Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Microsoft Blames Stupid Admins for IIS Woes

By DeadBaby in MLP
Sun Oct 14, 2001 at 06:18:12 PM EST
Tags: Internet (all tags)
Internet

On the heels of the Gartner group making the unprecedented move of recommending mass transition from their IIS software, Microsoft is finally getting to the root of the problem.

Microsoft blames laidback sys admins for IIS breaches.

Update [2001-10-18 12:46:39 by rusty]: DeadBaby notes that: "Microsoft has retracted this statement."


No, this isn't a story about Microsoft's promises to re-write IIS or their new security tools. It's a story about the biggest security problem we face today: Incompetent administrators.

The Microsoft employee interviewed for this article says IIS admins are "too laid back" and that due to IIS's 50% market share (I have no clue how he gets that number) it's a more lucrative target for would be hackers. He also makes the claim that there were more patches for Apache last year than IIS, which also might be factual true in some way but likely not.

While the numbers of IIS market share and Apache vs. IIS patches are questionable I do think he hits on the main reason for the IIS meltdown we've seen over the last year. I can't even begin to sum up the number of fresh NT installs I've found sitting on the internet with NO firewall protection, NO patches, and a cornucopia of extraneous services.

I wish I could tell you the response of these admins when presented with the news their servers are train wrecks waiting to happen but the truth is small businesses cannot afford full time system administrators. Many of these systems were shipped directly from the OEM poorly configured, then setup by a local computer shop for one or two very specialized tasks (often only file sharing & PDC) without any extra attention paid to security or the overall well being of the internet.

The times I have been able to track down an administrator the overall response is mostly "oh, I'll probably do that next week" or "we don't upgrade to newer service packs unless we're told to" (likely a NT4 hold over policy)

I am glad to see that, at least the UK division of Microsoft, is starting to notice a trend that has been abundantly clear to those of us who've had extended contact with poor system admins:

Your systems are only as secure as your admin is competent.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Blaming IIS admins is:
o Mostly fair, poor admins and NT to together well. 19%
o Unfair, no human can keep up with IIS patches. 14%
o A lame excuse. 41%
o fetch apache_1.3.22.tar.gz 25%

Votes: 68
Results | Other Polls

Related Links
o recommending
o Microsoft blames laidback sys admins for IIS breaches.
o Also by DeadBaby


Display: Sort:
Microsoft Blames Stupid Admins for IIS Woes | 43 comments (43 topical, editorial, 0 hidden)
Yes and no... (4.40 / 10) (#1)
by Zeram on Sun Oct 14, 2001 at 11:04:24 AM EST

There hasn't been a total system access level exploit in Apache in over three years. That is mainly due to the fact that Apache is more mature than IIS. However don't think I disagree. Nothing will ever replace a good sys admin, ever! And here is the proof!
<----^---->
Like Anime? In the Philly metro area? Welcome to the machine...
Well, it could be worse. (1.13 / 23) (#2)
by plutarch on Sun Oct 14, 2001 at 11:19:59 AM EST

At least they're not blaming Americans for causing the terrorist attack on the WTC.
Leftism is the ideology of resentment. It is is the ideology of the frustrated will to power. It matters not how much or how little power the Leftist has at the moment. The point is, he wants more, and he can't get it.
quite true. (4.10 / 10) (#3)
by rebelcool on Sun Oct 14, 2001 at 12:57:12 PM EST

Windows is easy to use. That's why. You can drop a reasonably computer literate person in front of an NT box, give them a few minutes of instructions and they will be able to get services going. Of course, NT does have alot running by default, so perhaps the difficult thing is teaching people how to disable what you do not need.

Unix, not so simple. You need a decent knowledge of how to use unix to be able to launch those kinds of services. (unless you're using a popular distro...they seem to load up all the services by default too) It's harder to use, thus the job gets relegated to better trained, hopefully more knowledgable and responsible admins.

It has little to do with patches...patches are certainly not unheard of in the unix world, nor are security holes. But you do need a knowledgeable admin to apply the patches.

COG. Build your own community. Free, easy, powerful. Demo site

Sortof... (none / 0) (#38)
by der on Mon Oct 15, 2001 at 10:55:13 PM EST

I'm not saying your point is completely without merit (certainly some things in UNIX are a PITA compared to NT) but...

Replace "resonably computer literate person" with "person who is reasonably familiar with Windows" (which is what that really means) and that comment rings a bit more true.

If this person was resonably familiar with UNIX (ie he/she had used it on almost every computer he/she's ever used) and had never used Windows, the tables would turn.

Like I said, you have a point, but it's sort of a pet peeve of mine when people assume Windows is "easy to use" just because everyone's familiar with it. :)



[ Parent ]
50% market share (4.60 / 5) (#4)
by Carnage4Life on Sun Oct 14, 2001 at 01:19:28 PM EST

The Microsoft employee interviewed for this article says IIS admins are "too laid back" and that due to IIS's 50% market share (I have no clue how he gets that number)

Probably from the Netcraft web server survey. As for the people who don't think IIS admins are to blame, check out the graph of vulnerable and rooted IIS systems over the past year. These are all exploits with patches that have yet to be fixed by the admins.

Ummmm.... (2.60 / 5) (#7)
by GreenHell on Sun Oct 14, 2001 at 01:53:06 PM EST

....how does that show MS has a 50% market share? It mentions MS as having a 28% market share, or about 50% of Apache.

-GreenHell
This .sig was my last best hope to seem eloquent. It failed.
[ Parent ]
He may be basing it on hosts (4.33 / 3) (#9)
by Carnage4Life on Sun Oct 14, 2001 at 01:59:51 PM EST

There's a pie chart that shows that the number of machines running Windows on the web is about 50% of the machines out there. Of course, once one considers that some of them could be Win9x and that a few of the WinNT/Win2K boxes may not be running IIS, then it using that graph to claim IIS is 50% of the market is probably incorrect.

I dunno, maybe the person quoted is using other numbers.

[ Parent ]
It is wrong no matter how you look at it (none / 0) (#20)
by Pac on Sun Oct 14, 2001 at 07:52:28 PM EST

The complete quote from the article is:
"When IIS gets hit by viruses the figures look a lot worse than they are because 50 per cent of the world's servers have IIS"

Assuming 50% of all Internet hosts run some incarnation of Windows (a somewhat fair assumption), the above sentence plainly wrong.

It must assume that all Windows installations are using IIS. A mathemathical impossibility, since Apache has 67% of the total webserver marketshare.

During the Code Red event, the most responsible damage predictions were using a total possible target universe of more or less 25% of all Internet hosts.

It just seems to me that Microsoft people have a hard time separating their marketing speech from reality, even when trying to come across with a serious security pitch.


Evolution doesn't take prisoners


[ Parent ]
Difference between number of sites and hosts. (none / 0) (#23)
by Trepalium on Sun Oct 14, 2001 at 10:47:55 PM EST

There's a fundimental difference between the number of sites running Windows and IIS and the number of hosts running Windows and IIS. Microsoft webservers have 27% of the web site market, but Microsoft OS's power 50% of webserver hosts. What this also means is that the average Apache server handles more sites than the average IIS server.

In fact, from Netcraft's own words: "... despite some uncertainty due to the survey's error margins, it would be fair to say half of public Web Servers world-wide are run on Microsoft operating systems. Although Apache runs more sites than Windows, Apache is heavily deployed at hosting companies and ISPs who strive to run as many sites as possible on a single computer to save costs. Windows is most popular with end-user and self hosted sites, where the host to computer ratio is much smaller."

[ Parent ]

It could be worse (1.33 / 36) (#5)
by plutarch on Sun Oct 14, 2001 at 01:27:10 PM EST

At least they're not blaming America for the WTC atrocity.
Leftism is the ideology of resentment. It is is the ideology of the frustrated will to power. It matters not how much or how little power the Leftist has at the moment. The point is, he wants more, and he can't get it.
It is all your fault!!!! (1.13 / 23) (#6)
by Aswer al Kilyuall on Sun Oct 14, 2001 at 01:39:51 PM EST

I am poor and ignorant and my wifes are ugly and my computer is crashing and it is all your fault!!!!!

Welcome to my .sig!!! I kill you!!!!
[ Parent ]
hm. (3.00 / 6) (#11)
by rebelcool on Sun Oct 14, 2001 at 03:39:59 PM EST

i swear i saw this already get knocked down... and all those account names giving this 5's looks suspiciously similar.

COG. Build your own community. Free, easy, powerful. Demo site
[ Parent ]

UIDs for rating of 5 (none / 0) (#24)
by jbridges on Sun Oct 14, 2001 at 11:55:37 PM EST

502
15429
21721
21727
21734
22032

So at least 3 are likely the same person.

A couple '1's are from UID's which are also very close together.

I don't have access to the '0' ratings (boo hoo).



[ Parent ]
Yep (none / 0) (#25)
by Elendale on Mon Oct 15, 2001 at 12:56:20 AM EST

This guy (guys?) has/have been going around with the multiple accounts abuse. Rusty/Inoshiro/Crew will be taking notice of it any day now.

-Elendale
---

When free speech is outlawed, only criminals will complain.


[ Parent ]
its in my diary... (none / 0) (#31)
by rebelcool on Mon Oct 15, 2001 at 11:24:39 AM EST

I put a few examples that i've noticed in it.

COG. Build your own community. Free, easy, powerful. Demo site
[ Parent ]

Not always bad admins (4.50 / 8) (#8)
by Nickus on Sun Oct 14, 2001 at 01:54:14 PM EST

Well, sometimes the admins are just too overworked to be able to cope with everything. It is not an excuse but it is still a fact.

Then ofcourse with Window software which installs a lot of shit without asking you or telling you there is a problem to patch it. Especially if you don't know it is running there.

No need for me to rant. We don't do Windows :-).

Due to budget cuts, light at end of tunnel will be out. --Unknown
Warnings.. (3.60 / 5) (#10)
by DeadBaby on Sun Oct 14, 2001 at 02:14:47 PM EST

Another thing which I think comes into play, as minor as it seems, is the fact that most unix server software MAKES you configure it to run as a service (either via inetd or a startup script) and it often gives you grave warnings in the documentation to not start the software unless you know what you're doing.

Microsoft's documentation for NT is obviously signed off on by the PR department since it never even suggests for a moment that any Microsoft product could cause security risks.

Something as simple as "CHANGE THIS SETTING BEFORE YOU START THE DAEMON!" vs. "Click "start service" and have a swell day because Microsoft is here to help you!" can make a huge difference in the mindset of an administrator.


"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
[ Parent ]
Wha...What? (4.00 / 3) (#13)
by Carnage4Life on Sun Oct 14, 2001 at 04:24:58 PM EST

What UNIX software are you talking about? Wu-ftpd, BIND, Sendmail, the rpc*d daemons? All these and more have had massive exploits and even come enabled by default on some *NIX machines.

Software is shitty and admins are shitty. Throwing blame around trying to make it seem that UNIX software is somehow better at being secure than MSFT software is applying selective memory to the software development over the past few years.

[ Parent ]
That is true (4.66 / 3) (#16)
by DeadBaby on Sun Oct 14, 2001 at 05:15:35 PM EST

There's no doubt that moden Linux distros either rival or beat Microsoft in utter insanity of default install options but if you were to install, say Redhat, with "High" security settings and then add services one by one, you'll be presented with quite a few grave warnings along the way and a lot of sound security advice as well.

I mean you have BIND giving you instructions on how to chroot it, apache running by default as a nobody user whereas adding IIS or MS DNS to Win2k server installs default settings with no warnings at all.
"Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
[ Parent ]
Like the ones at Hotmail? (4.33 / 9) (#12)
by hedgefrog on Sun Oct 14, 2001 at 04:06:09 PM EST

I had one of their servers trying to infect me with Code Red about a week after they were posting their "You had better do this now, and we really mean it" warnings.
slashdot is to linux what osama bin laden is to islam - a pimple on the arse - Eviltwin
Thats so full of shit... (4.50 / 8) (#14)
by Sawzall on Sun Oct 14, 2001 at 04:50:50 PM EST

Blaming the Admins for a crappy system. Sure, we download the latest patches - but live in absolute fear of what other systems they will break if you install them. So you put them up on your sandbox servers, have trusted users beat on them for a while, then hold your nose and try it on production machines. And of course, rarely are your sandboxes exact duplicates of the production units - no one can afford that.

So simply put, you take your life in your own hands every time you apply one of these patches. Its Hobsons choice - applying it may break your production, not applying it may allow a virus, cracker or other malcontent in. Either way, you better have your resume warmed up. No amount of training can allow you to overcome the crappy code that MS puts out. (and yeah, I got the MSCE, so flame away).

There is the IIS security checklist (none / 0) (#22)
by khym on Sun Oct 14, 2001 at 10:01:35 PM EST

Microsoft created a security checklist for IIS admins to go through, things like deactiving sub-services not being used, deleting example files, and moving the WWWroot directory away from the standard location. Someone on Slashdot (not a very MS friendly place) claimed that he did all of these things, and his IIS server was never compromised, even without any of the patches.

Of course, Apache ships with a more secure default configuration, without all the bells and whistles turned on, so in that way Apache is more secure than IIS. But it still isn't all Microsoft's fault.



--
Give a man a match, and he'll be warm for a minute, but set him on fire, and he'll be warm for the rest of his life.
[ Parent ]
They're both wrong (none / 0) (#39)
by lucidvein on Tue Oct 16, 2001 at 02:23:22 AM EST

The IIS checklist works well if you perform it on a fresh install. But if you have taken measures to secure the box yourself and then run the lockdown scripts, there are situations where it will actually open holes back up!

There is also a tool to check for patches now which works well enough... But does break perl in some cases.

So I'd say it's more half and half. Lazy QA and lazy admins.

[ Parent ]
They want to bitch? Fine. (3.37 / 8) (#15)
by Elendale on Sun Oct 14, 2001 at 04:58:43 PM EST

But first, they need to clean up their act. MS can bitch about lazy sysadmins when they put out secure products, no sooner.

-Elendale
---

When free speech is outlawed, only criminals will complain.


A product is only as secure... (4.00 / 3) (#17)
by rebelcool on Sun Oct 14, 2001 at 05:19:55 PM EST

as the competance of the people who run them. Server applications are far from the easiest things to write, and security holes are far from obvious to spot.

Hence the reason in open source software there are still loads of holes - it's just not so easy as looking at the code and pointing out a flaw.

Whether it be MS software or someone elses, the person running it must be responsible for applying patches when they are released.

COG. Build your own community. Free, easy, powerful. Demo site
[ Parent ]

A cure worse than the disease? (4.33 / 3) (#18)
by Trepalium on Sun Oct 14, 2001 at 07:27:37 PM EST

One of the reasons people have been hestitant to apply Microsoft's patches in the past is there have been more than a couple cases where the "fix" caused severe problems sometimes even requiring a reinstall of the OS. While I'm sure lazy administrators has much to do with it, so does the fear of breaking a working configuration with patches that may fix a security hole while simultaneously breaking a feature or bug a particular application requires. Then there's the entire rebooting nonsense. I still haven't figured out why IIS patches require a reboot to install on NT4 and W2K (for some patches).

[ Parent ]
While this may be true... (3.00 / 2) (#21)
by Elendale on Sun Oct 14, 2001 at 08:39:28 PM EST

Microsoft is just as guilty as any lazy sysadmin. It's the proverbial case of Pot to Kettle: You are black.

-Elendale
---

When free speech is outlawed, only criminals will complain.


[ Parent ]
MCSE (none / 0) (#19)
by jesterzog on Sun Oct 14, 2001 at 07:30:41 PM EST

Incidentally, does anyone have any clue about what impact an MCSE has on Microsoft-based sysadmin behaviour?

If there's one thing I can say about the people I know with an MCSE, it's that they know to get and install patches on Microsoft products. I don't know if that's something that's effectively taught, or if it's just that they've picked it up from good supervision.

I'm sure if Ian Hellen had said anything else, it would have been that MCSE-qualified sysadmins would be trained how to run the system properly, and I'd guess the sysadmin culture he's complaining about are the people who just install and run without any attempt at training.


jesterzog Fight the light


Mostly fair, I guess... (5.00 / 1) (#26)
by WWWWolf on Mon Oct 15, 2001 at 06:14:28 AM EST

I think it's mostly fair to blame the admins, too. After all, in Linux world, when a Major Worm tries to spread, we hear whining like "well, this is what happens when folks don't do apt-get update && apt-get dist-upgrade every day" and "what the hell people still use bind and wu-ftpd for, those things should be dead and buried". =)

Until very recently, though, MS was marketing NT with stuff like "even trained monkeys can administer these, unlike *NIX which requires IQ of 280"... It's nice to see MS is trying to make people aware that their OSes, like every other OS, aren't exactly "fire-and-forget" weapons.

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


Small part of the problem (4.33 / 3) (#27)
by CaptainZapp on Mon Oct 15, 2001 at 09:42:36 AM EST

Sure, a lot of sysadmins in the Microsoft area would be well advised to get a clue. I'm sometimes frightened about how easy (a lot of) those people perceive it to set up and maintain a network, or a mission critical database. Those are complex systems, which don't get any less complex by GUIs, Wizards or dancing paperclips.

However, shifting the blame on the admins for not being up to date is a cheap excuse for a security architecture which is flawed from the core. Although it might get a little better with XP (I won't know, W2K is the last MS-OS I have on a laptop partition and it will remain that way, forever or until to its deletion, no DRM shit for me), Microsofts fundamental security problem is to ship-now, patch later.

Now, this might be fine for individuals with a lot of time on their hand and a broadband connection. For corporations it's a nightmare, because

  • Patching your machines once a month is a good job, patching them weekly is extremely brave and patching them daily is just outright impossible
  • Microsoft is not known for it's quality control in the patching department. Through the massive, everything interwired (not to say horrible) architecture of Windows, each and every change is a risk. As we all know (cough!) IE is a vital part of the operating system. Personally I don't care to have my database corrupted, or my OS re-installed, because some MS-programmer heard his managers whip cracking, if he didn't get it out the door fast. Sure, every patch for every OS has risks, but Microsoftys abyssimal track record (NT Service Pack 6, or the Office patch which prevented office to start at all, anyone ?) would make me as a sysadmin extremely weary, to install an untested patch from our Redmond friends.
  • Even worse, you deal in a blackbox environment. Having applied a patch to 19 machines successful, does not mean that it will work on the next one. And it's likely, that you hardly have a clue why this would be.

    There are a lot more reasons, but you get the picture.

    Further, it might be a sort of Direct barell of pump action to your foot, pull trigger. If it doesn't hurt, try again... action by Microsoft. Here's a hint: "You are alienating and insulting your sysadmins". A lot of them, especially the good ones, won't like this much and might start to work against MSs interest. Maybe even by such depictable actions like starting to install a few Linux boxes behind their managers backs.

    The same managers reading a recent Gartner Group report. A report that has not many favorable things to say about a Microsoft core, server product. It is understandable that the manager carefully locks his office door, opens a desk drawer and takes out a bottle of Vodka, which he keeps there for real emergency situations...

  • Funny (none / 0) (#28)
    by MrAcheson on Mon Oct 15, 2001 at 10:14:38 AM EST

    Microsofts fundamental security problem is to ship-now, patch later.

    This has got to be the funniest thing I have seen from someone advocating open source by default. Why? Because open source is never complete. In fact CatB advocated using a million tiny releases which require you to patch your software on at least a weekly to daily basis in order to stay up to date. Why require? Because anyone who knows where to look can find a list of these exploits with chapter and verse of how to implement them. Often with handy utilities to make the job of using the exploit easier. This mentality of OS "everyone has a right to know" security has been openly criticized before.

    Furthermore I find it incredibly hypocritical that often times when a someone runs a side-by-side "hack this box" test between linux and NT, the cry that goes up when the linux box goes down first is "it wasn't properly administrated." So how is this any different? Well really its not, the only problem is that this MS administration problem is epidemic, probably because NT workstation is widely used on the corporate desktop and unix variants aren't.

    Now as for the rest of it, you have a point. Microsoft's patching strategy sucks and the internal security of their operating systems sucks too. NT is easy to administrate badly but hard to adminstrate well, especially remotely and across a large number of systems. It is not unusual for their big updates to break important programs. Furthermore because they tend to install patches as service packs, you often have to take the bad with the good or leave yourself open.


    These opinions do not represent those of the US Army, DoD, or US Government.


    [ Parent ]
    Zealots (none / 0) (#29)
    by CaptainZapp on Mon Oct 15, 2001 at 10:43:52 AM EST

    I don't claim that Linux is perfect. As a matter of fact, some quality control measures wouldn't be too much out of line (There was that 2.4.11 release, which could somehow bungle symlinks badly, for example). On the other hand, since Linux for the most part is produced by volounteers, the overall quality is outstanding. Quality control for the average techie comes somewhere between testing and documenting; most don't seem to care very much. However, if you want a free (as in beer and in speach) OS, you can always use one of the *BSD variants, which beats virtually any commercial OS hands down in terms of security.

    Further, since I work for a long time in the database field I ceased long ago giving a rats arse for benchmarks.

    My reason to use Linux is just that it works best for what I'm doing and provides me with far lesser headaches then commercial OS variants (including the IBook of my sweetie). Granted, this comes at a price of a steap learning curve; but once it runs, it usually stays that way.

    [ Parent ]

    2.4.11 (none / 0) (#30)
    by DJBongHit on Mon Oct 15, 2001 at 11:23:09 AM EST

    There was that 2.4.11 release, which could somehow bungle symlinks badly, for example

    Eh, while it was a bug in the kernel, it was only brought out by userland code which did stupid stuff - to get bitten by the bug you'd have to create a symlink to file that doesn't exist and then create the file by writing to the symlink. That's a pretty dumb way of doing something, but SuSE's package manager does this and that's how the bug was discovered so quickly.

    ~DJBongHit

    --
    GNU GPL: Free as in herpes.

    [ Parent ]
    Nice nick, btw (none / 0) (#32)
    by CaptainZapp on Mon Oct 15, 2001 at 12:49:11 PM EST

    Yep, and I think it was the shortest lived new version anyways. (2 days until 2.4.12. was available ?)

    Actually this speaks for Linux. Commercial vendors might just shrug it off (ye know, it's an exotic error anyway) until suchathing is widely publicized. Open source OS fixes usually roll in pretty fast.

    [ Parent ]

    Yeah (none / 0) (#34)
    by DJBongHit on Mon Oct 15, 2001 at 02:30:53 PM EST

    Nice nick, btw

    Ahh, new here, are you? :)

    Yep, and I think it was the shortest lived new version anyways. (2 days until 2.4.12. was available ?)

    Nah, 2.4.12 came out the next day, didn't it? I'm having some issues with 2.4.12 though... when I put my laptop to sleep, the PCMCIA stuff doesn't like to wake back up. But oh well, no biggie... if I pull the card out and put it back in it comes back to life. That's what I get for using an "obscure" architecture (PPC). :)

    Actually this speaks for Linux. Commercial vendors might just shrug it off (ye know, it's an exotic error anyway) until suchathing is widely publicized. Open source OS fixes usually roll in pretty fast.

    Yeah... it has a lot to do with the fact that if the bug bothers you enough, you can fix it yourself. So bugs that actually affect people get fixed pretty quickly because you don't have to wait for somebody else to fix it.

    ~DJBongHit

    --
    GNU GPL: Free as in herpes.

    [ Parent ]
    [OT] Linux (none / 0) (#35)
    by CaptainZapp on Mon Oct 15, 2001 at 03:20:21 PM EST

    Nah, 2.4.12 came out the next day, didn't it?

    Yeah, it probably did. Due to some accumulated goof-ups on my part, I anyway couldn't compile 4.11. And yep, I actually use SuSE :>

    That's what I get for using an "obscure" architecture (PPC)

    Fret you not. I must admit, that I use rambus memory; at least acording to the price tag, which convinced me that 128 meg are enough, especially if you're running a "pure linux machine".

    Yeah... it has a lot to do with the fact that if the bug bothers you enough, you can fix it yourself.

    Well, not me. 12 years ago I understood, that I'll never be a great coder. My community effort is more in the line of helping out a slightly subversive artists collective cranking out the soundtrack for a new travelling generation. DJs are important to us.

    Actually, to get to the point (damn bonghit stuff...), what I love about Linux is the fact that it works, after the concept gets less unclear. When things fuck up, you fiddle in normal, human readable (well, except for sendmail, probably) configuration files. When you delete stuff, it doesn't crawl out of a registry, to hunt you six month down the road. It just works. And it's amazing every day. And there's the additional benefit of no Digital Rights Management shit, ever crawling into the source code. Save maybe, for when it's ruled illegal. Which would be the point, where I advise all Americans who want to keep their sanity, to get the hell out - fast!

    Well nuff said...

    [ Parent ]

    Heh (none / 0) (#37)
    by DJBongHit on Mon Oct 15, 2001 at 03:50:39 PM EST

    I must admit, that I use rambus memory

    Yeah, I do too.

    at least acording to the price tag, which convinced me that 128 meg are enough, especially if you're running a "pure linux machine".

    Nah - I've got half a gig of the stuff in here :D I don't see what everybody on Slashdot complains about, though. Rambus or no rambus, this box flies.

    When things fuck up, you fiddle in normal, human readable (well, except for sendmail, probably) configuration files.

    Hey! I like sendmail.cf!

    And there's the additional benefit of no Digital Rights Management shit, ever crawling into the source code. Save maybe, for when it's ruled illegal. Which would be the point, where I advise all Americans who want to keep their sanity, to get the hell out - fast!

    Yup. If the $$$CA ends up passing, I'm leaving the country.

    ~DJBongHit

    --
    GNU GPL: Free as in herpes.

    [ Parent ]
    What admins? (5.00 / 1) (#33)
    by SlydeRule on Mon Oct 15, 2001 at 01:32:18 PM EST

    Strictly from my own observations during the Code Red II debacle, almost all of the IIS sites which were hammering at my firewall were not serving anything!

    There were no IIS admins to be laidback or stupid, because there was no Web site. Apparently (and I do not know this as a fact), if you do a "full install" of Win2K, IIS-5 is automatically installed and activated.

    So here you have a bunch of people using their Win2K machines to run Office or to play Solitare, all the while unaware that they are also running Web servers on their always-on broadband connections. Heck, most of them probably would not know what a Web server is.

    You need to say this a bit more loudly! (none / 0) (#36)
    by SIGFPE on Mon Oct 15, 2001 at 03:41:35 PM EST

    The IP addresses in my logs almost all look like those of individuals with dial-up or Cable/DSL accounts (eg. often with hostnames including the word 'dial' or IP addresses inside the @home network). The only way to counter MS propaganda is to shout the truth back more loudly.
    SIGFPE
    [ Parent ]
    Great article... (2.33 / 3) (#40)
    by Ghoti69 on Tue Oct 16, 2001 at 09:09:58 AM EST

    "IIS's 50% market share (I have no clue how he gets that number" "also might be factual true" Gee...that's helpful reporting. Why don't you at least TRY and find out so you can see if your ranting is justified. IIS was just reported, not by MS, to be at over 50% market share. Netcraft's crappy, non-scientific method of tracking who's using what has been disproved time and time again. Apache isn't #1, never has been. Yes, there were signifigantly more patches for Apache last year than IIS. Something on the order of 10:1, I recall. I don't blame MS for Red Code, either. How can you? The patch for it was out a month before the worm was even written. What amazes me is if you look at the number of security fixes for Linux compared to any MS product, it's bewildering that anyone would use something so filled with holes. But, I guess if you can't afford good software...

    +5 because ... (none / 0) (#41)
    by Kalani on Wed Oct 17, 2001 at 02:43:14 AM EST

    ... I think that you didn't deserve those 1s at all.

    Yes, if you're going to question somebody's statistics in a written piece like this, you ought to counter it with statistics of your own that come from a reputable source, or (at the very least) you should counter some tenant of the assertion. This is generally called the "appeal to ignorance" fallacy (even though he squirms out of it with "might be true").

    That having been said, Ghoti69, you also made an assertion about the Apache:IIS bugfix ration without providing information about your source.

    -----
    "I [think] that ultimately physics will not require a mathematical statement; in the end the machinery will be revealed and the laws will turn out to be simple, like the checker board."
    --Richard Feynman
    [ Parent ]
    geez (none / 0) (#42)
    by Kalani on Wed Oct 17, 2001 at 11:55:59 AM EST

    My previous post demonstrates that I shouldn't post without sleep. Of course, unless you're stuck in a hole with your fellow troops in some cybernetic war, nobody cares about the Apache:IIS "ration." I meant "ratio."

    -----
    "I [think] that ultimately physics will not require a mathematical statement; in the end the machinery will be revealed and the laws will turn out to be simple, like the checker board."
    --Richard Feynman
    [ Parent ]
    Microsoft Retracts Statement (none / 0) (#43)
    by DeadBaby on Thu Oct 18, 2001 at 10:28:20 AM EST

    Update (10-18-01): Microsoft has retracted this statement.

    I guess as of today, it's no longer IIS admin's faults for leaving their systems wide open. Maybe the admins of the Code Red infected Microsoft.com were upset over the slur.




    "Our planet is a lonely speck in the great enveloping cosmic dark. In our obscurity -- in all this vastness -- there is no hint that help will come from elsewhere to save us from ourselves. It is up to us." - Carl Sagan
    Microsoft Blames Stupid Admins for IIS Woes | 43 comments (43 topical, 0 editorial, 0 hidden)
    Display: Sort:

    kuro5hin.org

    [XML]
    All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
    See our legalese page for copyright policies. Please also read our Privacy Policy.
    Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
    Need some help? Email help@kuro5hin.org.
    My heart's the long stairs.

    Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!