Slashdot Mirror

http://uptime.netcraft.com/up/graph?site=beta.slashdot.org ...says they're using an F5 product on the front end. I wonder if beta.slashdot.org is simply a web accelerator in front of the real web servers or something??? :/

In that case, they could be running something different on the actual servers.

Netcraft thinks it's an F5 BIG-IP device, which probably means that they've got a big, fancy load balancer. If my memory doesn't fail me, F5's appliance OS is BSD based.

lynx http://www.slashdot.org/

(I could say that "Netcraft confirms it" but anyone doubting that Slashdot runs Linux probably needs to accept evolution, the moon landing, and the theory of gravity before clicking on this link: http://searchdns.netcraft.com/?position=limited&host=slashdot.org .)

Microsoft's site dedicated to getting people to switch to Server 2008 prudently does not run on Server 2008. This is nothing new.

http://toolbar.netcraft.com/site_report?url=http://www.getthefacts.com

Microsoft doesn't use its source control solution, Visual Source Safe, for version control.

IIS6 is a good choice for them - it has the best security record of any web server in history. Traditionally Microsoft has sought out the best solutions while pushing others to use lesser solutions. It's just how they operate.

http://toolbar.netcraft.com/site_report?url=http://www.getthefacts.com

The site is running IIS 6 on Win2k3 Server, an upgrade from IIS 5 they only made four months ago - look at the history. It's a solid, reliable upgrade choice, IMO, they did very well staying away from Server 2008.

That's easily found out: http://toolbar.netcraft.com/site_report?url=http://www.itif.org

Ports are being developed and currently reside in the area51 repository. Subscribe to the kde-freebsd@kde.org mailing list to follow progress. Currently, the biggest show-stopper is the co-existence of KDE3 and KDE4 on the same system, along with QT3x and QT4x libs in ${LOCALBASE}. I prefer to continue to use 3.5.8 (although arts is broken on 7.0-R for certain configurations of hardware, but arts is well known for being a PoS anyway) until 4.x is stable.

The version of Netcraft the trolls use must be different to the one I see each month which consistently has FreeBSD hosts in the top ten on an equal footing with everyone else. There are currently (2008.05.01.21.13.05 UTC) four BSD hosting sites in the top ten, leaving that other OS and It Isn't Secure to fight over the remaining six places. Assuming the unknowns aren't FreeBSD, of course.

Wow, that's a disturbing thread. I hope something good happens to this loser so he can do something better than this with his life. That does not make me John Marriot or anything like him. It makes me sad for people like him who waste their lives on hate.

The good news is that free culture will fix problems like that. The more people share, the less scarcity their is and that's good for everyone.

In the meantime, it's been 5+ years and no one has found an exploitable vulnerability in IIS.

What fantasy world do you live on? The rest of us see something different.

Look, if anyone just does a basic analysis, you'll see that there's this circular process where the heavier operating system requires new hardware, forcing people to buy both to keep up with the times, which both them and the manufacturer want.

According to this basic analysis(pdf), debian Etch is an order of magnitude larger and more complex than Vista. And yet it doesn't require this "new hardware" you're speaking of.

In fact in addition to the x86-32 and x86-64 targets Vista aims for it also runs on alpha, sparc, arm, powerpc, hppa, ia64, mips and s390. From the toys to spacecraft, from webservers to 85.2% of the world's top 500 supercomputers it'll run on almost anything. That's engineering.

This will not end until they have a solid competitor, period, and that means the linux geeks have got to get off their high horse and make an easy, packaged, "buy your box from dell with it pre-loaded" version of it your grandma can use.

You have been able to buy PCs preloaded with linux from Walmart, Dell, IBM, HP and many others for several years.

Because, personally, i'm getting a little sick of getting these operating systems from Microsoft which I swear to God have code running several extra loops just to bog it down so that only the most bleeding edge (aka money I don't want to spend) boxes can handle it reasonably.

So switch. It's time. Ballmer says Vista is a work in progress. Gates says its replacement is a year out. Let's take their word for it. This is a great window of opportunity to justify looking at alternatives.

Than the whole US Senate machine level of security:
Netcraft
When the U.S. Justice Department stepped up its investigation of cybercrime, it found spam originating from an unexpected source: hundreds of powerful computers at the Department of Defense and the U.S. Senate. The machines were "zombies" that had been compromised by hackers and integrated into bot networks that can be remotely controlled to send spam or launch distributed denial of service attacks.
(this link also mentions the older Republican access of the Democrat fileserver)

Paypal is hyping Extended Validation certificates after Netcraft posts articles like this:

Extended Validation certificates and XSS considered harmful

Curious if nothing else.

Time to add nimp.org to your hosts file. The link is an auto redirect from rds.yahoo.com to members.on.nimp.org. This is how Yahoo redirects search results to find out who clicked what. Yawho? search results are thus no longer safe to click. For best results, add rds.yahoo.com to your hosts file or equivalent blocker as well.

members.on.nimp.org resolves to poulet0.zoy.org. The IP address is [80.65.228.130]. Best to block that as well. The DNS administrator for this server is Slashdot User "Sam H", UID 3979.

Somebody at slashdot should have a look at our anonymous coward's IP address. It would be nice if we could quit this nonsense. I hope this isn't some troll that bought a low UID in the auction.

And maybe some slashdotter in Paris could call Sam and ask him to fix his compromised server. It does look like someone truly nasty took it over in August of 2005. Big Debian fan this one. Likes the GNAA routine and the whole bit.

I'm not certain about pinning this on Sam. sam.zoy.org resolves to a different IP. One of you intertubes wizards want to weigh in here?

Time to add nimp.org to your hosts file. The link is an auto redirect from rds.yahoo.com to members.on.nimp.org. This is how Yahoo redirects search results to find out who clicked what. Yawho? search results are thus no longer safe to click. For best results, add rds.yahoo.com to your hosts file or equivalent blocker as well.

members.on.nimp.org resolves to poulet0.zoy.org. The IP address is [80.65.228.130]. Best to block that as well. The DNS administrator for this server is Slashdot User "Sam H", UID 3979.

Somebody at slashdot should have a look at our anonymous coward's IP address. It would be nice if we could quit this nonsense. I hope this isn't some troll that bought a low UID in the auction.

And maybe some slashdotter in Paris could call Sam and ask him to fix his compromised server. It does look like someone truly nasty took it over in August of 2005. Big Debian fan this one. Likes the GNAA routine and the whole bit.

I'm not certain about pinning this on Sam. sam.zoy.org resolves to a different IP. One of you intertubes wizards want to weigh in here?

Netcraft.com's February 2008 report http://news.netcraft.com/archives/2008/02/06/february_2008_web_server_survey.html says that Apache has 48.84% & IIS has 36.05%. This causes some issues for your argument... /i

For once that's on topic. I stated to rant like everybody else on how this was skewed by not taking into account the market share of Apache vs. IIS, but that's not the real story here.

Take a look at the "Webserver defaced" table. It's badly formatted in a couple of respects. Here's a copy of the interesting data with defacement numbers sorted by server platform:

nginx 729
IIS (total) 447
Apache 319
Rapidsite 244
SonataServer 178

nginx doesn't run on Windows; I'd expect most sites deploying it would be on Linux or BSD. Rapidsite runs on a customized Apache, and again while I haven't found a definitive statement here I'd expect virtual hosting using Apache is going to be Linux or BSD as well. I'd welcome corrections here if I'm wrong about that.

Combine this with the Netcraft data and the initial conclusion I would reach is that Linux+Apache is still the most secure platform. The only reason the Linux numbers are so inflated is that they include some really crappy web servers with significant vulnerabilities running something other than stock Apache.

I wish I had the raw data so I could ask some more interesting questions, like how things change you take the stupid user/admin data out. I don't care that it's possible to setup a platform up wrong and get simple vulnerabilities, I only care about how vulnerable a good installation is.

Last I checked, IIS was at about 35% and Apache at 50%.

  --> http://news.netcraft.com/archives/2008/02/06/february_2008_web_server_survey.html

Of course, these are just statistics...

-mverwijs

The author attributes this number to the fact that more people are switching from IIS to Apache. Check out the latest netcraft survey, that doesn't seem to be the case. Over the last few years, IIS seems to be hanging on at around 35-40% market share and apache around 50-60%.

The Google blog you cite essentially admits it's not as accurate as the Netcraft survey, which shows the market shares much closer, i.e. about 51 to 36.

But neither of them is really measuring market share; they're measuring share by domain, not server. So if you assume that one OS has more domains on it, on average, than the other, then its "market share" is proportionally less than the numbers in the survey. Personally, based on what I know about the hosting market, I would assume that Apache servers have more domains on average than most Windows servers, but that's a guess.

I hate to be the bearer of bad news, but the canonical webserver survey shows Apache declining significantly and steadily against IIS for the last two and half years - it's currently running at 50%, vs IIS with 35%.

FreeBSD still occupies 4 of the top ten most reliable server categories according to Netcraft and it holds the top position.

http://news.netcraft.com/archives/2008/02/12/swishmail_is_the_most_reliable_hosting_company_in_january_2008.html

Numbers are always a good place to start.
Netcraft.com does a good job for web stats.
See the February 2008 Web Server Survey here:
http://news.netcraft.com/archives/2008/02/06/february_2008_web_server_survey.html
Apache still has 50.93% of the market.
More market = more developpers to choose from.

So I just gotta say - WTF - http://news.netcraft.com/archives/2008/02/27/extended_validation_certificates_and_xss_considered_harmful.html - EV and XSS considered harmful - so what does PayPal say to that? That even though they are using EV that we should ignore that?

Face it. As many others have said, if you go to http://www.paypal.emptymyaccount.com/ you're a moron.

Disclaimer - last used Apple product was a beige toaster.

Microsoft's use of Akamai in 2003 gained attention when it made it appear that Microsoft's web site was running on Linux. In actuality it was just the Akamai caching servers using Linux. Like Google, they've since shifted to using more of their own network as well as Limelight and Savvis (now Level 3).

Contrary to popular belief, it is this parasitic nature that actually ends up profoundly improving the operating system and proliferating it. Think of the following hypothetical scenario:

1. CEO sees product XYZ and thinks to himself "Wow, we can compete with that!"
2. CTO responds to CEO with "We need to research viable means to penetrate this [new] vertical-market with a high profit margin." This all means "I'll get back to you with the cheapest possible implementation after I consult our developers."
3. Director of IT says "Hey, we can use FreeBSD as a platform because it's free and has an open license."

This is where the general populous that conforms to your statement stops thinking and fails to realize the rest...

4. Developers are tasked by the director to learn FreeBSD.
5. Support staff is tasked with inundating themselves with FreeBSD to support the product/customers.
6. Quality Assurance is subjected to FreeBSD to test the product.

and in my experience at Yahoo! (in the beginning days when FreeBSD was but a murmur on the lips of the Directors and CTO), the following happens...

7. Developers, Support staff, and Quality Assurance falls deeply in love with FreeBSD.

which leads to...

8. Developers giving back to the FreeBSD community.

You don't have to believe it, but the arguments for the decision to use FreeBSD do exist. The people that choose it are not always vapid management. Sure, it may start out that way, but if you look closely at the Netcraft, you might just find that BSD even found a niche in the web-server world (where your argument of parasitic license globbing does not and cannot apply as the GPL has no grounds in the argument of which OS serves up your content to the World-Wide-Web).

I am not a zealot. I find that every OS has its place. I for one, for a desktop environment would definitely suggest Linux because it has very good device support. I for one don't think that the BSD's will ever corner that [desktop] market.

Even within the BSD world, there is dissention and each flavor (very much alive and kicking) has its purpose. For example, I believe that the greater and more well-known BSD variants can be summed up into a single sentance (see below):

BSDi Commercial BSD Version. Commercial Support.
FreeBSD Optimized for the Pentium Processor.
NetBSD Runs on almost every platform.
OpenBSD Security and Cryptography. Runs on many platforms.
PicoBSD Fits on a single 1.44MB floppy disk.

That was true, being said in an article from 1999 (by Chris Coleman, author of BSD advocacy articles and unbiased BSD editorials on DaemonNews), I would add the following summations to bring it up to present day:

BSDi
Enterprise-level use (close-source product). This BSD variant intends to compete with people such as RedHat Enterprise Linux and other Enterprise UNIX flavors. Runs on Intel only.
FreeBSD
If running Intel, there is no better choice. FreeBSD focuses on security (not as hard-core as OpenBSD though) and stability/performance on the Intel platform. DEC Alpha is supported but stability/performance may be better on NetBSD for Alpha support.
NetBSD
Bleeding edge hardware compatibility. More often than not, this team has support before any other distribution (before Linux even). Hardest distro in the world to[?] (besides Windoze).
OpenBSD
Security security security (derived from NetBSD).
PicoBSD
Minimalism at its best (maintained by the Fre

I think you meant Redmond, which apparently runs their city's website on Windows 2000, but your point still stands :).

A whois lookup for hymn-project.org says the domain's REGISTRANT is in India. A Netcraft lookup shows the netblock owner as "NECTARTECH, LLC SAN JOSE CA US".

So, you want to see an actual example of a site with a seemingly perfectly valid SSL certificate but still sporting an exploit? Look no further than here: http://news.netcraft.com/archives/2008/01/08/italian_banks_xss_opportunity_seized_by_fraudsters.html. This is just a recent example.

This one example totally defeats all of your "security checks". And it is in the wild. You will of course claim that this particular attack was made possible by two factors: A XSS vuln at the banks website and users clicking on a link in an email sent to them. But the domain of that link was the banks domain. The XSS script was obfuscated. Once you arrived at the page everything seemed OK: There's a https:/// at the front of the url, and the domain name is in fact the banks own domain name. Is the bank to blame? yes! Should anyone follow a link sent to them in an email? no! Did it succeed in having users giving up their details? you bet!

Incidently you don't "throw up a deceptive IFRAME". Iframes are embedded into the actual html. You can't tell it is there. Your address bar only tells you about the "parent" page. If the actual form lives inside an iframe - possibly generated by a XSS vulnerability like in this example, validating the URI means s***.

I really don't know which articles you've read on CardSpace. Do you only read the headlines and when CardSpace and Passport are mentioned together you assume that they are one and the same or that they are intrinsically linked?

Instead of FUDing (referring to "articles" without any concrete references) maybe you would like to point out what the problem with CardSpace is? I mean, apart from the fact that it originated from Microsoft which obviously is very disturbing to you.

Let me summarize CardSpace for you:

1. CardSpace is a de-centralized, open protocol based on XML. This is totally opposite Passport (although some Passport driven sites now allow you to use CardSpace as well).
2. CardSpace does not mandate any specific credential store. Not AD, not LDAP or anything. It is a procotol. If you have evidence to the contrary, please share it.
3. The client need not use AD or Windows or any other MS technology. IE on XP with .NET Framework 3.0 and on Vista already sports an AD free CardSpace card store.
4. The server/site (relying party) need not use AD or Windows or any other MS technology. There is even a proprosal for inclusion of CardSpace support into Zend Framework for PHP: http://framework.zend.com/wiki/display/ZFPROP/Zend_CardSpace. Google for more projects.
5. The (if one is used) issuing party need not use AD or Windows or any other MS technology.
6. Microsoft does not have a central authority. Microsoft is never in on the authentication (unless you authorize at a Microsoft site, of course).
7. I can make any number of "self-issued" cards, in which case there will be only two parties involved in the authentication; unlike OpenID id I may add.
8. Even if I use the same card against multiple sites, they don't get an identifier with which to compare my behavior across the sites. Unless of course my card includes something personally identifiable such as a unique email addy. But they don't need my email and I may question the site why the assert that claim.
9. CardSpace cards contain "claims", such as email adresses, names, etc. Some card you can issue yourself. But the relying party can demand that some cards are signed by a mutually trusted authority, like a bank or creditcard company. This could potentially spell the end (good thing) of handing out CC numbers on the 'net. The relying party can assert a (signed) claim that the bank accepts a withdrawal of a certain amount of $$ for a transaction. The shop never "sees" the CC#, merely a "signed"

• Warner Music Group (runs Solaris)
• Sony BMG (also runs Solaris)
• EMI (runs Windows)
• Vivendi (also runs Windows)

Furthermore, one of the partners in Sony BMG makes the PLAYSTATION 3 video game console that is designed to run GNU/Linux.

• Warner Music Group (runs Solaris)
• Sony BMG (also runs Solaris)
• EMI (runs Windows)
• Vivendi (also runs Windows)

Furthermore, one of the partners in Sony BMG makes the PLAYSTATION 3 video game console that is designed to run GNU/Linux.

• Warner Music Group (runs Solaris)
• Sony BMG (also runs Solaris)
• EMI (runs Windows)
• Vivendi (also runs Windows)

Furthermore, one of the partners in Sony BMG makes the PLAYSTATION 3 video game console that is designed to run GNU/Linux.

• Warner Music Group (runs Solaris)
• Sony BMG (also runs Solaris)
• EMI (runs Windows)
• Vivendi (also runs Windows)

Furthermore, one of the partners in Sony BMG makes the PLAYSTATION 3 video game console that is designed to run GNU/Linux.

Looking at www.whitehouse.gov (via http://toolbar.netcraft.com/site_report?url=http://www.whitehouse.gov) it appears that George Bush's Whitehouse has penguins in it already.

Wait, so how does the second graph on this page exactly indicate how "miserable" the server market is? Over the past 10 years, IIS and Apache have both eaten away the market share of competitors. When you look at server operating systems, the trend towards Windows and Linux over the Sun and IBM server OSs of the past is even more clear.

• Yahoo! servers use Free BSD
• Flickr servers use Linux/Apache
• del.icio.us servers use Free BSD

Is this kind of merger a good argument for releasing server side software under the GNU Affero GPL ? If these services were using software licensed under something like the GNU Affero GPL, then a company like Microsoft wouldn't be able to go near them.

I know the argument against this form of license is that large players like IBM, Sun and Google would not want to use them, so the projects would find it difficult to get sponsorship. But both Flickr and del.icio.us started as small start-up teams with a cool idea, and became valuable because of the user base they attracted. When they started out they weren't looking to be bought out by a large company, they just wanted to try out their idea and share it with their friends.

If the next cool idea is started by a team who used tools licensed under the GNU Affero GPL, what happens when it gets discovered and attracts a huge user base ? It would be interesting to see which of the big players would be prepared to become involved. A potentially disruptive technology.

• Yahoo! servers use Free BSD
• Flickr servers use Linux/Apache
• del.icio.us servers use Free BSD

Is this kind of merger a good argument for releasing server side software under the GNU Affero GPL ? If these services were using software licensed under something like the GNU Affero GPL, then a company like Microsoft wouldn't be able to go near them.

I know the argument against this form of license is that large players like IBM, Sun and Google would not want to use them, so the projects would find it difficult to get sponsorship. But both Flickr and del.icio.us started as small start-up teams with a cool idea, and became valuable because of the user base they attracted. When they started out they weren't looking to be bought out by a large company, they just wanted to try out their idea and share it with their friends.

If the next cool idea is started by a team who used tools licensed under the GNU Affero GPL, what happens when it gets discovered and attracts a huge user base ? It would be interesting to see which of the big players would be prepared to become involved. A potentially disruptive technology.

• Yahoo! servers use Free BSD
• Flickr servers use Linux/Apache
• del.icio.us servers use Free BSD

Is this kind of merger a good argument for releasing server side software under the GNU Affero GPL ? If these services were using software licensed under something like the GNU Affero GPL, then a company like Microsoft wouldn't be able to go near them.

I know the argument against this form of license is that large players like IBM, Sun and Google would not want to use them, so the projects would find it difficult to get sponsorship. But both Flickr and del.icio.us started as small start-up teams with a cool idea, and became valuable because of the user base they attracted. When they started out they weren't looking to be bought out by a large company, they just wanted to try out their idea and share it with their friends.

If the next cool idea is started by a team who used tools licensed under the GNU Affero GPL, what happens when it gets discovered and attracts a huge user base ? It would be interesting to see which of the big players would be prepared to become involved. A potentially disruptive technology.

i'd also like to point out that 2 of the top 5 sites on netcraft are windows os http://uptime.netcraft.com/up/today/top.avg.html

what do you /. nerds alwasy say? "i'll believe it when netcraft confirms it"?

This exploit should turn the little M$ tick down into a real trend. This is what happens when you try to use a badly designed consumer grade OS for web service. Let's hope companies take the hint and run back to Apache before something really bad happens.

People trying to pass the buck onto tens of thousands of individual programmers at tens of thousands of different institutions should ask yourselves why this has not happened with LAMP. If it was a market share thing, LAMP would have fallen long ago. It's not market share or users, it's a monoculture problem.

Worse still, the Netcraft link is actually to an old version (from August 2007) of their Web Server Survey which projects a steep line downwards for Apache and a very steep climb for IIS.

If the submitter had linked to the most recent version of the survey, it would be clear that some of the territory that apache lost has already been reclaimed in the last few months and that IIS' market share appears to be stagnating.

Comparing the two graphs, I think it makes a huge difference. Why would the submitter post an old version that paints a dim view for the future of Apache? Sounds like FUD to me...

For reference, here is the Netcraft methodology.

This is Slashdot. The bar for Windows success is vastly higher than the bar for Linux success, whether it deserves to be or not. Don't like the statistics? Change the definition of the statistics so that they are painted in the light you prefer. After all, that's what Microsoft would do, right?

You seem to dislike their definition of a website. But what the survey is really telling you is which web server is being used to serve unique content on the web. Whether one server serves a million pages or a million servers serve one page apiece is irrelevant. What matters, for the purposes of the survey, is which server is doing the serving. That is a perfectly valid metric, just like unique web servers is a perfectly valid metric. However they are not the same.

So there are lies, damn lies, statistics and then people who don't know how to use the information in front of them, or worse, know how to use it but purposely use it incorrectly.

For reference, here is the Netcraft methodology.

Since you asked, here's the Netcraft query results: Netcraft Results for discovermagazine.com.

Looks like a proxy server frontend running Squid on Linux, so this alone won't tell you what the backend is running, but it does lead one to wonder.

The proof is in the pudding.
http://uptime.netcraft.com/up/graph?site=www.godhatesfags.com

Microsoft commands about 39 percent of active sites on the net. http://news.netcraft.com/archives/2007/11/23/november_2007_web_server_survey.html I believe this is mainly because of the deal they made with Godaddy to host parked domains on Windows servers. Active hosting of fully developed and public websites should show a completely different picture. It would show that people spend a lower percentage visiting websites hosted on Windows servers than they do with visiting sites hosted on Apache. If Microsoft gets more active interest for hosting completed sites on their servers then they could possibly consider to release a separate version of IE to be open because the server market would be profitable for them to compensate any loss incured by that browser. It's all speculation from my point of view but from a stance of someone who would try to protect their IP, it seems more than likely that this is the cause for all that goes on in their world.

About standards, Macromedia and Sun really did change the scope of how the internet ended up. Without Flash and Java, Microsoft would have been the true driving force behind the Internet. MS has been playing catch up for quite a long time now. The competition of innovations has forced them to do patchy work inside that market and for some weird reason they haven't really adapted well. If they did then their latest products would do more than just speed up transactions using XML. While it's nice to have things run fast, it would be even better if they could provide specific and adequate solutions for invididuals to fit their needs. They can only do so much of that because they know what can become of that. The kind of support to accomodate something like that would hurt them a lot, not to mention more lawsuits involving trusts, monopolies and stolen IP from unrecognized developers.

All in all, I've spent so much time watching the entire market evolve. I've started back when the whole thing with Javascrip/Jscript was going on and have been researching everything up to that time just to catch up on this stuff. While I don't have much stature in the bigger things in life, I do have a strong feeling in my gut that things are going to get a lot more complicated in the next 5 years. Even if Adobe and Sun sides up with Microsoft, it really wouldn't make that much difference in the bigger scheme of things. Even if MS would go open source to the American Public, it would provide a small opening for the US to speed up its innovation. While I believe and defend Open Source, I do believe in America and in dealing with this stuff you have to take into account of American/Democratic/Capatalist Interests. That's a whole other rant.

Ugh, I wish I could give simple answers. :(

Netcraft confirms it! Microsoft are running 2008, 2003, 2008, 2003, 2008...