Slashdot Mirror

← Back to Stories (view on slashdot.org)

AP Story on Linux and W2k Cracking Contests

Posted by CmdrTaco on from the stuff-to-read dept.

StirFry writes "The AP Wire has this story about the whole crack Windows 2000/crack LinuxPPC situ. And they even use and define the term 'crackers'. Best bit: 'But a log posted on the computer showed at least nine crashes caused by problems with Microsoft software, not the weather. Questioned about that, the spokeswoman said the computer was expected to be off line for some periods of time ``as customer feedback is assessed and integrated into the system.'' " Apparently the Linux box is still standing.

20 of 205 comments (clear)

  1. Re:Not any apology for M$... by dillon_rinker · · Score: 2

    What we should look for here is MS' marketing message: We can't cope with managing one machine receiving high traffic while enduring a little foul weather? We hired tech people who can't configure a server to stay up reliably. We are unprepared.

    Yeah, I agree. Some people at MS are going to lose their jobs over this. Perhaps then they'll be able to come in from the cold...

  2. Re:uhhhhh by dattaway · · Score: 2

    Thank you for wishing me a better life as I enjoy opening documents and not having to worry about viruses. I enjoy a better life without rebooting and downtime every time I wish to install something. Thank you for understanding.

  3. Re:uhhhhh by dattaway · · Score: 2

    Reboot? Crash? What's the difference? Its all downtime to me. So much for increased stability. That's what you get for selling yourself to closed source.

  4. apparently life is really boring for a lot of you by jhoffmann · · Score: 2

    if you need something like this to work yourself up over, i feel sorry for you.

    this is just another in a long line of publicity stunts that MS is trying to pull off. remember "scalability days" (i think that's what they called it)? terraserver? now this cracking test?
    it's astounding that people have such short memories, but that's the way things works. each of these three displays fizzled at first, then they got swept under the carpet. the problem is that if it's a win for MS, it's a _big_ win because they can market the hell out of it. if not, somehow they make everybody forget about it. (maybe they have one of those memory-eraser things from "Men In Black" - heck, all those billions of R&D have to go somewhere. i don't thing they've ever actually pulled a product out of R&D, it's all copying/embrace & extend).

    anyway, some things:

    1) the contention that it's beta software -- if it's beta, then don't expose it to a huge media frenzy. if you jump into the fire without an asbestos suit, you're going to get burned.

    2) this is such an invalid test, i wouldn't be surprised if was being administered by mindcraft. i mean, come on, who thinks they're actually going to see any valid test results from this. i feel sorry for anybody who actually takes this test to be a test and not a stunt.

    3) the volume of attempts on NT vs the LinuxPPC box have got to be skewed so horrendously that this comparison shouldn't even be brought up by any respectable reporter without finding out what that difference is and reporting it.

  5. Not any apology for M$... by InThane · · Score: 2

    ...but the weather here on Tuesday and Wednesday was spectacular. At some points the lightning bolts were coming so fast and furious that instead of hearing individual blasts of thunder, they were coming down in a continuous roar that never faded out. Scary, exhilarating, exciting, and my power never went out. We NEVER get weather like this in Seattle - supposedly over 1000 bolts touched down Tuesday night alone!

    This is no apology, though - 9 unscheduled non-weather related downs, and they blame it on the weather? Morons.

    --
    InThane
    1. Re:Not any apology for M$... by remande · · Score: 2

      To those at MS who set up this test: Linux is currently (in fact, always) accepting converts. It is never too late.

      --

      --The basis of all love is respect

  6. Check out the site... by jammer+4 · · Score: 3

    Just checked in on http://crack.linuxppc.org. It's getting quite a few hits. I love the one status update though:

    Aug 6 1999 part 4 12:38AM CDT:
    At a rate of 2 million packets per hour/ someone appears to be using a brute force method to guess the passwords. Does this kind of attack count? Unfortunatly, they are trying to telnet in as root :) D'oh!

    Gotta love it...

  7. Re:uhhhhh by dattaway · · Score: 2

    People don't seem to understand why I hate Microsoft so much. They always insist its the hardware or user problem. Bad motherboards, network cards, or a clueless administrator. Well, if that's the MS way of putting the blame on perfectly good resources, they need to wake up. Seems like when you deal with NT, you make a deal with the devil and have hell to pay when things go south...

  8. There's another W2K challenge out there. by Shoeboy · · Score: 3

    Managers challenge developers to get work done using Windows 2000
    SEATTLE In a move that sent tremors of fear through the programming community, project managers across the country have begun challenging their developers to write code on Microsofts new flagship operating system, Windows 2000. The challenge has not been well publicized - most developers only find out about it after being shown a box running Windows 2000 and being encouraged to get to work. The prize for victory is continued employment. So far nobody has successfully completed the challenge, although there have been several notable failures.
    "It was awful," complained unemployed programmer Greg Andrews, "I couldn't do anything. I slipped further and further behind schedule until my PM decided I wasn't up to the challenge and gave me the axe."
    Several industry analysts blamed these failures on one of the ground rules laid out in the challenge - PMs refuse to allow hardware upgrades for W2K users despite the fact that it requires at least 256Mb of ram and a PIII-500 for reasonable performance. The analysts speculate that the challenge could still be completed if not for a few 'features' Microsoft included in order to make the challenge more, well, challenging. First off, is the extensive use of wizards, wizards are programs that require the user to navigate through a dozen dialog boxes in order to change even the most trivial of settings. Secondly, W2K makes extensive use of MMC a specialized tool designed to aggravate users accustomed to keyboard shortcuts.
    "We aimed these inovations at administrators mainly," admitted a Microsoft spokesperson, "but we're pleased to note that all users of W2K have found their productivity reduced by these tools. Wizards and MMC are part of our Zero Administration Windows initiative whereby we make administration of windows such a nuisance that nobody tries it."
    Still, many developers are hopefull that they will be able to complete the W2K challenge. Observered one developer, "I'm three weeks behind schedule right now, but I just discovered that if I disable the networking services and everything that depends on them, I free up just enough memory to allow me compile my 2500 line program in under 10 minutes. I might still have a job next week."
    --Shoeboy

  9. Realisticly by BadlandZ · · Score: 2
    The second they turn on fingerd (which they might if all other cracking attempts fail), someone can grab some usernames. At that point, there is hope at something like this, but not until then. But even still, if you assume a 7 charcter password that is all lower case text (24 possable characters), ther is still something like 200,000,000,000,000,000,000 possable combinations for passwords, isn't there? (what is the statistical calculation here, I forget, 7^24? or 24^7 or something, which would still be 4,500,000,000 combinations...)

    I should dig out my statistics book, and count up how many usable characters there are for passwords... Then maybe time a login attempt from a fast connection... Hmm. Well, as long on the up side, I suppose you could run a mulitple attempts to login at once and cut the time needed down drastically. Anyone actually know what the right calculation is, and what the results are for number of possable passwords and potential time required is?

    1. Re:Realisticly by BadlandZ · · Score: 2

      Actually, there are upper, and lower case characters, and numbers, and symbols, so, there are definately over 50, maybe somewhere around 75?

  10. Idiocy by Shoeboy · · Score: 2

    Observered? Yikes. I meant Observed. All other spelling and grammar errors are intentional.
    --Shoeboy

  11. More than 64^8 actually by BadlandZ · · Score: 2

    I don't think that is accurate... I think you can use the symbols too now, like !@#$%^&*() in your passwords, so that's another ten at least. So, maybe fingerd won't matter much if the password is creative enough.

  12. 10E95 potential passwords. by BadlandZ · · Score: 2

    rob@water:~/ $ wc file.txt
    1 1 95 file.txt
    rob@water:~/ $ more file.txt
    abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV WXYZ1234567890-=`[]\;',./~!@#$%^ &*()_+{}|":?

    So, that's 95, and I just tested something, I can easily set a 10 character password, so... 10^95 potential password possabilities, assuming you stay under 10 characters.

    Hmmm.... I just decided to change all my passwords to a really long string!

  13. /etc/securetty by coyote-san · · Score: 2

    For all the NT Admins breathlessly reading Slashdot to learn about The Opposition....

    This is a major "D'oh!" since most (all?) distributions are configured so that telnetd *won't* allow "root" to log in over the network. Knowing the root password and a couple bucks will still only get you a cup of Starbucks coffee. "Root" is only permitted to log into a system from ports listed in the /etc/securetty file, and someone would have to be unusually braindead to add network ports to that file. (The normal procedure is to log in as a regular user, then 'su' to "root.")

    Bottom line: a brute force attempt to telnet in as "root" has absolutely no chance of succeeding. The fact that someone is trying it simply highlights their own ignorance.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  14. Or is it 95^10 = 5.98E19? by BadlandZ · · Score: 2

    Hmm that sounds more realistic, 5.19E19... Still would take a while to brute force it, even with a username.

  15. A little off topic by DanaL · · Score: 2

    I don't mean to go off on a tangent, but it's great to see that Linux reporting seems to be getting more and more accurate. You used to have to wince a lot at the misconceptions and errors that showed up in news articles about Linux, but this one summarized things well and I didn't see any glaring mistakes.

    It's nice to see!

  16. Re:Sad. by edgy · · Score: 2

    You're still missing the point. The fact that you have source means you're never dependent on a vendor (i.e. Microsoft) to fix a problem with the code. You don't have to wait for a service pack. You can hire someone to fix it yourself if it's not important enough to anyone else.

    And that's one of the biggest benefits of open source in this case.

  17. I can't believe its not BETA! by _Sprocket_ · · Score: 2
    I kind of brushed on this in a previous post. Allow me to re-hash the main points...

    It's not your father's Beta.
    The term 'beta' has been dilluted, if not completely nullfied, by current industry actions. Commercial software these days never actually stops being developed. The progect just gets published and sold (sorry, 'licenced') to consumers; even with known "issues" (read: bugs). As a consumer, you hope that the software house you purchase products from is willing and able to put out fixes for these bugs at a, hopefully not-so, later time. Microsoft does it. Netscape does it. It's standard practice. Now, in a more development-centric environment (where Marketing doesn't control the progect) such as your favorite Open Source progect... "Beta" might actually mean "there's known bugs here that we want to fix before we say it is 'ready'".

    Breathe in... release.
    Microsoft's W2k progect is now in its final stages. They've released a "release candidate" to their testing public. I would hope this means they're pretty sure they are close to a finnished product. Baring any suprises the massive amount of testers might find... its close to a done product. MS says this product is stable. Shouldn't it be?

    It's my party...
    This is Microsoft's show. They're the ones who went for the publicity stunt. Let's not forget that MS, for the most part, are greatly skilled at PR. So if they didn't think W2K was ready... if they suspected that it was still buggy and 'beta'... why did they pull a stunt to bring attention to this fact? And, again, if they knew it was unstable why do they not simply state that the product is 'beta'?

    ...and I can configure as I want to.
    An even better point is that Microsoft controlled the configuration of this test. They picked the hardware. They picked the software (including access to the world's best information source in the world on how to tweak a W2K installation- themselves). This was not some unskilled admin setting up a shaky configuration on obscure hardware. If MS, with their resources, can't keep W2K stable... who can?

    I said it before - MS tried to pull a quick publicity stunt and got stung by it. Badly. "Beta" hardly explains this one away.

  18. If it's not Mindcraft, it's CRAP! by Wah · · Score: 2


    Let them set up two servers, and we'll benchmark cracking protections. Wonder who would win?

    (crashing 9 times, laugh, laugh, laugh, cough, laugh)

    --
    +&x