Re: About WiFi7

On 8/23/2024 5:14 PM, Edward Rawde wrote:

But I don't see how an air-gapped network is a network.
I would not be able to get anything done.

>
If everything you need is IN that network, then why open it up to potential
adversaries?

 I don't have anything open to potential adversaries.

Of course you do.  You just don't THINK you do!

I have scanners, printers, in-circuit-emulators, CAD/CAE
systems, etc. all "a click away"

 So do I.

So, then I guess MINE is a network, right?

-- without ever leaving the confines of
my home/office.

 I can use mine from any country I'm likely to be in.

How do you place the documents in the scanner?  Pick the pages up
off the printer?  Turn the power on to the DUT you are debugging
with the ICE?

If I need to find a datasheet, I can move to THIS machine, locate the
datasheet, download it to a thumb drive and sneakernet it into the
office.  How often do you need to do *that*?

 Every few minutes, and I can do it all from where I sit, even if I go to another country.

Really?  How HUGE must your designs be to need you to spend all that
time constantly downloading NEW datasheets?  Do you ever READ any of them?
How *trivial* are the designs if you are able to move on to MORE datasheets
after "using" the previous ones?

I came across an individual with three virus scanners installed a few days ago.
I didn't bother giving advice, I just left them to waste hours running scans.
I did ask when they last found a virus and was confidently told "never".

>
I have no such tools "installed", here.

 Same here. Just the default Microsoft scanner.

Yet you allow updates -- to the OS?  Apps?  Even the malware scanner?

Every 6 months, I pull the disk from
this machine and check the disk pulled 6 months earlier with the "latest"
free AV scanner.  This gives the tool vendor a chance to catch up with
the latest exploits (a 6 month window) which a "current subscriber" can
only HOPE to gain protection.
>
I've never found anything.  So, either the tools folks are using are
ineffective -- or, my internet behavior is pro-actively robust.

 Well if you put yourself in prison you're not likely to be bothered by much from outside.

Gee, I have far more design and personal freedom than any of my colleagues!
And, have had such for decades, now.  So much so that they have started
"cutting the cord", as well.
You are likely RELIANT on the outside world.  Me? not so much.

Of course you have a network.  I have three 24-port switches in the office
(virtually all ports in use) and two 12's in my bedroom.  Is this NOT a network
because I can walk to all of the nodes?
>
If a person has physical access to YOUR "network", then security is a moot
point.  Even an encrypted drive is vulnerable -- I *steal* it and I've
now effectively denied you service.

 Plenty of people have physical access to my network.
Most of them wouldn't know a switch from a banana.
Those who would are trusted people.
Untrusted people who might know what a switch is are simply not allowed anywhere near my physical LAN.

You've then confirmed my statement.  Or, do you just not like folks
to touch your things?
You can come and stay, overnight, in my guest room.  You can use either of
the two drops, there, to access The Internet.  You can look and see all of
the devices wired in to the house -- yet can't interfere with any of them
(let alone compromise any of them) without physically walking up to
them and "damaging" them.
Take a tesla coil and short it to the 8P8C's.  Well, there goes YOUR
internet access.  But, nothing else (including the switches!) cares.

I could be writing this post from one country today and another tomorrow.

>
As could I.  By using any NNTP agent on any internet connected machine.
Why does it have to be one of the machines on my air-gapped network?

 Because you'd have missed your flight by the time you find and install one and what if you need that data sheet you left on your
office computer?

If the datasheet CAME from The Internet, why can't I now relocate it
ON The Internet?
When you travel, do you not take a phone and/or laptop WITH you?
Do the places you visit not have libraries and public access places?
Do none of the colleagues/friends/businesses that you visit have
laptops or workstations that they will let you use?
NNTP, email, WWW are ubiquitous services.  There's no need to
burden yourself trying to support something "special".

Sure you can download it but was that LT1234 or LT2341 or LTC1324? and what if you'd really like to have the LTSpice simulation you
did at the office?

If I was going to be away from the office long enough that something that I
HADN'T PLANNED ON WORKING ON became significant, then I would be a piss poor
worker.
I was called home for a medical emergency.  I grabbed my checkbook (so I
would know what periodic bills were coming due along with the related
paying methods), a laptop and copied some files onto it.  The emergency
dragged on for 3 months.  I was never in need of anything that I didn't have
with me *or* that I couldn't get using a neighbor's AP (my folks don't
have internet service).
I was even able to design the artwork for some "aprons" and "book bags"
for the local library's volunteer organization and email the artwork to them.
True, I was unable to replant the tree that toppled in the back yard during
a storm that occurred while I was away.  But, my *work* was unaffected.
Having big projects makes it relatively easy to be able to work on *something*
even if it wasn't what you may have originally planned.
[The parts I tried to order this week are not here -- but, I can divert my
time to creating more test cases for my gesture recognizer.  Or, documenting
the virtual memory interface in my RTOS.  Or...]

Countries I never go to (Mostly non-English speaking countries) are blocked inbound by pfsense.

>
Wonderful.  And you have to maintain that.  Instead of doing "real work".

 LOL these people maintain it for me:
https://www.maxmind.com/en/home

They came over to your house to install it?  And, the updates?  And, rewrite
special rules for your access?  All for free??

Your browser can be fingerprinted.  They (the sites you visit) may not know
your *name* (yet) but, know that "you" are visiting site X, Y and Z.  Are
you sure they aren't sharing information about your visits?

 Fairly sure yes. I can tell because You Tube doesn't offer relevant (or so it thinks) videos whenever I restart my browser.

That's specious reasoning.
"My house hasn't been burglarized so I *know* it is secure..."

The same is true of most developers -- especially folks writing software.
Have someone pay you to break the design you just "finished" and you (and
they) will forever see your *design* efforts in a different light!
>
How hard to you work at trying to identify conditions that can/will break
your design?

 Depends on what I'm designing and what it will be used for.

Ah, so you only care about quality *sometimes*?

[Do you think a 50 million LoC piece of software doesn't have tens of
thousands of latent bugs??  Bugs that can be identified, verified and
quantified without your ever being aware that this has happened?]
>
Consider, carefully, what you really need access to outside of your own
physical domain.

>
Oh I have, for a long time.
So for me I can work from anywhere I might need to work from as if I was here, and all my files are here (not in any cloud).

>
Thus they are all accessible -- to a determined adversary, as well.

 Only in Paranoia land.
In reality they are accessible only to those who should have access.

Ah!  You should go to work for the government, banks, major corporations, etc.
All the folks who seem to have "problems" with compromises -- as you seem to
have a monopoly on "doing it right"!  Amazing!

Do you really *need* access to all that?

 Of course. Why shouldn't I work from anywhere as if I was here?

That;s not the question I asked.  *I* can work from anywhere.  And, as
indicated, above, have been forced to do so "in a moment's notice".
The question is, what do you NEED to have access to.
I have all of my tax records "online".  My music catalog.  My dead-tree
library.  Every project I've designed (and supporting documents and
toolchains).
If you are working on anything "of substance", you typically only
need *that* workproduct and the reference documents that it relies
upon.
I keep a laptop with a few DTP tools (FrameMaker, Photoshop, Illustrator,
etc.) for cases when I want to spend time preparing documentation while
traveling.  Another with CAD/EDA tools (and Acrobat) if I want to work on
hardware designs.  Another with a set of compiler suites if I plan on
writing code.  We have periodic offsites at various places around the
country.  Prior to departing, I decide what I want to spend my "idle"
time working on and what I want to demo.  This means one or two laptops
get packed with my clothes.
If I need to create a spreadsheet or other "ubiquitous" document, I
can find SOME tool on one of my colleagues machines - without having
to keep that on any/all of MINE!

I can have immediate access to anything I might need to show a potential customer without needing to remember to copy it to my
laptop.

So, you don't have to "be prepared".

I can have a quiet day in the library doing exactly the same work I do here with the same tools and the same data.
I can work from a hotel room just as if I was here.

And, how is that different from the examples I have given?
Granted, I can't tell you how much I paid for a particular piece
of equipment 4 years ago (as my tax records are not accessible
remotely and I am not likely to WANT to take those out of the house).
But, how often do you think having that data "at my fingertips"
is a problem?  "I'll send you an email with a copy of the sales
order when I get home..."

  Or, are you just making the
same error as above:  maximizing convenience "just in case"??

 I was away last weekend but could work as if I was here.

Did you?

One individual's error is another individual's way of doing things.
 I think maybe you should get some glasses which, at the first hint of danger, turn totally black.
This preventing you from seeing anything which might alarm you.

Wow, /ad hominem/ attack.  You must fear you are losing the argument on merits.
Should I wish your network compromised by an attacker to be equally petty?
No fear, here.  Nor ignorance.  OTOH, I have watched many "confident" folks
find themselves hacked -- and wondering how it happened ("I was SO careful!")
Dare yourself to hack your own network, product, etc.  If you can't
you aren't very expert on the types of knowledge you should have under your
belt.  Ask yourself what would happen if someone probed your network drops
with a high-voltage coil.  Ah, "physical access"...
Or, if you don't want to subsidize your own learning, try to convince someone
to *hire* you for said activity.

I've never had a malware issue, well not since I accidentally put an unpatched Windows 2000 box on a raw connection and got
nimda.
Since it was a fresh install it didn't matter. It was quickly wiped.
>

Then, RE-consider that!