Could Microsoft be actively astroturfing slashdot? When a discussion starts with an offhand comment laughing at an MS Products' supposed security and ends with attacks on Apache and Linux you really start to wonder.
I've always enjoyed excellent Karma because I typically only participate in discussions when I actually have something useful or interesting to say. Not to say that all of my comments are modded +5 insightful or anything like that, but I can't remember the last time I was modded down.
I made a few comments about IIS 6 and was attacked and modded once as a Troll and again as flamebait. My flamebait comment started the whole thing. The article I commented on included the laughable statement
"IIS 6 hasn't had a public remotely exploitable bug in it. Ever."
To which I replied here asking if Microsoft had hired Baghdad Bob as a PR guy. (You remember Baghdad Bob - the Iraqi Information Minister who publicly claimed that the US was not actually closing in on Baghdad the day they took it over) Frankly, I thought it was kind of a funny comment - and given the slashdot community's attitude towards everything microsoft I thought that the comment would be interpereted as such.
The first reply came from a guy asking me to name a vulnerability, as if the thought of IIS actually having a security hole was incredulous... um. OK... so I responded with a google query with 695,000 results for "IIS 6 remote exploit".
Then comes attack #2... I love this guy. He says...
The fact remains, IIS 6 has never had a remotely exploitable hole. Period.
Microsoft learned from their mistakes and are making their software secure, not just by Microsoft standards, but clearly by any standard.
Really? On slashdot, someone making those statements? About Microsoft? Oh come on! So I took a gander at this particular user's comment history and it showed an unhealthy loyalty to Microsoft in defiance of logic. I called him on it. That's when I got modded as a Troll.
He never responded, but I did get a response from an "anonymous coward" asking me
"Wow, why not actually link to an IIS6 exploit meeting the stated criteria, if you're asserting that any exist?"
followed up by another commenter:
Don't redbait. Answer his question. Or continue to look increasingly foolish, I guess.
What is redbait anyways? Probably a typo. At this point I'm committed to the discussion so I decided to simply follow my own google search link to find an example. It took two clicks, so I responded with the actual text of the first exploit I found, along with links to Gartner's denunciation of IIS, a google search showing that Hacking Insurance carries a 15% additional premium for users of IIS, and a cert.org link reminding these people of the damage caused by IIS past vulnerabilities. You'd think the discussion would be over at this point. If nothing else, it's a day AFTER the story hit the front page... wrong!
Dude, are you completely ignorant of basic security terminology? ... Either stop blindly bashing microsoft, or put up and actual code execution hole.
So, I made what I thought was a funny comment, was forced to defend that comment. Then I was "called out" because 695,000 google results weren't enough evidence of an exploit. and now this
So now, because I simply just can't walk away from this, I respond again. This time I basically say piss off - if you consider IIS 6 secure when x,y, and z is public knowledge and the platform itself has a sordid history of being unbelievably insecure then fine, use it at your own risk.
And the responses keep coming...
Is IIS 6 better than a patchy web server?
695,000 results is terrible, but that's nothing when you consider that there's over 1.1 million results for Linux 16 remote exploits
So now this discussion has degraded to blind attacks on Apache and Linux?!? Seriously - I make one funny comment (that apparently wasn't that funny) that laughs at a statement about Microsoft IIS, I get attacked and modded as a flamebating troll, and then Apache and Linux are attacked. The entire thing just doesn't fit the community. I can't actually think of any tech communities that I've been a part of where such a thing would transpire.
I started the discussion, so I can't exactly claim that I was baited into it. I just don't see how this discussion goes the way it does without some astroturfing being involved. Blind loyalty to Microsoft's web server "platform", attacks on linux, apache, and the guy who laughs at the statement that IIS is secure. That's not slashdot. It's the twilight zone.