Kahomono - It Means Lucky

Random musings on whatever subject strikes my fancy that day.

Tag: networking

Simple Truths

Email I received from the ACLU this morning. Timely!

Also attributed to Mr. Snowden – and I love this one:

Saying privacy doesn’t matter to you because you have nothing to hide is like saying freedom of speech doesn’t matter to you because you have nothing to say.
———- Forwarded message ———-
From: Edward Snowden, ACLU Action <aclu@aclu.org
Date: Fri, Jun 5, 2015 at 7:47 AM
Subject: Simple truths
To: [me]

ACLU Action

Today is the two year anniversary of the first of Edward Snowden’s revelations about the NSA’s mass surveillance programs. And on Tuesday, the Senate overwhelmingly passed the USA Freedom Act – a bill that limited mass surveillance under Section 215 of the Patriot Act and other authorities.

While USA Freedom Act is a start, no one should mistake it for comprehensive reform – it leaves many of the government’s most intrusive surveillance powers untouched, and it leaves disclosure and transparency loopholes.

Read Edward’s message below, and then take the next step: call the president’s office and tell him to rein in Executive Order 12333. It’s been used to collect info about millions of innocent people without any judicial oversight. It’s time to bring the government’s surveillance practices back in line with democratic values.

Anthony for the ACLU Action team

Hi David–

Simple truths can change the world.

Two years ago today, in a Hong Kong hotel room, three journalists and I waited nervously to see how the world would react to the revelation that the National Security Agency had been collecting records of nearly every phone call in the United States.

Though we have come a long way, the right to privacy remains under attack.

Last month, the NSA’s invasive call-tracking program was declared unlawful by a federal appeals court in ACLU v. Clapper, and it was disowned by Congress. And, after a White House investigation found that the program never stopped a single terrorist attack, even President Obama ordered it terminated.

This is because of you. This is the power of an informed public.

Ending mass surveillance of private phone calls under the Patriot Act is a historic victory for the rights of every citizen. Yet while we have reformed this one program, many others remain.

We need to push back and challenge the lawmakers who defend these programs. We need to make it clear that a vote in favor of mass surveillance is a vote in favor of illegal and ineffective violations of the right to privacy for all Americans.

As I said on Reddit last month, arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

We can’t take the right to privacy for granted, just like we can’t take the right to free speech for granted. We can’t let these invasions of our rights stand.

While we worked away in that hotel room in Hong Kong, there were moments when we worried we might have put our lives at risk for nothing – that the public would react with apathy to the publication of evidence that revealed that democratic governments had been collecting and storing billions of intimate records of innocent people.

Never have I been so grateful to have been so wrong.

Edward Snowden for ACLU Action

Read Edward’s Reddit “Ask Me Anything” conversation with the ACLU’s Jameel Jaffer, and check out his op-ed in today’s New York Times – Anthony

Reddit: Just days left to kill mass surveillance under Section 215 of the Patriot Act. 

New York Times: Edward Snowden: The World Says No to Surveillance 

The Painful Joys of Learning a New Technology

I decided a while ago that I wanted to try a next-gen firewall.  So I recently acquired a small ARM-based PC with dual LAN interfaces, installed a disk in it and set to work getting Sophos Home UTM running.

An old friend and co-worker of mine once pointed out that we programmers and other IT types often find ourselves working at a tough problem or bug for hours or even days.  Then we hit upon the solution.  Now at this point, in the popular imagination, we erupt in celebratory exclamations along the lines of, “Eureka!”  Any of us who have been through the process, however, know that what is vastly more likely is that we erupt in vicious, self-directed insults along the lines of “Idiot!”

I have had my share so far of “Idiot!” moments.  Let me share them with you.

By the way: my only justification for being such a moron in the vignettes that follow is, this is my hobby and even though it is frustrating at times, I am having fun.

I got the software and tried several different utilities to make a bootable USB stick from the ISO.  A Linux utility called “USB Image Writer” quickly proved itself nigh-on useless.  Unetbootin works well for Windows or Ubuntu, not so much for anything else.  I discovered that there is one of this scruffy class of programs that actually works well, including adjusting the varieties of the output USB stick formats to how the ISO it’s laying down is set up, and that is Rufus.

Now, with a USB stick in hand that would boot the installer and begin, I quickly encountered an error message during the formatting of the disk, “install.tar not found”.  I probably could have resorted more quickly to the “just google the error message verbatim” strategy and saved myself a lot of time on this one, so that will count as my first “Idiot!” moment.  It turns out that you have to work around the fact that the Sophos ISO is designed to lay down a CD image with links to files as well as files, and this is not well-replicated on the USB version.  Also, for reasons not clear to me, the installer dismounts the install medium during the disk formatting process.  So you need some redundancy that the Rufus utility will not create.  I found this sequence of commands, which worked well:

Start the Installer, then

1. On the First Screen, hit Alt-F2. [gets a command prompt]
2. bash-3.2# mount /dev/sdb1 /mnt [mounting your install USB]
3. bash-3.2# cd /install
4. bash-3.2# mkdir install
5. bash-3.2# cd install
6. bash-3.2# cp -a /mnt/install/* .
7. bash-3.2# cd ..
8. bash-3.2# cp -a /mnt/* .
9. bash-3.2# cd /
10. Hit Alt-F1  [returns to main installer]
11. Finish the Installation, Reboot.

OK, now with this scriptlet, I can get the install to run to completion.  Along the way it takes a default for its static IP, which occasioned my “Idiot!” moment #2, by just clicking past that.  Oh, it also takes a default for the netmask, so my “Idiot!” moment #3 followed #2 pretty quickly.  I hear you objecting that we can change these after install with ifconfig.  It’s true, yes… but are you willing to assume that the installation of all that other firewall functionality did not record those bad defaults somewhere your after-the-fact change will not reach?

Let’s just say, I got good at that command sequence above.

Last but not least, after getting it working to the point of being able to put it on the bench and do as much pre-configuration work as possible prior to setting it inline and trying it out… I made the one mistake that should really have me considering a second career in pottery.  I created a new admin account with a complex password that I recorded in my password manager… and then deleted the default admin account… and then discovered that the new admin password was mistranscribed and therefore useless.  After a break, I get to practice that command sequence again.

And yet, I know how this movie ends.  My persistence at these things is close to boundless, and I will have a functional installation at the end.  And a newly deepened respect for sysadmin and netadmin types who do this for a living.

LucidCharting the Network

In an earlier post I wrote about the importance of charting the network.  Since then, I did just that, as I mentioned, in LucidChart.  Here are some of my impressions from doing that for my home network.

The current diagram

I used LucidChart’s 7-day free trial of the Pro version, which I found to be almost as versatile for this as Visio.  The one thing I missed from that product is the ability to modify shapes with custom properties, which I would have used for adding MAC addresses, static IP addresses and so on.  I ended up putting in some of that in Comments on items and some in Notes.  I haven’t settled yet on which I prefer.

The creation of connections is very natural – you simply drag the mouse from one item to another and it draws a connection in that direction.  I found this a great time saver.

The default set of shapes in the library was equal to this task but again this is where the lack of custom properties comes into play.  I would have liked, for example, to be able to tell it not just to give me a Switch, but also how many ports that would have.  I have used Visio shapes that modify based on these properties to represent them visually.

I chose to integrate the app with Google Drive, which gave me a very convenient way to get to my drawings, and also displays it on a doubleclick, without opening it up in the app.  Very handy and it was dead-easy to do.  “It just works” is not only something Apple fans get to say. 

I am probably going to subscribe to LucidChart at the Personal level ($40/yr).  It only allows up to 100MB of charts and doesn’t include a handful of advanced features, but I have little anticipation of either of those things being a bad constraint.

Oh, and that Sophos UTM that it says will be there “soon?”  That should happen this weekend – stay tuned for more geekery about that.

Charting the Network

A really important thing to do if you have more than three or four devices on your network, even your little home network, is to maintain an up-to-date network diagram.  You don’t notice how your home network grows… you get some new toy and it connects via WiFi or cable and you just plug it in without much thought….

My home network currently includes a WiFi router, three switches (one managed, two dumb), a server, a NAS, two desktops, two TiVo boxes, a networked BD player, a standalone HD broadcast tuner, two printers and a Roku.  And that’s just the wired network; WiFi adds five Android devices, a Blackberry, four laptops, a ChromeCast, a ChromeBook and a separate little standalone network for four Raspberry Pis which I connect to the main network via wireless bridge.  Finally, I am soon adding a dedicated firewall device in lieu of the WiFi router’s boundary protection.  Did you also count 33 devices?  Yeah, ours may be a little more tech-intensive than many households, but it’s just the two of us.  Imagine a household with four or five people, be they roommates or a family where at least the older kids are into the Techie Teen years.  Then add something like a home-automation system and you’re well on the way to 100 IP addresses.

Without a diagram showing what connects to what and just plain what’s out there, you will never be able to keep it all straight.  Try a product like SoftPerfect WiFi Guard, and it will do you no good: if you don’t know what the set of devices should be, you can’t know if the devices you actually find are legit or not.  Documentation of your network should at minimum be a list of devices and enough specs for each device that you can identify a “mystery” connection.  Capture the MAC address, at least, along with whatever descriptive information will help you most.

As for me, I find a textual list of networked devices unsatisfying: I always want to see the “big picture.”  I have maintained Visio diagrams and similar in the past, but the problem is that they get out of date pretty quickly and I may or may not remember to get back to them in time to help with my next troubleshooting need.

So today I began trying LucidChart to manage the drawings.  Pretty neat so far; kind of a basic version of Visio in a web page, and it links to my Google Drive for anywhere-anytime access to the drawings.  I’ll report back here as I get more experience with it.

Powered by WordPress & Theme by Anders Norén