----- Original Message -----
From: "Måns Nilsson" <mansaxel@besserwisser.org>
05:45:55PM -0400 Quoting Jay Ashworth (jra@baylink.com):
----- Original Message -----
At all possible cost, avoid login or encryption for the wireless.
Yes, and no.
<snip>
Just keep in mind that every action you make the visitors have to perform to get Internet connectivity is a support workload.
I understand entirely. That was the reason for my "remember each MAC address for the entire event" approach to captive portal. I forsee the guests entering a code from their event badge the first time they use each device. Unlike most events, I also forsee a single page "How to use our Internet connectivity" sheet that actually tells you what you need to know. :-)
(For example, I have no problems blocking outbound port 25 and redirecting recursive DNS -- though I do want a system that permits me to whitelist MACs on request. But I would do those on the guest and dealer nets, and not on the staff one.)
Remember that DNSSEC breaks quite easily if you redirect DNS and since this is three years in the future, the uptake on DNSSEC may well have hit the point where there is visual feedback on validation in client UI.
Good point.
While things have become much better, doing 802.1x on conference wireless probably is a bit daring. OTOH eduroam does it all over Europe.
If I did try to do that, it would probably only be on the staff network; it's a much more contrained environment.
It'll work much better there, and FWIW, will be a little yet perhaps effective speedbump for intruders.
Was my plan, yes. This isn't, really, defcon. :-)
And get v6.
Yeah, I assumed that, though it will be interesting to see how much play it actually gets; these are SF geeks, not networking geeks.
Again, even in North America, the uptake may well have accelerated enough that it is To Be Expected. Besides, IME, SF geeks are computer savvy more than others.
I've heard that asserted. I'm not certain to what extent it's actually true.
Oh yeah. I'm fond of leases as short as 30 minutes, though if I have a /16, I won't care as much.
A couple hours will get the user over a lunch break if not overnight, which means that long TCP sessions survive on Proper Computers (that don't tear down TCP on link loss. I'm looking at you, Microsoft!).
Well, I'm a firm believer in Least Recently Used, so as long as my DHCP block is larger than my userbase, everyone will have the same address all weekend anyway.
This is Really Nice. Open up computer from sleep and press enter in xterm and ssh session is up. (my personal record is for telnet, an untouched connection survived two taxi trips, one night, some NATed wlan at the hotel and when i got back to the right network I just plugged the cable in and continued in the same session. But I cheated and had fixed addresses.)
Nice. :-) Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274