Installer inadequacies

[Tim]

On Mon, 2013-01-21 at 17:15 +0100, Reindl Harald wrote:

...complete snippage of what indicates why he gets moderated...

The original topic /was/ what it was, and still is, the offshoot thread
is what /that/ is, separately.  That's how mailing lists work.  People
discuss the bits that they discuss, in the parts of the thread that they
want to.  In general, replies are *to* *the* *list*, about whatever was
written in the message, far more than specifically to a singular person,
get used to that.

You argued a point, and I replied to it specifically.  It just happened
to be you.  Previously, a message or two up the thread, it was someone
else.  Next you argue that the thread was about something else, and I
don't disagree with that.  But you had changed from the original topic,
too.  Pot, kettle, black.

The following is not specifically for you, but it's clear that you need
to understand it, as well other people reading this list need to
understand it.

                  -----------------------------------

Whether it's a bug, or not, that the <whatever> (as appropriate to many
different networking related discussions) cannot handle SSID was not
what *I* was talking about.  It's certainly a problem, though, and
people keep arguing against the easy solution, for all the wrong
reasons.  That was the main thing I touched upon.

Security by obscurity is a false belief,
it's better stated as insecurity by placebo,
or delusion by stupidity.

Hiding an SSID can "never" prevent a connection, it's just as useless as
sticking a piece of paper on a terminal with "do not hack" written on it
- completely ineffectual.  Hiding it doesn't even prevent discovery of
the access point.  It doesn't require hacking skills.  It's not even
reliable against accidents.  And networking accidents are going to be
the main experience of users with hidden SSIDs, more than hacking is.

Anyone who follows this bad advice will believe they've secured their
system, when they haven't.  And, quite rightly, will say that they've
been lied to, the moment they realise that they suffered because of it.
Placebos are not harmless, they actually do cause harm when the person
being fooled doesn't get what they actually need.

Security by layers is increasing security by stacking actual security
measures on top of each other.  A well-enforced password (choice of
password, and requiring its use in appropriate places) is a security
measure.  Strong encryption is a security measure.  Requiring both is an
example of increased, layered, security.  Tacking on another procedure
that isn't actually a security measure doesn't increase security, at
all.  And can even be more than just a waste of time.

Hiding an SSID does cause network problems.  It was a technical
requirement, and networking software was written depending on its
presence.  Even when /some/ software can work without it, because other
methods may be used to identify it, there's still a human level that
requires it.

For example, I can turn on my computer, and find that I'm surrounded by
three "unnamed access points," and I do not know which one to use.
There's nothing that tells me which one is which.  I am left with trying
each one, in turn, to see which works.  And I may well connect to the
wrong one, and keep on using it, because it seems to work.  Next time
I'm presented with the same situation, I have to go through the same
process again, because there's no clues in the list.  Nor can I rely on
the access points being listed in the same order, so I can't just choose
what I thought I chose, last time.  And I can't even tell if it's the
same access points as last time, or whether any of them are different
ones.  That information is simply not shown to me in the menu of
choices.

Yes, I may be lucky in that my software can use another identifier to
connect to the same access point as last time.  But that's just luck.
My software may not manage it, simply because of the way it was
programmed.  Or the same access point mightn't be around, or active at
the moment my computer is trying to connect.

SSID is mean as an identifier, a name, for the access point(s), and
that's all it's for.  It's not a secret.  It's not part of security.
Telling people which network is which (via SSID, or other methods) is
not part of security.  This is a cold hard fact, and no false beliefs to
the contrary can change that.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.