Links posted are still real, maybe by same account to give impression of more activity. But it was to get real people. It's not like they were selling those fake eye balls to advertising.
I'm pretty sure that what I described is -not- the same as HN. New here?
The advantage of one, small, upfront payment is that it discourages sockpuppeting, and thus anonymous sniping. The only way to 'downvote' something is with another piece of text with a username on it ... a lot more revealing of motive than a reflexive button-click. Discouraging for sick puppies.
You know (or don't) ... like The Well was back in the day.
I've done very effective application-layer DDoS attacks in the past with a meager ADSL over Tor. Completely free. But of course you can also spend thousands in a botnet to flood someone off the planet. That's not the point.
Booters are cheaper than $thousands. And while it may cost someone $thousands to keep you offline for days, it probably doesn't. And even if it did, you probably want a better response than "guess we're offline now, lol, l8r" when someone chooses to spend $dozens shutting you down for a couple hours.
If DDoS protection isn't the point, what is?
I don't think it's discussed enough in our circles the various aspects of the internet that are more or less broken. Like how easy it is for anyone to take you offline. How easy it is to spoof IP addresses. How useless IP address blocking is. How we demand infinite bandwidth for a low, fixed, monthly price yet don't want to be on the hook when our toaster is DoSing our neighbor and causing real financial damage.
But at the same time we share these little haproxy/fail2ban tips that don't work under actual threat, and then we lament that people use services like CloudFlare instead of talking seriously about how we depend on the free services of large companies, whether it's CloudFlare's DDoS protection or Google's reCaptcha, to prevent real abuse.
I don't think they use haproxy (or at least they don't heavily rely on it). But once you start with properly scalable tools, you "just" need to have a high bandwidth and many machines, and everything becomes easy. Think about it for a second, put a 40 GbE NIC into an single-socket haproxy 1U pizza box, you get this for $800. Take 25 of these in a rack, connect this to an L3 switch doing ECMP and you have 1 Tbps of DDoS absorption capacity. For $16K. I know pretty well I'm oversimplifying the problem, but it always starts this way, and after this you adjust for various aspects (small packets, reflection using tools like PacketShield, TLS handshakes using more CPU cores, large connection counts using more RAM) and that's about all.
The heaviest and hardest to maintain features in these environments are the fat stuff that customers want (WAF, monitoring, UI, config versioning, etc). But basic protection is trivial if you can afford the bandwidth.
Hum, not. Is obligatory for dogs (it was like 50€ or so), but children aren't vaccinated from rabies normally in Spain at the school.
Rabies is endemic in Ceuta and Melilla in any case. I don't know if people in those places are systematically vaccinated but would be a surprise to me.
If you substantially change the hardware of your computer, you are supposed to get a new licence because it's like it is another computer. It's not a bug but a feature.
In my case, the first time I fully booted the Windows 10 disk was in the VM. I wonder if this counted as a 'change' or does it think that the VM is the original hardware now?
What most people want is to pay and then not worry about random downgrades and deactivations, even if they upgrade a parr or two, or boot the same machine indirectly through a hyper visor.
Apparently, Microsoft does not or cannot deliver this, and as we’ve seen this week may randomly downgrade your system even if nothing changed.
