Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:No way to cut the problem at the root? (Score 1) 74

So, after thinking about this a little more, there is nothing preventing the Botnet operators from doing a DNS lookup and simply targeting the new IP address. However, that would let us weed out legitimate traffic from botnet traffic over enough iterations. ISPs could have a three strikes rule for clients. 1st time you attempt to contact an IP address on the DDoS target list, strike one, most "strike one traffic" is probably legit, people pressing F5 trying to reload the site, etc. Strike two, and you start to see exactly which addresses are following the DNS chain and propagating the attack, by strike three+ (if ISPs are reporting their "repeat offenders" to a central clearing house), you have a pretty decent picture of all the end nodes in the Botnet. You Null Route those, too, in a separate list. Same TTL expiration as the DDoS target list. When people call their ISPs to bitch, the tech on the other end notices the red flag on the account and asks the owner to kindly unplug their smart toothbrush (or whatever brain dead IoT device is being utilized) if they would like to have their internet turned back on. Avoiding false positives on Botnet membership would require the targeted site to put up some kind of "This site is under attack!" notice so people know to stay clear while the members of the Botnet are identified and blocked.

Comment Re:No way to cut the problem at the root? (Score 2) 74

If we had a global registry of DDoS targets that we added new addresses to when the bandwidth of an attack broached limit X from number of sources Y (100gbps / 1million bots?), then we could require ISPs to run automated scripts that Null Route those addresses in the database for time period Z (1 day?) The Botnet gets rejected at the edge in those cases, but the end result is the same for the target, they have to move or wait. If you can get the move done fast enough (up on new IP addresses in an automated fashion within seconds, DNS propagation for those new addresses at the same rate), then there is no loss of service, and no profit for the operators of the Botnet. Or no fun if its "just for the Lulz". So the real problem with DDoS is the inherent lack of configuration speed in the current internet. Blocking IP addresses at the edge routers is a manual process and takes time. Bringing NIC cards up on new IP addresses or changing static NATs in firewalls is a manual process and takes times. Changing DNS records and allowing for propagation, etc, etc. So to beat DDoS, we need to have more automated systems in place for migrating services from one address to another. You destroy the perception that there was any effect from the flood, and you beat DDoS.

Comment Re:Yawn (Score 2) 75

That was called Windows 3.x, and it worked very well. Every program had one (or a set) of *.ini files that governed the settings for that program. Need to start fresh? Delete the .ini file. Want to preserve your settings when a new version of a program comes out? Copy the .ini sections that mattered back into place. The registry hides SO much... and if it gets fucked up, pray you have a recent system restore point. If you combine all the advances in crypto with a decent revision control system like Git, .ini's could be secure and easy to work with in todays world. The UNIX world has had individual text based config files for 40+ years, and we keep improving things there. I feel like the change from config files to registry was about stopping "t3h p1rat3s!", and it didn't stop them at all..

Comment Re:On my first PC (Score 1) 351

IIRC, we were trying (my dad and I) to stay within a certain budget, and we had opted for an EISA (https://en.wikipedia.org/wiki/Extended_Industry_Standard_Architecture) video card with a whopping *1MB* of VRAM. So yes, the initial ram on that build was only 2MB =P Even after we went to 8MB I spent a lot of time setting up config.sys / autoexec.bat to run memmaker with just the right settings. I vaguely remember that you wanted as much free ram as possible in the initial 640KB range, and you could move some things into an area reserved for Monochrome displays to free up a little more. I kept that machine until 1997 (we were poor), and in the end it was dual booting Win 3.1 and Slackware 3.1. I remember kernel compiles on a 486, good god... I'm pretty sure the first one I did was 2.0.29, upgrading from 2.0.25. That was back when taking out all the modules that didn't apply to your hardware (stock kernels always support as much as they can) would net you a HUGE performance gain. Id software made the transition from Windows to Linux pretty easy, as Doom (and more importantly Quake!) ran just fine =) SVGALib for the win.

Comment On my first PC (Score 5, Interesting) 351

My family got our first PC in 1994, I was 13 at the time and it came with a Demo disc that had the shareware version of the game. We initially had 2MB of RAM in that 486 DX/33MHz.. so we went out and spent $90 on two 4mb 30pin SIMMS so we could actually play it. Doom was the game that finally pulled me away from consoles and got me into PC gaming, and soon after, programming. Which eventually lead to a career in Network Security / System Administration, and then my own company. I owe a lot to Carmack / Romero's ID software. Anyone else on /. remember the 3-screen configuration: http://doomwiki.org/wiki/Three_screen_mode Seeing that in the golden era of LAN gaming was so awesome, good times =)

Submission + - Amazon.com is Down (amazon.com) 1

pope1 writes: The current home page for Amazon.com reads as thus:


We're very sorry, but we're having trouble doing what you just asked us to do. Please give us another chance--click the Back button on your browser and try your request again. Or start from the beginning on our homepage.

Anyone else getting the same?

The Military

Scientists Closer To Invisibility Cloak 308

Aviran was one of many readers to submit news of a just-announced development in the ongoing quest to develop a working invisibility cloak, writing: "Scientists say they are a step closer to developing materials that could render people and objects invisible. Researchers have demonstrated for the first time they were able to cloak three-dimensional objects using artificially engineered materials that redirect light around the objects. Previously, they only have been able to cloak very thin two-dimensional objects" Reader bensafrickingenius adds a link to coverage at the Times Online, and notes that "the world's two leading scientific journals, Science and Nature, are expected to report the results this week." Tjeerd adds a link to a Reuters' story carried by Scientific American.
Portables (Apple)

Apple Can Remotely Disable iPhone Apps 550

mikesd81 writes "Engadget reports Apple has readied a blacklisting system which allows the company to remotely disable applications on your device. It seems the new 2.x firmware contains a URL which points to a page containing a list of 'unauthorized' apps — a move which suggests that the device makes occasional contact with Apple's servers to see if anything is amiss on your phone. Jonathan Zdziarski, the man who discovered this, explains, 'This suggests that the iPhone calls home once in a while to find out what applications it should turn off. At the moment, no apps have been blacklisted, but by all appearances, this has been added to disable applications that the user has already downloaded and paid for, if Apple so chooses to shut them down. I discovered this doing a forensic examination of an iPhone 3G. It appears to be tucked away in a configuration file deep inside CoreLocation.'" Update: 08/11 13:07 GMT by T : Reader gadgetopia writes with a small story at IT Wire, citing an interview in the Wall Street Journal, in which this remote kill-switch is "confirmed by Steve Jobs himself."

Official Support For PHP 4 Ends 245

Da Massive writes with this excerpt from ComputerWorld: "For a technology that has been in stable release since May 22, 2000, PHP 4 has finally reached the end of its official life. With the release of PHP 4.4.9, official support has ended and the final security patch for the platform issued. ...With eight years of legacy code out there, it is likely that there are going to be a fairly large number of systems that will not migrate to PHP 5 in the near future, and a reasonable proportion of those that will not make the migration at all. For those who are not able to migrate their systems to the new version of PHP, noted PHP security expert Stefan Esser will continue to provide third party security patching for the PHP 4 line through his Suhosin product."

Researchers Pave Way For Compressor-Free Refrigeration 218

Hugh Pickens brings news that scientists from Penn State have developed a new method for heat-transfer that may replace the common compressor-based system used in household appliances. Quoting: "Zhang's approach uses the change from disorganized to organized that occurs in some polarpolymers when placed in an electric field. The natural state of these materials is disorganized with the various molecules randomly positioned. When electricity is applied, the molecules become highly ordered and the material gives off heat and becomes colder. When the electricity is turned off, the material reverts to its disordered state and absorbs heat. The researchers report a change in temperature for the material of about 22.6 degrees Fahrenheit... Repeated randomizing and ordering of the material combined with an appropriate heat exchanger could provide a wide range of heating and cooling temperatures."

Slashdot Top Deals

Consultants are mystical people who ask a company for a number and then give it back to them.