Evets's Journal: Is Microsoft actively astroturfing slashdot?

Could Microsoft be actively astroturfing slashdot? When a discussion starts with an offhand comment laughing at an MS Products' supposed security and ends with attacks on Apache and Linux you really start to wonder.

I've always enjoyed excellent Karma because I typically only participate in discussions when I actually have something useful or interesting to say. Not to say that all of my comments are modded +5 insightful or anything like that, but I can't remember the last time I was modded down.

I made a few comments about IIS 6 and was attacked and modded once as a Troll and again as flamebait. My flamebait comment started the whole thing. The article I commented on included the laughable statement

"IIS 6 hasn't had a public remotely exploitable bug in it. Ever."

To which I replied here asking if Microsoft had hired Baghdad Bob as a PR guy. (You remember Baghdad Bob - the Iraqi Information Minister who publicly claimed that the US was not actually closing in on Baghdad the day they took it over) Frankly, I thought it was kind of a funny comment - and given the slashdot community's attitude towards everything microsoft I thought that the comment would be interpereted as such.

The first reply came from a guy asking me to name a vulnerability, as if the thought of IIS actually having a security hole was incredulous... um. OK... so I responded with a google query with 695,000 results for "IIS 6 remote exploit".

Then comes attack #2... I love this guy. He says...

The fact remains, IIS 6 has never had a remotely exploitable hole. Period.

and

Microsoft learned from their mistakes and are making their software secure, not just by Microsoft standards, but clearly by any standard.

Really? On slashdot, someone making those statements? About Microsoft? Oh come on! So I took a gander at this particular user's comment history and it showed an unhealthy loyalty to Microsoft in defiance of logic. I called him on it. That's when I got modded as a Troll.

He never responded, but I did get a response from an "anonymous coward" asking me

"Wow, why not actually link to an IIS6 exploit meeting the stated criteria, if you're asserting that any exist?"

followed up by another commenter:

Don't redbait. Answer his question. Or continue to look increasingly foolish, I guess.

What is redbait anyways? Probably a typo. At this point I'm committed to the discussion so I decided to simply follow my own google search link to find an example. It took two clicks, so I responded with the actual text of the first exploit I found, along with links to Gartner's denunciation of IIS, a google search showing that Hacking Insurance carries a 15% additional premium for users of IIS, and a cert.org link reminding these people of the damage caused by IIS past vulnerabilities. You'd think the discussion would be over at this point. If nothing else, it's a day AFTER the story hit the front page... wrong!

Dude, are you completely ignorant of basic security terminology? ... Either stop blindly bashing microsoft, or put up and actual code execution hole.

So, I made what I thought was a funny comment, was forced to defend that comment. Then I was "called out" because 695,000 google results weren't enough evidence of an exploit. and now this

So now, because I simply just can't walk away from this, I respond again. This time I basically say piss off - if you consider IIS 6 secure when x,y, and z is public knowledge and the platform itself has a sordid history of being unbelievably insecure then fine, use it at your own risk.

And the responses keep coming...

Is IIS 6 better than a patchy web server?

and

695,000 results is terrible, but that's nothing when you consider that there's over 1.1 million results for Linux 16 remote exploits

So now this discussion has degraded to blind attacks on Apache and Linux?!? Seriously - I make one funny comment (that apparently wasn't that funny) that laughs at a statement about Microsoft IIS, I get attacked and modded as a flamebating troll, and then Apache and Linux are attacked. The entire thing just doesn't fit the community. I can't actually think of any tech communities that I've been a part of where such a thing would transpire.

I started the discussion, so I can't exactly claim that I was baited into it. I just don't see how this discussion goes the way it does without some astroturfing being involved. Blind loyalty to Microsoft's web server "platform", attacks on linux, apache, and the guy who laughs at the statement that IIS is secure. That's not slashdot. It's the twilight zone.

Let me get this straight...

[mattgreen]

You're annoyed because the discussion didn't go your way, despite presenting reasonable facts to back up your arguments. (Although it looked like they were wanting remote execution vulnerabilities, not just any exploit. Or, he weaseled out.) Guess what, that is the normal way of 'discussion' here when you speak against the dominant ideology. I think in that case there were more MS shills than OSS shills. So, perhaps it was an anomaly. But, there are an awful lot of OSS shills here. After all, Slashdot is th

Re:

[Evets]

Yes - I am annoyed that the discussion didn't go my way. Claims that IIS is a secure platform are wrong.

It certainly is feasible that some or all of the "MS Shills" as you call them in that discussion are actually independent shills rather than Microsoft funded shills.

I'm sure Linux and Apache can weather a storm from "MS Shills" or astroturfers, just as I'm sure Microsoft can weather my writing of a journal entry with negative connotations read by (well, so far) 1 person other than myself.

It doesn't take

Re:

[mattgreen]

Yeah you are right on the last point, but it ended up in the Firehose, and it was like a trainwreck...

Cheers. :)