Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:Botnets and Tor (Score 2) 55

No offence, but there absolutely is reason to believe you're incorrect. The reasons are in the Tor mailing lists which I've been keeping up with for the past few weeks.

Firstly, exit traffic has hardly moved, despite massive increase in Tor usage overall. This is consistent with the bots getting instructions from a hidden service. So exit node operators can't do much here.

Secondly, the whole point of the hidden service protocol is that relays don't know the IP of the hidden service. That's why there are rendezvous nodes that join user and service together via two 3-hop circuits. De-anonymizing such a service is very hard and requires you to control large numbers of nodes over a period of many months, according to the latest research. It's not something the Tor community can just do.

If you think you know of a slick way to resolve this problem, I suggest taking it to the Tor developers, because all the evidence I see from their lists is that right now they don't have any great ideas.

Comment Re:you know hell has frozen over (Score 1) 531

Well, the NRA is there to keep the 2nd amendment strong. The ACLU is there to keep the first 10 amendments strong. It's really like the NRA focuses on a subset of the ACLU.

Not sure who's around to support the 26th amendment... kids these days probably wouldn't notice if it changed.

Don't you find it fascinating the one group favoring arming itself to the teeth for these sort of instances .. are following a peaceful course, much as the ACLU advocates?

I'm beginning to suspect the whole "right of the people to keep and bear arms" has been a scam all along.

Comment Re:So it has come to this (Score 0, Troll) 531

When the NRA and ACLU both oppose something, you know it's bad for everyone.

They both must be recoiling in disgust that they are both on the same side of something ... but while the ACLU pursues matters through leveraging law, the NRA advocates remedying government amok with a more pointed (or hollow pointed) approach. Fascinating.

So NRA people, why are you not attacking teh evil gummint with your 2nd amendment rights? I do not understand this using lawyers method, which is entirely contradictory to all this ballyhoo about needing guns, many and large.

I feel cheated.

Comment Re:Recognize? (Score 2) 70

since as a scientist you spend a significant portion of your day rolling around naked on piles of money

No, depending on whom you ask, I'm actually much too busy either fabricating data to support totalitarian socialist government policies, or developing new poisons for the pharmaceutical industry to exploit at public expense. Besides, we already blew most of our grant money on booze and gambling at a "conference" in Vegas last year.

Comment Re:Botnets and Tor (Score 4, Informative) 55

I believe you are making an incorrect assumption that these botnet nodes are actually relaying on behalf of the network. I've not seen any reason to believe this is correct. Rather than just act as normal clients of the Tor network - placing extreme load on existing relays.

In fact, this botnet appears to be basically breaking Tor with many node operators reporting that their relays cannot keep up. The Tor developers recently started developing code to prioritise the more efficient NTOR handshake over the older protocol, and because the botnet runs older code people who upgrade to the latest code (once they are finished) should take priority over the botnet traffic. Until the botnet also upgrades, of course.

To make it worse, when a circuit fails to build because of overloaded relays, Tor retries. I'm not sure there's any kind of exponential backoff. Thus the network goes into a death spiral in which clients constantly try to build circuits and fail, placing even more load on the already overloaded system and making it impossible to recover.

Unfortunately we may be looking at the end of Tor here, at least temporarily. The botnet operator doesn't seem to realise what's happening, otherwise they'd be backing off. Tor is effectively experiencing a massive, global, accidental denial of service attack by this botnet. Many relays don't have enough CPU power to weather the circuit storms. It will be very interesting to see what the Tor developers do next - they don't have any effective way to fight off this botnet because almost by design they can't detect or centrally control the network. They practically have to ask nicely for the operators to go away.

Comment Re:End of a Dream (Score 1) 344

âoeThere is another class of coloured people who make a business of keeping the troubles, the wrongs, and the hardships of the Negro race before the public. Having learned that they are able to make a living out of their troubles, they have grown into the settled habit of advertising their wrongs â" partly because they want sympathy and partly because it pays. Some of these people do not want the Negro to lose his grievances, because they do not want to lose their jobs.â

-- Booker T Washington, UP FROM SLAVERY (written in 1911)

Comment Re:Ignoring your users is the new mantra (Score 1) 331

IOW, 'upgrades' required to justify their jobs. Because if it doesn't 'need' changing, the company doesn't need *them*.

I see this all the time on other websites (banks, utility companies, etc), which after a period of being functional, are suddenly 'improved' to some new state of WTFery where only some stuff works anymore and the rest either looks kewler than before but doesn't work, or is entirely absent.

Comment Re: Who do people still use PayPal high value acco (Score 1) 443

Have you ever tried that, asshole?

Which is easier: getting your local idiot bankers to roll back a fraudulent debit, or doing a VISA chargeback?

Why yes, I've done both, and they were about equally easy. Someone printed up some checks with my account info, and pretty much all merchants turn checks in to ACH debits these days. I called up Bank of America, they looked at the check images and other stuff, agreed that the checks were fraudulent, transferred my money to a new account (including the amount that was fraudulently debited), and mailed me an affidavit to fill out, sign, and send back. The main difference with a VISA chargeback is that depending on the situation, they might not insist on sending a new card with a new number--however, I suspect if the amounts involved were the same as in the check fraud case (almost $2000), I would've gotten a new card number.

Slashdot Top Deals

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...