I wrote advisories on that more than 10 years ago, so please go ahead and lecture me.

Your home network should not allow a request with an IP that doesn't belong to it out. If I'm the router that connects 1.2.3.0/24 to the Internet, I shouldn't put a packet that claims it originates from 5.6.7.8 on the wire.

The only places where a package that isn't part of my network should be routed through is when my network is a transit network.

I know from my own experience how right you are, but that, exactly, is the problem. This "it didn't crash in 10 minutes, ship it" approach is utterly horrible. It's become industry standard instead of being taken out back to be shot, and that is a really serious problem.

People shouldn't be used to computers crashing - they should demand that they don't do so.

It is a good tip for reducing the amount of astroturfing. I'm sure the FCC will get right on that very soon.

Instead if replacing comparatively-cheap programmers with cheaper overseas programmers, why not replace expensive middle and upper management with cheaper overseas middle and upper management? For what our CEO makes, I could hire a couple hundred engineers. But I bet I could find a guy from India who'd be happy to be our CEO for about what one engineer makes. And he'd be every bit as effective at it as our CEO is!

See link: http://sunlightfoundation.com/... Half of the petitions were anti-NN, and mostly came from a Koch-backed organization's form letter:

As for the "VARIANT PARAGRAPH COMMENT", apparently you were given several selections to choose from, including the following:

One can make an appeal to justice for persecuted cable companies:

Or maybe this is your style:

I'd guess they probably tried to dump several gigabytes of comments into one gigantic XML document, and their... lessee 18 years... I'm going to say, DG/UX system couldn't handle a file of that size. Is that about right? I don't even want to know what hokey solution they duct-taped to their system to get it to spit out XML.

If only there were some sort of magical agency that knew how to deal with communications and could actually design a decent transfer format for these guys. I bet that very same agency might know why it would be important that the people who provide access to the Internet should not be allowed to constrain those channels based on who you decide to talk to.

Since the mid 2000s I feel like I've been seeing a lot more BFI solutions, BAD BFI solutions, than I did back in the '90's. I guess back then you had to use some finessee in your programming to get the performance you needed out of the system. Either that or I'm working with more bad developers lately. I suppose that's also possible.

The demo site uses frames. FRAMES.

This is the researcher's website. A RESEARCHER. Who cares if he sucks at web design? Ur/Web can generate any HTML you want.

But then how would you run it in a browser?

It's not required, no. At least not anymore, not sure if it used to be. The self-contained installer is sufficient to develop with.

What if, instead of doing that, we came up with a language that you could use to build your program without a browser? Now stay with me here, I know this sounds crazy, but it could work! Since you're not working with a fundamentally stateless protocol, this language wouldn't need to maintain state externally to itself! All its variables and state would be self-contained! But since you might want to pull data in from the network or a database or something, you could add interfaces to that functionality to your language! Wouldn't that be something? I know, I know, this suggestion has been made, like 12648430 times before, but I think it's a really good idea that could work!

No, it proves that the network you are connected to is braindead because it still allows IP spoofing.

It used to be really easy to knock someone off the Internet. It's not so easy anymore. For some of the really big targets, being able to muster the bandwidth alone would be an impressive demonstration of power. Keeping them offline for more than a few seconds while their Anti-DDoS countermeasures deploy would be something that few players smaller than a nation state level can pull off.

Not really. I hate them as much as most people with three working brain cells, but they've both done quite a lot about security. It's just not enough and - like every company - they make decisions to not invest in some security measures because the ROI simply isn't there.

Nonsense. On their gaming systems you are unlikely to find any data that the companies would consider valuable. And 10+ years of experience show that "oops, we leaked customer data" isn't really a game-changer.

But cries from customers can be. Denying them the joy of their freshly gifted gaming console can be very powerful. It's not the nice way, definitely not, but it makes headlines.

I doubt it's going to change anything, because customers are too used to computers not working. That is the real damage that 30 years of Microsoft dominance have done to the world.

If I didn't know that, I'd give back my nerd credentials.

But there's a difference between making a prequel movie and a story that is set before. The Hobbit tried too hard to get as much from the LOTR movies into it as possible. For example, WTF is Legolas doing in the movie? He's not even mentioned in the book.

I have to stay more up to date on what Kim Jong Un is doing...