Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



What To Do If Police Try To Search Your Phone Without a Warrant

ptudor Legal protection, and reality (286 comments)

Most people involved in a pre-textual motor vehicle stop and issued a warning for a trivial non-offense won't know to say the magic words that begin their legal defense: "Am I free to go? Why am I being detained?" and when the polite officer says, "Well, I'm sure you've got nothing to hide, let me search your vehicle, and no matter what I'll make sure you're on your way quickly," many quickly hope compliance is their best option in the short-term.

So they say, "Yeah, go ahead," instead of the alternative, "I do not consent to search and invoke all protections afforded me by the Constitution; while I am cooperating within those constraints, please advise me promptly when I am free to go."

You'll get searched anyway, whether it's your phone or your car. You might get arrested anyway. But having invoked your rights instead of freely waiving your rights gives the defendant ample opportunity to assert their innocence in court without having already accidentally proven their guilt without the benefit of counsel.

I expect most people, despite the Supreme Court ruling, will find their phones searched anyway; consider stop-and-frisk in New York City. Please set a passcode on your device, preferably alphanumeric instead of a simple PIN, and avoid interacting with law enforcement, they have better things to do than read a neckbeard hacker's text messages to his mom about picking up more Mountain Dew at the store.

(Nevermind Border Patrol checkpoints in the US or Customs/Immigration interviews...)


about 3 months ago

IT Pro Gets Prison Time For Sabotaging Ex-Employer's System

ptudor Re:Ethics (265 comments)

"Herd" animals have eyes on the side of their heads, because they're prey. "Pack" animals have eyes facing forward, because they're predators.

about 4 months ago

FreeBSD 10.0 Released

ptudor Re:VMware tools included (136 comments)

Running NTP on ESX guests is often nasty and a great reason to use the vmware-tools:

vmware-toolbox-cmd timesync status
vmware-toolbox-cmd timesync enable

about 8 months ago

Nagios-Plugins Web Site Taken Over By Nagios

ptudor Alternatives... (119 comments)

After having the good fortune to spend a few weeks testing everything free, I've got to spend a minute evangelizing for Zabbix.

It took me a week to understand the concepts, but the clone button and templates make Zabbix my favorite tool. The local Zabbix agent on each host gives detailed metrics and the screens of graphs are great.

Check out the appaloosa-zabbix-templates for more MySQL and Memcache charts than you ever thought might work out of the box.

Zabbix is ridiculously powerful, from auto discovery on subnets, to simple ping and snmp, up through more advanced tools.

about 8 months ago

Security Expert: Yahoo's Email Encryption Needs Work

ptudor Re:Even good ciphers are mostly useless (123 comments)

I'd add a #4, or #2a, Man-In-The-Middle the certificate. Diginotar's compromise, never the huge bundle of trusted certificates in every browser/OS, makes it easy. Whatever an enterprise can do with GPOs and Websense can happen in the wild too. (I kinda prefer self-signed certificates anymore.)

Overall I agree, but I still cry out in pain when I see people choosing to use 3DES and disable PFS.

about 8 months ago

Security Expert: Yahoo's Email Encryption Needs Work

ptudor Progress. (123 comments)

It's important to remember that only a year ago RC4 was a recommended solution and TLS1.2 support in browsers like Firefox and older operating systems has been slow to arrive. So I look at this as an important first step, with progressive refinements sure to follow. In the same way that Facebook introduced https in response to Tunisia and slowly made it an option for all users before making it default, Yahoo, while slow in adopting a model of default security, has to walk similar steps. They may have had an SSL-beta-option for the last year, but given their AOL-Like user base, I can understand being conservative in adopting new methods and being liberal in the ciphers they provide. Someone using Chrome in Mavericks may expect support for SPDY3 with AES-GCM, but for a user base that may be using IE6 or FF3 on XP still, for a company that caters to people who will never know what GCM or SHA2 is it best to avoid the headline, "Yahoo Mail is Broken for tens of thousands of users." They'll get there. Thanks for trying, Yahoo.

Now, can someone at Microsoft turn on STARTTLS? For that matter, I wish NANOG would turn on STARTTLS for inbound connections.

Also, IPv6... please... IPv6...

about 8 months ago

Why Can't Big Government Launch a Website?

ptudor Government success: DNSSEC (786 comments)

The headline could do without that loaded word "big" and the connotations it brings. An easy counterpoint is DNSSEC: The entire dotgov TLD has had DNSSEC deployed for years in stark contrast to the adoption rate among the general population. Complex projects in technology are not all alike.

about a year ago

Home Server On IPv6-only Internet Connection?

ptudor Re:proxy on an amazon ec2 instance? (164 comments)

T-Mo USA was an acquisition of Omnipoint/Voicestream. Seattle is where they started from.

about a year and a half ago

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ptudor Re:Dutch Innovate (313 comments)

Whether it's the AC's numbers or your numbers, you're both talking about less than a percent as though it's greater than a margin of error in the real world. Export your expertise and let's all work on dotcom next.

about a year and a half ago

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ptudor Re:Dutch Innovate (313 comments)

Why choose one over the other? I don't care :) So far people have chosen neither.

about a year and a half ago

5 Years After Major DNS Flaw Found, Few US Companies Have Deployed Long-term Fix

ptudor Sweden Innovates (313 comments)

So, there's OpenDNSSEC to automate deployments; I strongly suggest spending the time to watch the .SE NIC's nine-part training videos from 2010 at Youtube to improve one's understanding:

Some respected members of our community dismiss DNSSEC. This video of DJB presents an opinion: DJB at 27C3

about a year and a half ago

George "geohot" Hotz Arrested In Texas For Posession of Marijuana

ptudor End Prohibition Now (578 comments)

Eighty years ago, alcohol was unconstitutional. Temperance unions succeeded in making dry counties a dry country and organized crime profited. Cannabis had not yet been vilified in place of beer.

Today, Budweiser advertisements can occupy an entire subway car on the New York MTA while the NYPD ensures >85% of those arrested for simple possession in both 2010 and 2011 are black or brown. What wasted resources! What an undue burden on citizens!

We must end the prohibition of cannabis. We must return justice to our courts. We must turn a black market into a taxed market. We must embrace research demonstrating controlled apoptosis in various cancers. You must join me. Prohibition harms everyone.

Further reading:

  1. "Cannabinoids Induce Apoptosis of Pancreatic Tumor Cells via Endoplasmic Reticulum Stress–Related Genes"
  2. "Delta-9-tetrahydrocannabinol inhibits cell cycle progression in human breast cancer cells through Cdc2 regulation"

more than 2 years ago

Iran Shuts Down US Virtual Embassy

ptudor Re:U.S. (451 comments)

slashdot wouldn't read the rest of my post if I didn't start with something punny...

more than 2 years ago

Iran Shuts Down US Virtual Embassy

ptudor Re:U.S. (451 comments)

Al-Jazeera is a Qatari network, not Iranian. The difference is quite a gulf.

Functionally, companies in the United States block Al-Jazeera. I challenge you to actually watch their CNN-like feed on your local cable station. The best I can do is their half-hour daily news program broadcast alongside BBC America and (that wretched) RT News on KCET in Los Angeles; today I consider Al-Jazeera's reporting premeir among broadcast television.

We at slashdot all know it's easy to intercept and redirect DNS (unless you're in Sweden, those fine adopters of DNSSEC), or insert in a transparent Squid/whatev with a hosts file, but I'm confident at least they're probably not using Websense, years ago I installed the mod_geoip ruleset to deny access to daily updates for requests originating from embargoed nations.

Last time I was in Syria Facebook was blocked at the port 80 level. But ssh forwarding 3128 worked fine, hopefully no one was etherealing 53. Funny it took Syria three years to finally ban iPhones, I lost a brand-new 3G getting out of a taxi in Damascus... the one time I didn't photograph the license plate of the car I was getting into.

Seeing "Persian" instead of "Farsi" struck me as odd, but I suppose I'm the odd one.

more than 2 years ago

How To Catch a Laptop Thief?

ptudor Re:The other side (485 comments)

html5 geolocation tends to look at the MACs of nearby BSSIDs to assist in the triangulation. It's not just MaxMind-style tables of IP addresses anymore, check out Google Location Services (used by firefox). It combines four elements: IP addresses, Cell Triangulation, nearby access points, and GPS. Blaming wifi for misdirection is plausible, but it also indicates that stolen property was perhaps next-door or across the street.

more than 2 years ago

Rob "CmdrTaco" Malda Resigns From Slashdot

ptudor Re:Succession plan? (1521 comments)

Right? anyway, thanks you guys. Maybe it's time to work on some AfterStep plugins... brought me here.

about 3 years ago

Vint Cerf Says No To IPv7, Yes To InterPlanetary Web

ptudor Re:So much for R&D and innovation -- (108 comments)

I do not miss your point, I make mine that R&D advances best with a common capable foundation. Ethernet addressing is static, yet Ethernet interfaces advance. IPv4 has been static since RFC1918, yet applications on it have evolved. People will find new uses for multicast and peer-to-peer communications in IPv6. The methods behind DNS haven't changed much since the end of the global hosts file, yet new record types like SRV, AAAA, and RRSIG can arise because of the sublime framework that underlies name resolution.

I mention an encouragement for adoption because remaining with IPv4 works against both our interests, yours in the continuing innovation -- we can't have IP-next-next-gen until we have an IPng network that bests the legacy IPv4 -- and mine in restoring the Internet to its peer-to-peer model.

"Privacy Extensions" address your concern about trackable addresses in IPv6. Browser cookies are a much greater threat to personally identifying a unique machine as it moves from location to location but nonetheless Windows by default enables the generation of a random host address and on linux grep sysctl to enable temp_addr.

more than 2 years ago

Vint Cerf Says No To IPv7, Yes To InterPlanetary Web

ptudor Re:So much for R&D and innovation -- (108 comments)

IPv6 dual-homing was still in progress.

I had IPv6 BGP with PI space in late 2006, so... uh...

I'll also add two comments concerning stagnation of technology. 1) MAC Addresses haven't changed in a long time. Yet Ethernet continues to advance, from coax to twisted pair, wireless, and fiber and from a bus to hubs then switches and now L3 switches. (although where are my end-to-end Jumbo Frames already?). A capable foundation does not hinder innovation. 2) Globally unique addresses in applications are the key. Returning the Internet to its mid-90s status quo of every host being a unique peer enables technologies that are simply painful to adopt today, like SIP communications or IPsec between islands of NAT. So we have created an inefficient clientA-server-clientB bandage so people can send each other images in IMs or actually use their webcams. Once the software developers (yes, they're part of my presentations) grasp the advantages of IPv6 I can't even imagine the wonderful new ideas they'll deliver.

IPv4 is simply unsustainable: at some point we'll simply run out of ports per IP to use for PAT. IPv6 has enough addresses to last effectively forever, through the lifetimes of people born today. Versus the status quo, where each person on earth has about half of an IP address if you consider the overhead of VLSM, not enough to cover my mobile phone, my SIP phone, my iPod, my iMac, my MacBook, my colocated servers, nevermind all the nerds in India or China... Would people adopt IPv6 faster if they saw it as a matter of social justice and equal access to technology for all the children of the earth?

(P.S. Everyone please hire me and some of my friends to teach IPv6 classes at your organization and organize your deployment. Thanks)

more than 3 years ago

After IPv4, How Will the Internet Function?

ptudor Re:ZOMG THE SKY [isn't] FALLING! (320 comments)

People on earth: Six billion.
IPv4 addresses: Four billion.

Not counting network addresses, broadcast addresses, and all the CIDR things.

Why do I deserve globally routable addresses but other people don't?

more than 3 years ago

Military Pressuring Vendors On IPv6

ptudor Re:How long will IPv6 last? (406 comments)

NAT is a historical artifact. That a PIX could NAT anything before RFC1918 existed matters in the same classroom where people learn about Classful routing before CIDR. It is more important to note we should already have native IPv6 from carriers. And Slashdot.

I mean, people, hire me and smash and the other under-modded smart people, we'll teach a class Friday, configure your routers on Saturday, check out the hosts on Sunday, and take the phone calls on Monday. This isn't rocket science (except for HSRPv2, so let's all use GLBP instead). Mainly you'll notice... IPv4 still works like it did on Friday. But all your google traffic, software downloads, and dns... IPv6 in the logs now.

conf t
ipv6 unicast-routing
int vlan 666
ipv6 addr 2001:db8:db8:666::1/64
ipv6 router ospf 65066
network 2001:db8:db8::/48

Some devices need:
sdm prefer dual def
wr me

Sooooo haaarrrrrrrdddd omgosh.

more than 3 years ago



World of Warcraft and Information Week deploy IPv6

ptudor ptudor writes  |  more than 3 years ago

ptudor (22537) writes "A post to NANOG mentions the 4.1 software update to World of Warcraft, arriving Tuesday, will support IPv6. Information Week is now serving IPv6 AAAA DNS records for public websites, joining sites like Heise and nixCraft that have already deployed IPv6 well in advance of World IPv6 Day on June 8th. Still notably absent? Slashdot. Lame."
Link to Original Source

Allegations regarding OpenBSD IPSEC and FBI code

ptudor ptudor writes  |  more than 3 years ago

ptudor (22537) writes "Gregory Perry has emailed Theo de Raadt, claiming 'the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OpenBSD Crypto Framework' as the reason 'inside FBI folks have been recently
advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments.' de Raadt notes because OpenBSD 'had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products' he is making the allegation public so 'those who use the code can audit it for these problems.' A decade of changing code leaves it 'unclear what the true impact of these allegations are.'"

Link to Original Source

Passport Cards For Border Towns Now Shipping

ptudor ptudor writes  |  more than 6 years ago

ptudor writes "With San Diego home to the largest land border crossing in the world, the local newspaper reports, 'Travelers and cross-border commuters who applied for low-cost U.S. "passport cards" earlier this year will soon be receiving them, the U.S. State Department said.' The article continues, 'Federal officials announced Tuesday that the wallet-sized cards are in production and that those who preapplied for them starting in February should be receiving theirs by Sept. 30. More than 350,000 people have ordered passport cards and at least 7,600 have been mailed, according to the State Department.' The initial press release from the State Department is available as well as a FAQ on the new cards."

ptudor ptudor writes  |  more than 7 years ago

ptudor writes "The U.S. Supreme Court announced several opinions on Monday and included with the electronic version of Scott v. Harris a sixteen minute video recorded by two police squad cars. The New York Times noted the sole dissenting voice of Stevens: 'The Court has usurped the jury's fact-finding function.' What elements of a jury's interpretation or nullification do videotape records impact? Does you car have a camera mounted yet?"



ptudor ptudor writes  |  more than 9 years ago An AC Posting from a thread on airline policing in modern times.

Re:Meanwhile... (Score:3, Insightful)
by Anonymous Coward on 17:49 Wednesday 19 January 2005 (#11415340)

3000 died. That is true... it only took 3000 to lose our freedom in this country. Give it a second thought. After 3000 dead everyone who enters our nation is treated as a criminal. Now remember the hundreds of thousands who died to bring you that freedom. DO NOT GIVE UP YOUR FREEDOM SO EASILY. Hundreds of Thousands of Americans died to bring Freedom back to Europe. That was not even our own freedom. In the Revolutionary war 10s of thousands died to Create your freedom. Stop being Scared of life and start living it. An Oppressive government is no way to run a country. Honor our soldiers and honor our forefathers by asserting your rights to privacy, freedom of speech, freedom of worship and freedom to congregate. This is what makes America great. Read your history books and learn. No one is out to get you, though its hard to tell with the Alert set to "Orange" today.... hmmmmmm how do they come up with that anyway? Does that mean I should keep my gas mask in my car, just in case????

-One More Concerned American.


First Journal

ptudor ptudor writes  |  more than 12 years ago This is my first journal entry. I'm adding this just to have one.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>