Ask Slashdot: What Should We Do About the DDoS Problem?
Minor update: This is an IP extension, not a TCP extension.
Ask Slashdot: What Should We Do About the DDoS Problem?
I've actually thought about this and come up with the following TCP extension:
Routers all maintain a reasonably sized set of source/destination/timer triplets. If a packet comes in from 'source' and is headed to 'destination', drop it. When 'timer' expires, drop that rule.
A special new "Add rule 'source,destination,timer'' packet is added, to be sent to a router. This causes the router to initiate a 3-way handshake with 'destination' to confirm that they requested the new rule, and if so, they add the rule to their table and set the expiration timer.
The idea is simple: If you're being DDoS'd, you don't have much bandwidth, but you always have bandwidth available between you and the first router, so you can always send them special packets telling the first hop router to drop all packets that you suppose are malicious, with a small timer so that you can renew it. After that's done, you should have eased the traffic enough to send more table-update packets to the second hop routers, and then to the third hop routers, and so on, until you've pushed the 'timed reject rule' right back up the traceroute chain until its at the source's doorstep and can go no further. At that point, not only are you free from the DDoS, the routers themselves no longer have to handle the traffic, either, as you've cut it off very near to the source.
The rule expiration timer makes it so that you need to actively maintain the rules or they'll disappear, and furthermore, it makes it so that when the DDoS stops, normal traffic can resume just fine. You can always 'peek' to see if the DDoS is ongoing by letting a few timers expire and watching to see if the malicious traffic is still coming through. If it is, update the rules and block it for some more time.
Let's Call It 'Climate Disruption,' White House Science Adviser Suggests (Again)
How about we get serious about it and use a much more appropriate terms: Global Ecological Catastrophe and Pollution Crisis.
Ars Technica Senior Editor Discusses Threat of New Slashdot UI
slashdot is not a product, it's a community! That should be respected more than anything, Dice! You don't have the right to alter slashdot without the consent of the community, and it clearly hasn't given consent!
The Individual Midnight Thread
I'll be participating in the slashcott at midnight in my own timezone (in about 2 hours). I'll also be moving to the altslashdot page.
If the beta is still around, there's a pretty good chance that I won't be back.
Linus Torvalds To Head Windows 9 Project
I'm impressed. :)
but that's really cool that you could figure it out by hand.
More Details On Drug Cartel's Clandestine Communications Network
They should never have shut that down. Sure, it might have been used to support drug cartels etc. and so on, but it is one of the most advanced communications systems available.
Go find a cellular provider that runs their entire infrastructure on solar power, and who has their network de-centralized (meshed) such that it's difficult to take down.
There is no mistaking it, the drug cartels have developed a superior communications system, and it was just shut down. I'm going to build my own version of this thing to cover the island I'm currently on.
Make no mistake, the drug cartels have an incredible amount of financial power, and they are only now starting to use it for potentially good development. Take the hi-tech underground tunnels, the hi-tech submarines, and now the advanced solar mesh network. Someone needs to partner with these guys.
OpenStack Spun Out From Rackspace Control
These are two different movements, I would hope that it is of the 'free software' movement...slashdot always uses the wrong terms..
Paralyzed Patients Control Robot With Brain Waves
There is no reason for them to be connected to this only 1 hour a day. Perhaps if the patients were connected to their avatars continuously for two or three days, they would quickly grow accustomed to it through personal experimentation in much the same way that self-taught programmers train themselves in a new language.
I think that if they are self-taught for controlling the avatar that they might be much more efficient at it.
Microsoft: No Botnet Is Indestructible
I work with some university professors on research projects regularly.
I don't want to use too many 'buzz-words' or anything, but I also don't want to give away our research before we publish it.
One of our projects (we have developed a patentable method) involves a method of distributing control messages of X length to N computers by using only X bandwidth on the sender side, with built-in error recovery and automatic redundancy by virtue of a propagating message source. Combine that with public-key crypto and you have a super-resilient propagating message with no 'source point'.
We make use of the DNS protocol to accomplish this.
You can see when we publish the paper, I will make it available to slashdot at that time. We've found that there is no clear way to stop the messages from reaching the destinations, and no way of impersonating the sender. There is also no way to detect the true source of the message.
Essentially, an alternative to P2P transmissions which is probably just as good.
There might be a flaw somewhere that we haven't noticed though, but at the moment it seems to be that we will finish the paper soon.
First WebCL Demos Arrive From Nokia and AMD
My browser is meant to render HTML pages. At least, that's what I'd like my browser to do.
Now openCL..sure, there's a niche for it somewhere and someone will want it. I think that this is tremendously unnecessary now, though. At which point does the trend for unnecessary bells and whistles go too far?
Will the browser have the capability to subvert my entire operating system by the time someone says 'Ok, we're done. We bring you the final release.'
This actually reminds me a bit of emacs, but a bit different still as emacs is not exactly visually oriented. This browser feature-war now revolves around the ability to display video, render pretty images and use phenomenal amounts of CPU and now GPU power for something that should sit idle 99.99% of the time, and spend the rest of the time drawing an informative web page.
North Korean Domain Names Return To the Internet
..but does this mean that 'Anonymous' is going to DDoS them back off the internet soon? North Korea seems like a place they would target.
US Spurs Plethora of Problem Solving Prizes
I think the prize usually works as a sort of PR by drawing attention to your company.
I think maybe they do it as a kind of reward to have a clear conscience and also to make the competition a little more entertaining. (Prizes are not required but they do make it more worthwhile)
So something like:
'We need this problem solved. Lets crowd source it and start a competition. Throw in a prize to make us look good and to make it entertaining."
Remember that people are not as rigid as machines, and that corporations are run by people. They can do things which are a waste of money from time to time.
US Spurs Plethora of Problem Solving Prizes
They may not be competing for the prize at all.
Maybe they decided to participate because it's enjoyable to them. The prize is just a bonus that happens to be there. If there were no prize they would most probably still do it.
This can happen, because people regularly participate in projects like this with no prize at all. (see open source projects) as a hobby.
'Reading Level' Filter Added To Google Search
This reading level filter actually works here. Last night when I noticed this story on slashdot, I decided to try it out the next time I used google.
A few minutes later I set the reading filter to 'advanced' and tried to find a technical specification article. Which surprisingly popped up in the top 3 results.
As a quick test, I turned off the filter and did the search again, all I got this time was links to various forums, a wikipedia entry, and an archived conversation on some mailing list.
I'd say it's great for hunting things down. It's just another 'what' in the 'search for what?' that search engines do.
Angles On Anonymous
Actually, I've been sitting in their IRC channel for a little while now. To be fair, a lot of the people talking in there are pretty immature.
In fact just a few minutes ago they were having a shouting contest on whether they should DDoS RuneScape or WoW. (Completely bizarre)
I think that it's pretty plausible that they're younger than 20.
I was eating breakfast and watching the chat at the time, and yes I did laugh.
Reading this is kinda funny, even though I know it applies to a lot of sites now. Perhaps even almost all.
I know that a lot of people don't ever read the privacy policies though, or EULAs and etc.
By accepting this agreement you hereby agree to forfeit your firstborn son and/or soul to us..
US Marshals Saved 35,000 Full Body Scans
Should Being Competitive With Windows Matter For Linux?
I remember reading in a book somewhere when I first decided to learn Lisp, and that book said something along the lines of:
When switching to something new, don't think about what you're moving from, just embrace the features that the new language has to offer. You're not learning a new language to use it for the same things, you're learning it because it's a new tool.
I think this can apply to operating systems too. Why should we be making copies of Windows when we have something genuinely unique*? We should embrace the uniqueness
and refine that to bring something that is very good at what it does, instead of being moderately bad at doing what something else does.
In other words, we should be focusing on being different. That's the geeky way anyway, geeks hardly try to fit in.
As a question, why is it important that Linux gets desktop market share, anyway? I always saw Linux as a hobby-supported and donation-supported thing. I never expected that money would actually be an issue. In fact it seems to be working out just fine right now, too. Maybe not enough people are donating?
*Unique of course if you count *BSD and all the distros together, I know they're a little different but it's not actually by all that much.
Windows 8 To Be Released In October 2012
Doesn't the beta come before the release? This would make that make sense.
sea4ever has no journal entries.