Dave's Tech Blog
A Third Eye on Technology

As much as it would probably sooth the stiffness in my neck and shoulders from doing busy work inventorying computer equipment today, I’m going to try to not turn this into a sarcastic sounding slam against Microsoft… although they damn well deserve it.

I’ll just keep this very short.  Internet Explorer has once again dropped the ball in the realm of Internet security and it’s something that’s been present for over 48 hours already.  You can read about the problem via BBC’s website by clicking here.

The article states in bold letters at the top, “Security experts recommend switching to a rival browser until the problem is fixed.”  Need a rival web browser?  Download Firefox at www.firefox.com.  It’s free, faster and much more secure than Internet Explorer ever will be.  Seriously.  Why is it more secure, you ask?  Because it’s open-source, just like Linux.  But again… don’t wanna turn this into a “Microsoft sucks” bashing post.

Also, on the side, I should mention that I’ve see a LOT of Windows systems get hit with viruses in the last 3 weeks, a good chunk of which have come in from emails on Facebook.  Which isn’t to say that Facebook is bad.  It just doesn’t have much of an effective spam filter or virus scanner built into it.  You would think that after a few people have recieved the same spam from their friend whose computer was compromised, they’d start filtering messages with the same links, the same stupid subject line, and all the rest that comes along with basic social engineering-based viruses.  It’s what Yahoo and Google do.  So to you Facebook/Myspace users out there (and everyone else who doesn’t uses these services), be VERY cautious about clicking on links to websites you’ve never visited to before in email sent to you by a friend.  They may not have actually sent you something.  In fact, it’s possible their account password was phished, changed, and their account used as a lauch pad for spreading the same infection to other people (like you).  So be careful.

There’s a lot of buzz in the media today over Vice Presidential candidate Sarah Palin whose Yahoo! Mail account was recently compromised by an anonymous individual.  The breach occurred just before dawn on Tuesday, with many screenshots uploaded to the image forum website 4chan.org.  Unfortunately for those of you who are hoping for something juicy to fall out of this and into public scrutiny, there was nothing controversial to be found (so far).  So how did this happen?

An anonymous person, using nothing more than Google, Wikipedia and the “I forgot my password” questionnaire on Yahoo! Mail’s website was all it took.  Simple questions like, “What’s your birthday?” and “What’s your zip code” are examples.  A slightly more difficult question was, “Where did you meet your spouse?”, which took a little digging and some minor trial and error.  After about 45 minutes (according to the original poster), the account was compromised, the password changed to “popcorn” and then posted on 4chan’s /b/ forum for others to login to and confirm as being real.

So now everybody feels obligated to find someone to blame for this breach of security/violation of privacy.  Of course we could point blame at a nameless, faceless person who isn’t admittedly affiliated with any political party… but what’s the point?  You either know who the person is or you don’t and there’s even a chance they don’t even live in the United States (making it difficult to impossible to enforce the law).  In the meantime, we should start by noting that the questions that the attacker had to answer were rather easy, and that they were selected by Palin herself when the account was created.  Considering the fact that when the account was created she was already involved in politics (which mostly involves increasing your celebrity status), she should have thought to select more difficult, personal questions for the purposes of recovering a lost password.

The incident does bring up something broader:  Those of us who use the Internet for social purposes often leave behind a paper trail of fun facts that might be found with something as simple as a Google search.  I shouldn’t have to go on any further to tell you what info you probably shouldn’t post about yourself in a blog or forum somewhere.  Nor should I have to tell you, much less a government official, what questions should be selected during registration in the event you lose your password (of course, most people who are in the government have their own government hosted e-mail accounts that are subject to much stricter security policies… apparently Alaska didn’t get the memo).

So now you know how it happened and how it could happen to you if you ever plan to become famous or just have some half-assed blog like this one that almost nobody reads (except for Google’s robots).  We should be glad the emails that have leaked didn’t contain anything sensitive to national security (then again, you think she’s ever had access to such information?), and I’m betting Palin is literally counting her blessings for that very reason right now.  Not just because she lucked out on having her emails stolen by strangers located in who knows what country, but also because she can notch this up as legitimate experience with regard to national security (it’s practically a step up from claiming you know all about foreign policy because you can see Russia from your house).

Update:  An article detailing where the law stands on all of this can be found here:

DOJ View on Email Privacy May Hamper Prosecution of Palin Hackers

I should also throw out the ever so hypothetical rhetorical question:  Why was having this email account necessary in the first place?

Wow, it’s been over a week since I last posted in here.  Having been so long since I last posted, I had to muddle through over 100 comments, 99.5% of which were spam and maybe one legit comment… though it’s hard to say really because I wasn’t paying very close attention when I marked them all as spam.  So, sorry if you actually posted one recently and it didn’t end up on the site.

The Business…

I recently got my apology/bribe money from the government and I’ve been looking forward to investing that money into some business related expenses (such as advertising, because it would probably just offend someone to death if I spent it all on silly things made in China).  I’ve also been waiting on a friend of mine to declare whether or not he would be able to participate in a business venture with me, and it turns out he won’t be available.  The ideal role for him would have been project management and accounting (a boring desk job).  If I were him, I would have said no too (but in truth, he really will not have extra time to spare for it).  He’s going to be working a lot of overtime with a new employer this coming year so I’ll have to wait and see if he’ll ever be able to participate with me some time later.

On the bright side I have two other associates ready for work — one a web developer/programmer and the other a graphics artist.  My hope is to combine all of our skills to offer a new slew of online and offline services.  One project we hope to take on very soon is designing a new website for a rural K-8 school; it being the first site that shall utilize content management software.  The goal is to have a powerful interactive website that will allow teachers to administer their own mini-sites for each class, with students also able to put content on the site (provided their stuff is given approval by each respective teacher in advanced).  It is an ambitious project and we’ll have plenty of time over the summer to kick it around the sandbox.  We also intend to create websites in advanced and approach small and medium sized businesses with a site that’s more or less been designed for them.  We’ll also combine this with ready-made advertising packages which can even include original logos we custom design.  Toss in Ubuntu Linux-based office PCs custom built and serviced by me and we’ll have an attractive, versatile selection of tools many businesses will probably be interested in using.

No more CCNA?

A while back, I got into this habit of writing about wanting to get my CCNA networking certification.  I’ve lost the motivation to continue writing about this for the time being, mostly because I think it’s really boring (no, really!).  There are many aspects about computer networking that I love, but there’s also a good chunk that I don’t have a practical use for right now.  I’m not desperately attempting to secure a desk job somewhere so I can map subnets in Microsoft Visio, configure VLANs on serial interfaces, setup ACLs to filter network traffic and perhaps occasionally arm-wrestle with some absurdly obtuse/self-righteous HR department.  Computer networking is not an intimidating field of study and understanding the basics is about as complicated as understanding how the Post Office works.  But Cisco seems a little full of themselves at times.  You’ll know what I mean by this after you’re waist deep in the plethora of rediculous acronyms Cisco is continually pulling out of its ass.  Cheap excuses to procrastinate aside, I’m now more interested in web design and Linux.  The diploma I’ve already got and passing the tests necessary to get it is certification enough for now.

What’s new with Ubuntu?

I’ve been meaning to create a new video to show off Ubuntu 8.04, but very little about it stands out when compared to 7.10 (with exception to performance improvements, which are very noticeable).  One of the most hyped features, Pulse Audio, has turned out to be something of a disappointment (though this is just my opinion).  The decision to include it with 8.04 by default was likely made so as to help get the kinks ironed out before the next major release of Ubuntu in October, which is rumored to be sporting a sexy new theme that will compliment the impressive collection of special effects rendered by Compiz Fusion.  By then, the soon to be developed “glitch-free” version of Pulse Audio should already be in place.

What’s new with Dave?

Believe it or not, I’m reading Joseph Campbell’s “The Hero with a Thousand Faces“.  The book takes a deep look at the multitude of mythologies that have existed world wide throughout human history and highlights the similarities between them instead of the superficial differences.  I probably shouldn’t comment on it further until I’ve finished reading (which will probably take quite some time).  Ancient human history is something I’ve been interested in for a few years and the topic of mythology adds an informative and sometimes entertaining layer.  After finishing it, I hope to plow through Julian Jaynes’ “The Origin of Consciousness in the Breakdown of the Bicameral Mind”.

Today we’re going to talk about Layer 4 of the OSI model, also known as the Transport Layer. The transport layer is responsible for establishing either “connectionless” or “connection oriented” conversations between two nodes. It is also responsible for flow control, congestion avoidance, and error recovery.

A connectionless connection is analogous to sending a letter via First Class mail. You drop a letter off at the post office with the trust that they will be able to deliver it to the destination, but you are not given any other automatic notification about the status of the letter or whether or not it arrived. UDP is most often used for these types of connections. The header of a UDP packet contains the bare minimum amount of information to save on bandwidth. UDP is generally the protocol used in transmitting voice and video across a network. This is because there is no time to re-send lost packets when listening to someone or watching a video in real time. Error correction (if any is to be used) depends on higher layers to detect and send requests for retransmission.

It is important to note that while two computers can talk back and forth to each other using UDP, they are still working in a connection-less fashion.

A connection-oriented protocol such as TCP use many more tools to ensure packet delivery, and is analogous to sending via Certified Mail. With certified mail, you are given a receipt that says when a packet has successfully arrived at it’s destination. The header of a TCP packet contains much more information for services that operate at Layer 4, like flow control for instance.

The first thing that happens with TCP is a three-way handshake. One computer says to the destination computer (via a SYN packet), “Can I talk to you?” The destination computer replies back with a SYN/ACK packet, “Can I talk to you? And yeah, you can talk to me.” Finally the first computer replies to the second computers question with another ACK packet that says, “Yes, you can talk to me.” The purpose of this is to ensure bi-directional communication is possible between the two nodes. A conversation is closed with one FIN packet and one ACK packet being sent to the receiving end, and the receiving end responding with an ACK packet.

Let’s say the first computer (we’ll call N1) is sending three packets of data to N2. Each of these packets will have a sequence number assigned to them by Layer 4, correlated to the number of bytes sent in each packet. Let’s say first packet arrives at the destination with 1024 bytes of data. The sequence number for this packet will be 1024. The receiving end will then send back an ACK packet with an incremented acknowledgment number based upon the sequence number of the last packet it received. So the ACK number it sends back in this case is 1025. To the sender, an ACK number of 1025 means “I have received all bytes before 1025 and I expect my next packet to be seq 1025″. This is called Forward Acknowledgment, and the receiving end could send back ACK packets for every packet it receives. But that would eat up a lot of bandwidth.

So what we have to help keep overhead down is something called a delayed acknowledgment. An example of a delayed ACK is when the three packets arrived at the receiving end, and the receiving end responds with one ACK 3073 packet (1024 + 1024 + 1024 + 1). This tells the receiving computer, I’ve gotten all data up to byte 3072, I expect 3073 to be next.” The number of packets that can be received before an ACK packet is sent back to the sender can vary due to things like congestion windowing, explained below.

Now lets say that for some reason, the network device on the receiving end was so busy, it could only handle the first 2 of three incoming packets. Since the buffer is now full, and it cannot receive more data for now, it will send back an ACK of 2049 (1024 + 1024 + 1) with a Window size of zero. This basically tells the sending end to wait until it gets another ACK 2049 with a Window greater than 0.  A Window is a value set in the TCP header and it is indicative of the receiving ends’ data acceptance capabilities.

N2 isn’t the only device that may become overwhelmed by incoming traffic. Routers in between the two computers may also be choked by heavy traffic, and cause buffers to become full, and packets to be dropped as a result. A process called slow-start is used to help “feel the network out”. Basically, the sending side starts with one packet, gets an ACK, then sends twice the data it did last time, gets the ACK for that, doubles the data again, and this goes on and on until the ACK the sender gets back indicates that the capabilities of the networking equipment from end to end have been maxed out. This is why, when you start downloading a file from a web server, it typically starts of slow for a second or two, climbs higher, until reaching some sort of average data rate.

The TCP header also utilizes length and checksum fields. If there is a discrepancy between data being sent and either the length or the checksum, the bad packet can be resent by decrementing the ACK number back to the last known good packet. The sender won’t know the packet was corrupted. It will just think it never got there in the first place and resend the bad packet.

Sequence numbers are also used to reorder data back together for the higher layers.

I’m sure I’m leaving something out, but the important thing is that you understand the difference between connectionless and connection-oriented protocols. Future CCNA posts will concentrate on a great deal on the Cisco Internetwork Operating System. Fun fun!

Today we’re going to talk about Layers 2 and 3 of the OSI reference model.

First layer 2, the Data Link Layer.

Strait from Wikipedia:

Logical Link Control Sublayer

The uppermost sublayer is Logical Link Control (LLC). This sublayer multiplexes protocols running atop the data link layer, and optionally provides flow control, acknowledgment, and error recovery. The LLC provides addressing and control of the data link. It specifies which mechanisms are to be used for addressing stations over the transmission medium and for controlling the data exchanged between the originator and recipient machines.

Media Access Control Sublayer

The sublayer below it is Media Access Control (MAC). Sometimes this refers to the sublayer that determines who is allowed to access the media at any one time (usually CSMA/CD). Other times it refers to a frame structure with MAC addresses inside. There are generally two forms of media access control: distributed and centralized. Both of these may be compared to communication between people:

• In a network made up of people speaking, i.e. a conversation, we look for clues from our fellow talkers to see if any of them appear to be about to speak. If two people speak at the same time, they will back off and begin a long and elaborate game of saying “no, you first”.

The Media Access Control sublayer also determines where one frame of data ends and the next one starts. In a snail-mail network, each letter is one frame of data, and one can tell where it begins and ends because it is inside an envelope. One might also specify that a letter will begin with a phrase like “Dear Sir”, and ends with a phrase like “Yours faithfully”.

————–

Direct communication between a router and a PC, or a PC and another PC, uses MAC addresses for communication. Also used is CSMA/CD, or Carrier Sense Multiple Access/Collision Detection. When a packet is about to be sent out on a network the wire is checked for a signal to see if anybody else is transmitting data over the wire. Kind of like the way you look both ways before proceeding past a stop sign on a street.

If another transmission takes place at the same time, the voltage on the line will spike and be detected by all those on the wire. A 32 bit long jam signal is then sent out, and all network devices start the Backoff Algorithm. This basically makes every computer shut up for a random period of time. The first one with the lowest random waiting time interval will then attempt to send data after their waiting period is up. If a client experiences more than 15 failed attempts to transmit data due to collisions, it will proceed to let the upper OSI layers deal with the problem.

These days, almost nobody uses Hubs, and instead use switches and routers. Switches dynamically create dedicated virtual pipes between computers on a network. This way they can send and receive data between each other without worry of a collision occurring. The ability to both send and receive data at the same time is called Full Duplex communication. Half Duplex is where you can send and receive, but only one at a time.

There’s also the ARP request. Basically, if a computer is trying to send data to another computer on a local area network (LAN), it knows what the IP address is, but not the MAC address, it will send out a broadcast ARP request asking for the MAC of the target IP address. The target host will see it’s own IP address with a ? in the target MAC address field, and reply to the source MAC to say, “Hey, my MAC is xx:xx:xx:xx:xx:xx” The source host will then proceed to send data using the targets MAC address. Other hosts on the network, when they hear packets destined for a MAC address other than a broadcast address or their own MAC address, will discard the packet.

———————

Layer 3 – The Network Layer

The purpose of the network layer is mostly to handle end to end transmission of a packet over the Internet…. Here. Think about these terms real quick:

City and Zip = Network IP Address
Street = Host IP
Name = MAC Address

This isn’t absolutely accurate, but you get the idea (I hope). If you can imagine what the Postal Service basicly does, then you can handle the above.

An IP address is made up of 32-bits (one’s and zero’s). This string of numbers is represented to us humans in decimal as 4 seperate octats. An example of a common local IP address is 192.168.1.1 — This address is actually two addresses. Part of it is the Network IP, and the other part is the Host IP. This is determined by the Subnet Mask being used. The default subnet mask for 192.168.1.1 is 255.255.255.0, or “24 bit”. It’s 24 bit because 255.255.255.0 in binary looks like 11111111.11111111.11111111.00000000.

Don’t hurt yourself thinking about this too much right now. Just know that 192.168.1.0 is the Network IP to us, and the .1 at the end of it is the part of the address that pertains to the target computer (host).

The three most common IP address ranges seen are:

• Class A – First Octet of the IP address ranges between 1 – 127 with a default 8-bit (255.0.0.0) subnet mask.
• Class B – 128 – 191 with a default 16-bit (255.255.0.0) subnet mask.
• Class C – 192 – 223 with a default 24-bit (255.255.255.0) subnet mask.

IP Fragmentation is something that occurs when packets of data must traverse a network whose Maximum Transmission Unit is smaller than the size of the packet. Data that is fragmented will stay fragmented into smaller chunks until they all arrive at the destination for reassembly.

That’s all for now.

Today we’re going to learn about the OSI 7-Layer Reference Model. Here’s a great link for reading about it (more links below too). This model exists for the purpose of simplifying the complex task of thinking about how data is transported over a network, and is used to help networking professionals troubleshoot problems. Here are the layers:

7. Application (Programs, such as a web browser, or chat client
6. Presentation (Data Formatting)
5. Session (Distinguishes individual sessions of communication; port numbers)
4. Transport (Splits outbound data into chunks called packets; responsible for end-to-end connectivity)
3. Network (Logical addressing, TCP/IP)
2. Data-Link (MAC addresses, CSMA/CD, LLC, Binary transcoding)
1. Physical (01101101)

Think of the very top layer (the application layer) as the actual programs you use on your computer, and the very bottom layer being the physical means (electricity, light, radiowaves, etc.). The image below helps to demonstrate the encapsulation process that takes place as data passes down through the 7 layers:

Let’s pretend I’m running a piece of chat software and talking to someone else through the Internet (I’m on the left of the above chart, and my chat buddy is System 2 on the right). I type something, press Enter, and what I type begins a journey down the series of layers. From the Application layer, my text passes through the Presentation layer which formats my text into ASCII characters (or whatever the application I’m using prefers) and passes it down to the Session layer. The session layer assigns a number to distinguish this individual (brief) data transmission from others. A small chunk of data is then appended to the front of the containing this session number tag (called a port number).

Layer 4 on down are considered the “lower network layers.” …and to be honest, I’m too lazy to write anymore about it. I’ll be focusing on the lower three layers more closely in the next blog. Use the links at the top for much more useful reading. (By the way, these CCNA posts are more or less for me later when I take the exam, so please excuse the poor quality of my notes).  In the end, the data the is received at the physical layer of system two is sent back up, and layer by layer, each encapsulated chunk is pealed off until finally reaching the top and presenting the text I typed on my computer on System 2′s monitor.

Up next:  A closer look at the Data-Link Layer, where we’ll talk about MAC addresses, the ARP protocol and Half/Full Duplex.

For some f—ed up reason, WordPress would give me a 403 error every time I tried to post something about access control lists. That last failed attempt at a post for this CCNA series was caused by the same problem: IOS command syntax in the writing. Really, I think that’s the problem. I can’t prove it for certain, but I can point to another WordPress bug that would do the same thing to people who wrote posts that included a couple of very common Linux commands.

So, yesterday after losing over half of what I wrote AGAIN, I copied and pasted my text to a word file first before producing that damn 403 error again. I reinstalled my whole blog twice, and the same error was being produced by that specific text. I didn’t have a problem posting other test blogs, or that other super long one I put up yesterday.

Anyway, enough ranting. Without further a due, here’s a link to the word file I wrote my notes into. Topics touched on are Advanced ACL’s and the Cisco Discovery Protocol.

Now….back to the mystery that is my day of trying to remember where I put that f—ing thumb drive!! Don’t you just hate it when you lose tiny stuff like that?

I was going to write a bunch of stuff in here about Access Control Lists and the Cisco IOS image files, but WordPress deleted all of my draft work I had saved up, and I’m not in the mood to retype it all. You probably weren’t gonna read that Greek nonsense anyway….

Here’s some good reading though:

• Backing up and restoring an IOS image file
• Cisco IOS access lists: 10 things you should know
• Q and A:  Wildcard Masks in ACL’s

We start with 3 basic layers:

1. Physical – (Cables, radio waves, binary 1′s and 0′s, etc).
2. Data Link – (Switch/Bridge devices/MAC address)
3. Network – (Routers)

Routers are the devices which are given the most focus. Here is the back of an example router:

The look of a router will vary greatly, but it’s function and purpose is essentially the same: Route IP traffic, as well as other management stuff we’ll discuss later.

Within the router is a Command Line Interface called the Cisco IOS. The traditional method used to access this operating system is to attach a rollover cable to the routers console port and the other end to a serial port on a PC. Then, using a terminal emulator like Hyper Terminal (included with Windows for free) to establish a serial connection. These settings need to be correct in order for the connection to work:

• Baud – 9600
• Databits – 8
• Parity – None
• Stop Bits – 1

The Aux port on a router can be setup to accept incoming connections from external devices like a phone modem, allowing for remote administration. Virtual Terminal ports can also be configured, allowing the administrator to set up any of the Ethernet ports on the router to accept incoming remote administrator telnet or SSH sessions.

When you establish a console session with a router, you begin in “user mode”, and you are very limited on what commands the router can accept from you. To escalate your privileges, you type “enable” and press enter. A password prompt can be configured later to ask for a password when this command is entered. A password can also be placed over the user mode as well, to prevent access by unauthorized users.

Tab-Completion of commands is supported, as well as ? inquires. If you type “con?” and press enter, the possible commands that begin with “con” will be displayed. If you type “config ?” sub commands that can be sent to config will be shown. This is handy if you forget your commands.

When a router first powers on, it goes through a Power On Self Test by loading a small ROM chip. This mode seeks out an IOS image file, which is the actual OS. The OS is usually stored on Flash memory.

To configure the router, you have to type “enable” to switch into Privlaged mode, then type “config term”. Then you can begin to configure other interfaces (more on that later).

Once you’re done with changing your configuration, you can save it to your startup config file by typing “copy run start”. You can also erase your config by typing “erase start”.

That’s all for now. More on the way.

CCNA stands for Cisco Certified Networking Associate. It serves as a foundation for other higher level certifications, such as the CCNP and CCIE. The school I recently graduated from provided me with all the knowledge I needed to prepare to take and pass the CCNA exam. Sad thing is, I never attempted to take the test, and essentially decided to opt myself out of it. I just didn’t really feel motivated enough. I was actually de-motivating myself a lot, so was my former employer (I hear they lost two major contracts and they laid off 50 people…had something to do with trying to save money on screws, I think. Darn!)

Let me explain a little more. I used to work for a factory that manufactures garage doors. I worked their for nearly 4 years, starting as a temp and working my way up to staff trainer in under 2 years. Then, one day the training department I was in was downsized. They tried to cover up what they were doing by slotting all trainers who were in soon-to-be-eliminated positions into available department lead positions and told them it was only going to be temporary. I was told that I would be in charge of the warehouse. The WAREHOUSE! Telling 10 other forklift operators what to do and cutting off my personal time even more (preventing me from going to school) didn’t sound like something I was just going to casually let them do to me; I didn’t feel like working 50 or 60 hours a week. So I told them I would rather demote myself than work in a position I didn’t feel interested in fulfilling. They obliged, and my pay was cut by about 3 dollars an hour. I had decided at that point I wasn’t going to work in a garage door factory for the rest of my life, and immediately began investigating their tuition reimbursement program…

I graduated from Kaw Area Technical School about 2 months after leaving that place, continuing to work on the weekends for the data center. And for me, that was enough to survive and pay the bills. I have had ambitions about starting my own tech support business, and as such I kinda slacked off when it came to having a desire to pay the 150 some dollars to take the final CCNA exam. I had already gotten a tech job in a good place with a good boss, and was happy basically taking it easy for a while. I partially felt that if I had kept in step with some other classmates after graduation that I might end up charging my way into being employed for more of the same types of people I despised when working at that garage door factory, which would also conflict with my desire to be completely self employed someday. I would tell myself, “If I’m my own boss, who cares what’s on my resume.” Kinda naive of me, but hey, live and let live. I’m only 25; I’ve got some time on my hands….

Recently, I’ve been churning up my desire to nail that CCNA certification to my wall, as well as go beyond it. CCNP is a must and I’ve also become interested in seeing what there is to get out of a CISSP certification. But that’s way down the road.

I am going to crash through the entire CCNA curriculum tonight, tomorrow evening and through the weekend, and report my progress here. I also intend to write a very skeleton sort of description of many concepts learned. I’ll then take the test, pass and post about my success here for you to read. This shouldn’t be very difficult for me, since most of the networking concepts taught are second nature to me these days.

So stay tuned. You’re going to get schooled in computer networking, and learn a few useful things you could use in the future. I’ll try to make it fun for ya too.