Saturday, July 11, 2009

Good Lifehacker post on how crackable WEPs are. When I take out my laptop in a public area I don't see nearly so many anymore, but I'm sure there are still a lot of people out there who don't understand the difference between WEP, WPA, and WPA2 and aren't aware that they need to upgrade their wireless network security.

I don't really get to study wireless networking until fall semester, but just for the heck of it I'll explain the differences here. WEP, WPA, and WPA2 are all methods of encrypting data before sending it out over a wireless connection. The encryption is done by software embedded in the router, and it only lasts as long as the data is being transmitted--the data is decrypted again before it reaches the wired network.
  • WEP (Wired Equivalent Privacy) encrypts data with 64- or 128-bit encryption keys. The problem is that the keys are static, meaning that any hacker worth his or her salt can crack them in a reasonable period of time.
  • WPA (WiFi Protected Access, also known as TKIP--Temporal Key Integrity Protocol) uses 256-bit encryption keys, but changes them at set intervals. Better than WEP, but crackable with a bit more effort.
  • WPA2 is based on 802.11i, which is the standard for commercial-grade encryption products. It is the best of the three in that it actually generates a new encryption key for each session.
One Lifehacker commenter, MaribelAlligator, offered a really good analogy to describe the effectiveness of each of these methods:
I like to use the analogy of door locks. WEP is closest to a bathroom or bedroom lock (the kind you can unlock with a stiff pin). It'll let people know you don't want them to enter, but anyone with a the slightest bit of knowledge can get past it. WPA is like a standard door lock; it's a lot more secure, but it is still possible to get by for someone with the right tools, knowledge, and circumstances. WPA2 is like a bank safe. It may be possible to defeat, depending on how it's been set up, but it's not realistically possible for anybody to actually do so... yet.
Someone else in comments likened WEP to a "No Trespassing" sign--the people who will read the sign and go away aren't the ones you have to worry about. Someone who wants to get in very badly, however, will find a way.

Thursday, July 9, 2009

Done with my PC Hardware and OS Maintenance class. Eight weeks, nine hours a week. It was kind of brutal, but I mostly enjoyed it.

Our instructor showed us our grades at the end of class--I got a 99.25%. Don't know if that's the highest in the class, but it's up there. "Nice job," he said. "You deserved it." I said that the class indicated to me just how much I had to learn, but he pointed out that now I understood that it was all stuff that was knowable. And that's important.

So now I'm focusing mostly on my Networking course...and it's starting to get interesting. It helped that the week before networking started, our hardware/OS instructor gave us an introduction to most of the concepts, and there are two good chapters in the textbook that provide a nice overview of local and wide-area networks. It was good to take this course before plunging into networking--some of my classmates who had taken networking first mentioned that they'd been a bit lost and wished they'd taken this class first. I suspect it's a good prerequisite for a lot of things, but most of all, it gave me confidence.

Monday, June 29, 2009

Neither X nor I play many video games. He used to play Quake in graduate school until it started to give him a headache, and then he stopped, pretty much for good. I've played a couple that tend to involve having complete control over a world of tiny, terrorized pixellated people (i.e., Black and White, or Ghost Master, which involves scaring sorority girls screaming into the night), but I think the violence and the scantily-clad women put me off. I'm a bit more conflicted about the violent games. While I'm not too sensitive to handle a violent game, it seems almost like disrespect to be sitting safely in air conditioned comfort pretending to do things that are getting American soldiers killed in dusty, 120-degree conditions where IEDs, snipers, and suicide bombers abound.

But I tend to agree with the women described in this video who glance at the box illustration of an impossibly tall, voluptuous, mostly naked green-skinned alien woman with reptilian come-hither eyes and say, "I don't think this game is for me." Why can't they outfit Lara Croft in camouflage? For the same reason, I suppose, that the regulation uniform for all the women in the first Star Trek series was a minidress that hardly covered their posteriors: it sends the message that this is for the guys, and if you're not willing to be eye candy, you have no place in it.

One thing the folks who made this video seem to understand is that just because there are lots of women playing games doesn't mean that they are "gamers," just like throwing up a bunch of pink websites about losing weight, parenting, and pleasing your man in the bedroom doesn't make the Internet female friendly. Women don't want separate but equal. They want respect. They want not to be patronized or ignored, and they don't want to be seen as some sort of threat (although, well, they may very well be.)

Don't know if I'll ever seriously get into games. It seems like time and money that could be better spent elsewhere, doing more interesting things in the real world or working on more interesting, practical, tangible projects. But maybe I'm just getting old.

Monday, June 15, 2009

summer reading (hahahahaha)

I've just belatedly discovered Carlos Ruiz Zafon, a Spanish novelist from Barcelona who's apparently written a couple of interesting novels about Barcelona in the first half of the 20th century: Shadow of the Wind and a prequel of sorts, The Angel's Game. Barcelona l'entre deux guerres? I'm so there.

To be frank, I'm always a little suspicious of books described, as the first one was, as "an international phenomena" [sic]. Even when the book marketer appears to know the difference between Greek irregular plural and singular endings, I worry that novels with this label fall into the same category as those of Paulo Coehlo, James Canfield, and Khalid Hosseini: deluding the typical middlebrow "bookworm" into believing that he or she (and it's usually, to my everlasting mortification and shame, a "she") is a broad and deep reader of Great Literature, in part through the inclusion of some "inspirational" New Age and/or exotic element that never rises to the level of true magic realism or authenticity. It sounds as though The Angel's Game may verge on this classification, and that Zafon, having apparently relocated to the epicenter of literary badness (Los Angeles), may be tending in that direction, but I'll keep an open mind and read it anyways...after I've read the first novel, which might be pretty damn good. Sounds like he's Catalan writing in Spanish to get a wider audience--Catalan purists are probably balking, but that doesn't necessarily discredit the book. The translator is Lucia Graves, granddaughter of Robert, though a literary pedigree like hers doesn't always guarantee a brilliant turn of language.

Last night, unable to sleep, I started Snow (Turkish writer Orhan Pamuk, who won the 2006 Nobel Prize in Literature). While the jury's still out on whether it's truly good or merely a subway read masquerading as something more profound, I found particularly chilling one early section in which a mild-mannered university administrator is confronted in a pastry shop by a small-town religious fanatic apparently intent on avenging the suicides of a group of devout young Muslim women prohibited by the State from wearing headscarves to class. It really resonated with me after all the news about the appalling murder of George Tiller a couple weeks ago and the way it's been condoned by the right-wing media and the born-again Christian community. The Turkish struggle between modern secular and the traditional religious sensibilities and the resulting violence is instructive. You would think that sort of thing would be behind us, the most powerful, technologically-advanced nation on Earth, but you'd be wrong...and I'm secretly terrified of the political and cultural instability concealed beneath our current optimism.

Wednesday, June 3, 2009

I'm not in any way deluded that being able to get a perfect score on a 100-question exam (or three) prepares me to fix people's computers. In fact, I have to wonder whether a better-designed test would make students go through a series of scenarios where they installed Windows and showed that they could demonstrate grace under pressure while troubleshooting impossible problems for (simulated) customers from hell. Multiple choice is easy, and not simply because when in doubt you choose c.

Which is partly why, I suspect, my Linux instructor finds most industry certifications a little suspect. Last time I went to visit him he showed me a certificate verifying the fact that he had printed out the piece of paper and stuck it up on his bulletin board. He gave me some excellent advice with which I'm following through this fall: 1. learn C, and 2. take the wireless networking course which was being offered. Before he started teaching he apparently spent most of his career in academia and academic computing, and he's the kind of technical guy I've spent a lot of time around: an expert Linux user who knows system administration, networking, and security like the back of his hand, and, well, there's no other way to put it: he's a geek. He'd fit right into my current workplace. As a nondegree student, I don't have an advisor, but if I wanted a mentor, he might very well be a good prospect. I'll certainly see a lot of him in the coming years, as he teaches most of the system administration, networking, and security courses.

But I also will probably end up seeing a lot of my current instructor, as well. He has an industry background and emphasizes Windows systems--not so much out of advocacy as out of necessity. Despite the inroads by Apple and Linux into personal computing, despite their ever-increasing user-friendliness and "cool" factor, the vast majority of computers are still and will be Windows boxes for the foreseeable future. He teaches the Windows system administration courses, which I will end up taking, and he also teaches a computer forensics course which I hope to take in the spring. (I would have taken it this fall but for schedule conflicts.) He's worked for some major hardware manufacturers (as far back as the seventies) and run his own repair and maintenance shops, and so his approach is very industry-oriented. Where my Linux instructor reminds me more of X and my co-workers in the academic computing world, this guy reminds me more of my father and his crowd--the sort of engineers and technicians who design, make, and troubleshoot commercial hardware and software. And what he has to say is that certifications are important--maybe not so much in academia, but definitely in the private sector.

I don't think I've seen such different outlooks laid out so clearly before, and yet somehow I know that I need exposure to both of them--the exacting, independent, mostly self-taught hacker who doesn't suffer fools gladly and the ex-industry guy who knows that you have to in order to survive. They're both excellent teachers...and I'm not sure I would have gotten the benefit of either of their experiences if I'd just gone directly into courses at Major Midwestern Engineering School.

I still don't know where, exactly, this is all going to take me, but I think I'm on the right track.

testing...

"How many people have taken the Transcender exam?" our instructor asked last night. One or two out of the entire class of fifteen hesitantly raised their hands.

Access to a Transcender testing program was a requirement for this course. For about $70, you get access, for six months, to several practice tests geared to help you prepare for a certification exam--in our case, the CompTIA A+ Essentials certification, the basic cert you need to become a PC technician. Our instructor recommends it as the best exam preparation out there. He is also using the tests as our in-class exams--there are three tests which we'll be taking over the duration of the course, and then for the final we take all three at once. His rationale is that taking the test over and over forces us to learn the material, and that's more important to him than performing well on an exam we haven't seen, especially because the correct answers are accompanied by detailed explanations.

I was a little surprised that no one had taken it yet. I admit, I'd put it off too--partly because the first five questions seemed so daunting. What's the difference between SCSI-1 and SCSI Wide Ultra? Why didn't a text file remain encrypted when you copied it from one drive to another? Every question I encountered seemed only to remind me how little I knew. How could I possibly pass this exam, let alone get a perfect score? But these guys...at least two thirds of the class shouldn't be put off by exam anxiety.

So tonight I tried it. First try: got a 56%. Eh. Not bad, considering that I made a lot of guesses, especially in the section about printers (which we haven't gotten to yet). Probably took me half an hour to do a hundred questions. I went back through all the questions and looked not only at the correct answer for each but also the explanation for why it was correct. If you understood something about memory, or the Windows boot process, or hard drives, you could remember what you needed to know about some questions. Others were simply memorization: how many pins on a RIMM module?

Second try: 7.5 minutes, 96%. I'm a fast learner.

Third try: 6 minutes, 100%.

I'm wondering if anyone else in the class is going to try for the fastest perfect exam time, too.

Saturday, May 30, 2009

The Website Is Down



The slightly NSFW part which occurs in the second half is probably the funniest part of this video.

After the hilarity wears off, the viewer is left with the realization that yes, there are an awful lot of people out there who think the Internet is just a series of tubes, and you know what? You still have to be nice to those people.