Let's take http://news.ycombinator.com/threads?id=pg as an example. When I visit... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ralph on April 15, 2008 \| parent \| context \| favorite \| on: Poll: Unknown or expired link on YC Let's take http://news.ycombinator.com/threads?id=pg as an example. When I visit that I get dealt 75 fnids. They're different every time I go to the page. So I'm using a new 75 slots in the cache every time. It's little overhead in CPU or bandwidth for me to get the page but it has a big impact on the other users of the system if I flush their fnids out of the cache before they try and use them. I first pointed this out at the end of April 2007. In response, pg cut the number of fnids used, but they've crept back in. The technique's flawed, trivial to exploit, and should be dumped.

ralph on April 24, 2008 [–]

Here's the last time I pointed it out. http://news.ycombinator.com/item?id=18083 pg made the post dead and emailed me about publishing a DDoS. Yet here we still are, using a broken concept.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact