I skimmed past this article header on the main page and as I scrolled down here was my thought process: "Wtf was that? Did it say anything? Why is that on here? Oh. I bet it's a John Katz piece. Let's check. Yep. Ok."
I think it would be hard to find Microsoft liable in court. They did the closest thing to issuing a recall (a patch) that they were capable of.
What could they have done better? E-mail every registered NT/2000 user to warn them? Have IIS automatically check for updates? Force users to install the critical update service? I'd be comfortable with all of those.
I'm seeing very few hits on my FreeBSD/Apache server, because it's hosted at a colocation facility that's mostly FreeBSD/Apache. The XXXX version tends to scan similar IP addresses, so I haven't seen many of those there.
I've seen quite a few at my company because they are on a business-class cable modem service. They're getting pounded by similar IPs.
My OpenBSD box at home (cable modem) is getting pounded too, but it's mostly ARPs and other broadcast crap related to attacks on neighboring IP addresses. I was getting roughly 1,500 attempts a day when I stopped logging connection attempts to port 80.
Re:Stop addressing Code Red
on
Code Red III
·
· Score: 1
Exactly. I'm a lazy sysadmin. I hate applying patches every week. So I do a good job securing the box in the first place so I don't have to. But lots of sysadmins are worse than lazy. They're stupid.
I manage one IIS server and have to deal with sysadmins who manage another 6 or so IIS servers.
My server is the only one that doesn't have the default mapping of the.ida extension to the index server DLL. Nobody else is using index server, but they ignored (or never even read) Microsoft's own documents about securing IIS. When the next buffer overflow in an unused DLL is found, their servers will be vulnerable and mine won't be.
I got to do a post mortem on one IIS server at my company that was infected with CodeRed.v3 (call it what you want, it's the XXXXX one). How did they notice that the box was infected? Did they notice the increased traffic? Nope. Did our intrusion detection system catch it? Nope -- it hasn't been updated in months. So how did they find out? When I recognized their internal IP in my logs, attacking my server. Another admin came in to fix it. He applied the Microsoft patch for the.ida vulnerability and rebooted. That's it. He didn't close any of the backdoors or anything. I sent him and his boss an e-mail with links to the backdoors on his box and a list of what to fix.
My favorite part of the coverage is when Dan Rather said something like:
This is a very complicated subject. If you are really interested in it, I would suggest that you pick up one of the better newspapers tomorrow.
Roll your own
on
Memory Leaks
·
· Score: 2, Interesting
In college, I rolled my own wrapper for malloc(), free(), and array/pointer dereferences. A couple hours of coding that wrapper caught most of my memory leaks and seg faults. If I could do it when I was half-drunk and didn't know what I was doing, you've probably got a developer on staff who can handle it.
Maybe Katz is hoping for the rise of 15-year olds on the internet so that Slashdot readers will finally be impressed with his movie reviews and other serious articles.
Actually, they're not that good at making money. They've coded themselves into a hole where people don't want to upgrade their software to new versions every year or two. Windows 98 or 2000, Office 2000 and Internet Explorer 5.5 do everything the typical office worker needs. It's the same on the server side. Most offices aren't looking for new features. They want to reduce support costs. That doesn't translate well into writing more checks to Microsoft.
For a long time Microsoft had no real professional services arm. They left that to all the independant MCP's. Now they're catching on to what IBM, SAP, Oracle, and everyone else figured out at least 5-10 years ago. Software sales is only part of the pie. Service and support can be a big revenue source, especially if your software isn't easy to support. Now Microsoft is building up their professional services arm.
Free Beer?
on
Memory Leaks
·
· Score: 2, Interesting
A free (perhaps GPLd) clone would be so interesting; Rational's licensing is killing my current budget.
Maybe you should put a developer or two on that project and see how long it takes them to build something similar. I think Purify runs about $1,500 now (could be wrong). That's what, two Aeron chairs? That shouldn't kill any real company's budget. Numega's Boundschecker is a viable cheaper alternative though. Or just rip off the free trial versions.
When I've seen Purify bought, a developer downloaded the trial and built a list of all the problems he found and fixed using it. When he showed his manager how much pain and suffering the product could save it was an easy sell. (The hardest part was countering the "so everything's fixed already?" mentality.)
Lazy vs. Stupid
on
Code Redux
·
· Score: 2, Insightful
Something's been bothering me about all the people criticizing the IIS admins for being too lazy to apply a month-old patch. Personally, I admin an IIS server that didn't have the patch applied, but Code Red didn't affect it. Why not? Because when I set up IIS in the first place I followed the security checklist. Unmapping.ida and other unused server extensions was right there on the list. Any decent Microsoft weenie should have done the same. If you're not stupid in the first place, sometimes you can get away with being lazy.
I run a P3-500 with 512 megs of RAM. That's enough to do anything I want to do. I regularly run Photoshop, 3 editors, 2-3 development environments, a database, some middleware, 2 web servers, a TV tuner, a couple SSH terminals, VMWare, Outlook and a dozen browser windows.
Most of the time, the bottleneck on my box is the ATA/33 path to my cheap IDE disks. I would spend the money on a faster disk (IDE RAID or SCSI) before I upgraded the CPU.
The most CPU intensive stuff I run is audio/video compression, Photoshop filters on big images, VMWare, and stupid f-ing bloated MS Internet Explorer. The video compression is the only thing that makes me want a processor running over 1gig. VMWare and some of the other stuff makes me wish for a dual processor board.
For us, one of the biggest wins of pair programming is that when one of the usual idiots stop by to ask a chain of stupid questions, there are two of us to make fun of him. They usually don't last more than a couple minutes.
Worms are a common Internet technology that have been in use since the late 1980s. For example, most search engine operators, such as Yahoo or Google, use worms to index the Internet.
I bought a Cheapbytes 6 CD set with 4 unofficial distributions about 4 years ago for $18. I bought a new 386sx in 1992 that had Windows 3.0 on it. My guess is that the Windows OEM price was higher than $18.
Every other OS I run is a free download (or copy), whether the company intended it to be that way or not. I haven't bought an off-the-shelf machine since 1992 (my first and last).
At a former company, we gave away a whole Superbowl package: tickets, hotel, etc. at a trade show. During the whole show, we collected business cards from interested prospects and put them in a bowl. The goal being to give the expensive package to a potential customer. We had the drawing during an expensive party after the show. The hired talent MC dude gets around to the drawing and decides to say "last chance to enter the Superbowl drawing!" Our mortified marketing people watch as everyone in the room rushes the stage to throw their cards into the bowl. Then the MC has our CEO draw the name. He glances at the card before he even gets it out of the bowl. It's one of the top level people from our closest competitor. He desperately wants to drop the card and draw another, but the MC pulls the bowl away.
The girl from marketing that set the whole thing up said she started looking for a new job before the CEO even got off the stage.
From about 1989 to 1992 I used a hacked-up box with an original IBM PC-XT board, 640k, and a 40 meg hard drive. I'd run Desqview so I could have a terminal emulator window, a text editor, and Turbo C all running at once.
We learned about TopText (which was called HOTText until the end of last week) because a number of Slashdot readers submitted a San Francisco Chronicle story about it.
No. You learned about TopText last week, but the SlashDot regular was treated to movie Katzviews, 8 rounds about Dmitry, a couple repeat articles, and two dozen stories we'd read 6 hours earlier on Yahoo!.
They don't seem to be aware how hated it's made them to do both the mass mailings and the pop-unders...
From the article:The source added that the company is closing a factory in New Jersey to replace it with a larger one because of increased sales.
It sounds like they know exactly what impact the ads have had. My inlaws (who used to live in a shack with a hose running from their neighbors for water) know who X-10 is now. Everyone does.
I hated X-10's pop-unders until I started getting this damn credit report pop-under. No sign of an opt-out on that one.
I use VMWare for this. The best part is that I can set it up to undo all the changes to the disk image. That way I can boot up, install our software, test it, then roll back to a clean image.
Or you can browse pr0n sites and not leave a browser cache/history trail.
On a somewhat related note, I need to administer remote servers (FreeBSD and OpenBSD). I run sshd and filter out IPs other than my home one. But what if I'm on the road or sshd takes a dump? I probe a few odd, unused ports in just the right order and a fresh sshd launches on a oddball port. A different combination brings up a telnetd for when things are really messed up. (Though I've never had to use either.)
It's like unlocking your front door by clapping your hands, spinning in a circle, and kicking the dog.
Slashdot Mirror
I skimmed past this article header on the main page and as I scrolled down here was my thought process: "Wtf was that? Did it say anything? Why is that on here? Oh. I bet it's a John Katz piece. Let's check. Yep. Ok."
IBM's Eclipse (www.eclipse.org is a possibility but it's more for Java than C++ and it's still fairly new.
I think it would be hard to find Microsoft liable in court. They did the closest thing to issuing a recall (a patch) that they were capable of.
What could they have done better? E-mail every registered NT/2000 user to warn them? Have IIS automatically check for updates? Force users to install the critical update service? I'd be comfortable with all of those.
I'm seeing very few hits on my FreeBSD/Apache server, because it's hosted at a colocation facility that's mostly FreeBSD/Apache. The XXXX version tends to scan similar IP addresses, so I haven't seen many of those there.
I've seen quite a few at my company because they are on a business-class cable modem service. They're getting pounded by similar IPs.
My OpenBSD box at home (cable modem) is getting pounded too, but it's mostly ARPs and other broadcast crap related to attacks on neighboring IP addresses. I was getting roughly 1,500 attempts a day when I stopped logging connection attempts to port 80.
Exactly. I'm a lazy sysadmin. I hate applying patches every week. So I do a good job securing the box in the first place so I don't have to. But lots of sysadmins are worse than lazy. They're stupid.
I manage one IIS server and have to deal with sysadmins who manage another 6 or so IIS servers. My server is the only one that doesn't have the default mapping of the .ida extension to the index server DLL. Nobody else is using index server, but they ignored (or never even read) Microsoft's own documents about securing IIS. When the next buffer overflow in an unused DLL is found, their servers will be vulnerable and mine won't be.
I got to do a post mortem on one IIS server at my company that was infected with CodeRed.v3 (call it what you want, it's the XXXXX one). How did they notice that the box was infected? Did they notice the increased traffic? Nope. Did our intrusion detection system catch it? Nope -- it hasn't been updated in months. So how did they find out? When I recognized their internal IP in my logs, attacking my server. Another admin came in to fix it. He applied the Microsoft patch for the .ida vulnerability and rebooted. That's it. He didn't close any of the backdoors or anything. I sent him and his boss an e-mail with links to the backdoors on his box and a list of what to fix.
In college, I rolled my own wrapper for malloc(), free(), and array/pointer dereferences. A couple hours of coding that wrapper caught most of my memory leaks and seg faults. If I could do it when I was half-drunk and didn't know what I was doing, you've probably got a developer on staff who can handle it.
Maybe Katz is hoping for the rise of 15-year olds on the internet so that Slashdot readers will finally be impressed with his movie reviews and other serious articles.
These guys are good at making money...
Actually, they're not that good at making money. They've coded themselves into a hole where people don't want to upgrade their software to new versions every year or two. Windows 98 or 2000, Office 2000 and Internet Explorer 5.5 do everything the typical office worker needs. It's the same on the server side. Most offices aren't looking for new features. They want to reduce support costs. That doesn't translate well into writing more checks to Microsoft.
For a long time Microsoft had no real professional services arm. They left that to all the independant MCP's. Now they're catching on to what IBM, SAP, Oracle, and everyone else figured out at least 5-10 years ago. Software sales is only part of the pie. Service and support can be a big revenue source, especially if your software isn't easy to support. Now Microsoft is building up their professional services arm.
A free (perhaps GPLd) clone would be so interesting; Rational's licensing is killing my current budget.
Maybe you should put a developer or two on that project and see how long it takes them to build something similar. I think Purify runs about $1,500 now (could be wrong). That's what, two Aeron chairs? That shouldn't kill any real company's budget. Numega's Boundschecker is a viable cheaper alternative though. Or just rip off the free trial versions.
When I've seen Purify bought, a developer downloaded the trial and built a list of all the problems he found and fixed using it. When he showed his manager how much pain and suffering the product could save it was an easy sell. (The hardest part was countering the "so everything's fixed already?" mentality.)
Something's been bothering me about all the people criticizing the IIS admins for being too lazy to apply a month-old patch. Personally, I admin an IIS server that didn't have the patch applied, but Code Red didn't affect it. Why not? Because when I set up IIS in the first place I followed the security checklist. Unmapping .ida and other unused server extensions was right there on the list. Any decent Microsoft weenie should have done the same. If you're not stupid in the first place, sometimes you can get away with being lazy.
I run a P3-500 with 512 megs of RAM. That's enough to do anything I want to do. I regularly run Photoshop, 3 editors, 2-3 development environments, a database, some middleware, 2 web servers, a TV tuner, a couple SSH terminals, VMWare, Outlook and a dozen browser windows.
Most of the time, the bottleneck on my box is the ATA/33 path to my cheap IDE disks. I would spend the money on a faster disk (IDE RAID or SCSI) before I upgraded the CPU.
The most CPU intensive stuff I run is audio/video compression, Photoshop filters on big images, VMWare, and stupid f-ing bloated MS Internet Explorer. The video compression is the only thing that makes me want a processor running over 1gig. VMWare and some of the other stuff makes me wish for a dual processor board.
For us, one of the biggest wins of pair programming is that when one of the usual idiots stop by to ask a chain of stupid questions, there are two of us to make fun of him. They usually don't last more than a couple minutes.
I just read this one here:
I bought a Cheapbytes 6 CD set with 4 unofficial distributions about 4 years ago for $18. I bought a new 386sx in 1992 that had Windows 3.0 on it. My guess is that the Windows OEM price was higher than $18.
Every other OS I run is a free download (or copy), whether the company intended it to be that way or not. I haven't bought an off-the-shelf machine since 1992 (my first and last).
At a former company, we gave away a whole Superbowl package: tickets, hotel, etc. at a trade show. During the whole show, we collected business cards from interested prospects and put them in a bowl. The goal being to give the expensive package to a potential customer. We had the drawing during an expensive party after the show. The hired talent MC dude gets around to the drawing and decides to say "last chance to enter the Superbowl drawing!" Our mortified marketing people watch as everyone in the room rushes the stage to throw their cards into the bowl. Then the MC has our CEO draw the name. He glances at the card before he even gets it out of the bowl. It's one of the top level people from our closest competitor. He desperately wants to drop the card and draw another, but the MC pulls the bowl away.
The girl from marketing that set the whole thing up said she started looking for a new job before the CEO even got off the stage.
My favorite is Pixelon. Among other things, they skinned Windows Media Player and passed it off as their superior video compression technology.
What's next, skinning an existing browser and passing it off as a product?
From about 1989 to 1992 I used a hacked-up box with an original IBM PC-XT board, 640k, and a 40 meg hard drive. I'd run Desqview so I could have a terminal emulator window, a text editor, and Turbo C all running at once.
We learned about TopText (which was called HOTText until the end of last week) because a number of Slashdot readers submitted a San Francisco Chronicle story about it.
No. You learned about TopText last week, but the SlashDot regular was treated to movie Katzviews, 8 rounds about Dmitry, a couple repeat articles, and two dozen stories we'd read 6 hours earlier on Yahoo!.
They don't seem to be aware how hated it's made them to do both the mass mailings and the pop-unders...
From the article:The source added that the company is closing a factory in New Jersey to replace it with a larger one because of increased sales.
It sounds like they know exactly what impact the ads have had. My inlaws (who used to live in a shack with a hose running from their neighbors for water) know who X-10 is now. Everyone does.
I hated X-10's pop-unders until I started getting this damn credit report pop-under. No sign of an opt-out on that one.
Next time buy a laptop and keep it with you.
I use VMWare for this. The best part is that I can set it up to undo all the changes to the disk image. That way I can boot up, install our software, test it, then roll back to a clean image.
Or you can browse pr0n sites and not leave a browser cache/history trail.
If you don't mind the fact that it's the most well-know pseudo-random digit sequence in the world.
Absolutely. I work (in the U.S.) with half a dozen developers that have fled South Africa. None of them want to go back.
On a somewhat related note, I need to administer remote servers (FreeBSD and OpenBSD). I run sshd and filter out IPs other than my home one. But what if I'm on the road or sshd takes a dump? I probe a few odd, unused ports in just the right order and a fresh sshd launches on a oddball port. A different combination brings up a telnetd for when things are really messed up. (Though I've never had to use either.) It's like unlocking your front door by clapping your hands, spinning in a circle, and kicking the dog.