anesti.org

I know it’s been a while since I’ve actually posted anything here, and for that I must apologize. Life has been pretty busy and hectic and updating my blog simply wasn’t a priority. I just finished a new server rebuild and everything appears to be running smoothly. If you catch anything that’s broken, let me know – either in the comments or e-mail me.

About the Server

It’s now been updated to Ubuntu Server 8.10. I’ve added some new PHP anti-spam and security fixes, as well as implemented some referral spam blocking. I’m now using a new stats engine, in addition to Google Analytics. AWStats seems to work pretty well. As a warning to anyone on a Ubuntu server thinking of using it, the version in the repositories has an enormous security hole which could allow someone to execute terminal commands as root on your server. Updating to 6.9 fixes the known holes, and I reccomend it. I had personally tested the exploits available for AW Stats, and verified that they were an issue.

I’ve added WP-SuperCache to WordPress, and it has appeared to speed things up incredibly well. I didn’t think it would be as much of an improvement as it is. I’ve also switched my permalinks to something more user-friendly, but all the old links should still work. If you stumble upon one that does not, let me know and I’ll manually add a redirect.

My Life Lately

Firstly, I reached a crossroads in my educational career and decided to change majors. I’ve taken enough Computer Science classes now for a minor in CS, and I should be able to graduate in Mass Communication with an emphasis in New Media by about this time next year – fingers crossed.

I’ve undertaken a handful of projects over the past year, and have finished them. I helped in the construction of Troy Champ‘s blog, hand-writing a custom look that matched the rest of the Capital Church website, produced by the incredibly talented Kelly Johnson. In addition to this, I tailored a version of the theme for the 20-30 somethings blog for Capital Church.

I undertook a design for a friend of mine (also from Capital Church). I present to you Streamline Entertainment. The client had a pretty good idea of the feel and look of the site. I worked with several ideas of my own before giving more of the creative design aspects to the client. He’s been tweaking it as he sees fit now, thanks to the ease of use of WordPress 2.7. I’m moderately satisfied with the look. The client wanted things exactly the way he had in mind, so I did it just how he wanted. There are a few things that I would have personally changed or left out, but it’s not my site.

School

My classload is a bit heavier this semester. That being said, I think my classes are considerably less difficult than my previous semester. My current list of classes is below:

• COMM 3550 – Intro to Visual Communication
• COMM 1500 – Intro to Mass Communication
• COMM 3510 – Intro to Web Design – Seems like it should be easy enough for someone who has done web design as long as I have.
• FCS 3450 – Family Economics

I’m pretty happy with my schedule, despite having a killer 6pm-9pm Thursday night class. I’ve been trying to work out a work schedule with the library so I can have a decent level of income.

Geeking Out

I’ve been coding in ActionScript in Adobe Flex Builder 3, learning to build both Flex web applications and Adobe AIR applications. Flex Builder is built on top of Eclipse, which brings a familiar environment to life for me with a new language. ActionScript isn’t terribly difficult to learn, and Flex Builder has a fantastic UI designer. Look to see some fun apps from me in the future. If you’re a student, you can get a free educational version of Flex Builder. There’s no difference between the full version and the educational version, from what I can tell. This is a great way to get some excellent Adobe software.

Revision3, an online TV network recently found themselves under a SYN flood attack by a large network of servers. In this attack, Revision3 found that their main HTTP server, RSS server and e-mail server were all down. In tracing the attack, Revision3 determined that the attack was originating from an infamous cyberterrorist organization known as MediaDefender. MediaDefender is a company hired by the RIAA, MPAA, and other organizations to stop illegal distribution of copyrighted content. (I’m not even going to link to them in this post.) The question remains – why would MediaDefender attack a Revision3? They’re distributing their own content via BitTorrent to lower the load on their HTTP/FTP servers. BitTorrent uses distributed traffic to proliferate content, see the wikipedia article if you still don’t understand it. It turns out that MediaDefender has a sophisticated network of servers programmed into inject fake torrents or content into these servers so that once someone downloads this content, thinking it is a CD, some software, or a movie, MediaDefender has their IP address and other information that can be used in court. Sound like entrapment? Almost, but not quite. Revision3 began to notice non-Revision3 torrents being added to their public and open BitTorrent tracker (the server which coordinates BitTorrent downloads), removed them, and blocked MediaDefender’s access -triggering MediaDefender’s servers to attempt a different tactic to disrupt the BitTorrent traffic – a denial of service attack (DoS). By sending thousands of SYN packets (which are much like a brief “hi”) to Revision3′s servers, they effectively shut down Revision3′s internet distribution infastructure, as well as their corporate e-mail.

Here’s where the problem comes in. Revision3 doesn’t distribute illegal content at all. They were simply a distributor using a protocol and process that is just as easily legitimately used for legal content, despite the reputation of being an agent of illegal P2P. MediaDefender may not have targeted Revision3, but what they did is still illegal, under numerous US statutes. MediaDefender’s DoS approach to stopping or scaring P2P users is illegal. I seriously hope that they’re sued, in the name of internet justice. Their servers apply a “if I can’t have what I want, nobody will get it” approach not unlike a child’s temper tantrum. This child needs to be punished and grounded. I will not be surprised if these cyberterrorists are shut down by the FBI or by lawsuits from companies like Revision3.

As laptop users grow in number and the use of wireless routers as means to connect to the internet grows, many computer users and computer professionals are left wondering – at what point does using an open wireless network become illegal or unethical? Ars Technica, in their article about the topic, makes the point that open wireless network transmissions are no different than radio waves.

Using an open WiFi network is no more “stealing” than is listening to the radio or watching TV using the old rabbit ears. If the WiFi waves come to you and can be accessed without hacking, there should be no question that such access is legal and morally OK. (Link)

Other computer professionals believe that by piggybacking on open wireless networks, users are denying revenue to ISPs and clogging their networks with traffic. Yet, with the advent of wireless encryption schemes, owners of wireless networks are able to lock out potential piggybackers on their wireless networks.

Personally, I believe that it is the access point’s owner’s responsibility to lock down and secure their wireless network. Even if the owner doesn’t have the knowledge or time to do so, there are many computer services out there that will come and do it for you for a price. Some routers these days even configure themselves just by the owner clicking “next” a few times. That being said, open wireless networks can be a blessing. Coffee shops, hotels, restaurants all gain customers by having free open wireless. With this openness comes problems.

A coffee shop in Greensboro recently found out the dangers of even wireless network which required customers to pay a small fee. The coffee shop used their wireless network as a way to hook in customers to buy coffee and other goods. What they didn’t anticipate was a spammer paying the mere $1 wireless fee to send millions of spam e-mails. Their ISP detected the spam originating from their network and shut them down. While a hard lesson to learn, it goes to show both companies, individuals, and families that wireless security is a serious issue that needs to be dealt with rather than avoiding it. Wireless encryption usually prevents these types of problems.

Wireless encryption comes in a few common flavors these days. WEP, WPA, and WPA2 are all fairly secure methods of keeping troublesome users off your network. WEP has been proven to be easily hacked by anyone using open-source and free software like Kismet or KisMAC. I’ve even demonstrated on my own WEP network that it can be easily hacked in under an hour. WPA and WPA2 are the most secure encryption settings available to the common consumer at a reasonable price. Their security flaws and holes are much harder to exploit, unlike the easily hacked WEP. My advice to wireless network administrators is to go with WPA2 with PSK. It’s still possible to hack, but nothing is completely secure in the computer world.

Despite all the controversy, open wireless networks are convenient. If you’re on the go, and need to send a quick e-mail or look up some tidbit of information on the web, nothing is better than finding an open wireless network to use to get what you need to do done. While most people think that an open wireless network with a generic company name would be harmless to connect to, it’s possible that a malicious router could be set up to steal your information. Users need to stick to using wireless access points and connections that they know and trust. It’s easy to use applications such as Wireshark to read traffic across open networks. If at all possible, use some form of encryption, preferably WPA or WPA2.

What do you think? Is it unethical to piggyback on an open wireless network you find? Where is the line drawn and why?