Because I don't like how classic anti-spam black lists work, my idea describes doing essentially the opposite of your spam black list, as blacklisting is rife with abuse.

If any, let alone every, anti-spam black list works the way my anti-DDOS proposal works, please point them out to me. And we're looking for something a smidge more specific than "something that responds to avoid something else".

We don't need a full-blown "reputation" system, as flawed as that will undoubtedly be. It literally takes nothing to get on an email blacklist, and these systems are rampant with abuse. All that is important is to have a trusted third party to receive DDOS reports and independently verify them, and a cooperative admin (or automated system) at the ISP of the attacker who will promptly block his own network's outgoing traffic *to* the victim for a reasonable time. This will throttle down the DDOS attack, making such attacks ineffective. This will expose and map out botnets the moment they go live. There will be no collateral damage or customers helplessly complaining about being blocked, because the *victim* is requesting to be blocked.

Wow, I'm glad you liked my idea I posted above, earlier. However, you shouldn't be blocking anyone's IP address *except* for the victim, as blocking the alleged offender simply begs to be abused in the same way as email blacklists. The system should provide the victim with a means to request temporary protection.

The "We regret to inform you... click here..." won't work though, since it would become what the next round of trojan installers look like.

The idea of voluntary email blackhole lists could be adapted here. Victims of DDOS could submit lists of IP addresses that are attacking, to a central clearinghouse, which will analyze the attack pattern in order to determine the most efficient response. The clearinghouse would verify and document which groups of IPs are part of a particular attack in progress, and notify the relevant ISPs in real time. These ISPs would respond by blocking outgoing access to the victim from their network for a time. Whenever possible, they could later contact the offending customer to help them eliminate the bot infection. Botnets could be mapped out instantly, and in great detail. DDOS attacks could be significantly throttled down after just a few minutes. If enough ISPs participated, DDOSers would be left with just the crummy little ISPs to use that don't give a toot. Regrettably, this system could also be used to illuminate any legitimate activity that governments and ISPs frown upon, and the central clearinghouse itself needs to be somehow immune to DDOS attacks.

Thank you so much for saying that.
The gargantuan facility being assembled at those coordinates say you're a gravely colossal fool.
This conversation is over.

What I know, Good Citizen, is that this government is assembling an engine of tyranny, literally a thousand times bigger than that of any absolute dictatorship mankind has ever known. And if things work the way you suggest, it would also be the first time a government assembled such a system without any interest in using it.

It's people like you who insist "but they're only *building* internment camps! They're not *using* them!" 40.427277 -111.934485

Speaking of pulling things out of their ass.... NSA presenting itself as the covert white knight of America's domestic computer systems. HooBOY.

So, Good Citizen, you must think that free men should be stopped from overthrowing an unjust government. You can think what you want, but when you sputter "NSA? Possess surveillance software?!?! Ridiculous!!", you only look like an idiot.

The unanswered questions are; if, and how does the NSA inform critical domestic utilities of their vulnerabilities, and what power might they have to compel those utilities to secure their systems appropriately? The problem being that the NSA would probably prefer to quietly catalog and study vulnerabilities, to help quell revolts or secessions in the future, rather than send out emails full of advice for patching bugs. Thus, they're no help to anyone, and at a high price. On the other extreme, the NSA's solution to every problem would likely be the compulsory installation of their own home-grown monitoring software, you know, to be "extra secure". Certainly, you can trust them. Their entire history is proof of the advantages of cooperation.

I've been lurking in /. for years, and I'm absolutely certain that this topic is nearly, if not exactly, word-for-word identical to another /. post from either last year or the year before.

...of course, it's the *providers* who demand the crippled firmware, but SS is only too happy to provide the custom lobotomies.

/yes, they have your PIN, PIN2 SIMM and every other number you're asking for.
//yes, the're lying about not having this information, but noone you can get ahold of on the phone has it.

It's a considerable "security issue" because it may provide a vector through which you could install any app, ringtone, mp3, wallpaper, etc., that you did not buy from the manufacturer (thinking of currently un-rootable devices here). You could disable un-installable apps you mfger wants you to have. You could inspect and monitor your phone's memory and data transactions in such detail as to learn what information your mfgr, or installed apps, harvests from your activity. Heavens, you could finally back up and restore your phonebook from a device with a disabled data port. Enable wifi without a $15/mo service plan! Download your cameraphone pics and videos without using up some of your data ration! Or install a cut-and-paste extension! Freedom is dangerous! Samsung cannot ensure the 'highest customer experience' if the customer can shop around! Or some hog-swill like that.

Disclosure: worked for Samsung Wireless. They're evil.

So if I want to throw detectives off my trail, all I have to do is harvest a bunch of handles from 4chan, Slashdot and Fark to reuse? Good to know. Not that I'd do that, of course. Or use my enemy's handle. Hur hurr.

Ya know what I think? I think we just freed up 84 unused netblocks for the rest of the Internet to use.

Van, it's good to hear back from you. I'm glad you liked some of the ideas I bounced your way. It sounds like you have the ball rolling now. While other slashdotters may vary, my advice is always to just be yourself. Managing special people is a dandy skill to acquire, but it would involve a degree of dishonesty I couldn't muster. I just be direct and reasonable. In the long run, I'm happier finding out that people didn't respect me, or that the company culture required that I be treated like a subordinate until I'd been there a minimum number of years. But I think you're in a better situation than that.

I have some experience with working for non-profits (student orgs), and I know what it's like to be emotionally attached to something that no longer deserves my efforts. Going forward, I try to quickly find out if I'm in a messed up situation before I get attached. As an IT contractor, I run into this all the time. I've dealt with a number of Bob-lites. I get hired to fix their problems, and help them keep their status and dignity. Naturally, I get blamed for the problems. When I see what's coming over the horizon, I try to estimate what point my paycheck fails to be worth it all, and initiate a graceful exit which avoids my pay being recalculated at minimum wage (stupid contracts!). Most experiences are good though, and sometimes I'm treated like a hero. Makes it all worth it.

I sort of view the board as being the problem for living with and shrugging off problems like these. It could be that the org has attracted too many people with this attitude, or is so desperately short on resources, and should be left to natural causes. It could be that Vanderhoth is a malcontent neat freak and overstates the problem. There may not be a way out of this without drama. Best course is an honest attempt to directly talk to Bob about the document system. If it doesn't pan out, quit before becoming too invested in the failing org.