Fog Creek Software
Discussion Board




lacking telecommuting

why not WiFi and laptops for everyone?

Hardware prices are at the point now where an adequate laptop isn't much more expensive than an equally good desktop.  This would work especially well in a company with a large campus, but would still be nice anywhere that has so much as a lawn.

Why isn't this more prevalent?  Why are people so locked in to old modes of doing business?  If I want to work on the bench out by the fountain in front of the foyer, then why not?  Instant Messengers and Nextel phones are as good for interrupting me and taking me out of the Zone as walking up behind me in my cube.  And I'm even on site for meetings!

The problem is we're in an employer's market, so nobody has to provide these things.  I think the employer that did would see more productivity for his buck, though.

muppet
Monday, August 02, 2004

muppet, go back to slashdot. we're tired of your shit.

...
Monday, August 02, 2004

Slashdot?  Where'd that come from?

While I was working support, I took *long* looks at the lawn outside, and it killed me that I was a laptop, pringles can, and wireless headset away from the best work environment imaginable.

Naturally, it never happened.

Greg Hurlman
Monday, August 02, 2004

I think it's a reference to his trolling...

There are other reasons than he speculates about why a company wouldn't give evryone laptops and wireless and let them wander around.

Cost is a factor, laptops are more expensive over the long run.  Here in Vancouver, the rain limits how much time could be spent outside.

Ward
Monday, August 02, 2004

what makes anyone think I'm trolling?  Greg gets it.

muppet
Monday, August 02, 2004


Our company is moving headquarters in 2 months and 13 days.

We already have the laptops with wifi.  They're issuing us IP phones that can route calls automatically (including to home networks) and we have approximately 40% of our building that will be empty.

I fully intend on picking up and moving my stuff to another portion of the building when I need some piece and quiet.  The next step is to get wireless into our courtyard...

KC
Monday, August 02, 2004

perfect.  That's exactly the sort of environment I'd LOVE to work in.

KC, do you mind mentioning where your company is located?  I'm guessing it's probably not in the Northeast US.  :P

muppet
Monday, August 02, 2004


..because some companies don't really like the idea of any stranger being able to jump on their private network through WiFi. (Security attempts nothwithstanding)

What security?
Monday, August 02, 2004

Err.. done correctly, a wireless network can be every bit as secure as a modern wired one.

muppet
Monday, August 02, 2004

"Err.. done correctly, a wireless network can be every bit as secure as a modern wired one. "

For some companies perhaps, but for many companies they physically secure the network jacks behind locked doors and security guards. You can't physically secure WiFi so it's absurd to say it can be equally as secure.

Agent Orange
Monday, August 02, 2004

do you think physically securing the network jacks stops someone from attaching a "rogue" machine to the network at the other end?  How are you going to physically secure network connections unless you put your workstations in glass cases and have your employers work on them using isolation gloves?

muppet
Monday, August 02, 2004

Have you ever used a laptop outside?  Can't see shit.

Oren Miller
Monday, August 02, 2004

Apparently you've never heard of "shade".

muppet
Monday, August 02, 2004

Im starting a new job in a few weeks and the boss asked do I want laptop or desktop. they have a nice lawn with a wonderful view, but i have the feeling that I will be at a desk indoors most of the time.

Chris
Monday, August 02, 2004

No.  But I have heard of ambient light.

Oren Miller
Monday, August 02, 2004


I'm in Mid Atlantic US.

And they're taking serious precautions to ensure that there is no leakage of signals outside.

They've already ensured that there is upwards of 50 feet (16 meters for our foreign friends) between the building and any parking area.  They're also planning on monitoring the signal strength from outside the building on a regular basis.

KC
Monday, August 02, 2004

Muppet,

I'm hoping that you are a developer and not an administrator because your grasp of network security seems to be lacking a bit.

"do you think physically securing the network jacks stops someone from attaching a "rogue" machine to the network at the other end? "

What other end? We're talking about a company's private internal network, aren't we? If they had a VPN, then sure, all bets are off but most of the companies I have been in still have their internal networks unavailable to the outside.

"How are you going to physically secure network connections unless you put your workstations in glass cases and have your employers work on them using isolation gloves? "

That's a novel approach, but one more commonly used is a bit more simple: All network jacks are within a secure perimeter; ie behind doors that require access cards to gain entry. The only jack that is outside of the secure area is the receptionist's.

Granted, my experience has been with larger companies not smaller ones that lack proper network security. So if you work for some small company that lets anyone who wanders in hook up a computer to your network then you have bigger issues than WiFi access.

John Diller
Monday, August 02, 2004

+++What other end? We're talking about a company's private internal network, aren't we? If they had a VPN, then sure, all bets are off but most of the companies I have been in still have their internal networks unavailable to the outside.+++

the end plugged into the workstation itself, unless one of your security procedures is encasing each developer's machine in a block of amber after hooking up all the cables...

muppet
Monday, August 02, 2004

Are we on the same page??

We're talking about securing network access, right? Securing it from outside users, right?

When only employees that have access can gain physical access to a computer inside the company that does a fairly effective job at keeping total strangers from being able to access the network.

Having a WiFi signal broadcast out into your parking lot and the company next door isn't exactly secure, no matter what you do.

John Diller
Monday, August 02, 2004

so don't let the signal get out to your parking lot, or secure the signal so that people can't get on it anyhow.  Why do you trust VPN but not WEP and similiar?  Encryption is encryption and can be broken anyway you slice it.  Why is wireless less secure than VPN?

muppet
Monday, August 02, 2004

And hell, if you're going to freak over people sitting in your parking lot, then yeah, you ought to be looking at your employees with a shifty eye, too.  Do you think none of them are interested in walking out with your company's saleable data?

muppet
Monday, August 02, 2004

"Why do you trust VPN but not WEP and similiar?  Encryption is encryption and can be broken anyway you slice it.  Why is wireless less secure than VPN? "

I didn't say I did. I distrust VPN access as much as I distrust WiFi access.  For some companies, a VPN is a necessity; for other companies it's a huge glaring security hole since few companies really have the talent to secure it adequately.

"Do you think none of them are interested in walking out with your company's saleable data?"

Sure, some probably are, but that is a risk that can't be avoided. What typically can be avoided is having some bored Kevin Mitnick type "War driving" by my company and spending all night parked in the street trying to hack his way in.

John Diller
Monday, August 02, 2004

"Err.. done correctly, a wireless network can be every bit as secure as a modern wired one."

Unlikely, and certainly not for the same cost as conventional wire. 

But from reading your other posts I'm sure you'll take issue.  Obviously the only thing left for someone of your obvious calibre is to quit working for da man and buy yourself the best kit available.  Spare no expense, I mean it.  Then start your own business.  You could call it "I.M. Al-ways Rite."

Mike
Monday, August 02, 2004


Really, it boils down to a basic business decision. What is the cost if someone is able to access secure data within our network? Ok, now what is the revenue increase if we give our employees WiFi access so they can program while watching the ducks fuck in the park? Etc, etc.

It's a bit premature to simply say that a company should offer Wifi access. There is more to than just that. There are security concerns (and ultimately cost concerns if security is breached) that have to be balanced by any increase in productivity. (Real or perceived.)

John Diller
Monday, August 02, 2004

WEP is notoriously insecure.  I never met a sysadmin that said it is anything but trivial to circumvent.  Google "wep security".  It's no big secret.  But go ahead and try it.  I'm sure breaking in is much harder than it sounds.  It's not like you can just download a free perl script from the internet to crack WEP keys.

http://wepcrack.sourceforge.net/

Oren Miller
Monday, August 02, 2004

Oren, you're right.  Ordinary wired networks are much more secure, with almost no ways to circumvent them at all.

Oh.. wait...

muppet
Monday, August 02, 2004


"Oren, you're right.  Ordinary wired networks are much more secure, with almost no ways to circumvent them at all."

But the point is still the same. The point that you refuse to acknowledege. WEP represents an *additional*, and perhaps even unnecessary, potential attack vector.

Nobody has once said that wired networks are impervious to attack. But it's patently obvious to anyone but the delusional the WEP is less secure than wired networks.

John Diller
Monday, August 02, 2004

so do VPN over wireless, or something similiar.  There's things you can do to shore up a wireless network.  No doubt there will be a more secure replacement for WEP before the year is out.

muppet
Monday, August 02, 2004

muppet, seriously, go back to slashdot.

.
Tuesday, August 03, 2004

"Oren, you're right.  Ordinary wired networks are much more secure, with almost no ways to circumvent them at all."

Bad reasoning - yes, there are many ways to circumvent security of wired networks, but the additional avenue of attack that wireless access opens up is significant.  It's about like putting a network port on the outside of your building. 

You can firewall it (although that may reduce it's value to legitimate users), use VPN, whatever, but it's still an additional route into your network that wired connections don't have.

Give up on this one.

ward
Tuesday, August 03, 2004

"WEP is notoriously insecure"

<shock_n_horror>Surely you jest... How could that be???</shock_n_horror>

I mean, one would not imagine that the amazingly secure encryption created for Wi-Fi was, actually, a half-assed amazingly secure encryption, and that they had to get back to it to do it (hopefully) right the second time. It must be another one of those crackpot conspiracy theories, like the one about old PCs having a RAM limit of 1 MB.

Paulo Caetano
Tuesday, August 03, 2004

I was going to comment on something - t'was a good comment too - but I can't find the original debate anymore, so I'll just make a statement.

John- Naturally, I don't know how secure your internal network is, but from your statements, I get the feeling that you trust your users entirely too much... all you need is one intern that knows he's not getting a job offer or one employee that finds out he's not getting the raise he thinks he deserves to cause some real problems.

Everyone knows WiFi is ungodly insecure if not properly maintained, and that it takes a good amount to determine what "properly maintained" means for your network and environment.  However, it can be rolled out securely and to great use.

Greg Hurlman
Tuesday, August 03, 2004

I've been wondering about this, and since it has come up, I'll go ahead and ask.

Are "secure" protocols secure when used over wifi?  If I use a VPN over wifi, is that as secure as VPN over wire?  What about https or ssh?  Are those secure over wifi?

Thanks.


Tuesday, August 03, 2004

The secure protocols you mentioned (I think all of them) were designed to protect data along the way, ignoring whether or not the endpoints are safe.  So yes, they are designed with exactly this scenario in mind.

In fact, you'll find many recommendations to implement WiFi networks as a totally separate network from an internal, wired network - with only VPN access allowing connectivity between the two.

Greg Hurlman
Tuesday, August 03, 2004

Oren's correct. If the weather is good enough to be outside it's too bright to work effectively. I find even a PDA to be almost unuseable in the garden.

Stephen Jones
Wednesday, August 04, 2004

*  Recent Topics

*  Fog Creek Home