Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AP Story on Linux and W2k Cracking Contests

CmdrTaco posted more than 15 years ago | from the stuff-to-read dept.

News 205

StirFry writes "The AP Wire has this story about the whole crack Windows 2000/crack LinuxPPC situ. And they even use and define the term 'crackers'. Best bit: 'But a log posted on the computer showed at least nine crashes caused by problems with Microsoft software, not the weather. Questioned about that, the spokeswoman said the computer was expected to be off line for some periods of time ``as customer feedback is assessed and integrated into the system.'' " Apparently the Linux box is still standing.

Sorry! There are no comments related to the filter you selected.

What Goes Around, Comes Around (0)

Anonymous Coward | more than 15 years ago | (#1760925)

What ye sow, so shall ye reap.

Bad Karma breeds Bad Karma.

Etc.

Yeah, sure, it's FUD - but somehow, I don't seem to lose any sleep when the FUD-kings get a taste of their own medicine.

Yes! (1)

Mawbid (3993) | more than 15 years ago | (#1760926)

nth post!
--

Re:uhhhhh (1)

just someone (13587) | more than 15 years ago | (#1760927)

Services froze.
For three hours this morning. 6:04-9:20. No guest page entries.

Not delivering web pages when all it does is deliver web pages is pretty close to a crash.

Seems to ignore the real problem. How much is it not serving pages?

And if the logs can be sent to another computer (perhaps over a second interface), why does one need to stop the computer to analyze logs?

we should take up a collection (1)

pohl (872) | more than 15 years ago | (#1760938)

Pass the hat: buy a UPS for MS. 8^)

Weather Hacking (1)

Anonymous Coward | more than 15 years ago | (#1760939)

That old lightning storm attack never fails... must have taken a hell of a lot of work by the hackers though.

Re:uhhhhh (1)

Beached (52204) | more than 15 years ago | (#1760940)

Why shouldn't it coun't. If i am running a production system, it should not go down for any reason. I'm sure MS has the knowledge to setup a Win2K box properly. It must come down to my second pet peive of Windows, you have to reboot to change anything; number one being that it crashes so often.
The Linux box, on the other hand, has had services turn on and off but it remains up and strong. They are actually turning on services until someone cracks one (if that happens).

my 2 cents

Re:uhhhhh (2)

dattaway (3088) | more than 15 years ago | (#1760941)

Reboot? Crash? What's the difference? Its all downtime to me. So much for increased stability. That's what you get for selling yourself to closed source.

Re:uhhhhh (1)

SoftwareJanitor (15983) | more than 15 years ago | (#1760942)

I wish reporters would read the fsck'ing logs. The Win2K box crashed once (but it had reboots and service restarts).

I still wouldn't consider that acceptable for the small amount of time that server has been up. If Microsoft is going to issue a challenge, then they should have done their homework and had that server ready to handle anything conceivable including power outages and SYN flood attacks.

Once again, the anti-MS FUD spreads....

Oh please, the amount of MS favored (if not outright sponsored) FUD outweighs any anti-MS FUD by several orders of magnatude.

The double standard that the industry, Slashdot and the media has with Microsoft is sickening.

Yes, it is, the media is still far too biased towards Microsoft. And as long as Microsoft is one of the largest advertising dollar spenders, that probably won't change. What is (pleasantly) surprising is that there is still enough journalistic integrity out there that any news unfavorable to Microsoft ever gets reported.

Why can't we get back to doing what's important: improving people's lives through software/hardware?

I wish that Microsoft couldn't be described by replacing 'improving' with 'controling' above.

Linux has improved my life, my life would be greatly improved if I didn't ever have to deal with the agony resulting from Microsoft software. I've managed to get rid of most of it, but I still occasionally have to deal with it at work.

Re:uhhhhh (1)

eriko (35554) | more than 15 years ago | (#1760943)

I tried to read the log-but I can't get in.

Furthermore, a reboot or a service restart is, in a production box, exactly the same as a crash. If a service stops working, it's the same as crash, as far as the user is concerned. A web server that cannot serve webpages is USELESS. A ecommerce site that cannot present a catalog or take a transaction is more that useless-it loses customers. Why is it that this wonder-fscking-ful operating system of yours hasn't been able to show me a page since tuesday..

-flips over, checks w2ktest-still dead-
-checks crackppc, sees this in log-
>Aug 7 1999 11:38AM CDT:
>Machine up 3 days. 0 min. Well this is >ridiculous now isn't it.

This lousy PowerMac 9500-a 18 month old box, has been beaten on for 3 days, is showing more services that the win2k box, and hasn't died yet.

Hasn't had a service that needed to be restarted yet.

Hasn't had a reboot yet.

Oh yeah-hasn't been broken into yet, either.

This isn't FUD. This is simple fact. www.windows2000test.com has shown that Windows 2000 and IIS 5.0 are not suitable for production use. So far, it seems that LinuxPPC is much closer to ready that Win2k.

So, why don't you go tell Bill that his OS ain't ready-and why don't you get back to work and fix the problems that Win2k has?

Slow down the server (0)

Anonymous Coward | more than 15 years ago | (#1760944)

Anyone interested in slowing down the win2000 server, an cheap/easy way to do it is to go to this url: http://pages.hotbot.com/und/spjohn/gowin.html It automatically reloads the win2k guest book page every 5 seconds (only works with netscape) To make sure it isn't just reloading the page from the cache go to Netscape-Edit-Preferences-Advanced-Cache and set 'Document in cache is compared to document on network' to Everytime. Then it should connect to the server every time to get the page.

Re:Good LinuxPPC publicity, any other PPC distros? (0)

Anonymous Coward | more than 15 years ago | (#1760945)

Nothing's dumbed down about it. The new installer is clearly aimed at mac users. Otherwise, YDL is just a copy of LinuxPPC R5/1999. Not a great one at that.

It's on the New York Times now. (0)

Anonymous Coward | more than 15 years ago | (#1760946)

Check it out. The stoy made the New York Times: http://www.nytimes.com/cnet/CNET_0_4_40185_00.html (free account required)

apparently life is really boring for a lot of you (2)

jhoffmann (42839) | more than 15 years ago | (#1760947)

if you need something like this to work yourself up over, i feel sorry for you.

this is just another in a long line of publicity stunts that MS is trying to pull off. remember "scalability days" (i think that's what they called it)? terraserver? now this cracking test?
it's astounding that people have such short memories, but that's the way things works. each of these three displays fizzled at first, then they got swept under the carpet. the problem is that if it's a win for MS, it's a _big_ win because they can market the hell out of it. if not, somehow they make everybody forget about it. (maybe they have one of those memory-eraser things from "Men In Black" - heck, all those billions of R&D have to go somewhere. i don't thing they've ever actually pulled a product out of R&D, it's all copying/embrace & extend).

anyway, some things:

1) the contention that it's beta software -- if it's beta, then don't expose it to a huge media frenzy. if you jump into the fire without an asbestos suit, you're going to get burned.

2) this is such an invalid test, i wouldn't be surprised if was being administered by mindcraft. i mean, come on, who thinks they're actually going to see any valid test results from this. i feel sorry for anybody who actually takes this test to be a test and not a stunt.

3) the volume of attempts on NT vs the LinuxPPC box have got to be skewed so horrendously that this comparison shouldn't even be brought up by any respectable reporter without finding out what that difference is and reporting it.

windows 2000 not even finished (0)

Anonymous Coward | more than 15 years ago | (#1760949)

that's what they get for testing out software that's not even finished yet

Not any apology for M$... (2)

InThane (2300) | more than 15 years ago | (#1760953)

...but the weather here on Tuesday and Wednesday was spectacular. At some points the lightning bolts were coming so fast and furious that instead of hearing individual blasts of thunder, they were coming down in a continuous roar that never faded out. Scary, exhilarating, exciting, and my power never went out. We NEVER get weather like this in Seattle - supposedly over 1000 bolts touched down Tuesday night alone!

This is no apology, though - 9 unscheduled non-weather related downs, and they blame it on the weather? Morons.

Check out the site... (3)

jammer 4 (34274) | more than 15 years ago | (#1760955)

Just checked in on http://crack.linuxppc.org. It's getting quite a few hits. I love the one status update though:

Aug 6 1999 part 4 12:38AM CDT:
At a rate of 2 million packets per hour/ someone appears to be using a brute force method to guess the passwords. Does this kind of attack count? Unfortunatly, they are trying to telnet in as root :) D'oh!

Gotta love it...

Re:windows 2000 not even finished (1)

Stonehand (71085) | more than 15 years ago | (#1760957)

?

Is untested software ever considered finished?

Re:Check out the site... (1)

grmoc (57943) | more than 15 years ago | (#1760959)

Ohh Ohh.. that REALLY cracks me up..
I wonder if its some NT admin...?

Good LinuxPPC publicity, any other PPC distros? (1)

Ben Smith (5358) | more than 15 years ago | (#1760961)

Sounds like alot of good linuxppc publicity, though I kinda feel that the distro is 'dumbed down' a bit for old mac users new to linux.

I'm gunna get my hands on TurboLinux for PowerPC, it seems like it would be more in my arena. Or possibly Debian. I really wanna try out Yellow Dog.

Anyone know of any other Distros for PowerPC?

BETA? (1)

magnetx (33177) | more than 15 years ago | (#1760964)

Is the Linux box software still in Beta? Like the Win2k box?
For some reason when Free Software bugs come up on SlashDot, BETA or PRERELEASE is always the excuse.
Just something to think about...

Re:Gee, go figure (0)

Anonymous Coward | more than 15 years ago | (#1760965)

NT is not garbage, it does some things quite nicely, unfortunately crashing is considered a product "feature" by MS, and not a "flaw." But who cares, this Linux thing is a fluke...... isn't it???

Mindcraft again, but this time... (0)

Anonymous Coward | more than 15 years ago | (#1760966)

It seems that Linux is winning this round against Windows. When Mindcraft did those benchmarks, those were under controlled conditions where the MS guys could tweak to their hearts desire and take advantage of what they knew would work right. The problem with the test was that it simulated network usage which is unreal when you compare it to a regular server hooked up to the Internet. Here we finally get a test of real server usage and Microsoft seems to be losing on this benchmark. I hope the media picks up on this just as it did on Mindcraft so that it can be said that just because Windows may transfer crazy amounts of information better than Linux, it doesn;t mean its a reliable server for hosting services on the Internet.

Ok, let's get this straight (0)

Anonymous Coward | more than 15 years ago | (#1760967)

right NOW!!! MICROSOFT is king of quality software! Linux is useless cause you cant get AOL on it! AOL invented the INTERNET they are KING OF IT. PS- dont be callin me a god damned tr0LL for tellin the tr00th.

New use for d.net: Site cracking in under 20 sec. (1)

Rocket Boy (34136) | more than 15 years ago | (#1760968)

Use d.net to crack passwords and you have a real purpose :)

Re:Check out the site... (1)

just someone (13587) | more than 15 years ago | (#1760969)

Enable the guest account.
Oops wrong OS.
Brute force a jcarr is a better solution.

Re:Interesting Take on the Story (1)

SoftwareJanitor (15983) | more than 15 years ago | (#1760970)

I saw it more as Microsoft trying to tap a little bit of the Bazzar for debugging Win2k

I saw it as Microsoft trying a publicity stunt, and getting out-maneuvered by the LinuxPPC guy.

Here's a mention of slashdot (1)

K-Man (4117) | more than 15 years ago | (#1760971)

Here [koreatimes.co.kr] is a story about the stunt from the Korea Times, with a mention of you-know-who. Darn it, there must be a lot of nerds in Korea.

I also spotted this article about a "Hacker's Lab" [koreaherald.co.kr] that allows crackers to work their way up to something like a "black belt" in cracking, by undertaking a series of canned cracks. It might be cool, might be lame, but it's kind of funny.

Re:uhhhhh (2)

dattaway (3088) | more than 15 years ago | (#1760972)

People don't seem to understand why I hate Microsoft so much. They always insist its the hardware or user problem. Bad motherboards, network cards, or a clueless administrator. Well, if that's the MS way of putting the blame on perfectly good resources, they need to wake up. Seems like when you deal with NT, you make a deal with the devil and have hell to pay when things go south...

Re:It's on the New York Times now. (0)

Anonymous Coward | more than 15 years ago | (#1760973)

Yes. But the story is actually from cnet.

Re:windows 2000 not even finished (1)

rumba (70920) | more than 15 years ago | (#1760974)

grow up

Re:Good LinuxPPC publicity, any other PPC distros? (1)

AArthur (6230) | more than 15 years ago | (#1760985)

huh? And your same thoughs apply to Red Hat Linux 6.0 on x86?

LinuxPPC isn't really dumbed down, it's about as hard or as easy to work with as Linux x86. It has the standard RedHat 6.0 installer that we all know and love (and can use in your sleep), or a new X Linux installer which lets you use a graphical gtk-perl based installer.

Installation is much like RedHat Linux 6.0, the installer has virtually everything the same, including Xconfigurator, and all of the other standard tools. You can boot Linux via either Quik (sorta like LILO for PowerPC systems -- it uses OpenFirmware which is about the equvalant to x86 BIOS) or using the handy BootX utility that allows booting from the Mac OS, is easy to use, etc.

Yellow Dog Linux is much like LinuxPPC, since they are both RedHat-Linux based, so they share installers that look and feel the same and quite similar pakcages. I might mention that parts of Yellow Dog Linux Champion Server 1.1 are higher quality then LinuxPPC, and seem to work better.

Debian/PPC is still an unstable version of Debian, it doesn't yet have a PowerPC installer (you install RedHat-type Monolithic PowerPC Linux and then replace it with Debian).

TurboLinux/PPC is quite dated, the last time I checked it was still using glibc 1.99, instead of glibc 2.1, but that may have changed, since TurboLinux/PPC is more of an far east distro then other PowerPC ones. Again, RedHat-Linux based.

Lets, not forget MkLinux Release 1, which is another RedHat-based PowerPC distro, which is currently in developement. It uses MkLinux Genric 8 alpha something for a kernel, and well it should be released this fall if all goes well.

3 important men (1)

FunkflY (33062) | more than 15 years ago | (#1760986)

I had to post relevant this forward email going around...

Yeltsin, Clinton and Bill Gates were invited to have dinner with
God. During dinner God told them, "I need three important people to
send my message out to all people. Tomorrow I will destroy the earth."

Yeltsin immediately called together his cabinet and told them, "I have
two really bad news items for you: [1] God actually exists, and [2]
tomorrow He will destroy the earth."

Clinton called an emergency meeting of Congress and told them,
"I have good news and bad news: [1] God really exists, and [2] the bad news
is tomorrow He's destroying the earth."

Bill Gates went back to Microsoft and happily announced, "I have
two fantastic announcements: [1] I am one of the three most
important people on earth, and [2] The Y2K problem is solved."

There's another W2K challenge out there. (3)

Shoeboy (16224) | more than 15 years ago | (#1760987)

Managers challenge developers to get work done using Windows 2000
SEATTLE In a move that sent tremors of fear through the programming community, project managers across the country have begun challenging their developers to write code on Microsofts new flagship operating system, Windows 2000. The challenge has not been well publicized - most developers only find out about it after being shown a box running Windows 2000 and being encouraged to get to work. The prize for victory is continued employment. So far nobody has successfully completed the challenge, although there have been several notable failures.
"It was awful," complained unemployed programmer Greg Andrews, "I couldn't do anything. I slipped further and further behind schedule until my PM decided I wasn't up to the challenge and gave me the axe."
Several industry analysts blamed these failures on one of the ground rules laid out in the challenge - PMs refuse to allow hardware upgrades for W2K users despite the fact that it requires at least 256Mb of ram and a PIII-500 for reasonable performance. The analysts speculate that the challenge could still be completed if not for a few 'features' Microsoft included in order to make the challenge more, well, challenging. First off, is the extensive use of wizards, wizards are programs that require the user to navigate through a dozen dialog boxes in order to change even the most trivial of settings. Secondly, W2K makes extensive use of MMC a specialized tool designed to aggravate users accustomed to keyboard shortcuts.
"We aimed these inovations at administrators mainly," admitted a Microsoft spokesperson, "but we're pleased to note that all users of W2K have found their productivity reduced by these tools. Wizards and MMC are part of our Zero Administration Windows initiative whereby we make administration of windows such a nuisance that nobody tries it."
Still, many developers are hopefull that they will be able to complete the W2K challenge. Observered one developer, "I'm three weeks behind schedule right now, but I just discovered that if I disable the networking services and everything that depends on them, I free up just enough memory to allow me compile my 2500 line program in under 10 minutes. I might still have a job next week."
--Shoeboy

Microsoft test (0)

Anonymous Coward | more than 15 years ago | (#1760988)

I wonder what the conversation at M$ was like just before the test.. I imagine it went like this. MSperson1: I heard there was a huge storm coming. MSperson2: I think this would be a great time to do that test server thing MSperson1: I don't know.. there's supposed to be alot of lightning. MSperson2: Yeah, it'll be great for PR, because we'll be able to say that the servers can stay running through even the most severe conditions.. MSperson1: Wow, what a great idea, and then on the W2K box, we can have a good photo of the storm. MSperson2: I think we won't put power conditioners or UPS's on the system, because W2K is so great, it doesn't require stuff like that. MSperson1: What a great idea. let's do it!!

Just Like OJ and the glove (0)

Anonymous Coward | more than 15 years ago | (#1760989)

The MS W2K challange is like letting
OJ try on the glove! Bad move.

Rather than "if it doesn't fit, you must aquit"
it should be "if starts to crash, dont spend your cash"

Microsoft test (0)

Anonymous Coward | more than 15 years ago | (#1760990)

I wonder what the conversation at M$ was like just before the test.. I imagine it went like this.

MSperson1: I heard there was a huge storm coming.

MSperson2: I think this would be a great time to do that test server thing

MSperson1: I don't know.. there's supposed to be alot of lightning.

MSperson2: Yeah, it'll be great for PR, because we'll be able to say that the servers can stay running through even the most severe conditions..

MSperson1: Wow, what a great idea, and then on the W2K box, we can have a good photo of the storm.
MSperson2: I think we won't put power conditioners or UPS's on the system, because W2K is so great, it doesn't require stuff like that. MSperson1: What a great idea. let's do it!!

Re:windows 2000 not even finished (1)

slacker990 (35417) | more than 15 years ago | (#1760991)

...but it is finnish...

sorry couldn't help myself.

Re:Weather & power (1)

DrMaurer (64120) | more than 15 years ago | (#1760992)

No shit, we got enough ups' on my work's server to power the city, not to mention the ones on individual PC's.

Yeah, we run novell here. We tried to impliment exchange server (so no-one would have to change e-mail clients), but, shit, all sorts of troubles. Groupwise (what we use now) has it's issues, but it works . . .

My next pet project: put a linux box on a novell based network. Should be fun . . .

thanks for the time

Or maybe God is a "cracker" (1)

nevets (39138) | more than 15 years ago | (#1760993)


Maybe God decided to get into. And succeeded in cracking the system.

So is God the winner?

Still waiting . . . (0)

Anonymous Coward | more than 15 years ago | (#1760994)

Just for the record, I still haven't been able to access the MS box. By contrast, I have yet had to wait for the LinuxPPC box. Makes ya go "hmmmm."

"Beta" (1)

BugMaster ChuckyD (18439) | more than 15 years ago | (#1761005)

The whole point of Beta testing is to find flaws and bugs so you CAN finish the software

Re:Not any apology for M$... (1)

SmileyBen (56580) | more than 15 years ago | (#1761006)

Even if it were true that the weather affected the test, I don't think this is any excuse for Microsoft - Message from God more like!

Realisticly (2)

BadlandZ (1725) | more than 15 years ago | (#1761007)

The second they turn on fingerd (which they might if all other cracking attempts fail), someone can grab some usernames. At that point, there is hope at something like this, but not until then. But even still, if you assume a 7 charcter password that is all lower case text (24 possable characters), ther is still something like 200,000,000,000,000,000,000 possable combinations for passwords, isn't there? (what is the statistical calculation here, I forget, 7^24? or 24^7 or something, which would still be 4,500,000,000 combinations...)

I should dig out my statistics book, and count up how many usable characters there are for passwords... Then maybe time a login attempt from a fast connection... Hmm. Well, as long on the up side, I suppose you could run a mulitple attempts to login at once and cut the time needed down drastically. Anyone actually know what the right calculation is, and what the results are for number of possable passwords and potential time required is?

core dump (1)

Ross C. Brackett (5878) | more than 15 years ago | (#1761008)

...the spokeswoman said the computer was expected to be off line for some periods of time ``as customer feedback is assessed and integrated into the system...''

I love it when marketroids encounter an unexpected directive. They seem to revert to their native dialect, marketspeak. I mean, c'mon - "feedback is assessed and integrated into the system?" What the hell does that even mean? She might as well have said "Beep. Marketshare. Assessment. Issue. Beep."

Some day, we may even need translators just to understand those guys. It'll be like that scene in Star Wars:


Uncle Owen: What I really need is a droid that understands the binary language of my marketing department.

C3PO: Marketroids! Sir -- My first job was programming apologists... very similar to your marketroids. You could say...

Owen: Do you speak technobabble?

C3PO: Of course I can, sir. It's like a second language for me...



Yeah, just like that.

This is scarcely a fair comparison (1)

konstant (63560) | more than 15 years ago | (#1761009)

Not to defend Windows2000, which I know by experience to be pretty crashy and unreliable, but citing this as proof that Linux is more stable than NT5 is far from reasonable.

To begin with, as several other Northwesterners have mentioned, the weather on the day of the Win2k crash test was incredible. My girlfriend was practically struck by a lightning bolt on her way across the 520 bridge and when I made it home my cats were shivering in a dark corner, terrified of the incessant thunder. Very odd weather. Perhaps the Almighty was displeased with Microsoft.

And secondly, do not even try to suggest that the tidal wave of 3l337 d000dz breaking themselves bodily against the walls of that Win2k box were in any way duplicated in the case of the LinuxPPC. Judging from the volume of vitriolic comments on /., just a single ping from each of the would-be crackers would have been enough to constitute a DoS attack. Everybody hates Microsoft. Very few people hate LinuxPPC. The savagery of the attacks bear no comparison to one another. -konstant

Re:Or maybe God is a "cracker" (0)

Anonymous Coward | more than 15 years ago | (#1761010)

Maybe microsoft needs those guys in Japan who developed that thundercloud diffuser? Knock god out of the picture.

The root password is "linuxppc" (1)

mmontour (2208) | more than 15 years ago | (#1761011)

>Aug 6 1999 01:15PM CDT:
>In response to the brute force attempt, we have
>decided to save him the trouble: linuxppc :)

I guess the flood of ignorant packets got boring. :-)



Re:Sad. (1)

Syslevel (69599) | more than 15 years ago | (#1761012)

The number of people you say are 'working on bug fixes and patches worldwide for Linux' is a rather uncountable number. Yes, that's by the nature of the development model it uses. But it's far fewer people than you imply. I would bet that less than 1 in 500 people using Linux these days has ever done more than rebuild the kernel source after a 'make xconfig'.

Some figures on the total number of different people who have submitted kernel patches would be in order. Plus maybe a list of the average number of people who have done so each month over the last six months.

I suspect it will end up being fewer individuals than are employed at Microsoft(~1) on Windows 2000.

Looks OK to me (0)

Anonymous Coward | more than 15 years ago | (#1761013)

PING crack.linuxppc.org (169.207.154.108): 56 data bytes
64 bytes from 169.207.154.108: icmp_seq=0 ttl=241 time=478 ms
64 bytes from 169.207.154.108: icmp_seq=1 ttl=241 time=243 ms
64 bytes from 169.207.154.108: icmp_seq=3 ttl=241 time=219 ms
64 bytes from 169.207.154.108: icmp_seq=4 ttl=241 time=190 ms
64 bytes from 169.207.154.108: icmp_seq=5 ttl=241 time=236 ms
^C
--- crack.linuxppc.org ping statistics ---
6 packets transmitted, 5 packets received, 16% packet loss
round-trip min/avg/max = 190/273/478 ms

Re:Good LinuxPPC publicity, any other PPC distros? (1)

Hollis (2246) | more than 15 years ago | (#1761014)

Yellow Dog *is* LinuxPPC. Different packaging. Whenever people ask them the differences between YDL vs MkLinux and LinuxPPC, they're always very careful to compare only to MkLinux.

I think TurboLinux is working on an up-to-date version for PowerPC, but it's not done yet. They did have something older, but I don't think I've ever heard of anyone using it.

Debian for PowerPC lacks an installer and requires a LinuxPPC bootstrap process.

Re:Slow down the server... and exhaust its memory (0)

Anonymous Coward | more than 15 years ago | (#1761015)

If you repeatedly request an ASP page that uses the Session object, and do not return the session cookie, ASP will start a new session for you on every request. The default timeout period is 20 minutes. This can be used to effectively stop a machine from serving any ASP pages, due to memory exhaustion. I tested it. It works. takes only 20,000 sessions to kill a 128MB server.

In Seattle and Tacoma we all have UPS (1)

WillAffleck (42386) | more than 15 years ago | (#1761016)

Seriously, what's with MSFT putting up a server without a decent UPS? I checked with some buds and they all have UPS and they just flickered the UPS lights a few times as they handled the lightning strikes.

So, no, this is NOT reasonable as an excuse. Operating a server, especially a web server, without a UPS in the Seattle region is sheer incompetence. A webmaster who did that without orders from above forcing him/her to not use a UPS would be fired.

'Nuff said!

Re:Gee, go figure (1)

Syslevel (69599) | more than 15 years ago | (#1761017)

No Linux isn't a fluke. It's a fairly stable operating system for a lot of people. It has it's admirable qualities.

Wether the much vaunted Open Source Development Model is a fluke is still a matter up for debate, of course. We'll see, and of course if it is "The One True Way (TM)" we can deal with it then. Right now it's somewhat of a religious crusade.

So what version of finished windows would you like (0)

Anonymous Coward | more than 15 years ago | (#1761018)

Name your version & run a test & it'll come back with similar results.

BTW, wasn't it supposed to be finished 2 years ago?

Re:apparently life is really boring for a lot of y (0)

Anonymous Coward | more than 15 years ago | (#1761035)

My life is boring because I find it amusing that yet again MS has found a way to stick their foot into their mouth? This doesn't have to be a "valid test" to be an amusing fact. I live and work in Seattle. I have been here for "the great storms". I work for the University of Washington Medical Center, where we know that downtime is measured by users, not logs. I also know that in spite of the fact that one of our facitilies was hit multiple times by lightning, we didn't lose server functions (but we *did* have lights flicker). The core of M$ can be defined by a service call that my boss had. USER - My fax modem is not working, I can connect using modem functionality, but cannot send or receive faxes. TECH - Oh yeah, we know all about this. Give me your number and I'll fax you a support doc. * 30 minutes later * LEVEL 1 MGR - Sorry that couldn't help you, what can I do for you? USER - My fax modem is not working, I can connect using modem functionality, but cannot send or receive faxes. LEVEL 1 MGR - Oh yeah, we know all about this. Give me your number and I'll fax you a support doc.

Re:Realisticly (1)

jocknerd (29758) | more than 15 years ago | (#1761036)

I'm 99.999% sure it is 24^7 which comes to 4,586,471,424 possible combinations. My question is why do you say 24 possible characters. Why aren't there 26? If its 26 then there are 8,031,810,176 possible combinations.

Re:Realisticly (1)

Stonehand (71085) | more than 15 years ago | (#1761037)

With even the stock fingerd, you should be able to turn off the "finger @host" (namely, reject all requests that don't have a valid user name). That means that most telnettable user IDs would have to still be guessed.

I'm assuming that...
* They blocked direct remote root logins. 'course.
* The standard userids that don't ever log in, are blocked ('*'), and have non-valid shells.
* They didn't leave 'round a joke UID (like 'haX0r') just for the heck of it. :-)

In addition, even with a normal uid, they could have implemented access controls that forbid su-ing except for those in the wheel group, and then relegated those logins to only console. Or used S/Key, or other fun.

Probably not an effective attack other than its DoS aspects.

OH MY GOD (0)

Anonymous Coward | more than 15 years ago | (#1761038)

They just posted the root password: linuxppc that's badass!

/etc/securetty (2)

coyote-san (38515) | more than 15 years ago | (#1761039)

For all the NT Admins breathlessly reading Slashdot to learn about The Opposition....

This is a major "D'oh!" since most (all?) distributions are configured so that telnetd *won't* allow "root" to log in over the network. Knowing the root password and a couple bucks will still only get you a cup of Starbucks coffee. "Root" is only permitted to log into a system from ports listed in the /etc/securetty file, and someone would have to be unusually braindead to add network ports to that file. (The normal procedure is to log in as a regular user, then 'su' to "root.")

Bottom line: a brute force attempt to telnet in as "root" has absolutely no chance of succeeding. The fact that someone is trying it simply highlights their own ignorance.

Re:uhhhhh (1)

Syslevel (69599) | more than 15 years ago | (#1761040)

Oh, some of us understand.

We shake our heads sadly and wish a better life for you, but we understand.

Re:yahoo gives "Full Coverage" to linux (WOW!) (1)

WillAffleck (42386) | more than 15 years ago | (#1761042)

Cool! Can someone moderate this up a few points?

Re:core dump (1)

chromatic (9471) | more than 15 years ago | (#1761043)


I mean, c'mon - "feedback is assessed and integrated into the system?" What the hell does that even mean?

Well, we know it doesn't mean that customers are submitting patches and bugfixes that make it into the code.

They're probably just changing desktop themes or something like that.

--
QDMerge [rmci.net] -- data + templates = documents.

Do I need to learn Korean first? (1)

Saadhaka (73419) | more than 15 years ago | (#1761045)

I can't make much since of that site... HackersLab. I was amped about geting my orange belt in ping bombing. Guess I need to hit the books first. ÀüÅõ. ½Ã ÄÄÇÅÍ ÃßôÇÏÙ æ±â.

Makes you wonder if they even load it (1)

WillAffleck (42386) | more than 15 years ago | (#1761048)

Haven't dropped by their site, but one wonders if they even have a load on it, with multiple groups of users sending different requests. Or is it just a one trick pony port 80 web server?

I don't blame them for shutting down telnet, if they expect hacks.

Windows 2000 working, I don't think so... (1)

nextreme (45582) | more than 15 years ago | (#1761055)

Yeah, I had a chance to test my own copy of Windows 2000. The first thing I have to say about that is that it really sucked, it never crashed (BSOD) on me, but plenty of weird things happened that made me reboot. All I have to say is that Windows 2000 sucks. I am surprised that Microsoft even thought that it would stay up for even a day. Linux rocks windows, that's my 2 cents.

Are the "software-related" crashes meaningful? (1)

Stonehand (71085) | more than 15 years ago | (#1761056)

That is, are any of them not due to filled event logs, or very similar DoS's?

Non functional feedback page (1)

Slak (40625) | more than 15 years ago | (#1761057)

Now the feedback page is saying that the comments field is required. Duh; where do you think I typed in my comments. M$ doesn't know HTML or validation, methinks.

I wonder why... (0)

Anonymous Coward | more than 15 years ago | (#1761058)

...it took them so long to turn on the syn attack filter.

8/6/99 Events

9:20am - Router back up, traffic hitting site. SYN attack filter appears to be working. Receiving an average of 600 datagrams/sec, 100 fragments/sec.

9:00am - Reset TCP to handle SYN attacks. See http://support.microsoft.com/support/kb/articles/q 142/6/41.htm.
Set Valid Retransmission Times Elapsed to 3 seconds
Set Enable Dynamic Backlog to 1 (enabled)

6:00am - All network traffic stopped. Router down.

The site seems much faster now. (The url in the log is wrong, its .asp not .htm)

A little off topic (2)

DanaL (66515) | more than 15 years ago | (#1761060)

I don't mean to go off on a tangent, but it's great to see that Linux reporting seems to be getting more and more accurate. You used to have to wince a lot at the misconceptions and errors that showed up in news articles about Linux, but this one summarized things well and I didn't see any glaring mistakes.

It's nice to see!

Sad. (1)

Matt2000 (29624) | more than 15 years ago | (#1761062)

The sad thing about this is that it seems Microsoft has spent so much on Windows 2000 that they can no longer afford to a UPS to avoid things like power fluctuations.

Thats what you get when you let a marketing person field technical questions, "Umm, my kid put a peanut butter sandwich in the disk drive and it crashed. Therefore my kid is the winner of the contest."

needs more details (1)

nerv (69052) | more than 15 years ago | (#1761065)

what I would like to be posted in the news is the fact that windows2000test has ONLY httpd running on port 80. That would not even make a practical server. The LinuxPPC server has enabled telnet to make it fair. Oh well, at least the story used the word 'crackers' correctly.

Re:Not any apology for M$... (1)

lisa (19611) | more than 15 years ago | (#1761067)

The weather was spectacular. Although for me, being from out of state, it wasn't a new thing. It was interesting to see how Seattlites reacted-like it was the end of the world or something. Apparently, not even Microsoft was prepared....


-Lisa

Re:windows 2000 not even finished (0)

Anonymous Coward | more than 15 years ago | (#1761068)

Linux isn't "finished yet" either.

Average Win2kTest server uptime (1)

kspett (75618) | more than 15 years ago | (#1761074)

The average uptime before reboot onw www.windows2000test.com [windows2000test.com] was 14.4 hours as of 12:00 lst night. This does not even count the nameserver problems, etc.


Kspett

Re:OH MY GOD (0)

Anonymous Coward | more than 15 years ago | (#1761075)

Looks like somebody got into the linuxppc box - comes back as unreachable....

Just a Pokemon (1)

WillAffleck (42386) | more than 15 years ago | (#1761076)

Nah, just took a spare pokemon with an energy card.

Re:uhhhhh (1)

Stonehand (71085) | more than 15 years ago | (#1761077)

Because you don't have infinite storage: the best you could possibly do is probably use a separate system, burning to write-once mass storage (separate and write-once to preserve integrity), and even then you'll run out of media. There is a fundamental compromise with any logging system.

You can either:
* Let the machine continue to run when you're out of log space. This means that either you cull the old log, or preserve it but nothing further is logged until the space problem is resolved. If you choose the latter, a malicious cracker can attack your machine, and then flood it with event-causing occurrences to erase logs of the attack; if the former, he simply switches the order.

Either way, it is going to be possible for a malicious cracker to act in a way that is *not* logged, which means that you will have a far more difficult time preventing a repeat attack -- or possibly even detecting such. For many, this is unacceptable.

* Or, you can shut down the machine so no lamer/cracker can do further damage to it, and you are ensured the ability to analyze the logs.

Since you cannot prevent a full DoS (e.g. simple packet floods. If you block those alleged originating networks, then you've lost some service. That's why the rules don't count DoS attacks.) anyway, some security guidelines require that the machine be shut down instead.

Re:Check out the site... (0)

Anonymous Coward | more than 15 years ago | (#1761078)

Just checked in on http://crack.linuxppc.org Me too. I didn't get to it. Was it finally taken down?

IIS doesn't handle HTTP properly... (1)

MS (18681) | more than 15 years ago | (#1761079)

I tried to telnet to www.microsoft2000test.com on port 80, and this is what I got:

/home/markus> telnet www.windows2000test.com 80
Trying 207.46.171.196...
Connected to www.windows2000test.com.
Escape character is '^]'.
HEAD / HTTP/1.1


Terminated
/home/markus> telnet www.windows2000test.com 80
Trying 207.46.171.196...
Connected to www.windows2000test.com.
Escape character is '^]'.
HEAD / HTTP/1.0


Terminated
/home/markus> telnet www.windows2000test.com 80
Trying 207.46.171.196...
Connected to www.windows2000test.com.
Escape character is '^]'.
HEAD /


Terminated

I had to terminate all connections by killing the telnet session to Microsoft's server. Shouldn't the server have returned me some info? Was HEAD disabled? I think this is a crippled down implementation of IIS.

:-)
ms

Re:windows 2000 not even finished (1)

Tau Zero (75868) | more than 15 years ago | (#1761081)

I don't Bolivia had the guts to post that.

Linux PPC box (1)

generic (14144) | more than 15 years ago | (#1761082)

I think we should beat on that LinuxPPC box. I think they should open up DoS attacks also just to prove a point. They should open sendmail and ftp ports also. I mean they have posted the root password on the website already. That is pretty confident if you ask me.

Re:Gee, go figure (1)

SamIIs (65268) | more than 15 years ago | (#1761084)

No Linux isn't a fluke. It's a fairly stable operating system for a lot of people. It has it's admirable qualities.

Dude, it was a joke.

Post less, think more.

I can't believe its not BETA! (2)

_Sprocket_ (42527) | more than 15 years ago | (#1761087)

I kind of brushed on this in a previous post [slashdot.org] . Allow me to re-hash the main points...

It's not your father's Beta.
The term 'beta' has been dilluted, if not completely nullfied, by current industry actions. Commercial software these days never actually stops being developed. The progect just gets published and sold (sorry, 'licenced') to consumers; even with known "issues" (read: bugs). As a consumer, you hope that the software house you purchase products from is willing and able to put out fixes for these bugs at a, hopefully not-so, later time. Microsoft does it. Netscape does it. It's standard practice. Now, in a more development-centric environment (where Marketing doesn't control the progect) such as your favorite Open Source progect... "Beta" might actually mean "there's known bugs here that we want to fix before we say it is 'ready'".

Breathe in... release.
Microsoft's W2k progect is now in its final stages. They've released a "release candidate" to their testing public. I would hope this means they're pretty sure they are close to a finnished product. Baring any suprises the massive amount of testers might find... its close to a done product. MS says this product is stable. Shouldn't it be?

It's my party...
This is Microsoft's show. They're the ones who went for the publicity stunt. Let's not forget that MS, for the most part, are greatly skilled at PR. So if they didn't think W2K was ready... if they suspected that it was still buggy and 'beta'... why did they pull a stunt to bring attention to this fact? And, again, if they knew it was unstable why do they not simply state that the product is 'beta'?

...and I can configure as I want to.
An even better point is that Microsoft controlled the configuration of this test. They picked the hardware. They picked the software (including access to the world's best information source in the world on how to tweak a W2K installation- themselves). This was not some unskilled admin setting up a shaky configuration on obscure hardware. If MS, with their resources, can't keep W2K stable... who can?

I said it before - MS tried to pull a quick publicity stunt and got stung by it. Badly. "Beta" hardly explains this one away.

Re:BETA? (1)

jammer 4 (34274) | more than 15 years ago | (#1761094)

I don't think "beta" is the issue. Supposedly Redmond is running all their internal services on W2K so it's pretty much production anyway.

Weather & power (1)

SoftwareJanitor (15983) | more than 15 years ago | (#1761095)

Does Microsoft expect us to believe their server was down due to power outages? Haven't they ever heard of a UPS? Microsoft certainly can't claim they can't afford to put something nice like an APC 1400 on a server.

Does Microsoft really expect us to take them seriously as an enterprise-capable vendor if they would consider putting up a publicly accessable web server (even for a test) without putting it on a UPS?

Seems like some pretty lame attempts at PR spin to me. With what Microsoft pays for advertising and PR, they can certainly do better.

uhhhhh (0)

Anonymous Coward | more than 15 years ago | (#1761096)

I wish reporters would read the fsck'ing logs. The Win2K box crashed once (but it had reboots and service restarts). Once again, the anti-MS FUD spreads.... The double standard that the industry, Slashdot and the media has with Microsoft is sickening. Why can't we get back to doing what's important: improving people's lives through software/hardware?

Re:BETA? (1)

mjankows (21230) | more than 15 years ago | (#1761097)

its really ALWAYS in beta. There is not a finished product. Its just that the "beta" is a lot more usable than what proprietary calls "beta".
-Matt Jankowski

Re:BETA? (1)

nerv (69052) | more than 15 years ago | (#1761098)

i understand what you are saying, but i think the whole point of the LinuxPPC deal is to show that Linux (maintained by a loose knit team of hackers), kicks windows2000 (an OS made by the biggest and most powerful software company). But even when Windows2000 comes out of Beta, it'll still crash on its own cause its NT based. You still have to admit, Win2K crashing while ONLY running httpd on port 80 and nothing else is quite sad, even in Beta Testing.

yahoo gives "Full Coverage" to linux (0)

Anonymous Coward | more than 15 years ago | (#1761099)

This link [yahoo.com] points to a yahoo page dedicated to linux that is updated nearly every day.

Re:Sad. (1)

j-p.s (74232) | more than 15 years ago | (#1761100)

There's only so much money you could spend on Windows 2000, though, and after that you get no returns. Why? Because the number of people working on bug fixes and patches worldwide for Linux have far, far exceeded the number of people in Microsoft's software "engineering" department.

Linux has been tested to destruction by so many people, all of whom could have a good poke around in the code and say, hey! this bit doesn't work under this condition, so let's change it. Microsoft software has been tested in that way just by the people who wrote it. What do they expect?

makes you wonder... (1)

bonk (13623) | more than 15 years ago | (#1761101)

If Microsoft themselves weren't the cause for some of that reportedly intense weather. BillG: I summon you, lord of darkness and master of the regions of hell and keeper of the dark abyss. I summon you forth to do my bidding! Satan: Hi bill! What's up? BillG: Umm, we're having trouble with this contest thing, can you help us out? Satan: Sure thing old pal! KRACK! BOOM! THUNDER!

Re:uhhhhh (0)

Anonymous Coward | more than 15 years ago | (#1761102)

well it's because micorsoft is destroying peoples lives through software/hardware. they suck.

Interesting Take on the Story (0)

Anonymous Coward | more than 15 years ago | (#1761103)

I have to admit, that when this whole "crack my box!" contest started, I hadn't really thought about it as a Windoze vs Linux thing. I saw it more as Microsoft trying to tap a little bit of the Bazzar for debugging Win2k, and a Linux guy stealing the idea. But it seems that the press has picked up on it as a contest between OSen to see which is more secure - something I'm pretty sure the Boys in Redmond never intended. My hat is off to the LinuxPPC dude - he managed to out-Mindcraft Microsoft! Hey Billy, it appears we can play the FUD game too. :)

Re:Weather & power (1)

GNUCyberKat (62503) | more than 15 years ago | (#1761123)

I agree here. Whenever we purchase or commission a server, we always ensure that a UPS is present. It is mandatory for a server. I suspect that Microsoft is either pulling a fast one here or was completely stupid about the UPS issue!

Re:uhhhhh (1)

nerv (69052) | more than 15 years ago | (#1761125)

amen. finally, someone who has it right. MS needs to be taken down and bashed because of how they have ****ed up the industry all these years.

Not beta. (1)

FascDot Killed My Pr (24021) | more than 15 years ago | (#1761126)

Yes, W2k is still in beta.

But MS specifically said that they thought W2k was ready for the real Internet security world, so I consider that non-beta.
---
Put Hemos through English 101!
"An armed society is a polite society" -- Robert Heinlein

If it's not Mindcraft, it's CRAP! (2)

Wah (30840) | more than 15 years ago | (#1761127)


Let them set up two servers, and we'll benchmark cracking protections. Wonder who would win?

(crashing 9 times, laugh, laugh, laugh, cough, laugh)

I've said it before and I'll say it again. (1)

rjforster (2130) | more than 15 years ago | (#1761128)

The best thing about Microsoft products is that they come with a 'best before' date.

Re:BETA? (1)

oddjob (58114) | more than 15 years ago | (#1761129)

One of the nice things about Open Source software is there is no _need_ to make excuses for bugs. There will always be bugs, but when you have the source and things are in the open, they are easier to find and fix. In the MS world, on the other hand, bugs are viewed as something that must be denied, covered up, blamed on someone else, or passed off as a feature until they can be fixed in a "service release".
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?