Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:IPv6 (Score 1) 193

ummm, how does moving to IPv6 make my internet connection bigger or my web server capable of handling more connections? The problem here is simply the number of connections, not the protocols they used to connect. For that matter, this was on Akamai infrastructure, do we have any idea what percentage of this attack was IPv6?

IPv6 is not a universal panacea, it simply fixes a few structural issues with IPv4 and makes the address space a lot bigger. (Actually IP space is bigger than MAC address space, we are gonna hafta fix that one sooner or later, a non-expiring universal MAC address is unsubstainable since we throw a few away with every piece of hardware we dispose of.)

IPv6 does not prevent DDOS attacks or any other nefarious behaviour.

Comment Re:Wait a minute.. (Score 1) 193

I guess you aren't understanding a simple fact here. This is not devices that are spamming, this is thousands and thousands of devices, none of which is generating more traffic than could be legitimate.

The design of the internet says I can send packets from any device to any device on any port I choose, and that is what these bots are doing. I am sure that no single device out there is putting out as much traffic as a single high resolution web cam watching baby eagles hatch or many other non-evil uses.

This kind of attack is basically unstoppable, since much of the traffic is indistinguishable from normal web site visitors.

A technical solution would have to involve attacker device identification, by profiling traffic originating from pretty much every IP on the internet, and as such would not be a real time defense, it would be a long term, continuous, ongoing effort to identify and remedy every exploited device out there.

That pretty much means that no one can afford to dedicate the resources that are required, even state entities will not be willing to spend that much on such a cause. Actually, the state actors seem to be more interested in using exploitable devices than fixing them, and they sure aren't helping anybody else fix them.

And last time I checked easily exploited devices are being attached to the internet at an increasing rate with no sign of slowing in the future.

I agree about IP spoofing, if everyone set their routers up correctly it simply wouldn't exist, but I also don't think IP spoofing is a significant contributor to DDOS attacks. Why would the bad guys care if you know where the individual devices in their botnet are? They aren't on the hook if some ISP shuts down your smart TV or thermostat or Windows XP box for being bad.

I also was pretty impressed by the numbers in this attack, Akamai kinda shines in this story, they took surges over half a terabit a second and didn't fall over, they should use those numbers for advertising.

Comment Re:How is this patentable? (Score 1) 84

I agree, that is why this patent is different. The ringer adjuster (which actually just adjusts the distance from the solenoid clapper to the bell) is for all incoming rings. The patent in question here silences the ring for a single call, and you don't have to remember to turn it back up if you want to hear the next ring.

I grew up with mechanical phones, I remember the annoyance of missed calls because the ringer was accidentally left silenced.

It is a little tedious to read the ESL the patent is written in, but I do not recall ever seeing a silence 1 call button on a phone.

I am also quite sure if there was prior art Apple woud have managed to unearth it in the years this case has dragged on.

Comment Re:Poor innocent Apple (Score 2) 84

Don't get me wrong, I am not sticking up for Apple's morals in this argument.

I am coincidentally a Mac user, and as MacOS diverges from it's open BSD roots I come ever closer to ditching it, probably for Debian. Apple has consistently pushed MacOS further and further from the ideals which we attribute to Unix, programs that do one thing well, human readable config files, etc.

I think Apple took advantage of all the BSD hackers that built the foundation they stand on, but the "freedom" the BSD licenses stand for is the freedom that allows that exploitation. That particular ethos would rather allow the existence of parasites than limit any use at all of the software. There can be no "steal" when all are welcome to do as they see fit with the singular requirement to attribute.

In the GPL ethos there is indeed theft, because that freedom is one that strictly regulates the behaviour of the people who use the software, they are required to contribute if they release.

I am not going to judge in either direction, In my personal IT space I use FreeNAS and pfSense and Debian and MacOS. I don't use Windows, but not because of the eula. I don't use Windows beause it is a PITA to get it to do what I want, and every time you turn around I have to reboot the dumb thing for updates or leave it vulnerable to the attack of the week. In fact those same reasons are why I don't use Ubuntu and am considering changing my laptop from MacOS.

Comment Re:Poor innocent Apple (Score 1) 84

You cannot steal BSD unless you remove attribution. This is exactly the holy war being fought by Stallman et.al. The BSD license specifically allows copying, modification, use, obfuscation and repressive licenses.

This is the great difference between the free licenses, and the one that makes BSD people call the GPL infectious. It is also probably the reason that Apple didn't even consider Linux for their OS.

In retrospect, I would rather have Mac OS in our environment than not, two competing closed operating systems is better than one, and Apple was never going to really have an open OS in spite of all their Darwin talk.

But disregarding philosophical wars Apple did not "steal" BSD.

Comment Re:Obvious (Score 5, Interesting) 84

If it is really obvious then where is the prior art?
Telephones are a couple years old now, and the ring silencer has been around for just about as long. In fact the old mechanical bell phones had ring volume control that just adjusted clapper/bell distance. However the patent in question is for a 1 time mute, you push the button and that call is muted but future calls are not. Even when land lines were all we had people would silence the ringer, then miss calls because they forgot to unsilence it.

Just because an idea is obvious in the sense of "Why didn't I think of that" after the patent is issued does not mean the patent fails the obviousness test.

I am fairly anti-patent, feeling that patent life needs to be strictly limited, and vague concepts should not be patentable, but this one has some merit. In fact, I am sitting here pondering how to implement a 1 call ring mute in an old mechanical analog phone, and it isn't obvious to me how to accomplish that.

In a cell phone context a call exists as an entity, in the analog world a ring is a singular event, going back to the days when a human operator cranked the handle and you had to count rings to know it was your call.

I suppose you could use a mechanical timer, that disengaged the bell clapper for a period of time. The first thought would be a clockwork snail type counter, but you never know how many rings comprise a call, so it would have to be a timer. It would at best be a guess, because it is entirely up to the caller how long to let the phone ring.

  I recall in my younger years calling a friend who didn't want to talk and just letting the phone ring for minutes at a time. However he responded by just going off hook, and the phone switch would not release the line until both ends went on hook, so I annoyed him for a few minutes, but he took our phone offline for the whole evening.

Anyway, thanks for the opportunity to take a side I don't recall taking on the patent question before, and to recall a simpler time from my youth.

Comment Re:RFC5961 is flawed (Score 3, Interesting) 115

Actually, the global rate limiting may not be the problem, the fixed limit may be. If the global rate limit were periodically randomly set, instead of 100/second, somewhere between 95 and 105 per second, then this attack would not work. It depends completely on knowing the global rate limit, and assumes there is no other traffic generating challenge ACKs.

A per connection rate limit would not accomplish the purpose of a rate limit, but an unknown global rate limit that changed fairly often would prevent this information leakage. Based on the attack time in the paper I think a rate limit that reset to a random value at a random time from 3-5 seconds would make this attack useless.

If the time the limit changes is fixed then the attacker can synchronize with the reset clock and still achieve a workable attack window by probing to determine the new limit.

I suppose you could skip the lifetime and just change it every second, since then the attacker would have great difficulty synchronizing with the limit counter as described in the article.

Comment Re:Seems too scary to be believable (Score 4, Insightful) 115

Yeah, I am also having a little trouble with the "hackers anywhere" You can't inject into traffic you can't see, so saying you don't need a man in the middle is a little disingenuous. Yes, you don't need an actual man in the middle routing packets, but it appears that you need a controlled host on a subnet through which the traffic passes.

In a switched network even this would be insufficient, since in the terminal subnets (both client and server) IP traffic is only visible on the actual switchport to which the relevant host is connected.

In the routing subnets between the terminal subnets I would hope that any computers that exist (as opposed to hardware switches and routers and flow shapers and such) would be very carefully monitored and protected. I know on the college campus network I administer the routing subnets are very small (/29s or even /30s) and usually do not contain any general purpose computers.

If you have a compromised computer actually in a position to see IP traffic it has always been trivial to spoof TCP RST packets and such to break a connection.

So yes, the vulnerability exists, but I don't see anything that I will lose sleep over. The problem with the hack is it seems to require the hacker to have already owned a machine on one of the terminal subnets involved in the attack which can see a lot more than it should be able to. A promiscuous NIC still can't see switched traffic. If this is indeed the case there has been a severe misconfiguration on the network.

Even in a wireless scenario I am not sure it is a serious threat, unless the hacker has full visibility in the wired network behind the access points, since WPA2 is going to make packet injection pretty tough

I looked briefly at the RFC mentioned, and it is attempting to make the old school "spoof a RST" type attacks harder, but those attacks should be very difficult on a modern network simply because layer 2 switching makes it hard to collect the parameters needed to build the layer 3 attack packets.

There was a company a decade or so ago (maybe they still exist, I dunno) called Audible Magic which was designed to prevent downloading copyrighted music. It required a span or mirror port so it could see the entire internet feed, it then watched TCP connections, did some sort of hash based song detection, then spoofed RSTs to both ends of the connection. Didn't work all that well, probably because it took to long to detect the song, and bittorrent made it useless because you don't get big enough pieces to fingerprint the song from a single connection, so we didn't have it around too long. I just don't understand how this attack works without that full sniffer connection.

If you were to combine some kind of storm attack in the network to cause the switches to fall into dumb repeater mode then yes, you could see the packets, but at that point the network is probably too dysfunctional for the target TCP connection to stay up anyway.

Comment Re:Float? Not quite. (Score 4, Informative) 238

hmm, that is a point. If the wheel stays up in the fender it may act as a very inefficient impeller, taking in water at the rear of the fender opening, the fender liner acting as the casing of a very poorly coupled pump.

It would work better if it was a fully skirted fender, which they aren't, so most of the water being pumped is going to just blast out sideways, mostly out, because the inside of the wheel well is lower that the outside.

Just guessing, without modeling, I think the thrust would be mostly down, with some backwards.

I don't know my Tesla models that well, but if it is AWD any thruster effect from the front wheels would be less, because of the larger wheel well clearances for turning, and would disappear almost entirely when the wheels were turned left or right at all.

Teslas probably have an advantage in this regard, because they have a pretty taught suspension, and probably won't droop as much as the cars us mere mortals drive, which at full droop can be almost entirely out of the wheel well, below the body of the car.

You are correct, I had not considered the ducting action of the fenders. However I stand by my final judgement that the car in the video is not floating.

Comment Float? Not quite. (Score 5, Insightful) 238

I am sorry, but that car wasn't floating. The wheels and tires on a Tesla are going to have no forward thrust, because the entire wheel will be submerged, meaning the top of the wheel is thrusting backwards just as well as the bottom is thrusting forward.

The low profile tires on the Tesla are going to have minimal thrust anyway, because the tread is not even vaguely paddle like. For reference look at this video of the bigfoot monster truck floating across a lake. Even that truck with duallies on it (total of 8 monster truck wheels), which did float high enough for the big mudders to act like paddles, didn't make as quick forward progress as an old man in a canoe, and was extremely slow to respond to steering input.

The tesla in the video not only has enough power to push a big bow wave, it has enough steering traction to slalom through the other cars on the road. The weight of that car was obviously enough to keep the tires on the pavement at that water depth. I am not denying that the Tesla could float, nor am I denying that it may be water tight enough to float well, but it will be pretty much powerless and uncontrolled while floating.

Mr. Musk is very proud of his car, but on this video I call BS. That is not floating.

Comment Good Idea (Score 5, Insightful) 343

Now let us just tweak it a little...

Sometimes airplane crashes are fiery, styrofoam burns easily, lets wrap them in a tough stainless steel shell.

Oh, when that shell gets hot, the styrofoam will melt, and the heat will destroy the flash drives. If we use a special wax instead the wax will absorb heat as it changes state, that will protect the drives.

Hmm, now they don't float, even if we wrap them in something floaty it may get burned/torn off in a crash. We could put an audio transducer in them, and when they get "unplugged" in a crash they could start automatically pinging.

But just having coordinates won't help us figure out why the plane crashed, lets record a bunch of environmental and control status on them as well.

Of course it would be nice to be able to cast some light on why the controls were in the state they were in, maybe we should record an audio stream from the cockpit as well.

Hey, that might be too much data for this single box, lets put 2 of them on the plane, one for enviro/mechanical status and location, and one for the human side of the equation.

Oh, wait.......

Comment Re:Necessary? (Score 2, Insightful) 269

Is it really necessary to bring the gender component into this?

She is a brilliant person who was instrumental in our space program. Isn't that enough?

There, fixed that for you.

Seriously, as human beings, the people we look up to and emulate, the people who inspire us, are people with whom we identify in some way. The details are what allow us to identify with them.

The particular person in this story is more readily inspirational to women, and to blacks, because they can identify with those facets of her identity.

There are other details of her life that would add additional groups that could identify with her, people from her town, people who went to her school, people who share her hobbies, etc.

If I reduce all people who do remarkable things to just 'persons' they are all amazing, but I can not identify with or emulate them, that requires details, handles for my emotions to grab on to.

Currently I am looking for remarkable things done by mid 40s out of shape men, because I can identify with that. That means I can do great things too.

On a tangent this is also why biographies are crucial reading. History is only history until you can identify with the individuals who made it.

So in this case, you aren't black, or a woman, so it doesn't apply? Maybe you need to take 20 minutes and see if there is something you have in common with this person.

(wiki......) Damn this woman was the bomb! She did a bunch of inspirational and important stuff before she went to work at NASA. Went to college to be a teacher, went back to grad school to desegregate it, spent 15+ years teaching, all before deciding to be a mathematician.

Not really a lot for me to identify with, wikipedia doesn't have enough details. She lost her first husband to brain cancer, there is another detail that means something to a specific group of people. She sang in the church choir, that is something to some people. She had three daughters. I have a daughter. There are definitely things that she and I share in the parenting of daughters.

Wow, raising three daughters with energy left to accomplish things. I identify with that.

So is it really necessary to bring race or gender into this? Yes, it really is. Without them she is an achiever, with them she is a role model.

Comment Re:Inconceivable (Score 1) 66

Fill it from what? /dev/urandom isn't even that fast on any normal hardware, and it would take a lot of spindles and a dedicated 100Gb/s network card to fill that pipe. This thing isn't practical for anything in a normal datacenter. The only place I can see something like this currently being a justifiable purchase would be as caching drives in a massive data acquisition system, like the LHC or similar, or very large scale modeling, like weather. I am actually curious about the capacity of these drives, is it going to be cheaper than similar quantities of RAM? Some of the applications that make sense are also candidates for large RAM caches, which are just as fast.

It is interesting to consider a machine with no RAM, this drive is faster that the slower DDR3 rates, which at first glance would mean that someone could design a truly non volatile computer, all state information except for processor registers is non volatile, so enough capacitor on board would allow a machine to write current pipeline contents to the SSD on power down, and it could resume exactly where it was on power up, only costing a CPU cache flush.

Of course TFA seems to indicate that it is pretty power hungry, so that kinda dampens excitement about a instant on/off device since most of the uses I see for that include power saving, either for unreliable power (off grid stuff) or long battery life, like a laptop with instant zero power hibernation.

As cool as this is, it isn't going to make a difference for normal PCs for at least a couple product cycles. It is fun watching the ongoing convergence of RAM and disk storage speeds and prices. There is a future in view now when we won't need to differentiate.

Comment The man is a marketing genius (Score 3, Interesting) 207

Right now the auto industry is reeling from a serious of serious "we had a problem, but we didn't want to say anything" scandals, from the GM ignition switch to the VW super smoggers, and don't forget the shrapnel bags. The entire ecosystem is full of distrust, some of it fairly active distrust.

In this environment a one off assembly mistake where there was no accident, no damage of any kind, is a marketing opportunity you couldn't even buy in a normal market environment.

Musk already recalled all his cars once, to bolt extra belly armor on them because of an accident which would have been considered extreme in any vehicle, and in which his car came out smelling like a rose.

This recall is going to be a lot cheaper. No engineering, not even any replacement parts, but now Tesla is Even More Different(tm) because they recalled a potential problem immediately, before anybody even asked about it.

Based on Musk's previous behaviour I think he really cares that his products are perceived as the best. I am not making a character reference because I don't know the guy, but he obviously cares about at least the appearance of superlativeness.

The guy runs a marketing machine that reminds me of the late Mr. Jobs in his prime.

Comment Forbes (Score 2) 103

I really hate to contribute to the hate noise the haters bring, but I really hate to visit websites that hate to let me see the site without allowing scripting I hate from dozens of hated sources.

Could we get some kind of automated indicator when a link points at a site that just won't load with NoScript?

I don't think I am a tinfoil hat paranoid, I just don't like to have to allow 17 different sites to run scripts in my browser just to read an article. After reading a few comments it looks like I didn't miss much this time.

Slashdot Top Deals

The solution of problems is the most characteristic and peculiar sort of voluntary thinking. -- William James

Working...