Slashdot Mirror
The Media on Microsoft's "Crack this..." ploy
Greyleaf writes " Check out this ZDNet story that sheds a bit more light on Microsoft's "security challenge" woes. It appears that Windows 2000 didn't even need any cracker help for its first crash and gives a brief mention is also given of the LinuxPPC challenge." MSNBC also picked up the story.
M$ is funny!
Way to go M$ !!
I couldn't be more completely convinced !!
BWAHAWHAAHAHAHAHAH !!!!!!!!!!!!!!!!
Do you know how to spell L-O-S-E-R ???
Once upon a time, I heard Billy boy was really excited about integrating voice control into ClosedVMS^W NT. Win2k[1] is probably the great evolution (hi Darwin!) that we've all been waiting for, with the power to recognize the soothing voice of its administrator[2]. Unfortunately, the voice recog drivers are easily frightened by loud noises, and pee in their address space. With the careful microkernel design of NT, the only damage that the drivers can do is overwrite the RW mapped H-CAM[3] core. [1] Win2k, does that mean from Windoze -> KDE? [2] Pod bay door drivers not loaded, Dave. [3] Definitely not MACH. Nosiree. [4] Fri, 6 Aug 1999 02:39:26 GMT, pingable, port 80 closed
Once upon a time, I heard Billy boy was really excited about integrating voice control into ClosedVMS^W NT. Win2k[1] is probably the great evolution (hi Darwin!) that we've all been waiting for, with the power to recognize the soothing voice of its administrator[2]. Unfortunately, the voice recog drivers are easily frightened by loud noises, and pee in their address space. With the careful microkernel design of NT, the only damage that the drivers can do is overwrite the RW mapped H-CAM[3] core.
[1] Win2k, does that mean from Windoze -> KDE?
[2] Pod bay door drivers not loaded, Dave.
[3] Definitely not MACH. Nosiree.
[4] Fri, 6 Aug 1999 02:39:26 GMT, pingable, port 80 closed
[5] Use the preview button! (Damn HTML <br>)
Isn't this considered flamebait?
The Microsoft people have shot small rockets with wires in the sky to get the chance to blame it on the weather. :-)
:-)
Thunderstorms aren't really a that big danger to electronics these days anymore. I guess the biggest effects come from trees falling onto something important.
An example:
1. Our building is one of the highest in town and there's no building in less than 1000m distance that is even half as high as ours.
2. We are connected to the internet with radio bridges, antennas on the roof
3. We don't even have an UPS
We had quite a lot thunderstorms (and I'm currently hearing the next one) since we got our radio bridges, none of them have effected our server or our internet connection.
You said you "love to develop using M$". So...did you use FrontPage for your post here? =) Nice <hr>'s and Italics.
Oh...nice mud-slinging yourself there...The comment about hackers and inflated women. My wife wouldn't appreciate that! Nor would yours (or girlfriend or whoever).
And yeah...I hope others do the same. Then maybe the public could see who makes a decent product...but still not likely.
You are Gerald Holmes and I claim my five pounds. jsm
Really, it was nasty! Isn't that good enough?
way down..
Make no mistakes..Bill Gates eatin' madd steaks off your bad breaks
*sigh* I'm not an Anonymous Coward, but I seem to have misremembered my password...=( Anyway: I'm not sure if it's just a problem on my end, but if it's not, you might want to know: www.windows2000test.com seems to have vaporised from DNS entries...
Hackers are a reality, you deal with like you deal with virii. Calling them bastards does not make them go away. Fixing software is how you deal with hackers. Like taking word basic out of MS office, not running programs on media just because it was inserted.
Did you miss the part of the zdnet article about LinuxPPC or did you skip the facts that don't support your point of view. Look at http://crack.linuxppc.org/ for details if you don't mind dealing with reality.
HP and IBM are not part of the Unix Mafia, SUN and Linux are. Do you expect Sun to have such a site up already? Microsoft added at over 20 years after Unix had it (well we call that cron actually.) Why don't we give the Unix vendors some time here for their 'Free Publicity'.
I hope this person was joking but there are
Why should I waste time with it.
I've got no source, cannot fix it
and besides it competes with my darling...
I'm no gonna even think about it.
Use Linux,
be Happy.
I wonder why it took them so long to enable the syn attack filter?
q 142/6/41.htm.
8/6/99 Events
9:20am - Router back up, traffic hitting site. SYN attack filter appears to be working. Receiving an average of 600 datagrams/sec, 100 fragments/sec.
9:00am - Reset TCP to handle SYN attacks. See http://support.microsoft.com/support/kb/articles/
Set Valid Retransmission Times Elapsed to 3 seconds
Set Enable Dynamic Backlog to 1 (enabled)
6:00am - All network traffic stopped. Router down.
My apologies then for not RTFM'ing as thoroughly before posting...I was tired and it was late...no crack involved!
Just when I wasy gonna try to see if IIS had any buffer over-flow problems!
Coward
with an updated status page.
The people in the Seattle area can't handle ANY sort of inclement weather. The thunderstorm on Tuesday practically shutdown the city! You'd have thought there was a Richter 6 earthquake or something.
I work here in Redmond, 1/2 mile from the MS campus. I had no problem, but I must admit that my UPS did kick in 3 or 4 times over the past 2 days for brief periods.
So maybe the storm causes the server to 'hiccup'... Then it should have been back up in a couple of minutes - not down for a whole day.
Actually "High Availablity" is an abreviation for the following sentence: "You must be High if you think this server will work for long. Fortunately my inflated salary offers no such doubts as to the Availability of powerful drugs so that I can join you in your delusional state."
- This morning:
- Same page this afternoon:
Hey! Where did the 9:16am IIS restart go? Did it morph into the 8:54am "reboot"?8/5/99 Events
9:16am - IIS restarted
2:14am - IIS stopped sending pages. Unknown cause.
8/5/99 Events
8:54am -- Changined (sic) IIS' application protection to Low and rebooted, site back up
5:31am - GETs to site start failing
2:13am - All posts to Guest Book application failed, logic error cycling the comments after 1000 entries. Server still available to read
comments. 1:22am - Intermittent posts to Guest Book application failed. Server still available to read comments.
Yeah right. The power didn't even go out. Sure the lights flickered and the radio popped and crackled but my computer didn't even flinch. You'd think that Micros~1 would remember to use a surge protector. -The voices in your head!
no no no. it was a butterfly flapping its wings in japan which lead to a thunderstorm in seattle..which made the floor real slick and the janitor accidentally bashed the machine with his broom..and it failed.
The more I hear about this fiasco, the more I wonder why Microsoft allowed this test in the first place. The Windows 2000 Team seem to have played a 100 to 1 longshot. For the longshot to pay off the hardware must work, the software must be stable, and the security must be so good that no one can break in. All of the above fly in the face of the history Microsoft software's and Intel hardware's reliability. Any failures of hardware, software, or acts of God and naive onlookers will blame it on successful breakins. Under what conditions does one play such a longshot? The answer can only be that the Windows 2000 Team was desperate for any slight chance of any kind of success. Is there internal friction between the Windows 2000 Team and the rest of Microsoft? Is it possible that Windows 2000 is in far worse trouble than even the deepest skeptics expected?
I can not wait for this OS(win 2000)to come out so I can put my mission critical web pages and applications on it..
You see, it will be faster with my 8 procesor XEON machines than that silly limux OS (mindcraft says so). Even if I have to reboot every half hour, it will still be faster. MS claimed to fix 11,000 bugs in it and sayz that it will be more stable than NT, which is good enough for me.
It also has a pretty interface, I like that!!!
And lastly it can detect weather, and shut down by itself before being hit by lightning, what could be better!!
the last guy said he makes big bucks from MS. I'm sure alot of used car salesmen do the same thing. Touch up the car, vacuum it, push back the odometer and voila! a brand new car! The new owner doesn't realize how junky it is until he leaves the parking lot.
the article claims that "LinuxPPC developers" setup the linuxppc crack challanege, which is false. linuxppc, *Inc.* set it up. the people working at linuxppc inc have never done any kernel development, afaik. in fact, the dist they sell and make a profit from was made by true ppc developers. From what i hear, linuxppc, inc did make some donations to the developers.
we should at least cut them some slack for the constant downage. Do remember that this is _beta software_, coming from microsoft, a company that considers beta "software not ready for release". As opposed to the linux community, where everyone uses beta. They should be excused for the technology not being ready to fully go up on the internet, especially since they technically aren't done writing it yet.
on the other hand there's no excuse for trying to put up the server if they W2K wasn't ready enough to make it a web server. They coulda waited 72 hours.
Ah, yes! This would be the Preemptive Multi-Crashing feature.
The last status log I saw. Took me about 12 tries to get into the site...
info from 8/5/99 4:00pm
Datagrams Received/sec Avg: 326
Fragments Received/sec Avg: 104
Total Fragment Reassembly Errors 1574000 in the last 3 hours
Connections/sec Avg: 100
% Processor Time Avg: 20
Memory use steady at about 113264K
8/5/99 Events
2:30pm - Application running fine, network response intermittent due to huge incoming IP Fragment load. Interesting stats: During 18 minute interval between 13:59 and 14:17 we received 82148 IP fragments and 178 Syn Flood attacks
1:00pm - Tuned IIS' performance options reset application protection to Medium, and rebooted.
8:54am - Changed IIS' application protection to Low and rebooted, site back up
5:31am - GETs to site start failing
2:13am - All posts to Guest Book application failed, logic error cycling the comments after 1000 entries. Server still available to read comments.
1:22am - Intermittent posts to Guest Book application failed. Server still available to read comments.
Frankly, I'd have much more luck convincing someone that Windows NT is not open than that Internet Explorer is not free.
If BackOrifice got installed, the person who was running the client should have proof. Let's see the proof.
The server crashed, and Microsoft embarassed themselves. I hope they fix the problems and try again. It would be a shame if MS gave up this kind of test just because the test found a bug.
Both the "set size to something big" and the
"get rid of really old events" "solution" are just putting the bad things off.. why the "#/&""# does the box CRASH because of something like this?
My personal EventViewer experience under NT is not good - almost never any useful information in it. Often you get the message: Initialization failed because of the file indicated... (and no file is indicated!). That and the horrible previous/next boxes, where "next", completely defying logic, takes you back in history....*
Not to mention, if you wanted to "showcase" this thing properly, wouldn't you give it every benefit of doubt by making it UPSed, constantly monitored, etc.? There's a lot riding on the box (to them) so I would think they'd have really kept it going.
Sounds more like they dropped a box off somewhere and never looked back.
Router problems. Ha. How does the Internet work again? ;>
7. Cosmic rays don't count either.
Large print giveth, and the small print taketh away
Sure that wouldnt take long to crack/hack, but if you put up a linux box with a fresh install and didn't configure it further thatd get hacked very fast. That wouldnt work, now other daemons and stuff would be nice though.
Your Momma's so fat she makes emacs look like nano!
I expect its because they've got the entire system set up to spew debugging info non-stop.
Not using NT, I wouldnt know what would cause an event.
-Yarn - Rio Karma: Excellent
That's total BS, they said that because routers are voodoo to the average MS "power luser".
IMO, probably both.
He never said you can't tweak it. Just that you can't tweak it with anything other than the publicly available information. (No 'secret' registry twiddling, for example, unless its a well-known published twiddle.)
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
Shakes head. I just don't understand how people can still buy into ms's technology. I mean ms is touting wnt2k as the next thing in sliced bread - even mentioning enterprise, hint, hint; but the server they put out for heavy pounding gets whacked by thunderstorms!!!??
Jesus, I think I just walked through the looking glass, again.
"shop smart:shop s-mart" ash
Not to mention that even when NT 3.51 was certified on 3 hardware platforms, it was only secure if it didn't have a floppy drive or network access.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
From reading the other posts, it sounds like it's an automatic shutdown, not a crash. Therefore it's a feature :)
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
This is similar to the test the they put SQL-Server 7 through. Shows up really bad problems (which they always seem to have). Shame they don't test this sort of thing in house more before 'egg-on-face' problems.
In any case, a server should be able to survive on zero writeable disk space. It's acceptable, if undesirable, for operations that involve writing to the disk (which does not include static HTML, that being all I saw on the test site), to fail semi-gracefully.
:)
Under most decent OSes, writes to a disk-full file on a normal filesystem will get bufferred in RAM until free space opens up; when the RAM's full, it has to start discarding those buffers, once it's pared down the cache and forced some processes out to swap. Maybe that's involved, maybe not. The suggestion that the machine has a lot of logging turned on so they could benefit from successful crashes has merit, though -- although I'd be logging it to a different machine with a huge pile of disks that was also logging all the net traffic. Oh well. "Poor MS."
I am in Kirkland (Two miles East of Redmond) and have had NO down time do to the weather.
"Think of it as evolution in action."
Oh, man....*chuckle*....You wonder if MS gets tired of wiping egg of its face. One thing after the other. What's even better is that few people even bothered with this free beta testing scam. Don't they have enough $$$ to do their own testing? Well, since this crashed so bad without much effort, I stick to my prediction that this joke of an OS won't ship until 2000.
It's now 5:00 EST and I am getting "Server not responding" errors.. Hmmm.... Must be in final candidate form.... (*holding in hysterical laughter*)
IIRC, they also put the video code into the inner bowels of the kernel, in order to make everything 'feel' faster. the result of which is the vid. updates having such a high priority that moving the mouse will temporarily halt all background processes, so that the cursor will update more smoothly.
Somebody get our flag back!
For those of you who haven't been able to view the site, there's a partial copy from my cache at:
http://www.instinct.org/~pgl/ww w.windows2000test.com/
if anyone can send me the other pages, I'll add them (pgl@instinct.org).
--
Everything I know in life I learnt from
http://www.windows2000test.com/
:)
Just in case you weren't aware, it appears M$ has put the site back up.
happy hacking.
Since no version of NT 4.0 has ever managed to be C2 certified, are they allowed to describe a particular configuration as, "C2 certified"?
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
The machine apparently crashed because its security logs filled up. Can the same be done as a DoS attack on any NT box? What kinds of events fill up the log? How many events are required?
If somebody can fill in the details then it should be released as an official bug report. And it can then be as a vulnerability in existing versions of NT...
Cheers,
Ben Tilly
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
A major, constant, and heart-felt complaint about Microsoft is the way that they have constantly lowered the standards for what is acceptable quality at each level of release. Why should we let Microsoft rewrite the language? Their rewriting the rules already is what has led to final releases being incredibly instable, and we are in general just plain sick of it.
No, don't judge them by their language. Judge them by the same rules that you do everyone else. If they are delivering a product that will be competing in the server space, they should be hitting the same stability targets that everyone else does routinely. Particularly if the product is being marketed based on its stability!
Sincerely,
Ben Tilly
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
Put down that crack pipe!
Hardly. I sneezed outside last week, which caused those thunderstorms. Really. I saw Jurassic Park which explained the whole thing.
--
QDMerge -- data + templates = documents.
how to invest, a novice's guide
That both of the articles cited in this posting are almost exactly the same? Right to the point of being almost word for word copies of each other.
I don't know if MSNBC copied from ZDNet or the other way around, but either way it makes one wonder where these "journalists" are going for their info. Almost makes me wonder if someone is spoonfeeding it to them.
--- Juggle juggle@hitesman.com
The thunderstorms in Seattle were VERY powerful. The school district I work with
has schools scattered throughout the Redmond/Kirkland/Bellevue area and numerous problems arose. We also had highly unusual urban power failures, something that hasn't happened since a few years ago when we had 18" of snow. (Douglas Fir's don't like snow if you get my point.) This storm was highly unusual our area. Even with UPSs many many networks and ISPs in Seattle had trouble. Although I doubt that is the sole reason for the crash I would not ignore what MS has said regarding the weather.
Good question. why don't you ask them that? I wouldn't know. My best guess would be that microsoft.com is consisdered mission critical and is redundant in many different ways. I doubt that this server is even on a UPS. i wonder if it is a box plugged in under someones desk or in a test lab. (microsoft.com was two boxes under a developers desk for a long time.)
Hmmm.. If all you think was changed between NT 4.0 and 3.51 was the gui and the utilities you really don't know ANYTHING about NT 4.0's development. Aded amongst other things:
1)Of course the interface. (duh)
2)Big time OLE "enhancements"
3)Nearly a complete rewrite of the kernel. Biggest part was the Win32 subsystem was moved into the kernal to increase performance. In WinNT 3.51 it ran seperatly, this is one of the reason why many people percieve 4.0 as less stable than 3.51.
4) Much much bigger and better hardware support.
5) Many new APIs
Whether this was good of course is open to discussion. But can I make a suggestion: you need to crawl back into the hole you came from before you embarrass the linux community with your stupidity. If you don't know anything about something don't talk about it like you do for godsakes!
I just noticed that Microsoft keeps adding new features to the status log and so forth. I wonder if one or two of the reasons this site occasionally goes off line is to implement these changes? (I seriously doubt this site has a content staging server for testing...)
Ahh but see that's why it has something like 25 servers. :-) In order to deliver continous service they have to have that many to cycle through so they have enough up at any time to garuntee access. I must admit I can always get to ms.com when I need to.
...it is good the "Open Source" is a trademark.
;)
Unless they pay ESR enough....
<^>_<(ô ô)>_<^>
What their excuse now?
<^>_<(ô ô)>_<^>
So what do we have?
This is a sham. For a *real* challenge:
Standard install of Windows 2000, IIS, and Microsoft Office 2000, installed according only to information that comes with the manuals included with the software. NO OTHER INFORMATION can be used in configuring the machine.
Now, put THAT outside the firewall, and see how fast it gets cracked.
--
nermal texaco
"It's Brazilian"
Nope, it's you must have a high availabilty, because you need to come and reboot the server when it is not responding.
In the not entirely distant past something similar to this happened. When Bill Gates reveiled Windows 98 at a press conference he got a BSOD. But people still bought Win 98, all the OEM's put it on their machines. People will buy Win2k, for no other reason than it comes with more eye candy and a few extra security holes. When NT went from 3.51 to 4 all they really did was change the GUI and add some extra utilities, most of which were really buggy leading to unreliable performance.
I'm a loner Dottie, a Rebel.
For the record: Release Candidate 1 for Win2k is out, it seems to be equivalent to or a patch from Beta 3.
No, I don't work for the Enemy, but we have the beta ware at the office, and will be putting it through the wringer in the next few weeks...
Returned Peace Corps IT Volunteer
I could be wrong, I haven't really been following this, but isn't this the same software that MS has been "selling" to people?
Yeah, I know, it's really a lease. Yeah I know, it says it's beta. But if they hand it over in exchange for money, I say they sold it. And if the sell it, then I say that it's released software.
So no, I won't cut them any slack for beta software.
I think we've pushed this "anyone can grow up to be president" thing too far.
Though this may be true for COMMERCIAL software (IE who wants to call the new super release 2000.0b.3 SE "beta" when it's on the store shelves), it doesn't for GNU/BSD/Free software. There beta actually still means something. (Of course I won't have to mention that BETA IBM serveraid drivers allowed for a machine with more uptime and less, ahhh, "thunderstorms" than that W2K machine. Anyone know the hardware stats on that sucker?
Fellowship 9/11
YEAH! Gerald Holmes will be able to explain that this is actually a very smart move (TM) on microsoft's part because now that long haired crazy linuz guys are doomed!
Fellowship 9/11
Perhaps this should be an "Ask Slashdot" topic.
So when does the M$ Offical Weather Compatibility List (WCL) come out, and where do I get it? Trial and error can be a frustrating thing. However, I have learned that warm rainy evenings and hot humid Sunday afternoons are NOT good Service Packin' Weather conditions. God knows what a thunderstorm would have done to my Sexchange swerver!
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Microsofts lacing marketting hype with the word "Open" is an appeal to the open source community. :) and some day soon we will all be using MsLinux..... just kidding....
Most open source users who use open source operating systems do so becouse: It's open, free, Unix based, or Not Microsoft.
In all thies cases Microsoft dose not have a flicker of hope.
Windows isn't open, isn't free, is Microsoft and is so diffrent from Unix that it makes Dos look like a Unix wanabe.
Microsoft forgets to quickly it's bad name and expects casual open source users to switch to Windows as quickly as casual Mac users did with Windows 95.
In short I feel comfortable sitting back and laffing at Microsofts "open" marketting. It shows we are winning
I don't actually exist.
We weren't ignoring what they said about the weather.. we were just laughing about it :)
Is "Thunderstorms" listed on the BOFH excuse calendar?
--
Mod up a post Rob doesn't like and you'll never mod again
But, there is a simple fix - either set the size of the logs to be really really big and/or set the "get rid of really old events" check box. I do both on the NT boxes I have running.
:)
Why on earth they did not have them set that way to begin with is beyond me. That is always the first thing I do when I set a box up for the first time.
My guess is the same guys that set this machine up are the same guys that said "it is the weather".
Heh. Gotta love it
Mister programmer
I got my hammer
Gonna smash my smash my radio
> Granted, this all might be just bad luck for Microsoft. But "unstable beta software" and "thunderstorms" hardly explain it away
I'd almost believe the "thunderstorms" part. When your ego gets to be the size of a planetoid, you tend to attract the hostile attention of the gods, and then things like inopportune thunderstorms follow.
Sheesh, evil *and* a jerk. -- Jade
Couldn't you blame Redhat or whomever you bought the software from? This would be one of the strongest reasons to actually buy it, rather than just downloading it off the net. RedHat makes money, Alan Cox gets paid, PHBs are happy, the Penguin marches on .................
The only reason all cover-ups appear to fail is that you never hear about the ones that succeed.
REDMOND, WA - Today, Microsoft, the world's largest software company, announced a new technology called ActiveOpen(TM). "ActiveOpen(TM) is designed to pick up where OpenSource(TM) left off", said Microsoft Product Manager Dewy Chetumorwhut. "It will enabled users, designer, developers, and managers to collaborate on software projects in a free and open way more productive then the existing legacy models, such as GPL and BSD". Microsoft officials said the product will initially be available for Windows 2000 Advanced Super-Duper Server, with releases for "legacy operating systems such as Linux" being made available "real soon now".
Further details about ActiveOpen will be made available to Microsoft Certified Developers under NDA for a fee, Microsoft said.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
One little problem. Lightning strikes typcially go into the *millions* of volts. A direct lightening strike is going to go through consumer-class protection devices like a hot knife through butter. In those cases, APC or whoever pays off the $25K in insurance. It doesn't happen that often.
However, a top-ten site like Microsoft should have more available to them then a simple UPS. Such places typcially use online power conditioning, electrically isolated systems, lightning arresters, and such.
One way or the other, Microsoft loses. If you are a e-commerce site, then it doesn't matter *why* your site goes down -- it is still down, and you still lose money. A $50 billion dollar software company could not create a site that stayed up. Would you trust *your* site to them?
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
> the BOFH excuse calendar
Ha ha! Is this an actual product? I seriously need one.
"Whatever happened to fair use?"
-- Duff-Man
The word open has a track record of being misused in exactly the way Microsoft does now: i.e. pretending to be a nice neighbor while retaining as much control/power as possible. On the other hand free has an matching track record of always being in need of explaining.
Between the two the pendulum will swing back and forth while the idea keeps working just fine.
Therefore, no! I'm not getting nervous! Words will continue to get misused and we will continue to explain the idea.
-- ESH
okay so how come microsoft.com didnt crash then?
-- your knees hurt, don't they?
I've worked in enough small shops where windows screws itself up, and I can get away with blaming windows for a little while. They use windows on their desktop, they've seen it before. But when it happens all the time, they look to me for a solution. If I'm still running windows and it screws up, I can blame microsoft all I want, but it won't make them any happier. If I run linux and it screws up by my own fault, I can just fix it in a short manner of time, apologize, and be on my merry way. Little/no blame on yourself is better than having to blame MS all the time. Nice point of view, btw.
This whole episode exposes the major flaw at Micrsoft concerning secure and mission critical systems. They don't know what one is. Being secure and mission critical implies near %100 availability. It's an obsessive attitude.
A thunderstorm took out the server? A periodic, naturally occuring, predictable phenomenon? Puh_lease!? They've never heard of a UPS? Backup telecom links? Give me a break. Microsoft wouldn't know a mission critical system if they had one.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
"I once got major gloat points when, less than two weeks after I had recommended UPSes as a safety measure to them , one of my company's customers lost upwards of $100,000 of equipment to a thunderstorm."
The thing I don't understand is.... what use is a UPS in a thunderstorm? Sure, if you have a power outage, you're fine. However, you're screwed if you have a power surge of any kind (particularly if you get a direct hit). Also, if the phone lines are down, or the phone lines get hit, your network will be screwed anyway...
*shrugs* maybe it's just me, but with over 1000 lightning strikes in an hour, I'm not surprised that the machine got hit hard...
Simon
Coming soon - pyrogyra
"ok i don't want to be all one sided here...but isn't this MS stealing from Apple again...didn't apple have the OSX client and server thing first. Now there is win2k client and server...comeon...how gay."
Try looking at the history of these things -- OSX only came out recently; MS has been working on Terminal server/client since at least 97 (which is when they licensed the WinFrame technology from Citrix).
Provided, of course, that that's what you're talking about.
Coming soon - pyrogyra
MSNBC and ZDNet have a content sharing agreement; on MSNBC if you look at the top of the article [at the ZDNet logo] (and the copyright at the bottom), you'll see that it's a ZDNet article being published on the MSNBC site.
So that's why the articles look similar - they're the same article!
Simon
Coming soon - pyrogyra
But don't shift the blame for the integrity of your server based on weather. How long your server stays up is based upon (sit down now) your CODE!!!
.. shut everything down and let's go home![/sarcastic voice]
Not if it's raining out side geez.. So will the world get a guarentee that W2K will be stable only when it's sunny outside -with a slight breese- while I rub my stomach and pat my head??? Power failure is NO excuse...
Every major hi-tech company has a redundant power supply. How many millions does a large company loose if there's a surge or an outage. Don't tell me that when the power goes out in Redmond everyone takes the day off cause the MS campus has no power?
[sarcastic voice] ohh... is that thunder
6. "Time Out" Rule for bad weather conditions
"...you're screwed if you have a power surge of any kind (particularly if you get a direct hit)..."
You're wrong. Go look at APC's web site and you'll see that all of their UPS's protech brownouts, blackouts, and surges up to several thousand volts or more, and most of them even come with a warranty that pays you if your stuff gets fried.
The cheapest UPS you can buy is usually better than just plugging in your computer!
LOAD "SIG",8,1
LOADING...
READY.
RUN
Whoever cracked Microsoft's router, play nice and put it back the way it was.
Though even experts in the field disagree on exactly the best conditions, general concensus is that the best software is the result of a mild season with moderate rainfalls separated by relatively dry periods, and aging in casks made out of Tiki wood which has previously held fine literature.
The casks should be turned at least once a fortnight, to ensure that no bits have become lodged in the crevices.
Upon bottling (preferably into extremely flat, aluminum flasks), the barrel residue can be separately processed into a second aging batch. The result will be slightly more refined, and should be served in smaller SP glasses (for "Service Packs" -a term of uncertain origin). These are not typically available in cases, and are much prized by collectors.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
Well, actually I haven't seen Titanic for obvious reasons, but I see similarity anyway (after watching far too many Discovery Channel shows about it...blah blah). Build the best there ever was, say it's un(crash/sink)able, and risk lives(reputation? haven't they done that already?) on it. The REAL problem here is that there won't be a nekkid chick being painted in the movie about MS's downfall. There is still the Super Duper Bonus: Celine Dion won't sing about MS.
Haven't they ever heard of a decent UPS? Even I have a mid-grade UPS. You'd think Bill G could just put one on his corporate credit card ...
Will in Seattle
Oh, ok, Redmond. But we had storms here in Seattle and our UPS worked fine. No backup generators like they have, either.
Seriously, if you can't hack the rain, move back to New Mexico, Bill.
Will in Seattle
That's 24 minutes uptime per week, 7 hours a year, and 99% downtime.
Far exceeeding usual MSFT standards.
Will in Seattle
(Sorry, couldn't resist the Darth Sidious quote) NT 3.51 was certified, and I believe that 4.0 is still undergoing testing (although I'm not positive it's ever even been submitted). Microsoft is breaking something here, if not fradulent advertising laws they're breaking their agreements with the certification authorities. And yet... for some reason... they're allowed to get away with it. Hmm. Wonder why? I admit, it'd be interesting to see how a class action false-advertising suit against MS would fair. Wraith "I was with Al Gore in the early days of the Internet. To this very day the Internet runs on many algorithms."
Arithon
"Trying to explain his technological approach to divisive issues, Al Gore has to delay a telephone interview twice because of problems with his cell phone."
-- Wall Street Journal
I think this just puts a modern spin on what fire-and-brimstone preachers have been saying for decades... God is the ultimate hacker. Phear G0D!
MS better get something in the rules about "acts of god" real quick - I'd expect floods or locusts next. ;)
Hey all,
Well I must admit that the excuse on the weather is about one notch up on BR's "Wrong type of leaves on the line" excuses...
However, I for one am glad that two of the main news site (for me anyway) have picked up the story and publically denounced. What did Microsoft honestly expect ? A wave of applause and motivation from possibly the most anti-Micros~ group of people ? They chose to ignore the fact that crackers have previously ignored high-profile offers from the media, even with an incentive. Surely the whole point of cracking is for the thrill and the fun of being able to get in ? I wouldn't know, of course, but being paid for it is more likely to make it a chore.
What are the odds that come the press release -
"Windows 2000 stood up to x hackers trying to hack the system blah blah blah"
Before people go lambasting them, I HAVE heard from several people, some of which work for ISPs, that an extremely nasty and rare electrical storm DID occur, and DID cause some urban electrical outages, which is very rare for the area. MS may have been affected.
Now when they bring it back up under normal whether and it falls over dead, THEN you can resume.
P.S. I'm not a MS troll...
It's 10 PM. Do you know if you're un-American?
What interests me most about this story on ZDNN is that it uses Slashdot as a source of news information.
While Slashdot is basically Press Releases for Nerds and their reaction to those press releases, ZDNN (I would imagine one or two beat reporters) considers it a viable source of opinion for a "community."
While it is neat to be able to so directly influence a respected news organization, it is kind of unsettling that the collective opinions of people overreacting to press releases are considered gospel opinion for the open source, geek, or digerati community.
Personally, I would prefer that ZDNN find another way, probably more time-consuming, I admit, to gauge the opinion of what they consider Slashdot to represent. At least for a while.
Or maybe the Slashdot user community should spell out exactly who they are in some sort of declaration. Are we nerds? Are we IT professionals? Are we the technocracy? Do we speak for the open source community? Like it or not each of those has different implications, but I'd rather pin ZDNN down to one of them than to just gauge unscientifically the reaction to a given news event based on a handful of fanatical ACs that managed to have an opinion stuck somewhere in their "first post."
Who are we? None of the above, I expect. So why should ZDNN feel so confident in using Slashdot as a reliable source?
I don't need large brains to have a good time.
ok i don't want to be all one sided here...but isn't this MS stealing from Apple again...didn't apple have the OSX client and server thing first. Now there is win2k client and server...comeon...how gay.
JediLuke
JediLuke
-Do or Do Not, There is no Try
There are more than a few things wrong with the lightning story.
1 015849,00.html) that the machine was up, but operating strangely and that it had to be rebooted a couple of times. This was before the "lightning" episode, and the long-duration outage had two different explanations out of Microsoft (lightning was one, a "known bug" was the other).
1) If lightning took out the installation, why did the DNS entry disappear during the downtime? That's on a disparate system and it had to have been removed manually. The only reason for doing that is that you don't want people hitting the machine (which would have been impossible anyway if the router were the problem). So, ask yourself, why not?
2) If lightning took out the router, why was the router responding but not the machine (according to reports during the downtime). This is in direct conflict with Microsoft's explanation.
3) Isn't it unusual that after an external network failure they found it necessary to reconfigure the machine? (http://www.news.com/News/Item/0,4,40185,00.html, last paragraph)
4) PC Week reports (http://www.zdnet.com/pcweek/stories/news/0,4153,
5) News stories (see previous CNet link) claim that an application (guest book) on the server had been changed. Microsoft brushes that off as "that's an application, not Windows 2000." Maybe so, but it sounds like a security compromise to me.
I think the lightning story is bullshit. I think the server went down almost immediately after people started pushing it, *and* that people got in and screwed with it. The story is there to make it look like an act of God, not an embarrassing failure.
Seriously, doesn't it seem awfully coincidental that lightning took out a critical system (but NOT their actual server -- according to Microsoft) within hours of the challenge? I mean, what are the odds of that? Keep in mind that this router had to have been inside a datacenter, and typically those datacenters are usually well protected against that kind of thing.
The story seems fishy to me, like they're lying to us because their bluff got called.
jim frost
jimf@frostbytes.com
if i had moderator points..this post would be -1.
first of all, MS didn't "steal" the server client/server from Apple. windows nt workstation (client) and nt server (server) have been around for a while.
and to top off the ignorance you attack apple with un-based homophobic remarks.
geez.
...
Bitchslapped? Give Rob a bitchslap from bitchslapped.com.
I was on course at Sun this week. The instructor said "It's not fair! If Solaris crashed as much as Windoze does, we'd have been out of business years ago, but they just seem to keep on getting away with it. Go figure!"
And did one of those ZNnet posters not issue a challenge to the "Unix Mafia" to have as much Chutzpah as Microsoft? Bah! Only Microsoft has the chutzpah to crash in public, nobody else would be able to get away with even the slightest instability.
"This is the Modern World that I've read about."
......The Jam
-M
Instead of wasting our time with this useless ploy when we could have been spending our time elsewhere on the net(mainly on /.), why not just have someone cream Gates with another pie in the face.
The net result is the same.
Hopefully I'm reading too much into this, but the
announcement seems to make it sound like you're
only welcome to attack microsoft's controlled
target machine, not even your own machines. This
almost sounds like a ploy to make UCITA sound
more palatable, but having a single MS-blessed
target machine is no substitute from being able to test on your own machines and publish the results!
More info about UCITA here.
Hopefully I'm reading too much into this, but the
announcement seems to make it sound like you're
only welcome to attack microsoft's controlled
target machine, not even your own machines. This
almost sounds like a ploy to make UCITA sound
more palatable, but having a single MS-blessed
target machine is no substitute from being able to
test on your own machines and publish the results!
More info about UCITA here.
I'm surprised that everyone has missed this, but the results of this 'test' are clear: W2K is secure. It's even secure regardless of firewalls!
After all, if it stays off-line enough no one will be able to get through.
Kudos to M$ for another job well done!
I once got major gloat points when, less than two weeks after I had recommended UPSes as a safety measure to them , one of my company's customers lost upwards of $100,000 of equipment to a thunderstorm.
(They had originally thought that UPSes were too expensive.)
The cake is a pie
tag. And BTW, I have neither a wife or a g/f, because that "H" stands for Heather.
from the article:
But potential testers barely got a chance to attempt to break Windows 2000's security system, as the test server Microsoft offered crashed, then remained down for most of the past 24 hours.
As we all said...
interesting to see The microsoft business practice take more interesting shades of crappy each turn. Damn it shits me.
"My best guess would be that microsoft.com is consisdered mission critical and is redundant in many different ways."
If ms.com was mission critical, it would be running on an IBM AS/400, just like their other mission critical systems, e.g. Billing.
Consultancy: If you're not part of the solution, there's money to be made in prolonging the problem
Sure, you /could/ blame RedHat, provided your boss doesn't know they didn't actually write Linux.
Actually, I feel the name credibility is far stronger than the accountability. How many cars have been sold simply on the basis that the purchaser's friend owned one, and thus the purchaser didn't do much reasearch into finding a superior one?
SirSlud
"Old man yells at systemd"
The machine isn't really getting ping flooded or having routing problems. They have a trained monkey watching the server logs and when someone gets in and starts to leave cracker foot prints, the monkey throws the power switch. If it isn't up for long enough, it can't be hacked. Now that's what Micros~1 meant by secure! You guys just don't give them enough credit for origional ideas!
BTW, I'm patenting my Secure Server Monkey idea, don't try to steal it or public license it.
Side note; do you really thing M$ is honest enough to admit to the media when this machine actaully gets cracked or will we see more exuses.
--Let's hack root on 127.0.0.1 --panZ
4. You can't do anything but browse the main web page in IE 5.0. Anything else wouldn't be fair.
5. You can't send any data at it. A 512byte packet would count as packet flooding.
Are they riding Open Source hype or are they getting ready to embrace and extend the Open Source term? I doubt it. I think that it is in competition with Sun, not with Open Source. Sun has been throwing the word "Open" around for years. OpenBoot, OpenWindows, blah blah. Is any of that Open Source? Didn't think so.
1T'S N0T A BUG, 1T'S A F3ATUR3. 1F W1ND0Z3 W0RK3D "0UT 0F TH3 B0X" TH3N LUS3RZ W0ULD N0T N33D MCSEs T0 H3LP TH3M. R3M3MB3R, TH1S 1S A S3RV1C3 1NDUSTRY.
:wq
:WQ
------ ------ ------
ALL HA1L B1FF, TH3 M05T 31337 D00D!!!!!1
------ ------ ------
ALL HA1L B1FF, TH3 M05T 31337 D00D!!!!!1
:WQ
------ ------ ------
ALL HA1L B1FF, TH3 M05T 31337 D00D!!!!!1
------ ------ -
It's that new online weather checking modules written into the logon and authentication routines. If you attempt to log on locally it checks MSN Weather for your location and if you guess wrong it assumes you are a hacker trying to access the machine remotely. They dont know how to do source address checks over in redmond and Radius is out of the question.
Blah Blah
www.mp3.com/Undocumented
The average uptime before reboot on www.windows2000test.com is 14.4 hours.
This does not even count the router failings due to poor star and astral body alignments.
Kspett
Kevin "Cash Money" Spett
Ignore your rights and they go away.
I read this page a few hours ago today, and one of the most interesting passages said that, although MS was blaming "router problems" for the outage, that all tests (presumably by ZDNet) of the router showed it to be and to have been perfectly functional. (I'm paraphrasing, can't recall the exact wording but i'm NOT embellishing the meaning of the words... that's what it said.) THIS TEXT IS NO LONGER ON THE ARTICLE.
Let the speculations begin...
25% Funny, 25% Insightful, 25% Informative, 25% Troll
I would like to official take respnosibilty for cracking the W2K test site. I used a new method called 'stealth psychic brute force' where by the sheer force of my will I was able to bring the site. It was my telekinesis that caused the lightning in Seattle that lead to this disaster. I personally willed the electrons along the path towards the machine. When these electrons travelled through the processor controlled by W2K code the crash occurred. If these electrons did not flow into the machine, it would not have crashed. I understand Microsoft is evaluating this type of attack and will release a hotfix to fix it. This hotfix is rumoured to recommend that the machine be unplugged in high load situations.
Share bicycle touring info worldwide: http://wheretocycle.com
Steve 'Nephtes' Freeland | Okay, so maybe I'm a tiny itty
A network error occured: Unable to connect to server ...
How's the weather up there today?
("Mst Cloudy" with scattered showers early this afternoon, otherwise partly cloudy).
Guess that excuse won't work this time.
D
----
I seem to recall reading several comments that BackOrifice got installed on the machine. They're trying to sweep that under the rug by implying that the thunderstorms killed the server.
Nice try, but I think it's important to note that in a test where they held all the marbles, the relatively small part of the Slashdot community that took the test seriously had little trouble getting in.
After all, if it was just thunderstorms, they'd be repeating the test now - right?
D
----
Rules of engagement:
1. Sitting back and waiting for the machine to crash by itself doesn't count.
2. If it does go down by itself, it's for periodic (every half hour) maintenance.
3. It's not a crash, it's a prank paging.
I guess this is what happens when you leave the contest open to EVERYBODY...
Eternal struggle between good and evil, anyone?
+&x
Over the years, I've becomme convinced that in software industry terms, "beta" simply means "we haven't started selling this version yet". All software is in development, or "beta", even after it is released to the store shelves. The only difference is semantics.
I'm pretty sure MS has put out their "release candidate" of W2K now. If so, they should be pretty darned close to "stable" as its going to be. Furthermore, lets remember that this is a Microsoft installation on Microsoft picked equipment. This is not some untraned admin trying to install W2K on some obscure hardware. If Microsoft themselves are unable to put out a stable test case, what does that say about W2K? This comes to the second point...
If MS' technology is not ready to be publically viewed "up on the internet", why are they launching an obvious publicity stunt on it?! This shows a serious lack of judgement.
Granted, this all might be just bad luck for Microsoft. But "unstable beta software" and "thunderstorms" hardly explain it away.
MS set up a nice little publicity snare and promptly stuck their foot in it. Expect the Marketing department to roll in and declare that they're not twisting in the air by their foot, but are actually flying.
Sun may be pretty "open" with their use of "Open" but it's not their invention or monopoly. Lots of the over30's may remember the whole "Open Systems" corporate Unix related hoopla of the late '80's, it comes from that.
Open Software Foundation (hence OSF/1 if you dinna recall eh), OpenWindows, OpenLook, it's all corporate speak for "Our Unix is Open, but it's better than their Open Unix."
And BTW, OpenWindows came from Openok which was an AT&T development picked up and mutated by Sun, not something Sun came up with on their own.
If you ask me, MS is being terribly retro with this allusion to 80's era Open Systems Computing whilst peddling a Closed System. In that respect, they're very similar to those OSF corporate suits.
-M
Is anyone else getting nervous about how M$ is starting to pepper their press releases with the term 'Open' more and more. They are pushing for Open messaging standards, their W2K site was an Open test.
Are they riding Open Source hype or are they getting ready to embrace and extend the Open Source term?
Microsoft has been shooting themselves in the feet for years now. Tests like these won't bring the giant down and won't cause their meat and potatoes market segment (ie the business peeps who make the tech decisions) to wither away.
/supposed/ to crash on a regular basis. Obviously this kind of marketing won't turn a Linux user into a Microsoft user, but I highly doubt you could find anyone who's looked at the past few months of scrambling my Microsoft and decided to switch to Linux.
/can't point at anyone/ when something goes wrong. This is what makes the business people shy from it. There's no one to blame when it fails. What they completely disregard is the fact that Linux will fail you far less often than WinSomething and that when it /does/ fail, you can /fix it/.
No one is surprised that the test box crashed. I mean, people who've been using Microsoft machines for years think computers are
The only real reason people switch brands in the tech world is accountability if you ask me:
(1) If you're running Windows and someone hacks/crashes your box, you just tell your superior that it was Microsoft's fault. You can tell him lots of big companies use it (business types love name dropping) and so its not your fault something went wrong.
(2) If you're running Linux you
Just my social take on this whole mess.
SirSlud
"Old man yells at systemd"
In a C2 configured system, auditing system of Windows NT provides an option to the administrator to shut down the system when security audit log is filled up. To enable this, use the following key value in the registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Lsa:
Type: REG_DWORD
Value: 1
With this setting, the system will shutdown itself when the audit log full is detected. The value in the registry is reset to 2. When the system is rebooted, it only allows the administrators to log on to the machine (locally or remotely). They will be required to clean the audit log (or archive it), reset the value to 1 and reboot the system before any other user is allowed to log on.
The log is whatever size the administrator chooses. By default, the logs are limited to 512KB (Max setting 4,194,240 KB), and events older than 7 days get overwritten (this can be turned off). It is very easy to change these settings, and obviously Microsoft has done this. Then (as above) NT automatically crashes when any of the event logs fill up (System, Security, or Application).
For those of you interested enough to read this document, it is referring to NT4 service pack 0. A lot of the holes that it would have you manually patch are automatically fixed when you apply the various service packs. (Remote access to the registry, for example.)
My favorite quote from this .doc: "...the default out-of-the-box configuration is highly relaxed, especially on the Workstation product. This is because the operating system is sold as a shrink-wrapped product with an assumption that an average customer may not want to worry about a highly restrained but secure system on their desktop..."
I'm sorry, these pictures are so good I gotta post a link again. Hey, it deals with NT security, right?
Note: I'm not a MCSE, but I play one at work.
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
A Microsoft spokesperson attributed some of the difficulties to thunderstorms in Seattle on Tuesday but had no comment on the site's status by press time.
Ok, I am really impressed by this guy. I've been working in this industry almost twelve years now, I have not once thought to blaim problems with my software on the weather. I'll have to remember this.
"Sorry, boss. The weather was too dry when it went to QA".
The cake is a pie