Please mail webmaster@netcraft.com with your hostname and it will be looked at. Detection is not 100%, but it would be unusual for an SSL server to have a Windows proxy server in front.
This is (another) reason not to install any of the many scripts that have been circulating for taking special action against worm probes - like the scripts intended to be installed as/default.ida to do Code Red logging/reporting (or even retaliation). Plenty of ISPs are now scanning for vulnerable machines, and if you make your machine look vulnerable then you'll have a job convincing them to unlock your account.
I know someone who ended up in this situation, and despite his protests that he was actually running Apache and couldn't be vulnerable, the ISP insisted that he "reformat his computer". In the end he was forced to admit defeat (and lie that he'd done so).
On another note, I wonder if the worm blackholeing program mentioned yesterday upsets the ISPs too...
I care. I'm the author of one of the GPL Doom ports, and we're prevented from sharing improvements between Doom ports effectively by this licensing mess.
Yes the licenses are a pain, but in this case they are very necessary, since several of the parties involved (Activision, csdoom author to name a couple) specifically don't want their code to be freely used. And I respect that. But when others are mixing this stuff with GPL code, this is a problem.
This has always been an unclear point. From the original license "The Software, together with any archive copy thereof, shall be destroyed when no longer used in accordance with this Agreement, or when the right to use the Software is terminated." So id reserved the right to terminate the license. But to my knowledge they never did so. They never threatened to sue anyone over it. It's a great pity they did not, as it would have saved much confusion and frustration.
Remember that the Doom community is mostly a group of windows-using-computer-gamer types. They don't understand or care much about licensing, anymore than I did a few years ago.
A few weeks ago I was talking to the csdoom author about his project and he didn't even know what the license on his project was. He still includes no license with his released work even now, AFAIK. Despite the fact this is required by all of the licenses of the code his project was based on. We had trouble convincing him to release source at all.
If Doom had been released under the GPL from the start, there would have been far fewer problems. As things stand now, some Doom engines are GPL'd, others are still under the old educational-only license. Throw in the Activision license (which would be a joke if it didn't hurt so much), and there is a lot of confusion.
An interesting related story.. Doom engines under the old Doom source license are of course not open-source, yet the csdoom project is hosted on sourceforge (http://csdoom.sourceforge.net/). After some weeks of complaining we've got the author to release the code, but it's still not appropriate content for sourceforge IMHO. I've emailed the sourceforge guys to no avail though... Comments?
Carmack never made anything public domain to my knowledge. He released the Doom source code originally under an educational-only license, then last year he re-released it under the GPL.
info libc,
File System Interface,
Temporary Files:
tmpfile(), mkstemp().
The docs for all the older, unsafe temp file functions all carry strong warnings. There's no good reason people should still be making mistakes with temp files.
It doesn't take a security expert to know that any default password is a bad idea. So it might be a victory for open source that it was fixed, but it's a big defeat for RedHat's quality control that the problem ever existed.
Slashdot Mirror
Please mail webmaster@netcraft.com with your hostname and it will be looked at. Detection is not 100%, but it would be unusual for an SSL server to have a Windows proxy server in front.
The main figures in Netcraft's SSL survey, as cited in the article, only count sites with a certificate from a recognised CA.
This is (another) reason not to install any of the many scripts that have been circulating for taking special action against worm probes - like the scripts intended to be installed as /default.ida to do Code Red logging/reporting (or even retaliation). Plenty of ISPs are now scanning for vulnerable machines, and if you make your machine look vulnerable then you'll have a job convincing them to unlock your account.
I know someone who ended up in this situation, and despite his protests that he was actually running Apache and couldn't be vulnerable, the ISP insisted that he "reformat his computer". In the end he was forced to admit defeat (and lie that he'd done so).
On another note, I wonder if the worm blackholeing program mentioned yesterday upsets the ISPs too...
Assuming that refers to this:
then that's an exploit for Code Red II infected machines, not the original Code Red.
Well if you're still vulnerable to those exploits then you should've turned them off months ago...
..and one of the Raven developers made a post on Doomworld, which was supposed to clarify their license, but just totally contradicted itself. Sigh.
http://mewse.alkali.org/licenses/ was just updated with Carmack's response. He confirms that the old license was not revoked.
Unless the license includes a clause allowing the copyrightholder to revoke it. Which the original Doom source license does.
I care. I'm the author of one of the GPL Doom ports, and we're prevented from sharing improvements between Doom ports effectively by this licensing mess.
Yes the licenses are a pain, but in this case they are very necessary, since several of the parties involved (Activision, csdoom author to name a couple) specifically don't want their code to be freely used. And I respect that. But when others are mixing this stuff with GPL code, this is a problem.
This has always been an unclear point. From the original license "The Software, together with any archive copy thereof, shall be destroyed when no longer used in accordance with this Agreement, or when the right to use the Software is terminated." So id reserved the right to terminate the license. But to my knowledge they never did so. They never threatened to sue anyone over it. It's a great pity they did not, as it would have saved much confusion and frustration.
Remember that the Doom community is mostly a group of windows-using-computer-gamer types. They don't understand or care much about licensing, anymore than I did a few years ago.
A few weeks ago I was talking to the csdoom author about his project and he didn't even know what the license on his project was. He still includes no license with his released work even now, AFAIK. Despite the fact this is required by all of the licenses of the code his project was based on. We had trouble convincing him to release source at all.
If Doom had been released under the GPL from the start, there would have been far fewer problems. As things stand now, some Doom engines are GPL'd, others are still under the old educational-only license. Throw in the Activision license (which would be a joke if it didn't hurt so much), and there is a lot of confusion.
An interesting related story.. Doom engines under the old Doom source license are of course not open-source, yet the csdoom project is hosted on sourceforge (http://csdoom.sourceforge.net/). After some weeks of complaining we've got the author to release the code, but it's still not appropriate content for sourceforge IMHO. I've emailed the sourceforge guys to no avail though... Comments?
Carmack never made anything public domain to my knowledge. He released the Doom source code originally under an educational-only license, then last year he re-released it under the GPL.
In reply to your second paragraph..
info libc, File System Interface, Temporary Files: tmpfile(), mkstemp().
The docs for all the older, unsafe temp file functions all carry strong warnings. There's no good reason people should still be making mistakes with temp files.
It doesn't take a security expert to know that any default password is a bad idea. So it might be a victory for open source that it was fixed, but it's a big defeat for RedHat's quality control that the problem ever existed.