July 2018

Creating both an internal and a guest Wi-Fi network on a Sonicwall

I have a hate-hate relationship with Sonicwall. They’re annoying when they don’t work. I recently had to conjure up a procedure about how to configure a new Wi-Fi enabled Sonicwall with two different Wi-Fi networks, one for internal use, and the other isolated for guests. Here is that tutorial. It assumes an out-of-the-box Sonicwall config, starting with the initial setup wizard…

 

1. When going through the initial setup wizard, do NOT specify any Wireless settings.

2. For the internal wireless, use the Wi-Fi wizard. Set its IP Assignment to “Layer 2 Bridged Mode”; bridge to X0. Give it a useful SSID and be sure to use the WPA/WPA2 mode and give it a password. Do NOT create an additional virtual AP in this wizard.

3. Go to Zones, then Add a new zone. Set its security type to Wireless. Defaults are fine; if you’re being fancy, the Guest Services page allows for a captive portal to be set.

4. Go to Interfaces, then Add Interface, and choose Virtual Interface. Assign it to the Zone you just made, and give it a VLAN tag (10 is what I tend to use). Make its parent interface W0, and set its subnet mask to something bigger than a Class C (255.255.252.0 is what I tend to use). Click OK, and confirm the notice saying the Sonicwall can’t be configured from the VLAN.

5. Go to Network->DHCP Server. Click ‘Add Dynamic’. Check the ‘Interface Pre-Populate’, and choose the VLAN you just made. Go to the DNS tab, and add some public DNS servers, especially if you’re in a network with a domain controller.

6. Go to Wireless, then Virtual Access Point. Click ‘Add’ under the Virtual Access Point section. Give it a name and an SSID, and set the VLAN ID to the one you made earlier. Under Advanced’ settings, set the Authentication type to WPA2-PSK, the cypher type to AES, and the ‘Maximum Clients’ to 128. Add a passphrase, then click OK. Also, you might want to edit the original SSID to allow 128 wireless clients as well, instead of the default 16.

7. Still in the Wireless->Virtual Access Point area, Edit the “Internal AP Group” in the Virtual Access Point Groups” section. Add the additional SSID you just created to the Internal AP Group. Click OK to exit.

8. Go to the Wireless->Settings area. On the drop-down labeled “Virtual Access Point Group” on the bottom, select the Internal AP Group option. Click Accept on the top.
(note: if you get an error saying “Status: Error: Too small 802.11 Beacon Interval for Virtual Access Point”, go to Wireless->Advanced, change the Beacon Interval to 500, and try this step again).

It will take about one minute for all SSIDs to be visible to devices…but you will have properly configured everything when you are done.

The Update Virus

We live in a technological world where ‘updates’ are basically an expectation of virtually anything connected to the internet, and I’m uncertain that it’s the best thing for a number of reasons.

I was discussing this with a friend of mine last week. We were discussing how previous generations of video games didn’t have an update mechanism. If the game had bugs on the day when the cartridges were programmed or CDs were pressed, players got the glitches, and the game’s reputation would reflect them. This gave incentive for developers (both for games and other forms of software) to do a good amount of quality assurance testing prior to release. The ship-then-patch model has removed lots of QA testing, letting the initial players’ complaints and Youtube uploads from paying customers fill the gap. In other words, it has created an incentive for companies to use paying customers, rather than employees, as QA staff.

 Mobile apps have gotten just as bad. With pervasive LTE, apps have less incentive to optimize their code, leading to situations like the Chipotle App requiring nearly 90MB of space. This could be done in maybe 10MB of code (arguably less), but instead there’s a whole lot of unoptimized code which reduces available storage for users, increases the likelihood of bugs, and the interminable cycle of storage management for folks with 16GB of storage – a near-infinite amount just 20 years ago. Moreover, update logs used to describe new features, optimizations, and specific bug fixes. The majority of change logs have devolved into saying little more than “bug fixes and improvements”. Is the bug I’m experiencing on that got fixed? The fact that the Netflix app will no longer run on a rooted phone isn’t something that made it into a change log. Yet, with basically no information, many people allow desktop applications and mobile apps to update themselves with little accountability.

The fact that both Windows and many Linux distributions perform major updates at a semi-annual cadence is itself telling. The PC market has been fragmented for most of its existence. Even after it became the Windows/Mac battle (RIP Commodore, Amiga, and OS/2), there was a span when a person’s computer could be running Windows 98SE, 2000, NT, ME, or XP. Yet somehow, in a world prior to lots of things just being a website, and where users could have dial-up or broadband, and a 233MHz Intel Pentium II (introduced in May 1997) or a 1.2GHz P4 (introduced in January 2002), 64MB of RAM or 320MB of RAM, a hardware GPU or not, 640×480 screen size through 1280×1024. In a far more fragmented computing landscape, it was possible for software developers to exist and make money. There was little outcry from end users expecting “timely updates” from Dell or IBM or Microsoft. The updates that did come out were primarily bug fixes and security patches. There weren’t expectations upon software developers or hardware OEMs to list “timely updates” as a feature they were aiming to achieve.

So, why do I call it the ‘update virus’? Because the major OS vendors (Apple, Google, Microsoft) are all getting to the point where constant updates are an expectation, they’re not just ‘security updates’ but ‘feature upgrades‘. Many end users and fellow technicians I interact with have a condescending mindset towards those who choose otherwise. At first glance, I can’t blame people for being okay with new features for free, but the concern I’ve got is how monolithic it is. It is not possible to get only security updates on any of the three major platforms. UI changes are part and parcel with that. All three operating systems have gotten to the point where there is no “go away” button; Android’s OS release options are “update now” or “remind me in four hours”. Really? Six nags a day? No user choice in the matter? There was a massive outcry when Lollipop came out; the massive UI changes were difficult to deal with for many. There were more than a few reports of measurably decreased battery life. I recently bought a tablet for my mother where updates made it impossible to access the Play Store; my only option was to root the tablet so I could disable the update, because the stock firmware ran fine. Is this truly an improvement? 

Now, most people will argue “but security! but malware!”, and to an extent, they are right. Expecting users to manually disable SMBv1 for the sake of stopping the infamous Wannacry ransomware from spreading is certainly the epitome of ‘wishful thinking’. By contrast, I recently had a situation where the laptop I use for controlling my lighting rig when I DJ failed to Windows Update immediately before the event, getting it stuck in an unbootable state and making it impossible to use for its intended purpose. On what basis is that behavior not precisely the sort of thing typically associated the very malware from which Windows Updates are purported to protect?

 

Ultimately, I like “good updates”. Whether it is because they fix security holes or because they optimize a feature, I am very much in favor of good updates. I do not like “bad updates” – the ones that break an OS installation, or install at the worst possible time, or massively revamp the UI without a “classic mode”, or similarly prevent my devices from performing their intended function. With no way to determine the good ones from the bad, updating has gone from a best practice to a gamble.

And if I wanted to gamble, I’d go to a casino.

10 lines to annoy annoying parents

So, I’m not a parent. I have no intrinsic desire to become a parent. I applaud those who become parents, and my heart goes out to those who wish to become parents but are unable to do so.

That being said, a whole lot of people don’t seem to understand why I feel the way I do. I have thus compiled this list of things to say, which generally help even the score.

“I have only seen Frozen twice. I have only seen Moana once. Also, I do not know the theme song to Doc McStuffins, Paw Patrol, Sofia the First, or My Little Pony. Did I miss the show your child is into? Sorry, it’s been a few months since I’ve watched Nick Jr.”

“I had seven uninterrupted hours of sleep last night.”

“Know who was responsible for the last five spills in my house? Me. Also, three of them happened during the Obama administration.”

“Sure, I can cover lunch. I’ll take it out of my nonexistent diaper budget.”

“If I’m amidst an argument that defies any logic, it’s probably with a client…who pay me hundreds of dollars an hour to tolerate their drama.”

“Sure, it’s possible I’ll change my mind. It doesn’t happen multiple times daily, though.”

“I haven’t done laundry yet this week.”

“My carpet is stain-free.”

“I had exactly what I wanted for breakfast, after waking up when I wanted.”

“I woke up to a bunch of noise this morning as well. The construction crew across the street will be done in about a month, though.”

x  Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security