About
When I was 46 I started writing essays on life, or the state of the human condition as I once called it. Because I was halfway between old enough to vote (21) and planned retirement (72) it was known as the "Halfway Point" series of essays.

Later when I mentioned the essays in one context or another on USENET, I got requests for copies and eventually for future essays. Thus the mailing list was born, and it moved to the Internet when that became widely available. At that time I moved to writing on a schedule, the 1st, 11th, and 21st of the month.

Now the trend is to "blogs," and read on demand. I am therefore making this available as a blog, and we shall see if people read it here, or by mail, or not at all.

My other writing
OddLinks - informal comments

Subscribe
Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.

Links
These are a few of my favourite links.

Windows7 app presents possible security issues (10:49)

I see that once again the "what could possibly go wrong" syndrome has struck. It seems that Windows7® has a feature allowing multiple systems to share a single network connection using an application called "Virtual Wi-Fi" for connection. This allows a computer to be connected via hardwaire or Wi-Fi link, and at the same time serve as an Access Point (AP) for other systems to use. It's not clear from descriptions if this is done by making the system an independent AP on its own, or by use of the 802.11s "mesh networking" protocol.

And it doesn't matter! The point is that this allows multiple systems to share a connection, even if the connection is to a private internal network. The Network World article describes this, there are other articles such as this one at livescience.com presenting other ways of looking at the capability.

The original Microsoft project was aimed at allowing connections to multiple APs, or at least that's my reading of the description at the Microsoft® site. It's not that the idea is bad, but that the security implications are not obvious, and people may use it without realizing that it opens a network connection, which might be heavily secured, to pretty much unrestricted access. Worse yet, the packets injected to the network have the IP address and MAC address (hardware identification) of the system running the application, with no trace back to the machine getting the data. Imagine for a minute that a proprietary document is downloaded and leaked, and your laptop was the only machine accessing that data in several weeks.

Linux users have had support for the 801.11s (mesh) protocol for a while, over a year, but

1. if there's a simple application to enable I didn't find it
2. Linux users tend to be a bit more technical than Windows users
3. packet forwarding is not enabled in any default user release I've seen
4. Linux also has easy to use support for encrypted VPN connections, making it easier to limit who can connect and what can be seen by unauthorized parties.
   Note: don't read that as "no possible problem," just "easier to avoid the problems."