Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:How do IoT manufacturers... (Score 1) 109

Only for an hour, though I guess you could send a new blocking request every 45 minutes.

It would also let me block those idiots who keep trying to sign in to my servers via SSH. You'd think that when they send the original request (for authentication-free login) and the server says that it only accepts private key authentication, they wouldn't send thousands of password-based login attempts, but apparently the people who write those bots don't understand the SSH protocol very well, or else they just like wasting my bandwidth.

And I do periodically block them with filtering rules manually when I notice them, but I don't have time to scan the logs constantly, and they shift IPs often enough to make that problematic. But if I could make it so that the first password-based auth from an IP caused their attacks to immediately get blocked at their own edge router for an hour, it would be worth writing a log scanner.

Even better, ISPs could monitor their networks for those packets, and if a customer keeps getting blocked, they could contact the customer.

Comment Re:How do IoT manufacturers... (Score 1) 109

Actually, now that I think about it, I did forget to mention one small bit of the protocol. Each router that passes on the original request should immediately ACK the request to the previous router so that the previous router knows that it does not need to handle the blocking itself. It should then sent it towards the attacker's IP, and if it does not get an ACK from any router that's closer to the attacker in a timely manner, it should handle the blocking request itself and send back a confirmation request to the original IP address. It should then presumably reject any blocking confirmation requests that come later from closer to the attacker's IP, because they are redundant at that point.

This ensures that only the last router that supports blocking sends a confirmation request to the original server. Otherwise, you could cause a huge amplification attack by causing every hop in the route to ask the original server for confirmation. :-)

There's still a risk of abuse if somebody is able to inject and sniff arbitrary packets between the user and the server by being able to receive the confirmation request and respond to it, but if they can do that, they can also inject RST packets, so I'm not convinced that's an interesting edge case to worry about.

Comment Re:How do IoT manufacturers... (Score 1) 109

Except that what I described is carefully designed to make abuse almost impossible. Any fake blocks are removed almost immediately, and unless the server is actively being DDoSed, assuming it supports the protocol, such removal causes at most one additional packet to get sent in each direction, which means there's no amplification if the server supports the protocol, ignoring situations where packet loss causes a retry.

If the server doesn't support the protocol, there's typically only a 2x amplification (one confirmation request + 1 ping packet). That's a slight amplification, but nothing to write home about.

And the only situation where the block actually stays put is if the server is under DDoS, which is exactly when you would want it to stay put. In that case, a request to block an IP results in getting up to five packets back, but then that IP's traffic never reaches your server for a period of at least an hour (or longer if your server sends out a new packet to extend the block), which should be a huge net win.

But if you see something that I'm missing, feel free to suggest a better design that protects against additional forms of abuse.

Comment Re:This will cost Microsoft a fortune (Score 1) 203

Well, due to a mishap in bureaucracy, accidentally two different offices ordered a license. The responsible official has been relocated to Sibiria for extended education.

Speaking of which, does anyone know what happened to the guys that Putin ordered about a month ago to decrypt the entire internet in 2 weeks or whatever that was?

Comment Re:Can we just put her in now? (Score 1) 50

People are more driven by television than reality, hence the reason advertising is structured the way it is

Actually, if history is any judge, Lyin' Trump will be the next President (Cthulu help us!) and instead of Lyin' Hillary (Cthulu help us!) because for the simple fact that Trump is the TALLER candidate. Plus, it doesn't help that he's a male, and even many females still believe that "President" is "man's work".

Seriously. Look it up (the height bias). Doesn't work as much for the Electrical College; but for the Popular Vote, it is true more than 2/3 of the time.

And if you watched the Debate, at the end when they are standing together side by side, you can clearly see that Trump (who is 6' 3") is a full "head" taller than Clinton.

Sad but true. We are not smart.

Comment Re: Siri on Mac (Score 1) 50

I'm sure if there is any proof of Apple spying on Users, You'll be the first to tell Us, right? Or are You saying You have that proof now? Or, is it more likely Apple has been completely above board knowing if They lie, even a little, it could destroy Their brand forever?

What lying? TFA stated that Apple had claimed something they really hadn't, and then excoriated them for somehow doing something they didn't say they didn't. Yes, that's a bunch of double-negatives; but it demonstrates the convoluted logic of TFA's claims.

Here: This commenter said it more clearly.

Comment Re:Siri on Mac (Score 1) 50

After you've had your morning, or noon, coffee you might realize what I was saying was that not only is your iPhone capable of spying on you, but now your Mac can too, all while Apple has been gettin up on stages and spouting how concerned they are about your privacy. After reading through the privacy notice about Siri I decided not to turn it on when I upgraded to Sierra.

So the warning was helpful to you. How is this news?

Comment Re:Which is cool... (Score 1) 122

The encryption key for all Blu-Ray discs is already well known. There's not a blacklist for discs. There's a blacklist for player keys that can make your player useless for all new discs until you update the firmware to get a new key, but AFAIK, there's no blacklist for discs. There's no rational reason for such a thing to exist.

Comment Re:Well duh (Score 1) 122

What good is free 2-Day shipping when it takes them a week *BEFORE* they ship it?

Because with Prime, they sometimes don't take a week before they ship it?

Just saying.

If Fry's had a more up-to-date selection of flash cards (instead of everything being five-year-old models) and hard drives (not enough HGST), I'd be buying a lot less from Amazon.

Comment Re:Prime vs non-Prime (Score 1) 122

I cannot speak for Europe but in the US even non-Prime orders usually arrive in 2-4 business days.

Not from my perspective. I got Prime for a year when I needed a bunch of stuff shipped quickly before a vacation, and was going to keep it because of Instant Video (knowing that the shipping benefit would rarely be a benefit for me), but dropped it because of their iOS app not allowing cellular streaming plus a significant price hike for the shipping service that I didn't really care about anyway, and replaced it with Netflix.

Before I got Prime for a year, most things would ship out the day after I placed an order, almost without fail. Every now and then, during the busiest season, it might take two.

After I dropped Prime, orders typically ship out four or five days after I place them. There's at least a three or four day increase compared with my previous experience.

Now I'm not saying that Amazon is deliberately sabotaging the shipping speeds to try to pressure people to come back to Prime; it is possible that their volume from my nearest depot really has gone up that much, and it is possible that the things I'm ordering are less common. It is even possible that their much-higher minimum dollar amount for free shipping means that I pack more things into an order, raising the probability that one of them has to come from somewhere else first. But the buying experience with free shipping now seems much, much, much worse in late 2014 through now than it was before I got Prime for a year back in late 2013.

Slashdot Top Deals

No skis take rocks like rental skis!