Slashdot Mirror
Misconfigured Webserver, Threats to Call FBI
the_harlequin writes "The Register is reporting that a city manager threatened to call the FBI over a misconfigured webserver. From the article: "The heartland turned vicious this week when an Oklahoma town threatened to call in the FBI because its web site was hacked by Linux maker CentOS. Problem is CentOS didn't hack Tuttle's web site at all. The city's hosting provider had simply botched a web server."
"
The guy is a real piece of work. I liked this:
"I am computer literate! I have 22 years in computer systems engineering and operation. Now, can you tell me how to remove 'your software' that you acknowledge you provided free of charge? I consider this 'hacking.'"
22 years in systems engineering, but he hasn't got a clue as to how web sites operate. This guy epitomizes problems we all see every day: Incompetents who don't recognize their own incompetence. Then he compounds it by being an arrogant bastard and an overbearing, threatening weenie to boot.
Nice.
And these are the kinds of jackasses we ELECT to have power over us.
It was a joke! When you give me that look it was a joke.
realising you're incompetent doesn't make you competent, it just means you're not ignorant to your incompetence.
So you're saying, if this guy's school had some money when he was there, he wouldn't have grown up a pompous prick?
No, it's not.
Throw the bums out!
With one caveat:
The press is his town might not be savvy enough to understand what he did.
Another consultant who stuck it out.
"We are the Priests, of the Temples of Syrinx..."
The guy's website provides further proof for the "low IQ and use of Comic Sans" correlation.
Hi there,
o ryid=127
have you seen this one?
The world seems to be laughing about your city administration...
http://www.centos.org/modules/news/article.php?st
Cheers
Dave
While the general response is to call for his incompetent head on a plate (not undeserved), we as a community should be making an effort to be polite to this idiot. If we want to continue the march of linux, we need to be prepared to deal with incompetence and people like this in a warm fashion, and mock them later with dignity and respect. If all he gets are threats, harrassing calls etc, he's going to assume that all linux people are alike, and that we're all terrorists and hackers. Please, if you're going to email/call/mock him, do so with dignity and respect as a member of the community. Don't prove him right by getting on his level. We're all better than him, so act like it.
It is perfectly possible for the majority of people to be above the mean [average] or modal [average] but impossible for the majority to be above the median [average].
Je fume. Tu fumes. Nous fûmes!
Sorry, Builder, but all this shows is that incompetents shouldn't be left in charge of IT. I would say it demonstrates the exact opposite of what you say. Clearly the city manager is unqualified and ignorant. The open source project helped him -- for free -- even when he threatened litigation! Ultimately, CentOS solved the problem for him too, outdoing the ISP he presumably pays.
I would argue that this furthers the cause significantly, and as an aside, encourages towns to take IT seriously.
once while i was doing tech support early in my career, i helped a programmer who claimed he had ten years of experience....he hadn't a clue what DNS was, thus started a war...windows DNS settings in DUN have 0.0.0.0 when you first click on set DNS manually, than of course you enter your DNS....no, not with this guy, i gave him the DNS numbers and he yelled at me saying there was space only for 4 numbers and not the numbers i gave him. TWENTY FREAKIN mintues of listening to this guy bash me saying i was an idiot and that DNS only has 4 numbers, he completely refused to enter anything....i cracked (so much so that people around me were laughing), i started screaming at him and told him to STFU and do what i say and proceeded to scream instructions in very much detail and treated like an imbecile..finally got him back online, but i think the internet was worse off for him being there
moral of this story is when people start of there conversation with "this is how much i know about ____" than they probably don't know much.
Funny thing is, this "computer literate" is a prime example of how the majority of people can be above average.
Proof of this is left as an excercise for the reader..
It occurs to me that very few people who have had 22 years of computer systems experience would merely refer to themselves as "computer literate". It would be more likely that such a person with the claimed amount of experience would have asserted instead that he "knows what he's talking about", followed by the proclaimation announcing his years of experience. "Computer literate", ironically, is generally only used as a self-label by people who still don't *REALLY* know how their computer works. At least as far as I've seen.
I expect, more likely, that has had had 22 years of experience of MANAGEMENT in the field, but not the actual hands-on stuff.
(Threats of calling the FBI aside, he reminds me for some reason of the pointy-haired boss guy in Dilbert).
File under 'M' for 'Manic ranting'
Here is an email that a friend of mine sent out: redacted to protect identity.
From XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Subject Serving the citizens of Tuttle and making it a great place to live.
Date Mon, March 27, 2006 10:31 am
To "Jerry A. Taylor"
CC "Senator Debbie Stabenow"
Dear Sir.
As you can see, my email to you contains full disclaimer to my identity
and also will show on the radar of my Senator. So I am completely on the
level.
I would like to ask you a few questions, having read the recent events of
Tuttle's website incident, located at
http://www.theregister.co.uk/2006/03/24/tuttle_cen tos/, and your homepage
on your city's website located at
http://www.tuttle-ok.gov/index.asp?Type=B_BASIC&SE C=%7BCC5DEFB6-1B2A-4783-A5F8-A92275C95081%7D,
I am disturbed at the conduct of a goverment official that is supposed to
be setting the example for the rest of us. If I had kids, I would like
them to be able to look up to our politicians as they are the leaders of
our country.
I would like to ask you the following:
1. What qualities that make Tuttle great are you promoting, by viciuosly
attacking a software provider with blind accusations with a guilty until
proven innocent stance over a page that looks like the following:
http://centos.hughesjr.com/testing/noindex_new.htm l - where it correctly
states, that the webserver is working correctly and that what is missing
is content?
2. What evidence did you have that your website was hacked besides your
inability to see the page you expected despite your repeated requests to
"REMOVE" offending software which was "NEEDED" by your web pages in order
to be seen by the public?
3. What forensic testing did you complete prior to contacting the maker of
the software?
4. Did you shut down the server that you expected was hacked to prevent
any further "hacking" of your site's infrastructure?
5. Did you isolate your server by unplugging it from the rest of the
network to prevent the public from being affected by your hacked software?
6. Even a novice could see that the page you were shown was a help page,
but what led you believe this was a hacking attempt?
7. Is paranoia and general widespread panic the qualities you are
attempting to promote in Tuttle citizenry? What intel reports do you have
to support your feelings that Tuttle is targetted for this kind of
activity?
8. Given that any software maker has no knowledge of your infrastructure
setup, what questions did you ask of your own team prior to accusing the
software maker of hacking your site and not providing adequate assistance?
9. Have you done a review of your team's management and staff to determine
whether they followed procedure during this crisis, or was all of the
incident managed by you? Do you have a PMP certified staff member to
handle your project management issues and crises?
10. You state in your email trail with CentOS that you have "22 years in
computer systems engineering and operation." If such is the case, why is
it that you did not initiate tha activities required to remove the
offending sofware even from a management point of view? I have 17 years -
maybe not as much as your 22, but even at 5 years of experience managing
sites, when there was something offending, I knew which person on my team
would be able to remove the software or determine root cause. Please
elaborate on how you used your 22 years of experience to determine root
cause in this incident and how in your estimation your shouting match at
the obviously polite people at CentOS showed your citizenry the kind of
examp
realising you're incompetent doesn't make you competent, it just means you're not ignorant to your incompetence.
Right- and awareness of one's incompetence with respect to a given task makes one a lot likely to attempt that task without assistance. It's okay to be incompetent and aware of it. Problems only arise when one attempts to do something they are incompetent at -whether they know it or not- the thing is that people don't frequently attempt something when they know they are incompetent unless they feel they have no choice but to try to do it themselves (e.g., the competent ones are unreachable, or make seeking assistance such a hassle, so expensive, or so degrading an experience as to make it an undesirable option)
Perhaps they were only contracted to set up the server & supply scp/ftp login detail so that someone with say, 22 years of experience, could upload the website.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Even better find out who is running against him next time and send him all this lovely info on how his city manager made the town a laughing stock. Even better lets see if we can push a new term into common it usage. The Tuttle effect. That is when thinking people are temporarily over whelmed by a single stupid bureaucrat. I wonder if we can get it into the Wikipedia. If not at least have this little claim to fame added under the entry for Tuttle OK.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
After the first miscommunication over email, pick up the damn phone. Could have cleared this up in 5 minutes, no matter how idiotic the customer.
$8.95/mo web hosting
You can open notepad and test if the capslock is on before logging in?
totally incredibly amazing.
Now if you had wrote "type password in user field to verify capslock" you wouldn't sound like a condescending asshole.
Who run Barter Town?