Forgot your password?
typodupeerror

Comment: Re:Sure but... (Score 1) 200

by Strider- (#48414225) Attached to: Launching 2015: a New Certificate Authority To Encrypt the Entire Web

Exactly. I work in an environment with very limited bandwidth (1.8Mbps private satellite link servicing ~80 people). SSL by default is the bane of my existence. Right now, I've got Cisco WAAS deployed, and it adds about another 30% of effective capacity to my link, and often more. If everything goes encrypted by default, then I lose all of that. I get no caching gain, no compression gain, nothing, unless I MITM the link, which is evil and causes no end of support headaches.

Encrypt what needs to be encrypted (Authentication mechanisms, financial transactions, etc...) and leave the rest. There's no reason to encrypt cute cat pictures or grandma's chocolate chip cookie recipe.

Comment: Re:Caller ID spoofing (Score 2) 139

by Strider- (#48399081) Attached to: Ask Slashdot: Dealing With VoIP Fraud/Phishing Scams?

Sure, but you can verify that the ANI (originating number) belongs to a block that the customer is allowed to use. I have a PRI with two 100 blocks associated with it. I would expect that the telco would verify that the originating number I send to the switch is taken from those 200 valid numbers, if only in case someone calls 911 etc...

Comment: Re: May I suggest (Score 2) 334

by Strider- (#48184555) Attached to: No More Lee-Enfield: Canada's Rangers To Get a Tech Upgrade

Remember, the old Lee Enfield rifles were never designed as sniper weapons. They were battle rifles first and foremost, which just happened to be pretty serviceable as sniper weapons. Additionally, I don't think the rifles to be replaced are scoped rifles. As far as I know they are simply standard Lee Enfield No.4's.

Years ago, I was working in a research camp in the high arctic, and the Arctic Ranger in our camp let me shoot his Lee Enfield. Amazing weapon, and the perfect thing for knocking down a polar bear. The amazing thing with the weapon I used, is that it had graphiti on the stock... Scratched into it, and nearly worn away was written "June 6, 1944." which to me indicates that the weapon had been used at Normandy. The serial number on the barrel also indicated that the weapon pre-dated the Normandy landings as well.

Comment: Re:News for nerds? (Score 1) 254

by Strider- (#48122623) Attached to: What Will It Take To Run a 2-Hour Marathon?

Eh? I always thought of my three sports (Skiing, Sailing, and SCUBA diving) as all being pretty nerdy sports... you need plenty of equipment, often with funny names, and know how to use that equipment properly (some more than others of course... when skiing, if your equipment doesn't work right, you faceplant... in Sailing, you don't go anywhere, and in SCUBA if your equipment isn't working, you might die).

Comment: Re:Jamming unlinced spectrum is illegal? (Score 5, Informative) 278

by Strider- (#48059155) Attached to: Marriott Fined $600,000 For Jamming Guest Hotspots

Am I wrong? That's how I read the whitepaper.

You are wrong. At least one model of Meraki access point has a dedicated radio for this purpose. It attacks other wifi networks through a number of mechanisms, including pretending to be the AP under attack, to attract clients to it, sending spoofed de-auth packets to the clients of other APs, and other techniques to effectively conduct a denial of service attack on whatever other wireless network that may exist within its range. This is precisely what I was encountering on my network.

The main issue I have with this technology is that it can be set to attack all other wifi networks. If it was limited to protecting the SSIDs under its control, I would have less of an issue with it. IE if the wireless system is advertising the SSID "Marriott Convention Center" and someone else sets up a rogue AP using the same SSID, then that's fair game, as the person running the rogue AP is either clueless, or has nefarious intent. If it's attacking "Bob's iPhone Network" then that's another matter.

Comment: Re:Jamming unlinced spectrum is illegal? (Score 5, Informative) 278

by Strider- (#48057951) Attached to: Marriott Fined $600,000 For Jamming Guest Hotspots

As much as I dislike Mariott's practice here, this is clearly outside the scope of the FCC's regulatory powers and as far as I know isn't even in violation of their own regulations. First of all, WiFi operates on UNREGULATED spectrum, which means anyone can use, and anyone must accept interference from other users.

Not quite true, the ISM bands are Unlicensed bands, not unregulated. In order to sell equipment used to transmit on these bands, the systems must be type approved. Part of this type approval process includes ensuring that the equipment in question will not cause undue interference to other users on the band. To me, sending rogue de-auth packets constitutes interference.

In Meraki's Air Marshal Whitepaper, they explicitly state on page 8 that Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’)..

I actually had this particular issue affect me. As a volunteer, I operate a community-wide network, including a widespread wifi network, at a retreat centre high in the mountains of WA. At this time, there is a significant mine remediation project going on in our valley, so we have leased out several buildings to the construction companies, who setup their own Meraki system. Unfortunately, they enabled Air Marshal, which then went on to attack our wireless network. Despite running WPA-Enterprise on our network, it was still successful in attacking our networks, and rendering them nearly useless. In the end, we had to flex our muscles as the landlord to get the feature disabled.

In my mind, the ability to attack adjacent networks should be illegal, and Cisco and the others should not be permitted to sell this technology to the general public. Rather the systems should simply alert on the presence of other wifi networks, and assist in locating them. Also, the wifi standards should really be updated to fix this type of vulnerability... in a WPA-Enterprise environment, clients should only respond to a de-auth packet encrypted/signed with the session key between the client and the AP its connected to.

Comment: Re:Tech people like their privacy (Score 1) 115

by Strider- (#47931251) Attached to: Logitech Aims To Control the Smart Home

Adding to your insightful commentary, I do NOT want anyone to access the programming I have setup on my devices because I do not want anyone with possibly malevolent intentions being able to guess when I am home/on vacation.

Huh? How would accessing the programming tell when you were on vacation? The program/configuration that controls your stuff is stored on the device itself, not stored/run in the cloud. The only information stored in the cloud is how your remote/system is configured, not its state. Once you configure the device, if you're exceedingly paranoid, you can always firewall it off from the outside world, and it will continue to work.

Comment: Re:Cloud based? No Thanks! (Score 1) 115

by Strider- (#47927887) Attached to: Logitech Aims To Control the Smart Home

Only a fool would be OK with cloud based control and automation. If all the processing and control is not done on the local LAN then the product is 100% crap.

The programming of the system is cloud based. The communications between the remote, the base, and your device occurs locally. The only ongoing cloud stuff comes in if you want to be able to use the app on your smartphone to control certain devices while you're away. If you don't want this functionality, nothing stopping you from firewalling off the base so that it can't communicate with the outside word.

Comment: Re:Wrong Solution (Score 1) 326

by Strider- (#47900849) Attached to: Technological Solution For Texting While Driving Struggles For Traction

People hate driving in general.

Eh, not everyone does. I quite enjoy driving, I don't even mind being stuck in traffic, as long as I've got the CBC or NPR on the dial...

That said, I keep (handsfree) call short and sweet, and the only time I would ever check/send a text is stopped at a red light (which is still a ticketable offence here).

Comment: Re:Everything old is new again (Score 3, Informative) 491

by Strider- (#47868385) Attached to: To Really Cut Emissions, We Need Electric Buses, Not Just Electric Cars

Vancouver, BC has a very extensive trolleybus network, with 265 active trolley busses. The system works quite well, and the busses do have battery backup, so they can go off the wires for short periods of time (to go around road construction, accident, pass a parked bus, etc...). As for the wires being ugly? I dunno, they're just part of the fabric of the city. There are some intersections though with rather impressive spider webs hanging over them. :)

Comment: Re:Sorry guys, but you are full of shit (Score 1) 533

by Strider- (#47859645) Attached to: AT&T Says 10Mbps Is Too Fast For "Broadband," 4Mbps Is Enough

Correct. We basically buy 1.6MHz on the satellite, and have our own private connection. Because it's SCPC (Single Carrier Per Channel) latency is typically 550ms, and the high priority QoS queue has very little jitter (on the order of 5 to 10ms). This makes the voice quality near toll quality, and very reliable.

For reference, over the past 24 hours, the folks on site downloaded 6GB and uploaded 2GB (including all the voice traffic), and this was a light day. I've had days when it's closer to 10GB downloaded (See patch tuesday). Anyhow the goal is to make it reliable, albeit slow, and in that we mostly succeed. I also deploy some measures to combat things like bittorrent and other P2P applications, just out of necessity to protect the network.

Comment: Re:Sorry guys, but you are full of shit (Score 1) 533

by Strider- (#47856877) Attached to: AT&T Says 10Mbps Is Too Fast For "Broadband," 4Mbps Is Enough

Your .sig is less persuasive in the context of your post; it sounds like you are practically on tin cans connected by string up there!
My kids have practically no concept of TV, not because they're too good for it, but because it has been replaced by youtube.

The site in question is actually in the US, north-central Washington State. The surrounding terrain is extremely rugged and federal wilderness. We've looked at fixed microwave, but that would require two self-powered mountain-top repeater sites (never mind the fact that one of them would actually have to be built in the Wilderness area, which would require an act of congress to approve). Also, conservative estimates put the price tag on the system at about $250k, and ongoing maintenance wouldn't be cheap either.

"Atomic batteries to power, turbines to speed." -- Robin, The Boy Wonder

Working...