software, but I wouldn't consider that to be part of a standard Windows install.
To take it to the extreme, I could download, for free, a Linux CD and run it within Windows, but that doesn't mean that Windows includes those features.
I was just going by "is it on the CD?" for judging whether it's included in the OS. However, I would also include "Is it in the standard repository?" as being part of the OS package.
I agree, it's pretty trivial to install putty as long as you have internet access and administrator credentials and are sat in front of the machine in question.
Putty isn't really "part of" Windows (nor is Cygwin) although I've used it and it's a good piece of software. You might not see the need for other file systems, but why shouldn't Windows at least support reading from different filesystems? To my mind, filesystem support should be part of the OS.
;)
We can nitpick any OS to death, and it's fun to do as well
Granted, I'm not a typical desktop user. Maybe I should have gone for things like spreadsheet software, PDF reader etc. You can add them, but they don't come with Windows. Also, where's the software repository so that I can install software from a known "good" source and have updates to all my software applied with just a couple of clicks?
I've actually found driver support in Windows to be extremely flaky. I've had old hardware refuse to work under Windows 7 as the only driver available is a 32bit WinXP one. I've heard stories of scanners and printers not working in Windows 7 - I don't know if they're true or not.
My experience of loading WinXP onto laptops is typically painful - load the OS, then search the manufacturer website for the relevant network driver/AHCI storage driver. Put the drivers onto a usb storage key or DVD and then attempt to install them. Reboot, get a blue screen as I've forgotten to switch the BIOS back into AHCI mode etc.
My experience of loading Ubuntu onto laptops is typically easy - boot from USB or CD, install the OS and everything is working. Sometimes (if the wireless chipset requires a proprietary driver) I've had to use a LAN cable to connect to the internet and run the "Additional Drivers" program to fix wireless, but that's easy enough.
My view is that I don't care what OS other people run as long as we're all using standards that don't care what OS we run.
Yes, you can use Putty, but my point is that it doesn't come with Windows. You can also install Cygwin to add an ssh server, but I don't consider that to be part of Windows.
My experience with WinXP is that the support for UDF and ISO9660 is non-existent. I believe that there's some support for them in Windows 7, but I don't know how easy it is to copy a dvd in Windows 7 or if it's possible withouot extra software.
To be honest, I wasn't including extra software as part of the Windows OS - I was comparing what you get when you install Windows vs what you get when you install e.g. Ubuntu. As such, MS Word is not part of Windows - you usually pay extra for it.