399 lines
37 KiB
Plaintext
399 lines
37 KiB
Plaintext
|
Episode: 723
|
||
|
|
Title: HPR0723: How to be a safe computerist
|
||
|
|
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0723/hpr0723.mp3
|
||
|
|
Transcribed: 2025-10-08 01:31:46
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
Hi everyone, my name is Klaatu and this is Hacker Public Radio, Urban Camping Episode 8.
|
||
|
|
This is the final episode, I think I said there were going to be seven or eight or nine,
|
||
|
|
so this is it, eight, the final one.
|
||
|
|
I waited a little while to do this one because I was actually getting a lot of listener feedback.
|
||
|
|
Well actually to date I think probably more listener feedback on this series than I've ever had
|
||
|
|
on anything else aside maybe from a blender tutorial or something, but a lot of people it seems
|
||
|
|
kind of found this idea really either intriguing or really similar to something they were doing
|
||
|
|
or whatever. I as usual have done a horrible job of collecting all of the things that I was
|
||
|
|
supposed to collect about you know what they all said to me, so I'll just say that generally
|
||
|
|
speaking people have said that it's a really neat idea, something that they would really like to
|
||
|
|
try, something that they intend to try at some point, and two things off the top in my head
|
||
|
|
that people mentioned were one that hack spaces are really really good for an urban camping or
|
||
|
|
would be really good, and I think that is true. I've only been in real life to one hack space and
|
||
|
|
that was the one in New York, Rochester, New York area, and it was really cool and I can imagine if
|
||
|
|
I was really really close to a hack space and it was really convenient to get to it, I would probably
|
||
|
|
spend a lot of time in a hack space, probably pay the membership, do or whatever, get a key,
|
||
|
|
and just hang out there basically all the time because that would be fantastic. As I said in my last
|
||
|
|
episode episode 7, that can be also a little bit of a curse because there is that kind of, oh I'm
|
||
|
|
a geek, I don't have to go outside, I can just sit at my computer all alone and hack all day,
|
||
|
|
and while that's really really great for focus sometimes, sometimes it's not so good for kind of
|
||
|
|
getting your mind to be thinking out of the box and just meeting new people, which you know,
|
||
|
|
I mean we're human, it's pretty important to do that at some point. So, hack space could be
|
||
|
|
really cool, it could be good for collaboration if there are other people hanging out there a lot
|
||
|
|
as well, it could be good for social events as well if it's an active, you know, kind of busy
|
||
|
|
hack space. So that was a great suggestion from a listener. Another listener told me about something
|
||
|
|
that I'd honestly never heard of before it's called co-working, and it's kind of an interesting
|
||
|
|
thing, I don't really know much about it, but it sounds like it's a building that offers
|
||
|
|
something called co-working membership, meaning that you essentially, you rent I think like an office
|
||
|
|
or a space where you can work, do all kinds of things. You get 24-7 access, this, the guy who told
|
||
|
|
me about this, says that he found a place that was $300 a month, and that essentially gets you
|
||
|
|
internet connection, probably like telephone connection, I imagine I don't know, he didn't say
|
||
|
|
that explicitly, and a little space where you could of course, since it's 24-7 access, you could
|
||
|
|
actually even sleep there, and you get to meet more people again, it's not quite a hack space,
|
||
|
|
but it's basically a hack space because there are other people there doing whatever people do in
|
||
|
|
office environments or working environments. So it's, that sounds really cool, I would, I would
|
||
|
|
have loved to know about that a long time ago, and I'm going to actually start looking for these
|
||
|
|
things in my area, because that sounds exactly like what I've been looking for for a very long time.
|
||
|
|
So that's really good to know about, thank you very much, everyone who's commented, it's been
|
||
|
|
really great feedback, lots of cool ideas, great recommendations about different backpacks, coffee cups,
|
||
|
|
all kinds of things, so that's really, really neat. Another thing that I was actually talking to
|
||
|
|
the last known god about from, at the Indiana Linux class, which I just got back from recently,
|
||
|
|
we were speaking about finding food, you know, just outside, being self-reliant enough that you can
|
||
|
|
actually just feed yourself from things that you find in that strange thing called nature,
|
||
|
|
whether it's mushrooms or just plants or fruit, whatever. Mushrooms you should obviously probably
|
||
|
|
stay away from unless you've taken a class in it, but there are people who know a lot about it,
|
||
|
|
and they can't teach you that sort of thing. Plants, there's a really neat little book that
|
||
|
|
my friend Scarlett got me called the Illustrated Guide to Edible Wild Plants, which was put out by
|
||
|
|
the Department of the Army actually, but she found it at an anarchist bookstore, a nice little
|
||
|
|
breach of logic there, or not, not really, it's just an unlikely combination, I guess. And it was
|
||
|
|
put out by the Lions Press, you can find their site at lionspress.com, and it's a book with
|
||
|
|
pictures and everything about all the different kinds of plants that you might find just out there
|
||
|
|
in the world that you can actually chow down on. And it's a really fascinating book, and I think
|
||
|
|
that kind of survivalism sort of technique. Who doesn't need that? I mean, that's just really good
|
||
|
|
stuff to know. It's our planet we live on, we might as well know what we can eat and not eat. So,
|
||
|
|
so check either that book out or something similar to it. It's a pretty interesting study,
|
||
|
|
but in this episode we're going to talk very specifically about hacking as an urban camper.
|
||
|
|
Obviously, the crowd listening to this series are most of them, I think, are probably interested
|
||
|
|
in computing, hacking, things like that. So, when you think about it, the idea of being an urban
|
||
|
|
camper, you suddenly, it's almost, again, an unlikely combination, because if you're in love with
|
||
|
|
your computer and you want to be on your computer all the time, you want to be on the network all the
|
||
|
|
time. How do you do that? How do you have power? How do you have access to networks all the time?
|
||
|
|
If you're just out and about. Well, of course, in today's world, it's not that big of a deal,
|
||
|
|
and I've covered some of the things about going out and finding a good network and a good
|
||
|
|
place with refillable coffee and just kind of camping out there, and that's definitely applicable,
|
||
|
|
and that was, you know, that's generally what I do. But let's talk specifically about what we're
|
||
|
|
doing on the computers while we're doing that, and how not to be hacked ourselves, I guess. Now,
|
||
|
|
I'm no security expert. I actually know nothing about security. I just kind of know what people
|
||
|
|
talk about, so I'm going to tell you what I do when I'm out on public Wi-Fi networks and things
|
||
|
|
like that to kind of give myself a layer of security, but you should come up with your own
|
||
|
|
methodologies, and you should probably do more research on this and be smart, you know, just kind of
|
||
|
|
use your best judgment when you're out doing things. So, first of all, I mean, if you're out on a
|
||
|
|
public network that automatically right there kind of restricts what you should and should not be
|
||
|
|
doing on that network. For instance, if you're checking your mail via some kind of antiquated,
|
||
|
|
unsecured logins and things like, or unencrypted logins and things like that, you're sending your
|
||
|
|
password and plain text, all that other good stuff. If you are doing that, you really shouldn't
|
||
|
|
be doing that at all. It's a bad idea on a public network. So, if you need to check your mail with
|
||
|
|
these protocols, I mean, sometimes the mail provider that you're using might just, they may not give
|
||
|
|
you another option. Then, save that for later, save it for your friend's house, save it for a
|
||
|
|
network that you feel like you can trust a little bit more. Online banking, same thing goes. If you're
|
||
|
|
doing online banking and you're on a public Wi-Fi, you probably shouldn't be doing it on that network
|
||
|
|
at all. Period. I would probably save that for a trusted network. Those are just two obvious
|
||
|
|
rules of thumb that nevertheless people kind of violate any way all the time. So, the solutions
|
||
|
|
there would be, well, twofold, mobile banking because of the mobile phones out there that don't
|
||
|
|
do flash and things like that. A lot of the mobile banking sites nowadays will have a mobile
|
||
|
|
accessible site. This is usually a much smaller and simpler version of their typical mobile banking
|
||
|
|
site and a lot of times it'll just be that little, you know, it'll be like an m.mygreatbank.com,
|
||
|
|
instead of just www.mygreatbank.com. So, if you direct your browser to m.mygreatbank.com,
|
||
|
|
then you'll be taken to your bank. I'm assuming we are all knowing that I mean that you need to
|
||
|
|
substitute the name of your, you know, the domain of your bank for mygreatbank. So, m., you know,
|
||
|
|
whatever your bank is.com, you go there and suddenly you're on a much lighter weight version of
|
||
|
|
your banking site, which of course does nothing for security, right? But the other thing that I'm
|
||
|
|
going to talk about right now is the part where your tunneling stuff through more secured means.
|
||
|
|
Couple of different ways to do this. You can set up an SSH tunnel to a server somewhere
|
||
|
|
and then use the version of your browser over on that server. That's what I typically do. That's
|
||
|
|
really the only way to be honest. I know how to do it. It's very simple to do this actually,
|
||
|
|
but you do have to have a server. So, the idea would be, of course, to set up the server in some
|
||
|
|
safe location and go ahead and install some kind of X environment. It doesn't have to be fancy.
|
||
|
|
It just has to be enough, essentially, to give you enough for a nice graphical browser, like Firefox.
|
||
|
|
Set that up. Of course, you won't be able to actually see any of it. And you don't even really
|
||
|
|
have to launch the desktop, but it needs to be installed. And then when you SSH into that server,
|
||
|
|
do the SSH with a dash X flag. SSH dash X will allow the X forwarding to occur. And then you can use
|
||
|
|
the Firefox over on your server and do your mobile banking through the SSH channel. And since the
|
||
|
|
SSH channel, of course, is going to be slower than a normal HTTP connection to your bank. Using the
|
||
|
|
mobile version of your bank's site will help you a lot. Better than that, of course, is not doing
|
||
|
|
your banking on public networks. I've heard that X forwarding via SSH isn't exactly the best idea
|
||
|
|
anyway. It's not like the most secure thing in the world. I don't know, but it's something to keep
|
||
|
|
in mind. So, that's how to do that, though. Now, that brings me to a really important point of
|
||
|
|
the fact that you probably need a server. If you're going to be doing urban camping and you're
|
||
|
|
going to be hanging out on unknown networks, having that server, your own private cloud, essentially,
|
||
|
|
or semi-private because you probably don't actually own the hardware that you are constructing
|
||
|
|
the cloud on, but having a server in some remote location where you can access that server from any
|
||
|
|
network via some kind of tunnel, probably an SSH channel, it's a really good idea. So, you know,
|
||
|
|
you can just use that server. I mean, for every day surfing, I'm not saying you need to be on your
|
||
|
|
little private server cloud, but four things like that for an emergency mobile banking session,
|
||
|
|
or checking your email when you know that your email may not be the most secure email service around.
|
||
|
|
Stuff like that. For a while, at the very beginning of my really serious urban camping thing,
|
||
|
|
which was last year, for really, practically, all of last year, I was using, at the very beginning,
|
||
|
|
I was using what I'd been using for a while, which was sdf.lonestar.org. And sdf.lonestar.org is
|
||
|
|
kind of cool because it's a secure shell account. If you pay your lifetime membership of $36, you get
|
||
|
|
a secure shell account, you can SSH in, you can use it as your primary or your secure email address
|
||
|
|
because now you're SSHing in, so you can check all your email there. So, it's a great little thing
|
||
|
|
to have. It's a server, it's a cloud that you can access quite securely and use for a lot of
|
||
|
|
different things. The only problem with it, I guess, is that I found it ever so slightly too slow,
|
||
|
|
a little bit slower than I would have preferred, I guess. And I also found it ever so slightly,
|
||
|
|
and I mean, ever so slightly unreliable. And I don't mean that sdf.lonestar.org is unreliable,
|
||
|
|
because it's a great service. I love it, and I still have my account, and we'll continue to have
|
||
|
|
my account and continue to enjoy it. But there would be just one or two times where I would try to
|
||
|
|
access them, and they were moving their server. There was a big server move last year, actually.
|
||
|
|
It wasn't a big deal, I mean, really, really wasn't. But I just, it kind of drove home for me,
|
||
|
|
that I felt like I needed something a little bit more, something I could really kind of point to
|
||
|
|
and call my own and be paying for and say, hey, I want that server to be right there and online
|
||
|
|
all the time, no matter where I was. So, doing that meant getting a VPS, a virtually, a virtual
|
||
|
|
private server. And doing that alone would have been a little bit costly, perhaps. But I managed
|
||
|
|
to find two, three other people who actually were interested in doing the same thing, having a
|
||
|
|
virtual private server. And so, we all kind of pitched in, and we all pay, you know, a quarter of
|
||
|
|
the server cost. And we now have our own little private-ish cloud. Again, we don't actually own
|
||
|
|
the hardware, but the server is there. So, I guess I don't really use this private cloud
|
||
|
|
so much for, you know, the sort of common use of it like, oh, here's my email and all my online
|
||
|
|
documents and all the things that are important to me that I need to have everywhere. And here's
|
||
|
|
all the things that are important to me and that I need to have everywhere. I don't really do
|
||
|
|
that. I quit the contrary. I keep the stuff that's important to me off of anybody's cloud. So,
|
||
|
|
I don't use it for that, but I do use it as a kind of a gateway out of whatever public Wi-Fi or
|
||
|
|
public network that I'm on and out into the rest of the internet. Setting up the SSH channel, of
|
||
|
|
course, is just as simple as I said. I mean, it's just literally just SSH with the dash x flag.
|
||
|
|
If you need the graphical stuff, although if you don't and quite often I don't, you can simply
|
||
|
|
SSH and use links for your web browsing, use mud or pine for your email and really whatever else
|
||
|
|
you want to do on the cloud. So, having that is a great idea. Finding a couple of people who you can
|
||
|
|
trust, who can go into a kind of roommate situation with you on this server, on the VPS,
|
||
|
|
each kind of chip in for paying the bills. It makes it really, really manageable and gets you
|
||
|
|
out of the public network that you'd otherwise just be kind of a sitting duck on and gives you
|
||
|
|
a little tunnel out into the rest of the world and gives you a little bit more security and also
|
||
|
|
kind of frees you from things sort of the more obvious alternatives to doing that. You know,
|
||
|
|
things like, well, I'm using Gmail. So, it's got an HTTPS connection. So, who cares? Well, no one
|
||
|
|
except the Gmail has all your email anyway. So, yeah, who does care? So, using the server for that
|
||
|
|
is not a bad idea. Disadvantage to that. So far, it's only been speed. In terms of connecting to
|
||
|
|
that server, I've not had a problem yet. I've not encountered a public network that blocks
|
||
|
|
SSH access. For instance, I just don't, I don't run into that so far. In terms of speed, yeah, I've
|
||
|
|
noticed, you know, every time I do it, practically, I notice that, yeah, I'm association to my server.
|
||
|
|
It is slow. If you want a really nice server, it's going to cost a lot of money and you still might
|
||
|
|
not even be getting that great of a connection. It just kind of depends on what network you're on.
|
||
|
|
This particular server that I'm paying part for really, really dirt cheap and it feels slow.
|
||
|
|
It doesn't have a whole lot of RAM, no matter what network I'm on, unless I'm just getting really
|
||
|
|
lucky and I guess none of my other, none of the other people actually on that physical box,
|
||
|
|
you know, not my, not my paying roommates and, and fellow users, but those other people out
|
||
|
|
on that server who have their own little VPS partitions, you know, if they're not on it,
|
||
|
|
then I'll, I'll, I'll feel like the speed is okay, but more often than not, I, I, I feel the,
|
||
|
|
the performance hit. So that's just something to be aware of. Also doing cool things online, of course,
|
||
|
|
always, there's Tor. Tor, as you probably already know, I've actually interviewed, I think, well,
|
||
|
|
I know, I've interviewed, I think it was for HPR Wendy, one of the people who is currently with
|
||
|
|
Tor or was with Tor and is now with EFF or vice versa or both, but she's a really smart lawyer,
|
||
|
|
hacker type and it's really cool. So we all know about Tor. It's, it's a great project.
|
||
|
|
Setting it up is surprisingly easy and I'm talking about setting it up for the more common,
|
||
|
|
the most common use, which is, oh, I'm going to browse. I want to be anonymous about where I'm
|
||
|
|
coming from or what my, you know, who and what I am tap into Tor for that. This isn't really
|
||
|
|
something that I think you're going to need so much from a public network since public networks
|
||
|
|
by their nature are, are fairly anonymous. If I'm wrong on that, you know, I mean, don't quote me,
|
||
|
|
first of all, but if I'm wrong on that and if Tor anonymizes you even more than, than, than what
|
||
|
|
I'm aware of, then don't listen to me. But otherwise, I don't know, I don't tend to use it from
|
||
|
|
public networks so much as I do from networks that I, you know, my friends network or the work
|
||
|
|
network. That kind of thing where I, I'm there frequently, someone else owns the network. I don't
|
||
|
|
want either myself or them necessarily being on the record as having gone to certain places. So
|
||
|
|
you do it with Tor. Tor used to kind of confound me a little bit in terms of setting it up because
|
||
|
|
you'd see all this crazy stuff about how, how many options you've got for this setup and how to,
|
||
|
|
um, how to configure your browser to use it automatically and all these different buttons and
|
||
|
|
plugins and Vidalia and all these other things that frankly, I can't be bothered to even figure
|
||
|
|
all that stuff out. So I'm going to tell you exactly how Tor is done on my computer. So my computer
|
||
|
|
runs Slackware. So this is going to be biased toward that. But I mean, in theory, you know, if you
|
||
|
|
listen to all the all the cliches, Slackware is really, really hard to use. So if I can do it on
|
||
|
|
Slackware, you should be able to listen to how I do it and emulate it with great simplicity and ease
|
||
|
|
on whether whatever distribution you're running. So on Slackware, this is actually straight out of
|
||
|
|
the Slack build that I use in order to get all this stuff done. So it's not anything that I've
|
||
|
|
actually figured out as much as it is something that I just am copying from the instructions. So it's,
|
||
|
|
it's very, very easy. The first thing that I do is install LibEvent because it's the direct
|
||
|
|
dependent, the Tor requires LibEvent. So if you install LibEvent on your computer, you'll have
|
||
|
|
the dependency for Tor. And then you do a group add space, g space 220 and you call that group Tor.
|
||
|
|
And we're using 220 because it's quote unquote recommended. I don't know why it's recommended
|
||
|
|
to be that except that it's, you know, a low number. So it's kind of a system kind of user.
|
||
|
|
I understand that part. I don't know why else it's recommended. Then you add a user.
|
||
|
|
User add dash u 220 dash g meaning assign them primarily to this group 220 which of course is the
|
||
|
|
Tor group we just created. Dash c you can comment, you know, make a comment like this is the Tor user
|
||
|
|
or, you know, the onion router, whatever. It's just a human readable comment for yourself. Dash d
|
||
|
|
slash dev slash null slash s slash bin slash false and then name that user Tor. So basically you're
|
||
|
|
creating a fairly powerless user in terms of logging into your system. The default shell would
|
||
|
|
not be a shell. It would be slash bin slash false. So that wouldn't do anyone much good if they
|
||
|
|
were able to somehow get into your computer with the username Tor. But Tor can use this username.
|
||
|
|
And you do that and you run the Slack build and it installs Tor. Really as simple as that.
|
||
|
|
The newest version I think is like, I don't know, 1.2.30 or 2.1.30 something with a 2.1 and a 30 in it.
|
||
|
|
It works great. It's easy to use. Once it's installed, you simply drop down to a command line
|
||
|
|
and you type in the word Tor TOR. If you look, if you open another terminal after you've done that
|
||
|
|
and then look at the the the config file which at least on Slackware is slash edc slash Tor slash
|
||
|
|
Tor RC. If you look at that, it tells you exactly what ports Tor is running on as the thing that you
|
||
|
|
will interact with. And the default on that right now is Sox port 9050. And the address for that
|
||
|
|
since it's running on your computer that you're about to use for the connections, it would be Sox
|
||
|
|
listen address 1 2 7 dot 0 dot 0 dot 1. And that's almost all you need. There might be some other
|
||
|
|
stuff, but I'm actually fairly sure that that's really all you need in your config file for this
|
||
|
|
to work. So we know that the port that it's using is 9050 and you know that the the the IP address
|
||
|
|
that you should be looking for your little Tor server essentially is your local host 1 2 7 dot 0 dot
|
||
|
|
1 dot 1. So just to test all of this out, the first thing to do and no, it's not finished yet,
|
||
|
|
don't panic. The first thing that we want to do is just for kicks go to what's my IP dot com or
|
||
|
|
dot org rather. What's my IP dot org of course will show you what your broadcasting as your address
|
||
|
|
is. So in my case right now it's 8 9 dot 2 3 3 dot 8 2 dot 7 1. Now you've established that now open
|
||
|
|
up your preferences in Firefox edit preferences go to the network tab in the advanced section
|
||
|
|
and right at the top it says connection and figure out how Firefox connects to the internet. And
|
||
|
|
if you go into the settings of the connection settings, you have four four choices. No proxy,
|
||
|
|
auto detect proxy, use system proxy or manual proxy. I use the manual proxy and I simply type in
|
||
|
|
down at the socks host because that's what kind of that's the kind of port or proxy tour is,
|
||
|
|
it's a socks proxy. So type in for socks host list 1 2 7 dot 0 dot 0 dot 1 and where it asks you
|
||
|
|
what port to look at type in 9050. Click OK. Now Firefox for this for right now until you change it
|
||
|
|
is using a socks proxy that is pointing at the 9050 port which is tour which is running on your
|
||
|
|
computer. So the IP address of that is 1 2 7 dot 0 dot 0 dot 1. Now if you go to what's my IP dot org,
|
||
|
|
it's going to take a while because you're going probably all over the world. And there it is.
|
||
|
|
Your IP address 1 9 dot 1 3 1 dot 6 2 dot 1 3 3. Completely different from what your other IP
|
||
|
|
address was. And so now as long as you're using Firefox, you're now browsing the web completely,
|
||
|
|
well very anonymously. Of course, tour will tell you that it's not completely anonymous quite
|
||
|
|
probably and you should be very careful. So again, if you're doing this and it's the life-threatening
|
||
|
|
situation, don't listen to this show for all the advice. But that's that's the simple way to get
|
||
|
|
tour up and running. It's really, really that easy. And next thing you know, you're you're going
|
||
|
|
all over the place to get to, you know, whatever site you're really trying to get to. And it's
|
||
|
|
quite quite a cool experience. And quite a bit slower. So keep that in mind. But it's a good
|
||
|
|
thing to know about. The only other real tip I have I guess is a very, very simple command called
|
||
|
|
TCP dump. This is one of those commands that people really could. And you know, someone really
|
||
|
|
should, especially on a network called hacker public radio. But yeah, someone could and should do
|
||
|
|
an entire series on TCP dump and how to use it. I barely know anything about it except that if
|
||
|
|
you sit in a cafe and you've got a notebook computer that you can put the Wi-Fi card in monitor
|
||
|
|
mode. And you can use the IWU config command to put it in monitor mode or for miscus mode,
|
||
|
|
some people call it. You can use TCP dump to then monitor the all the traffic that is flying
|
||
|
|
through the air anyway. All you're doing is instead of sending your own signals out, you're
|
||
|
|
just getting everything. You're looking at everything as it passes. It's really cool. And the the
|
||
|
|
command for that would be TCP dump dash in in V capital X capital S small S one five one four.
|
||
|
|
That should that should get you started anyway. There's a couple of other things you could do
|
||
|
|
either more or less than that. But that basically turns on a lot of verbosity and it captures all kinds
|
||
|
|
of packets, I guess. And it also sets how in what bite sizes you're capturing it in. That's the
|
||
|
|
one five one four part. It's it's a neat command. You'll see amazing things on the in the far
|
||
|
|
right hand column. You'll just see amazing things. You got to try it in a busy cafe where lots of
|
||
|
|
people have their iPhones and their computers out do that. And that'll just fascinate you for for
|
||
|
|
days really. Obviously there's all kinds of places you can go from there. That's like the really
|
||
|
|
most basic thing. And that's I'm only giving you the most basics because that's as much as I know.
|
||
|
|
You know, no, as much about TCP dump as I do. People will tell you, oh, you've got to try
|
||
|
|
wire shark or T shark instead of TCP dump and all these other things. And I totally agree,
|
||
|
|
but I don't know how to. So I can't really talk a whole lot about that. But it is it is fun. I mean,
|
||
|
|
there's there's cool things like you know, you can TCP dump dash S one five one four port 80 dash
|
||
|
|
W, you know, TCP 80 dot dump whatever point being that you can you can tell TCP dump to just
|
||
|
|
capture stuff on port 80, which obviously is going to be all the internet stuff. And it'll ignore
|
||
|
|
all the all the other extraneous what what we would probably consider noise. I'm sure someone
|
||
|
|
who was really smart and knew what all that noise meant wouldn't call it noise, but but there you go.
|
||
|
|
So it's yeah, it's it's a lot of fun. And there's a lot of filtering that you can do in TCP dump alone.
|
||
|
|
I know that there are other programs that filter all this information a lot more effectively
|
||
|
|
and dynamically, but it's it's kind of cool because you can just see all kinds of traffic
|
||
|
|
flying by your computer. And even if you don't know what it all means, it starts to give you a
|
||
|
|
little bit of a better idea of what exactly all that traffic really is. All kinds of interesting
|
||
|
|
things to just look at. And for for what you're doing just for fun, I don't really tend to I don't
|
||
|
|
pretend that this is like anything evil or subversive at all. It's because it's not. It's just
|
||
|
|
it's really just monitoring traffic. And happily most people are are most sites important sites
|
||
|
|
encrypt their their traffic. So you're not even going to see stuff unless you really really know
|
||
|
|
what you're doing and and and really really try to see it. But you will see interesting stuff
|
||
|
|
nevertheless. You know idle conversations on on G chat sometimes, but not really any passwords
|
||
|
|
or anything. I mean, unless you're really looking for it. I'm not really looking for it. I miss all
|
||
|
|
that stuff. I think it's just cool to look at these little packet headers and all the and really
|
||
|
|
what makes all this data that's flying through the air to get reconstructed, you know, to get
|
||
|
|
routed and then reconstructed. It's very cool study. So you should definitely do that. I mean,
|
||
|
|
if you're going to be sitting outside on a public network, you kind of owe it to yourself and,
|
||
|
|
you know, to the network to monitor it. It's it's just cool. Now on that subject, there is a cool
|
||
|
|
little device that you can get from a place called Meda Geek. That's NETA GEK and it's called
|
||
|
|
the Y Spy and that name sounds a lot more subversive again than it really is. The Y Spy is a little
|
||
|
|
antenna and that really is all it is. It's an antenna that you plug into your USB port and the
|
||
|
|
device monitors the level of traffic on different frequencies. It is not a full spectrum analyzer. It's
|
||
|
|
not analyzing all possible spectrum, you know, all possible frequencies on that frequency chart,
|
||
|
|
you know, the FCC kind of runs. It's just monitoring Wi-Fi traffic range and it does this with two
|
||
|
|
different tools. There's an in-curses interface and there's a GUI interface and both of them are
|
||
|
|
fairly easy to install on Linux. You have to kind of do it from source code. Well, actually,
|
||
|
|
I think it might be available for Debian or something but I generally just do it from the source that's
|
||
|
|
included on the on the disk that you get with the antenna or if you don't get a disk or you don't
|
||
|
|
have a disk, you can download it from the project's website which is a source for project. It wouldn't
|
||
|
|
do you any good without the device so it's a front-end, you know, it's a soft interface for this little
|
||
|
|
piece of hardware. So you plug the USB antenna into your USB connection. It becomes just a monitor
|
||
|
|
of frequency traffic and you can then find out where in the frequency spectrum you might find
|
||
|
|
more or less stuff to either monitor or compete with depending on your goal. So if it's a setup where
|
||
|
|
you've got lots of choices of which public network you're going to join or whatever, then you can
|
||
|
|
choose your channel accordingly. Or if you just want to find out where most of the traffic is,
|
||
|
|
that's a really quick and easy way to monitor where all the action is happening. It's a really
|
||
|
|
fairly quick and drastic noticeable thing. I mean, it gives you a little chart and the stuff that's
|
||
|
|
really, really busy just peaks up really quick. You'll see it right away and you can jump onto that
|
||
|
|
channel if you want or you can avoid that channel if your goal is to stay off the noisy networks
|
||
|
|
and enjoy a little bit of peace and quiet. So that's MetaGeek and the product is called Why Spy.
|
||
|
|
Of course having little antenna popping out of your notebook could be a little bit suspicious
|
||
|
|
looking, don't you think? Well, interestingly you'd think so and actually a lot of people don't
|
||
|
|
ever, ever seem to notice it at all and those who do assume that it's a cellular modem. So it's
|
||
|
|
actually not that suspicious. However, that is one thing that you'd want to keep in mind.
|
||
|
|
As I've said in previous episodes, keeping up an appearance of some kind of normalcy is actually
|
||
|
|
really important to an urban camper. You don't want to arise suspicion or disapproval or
|
||
|
|
anything like that. If your goal is to find peace and quiet and places to hang around and potentially
|
||
|
|
get free food or really cheap food or just a place to stay out of the heat or the cold, whatever.
|
||
|
|
So having a little USB antenna popping out of your laptop might be fine. In some areas it might
|
||
|
|
not be in other areas. Having your computer on while you're just sitting in your car outside
|
||
|
|
of a residential house, you might not be doing anything at all suspicious. You might be sharing
|
||
|
|
their network. You might not be. It just depends. Point being that kind of thing tends to draw
|
||
|
|
attention to you. So be smart about it. I guess is what I'm really trying to get to here. Don't
|
||
|
|
the goal here is not to look like a cool superhero evil hacker. The goal is to be a good
|
||
|
|
computerist, to be a good hacker, to sit down and get your work done. Be smart about it. Be safe
|
||
|
|
about it. Protect your data on the way out to the network and back and learn about it and study it
|
||
|
|
and that's it. So that's what I tend to like to do and I tend to be very mindful of, for
|
||
|
|
instance, how glowy my laptop screen is when I'm out at night in places that would raise some
|
||
|
|
suspicion if I'm seeing just kind of hanging out for hours at a time outside of someplace
|
||
|
|
with a glowing laptop screen or sitting in some place where maybe they're a little bit sensitive
|
||
|
|
about the security of their network and here you are scanning it with an antenna poking out of
|
||
|
|
your laptop, kind of asking for trouble. So you shouldn't ask for trouble. Overall, I think that
|
||
|
|
urban camping and kind of hanging around places, exploring different networks, exploring different
|
||
|
|
ways to protect yourself from people who are smarter than you on that same network and how to
|
||
|
|
just kind of be smart about the way that you are transmitting your data since all the hackers are
|
||
|
|
supposedly so computer savvy and we all want to protect data and all this other good stuff. If
|
||
|
|
you're unfamiliar with these basic tools like SSH tunneling and I guess tour and how to set up a
|
||
|
|
proxy, just little things like that, I don't know, it seems like there's a breach of what you're
|
||
|
|
saying and what you're doing there. So being an urban camper and actually being able to explore
|
||
|
|
how do I implement these things, it's really powerful stuff and I think of all the things of urban
|
||
|
|
camping in terms of learning stuff, having a lot of time to really explore all the different things
|
||
|
|
that the hacker culture is always talking about, the community is always talking about like the
|
||
|
|
security and and all the cool things that you can do on a network and all these things and servers
|
||
|
|
and all that good stuff. A lot of it happened during urban camping for me because I could sit down
|
||
|
|
and I could focus and I had a real, I had a different environment every day if I wanted, you know,
|
||
|
|
I had all kinds of different things going on. I'd have different problems pop up quite unexpectedly,
|
||
|
|
all when all I'm trying to do is find onto my server to check an email, you know, there'd be some
|
||
|
|
weird issue, some random cookie that someone wants to give me that maybe I don't want to accept.
|
||
|
|
An SSL search check that I'm not doing what I'm checking my mutt mail that maybe I should be
|
||
|
|
checking the SSL, maybe I should learn how to download that SSL search and actually utilize it so
|
||
|
|
that I'm finding into the same server every time. Little tiny details like that, you can start really
|
||
|
|
concentrating on them because no longer are you kind of complacent in your own home where hey,
|
||
|
|
you're wired straight to Comcast or Verizon or whatever big evil corporation you're
|
||
|
|
hooking into for your internet. You're not, you're not there anymore, you're doing cool,
|
||
|
|
different things, you're doing with different network setups, you're, you're looking at,
|
||
|
|
at the way, once this admin or, you know, the guy who knows how to make the internet work at one
|
||
|
|
cafe set up their network versus the corporate setup that some franchise has. It's really interesting
|
||
|
|
study and it's just as interesting as the people that you'll meet when you're at urban camping and
|
||
|
|
the different experiences you'll have when you're urban camping. The computing side of it,
|
||
|
|
it gets really interesting really fast if you let yourself go along that path and study it and
|
||
|
|
think about it and learn more about it. So that's yet one more recommendation on why you might
|
||
|
|
want to urban camp because the computing becomes a lot more fun. So look into all of those things,
|
||
|
|
look into a VPS or a server that you can use, look into configuring your, your mail so that you're
|
||
|
|
actually not sending plain text passwords or whatever or even user names, look into getting
|
||
|
|
someplace that you can SSH into, set up tours, start using TCP dump and email me, let me know how
|
||
|
|
it's all going, email me tips, email me stuff that you've learned, whatever. And most of all,
|
||
|
|
I just remember that urban camping is exactly what I didn't realize, but I think all of this
|
||
|
|
actually do realize that we, I think the hacker community, at least HPR listeners who I've heard
|
||
|
|
from have been really, really open to the idea, really, really excited about the idea. And I think it's,
|
||
|
|
it's for lack of a better description, it is, it's hacking society, it's hacking the status quo.
|
||
|
|
You're, you're, you're taking exactly what people want you to live your life in in a certain way
|
||
|
|
and you're taking that and, and you're not going with it at all or you're doing what you want to
|
||
|
|
on your own terms. And that's really exciting stuff because that's how things get done. We do it
|
||
|
|
ourselves, right? We, we change our own lives. We change the way that we do things. We learn stuff
|
||
|
|
on our own and then we do whatever we want to. And that, that's freedom, I guess. So enjoy
|
||
|
|
that freedom. And thanks again for listening to this mini series, The Hacker Followed Radio
|
||
|
|
mini series on urban camping. Talk to you next time.
|
||
|
|
One evening as the sun went down and the young blue fire was burning. Now the track came a
|
||
|
|
little hiking and he said, boys, I'm not turning. I'm headed for a land that's far away
|
||
|
|
beside the crystal fountain. So come with me, we'll go and see the big rock candy mountains
|
||
|
|
in the big rock candy mountains. There's a land that's fair and bright where the handouts grow
|
||
|
|
on bushes and you sleep out every night where the box cards all are empty and the sun shines
|
||
|
|
every day on the birds and the bees and the cigarette trees. The lemonade springs where the
|
||
|
|
blue bird sings in the big rock candy mountains. In the big rock candy mountains all the cops
|
||
|
|
have wooden legs and the bulldogs all have rubber teeth and the hens lay soft boiled eggs.
|
||
|
|
The harmless trees are full of fruit and the barns are full of hay. Oh I'm bound to go where
|
||
|
|
there ain't no snow where the rain don't fall. The wind don't blow in the big rock candy mountains.
|
||
|
|
In the big rock candy mountains you never change your socks and the little streams of alcohol
|
||
|
|
come a trickling down the rocks. The breakmen have to tip their hats and the railroad bowls are
|
||
|
|
playing. There's a lake and stew and a whiskey too. You can paddle all around them in a big canoe
|
||
|
|
in the big rock candy mountains. In the big rock candy mountains the jails are made of tin
|
||
|
|
and you can walk right out again as soon as you are in. There ain't no short handle shovels,
|
||
|
|
no access, saws or fix. I'm going to stay where you sleep all day where the hunglicer
|
||
|
|
that invented work in the big rock candy mountains.
|
||
|
|
I'll see you all is coming fall in the big rock candy mountain.
|
||
|
|
Thank you for listening to Hack the Public Radio.
|
||
|
|
HPR sponsored by Carol.net. So head on over to C-A-R-O dot-N-T for all of us in the
|