×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Chrome Feature Helps Shield Websites From DDoS Attacks

Soulskill posted more than 2 years ago | from the anti-slashdotting dept.

Chrome 86

An anonymous reader writes "Google has an interesting idea on how to take the edge off denial of service attacks. The latest developer builds of Chrome 12 have an option called 'http throttling,' which will simply deny a user access to a website once the browser has received error messages from the URL. Chrome will react with a 'back-off interval' that will increase the time between requests to the website. If there are enough Chrome requests flooding a website under attack, this could give webmasters some room to recover from a nasty DDoS attack."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

86 comments

Well... (4, Informative)

The MAZZTer (911996) | more than 2 years ago | (#35857838)

This is just to prevent ACCIDENTAL DoSing. You can turn it off with a command line switch, or simply use another browser or a dedicated DoSing tool.

Re:Well... (5, Insightful)

icebike (68054) | more than 2 years ago | (#35857950)

At best it might help with slashdotted sites.

It does nothing for those sites under a true DOS attack, other than denying legitimate requests to that the DOS attack can continue unimpeded without those pesky legitimate requests sneaking through.

Re:Well... (0)

Anonymous Coward | more than 2 years ago | (#35857990)

Yes it does. Currently high traffic websites can easily sneak in a iframe and users won't even notice they're part of the attack.

Re:Well... (1)

Firehed (942385) | more than 2 years ago | (#35858304)

That's also relatively easy to block on the server side, since all of the requests will have the same referrer. Plus with some framebusting code, you can really screw with the website that's being used as the attack vector.

Re:Well... (1)

Anonymous Coward | more than 2 years ago | (#35858370)

That's also relatively easy to block on the server side, since all of the requests will have the same referrer.

That's assuming your bottleneck is at your webserver, not your network infrastructure/internet pipe.

Re:Well... (0)

Anonymous Coward | more than 2 years ago | (#35858328)

IT might help. It certainly doesn't hurt the target site. But if the attacker has a plentiful botnet it wont make one bit of difference at least as far as the user is concerned he still doesn't get to his website.

Re:Well... (2)

postbigbang (761081) | more than 2 years ago | (#35858574)

It's meaningless. Browsers don't really participate in DDoS attacks; the attacks come from software that uses DNS reflection techniques to saturate TCP and other socket connections until load balancers fail, the servers are saturated, and everything has to time-out.

Protections really don't involve browser back-offs, they relate to parsing source address data, then filtering those out so genuine traffic gets through, rather than traffic that saturates the sockets.

Re:Well... (1)

icebike (68054) | more than 2 years ago | (#35858770)

Protections really don't involve browser back-offs, they relate to parsing source address data, then filtering those out so genuine traffic gets through, rather than traffic that saturates the sockets.

Exactly.

And that can't really be done at EITHER end, (browser or web server), but cries out for a middle-ground approach that can detect DDOS attack signatures and kill them off close to the source rather than forwarding them all to the target's ISP to handle.

The single ping flood is not the issue, and easily killed.

The request that appears once every two minutes from hundreds of thousands or millions of bots is very hard to distinguish from real traffic, other than the bots don't want the traffic either, and usually work some sort of corruption on the request so that it does not clog their own tubes. If the botnet owner does not care about triggering a ton of inbound traffic to each bot they just run a seemingly normal web page request over and over. This increases their chances of being detected by the ISP or the user, but makes it very hard to detect at the target.

Re:Well... (1)

Kagura (843695) | more than 2 years ago | (#35858836)

I'm sorry to anyone who read the summary, and I bet you're sorry, too. You and I are being trolled by a Slashdot editor for comments, even this post...

Re:Well... (0)

Anonymous Coward | more than 2 years ago | (#35858912)

Well, this depends, are they talking about there browser (in which case, yes this would be nothing but a nuisance), or are they talking about sometime of apache like server side software under the name of Chrome? If so, no this is actually a pretty standard technique that should exist in servers these days.

Re:Well... (1)

Dishevel (1105119) | more than 2 years ago | (#35859654)

Well, this depends, are they talking about there browser (in which case, yes this would be nothing but a nuisance), or are they talking about sometime of apache like server side software under the name of Chrome? If so, no this is actually a pretty standard technique that should exist in servers these days.

Where browser?

Re:Well... (1)

Anonymous Coward | more than 2 years ago | (#35858932)

DOS attack

C:\>

Re:Well... (2)

alta (1263) | more than 2 years ago | (#35858448)

He's right... originally there was no way to turn it off until web developers bitched, me included, about how it's slowing down development. The problem was, as a developer i may reload a page often, or make a tweak, reload, etc. Waiting for this to clear was a bitch, so they put in the command line switch for us.

You'd be surprised when tweaking code or css how often you reload a page.

Re:Well... (1)

SQLGuru (980662) | more than 2 years ago | (#35858530)

You can bet I'll be disabling it / using a different browser when Woot throws up a Bag of Crap......

But, yeah, were I being malicious, I'd be running my own code that spins up tons of requests once I find an error, not actually scaling them back.

Re:Well... (1)

Anonymous Coward | more than 2 years ago | (#35859360)

(disclosure: did not rtfa, this is perhaps just bullshit)

Actually, I think the point is that they want to help prevent XSS DDOS: go to a high-volume forum, set a <img src="http://target.example.com/asdf"/> in your signature and wait until your friends' home server dies.

Not how you take down Amazon, but that was never the subject. I think this has a nice, small, but nice, benefit. And no real downsides... I like it. :)

(I used to have a server like this and when somebody hotlinked an image on a busy forum that alone was enough to slow it down to a crawl.. you know, plenty of people host their stuff on little 256kbit up pipes and that is plenty enough for 20/day hits. I like this! :D)

Re:Well... (1)

LordLimecat (1103839) | more than 2 years ago | (#35861036)

This is just to prevent ACCIDENTAL DoSing

Noone in their right mind would attempt an intentional DDOS using a full-blown graphical web browser.

Who DDoSes with a browser? (4, Insightful)

gman003 (1693318) | more than 2 years ago | (#35857874)

Since dedicated DDoS programs like LOIC are readily available, nobody performs actual DDoS attacks with a browser. Hell, ping floods are more effective than a bunch of people pressing refresh too often.

Now, this might reduce the Slashdot Effect, but not a DDoS.

Re:Who DDoSes with a browser? (0)

Anonymous Coward | more than 2 years ago | (#35857984)

Actually a lot of DDoS attacks are performed by simply inserting iframes into a well trafficked site. (this is a favorite strategy of the more technically sophisticated anon)

Re:Who DDoSes with a browser? (4, Interesting)

h4rr4r (612664) | more than 2 years ago | (#35857986)

Judging by the amount of sites slashdot still manages to take down I disagree. Lots of unintentional DDoS still happening these days.

Re:Who DDoSes with a browser? (1)

Anonymous Coward | more than 2 years ago | (#35858884)

That's because /. submitters usually link to their crappy little blogs instead of the original data sources that are often running on proper infrastructure. Slashdot has about 1 tenth the traffic that sights like Digg or Delicio.us have. The "Slashdot Effect" went away years ago...

Re:Who DDoSes with a browser? (0)

Anonymous Coward | more than 2 years ago | (#35862050)

You just contredict yourself.

Re:Who DDoSes with a browser? (1)

chris_7d0h (216090) | more than 2 years ago | (#35862356)

And this helps how?
If a site is overloaded, the service is denied to me. If *my* browser starts to "back off" it exacerbates the problem by increasing the outage I experience.
A site is placed in the net to serve users content and if a user can't access it, then that person is per definition subject to Denial Of Service. A browser constructed with the described mechanism has a defect built in by design.

Re:Who DDoSes with a browser? (1)

icebike (68054) | more than 2 years ago | (#35858040)

nobody performs actual DDoS attacks with a browser.
Now, this might reduce the Slashdot Effect, but not a DDoS.

Exactly.

I seriously doubt Google designed this for what TFA says it does. TFA is too busy raking Google over the coals for not building in Do-Not-Track to even understand why this may be needed by legitimate sites who just happen to get slashdotted due to massive publicity or disasters.

Re:Who DDoSes with a browser? (1)

Sigma 7 (266129) | more than 2 years ago | (#35858546)

People might not use DDoS from a browser, but that doesn't prevent them from being used.

For example, a certain URL redirection service loads a legit site in the iframe, while constantly reloading another site in an invisible frame.

Re:Who DDoSes with a browser? (0)

Anonymous Coward | more than 2 years ago | (#35858746)

And which certain url redirection service might this be?

Re:Who DDoSes with a browser? (1)

TubeSteak (669689) | more than 2 years ago | (#35861168)

Since dedicated DDoS programs like LOIC are readily available, nobody performs actual DDoS attacks with a browser.

DDoS campaigns have been launched by telling people "go to this web page and leaving it open"
The page is just a bunch of iframes reloading the target over and over.

Just because Anonymous can rally the troops with the LOIC,
doesn't mean that's how everyone else (or even anyone else) does it.
Seriously, when was the last time you heard of the LOIC being used by a non-Anonymous group?

"Don't Be Evil" Redux (2)

dmmiller2k (414630) | more than 2 years ago | (#35857892)

Finally, some positive news about Google. Let's see how they muck it up now.

Re:"Don't Be Evil" Redux (1)

blair1q (305137) | more than 2 years ago | (#35858068)

Let's see how they muck it up now.

By overselling the concept.

It's a good way to keep one brand of browser from crapping on a website if something about it runs amok.

But it's going to have almost no measurable effect on the incidence and severity of actual DDoS attacks.

Re:"Don't Be Evil" Redux (1)

sunderland56 (621843) | more than 2 years ago | (#35858492)

Let's see how they muck it up now.

By overselling the concept.

They already mucked it up by putting it in the wrong place. This would be a smart thing to build into Apache (or other web *server*) but pretty pointless to put in a web *browser*.

Re:"Don't Be Evil" Redux (2)

blair1q (305137) | more than 2 years ago | (#35858652)

The web server is way too high up the stack, and having it do the work is how the DDoS wants to hamstring you anyway.

I was thinking that it should be distributed.

See, in order to block incoming traffic, you have to accept the connection at the lower layers so you can decode it to determine that it's from the offending IP address. DoS long ago devolved to just doing SYN floods, since it's impossible to stop a SYN because you don't look at its contents before it's tied up your hardware almost as much as it can. A few thousand of those per second and you're not doing any business with anyone.

So you tell your router block(src, dest). But that just makes your router the bottleneck. You need to push it out to all the routers that feed your router, and so on.

And you need to do it for all the src addresses.

So, in a world where all routers can handle blocks of this sort, the blocks propagate outward to the nodes and it's their routers blocking any traffic to your dest address, and the D in DDoS is no longer a problem.

Re:"Don't Be Evil" Redux (0)

Anonymous Coward | more than 2 years ago | (#35865702)

Of course, that would open up the possibility of faking the src address and thereby blocking someone's IP in all routers at once (once the propagation reached them).

Re:"Don't Be Evil" Redux (0)

Anonymous Coward | more than 2 years ago | (#35858098)

Grow up.

DOS maybe, but won't help for DDOS (1)

GillyGuthrie (1515855) | more than 2 years ago | (#35857920)

Distributed means from many sources. Attacks of this nature will not be affected by Chrome's mechanism. Chrome's feature will only prevent repeated requests from the same user. DOS attacks are blunted, not DDOS.

Re:DOS maybe, but won't help for DDOS (1)

Abstrackt (609015) | more than 2 years ago | (#35858106)

Many people run Chrome, right? It might not make much of a difference if a small percentage of a website's users are running Chrome but I wouldn't be surprised to see the other major browsers implement something similar.

Re:DOS maybe, but won't help for DDOS (2)

sorak (246725) | more than 2 years ago | (#35858344)

Many people run Chrome, right? It might not make much of a difference if a small percentage of a website's users are running Chrome but I wouldn't be surprised to see the other major browsers implement something similar.

I was thinking something similar. If Google could somehow convince Joe Sixpack that Firefox and IE are missing some valuable DDoS protection feature, then it would eventually be added to other browsers.

Firewalls/routers & SynAttackProtect... apk (-1)

Anonymous Coward | more than 2 years ago | (#35860560)

I don't know about you guys, but I have had to "stave off" DDOS attacks before, & I had to do so (perhaps NOT "the best way" (is there such a thing vs. DDOS?))... & it was HELL!

I had to keep adding rules & ENTIRE RANGES (blocks of them) to 'keep out' rather than try to stall each connection, individually.

Something called "egress filtering" is another avenue also. You do that @ your "edge routers", & it filters off INSIDE units, vs. outside ones. It's much like doing a software OR ROUTER firewall rule, imo @ least (but not ALL routers do this afaik either)!

ANYWAYS/ANYHOW - THIS IS WHY I HATE FRIGGIN MALWARE, BOTNETS, &/or DOS & DDOS TOOLS (& botnets/malware that can do them as well)... this form of attack? VERY hard to stop, especially if DDOS vs. DOS.

APK

P.S.=> For those interested? Per my subject-line above, Windows has a TCP/IP parameter that helps, some vs. DOS/DDOS attacks:

SynAttackProtect:

http://technet.microsoft.com/en-us/library/cc938202.aspx [microsoft.com]

apk

To the "hero" that downmodded me... apk (0)

Anonymous Coward | more than 2 years ago | (#35869784)

Why was my post down moderated for? I'd like to see a technical fault (computing-wise) that I must have made in my post, for you to justify down modding my post...

APK

P.S.=> Now, lastly: Do I expect the coward who did it to actually APPEAR, & more importantly, technically justify his downward moderation on computing-based technical grounds? No - they NEVER do! These "heroes" just "hit & run downmod" because apparently, that's the "best they've got"... cowards! apk

WTF? (0)

Anonymous Coward | more than 2 years ago | (#35857924)

How does this stop DDoS attacks? I don't really know of any DDoS attacks where the attackers use a fucking browser for their attack, and if that is ever the case, I would imagine those (really half assed) DDoSers will simply choose to use a browser that does not throttle them. Where this could be useful is for a site that got slashdotted or something similar, but only to a very limited degree, since the problem there is the thousands of different users not thousands of requests coming per user. Really would only stop the impatient people who just click the same damn link over and over waiting for it to load.

Re:WTF? (2)

$RANDOMLUSER (804576) | more than 2 years ago | (#35857980)

What are you talking about? I always do my DDos attacks by repeatedly clicking the "reload" button on my browser. You never know when those GIFs in the browser cache are going to change.

Re:going to change (1)

TaoPhoenix (980487) | more than 2 years ago | (#35858764)

What if we DDOS the Russian Goatse copy that the recent crew of trolls is using? Maybe those links will start showing Unavailable instead?

(Question for the Philosophy majors - what are the ethics of hacking a troll?)

Re:going to change (0)

Anonymous Coward | more than 2 years ago | (#35860612)

I don't know about the ethics, but I do know I'm not going to repeatedly click 'reload' on goatse...

Re:going to change (1)

TaoPhoenix (980487) | more than 2 years ago | (#35865212)

You're just an AC, so you might not see this, but I'm working on some really wild counter-troll concepts. My original post meant a LOIC style event though.

Re:WTF? (0)

Anonymous Coward | more than 2 years ago | (#35858768)

Don't think of it as stopping DDOS attacks; think of it as slightly reducing the load on sites that are undergoing DDOS attacks, making the attacks slightly less effective. It's minor, but it is an improvement... moreso if other browsers follow suite.

Great idea, but (0, Interesting)

Anonymous Coward | more than 2 years ago | (#35857938)

when using Chrome for web development, having the browser throttle your refreshes get very annoying very quickly. Being able to whitelist certain domains, like localhost, would be great.

Re:Great idea, but (2)

Corse32 (682019) | more than 2 years ago | (#35858172)

When you're trying to fix a 500 error caused by a script? Are you already getting this problem? I hadn't noticed anything when testing with Chrome...

Just a small part of the problem (2)

Drakkenmensch (1255800) | more than 2 years ago | (#35857942)

Do botnets even use browser attacks anymore? I was under the impression that most of these attacks were done with direct PING requests.

Re:Just a small part of the problem (1)

$RANDOMLUSER (804576) | more than 2 years ago | (#35858518)

No. A ping request only requires the server you're attacking to send a small packet back. For a DoS attack, you want to make the victim send a lot of bytes back to you, so a small script that repeatedly asks for a whole page, especially images, is the better way to go.

<disclaimer.h>
Or so I've heard...

Re:Just a small part of the problem (4, Informative)

BitZtream (692029) | more than 2 years ago | (#35858558)

No, you don't use ICMP echo requests (and most other forms of ICMP), its too easy to filter upstream since it can safely be ruled out of the normal flow of traffic.

While many ICMP packets are indeed useful and blocking ICMP in general is a really retarded thing that some less than clueful people like to do on firewalls (seen often here on slashdot) it will in general not screw proper traffic up too much if you block ICMP echo requests/replies upstream during a DDoS.

If you want to do a proper DDoS, you have to make the traffic look like legitimate traffic so its indistinguishable from traffic the site actually wants so they can't easily block it.

If you just try to ping -f me, I'll just call my upstream and tell them whats going on and ask them to drop it upstream to my address space until further notice.

UDP dns queries are a good one to use as they can be spoofed and are pretty much impossible to block to a legitimate DNS server. TCP based connections like an HTTP request are more effective in the sense of the amount of traffic generated but are effectively unspoofable if you want to actually do more than a syn flood. If you can't spoof them then you become traceable and can be blocked since you're going to come from a specific address for each request, which can then be filtered, even if its a DDoS. Building a table of IPs to blackhole doesn't take long in most cases and can be pretty effective assuming your upstream firewalls/routers can handle the size of the blacklist, which may not be all that easy depending on the size and load of your upstream routers, but still far easier than dealing with a flood of legitimate looking UDP packets.

I haven't seen an effective ping flood since 1998-99 on any thing but some little tiny sites that simply don't know what they are doing.

As a Haxx0r, this worries me (4, Funny)

gazbo (517111) | more than 2 years ago | (#35857954)

When I launch DDoS attacks, I always VNC into my 300,000 zombies, load Chrome, and type the target's address into the URL bar of each one. This new feature will cripple me :(((((((

On an unrelated note, I must remember to buy a replacement for my worn-out F5 key.

Re:As a Haxx0r, this worries me (2)

h4rr4r (612664) | more than 2 years ago | (#35858014)

Do what I do, once F5 wears out map it to other F-keys. That way you can use up all 12 of them before you have to get another keyboard.

Re:As a Haxx0r, this worries me (0)

Anonymous Coward | more than 2 years ago | (#35861518)

I want to mod this comment up to 6! So funny! :)))))))

Wow... (0)

Anonymous Coward | more than 2 years ago | (#35857988)

Just wow... What about people with a bad, high latency, connections that randomly time out? Yes those things still exist in this day and age google, and they're actually still rather common, even YOUR pages time out sometimes.

This is similar to what I do. (5, Insightful)

blair1q (305137) | more than 2 years ago | (#35858008)

I have an interesting way to stop muggers. I just don't mug anyone.

Wait...

Re:This is similar to what I do. (0)

Anonymous Coward | more than 2 years ago | (#35859662)

nah, nah.... what we've got to do is sell guns loaded with blanks! then when the muggers shoot at us we'll have a chance to get away!

Re:This is similar to what I do. (1)

Talennor (612270) | more than 2 years ago | (#35860782)

And yet, by being more polite in public, you can demonstrate you are not a mugger, and we can better identify and deal with actual muggers.

So while Chrome was not previously DDoSing servers, this action (that is more polite than just not DDoSing things), helps everybody out. Neat, eh?

So, when someone nuclear bombs a website... (4, Funny)

webbiedave (1631473) | more than 2 years ago | (#35858032)

... Chrome promises to throw less stones?

Re:So, when someone nuclear bombs a website... (1)

Compaqt (1758360) | more than 2 years ago | (#35858292)

What I'd like to know is:

If the site is so overloaded that it can't return a response, how can Chrome get the error message from the site?

pointless and frustrating (1)

ses4j (307318) | more than 2 years ago | (#35858182)

I personally hate this 'feature'. I don't understand what it defends against, because someone hitting refresh a few times in a browser is hardly a serious DoS attack. And it got in the way of me (and many others) the first time they rolled it out because the "DoS" it was defending against was me hitting my local test webserver which was returning a 500 because the page code was broken.

Aw man (1)

cforciea (1926392) | more than 2 years ago | (#35858564)

Now I have to re-write my malware to some use other browser that may or may not be installed on the machine like Firefox.

Still contains Google and Adobe spyware though. (0)

Anonymous Coward | more than 2 years ago | (#35858684)

Google is evil now, they sold their souls to Adobe and their slimy flash plug-in and advertisers who force you to watch intrusive flash ads just so you can watch your keyboard cat videos or play farming "games". I have been flash free for nine months since getting my iPad and I don't use flash on my PC either.

Google will DDoS your wallet, and laugh all the way to the bank.

Why anti-Anonymous? Google is "don't be evil"??? (0)

DNS-and-BIND (461968) | more than 2 years ago | (#35858820)

What the hell? When Anonymous fires the low-orbit ion cannon, it comes down hard on evildoers. Why the fuck is Google on the other side of the fence now? I thought their motto is "don't be evil"? Why isn't Google offering LOIC as a feature in Chrome?

Pointless (0)

Anonymous Coward | more than 2 years ago | (#35858856)

If you're to a point where the servers spitting out errors, you've already lost the battle.

That being said during an actual DoS attack, the server doesn't respond, hence Denial of Service.

I'll stick to furiously hitting F5 in Firefox...

version justification (-1, Troll)

lostmongoose (1094523) | more than 2 years ago | (#35858930)

Is this another bullet point so Google can help justify the bloated version number by saying "Look! We did something no one else has done! No, we don't care that it's actually useless and that's why no one else has done it!"?

In Other News... (0)

Kamiza Ikioi (893310) | more than 2 years ago | (#35859692)

... the Iranian military is upset with Google for possibly affecting their protester jamming systems which run Chrome OS. They have called it a "Zionist plot against Islam."

Why? (0)

Anonymous Coward | more than 2 years ago | (#35861094)

You dont use chrome for a DDoS attack.

I can think of at least one useful use-case (1)

somepunk (720296) | more than 2 years ago | (#35861530)

It's hard to see this being much of an impact, even for stressed sites with a lot of Chrome users; people don't usually sit there mashing the refresh button when their page won't load. Most folk will actually implement their own"back-off" feature, Sure, there are outliers, but this is a game of big numbers and average statistics.

Where this can help is with automated page loading. Your saved session has twenty tabs with pages from a single site? That's all loaded at once, in parallel in the browsers I know about. I imagine it can be a considerable load in some cases.

This feature isn't new ... (1)

GNUALMAFUERTE (697061) | more than 2 years ago | (#35862564)

And it's not a feature, it's a bug. It's been in chrome for a while now, suddenly popped up overnight, and made life more complex to all developers. Do you have any idea of how hard it is to test a webapp if you can only get an error message once?

It's a real piece of shit. I found a way to disable it, but it still pisses me off that google suddenly decided to implement such a stupid feature overnight, without warning, and without informing users of a way to disable it.

This kind of protection should be implemented server-side. Relying in any way on the client is just braindead.

Re:This feature isn't new ... (1)

mobets (101759) | more than 2 years ago | (#35863506)

Someone else posted a link to the bug report on this. It looks like the feature was disabled at the end of January. Why are you still so angry about it? It appears they have taken all the previous complaints into account for this new release.

Re:This feature isn't new ... (0)

Anonymous Coward | more than 2 years ago | (#35864638)

Angry web monkey...

Old news (0)

Anonymous Coward | more than 2 years ago | (#35864292)

If I remember in IE4 hitting refresh three or four times rapidly caused the browser to automatically stop. Microsoft was so ahead of Google on this one.

This is not a new feature (0)

Anonymous Coward | more than 2 years ago | (#35867124)

OK. This "feature" as already existed for quite some time. What's been added to chrome is an option to alter/turn it off.

The fact that it wasn't optional until now was a thorn in the side of many web developers, myself included, as illustrated by the bug report here http://code.google.com/p/chromium/issues/detail?id=66062

Yet another misleading /. summary.

Gee thanks! (1)

existone (1542071) | more than 2 years ago | (#35872194)

Now I will NEVER be able to get my bag of crap from woot using Chrome. Thanks for ensuring that... hah.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...