Do any of the OpenSource CMS's scale well? For the longest time, I was going to release the one I wrote simply so I could give it the name OpenSTFU. What I discovered is that a lot of programming compromises have to be made to create a CMS that's flexible enough to fit the needs of many people. I eventually gave up trying to make something for mass-consumption, and kept my CMS private. There would easily be three times the amount of code involved to make it a reasonable choice for other people to use. In my experience, flexibility was synonymous with slow, since extra CPU cycles were needed on every page. The CMS suffered from trying to be a Swiss Army knife.
I'm sure some of that can be fixed with better programming and design, but is that happening with the free, modern CMS?
Hmmm, I still think I want a HotRod SE. The price is a bit high (they can be found for ~$150) but what you get in return is a very nice rig, for fighting games especially. It would definitely make those Street Fighter battles on Kaillera more fun.
CodeRed Information
on
Code Red III
·
· Score: 2, Informative
CodeRed - There were two versions of the original CodeRed worm, both of which were strictly memory resident and fairly tame, all things considered. Both of these will show NNNN's in your log files. You can find more information here.
CodeRed 2 - This is the worm we're seeing now, the one with the XXXX's in your logs. This worm seems to most frequently scan in it's own IP range (Class A I think?) So, if you're in the 24/8 range, you'll probably see a lot of scans from people using various cable providers. You can find more information about CodeRed 2 here.
So far, I haven't seen anything on the security sites confirming a 3rd version of this worm. The media has often used the term CodeRed3 to describe what is actually CodeRed2, the one giving us grief right now.
If a new variant of this worm does make it into the wild, it'll be interesting to see how quickly it can spread. It seems that a lot of hosts infected with CR2 give the error (403.9 Too many users connected) when you try to access port 80, which causes the eeye scanner to miss them, and apparently keeps them from being exploited by a new worm. It also keeps people from getting to the/scripts/root.exe that CR2 leaves behind as a backdoor. I'm not sure why IIS would give an error about too many users being connected when in reality, the number of CR hits are around 1-2 a minute. It's likely that the IIS process looks for the number of open sockets and then gives that message if there are too many sockets open. This would make sense since CR2 will open up ~300 connections in its attempt to spread.
It was also mentioned yesterday that NT4 servers that have been patched are still vulnerable to CR2 if they're using redirection. This seems odd to me, since the patch should have fixed a buffer overflow in idq.dll. If that overflow was fixed and IIS is still crashing, perhaps there is another buffer overflow that's showing up when it gets the long string from CR2 as part of the redirection. Just a guess on my part though.
Well, if you look at the graphs available at incidents.org you can see that this outbreak has been growing slowly, but the growth rate is substantial. It may not be the end of the Internet, but it's certainly something to keep an eye on.
If you haven't seen JP3 yet, and you want to actually read a real review of the movie and not the stupid shit that Jon Katz likes to spew out, then check out Roger Ebert's review. I think his review of JP3 is very well done.
Maybe this will send a message to the people using the 4.x versions of Netscape. Web design utilizing things like, oh, CSS isn't feasible if you don't want to alienate your Netscape audience. Rather than upgrade to something more suitable, (like Mozilla or IE) people seem to hold on to their old browsers and complain when things don't render properly.
I won't miss the Netscape browser, it's been a pain in the ass for far too long already. If any good will come from this, it's that it will force people to upgrade.
Every single experience I've had with wireless Internet has been very poor. I know of a few local companies that are ready to pull the plug because despite their best efforts, they can't make it work right, and it's hurting their reputation. In some situations, this could be because they're not doing things right. However, even big companies with a very clueful staff seem to have trouble making wireless work reliably. Are these companies failing because of quality of service issues? Is wireless technology flawed in it's current state?
To some extent, EFNet has become a victim of it's own design. I understand the argument about channel ownership, and opers not wanting to get involved in channel matters, etc. That's fine if you want to run things that way, but be prepared to accept the consequences. There are people out there that really enjoy their time in their favorite IRC channel, and get mad as hell when it's taken over and little can be done to get it back. Don't dare ask an oper to help, they're not there for that. So, people are left with very few options when they want to get something back that they feel belongs to them. It's kind of like having something stolen from you, knowing exactly who did it, and being able to do little in order to get your property back. Hey, if you can split a server, maybe you can ride the split in and get ops again!
Some attacks take place in order to get a server to split so that people can get their beloved channel back. But, probably the biggest reason servers are attacked is because of vanity. Yes, nobody wants to admit it, but having an O:Line on EFNet is a status symbol. What else is it, it's not like the opers HELP people. Don't give me any bullshit about needing those opers to help run the servers. I happen to know EXACTLY what is involved in maintaining a large IRC server, and it doesn't take 20 opers per server to do it. So, with a large number of useless opers sitting in their secret little elitist channels doing nothing to help, it's no wonder people take shots at them. The only time you actually hear from an oper is when they're throwing their weight around, or vanity killing people, or k:lining your bot that is so crucial to protecting your channel. So, not only do opers refuse to help, but they go out of their way to hunt your bots and the things you put in place to secure the channel that means so much to you. Is anybody surprised that IRC servers are DoS'd?
I don't know how to solve this. There are networks (like DALnet) that make every effort to help users, and to make IRC as friendly a place as possible. Still, servers there are attacked too, though probably not as frequently as EFNet. As long as one person is able to launch a DoS attack large enough to impact an IRC server, nobody will be safe. There are also people out there that derive some sort of pleasure from removing an IRC server from a large network. Perhaps they do it for bragging rights, so they can claim that they "owned" a server, causing them to leave a network. EFNet's problems could very easily be attributed to one person (or lame little group) with the desire to destroy the entire network.
Love them or hate them, Simutronics has done a good job of building and maintaining text based adventure games that have managed to stand the test of time. (10+ years!) I happen to be a fan of Gemstone, but they have several other games as well. For people that enjoy MUDs, it can be rather fun, especially when there are as many as 2000 people on at any given time. Hey, I hear they use Linux too.:-)
Slashdot Mirror
Do any of the OpenSource CMS's scale well? For the longest time, I was going to release the one I wrote simply so I could give it the name OpenSTFU. What I discovered is that a lot of programming compromises have to be made to create a CMS that's flexible enough to fit the needs of many people. I eventually gave up trying to make something for mass-consumption, and kept my CMS private. There would easily be three times the amount of code involved to make it a reasonable choice for other people to use. In my experience, flexibility was synonymous with slow, since extra CPU cycles were needed on every page. The CMS suffered from trying to be a Swiss Army knife.
I'm sure some of that can be fixed with better programming and design, but is that happening with the free, modern CMS?
Hmmm, I still think I want a HotRod SE. The price is a bit high (they can be found for ~$150) but what you get in return is a very nice rig, for fighting games especially. It would definitely make those Street Fighter battles on Kaillera more fun.
CodeRed - There were two versions of the original CodeRed worm, both of which were strictly memory resident and fairly tame, all things considered. Both of these will show NNNN's in your log files. You can find more information here.
/scripts/root.exe that CR2 leaves behind as a backdoor. I'm not sure why IIS would give an error about too many users being connected when in reality, the number of CR hits are around 1-2 a minute. It's likely that the IIS process looks for the number of open sockets and then gives that message if there are too many sockets open. This would make sense since CR2 will open up ~300 connections in its attempt to spread.
CodeRed 2 - This is the worm we're seeing now, the one with the XXXX's in your logs. This worm seems to most frequently scan in it's own IP range (Class A I think?) So, if you're in the 24/8 range, you'll probably see a lot of scans from people using various cable providers. You can find more information about CodeRed 2 here.
So far, I haven't seen anything on the security sites confirming a 3rd version of this worm. The media has often used the term CodeRed3 to describe what is actually CodeRed2, the one giving us grief right now.
If a new variant of this worm does make it into the wild, it'll be interesting to see how quickly it can spread. It seems that a lot of hosts infected with CR2 give the error (403.9 Too many users connected) when you try to access port 80, which causes the eeye scanner to miss them, and apparently keeps them from being exploited by a new worm. It also keeps people from getting to the
It was also mentioned yesterday that NT4 servers that have been patched are still vulnerable to CR2 if they're using redirection. This seems odd to me, since the patch should have fixed a buffer overflow in idq.dll. If that overflow was fixed and IIS is still crashing, perhaps there is another buffer overflow that's showing up when it gets the long string from CR2 as part of the redirection. Just a guess on my part though.
Well, if you look at the graphs available at incidents.org you can see that this outbreak has been growing slowly, but the growth rate is substantial. It may not be the end of the Internet, but it's certainly something to keep an eye on.
If you haven't seen JP3 yet, and you want to actually read a real review of the movie and not the stupid shit that Jon Katz likes to spew out, then check out Roger Ebert's review. I think his review of JP3 is very well done.
Maybe this will send a message to the people using the 4.x versions of Netscape. Web design utilizing things like, oh, CSS isn't feasible if you don't want to alienate your Netscape audience. Rather than upgrade to something more suitable, (like Mozilla or IE) people seem to hold on to their old browsers and complain when things don't render properly.
I won't miss the Netscape browser, it's been a pain in the ass for far too long already. If any good will come from this, it's that it will force people to upgrade.
Gemstone is still the most addictive game I've ever played. UO is a close second.
Every single experience I've had with wireless Internet has been very poor. I know of a few local companies that are ready to pull the plug because despite their best efforts, they can't make it work right, and it's hurting their reputation. In some situations, this could be because they're not doing things right. However, even big companies with a very clueful staff seem to have trouble making wireless work reliably. Are these companies failing because of quality of service issues? Is wireless technology flawed in it's current state?
I've read that the biggest problem with wireless access is that TCP/IP doesn't work out real well in wireless situations. Anybody have more info?
To some extent, EFNet has become a victim of it's own design. I understand the argument about channel ownership, and opers not wanting to get involved in channel matters, etc. That's fine if you want to run things that way, but be prepared to accept the consequences. There are people out there that really enjoy their time in their favorite IRC channel, and get mad as hell when it's taken over and little can be done to get it back. Don't dare ask an oper to help, they're not there for that. So, people are left with very few options when they want to get something back that they feel belongs to them. It's kind of like having something stolen from you, knowing exactly who did it, and being able to do little in order to get your property back. Hey, if you can split a server, maybe you can ride the split in and get ops again!
Some attacks take place in order to get a server to split so that people can get their beloved channel back. But, probably the biggest reason servers are attacked is because of vanity. Yes, nobody wants to admit it, but having an O:Line on EFNet is a status symbol. What else is it, it's not like the opers HELP people. Don't give me any bullshit about needing those opers to help run the servers. I happen to know EXACTLY what is involved in maintaining a large IRC server, and it doesn't take 20 opers per server to do it. So, with a large number of useless opers sitting in their secret little elitist channels doing nothing to help, it's no wonder people take shots at them. The only time you actually hear from an oper is when they're throwing their weight around, or vanity killing people, or k:lining your bot that is so crucial to protecting your channel. So, not only do opers refuse to help, but they go out of their way to hunt your bots and the things you put in place to secure the channel that means so much to you. Is anybody surprised that IRC servers are DoS'd?
I don't know how to solve this. There are networks (like DALnet) that make every effort to help users, and to make IRC as friendly a place as possible. Still, servers there are attacked too, though probably not as frequently as EFNet. As long as one person is able to launch a DoS attack large enough to impact an IRC server, nobody will be safe. There are also people out there that derive some sort of pleasure from removing an IRC server from a large network. Perhaps they do it for bragging rights, so they can claim that they "owned" a server, causing them to leave a network. EFNet's problems could very easily be attributed to one person (or lame little group) with the desire to destroy the entire network.
Love them or hate them, Simutronics has done a good job of building and maintaining text based adventure games that have managed to stand the test of time. (10+ years!) I happen to be a fan of Gemstone, but they have several other games as well. For people that enjoy MUDs, it can be rather fun, especially when there are as many as 2000 people on at any given time. Hey, I hear they use Linux too. :-)
R2CGI2
Can I slap Lucas now?