Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:A single domain was silenced. (Score 2) 203

Well, since the figures I've seen bandied around are that protection from this level of attack would be about USD100-200K per annum, this effectively means that unless you have a lot of money or a company willing and able to pay what amounts to protection money, you potentially won't be permitted to speak - doing so with an uncomfortable topic for someone gets you knocked offline. Pay the wrong mob and you get to pay again, and again, and again.

One potential outcome may be that truly personal sites will become impossible to support and host; especially if you have any content that could be seen as controversial. You will have to pay someone to host it for you. If they agree, and it doesn't cost THEM too much, and it's not controversial - fine. Want to promote a social cause? Sorry, you can't afford to. Get back into the bit mines, peon. And this fits nicely into the whole cloud thing too, where you don't need anything in your own datacentre, host it on someone else's computer.

I'm waiting for the first wave of destruction to hit the major cloud providers - if this network supposedly of DVRs can deliver 1-1.5Tbps, and you factor in another dozen of similar size, you're talking 15-20Tbps directed at a target. I doubt even Google and the CDNs can withstand that for very long without service impacts, and that's not even factoring in attacks that actually have a little brainpower behind them.

Comment So basically ... the attack wins? (Score 5, Informative) 208

Seems to me the attackers win, at least in the short term, because the caching and CDN provider (who I expect was probably contracted and paid, although it's entirely up to Brian how he handles his business affairs, it does seem likely) takes the site off the air anyway. That being the case ... what's the point of having that contracted relationship, if they dump you anyway?

Comment Re:Stop whining! Httpv2 is good (Score 1) 86

Honestly,

- If you run a webserver, go get yourself letsencrypt, use cloudflare or namecheap has cheap ssl.
- Enable http2 on nginx (if you are using it, use it well)
- Enjoy faster loading time.

Your welcome.

- The argument against https is pointless.

Let me rephrase that:

Honestly,

- If you run a webserver, install this software, just trust us it's fine; redelegate your DNS to this company with-whom-I'm-totally-not-involved so they proxy all your connections and know who's visiting your site (and can sell or hand it over to whatever TLA you like); or pay money to another organisation for a set of we-promise-they're-unique-and-secure-numbers and we would totally never be compromised or behave unethically [cough] Symantec [cough] DigiNotar [cough] Verisign [hack] [cough];
- Do it my way because spinach and everything supports enforced HTTPS, and the peons can do without
- Don't worry that your data usage just doubled for HTTPS, it's only $50 a month extra for the upgraded plan and everyone can get gigabit fiber anyway.

You'rE unwelcome here.

- The argument against https is my-way-or-the-highway so screw you.

There, I think I covered it all.

Comment Re:Rant: REBOOT the WEB (Score 2) 243

Because everyone has perfect sight, wants the same size browser window as the developer, browses at 100% zoom level, with the same fonts, on the same screen resolution, with the same sub-pixel rendering, right? Sure, we're all machines.

Those silly users with their 4K screens should just set them all to 1366x768 like the crappiest notebook LCDs! Jaggies forever! Screw mobile users, damn hipsters can get stuffed.

You're right. Fuck screen readers, accessibility, personalization and anyone with even the slightest disability (colourblind? Sure, we've got burnt umber on light green for you!). Because the designer's view of perfection is what everyone should see, dammit, even if they can't read a word. Design over function.

Of course, if you're being sarcastic, then sure. But you might want to make it more obvious.

Comment Re:As with so many "is it time" questions... no. (Score 2) 566

They're not that non-standard. Lots of them are USB3 nowadays, and the prices aren't THAT insane (e.g. $100-$300 depending what you need).

I've had a comparable one for my notebook and work notebook, it's two cables to be up and working with the high-res screen, mouse, keyboard, anything else USB and a GbE. It's almost easier than a model-specific dock because you don't have to work out where the locating pins go (but you do need to deal with the 4-dimensional USB connector). It's a short step from that to USB 3.1 single cable, with the dock delivering power and connectivity, and I fully expect Targus or their ilk to produce a "one size for all" - an adapter for the notebook power into the dock, and a single USB to the notebook.

Comment Re:Why conceal it? (Score 1) 740

Then where, exactly, should the information be provided? Does each product need to come with a paper leaflet? Do you assume all consumers have ubiquitous Internet access such that they can hit the company website to see what's in a product? Or should they all register all product recipes with a central government agency? In my experience if a company isn't forced to toe the line like this, the ingredients will be listed on the back of a tomato sauce sachet in 1pt yellow on white type, which can be found "on display in the the cellar, in the bottom of a locked filing cabinet, stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard." [Douglas Adams, paraphrased].

Comment Re:When is it going to be free (Score 2) 84

It's called LetsEncrypt. You only have to turn over appropriate access to your server to client software (even though to trust it you'd have to review the code or write it yourself). And your web server has to be able to access the LE servers, so you (currently at least) have to permit outbound access from a device providing the website (there are larger configs where you could mitigate that somewhat but this is the simple case).

The client hits the LE servers, gets a string to write to a server-specified location (/.well-known/acme-challenge/URI). Oh, and that retrieval by LE is done over HTTP, so there's NO chance that could ever be subverted.

Comment Re:Google knocks Apple, Bing and Microsoft (Score 4, Insightful) 84

And because we need to ~double the amount of data used by all the hamster forums, cat videos and aircraft curation guides, especially when a lot of the world's users are on slow or data-limited connections?

Look. I get that it's good to ensure that there's no injected content, and that you know you're connected to the site you want - but that's only true for 1% of the population. The rest of the world wouldn't know the difference between https://www.example.com/member... and https://www.example.com.member.... Both "secure" because they're HTTPS, right?

Factor in all the browsers deciding that privately-signed sites are worse than plain http, that no-one needs to actually SEE the protocol, or the URL, that all the certs are issued by a cabal of companies who just see the benefit of charging for a NUMBER, but barely doing validation ... but sure. "Adding security". Right.

Comment Re:A solution in search of a problem.. (Score 2) 111

That's a ~95% solved problem and has been for decades. Room key on thick plastic block, block goes in a cradle inside the door, activating power to the room. Pull the key to leave and everything goes off.

Worked in the 90's at least when I started traveling for work, and it wasn't just in big city hotels then. Perspex blocks don't have to be smudge-free, don't need extra power of their own, won't break down, are significantly cheaper, can't be trivially hacked to screw with every other room in the hotel - no this is a solution looking for a problem.

Comment A mini ice age? Really? (Score 2, Insightful) 185

This is why no-one trusts the media. I doubt even the most fervent anti-CC campaigner believes this to be true. And while I don't think climate change itself is a hoax, I'm far less convinced that it's a death sentence (e.g. as far as I know we've had higher levels of CO2 in the atmosphere in the past without all life dying).

Slashdot Top Deals

I have a theory that it's impossible to prove anything, but I can't prove it.

Working...