And Microsoft Windows* is well over 90% of consumer desktops today. That doesn't invalidate Linux/KDE, Solaris/CDE, Mac/OSX... if anything it makes their development that much more important.
Mozilla is the same story... less share means more drastic need for a viable option.
I don't expect Mozilla as a browser to be anything big, but Mozilla as a platform is terrific... and a 1.0 release gives companies something good to target web design usability for. When Netscape 6.0 came out based on an early Mozilla it made our web UI design team cringe and has been a nightmare ever since.
I made a copy of the log on 2001-09-19T2019GMT-6 (about 36 hours later), deleted any portions of the log prior to the latest round of probes starting at:
[Tue Sep 18 08:17:26 2001] [error] [client 216.254.80.145] File does not exist:/home/groups/home/web/MSADC/root.exe
And then ran some basic numbers... this attack is definitely hitting me more than Code Red.
Well, technically speaking he -did- go to the media...:)They went to the FBI. Maybe he should have anonymously reported it to some other media faction and let them do with it what they will.
And before anyone gets upset at a slight amount of levity in this post, I've contributed to the case and I fully support him.
Even if he did break a law technically (not saying either way, we may never know for sure without examining the logs ourselves... hey... that would be cool), he did the Right Thing and I'm throwing my support behind him.
Damn, I went from one every hour to about one every 10 minutes... this is definitely hitting alot of folks since I have a DSL line with a pretty much unknown webserver.
I'm sending the following form letter to webmaster@, administrator@ and root@ of the reversed domain for anyone who I see sending me the request:
--------------
I noticed in my web server logs that your server tried to access a false web page today. This access is a signature of attacks coming from the Red Tape worm and it would appear you have an IIS server that is infected. The infected server (yours) then tries to contact other ISS servers to infect, generating the following request (the first IP address is the server that you have that is infected, though you may have many others with the same predicament):
[replace with the actual request]
###.###.###.### - - [19/Jul/2001:18:11:07 -0500] "GET/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 252 "-" "-"
NOTE: If this is a dynamic IP address and you are an ISP, the above request should be able to help you track down your customer and help them fix this issue.
I'm only providing this note as a warning so that you can try and patch your machine. My web server was immune to this attack, so I was not directly affected.
For more details about this worm, please see the following sites:
1) make sure you have all of the most recent service packs installed
2) make sure you have all of the available critical updates installed
3) install this patch:
http://www.microsoft.com/technet/treeview/defaul t. asp?url=/technet/security/bulletin/MS01-033.asp
4) reboot
NOTE: I do not have a Windows IIS webserver with which to verify the above instructions, so I can't guarantee it will work, but the above practices should be done on a regular basis (if they had been done, including installing the patch mentioned, your web server would not have been compromised to begin with).
I was in beta4, too, and suffered many of the major problems.
The beta test wasn't just to beta test the game. It was to beta test the web servers, the registration server, etc, etc, etc.
Those people who weren't able to download were needed to show where the web/ftp servers needed to be beefed up. People who couldn't register their game showed where the bugs were in the registration system. People who couldn't log in showed where the login systems were paltry.
They -did- participate in the beta, perhaps in some of the most important ways.
I admit, the game got released about 2 weeks early, but FunCom didn't charge for those 2 weeks and has stated they will do "something" (no clue what) for those people who ate the disconnects and such the first week.
Now that it's out and playable, I definitely don't expect much free time. How could I resist a fully 3 dimensional MUD with thousands of PCs all online.
Yeah, it's alot to grab, but surfing through the various mirrors gave me a server in Belgium that was able to saturate my 768K sDSL link with no slowdowns... took about 2 hours to download.
The solution to the problem is to tell the authors (which he did) that they messed up a tag. "Better" browsers don't automatically correct mistakes so that the author doesn't continue to produce those mistakes. Otherwise there is no consistency as to how -correct- HTML is rendered.
I sent Quova a note saying I think it should provide a free sample of where they think your particular address is coming from. They replied with an Excel spreadsheet with 2 lines.
My domain is on the net via 4 static IPs on sDSL (Speakeasy + Covad). Sure enough, even though I'm in Nashville, TN, they showed me as being located in NYC (where my Speakeasy POP is located).
They probably have a good general idea of where a majority of addresses are located, but they don't have anything accurate. Unless you are actually located where your ISP's POP is, the service will not be able to target you.
I think that's a good and a bad thing, good as it may keep people from adopting the service (which I don't particularly like), but bad since once a company has chosen to use Quova for targetting ads, I'd rather get stuff that actually applies to me.
I've got Speakeasy sDSL service (768Kb/s, 4 static IPs, $150/month). Work pays for it so the cost is not a big issue.
Speakeasy itself was not a problem for the install, but BellSouth was... it took 2 months of me forcing the issue every day to get the line pulled. Dumb crap like my town's name (Mufreesboro) being spelled wrong on the application. It wasn't really spelled wrong, but BellSouth stores it internally as "MURFRSBRO" so it registered as a typo. That in and of itself added 2 weeks to the install.
Within 1 day of BellSouth drawing the line, a very helpful Covad installer came out, tested the line, refused to leave while my line was slow due to a bad route until Speakeasy corrected it 2 hours later.
Once that was done, I was online.
I had some pretty bad latency (I'm near middle Tennessee and was being backhauled to Seattle). I inquired about whether there were closer POPs. Turns out there was one in NYC and I was relocated... a bit too quickly since they emailed me and switched me the same day while I was travelling for work, essentially knocking my server offline for the week I was gone. I emailed explaining that any voluntary address reassignments should at the least be confirmed (especially since I had just asked "do you have one" not "would you please switch me"). I didn't get any response back.
Other than that one issue I have had no problems with Speakeasy... the service has been very solid. I do miss the 1.5Mb/s I got from Bellsouth aDSL, but it was pretty spotty service and my inbound speed was crap (usually 8-12Kb/s)... since I'm running services on my sDSL line that require incoming bandwidth, sDSL was the way to go.
Overall I would recommend Speakeasy. All the accounts I've heard of other DSL providers have been about the same or worse, especially for the cost ($150/month for 768K dedicated bandwidth and multiple IPs is quite good).
I'm a computer geek and a practicing Wiccan (sounds like an AA meeting:). I've been into computers since I was 12 or so (I'm 29 now). I've been searching for a religion for longer than that and spent alot of time researching many religions (Christianity, Judaism, Buddhism, etc). I never found anything in my childhood searchings that felt right so I spent many years developing my own ethics, morals and beliefs. I was fortunate enough about 4 years ago to meet a Wiccan (Gardnerian) Coven and quickly grew close to the group as I found the beliefs I held about the world and the ways I expressed myself in this regard were extremely similar. I'm not a convert (I have never claimed affiliation with a religion before), and I'm [I hope] quite sane and un-"wacked". I'm an initiate of my Coven and am very much not in the closet (I also don't flaunt my pentacle just to stress people out as I have seen other do when they seem like they have something to "prove"). My bosses and co-workers who have discussed religion with me have come away perfectly fine with my path. My family was concerned at first but has also come to grips with it just fine. I fully expect I'll be a practicing Wiccan long after I am no longer paid to write code and do demonstrations.
I am Wiccan and am definitely -not- a convert. I've led a pagan lifestyle my entire life, my parent's weren't Wiccan or Pagan (though they were mildly Pantheistic). I joined a Wiccan Coven a few years ago after alot of research as my first and, as far as I can tell, only form of organized (heh) religion. While many Wiccans have converted from other religions, none (that I know) are in any way coerced, which is often the context of the word "convert" in regards to religion.
Re:Its proponents would of course be called...
on
AtheOS
·
· Score: 1
The Cobalt Qube2 starts at an MSRP of $995 and can be found for well under $900
The Qube2 will allow you to do alot more development than the Interjet...
Sure, the Sun server is probably more reliable and faster, but show me where you can find a sun server for that $1500 that includes all the necessary services and the web-GUI
don't need the GUI? Able to make your own? Don't buy a Qube2 or an Interjet... you're not their intended market
Sorry to sound gritchy... been a long day and have a hangover:)
Maybe/. could begin a site caching service that, when an article published a URL (that was not dependent on dynamic code) that URL was cached for the life of the article and the link -actually- sent users to this cache on/.?
Frame it with a little "site cached by/. to prevent blah blah blah... click here to go to the original site".
I fly Northwest alot... my choices are usually American (cramped and stinky planes), Southwest (who wants to site backwards facing a screaming toddler and no lap tray), US Air (my preferrence), Delta (crabby employees) and Northwest (my second next to US Air).
I think alot of it depends on where you fly from... I fly from Nashville and there is no major hub here... the airlines tend to ignore service at airports like this one. The airport is nice, but until it has a hub we'll always get crappy routes, crappy planes and crabby employees.
The only thing I don't like about Northwest is trying to run for connections in Detroit where they are split between 2 terminals.
Ahh... CNN.com... sure, you don't see duplicate stories that often... but how about:
spelling errors
problematic grammar
bad facts
Of the two, I think I would hold CNN.com, who is the webfront for one of the largest communication companies on the planet, to a much higher standard than/.
"yahoo.com" was mentioned as an example and I didn't re-edit... it should be for any free webmail site that allows unregulated multiple accounts per person.
Yep... whoever flamebait:0'ed that post needs to have their moderating abilities revoked. Someone look up 2 parents to this message and remoderate it up?
Get a couple of other people who want to run the same sca^H^H^H program (blatant steal) and have them run ads on your site while you run ads on their site.
Perhaps something like an OpenSourceTaxRing... each person "pays" money to another site to run the ad and in return receives the same amount divided by the number of participants.
MS has changed from 16 to true 32bit? Wow... what service pack will update my Win98 laptop to this? Bah... they STILL have some 16bit crud. 32-64bit NT conversion is going to have to be either complete and immediate or they will draw it out over -years-.
Slashdot Mirror
And Microsoft Windows* is well over 90% of consumer desktops today. That doesn't invalidate Linux/KDE, Solaris/CDE, Mac/OSX ... if anything it makes their development that much more important.
... less share means more drastic need for a viable option.
... and a 1.0 release gives companies something good to target web design usability for. When Netscape 6.0 came out based on an early Mozilla it made our web UI design team cringe and has been a nightmare ever since.
Mozilla is the same story
I don't expect Mozilla as a browser to be anything big, but Mozilla as a platform is terrific
I made a copy of the log on 2001-09-19T2019GMT-6 (about 36 hours later), deleted any portions of the log prior to the latest round of probes starting at:
/home/groups/home/web/MSADC/root.exe
... this attack is definitely hitting me more than Code Red.
[Tue Sep 18 08:17:26 2001] [error] [client 216.254.80.145] File does not exist:
And then ran some basic numbers
[/tmp]# grep -i root.exe error | wc -l
1433
[/tmp]# grep -i msadc error | wc -l
1159
[/tmp]# grep -i '../winnt' error | wc -l
4827
[/tmp]# grep -i 'vti' error | wc -l
525
[/tmp]# grep -i 'default.ida' error | wc -l
21
Well, technically speaking he -did- go to the media ... :)They went to the FBI. Maybe he should have anonymously reported it to some other media faction and let them do with it what they will.
... hey ... that would be cool), he did the Right Thing and I'm throwing my support behind him.
And before anyone gets upset at a slight amount of levity in this post, I've contributed to the case and I fully support him.
Even if he did break a law technically (not saying either way, we may never know for sure without examining the logs ourselves
No one said it had to be -fresh- ... hopefully the forge was smokey enough to cover the stale smell.
Damn, I went from one every hour to about one every 10 minutes ... this is definitely hitting alot of folks since I have a DSL line with a pretty much unknown webserver.
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 252 "-" "-"
... http://news.cnet.com/news/0-1003-200-6617292.html
... http://slashdot.org/article.pl?sid=01/07/19/223024 6&mode=thread
l t. asp?url=/technet/security/bulletin/MS01-033.asp
I'm sending the following form letter to webmaster@, administrator@ and root@ of the reversed domain for anyone who I see sending me the request:
--------------
I noticed in my web server logs that your server tried to access a false web page today. This access is a signature of attacks coming from the Red Tape worm and it would appear you have an IIS server that is infected. The infected server (yours) then tries to contact other ISS servers to infect, generating the following request (the first IP address is the server that you have that is infected, though you may have many others with the same predicament):
[replace with the actual request]
###.###.###.### - - [19/Jul/2001:18:11:07 -0500] "GET
NOTE: If this is a dynamic IP address and you are an ISP, the above request should be able to help you track down your customer and help them fix this issue.
I'm only providing this note as a warning so that you can try and patch your machine. My web server was immune to this attack, so I was not directly affected.
For more details about this worm, please see the following sites:
News.com
Slashdot.org
To patch your server you should:
1) make sure you have all of the most recent service packs installed
2) make sure you have all of the available critical updates installed
3) install this patch:
http://www.microsoft.com/technet/treeview/defau
4) reboot
NOTE: I do not have a Windows IIS webserver with which to verify the above instructions, so I can't guarantee it will work, but the above practices should be done on a regular basis (if they had been done, including installing the patch mentioned, your web server would not have been compromised to begin with).
--------------
I noticed some of the "default.ida" accesses in my Apache server, too.
We can't do too much to fix the remote servers, but reporting it to the owners can't hurt.
I was in beta4, too, and suffered many of the major problems.
The beta test wasn't just to beta test the game. It was to beta test the web servers, the registration server, etc, etc, etc.
Those people who weren't able to download were needed to show where the web/ftp servers needed to be beefed up. People who couldn't register their game showed where the bugs were in the registration system. People who couldn't log in showed where the login systems were paltry.
They -did- participate in the beta, perhaps in some of the most important ways.
I admit, the game got released about 2 weeks early, but FunCom didn't charge for those 2 weeks and has stated they will do "something" (no clue what) for those people who ate the disconnects and such the first week.
Now that it's out and playable, I definitely don't expect much free time. How could I resist a fully 3 dimensional MUD with thousands of PCs all online.
Yeah, it's alot to grab, but surfing through the various mirrors gave me a server in Belgium that was able to saturate my 768K sDSL link with no slowdowns ... took about 2 hours to download.
The solution to the problem is to tell the authors (which he did) that they messed up a tag. "Better" browsers don't automatically correct mistakes so that the author doesn't continue to produce those mistakes. Otherwise there is no consistency as to how -correct- HTML is rendered.
I sent Quova a note saying I think it should provide a free sample of where they think your particular address is coming from. They replied with an Excel spreadsheet with 2 lines.
:)
My domain is on the net via 4 static IPs on sDSL (Speakeasy + Covad). Sure enough, even though I'm in Nashville, TN, they showed me as being located in NYC (where my Speakeasy POP is located).
They probably have a good general idea of where a majority of addresses are located, but they don't have anything accurate. Unless you are actually located where your ISP's POP is, the service will not be able to target you.
I think that's a good and a bad thing, good as it may keep people from adopting the service (which I don't particularly like), but bad since once a company has chosen to use Quova for targetting ads, I'd rather get stuff that actually applies to me.
Ah well
I've got Speakeasy sDSL service (768Kb/s, 4 static IPs, $150/month). Work pays for it so the cost is not a big issue.
... it took 2 months of me forcing the issue every day to get the line pulled. Dumb crap like my town's name (Mufreesboro) being spelled wrong on the application. It wasn't really spelled wrong, but BellSouth stores it internally as "MURFRSBRO" so it registered as a typo. That in and of itself added 2 weeks to the install.
... a bit too quickly since they emailed me and switched me the same day while I was travelling for work, essentially knocking my server offline for the week I was gone. I emailed explaining that any voluntary address reassignments should at the least be confirmed (especially since I had just asked "do you have one" not "would you please switch me"). I didn't get any response back.
... the service has been very solid. I do miss the 1.5Mb/s I got from Bellsouth aDSL, but it was pretty spotty service and my inbound speed was crap (usually 8-12Kb/s) ... since I'm running services on my sDSL line that require incoming bandwidth, sDSL was the way to go.
Speakeasy itself was not a problem for the install, but BellSouth was
Within 1 day of BellSouth drawing the line, a very helpful Covad installer came out, tested the line, refused to leave while my line was slow due to a bad route until Speakeasy corrected it 2 hours later.
Once that was done, I was online.
I had some pretty bad latency (I'm near middle Tennessee and was being backhauled to Seattle). I inquired about whether there were closer POPs. Turns out there was one in NYC and I was relocated
Other than that one issue I have had no problems with Speakeasy
Overall I would recommend Speakeasy. All the accounts I've heard of other DSL providers have been about the same or worse, especially for the cost ($150/month for 768K dedicated bandwidth and multiple IPs is quite good).
I'm a computer geek and a practicing Wiccan (sounds like an AA meeting :). I've been into computers since I was 12 or so (I'm 29 now). I've been searching for a religion for longer than that and spent alot of time researching many religions (Christianity, Judaism, Buddhism, etc). I never found anything in my childhood searchings that felt right so I spent many years developing my own ethics, morals and beliefs. I was fortunate enough about 4 years ago to meet a Wiccan (Gardnerian) Coven and quickly grew close to the group as I found the beliefs I held about the world and the ways I expressed myself in this regard were extremely similar. I'm not a convert (I have never claimed affiliation with a religion before), and I'm [I hope] quite sane and un-"wacked". I'm an initiate of my Coven and am very much not in the closet (I also don't flaunt my pentacle just to stress people out as I have seen other do when they seem like they have something to "prove"). My bosses and co-workers who have discussed religion with me have come away perfectly fine with my path. My family was concerned at first but has also come to grips with it just fine. I fully expect I'll be a practicing Wiccan long after I am no longer paid to write code and do demonstrations.
I am Wiccan and am definitely -not- a convert. I've led a pagan lifestyle my entire life, my parent's weren't Wiccan or Pagan (though they were mildly Pantheistic). I joined a Wiccan Coven a few years ago after alot of research as my first and, as far as I can tell, only form of organized (heh) religion. While many Wiccans have converted from other religions, none (that I know) are in any way coerced, which is often the context of the word "convert" in regards to religion.
Perhaps it's a comment on OS "religion wars".
Maybe /. could begin a site caching service that, when an article published a URL (that was not dependent on dynamic code) that URL was cached for the life of the article and the link -actually- sent users to this cache on /.?
/. to prevent blah blah blah ... click here to go to the original site".
Frame it with a little "site cached by
?
The URL you gave (http://self.sunlabs.com/) gives me:
... any alternatives?
Connection refused
Description: Connection refused
I would love to scope it out
ROFLMAO
...
Someone mark the parent to this up for Humor
(yeah, and mark this one down for being off-topic if you insist)
I fly Northwest alot ... my choices are usually American (cramped and stinky planes), Southwest (who wants to site backwards facing a screaming toddler and no lap tray), US Air (my preferrence), Delta (crabby employees) and Northwest (my second next to US Air).
... I fly from Nashville and there is no major hub here ... the airlines tend to ignore service at airports like this one. The airport is nice, but until it has a hub we'll always get crappy routes, crappy planes and crabby employees.
I think alot of it depends on where you fly from
The only thing I don't like about Northwest is trying to run for connections in Detroit where they are split between 2 terminals.
Ahh ... CNN.com ... sure, you don't see duplicate stories that often ... but how about:
Of the two, I think I would hold CNN.com, who is the webfront for one of the largest communication companies on the planet, to a much higher standard than /.
"yahoo.com" was mentioned as an example and I didn't re-edit ... it should be for any free webmail site that allows unregulated multiple accounts per person.
Yep ... whoever flamebait:0'ed that post needs to have their moderating abilities revoked. Someone look up 2 parents to this message and remoderate it up?
Get a couple of other people who want to run the same sca^H^H^H program (blatant steal) and have them run ads on your site while you run ads on their site.
... each person "pays" money to another site to run the ad and in return receives the same amount divided by the number of participants.
Perhaps something like an OpenSourceTaxRing
Revenue but outflow equals inflow.
- PC Power and Cooling "ultraquiet" PowerSupply.
- Silencer 80mm Fan (sold by someone else but made by PC Power&Cooling)
- CoolerMaster PIII Fan
... they list the noise level as 29dba - 24dba SECCII fan
I found these with AltaVista and GoogleMS has changed from 16 to true 32bit? Wow ... what service pack will update my Win98 laptop to this? Bah ... they STILL have some 16bit crud. 32-64bit NT conversion is going to have to be either complete and immediate or they will draw it out over -years-.