A Three Hour Tour

If you’re reading this blog from within the UCLA residence halls, you probably have installed that mysterious little program called TrustedInstaller.exe, SafeConnect, or PolicyKey, all of which are names for the same program, which I will call PolicyKey.  You get this warning, and then download this file.  It doesn’t seem to do anything, and yet magically you suddenly have internet access!  What happens?  How does it work?  And most importantly, what does it do?

If you’re like me, you hesitate to install programs unless you know what they do.  Well search the internet all you want, and there’s very little information about PolicyKey out there, other than it is the Product of Impulse and is a Network Access Control (NAC) product.  What does that mean?

We are blessed with a blazingly-fast on-campus network.  We are better than DSL, Cable, or even Verizon’s FiOs offering.  We are very fortunate in that regard.  Unfortunately, with great speed comes great responsibility, and that means we are also an attractive target for viruses, botnets, and other forms of malicious software.  And because we’re all connected to each other, if one person on your floor has a virus, that virus will quickly spread to everyone unless you are protected.  A virus that has taken over the network is not only dangerous to you, since it could facilitate identity theft (and take out loans in your name, or worse), but it also slows down, attacks, and damages the university’s network.  Therefore it is in everyone’s interest to stop the spread of viruses.

Therefore to use the residential network, you are required to have virus protection software installed.  PolicyKey is the method the university has chosen to enforce this.

Here’s how it works.  When you access a website, your request to view that document goes through a UCLA server, which checks to see if you are a permitted user of that system.  If you are, it lets it through.

If you are not, you will be asked to identify yourself first by logging in with your UCLA username and password.  What happens next depends on your operating system:

• If you are running Windows, you will be asked to download PolicyKey.  Once this software is downloaded and is allowed to communicate with the Impulse servers, you will be unlocked and have full network access.
• If you are running Mac OS X, you have to download PolicyKey as well, however at the time this post is written it does not enforce anything on this platform.
• If you are running a flavor of Linux (Ubuntu, Debian, Kubuntu, Gentoo, or Red Hat just to name a few) then you do not have to install anything; instead you have to periodically log in every couple of hours.

So if you’re running Mac OS X or Linux, you are up and running!  If you’re running Windows, a few more things happen:

1. PolicyKey downloads a list of authorized antivirus programs and rules for how to detect them.  At the time of this writing the list includes at least Sophos, including the free UCLA-provided edition, McAfee, TrendMicro, EZAntivirus, Symantec (Norton), Panda, AVG, AntiVir, Authentium, Avast, Microsoft OneCare, BitDefender, Kaspersky, SpySweeper, Nod32, and ZoneAlarm.
2. PolicyKey also gets a list of required Windows Updates – these include the Windows Firewall and all the latest service packs for the version of Windows you are using.
3. PolicyKey checks to ensure that all virus definitions are up to date.

If all of the following are true, it sends a message to Impulse, identifying your computer and the specific antivirus software you have running.  Impulse then unlocks your computer and you have unrestricted network access for a while.  PolicyKey checks frequently (every second) to ensure that these conditions are still valid, and notifies Impulse if any of these conditions ever fails.  Your computer must check in periodically to maintain this access, which is why the software must be running in the background.

So what’s the take-away from all this?

• At no time does the current version of Impulse PolicyKey access or send any of your private files to anyone – not Impulse, not UCLA, not anyone.
• The only things it enforces are antivirus programs and updates.  It does NOT scan for peer-to-peer filesharing applications, illegally downloaded software, or non-genuine versions of Windows.  HOWEVER, and this is a big disclaimer, this does NOT in any way mean it’s okay to do any of this!  It just means you do so at your own risk.
• The rules it is enforcing are common sense.  Keep your computer up to date and that helps you.  And what’s good for your computer is good for everyone’s computer.

Hopefully this was able to answer some of your questions, or put any suspicions or nagging doubts to rest.  Happy safe computing everyone!

Maybe it’s just me, but I often wish I knew the temperature outside, and maybe the temperature inside too.  Not because it is really significant or anything, but just out of curiosity.  Then I thought, why not log the temperature so I can graph it over a long period of time and see weather trends?

So I think for a moment, and think… how can I read the temperature?  Immediately I think of the Lego Mindstorms RCX and its temperature sensor.  So I rig up a program for the RCX that logs temperature values and a Linux program that periodically uploads the datalog, and I have success!

But not quite.

First, the RCX is rather finicky, not to mention expensive. I need to have it plugged in via a wall plug, which means I need to take out the batteries, which means that if the cord is jostled or the power fails, I need to re-download the firmware and the program.  It also communicates via IR, so if the sun hits it in the right direction or it loses line-of-sight with the transmitter, the data is lost.  Annoying.  So I set out to do one better.

My current set-up is available from my room in Saxon, dutifully logging away every fifteen seconds for as long as the computer is running.

So I’m blogging on a time crunch (never a good idea!) so here’s a teaser for next time:  I’m using the One-Wire Bus to communicate with a transistor-shaped device over phone wires.  A USB->Serial port interface, on a breadboard, provides the PC to one-wire bridge, and a custom program grabs the data and logs it.  More to come!

So, as evidenced by the timestamps, I haven’t updated this thing in a very, very long time.  It seems that whenever I start a blog of any kind, I either abandon it, or half my posts are me ranting about how infrequently I update it.  Instead, this is more of a personal note reflecting on things I can write about in the future.

Someday, I plan to write a few guides to setting up a linux web server.  Things that are less well-documented, or that have taken me ages to figure out.  For instance:

• My .prompt
• DNS configuration, self-hosting
• NSS and PAM, and hooking that up to MySQL
• My postfix configuration
• Backup system – automated backups between two Linux servers and a Windows desktop
• Giving a DNS name to a dynamic IP, without using DynDNS or any of those services.
• Secure FTP, as in FTPS and not SFTP.  How to set up a server of such a service.
• Server monitoring tools – including a power-usage graph.
• 1-wire bus.  Temperature sensors, graphing, etc.

Other than computer-related topics, someday I want to write about all the random, obsure, funny, or awesome things I’ve discovered on the UCLA campus.  “Martha’s Garden” to the best views in south campus.  For that matter, a history of the hill – the dorms here at UCLA – or a collection of interesting tidbits.

I find I have all sorts of cool projects in mind, and no time to do them, without either my grades, work, or sanity suffering.  But I’m sure that’s common to nearly all college students.  Oh, and at some point I’d like to learn programming for Mac OS.

And that’s it for now.  Signing off from Ackerman, eating lunch right before a final exam.  Fun.

For anybody out there who uses Gentoo Linux, try using emerge -atv package if you don’t already. It will print out all the packages that will be merged, including dependencies, and ask for your confirmation first. This is good for checking out USE flags.

Here are some packages to try it out on:

eix

A package database, very fast, and useful to see what’s available, what you have installed, and what use flags are in effect.

gentoolkit

Contains euse, a simple but incredibly useful script to update your USE flags.

euses

Ever wondered what that USE flag does? This program will tell you.

pciutils and usbutils

Two very useful programs that tell you what devices are attached to your computer. Indispensible for kernel configuration.

This is probably old news for longtime Gentoo users, but for anyone getting started with Gentoo they help a lot.

I have talked to many people who, well, dislike Gentoo Linux - to put it mildly.  For those who have never used it before, in Gentoo, nearly every package you install is built from source code.  This allows misguided speed freaks to micro-optimize their system by tweaking the compiler’s optimization settings.  And believe me, building OpenOffice isn’t exactly fun.

But I don’t use Gentoo for the supposed speed boost.  I use it because I also use Windows.

Huh?  How does that follow?

With Windows, you stick a CD in the drive (or in the case of Vista, a DVD), boot off of it, wait half an hour, and you’ve got a functional system.  With Ubuntu, Debian, Fedora, RHEL, or other distros, you get basically the same experience.  You stick the CD in the drive, give it some configuration options, hit install, wait, and you have a booting Linux install.  And since I received Windows Vista free through the UCLA School of Engineering, the cost to me would be the same.

With Gentoo, you boot off of a CD, partition your hard drive manually, configure and compile a kernel manually, install a bootloader and other essential system tools, and reboot.  In about forty-five minutes of work, you have a barebones system that can’t really do much.  Everything has to be installed and sometimes configured manually.  So you put a lot of effort into your computer, understand exactly how the darn thing works, and get exactly what you want and nothing more.

Granted, this assumes you already have a good understanding of how computers work.  I had that experience, but had no experience with Linux.  I’ve been dual-booting Windows and Gentoo for the past six months or so and have learned more about Linux than I thought possible.

So if you know how computers work, have a fairly fast machine, and want to learn more than you ever wanted to about Linux, I encourage you to try Gentoo.