Forgot your password?
typodupeerror

Comment: Legal protection, and reality (Score 5, Interesting) 286

by ptudor (#47335075) Attached to: What To Do If Police Try To Search Your Phone Without a Warrant
Most people involved in a pre-textual motor vehicle stop and issued a warning for a trivial non-offense won't know to say the magic words that begin their legal defense: "Am I free to go? Why am I being detained?" and when the polite officer says, "Well, I'm sure you've got nothing to hide, let me search your vehicle, and no matter what I'll make sure you're on your way quickly," many quickly hope compliance is their best option in the short-term.

So they say, "Yeah, go ahead," instead of the alternative, "I do not consent to search and invoke all protections afforded me by the Constitution; while I am cooperating within those constraints, please advise me promptly when I am free to go."

You'll get searched anyway, whether it's your phone or your car. You might get arrested anyway. But having invoked your rights instead of freely waiving your rights gives the defendant ample opportunity to assert their innocence in court without having already accidentally proven their guilt without the benefit of counsel.

I expect most people, despite the Supreme Court ruling, will find their phones searched anyway; consider stop-and-frisk in New York City. Please set a passcode on your device, preferably alphanumeric instead of a simple PIN, and avoid interacting with law enforcement, they have better things to do than read a neckbeard hacker's text messages to his mom about picking up more Mountain Dew at the store.

(Nevermind Border Patrol checkpoints in the US or Customs/Immigration interviews...)

(IANAL.)

Comment: Alternatives... (Score 2, Informative) 119

by ptudor (#46004395) Attached to: Nagios-Plugins Web Site Taken Over By Nagios

After having the good fortune to spend a few weeks testing everything free, I've got to spend a minute evangelizing for Zabbix.

It took me a week to understand the concepts, but the clone button and templates make Zabbix my favorite tool. The local Zabbix agent on each host gives detailed metrics and the screens of graphs are great.

Check out the appaloosa-zabbix-templates for more MySQL and Memcache charts than you ever thought might work out of the box.

Zabbix is ridiculously powerful, from auto discovery on subnets, to simple ping and snmp, up through more advanced tools.

Comment: Re:Even good ciphers are mostly useless (Score 2) 123

by ptudor (#45905113) Attached to: Security Expert: Yahoo's Email Encryption Needs Work

I'd add a #4, or #2a, Man-In-The-Middle the certificate. Diginotar's compromise, never the huge bundle of trusted certificates in every browser/OS, makes it easy. Whatever an enterprise can do with GPOs and Websense can happen in the wild too. (I kinda prefer self-signed certificates anymore.)

Overall I agree, but I still cry out in pain when I see people choosing to use 3DES and disable PFS.

Comment: Progress. (Score 5, Interesting) 123

by ptudor (#45904879) Attached to: Security Expert: Yahoo's Email Encryption Needs Work

It's important to remember that only a year ago RC4 was a recommended solution and TLS1.2 support in browsers like Firefox and older operating systems has been slow to arrive. So I look at this as an important first step, with progressive refinements sure to follow. In the same way that Facebook introduced https in response to Tunisia and slowly made it an option for all users before making it default, Yahoo, while slow in adopting a model of default security, has to walk similar steps. They may have had an SSL-beta-option for the last year, but given their AOL-Like user base, I can understand being conservative in adopting new methods and being liberal in the ciphers they provide. Someone using Chrome in Mavericks may expect support for SPDY3 with AES-GCM, but for a user base that may be using IE6 or FF3 on XP still, for a company that caters to people who will never know what GCM or SHA2 is it best to avoid the headline, "Yahoo Mail is Broken for tens of thousands of users." They'll get there. Thanks for trying, Yahoo.

Now, can someone at Microsoft turn on STARTTLS? For that matter, I wish NANOG would turn on STARTTLS for inbound connections.

Also, IPv6... please... IPv6...

The Courts

Twitter Sued For $50M For Refusing To Identify Anti-Semitic Users 335

Posted by Soulskill
from the feeding-the-trolls dept.
redletterdave writes "After a French civil court ruled on Jan. 24 that Twitter must identify anyone who broke France's hate speech laws, Twitter has since refused to identify the users behind a handful of hateful and anti-Semitic messages, resulting in a $50 million lawsuit. Twitter argues it only needs to comply with U.S. laws and is thus protected by the full scope of the First Amendment and its free speech privileges, but France believes its Internet users should be subject to the country's tighter laws against racist and hateful forms of expression."

Comment: Sweden Innovates (Score 4, Informative) 313

So, there's OpenDNSSEC to automate deployments; I strongly suggest spending the time to watch the .SE NIC's nine-part training videos from 2010 at Youtube to improve one's understanding: http://www.youtube.com/watch?v=zl3gdM5tDTo

Some respected members of our community dismiss DNSSEC. This video of DJB presents an opinion: DJB at 27C3

Comment: End Prohibition Now (Score 1) 578

by ptudor (#39373631) Attached to: George "geohot" Hotz Arrested In Texas For Posession of Marijuana
Eighty years ago, alcohol was unconstitutional. Temperance unions succeeded in making dry counties a dry country and organized crime profited. Cannabis had not yet been vilified in place of beer.

Today, Budweiser advertisements can occupy an entire subway car on the New York MTA while the NYPD ensures >85% of those arrested for simple possession in both 2010 and 2011 are black or brown. What wasted resources! What an undue burden on citizens!

We must end the prohibition of cannabis. We must return justice to our courts. We must turn a black market into a taxed market. We must embrace research demonstrating controlled apoptosis in various cancers. You must join me. Prohibition harms everyone.

Further reading:
  1. "Cannabinoids Induce Apoptosis of Pancreatic Tumor Cells via Endoplasmic Reticulum Stress–Related Genes"
  2. "Delta-9-tetrahydrocannabinol inhibits cell cycle progression in human breast cancer cells through Cdc2 regulation"

Comment: Re:U.S. (Score 5, Informative) 451

by ptudor (#38299552) Attached to: Iran Shuts Down US Virtual Embassy
Al-Jazeera is a Qatari network, not Iranian. The difference is quite a gulf.

Functionally, companies in the United States block Al-Jazeera. I challenge you to actually watch their CNN-like feed on your local cable station. The best I can do is their half-hour daily news program broadcast alongside BBC America and (that wretched) RT News on KCET in Los Angeles; today I consider Al-Jazeera's reporting premeir among broadcast television.

We at slashdot all know it's easy to intercept and redirect DNS (unless you're in Sweden, those fine adopters of DNSSEC), or insert in a transparent Squid/whatev with a hosts file, but I'm confident at least they're probably not using Websense, years ago I installed the mod_geoip ruleset to deny access to daily updates for requests originating from embargoed nations.

Last time I was in Syria Facebook was blocked at the port 80 level. But ssh forwarding 3128 worked fine, hopefully no one was etherealing 53. Funny it took Syria three years to finally ban iPhones, I lost a brand-new 3G getting out of a taxi in Damascus... the one time I didn't photograph the license plate of the car I was getting into.

Seeing "Persian" instead of "Farsi" struck me as odd, but I suppose I'm the odd one.

Always leave room to add an explanation if it doesn't work out.

Working...