Slashdot Mirror
Code Red Refunds?
bubblegoose writes "In Washington state Qwest customers are asking for a refund due to losses of service during the Code Red thing. Qwest is refusing to give the refunds.
Excite has a story about it here." I tend to think this is just complaining bull crap. My net connection when down too, and I don't run around demanding $5 back. I'd be more upset if I was a business and my server rooted by this. The irony is that this will probably end up just pushing subscription software.
I've never taken the time to write an angry post about the editorial content... but sheesh.
First, if you lost cablemodem service for almost a WEEK, WHILE BEING LIED TO about the cause, wouldn't you be a little mad? This was the case here in Fairfax. They tried to say it was "sheduled router upgrades", only to backpedal a couple days later after everyone figured it out (and they had to implore their users to patch, and their email system was down, etc etc).
Second, I guess I'm wacky, but if I pay for something, I want what I paid for, as other people have said here. I pay $45 a month for cable service. I don't call and complain if it goes out during a storm for a couple hours. But if its down for DAYS, their tech support line is TURNED OFF, and no one will tell me when it's coming back up, I expect to not have to pay for this service! I am not being given anything but a blinking data light. Some of us do not maintain multiple backup dial-up accounts; yes, I'll freely admin I'm spoiled by broadband, but at the same time, I can't justify spending $25 a month in case I lose my connection for a week.All the DSL providers in my area are dead or dying; roadrunner is my only option besides modeming (which is a bad scene in and of itself, die to "multiplexed lines" or some such nonsense which means I get 28.8 tops).
Third, if no one says anything and just rolls over, then the company will not be challenged to provide a high level of service, since they will know customers will just take it.
Sorry, Taco, but you're a helmet.
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
Funny, Qwest is my provider as well, and the only phone call I got was notification that my bill was overdue.
On the whole I've been very happy with Qwest also, however I would like very much to know why they gave out bad information regarding the fix for more than a week. In case you didn't know, for some time they insisted that the only thing necessary was to disable remote web access to the Cisco router. This didn't work, and I suffered periodic outages for a week after I applied their prescription. It wasn't for quite some time that they revealed that blocking port 80 on the router was the only way to stop the scans from hanging it.
As a telecommuter, my productivity was cut enormously over those two weeks. Now, if it turns out that Qwest was negligent, i.e., they knew that their original "fix" didn't work but wasted time releasing that info, then I would expect compensation. However I suspect that, as happens often in complex systems, it simply took them a while to figure out what worked and what didn't. If that's the case, then I cannot reasonably demand anything more from them.
The second option is that they can deny all incoming requests to port 80, since the UA forbids running servers anyway, and slowly wait for the code-red running machines to go away. This is what they did
I don't want "proactive measure" anywhere near my net connection. You do realize that a proactive measure would have to monitor all your traffic in depth, and then try to guess when you're behaviour was dangerous. When it has a false alarm, then you'd blame @Home for using such an error prone method, instead of a simple reactive method.
The trouble with listening to an idiot is that you might give them what they asked for.
When thinking about all these new "issues" that are arrising out of our new technologies, I usually try to find parallel proceedures in existing situations to use as a guide for working out the new problems.
In this regard, I would look to a not-at-fault car accident, there are a lot of similarities.
Imagine this: a car stops. The car behind it hits it and sends it carreering into the car in front.
Now, if I'm in the middle car (the first one mentioned) the guy in the very front car, who was hit through no fault of his own, sues me. I, in turn, sue the car who hit me (who was at fault) and pass on the litigation from the front guy to the one who hit me (I was not at fault for either collision and the rear vehicle was for both.).
Now lets bring this back home, Microsoft sell a product which has faults. Qwest buys said product from Microsoft and use that as a basis for their own product. I buy the Qwest product and use it to create my own product (say, a website). One day, Microsoft's product stops working. Qwest's product as a direct result, stops working. My product then stops working because of Quest's problems.
My product cannot make me any money. I am running at a loss.
I think it would be fair for me to turn around to my supplier and ask for compensation for lost earnings (at the hands of Quest's product), or at least refuse to pay for the portion of the service that was not delivered. Quest then have that option of passing on their costs to their supplier (should they be liable).
On the other hand, I could just be being too simplistic.
Get the Hell off my planet, you slimy mobster Bush!
My provider isn't "The Wicked Q of the West", but I ended up downloading Cisco 675 CBOS upgrade from their site. This is what happened.
1. I have received announcements about Code Red in everything security-related that I was subscribed to, and as usual, ignored it because I don't use IIS, Windows and other garbage of that kind.
2. Cisco 675 router that connects me to my providers (ISP is Megapath, line was Rhythms) started hanging in the most outrageous manner possible, being not accessible even from its serial console that I have attached to one of my Linux boxes through USB multiport serial converter. It was "outrageous" and not merely "bad" because same Linux box happened to have still-working Ricochet modem attached to another USB port, and I was able to reach it from work even when DSL was down, but couldn't reset DSL until I was physically at home.
3. Later announcements mentioned Cisco routers as vulnerability, and recommended to disable web administration on the router as a workaround, and upgrade the firmware. Cisco page mentioned an upgrade but did not offer anything to download -- required to call their phone number or email them and beg for firmware update. Knowing that everybody who ever bought Cisco 6xx, plus a bunch of people who didn't know how their company's Catalyst differs from bitty box 675, will be trying to reach Cisco, I have chosen to do a workaround.
4. I have disabled web administration, it stopped working, but router continued listening on the port 80. I assumed, it will just ignore all data that it receives, so a bug won't be triggered.
5. Router still hangs. I have set a filter to block everything that comes from outside to the port 80 on the router. It looked like router stopped responding to this, so I was confident that I am not vulnerable to that thing anymore.
6. Router still hangs. Apparently my mind was not advanced enough to comprehend the brokenness of CBOS -- broken code was receiving packets BEFORE THEY PASSED THE FILTERS.
7. I have looked at the Cisco site to check if they got the idea, how many requests for copies of CBOS patches they are supposed to process and posted the binaries. Nothing -- the page still contained a phone number and email address, and since I was at home, I could be pretty sure that people who were supposed to answer at Cisco weren't at work either.
As opposed to other Cisco products, CBOS has no optional pieces, and is useful for a single puprose of upgrading shitty 6xx boxes, so why they needed my phone call to make sure that I am indeed going to use their software to upgrade their router and not, say, print as a hex dump and smoke it, is still a mystery for me.
8. While constantly resetting Cisco, I have started IRC, and asked some of my friends if they know, where to find those damn patches. After few minutes I have received some rather unflattering description of CBOS, Cisco and Intel (who happened to be the real authors of this shit), and the URL on Qwest site with CBOS images.
9. CBOS images were distributed as Windows executables, with Windows upload program but no instructions -- probably following the logic that if a customer has his servers infected by a virus, running downloaded executables is the least of his concerns. Fortunately, Windows executable was a wrapped zip file, and upload procedure over a serial console was in the router's documentation.
10. Router worked fine ever since, but it looks like it's still impossible to filter or completely disable web administration on it.
---
Of course, this was that simple only because I had a full access ("exec" and "enable" passwords) to the router. I am afraid to think, how Qwest technicians would have to work if they had to upgrade customers' routers over the network while routers were being attacked, or to distribute passwords to the customers to make them able to run the updater program (I have never seen it running, I assume that it uploads updates either by xmodem over console or by TFTP -- in the first case only customer can enter the password, and in the second one _someone_ has to login to the router and still enter the password), so I kinda understand why Qwest couldn't do much in this situation. OTOH, Cisco could at least issue binary patches as a public-accessible download.
Contrary to the popular belief, there indeed is no God.