>they refuse to conduct proper studies on it out of sheer stupidity and stubbornness
Not stupidity and stubbornness. There is exactly zero money to be made from fasting. Much better to try to make some miracle compound and sell it for $50 per pill and bill it from insurers.
Now it seems they have also added fake lag to TCP port 80.
hlds@machine:~$ tcptraceroute -f 128 -m 128 thepiratebay.se 80
Selected device venet0, address 5.9.249.8, port 41774 for outgoing packets
Tracing the path to thepiratebay.se (194.71.107.15) on TCP port 80 (www), 128 hops max
128 thepiratebay.org (194.71.107.15) [open] 751.198 ms 735.700 ms 767.937 ms
This wasn't the case an hour ago. I was able to get 50ms RTT from TCP port 80 but now they probably added fake lag with tc(linux traffic shaping tool)
It's fake but his analysis is wrong. TPB is still somewhere in Europe. Otherwise you couldn't have 50ms RTT to thepiratebay.se TCP port 80 from within Europe.
I explained here how they do it http://news.ycombinator.com/item?id=5319720
Yes, the speed of light dictates how long it takes data to travel. But that isn't definitive proof that TPB's servers are hosted that close.
The easiest thing to do is to put up caching reverse proxies on big providers that respond immediately and only slow down on "dynamic" content, which we all assume to be slower anyway.
A more non-conventional approach would be to break the embedded OS of an intermediate router or network device (can you count how many transparent filtering network devices there are between you and a random website?) and have it return false data or provide static NAT to establish connections before they actually reach the destination.
The spoofed packets seems the most likely explanation. It's just not the only possibility :-)
fale@machine:~$ tcptraceroute -f 128 -m 128 thepiratebay.se
Selected device venet0, address 5.9.249.8, port 40771 for outgoing packets
Tracing the path to thepiratebay.se (194.71.107.15) on TCP port 80 (www), 128 hops max
128 thepiratebay.org (194.71.107.15) [open] 51.673 ms 49.002 ms 47.187 ms
That server is in Germany, no way it's possible to have 50ms to NK. Also traditional traceroute has 500ms+ RTT.
They are faking/spoofing the ICMP responses.
They are also prepending their route advertisement with corresponding AS paths to further disguise it.
194.71.107.0/24 *[BGP/170] 02:10:36, MED 0, localpref 150, from 80.91.255.255
AS path: 2914 39138 22351 131279 51040 I
AS39138 is probably the real upstream provider of TBP. They peer with AS51040(TPB network) and TPB router prepends AS22351(Intelsat) and AS131279(North Korean ISP) into it's AS Path before advertising it to AS39138.
Exactly. Here is a collection of route-servers and looking glasses which tell you what path a route from ISP x to IP y will take. http://www.bgp4.as/looking-glasses
You will see that every single route to 194.71.107.0/24 will travel through AS39138.
Hetzner's Xeon offerings with ECC aren't that expensive either: http://www.hetzner.de/hosting/produkte_rootserver/ex6
I would expect Softlayer to be more reliable than Hetzner as a service provider but that being said, the price difference is still huge.
I used Dropbox for about 3 years, but never could get past 4GB, after wasting time filling surveys and whatnot. On the other hand, the payment plans were way too expensive for me (at $100 per 50 GB). With insync I use my Google's account storage which is very very cheap (at $20 for 80GB).
Time and time again people begged Dropbox to provide a cheaper option (say, 25GB for 50) or to lower their prices, but they were never listened.
Now Dropbox space feels like hotmail 25MB limit when Gmail started.
I think it's a bit ironic given the nature of the talk that the link on the video page to seomoz.org has rel="nofollow" while comments down below don't have. No link juice for those who provide content(talk) and all the link juice for commenters.
Assuming DNS resolvers work as they should, most bitflips on the wire shouldn't result to anything else than a failed DNS query since DNS packets include the original requested FQDN in the result.
Scenario 1) Lets say we have normal Windows computer asking what is update.microsoft.com as an A-record. The computer's resolver sends its request to its ISP's DNS server it was assigned via DHCP. One bit is flipped on transit and the DNS server receives request to resolve update.mic2osoft.com and it does so. Then it returns the result via UDP telling the Windows computer that update.mic2osoft.com is 1.2.3.4, but the computer's resolver was expecting an answer for update.microsoft.com so it rejects(should reject) the result even though the transaction ID is what it expected. Also UDP checksum poses a problem the recursor could reject the packet and not do anything.
Scenario 2) Another scenario is where the bit corrupts on transit while the ISP's DNS recursor is querying the Verisign .com root servers for microsoft.com (assuming it's not cached) and one bit corrupts in transit. Verisign's server answers that mic2osoft.com DNS servers are ns1.mic2rosoft.com and ns2 and it provides the glue records for them (IP addresses) if necessary. DNS recursor receives an answer for mic2rosoft.com while it expects answer for microsoft.com and rejects the result before querying nsX.mic2rosoft.com. UDP checksum also a problem here.
Scenario 3) Bit flip on the Windows computer's RAM before gethostbyname() is called so they call gethostbyname(update.mic2osoft.com). Another timeframe for a successful bitflip is while the OS is running gethostbyname(update.microsoft.com) but before the request is sent. gethostbyname() only returns the IP address so the function caller will not know if its wrong. This is the most plausible scenario, ECC is also rare in consumer hardware so that shouldn't pose a problem.
Scenario 4) Bit flip on the DNS recursors RAM. This depends on whether the address to be queried is stored in several variables in the DNS server so the DNS answer packet to the Windows computer has the correct FQDN but the DNS server queried for the wrong address due to the bit flip. Servers usually have ECC so this is implausible but not impossible. Also if this happened, the DNS server's cache could also get the incorrect entry and give it out to many many many clients if it was a popular ISP's DNS server.
An interesting thought would be what if IP-addresses bit-flipped. If Microsoft had all their update servers in 80.100.2.0/24 and an attacker owned 16.100.2.0/24 with one bit flipped. How much traffic would the network receive? If bit flipped on transit while the server is returning answer for update.microsoft.com UDP checksum should be incorrect but what if a popular ISP's DNS recursor's cache had a flipped IP address for update.microsoft.com. Very implausible but would result in lot of traffic.
One more scenario comes to mind about IP bit-flipping. If ns1.microsoft.com was at 5.1.1.1 and an attacker owned 1.1.1.1 he could also configure his DNS server (more specifically the UDP stack on the Linux kernel) to ignore the invalid UDP checksums and serve falsified DNS answers.
The bitsquatted domain sends two records, one for the squatted domain and one for the original name, pointing to the squatter's server. The parent article isn't as detailed as the paper/talk was, but this is a point that the DEFCON presentation included (and I reckon the BH one as well)
Not stupidity and stubbornness. There is exactly zero money to be made from fasting. Much better to try to make some miracle compound and sell it for $50 per pill and bill it from insurers.