Sunday, August 23, 2020

Day Hike: Tippecanoe State Park

I was able to get away for a hike today to a new park, Tippecanoe State Park in Northwest Indiana. For this trip, I chose to hike trails 3, 4, 5, and 8.

I started out that the Nature Center, which has a trailhead to Trail 4. This winds through woodlands with the first point of interest being a lagoon left over from a change in the rivers course many hundreds of years ago. This time of year, plant life was teaming in the lagoon, and the entire surface is covered such that you can't see into the water.

Trails were wide and flat, making for an easy hike.
 

After winding through the Tippecanoe Nature Preserve for a while, I picked up Trail 5. This continues north bumping up against the river, and two campgrounds. There is a short stretch where we hike on the road (maybe 100-150 feet or so), then it's back into the woodland.

The river was slow and winding through the park.
 

At the north end of the park, we come to some events structures, restrooms, and such. With a quick cross of the road we're on to Trail 8 in the Sand Hill Nature Preserve. This is a quick loop, then it's back south on Trail 5.

At the point where I originally picked up Trail 5, I turned right, heading south then west over to Trail 2, a shared hiking and horseback riding trail. This was another out and back loop. I returned back to Trail 5, then picked up Trail for again for the return.

It's not the worst hike I've had, but there was much left to be desired.




Pros:

  • The woodland areas were beautiful. Much of the trails were through pine forests, and the needles helped keep the trail flat and clean of brush.
  • When it was quiet, it was very quiet.
  • There are plenty of trails to hike, and they are generally well marked.

Cons:

  • There was a constant source of human noise, mostly from campers getting rowdy and fishermen yelling and laughing at each other, all the while in the same boat.
  • Spiderwebs filled the trail. I ended up picking up a thin stick and swaying it in front of me to collect the webs.
  • The bugs were horribly distracting, constantly flying around my face and ears.
  • Some of the trails are nothing more than service roads. If you see a trail that looks like a straight line, it's probably a service road.
  • The trails were entirely too close to campgrounds. This distracted from the nature viewing, and again, takes the hiker through stretches with a lot of music and yelling.

I have no regrets for making the trip, as it was only 45 minutes from home, but I don't expect I would return to this one. If you're looking for a place to camp around lots of other people, and do some kayaking or canoeing, this is a good park. If you like quiet hikes that immerse you in nature, this is not the place.

DETAILS
Time: 5 hours 40 min.
Distance: 23.5 km
Min Elevation 189 m
Max Elevation: 264 m
Temp: 90 deg. F

Sunday, July 12, 2020

My COVID-19 Project: Building a Stand-up Desk

The time of the executive desk has passed, and it's time to move on to a stand-up desk. We had these when I worked at CME (although those were electric), and I really liked it. Initially, I looked for adjustable desks, and regardless of whether they were powered or manual, they were very expensive. So, I ordered some table legs online, and started digging around for the wood. Here's the result.

The first step was to get the legs attached to the table surface. The holes in each leg for the screws are just slightly different on each leg, so I put marks on each leg, and under the surface to ensure I always get them in the right place, once holes are drilled.

Getting the legs affixed to the surface.

So, after some digging, I found most of the wood I'll need. The surface came from a cabinet we picked up from Habitat for Humanity (the cabinet is now an island in the kitchen). It had some damage in one corner, but a new veneer will fix that. I just happened to have almost a full sheet in the garage.

Finished the drawer, and main assembly of the surface and shelving.

The stained piece will end up being a drawer for storing supplies. It will slide into the two 2x10s that I mounted to the surface. The trim on the drawer came from a stack of old trim we had that we pulled out from the house. The plywood was in the scrap bin, and the wood on the back came from a stack of wood that we pulled out of the deck a few years ago. The shelves came from the same stack of old deck wood.

Stained the desk and cut pieces for monitor stands.

The staining is finished for the main part of the desk. I've also cut pieces to support two monitors that will sit on each side of the desk. the wood (with the exception of the small square pieces) came from the same pile of old deck wood. I ended up buying a short piece of scrap for the squares. The black ones will be where the monitor mounts to the pole, and the unstained pieces will be the bases.

It's a stand-up desk!

We see the monitor stands are now assembled. I also added trim around the surface. It was also scrap from the house. A little more stain, lots of varnish, and it's ready to go. I designed the section underneath the surface to be the same width as a standard computer rack so I could mount my old virtual machine server which is being repurposed as a desktop. Unfortunately, my dual monitor card doesn't fit in the case, so I'll need to pick up a low-profile dual monitor video card for this one.

Post Set-up


I realized quickly that the amount of surface will isn't quite as much as I need (I felt like this was the case as I was building it, but until it's in place, it's hard to be sure). So, I moved an older temp stand-up desk next to it, which does much better. I noticed it's a little warm under the desk, so when I ordered the dual monitor card, I also picked up an extra case fan to move a little more air. I found that the cables are being pushed around in back by the rear wall on the drawer. I'll need to make a small bracket, and hang the cables from the bottom of the surface so they are out of the way.

Monday, April 20, 2020

You Don't Need (or Want) Special Characters in Passwords

This comes up over and over: 'We should require special characters in our password rules because that makes our passwords more secure.' The premise is that by increasing the character set, and mixing in non-alphanumeric characters, the number of attempts to guess the password grows very large. The computational power required to execute a brute-force attack on a password (guessing different strings of text one after another) becomes prohibitive. Therefore, if we generate passwords using a larger character set, then the number of combinations of characters going into the password (which is of some arbitrary length) will be greater and therefore more secure. This premise is completely true. However, the conclusion that follows is suspect on the grounds that it ignores other options to increase the number of combinations. Additionally, there are some problems with it that I'll argue by the end of this post, give us a much simpler solution to the problem of brute-force attacks.

The Problem With Special Characters


This may seem a bit obtuse if you aren't a tech junkie but bear with me; it's important. In the world of information technology, we need to be able to interact with software using more than just natural language and numbers. We need symbols that have what is referred to as "special meaning." Special meaning means that a single symbol is interpreted in a specific way to the software we're interacting with; much like a shortcut. Here are two examples:

Example 1
ls -l *

This is a Unix command we might type at the command line to display information about the files in the current directory. It contains two special characters: the dash '-' and the asterisk '*'. To the shell (where we type the command), the dash character means that the software should interpret the following character as a parameter to the command. In this case, -l means to display more information in the output than the ls command otherwise would. The asterisk means to display information about every file and directory in the current directory.

Example 2
http://www.example.com/store?item=123456&quantity=2

This example is not unlike information we might find in the address line of a web browser during a purchase. We have lots of characters with special meaning to the web server. The colon, forward slash, question mark, ampersand, and equal sign all have special meaning to a web server.

The problem here is that if we need to pass a password to a command, and that password uses characters with special meaning, it can confuse the software that reads and tries to interpret the entire command. In short, we get errors.* There are ways around this in some cases, and certainly we could write the software that does the interpretation of the command to more elegantly read and interpret the characters but this leads to increased complexity (increasing the potential for bugs), and it introduces additional code that slows down the process of figuring out what you want the software to do. So in short, more bugs, and more time.

A Mathematical Solution to Eliminating Special Characters


Consider the purpose of a password. It's basically a key. The arrangement of characters in a password is not unlike the peaks and valleys of a physical key that you would use to lock your house. If that key is more complicated, it's harder to reproduce. Hackers use software to try to reproduce the arrangement of characters in a uniform way to 'guess' your password. This is the essence of brute-force hacking. It works like this:

First try a, then b, then c followed by the remaining letters. Next, try aa, then ab, then ac, and so on.


We can leverage one very interesting constraint on brute-force hacking that can render the process ineffective: compute power. Computing systems can only do so much in a given period of time. The method described above requires a very large number of combinations, each of which requires a certain amount of the computer's time to complete. There is a way we can construct a password such that it requires more time to hack, effectively thwarting the brute-force hacking attempt. In short, we use the limitations of the hacker's computing systems against him.

This is where we circle back to the character set. We can make it take longer to guess a password by increasing the password's complexity. We do this by adding additional characters to the character set we use. In the following table we show the number of attempts that a hacker would have to make to try to guess a password that is 8 characters long using increasingly complex character sets:

Character SetCombinations
a-z1,562,275
a-z, A-Z752,538,150
a-z, A-Z, 0-93,381,098,545
a-z, A-Z, 0-9, . , ! $ & # @ etc.
(a total of 23 special characters from the US keyboard)
48,124,511,370

Table 1: Combinations of characters by increasing the character set


Just by adding characters with special meaning, we've forced the hacker's computer to do roughly 16 times more work in order to crack our password than if we used only letters and digits. But, we still have the issue of software complexity described above. That brings us to the silver bullet of strong passwords. Instead of adding characters to the character set we use, we could increase the length of the password. But would that really do much? Wouldn't we have to add many characters in order to increase the number of combinations to make it prohibitive to crack? Let's see:

Character SetPassword LengthCombinations
a-z, A-Z, 0-983,381,098,545
a-z, A-Z, 0-9920,286,591,270
a-z, A-Z, 0-910107,518,933,700
a-z, A-Z, 0-911508,271,323,000

Table 2: Combinations of characters by increasing length


Those are some pretty big numbers. Let's break this down into English, comparing the last line of Table 1 with row 3 of Table 2. By adding just 2 more characters onto the length of the password, we more than doubled the number of guesses, reduced the required characters in the character set by 23, and eliminated any problems that special characters might cause on the command line. Adding just one more character to the password length means our hacker friend's computer will need to guess up to another 4 hundred billion combinations of letters and numbers.

That is the power of the mathematical topic of combinations, and that's why you are much better off increasing the length of the password, than just adding special characters. In fact, you can even use simple words of your own language one after another, so long as the length of the password remains long.**

Just for fun, how long do you think it takes to attempt a brute-force attack? In 2018, using the most powerful computers available, (not what's sitting your your desk) a 12 character password would take about a year. A 13 character password would take 64 years! As time passes, advancements in computing power will shorten these times. The elegance of the process is that we just add one more character to ensure a long time required for the attack.

Conclusion

Passwords are necessary today but complexity is not. Increasing the length of a password increases its protection from being guessed much more than just increasing the character set used.


* Yes, I know, we should not be passing password in at the shell or in the address line of a web browser. In a perfect world, we would not. In the real world, we often have to deal with software that we have no control over, and it may be a necessity.

** I would recommend against using individual words separated by spaces. There is a variant of brute-force attacks that use words from the dictionary in a similar fashion. If using full words, you'll want to remove spaces, or insert them in the middle of words to prevent each string from matching a word from the dictionary.

Saturday, January 11, 2020

Configure a TP Link Wireless Router for Simple Internet Access

After putting up with a failing wireless for the past two months, I decided to replace it. I ended up purchasing a TP Link Archer C9 wireless router. It operates on both 2.4 GHz and 5 GHz frequencies at the same time, and allows for (mostly) full management. After going through the manual, I realized that it did not cover the method I use to integrate the wireless into my home network, so after hours of trying to get this thing set up, I decided to write it down.

The two methods in the manual describe using the Archer C9 as a wireless extender, and connecting directly into the service provider's cable/DSL modem, such that all network traffic going to the Internet would end up going through the router. This is problematic for me, as I have my own firewall connected to the cable modem, and I don't really want to put this new device out in the wild, with a public IP address.

My particular use case involves simply connecting the wireless to a switch on my network, then enabling the wireless so anyone connecting can get access to the internal network, and Internet, but enjoy the protection of the firewall. It looks like this:



In order to get this to work, we have to deviate from the instruction manual just a bit.

Step 1: Connect the Device to the Network
Plug a standard network cable into any of the 4 LAN ports on the back (it doesn't matter which one; just don't connect to the Internet or WAN port). Plug the other end of the cable into a switch that supplies the rest of the house with network connectivity. Plug the power adapter into the wall, then into the device. Turn the power on.

Step 2: Connect to the Wireless
In order to connect for the first time, you'll want to connect to the wireless, first. You'll see the default SSIDs show up. Select one, then when asked for a password, type the device's PIN (the 8-digit code printed on the back  label).

Step 3: Configure a Password
The router is delivered with a default password. It's the same 8-digit PIN used as the wireless password. When starting the configuration for the first time, you'll be asked to configure a new password. Type in each of the provided boxes on the screen.

Step 4: Configure the LAN Interface
Once you are logged in, you will be presented with a page that has three tabs, Quick Setup, Basic, and Advanced. We'll be working strictly in the Advanced tab. Once in Advanced, select the Network item in the left menu, then select LAN. Here, you can set up the device's IP address and Subnet mask. Select an IP address that is 1) in the same subnet as your firewall or cable modem, and 2) is not being served through DHCP. (If you don't know, check your cable modem configuration or that of your firewall, if you have one. If DHCP is enabled, there will be a set of starting and ending IP addresses for the range. The TP Link's IP address must be outside of this range.) Finally, click Save.

Step 5: Configure DHCP
I'm serving addresses via DHCP from my internal firewall, so I don't need a second DHCP server. I just disabled it. If you need to assign IP addresses to new devices automatically, perform 5b, otherwise perform 5a.

5a. Click the DHCP Server link further down in the Network group of options we opened earlier. Uncheck the Enable DHCP Server checkbox, then hit Save.

5b. Select a starting and ending IP range in the IP Address Pool boxes. Set the Default Gateway to be the IP address of your firewall or cable modem. Set the Primary and Secondary DNS addresses. Normally, if you have a device connected to the cable modem, it will obtain these addresses from your service provider's DNS servers. You can also look around the Internet for a couple of publicly-available DNS servers. Once complete, hit the Done button.

6: Set Up the Wireless Radios
Next, Click on the Wireless item on the left menu, and select Wireless Settings. You'll want to set the Network Name(SSID) field to something you can easily recognize on your phone, tablet, or laptop. Next set the Security to WPA/WPA2-Personal (the other options are for older technologies, and are not nearly as secure). Version and Encryption can bot be left on Auto. Give the wireless a good password. Generally, a 20-character (or longer) password is considered appropriate. Use a combination of Upper and lower case characters, numbers, and one or more special characters. I have found that combining a word with a number with a nonsense word that is easy to remember tends to be a good method. For example:
BoBcat.8675309-XPEKT
This is relatively easy to remember, but long enough, and using enough different types of characters that it will be difficult to crack using a brute-force attack. Also, change this password every quarter or every 6 months at the latest. The longer it sits on the router, the more time people have to try to figure it out. Leave the remaining settings as they are, and click Save. If you look in the upper right corner, you should see a line that looks like:
2.4GHz | 5 GHz
This allows you to switch between each radio's configuration settings. (I'm running version 1.2.4; earlier versions just put the 5GHz radio settings underneath the 2.4GHz radio settings.) Click on the 5GHz to show that radio's settings. repeat the steps in this section for that radio, with a few differences: specifically, use a different SSID and a different password. Everything else can remain as set above, or on the defaults.

Step 7: Set Up the Time
At the bottom of the left menu is a tab called System Tools. Select that, then select Time Settings. Select your timezone, then hit Save.

Step 8: Reboot
Click the Reboot icon in the upper right corner of the configuration page, then wait. This step is critical, as if there are any settings that did not get saved, they will be lost the next time the router loses power.

Step 9: Test
You should now be able to connect to the Wireless, and access the Internet.