Month: October 2010

My Black Beauty

Lorin Olsen

I have gotten more than a few notes chiding me for not showing pics of my new girl (see above).  She is a 2011 Surly LHT.  And I really love the black paint job and accoutrements.  I’m still waiting for a front rack.  But otherwise, she is outfitted with everything I need.  I especially love the kickstand!
As a steel bike, the ride is wonderfully smooth.  She takes potholes, road cracks and the occasional road repair efforts with ease.  And the new rear lighting system (including a Topeak UFO light and a Blackburn Flea) ensures that I am completely visible while riding in the dark (at dawn and dusk).
I’m debating what comes next (after the arrival of the front rack).  It might be different pedals or a new front lighting system.  But both will wait for another six months or so.  In the meantime, the next objective will be to pay the balance on a bicycle commuting jacket and a pair of platform shoes.  But for now, me and my girl are having a wonderful ride to and from work.
-Roo

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

What Does Your Wife Think About Wardriving?

Lorin Olsen

For those who have read my blog for any amount of time, you already know that I am oddly fascinated with security.  Am I a certified information security professional?  No, I am not – at least, not yet.  Nevertheless, I have been fascinated by both the techniques and the ethics of hackers.
And that fascination is nothing new.  I installed my first WiFi access point last century.  And I have had WiFi access within my home ever since.  I did my first “war-walking” through my neighborhood in 2002.  Then, I had a laptop an a PCMCIA card.  And it was fun to know just how few of my neighbors had installed WiFi into their houses.  Those that had taken the plunge were woefully under-secured.
But things sure have changed in the last decade.  Now, over half of my neighbors also have WiFi.  And more importantly, most have some form of security on their networks.  At the same time, the tools I use have also changed.  I now have a Droid 2 phone.  And I am using tools like Wardrive and Wigle Wifi.
I have done two simple “wardriving” runs since I got my Droid 2.  The first was on a car drive coming home from work.  The second was on a bike ride to work.  What fascinated me was just how many access points I found within such a small area.  And more startling was the fact that I had found a thousand “new” access points and networks.  [Note: “New” means that wigle.net did not have a record of this device at the specific GPS coordinates that I provided.]
After a very long day yesterday, I decided not to ride my bike home.  I just didn’t have the heart to fight traffic after eleven hours at work.  So I rode home with my wife.  And I talked to her about my day.  When I told her that I had done some wardriving, she was appalled.
As a geek, I was perplexed by her response.  When I was riding my bike and collecting data, I was just inventorying the packets that were available from the street.  And I was not even trying to probe the defenses of these networks.  I was just cataloging the packets that my phone collected as I rode by.  Nevertheless, my wife thought that I was doing something nefarious.  I bristled at her “lack of understanding” of the simple and innocuous inventory I had collected.
But after several hours of thinking about her comments, I think I can understand her objection.  Most of the people that have WiFi access points have no idea about computer security, licensed and unlicensed RF spectrum, existing law (in the form of local, state and federal statutes) or even the curiosity of hackers.  What these users are doing is simple: they are using their home systems to perform simple tasks.  And they are expecting a certain degree of privacy – even if they are doing the equivalent of electromagnetically shouting through their windows.  Basically, people are assuming and expecting privacy.  And to collect their carelessly scattered packets is a violation of an implicit trust arrangement.
But was I a party to that trust arranggement?  No, I was not.  Nor were these people’s neighbors party to any such agreement – either implicit or explicit.  Nor was Google a party to this implicit agreement.
Nevertheless, I can hear my wife blaming Google as well as blaming myself.  Is she right?  As a geek, I scream my objections to her misunderstanding.  But when I really consider her argument, she may very well have a point.  Yes, these people are ignorantly casting their data out into the air and onto the streets.  And I willingly picked up that data.  Am I attempting penetration of their networks?  Of course I’m not doing that.  But I am sifting through the junk they are throwing out.
I’ve come to a simple conclusion: I wasn’t “wardriving” at all.  Instead, I was doing the equivalent of electronic dumpster diving.  They are leaving important trash un-shredded.  And I am rummaging through their ignorance.
Should I stop collecting such small and insignificant packets?  After all, I am not doing anything illegal.  Nevertheless, I must now carefully consider my wife’s thoughts before I do my next “wardriving” run.
And even more importantly, I must rethink whether or not this activity become illegal/immoral when someone like Google does it.  It may be tenable when it is done by a lone and curious geek.  But does it become something more “sinister” when it is done by a large and “menacing” corporation?   I don’t know.  But I’ll have to think about it.  What are your thoughts on the matter?
-Roo

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

Coincidence and Convergence

Lorin Olsen


It’s a Saturday.  That means I can play with things at home.  This weekend, my wife is in Houston with my oldest daughter (Meredith).  Bailey came home to “help” me with Jayden.  Of course, that means that she is out with her boyfriend – and I’m here alone with Jayden.  [Please know that this is very cool with me as my grandchild is a gem.]
But it is Saturday.  So I have to play with some kind of technology.  Earlier this week, I watched the new Iron Man 2 on Blu-Ray.  But before the movie began to play, I got a popup on the TV about a new firmware load for the Blu-Ray player.  So I loaded the firmware, rebooted the player and watched the movie.
But Saturday is for play so I had to know what had been loaded.  I went to the menu and noted that the Viera menu on the player had been updated.  OK, that must mean a problem was fixed, a feature was added or both.  I didn’t see anything in the Amazon Video on Demand screens.  But I did notice a “More” button that seemed new.  So I pressed it.
Lo and behold, there was now a menu option for Pandora.  For those who don’t know what Pandora is, you probably need to browse the web more often.  Pandora is an excellent streaming music service.  Yes, it plays your music – or music that someone thinks that you might like.  It is fairly good at picking music that I like.  But I like almost any music.
So I logged into Pandora and now I can stream any of the playlists/channels that I want to hear.  There is a fairly good on screen menu.  But most importantly, it plays the sound through my Blu-Ray player – which is hooked into a fairly good audio system.
Now I have good sounds whenever I want them.  What started as a good computer service has now morphed into a service that I can use with my home entertainment complex.  This is very cool convergence – and I wouldn’t have even noticed this except that I noticed the firmware patch that Panasonic released.
-Roo

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

Secure Access…On the Go

Lorin Olsen


For the past few years, I’ve enjoyed the ability to log onto my home system while I’ve been at work.  The process was simple: I would launch PuTTY from my USB drive.  From there, I’d set up a encrypted tunnel through my router to my primary home system.  I would then use a VNC client to tunnel my desktop access through SSH.  But all of that changed when I started my new job.
At my new employer, I was no longer able to use SSH to access my home system.  I totally understand why port 22 was blocked.  But I really didn’t want to start tunneling stuff through DNS.  Fortunately, my new phone provided the answer to my need for desktop access.  After doing a bunch of research, I decided that I would use ConnectBot and androidVNC on my Android phone.
But there are always hiccups when doing something new.  At first, I had trouble with public key encryption to my home system.  I would never back down from this requirement.  So I let the issue sit until I had a few more hours to fiddle with parameters.  And tonight was that time.
I tried to use my existing public keys.  But that strategy was fraught with trouble – i.e., I couldn’t get it to work.  So I decided to reverse polarity on the device.  OK, I’m not Scotty.  But I decided to generate the key on the phone (via ConnectBot) and mail the public key component to myself.  I then imported the key into WinSSHd.  Unfortunately, this didn’t solve the problem.
So more research revealed that WinSSHd only supports ‘xterm’ emulation.  So I updated my ConnectBot settings and tried yet again.  And voila, my phone could connect to my home system.  So I had a command prompt.  And everything looked good.  But the job wasn’t done yet.  I wanted full screen access.  So it was time to do more research.
It was easy to set PuTTY up on my desktop.  I just needed to find out where the options were in the ConnectBot tool.  Enter the work of Wayne Perg.  His excellent tutorial pointed me to the port forwarding directives in ConnectBot.  Within a few minutes, I reconfigured androidVNC.  I am now able control my desktop from my phone.
Folks, technology is fantastic.  And it is even more fantastic when you can find the answers to your questions through the previous work of others.  If there is one thing I can still teach my kids, I hope that I can help them to use Google (or other search engines) to find real answers.  The truth is out there.
-Roo

A Little Bit of Firmware Magic…

Lorin Olsen


My Droid 2 is one month old.  And up until a few minutes ago, I was happy but not ecstatic.  That’s because I could never connect my D2 up to my home WiFi network.  Since this wasn’t my number one priority, I let the situation fester until I had a few moments – and a need to have more bandwidth at home.
Well, the time came tonight.  I had a few hours and I have been toying with the idea of rooting the D2.  I haven’t done that yet.  If I do, you will be the first folks I tell.  But I knew that if I wanted to do his, I’d need to download a lot of stuff to the phone.  So the guantlet was thrown down and I eagerly picked it up.
I did the simple stuff first:

  • I turned off MAC filtering as I didn’t know what MAC address my phone used.
  • I enabled SSID broadcasts.
  • I stepped down my default encryption to WPA.

None of these solved the problem.  So I started to do some research.  Unfortunately, there was nothing obvious in Google about DD-WRT incompatibilities that prevented Motorola D2 devices from connecting.
But I did see enough to make me scratch my head.  I thought, “what if the beta build I was using was to blame for the inability to connect.”  So I went to the DD-WRT site and noted that I was on an April test build.  I grabbed the latest build (i.e., 14896 from August).  And what to my wondering eyes did appear, but a connected D2 and a wh0le lot more cheer.  Folks, I truly love being able to research my own problems and solve them myself.  This is what systems analysis is all about.
BTW, it really is nice to have so much more bandwidth for the phone.  I can’t wait for 4G to become ubiquitous.
-Roo