Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:The attackers (Score 1) 190

This wouldn't involve the ISP, it'd be entirely within the router. The router could access any DNS server, but hosts on the internal side could only access the router's caching DNS server unless the user authorized an exception for them. It wouldn't entirely prevent attacks like this one, but it'd prevent direct attacks and forcing the attacks through multiple levels of caching would blunt the attack to a degree and make it easier to throttle the sources of the malicious requests.

Comment The attackers (Score 4, Insightful) 190

Ultimately, it's the groups that initiated the DDoS who are to blame. But others have to take some responsibility for failing to do what they could to mitigate the opportunities to initiate attacks:

1. ISPs could implement measures based on RFCs 3704 and 2827 that would make spoofed traffic difficult to impossible to generate.

2. Router makers could implement RFC 3704 and 2827 rules in their firewalls by default, could implement default rules that blocked access to external DNS to everything except the router (with the option for the user to allow some or all access), could provide a separate network for IoT devices that defaults to no Internet access and the user has to specifically authorize access per device, and could make randomized default passwords the standard for factory-default configurations.

3. IoT manufacturers could make randomized default passwords standard and design their devices to not require Internet access to configure.

4. Consumers could acknowledge that they're responsible for their own networks and routinely make use of the available tools to check on the health of their networks and the status of the devices on it.

Comment It's not a matter of those reasons (Score 1) 562

"We can't create a culture that says it cares about diversity and then excludes almost half the country because they back a political candidate," Zuckerberg wrote. "There are many reasons a person might support Trump that do not involve racism, sexism, xenophobia, or accepting sexual assault."

Certainly there are reasons, but that's not the point and not why Project Include won't work with Y Combinator. Support of Trump involves considering sexual assault, racism, sexism and xenophobia to be acceptable. That holds regardless of the reasons you have for supporting him. Project Include is saying "No, those things that Trump loudly and proudly stands for are not acceptable, period. We don't care why you think they're acceptable because we don't believe there's any reason you could give us that could make them acceptable.". And this isn't just the candidate's supporters espousing those positions, it's the candidate himself making his enthusiastic support of those positions the centerpiece of his speeches and campaign.

Comment Jobs but not positions (Score 2) 917

There'll be plenty of jobs. What there won't be will be employee positions. Companies will increasingly replace employees with robotics and software. Work will shift to self-employment. A contract software engineer will contract with an accountant to handle accounting, with an advertising firm to handle ad placement, with their hosting services to handle routine administration of their servers and so on. An author would contract with someone to screen calls and mail and act as a secretary/receptionist, with someone else to proofread and edit their manuscripts and so on, and would publish directly through distribution channels like Amazon's Kindle Store. A seamstress would contract for advertising services and for janitorial services for the store. Lots of work, but no employees.

My argument in favor of basic income is that starting all of that requires a certain stability. You can't start a contract software consulting business, or start writing full-time, or start a dressmaking store, if you're scrambling to keep food on the table and a roof over your family's head. You can't get a full-time job to cover the bills because those full-time jobs won't exist. So what's the alternative to a basic income if you want people to work? If it's not there they won't be able to afford to spare the concentrated effort needed to get a successful business off the ground, it'll all be sucked up by the scramble to get enough cash this week to buy groceries. If they put in the effort, their family'll be out on the streets and starving in the time it takes for the effort to start producing results.

Comment Re:Can't even match Cygwin (Score 2) 163

There's no one single way, but there are several much more useful ways such that files created through Windows have the expected permissions in Cygwin (user read/write) and files created through Cygwin are accessible in Windows (user can read and write them). There's no excuse for the Linux subsystem not being able to do something reasonable. And yes I've dealt with Cygwin files in Windows and Windows files in Cygwin. It works because Cygwin understands Windows ACLs (see POSIX accounts, permission, and security). Amusingly the mapping system Cygwin uses was based on Microsoft's own mapping system from Services for Unix. So not only does Microsoft have the code for an example of a working method available (Cygwin's code), they wrote the code for a working method (SFU).

Comment Can't even match Cygwin (Score 2, Insightful) 163

So basically MS's Linux subsystem can't even do the job Cygwin does quite nicely? I think MS ought to go and read the code, learn some lessons and carry it back. It's not like you can't translate Unix permissions to Windows' permissions system and vice-versa, the code's even right there to read.

Comment Re:the kiss of death (Score 2) 205

Using a straight hosting service like Linode involves owning your own domain name, controlling the DNS and having your own SMTP and IMAP server running. That's all stuff that isn't specific to Linode, the same setup'll work on any service that offers virtual machine hosting. If Linode disconnects you you can drop your setup onto a host on Rackspace or any other service, update your DNS records to point to the new host's addresses and you're back in business. That's much easier than if you've no control over the domain, the DNS or the server software.

Comment Re:Covered this already (Score 1) 98

Was the "editing to conceal evidence of illegality" perchance what agent Fitchner described in this statement?

In May 2015, I created another BACKPAGE "Escort" ad with the goal of trying to post an ad containing sexual verbiage indicative of a prostitution ad. I used the words "cum" and "quickie" in the ad, but when I tried to post it, I received a message that told me those words were "forbidden in this category." I had to change the words to "come" and "quick session" in order for the ad to be accepted.

If that's what you're talking about, it's rather a strained reading to interpret rejecting ads that contain language indicating they might be for prostitution with editing those ads.

Comment Re:Only if complicit (Score 1) 98

Would that "editing" be related to this statement by agent Fitchtner?

In May 2015, I created another BACKPAGE "Escort" ad with the goal of trying to post an ad containing sexual verbiage indicative of a prostitution ad. I used the words "cum" and "quickie" in the ad, but when I tried to post it, I received a message that told me those words were "forbidden in this category." I had to change the words to "come" and "quick session" in order for the ad to be accepted.

The statement that indicates that Backpage tries to reject ads containing language indicating they involve prostitution? That one isn't going to fly, Backpage will simply point to precedent that Section 230 explicitly bars holding them liable for the content just because of such blocking. They're also going to point to a long string of demands from law-enforcement agencies that sites do just such blocking.

Comment Remote as an emergency fall-back (Score 5, Insightful) 269

One advantage of planning for remote work is that it makes it easier to get people on-line and working in an emergency. If production goes down unexpectedly on a weekend, if the company's already set up for remote work they can make phone calls and get engineers on-line and working on the problem in a matter of 5-15 minutes. If the company isn't, engineers are going to have to get dressed and get in to the office before they can even start looking at the problem and that can take a half-hour to an hour (or more depending on how far away the engineer lives). It also makes it easier for employees to turn what would've been a day taken off to deal with appointments into a half-day or less of time away from the keyboard, which helps get more work done. I've always felt that those benefits more than outweigh the costs of setting the company up for remote work, and that having people working remotely on a regular basis makes sure all that infrastructure's working properly and gives confidence that it'll be there and working when things go pear-shaped and you really need to get people on the problem quickly. To me that justifies telling the HR people and the managers "The company needs this. If you don't know how to run things this way, go start learning.".

Comment Re:Surprising display of ignorance... (Score 2) 296

Last I checked, the Federal Government didn't run any of the root nameservers so I can't see any way they could be considered to belong to the US (as opposed to the private companies that own them). Not that owning the roots would mean much, since all they do is identify the (privately-owned) nameservers belonging to the various (privately-owned) registries that control the top-level domains. The only TLDs owned by the US Government (ie. the US Government operates the registries for them) are .gov and .mil, and the changes to IANA won't change how those two registries operate.

And amusingly the politicians have it backwards: ICANN already manages IANA, the change will be to remove IANA from ICANN control and make it an independent authority in it's own right. IANA was put under ICANN control in 1998, after the death of Jon Postel who basically had been IANA up until then (a controlling authority for assigning IP address blocks, well-known port numbers, AS numbers and other technical identifiers was absolutely necessary for the Internet to function, and since nobody else was doing it Jon essentially arrogated to himself the authority to handle it).

Comment Re:It's a pity... (Score 1) 126

HTTP has had this forever: challenge/response authentication. There's one problem with it though: it requires storing the plaintext password on the server so it can be used to encrypt the challenge to check against the client's response. I don't know of any challenge/response algorithm that works with one-way hashes of passwords.

Comment Subnetting and isolation (Score 1) 279

My approach would be to dump IoT devices in their own dedicated subnet and exclude that subnet from forwarding across the router. That reduces the exposure to just the router, and I can monitor the iptables logs for dropped packets to/from that subnet that represent attempts to do something suspicious. Configuration doesn't have to be hard, instead of plugging devices directly into the router's switch you plug devices in to external switches, connect those switches to router ports and set each port to what kind of devices hang off it. That'd control the VLAN setup to give each kind of device (WiFi, LAN, IoT) it's own virtual interface. Configuration for the firewall, DHCP, DNS etc. follows from that (you may not want to allow the IoT subnet access to external DNS, for instance). This takes a bit to set up in the firmware, but the DD-WRT/OpenWRT firmware all the major router manufacturers seem to use for their consumer routers has all the tools and then some and once the user interface is there using the functionality isn't that hard.

Comment White House hesitation (Score 1) 199

The White House is hesitating over making any accusations along these lines because they know full well that if you make those accusations you'd better be able to back them up and the evidence to back them up is almost impossible to get. We may know that the Russians are behind it, but I doubt we've got the evidence to actually prove it to any acceptable standard and if we go off making official accusations without being able to prove them we're going to look like fools.

Comment Recycling fee (Score 1) 166

I don't know about elsewhere, but in California when you buy any sort of large electronics (TV, computer, monitor, etc.) there's a recycling fee added as a line item on the receipt to cover recycling the device when it's discarded. Recyclers in California should be getting paid for every device they take with money that's already been collected for that purpose. Maybe that recycling fee needs to be increased and applied nation-wide, with payment going only to those recyclers who actually recycle the equipment and can prove it.

Slashdot Top Deals

Real computer scientists don't comment their code. The identifiers are so long they can't afford the disk space.