"my ISP serves me their self-signed cert instead of Slashdot's real one."

You see a page/popup that says "this certificate is bogus, somebody is fooling around with your connection". From that point on, if you decide to proceed to the site, you are your own worst enemy.

Oh well. Back to the built-in JS blocker, then. Or rather use both built-in blocker and NotScript together.

Doesn't list anything, even if I enable Javascript for its site in NotScripts (yet another reason to install this little lifesaver).

So nuclear reactors are out. Can you program a firewall this way? What about an airline ticket reservation system? A compiler, maybe? A web browser?

His design is very good for instant unit testing, which is fine and dandy and I'm all for it.

Now go program me a nuclear reactor control system with this.

The letter "i", apparently.

It's OK, nobody uses JPEG 2000 anyway.

Billions and billions of stars!

How did you test? nginx does honor Range requests. The Apache killer will report that nginx not vulnerable, so what, it misreports PHP-based Apache installations too. However, this attack can be performed in more than one way. Maybe you should know that nginx maintainers have released a patch today. I wonder why.

I have read that IIS is vulnerable to this too, not sure if this is true, I have no IIS installations that I can check.

I'm not sure what Cherokee does so I can't comment here.

Apache has its share of its own unique bugs, that's true.

It's a protocol bug. Any server that implements the protocol to the letter is vulnerable. And it's not just about overlapping ranges. If the server can send a ten megabyte file, an attacker can ask it for ten million of one-byte ranges. The processing overhead will bring most servers to their knees. If the server can compress the output, an attacker can ask for ten million of compressed one-byte ranges. An attempt to execute such a request will kill just about anything. The protocol should have limited the number of ranges per request to, say, 10.

An attacker doesn't need to sniff anything. Why bother? Just fire up your own hotspot, name it "Courtyard Marriott" or "Starbucks", and trawl away.

Think about it every time you connect to a free public hotspot.

Maybe using that credit card number as a Twitter password wasn't such a good idea after all.

"doc" and "pro" and "ad" and "gym" are not contractions, they are clipped forms. no apostrophe in those.

I wonder what happens if I swap an Ubuntu kernel for my own kernel, configured and compiled by myself. Do I still have a licensed Ubuntu system? Even if the kernel is from vanilla sources? What if I replace their libc? How about gnu userland, I hear there are alternatives? Do I have to use Canonical's repositories for my updates? Maybe I can switch to rpm or even portage-based package manager, do I still have an Ubuntu? It should be feasible to port Debian/FreeBSD to the Canonical platform, is it OK to use Ubuntu/FreeBSD system? In short, how much of Ubuntu can I leave in the system to be still considered a licensee?

I also wonder whether smart lawyers at MPEG LA have answers to these questions. Or maybe they have no idea of what Linux is about.