UCI Housing Network and Cable TV Issues

It seems the disappointment over CCA is growing in the community of university network administrators.
From a post to a mailing list that discusses CCA administration (the official name of CCA is Cisco NAC):

The history of issues on this list has convinced us of the wisdom of our laziness, to wit:

1) We're still running 3.5.11
2) We never required use of the agent

And I'm actively researching alternatives to Cisco NAC, based on the Mac agent issues, and all the general sluggishness of response shown by Cisco to issues mentioned on this list.

We're pretty early adopters of many things, but recent history of this product hasn't been very inspirational.

I think this speaks for itself. In particularly #2, which we had always asked Resnet to do.
If only UCI Resnet personnel was as clueful as this network admin. But Resnet got suckered into CCA, hook, line and sinker. And they don't want to admit that they made a mistake (or maybe they just don't want me to be able to say "I told you so"...)

Except where otherwise noted, this content is licensed under a Creative Commons License.

News outlets all over the place (e.g., here) report that the FCC has banned Cable TV lock-ins such as the one at UCI, where Resnet has contracted with one of the worst providers, Campus Televideo, which prevents residents from getting decent, popular channels like ESPN.
This ban on exclusive contracts by the FCC should force Resnet to allow other cable providers in on-campus housing.

This blog actually was started because I was forced, against previous assurances, to cancel my existing Cox cable service and go with Campus Televideo, which is pretty much just the most basic cable service, without ESPN, which doesn't provide premium channels (except HBO for an outrageous price), and doesn't provide digital channels. So, if Resnet had allowed me to keep my previous cable service, they probably could have avoided all the negative exposure they had through this blog.
But well, Mr. Ansel, who pushed the Campus Televideo deal, wasn't interested in listening to lowly graduate students... What else to expect from somebody who lied to my face...
Anyway, they now have to listen to the FCC ;-)

Except where otherwise noted, this content is licensed under a Creative Commons License.

On their website, Resnet has this little blurb:

IMPORTANT NOTE: ResNet advises against purchasing a wireless "router" and instead recommends that residents purchase a wireless "access point". They are cheaper and provide the same wireless access and security without complications such as Network Address Translation (NAT), DHCP, and Layer 3 isolation.

Of course, this is just rubbish.
Wireless access points are nowadays very hard to find, and cost the same as or more than routers.
The proof: Fry's Electronics offers a LinkSys wireless router for $29.99 here.
A comparable LinkSys wireless access point is $79.99 at Fry's, as can be seen here.
I think every college student can do the math...

And of course, the installation of a wireless router is as easy as the installation of an access point. Setup of NAT, DHCP, etc. are not a problem with modern wireless routers, since these routers have sensible defaults. How else would computer-illiterate people be able to handle that everywhere in the world???
The only somewhat complicated issue is the security, and that's the same for routers and access points.

The real problem Resnet has with wireless routers, and one that they don't like to talk about, is that their oh-so-cherished CCA doesn't work through routers. Once one machine has authenticated through the router, all other machines connected to it are home free.
As I have explained on this blog before, that's a fundamental flaw of CCA. It shows once again that CCA is a bad system and should be abandoned. Resnet spent lots of money on a flawed system that any knowledgeable person knew from the beginning to be broken.

Except where otherwise noted, this content is licensed under a Creative Commons License.

On the heels of the update of my Perl script to log into CCA, I now have an updated version of the Windows program to bypass the CCA client installation (first described here.)
The new version works with newer versions of CCA, which changed some parameters, but didn't fix the basic problem (which actually isn't fixable, since it is a fundamental design flaw of CCA and similar applications that rely on information from a client.)
As a reminder, the method was described in posts to the Bugtraq and Full Disclosure mailing lists.

The setup program for Windows is available here.

Except where otherwise noted, this content is licensed under a Creative Commons License.

Resnet apparently installed a newer version of CCA (officially called Cisco NAC Appliance nowadays), so my Perl script to automatically log in didn't work anymore.
I have updated it, and some kind soul tested it (since I no longer live on campus.)
So, here is the updated script.

Except where otherwise noted, this content is licensed under a Creative Commons License.