Thanks for your comment.
Sure, Resnet is here to stay. And I have no problems with that. I just wish they would actually know what they are doing, which they clearly don't. In industry, these guys wouldn't last long.
On the CCA mailing list, there was one guy who tried to use CCA in a commercial company, and later reported that he nearly got fired...
And of course, everybody who knows how networks work would just put a router in front of their computer(s), connected the way it was intended to be used, with the WAN port going to the wall plug. I've never had NAC/CCA on my computers, not even on my Windows laptop. But this is not really about techies who know these things.
For example, the bad Resnet instructions to connect a LAN port to the network opens up a bunch of attack paths into the person's computer. So, Resnet is actively increasing the risk of breakins, virus infections, etc., and that can affect everybody on the network.
I was skimming through the UCI subreddit and came across that AMA you mentioned, which led me to this blog.
I'm a grad CS student at UCI, and in no way do I claim that I might know as much networking as you do, but I've never run into any issues circumventing UCI's network policies for years. As a result, I've also never been bothered by them. I like to think they are on a policy of "if you know enough to get past, you know enough to stay out of trouble".
That said, I think most people would agree that departments (with their policies, and all the good and the bad that come with them) like ResNet are here to stay. ResNet will be gone when every user on the network is a competent user, from the incoming freshman up to the highest ranking faculty. Why bother speaking out against them in this manner, if you can have everything that you want without much effort anyways?
I honestly can't see anything that isn't able to be bypassed that you would possibly want (well, except for more TV channels...)
I don't know if you are an undergrad or a graduate student. If you are a graduate student and live in Verano Place or Palo Verde I suggest you contact the Residents Council there. It is important that the Residents Councils know about the problems, so that they can more efficiently push for a change.
Also, make sure to inform your advisor. Most faculty doesn't know about these Resnet issues, but they have more influence than students.
These guys are pissing me off. They told me my system was corrupted and had to upgrade to Windows 7 before I can go through that totalitarian Cisco big brother. Oy? I have moved in for over a week with no Internet. I find myself sending email messages half an hour late to my colleagues with my cell-phone-used-as-a-modem when they have already discussed everything I write on my replies. This makes me look unprofessional! I am mortified by these Resnet people!
I'm a PV resident, and I feel stuck between a rock and a hard place on this network configuration issue.
I didn't have any issues making things work before with my router neutered into a mere access point, but now they've introduced some weird kind of wall-jack level isolation policy.
I think the intent was to quell fears that arose from being able to see your neighbors' computers, but now the devices plugged into the wall in my living room can't see the computers plugged into the wall (via the LAN ports on my router) in the next room over.
The only solution to this problem is to get everything on wireless, or run a long ugly cable through the home :(
I haven't modified DD-WRT myself, since I always used a full-blown Linux machine with 2 NICs as router. But I do know that some people had modified their routers to login automatically.
Due to the limited free space in these routers, a compiled program would probably be best. A little C program, statically linked with the curl and openssl libraries. Of course, you'd have to set up a cross-compile environment for the processor in the Linksys routers. The DD-WRT wiki has info on that.
Oh, and I'd be happy to put your modified Perl script up.
Yeah, I guess I was wrong about the router thing. It does still work if you login from behind the router.
I think I figured out why the Perl script didn't work, and it didn't involve sessions or cookies. It was just a few parameters. I'll verify it soon and post the changes if you'd like.
I happen to be using a couple of DD-WRT routers that I'm trying to login automatically from, allowing all my LAN to connect without trouble (then I might be able to kill CCA on my Windows PC!!!). Unfortunately, it doesn't have Perl or OpenSSL installed by default, but I'm trying to figure out another solution. (Any ideas?) Perhaps I can compile my own C program.
No, the router doesn't register with Resnet (although that's possible with some routers where you can change the firmware, e.g., certain Linksys routers, using DD-WRT.)
You register with your computer behind the router. The issue is that only one machine, the first one that connects, behind the router has to register, because Resnet sees the same IP address from all computers behind the router. That's what they don't like, and that's why they had this idea of using the LAN ports.
Your computer, or a router, gets an IP address way before you register. If your computer is connected directly, it gets an IP address before you even log in. Similar with routers. They get assigned an IP address from Resnet without registering, etc. They just can't do anything with it until somebody behind the router has logged in with Resnet.
As for the Perl script, when I wrote it, I essentially analyzed what data the login website wants. I used wget to get the whole webpage, including headers. For session handling, cookies are usually used, which are in the header. If cookies are disabled, the server side usually sends the session id in the page as hidden variable.
Hi Joe! I'm an EECS grad student here, and I'm interested in solving some of these sorts of issues.
Joe: "I personally would just ignore Resnet's router configuration website, and follow the manufacturer configuration instructions."
What makes you believe this will work? Usually, the manufacturer has you set it up with the WAN link facing the Internet and assigning its IP by DHCP. But this requires that the router itself must register with ResNet (or perform the interactive CCA web login - kinda hard to do from within the router!)
So unfortunately, it seems like for the vast majority of users, they are forced to follow ResNet's configuration suggestions (connecting via a LAN port, disabling the router's DHCP, etc.). FWIW, that has worked OK for me. I can probably help if others (Megan?) are having problems still.
Hmm, I can't really help much, I am long gone from UCI (I am still on some UCI mailing lists, though; that's how I learned about this issue.)
I was active in the Palo Verde Residents Council (PVRC) 6 years back. That's why I know all the stuff that was going on back then.
At that time, we fought tooth and nail with Resnet over the router configuration issue, but it took them getting a lecture from the real network professionals at UCI's Office of Information Technology, http://www.oit.uci.edu/ to get things resolved.
And that was with most of the PVRC people in the Computer Science graduate program...
I personally would just ignore Resnet's router configuration website, and follow the manufacturer configuration instructions. The manufacturer knows better than UCI Resnet how their device works and how it is configured correctly.
Of course, even though that would be the sensible, common sense thing to do, it would be at your own risk. Resnet and common sense are obviously two things that don't quite fit together.
My hope is that eventually, they find back to reality...
Until then, your choices are basically to follow Resnet's instructions and have tons of problems with your router, or to follow the manufacturer's instructions and don't have problems with the router, but potentially run into problems with Resnet. You're unfortunately stuck between a rock and a hard place...
I can't really give recommendations on what to do. I know what I would do, and I know that as a computer professional I would be able to fight Resnet on the technical merits (and win.) But for people without the technical expertise, it is just much harder to argue with Resnet. Maybe if you have acquaintances in ICS...
In any case, please make your voice heard. Let the PVRC know about your problems (pvrc at uci dot edu). They can make this issue more visible within the administration.
Well, it must be that UCI ResNet is nice enough to not do that, because the setup works great for me and has yet to hiccup. If this changes in the future, I might have to start contributing to this blog. =) Thanks for your time in bringing issues like this to light, much appreciated.
Thanks for your post.
Unfortunately, the steps you describe most likely won't work.
CCA is designed to have different roles, and game consoles are usually put in a special role that allows only certain ports to go through (usually http, but not ssh, or skype.) The detection if it is a game console is done via the first part of the MAC address. The manufacturers from time to time use a new range of MAC addresses, and when people start to use game consoles with these new MAC addresses, the CCA mailing list shows questions about that.
As far as Bill Zeller is concerned, he was the head of UCI housing. That's when I had to do with him... The Palo Verde Residents Council would probably not exist if it weren't for him. He angered people enough to take action ;-) He cetainly angered me enough to help start the PVRC.
He eventually got moved to a position where he can't do much damage. Before he was hired by UCI, he was managing housing at the University of Michigan, where, according to reports in UMich newspapers, he got fired because he mismanaged things (just like at UCI.)
When I looked through my webserver logs, I noticed that some people apparently search for some other Bill Zeller, a medical doctor with no connections to UCI. I apologize if anybody with the same last name gets caught in this. My beef was always only the mismanagement in UCI Housing, and that unfortunately is connected with the then director of UCI Housing.
OK, so first off, I am not related to Bill Zeller (well, I probably am to some extent, but you get my point), to whom you write a lot about. Second, I do live in PV and I found your page after I saw Bill Zeller mentioned in an email and you happened to be the top google search (good work!).
Alright, so I have an easier solution to this problem, and hopefully I can clear up the Zeller name with this one. Suffice it to say, CCA is a bane on society and borders on wasting as much time as all other forms of virii combined. (10-30 seconds per person per week to login to the system "why isn't pidgin/ssh/skype/etc working!?!" causes more of a headache).
It's as simple as this:
1) Buy a router, which everyone that has more than one computer/laptop already has.
2) Buy/borrow a Wii
3) Connect to the internet via Wii via router.
4a) Done, your router looks like a Wii and won't ask to register each week.
4b) If you connected to the internet before attaching the Wii, attach Wii directly to the ethernet jack and connect to the Internet. Next, go to the Wii internet settings and get your Wii MAC address. Clone that MAC address on your router. Reattach router to ethernet jack.
Note to ResNet: I am not Michael Zeller, and the above does not emulate a MAC if you follow step 4a, so no breach of contract.
If SSH traffic is allowed out, another option (if you have a remote server) would be a VPN listening on port 22 that forwards all traffic through the VPN. It comes with the added bonus of privacy, at the expense of essentially paying for bandwidth twice and a performance hit of varying degree.
If you have a Linksys WRT54GS (GS, not G), you can use this enhanced firmware that automatically keeps you logged in. Navigate to http://192.168.1.1/CCA.asp to configure the clean access setup. Use at your own risk. If you upload a non-Linksys firmware (such as this one) to your device, you will loose your warranty. I will try to add some documentation about the firmware in the next days (source code included).
Thanks for your post.
Unfortunately, the Resnet people are ignoring even reasonable requests, and are essentially showing us the finger. Their disregard for us, their customers, is mindboggling.
They only react to pressure from their superiors.
So, don't give up yet. You should talk with your advisor and your department head or dean to help make known to the academic side of campus that Resnet is hindering our research work. That's seems to be the only way to get them to reconsider their stance.
This new change sucks. It has taken me over an hour to get to this site and attempt to post. Earlier today I needed to send and receive thesis documents and could not because of the stupid CCA screwing up the network. I have a Macantosh and I still have to deal with this crap. Thanks for having a place for us to voice our frustrations I just wish it wasn't in vain.
Channel 13 was out as well. I wonder why they can't implement a quality of service monitoring. Clicking through all channels once a day takes less than 2 minutes. If they don't have the time to do that, maybe they shouldn't have accepted to operate Cable TV in the first place.
Well, nothing is for free. ESPN's pricing is so that it would be a considerable price increase (something in the order of $10/month/student, although I don't know for sure yet.)
This would be for everybody, and there are a considerable number of students who can't afford that or won't be willing to pay for it.
Food Network is much more affordable. The price increase for Food Network would be in the $0.25/student range.
Anyway, we had a meeting with the administration today, and they are looking at creating a survey to get student feedback. Be sure to make your wishes heard.
Call more signatures for CHinese cable TV.
Thanks for your support on Chinese TV channel. Currently, we have 156
signatures from 120 units in VP and PV. We do need more
signatures. If you did not add your spouse, kids, or roommate's name,
please send their name if they support. If you are on waiting list,
please sign your name and department too. Even you don't watch TV,
please support Chinese association's activity.
Thanks for AGST (Taiwan Student association) email group's support.
Appreciate students's great support from Taiwan. Thank you all.
Please forward the following message to more people, collect more
signatures. Next week, we will go to talk with house officers and
Currently, 150 digital signatures from 120 apartments were sent to
cssauci @ gmail . com.
Please forward this email to your friends on campus housing.
The purpose to collect signatures is to ask Chinese TV channel in
cable TV in Verano Place and Palo Verde. The cable TV has cancelled
Phoenix channel, which carries nice mandarin and Cantonese programs.
Please send your name, room number, and email address to
cssauci @ gmail . com.
VP 9999 Zhang Yi, Zhang Er xxx@h...
PV 9999 Wang Yi, Li Si xxx@u...
We will propose a letter with all signatures to ask house office to
add a Chinese TV channel and no extra cost for each student. More
signatures will help this action.
According to UCI website, VP has 862 apartments, and 204 apartments
in PV. Considering more residents' benefit, which is also emphasized
by student housing office, we must collect enough signatures to show
that we have a large population on campus housing. In fact, many
Chinese students live on campus house. DirectTV has the service to
open Phoenix channel or CCTV.
Thanks for your support,
Thanks for that. I was out last night...
This is still going on this morning.
It gets weirder by the day.
I just called PV Housing, and the frontdesk person first told me to call Resnet. After my inquiry about what resnet has to do with the cable TV, she connected me to the maintenance supervisor.
That guy told me to call CampusTelevideo, which doesn't make any sense whatsoever. I explained to him at length that I am not a party in the contract with CampusTelevideo, so I can't call them. He eventually agreed to take my complaint.
Yup. Saw that.
I talked to Ted Roberge from Resnet today, and he was surprised that the problems webpage lists Resnet as contact point. Talk about lack of coordination ;)
Anyway, he said he wanted to talk to Kevin Ansel to change that back to what it was before.
Resnet obviously doesn't want to have anything to do with the Cable fiasco :)
When I complained about the frozen channels this morning, I was told that I "could move."
Also, the tech guy managing this whole mess, Kevin Ansel, is going on vacation... So I guess there is nobody then to fix problems...