Hotmail Servers Shut Down by Code Red 460
An Anonymous Coward writes: "SF Gate has this story about Code Red taking down some of Microsoft's Hotmail servers. That's funny." So is Code Red a problem yet? Meanwhile my sircams have stopped, except for 2 people who mail me a hundred or more a day. Thank god for filters, but if I had a monthly bandwidth cap, I'd be pissed.
Hotmail running Windows again? (Score:2, Interesting)
Has any mass media (NBC or CNN) hit Microsoft about their crappy design? I would also like to know if Microsoft would ever consider writing a fixing worm.
Re:Hotmail running Windows again? (Score:2)
Don't they _want_ to render the existing Internet unworkable so they can sell people an 'upgrade' solution based entirely on proprietary protocols that tie in with .NET?
Don't they _need_ the current Internet to grind to a halt with as much damage as possible so their stuff looks good by comparison?
I'm sorry, but Code Red may turn out to be their baby all along. If that is true, then they _meant_ it to cripple the Internet. With .NET coming along, Microsoft desperately want and NEED to cripple the internet. Otherwise, who will buy .NET?
Re:Hotmail running Windows again? (Score:4, Informative)
Back when MS bought out Hotmail, they were running on BSD software (Apache, I think,) and then a lot of people started to make fund of them because they didn't even use their own software on their own servers.
So they moved it over to an MS platform. According to my scanner, it's running IIS 5.0.
[64.4.53.7:80] World Wide Web HTTP
HTTP/1.1 302 Redirected..Server: Microsoft-IIS/5.0..Date: Thu, 09 Aug 2001 14:48:33 GMT..Location: http://lc2.law5.hotmail.passport.com
Re:Hotmail running Windows again? (Score:2)
Re:Hotmail running Windows again? (Score:3, Interesting)
Re:Hotmail running Windows again? (Score:2)
This one's a real black eye for them. The last couple of months don't look good for
D
I'm incredulous (Score:5, Interesting)
Good luck to them. They'll need it.
I got two unsolicited calls asking how to set up Apache on a Windows 2000 server. These were people who had never seen a need to switch before. If I convert their servers for them, I'll probably set up a Linux box or two, 'just for backup purposes'.
Heh heh.
Cheers,
Jim in Tokyo
the names are so confusing (Score:2)
!net
Re:I'm incredulous (Score:3, Funny)
-----
To whom it may concern:
Your Windows server(s) at
65.54.225.59
65.54.225.129
65.54.225.180
is/are infected with the Code Red worm.
Please see information about patching your systems at Microsoft's
TechNet:
http://www.microsoft.com/technet/treeview/defau
R Walls
Linux Systems Admin
*email removed*
-----
Had I sent it later in the afternoon, two more servers would have been listed there.
Can't wait until one of these has a malicious payload.
--mandi
Re:I'm incredulous (Score:2)
Definitive answer to Hotmail front-end OS (Score:4, Insightful)
The site www.hotmail.com is running Microsoft-IIS/5.0 on Windows 2000
I also tried the SSL Port 443 and it's also hosted on IIS5/Win2K. Hope this clears up any confusion *grin*
One thing to consider here folks: this is a classic case of Security Process falling down. It just so happens it's an Win2K hole in this instance. If Hotmail still ran BSD and there was a root exploit discovered, someone still needs to follow the process and plug the hole.
NB: I'm not excusing MS here
Load Balanced (Score:4, Interesting)
#!/bin/bash
i=1
while [ "$i" -lt 253 ]
do
lynx -head -dump http://lw7fd.law7.hotmail.msn.com/ |grep Server >>
let i="$i"+1
done
-Waldo
This just in.... (Score:3, Funny)
More on this at 11.
Here's a great plan (Score:5, Funny)
another article on hotmail infection (Score:2, Informative)
DDOS (Score:2)
-foxxz
Re:DDOS (Score:2)
Ok, a DDOS might knock out access to a few websites, or at very worst a full ISP, but it would certainly not lead to the entire Internet grinding to a halt.
BSD (Score:5, Informative)
Crewd
Re:BSD (Score:4, Interesting)
The sad part is, they probably don't. More likely, they're wishing it was illegal to be a programmer outside a regular, certified company. That way, those damn hackers couldn't exist, and only companies would produce software, for the only good reason there is to produce software, money.
And the worse is, I'm barely being satirical here. It's really what they corporate culture seems to promote, as has been proved too many times... Maybe I'm just being an overreacting idiot, but they've given me that impression so many times...
Other keywords that identify manly Aussies (Score:3, Funny)
favourite
mum
mate
Piss off, you stupid Yank.
You think you have "rights", but when was the last time you tried to exercise one of them that might conflict with the interests of one of your powers-that-be?
Re:Other keywords that identify manly Aussies (Score:3, Informative)
You forgot "Vegemite."
Re:BSD (Score:3, Insightful)
Or did they change that by now?
Re:BSD (Score:4, Informative)
The "back end" is a bunch of Sun E4500's.
The vast majority of freebsd machines are now running w2k.
Probably... (Score:5, Funny)
Re:Probably... (Score:5, Funny)
This is another monopolistic outrage!!! Just where will the bundling stop? Now Bill Gates wants to take away the livelyhoods of the virus witers! Is anybody safe?
Windows NT servers (Score:5, Informative)
I submitted this as an article this morning, but as it is still pending, and both my home and work servers are still under constant annoyance, I figured I'd pass it on here as well. If you are running a Windows NT server, kindly do us all a favor and just turn it off for a few months.
According to yesterday's Handler's Diary [incidents.org] on www.incidents.org [incidents.org], "Microsoft has confirmed that if an IIS 4.0 webserver is using URL redirection, it is still vulnerable to Code Red even if the Microsoft patch is installed". The only known solution [neohapsis.com] is to remove all URL redirections from NT servers running IIS 4.0.
-Tommy
For people who ask WTF is URL redirection: (Score:3, Informative)
in reading the article... (Score:2, Informative)
How Ironic (Score:2)
CodeRed actually a SPAM filter (Score:2, Interesting)
We all do it, that is, create a throw-away HotMail account for those times we need to register online somewhere with an e-mail address. I even go so far as to turn on the SPAM Filtering and limit the use of the account for said registrations.
Even so, these accounts always manage to get overrun by a flood of SPAM. I've even set up one account to throw away EVERYTHING. Then again, that's the account I used to sign up with SpamCop [spamcop.com]
So I'm thinking, perhaps it's not a bad thing for all those nasty SPAM'rs to get hundreds, if not thousands of messages bounced back (not like they don't already). One can only hope that their stupid harversters removed bounced addresses from their lists.
At least in this way, maybe CodeRed will have done us a favor. Even for a short while.
Great way to spread sotfware. (Score:4, Funny)
All part of the new design (Score:5, Funny)
MSN Hotmail has a brand new face...and it's easier to use. You'll find it easier to create and manage your folders, see which of your Messenger buddies has been hacked by chinese, and quickly choose names from your Address Book when send document for to ask advice.
Re:All part of the new design (Score:2)
Hmmm...free e-mail 'aint so free with MS (Score:2, Informative)
Hmmm...Hotmail used to be a *fantastic* mail service until MS took it over (first, they added SSL which made accessing it from lynx impossible. Fortunately lynx-ssl made it possible again. Then, they added Javascript. Bastards. Javascript, for MAIL???)
Then Hotmail moved their cluster (several times, if memory serves) from trusty, reliable FreeBSD servers to MS products. We have seen the results of this changeover in the past, and now we're seeing what happens now with all the viruses floating around in MS-land.
I was happy enough to discover Yahoo Mail [yahoo.com], which IS running on FreeBSD servers, and DOESN'T need SSL or Javascript to access. Haven't had a problem since then. :-)
Microsoft to be the target of (more) lawsuits? (Score:5, Insightful)
IE, if the software contained some fatal flaw that resulted in Actual Money being lost, the corporation could go after a commercial software house in the courts in an attempt to recover costs.
Free Software, being provided as a community service with no sue-able corporation behind it, lacked this perceived accountability.
Well, here we have a gold-plated example of a fatal flaw in a piece of commercial software, coupled to a lax attitude towards fixing it, that has without question resulted in the loss of Actual Money by a great deal of people. One would think then, that IS Managers across the world would be queuing up to sue Microsoft and recover their costs.
Anybody seeing any evidence of this happening?
Re:Microsoft to be the target of (more) lawsuits? (Score:3, Informative)
Sue Microsoft because your sysadmin is too lax to install a security patch that came out almost two months ago?
Yeah, that'll work.
Re:Microsoft to be the target of (more) lawsuits? (Score:2)
The real story here is that a lot of people running Microsoft OSs don't take applying security patches seriously enough. The fact that some of them are at Hotmail which is owned by Microsoft makes the news both funnier and more depressing.
System administrators and computer users in general need to be more concerned with the costs of not applying security patches. A more serious effort also has to be made to convince crackers that there will be serious penalties for releasing these viruses/trojans/worms. It's past time to accept excuses like I didn't mean to cause that much harm, or I was just doing it to show the hole existed. Is it necessary to throw a brick through a car window to prove that a car alarm won't stom you from steaning someones stuff out of the car? These crackers are causing serious finicial harm. They should be held responsible for their actions, and not get a slap on the wrist.
Total cost of running IIS (Score:2)
I'm a little out of my realm of knowledge here, but it seems like IIS also has a lot of features that other web servers don't have. If you have more features, you also have a lot more likelyhood for bugs and exploits. It's much easier to secure a simple product than a more feature rich one. I've heard many people state that the cost off running MS software is much higher than running other competing software. I'm sure that that's true in many cases, especially when those users aren't utilizing the extra features that IIS may offer them. However, if those features meet their needs better than Apache for example, then maybe IIS is worth the cost and the security rick for them. Regardless of who's software they use, they need to keep up on the security patches. There was a patch for this. The problem was heavilly advertised. People, including many in Microsoft itself, didn't apply the patch.
Another reason why there may be more security exploits hitting IIS than Apache is that IS people who are properly concerned with security, and properly apply patches are more likely to be running Apache than IIS. I hate to fuel the UNIX has smarter admins fire, but there seems to be a lot of truth to it in a very general sense. Note, I said in a general sense. I'm quite sure there are brilliant NT adins, and stupid UNIX admins, I've actually met a few of each.
Re:Microsoft to be the target of (more) lawsuits? (Score:4, Insightful)
ISP's and individuals/companies paying for bandwith used.
Who causes this mess?
People who haven't patched their software (gross negligence).
Who can sue who?
People who have losses because of gross negligence.
Micorosoft is shielded by a EULA that limits (or denies)liability (although this EULA might not be fully apllicable worldwide).
Re:Microsoft to be the target of (more) lawsuits? (Score:2)
Obviously not Msft, since their FU's are protected by the EULA; society seems to want to blame the virus authors who exploit the holes, but I think the blame belongs to: people who take the path of least resistance and buy Msft licenses. Yes, people should be FIRED , sacked, terminated, let go, finito', by company's for recommending Msft Exchange/Outlook/IIS when they get a plague of viruses. And I mean TOP IT mgmt should get the old heave-ho onto the street from the suits when there's a major business disruption. After they dump the McSE fakirs and the "40 Billion Dollar RipOff Goliath" they should look around for some credible, broad computer business information systems experience willing to look at alternatives other than a simple minded 'single source' from budget sucking vendor lock in thieves leading them further down the primrose path to madness, mayhem & self destruction.
Thank you.
Re:Microsoft to be the target of (more) lawsuits? (Score:3, Informative)
Who has losses that arise from code red?
ISP's and individuals/companies paying for bandwith used.
Who causes this mess?
Microsoft who left a remote buffer overflow in the 5th version of their IIS software
Who can sue who?
People who have losses because of gross negligence.
-- iCEBaLM
Re:Microsoft to be the target of (more) lawsuits? (Score:4, Interesting)
You can't make addendums to a contract after the sale without agreement from both sides. Clicking a button or hitting a key does not constitute proof of agreement. That requires a signature. Please help spread the news that EULA's are bullshit until they are upheld in a court of law or supported by legislation. At the present, they are just some grandstanding bullshit from rich software companies with nothing more than threats from lawyers standing behind them.
BTW, did I mention that EULAs are BULLSHIT mumbo-jumbo legalese that don't have the force of spit.
Re:Microsoft to be the target of (more) lawsuits? (Score:2)
Re:Microsoft to be the target of (more) lawsuits? (Score:2)
However, businesses tend to sign paper contracts that spell out everything in the EULA, as part of their bulk-purchase agreements. And in that fashion, being open and before-sale, it's perfectly legal and binding.
If you had to sign your name to an EULA when you bought software at a store, it's be more binding. Especially if you had to sign BEFORE purchase.
But if a business (or consumer) goes to the store, buys a package, takes it home, installs it, and clicks-through the EULA, they are NOT bound by it. Even if they knew it was there, they also knew that it is invalid. EULAs, no matter how you look at it, are not binding to ANYONE.
Thus the UCITA. I mean, if a business can't forbid people commenting on the quality of a product, writing reviews, distributing anything made with the software without royalties, and cripple it in the name of piracy provention... how do we expect them to make billions of dollars and oppress us?!? Support your local billionaire, buy him a politician.
Not just MS Hotmail server with the bug (Score:5, Informative)
Now Microsoft is very critical about who gets access to the serial numbers and databases. They have there own servers, VLAN, and firewall at our plants for distribution of licenses. Think it would be pretty secure, right?
Well not really, they all got Code Red when it first came out. Now we were cleaning Code Red up on our own webserver (Yeah, I know, should have patched) Noticed that the MS server were infected, called up MS and told them what was up. They didn't believe us and told us the servers were already patched. Took a number of calls and yelling to get their boxes fixed.
I don't know if its really funny or really sad.
Yawn (Score:2, Insightful)
Re:Yawn (Score:2, Interesting)
I bet they do have their own mailing lists where they are talking about this.
Or possibly they are not interested in it ?
Re:Yawn (Score:2)
I Don't understand why dont they apply their own patches to their own servers ?
Probably for the same reason many people don't install the patches. They have the server up and running and are afraid of what the patch will break.
excuse me, but.... (Score:2)
hee heeeeeeee....
I think you meant: (Score:5, Funny)
;-)
Yes, it is a problem (Score:2)
On my web server (with multiple IPs), 689 probes yesterday. 613 of those were Code Red II. 685 the day before (578 were CRII). 543 the day before that (419 CRII). 433 the day before that (224 CRII).
So, simply put, Code Red II is worse than Code Red, and getting more so. Who cares what it does to the servers, right now, it is a major pain in the ass.
Ever tried explaining to a client that their network is down because of a worm that infects web servers? And no, I didn't install those Ciscos, I would have brought CBOS up to date if I had.
Irony? (Score:4, Interesting)
And this the company whose software that the vast majority of ISPs insist that you use if you want to connect to the internet using their lines.
I think I'll have some new ammunition the next time I get into an argument with an ISP over what software I'm allowed to run.
as Cardinal Borusa always said... (Score:2)
--Blair
"You'll find truth only in mathematics."
"Just patch your servers" (Score:5, Funny)
(twas a ZDNet story I can't seem to locate)
How long will this be going on (Score:3, Interesting)
One little server on a little 128k leased line and the attack pattern since 1st August reads
13,35,24,27,27,63,73,47,32 (in 15 hours)
Until the 4th August all the attacks were from the initial breed (NNNNNN). On the 4th 3 of the 27 attacks were from the new breed (XXXXXX). On the 5th 15 NNNNN and 12 XXXXX. Day 6 and only 10 of the old breed arrive while 63 of the new breed are in and since then we are down to about 3 attacks of the old NNNNN per day.
I actually agree with the concept setting up a lot of machines to reply to the virus with the fix. It seems obvious that too many NT/2000 boxes out there are abandoned and vulnerable thanks to the lack of knowledge required to expose one. Who thinks that we won't see any attacks next month?
Okay so... (Score:5, Funny)
This reminds me of Dilbert (Score:4, Funny)
MS Admin: We got the virus we've been teaching people to prevent.
Bill: Great, so what are you going to do about it?
MS Admin: Kill myself as an example to others?
Bill:
Gun? Poison? Electrocution? Angry Penguins? (Score:2)
MS Admin: We got the virus we've been teaching people to prevent.
Bill: Great, so what are you going to do about it?
MS Admin: Kill myself as an example to others?
Bill:
Have him spray the booth in herring oil, then release the penguins...
Oh, that would be messy. :)
Re:Okay so... (Score:5, Informative)
I was out of town for a week (two weeks ago), when I returned, the Hotmail Janitor had deleted all my saved mail in all my folders, and all I had left was that weeks spam/sircam.
In complaining to Hotmail support, they replied, to my Hotmail account, asking what the name of my Hotmail account was. I'm not joking -- they're that stupid.
In further correspondence, they have said that they can't recover anything deleted by their "auto janitor".
They have said that Hotmail should not be trusted to store valuable mail (and that I should use outlook instead -- the damn software responsible for SirCam in the first place).
They think this is my problem, and I should upgrade my anti-virus software (I've repeatedly assured them that I've been WinDoh's free for four years -- I can't find McAfee's Linux download site).
They say their anti-virus protection is sufficient -- yet I rec'd two more SirCam laced spams today. They won't let me download the contents (even though it won't hurt my Linux system).
I've told them that their anti-virus protection kicks in too late -- they need to not stick any email into the Inbox that has the SirCam virus (they don't let you download the attachment anyway -- why bother letting it fill up your quota).
I've told them they should shut down their Janitor and make backups until this problem is resolved, or more Hotmail customer's are going to get their accounts wiped out without backup.
I've also told them that the correct solution is to bounce new incoming emails headed for an over-quota user, rather than allowing the incoming email and deleting the existing, saved, mail.
They don't get it. They don't understand.
And, if any Microsoft troll cares to say I'm a liar about this (like they did the last time I reported this in Slashdot)... I have the email transcripts to proove that this is Hotmail's behavior.
I have found two solutions:
www.mail.com
www.graffiti.net
Both provide free email excellent (and web hosting) service, and are smart enough to not run Microsoft products.
Moron, Outlook has nothing to do with it (Score:2)
For some reason, everyone seems to think that every virus is an Outlook virus.
Re:Moron, Outlook has nothing to do with it (Score:2, Insightful)
SirCam also has its own SMTP server meaning it can send mail without the help of Outlook.
This is not just an Outlook issue, it is a stupid users who open unsolicited attachments without virus scanning them problem.
Any windows email client that allows the user to open email from within the client is just as vulerable as Outlook.
Why not serve your own? (Score:3, Funny)
Oh, sorry I forgot [slashdot.org]. Some people just can't take the competition.
Is it true that I can get my FREE download of MSN Explorer at http://explorer.msn.com/intl.asp? Wow! That's just what I've always wanted, FREE software.
Re:Why not serve your own? (Score:4, Funny)
Nope, but you can at:
http://explorer.msn.com/default.ida?NNNNNNNNNNN
Re:mail.Yahoo.com (Score:2, Interesting)
Don't want ads in your inbox? Then do what I do - leave POP3 access off until the mailbox gets filled up, then turn on POP3 access, use you favorite mail client to download all your email, and finally turn POP3 access off again.
aha another reason Windows troll (Score:2)
That's because there are no Linux viri!
McAfee does make a linux server tool for detecting WinDoh's viri on the server side (before the user gets it)... along with a few other Linux-based tools to try to protect WinDoh's lusers from thier idiocy.
Reality check - Hotmail is a free service (Score:2)
I didn't know that MS used IIS for Hotmail (Score:2)
Captain_Frisk
jobs.osdn.com (Score:2)
THAT is interesting!!
I feel deprived (almost) (Score:2)
Re: (Score:2)
.Net (Score:5, Funny)
eggs, faces, and virus success stories. (Score:2)
What the hell. (Score:5, Interesting)
Somehow, when I picture a server farm, I see this clean, organized room with nice neat racks. With everything that happens with MS's servers, all I can envision is a building reminiscent of a level from Diablo. Something dark & gloomy with servers just sitting on workbenches with their hard drives just hanging out of the side of the case and the motherboard coated in 1/2" of dust.
How can you forget a bunch of servers. I work for a small ISP so we're not the most organized place, but hell, all we have is two racks for modems & routers, and a dozen boxes sitting on the floor for servers. But we at least have pieces of paper tacked to the wall with a list of IP addresses, server names, functions and OS. We install the patches on all of our machines just fine.
All you need is a list of all the servers. Then take that list around with you and after you install the patch, put a little "X" next to the server on the list. Not really complex guys. Of course this is Microsoft, they're probably running little handhelds with WinCE, connecting wirelessly to a MSSQL server that seems to simply misplace records for the hell of it.
Re:What the hell. (Score:2)
It wouldn't be the first time someone has forgotten a server [slashdot.org]. (I can't see this happening to a Windows box, though.)
Re:What the hell. (Score:2)
June 18. Nowhere near 6 months ago. Barely a month before the onslaught of Code Red I.
Re:What the hell, The patch doesn't work (Score:4, Funny)
Re:Maybe they HAVE been patching... (Score:3, Funny)
Um... maybe that's where Code Red originally came from.
I dunno! (Score:5, Funny)
I can think of worse jobs than being paid by Microsoft to watch their servers being brought down by their own software!
Re:What the hell. (Score:2)
Re:What the hell. (Score:2)
Losing track of Nuclear materials [slashdot.org]
Nuclear Materials System Not Buggy, Says Microsoft [slashdot.org]
code red, sircam, taco, and real business (Score:4, Informative)
Re:code red, sircam, taco, and real business (Score:2, Funny)
Got scanned (Score:3, Informative)
Tue Aug 7 05:37:56 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:38:45 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:38:54 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:40:21 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:42:01 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:42:15 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:42:20 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:48:55 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
[Tue Aug 7 05:49:13 2001] [error] [client 64.4.13.230] File does not exist:
/usr/local/apache/htdocs/default.ida
64.4.13.230 is msgr-cs20.msgr.hotmail.com
You'd figure they'd patch themselves.
Code Red has done real damage to Britain's phones (Score:3, Informative)
(Note: calls work fine; it's just directory information that you cannot get.)
[reposted from here [slashdot.org]]
Re:How to choose a web server for your company (Score:2)
Shouldn't that be COST you YOUR sack? For male admins, anyway.
Re:How to choose a web server for your company (Score:3, Interesting)
For A Linux box or a Windows box, go through the same list and realize that it's the administrator that matters. Not the OS! Really. A windows box can be just as secure as linux box if the administrator knows what he is doing. An admin for a win2k box is cheaper than a linux admin. There's more of them. So the cost of the OS takes itself out.
1) Pick a platform that is difficult to administer remotely
(2) Pick a platform that is insecure
3) Pick a platform that can't handle the amount of customers you have
4) Pick a platform that costs a tonne of money
5) Pick a platform that requires a person with a dodgy qualification to run it, who doesn't know left from right, and demands more money than they are worth
6) Pick a platform that is proprietary
7) Pick a platform that runs on low-end server hardware or worse only
8) Pick a platform that you will have to lease by the year or per billion processor cycles within the next 3 years
9) Pick a platform with a database server that "loses" data given certain queries
10) Pick a platform that is forever morphing, changing technology, and has a history of instability
11) Pick a platform which would get you the sack if management had a clue
Re:How to choose a web server for your company (Score:2, Interesting)
1) Pick a platform that is difficult to administer remotely
Since most admins administer UNIX via command prompts and vi I'd say that UNIX is much easier to administer remotely. With SSH loaded I can get all the same interface at home through a dial up 14.4k connection that I get at work.
(2) Pick a platform that is insecure
I don't really I have to say anything here. If you have ever in your life looked at the stats available at attrition.org then you know.
3) Pick a platform that can't handle the amount of customers you have
Platform wise this really comes down to hardware, not OS and CERTAINLY not admin, which is what we are discussing here.
4) Pick a platform that costs a tonne of money
Here you might have been right. Depending on the installation, the software cost may be marginalized. Or it may not. Think of buying 1000 file servers. There the OS cost is a signifigant factor. Putting in a large scale distributed application? not so much, fewer servers and most of your cost is in development and implamentation.
5) Pick a platform that requires a person with a dodgy qualification to run it, who doesn't know left from right, and demands more money than they are worth
I can speak with some authority on this one. The MCSE cirriculum, unless they have added it recently, does NOT mention hot fix patches. At all. It tells you how to set up Microsoft's replication service that fails 20% of the time for no reason, but it does not mention the first thing about hot fixes.
6) Pick a platform that is proprietary
NT is about as proprietary as it gets. With the commercial UNIXs you at least get regular published APIs and system calls. With Linux and *BSD, you get the source. Hard to get less proprietary than that.
7) Pick a platform that runs on low-end server hardware or worse only
see my above point about platform
8) Pick a platform that you will have to lease by the year or per billion processor cycles within the next 3 years
AFAIK, MS is the only company to even suggest the rent the OS idea.
9) Pick a platform with a database server that "loses" data given certain queries
This shouldn't have been included. Funny, but off topic.
10) Pick a platform that is forever morphing, changing technology, and has a history of instability
That's NT. It would be an accolade but for the instability part, and the fact that most of the changes don't work and aren't wanted or used by the users.
11) Pick a platform which would get you the sack if management had a clue
I would fire someone for picking a Microsoft solution when an alternative existed. Wouldn't you? What's the good side of picking Microsoft?
I'm failing to see much in this post that indicates that a good admin has a whole lot of control. Yes they can patch servers, but as has been noted, the patch doesn't always work in this case. Also, Microsoft patches are well known to de-stabalize the system, or bring back old bugs, or chrash server applications, or cause any other host of problems. Yes, the admin is important, but you're trying to say that Michael Schumacher could win while driving a stock Yugo, based strictly on his qualifications as a driver. The tool DOES matter.
Re:How to choose a web server for your company (Score:2)
Oooohh, the total cost of ownership argument rears its ugly head again! :)
As I said, most MCSE's don't know left from right. They may be cheap, but there is a reason for that! You gets what you pays for.
Linux does get security holes, although a well configured install should have less opportunity. If the box is only running sshd, httpd and a database, then you cut down the options for attack immediately. If you run OpenBSD you will be pretty safe out of the box!
Windows appears to get a major security hole several times a year, and people just don't learn. This isn't about a webserver, it is about the future of your data and personal information, because that is what Microsoft wants to manage via Passport.
My post you quoted was a joke, although it got a couple of informatives (?!) as well. Code Red has proved that most admins for windows system don't patch their machines, possibly because MS patches tend to mess things up like Exchange so they don't work. So to use MS, you need a duplicate setup of your servers just to test out these patches and check they will work when used on production equipment. That is expensive, even if the hardware is old, the software needs licenses.
The fact that Code Red has infected so many home users suggests a big piracy problem to me. No wonder MS have WPA in XP. I bet that WPA won't make people buy Windows though, they will stick with what they have, and eventually be forced to check out an alternative OS.
Of course, for some applications, MS will be the right choice. .NET looks like it will be very good, however MS want to fix it up in patents to prevent interoperability and keep it to themselves and their friends. Linux/BSD/etc does not need a .NET clone, it needs its own system that works like .NET, but using open, free software and algorithms, all managable from a single command line and GUI tool. Easy to set up, easy to configure, cross platform and easy to interoperate with other vendors. I call it "The Unix Business Platform"... :)
Re:How to choose a web server for your company (Score:3, Insightful)
NT's standard remote admin tools, like Event Viewer and Server Manager, require RPC using NetBIOS, which is difficult if not impossible to secure.
UNIX may have its problems, but secure remote administration using native tools is not one of them.
Helevius
Re:"may" have been a victim? (Score:2)
Of course, how much of this whole discussion is Schadenfreude? (Of which I am gleefully participating in.)
Re:Handling the /default.ida request [OFF TOPIC] (Score:2)
Redirect gone /default.ida
in your conf. Will make it return a "410 Gone" message which is like a "stronger" 404, and it won't log in the error log. This will return a default error page (few hundred bytes); much like the 404 error.
Re:Ironic... (Score:3, Offtopic)
These guys are good at making money...
Actually, they're not that good at making money. They've coded themselves into a hole where people don't want to upgrade their software to new versions every year or two. Windows 98 or 2000, Office 2000 and Internet Explorer 5.5 do everything the typical office worker needs. It's the same on the server side. Most offices aren't looking for new features. They want to reduce support costs. That doesn't translate well into writing more checks to Microsoft.
For a long time Microsoft had no real professional services arm. They left that to all the independant MCP's. Now they're catching on to what IBM, SAP, Oracle, and everyone else figured out at least 5-10 years ago. Software sales is only part of the pie. Service and support can be a big revenue source, especially if your software isn't easy to support. Now Microsoft is building up their professional services arm.
Re:Ironic... (Score:2)
32 billion dollars in cash in the bank, increasing by a billion per month, and thats not very good at making money?!
Who by your standards is good at making money?
Re:Ironic... (Score:3, Insightful)
Actually, this is so true it hurts. I work for a company with customers all over the world. Unfortunately, we decided to switch our Unix based software to NT several years ago (we maintain both versions, but I'm stuck working with the NT shit).
We just completed testing to see if our stuff runs on Win2K a little while ago, and are talking about XP testing soon.
The ironic thing is, I'm only aware of one of our customers who is even running win2K, and that's for the improved terminal server version (based on Citrix if memory serves). The vast majority of our international customer base isn't going to switch away from NT for years (unless we stupidly force them to).
We're prediciting very poor sales of XP server whenever it's due to ship, at least to customers in our industry. Microshaft should really look into expanding beyond the 'sell, sell, sell' mentality that worked for them in the 80's.
Re:Ironic... (Score:3, Funny)
Not just building it up, but engaging in activities which would have required users to pay annual license fees, without even a service contract. Granted this would be initially targeted to large customers, but it's only a matter of time before the appetite calls for individual users, too. (Leverage that monopoly!)
Could the future hold a bill such as this:
Month of April
MSN Service Surcharge* $0.98
Word XP/2005 $1.51
Outlook XP/2005 $3.27
Virus/Worm Filtering $46.35
IE XP/2003 $2.06
31337 h4X0r, Inc. fees $46.35
Please remit: 100.52
* Does not include your Internet Service Provider fee.
Re:Security versus Ease-Of-use (Score:3, Insightful)
They are difficult to patch or upgrade or remotely configure or fix, or even publish to.
So...how, exactly, are these systems easy to use again?
Re:I know it'll be said a billion times.. (Score:2)
Because the average (L)user has only had experiences with crappy micro$oft offerings. This is typical of their experiences. And, quite frankly, there are not many alternatives out there for the typical user. Linux is not ready for the corporate desktop or the average home user - yet.
For those of us who run UNIX or Linux, we know that systems should not crash or BSOD daily. Hey, I have some AIX-based mail servers that have not been re-booted in 5 months, and the last time they were down was because I needed to add more disk. If the average home user can go a day or so between crashes, they are satisfied and happy with that.
That is the market that micro$oft sells to. The (L)users and pointy-haired bosses of the world are their audience. Not the informed techies. Their target audience completely accepts that the evil hackers are to blame.
And why hasnt MS been made accountable at all?
Because their PR firms do an amazing job of making sure that a micro$oft-friendly version of the problem gets reported. There are not many reporters out there who have the technical know-how to be able to see through the obfuscation. Unfortunately, most of the (L)users get their technical news from ZDNET and other micro$oft-friendly sites.
are people truly that blind to the insecurities and downfalls of MS software?
Most people probably are. From what I have seen, the people who recognize the risks of using micro$oft products on critical systems run UNIX variants.
Re:Make Sense (Score:3, Insightful)
The patch has been out since what, June? MS is happy to say "we had a patch out months ago, sent out plenty of warnings, everyone had plenty of time to stop this, it's not our fault they didn't patch it" when people complain about the problem.
The fact that they didn't get their systems patched is a real indictment of either their system administration practices (if even the vendor doesn't install widely-publicized vendor patches, how can they claim that Bob's Bait Store should always be up to date?) or the "easy administration" of W2K. Unfortunately I doubt anyone will actually be indicted....
Re:A Bad Sign (Score:2)
Re:The thing is (Score:2, Interesting)
For high end, you are talking big iron from IBM, SUN, Cray or SGI, or massive Unix/Linux clusters a la ASCI, Lawrence Livermore etc.
However, if these hackers you mention do get ticked off and learn linux/freeBSD or a.n.other *nix the experience may well be good for them. Some of these people may be the gurus of the future.