Only when they aren't supposed to.

Only for an hour, though I guess you could send a new blocking request every 45 minutes.

It would also let me block those idiots who keep trying to sign in to my servers via SSH. You'd think that when they send the original request (for authentication-free login) and the server says that it only accepts private key authentication, they wouldn't send thousands of password-based login attempts, but apparently the people who write those bots don't understand the SSH protocol very well, or else they just like wasting my bandwidth.

And I do periodically block them with filtering rules manually when I notice them, but I don't have time to scan the logs constantly, and they shift IPs often enough to make that problematic. But if I could make it so that the first password-based auth from an IP caused their attacks to immediately get blocked at their own edge router for an hour, it would be worth writing a log scanner.

Even better, ISPs could monitor their networks for those packets, and if a customer keeps getting blocked, they could contact the customer.

Actually, now that I think about it, I did forget to mention one small bit of the protocol. Each router that passes on the original request should immediately ACK the request to the previous router so that the previous router knows that it does not need to handle the blocking itself. It should then sent it towards the attacker's IP, and if it does not get an ACK from any router that's closer to the attacker in a timely manner, it should handle the blocking request itself and send back a confirmation request to the original IP address. It should then presumably reject any blocking confirmation requests that come later from closer to the attacker's IP, because they are redundant at that point.

This ensures that only the last router that supports blocking sends a confirmation request to the original server. Otherwise, you could cause a huge amplification attack by causing every hop in the route to ask the original server for confirmation. :-)

There's still a risk of abuse if somebody is able to inject and sniff arbitrary packets between the user and the server by being able to receive the confirmation request and respond to it, but if they can do that, they can also inject RST packets, so I'm not convinced that's an interesting edge case to worry about.

Except that what I described is carefully designed to make abuse almost impossible. Any fake blocks are removed almost immediately, and unless the server is actively being DDoSed, assuming it supports the protocol, such removal causes at most one additional packet to get sent in each direction, which means there's no amplification if the server supports the protocol, ignoring situations where packet loss causes a retry.

If the server doesn't support the protocol, there's typically only a 2x amplification (one confirmation request + 1 ping packet). That's a slight amplification, but nothing to write home about.

And the only situation where the block actually stays put is if the server is under DDoS, which is exactly when you would want it to stay put. In that case, a request to block an IP results in getting up to five packets back, but then that IP's traffic never reaches your server for a period of at least an hour (or longer if your server sends out a new packet to extend the block), which should be a huge net win.

But if you see something that I'm missing, feel free to suggest a better design that protects against additional forms of abuse.

Speaking of which, does anyone know what happened to the guys that Putin ordered about a month ago to decrypt the entire internet in 2 weeks or whatever that was?

You REALLY must be new around here!

Actually, if history is any judge, Lyin' Trump will be the next President (Cthulu help us!) and instead of Lyin' Hillary (Cthulu help us!) because for the simple fact that Trump is the TALLER candidate. Plus, it doesn't help that he's a male, and even many females still believe that "President" is "man's work".

Seriously. Look it up (the height bias). Doesn't work as much for the Electrical College; but for the Popular Vote, it is true more than 2/3 of the time.

And if you watched the Debate, at the end when they are standing together side by side, you can clearly see that Trump (who is 6' 3") is a full "head" taller than Clinton.

Sad but true. We are not smart.

They do when third-party cookies from ad networks get involved.

I always just skip straight to the one-star reviews, and judge a product by how many people hate it and why, under the assumption that either their problems will be relevant to me or they won't, and if none of them are, then the product is probably fine.

What lying? TFA stated that Apple had claimed something they really hadn't, and then excoriated them for somehow doing something they didn't say they didn't. Yes, that's a bunch of double-negatives; but it demonstrates the convoluted logic of TFA's claims.

Here: This commenter said it more clearly.

So the warning was helpful to you. How is this news?

The encryption key for all Blu-Ray discs is already well known. There's not a blacklist for discs. There's a blacklist for player keys that can make your player useless for all new discs until you update the firmware to get a new key, but AFAIK, there's no blacklist for discs. There's no rational reason for such a thing to exist.

In my experience, the difference is usually because fulfillment by Amazon costs money, and the cheaper price came from a third-party seller that does fulfillment themselves. I've never seen a cheaper price for non-Prime than Prime on products that are actually sold by Amazon.

What good is free 2-Day shipping when it takes them a week *BEFORE* they ship it?

Because with Prime, they sometimes don't take a week before they ship it?

Just saying.

If Fry's had a more up-to-date selection of flash cards (instead of everything being five-year-old models) and hard drives (not enough HGST), I'd be buying a lot less from Amazon.

I cannot speak for Europe but in the US even non-Prime orders usually arrive in 2-4 business days.

Not from my perspective. I got Prime for a year when I needed a bunch of stuff shipped quickly before a vacation, and was going to keep it because of Instant Video (knowing that the shipping benefit would rarely be a benefit for me), but dropped it because of their iOS app not allowing cellular streaming plus a significant price hike for the shipping service that I didn't really care about anyway, and replaced it with Netflix.

Before I got Prime for a year, most things would ship out the day after I placed an order, almost without fail. Every now and then, during the busiest season, it might take two.

After I dropped Prime, orders typically ship out four or five days after I place them. There's at least a three or four day increase compared with my previous experience.

Now I'm not saying that Amazon is deliberately sabotaging the shipping speeds to try to pressure people to come back to Prime; it is possible that their volume from my nearest depot really has gone up that much, and it is possible that the things I'm ordering are less common. It is even possible that their much-higher minimum dollar amount for free shipping means that I pack more things into an order, raising the probability that one of them has to come from somewhere else first. But the buying experience with free shipping now seems much, much, much worse in late 2014 through now than it was before I got Prime for a year back in late 2013.