I was just thinking the same thing, and that I should have gotten into the coat business now that Hell is freezing over.

since as a scientist you spend a significant portion of your day rolling around naked on piles of money

No, depending on whom you ask, I'm actually much too busy either fabricating data to support totalitarian socialist government policies, or developing new poisons for the pharmaceutical industry to exploit at public expense. Besides, we already blew most of our grant money on booze and gambling at a "conference" in Vegas last year.

I believe you are making an incorrect assumption that these botnet nodes are actually relaying on behalf of the network. I've not seen any reason to believe this is correct. Rather than just act as normal clients of the Tor network - placing extreme load on existing relays.

In fact, this botnet appears to be basically breaking Tor with many node operators reporting that their relays cannot keep up. The Tor developers recently started developing code to prioritise the more efficient NTOR handshake over the older protocol, and because the botnet runs older code people who upgrade to the latest code (once they are finished) should take priority over the botnet traffic. Until the botnet also upgrades, of course.

To make it worse, when a circuit fails to build because of overloaded relays, Tor retries. I'm not sure there's any kind of exponential backoff. Thus the network goes into a death spiral in which clients constantly try to build circuits and fail, placing even more load on the already overloaded system and making it impossible to recover.

Unfortunately we may be looking at the end of Tor here, at least temporarily. The botnet operator doesn't seem to realise what's happening, otherwise they'd be backing off. Tor is effectively experiencing a massive, global, accidental denial of service attack by this botnet. Many relays don't have enough CPU power to weather the circuit storms. It will be very interesting to see what the Tor developers do next - they don't have any effective way to fight off this botnet because almost by design they can't detect or centrally control the network. They practically have to ask nicely for the operators to go away.

âoeThere is another class of coloured people who make a business of keeping the troubles, the wrongs, and the hardships of the Negro race before the public. Having learned that they are able to make a living out of their troubles, they have grown into the settled habit of advertising their wrongs â" partly because they want sympathy and partly because it pays. Some of these people do not want the Negro to lose his grievances, because they do not want to lose their jobs.â

-- Booker T Washington, UP FROM SLAVERY (written in 1911)

IOW, 'upgrades' required to justify their jobs. Because if it doesn't 'need' changing, the company doesn't need *them*.

I see this all the time on other websites (banks, utility companies, etc), which after a period of being functional, are suddenly 'improved' to some new state of WTFery where only some stuff works anymore and the rest either looks kewler than before but doesn't work, or is entirely absent.

Why yes, I've done both, and they were about equally easy. Someone printed up some checks with my account info, and pretty much all merchants turn checks in to ACH debits these days. I called up Bank of America, they looked at the check images and other stuff, agreed that the checks were fraudulent, transferred my money to a new account (including the amount that was fraudulently debited), and mailed me an affidavit to fill out, sign, and send back. The main difference with a VISA chargeback is that depending on the situation, they might not insist on sending a new card with a new number--however, I suspect if the amounts involved were the same as in the check fraud case (almost $2000), I would've gotten a new card number.

Due to the way the notification arrived and another anon's grammar correction, I unduly made a connection between the two posts. I apologize for the confusion.

don't you have a grammar nazi rally to attend somewhere else right now?

I agreed up until you said that we are represented. I'd say we are, at best, occasionally placated.

They were caught in a moment of honesty, voicing their opinions as they truly are, usually you see this sort of hubris after the election.

if they were on the internet we'd call them trolls

Would is a verb. My usage may be a bit archaic, but valid nonetheless.

But on a site that is supposed to cater to educated people (nerds per the masthead), why not use a more technical description instead of one you might find in USA Today or some other media directed to a 6th grade education? Even the word target is much more accurate than recognize.

The term "recognize" is used all the time in the technical literature when discussing how proteins bind to, well, pretty much anything - DNA, small molecules, or other proteins. In fact, the abstract for the actual Nature article uses the phrase "molecular recognition". You may find this unacceptably colloquial, but it's common usage in the field at this point.

(Yes, I am a biochemist.)

We clearly need more of it. The problem is, it doesn't seem to work as well here in the States, especially when we only find out the details after the fact. I would that the US government were as communicative as these Aussies about their bad policies before actually makign them law.