Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:A more detailed proposal ... (Score 1) 336

Sure, I know and like DNSBLs including Spamhaus's, but this is a distinct application from XBL. Specifically, removal needs to be rapid in order for it to be useful for rejecting customer Web traffic. That's an engineering requirement that email anti-spam systems don't have, since SMTP is designed to retry for days if necessary to get a message through. Moreover, hosts that send any legitimate email are very few compared to hosts that send Web requests; and even though email admins are frequently dense, unresponsive, or victim-blaming, they're still a level above typical users in knowing what the fuck is going on with their computer.

One approach would be to have each DDoS victim continually (e.g. every hour) assert which addresses were attacking it, and only list those addresses which are currently attacking. This way, as soon as a host stops attacking, it will drop off the list. This has weaknesses — for instance, an attacker can use your host all night while you're not using it, without you noticing — but it's still an improvement over what we have today. And it still depends on each subscribing site having a good enough backchannel to the listing service to stay open during the DDoS. Back in the day we'd do it with a dedicated modem line — the bandwidth requirements are really quite minimal — but nobody knows what that is any more.

Comment A more detailed proposal ... (Score 5, Interesting) 336

Sites under DoS attack should publish (through a channel not congested by the attack) a list of the IP addresses attacking them, through some trustworthy third party. Then, other sites should subscribe to that list and refuse service to those addresses until they clean up and stop attacking.

For instance, consider your uncle who uses AOL. His computer is infected with botnet garbage and is participating in a DoS attack against (say) Slashdot. Slashdot sends a list of attacking IPs, including your uncle's, to Team Cymru (the third party). Cymru aggregates these and publishes a list, updated every three hours. AOL subscribes to that list. When your uncle goes to check his AOL email, he gets an error: "We regret to inform you, your computer has been hacked, and is being used by criminals to break the Internet. You can't get to your AOL email until you kick the criminals off by installing an antivirus program and running a full scan. Click here to install Kaspersky Antivirus for free. Thank you for helping keep criminals from breaking everyone's Internet. Sincerely, Tim Armstrong, CEO, AOL."

Then your uncle gets mad and calls up AOL and complains. They try walking him through using the antivirus program, but he just curses them out and says he'll go to Hotmail instead. He tries ... but Hotmail also subscribes to the same list and tells him the same thing: "Your computer is infected with malware and is being used to attack other sites on the Internet. You cannot obtain a Hotmail account until your computer is clean. Click here to install Microsoft Antivirus." He gives up and calls AOL back, and they help him get his computer cleaned up. Within half an hour, it's off the botnet; and within three hours, it's off the list of attacking hosts, and your uncle can get his AOL email again.

Piracy

App Auto-Tweets False Piracy Accusations 231

An anonymous reader writes "Certain iPhone and iPad applications from a Japanese company have broken software piracy detection mechanisms that are sending out tweets on the user's own Twitter account, saying, 'How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession.' The trouble is, it's sending these out on accounts of users who actually paid up to $50 or more for the software and who are legally using it. The app is asking for access to users' Twitter accounts, but does not give the reason why it is asking, so the author of the article concluded (rightly) that things were being done deliberately. Would you want your legally purchased software to send out messages to all of your contacts on Twitter or on other social networks saying that you were a software pirate? Would you excuse the writers of the software if it was just an error in their piracy detection measures?"

Comment Not tablet users, no. (Score 1) 297

They should have released office applications for iOS at 2x the price of their iWork equivalents. Then they should have moved all that into the metro style, and released basically the same metro designs for Windows 8.

That might have cost them more than it produced in revenue, but now the result is that millions of people have been delightedly using their iPads for a couple years, and they're doing ok without MS Office. Even enterprise users. And MS still doesn't have an announced plan to bring Office to Metro (Windows 8 Style, whatever).

Including Office in Windows 8 RT might attract a lot of people to the platform. But it might also be the only way they can get Office deployed on a lot of tablets. Like, great, but also technically shovelware. I'd love to say that Microsoft has their work cut out for them, but that implies that they are working on the right things now. Dunno. I hope it works.

Comment Re:I don't give a Zuck! (Score 1) 290

Uh... You aren't contradicting his valid point. He didn't say HTML5 was failed. He said it was a mistake to do HTML5 to the exclusion of other client platforms. How can you disagree with that? He's running a giant software company - they can support a few platforms. They will have different merits.

I wish HTML5 fans hadn't convinced the world it was the 2nd coming of Christ. My favorite web apps worked great with HTML4. Now every web page tries to run enough JavaScript to lift itself into orbit.

Comment Advertisers agree to honor DNT (Score 1, Interesting) 383

Advertisers agree to honor DNT only from browsers that display the setting behind a door labelled "beware leopard".

It's bullshit anyway - any standard based on advertisers behaving ethically is a nonstarter. Apple's default no-third-party cookies seems worthwhile, if circumventable. Why not do more of that? If there are Moz people working on the DNT standard, I feel like they are being suckered.

If it's google's display advertising business you're concerned with, I don't really understand your concerns. If it's any of the many less scrupulous parties that you are concerned with, they're just going to ignore DNT.

The Internet

The Pirate Bay Launches Free VPN 359

bs0d3 writes "The Pirate Bay team is going to be making the RIAA angry, with the launch of a new ad-supported VPN service. PrivitizeVPN is available for free from The Pirate Bay. Instead of earning revenue through subscription as ipredator does, PrivitizeVPN comes packaged to install the Babylon search bar (adware). PrivitizeVPN appears to be available for Windows users only at the moment. The Pirate Bay staff has a long history of promoting services that have no logs; e.g. , you can't get in trouble if your anonymized IP is subpoenaed by government officials. Although PrivitizeVPN is being released silently, with no press coverage, no official statement, and no comments from The Pirate Bay of any kind, people are assuming that PrivitizeVPN will have the same familiar data protection policies. A backup download location has been setup here for people who have limited access to the Pirate Bay domain."

Comment I wish he had resigned. (Score 1) 915

Wikileaks used to be stronger for his leadership. Now he's accused of being a rapist, and the accusations aren't going away. If he secures his freedom without facing these allegations, Wikileaks will never be respected again.

Assange claims he can't face these allegations because he will be extradited to the U.S. and I expect that is correct. That either means that they beat him, or that he really is a rapist. So what if we gave him the benefit of the doubt? He has still been beaten. The question is whether beating Assange also means they have beaten Wikileaks.

Openleaks sounded like a total pile of crap when it first launched. I hope that there are other capable people that share the core values of Wikileaks. Every day until Assange hands over leadership and control to those people, Wikileaks is further diminished.

Math

A New Glider Found For Conway's Game of Life 50

An anonymous reader writes "Conway's Game of Life is now forty two years old, but it continues to inspire as well as being the basis of an actively researched field, with computer scientists now announcing they have found a new form of the famous 'glider' pattern (once suggested by Eric S Raymond as the insignia of computer hackers) that runs over a so-called Penrose universe."
Security

New .secure Internet Domain On Tap 129

CowboyRobot writes "A new top-level domain (TLD) in the works for the Internet will bake security in from the outset: The .secure domain will require fully encrypted HTTPS sessions and a comprehensive vetting process for websites and their operators. If the new domain takes off, it could shift the way Web domains are secured. ICANN is expected to sign off on .secure, and for the new TLD to be up and running June or July 2013."
Censorship

British Prime Minister To Announce Porn Blocking Plans 286

Overly Critical Guy writes "British Prime Minister David Cameron will announce network-filtering plans targeted at porn websites, possibly requiring users to 'opt-in' with their ISP to access such content. The idea has support from MP Claire Perry, who said, 'There is a "hands off our internet" movement that sees any change in how access is delivered as censorship.'"

Slashdot Top Deals

I have a very small mind and must live with it. -- E. Dijkstra

Working...