The reason they can't release the specs is most likely because their lawyers said not to, for fear of breaking some DRM-related legal contract(s).
I can't imagine how that would be a problem though. DRM relies on having some system that the content publisher can trust, which the user doesn't have control over or visibility into. The Linux video acceleration APIs probably allow a separate process to read the final frames from the video framebuffer, so the opensource driver can't decode any DRM'ed content on Linux. That's fine. Why is it then a problem to allow decoding of non-encumbered content? The only way I can imagine it would be a problem is if the hardware call to decode DRM content is almost the same as that for decoding DRM content, and AMD relies on keeping it secret.. Anyone have a better explanation?
[Happy user of the open source AMD drivers. Just do it in software and disable CPU throttling:]
Both comments by drsmithy and arkane1234 are probably right.... It will be a while until "normal people" like me can get 4 TB of flash storage, so I suppose I was anticipating the dilemma a bit too early (but it's interesting to know). I have a workstation, myself, so a non-RAID SSD is probably OK. Some applications I use have bizarre read patterns which seek around in 30 GB files,and my cache isn't working that well, so SSD bulk storage cannot come soon enough. The promise of HDD array + SSD cache is that everything is fast yet very flexible, but it's not delivering on the "fast" at the moment (could be time of a CPU upgrade too).
RAID is pretty common for HDDs, because drives do fail and RAID gives you instant (for RAID1) and automatic recovery. Is there a point to have SSDs in RAID? For most setups the speed benefits are not important (>200 MB/s is enough to move the bottleneck to the CPU for most workloads). Combining multiple smaller devices into a large volume is useful, but that is more "volume management" than "RAID". I find that bit-rot is overhyped on HDDs, but it's also mitigated by scanning for it (i.e. reading all sectors with data), so it's hard to gauge. I'm going to move my 4 TB array (8 TB raw) to SSD sooner or later, so I'm curious if people think RAID1 for SSD is good practice or superfluous. I have regular offline backups + offsite backups every 6 months of the important data, but some of it is not backed up. No strict reliability requirements.
Too bad, because a completely solid state PC is so nice to use.
For a desktop you shouldn't really notice if it's "all SSD" or not, as long as your hot data is on the SSD. For a laptop is cool that you don't have to hold it still while it's working (I sometimes pack my laptop with a hybrid drive while shutting down anyway; if it breaks I'll get an SSD)
Some people (though a minority) suggested to take on a problem you're passionate about and create a software project. If you're considering this, I suggest to start with small projects, and don't get stuck on a big one if there's no chance of finishing. It happened to me, and it's not the end of the world, but in the end you get some experience with failure (which you get if you fail fast too), and some programming skills, and nothing else to show for it. Myself, I looked at code analysis tools, and thought that I could create a better static analyser, with more heuristics and a better understanding of the code. I started to lay out the project in C++ and create classes and the part that reads a binary and produces an internal representation. I had a lot of interesting thoughts, and it was a quite pleasant period (so I'm not sure I actually regret it), but in the end it will not help my career one bit.
Correction; The difference was not in the Host: header vs. the server IP address. It was that I was using "\n" for line breaks, while the HTTP standard requires "\r\n". Thepiratebay's server understands "\n", but the O2 blocking system doesn't. So it even works with thepiratebay.se as Host: header.
I happen to be working from home today, so I'll spend a few minutes checking how they block TPB on the ISP O2, just out of curiosity.
WWW: I get a page telling me that the page has been blocked by court order
DNS: They return the correct IP address: 194.71.107.50
Traceroute: I get to thepiratebay.piratpartiet.se (194.14.56.2), but not all the way to the web server, on both a censored and a non-censored connection. This is probably because TBP filters out some ICMP packets, nothing to do with O2.
Ping: I can't ping the TPB server from any connection. (same reason as above)
So TPB have locked down their web servers pretty well. Makes things more difficult for me. I couldn't find any open ports apart from 80. So I'll do some more checking with the webserver:
No intersting headers;HTTP/1.1 403 Forbidden Connection: close Content-Type: text/html Content-Length: 1100
I get this page even when using the IP-address in the URL, so there is no Host: www.thepiratebay.org header.
Now let's do a traceroute on TCP port 80. First, I tried BBC, and I got some hosts outside of the O2 network, specifically:bbc-linx.pr01.thdow.bbc.co.uk . Now for TPB: The same as for an ICMP traceroute!! This is weird. It's clear that O2 are not proxying HTTP connections, at least not at the SYN packet, because the HTTP SYN packets get all the way to thepiratebay.piratpartiet.se (194.14.56.2).
OK so let's try to get the web server to leak some more information: I tried some different URLs and with "Host: 127.0.0.1", and just get the same "blocked" page. If you're on IPv6 you can have a look at the page at my local web server: http://blackhole.lan.fa2k.net/f/tpb-blocked.txt . Let's try a bogus request with telnet:[fa2k@blackhole ~]$ telnet 194.71.107.50 80 Trying 194.71.107.50... Connected to 194.71.107.50. Escape character is '^]'. GET/ HTTP/1.0 400 Bad Request Connection: close Date: Thu, 21 Jun 2012 12:57:00 GMT Server: lighttpd From the non-censored connection I get the same thing. Now I mistyped some HTML request into telnet, so I'm probably on some kind of list. Who cares, it's not illegal to be curious. Now let's try a valid HTTP 1.0 request with netcat: [fa2k@blackhole ~]$ printf "GET / HTTP/1.0\n\n" > the-request.txt [fa2k@blackhole ~]$ cat the-request.txt | nc 194.71.107.50 80 HTTP/1.0 301 Moved Permanently X-Powered-By: PHP/5.4.4 Location: http://thepiratebay.se/ Content-type: text/html Content-Length: 0 Connection: close Date: Thu, 21 Jun 2012 13:08:22 GMT Server: lighttpd
Neat! This seems to come right from thepiratebay itself. Maybe the blocking software doesn't understand HTTP 1.0. And no, "http://thepiratebay.se" doesn't work in a browser. It's a different server than.org, but acts in a similar way.
A HTTP 1.1 request without a Host: part is invalid, let's see what comes up when changing "1.0" to "1.1": a 400 invalid request, it seems to still come from TPB, as it has the lighttpd header. Supplying "a" as the host, I get the 302 again.
I know "someone" who didn't have much access to star trek when growing up... It's quite daunting how many different versions there are. I^H "he" was going to start with The Original Series, but now I'll just bookmark this slashdot page instead. I (fuck it) have some Voyager on my DVR, maybe I'll just watch those.
What apple do, is prevent installation of anything, that hasn't come from the Appstore. This is the so called walled garden!. To be honest, I dont mind a walled garden, as I would rather not have a device that can be infected with Adware/Trojans/Viruses!.
I would like to get an iPhone actually. It's well designed, and it's not made by an ad company bent on tracking your every move. The problem: I can't develop apps for it without paying a recurring fee (and buying a Mac). If it was a one-time fee, I could count it towards the price of the device. I made Midlets for my Sony-Ericsson phone in 2002, including a music streaming app, so it's a ridiculous proposition to not be able to build software for free. There is HTML5, which is arguably more powerful than Java MIDP, but I should be able to expect more than that from a modern smartphone. I don't understand why Apple can't release some simple command-line dev tools for multiple platforms, what do they have to lose, really? If they require users to install a compiler and an interface driver to put new software on the phone, surely that should be enough to protect naive users against themselves.
It has gotten a bit better for me over the last 6 months. I used to see "Waiting for google-analytics.com" for 1-2 seconds all the time, but it doesn't happen as much now. It could be because I moved to a different country and Google has more servers there.
It's their computers. There are some security vulnerabilities though: (1) Don't install the certs on your own hardware. Then the company could snoop on you anywhere, and you are vulnerable if they get compromised. Accept every connection manually, or install the certs temporarily. (2) Check what happens if you use the company computer to navigate to a site with a self-signed certificate, and an expired certificate. I found a site with some example pages of self-signed and expired certificates: https://onlinessl.netlock.hu/test-center/self-signed-ssl-certificate.html# -- https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html . If the sites linked to from there show up without warning, you get encryption, but not authentication. Then, realise that most of the security benefit of SSL is lost.
You're right about the trend, but that's not cheap! 500 GB should be enough to store most working sets of today, and anything greater is just rarely accessed bulk data. Hybrids will have to go to the multi-TB range and store the full dataset to remain relevant. As long as that SSD costs more than $ 200 though, the niche filled by 500 GB and 750 GB hybrids is still valid. On desktops hybrid only make sense for inexperienced (most) users, who can't set up a SSD+HDD caching configuration.
One-time-pads couldn't provide any practical improvement in security over what could be achieved with two-factor authentication and custom software (for example not accepting any CA certificate). The weak point is not the crypto.
[fa2k@blackhole tmp]$ traceroute thepiratebay.org traceroute to thepiratebay.org (194.71.107.50), 30 hops max, 60 byte packets
1 192.168.1.250 (192.168.1.250) 0.312 ms 0.403 ms 0.465 ms
2 O2WirelessBox.lan (192.168.1.254) 106.684 ms 106.668 ms 106.560 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 10.1.1.98 (10.1.1.98) 27.569 ms 23.957 ms 24.665 ms
8 10.1.1.101 (10.1.1.101) 26.545 ms 25.573 ms 27.624 ms
9 10.1.1.141 (10.1.1.141) 26.972 ms 24.243 ms 26.153 ms 10 10.1.2.114 (10.1.2.114) 26.168 ms 25.883 ms 24.447 ms 11 259.ge-1-2-2.mpr1.lhr3.uk.above.net (213.152.232.65) 25.520 ms 25.485 ms 25.535 ms 12 xe-4-0-0.mpr2.lhr3.uk.above.net (64.125.27.154) 26.041 ms 25.472 ms 25.535 ms 13 above-gblx.lhr3.uk.above.net (64.125.12.154) 25.629 ms 24.365 ms 26.040 ms 14 power-och-tandom-t-lane.tengigabitethernet1-3.ar1.arn3.gblx.net (208.48.1.246) 61.445 ms 64.784 ms 64.557 ms 15 gi-1-6-nano-demarc.sto1.se.portlane.net (80.67.1.42) 60.103 ms 64.794 ms 61.531 ms 16 194.68.0.202 (194.68.0.202) 67.593 ms 61.923 ms 62.026 ms 17 sthix-ge-0-2.moria-cr-1.piratpartiet.net (192.121.80.181) 59.776 ms 59.833 ms 62.935 ms 18 thepiratebay.piratpartiet.se (194.14.56.2) 63.485 ms 63.542 ms 60.908 ms 19 * * * 20 *^C
If it's truly beneficial to have moles in software companies, you can expect that China and maybe Russia also have them too.. The only benefit seems to be the certificates and access the update servers.
Speed of light in air is greater than in an optical fibre (glass) by a significant margin. Refractive index of dry air ~1, for glass ~1.5. Why can't they use a directed radio link, and use the fibre only as backup. Is it slower to modulate radio signals?
Posting again, I'll shut up now, but it actually works like that. When googlebot (et al) loads up a slashdot page, only the posts with moderation greater than 0 are included in the HTML. So only those links are used in google. Nice system. There was a story about googlebot running javascript, but it probably doesn't simulate random clicks, so we're still good.
No nofollow attributes on the 2girls1cup links indeed, not even when being logged out. It would be cool to have a "score" attribute, so you could get score="-1" for those troll posts, but OTOH sometimes we link to pages we don't endorse (like the GGP) and still a positive moderation.
Slashdot Mirror
The reason they can't release the specs is most likely because their lawyers said not to, for fear of breaking some DRM-related legal contract(s).
I can't imagine how that would be a problem though. DRM relies on having some system that the content publisher can trust, which the user doesn't have control over or visibility into. The Linux video acceleration APIs probably allow a separate process to read the final frames from the video framebuffer, so the opensource driver can't decode any DRM'ed content on Linux. That's fine. Why is it then a problem to allow decoding of non-encumbered content? The only way I can imagine it would be a problem is if the hardware call to decode DRM content is almost the same as that for decoding DRM content, and AMD relies on keeping it secret.. Anyone have a better explanation?
[Happy user of the open source AMD drivers. Just do it in software and disable CPU throttling :]
Both comments by drsmithy and arkane1234 are probably right.... It will be a while until "normal people" like me can get 4 TB of flash storage, so I suppose I was anticipating the dilemma a bit too early (but it's interesting to know). I have a workstation, myself, so a non-RAID SSD is probably OK. Some applications I use have bizarre read patterns which seek around in 30 GB files,and my cache isn't working that well, so SSD bulk storage cannot come soon enough. The promise of HDD array + SSD cache is that everything is fast yet very flexible, but it's not delivering on the "fast" at the moment (could be time of a CPU upgrade too).
RAID is pretty common for HDDs, because drives do fail and RAID gives you instant (for RAID1) and automatic recovery. Is there a point to have SSDs in RAID? For most setups the speed benefits are not important (>200 MB/s is enough to move the bottleneck to the CPU for most workloads). Combining multiple smaller devices into a large volume is useful, but that is more "volume management" than "RAID". I find that bit-rot is overhyped on HDDs, but it's also mitigated by scanning for it (i.e. reading all sectors with data), so it's hard to gauge. I'm going to move my 4 TB array (8 TB raw) to SSD sooner or later, so I'm curious if people think RAID1 for SSD is good practice or superfluous. I have regular offline backups + offsite backups every 6 months of the important data, but some of it is not backed up. No strict reliability requirements.
Too bad, because a completely solid state PC is so nice to use.
For a desktop you shouldn't really notice if it's "all SSD" or not, as long as your hot data is on the SSD. For a laptop is cool that you don't have to hold it still while it's working (I sometimes pack my laptop with a hybrid drive while shutting down anyway; if it breaks I'll get an SSD)
Some people (though a minority) suggested to take on a problem you're passionate about and create a software project. If you're considering this, I suggest to start with small projects, and don't get stuck on a big one if there's no chance of finishing. It happened to me, and it's not the end of the world, but in the end you get some experience with failure (which you get if you fail fast too), and some programming skills, and nothing else to show for it. Myself, I looked at code analysis tools, and thought that I could create a better static analyser, with more heuristics and a better understanding of the code. I started to lay out the project in C++ and create classes and the part that reads a binary and produces an internal representation. I had a lot of interesting thoughts, and it was a quite pleasant period (so I'm not sure I actually regret it), but in the end it will not help my career one bit.
Correction; The difference was not in the Host: header vs. the server IP address. It was that I was using "\n" for line breaks, while the HTTP standard requires "\r\n". Thepiratebay's server understands "\n", but the O2 blocking system doesn't. So it even works with thepiratebay.se as Host: header.
To be exact, 51% of them have the Google-branded device, 52% are on iOS tablets, while 8% are on those with other platforms, such as Blackberry OS.
Did someone put a Google sticker on their iPad or did they install iOS on an Android tablet?
I happen to be working from home today, so I'll spend a few minutes checking how they block TPB on the ISP O2, just out of curiosity.
WWW: I get a page telling me that the page has been blocked by court order
DNS: They return the correct IP address: 194.71.107.50
Traceroute: I get to thepiratebay.piratpartiet.se (194.14.56.2), but not all the way to the web server, on both a censored and a non-censored connection. This is probably because TBP filters out some ICMP packets, nothing to do with O2.
Ping: I can't ping the TPB server from any connection. (same reason as above)
So TPB have locked down their web servers pretty well. Makes things more difficult for me. I couldn't find any open ports apart from 80. So I'll do some more checking with the webserver:
No intersting headers;HTTP/1.1 403 Forbidden
Connection: close
Content-Type: text/html
Content-Length: 1100
I get this page even when using the IP-address in the URL, so there is no Host: www.thepiratebay.org header.
Now let's do a traceroute on TCP port 80. First, I tried BBC, and I got some hosts outside of the O2 network, specifically:bbc-linx.pr01.thdow.bbc.co.uk . Now for TPB: The same as for an ICMP traceroute!! This is weird. It's clear that O2 are not proxying HTTP connections, at least not at the SYN packet, because the HTTP SYN packets get all the way to thepiratebay.piratpartiet.se (194.14.56.2).
OK so let's try to get the web server to leak some more information: I tried some different URLs and with "Host: 127.0.0.1", and just get the same "blocked" page. If you're on IPv6 you can have a look at the page at my local web server: http://blackhole.lan.fa2k.net/f/tpb-blocked.txt . Let's try a bogus request with telnet:[fa2k@blackhole ~]$ telnet 194.71.107.50 80 /
Trying 194.71.107.50...
Connected to 194.71.107.50.
Escape character is '^]'.
GET
HTTP/1.0 400 Bad Request
Connection: close
Date: Thu, 21 Jun 2012 12:57:00 GMT
Server: lighttpd
From the non-censored connection I get the same thing. Now I mistyped some HTML request into telnet, so I'm probably on some kind of list. Who cares, it's not illegal to be curious. Now let's try a valid HTTP 1.0 request with netcat:
[fa2k@blackhole ~]$ printf "GET / HTTP/1.0\n\n" > the-request.txt
[fa2k@blackhole ~]$ cat the-request.txt | nc 194.71.107.50 80
HTTP/1.0 301 Moved Permanently
X-Powered-By: PHP/5.4.4
Location: http://thepiratebay.se/
Content-type: text/html
Content-Length: 0
Connection: close
Date: Thu, 21 Jun 2012 13:08:22 GMT
Server: lighttpd
Neat! This seems to come right from thepiratebay itself. Maybe the blocking software doesn't understand HTTP 1.0. And no, "http://thepiratebay.se" doesn't work in a browser. It's a different server than .org, but acts in a similar way.
A HTTP 1.1 request without a Host: part is invalid, let's see what comes up when changing "1.0" to "1.1": a 400 invalid request, it seems to still come from TPB, as it has the lighttpd header. Supplying "a" as the host, I get the 302 again.
Ok, let's send a Host: thepiratebay.se header to the thepiratebay.org server:
[fa2k@blackhole ~]$ printf "GET / HTTP/1.1\nHost: thepiratebay.se\n\n" > the-request.txt
[fa2k@blackhole ~]$ cat the-request.txt | nc 194.71.107.50 80
HTTP/1.1 200 OK
X-Powered-By: PHP/5.4.4
Set-Cookie: PHPSESSID=bbaee8ec681c1399b35cd5dba2cb7a31; path=/; domain=.thepiratebay.se
Set-Cookie: language=en_EN; expires=Fri, 21-Jun-2013 13:16:08 GMT; path=/; domain=.thepiratebay.se
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 21 Jun 2012 13:16:08 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 21 Jun 2012 13:16
I know "someone" who didn't have much access to star trek when growing up... It's quite daunting how many different versions there are. I^H "he" was going to start with The Original Series, but now I'll just bookmark this slashdot page instead. I (fuck it) have some Voyager on my DVR, maybe I'll just watch those.
What apple do, is prevent installation of anything, that hasn't come from the Appstore. This is the so called walled garden!. To be honest, I dont mind a walled garden, as I would rather not have a device that can be infected with Adware/Trojans/Viruses!.
I would like to get an iPhone actually. It's well designed, and it's not made by an ad company bent on tracking your every move. The problem: I can't develop apps for it without paying a recurring fee (and buying a Mac). If it was a one-time fee, I could count it towards the price of the device. I made Midlets for my Sony-Ericsson phone in 2002, including a music streaming app, so it's a ridiculous proposition to not be able to build software for free. There is HTML5, which is arguably more powerful than Java MIDP, but I should be able to expect more than that from a modern smartphone. I don't understand why Apple can't release some simple command-line dev tools for multiple platforms, what do they have to lose, really? If they require users to install a compiler and an interface driver to put new software on the phone, surely that should be enough to protect naive users against themselves.
Please explain how the internet stops working if people stop pirating. I am not seeing the connection.
It's not like that, the problem is that people will break the internet in trying to force everyone to stop pirating.
It has gotten a bit better for me over the last 6 months. I used to see "Waiting for google-analytics.com" for 1-2 seconds all the time, but it doesn't happen as much now. It could be because I moved to a different country and Google has more servers there.
It's their computers. There are some security vulnerabilities though: (1) Don't install the certs on your own hardware. Then the company could snoop on you anywhere, and you are vulnerable if they get compromised. Accept every connection manually, or install the certs temporarily. (2) Check what happens if you use the company computer to navigate to a site with a self-signed certificate, and an expired certificate. I found a site with some example pages of self-signed and expired certificates: https://onlinessl.netlock.hu/test-center/self-signed-ssl-certificate.html# -- https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html . If the sites linked to from there show up without warning, you get encryption, but not authentication. Then, realise that most of the security benefit of SSL is lost.
Maybe they count the switch in both cases.
You're right about the trend, but that's not cheap! 500 GB should be enough to store most working sets of today, and anything greater is just rarely accessed bulk data. Hybrids will have to go to the multi-TB range and store the full dataset to remain relevant. As long as that SSD costs more than $ 200 though, the niche filled by 500 GB and 750 GB hybrids is still valid. On desktops hybrid only make sense for inexperienced (most) users, who can't set up a SSD+HDD caching configuration.
Also, specify AllowUsers in the SSH config. Only allow your username to log in.
One-time-pads couldn't provide any practical improvement in security over what could be achieved with two-factor authentication and custom software (for example not accepting any CA certificate). The weak point is not the crypto.
Yeah, it's a good argument against getting "free" internet with your rent if I ever saw one. I'll be out of here in 6 months though.
[fa2k@blackhole tmp]$ wget http://thepiratebay.org/
--2012-06-15 18:37:01-- http://thepiratebay.org/
Resolving thepiratebay.org... 194.71.107.50
Connecting to thepiratebay.org|194.71.107.50|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2012-06-15 18:37:01 ERROR 403: Forbidden.
[fa2k@blackhole tmp]$ traceroute thepiratebay.org
traceroute to thepiratebay.org (194.71.107.50), 30 hops max, 60 byte packets
1 192.168.1.250 (192.168.1.250) 0.312 ms 0.403 ms 0.465 ms
2 O2WirelessBox.lan (192.168.1.254) 106.684 ms 106.668 ms 106.560 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 10.1.1.98 (10.1.1.98) 27.569 ms 23.957 ms 24.665 ms
8 10.1.1.101 (10.1.1.101) 26.545 ms 25.573 ms 27.624 ms
9 10.1.1.141 (10.1.1.141) 26.972 ms 24.243 ms 26.153 ms
10 10.1.2.114 (10.1.2.114) 26.168 ms 25.883 ms 24.447 ms
11 259.ge-1-2-2.mpr1.lhr3.uk.above.net (213.152.232.65) 25.520 ms 25.485 ms 25.535 ms
12 xe-4-0-0.mpr2.lhr3.uk.above.net (64.125.27.154) 26.041 ms 25.472 ms 25.535 ms
13 above-gblx.lhr3.uk.above.net (64.125.12.154) 25.629 ms 24.365 ms 26.040 ms
14 power-och-tandom-t-lane.tengigabitethernet1-3.ar1.arn3.gblx.net (208.48.1.246) 61.445 ms 64.784 ms 64.557 ms
15 gi-1-6-nano-demarc.sto1.se.portlane.net (80.67.1.42) 60.103 ms 64.794 ms 61.531 ms
16 194.68.0.202 (194.68.0.202) 67.593 ms 61.923 ms 62.026 ms
17 sthix-ge-0-2.moria-cr-1.piratpartiet.net (192.121.80.181) 59.776 ms 59.833 ms 62.935 ms
18 thepiratebay.piratpartiet.se (194.14.56.2) 63.485 ms 63.542 ms 60.908 ms
19 * * *
20 *^C
If it's truly beneficial to have moles in software companies, you can expect that China and maybe Russia also have them too.. The only benefit seems to be the certificates and access the update servers.
Speed of light in air is greater than in an optical fibre (glass) by a significant margin. Refractive index of dry air ~1, for glass ~1.5. Why can't they use a directed radio link, and use the fibre only as backup. Is it slower to modulate radio signals?
I don't think that quote is an attempt at an accurate risk asessment.
Posting again, I'll shut up now, but it actually works like that. When googlebot (et al) loads up a slashdot page, only the posts with moderation greater than 0 are included in the HTML. So only those links are used in google. Nice system. There was a story about googlebot running javascript, but it probably doesn't simulate random clicks, so we're still good.
sorry, s/troll/spam/
No nofollow attributes on the 2girls1cup links indeed, not even when being logged out. It would be cool to have a "score" attribute, so you could get score="-1" for those troll posts, but OTOH sometimes we link to pages we don't endorse (like the GGP) and still a positive moderation.