From: Robert Rothenberg Date: 23:00 on 19 Aug 2007 Subject: wifi hotspots with logons I've been (un)fortunate this summer to do a lot of travelling this summer. Most places that I've stayed has some kind of hotspot login where any attempt to visit a website goes to a special login screen and then redirects you do the website once you've logged in. The hate these things inspire are so numerous. Among them: * Never remembering your MAC address, so every friggin time you turn your laptop on, you have to login again, or go to a different room in the building; * Passwords that contain "O" or "0", or "l" or "1", etc, so you have to try every combination from your [expletive] printout; * Systems that have a short and stupid expiration time (like having to get a new username/password every 24 hours from the registration desk) when they *know* how long you're to be staying; * Requirement of JavaScript for the login page to work (a minor nuisance if you use NoScript on Firefox); * Systems that require Internet Explorer (ok, this was a hotel in London about three years ago, but I'd bet the same system is still in use...) The hate is as thick as the humidity here. Rob
From: A. Pagaltzis Date: 03:42 on 20 Aug 2007 Subject: Re: wifi hotspots with logons * Robert Rothenberg <robrwo@xxxxx.xxx> [2007-08-20 03:55]: > The hate these things inspire are so numerous. Worst is that most of them are brutally incompetent about HTTP; many of them will send you a 301 permanent redirect for all your web access attempts until you sign in. DON'T LAUNCH THAT FEED AGGREGATOR!! AUGH!!!! Haaaaaaaaate!,
From: Jarkko Hietaniemi Date: 12:48 on 20 Aug 2007 Subject: Re: wifi hotspots with logons A. Pagaltzis wrote: > * Robert Rothenberg <robrwo@xxxxx.xxx> [2007-08-20 03:55]: >> The hate these things inspire are so numerous. > > Worst is that most of them are brutally incompetent about HTTP; > many of them will send you a 301 permanent redirect for all your > web access attempts until you sign in. You are trying to use the Inttarweb before you pay us? Sacrilege! > DON'T LAUNCH THAT FEED AGGREGATOR!! AUGH!!!! > > Haaaaaaaaate!,
From: A. Pagaltzis Date: 16:24 on 20 Aug 2007 Subject: Re: wifi hotspots with logons * Jarkko Hietaniemi <jhi@xxx.xx> [2007-08-20 14:00]: > A. Pagaltzis wrote: > > * Robert Rothenberg <robrwo@xxxxx.xxx> [2007-08-20 03:55]: > >> The hate these things inspire are so numerous. > > > > Worst is that most of them are brutally incompetent about > > HTTP; many of them will send you a 301 permanent redirect for > > all your web access attempts until you sign in. > > You are trying to use the Inttarweb before you pay us? > Sacrilege! I don't even mind -- but what they should send is their sign-in page in the body of a 403 response, not a redirect and CERTAINLY NOT A FsCKING PERMANENT ONE argh! Kill kill kill!! Have fun checking all your feed subscriptions to revert the damage. This is equally an aggregator hate, though. Most of them make it hard to check whether they encountered any 301s or 410s and changed subscriptions accordingly. There's plenty in the pass-around hate bucket here. "99 bottles of hate on the wall",
From: David Cantrell Date: 16:48 on 20 Aug 2007 Subject: Re: wifi hotspots with logons On Mon, Aug 20, 2007 at 05:24:24PM +0200, A. Pagaltzis wrote: > I don't even mind -- but what they should send is their sign-in > page in the body of a 403 response, not a redirect and CERTAINLY > NOT A FsCKING PERMANENT ONE argh! Kill kill kill!! > Have fun checking all your feed subscriptions to revert the > damage. This is equally an aggregator hate, though. Most of them > make it hard to check whether they encountered any 301s or 410s > and changed subscriptions accordingly. The solution to that would be to use a hateful buggy feed subscribey thing that assumes that anything not a 200 is a 404 :-)
From: A. Pagaltzis Date: 17:19 on 20 Aug 2007 Subject: Re: wifi hotspots with logons * David Cantrell <david@xxxxxxxx.xxx.xx> [2007-08-20 17:55]: > On Mon, Aug 20, 2007 at 05:24:24PM +0200, A. Pagaltzis wrote: > > I don't even mind -- but what they should send is their > > sign-in page in the body of a 403 response, not a redirect > > and CERTAINLY NOT A FsCKING PERMANENT ONE argh! Kill kill > > kill!! Have fun checking all your feed subscriptions to > > revert the damage. This is equally an aggregator hate, > > though. Most of them make it hard to check whether they > > encountered any 301s or 410s and changed subscriptions > > accordingly. > > The solution to that would be to use a hateful buggy feed > subscribey thing that assumes that anything not a 200 is a 404 > :-) Ah, the "not my overloaded server" school of problem fixing. Regards,
From: Eli Naeher Date: 16:56 on 20 Aug 2007 Subject: Re: wifi hotspots with logons On 8/20/07, Jarkko Hietaniemi <jhi@xxx.xx> wrote: > You are trying to use the Inttarweb before you pay us? Sacrilege! It's not just the places looking to get paid. Libraries with "free wifi" can be among the worst offenders. I've been to libraries where you are required to check out a wireless card (one which was unsupported by my OS, of course) and can't use your own. Hate. --Eli
From: Phil Pennock
Date: 00:05 on 21 Aug 2007
Subject: Re: wifi hotspots with logons
On 2007-08-19 at 23:00 +0100, Robert Rothenberg wrote:
> The hate these things inspire are so numerous. Among them:
Since air-conditioning seems to be fairly rare at a $RANDOM sampling of
hotels from the western EU, what bothers me about hotels are:
(1) Clean and comfortable, working shower
(2) Some kind of machine in the room which can be coaxed into emitting
a coffee-like substance
(3) Internet access; wired or wireless, I don't give a damn.
What I've found is that I'm far better off going to a Mom&Pop small
hotel than to any kind of fancy chain.
The M&Ps will just have a DSL connection, a NAT router and MAC address
restrictions on the WiFi, so that you do something like pick up a slip
of paper at reception. This will be complementary service.
The fancy hotel chains have pre-paid fancy gateways which in the worst
case return faked DNS responses for all but a certain list of
pre-screened sites, so that all outbound traffic has to go out through
their web proxy. HTTPS for those pre-approved sites. Day by day, which
of the free webmail services they're allowing changes. One day Gmail,
the next Hotmail, the next something I don't have an account on as I
didn't find it. What do you mean, there's more to the Internet than
web-browsers and web-sites?
Or where the hotel's super-fancy WiFi system is broken (again,
apparently) but the hotel lobby picks up WiFi from one of the phone
companies, so you go down and sure enough you can pay O2 or someone,
once you click past the certificate warnings for expired certificates.
Now, a large chunk of the PKI infrastructure is a rip-off, designed to
be a milkable money fountain for greedy piglets to suckle at;
nonetheless, when confronted with whether or not to provide a
credit-card number to an IIS server which is so badly maintained that
the cert expired a couple of months beforehand, I did start wondering
what was so broken with their maintenance and monitoring practices and
decide that I would refrain from providing any CC information.
-Phil
From: Robert Rothenberg Date: 13:24 on 26 Aug 2007 Subject: Re: wifi hotspots with logons I should add to the list of hateful things about these wifi hotspots: * Sessions that time out our login after not using it for several minutes (such as when you're in the midst of writing an e-mail). Extra bonus hate for losing the long email you typed in a webmail interface.
From: Michael G Schwern Date: 21:28 on 26 Aug 2007 Subject: Re: wifi hotspots with logons Robert Rothenberg wrote: > I should add to the list of hateful things about these wifi hotspots: > > * Sessions that time out our login after not using it for several minutes > (such as when you're in the midst of writing an e-mail). Extra bonus > hate for losing the long email you typed in a webmail interface. And by "using" you of course mean "accessing a web site" because nobody might be, say, reading their mail or playing a game or using ssh. Nope, everyone just uses the web. I tend to run a command to fetch google.com every minute to avoid these hateful things.
From: Cory Myers Date: 22:49 on 26 Aug 2007 Subject: Re: wifi hotspots with logons On Sun, Aug 26, 2007 at 01:24:41PM +0100, Robert Rothenberg wrote: > I should add to the list of hateful things about these wifi hotspots: > > * Sessions that time out our login after not using it for several minutes > (such as when you're in the midst of writing an e-mail). Extra bonus > hate for losing the long email you typed in a webmail interface. Also, hotspots (in this case, of the old-fashioned Ethernet variety) which, for no apparent reason, reset SSH connections every few minutes.
From: Robert Rothenberg Date: 07:46 on 27 Aug 2007 Subject: Re: wifi hotspots with logons ------=_Part_57620_31076831.1188197175295 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I nearly forgot: those that seem to let all sorts of internet traffic through but not VPN connections. On 26/08/07, Cory Myers <cfm@xxxxx.xxx> wrote: > > > Also, hotspots (in this case, of the old-fashioned Ethernet variety) > which, for no apparent reason, reset SSH connections every few minutes. > > ------=_Part_57620_31076831.1188197175295 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline <br>I nearly forgot: those that seem to let all sorts of internet traffic through but not VPN connections.<br><br><div><span class="gmail_quote">On 26/08/07, <b class="gmail_sendername">Cory Myers</b> <<a href="mailto:cfm@xxxxx.xxx">; cfm@xxxxx.xxx</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>Also, hotspots (in this case, of the old-fashioned Ethernet variety) <br>which, for no apparent reason, reset SSH connections every few minutes.<br><br></blockquote></div><br> ------=_Part_57620_31076831.1188197175295--
From: Phil Pennock Date: 22:20 on 27 Aug 2007 Subject: Re: wifi hotspots with logons On 2007-08-26 at 17:49 -0400, Cory Myers wrote: > Also, hotspots (in this case, of the old-fashioned Ethernet variety) > which, for no apparent reason, reset SSH connections every few minutes. Ah, that's the NAT box. You see, TCP sessions are used for retrieving web-pages and sending email. No TCP session should need to be open for more than five minutes. So your session state cleaner can help you keep your memory requirements low by not just clearing out records of possible UDP sessions but by also clearing the TCP session state too. And that's a dead session, so just remove the state without doing any packet emittance. I jest not, although I might be being a teensy bit sarcastic. There's kit which does this. The DSL modem/NAT-router I had at an ISP where I used to work was less extreme and allowed for 1 hour. I mentioned it to Support, it was a known issue which very few people complained about as very few were using SSH. I got issued a business-grade DSL modem as a replacement. I encountered the five-minute thing with corporate housing in the USA; they outsourced all of the Internet stuff to Comcast, so the wifi NAT box was supported by Comcast too. That latter part's not so bad, Comcast's support is very helpful and often clueful -- they have to be, since the product itself sucks so much. (Spot the person living out of DSL range and stuck with Comcast -- *whimper* -- they're now allegedly blocking all BitTorrent traffic, which should make the next WoW patch download interesting). So, for the SSH problem -- you "just" need to make sure that the NAT box keeps seeing traffic on the TCP connection. If you're using SSHv2 then OpenSSH lets you set "ServerAliveInterval" which sends empty data packets (I think, I forget) to have real TCP data flowing past. If using OpenSSH with SSHv1 then you can try to see if the "TCPKeepAlive" option helps you any. Assuming the dumb NAT box doesn't require a window advance to update the session timeout. -Phil
From: Struan Donald Date: 12:40 on 28 Aug 2007 Subject: Re: wifi hotspots with logons * at 27/08 14:20 -0700 Phil Pennock said: > So, for the SSH problem -- you "just" need to make sure that the NAT box > keeps seeing traffic on the TCP connection. If you're using SSHv2 then > OpenSSH lets you set "ServerAliveInterval" which sends empty data > packets (I think, I forget) to have real TCP data flowing past. If > using OpenSSH with SSHv1 then you can try to see if the "TCPKeepAlive" > option helps you any. Assuming the dumb NAT box doesn't require a > window advance to update the session timeout. Failing that I've used this: http://www.laffeycomputer.com/spinner.html which makes a wee spinning thing in the corner of your terminal to keep SSH sessions active. Of course this does then tend to arse up some aspects of your display but this is less hateful than the connection being dropped. Struan
Generated at 12:28 on 17 Feb 2008 by mariachi