Wednesday, May 18th, 2005


I’ve been obsessed by KOTOR II – the sequel to the original, which
obsessed me greatly last year.  Summer is a time for play, and
videogames (and hostas, apparently) are how I do so.

(Yes, KJ, I will post pictures.)

Last night Mr. Saturday
informed me of a glitch which could lead to infinite Dark Side
points.  You could use a conversational loop to turn yourself As
Bad As You Wanna Be in about five minutes.  For a few brief
moments – one combat and about half of another conversation – I had
Dark Side Mastery.  Arcs of lightning would shoot from my
tingling, grey-tinged palm and enemies could do nothing but scream and
fall to the ground, Magical XP Juice shooting from their carcasses like
so much squalid innard. 

Doing so cost very, very few Force Points.

My Best Bud, the scoundrel with two blasters and a big mouth, was
horrified – though I am slowly but surely dragging him down that path
with me – yet my mentor, resolutely neutral in her morality, was not
bothered at all.  In fact, some new-found revelations earned
praise from her when I spoke of regarding all around me as disposable
extras to be used or cast aside as I saw fit.

Revealing stuff, that.

Of course, within minutes I didn’t have it in me to extort the
eco-friendly reptiles I’d just “saved” from certain death.  The
only payment I really required was the opportunity to reach out and
crush someone, after all.  Just that fast, I’d gained a couple of
Light Side points.  Gone were the black smoke that poured out of
the ground around me and the column of flame and ember behind. 
Also gone were the practically free bolts of lightning and the extra d8
of damage.

But there’s plenty of game left.  And I can be bad anytime. 
It’s funny – as a player I can barely stomach the things I would have
to do to get my character all the way down that scale, but once it’s
done (practically without effort) I want nothing more than to stay
there. (more…)

I used to be a waiter and Star Wars has invaded my life of late, so I love this blog entry.  Just pointin’ it out. (more…)

I don’t actually advocate a war on war-driving.  It was just the first title that came to mind.

The point I’d like to address, actually, is a recent General Accounting Office study of Wi-Fi security
around the various agency HQs in DC.  They found lots – and I
mean, lots – of entirely open, unprotected wireless networks in federal
agencies around DC.  How did they find them?  They walked
and/or drove up to them, popped open a laptop with a Wi-Fi card and,
like any other war-driver, saw what they could see.  And they
could see a lot, including others on the network who were clearly
unauthorized:

GAO investigators were able to pick up Wi-Fi signals from outside all
of the six agencies they tested
, and they were able to find examples of
unauthorized activity at all six as well.

So why was it so easy?

But nine of the 24 major agencies haven’t
issued wireless-security plans
, while many others provided little
guidance for acceptable use, the GAO found.

Thirteen
agencies don’t require their Wi-Fi networks to be set up in a secure
manner, and most don’t monitor their wireless activity
, the report said.

OK.  Setting up encryption can be a pain – except that it isn’t a pain at all
Admittedly, I work in network security so I’m biased, but Jesus H. in a
catsuit, what are they thinking?  Anyone with even the faintest
hint of an aroma of security experience has heard the old saw that
there is no such thing as “security through obscurity.”  Just
tossing your access point up and hoping no one notices is NOT a security plan.  It is not a security policity.  It is not secure.

Any security posture is better than none at all, in my opinion.  Even WEP, easily broken and repeatedly denounced as little more than wishes on falling stars, is preferable to doing nothing
In a place like DC, or in any area with lots of wireless networks set
up, any measure of security is a good idea, no matter how weak. 
The vast majority of outside intrusions into any given network are done
purely to use that network as a jumping-off point for other
tasks.  Make your network any degree less attractive than others
just as easily available and you take yourself out of the running for a
lot of types of misuse for the simple reason that there are other,
easier targets out there.  The bottom line, the dirty little
secret no one will tell you, is that if you are an intended target for
electronic intrusion then there is little that can be done – no matter
what you do, if someone wants to get at you, specifically, they will do
so with enough time and effort.  Fortunately, it is rare (outside
of electronic blackmail)
for someone to be such a specific target.  Just slapping WEP in
place would drive a lot of innocuous but also uninvited and
unauthorized access off a given WLAN and onto any of countless other
networks nearby.  I’d bet it would cut three quarters or more
unauthorized access from any network, especially in a place with other,
softer targets in easy reach.

But these are government networks, and they deserve more than that pittance of attention.  So how hard is it to use WPA, a much more (ahem) robust encryption solution?  NOT VERY HARDYARRRRRRGH.  This kind of thing drives me crazy
Yes, there are aspects of it that are kind of a pain in the ass except
they’re steps these people probably already have to take anyway –
things like setting up authentication servers.  Hello?  Don’t
they have logins on their local LAN anyway?  I know it’s not
exactly a five-minute, hassle-free conversion, but if the federalis can
take the time to anally rape me every time I walk into an airport can’t
they be bothered to require a few login servers and some decent
encryption at federal agencies?  And if they got their access
points on the cheap somewhere right before they went out of stock, all
it takes to enable WPA is a firmware update.  A couple megs’
download and one access point reboot later, those access points are
WPA-capable.  It’s not like it would be expensive.  In fact,
it would cost nothing.  The firmware updates that enable WPA on older APs are all fucking free.  It is no more difficult than – in fact, it is just like – running Windows Update or Software Update on your home machine.

This is the part where I could launch into some sort of (even more)
shrill screed about how in the War on Terr’r we deserve the very best
protection for our various asses and baby Jesuses (Jesi?) and our
whatevers, and on and on, and I’m not going to do that because, for
fuck’s sake, that is so fucking tired.  My annoyance is
not political, it is purely technological.  This is not Robust
McManlyPants, Certifiably Crazy Leftist, talking here – this is Robust
McManlyPants, Network Dude.  I mean, for fuck’s sake.  It would not be the end of their world.  HIPAA
makes nursing homes keep their fax machines in locked closets because
customer data might pass over a phone line and into a dusty old Brother
machine with a leaking ink cartridge and a wad of chewing gum holding
up its left side but they don’t bother to secure the wireless networks
in the headquarters of their own agencies?  The FBI show up at conferences
to demonstrate that WEP is far from being secure, but their colleagues
in other agencies can’t be bothered to click a couple of options in the
setup screen for their wireless Access Point?

Gah.  People are so stupid.

I am not worried that Al Queda or some shit are hanging out in DC with laptops and Wi-Fi cards going, Aha, our knowledge of tax returns and the price of tea in China will be their undoing! 
It is not about that.  It is about my tax dollars and how they are
spent and what it means to be responsible with data and what the
government does even as it requires more responsible behavior of the
civilian sector under threat of penalty.  It’s about not
protecting the wireless network at a federal agency just being stupid.  It’s about lazy engineers or budget directors who just won’t listen.  It’s just dumb.  D-U-M dumb.

Bah.

OK.  I’m done. (more…)