Categories

• Amy
• bike-related
• brushes with celebrity
• deep thoughts
• Dragon*Con
• food
• funny
• geekiness
• life events/news
• linkfood
• Links
• memes
  • Video Picks
• memories
• music
  • Com-Pak Music Theater
  • Huntsville Master Chorale
• new things
• random
• rant
• site updates
• Travel
• Uncategorized

Archives

• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• November 2008
• September 2008
• August 2008
• July 2008
• June 2008
• April 2008
• March 2008
• February 2008
• January 2008
• November 2007
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• April 2006
• February 2006
• January 2006
• December 2005
• November 2005
• October 2005
• September 2005
• August 2005
• July 2005
• June 2005
• May 2005
• March 2005
• January 2005
• December 2004
• November 2004
• August 2004
• July 2004
• June 2004
• May 2004
• April 2004
• March 2004
• November 2003
• October 2003
• April 2003
• February 2003
• January 2003
• October 2002
• September 2002
• July 2002
• May 2002
• September 2001
• November 2000

Meta

• Log in
• Valid XHTML
• XFN
• WordPress

another random questions meme

Must Do/Share
Sunday 4:55 PM (PDT! pppbbbbt!)
Rule #1:
If you open this you take it.
Rule #2:
You are NOT ALLOWED to explain ANYTHING unless someone messages you and asks.
Rule #3:
Tag 15 people, including the person you got this from.

Answer True or False
Q: Kissed someone on your friends list? yes
Q: Been arrested? no
Q: Held a snake? yes
Q: Been suspended from school? no
Q: Sang karaoke? no
Q: Done something you told yourself you wouldn’t do? yes
Q: Laughed until you started crying? yes
Q: Caught a snowflake on your tongue? yes
Q: Kissed in the rain? no
Q: Sang in the shower? yes
Q: Sat on a roof top? yes
Q: Been pushed into a pool with all your clothes on? no
Q: Broken a bone? yes
Q: Shaved your head? yes
Q: Played a prank on someone? yes
Q: Shot a gun? yes
Q: Donated Blood? no

LAST PERSON…
1. You hung out with? Amy
2. You texted? Catherine
3. You were in a car with? Amy
4. Went to the movies with? Amy
5. Person you went to shop with? Amy
6. You talked on the phone? Amy
7. Made you laugh? Amy
8. You hugged? Amy

IN THE LAST 48 HOURS HAVE YOU…
1. Sang? Yes
2. Listened to music? Yes
3. Danced Crazy? No
4. Cried? No

25 (actually 17) FIRSTS …..
1.Who was your first prom (or homecoming) date? N/A
2. Who was your first roommate? John
3. What alcoholic beverage did you drink when you got drunk the first time? Strawberry Daiquiri
4. What was your first job? deli cook
5. What was your first car? Driven? 1974 Ford Courier. Owned? 1976 Volkswagen Beetle
6. When did you go to your first funeral and viewing? can’t remember
7. Who was your first grade teacher? Cathy Morrow
8. Where did you go on your first ride on an airplane? Grand Cayman
10. When you snuck out of your house for the first time? I never did.
11. Who was your first best friend? first one I remember is a guy named Stephen
12. Who was your first Best Friend in high school? John Hancock
13. Where was your first sleepover? don’t remember
14. Who is the first person you call when you have a bad day? Amy
15. Who’s wedding were you in the first time you were a Bridesmaid or groomsman? Rick & Jess
16. What is the first thing you did when you got up this morning? put on clothes
24. First time you tied your shoe laces? kindergarten
25. Are you Facebook friends with your first crush? no

Uncategorized Comments 0 Jun 28th, 2009

Wi-Fi Protected Setup - a good idea badly implemented?

This post is a rant about what I think is a pretty decent idea gone pretty badly wrong. The idea is something called “Wi-Fi Protected Setup.” I have not been able to find any other information on the web that talks about the particular problems I’ve seen (and what I believe to be a not-insignificant security hole), so why not rant about it here a bit?

Wi-Fi Protected Setup (WPS), as I said, seems to me to be a pretty good idea for solving a valid problem: historically, setting up a secure wireless network is not easy for the average home user. The user has historically been expected to set up a number of security-critical settings when first installing the wireless access point (”AP”, usually a wireless router), such as SSID, security/encryption type, and a passphrase. Once all that is set up, each wireless “client” device must select the correct wireless network (by SSID) and then be given the network’s passphrase in order to connect. For those of us familiar with security and networking, this is pretty simple. For the average home user, it can be quite confusing.

My understanding of the idea behind WPS is to help the average user bypass a lot of these steps and still end up with a secure network. In an example WPS setup (described by a whitepaper available from the Wi-Fi Alliance web site), the process might look like this:

• power up the new AP
• attempt to connect to the wireless network with a client device
• verify that the client and AP really should be connecting by:
  • pressing buttons (could be either physical or virtual) on both ends, which starts a limited-time window for allowing the connection, or
  • entering a PIN number provided by the client into the AP

This process would automatically set up an SSID (hopefully unique) and passphrase (hopefully pseudorandom) on the AP and transfer that information to the client. For each new client, the process is simply repeated (with the difference that the SSID and passphrase are not reset for the subsequent added clients). The pushbuttons/PIN help verify that only known clients are added to the network, and the user is spared a lot of setup. I quite like the theory.

In practice, of course, not all wireless APs and clients support WPS. In particular, the Wireless Zero Configuration utility in Windows XP does not support WPS. My web research also suggests that while Vista supports WPS, it does so in a way that requires a wired Ethernet connection for the initial AP setup. I’m not a Vista user, so I can’t verify this personally. For any AP or client which does not support WPS, the standard “manual” method for connecting to the network must be used: the network’s passphrase must be known and must be provided to the client.

My particular rant in this post, however, has to do with the way that Intel chose to implement WPS in their Wi-Fi Configuration Utility (an optional component supplied with their driver which replaces the Windows built-in Wireless Zero Configuration utility) and how it interacts with the WPS implementation in a Linksys wireless router which I have personally used.

Intel chose to implement a PIN-based method for authorizing clients on a network. My reading of the WPS descriptions that I’ve seen (including the aforementioned white paper) seems to imply that the PIN method is intended to work by taking a PIN provided by the client and providing it to the AP. That makes sense to me. In that model, the only time a client can join the network (using WPS) is if its PIN is provided to the AP. Access for doing that is presumably restricted to someone who controls the network.

However, upon detecting a network which supports WPS, the Intel utility asks the user for a “device ownership password” associated with the AP. Once the user obtains this “password” (which is really a WPS PIN) from the AP and types it into the PC, the connection is established. The Linksys router I used humors this behavior by providing a WPS pin (in addition to having both a physical and a web-based virtual button and a place to type in a client’s PIN). The router’s PIN is provided in the web interface and is printed on a sticker attached to the bottom of the router. Here’s the kicker, though: the Linksys router’s PIN is chosen at the factory and cannot be changed by the end user.

I see two security holes here. First, the PIN is a relatively short numeric value. Since all a WPS client needs is that PIN in order to gain access to the network, that effectively creates a very weak “password” (regardless of the size or complexity of the actual WPA/WPA2 passphrase). The bigger problem, however, is that once that PIN has been given out, it can be used again, potentially by a new unauthorized user. Since the PIN cannot be changed, the router’s owner has no way of preventing this from happening. The web interface on the router supposedly gave a way to turn off WPS, but it did not appear to work. I was still able to use the PIN to gain access even after turning that option off.

On Intel’s side, there is yet another problem. Not all APs which support WPS provide a PIN. Some can only accept a client PIN (which seems to me to be what was intended in the design of WPS). The Intel utility does not provide a client PIN. It requires a PIN from a WPS-supporting AP. If the AP doesn’t have a PIN, then you’re pretty much stuck. I did not see a way to bypass that prompt and manually connect using the network’s WPA/WPA2 passphrase. The only way I saw around it was to run the Intel setup utility and remove the Wi-Fi Protected Setup feature altogether (which, fortunately, can be removed separately while leaving the rest of the utility intact). At that point, the network can be added manually.

This seems like an example of a good idea implemented very badly. I think the whole model of the AP providing the PIN to be used by the clients is backwards. It places control in the hands of the clients instead of the AP. It also reduces security by depending on a relatively short numeric value. I could almost live with that, though, if there was a way to change the PIN or disable WPS on the Linksys router. What really surprises me is that I have not seen anyone else on the net mention this. I may be missing something. The Cisco-Linksys WPS interaction I’ve described above is from my own experience, but it’s possible that I’ve done something incorrect. If anyone can see the hole in my description, please comment on this post and explain. If I’m right, though, then this looks like a pretty broken system.

geekiness, rant Comments 0 Jun 15th, 2009

Humor feeding itself

A section of an IM conversation with an old college friend tonight:

Me: So, Amy’s going to end up in Detroit teaching some folks about Drupal.
Tony: Cool. Are they providing a flak jacket?
Me: Quite possibly. We also figure she needs to take an extra $50 with her so that she can buy a house and a few acres of land.
Tony: Heck. With $50 she could buy half of GM.
Me: …and all of Chrysler.
Tony: *LOL*

Tony was roommate for a year. We lived in this ghetto apartment, him this big black guy, and me the scrawny little white boy. I used to joke occasionally that I was his bodyguard.

Anyway, Tony is the king of the snappy comeback. Keeping up with him for a few lines tonight was an accomplishment.

funny, random Comments 0 May 5th, 2009

A butt that won’t sit still

My favorite singer-songwriter, the “chick with a piano” that I come back to again and again, Vienna Teng, has a new album. It’s called Inland Territory, and I already adore it.

I’ve been waiting and worrying about this one for a long time. I love her first two albums. Over a period of years, I kept finding little parallels between my life and her songs. Maybe a better way of putting it is that I kept finding ways to map her music onto my life. I think I’ve heard it said before that people finding their own meaning in art is something that artists strive for. That almost never happens with me. I’m much too literal. I either can’t get past what I know or assume to be the artist’s literal meaning, or the poetry/imagery/etc. is abstract enough that I can’t make head or tail of it. Many of Vienna Teng’s songs fall somewhere in between for me. I mentioned my found meaning behind her song “Harbor” in another post here. I actually got to speak with her very briefly at a concert in Birmingham. During the show, she had described the song very differently than my interpretation, and I ended up telling her about mine. When she autographed my copy of Warm Strangers, she signed it, “Hi Jeff - the real ‘Harbor’ :)” (complete with smiley face).

Naturally I was excited about her third album, Dreaming Through the Noise, but I just didn’t feel the connection with it that I felt with the first two. It’s full of music that I objectively know to be beautiful, but it just didn’t grab me. I actually did map one of the songs onto some times from my past, but most of the songs just kinda went over my head (especially musically). I felt she had quite appropriately moved on, but I hadn’t kept up.

So, I was anxious when my pre-ordered copy of Inland Territory arrived. I needn’t have been. I’ll say right now that I haven’t quite digested the lyrics fully enough to know whether there is any personal meaning to be extracted (that takes a while), but I at least understand where the music is coming from. Better than that, she has totally hooked me musically with several of the songs. I won’t talk about them all right now, but my runaway favorite so far is named “Stray Italian Greyhound,” and now we finally get to the reason behind this post’s title.

The song has a groove. Teng always had a knack for using syncopation, and the “bridge” (or maybe “break”) sections in this song are full of it. The lyric she sings during that section condenses to “What do I do with a love that won’t sit still?” I love that lyric anyway (especially in the context of the song’s full meaning), but I almost can’t help myself from grooving to the syncopation. Thus, my mind ended up morphing the line into, “What do I do with a butt that won’t sit still?”

That and many other moments in the album just put a smile on my face. Either I caught up with her on this album, or she slowed down and let me catch up. I’m not sure which, but either way I love it. I’d hug her for it if I could.

Uncategorized Comments 0 May 3rd, 2009

Time, belief, and assumptions

In recent months, I’ve had a number of old friends, high school classmates, etc. find me on Facebook. If anything, the trend seems to be accelerating. It’s pretty cool chatting with people I haven’t talked to much (or at all) in about 15 years. Some of the people most supportive of my attempt at weight loss have been high school classmates. I’ve gotten some of the most flattering and encouraging comments about my writing here on my web log from old friends who knew me then.

I have to admit, though, that I’ve been a bit anxious as well. A lot of time has passed since then. There are things that I believed very strongly as a teenager that I have very different thoughts about now. The things I find important in my life now are not all the same things I thought were important then. To be honest, I’ve come to think differently about a lot of things over the last 5 years, forget the last 15.

A lot of these things that have changed in my life are not things that I typically talk about in casual conversation. I don’t define myself by these changes, and so they’re not the kinds of things that just “come up.” I see no need to change that. However, I realize that it’s quite easy to form impressions around assumptions. The assumptions I’m most concerned about old friends making are actually quite reasonable ones. I don’t feel the least bit upset or offended about people making those assumptions, but I also don’t wish for people to feel like they’ve been misled in some way.

In short, if you haven’t had a recent conversation with me about my beliefs and priorities, it’s very likely that you’re going to be surprised if the subject comes up. This isn’t just for my high school friends. As I said, a lot of things have slotted in place for me in just the last few years.

I’ve thought for quite a while about how I wanted to say this. As late as last night, I was thinking seriously about trying to lay out in detail many of the changes I’m hinting at here. Today I realized, though, that I’m talking about things that are not for public consumption. I firmly believe it’s impossible to understand where I am now without knowing a lot about how I got here. That involves talking about a lot of internal struggle and self-learning and years of slowly becoming more comfortable with who I am. I don’t have any problem sharing that with people who care about me, but it’s none of the general public’s business.

I’m putting all of this out here because from time to time I feel strongly enough about something that I want to write about it. It’s inevitable that some of these changes I’m talking about will be evident in that writing. From time to time, my reaction to something I’m sent might be quite surprising. So, please don’t make assumptions. I am always open (as time allows) to honest, open-minded questions and curiosity from friends, one-on-one. Just please be prepared for my answers to be nothing like you expect.

deep thoughts Comments 4 Apr 13th, 2009