Slashback: Highness, Hominess, Hole-ines

Slashback tonight with updates on SSH vulnerabilities, the Queen's web server, the European answer to GPS (in danger, it seems) and your ever-thinner rights to use software for anything you don't have specific permission for.

Sometimes being British means self-flagellation. Ferox writes: "The November Web Site Survey from Netcraft reveals something interesting: 'Two years ago the Queen of England became an unlikely icon for the Linux revolution when her webmaster replaced Solaris as the platform for the Royal Family's site, citing the better price/performance of the Dell/Linux platform over the previous incumbent, Sun/Solaris. The open source community celebrated and speculated on when the Apache web server might receive the "By Royal Appointment" moniker. This week the site has changed platforms again, this time to Microsoft-IIS.'"

Keep your hands and passwords inside the car at all times. Niels Provos passed along word of his ongoing research into network security, with some slightly depressing news about the state of Internet security.

Even though the CRC32 bug has been found over a year ago, over 30% of all servers are still vulnerable today. Graph at http://www.citi.umich.edu/u/provos/ssh/crc32.png.

In February 2001, Razor Bindview released their "Remote vulnerability in SSH daemon crc32 compensation attack detector" advisory, which outlined a gaping hole in deployed SSH servers that can lead to a remote attacker gaining privileged access.

In November 2001, Dave Dittrich published a detailed analysis of the "CRC32 compensation attack detector exploit." This exploit is currently widely in use. CERT released Incident Note IN-2001-12.

At the Center for Information Technology Integration, Niels Provos and Peter Honeyman have been scanning the University of Michigan for vulnerable SSH server software to identify and update vulnerable SSH servers. However, scans of the Internet show that system and security administrators must react and update their SSH servers. At this writing, over 30% of all SSH servers appear to have the CRC32 bug.

A simple solution is to remove support for Version One of the SSH protocol. The majority of servers on the Internet support the SSH v2 protocol. To test whether your network has vulnerable SSH servers, you might use the ScanSSH tool.

References: "ScanSSH - Scanning the Internet for SSH Servers", Niels Provos and Peter Honeyman, 16th USENIX Systems Administration Conference (LISA). San Diego, CA, December 2001. This information is also available at http://www.citi.umich.edu/u/provos/ssh/

Don't play with your food, or your games. janolder writes "In the matter of the Civilization III translation project (articles on slashdot, apolyton and heise), the fans have gotten the short end of the stick. The project web site (translation.civ3.de) has been down for a while. Earlier this week, both the web site operator and Kai Fiebach, the project leader, signed Infogrames' cease and desists out of fear of further legal action. The legal position (not to mention the moral postion) of the fans did not appear to be too weak - EULA's are not binding in Germany and supplying patches to a program is certainly not the same as translating a book and distributing the translated manuscript.

Infogrames Germany has issued another press release (translation and my comments) justifying their legal action and position. It makes for an interesting peek into the mindset of a game publisher.

The good news is that Infogrames is considering a more timely release of Civilzation III in Germany.

The bad news is that the cease and desists apparently forbid any modification of Civ3 in any way, shape or form. So no more custom maps for your friends, custom rules or any such copyright infringing activity, please! Is it just me, or has the world suddenly become a less interesting place?"

Not as if Americans always know where we are, either. ByTor-2112 writes "Hate to be the bearer of bad news so soon after a story is posted, but as I commented on the previous story, it appears that galileo has some funding issues. Honestly, did anyone really expect the EU to go through with it? It took them long enough to agree on a common currency!"

Slashdotted already?

[lhand (30548)]

Or is the royal web site down? Hmm. Maybe they should have stuck with Linux.

Re:Slashdotted already?

[SClitheroe (132403)]

Or perhaps they were smart enough to block incoming ping requests..Honestly, I'm suprised most web sites allow themselves to be pinged at all...

Re:Slashdotted already?

[haruharaharu (443975)]

Yes, I realize that one can ping -f -s 65528 hostname and do some simple DoS attacks and such

And this can be handled by rate-limiting icmp at the ISP. The only challenge is convincing their SAs that it's a good idea.

Re:Slashdotted already?

[RogrWilco (522139)]

Not to be a M$ advocate, but /. has /.'ed Linux servers as well. Hell even /. has been /.'ed. What I'd like to see is a "Hacked by Chinese... F&cK PoizonBox" on the main page. That's more of a testament.

Microsoft PR?

[sterno (16320)]

What do you want to bet that a Microsoft Rep walked in and said, "here's free software and hardware if you switch to IIS".

Re:Microsoft PR?

[dirtyhippie (259852)]

How much you wanna bet the Royal Family doesn't give 2 shits how much it costs to run their website. Actually, the netblock changed, my guess is they changed webhosts.

IIS Uptime Record???

[slugfro (533652)]

Hey, the data about the Royal Page says that the Windows 2000 server has been up 5.56 days since the last reboot.
Is that a World Record for IIS?

Re:IIS Uptime Record???

[Cally (10873)]

*sigh*. Please don't moderate trolls as anything other that troll, -1.

FWIW I've had 139 days uptime on NT4SP6a running several servers (ssh, web, mail) as well as std workstation and dev stuff - cygwin, emacs, etc etc. No Outlook, no IE and no IIS. Result, happiness - well, as happy as it's possible to be whilst still sullying one's mind fingers with Microsoft stuff. It's the freedom thing that's important, anyway, not the quality of the code.

Re:IIS Uptime Record???

[by Anonymous Coward]

Yeah, knock it because of its memory leaks....

Re:IIS Uptime Record???

[q-soe (466472)]

Ye
One of my nt4 file servers here provides file and login for 200 staff and has an uptime of 267 days solid

Uptime discussions are invalid when comparing file app and print servers, availability is how we measure this and that means an uptime is bull - you have to reboot servers of ANY ilk for hotfixes and general maintenance.

Copyright

[Have Blue (616)]

I disagree with the argument that translating and distribution Civ 3 is not the same as translating and distributing Harry Potter. A better analogy would be the translation and distribution of only the first chapter of Harry Potter: It would not be the complete work and it may stimulate sales, but it's still a copyright violation (hence the "in whole or in part" bit in licenses).

Re:Copyright

[terpia (28218)]

I disagree with the argument that translating and distribution Civ 3 is not the same as translating and distributing Harry Potter. A better analogy would be the translation and distribution of only the first chapter of Harry Potter:

Thats seems to me to be closer to distributing a demo of some sort. And definately a copyright violation.

I think an even better analogy would be distributing free glare-reducing transparencies to lay over the pages and reduce eye strain and a free bookmark to help enjoy your purchase. If patches are being distributed that require the game already be installed, there should be no problem (IMHO). But the entire game with reworked languages should not be distibuted, as that would imply that every user already PAID for the game and thats just not reasonable.

Re:Copyright

[Tosta Dojen (165691)]

Except that this seems to be providing a patch, not the entirety of the translated work. In which case, only those who have purchased the full version will have the translation. Without the original work, the patch is just a useless file.

So, an even better analogy would be a reading translator that would read the Harry Potter book to you in German. Copyright violation? No. Fair use? Definitely.

Good analogy, but...

[fm6 (162816)]

a reading translator that would read the Harry Potter book to you in German. Copyright violation? No. Fair use? Definitely.

A very good analogy. If we push it a little further, we see what's wrong your your other assertions.

Suppose Voldemort Publications sells you an PDF of Black Magic for Beginners on CD. The text is copyrighted, but that's not enough for VP. So they make you accept a license agreement that specifies that you can only read the book directly off the CD and you may not manipulate the text in any way.

You pop the CD in your computer and discover that the text is in Ancient Etruscan. When you call up to complain, they explain that the English translation is licensed to Massively Manipulative Monopolies. No they don't know when it will come out.

No problem. You go to the Hogwarts web site and download a translation spell. But as soon as you begin to incant Logos Anglicia! a VP legal troll appears in a puff of yellow-green smoke. He accuses you of violating the no-manipulation clause in your license agreement. You try to tell him that such a clause is unenforceable, but he just shrugs and says, "We think it will stand up in court. You're welcome to consult your own lawyer, of course."

"This is ridiculous!" you say. "I acquired the book legitimately, and I have a right to read it."

"Well, we have a right to maximize our return on our investment. That's why MMM is handling the English version -- they're much better at marketing to muggles than we are. Now cut it out. This agreement is enforcable in the Court of Giant Warts!"

Re:Copyright

[morcheeba (260908)]

No, I don't think that's a good analogy. A chapter is a specific section of a book; it is just as usable as if one were to have the book and read only that chapter. Your analogy would be like releasing a fully-playble version of Doom, but limited to the first level only. (which is pretty close to what happened, but not the point...)

A better analogy would be to offer a list of new character names and objects and where in the book these names should be inserted. The purpose, of course, would be to localize the book: the book could be cajunized-- Jonny Pottieu would be chompin' on crawfish at a charivari [charivaricajunband.com], instead of whatever harry potter ate...

There is no copyright violation... you are replacing the text from the original program, and not distributing any byte that was in the original. The user must own the original to apply the patches to; otherwise the patches are useless.

Re:Copyright

[janolder (536297)]

I disagree with the argument that translating and distribution Civ 3 is not the same as translating and distributing Harry Potter.

Translating and distributing Civ3 is exactly what didn't happen. The translation team created new text lookup files and offered them as a patch for the US version of Civ3.

Had they instead offered a complete localized package for download, I'd have to agree with you. As it is, Infogrames have really ruined their reputation in this market.

Re:Copyright

[innocent_white_lamb (151825)]

I disagree.

The difference between Harry Potter and a computer game is simply that with Harry Potter, the text is the product. Period. Whether that text is read on a computer screen, off of a sheet of paper or off of microfilm, the text is the product that is being sold.

In the case of a computer game, the product is the game, which includes the text, the gameplay, the graphics, music, sound effects, what-have-you.

In the case of someone "ripping off" Harry Potter, the "ripped-off" product would be the complete text of the book, and that's what the publisher is trying to sell. In the case of Civ3, a patch to change the language to something else is nowhere near to being the entire product. In fact, it could be argued that the actual wording of the text is not really part of the game at all - for an example of this, does the fact that a football referee calls a game penalty in Spanish make the penalty any different than if he called it in English or used sign language? The language is not the game. Since it's the game that this outfit wants to sell (though they have a funny way of promoting it, I must say) a language patch is not a violation of "their property".

Which brings up an interesting point. If I am paying my money for "their property", then why can't I do what I want to with it? If I pay money for any other kind of property I'm allowed to do what I choose with the product that I've purchased. Computers are about the only industry where the business revolves around "You pay for my product but I still own it."

Re:Copyright

[MrResistor (120588)]

Translating and distributing the first chapter of Harry Potter would only be a copyright violation if you were selling it. Otherwise there's a pretty clear case for fair use.

However, software is treated differently. Bad analogy, but still a valid point if they're actually distributed a full translated copy of Civ3. If they're just distributing a patch, as some have said, than I'd say that puts infogrames on shaky ground unless France has a DMCA-type law that prevents reverse-engineering of any sort.

Securing OpenSSH

[krogoth (134320)]

Keeping up to date with the latest OpenSSH releases always helps, but if you want to put an end to those SSH1 attacks (which can affect OpenSSH 2 and above in some cases, and may do so again in the future), add this line to your sshd_config (in /etc or /usr/local/etc):

Protocol 2

This will deny all SSH1 connections and force everyone to use SSH2 to connect.

SSH 2

[Jaeger (2722)]

Maybe someone can explain this to me, because it doesn't make any sense. Whenever I try to make a ssh2 connection and the server can't reverse-dns my host, it refuses to authenticate me, regardless of whether I supply the correct keys or passwords. My (minimal) survey seems to indicate that this is construed as a "feature". what's up?

Re:SSH 2

[krogoth (134320)]

There's probably an option for that, check the manpages and manual.

But I have to slow down now and not be informative more than once every two minutes...

Re:SSH 2

[osu-neko (2604)]

A lot of people are under the mistaken impression that this is a useful security check. In fact, it means jack-diddly-squat, as (a) DNS is not a security protocol, so a positive result on this test means nothing, and (b) half the ISP's in the world can't get reverse-DNS set up correctly, so a negative result also means nothing.

If you have known incoming IP's, I believe adding them to /etc/hosts fixes the problem. Complaing to your ISP may help, but if your ISP's DNS admin has a clue, he'll probably point out that this is a really stupid test to be performed to begin with so he doesn't consider it a high priority to fix things on his end so it'll work, but he may get around to it eventually...

Re:Securing OpenSSH

[coyote-san (38515)]

Unfortunately, it also blocks all Debian users. At least it looks like somebody *finally* packaged ssh2 for woody (ironically, a few days after I last checked for the packages, from the time stamps). Even ssh3 is now listed.

Re:Securing OpenSSH

[krogoth (134320)]

To the best of my knowledge, there is no SSH 3 protocol (although I could be wrong). AFAIK, OpenSSH 3+ only supports protocol 1 and 2, so don't be mislead by the version. If you want to support less secure methods, that's your choice (note that OpenSSH is available in source tarballs).

Re:Securing OpenSSH

[gorgon (12965)]

Unfortunately, it also blocks all Debian users. At least it looks like somebody *finally* packaged ssh2 for woody

Uhm, you're kind of confused. The main ssh packages in Debian are:

• ssh [openssh.com] - OpenSSH port of BSD's version of ssh that branched off the last free version of ssh put out by ssh's original developers. It has supported ssh protocol version 2 since roughly August of 2000, and versions supporting ssh2 made it into Debian soon there after. Currently version 3.01p is in Debian, and I think its pretty much equivalent to to the non-free ssh3.
• ssh-nonfree [ssh.com] - non-free version of ssh from its original developers. It only supports ssh protocol version 1.
• ssh2 - Version of ssh supporting ssh protocol 2 from the makers of ssh-nonfree. License is more restrictive than ssh-nonfree's license.
• ssh3 - As far as i can tell its not packaged yet. Is the license more restrictive than ssh3? Regardless, there is no ssh protocol version 3.

Anyway, Debian has had ssh protocol version 2 support for a long time,.

answering everyone at once....

[coyote-san (38515)]

Answering everyone at once, when I do "apt-get update; apt-get upgrade" I still get (open)ssh 1.2.3.

Installing "unstable" is *not* an option at many (most?) sites. You install an unstable package on a live server, you die. Or at least you lose all root access on the live servers. The problem isn't any single unstable package, it's their tendency to pull in other unstable packages. This can get out of control real fast.

Even installing from pool is problematic, but usually acceptable since you're compiling it locally and can avoid creeping dependencies... but some Debian tools require Perl 5.5 which breaks stable systems. If you're willing to devote a system to unstable, you might be able to create an installable package... but this is not something Joe User is going to be able to do.

So I stand by my point. If you require SSH protocol 2 (supported by OpenSSH 2.x and 3.x), you will knock out most Debian users until either Woody is released or somebody takes a honking big clue-stick at the appropriate Debian maintainers and openssh 2.x is released as a Potato security bug-fix.

Re:Securing OpenSSH

[Craig Davison (37723)]

SSHWinClient at ftp://ftp.ssh.com/pub/ssh is free as in $0 for non-commercial use. It includes a good SSH terminal and the best SFTP/SCP client out there.

There's also OpenSSH for cygwin and a crappy piece of software called telneat which I used before I installed cygwin. Apparently new versions of telneat are commercial now anyway.

See http://ssh.gatordog.com/ for a bazillion others.

Re:Securing OpenSSH

[drsoran (979)]

Or you can just use PuTTY which is distributed under the MIT license and includes the complete source code. $0 for non-commercial use and $0 for commercial use. $0 for a site license, and $0 for a developer license to integrate it into your product.

OpenSSH under Cygwin

[Col. Klink (retired) (11632)]

The latest Cygwin [rcn.net] includes openSSH 3.0.1 and supports Protocol 2 (you can even run sshd on a Windows box and ssh into it).

quick way to check your openssh

[mwillis (21215)]

If you are worried about your machine being out of date, just do this:

% telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
SSH-1.99-OpenSSH_2.9p2

if you see OpenSSH before version 2.3, you may be vulnerable (iff you have fallback to ssh1)

Queen's web server on IIS (assorted comments)

[Tsar (536185)]

Is it running on a tower server?
The enemy is [at the] Gates!
Is HRH trying to upstage Diana's famous crash?
I'd have thought QE version II wouldn't have this bug.
Wait until they cut her off after three Windows Product Activations.
Already /.ed? See, royal inbreeding does cause DNA problems.

And finally...
"Your highness, the people have no open source..."
"Well, let them run DRDOS!"

Re:Queen's web server on IIS (assorted comments)

[Paul the Bold (264588)]

No, it wasn't even royalty. It was Rousseau, from Confessions. You can read more about it here [alt-usage-english.org].

seven steps to fixing ssh on your OS X box

[imac.usr (58845)]

where the config files are slightly different than on other unixes:

1. log in to Mac OS X as an admin user
2. navigate to the /Applications/Utilities folder and open Terminal
3. type sudo perl -i.bk -p -e 's/#Protocol 2,1/Protocol 2/g' /etc/sshd_config at the shell prompt and enter the admin user password when prompted
4. type sudo perl -i.bk -p -e 's/2,1/2/g' /etc/ssh_config
5. type grep SSH /etc/hostconfig to determine whether SSH is enabled on your machine
6. if the response is "YES", type sudo kill -HUP `cat /var/run/sshd.pid` to restart it
7. Quit the Terminal program

Uh, ZERO steps to fixing your OSX box

[ehintz (10572)]

Only OpenSSH versions prior to 2.3.0 are vulnerable. OS X 10.1 uses 2.9p2; IIRC no version of OS X which included OpenSSH was EVER vulnerable to begin with. So, you can of course turn off ssh 1 if you desire, but you need not do so because of this exploit.

OK, so a double-double standard?

[The Bungi (221687)]

Color me silly here and all, but most of the time the teeming masses are not criticizing Microsoft for releasing a buggy web server they're banging on the IIS SysAdmins for not patching their systems. And here we have 30% of all scanned SSH servers wide open due to a dumb bug that has been documented for ages and ages?

C'mon guys. Either clean up your act or stop being the first ones to throw the stone.

Re:OK, so a double-double standard?

[marick (144920)]

Yeah, you're silly.

repeat after me:

Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
Sysadmins have to patch their systems.
....

(Of course, Microsoft would rather we not know when this has to happen, where as Red Hat has been sending me advisories ever since I installed their distro.)

Re:OK, so a double-double standard?

[rhdwdg (29954)]

It would have helped if the advisories had said that ssh1 had an exploitable bug instead of saying that there was a purely theoretical way in which sessions might become transparent. Sometimes you don't go messing with your only means of getting into a given box when you don't think you have a reason. Six months later CERT mentioned ssh1 exploits picking up, but by then a person can lose track of which version is safe.

Yea, I got hit and lost some serious time and money. It was undoubtedly my fault. But it's not entirely black and white. Not all that far off, but not entirely.

Civ 2 and Civ 3

[proxima (165692)]

I don't think the cease and desist order prevents innocent modification of components that Firaxis intended for people to make and distribute. I don't have Civ III (yet), but Civ II was purposely designed so that it could be easily modified by fans. It also included a map editor - I can't imagine that Civ III is any different, but perhaps an owner of the game would like to comment.

Things like rulesets were laid out in simple configuration text files, so that patches could be applied to change the nature and look of the game - right down to individual units and map squares. Civ: CTP 2 (a game I own) also has easily moddable rulesets (the game is so buggy you simply MUST install Apolyton's patch).

Beating down on fans and modding is stupid , the most successful games are those that have been modded (Halflife, StarCraft). Until I see firm evidence of something other than this translation case, I still want Civ III and will enjoy playing it.

The reason royal.gov.uk has switched server...

[Jon Chatow (25684)]

... is that the site is no longer an internal government one (i.e., one handled by the CCTA), but has been contracted out to the combined developers (such is said in the FAQ in the site, wherever that is), and is now hosted on the UK branch of PIPEX, sorry, UUNET. This can be seen on this [netcraft.com] ppage. All CCTA sites [netcraft.com] are still hosted on *NIX systems, as you can see.

Netcraft weirdness

[Grond (15515)]

Well, as much as www.royal.gov.uk may have turned to Win2k and IIS, www.parliament.uk is runnning...Microsoft-IIS/4.0 on Solaris???
Even more bizarre is that site's history:
Solaris
Microsoft-IIS/4.0
13-Sep-2001
194.60.38.75
Houses of Parliament

NT4/Windows 98
Microsoft-IIS/4.0
2-Apr-2001
194.60.38.75
Houses of Parliament

Solaris
Microsoft-IIS/4.0
4-Jan-2001
194.60.38.75
Houses of Parliament

BSD/OS
Microsoft-IIS/4.0
2-Nov-2000
194.60.38.75
Houses of Parliament

So, not only does Parliament seem to like changing their minds (sometimes radically) every few months, they also like using impossible combinations of OS and server. Hmm....maybe it's symbolic of something...(just kidding!)

Re:Netcraft weirdness

[Vince (4999)]

The servers are running on Windows machines behind some sort of proxy, load balancer, redirector, whatever. Thus, a query of the IP stack gives one OS, but the server is from another OS.

Re:Netcraft weirdness

[larien (5608)]

Probably not so much a load balancer as a server that checks which server in the farm hasn't crashed yet :)

BTW, this nugget is in the Netcraft FAQ [netcraft.com]

Royal Family's web site

[Legion303 (97901)]

Neither the move to linux nor the move to IIS should be news. People continue to use what works best for them, as they have for the past 40,000 years or so.

Move along, nothing to see here.

-Legion

SSH Vulnerability Overview

[rbeattie (43187)]

Okay - so I had slacked and wasn't sure if I was up to date with my patches. I read the Razor link above and if you're lazy like I am here's the meat (and this isn't fscking redundant, there's like 30 links above):

** Vulnerable:

SSH 1.2.24 - 1.2.31 (ssh.com) -- all versions to date of release of this advisory

F-SECURE SSH 1.3.x -- all recent releases

OpenSSH prior to 2.3.0 (unless SSH protocol 1 support is disabled)

OSSH 1.5.7 (by Bjoern Groenvall) and other ssh1/OpenSSH derived daemons

** Not vulnerable:

SSH2 (ssh.com): all 2.x releases NOTE: SSH2 installations with SSH1 fallback support are vulnerable

OpenSSH 2.3.0 (problem fixed)

SSH 1.2.32 (ssh.com, released 10/22/2001)

SSH1 releases prior to 1.2.24 (vulnerable to crc attacks)

Cisco SSH (own implementation)

LSH (SSH protocol 1 not supported)

** Other SSH daemons: not tested

To test your server, do this:

$ ssh -v -l `perl -e '{print "A"x88000}'` localhost

if you get a seg fault like below, you need to upgrade:

Program received signal SIGSEGV, Segmentation fault.
0x806cfbd in detect_attack ( ..., len=88016, IV=0x0) at deattack.c:138
136 for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;

Now, happily for me, I didn't have this problem. This is good since I'm logging in remotely to my box in California from Spain, VIA SSH!! I'm an idiot as I've also shut off Telnet and if it DID segfault, I would've been completely screwed.

-Russ

Defensive posture

[Cally (10873)]

Another good tip with the ssh holes, and as a general priniciple, is to restrict IPs that are allowed to connect to port 22 (or wherever you run sshd) at the firewall.

Debian Backports Security Fixes

[John Hasler (414242)]

"To test whether your network has vulnerable SSH servers, you might use the ScanSSH tool."

Which apparently just checks the version number and will therefor falsely identify Debian stable machines as vulnerable despite their being up to date on security patches.

translation of Civilization

[vscjoe (537452)]

I think their position is that people are creating and distributing a German translation of English content that is copyrighted by them. That seems like a valid point to me, and it is probably enforceable under copyright law.

You may still be able to make other modifications to their software and distribute the patches, whether they like it or not.

Of course, instead of contributing to a commercial game without getting compensated for your work, why not just contribute to FreeCiv or similar games? Civilization itself seems mostly like a clone of older games anyway.

Re:royal.gov.uk

[Legion303 (97901)]

Don't think just because your bigger than us we can't kick your ass - remember, our soldiers can _aim_

And ours can use the Queen's English properly. :P

-Legion

The Royal Family would like to thank Microsoft

[CaptainCarrot (84625)]

I'm not an acutal Brit, but I play one at the Renaissance Faire...

...she still held the title Queen of England, as well as quite probably numerous others (anyone got a full list somewhere)?

Indeed she does still hold that title. I used to know her full grand gitre but it's slipped out of my mind for some reason. The natural place to look it up is on the Royal Family's website, but, oddly enough since they moved to IIS (another fine Microsoft product) it's down right now. Funny, I never can remember it going down before... [royal.gov.uk]

(I think it highly unlikely that it's slashdotted. Government servers designed for worldwide access are generally well able to handle this kind of load.)

OK, so I found it at the alt.talk.royalty FAQ [heraldica.org]. In the UK, she's called "United Kingdom: Elizabeth the Second, by the Grace of God of the United Kingdom of Great Britain and Northern Ireland and Her other Realms and Territories Queen, Head of the Commonwealth, Defender of the Faith". In her other realms and territories, she's styled slightly differently. The full list is rather lengthy, so check the FAQ to see it. Although "Queen of England" isn't found in there, it's certainly not incorrect to call her that.

Re:from netcraft:

[istartedi (132515)]

That's interesting, especially when you consider that the Bush campaign ran IIS. Of course they probably just inherited the contract for the Whitehouse server from the previous admin. It's hosted by Akamai, so it's possible that the administration didn't make any decision about the OS at all.

As for the Queen, well... she traded in her fancy Sparc hardware for x86 boxes and got tired of Linux. So, if you are in that situation and you want something that's nothing like Linux, what do you choose? Windows.

That in itself is interesting--if people dump Sparc hardware for Linux x86 boxes and then sour on the OS, what will they do? Install Windows.

So, once again, commercial *NIX vendors are the biggest losers to Linux, not MS.