Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Re:Bad for Biz (Score 1) 700

by ptudor (#48209647) Attached to: FTDI Reportedly Bricking Devices Using Competitors' Chips.
Amen. I just received a handful of FT323RLs in the mail today from Mouser. It costs 5x as much as a Chinese import, but this certainly isn't the first time FTDI has used driver updates to protect their technology, it's just the first time (that I know of) they've actively disabled chips. But if FT-Prog can fix them, great.

Anyway, there are cheaper alternatives, I'm growing fond of the WCH CH340/341 series for being a tenth of the price of an FT232. But it requires driver installation, whereas MacOS just works with FT232s.

I mean, I even address that in eBay listings for products built on CH340s ("this is $4 cheaper because you have to install drivers, and it's known to not be counterfeit") and in my products using the FT232RL ("It costs more, but you just want it to work, right?"). Like my USB GPS adapter.

Comment: Legal protection, and reality (Score 5, Interesting) 286

by ptudor (#47335075) Attached to: What To Do If Police Try To Search Your Phone Without a Warrant
Most people involved in a pre-textual motor vehicle stop and issued a warning for a trivial non-offense won't know to say the magic words that begin their legal defense: "Am I free to go? Why am I being detained?" and when the polite officer says, "Well, I'm sure you've got nothing to hide, let me search your vehicle, and no matter what I'll make sure you're on your way quickly," many quickly hope compliance is their best option in the short-term.

So they say, "Yeah, go ahead," instead of the alternative, "I do not consent to search and invoke all protections afforded me by the Constitution; while I am cooperating within those constraints, please advise me promptly when I am free to go."

You'll get searched anyway, whether it's your phone or your car. You might get arrested anyway. But having invoked your rights instead of freely waiving your rights gives the defendant ample opportunity to assert their innocence in court without having already accidentally proven their guilt without the benefit of counsel.

I expect most people, despite the Supreme Court ruling, will find their phones searched anyway; consider stop-and-frisk in New York City. Please set a passcode on your device, preferably alphanumeric instead of a simple PIN, and avoid interacting with law enforcement, they have better things to do than read a neckbeard hacker's text messages to his mom about picking up more Mountain Dew at the store.

(Nevermind Border Patrol checkpoints in the US or Customs/Immigration interviews...)


Comment: Alternatives... (Score 2, Informative) 119

by ptudor (#46004395) Attached to: Nagios-Plugins Web Site Taken Over By Nagios

After having the good fortune to spend a few weeks testing everything free, I've got to spend a minute evangelizing for Zabbix.

It took me a week to understand the concepts, but the clone button and templates make Zabbix my favorite tool. The local Zabbix agent on each host gives detailed metrics and the screens of graphs are great.

Check out the appaloosa-zabbix-templates for more MySQL and Memcache charts than you ever thought might work out of the box.

Zabbix is ridiculously powerful, from auto discovery on subnets, to simple ping and snmp, up through more advanced tools.

Comment: Re:Even good ciphers are mostly useless (Score 2) 123

by ptudor (#45905113) Attached to: Security Expert: Yahoo's Email Encryption Needs Work

I'd add a #4, or #2a, Man-In-The-Middle the certificate. Diginotar's compromise, never the huge bundle of trusted certificates in every browser/OS, makes it easy. Whatever an enterprise can do with GPOs and Websense can happen in the wild too. (I kinda prefer self-signed certificates anymore.)

Overall I agree, but I still cry out in pain when I see people choosing to use 3DES and disable PFS.

Comment: Progress. (Score 5, Interesting) 123

by ptudor (#45904879) Attached to: Security Expert: Yahoo's Email Encryption Needs Work

It's important to remember that only a year ago RC4 was a recommended solution and TLS1.2 support in browsers like Firefox and older operating systems has been slow to arrive. So I look at this as an important first step, with progressive refinements sure to follow. In the same way that Facebook introduced https in response to Tunisia and slowly made it an option for all users before making it default, Yahoo, while slow in adopting a model of default security, has to walk similar steps. They may have had an SSL-beta-option for the last year, but given their AOL-Like user base, I can understand being conservative in adopting new methods and being liberal in the ciphers they provide. Someone using Chrome in Mavericks may expect support for SPDY3 with AES-GCM, but for a user base that may be using IE6 or FF3 on XP still, for a company that caters to people who will never know what GCM or SHA2 is it best to avoid the headline, "Yahoo Mail is Broken for tens of thousands of users." They'll get there. Thanks for trying, Yahoo.

Now, can someone at Microsoft turn on STARTTLS? For that matter, I wish NANOG would turn on STARTTLS for inbound connections.

Also, IPv6... please... IPv6...

The Courts

Twitter Sued For $50M For Refusing To Identify Anti-Semitic Users 335

Posted by Soulskill
from the feeding-the-trolls dept.
redletterdave writes "After a French civil court ruled on Jan. 24 that Twitter must identify anyone who broke France's hate speech laws, Twitter has since refused to identify the users behind a handful of hateful and anti-Semitic messages, resulting in a $50 million lawsuit. Twitter argues it only needs to comply with U.S. laws and is thus protected by the full scope of the First Amendment and its free speech privileges, but France believes its Internet users should be subject to the country's tighter laws against racist and hateful forms of expression."

Comment: Sweden Innovates (Score 4, Informative) 313

So, there's OpenDNSSEC to automate deployments; I strongly suggest spending the time to watch the .SE NIC's nine-part training videos from 2010 at Youtube to improve one's understanding:

Some respected members of our community dismiss DNSSEC. This video of DJB presents an opinion: DJB at 27C3

Comment: End Prohibition Now (Score 1) 578

by ptudor (#39373631) Attached to: George "geohot" Hotz Arrested In Texas For Posession of Marijuana
Eighty years ago, alcohol was unconstitutional. Temperance unions succeeded in making dry counties a dry country and organized crime profited. Cannabis had not yet been vilified in place of beer.

Today, Budweiser advertisements can occupy an entire subway car on the New York MTA while the NYPD ensures >85% of those arrested for simple possession in both 2010 and 2011 are black or brown. What wasted resources! What an undue burden on citizens!

We must end the prohibition of cannabis. We must return justice to our courts. We must turn a black market into a taxed market. We must embrace research demonstrating controlled apoptosis in various cancers. You must join me. Prohibition harms everyone.

Further reading:
  1. "Cannabinoids Induce Apoptosis of Pancreatic Tumor Cells via Endoplasmic Reticulum Stress–Related Genes"
  2. "Delta-9-tetrahydrocannabinol inhibits cell cycle progression in human breast cancer cells through Cdc2 regulation"

Matter will be damaged in direct proportion to its value.