"my ISP serves me their self-signed cert instead of Slashdot's real one."

You see a page/popup that says "this certificate is bogus, somebody is fooling around with your connection". From that point on, if you decide to proceed to the site, you are your own worst enemy.

Oh well. Back to the built-in JS blocker, then. Or rather use both built-in blocker and NotScript together.

Doesn't list anything, even if I enable Javascript for its site in NotScripts (yet another reason to install this little lifesaver).

So nuclear reactors are out. Can you program a firewall this way? What about an airline ticket reservation system? A compiler, maybe? A web browser?

His design is very good for instant unit testing, which is fine and dandy and I'm all for it.

Now go program me a nuclear reactor control system with this.

The letter "i", apparently.

It's OK, nobody uses JPEG 2000 anyway.

Billions and billions of stars!

How did you test? nginx does honor Range requests. The Apache killer will report that nginx not vulnerable, so what, it misreports PHP-based Apache installations too. However, this attack can be performed in more than one way. Maybe you should know that nginx maintainers have released a patch today. I wonder why.

I have read that IIS is vulnerable to this too, not sure if this is true, I have no IIS installations that I can check.

I'm not sure what Cherokee does so I can't comment here.

Apache has its share of its own unique bugs, that's true.