Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:If the point was ... (Score 1) 151

There's no proof that it has anything to do with Wikileaks, but in a world of IoT devices with no thought toward security, anyone who cares to do so can mount DDOS with the power of a national entity.

What's the point of doing what Assange and Wikileaks have been doing without any moral position? He isn't helping his own case.

Comment Re:Legal? (Score 1) 58

No, of course it is not legal to set a trap to intentionally hurt someone, even if you expect that the trap could only be activated by the person committing property theft or vandalism. Otherwise, you'd see shotguns built into burglar alarms.

Fire alarm stations sometimes shoot a blue dye which is difficult to remove or one which only shows under UV. Never stand in front of one when pulling the lever! But they are not supposed to hurt you.

And of course these booby traps generally are not as reliable as the so-called "inventor" thinks and tend to hurt the innocent.

Comment Random prefix workaround (Score 1) 28

There may very well be something I'm missing here, but I have a suggestion for how to deal with the random prefix attack.

Keep a running count of the number of requests for non-existent subdomains. Once they exceed a certain number in a short period of time, cease to respond to requests for subdomains that aren't already cached as valid.

Example:,, and are cached. A flood of requests for (random chars) starts up. Once this exceeds 100 requests in a minute, all requests for subdomains are ignored except for,, and

This would still cut off access to infrequently-accessed subdomains, but subdomains with enough traffic to be in the cache would remain reachable.

Comment Re:ASLR was a dumb idea while it lasted (Score 4, Interesting) 71

Yes it is but people have been trying to do that for 40 years and have not gotten it right yet so...

Wrong. Plenty of code correctness has been deployed in service of this goal.

Unfortunately, there are endemic economic and political reasons why we constantly choose the protocols and implementations that are bigger, hairier, and less continent.

All you need is a culture of kicking non-conforming implementations to the curb, and then the rigorous implementations have a chance to emerge from the weeds. Do we have such a culture? No—most of the time—no, we do not. Such a culture would cramp Megacorp style, and interfere with timeless value-adds, such as embrace and extend, closed ecosystem, DRM jungle, NIST-sanctioned algorithmic weevils, definition by implementation, documentation by implementation, etc. etc.

Far, far away in dull and dusty places like the Erlang OTP or Bernstein's qmail or Knuth's TeX—or perhaps even the Google protocol buffers for at least one lucky and unusually blessed language binding from the somewhat recent past—you just might find a rigorously coded parser or two.

For the most part, however, I agree. We'll probably never have rigorous parsers in a dominant culture of "screw everyone else", Wild West dysenteroperability.

Comment Re:space agency cooperation? (Score 3) 244

Of course NASA passed on decades of hard-won experience. They're not psychopaths.

It went something like this:

Dear ESA:

Hire only the best and the brightest, keep the group challenged and engaged for decade upon decade, with frequent launch opportunities pushing the boundary of the possible at each and every iteration.

N.B.: Sorry, there's no silver bullet.

Comment one track mind (Score 2) 98

My favourite touch is the two giant call-outs in the linked article.

Few of the sites I read regularly have these any more (meaning since I got good at "inspect element" and custom User CSS overrides; appears I've accumulated 150 of these over the past three years, also used to defeat anything that hovers or slides annoyingly).

Comment Re:Mobile phone access? (Score 1) 409

No, I don't - no international treaty affords sovereign territory status to a diplomatic mission. You made an unfounded assumption and was called on it.

And in case you want it said outright, no the UK doesn't afford diplomatic missions any additional considerations about sovereign territory rights either.

Comment Re:Mobile phone access? (Score 1) 409

You do realise that that document no where says that an embassy is considered a sovereign territory, right? Article 22 of that document does lay out the protections that the premises secured for the mission enjoys, including against search, entry etc but that document never assigns sovereign territory status to those premises.

So, the document you refer to does not back your claim - it is still a myth that embassies are sovereign territory.

Comment Re:DNA testing is inherently racist (Score 1) 227

Basketball is inherently racist, as genetic traits are heritable and are correlated with your ethnic/genetic background.


What's racist about race is presupposing outcomes that were highly predictable on first impression, because it's lamentably a very short step for an advantaged social group—often one of relatively homogeneous racial composition, suffused with elaborate rituals of social etiquette—to conclude that a disadvantaged racial subgroup never given an opportunity to do x can't do x.

Race isn't just some magic third rail used to divide humans into two distinct groups, in much the same way that humans divide house pets into two distinct groups: potty trained and not potty trained. There are days, though, where that can be a good working assumption.

Slashdot Top Deals

Brain off-line, please wait.