College Wireless (Part 2)

August 31, 2008

A little while ago I wrote about the state of wireless networks on my campus. This article will make a bit more sense of if you read part I, but it is not essential. Today I finally got around to doing the second scan. Everyone has been moved in for a week so I figure any access points would have been setup by this time. I found some interesting results and it certainly seems there are more access points than before. Here is the new list of unsecured WEP networks:


1   00:18:39:F1:68:13   "<hidden>"                     off
2   00:13:10:BC:21:25   "alicia"                       off
3   02:E0:DD:5C:D3:D8   "ANY"                          off
4   02:13:CE:00:00:8C   "ANY"                          off
5   00:11:50:76:40:E5   "belkin54g"                    off
6   00:1C:DF:5E:7C:BB   "belkin54g"                    off
7   00:0B:86:A4:F5:92   "CaptivePortalTemp"            off
8   E2:84:77:23:63:BD   "Free Public WiFi"             off
9   FA:50:CF:E8:E0:F6   "Free Public WiFi"             off
10  AA:0B:61:5E:AD:4E   "x y's Computer"               off
11  02:E0:42:41:32:60   "HHONORS"                      off
12  A6:52:5A:D7:2C:D2   "hpsetup"                      off
13  02:13:02:20:81:7C   "hpsetup"                      off
14  5E:0A:12:AD:95:68   "hpsetup"                      off
15  EA:83:DD:2C:5B:45   "linksys"                      off
16  00:14:BF:79:20:59   "linksys"                      off
17  00:18:39:4D:4C:6F   "linksys"                      off
18  4A:5C:07:B1:D1:D8   "linksys"                      off
19  02:13:CE:02:32:37   "linksys"                      off
20  02:12:F0:00:00:EC   "OurLadyAP"                    off
21  DE:CE:08:91:89:F7   "print server 053797"          off
22  02:8A:D0:30:0E:77   "print server 075462"          off
23  02:8F:69:85:0E:72   "print server 2A6845"          off
24  02:4A:C7:7C:0E:B7   "print server 2D2508"          off
25  00:1D:7E:E7:CC:A1   "Rimmer56"                     off
26  02:1B:77:00:00:D7   "Wireless Network"             off
27  02:12:F0:42:79:88   "Wireless"                     off

So there you have it. The new list of unsecured wireless access points. I seem to have lost a few since my last scan, but overall there was an increase. I think it is safe to throw away the “CaptivePortalTemp”, “Free Public WiFi”, and anything in the form “print server *”. That means that there seems to be roughly 20 access points. I am not sure about the hpsetup entires either. So if we remove them we are left with 17 unsecured wireless access points on campus. Quite a few considering what the policy is. There are a decent number of secured networks as well, but I didn’t see it fit to list those because they are less of a threat to our overall network security.

I also want to point something else out. Notice entry number 1 “<hidden>” this means the access point was hiding its SSID. Lets take a minute to reflect on how useful hiding the SSID is… done? Yup, it’s only useful in tricking silly Windows computers in to thinking nothing is there. However they are just as easy to detect as anything, and with a little trickery someone could easily decipher the SSID.  So let that be a lesson kids. Hiding the SSID is NOT the solution to wireless security.

The one entry, currently labeled “x y’s computer” I changed because the person actually named the wireless access point after themselves. I’m not quite sure why they did that, but I guess they are not at all worried about getting caught.

Though I am not posting the data of the secured wireless access points it is worth mention that I scanned a total 53 networks (unsecured and secured, including the printer servers, etc). This means there were 26 “secured” networks. Of those 26 I would say about half of them used WEP (though I didn’t record the exact data). What is the problem with WEP? Well anyone and their grandma can crack WEP encryption these days. It is almost as secure as having no password at all. Finally I would like to point out that one of them is labeled “Come to room 158 for password”. Talk about being obvious, and let me tell you… it was not hard to figure out what building that was coming from.

Overall I find it very interesting how many people don’t take the wireless policy very seriously. I must admit that I was, at one time, one of those people. I have since stopped, and do not plan on continuing. Even though I think the policy is silly I would rather not be “that nerd” who believes themselves above the AUP (acceptable use policy).


College Time Again

August 28, 2008

In case it hasn’t been obvious from previous posts I am back at college and the semester officially started this past Monday. This means I am back to homework, projects, presentations, studying, tests, club meetings and events. In past years this transition from summer time to back-to-school time has not been so difficult. However I have noticed a trend over the years that each year when I come back there is more responsibility for me to take on the second I arrive on campus.

I don’t mind being responsible for things. In fact I view it as a necessary aspect of life. The part that sometimes startles me is going from having very little responsibilty to very much responsibility. I think it would have been better if there was a way for me to have a gradual transition between the summer and the school year. Fortunately this will be the last year this is an issue, at least with respect to college, because I will hopefully graduate at the end of the year 🙂 .

There are lots of great things about being at college. Such as being around the sorts of people that understand exactly what you are saying because they are studying the same things, or just the simple fact that you basically get to live with your friends. Sure, you can live in a neighbourhood close to your friends, but at college most of them are right next door or living with you. This is something I think I might miss once everything is over.

It still seems like a long year ahead of me, and I hope that I am just as ready and able to deal with the challenges of academia as ever. However, for the past 3 years I have noticed a steady increase in workload from year to year. I love a good challenge and I readily admit that I learn the most when I am being challenged. I also think that too much challenge simply creates stress, which then hinders the learning process. The balance between being properly challenged, and not getting overly stressed is quite difficult to maintain. Mostly because once you take on a certain level of responsibly it is easy to see how people depend upon you for certain things and it is hard to tell some one, or some organization that you will no longer be able to help.

I have always felt very strongly about honoring my commitments, and I hope to still be able to keep up with all of them this year. This is shaping up to be one of my toughest semesters of college yet. It is also my last year here, and I don’t want to lose touch with friends and family because of being overburdened with work. I think I am going to have to make a serious effort to cut down on the amount of work that I currently have by next semester. I don’t want my last semester of college to be a time where my schedule is so filled with work that I can’t take the time to hang out with friends or communicate with friends who have already graduated.

This entry is a bit different than my normal computer themed ones, but I haven’t been all too inspired to write about computers as of late. Mostly because I haven’t really been using them for things other than doing homework assignments and checking e-mail. I hope to write the next segment of my college wireless network situation soon. So stay posted to see the outcome of that. I may have other projects on the horizon as well because the fans in my computer PSU seem to be on their way out…

That’s all for now 🙂 .


College Wireless Policy (Part 1)

August 23, 2008

Well, I am back on campus and I have had a bit of time to goof around before classes start. I came here early for marching band camp, which is why I have not had any posts in a little bit even though I have had some free time.

Our college has a very strict wireless policy, which is that you aren’t allowed to have your own wireless access point. Period. So, as a curious computer science student, I wondered how many people actually listened to this policy. I wrote myself a little perl script, which allowed me to simply walk around and it would poll (using iwlist scan) for wireless networks and then record them until I told it to stop. So once I had this all working and tested I spent about 15 minutes walking around picking up wireless signals. The results I found were more surprising than I had anticipated.

Here is a table of the unencrypted wireless networks I found:

#      Network Name                   Encryption
================================================
1      "04Z409107113"                 off
2      "alicia"                       off
3      "B2B"                          off
4      "B2B"                          off
5      "belkin54g"                    off
6      "CaptivePortalTemp"            off
7      "CaptivePortalTemp"            off
8      "CaptivePortalTemp"            off
9      "CaptivePortalTemp"            off
10     "CaptivePortalTemp"            off
11     "CaptivePortalTemp"            off
12     "hpsetup"                      off
13     "hpsetup"                      off
14     "linksys"                      off
15     "linksys"                      off
16     "linksys"                      off
17     "linksys"                      off
18     "<College_Name>"               off
19     "print server 053797"          off
20     "print server 075462"          off
21     "Rosa/Vazquez"                 off
22     "Wireless Network"             off
23     "Wireless"                     off

I know this table could look a little prettier, but its not for heavy anaylsis. For all of the networks that say “linksys” I made sure they were unique by using the MAC Address that turns up in the results of an ‘iwlist scan’ So it’s not just the same linksys network that was picked up 4 times 😉 .

I am going to guess that the “CaptivePortalTemp” entries are not related to students at my college. Other than that the one entry I changed to say “<College_Name>” was where the person actually named their wireless network to the name of the college, which couldn’t make it any more obvious that they go to the college. The campus is located close to a residential area, but a lot of these networks I picked up way too far away to be from non-college residences. Another point of interest is the unsecured print servers… I’m sure it would be quite easy for anyone to connect to those and, at the very least, waste someone’s paper. However, it might even be possible to get access to someone’s computer (assuming the printer allows more than one computer to connect at once) through the printer. I would hope the software the printer is running wouldn’t allow that, but who knows.

I would argue that there are probably at least 10 wireless networks that students from my college have setup that are unencrypted networks. This is, I believe, exactly what the college was trying to avoid by putting the wireless network policy in place. I can’t say there is really an easy solution to this problem, but I think if the college was willing to allow a wireless network after they educated the student on how to lock it down we would have less of a security problem on our hands than we do now. The best thing might be if the college just put wireless in all of the residences, but that costs money which they may or may not have to spend.

There were some networks that appeared to be run by college students that were encrypted, which is at least better than the unencrypted ones, but it still violates the college policy on wireless networks. I would love to have a wireless network myself because it would be nice for my laptop and for my Wii, but alas I will have to hold back on that. Seeing so many networks makes me wonder if the college actually checks for them because really all you would need is any old laptop that can scan for wireless networks.

People always ask me how easy it would be to scan for wireless networks on campus, and I guess the answer is all you need is ~30 minutes to write a perl script and the time it takes to walk around campus. I will walk around again after everyone has moved in and see if the situation changes at all. It should be interesting to see how many addtional networks I can find. Hopefully I have not given enough data for my college to use this to go after the people with these wireless networks because that was not the point of me doing this. I feel the college has every right to track them down, but they can do this on their own, if they are truly serious about their stance on student run wireless networks 🙂 .


Spheriosity and Ant Build Files

August 18, 2008

While I was on vacation a few weeks ago I decided that I wanted all of the code in Spheriosity to look pretty inside an 80 character emacs buffer. I started out coding it in Eclipse (reluctantly) because it was the only way I could get the Java3D stuff to compile and I didn’t have time to play around with getting it to work command line. I planned to still use Eclipse even after the 80 character conversion, but alas the code does not like right in Eclipse anymore. So I decided to bite the bullet and start coding in emacs again.

This meant that I had to have a way to build the code from the command line so, naturally, I turned to ant since that seems to be the ‘Java way’ to compile projects larger than Hello World. I have very mixed feelings about Ant which is most of the reason for my post. The XML configuration does not do much for me. I don’t like the way XML config files (especially the way Ant does it) look. They all seem to be too syntax heavy for what they are trying to do. Prior to using Ant I had used make, which now that I have used Ant, I like even more than I did before. The simplicity of make is enough in itself to make (no pun intended) me want to use it. I want this project to be open source, and easy to build so I needed to use Ant. After messing around with things I was able to get Ant to do what I want well enough, but it seemed a lot harder than it needed to be. Maybe it is just because I am not used to it *shrugs*

Another thing about Ant which upset me is how long it takes to simply start running a target. I have had it take up to a second or two just to run a target that deletes the built source code. I could have typed in the remove command in that amount of time (with the aid of tab completion). This may sound like a trivial matter… a few second here or there, what’s the big deal? Well, when I am testing either the build script itself or parts of the code those few seconds for each recompile or clean or whatever start to take up a substantial amount of time.

Maybe I am judging it prematurely. Only time will tell. I will continue to use it and perhaps it will grow on me 🙂 .


The Wikipedia Game

August 15, 2008

Yesterday I was spending some time with my friends and one of them mentioned “The Wikipedia Game”. I had never heard of this before but found it quite interesting. I will try to explain the game, but bare with me.

  1. One person needs to think of a topic. Typically one that is less common.
  2. Everyone playing must go to that page and take a quick look at it.
  3. Now everyone needs to click the random page button
  4. The first person who finds their way back to the topic wins! You are only allowed to use links within the articles themselves in order to do this 🙂 .

That is the entire game, but for some reason it is insanely addicting. The great thing is that all you need is a computer with a web browser, and 2 or more people to play. There is also a variation on this game where you try to get back to the original article using the least amount of links possible.

There is one downfall I might point out about this game. Once someone has an idea how to get to a really broad article on a topic it can become to easy. For instance, say you are finding an article for a video game. It is just about given that from any article you can get to a country. From there you can get to a list of countries. After that you can goto Japan, and then video games. Then from video games you can easily find your way to any video game related topic.

I think one way to make it more challenging would be to disallow the use of any “List of x” entires. You might want to only start playing it this way once you feel playing with the original rule set is to simple. I am rather glad I know about this game, and I hope I get the chance to play from time to time 🙂 .

That’s all for now. I might not have time to write anything in the next few days as I will be moving back to college. This also means I won’t really be coding, which is where I get a lot of the ideas for my entires.


Pidgin’s Plaintext Passwords

August 11, 2008

This has actually bothered me for quite some time now (even back when pidgin was called GAIM). That is the simple fact that when you want to have pidgin save your login password it is saved: in an easy to access location, and in an unencrypted fashion. Here is the excerpt from my ~/.purple/accounts.xml file:

<account>
     <protocol>prpl-aim</protocol>
		<name>fake_account</name>
		<password>secret_password</password>

So I ask you, is this a good idea? Well I sure don’t think so. Yeah, you could argue that under the perfect scenario a person wouldn’t be able to view that file without the login information for the computer. However, how many times have you walked away from the computer and forgotten to lock the screen? It still happens to me from time to time, and I’m willing to bet it could happen to anyone. So, in less than a minute someone could have easily found that password in the config file.

The moral of the story here is that perhaps you shouldn’t have pidgin save your passwords. At least until they implement some level of encryption. Don’t get me wrong though, I love pidgin, and it is a great IM client 🙂 .


Cleaning Dust From my Laptop

August 10, 2008

About a week ago I noticed that my laptop was running hotter than normal. I don’t go out of my way to monitor this, but I do run gkrellm which constantly shows me the temperature. I have a Dell Inspiron 600m it’s an older laptop, but it suits my needs very well. When I first got the laptop I had problems with it overheating. It would easily get to ~70C at full load and especially when playing a game such as WoW and WarCraft III. It has a Pentium M and according to Intel the maximum temperature for the Pentium M is 100C, but the BIOS throttled back the CPU at 70C as a protective measure. Believe it or not… this was not conducive to playing games or compiling your operating system (yay Gentoo 🙂 ).

My short term solution to the problem was that I purchased a laptop cooling pad. This is basically a base that you place the laptop on which uses a USB port to run some fans under the laptop. This cooled it down well enough that I could compile and play WoW without many troubles. However, I didn’t want to carry that dang thing around with me wherever I went! So eventually I opened it up and wet sanded the heatsink. This smoothed out the surface and allowed for better heat transfer. I also applied some Arctic Silver V which is, IMO, the best thermal paste there is. This dramatically helped it to cool and it no longer goes above 60C with ambient air temperatures of ~21C (at full load).

So I was starting to see ~65C temps and I figured something was up. When I took off the heatsink this is what I saw:

Dusty heatsink

dusty heatsink

Dusty main fan

dusty main fan

This is what I believe to be the number run reasons laptops start to overheat after time. This level of dust is actually quite small compared to some computers I have taken appart in the past, but even that small amount of dust was able to raise the temperature by 5C.

The moral of the story here is that fans like to be clean and dust free. They will run much more effectively without dust, and so if it is possible to clean them out it is in your interest to do so. I took apart my laptop more to illustrate a point than anything. It would have been just about as effective if I shot some compressed air in the ventilation ports. The only potential issue with that is that you can push dust further into the laptop. This can potentially be bad for two reasons:

  1. The dust will just end up being pulled right back into the fan.
  2. The dust will land on other parts, such as the potentially the hard drive. This could act as an insulator to the heat and allow the hard drive or other components to run hotter than they normally would be. However, this would probably only happen after a long period of time, or under extreme conditions.

In case I wasn’t clear, I just used compressed air to blow the dust off. I happen to have access to an air compressor, but the compressed air you buy in cans is easily as effective. If you are going to take everything apart make sure you are comfortable with what you are doing and find a good set of instructions BEFORE you take it apart! Things like taking off the heatsink, can be bad if you let dust get on the thermal paste without reapplying it.