Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Technical OR legislative? (Score 1) 340

This is why I think it should be an ISP customer responsibility. Sometimes people participate willingly in DDoS (see LOIC for example.) If any participation is detected, they should have their internet connectivity throttled until they fix their security issues.

This isn't far away from how amateur radio operators have to follow a certain code of conduct, and it worked pretty well. I don't see any reason why internet users shouldn't have to observe a similar code.

Comment Re: How do you secure the unsecurable? (Score 1) 181

The ISP, in turn, immediatly has to notify and throttle users who are part of the botnet. They have to do it otherwise they'll be airing and abetting internet, ddos attacks, and thus, are open to lawsuits. This creates the proper incentive to rubber stamp... I mean, streamline the process.

The user, of course, has a chance to contest this throttling in case that the user is not part of the botnet (IP addresses are so easy to spoof these days). So it is totally fair. All they have to do is send a counterclaim and if it is rejected (which it will), they have the option to take this to court.

Did I say a single word about identifying them by IP address, jackoff? No, so put a cock in it.

Besides, we can do more about IP address spoofing.

Comment Re:How do you secure the unsecurable? (Score 1, Interesting) 181

I think the best way to handle this is to make people somehow accountable when they participate in a DDoS, whether they do it willingly or not. Personally I think their internet access should be throttled to dialup speed for 60 days if they are conclusively found to be participating, and that 60 days starts over each time they're found participating. It will make them think twice about buying insecure shit.

Comment Re:Who should we blame? (Score 5, Insightful) 181

Regardless of who is behind it, it's about time that we treat DDoS as the censorship that it is. I'm sick of hacktivists trying to justify bringing down major websites just because they don't like whoever runs it, while at the same time talking about how they are pro democracy and pro free speech. DDoS is the opposite of both, no matter who the target is. People who justify it because they don't like Walmart or whoever are fucking hypocritical assholes.

Comment Re: I tell them that I use wanker auth (Score 4, Interesting) 427

That could make you liable for obstruction of justice/evidence tampering if they forensically determined that your phone was programmed to delete information in such a manner. It wouldn't matter whether that information was incriminating or not, you'd still get busted, and could face at least a few years of prison time.

It would be better to just have a certain finger trigger your phone to reboot, thus requiring a password to decrypt the disk contents. They're pretty much SOL at that point since it then comes down to the "what you know" authentication factor, and "what you know" is constitutionally protected information, unlike the "who you are" authentication factor, which is what a fingerprint is, and the government can always compel you to identify "who you are" with probable cause or a search warrant.

Comment Re:Doesn't sound plausible (Score 2) 111

The original will be decompressed, the mark added, then recompressed and streamed to each specific subscriber to allow identification?

Not necessarily. You can probably do pixel manipulation within the DCT space of a B frame immediately preceding an I frame, and the viewer probably wouldn't notice. In fact there's a lot of material about the maths of working in the compressed domain, the IEEE even wrote up a whitepaper describing how to resize images without needing to decompress/recompress 12 years ago.

The tricky part would be detecting while it's being relayed through a pirate stream. If it's a simple remux, then I imagine it wouldn't be terribly difficult to detect, but if it's a lossy transcode, that would produce some challenges, but likely not impossible (I imagine some kind of algorithm doing multiple rounds of tests and coming up with a probability, and then taking action if that probability reaches a certain threshold.)

Comment Re:haha... (Score 1) 235

I keep getting friend request spam on facebook from obviously fake accounts, and when I report them, facebook responds with a message to the effect of "we reviewed the account and it is a real person", including ones with obvious spam posts like this one:

Either facebook's reviewers are fucking retarded or they get paid to keep accounts like this active.

Slashdot Top Deals

Someday somebody has got to decide whether the typewriter is the machine, or the person who operates it.