[Cold Warrior]

You don't need to input line breaks. The reply box and the boards will handle text wrapping. In fact, it's one of the Useful Suggestions.

[Tesselator]

It's been my style for decades and I'm afraid I won't be able to change.
Old dogs and all that. Additionally my browser is truly huge. It spans
two twenty four inch monitors as is needed for another web project I'm
involved in. This makes tracking the sentences from the end of one to
the beginning of the next very difficult for me. I get comments from
others saying that they like the style but this is the first time I've heard
or seen opposition to it.

[Simon]

Well then here's opposition no. 2.

I have my browser window set to span 1920 pixels because that is how I like it. When you insert line breaks you force me to read it your way rather than the way I prefer. Nothing personal, but you are preventing people from viewing it in the way they prefer.

[peeb]

Originally Posted by Simon 

Well then here's opposition
no. 2.

I have my browser window
set to span 1920 pixels
because that is how I like
it. When you insert line
breaks you force me to
read it your way rather
than the way I prefer.
Nothing personal, but you
are preventing people from
viewing it in the way they
prefer.

I for one would prefer it if
you could shorten the line
length a little - for those
of us on very small monitors,
it is considerate to stick to
very few characters per line.
Thank you!

[Tesselator]

Lol

[toeknee]

old thread, but I have to say this:

MAC address filtering: mostly useless

--MAC filtering with no encryption: stops the old lady next door from using your connection, but hackers can sniff the MAC address right out of the air, clone their card, and they're in. All traffic can be sniffed by anyone, so unencrypted passwords are at risk. False sense of security.

--MAC filtering with WPA/WPA2: there is no point in doing this, it just makes hassles for you to add new equipment/users/guests. If a hacker is capable of breaking your WPA, the MAC address filtering won't slow them down a bit. They can't connect to your network without the WPA key, they can't sniff the MAC without the WPA key. To use MAC filtering when you're already using WPA is like putting a child safety gate inside your 6 inch solid steel door.

[Big Mac]

How is a thread last posted to four days ago an "old thread"? Good information though.

[ghporter]

Originally Posted by toeknee 

--MAC filtering with WPA/WPA2: there is no point in doing this, it just makes hassles for you to add new equipment/users/guests. If a hacker is capable of breaking your WPA, the MAC address filtering won't slow them down a bit. They can't connect to your network without the WPA key, they can't sniff the MAC without the WPA key. To use MAC filtering when you're already using WPA is like putting a child safety gate inside your 6 inch solid steel door.

Actually this is the completing step to securing the traffic with good encryption. By allowing only specific MAC addresses to connect then you have TWO separate ways of ensuring that only those you authorize are part of your network. This covers situations when someone's laptop is compromised and their Keychain is copied, or if the user had inadvertently saved the passphrase as plain text somewhere on their computer. It's also a good policy in case someone manages to develop an actual attack that compromises WPA (though that seems to be seriously computationally infeasible). It may not be for everyone, but I'm sure not going to undo my MAC filtering just because I feel very confident that WPA is extremely robust.

[turtle777]

Originally Posted by toeknee 

old thread, but I have to say this:

You're a clown.

You posted only seven times in 5 years, and then you come and make a completely ridiculous statement. Well done.

-t

[tinkered]

This is always true with security. Ultimately, the goal is to make it not worth the trouble.

[toeknee]

Originally Posted by turtle777 

You're a clown.
You posted only seven times in 5 years, and then you come and make a completely ridiculous statement. Well done.
-t

What possible difference could it make to you how many times I've posted in this forum? Is that the measure of a clown? Is there a correlation of number of posts to the value of one's opinion? Yep, you caught me, I'm an infrequent visitor to these bastions of intellect.

Certainly, if your postings consist of short and pointless retorts as above, I can see how you've racked up 12,000+. In any case, well done yourself.

[toeknee]

Originally Posted by ghporter 

Actually this is the completing step to securing the traffic with good encryption. By allowing only specific MAC addresses to connect then you have TWO separate ways of ensuring that only those you authorize are part of your network. This covers situations when someone's laptop is compromised and their Keychain is copied, or if the user had inadvertently saved the passphrase as plain text somewhere on their computer.

I appreciate your opinion, but I respectfully disagree. I would consider Step Two to be the frequent changing of your encryption password, certainly any time you even suspect that an outsider has somehow (through someone's sloppiness) gained access to the password. Frankly, if I have compromised your laptop and unlocked your keychain, it's pretty easy to also get the MAC address of your Airport/wireless card.

The "key" (pardon the pun) is to control the access in the first place. Your password only goes on your computers, it's stored in the System keychain, and any other users do not have admin rights. And you change it frequently. You can change it less frequently if you keep it only on your own computers and get a second access point with a 'guest' WPA key that you can plug in when needed (ideally on the Internet side of your firewall, even better separated completely from your subnet by a router).

Originally Posted by ghporter 

It's also a good policy in case someone manages to develop an actual attack that compromises WPA (though that seems to be seriously computationally infeasible). It may not be for everyone, but I'm sure not going to undo my MAC filtering just because I feel very confident that WPA is extremely robust.

I was not seeking to persuade you to disable your MAC filtering system, but I would also advise anyone to not bother setting it up. As I have tried to demonstrate, it's relatively worthless. Put your energy into controlling access to your WPA password. Anyone going to the trouble to obtain it through subterfuge and deception is not going to be hampered by MAC filtering.

Yes, I do regret even bringing it up. I need to be working on other things.

Happy spring.

[Tesselator]

toeknee,

Sorry about the rudeness of a few here (in my thread). Some people's children - - I swear...

Thanks for the info. I think the case is as you describe it and perhaps worse. Another reason I
say why not just open it up. They have to be within range to do anything anyway and the odds
of someone knowing how to do anything other than just "connect" to the internet over it are
very slim indeed. Also I have a buttload of kids over here all the time and their PSP's, laptops,
and other mobile browser devices are thankful that it's open.

[ghporter]

Frequently changing good WPA passphrases is an excellent way to follow up on using WPA to begin with. It is, however, unwieldy. Of course I consider "good" WPA passphrases to be exceedingly random and a full 63 ASCII characters long, so that sort of adds to the lack of ease in changing it. But if you, like me, have somewhere over 20 WiFi devices that you want to grant access to, and only a handful of them are actually at your physical disposal at any given time, changing the passphrase regularly (or better, "irregularly") gets to be a major issue. I have to handle the machines I can touch when I want to change the passphrase and then update the key on those that are only on my network irregularly as they show up. How do I keep track of which devices I've allowed onto my network already? MAC addresses.

toeknee, this has been an interesting side trip. I agree with you 100% that I go overboard by using MAC filtering. But having been a computer security officer for many years, I just can't help it. I think tinkered had it right-the goal of computer security is to make it too much of a hassle for an attacker to bother with your setup, and there have been a lot of approaches to that end over the last several years. Some people advocated not broadcasting your SSID, which is useless because it only really impacts certain Windows computers' ability to find and thus connect to your network; intruders' arsenal of software includes apps that grab the SSID portion of any traffic without any real effort. Others have said "any encryption is better than none at all" as a defense of using WEP, but that includes the risk that the "warm feeling" of having done "something" lulls the user into thinking that he's done something more than just putting a hook-and-eye lock on his screen door. In the end, ANY security scheme must be a little bit of a hassle to set up so that it is robust enough to be a major hassle to attack.

Someone asked me in this thread why I haven't moved to WPA2. The reason is that I haven't done the research to find out whether all the devices I include in my network support it. I still have a PocketPC PDA that ONLY supports WEP, so I can't even allow all of my WiFi capable devices online; moving to a "more super than super duper" encryption scheme is not necessarily an effective option, considering the XBox 360, the variety of PC card adapters, built in WiFi adapters and so on that congregate at my house... I probably need to cull a bunch of these clients from my lists, and will someday.

[turtle777]

Originally Posted by Tesselator 

toeknee,

Sorry about the rudeness of a few here (in my thread). Some people's children - - I swear...

WTF ?

Don't you think it was dumb weird by toeknee to start his post with "old thread, but I have to say this:" ?

-t

[toeknee]

Originally Posted by turtle777 

WTF ?
Don't you think it was dumb weird by toeknee to start his post with "old thread, but I have to say this:" ?

There had not been a post in the topic in four days. On many active forums, the topic would have been closed. I sure regret offending you, but I have to say this: it's pretty dumb weird that you make such a big deal about it.

[turtle777]

Originally Posted by toeknee 

There had not been a post in the topic in four days. On many active forums, the topic would have been closed. I sure regret offending you, but I have to say this: it's pretty dumb weird that you make such a big deal about it.

I don't get it.

THIS thread was started on 03/03/08.
And you consider a thread that was started 4 days ago (03/07/08 in my book) OLDER ?

Enough, I'm done with this.

-t