Friday, February 15, 2008

WPA finally

My family and I are in New Zealand and I'm happy to see that, where I'm staying, the telco that installed the DSL (and all wifi-routers that I can see in range, between 3 and 9) have WPA configured by default.

They have to do that, of course, because most NZ broadband has bandwidth caps. For instance, where I'm staying, the cap is 3GB per month. If we exceed that we don't get slapped with excessive per MB charges, nor is the bandwidth cut-off, but speed will drop to 64kbps.

Clearly, leeching off someone else's wifi signal could be very profitable (in the sense of having someone else pay for the download) and very anti-social. So the telco is pretty much required to (1) provide the wifi-routers [because customers will connect wifi anyway, better for the telco to do it right) and (2) make sure the wifi-router is configured to be secure.

It took me a week to get wifi on my (and my wife's) laptop working though. I got very rushed instructions on the password, and then my host left for a week. I couldn't get the password to work, nor any of the obvious variations I tried. My host just got back from his weeklong trip and we worked out the password after he looked in his documentation. After a bit of fiddling with wpa_supplicant, I've finally got it working. As it happens, I *did* try the password that finally worked, but I guess I had other wpa_supplicant settings not quite right.

This has been a good experience. For a week, we just used an ethernet cable to connect to the router, so we were still able to use the internet, but in the meantime I've learned much about the nitty gritty of wpa_supplicant.

In another life I kept my wifi-router open (and then moved to mac auth) because I was interested in watching what people would do with it (and if they'd sniff and spoof vald mac addresses). With bandwidth caps as implemented in NZ though, I'm clearly going to have to use WPA, so it's a good thing to get a handle on how to get it working, for when we rent our own apartment and get our own broadband.

Monday, February 04, 2008

encrypted filesystems finally

I've been waiting for linux encrypted filesystems to finally become easy to use. They finally are. There are a few sweet and simple instructions online (the first one I used was similar to the one I finally used, but didn't mention /etc/crypttab, so I hacked up the ubuntu init files to manually luksOpen).

Steve Parker finally has a very easy to follow discussion on how to setup encrypted filesystems on debian. This works perfectly for me on ubuntu, except I didn't do the encrypted root thing. I only encrypt /home and my external backup drives for now. I'll probably do encrypted root after testing a few times on vmware.