Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:fucking hell that's horrendous (Score 1) 153

I disagree; they received anonymized cell tower data showing which phones had pinged off of a particular tower between certain hours. I'm okay with this, just as I am okay with them having access to the entire DMV database that the public does not have access to.

I think, however, that I would be more comfortable with the police not receiving a list of numbers. I would feel more comfortable with the police having to pay the carrier to send a specific, one-time SMS to all the numbers that matched their specific criteria. The police don't need the numbers, they just need to get a targeted message out.

I think that would serve to protect the rights of private citizens while balancing the investigative efforts of the police in a technical matter.

Submission + - Netflix blocking Canadians who are NOT using a VPN/proxy/unblocker 1

kwzombie writes: http://www.adventuresinleanit....

For a couple of days my wife has been complaining Netflix hasn’t been working on our Nvidia Shield TV device (which I LOVE, by the way). So last night after she is going through full-on House-of-Cards withdrawal, I verify on the devices in our home that we are indeed being blocked because Netflix’ system claims we are using a proxy.

Backgrounder: as most of you know, I work in IT, as some of you may not: I started one of Ontario’s first Internet Service Providers in the mid 90s. I know a thing or two about the Internet, networking, proxies, VPNs, etc.

I phoned their support. They seem like nice folks but they are woefully underequipped to deal with and troubleshoot what happened to me. And they aren’t straightforward with any answers from a technical perspective. Although, the “supervisor” told me he was “Netflix certified” (congratulations by the way, I’m sure that will work out great on your resume). I was explaining that my wife was pretty p’d off, they had me try to stream on another device, and after it too said it was blocked they concluded without a doubt I was using a proxy. “Or my ISP was”. Huh? At this point, I’m furious and tell them to cancel the service. If Netflix is going to go all commando and start indiscriminately blocking people with no way to resolve “false positives” then it is a company I no longer want to deal with, there are alternatives.

So in postmortem I’m trying to decide what exactly had me flagged as using a proxy..

1) I’m using a static IP from my Internet service provider, the whois data shows that it is a Toronto registered IP range. However, it is a small ISP provider. The Netflix support bros balked at my suggestion it could be an IP address misclassification, and told me if it was I had no avenue to resolve this “except through my ISP”.

2) I know my ISP very well, in fact, I have admin access to the Ciscos they use for their L2TP tunnel termination from Bell Canada’s AGAS system (for providing DSL local loop access), and I’ve helped them re-implement their authentication system. I also know the datacentre they are located in at 151 Front Street, and the provider they use, and they are most definitely NOT using a proxy or any other kind of method to falsify the geographic location of their customers.

3) I DO have a VPN at home for my day job (I work from home) – however, it is behind a NAT firewall and only two devices are plugged into it: my work laptop, and my Cisco VoIP phone, and it has no wireless.

4) And this one is interesting, maybe. The reason I have a static IP address from my ISP is for an IPSEC tunnel to a nearby datacentre where I have a bunch of servers colocated. The tunnel provides me with connectivity to my private network at the site for management, and also to do things like offsite backups.

So there are two possibilities here (neither of which I can seem to put forward to them because they don’t appear to have a publicly listed email support address, and their phone support people are very ignorant, clearly). Possibility A) is that they have misclassified the IP address as a “colo IP” – since that’s where proxy services usually put their hardware, or possibility B) they run NMAP or some other scanner against the IPs their users connect from and look for VPN ports. In this case, it is probably that isakmp Port 500 UDP shows up on my static IP address.

In either case, to avoid false positives it would be prudent on their end to check to see how many UNIQUE users are authenticating from the same IP address. A lot? Yes, then it’s probably either a massive wifi hotspot with a lot of people using Netflix, or a proxy. We use one account here, maybe two if my daughter is visiting.

Feel free to comment below, and if any media wish to reach out to me for a demonstration or additional evidence, feel free. In my opinion it is fraud to cut someone off of a service they are in no way misusing by way of a baseless accusation that they will not provide an avenue of resolution for, and a service for which I’ve already paid up to May 5. I guess they are so big now they just feel they are beyond reproach. Time for them to be disrupted by someone else I guess.

Comment Re:My opinion on the matter. (Score 1) 826

I'm sure I'm feeding a troll now, your post seems intent on twisting things around in order to make your convoluted point.

The whole "under 1024 is safe" is generally regarded for connecting *to* ports under 1024, not receiving connections from them. Yes, some services (NFS in particular) want to trust incoming connections from 1024 but they're in the minority. The most common case is trusting a service listening on ports less than 1024 as being set up by the admin and not some random user. But you knew this.

You also know that if you've got admin access, you *are* root. This also is not news, but you seem to feel that I'm concerned that you can sudo from your own system and make it look like you're trustworthy on my network. If I was so inclined as to trust port numbers alone (and for the record, I don't trust incoming port numbers at all), you can bet I'd also be whitelisting IPs and MACs at the switch level (i.e. locking MACs to physical switch ports) and have alerting whenever a non-sanctioned connection was made.

That would be, however, a very special network topology and not something I'd personally admin. Nice straw man, though.

Comment Re:My opinion on the matter. (Score 1) 826

Wait: ejabberd wants my http and https ports in addition to running jabber on 5222? no thanks. It sounds like ejabberd breaks the entire UNIX concept as well. Give me some CGIs to run through my own damn httpd instead of inventing another one and get on with the business of running jabberd.

I know you didn't write it, but jeez... why not include a telnetd or sshd in the binary as well?

Comment Re: My opinion on the matter. (Score 1) 826

No, I'm serious, ask "why does this have to be the way it is" other than inertia? The age of booting a tiny root disk and attaching /usr from a network are long, long gone.

No, no they're not.

Thin clients and network booting are still very much alive and well. Test systems are largely virtualized now, but network booting still has its place in homogenous networks or office/classroom settings where you want a unified filesystem layout. A common /usr is an easy way to do this.

I don't know much about systemd at all, but I do recognize how bad an idea it is to make such huge changes quickly and without much apparent thought at being able to continue to do the things that could have easily been done before.

Comment Re:Redmine (Score 1) 170

I've set up my entire business around Redmine. There are some pretty impressive plugins to handle blogs, CMS, CRM and even a WYSIWIG editor to help "normal" people format tables, lists and text but who would normally be put off by trying to learn Textile. SCM and issue tracking is integrated, there are time trackers and forums, GANTT charting... it's a great resource.

Best of all, it's database agnostic and open-source.

Submission + - The Streisand Effect: A Florida journalist's smear and censor campaign backfires (popehat.com) 2

An anonymous reader writes: A tragic death, freedom of speech, libel, defamation, legal threats, unethical journalism, reddit's /r/bicycling, and The Streisand effect. A South Florida "journalist" is called out for running a smear story, doubles down on his position, publicly attacks commenters and reddit, and threatens legal action when a disturbing conflict of interest is exposed.

Comment Re:potentially worth... (Score 2, Insightful) 361

Microsoft Office may be a lot of things, but comparing it to LibreOffice/OpenOffice and calling MS Office crap in comparison is ridiculous. I actually ended up buying MS Office (for my mac) because Open/LibreOffice is so shit. I've tried to love it for a long, long time, but it's slow, it's bloated, it's buggy as hell and I just got tired of trying to overlook its blemishes.

MS Office's blemishes are much more bearable, in my opinion. The price isn't cheap but not having to screw around and waste my time is worth something, too.

Comment Re:Security by stupidity? (Score 1) 141

I've lived in the industrial controls world for quite a while before striking it out on my own... "real-time global data reporting" doesn't require a world-accessible control interface, or even an open internet connection. It's much simpler than you're making it out to be. Hell a basic VPN connection back to HQ that puts the remote sites on the corp LAN (where all the data aggregation can take place and be accessed for "dashboards" and whatnot) would be a major step up.

Comment Re:What about the iPhone... (Score 1) 349

There is also ZERO LAG for pressing the software button for answering the phone. You should have bought a faster device I guess.

I've owned a 3G, 3GS and 4; wife has a 4S. There is absolutely lag in the soft answer button from time to time. I am not sure what background task is causing it, and while it's true that it's nonexistent on a factory-fresh, no-apps-installed phone, that's not a realistic use case.

Comment Re:lamest name ever (Score 1) 318

Please just install Ubuntu 12.04. If you're a developer or power user, you'll like it.

Ubuntu in 12.04? No thanks. The last Ubuntu I took seriously was 11.04, and if I recall I started using Ubuntu in the 7.x or 8.x release cycle. I still have a couple of those 11.04 systems going. The rest have gone to Debian+XFCE. It seems with every new release of Ubuntu takes their desktop one step closer to a Fischer-Price toy, and I just got sick of it.

Yes, I can install Xubuntu (I was actually running Kubuntu for a number of releases until I finally gave up on KDE doing something serious about being a stable and well-connected desktop, and I've been a KDE fan since the early 3.x releases). Yes, I can tweak the shit out of everything and reclaim some sanity. Instead, I just install Debian and put up with some of its idiosyncrasies. At least I have a system that is constantly making me want to throw the keyboard through the screen.

I moved from Slackware (0.9something to 12) to Ubuntu, and now to Debian. Ubuntu was great; it was really, really great. I don't feel that way anymore. They seem to be chasing buzz and trying to out-slick everyone instead of focusing on a usable and useful desktop experience.

Slashdot Top Deals

You will be successful in your work.

Working...