Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:It's quite simple really... (Score 1) 151

Yes, OK, somehow it's Microsoft's fault that the web developers completely failed to produce a site that works in real IE. So by that logic, it is also Mozilla's fault that Firefox doesn't work, and Google's fault that Chrome doesn't? Of course not. You just wanted an excuse to play in the big boy pool didn't you? "See, I'm just like you popular kids and I fit in because I'm copying your behaviour, two seconds after you do it".

Where's your browser, AC? Which browser deployed across millions of PCs did you write? And why won't you take responsibility for it failing to work with this site? And why do you and Google and Mozilla and Microsoft keep disagreeing on the way the box model works, and where the lines go, and what spacing is what? Oh, because the spec is ambiguous you say? Still must be your fault then!

I'm all for bashing Microsoft when they do stupid stuff. But if you want to be effective, wait until it's actually their fault.

Comment: Re:How many minutes until this is mandatory? (Score 1) 282

by DavidRawling (#49332763) Attached to: Ford's New Car Tech Prevents You From Accidentally Speeding
Meanwhile here in AU, it's quite common to see dual-sided speed signs. The "front" has the normal road speed (which might be 110km/h - around 70mph). The "back" has a roadworks speed limit of 40km/h (25mph). Watch for shenanigans as the Ford sees the wrong sign on the wrong side of the road (not uncommon either) and suddenly decides the road is 1/3 of the normal speed.

Comment: Re: Positive pressure? (Score 1) 378

by DavidRawling (#48936561) Attached to: Why ATM Bombs May Be Coming Soon To the United States
No, they actually usually mean LPG. I think it's only the US that conflates these terms (IME most other countries call the liquid fuels for vehicles "petrol" and "diesel"). In a gas attack, the criminals generally bring along a compressed cylinder of LPG - open the valve and the pressure causes the flammable and explosive gas to be expelled, into the air vents of the ATM. Add sparks and boom.

Comment: Re:Ways to protect vs DDoS (Score 5, Interesting) 336

by DavidRawling (#48675603) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

None of these protect against a volume-oriented DDoS. Many are DoS only (single / few sources) and do not apply when every IP on the Internet appears to be sending thousands of requests, or more likely, responses. Further, you've completely ignored spoofing of addresses combined with amplification attacks (send out a 64 byte DNS request pretending to be the DDoS target, get 4kB sent to the target). Finally, regardless of the 50-100Gbps pipes MS, Sony and Amazon no doubt have, they're useless when there's 1Tbps of amplified crap directed down the pipes. With the example above, you'd only need about 4Gbps of bandwidth total (40 cheap VPS on "100Mbps" connections) to generate 256Gbps of DDoS.

When 256Gbps of rubbish arrives at your servers or firewalls ... registry settings and kernel tweaks do jack (note that CloudFlare was hit 11 months ago with more than 400Gbps of DDoS, so this is not implausible!)

And since it seems it was apk I'm replying to ... I'm actually half surprised you didn't try to claim that a HOSTS file would magically help.

Comment: Re:Bad for small business owners (Score 1) 396

by DavidRawling (#48632077) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

Buddy, you can get a certificate for less than FIVE US dollars per year. Is that too much for you?

Actually yes, frankly it is. Because according to Google's overpaid, brain-dead Chrome developers, I need one for the KVM, one for each of the management cards in the servers, one for each of the appliances I have (from DVRs to firewalls etc), one for each little device with a web server (assuming it even supports writing a certificate to storage, and config for HTTPS), one for each workstation or server with an app or config UI. Quick count for my house alone ... 47 certs excluding the devices that quite literally have NO way to store and use a cert. I simplified too by assuming the devices supporting certs can handle SHA256 (thanks Google for THAT little recent shitfight). And the certs don't support SANs nor do CAs allow local names, so I have to use the correct FQDN all the time now (no more http://dvr/ or typing the IP - now it's And what have I gained? I've had to spend $230+ and several hours of work to avoid irrelevant anti-sec warnings, on devices no-one can get to except me. It's bulldust.

Comment: Re:So perhaps /. will finally fix its shit (Score 1) 396

by DavidRawling (#48632007) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
And that adequately reflects the rest of the world how? I have customers with multiple 5Mbps connections (literally the best they can get, there IS NO FIBER) at $400/month. They have dozens of users, 10-100MB files to send and receive, every day, and therefore a local caching proxy is the only way they can get any reasonable web access at all. But go on believing the rest of the world is like your little Utopia.

Comment: Re:Does HTTP/SSL force one IP address per www doma (Score 1) 396

by DavidRawling (#48624395) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
No - this problem is solved with SNI (Server Name Indication) which is part of all the current browsers, and has been for a while now. The client tells the server which certificate to return (which hostname it's going to ask for) in plaintext. There's probably a module you need for Apache to support this - IIS finally does it natively, so I'm sure it was already there in Apache/nginx.

Comment: Re:Stupid (Score 2) 396

by DavidRawling (#48624317) Attached to: Google Proposes To Warn People About Non-SSL Web Sites
And forcing SSL does nothing to prevent your employer setting up an SSL proxy with a wildcard certificate, decrypting everything you request, and tracking you anyway. I've set up MITM proxies for companies before, and it's literally 10 minutes of effort in most cases (because the end-users already trust the corporate CA). And if you think the Government can't MITM you as well you haven't been paying attention for the last 12 months.

Comment: Re: So perhaps /. will finally fix its shit (Score 1) 396

by DavidRawling (#48622999) Attached to: Google Proposes To Warn People About Non-SSL Web Sites

OK, Mr AC, care to explain how you plan to cache SSL-encrypted objects? All your caching proxy sees is the "connect me securely to server X" request - after that, it's encrypted and your proxy cannot tell what's being loaded. Worse, since SSL inflates the data sizes of whatever you've requested, your images are up to 50% more data, and your (already compressed with gzip) HTML, CSS, JS etc is the same. So you've added 50% to your traffic for ... potentially nothing.

Seriously, what do you gain (actual, measurable improvements) from switching from to Nothing but overhead.

And that's leaving aside the fact that SSL no longer guarantees the source server (too many options for MITM server certificate hacks) or security (POODLE etc).

No, make no mistake, this is Google throwing its weight around, screw anybody who doesn't want or need a certificate for their site, or has made a conscious decision NOT to use SSL (not to mention all the corporates with proxies that inspect for malware - now you're mandating SSL MITM by the organisation, or you have a channel for malware into any system).

Comment: Re:I look forward (Score 2) 137

by DavidRawling (#48544831) Attached to: Tesla Wants Texas Auto Sales Regulations Loosened

Actually, I don't know why they don't "acquiesce" somewhat to the demands - and offer to sell to the dealers at the same price as they sell in other states.

When the dealers refuse on the basis they won't be competitive with out-of-state sales, they should surely be able to use that to force the hand of the legislature (by advertising in Texas, with the tag line "Not available in Texas because none of your dealers will sell our cars" or something). Truthful. Pins the "blame" where it belongs (the dealers).

If, OTOH the dealers accept, the customers will demand to know why Texas is 25% more expensive (and Tesla can truthfully say "We sell at the same price to all comers, dealer or private, so any difference is the dealer's margin because your state gov't won't let us sell direct to you".

I'm very interested, with Tesla apparently coming to Oz next year, to see what happens here.

Yes, we will be going to OSI, Mars, and Pluto, but not necessarily in that order. -- Jeffrey Honig