Subject: Re: Big Temporary Networks Date: Thu, Sep 13, 2012 at 05:45:55PM -0400 Quoting Jay Ashworth (jra@baylink.com):
----- Original Message -----
At all possible cost, avoid login or encryption for the wireless.
Yes, and no.
<snip> Just keep in mind that every action you make the visitors have to perform to get Internet connectivity is a support workload.
(For example, I have no problems blocking outbound port 25 and redirecting recursive DNS -- though I do want a system that permits me to whitelist MACs on request. But I would do those on the guest and dealer nets, and not on the staff one.)
Remember that DNSSEC breaks quite easily if you redirect DNS and since this is three years in the future, the uptake on DNSSEC may well have hit the point where there is visual feedback on validation in client UI.
While things have become much better, doing 802.1x on conference wireless probably is a bit daring. OTOH eduroam does it all over Europe.
If I did try to do that, it would probably only be on the staff network; it's a much more contrained environment.
It'll work much better there, and FWIW, will be a little yet perhaps effective speedbump for intruders.
And get v6.
Yeah, I assumed that, though it will be interesting to see how much play it actually gets; these are SF geeks, not networking geeks.
Again, even in North America, the uptake may well have accelerated enough that it is To Be Expected. Besides, IME, SF geeks are computer savvy more than others.
Oh yeah. I'm fond of leases as short as 30 minutes, though if I have a /16, I won't care as much.
A couple hours will get the user over a lunch break if not overnight, which means that long TCP sessions survive on Proper Computers (that don't tear down TCP on link loss. I'm looking at you, Microsoft!). This is Really Nice. Open up computer from sleep and press enter in xterm and ssh session is up. (my personal record is for telnet, an untouched connection survived two taxi trips, one night, some NATed wlan at the hotel and when i got back to the right network I just plugged the cable in and continued in the same session. But I cheated and had fixed addresses.)
Very nice, Måns; thanks.
My pleasure. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 He is the MELBA-BEING ... the ANGEL CAKE ... XEROX him ... XEROX him --