Slashdot Mirror
Misconfigured Webserver, Threats to Call FBI
the_harlequin writes "The Register is reporting that a city manager threatened to call the FBI over a misconfigured webserver. From the article: "The heartland turned vicious this week when an Oklahoma town threatened to call in the FBI because its web site was hacked by Linux maker CentOS. Problem is CentOS didn't hack Tuttle's web site at all. The city's hosting provider had simply botched a web server."
"
If you don't remove this inflamitory comment I'm calling the FBI!
"I'm going to f***ing bury that guy, I have done it before, and I will do it again. I'm going to f***ing kill Google"
He forgot the 1s but the tilda was creative.
This page cannot be displayed due to an internal error. If you are the administrator of this site, please visit the Xoops Troubleshooting Page for assistance. Error [Xoops]: Unable to connect to database in file class/database/databasefactory.php line 34
Overheard at the city council meeting:
"Someone unplugged my keyboard- Call the FBI Alice!!!"
Another consultant who stuck it out.
"We are the Priests, of the Temples of Syrinx..."
This just confirms what we Texans have known for years...(ducking for cover).
Haha, I love how each of the Manager's replies show a complete ignorance of the previous, helpful message from the CentOS tech. I had a similar situation trying to explain to my uncle (who I was building a site for) about how SMTP works and why mail forwarding only worked before we changed his nameservers (since he only bought domain names and not hosting). I spent a painstaking 20 minutes explaining it in layman's terms, only for him to pause then say, "My email isn't working". The CentOS guy should get a medal for keeping so calm here.
That's nothing. Over the years I've been the victim of some ruthless Native American terrorist organization that always seems to hack my webpage within minutes of installing the server.
This guy's the limit!
For some reason, this reminds me of the time that a woman called my branch of the company and said: "We're all out of paper over here... could you fax some over?"
THIS IS THE INTERNET. PLEASE PICK UP YOUR SERIOUS BUSINESS SUIT AT THE FRONT COUNTER.
...to complain about a DDOS attack. Behold, the power of Slashdot!
Weaselmancer
rediculous.
The Department of Records must have the name of the website wrong and confused it with Buttle instead of Tuttle, we will correct it as soon as possible. In the mean time, we do not apologize for disrupting your webserver, and we will not reimburse you one penny nor will we fix the damage caused.
My computer is routinely hacked by Microsoft, should I call. It happens at least once a month, sometimes weekly. I have another one that is hacked by commies, I know they are commies, they use GPL.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
After reading through the exchange on the CentOS site, I think he's going to regret making that statement. Normally, a dunderhead bureaucrat like this would try to sue or claim these e-mails shouldn't have been made public, but with this little statement on file...
I'd call the guy a "dumbass", but he's not necessarily stupid, just ignorant and bullheaded. Of course, ignorant and bullheaded do a very good impersonation of stupid when combined.
- Greg
Start a happiness pandemic
-Eric
SJW: Someone who has run out of real oppression, and has to fake it.
Isn't it gratifying and re-assuring to know that we have public officials who are intelligent and qualified enough to read an error page, and then savvy enough to: a) look up the company's web site, and then b) effectively and efficiently manage the problem to the satisfaction of all parties involved. We should bestow him with praises.
Rest assured people of Oklahoma, your IT is in good hands!
...but, alas, they do not have email!
Can you imagine?
He who knows best knows how little he knows. - Thomas Jefferson
The tendency of the average person to believe he or she is better-than-average is known as the "above-average effect," and it flies in the face of logic... by definition, it is impossible for a majority of people to be above average. The more incompetent someone is in a particular area, the less qualified that person is to assess anyone's skill in that space, including their own. Here is the summary of the study. http://www.damninteresting.com/?p=406
Cave, wreck, and deep diver.
So you're saying, if this guy's school had some money when he was there, he wouldn't have grown up a pompous prick?
The PHB in question is the city manager. According to him: "My door is always open and I answer all calls."
So... here's his info: City Manager Jerry A. Taylor, and his email address: citymgr@cityoftuttle.org.
Note that I am not "exposing" anything, all of this info comes directly from the publically available cityoftuttle.org website.
PS. I can't believe we fried centos.org but not cityoftuttle.org.
If you noticed on his bio at the website - he was a manager for E-Systems. This is the way E-Systems managers manage - the yell about everything - get absolutely nothing done but yelling - but yell they do - until someone comes along and fixes it for them. He is classic E-Systems - everyone in the defense industry know about them - and has had to put up with their management technique. Finally the rest of you can start to deal with them too...
Or even an MCSE. If you're going to knock us, get the term right.
its a mistake, it was supposed to read BUTTLE....
I like microcars
To: citymgr@cityoftuttle.org
Subject: Need your help in entertaining the tech community
Jerry,
I understand that you have 22 years of experience computer systems engineering and operation are are computer literate. I need your help in entertaining the Internet technical community.
I think it would be hilarious if we loaded the default page on on a web server for the city (one with instructions on how to fix the problem) and then complained about it to the the maker of the operating system. Yuk, yuk! We can even (get this) whine that all the computers in the building show the same default page when you surf to the site. Bwaaahhhaaahhhaaa! Then (I can hardly contain myself) let's accuse the poor saps of hacking our server and threaten to call the FBI!!! Teeehhheeehhheeee!
Oh, oh, my sides hurt. This is going to be great. You setup the server and I'll.... Oh, I'm just reading slashdot and see that you already done it. Well, I guess you thought of it before me. Good one.
The guy's website provides further proof for the "low IQ and use of Comic Sans" correlation.
CentOS should send the city a bill for their tech support time. After all, they wasted the time of a primary developer whose time could be spent much better. Of course the chance of the bill getting paid is slim to none but it is the thought that counts, right? I hope Johnny Hughes found the man's ignorance as funny as I do and was not overly annoyed with the knucklehead.
Switching to Linux can be an adventure!
Hi there,
o ryid=127
have you seen this one?
The world seems to be laughing about your city administration...
http://www.centos.org/modules/news/article.php?st
Cheers
Dave
While the general response is to call for his incompetent head on a plate (not undeserved), we as a community should be making an effort to be polite to this idiot. If we want to continue the march of linux, we need to be prepared to deal with incompetence and people like this in a warm fashion, and mock them later with dignity and respect. If all he gets are threats, harrassing calls etc, he's going to assume that all linux people are alike, and that we're all terrorists and hackers. Please, if you're going to email/call/mock him, do so with dignity and respect as a member of the community. Don't prove him right by getting on his level. We're all better than him, so act like it.
Je fume. Tu fumes. Nous fûmes!
Sorry, Builder, but all this shows is that incompetents shouldn't be left in charge of IT. I would say it demonstrates the exact opposite of what you say. Clearly the city manager is unqualified and ignorant. The open source project helped him -- for free -- even when he threatened litigation! Ultimately, CentOS solved the problem for him too, outdoing the ISP he presumably pays.
I would argue that this furthers the cause significantly, and as an aside, encourages towns to take IT seriously.
Here is a recent picture of our hero, Jerry, and here is a picture of him during his earlier years.
[alk]
I found the problem... Jerry has an MBA. that explains it all.
Be sure that if you email him, to use crayon type fonts and only primary colors.
We have seen that living things are too improbable and too beautifully "designed" to have come into existence by chance.
My website looks just fine.
How's he ever going to learn if we just make fun of him? I, for one, sent him a CentOS DVD and a kind note supporting him in his time of public embarrassment.
Come to think of it, why doesn't every one do that?
Yeah you Texans know a lot.
Emacs is good operating system, but it has one flaw: Its text editor could be better.
here's the difference. You would of called the ISP. he called CentOS, because the default Apache install page for CentOS and the default webpage has a link back CentOS.
That's like the default Apache install page on a Mac contains a link to www.apple.com. and The default page on IIS contains a link to www.microsoft.com
if you saw an error page that IIS and a link to MSFT would you call MSFT, and Yell at them for Hacking your website?
If my homepage failed to appear I too would call the ISP. He called the company whose link was visible, not the ISP.
i thought once I was found, but it was only a dream.
It occurs to me that very few people who have had 22 years of computer systems experience would merely refer to themselves as "computer literate". It would be more likely that such a person with the claimed amount of experience would have asserted instead that he "knows what he's talking about", followed by the proclaimation announcing his years of experience. "Computer literate", ironically, is generally only used as a self-label by people who still don't *REALLY* know how their computer works. At least as far as I've seen.
I expect, more likely, that has had had 22 years of experience of MANAGEMENT in the field, but not the actual hands-on stuff.
(Threats of calling the FBI aside, he reminds me for some reason of the pointy-haired boss guy in Dilbert).
File under 'M' for 'Manic ranting'
With luck they will not be someone who reports to this fool, but one way or another they'll probably feel the heat more than necessary. There are few things more frightening in a workplace than a fool who is shown up to be a fool. His retribution is likely to be epic.
Don't bother. He has already removed homself and all the concil members. Since only the mayor has Instead, try the mayor and the Tuttle Ok Newspaper.
I prefer the "u" in honour as it seems to be missing these days.
Um, sir, I don't think 'computer literacy' refers merely to the ability to read text on computers...
http://outcampaign.org/
I live in a small Indiana town near Monticello with a population of about 1,700. The local telephone company, for years, has told people when they complained of static on the line : "If you don't like our service, get phone service elsewhere!" *snickers in the background* (The offending Telco is NOT in Monticello.)
.plan (Boo!.) (And yes, the .plan was available outside their network for anyone to see.)
.plan.) I went to the office and sat with the owner and "admin" and insisted that they immediately call the FBI as it would be quite a hoot. A lot of staring went on before the owner yelled at "admin" and told him to turn the account back on. I explained to the owner how *stupid* it was to have that information available and that most knowledgeable entities had disabled external finger years ago. The finger and telnet services were disabled entirely for everyone a few weeks later. Smart move on both counts -- 12 years after it had become standard practice.
Now that Al Gore has brought us the Internet, up until a little over three years ago, this town only had ONE ISP : the local Telco. ALL surrounding communities with populations of 5,000, 650, and even 180 have had multiple ISP choices for years. In the surrounding areas today, multiple dial-up providers, DSL, wireless, and cable are available. Hence, this Telco has treated it's Internet service customers just like its phone customers. (The second choice now is a major cable provider.)
Anyway, a few years ago, I was on my Telco $39.95 dial-up and holy crap, I fingered myself at the ISP and discovered that my wife's and my full name, telephone number, address, and other account information items were displayed. No problem. I telnetted to the ISP server using my account info and edited my
A couple of weeks later, the ISP was having an issue with one of their cache servers which was causing me trouble viewing web pages. I phoned in the trouble and a couple of hours later, my account was disabled and the ISP "network administrator" with 25 years of experience called and said he was phoning the FBI because I had hacked his server (read as edited
Then, out of the dark ages we came as the Telco introduced DSL for $75 per month. This went well for several months. Until December 2002. During that month, latency was at >1300ms the entire month. Call #1 (3 days): Someone hacked our servers. Call #2 (10 days): Damned hackers! We're working on it! Call #3 (21 days): Um, we seem to have oversubscribed our T1 (SINGULAR!) We are working on adding capacity. Call #4 (33 days): Yeah anytime now. NO! We will not be offering a refund! I asked if they had heard anything about a major cable company providing Internet service soon. HAHAHAH! No one is coming to town. HAHAHAHAH!
I called the cable company and BEGGED to beta test. They said testing was closed. I offered to pay and explained the situation. An installer was at my house the next day and I went from 1300ms $75 DSL to 1.5Mbps, 80ms, $39.95 cable overnight and haven't had more than a couple of very small hiccups since. That cable is now at 6Mbps. The Telco still stinks, though, I hear their price is down to $45/month.
BTW, Caller ID is $12 per month here. We paid (and still do) nearly $3 per phone line into an E911 fund for about 8 years prior to said service being available. Funds taken in from this were used to modernize the phone companies network -- to give it the capability of providing CallerID. And ream us they still do.
I have to give the guy a lot of credit for being helpful. If it were me, I'm afraid I would have said "OK, OK, we'll get it off there in the next update cycle", then blacklisted his email address and let him figure it out himself.
:)
Then I would have posted it on slashdot while the error page was still up for additional comic relief
Sadly, however, not every org has the resources to hire a firm to do their IT for them.
In my experience most businesses cannot afford NOT to have someone competent in charge of their IT. It doesn't need to be a full time job, a few hours per month is often plenty. The alternative is to have the "Office Guru", you know, they guy that has an X-Box at home and bought something on Ebay once, deal with it. The problem is that he/she probably has a real job they are supposed to be doing and will spend hours dealing with issues that would take a professional a few minutes to fix and will probably ignore any kind of preventitive maintence.
The thttpd (a lightweight Apache alternative) author has a similar story, but with more stupidity involved (see email history in link): thttpd author's "Attack of the Repo Men"
Use my userscript to add story images to Slashdot. There's no going back.
After the first miscommunication over email, pick up the damn phone. Could have cleared this up in 5 minutes, no matter how idiotic the customer.
$8.95/mo web hosting
actually, in the City Manager form of local government, the City Manager is hired by the Mayor and city council to administer the government...
--- I'm just rambling...
Dear Mayor Lonnie Paxton:
/ 135221
h p?id=2
I am writing to formally complain about the abusive behavior of Mr. Jerry A. Taylor, one of your highest profile City Managers. As of this morning's publication of an Information Technology news service titled Slashdot (see links below), I can assure you that he (and, by association, your town of Tuttle, Oklahoma) is the topic of derisive conversations throughout the entire computing systems world. Quite frankly, Mr. Taylor's alleged "22 years in computer systems engineering and operation," his unwillingness to consider the advice of professional peers, his inability to comprehend simple systems documentation, and his hair-trigger willingness to contact the FBI whenever your town suffers WEB server configuration issues, cast great doubts in regard to both Tuttle's IT infrastructure, as well as your town's slogan: "The Place Where People Grow Up - Friendly!" This is very bad publicity, Mr. Paxton. Until this morning, it's true that hardly anyone outside of Oklahoma knew where Tuttle even was. However, now millions of people know about Tuttle for all the wrong reasons. As a consequence, I am only half joking when I state that I would hardly be surprised to see your town spoofed without mercy on an upcoming episode of The Daily Show, for example. This is THAT big an issue.
In any event, I must commend the representative from CentOS.org, Mr. Johnny Hughes. Time and time again, as Mr. Taylor become increasingly impossible to deal with, as Mr. Taylor's words became more and more threatening (at one point, Mr. Taylor went so far as to report that "I have no fear of the media, in fact I welcome this publicity" - a statement which I believe he will soon regret, if he doesn't already), Mr. Hughes remained both patient and calm and did everything he could -- and I can't state this with enough emphasis, even though this was clearly neither an issue with CentOS.org, nor Mr. Hughes -- to help resolve Mr. Taylor's problem.
I use CentOS on a daily basis and I am positively grateful for the philanthropic efforts of this superhuman organization. I am extremely disappointed with your office because Mr. Hughes clearly did not deserve Mr. Taylor's unmindful harassment. To resolve this injustice, at the very least, I encourage you to prevail upon Mr. Taylor to publicly acknowledge an admission of discourtesy toward both CentOS.org and Mr. Hughes himself, accompanied by a written expression of regret. Your town should consider itself fortunate that CentOS.org, to date, has not issued you an invoice for payment of software technical support.
Thanks very much for your attention. I sincerely wish that we could be communicating under much more favorable conditions.
For your reference, here are some links referred to earlier:
Original story posted on Slashdot:
http://linux.slashdot.org/article.pl?sid=06/03/27
What is Slashdot and how large is it's following in the world:
http://en.wikipedia.org/wiki/Slashdot
CentOS's coverage of the abuse:
http://wwwf.centos.org/127_story.html?storyid=127
What CentOS is:
http://www.centos.org/modules/tinycontent/index.p
What LINUX is:
http://en.wikipedia.org/wiki/Linux
Yours Sincerely,
some of my favourite - it really happened to me - IT customer service stories.
I spent a year or so working in a retail computer outlet in a large discout chain (I blame Apple for this, it was during their flirtation with selling Apples through non-reseller chains). It was during the same period that IBM compatibles changed from 5.25" to 3.5" floppy drives. I had a customer come in and buy a new 3.5" drive one afternoon. The following day they came back with the drive asking for a replacement, as it was clearly faulty. They complained that they had installed in into thier computer and tried to use their exisiting disks in it and none had worked. After further enquiy, it turned out that they had found their 5.25" disks had not fitted in the drive, so they had cut them down with a pair of scissors to make them fit, having done so, they found the new drive incapable to read them.
Same place, different customer. Came in wanting a warranty replacement on their new keyboard, it was giving erratic multi-keystroke responses. The keyboard was bent with a tire track across it.
Same place, yet another customer. Sold them a new PC with a fax modem as one of the items on the component list. The following weekend they came back into the store to find me. They had a question, could I perhaps show them on the floor demonstration unit where to load the fax paper.
Same place (I hated the place with a vengence), different customer. Came in with their brand new Apple Powerbook demanading a warranty replacement. It was a PB 180 (I think) with the grey rectangular power brick adaptor. The computer had shorted out and they demended that Apple replace it. The AC adaptor no longer had the block transformer on the end of the cable, instread it had a standard 3 pin plug on the end. When asked why this was the case, they said that the block had not fitted to the powerpoint on thier skirting board, so they had cut it off (the transformer) and installed the new plug on the end of the cable. They could now understand why I refused to process the claim as a warranty issue.
Different place, different customer. Was asked to do an insurance assessment on repairing a computer which had been sprayed with a chemical fire extinguisher some weeks earlier, it had not been cleaned in the interim...
I've got dozens more, but they're my favourites. So glad I don't do retail any more.
Sara
Designer, Gamer, Macgrrl in an XP World
In my case, I was working in field service for a small factory automation manufacturer (this was nearly 20 years ago, now). We get a call that a customer is having a problem with their system failing the security check at start-up.
At that time, our software was copy-protected by means of a parallel port dongle that absolutely would NOT work correctly if there was a printer daisy-chained off the dongle, and the printer was turned off. Because this was an entirely predictable failure mode, the error message read something like: "Security verification error. Make sure your software key is installed on the parallel port, and ENSURE THAT THE PRINTER IS TURNED ON (if you have one)"
So the first question I ask the guy when he gets transferred over to me is whether or not he has the key installed, and whether his printer is turned on. "Of course it is - I wouldn't be calling if I hadn't already checked that!". So I ask him exactly what the error message is, and he tells me it's the one I paraphrased above, which you will recall only happens if your printer is turned off.
Now, it's possible that his key has gone bad in a way that no other key we've had fail before ever has, but it doesn't seem terribly likely to me, so I ask him if he can check to make sure the little green light on the printer is illuminated. He claims that it is, and starts getting very agitated about how much of a problem it is for him that he can't run the analysis he needs to run, and we need to fix this pronto.
So, I load a new printer, a new key, a new cable, and anything else that might be useful into the company van, and drive out to this factory (2.5 hours one way). When I get there, I go into the plant, turn on the printer, and drive back.
Total time onsite: less than 5 minutes
Total drive time: 6 hours (rush-hour on the way back)
Total cost to customer: $350 (or about $600 in today's dollars)
1 hour minimum labor @ $50/hour
6 hours drive time @ $50/hour
[[ insert your own "priceless" MasterCard advertisement here ]]