Apache has an input filter mechanism. Could also proxy I guess. Easy to detect the bad input, just a question of how to hook.

The RC version of PHP has a new directive, max_input_vars. Should be easy to implement. The POST data come in as a string, just like a query string, as I recall it. So just count the number of ampersands.

Article says the DoS happens as the hash table is populated, so there is no easy fix for the PHP user. A patched version of PHP must be compiled. Or maybe some apache magic can be applied before the data hits PHP. Something in mod_rewrite in the .htaccess?

Opera has been free with no ads for many years. They make the majority of their money from the mobile version (free to individuals, though), and some from other embedded devices and search partners (Google). I don't know if the cloudy thing, Opera Unite, or Opera mail makes money.

He hears rumors in Calif. of a new trust system to complement PKI. That's all he will say when the interviewer questions him repeatedly about a solution to the problem he goes on at length about: that browsers have PKI roots built in. I agree it's a terrible system, but asking the clueless user to select trusted roots would have its own problems, in, say, Iran. Or more precisely, clueless users in the US make it hard to deploy a system for careful users in Iran. The UI has to be both easy & difficult.

Monopoly €1000 certs, that's a not a biz model you can fix. Someday I will understand Slashdot editing.

can fix. Also amazing how complex CA authority has become. The concept is fairly simple, but the niceties of the trust bits have become so arcane that Mozilla is having to fix erroneous understandings of the bits in their own code, without breaking legacy. Then the people working on security code have highly resistant personalities and so all kinds of nonsense gets frozen in for years.They sort of have to be that way, to keep their code gov't certified... what a mess. Crowd-sourced verification of self-signed certs is starting to sound better & better.

The practical results of the way the code works at least at Mozilla were mystified complaints about the fake revoked Digninotar certs put in Mozilla to block real fake certs! That is not a model for the future. They are working on it, but it's glacial.

The Probably Most Popular Shopping Cart plugin for wordpress had developers who decided to write their own parser for the wp config file instead of using include/require. Consequently, salts and passwords like "foo);bar" break all product images. Now that is a hard bug to find!
https://shopp.lighthouseapp.com/projects/47561-shopp/tickets/970

Whoops, the Kleenex analogy is backwards. Oh well. What if Kleenex would only supply your drug store if you gave them drugs? It's more like that.

No, they are being punished by a semi-monopoly. What if Kleenex refused to supply drug stores that stole cases of the truck... and Kleenex was a semi-monopoly whose name was synonymous with tissue... or something like that.

What if you ran a web site Google was lifting content from, enough content that people stopped buying your paper product (newspaper) and visiting your website? And then you lost your remaining traffic when you complained? A company as big as Google has to play by different rules. And corporations are only entitled to the rights we give them; they have no natural rights.

The newspapers, by the way, need to charge because the only way they make real money is on print. When they don't charge for online access, print subscribers drop out. People even want to pay! Look at iPad & Kindle & Nook.

When the NYT first tried charging, a few years ago, online hits dropped fast. They panicked at went back to free. But that was exactly what was supposed to happen! The point of Times Select was to save print subscribers, not make money off online viewers.

It uses Javascript to obfuscate email addresses. That is helpful but not foolproof, contrary to the article. It stops most harvesters, at the cost of no-script users and the like. The chirpy article is less than trustworthy, so I would not assume the service is a CDN, or if it does cache that it will continue to maintain capacity. Or the speedup, if real, could be due to minifying html and serving small images in the Google News way, as inline data. The number of connections can be more important than speed.