Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Re: For that, you'd have to do a different attack (Score 1) 309

by Tom (#48678501) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I don't think you understand how amplification attacks work.

I wrote advisories on that more than 10 years ago, so please go ahead and lecture me.

Your home network should not allow a request with an IP that doesn't belong to it out. If I'm the router that connects 1.2.3.0/24 to the Internet, I shouldn't put a packet that claims it originates from 5.6.7.8 on the wire.

The only places where a package that isn't part of my network should be routed through is when my network is a transit network.

Comment: Re:Rubbish (Score 1) 309

by Tom (#48678483) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

I know from my own experience how right you are, but that, exactly, is the problem. This "it didn't crash in 10 minutes, ship it" approach is utterly horrible. It's become industry standard instead of being taken out back to be shot, and that is a really serious problem.

People shouldn't be used to computers crashing - they should demand that they don't do so.

Comment: I've managed a team full of H1bs.. (Score 4, Interesting) 449

by hey! (#48677749) Attached to: Paul Graham: Let the Other 95% of Great Programmers In

Not my choice, we got them in a deal with a VC. And I will tell you from experience that they're not all great programmers. A *few* of them were very good programmers, most of them were OK, and a few were very *bad* programmers. Just like everyone else. The idea that the H1B program just brings in technical giants is pure fantasy. This isn't 1980; if a CS genius living in Bangalore wants to work he doesn't have to come to the US anymore, there are good opportunities for him at home..

H1B brings in a cross section of inexperienced programmers and kicks them out of the country once they've gained some experience. I have nothing against bringing more foreign talent into the US, but it should be with an eye to encouraging permanent residency. I think if you sponsor an H1B and he goes home, you should have to wait a couple years before you replace him. Then companies will be pickier about who they bring over.

I have to say, managing a team of H1Bs was very rewarding, not necessarily from a technical standpoint but from a cultural standpoint. Because I had to learn about each programmer on my team and the way things are done in his culture, I think I became closer to a lot of them than I would have to a team of Americans.

Comment: Re:For that, you'd have to do a different attack (Score 1) 309

by Tom (#48675107) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

spoof the IP address of your target (...) it proves that the DNS protocol itself is beyond repair

No, it proves that the network you are connected to is braindead because it still allows IP spoofing.

And that EVERY company on the net is susceptible to something like that because unlimited bandwidth does not exist.

It used to be really easy to knock someone off the Internet. It's not so easy anymore. For some of the really big targets, being able to muster the bandwidth alone would be an impressive demonstration of power. Keeping them offline for more than a few seconds while their Anti-DDoS countermeasures deploy would be something that few players smaller than a nation state level can pull off.

MS and Sony have a security that matches the opaqueness of an erotic dancer's dress

Not really. I hate them as much as most people with three working brain cells, but they've both done quite a lot about security. It's just not enough and - like every company - they make decisions to not invest in some security measures because the ROI simply isn't there.

Comment: Re:Rubbish (Score 3, Insightful) 309

by Tom (#48675071) Attached to: Why Lizard Squad Took Down PSN and Xbox Live On Christmas Day

Nonsense. On their gaming systems you are unlikely to find any data that the companies would consider valuable. And 10+ years of experience show that "oops, we leaked customer data" isn't really a game-changer.

But cries from customers can be. Denying them the joy of their freshly gifted gaming console can be very powerful. It's not the nice way, definitely not, but it makes headlines.

I doubt it's going to change anything, because customers are too used to computers not working. That is the real damage that 30 years of Microsoft dominance have done to the world.

Comment: Re:miscreation (Score 1) 347

by Tom (#48674659) Attached to: Ars: Final Hobbit Movie Is 'Soulless End' To 'Flawed' Trilogy

If I didn't know that, I'd give back my nerd credentials.

But there's a difference between making a prequel movie and a story that is set before. The Hobbit tried too hard to get as much from the LOTR movies into it as possible. For example, WTF is Legolas doing in the movie? He's not even mentioned in the book.

Comment: Re:The Navy sucks at negotiating (Score 3, Interesting) 117

by Shakrai (#48673891) Attached to: US Navy Sells 'Top Gun' Aircraft Carrier For One Penny

Hell, one Ohio class submarine has more destructive capacity than the entire Navy from 1945.

Which means absolutely nothing because you can't actually use any of that firepower in any conflict short of "Civilization as we know it is coming to an end." That's not to dispute the rest of your points, which are mostly valid, but let us leave the SSBN out of the calculation of modern naval firepower. They have a specific mission: deterrence. The day they are called upon to loft their birds is the day that mission has failed.

Why would you want more men when the ships have become more efficient and have so much more firepower?

There is an argument to be made that we need more ships, particularly attack submarines and surface combatants. The former will prove decisive in any conflict with the PRC and the latter are needed for missile defense, amongst other missions. Unfortunately most of the shipbuilding budget is going to the Gerald Ford CVNs while the looming Ohio replacement is going to consume billions more. Both are needed at the end of the day, so unless we're going to throw more money at the Navy I'm not sure what the solution is. I'd opt for throwing more money at them, since it takes decades to build a modern Navy, and it can't be used (as easily) for interventionist adventures in the same manner as a standing army....

Comment: Re:Motive (Score 4, Insightful) 280

by Shakrai (#48670163) Attached to: Did North Korea Really Attack Sony?

What would you think if NK released a movie about killing a US president?

They've released propaganda films about nuking us. We didn't mobilize the cyber or real armies over the matter; I guess that's the difference between a modern nation-state and one held together with a pygmy's cult of personality....

Comment: Re:Why is the White House involved? (Score 2) 225

by hey! (#48669123) Attached to: Sony To Release the Interview Online Today; Apple Won't Play Ball

Presidents, governors and mayors all do this kind of thing -- call up private businesses and ask them to do stuff. The mayor may call a local business and ask it to reconsider withdrawing its sponsorship of the local youth baseball league. The governor might call up union leaders and senior management in a strike, particularly if it affects things lots of people need like transit or health care.

This is the exercise of *soft* power, of influence rather than of compulsion. Obama can't call Apple and compel them to change their stance. But he can call Tim Cook and *persuade* him, possibly with more success than Michael Lynton, particuarly given that the two may be having some kind of dispute. Ego *does* play a role in CEO decision making.

Trying to be happy is like trying to build a machine for which the only specification is that it should run noiselessly.

Working...