Tuesday, November 22, 2011

Did the ISP Supply a Bridge or a Router?

This week I helped two friends configure wireless devices and get them working. In both cases, the root of the problem was understanding what services were provided by the ISP's device and what services should be provided by the wireless device. In one of the problematic cases, a cable connection, the ISP supplied a transparent bridge that allowed a single device to be configured using DHCP and provided a registered IP address. In the other case, a DSL connection, the ISP supplied a consumer-grade router with network address translation, DNS forwarding, and the ability to configure clients using DHCP. Configuring the wireless device properly required an understanding of the ISP's device.


For the purposes of this document, bridge and router, when applied to the device supplied by the ISP, have the following meanings.


A bridge supports a single IP address and serves to translate (bridge) between one transmission medium and another, for example, between TV cable and Ethernet, between DSL and Ethernet, or between Ethernet and WiFi.


The term router is misused slightly here to mean a consumer product that requires a single IP address on its outside (wide area network, or WAN) port and supports multiple client devices, each with its own IP address, on its LAN ports.  To support multiple “inside” IP addresses, a consumer router necessarily implements network address translation, or NAT.  It generally also provides DHCP configuration of clients and DNS forwarding.  It could optionally provide a bridge between media types.  It might provide other services, such as NTP relaying.
Although I've misused the term router slightly, my use here is consistent with industry practice and shouldn't confuse anyone. Strictly speaking, a "router" connects different networks, i.e. networks where the network part of the IP addresses are different. A consumer-grade wireless device does that, but also provides the other services listed above.


IF the ISP device operates in bridge mode
    then set up  the wireless device as a router
    // The  ISP device is a router, so
    Set up the wireless device as a bridge 
So, the key question becomes, "Did the ISP supply a bridge or a router?"

Is the ISP device a bridge or a router?

Data Collection

Record any manufacturer information or model numbers on the physical device. Google is your friend.
Connect a device running Microsoft Windows to a port on the ISP device, open a command window, and issue the command ipconfig /all

Find the section of output labeled Ethernet adapter Local Area Connection and record the following:

            IP address: ___________________________

            Subnet mask: _________________________

            Default gateway: ______________________

            DHCP server: _________________________

            DNS servers: ________________________

Testing and Inference

Assumption: a device such as a laptop that’s plugged directly into the ISP device “just works,” so it was configured using DHCP and there’s a DHCP server someplace in the ISP's infrastructure.
  1. If there are two ISP boxen, the one connected to the TV cable or DSL line is almost certainly a bridge and the “inner” one a router.  Consider the pair together to be a router.
  2. If there’s only one Ethernet connector on the ISP box, it’s probably a bridge.  If there are multiple connectors, it’s probably a router.
  3. If the IP address from the data collection step is not one of the following, it’s almost certainly a bridge:
    172.16.x.x  to 172.31.x.x
  4. If the default gateway and DHCP server are not the same IP address, it’s almost certainly a bridge.

Acid Test

If there are multiple Ethernet ports on the ISP box, connect two client devices to two of the ports.  If both clients work and report different IP addresses within the ranges listed in step 3 above to ipconfig /all then the ISP device is a router with probability one.  Otherwise, it’s almost certainly a bridge.

If there’s only a single port, establish a configuration like this:
Diagram showing two computers connected to the ISP's device

If both clients work and report different IP addresses within the ranges listed in step 3 above to ipconfig /all then the ISP device is a router with probability one.  Otherwise, it’s almost certainly a bridge.

Of Course, It Could Be a Duck

Most consumer grade routers can be configured to operate in bridge mode.  Unless you can get access to the configuration mode of the ISP device, if it acts like a bridge, treat it as a bridge.  If it acts like a router, treat it as a router.

Wednesday, June 8, 2011

Turn Off Facial Recognition on Facebook

Facebook has quietly (silently!) rolled out a feature that attempts to identify your face in pictures your friends upload, and then suggests that they "tag" you in such pictures.

Your first reaction might be, "So what?  They're my friends... they're going to tag me anyway."  Well, maybe, but maybe not.  It depends upon what's in the picture, why it was uploaded, and how much value your friends put on your privacy.  Imagine, say, a wedding reception.  The bride and groom are the center of attention, looking beautiful and handsome, respectively.  But, in the background, is me, or maybe you, with a death grip on a beer and chatting animatedly with the bride's little sister.  In the ordinary scheme of things, the guy with the beer probably wouldn't get tagged, but if Facebook suggests it... well, have you ever clicked "OK" without thinking?

"So what?  Everybody drinks at wedding receptions."  Well, maybe, but do you really want to be the guy with the beer in more than perhaps one picture?  Or something equally innocent that could be misinterpreted?

Then there's the question of accuracy.  Maybe all overweight white guys with grey beards look alike to Facebook's software.  "Surely my friends would notice the mistake and fix it."  Well, maybe... have you ever clicked "OK" without thinking.

Don't forget Mark Zuckerberg's dream of world conquest.  After enough pictures get tagged, Facebook's facial recognition software will know what you look like.  When will "they" decide to turn on automatic recognition?  And for the huge volume of pictures that have already been uploaded?

Am I paranoid?  Facebook's history of stepping on privacy says not.

Convinced?  OK... here's how you turn this "feature" off.  This stuff is well hidden, so stay with me.  If the screen shots are hard to read, click on them to expand them.

In the upper right of your Facebook page, click "Account" and select "Privacy Settings." (Notice that I've blurred the images of others that appear in this screen shot.)

Within "Privacy Settings" find the "Sharing on Facebook" section and click on "Customize Settings." (Told you it was hidden!)

Finally, next to "Suggest photos of me to friends," click the "Edit Settings" button and change the setting to "Disabled." Click "Okay" to save your changes.

Whew! That was a lot of trouble. However, you've turned off automatic recognition of your mug.  For now.

However, don't forget that Facebook's software can still learn what you look like because your friends have probably already tagged pictures of you by hand and will probably do so again in the future.  EEeeww!