Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Firewalls Make DDoS Attacks Worse

fwr Re:Best be a Coward for 5 minutes........ (217 comments)

A successful DDOS attack makes actual, valid, requests to the victim host. If it is a web browser, then it makes actual HTTP requests, possibly to the home page, possibly taking a random URL off that home page, in the same domain, and crawling the web site. Simply replying with an Ack isn't going to do squat. There are services out there that can scrub the requests for you. I'm not going to mention the name of the company, but you can research it if you want. Basically, once you sign up traffic normally goes to your site. However, if you are attacked they can use BGP to make your traffic go through their systems, and they scrub the traffic using proprietary methods, and only send clean non-DDOS traffic to your site. There are other things you can do also, if you have the right gear. You can inject a HTTP cookie if you get more than x requests from a particular IP address within y seconds, and then any future requests may get dropped (if you have a complying web browser or HTTP stack on the other end). Or, you can just keep a list of IP's that appear to be infected and drop the traffic if it is from those IP addresses. That's what is behind Cisco's and TippingPoint's, and just about any other decent IPS vendor's "reputation services" or whatever they brand it as. There is a lot you can attempt to do about DDOS, but "simply replying with an Ack" isn't a good one.

more than 3 years ago
top

Bufferbloat — the Submarine That's Sinking the Net

fwr Re:Definition, please (525 comments)

I'd say it is more of a problem of incorrectly configured QoS, or hardware with insufficient QoS capabilities, rather than large buffers. Obviously they are not using WRED or other methods, or the thresholds per queue are set too high to activate WRED or other packet drop mechanisms. This results in the buffers always being near 100% full, during periods of congestion. There are a slew of QoS capabilities on different hardware from different manufacturers, and even from the same manufacturer. Cisco, for example, has different QoS capabilities on almost every different piece of hardware they sell. So, you have to be fairly diligent that you are configuring QoS correctly on each individual piece of equipment, many of which will have very different capabilities, to be able to ensure an overall QoS strategy for the whole network.

However, this proper functioning of QoS is, as anyone who really knows QoS, dependent on the proper configuration on every node in the network. If you are talking VoIP, for instance, just one improperly configured node, or even a single link on a node, can break QoS on the entire network (or at least flows going through that node/link). Since most cheap home equipment does not have configurable QoS settings, or at least not to the extend that Internet infrastructure devices do, they may well be part of the problem.

However, as far as the Internet infrastructure devices, if Comcast, or any other ISP, is suffering from "buffer-bloat" on their equipment I'd blame them for not configuring QoS appropriately.

more than 3 years ago
top

'Anonymous' WikiLeaks Proponents Not So Anonymous

fwr Re:No shit, sherlock? (390 comments)

You don't really know what you are talking about, do you? Tail bits? That's going to get you around egress filtering? Also, as pointed out by others, ISP's do ingress filtering, not egress. Egress filtering is what companies that have their own firewalls and/or routers are encouraged to do, but the ISP should be doing ingress filtering also.

more than 3 years ago
top

Making Airport Scanners Less Objectionable

fwr Re:Deadlier than the terrorists (681 comments)

Absolutely correct. One of my brothers reached his lifetime limit, and can no longer work in nuclear power plants. It doesn't matter that he could request to avoid "hot" jobs, he just plain simply can't work in an areas where radiation is known to be present.

more than 3 years ago
top

Microsoft Open Sources F#

fwr Re:/. snottery (212 comments)

Oh come on. Not speaking for anyone else or any particular comment, I'd guess 90% of the snotty responses are in jest. One thing we do know, is that snotty responses get the attention of MS, and upset them. So, even if MS does something worthy of praise, the amount of praise would likely never exceed 10-30% of total comments, just because we like poking MS.

There is also the "once bitten twice shy" syndrome. MS has such a horrible past that even when they do something worth of praise it is very difficult to trust that there is not some hidden scheme with ulterior motives. So please understand forgive if us /. snots continue to have fun at the expense of MS.

more than 3 years ago
top

Countering a DMCA Takedown In the Magnet Wars

fwr Re:Can Zen Magnets sue? (475 comments)

With the usual caveat of IANAL, I don't believe the voicemail is the property of Buckyballs. They left the voice mail, but they left it on someone else's voice mail system. The recording is owned by the receiver of the message, not the sender. Now if the message were recorded on a tape, CD, or some other device, and the device was sent to the recipient, I suppose an argument could be made that the original recording is copyright Buckyballs, but not a traditional voice mail. There is probably relevant case law on the matter, but again IANAL. As far as the images, that all depends on where they were obtained from. Many, if not most, social networking sites, which I'm assuming these were grabbed from, explicitly state in their terms that you give up copyright on anything that you post. So even the images may, in fact, be non-infringing. So, there are really two issues here. One issue is the original complain in the voice mail, which I don't believe BuckyBalls has a leg to stand on in court. The second issue is the use of copyrighted material (the voice mail and the images of the BuckBalls guy acting like an idiot), which BuckyBalls may or may not have a valid claim on. Don't confuse the comparison of the products with the DCMA take down notice. Cheers!

more than 2 years ago
top

Ballmer, Bezos Fund Effort To Undermine Bill Gates

fwr Re:Seattle COL (866 comments)

Yes, he's entitled to the money he makes. Others are not. Speaking of a warped sense of entitlement!

more than 3 years ago
top

Hubble In Anaglyph Stereo 3D

fwr And you are funded by whom? (114 comments)

If you are funded by the US government, then I would say no, don't waste any more of your time our our money on this. If you are privately funded, then sure, go ahead.

more than 3 years ago
top

Wi-Fi WPA2 Vulnerability Found

fwr Re:so, not a hole (213 comments)

Sigh. Understand the protocol before commenting, or at least RTFA. There IS an individual key per user. But, there is also a shared key used for broadcast traffic. The problem is that the shared key is not authenticated, so a user who knows the shared key (i.e., anyone with access to the wireless network), can use the shared key to spoof the AP and send messages to other users, and force them to give up or change their unique per-user keys. A "fix" would be getting rid of the shared key for broadcast, but that would require the AP to send a separate "broadcast" packet to each user individually, using their unique per-user key, instead of just one packet.

more than 3 years ago
top

Wi-Fi WPA2 Vulnerability Found

fwr Re:I don't understand how it could be possible... (213 comments)

There is an out-of-band key exchange. It is called a trusted certificate. You know, just like how HTTPS works. This is for WPA2 Enterprise, of which there are many different EAP methods possible, but for which most do include an out of band key exchange (i.e., certificates, or EAP-FAST PAK). In any case, there's also the old DH key exchange, which worked fine for IPsec for years.

more than 3 years ago
top

Methane-Trapping Ice May Have Triggered Gulf Spill

fwr Re:probably a bit ignorant here (341 comments)

The amazing thing is, if we allowed ocean drilling much closer to shore we wouldn't have these problems. One, the depth would not be so great that the pressure created these methane and ice / sludge pockets. Two, a leak, if one were to occur, would be much easier to contain. You could actually send someone down to fix the problem if it were close enough to the shore. You are not sending someone down under 5000 feet of water... So, ironically, it is the wacko environmentalists that are to blame for this situation. Their answer? Either don't drill at all, or if you do, drill even further out, where the problems are even greater. Yea, that makes a lot of sense...

more than 4 years ago
top

iPad UK Pricing Confirmed; Apple UK Tax Applied

fwr Re:But your U.S. prices do not include tax (248 comments)

I think you are confusing the effort by some states to require companies to collect the use tax, and the requirement to pay the use tax in the first place. As far as I know, it is pretty clear that individual citizens are required to pay use taxes for items they purchase out of state. It has generally been up to the individual citizen to report and pay the use tax. States have recently attempted to get companies to collect and pay the use tax for citizens, because there is so much fraud when it comes to the use tax (people just don't voluntarily pay it, when is the last time you did, or know anyone who did?). I may be mistaken. My understanding is that a use tax would be unconstitutional. States are not supposed to have import/export taxes for trade with other states. That is what the inter-state commerce clause is all about, not the twisted definition that the SCOTUS dreamed up many years ago. Rather, it is to make trade "regular" (occurring normally and without impediment of additional taxes or levies imposed by states).

more than 4 years ago
top

Sony Update Bricks Playstations

fwr Interweb? (510 comments)

I refuse to continue reading any article that uses the term Interweb

more than 4 years ago
top

US Intelligence Planned To Destroy WikiLeaks

fwr Re:Be aware... (555 comments)

Yes, but you convienantly left out that the testimony that I linked to was in May, 2006, well after 1971 and 1979. The guy testifying is the:

Henry Salvatori Professor of Law & Community Service Chapman University School of Law Director, The Claremont Institute Center for Constitutional Jurisprudence

more than 4 years ago
top

Yale Law Student Wants Government To Have Everybody's DNA

fwr Re:Wrong Movie Reference (544 comments)

You have it wrong. It's not being shoved to the right, it is being shoved more towards total government, rather than anarchy. This type of information can be used for ill by either the left or the right. The radical left may, in fact, want more data than the right. I could see them wanting a full genome in an effort to take care of the people by discovering who has what predisposition to what ailments, and beginning proactive treatment. As far as the right, I see the extremist on that end wanting pretty much was asked for here, a way to positively identify each citizen to be able to link them to crimes and such. Of course they could also use it to frame someone pretty easily (it's easy to get people's DNA, just take one garbage bag and you'd have enough to plant in any crime scene).

So the window is being shoved, but it's not being shoved left or right, it's being shoved towards a more totalitarian government.

more than 4 years ago
top

US Intelligence Planned To Destroy WikiLeaks

fwr Re:Wrong... (555 comments)

See this:

Testimony before the U.S. House of Representatives Permanent Select Committee on Intelligence, contending that Section 798 of the Espionage Act, prohibiting the publication of classified information regarding U.S. communications capabilities, can constitutionally be applied to the media, for several reasons: 1) A majority of the Justices in the Pentagon Papers case recognized that prior restraints on publication of highly sensitive, classified information regarding ongoing military and communications operations would be permissible; 2) The prospect of post-publication liability for violating the Espionage Act was also recognized by a majority of the Justices; and 3) The Freedom of Press Clause of the First Amendment is equally applicable to citizens and the institutional media.

Link

more than 4 years ago
top

US Intelligence Planned To Destroy WikiLeaks

fwr Re:Be aware... (555 comments)

Proxies are supposed to embed the actual IP address of the end-client in the HTTP headers, so that load balancing can work properly. While there may be some that don't, most transparent proxies do. You do know that there are ISPs that have transparent proxies to cache the data and reduce their Internet exchange bandwidth, right? That's what happened in that story where people were getting into each others Facebook accounts on their cell phones - the cell phone company proxy was screwed up.

more than 4 years ago
top

Ars Technica Inveighs Against Ad Blocking

fwr Re:The other side: Ad abuse and malware (1051 comments)

I agree. A lot of people throw around the word right too, well, liberally. There are very few rights in this world. The right to view content without ads is non-existent. If there were such a right, and the people creating content didn't want to, or couldn't afford to, what would you do? Would you force them to create content? Would you enslave them, making them toil away at creating content for no pay? Of course not.

At the same time, the content creators have no right to ad revenue. If people don't want to view their sites with ads, then you can't force them to. Well, I suppose you can turn your web pages into one large dynamically created JPEG per page, with the ads embedded. But you can't force people to view your web site at all, let alone force them to run intrusive JavaScript and untrusted code from third party ad servers.

The content providers certainly have a right to say what they want, and to try and find an alternate business model that works for them. The content viewers, or consumers, have the right to choose what content they consume, or whether to consume any at all.

If the model that the providers use is not acceptable to the consumers, then the providers will just have to find something else to do, and the consumers will have to find a different provider. That's called the free market, which doesn't have anything to do with whether the content is free or not.

more than 4 years ago
top

Independent Programmers' No-Win Scenario

fwr Re:Why just programmers? (552 comments)

Actually, it is my understanding that the law removes special exemptions that certain people had that allowed them to basically work for one company full-time, for very long periods, but still claim they were a contractor. You can't have it both ways. Either you are a contractor and do a bunch of short term jobs for a bunch of different companies, or you are a permanent employee of one company. See the other Slashdot article. It's just a scam.

more than 4 years ago

Submissions

fwr hasn't submitted any stories.

Journals

fwr has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...