Knowingly trying to bring down web sites is a crime.
How many web sites have been slashdotted?
Most of the time it is not hard to guess that outcome in advance based on trivial knowledge of where site is hosted, web stack and content on site but TFAs are posted anyway and mostly predictable and obvious happens. How many times have you glanced at TFA and thought to yourself oh dear that site is screwed? Even after articles are tagged slashdotted they have never been removed and continue to remain up while site remains down. How much more knowingly is required before your condition is met and a crime committed?
Should we also not arrest people if they only throw one brick through a store window but do not take anything? Should we also not arrest people who kick someone only once when lying on the ground?
DDOS attacks are about as lame as anyone using LOIC. I don't think many would argue conducting an intentional denial of service attack to be lawful means of protest. Having said that to pretend sucker punching someone should yield the same liability as putting them in ICU or traveling at 10 over posted speed limit is the same as traveling 100 over. It is disingenuous to ignore the specifics as irrelevant. I don't understand why you would not expect to incur additional charges by walking by a strip mall and throwing a brick into each building vs. only one building. This makes no sense. There has to be some meaningful proportionality.
Also, consider the fact that the minute is only the point they could prove what he did, if he was
willing to aid in DDOS attacks who knows how many other people he helped attack in the past?
Or maybe he ran LOIC out of curiosity and stopped after becoming fully cognizant of what it was doing? We are all entitled to our assumptions.
I'm the first to admit that anything quantum blows a wormhole through my head. I struggle to find anything that will allow me to grasp it. I'm a programmer, dammit.
Perhaps a close mental computer analogue is the transaction.
Software is not allowed to peer into a transaction and act on details while open or consistency could not be guaranteed. Only outcomes are exposed to the system when transaction is committed. Various interactions force existing transactions to commit and resulting outcome to be known.
So. When you observe the particle its window comes to the top
In scalable systems "reading" or "observing" is often a liability to be carefully minimized. Anything read out stands a good chance of becoming stale and outdated the second it leaves the computer. In the real world "observing" is almost certainly an illusion.
What we see as "read" operations are emergent properties of layers of interaction. Our eyes only see by absorbing photons and similar disruptive explanations likely exist for all methods of "observation".
Chimps are chimps not people. To declare otherwise is to declare 2 lights + 2 lights = 5 lights.
Besides abusing legal system to get your way short-circuiting normal legislative/consensus building paths to get the change you seek is poisonous to the democratic process. It does not matter what the issue is or how you feel about it.
There is also some evidence from the Snowden leak that standards procedures and committees have been weakened by members acting overtly or secretly on behalf of government agencies. So they should be really cautious about such offers.
In some ways IETF is almost a joke. "Consensus" building is supposed to be the key to movement yet there is no barrier to entry other than having sufficient number of brain cells to send a message to a mailing list. I have observed several instances of "ballot stuffing" where hoards of random people who very likely know and have contributed nothing at the last moment express support for x. The arbiter of what consensus means is always WG chair(s) who themselves mostly always work for a corporations with skin in the game.
The IETF process is most successful as a middle ground where there is market incentive to work together. In the case of tor there is no market to speak of to incentivize such behavior.
And why re-invent the wheel and make something fro scratch? Tor is working well, even too well in the eye of some people
My guess they might start with existing specification and evolve standard based on IETF process.
An example of this SSL v3 was mostly Netscape's doing while TLS v1 and later were products of the IETF. In this case there were no radical changes between versions and backwards compatibility was retained. There was also huge market incentive for broad compatibility and getting security right.
And no, spoofing source addresses is rarely useful. You can't use TCP for most purposes with a spoofed address (or at least one spoofed to be on a different network), so spoofing almost automatically renders you incapable of communicating. The same goes for UDP if you care to hear a response, which most protocols do. That gives it very limited utility outside of diagnosing local network problems.
While general purpose protocols do not work consider a messaging system of anonymous users where the outcome is known/broadcast globally while contributors remain secret. You can send a one-sided UDP message anonymously and be informed via public channel. I think on balance getting rid of amplification is likely more important but I do see some value in it especially in states ruled more by fear than consent.
Firstly IP level fragmentations problems are self inflicted. IP fragments get though fine if you haven't put up a firewall to block them.
Even with fast open one needs vastly more compute power to support DNS over TCP to the equivalent level of DNS over UDP.
What does vastly more compute power mean and does it matter? Lets assume it costs 100% more CPU time and 100% more RAM per DNS query to use TCP.. who cares? The long tail of DNS servers sit idle and every server that becomes a TCP only server is a server that cannot be used for amplification.
cookies needs more work though as a general idea it is the way to go.
Yet for countless years it sits and **NOTHING** gets done. The only leadership I've seen in addressing this issue is futile attempt at discriminating thinking human adversaries from legitimate users (e.g. DNS RRL)
Seriously, what the hell more do you want from a tablet?
Shit, at some point why the hell aren't you using a desktop or laptop?
This is something I will never understand. All of these devices are computers. Even the smallest of form factors today have multi-core CPUs, multiple gigabytes of RAM and 1080 displays. Why should software availability differ based on the form of the device? If it is capable of executing software why artificially prevent it? What is the difference between a laptop and a tablet? Availability of a keyboard? What if you get a bluetooth keyboard for your tablet..what is it then? None of this shit makes any sense from the users perspective. It only works from the vendors side who collects a cut of all software sales and curates all execution. It is impossible to justify.
I'm not sure what people mean when they whine about no apps,
Wah I can't run any of my software on this this computer...wah I'm whining because none of my shit won't run and the computer is therefore useless to me.
except that I must assume they are gamers. I have Netflix and Hulu installed. It has Outlook, Word, Excel, Powerpoint and OneNote. Its base apps allow you to browse the web, read the news, check the weather, play local videos, etc.
Zombie consumers have it made. Everyone else not so much.
Are you serious? This is entirely enforceable without unreasonable difficulty. It's easy to find out who owns an IP address and there's always contact info attached to that record.
LOL the MPAA wishes this were true.
If the fine isn't paid or isn't paid on time, it's only a simple matter of shutting the company's site down 'til the fine is paid.
I am beginning to loose my faith in humanity and Slashdot in particular. That there really are people here begging for legal intervention makes me sick. The technical basis for arguments being spewed here are not even factually accurate.
We're not talkin' about individuals here,
Who's we? There is plenty of consumer gear with broken DNS proxies and plenty of users who run their own servers something we should be encouraging not discouraging with our dreams of offloading liability from criminals to the users.
but companies, especially hosting services, etc. Notification would come through an official gov't somebody, not something like a spamish-lookin-email.
Hosting companies are the least of your problems.
Anybody who's setting up servers that falls for a spamish-looking-email about this, deserves whatever problems they get as a result of believing such an email. They really should know better.
Now this is the ticket. This is the kind of spirit the Internet needs to retain. If you act stupidly the Internet bitch slaps you for it.
And while they're at it, they should fine everyone who's DB is stolen due to stupid insecure setups... SQL injections, plaintext passwords, etc. This stuff isn't excusable
Who determines what is stupid? And how would anyone but the lawyers benefit from that arrangement? It is not like there is not already massive legal and financial disincentive against getting p0wn3d. I can think of a few inexcusable security transgressions that remain standard industry practice to this day. Do I get to write the law?
Can you imagine how much money the gov't would've made off Adobe and SONY over the past few years? That'd probably help lower our taxes (in theory).
And your buying power (in fact).
This isn't so much about spam anymore, but about massive DDOS attacks. I even admit I had a few systems with wrongly configured DNS servers, there were used in DNS amplification attacks, and I would have loved to know about it before they were used for that. All fixed now.
Except it's not fixed.
Of course, this makes NO sense if it gets adopted in the UK only, needs to be enabled at least for USA + Canada + European Union countries to make any sense !
It's sort of like the Kyoto protocol.
Political solutions to technical problems is exactly what the Internet needs.
Each time someone makes the claim misconfiguration of DNS enables amplification they are contributing to the problem by refusing to address the root cause.
DNS is flawed by design. You can still extract perfectly useful amplification factors out of non-recursive servers or servers with DNSSEC enabled. All turning off recursion does is cut out ultra low hanging fruit while leaving the problem unaddressed.
There are several ways to actually solve this problem.
1. Use TCP for DNS
2. Implement DNS cookies
3. Globally apply ingress filtering with sufficient granularity to prevent source address spoofing.
I think #1 coupled with TCP fast open extension is the best of the three options. With fast open the setup delay is mostly gone, TCP support is already widely deployed and fast open extensions to TCP can be deployed later as available to optimize RTT delay. With IPv6, DNSSEC and the shitty state of IP layer fragmentation support TCP is necessary regardless.
#2 in the form of http://tools.ietf.org/html/draft-eastlake-dnsext-cookies-03 requires more work to push out to DNS infrastructure yet after a few years I can see it following the same trajectory as SYN cookies.
#3 Ingress filtering... am not an operator I don't pretend to know how viable this is to roll out globally, from what comments I have read it is non-viable. This is the only option that would concurrently address all broken UDP protocols susceptible to amplification from a spoofed source address. The downside is spoofing source address can sometimes be a feature. For example it can be used to enable communication without revealing the speakers source address.
If he's a whistle-blower, then blow the fucking thing already. I understand that he is on the run, sorta, but why not just come out with it all? All the spy-vs-spy bullshit just makes me think that the whole Snowden thing is bullshit itself. I don't get it.
As far as I understand it Snowden is only releasing information to the press. The press is disclosing information as they deem appropriate.
If you take Snowden at his word he does not want his information to cause unnecessary harm hence the adult supervision (e.g. Press)
Whatever you do don't put the blame on you blame it on the rain yeah yeah. Cuz the rain don't mind and the rain don't care.
That's one more reason to stop using RC4, which isn't secure anymore when used with SSL/TLS
While I agree with security sentiments this particular patent expired in 2012. They were going after Newegg for past transgressions.