I volunteered to be a helpful bridge between Big Ed and the mesh group.
Hopefully the email below will give whatever information people want to
make use of his beta testing.
tl;dr he says that when logging into the
peoplesopen.net wireless network
provided by the ubiquiti, he is able to access the computers in his house,
which he does not want people to be able to do without any credentials.
his home router (into which the ubiquiti is plugged) is setup thusly:
"IP Address:
192.168.xxxx
Subnet Mask:
255.255.255.0"
I hope this is helpful information for the project.
love
-jake
---------- Forwarded message ----------
Date: Fri, 20 Feb 2015 16:50:33 -0800
From: Ed Biow <biow(a)riseup.net>
To: Jake <jake(a)spaz.org>
Subject: Re:
peoplesopen.net router
On 02/20/2015 12:43 PM, Jake wrote:
hey Ed, jake here
can you tell me as much detail as possible about your network setup, and the
problem you described as that the
Peoplesopen.net router was exposing your home network?
I have
sonic.net DSL now, but I didn't want to pay $6 a month to rent their crappy
modem-router, so I RMAed it and switched to a Motorola 2210-02 DSL Modem which I had
lying
around paired with a cheap 300Mbps Wireless 2T2R Router RNX-N300RT with the standard
proprietary firmware which hasn't been updated in 3 years. The router supports
OpenWRT
(which I've used in the past, but haven't set up on this guy, which I've only
been using for a couple of months after my old router died). The wireless router is
running
WPA-PSK 11bgn mixed and there is cat 5 cable going around the house from the router and
also, to the Ubiquity to give it a connection.. WPS is enabled, whatever that is. Most of
my computers use static IP addresses so I can easily SSH in to them from wherever. The
WAN connection type is Dynamic IP. My router's local IP address is 192.168.xxx.xxx,
and
I have reserved the 192.168.xxx.100-200 range for static IP addresses, but my laptop does
DHCP. The low numbers of the subnet are assigned for DHCP.
LAN
MAC Address:
xxxxxxx
IP Address:
192.168.xxxx
Subnet Mask:
255.255.255.0
Wireless
Wireless Radio:
Enable
Name (SSID):
BuckFiden
Channel:
Auto (Current channel 4)
Mode:
11bgn mixed
Channel Width:
Automatic
Max Tx Rate:
300Mbps
MAC Address:
xxxxxxxxxxxxxxxxxx
WDS Status:
Disable
WAN
MAC Address:
xxxxxxxxxxx
IP Address:
142.254.19.7
Dynamic IP
Subnet Mask:
255.255.255.0
Default Gateway:
142.254.19.1
DNS Server:
208.201.224.11 , 208.201.224.33
for example, what is the IP structure of your home network? what's the router
address and IP range? and the
peoplesopen.net router is plugged into that, correct?
and your home router is, i assume, plugged into the comcast or AT&T device,
which is providing a single IP address (via DHCP) to your home router?
I will try to get it fixed for you (although you may have to plug it in or bring it
to a mesh meetup)
I brought the unit to the mesh meeting last night and left it with Mark & Jenny. The
cardboard box is more or less falling apart, but the unit and the dongle and antenna are
all
there.
I have a home server running Trusty that has my files on a couple of encrypted hard drives
set up with a number of samba shares. Some shares are RO, some are RW, some are
hidden, one is open to writing by guest accounts without too much security (to have a
convenient place to dump files from untrusted sources). My computers are set up to
automount one of the samba shares at boot from the fstab (not an incredibly secure
process, if someone got physical access to one of my unencrypted computers they could
figure
out the samba PW, though I did take some efforts to make that more difficult.
So I set up the Ubiquity with a piece of CAT 5 coming from one of my switches, and logged
in to the administrative SSID along with the
peoplesopen.net one, and from either one I
could mount my LAN share with a simple "mount -a" (since the share is listed in
the fstab). Most of my network shares do require a username and a password but I also
left a RO
share open to guests to browse for Windows software (mostly open source, but some
proprietary freeware) to make it easier to download stuff to clean up friends' Windoze
boxen
that have nasties on them). Even a password isn't a whole buttload of security.
Is there any other information that would be helpful? I suppose I should install OpenWRT
on my personal router, but I don't see what difference that would make. I've got
a
couple of samba shares set up on the black box under the server stack we can test things
on, we can just plug the Ubuiquity into that switch under the server room, I guess.
On that note, I took the white computer home to swap out the motherboard with one that
doesn't have problems with shitty firmware that makes it lose its KVM signal, though
I
plugged in a HDMI cable to the TV along with the VGA, and then when I went back to that
white machine (Spartacus) the GUI signal was restored. Unfortunately, the Hitachi Plasma
TV is FU, it has a broad band running down the middle after running for a bit. We took it
off the wall yesterday and someone whose name I don't know (short, longish beard)
took
it apart and cleaned it out, though it isn't back on the wall. The next time I'm
in the sudoroom for a couple of hours I'll test it and see if that fixed it, but I do
have an
intact 32" TV at the room that could live there, as well.
Also, I brought some really nice speakers with a sub woofer to the room, that have an
issue that you are probably equipped to address, one of the tweeter speakers doesn't
work
properly unless you get all touchy-feely with the green plug that goes in to the source.
They are in a box over by the TV, the subwoofer has plastic made to look like wood
grain. Maybe you can fix it up, and we can stick it somewhere in the sudoroom, bolted to
something, so no one thinks it is hackable and free for the taking.
As to the computers under the server room, I took my friend Tina Flores to the room today
to look over the computers. She's been speaking to some friends who just got back
from
Havana. She says that eCAP (which handles imports of donated items to Cuba) is
overwhelmed now because of offers of solidarity in the wake of Obomba's speech calling
for less
restrictions on interaction with the island, and will take a while to get back to us on a
new license, but she sent something to some folks over there detailing what we have,
and is doing the paperwork for a July shipment (we're looking at a half container, at
least 100 machines, if the Cubanos want them). Lisa Valente, president of the US-Cuba
Sister City Association yakked to some dude at the international desk of the Assemblea
Popular, and they are definately interested in computers, & I can probably round some
more
up at OTX West or ACCRC (now that James is gone). Another medical delegation is going over
at the end of March & Tina & I are writing a letter to see if ELAM would like
some
machines. BTW, Tina is planning a program and reception at the end of April for the Cuban
ambassador (once they accredit one) at Oakland City Hall, if you are interested. I told
her I might be able to book the Ballroom, but she thinks she can get the City Hall rotunda
for free (she is somewhat connected to some local politicritters, in specific, Barbara
Lee, who she's worked for).
https://localwiki.org/oakland/Oakland_Sister_Cities_Program
http://www.washingtontimes.com/news/2009/aug/09/cuban-spies-continue-to-exp…
http://en.wikipedia.org/wiki/ELAM_%28Latin_American_School_of_Medicine%29_C…
In any case, I'm in the process of roofing over and walling up an old kennel in my
back yard, so within a week or two I should have a place to move the computers if you
think
the sudoroom needs that storage area. See attached photos.
Ed
7
note: I am NOT officially part of the mesh group in any way, i am just trying to
help.
thanks
-jake
--
+++++++++++++++++++++++++++++++++++++++++++
Now and then an innocent man is sent to legislature. - Kin Hubbard
Edmund J. Biow
328 Haddon Road
Oakland, California 94606
(510) 763-0591
(415) 623-6473 New Cell Number
biow(a)cubasolidarity.net - biow(a)riseup.net - biow(a)sonic.net - ejbiow(a)gmail.com -
ebiow(a)yasashi.net
To subscribe or unsubscribe to the lists I manage send an email to the following:
Subscribe:
occupyoakland-subscribe(a)lists.riseup.net
oaklandprivacyworkinggroup-subscribe(a)lists.riseup.net
civilizethecops-subscribe(a)lists.riseup.net
occupyoaklandkitchen-subscribe(a)lists.riseup.net
Unsubscribe:
occupyoakland-unsubscribe(a)lists.riseup.net
oaklandprivacyworkinggroup-unsubscribe(a)lists.riseup.net
civilizethecops-unsubscribe(a)lists.riseup.net
occupyoaklandkitchen-unsubscribe(a)lists.riseup.net
(\__/) .~ ~. ))
/O O ./ .'
{O__, \ {
/ . . ) \
|-| '-' \ } )) Warning squirrels: Einstein is on the prowl
.( _( )_.'
'---.~_ _ _&