I’ve just had a proper argument. My circle of friends and even a few colleagues at Dennis will tell you, this isn’t unusual of itself, so I won’t do the down the pub routine that relies heavily on the phrase “So then I said…”. I’ll give you the helicopter view.

It was an argument about Wi-Fi. I went to a meeting to go through re-wiring a retail shop to accommodate a CCTV system, the sales PCs, the PDQ card-payment setup, and the email workstation. There was also a couple of new ventures, in the shape of kiosks for customers to look through the website and ask about styles, sizes and colours not visible in the shop.

At this meeting were the proprietors, me, and a jobbing interior decorator. The list of snags, water leaks and bits of paint and the like was long and diverse: then we came to the wiring. Just a small shop, but very quickly we arrived at a total of 15 locations. It’s also an old building, which means that it won’t be falling down any time soon; but conversely, drilling holes is going to be a proper rufty-tufty builder’s job, one I am very glad I won’t be undertaking. Looking at the job in hand, the jobbing builder decided to propose a different approach: Why not just put in wireless?

Once the idea occurred to him, it snowballed. With Wi-Fi, customers could just be given an iPad, and wander freely around the whole space, paging through the website. How cool would that be? Wires aren’t needed then. I suggested this might not work out very well, given the background level of theft in that specific shop and the surrounding area too: and that it might not be terribly secure, in an area so full of other shops, offices, homes and restaurants. This is when the conversation kicked up a gear.

We are one of the last great self-taught professions, and from that many difficulties follow

The jobbing builder clearly believed that there is no such thing as a Wi-Fi security problem. To the point where anyone who suggested otherwise was to be cross-examined in an incredulous tone. There is no such thing as a passive Wi-Fi traffic listener Trojan, or those websites that crack WPA2 keys, or people whose credit card numbers or bank details are stolen via Wi-Fi or traffic spoofing. As far as he was concerned, Wi-Fi was the future; the idea that it could be much more expensive and complicated to segregate the network so that the CCTV in the changing cubicles didn’t get re-broadcast across the rest of the planet was, apparently, a stupid thing to suggest. All those videos on YouTube like this are clearly fakes.

I confess: I lost my cool with this tirade of ignorance. At the same time, I was thinking about Part P.

For those who have not come across it, here is the IET’s summary of Part P:  it’s the regulations that attempt to control who is allowed to do electrical wiring work. When introduced, I must say I agreed with the antis, because it seemed to me completely absurd that there could exist anyone who didn’t know how to wire up a wall socket correctly. It only takes a small tickle with 240v AC to entirely convince anyone of the need for proper safety in wiring. I can’t have been the only small boy to have successfully hidden the burns from an incautious poke about in the guts of a radio, surely…

This conviction faded slightly after I saw my first few 13A sockets with bare wires wedged into contact by the earth-pin shutter, and other similar sins, until these days I am pretty much entirely in favour of the concept of Part P. If someone wants to do that kind of work, then go and get the qualification, is now my attitude.

This is a very unusual conclusion to reach if you are a “computer person”. We are one of the last great self-taught professions, and from that many difficulties follow. Assuming that everyone is equally able to teach themselves, and equally able to draw the right conclusions from an individual view of a wider body of evidence, is (I believe) our greatest sin. This hasn’t been that much of a problem while IT and networks in particular has been the province of a priesthood, a charmed circle of übernerds: the problem comes when network technology starts to permeate into the skill levels that gave rise to Part P.

I’m trying to be polite and it might not work in my current mood, so I’ll settle for blunt: thick people think differently from nerds. It’s not a matter of less of something, like an IQ score, instead it has many aspects and parts. There’s emotion, there’s ego, there’s ownership of the topic, there’s animal cunning versus lofty and mistaken intellect: it’s a rich minefield of disasters, at least if your tempter works like mine.

The clever thing to do with this type of problem is to avoid getting dragged into Meldrew-like expressions of exasperation, but I will say that the inception and history of Part P makes me worry about the take-up of IP networking in the wider population of trades. Part P protects against a simple phenomenon – a pretty immediate and intensely memorable electric shock; good small network design protects against a rather more subtle, long-term and generally less physically painful series of mishaps.

But the underlying point to Part P remains that incidents arising from electrical wiring put in blithely by workers and DIYers, quite convinced they were doing it right, were prominent enough that Health and Safety decided to get involved. There is no equivalent body for network data security – unless, that is, you count the loss adjusters who now turn up when your bank account is emptied by an online data theft incident, and seek to prove that you were negligent in your use of the bank’s website to get them out of reinstating the contents of your bank account.

Happily for me, this particular client had been dealing with that type of mishap already, and were also better diplomats: they pointed out to the builder that he couldn’t very well remark on the superior strength and thickness of the Victorian buttresses and brickwork, and then recommend Wi-Fi. This contradiction provided a way out of the contretemps without too much loss of face all round – something that, as a classic nerd, I never have been very good at ensuring.

The internet has been running out of space for the best part of ten years now, address space that is. In a nutshell, the 4,294,967,296 addresses provided by IPv4 are pretty much exhausted and so we must start embracing IPv6 which can provide a few more.

How many, exactly?

How does 340,282,366,920,938,000,000,000,000,000,000,000,000 addresses sound to you?

Now I’m not going to get stuck into the whole ‘how to migrate to IPv6 thing’ here, nor even the debate about how long we really have left to make that migration (although Steve Cassidy will be examining this in issue 200 of PC Pro). Nope, I’m more interested in what the potential impact upon internet security will be when it’s a done deal and everything is connected to the internet.

In other words, does giving everything an IP address open the door for your fridge to start spamming you? Or perhaps more appropriately, given the type of crap contained in most of the spam I see, your toilet for that matter? Seriously though, what does IPv6 mean for security?

Much of the FUD coming is coming from those with something to sell, be it product or consultancy

Given enough IP addressees, the argument goes, the spammers can cycle through such a large and diverse range that spam blacklists become unsustainable, as by the time a domain has been verified as a spam source and added to the blacklist, the spammers behind it have already moved it to another IP address.

This, it seems to me, is less an IPv6 problem and surely more a ‘rely on blacklisting to defeat spam’ problem. Other content-focussed techniques, such as Bayesian filtering, don’t care about where the source is but only what the output consists of.

So are there actually any hidden dangers in the move to an IPv6 address space system at all, or is it all just the usual round of FUD? As some organisations have already implemented IPv6 without any great collapse of security systems, I am inclined to think it is just that. Much of the FUD is coming from those with something to sell, be it product or consultancy.

Potential problems

There will be problems, of course. I’ve heard reports that the Duplicate Address Detection (DAD) system, which provides the means for a device to ask others on a subnet if they are using a particular address, could be used for denial of service (DoS) attacks without too much effort. But then again, those in the know have told me that it doesn’t take a whole big bunch of effort to detect this happening and block it.

Am I scared that IPv6 will cause the sky to fall in? Nope, and neither should you be. IPv6 itself is not intrinsically any less secure than IPv4, as long as it is implemented properly — which means doing your homework during any transition period between the two and ensuring you are not creating holes through which your own particular little piece of sky could fall. But that’s not different to any transition from one network technology to another…

I can’t help thinking that this is an echo of a dried-up, bureaucratic and increasingly irrelevant administration: reading the plaintive call of the uber-spook side-by-side with the quiet and simple statements of the man brokering the expenses leaks gives some idea of the error being made by the modern British civil servant.

The uber-spook is concerned with his job and nothing else: the leak broker is concerned with the entirety of civic life. The spook wants to use the most expensive, brute-force algorithm to go find his elephant, with no reference to the issues that clearly concern the arch-leaker.

The abstruse idea that motivates Mr Wick is that of the social contract: tit for tat, in essence. This asserts that any civil interaction which is one-sided is inherently unfair, and will deliver mounting resentment, avoidance, bad vibes – and eventually, payback. Mr Wick’s objection (he says) is to exactly the kind of blunt and omnipresent surveillance advocated by Sir David Pepper (our uber-spook). Just about the only thing these two men have in common is that they are unelected guardians of something that affects the lives of others in very real and immediate ways.

There is a networks angle to my Sunday morning meanderings here. I don’t know of any networks administrator who isn’t exquisitely aware of the results of poking around inside the data their networks present – it’s not just that reading HR’s personnel files is “not the done thing”, it is rather a career-limiting, stupid and explosive thing to indulge in.

In our case, as admins, we have the oversight which Sir David would like HMG to have – but there’s payback for us when we abuse it. Sir David’s need is not in doubt, but what’s not clear is the consequences for those less privileged than him who may abuse the data he collects in good faith. Part of being a good network admin is realising the value of information and appraising those who would have access to it – and appraisal is a face-to-face, personal, intimate thing to do.

Sir David’s proposal opens our data not just to well motivated intelligence operatives, but also to some pretty petty minded, poorly motivated and entirely invisible faceless bureaucrats. This is a pressure group which exists somewhat outside the traditional mechanisms of democracy, but whose actions definitely motivated Mr Wick’s leak brokering activities.

It seems quite clear to me that the bureaucrats are the ones unbalancing our social contract, and just for once the bit ofsociety outside government best placed to show society how to make this work better – how to provide security oversight without destroying faith in administration – is our bit. The bit that handles directory permissions, firewalls, VPNs, logs, and the rest.

Thing is, I don’t know who to go to with my suggestions, because the departments who set those standards are secret, and the standards they set are secret too.

Which is rather where we came in…

Using a new feature called Libraries in Windows Explorer, you select and open files on the HomeGroup network as if they were stored locally on your PC. It’s also possible to search for files (using tags and filenames, or more advanced searches, such as the month a photo was taken) across the entire HomeGroup.

The obvious disadvantage compared to a Windows Home Server is that the other PCs in the house will need to be left on for you to access their files. What’s more, HomeGroup only works with other Windows 7 PCs, and it’s likely to be many years before the average household has migrated all of its PCs to the new OS.

A more useful feature of HomeGroup is its ability to automatically detect when your work laptop, for instance, is being used in the home. Subsequently, printer settings are automatically configured to your home printer, preventing those baffling moments when you hit Ctrl + P and wonder why nothing’s being spat out of the inkjet in the corner, because it’s still set to your work printer.

Music and video streaming

As well as accessing photos and documents from other PCs on the Home Group, you can play their music and video back from the PC in front of you, too. Windows Media Player now includes support for AAC files, meaning it’s even possible to dip into other people’s iTunes libraries and play those back on your Windows 7 PC. You’ll be shocked to hear that files wrapped up in Apple’s DRM aren’t supported. However, H.264, DivX and AVCHD are, which certainly broadens the range of videos that can be streamed from PC to PC across your home network.

One exceedingly nice touch is the option to right click on music files on your Windows 7 PC and select the option to play them on a networked media receiver, such as a Sonos Digital Music System. This means you can sit with a laptop on the sofa and have the media receiver fill your living room with a handpicked playlist of songs, which will appeal to audiophiles at the end of a long day.

Wireless networking

Selecting a Wi-Fi hoptspot or wireless router has been made marginally easier in Windows 7. Instead of clicking on the wireless networking icon in the System Tray, and then entering a separate dialogue box to select an available connection, you now simply left click on the icon in the System Tray and you’re presented with a list of available networks in a pop-up jumplist. Timesaving, if not exactly breathtaking.

I’m not the world’s biggest Vista fan. I don’t have it on my desktop machines, but I do on my laptops since even I’ll admit its suspend & resume is far more reliable than XP’s (or Ubuntu’s, or Fedora’s for that matter). One of the things I truly hate about it though, is the networking configuration interface. It never fails to lead me round in circles no matter how much I use it. It’s like a maze with moving walls and it gives me the willies.

So imagine my surprise today when it actually did something useful.

Check out the third suggestion in the screenshot. Vista knew my router needed rebooting, and it even told me how to do it! So I followed its advice and took a quick trip round the back of sofa to give my Belkin a kick. Even more astonishing is the fact that it actually solved the problem.

I. Am. Impressed.

Admittedly I’m less impressed that the laptop has started freezing for ten seconds at a time after it sprang a pile of automatic updates on me when I rebooted this morning (cue ten-minute wait to use my own computer), but you have to grab your little rays of sunshine when you can.

The most recent time I optimistically pressed the ‘Diagnose and repair’ link was this weekend, when it came up with the entirely unhelpful message that the reason for my faulty wireless network was because a cable wasn’t connected into my Ethernet port. A big thank you to the Microsoft error dialog writers for that one.

In the end, I had no alternative: I had to resort to the time-honoured reboot. Even that didn’t work. Nor did rebooting the router. In fact, it was only when I called my dad and talked the problem through that he pointed out the error must be a software setting somewhere. This, I should shamefacedly admit, was after I’d swapped out the router and all the connecting cables.

It took me a princely 24 hours to solve the problem, and with a better diagnosis tool I reckon that would have been 24 seconds. Surely it’s not beyond the ken of Microsoft to build a tool that works out the two bits of a network that aren’t connecting as they should?

So am I just unlucky? Are other people out there having success with it?