Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

CrackThisBox Updates 414

Tsu writes "Well, our good friends over at the Win2K Test Site have, unsurprisingly, stolen an idea from the competition: they've released their Administrator password. Meanwhile, the linuxppc people now have a guestbook up. "
This discussion has been archived. No new comments can be posted.

CrackThisBox Updates

Comments Filter:
  • 8/8 12:50 CET: [eon@starwalk eon]$ telnet www.windows2000test.com 80 Trying 207.46.171.196... telnet: Unable to connect to remote host: Connection refused Still down it seems... crack.linuxppc.org still up and running, GO LINUXPPC! Grtz, Eon.
  • by Cyclops ( 1852 )
    well, as I read this story, and clicked the link to the MS site (as I suppose a lot of readers also did) I was unable to visit the site. Netscape warning dialog said that the site could be down or too busy.

    /.ed, to use the less amount of characters?
  • 29.RamDisk:> wget http://www.windows2000test.com/status.htm
    --11:51 :32-- http://www.windows2000test.com:80/status.htm
    => `status.htm'
    Connecting to www.windows2000test.com:80...
    Connection to www.windows2000test.com:80 refused.

    Kinda says it all I think =)
  • by diarrhea ( 73257 ) on Saturday August 07, 1999 @08:26PM (#1758827)

    The best way to keep a box secure is to have as much downtime as possible!

    This is the invention of the century! Just imagine how many DoS and cracker attacks your site could avoid by being down 80-90% of the time!! I think that Microsoft has realized this important security concept a long time ago and integrated it into their products long before it gained wide acceptance.

    In the past, the instability of Microsoft products was the laughing stock of all but the poor computer illiterate masses ("my computer's cupholder broke"). But Bill Gates had a vision.

    Now I can see that Microsoft boxes are more secure than any non-MS OS, even OpenBSD or LinuxPPC! I mean, if I, a legitimate user can't even connect to the box then how can a cracker break into it? The amazing potential of this technology staggers the imagination.

    And OS technology is advancing all the time. See, in the beginning, MS Windows 1.0 had pretty low downtime. But as Microsoft gained more experience in the fields of Bloatware (trademark of Microsoft) and Instability, its newer products featured more and more security. (By the way, Bloatware is a security concept that uses large amounts of bogus data to hide the few relevant files so a possible intruder can't find them and it also makes a product look like it has a ton more features since it comes on 48 CD's instead of a floppy :).)

    Right now the latest and most secure MS product is Windows 98. From firsthand experience I can tell you that it does a marvelous job of keeping intruders out, although i have to save my work more often and I've become partially color blind -- my eyes have stopped seeing the color blue because I used to see it all the time.

    Windows 2000, the upcoming Microsoft product will have even more amazing security. So far I've tried going to the w2k test page and the security measures there boggle the mind. I was unable to connect 90% of the time! Now logic will dictate that if I can't connect then some mean coke-drinking disk-slinging PERL-addicted maniac cracker won't be able to break in and do nasty things to the box and the $200+ OS on it.

    Now isn't that better than some free OS that is always up? Microsoft, thank you for making your OS so secure!


    PS. I think that by year 2002 Microsoft will bring us an OS so advanced that it will have a 100% downtime. Now that's what I call cutting-edge technology.


    Want your box to be secure? Switch to an MS OS. Get faulty routers & switches. Move to a rainy area. That's the Microsoft way.




    For the humor deprived: this was a joke. I think that if Microsoft wants to survive the next couple years it needs to get its act together and strive for quality instead of releasing a new version asap to bring in quick cash.

    --diarrhea

  • Yes you can. You can start a WinVNC [att.com] server! :-)
  • by chazR ( 41002 )
    Have you considered installing a spell checker? ispell is quite good. If you're using a Microsoft product, the F7 key may be of assistance.

    Hope this helps,

    Chaz
  • well I am a Linux user and would try to crack the
    Linux box,(Not that I have the skill to crack ether) mainly becaus there is no insentive to crack the W2K box other then to prove that it can be done. I think that many linux ueser (including me :) ) are cheap and the chance to win a computer
    will make shure that the "Linux box is really getting a fare shake"


    > I know my spelling is really bad sory
  • As everything else, this is configurable.
  • Windows is like a big tamagotchi..!!
    If you dont give it upgrades and reboot reguraly, then it will eventually die..
  • They can't keep it up! I have yet to try to get to the win2000test box and have it be up! I bet I have tried at least 20 times over the last few days, and not 1 time can I get a webpage, ping, or nmap, it's always down.
  • I can't get to www.windows2000test.com either.
  • Really embarass MS. Get a slashdot forum up and running on the server.

    If not secure enough, then just do what should be done, host the commnents on a separate machine, ie slashdot.
  • >I'd predict, since it's likely on campus at Redmond, that they have >no need to contract any MSCE's to run the test site. I suspect the >NT2000 development team is involved.

    And who do you think is responsible for creating the training for the MSCE's in the first place?
  • I've been switching to more and more Solaris boxes with Samba at work

    That must mean you're providing rock-solid servers to more and more Windows 9x and NT desktop machines, right?

    Everybody has known for quite some time that Unix makes a pretty darn good server platform. Sounds like you support a lot of Windows desktop machines.

  • Subject: CrackThisBox Update

    The Scoop: Well, it looks like Microsoft has now released their superuser password, too, and the guys at LinuxPPC have installed a GuestBook of their own.

    There, now that wasn't too painful, was it? And so easily accomplished without resorting to childish things like saying that one of the two organizations is stealing ideas (as if either were brand new), or outright lies like "Win2K lacks any remote administration tool like telnet," if you are indeed the person who made that remark.

    And next time, please don't wuss out and blame political correctness-persecution instead of owning up to what you did. There are a lot of real cases of people getting screwed by the joke that is political correctness. Yours isn't one of 'em -- you were just spreading bad information.

    As for your "Trying to please everyone is hard" remark, I didn't realize that there was a huge pent-up demand for incorrect information here. Who exactly would have been "displeased" if you had just reported the facts and left the rest out? Thanks, but this site's already got enough misinformation as it is.

    Cheers,
    ZicoKnows@hotmail.com

  • Funny very funny. Should be a brit traffic engineer.
  • C:\WINDOWS>ping www.windows2000test.com
    Pinging www.windows2000test.com [207.46.171.196]
    with 32 bytes of data:

    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 207.46.171.196:
    Packets: Sent = 4, Received = 0, Lost = 4
    (100% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

    SUNDAY, AUGUST 7, 7:40 AM EASTERN STANDARD TIME

    crack.linuxppc.com was reachable with both ping and Netscape. 'Nuff said.
  • Or, in the actually world: It's behind a firewall.
  • So this is supposed to be site for self-adoring bunch of Linux users ??
  • ....& switches. Move to a rainy area. That's the Microsoft way.

    Hey pal! I live in this godamned rainy area and I will tell you one thing:it is freeken killing me! Normally it is nice here during the summer. (thank god) but this summer, there have been two or three weeks of sun and the rest has been cloudy and rainy. Guess what? The leaves are already changin colors!

    So next time all you folks wonder what the hell is up Microsofts ass. It is the freeken weather OK?

    this message is meant in no way to defend microsoft

  • Read "The Microsoft Files" if you have any doubt about Gates' Napoleonic excesses.

    Even in the ludicrously under-regulated U.S. economy, there is a presumption that you don't steal and you don't lie. Gates, et. al., are famous for doing both - pathologically, you might say.

    No one minds success when it comes from hard work and talent. But success which comes from lying, cheating, and stealing is intolerable even in the U.S.

    Morality, you see, is not at all subjective. By any possibly true moral normative theory - Utilitarianism, Contractarianism, or Deontological Theory - lying, cheating, and stealing are demonstrably morally wrong.

    If a person is evil because they consistently do what is demonstrably morally wrong, then Bill Gates is clearly evil. End of story.

    It doesn't help, of course, that their products mostly suck. Mostly.
  • it's in the MS "people"'s best interest to attack their own box

    But the same goes for the linux guys...

    I honestly believe the Linux box is being battered by people using linux.

    First of all I know more about linux and *nix in general than about NT. The linuxbox makes a more attractive target that way. That argument probably goes for many of the linux people.
    Why would I try to break an os I don't use? Just to prove it's unstable? I'm not that kind of guy and frankly, I don't really care.

    Yes, I am a bit biased... so I'd rather see the linux ppc being really put to the test.

    I believe ESR wrote something open source worked because people were "scratching personal itches".

    Linux security is *my* personal itch, Windows security is someone else's.

    I'll scratch your back if you scratch mine...
    The Halloween documents [opensource.org] may be a clear indication that MS is not about to scratch Linux' back.

    But on the distribution of attacks:
    I expect the D.O.S. attacks being mostly cross-platform (linux kiddies trying to nuke win2k and windows kiddies trying to nuke linuxppc), while the cluefull attacks are being done by people who know a bit about the os they're trying to get into.

  • And why do you think B.G. is so evil ?
    Any examples beside the fact that he is very ferocius businessman ?
  • i'm sure your talking about RAS et al.. too bad this test does _NOT_ have them running. Hence the statement
  • It's setup so you can't connect remotely as root. Get a clue man...
  • I clicked on the "guestbook" link and get some error saying "ok you script kiddies, go to bed now". Whats the deal?

    -kidd
  • NOPE no thunder here. Nope. Promise. Hey did anyone download some of that nifty ass free software that microsoft gives away from their website during the time that win2k was down due to the thunder?

    that would prove they didn't lose power.

    Besides? Why would they lose power? Aren't they the biggest software company in the world? Wouldn't they have generators to keep the happy web face of the HUGE CASH COW they got going up there in bumblefuque?

    I know they probably think those most SANE people would move up here to WHITE TRASH HELL IN THE RAIN but I live here, and I know what the weather is like [see related post]: And it is NOT LIGHTNING IN WASHINGTON!

  • Humm, some approval jocky screwed up.

    I swore the status page mentioned 20% load at one point. Why would one need a bigger machine?

    So did all that tweaking to fend off attacks increase the processor usage?
  • There are many remote administration tools. Remotely possible, PC Anywere for NT, Microsoft SMS ( can even flash the bios remotley ) telnetd. The list is verry long. Over 100 commercial remote admin tools.
  • Don't forget you have to boot the W2k machine to crack it... or kick all the MCSE out of the way..
  • Well, it is definitely down. Check it out...

    8 sl-bb10-sea-9-0.sprintlink.net (144.232.6.90) 50.642 ms 51.102 ms 50.993 ms
    9 sl-microsoft-4-4-0.sprintlink.net (144.232.192.6) 51.736 ms 52.360 ms 51.980 ms
    10 iuscgsrfec7501-a5-00-1.cp.msft.net (207.46.190.38) 52.389 ms 52.129 ms 52.981 ms
    11 iuscb11ixc7502-a1-00-1.cp.msft.net (207.46.129.136) 51.672 ms 52.598 ms 53.737 ms
    12 iusd27nt5c7201-a1-0-1.cp.msft.net (207.46.168.36) 52.838 ms 52.947 ms 53.267 ms
    13 207.46.175.250 (207.46.175.250) 53.226 ms 52.794 ms 52.895 ms
    14 * * *

    ---

  • Okay, this may seem like a joke but from the day the contest went up I've been trying to connect to www.windows2000test.com and I haven't been able to!

    on the first one or two days the domain wouldn't even resolve, and then now it does but I can't connect anyway.

    I agree with some ppl that say Microsoft gets bashed too much but in these cases they should be ashamed of even making such a server...
  • here, here, netware gets overlooked to often, it's limited in what it does well (file&print), but nothing does it better. i have lot's of experience & it's not quite as stable as most unices but it's (way) better than NT, it's extremely tweakable, and very secure as well. sadly it seems to get lost in the raging nt vs. linux wars. p.s. 5 finally ditched IPX, for native IP. an thankfully it still doesn't have a gui, except for the console one thingy, which is just plain silly! i know this is off topic, but it's not often that i get a chance to ramble about NW. oh yeah, and they're not evil, there tech support even has a sense of humor, & admits when then don't have a solution to a problem, instead of sending you on repeated goose chases that don't resolve anything in order to buy themselves time to try to figure it out. p.p.p.s bill gate is evil, not because he wants to make money, but because he is willing to sacrifice the growth of technology to do it.
  • Can anyone mirror this windows2000test site on a Linux box? It never seems this NT site is up and running.
    *snicker*

    -- Greg
  • I'd suggest that you base your decisions on whether or not the software meets your needs. If Windows 2000 truly meets all your needs then by all means use it, don't be biased by people's opinions.
  • Not everything on your redhat box is editable from the command line. Try managing your RPM database by hand. Whups, it's a berkeley db database, ain't it?

    While it might be rather difficult to manage the rpm database with a text editor, it isn't hard at all to manage it from the command line. I can't stand RedHat's GUI front ends to rpm, but I get along with rpm itself just fine. Try something line "rpm -qfi /bin/ls".

  • Wait... you're saying that MS stole the idea for releasing the Admin password, but if I remember correctly, MS was the first to start the competition... THEN the Linux community COPIED them!

    My... how hippocritical.
  • I would have to say the tiled twat background on the message board is a nice touch, but the text should be a lighter color, it's hurting my eyes (and making me drool).

    #----------------------------
    $mrp=~s/mrp/elite god/g;
  • Linux has no bugs?
    What-everrrrr...
    Destroying the computer industry... What?
    Maybe if I also smoked some crack I would understand...


  • doesn't do much good when all I can get is a connection refused instead of getting the password eh?
  • Way to go, Anonymous. Your point of view and rationality are things that Slashdot posters need to learn from. I'm surprised you actually got people to agree with you. Heh, it's funny. Whenever I post a Slashdot comment with the words "Microsoft" and "not evil" in it, I get flamed for days. Maybe it's just me. :)

    --
    Wonko the Sane

  • Too bad no matter how much better Linux proves itself in this contest, management will always go with NT. Obviously Microsoft needs another year to fix the number of problems they uncovered today. It's hard to imagine them waiting that long and with management as oblivious as humanly possible to comparisons with Linux you can expect most of today's bugs to move to the world's computers in 2000.
  • good...evil....so subjective. come one guys, think different!
  • MCSE ? what is that... ? NO REALLY what is it?
    These test have nothing to do with the real world,
    they only have to do with MS and MS products. Or how to run a wizard to help migrate you to MS products. I love how they turn a blind eye to unix and other systems as if they will they only ones,
    I also love the way the make stuff up and call it some silly name. When that same stuff has been around for 30 years and already has a name.

    MSCE is brain washing nothing more.


  • This is by far the most MShead I have seen in a single slashdot article. What's wrong with this Sunday? Rob change the water or something?

    CY
  • to directly log in as root.
  • agreed. if you can't get in, what's the use of the root (or administrator) password?

    it was down right before i came here - er, actually after because i hit slashdot, saw the link, thought i'd see if it was up (it wasn't) and came back here to comment on it.

    and darn it, i was looking forward to upgrading again!
  • It does that all by itself. Microsoft has one of the flakiest web sites on the Internet. I get all sorts of strange error messages about broken ODBC servers, connection reset by peer, broken javascript, etc. It's a great advertisement for their alleged "Enterprise Computing" capabilities.
  • It's configured for only 5 connections at once. This is to prevent silly DoS attacks and encourage real attempts at breaking in through it.
    ----------------------
    "This moon-cheese will make me very rich! Very rich indeed!
  • For god's sake, ppl. The win2k box does not accept pings. It never has. How many more people are going to claim it's down because they couldn't ping it!!!

    Now, AFAICT, their web services have been down for two days now. But the box has been up most of the time. Still pathetic, though: "Crack this box, it has no services running and one 'open' port that refuses all connections."

    There's security for ya.
    ----------------------
    "This moon-cheese will make me very rich! Very rich indeed!

  • She's still there ...26451 unique attempts
    so far. The guestbook gets real crazy and seems
    to screw things up once in a while, but she keeps
    coming back. 0 crashs 0 cracks.

    M$ still down.

    Feel my scorn microweinies.

    Go ahead plant some more 'astroturf' ... it just withers and dies here.

    CC

  • *Raw* telnet is in the kernel as a STREAMS module in STREAMS-based Unixes, to reduce the number of context switches. Telnet option negotiation remains in user-space.
  • You forgot one important difference: Windows 2000 is a commercial product, produced by a company that charges a heavy premium, and apparently bent on taking over 100% of the OS market.

    Every bug you report and every enhancement you suggest to Microsoft, whether in this test or in their office suites, saves them lots of money in quality control and lost sales. It brings them one step closer to crowding out all their competitors. And, to add insult to injury, they will probably increase the prices later because their product is better, based on your suggestions.

    I'd concentrate on testing and bug reporting for Linux. That way, you yourself are the beneficiary of your bug hunting; you don't pay for it twice.

    Microsoft's claim is that commercial, for profit development is better. Well, then let them pay for their quality control themselves. Trying to weasel quality control out of their customers is just tasteless in my opinion.

  • I shall forego a constructive comment, and just say: "Oh, and we really give a shit whether you use linux too."

    Yeah, base you use of a tool on how it's promoted rather than how it works. That's smart!
  • I'm pretty sure the guestbook is to blame.
    They cycle it every 5 I think. It seems to have
    a DOS effect.

    She's still up!

    CC

  • > Even NT4 has several "command lines to a TCP session" utilities in the resource kit

    Ah, like the wondrous UNSUPPORTED telnetd? The one with warning labels all over it? The one that crashes the moment you disconnect? I was quaking in my boots ... from laughter.

    And if you honestly consider server manager to be a usable admin tool, then wow you have low standards. How about user manager? Boy sure would be neet to get account status from the list. Of course the list when you have a thousand users tends to take eons to refresh, unless you go to low-bandwidth in which case you can't see any of them.

    Every time I attempt to use an MS tool, I end up muttering over and over "what a joke. what a fucking joke". Then the Microsofties then blame me for not tolerating crap, it's a failing in me, why can't I praise it for being GUI?

    Joke. And every ISP knows it.
  • The abstract did not contain any incorrect information. Rather, it was the spin that displeased you. For some people, the word "stolen" is emotionally laden. For others, it is not. An absence of spin would be nice, but the presence of spin teaches spin-immunity. Either way is cool with me.
  • It's nothing more than those annoying people that put banners in your guestbook. Not a "hack". (Hackers/Crackers are people skilled at something, I don't consider HTML a real skill).

    Certainly it would have been better to consider that people do that with guestbooks that allow HTML.

    Sebastian
  • I have finger, qotd and chargen turned off on my box. I need chargen for a test, it's a one-line script using netcat.

    And finger is a security nightmare when it works as designed, let's not even get into the lousy implementations of it.
  • First, stop trolling. We all know you are the same troll that appeared in the first thread and on yesterday's article. You can disguise as an AC but you can't disguise your writing style.

    "Being agressive is not evil", you say. Fine. The Linux crowd is also very agressive. When they find a non-free program they like, they try to clone it. This might piss the ones who wrote the non-free app, but then, like you said, it's capitalism...

    "This pisses people off because you ruined their business." Like when some version of Windows had a fake error message when run in some non-Microsoft version of DOS? Even with the code to detect the OS hidden under several layers of anti-RE code, someone found out.

    "My point is if you do not like it, write for another OS." This is exactly what we are doing. And this is exactly what Microsoft wants to prevent (remember the Halloween documents?). Also, this sentence showed you wrote before thinking; you're ranting.

    After this point, you go on and on with non-clear thinking (first you say it's simple, then you say it isn't; then you rant about supporting other OSs when Free Software is the most ported kind of software (and we even have Windows versions of most of them)). Then you say that the problem with the LINUX crowd (why all caps?) is that they think that it is a new way of life/thinking (no we don't think that; we know it's older than proprietary software). Then you go on and say it's business plain and simple. Funny, where's my paycheck ;-P ?

    Then you say that we should search for money only. But Free Software is not market-driven, it is driven by the needs of its users. And last, you mention someone I've never heard about, but fail to provide a link.

    I hope you realize your cover blew up (posting as an AC is useless to disguise you're the same guy as some other random guy when you can't disguise your style and your way of thinking) and that you should stop. You won't win without a rational argument.

    I could go on and on, but I left it as an exercise to the fellow slashdotters.
  • You can use the win32 port of netcat to listen on any tcp or udp and give you a shell when you log in. It doesn't do any authentication though, so it's not secure, in the least.
  • So I've been reading the comments about the whole windows2000test.com fiasco, and the part that really piqued my interest was the bit about the logs. I wanted to read the Win2K server's logs to see what the deal was.

    One slight problem: the site's been down. Not just once, not twice, but literally every damn time i try to go to their site, it's down. And not just busy like crack.linuxppc.org is...I can't ping it, and traceroute shows the only failure at the computer, so it's not like their router has gone down.

    At this point, it seems that the Win2K box is down more than it's up. I realize this is beta software, but JESUS, give me a break. Imagine the kind of flak ebay would get if they were running Windows 2000 on their boxes right now.

    If W2K is this easy to crash, who in their right mind is going to want to run it on any kind of enterprise solution? We've always known that UNIX offers better stability than NT, but it's never become as apparent than now.

    Long live linux.

  • > Ooops, sorry, can't script a GUI!

    Yes you can. If there's one thing MS has actually done reasonably WELL, it's made most of its newer GUI components scriptable from its scripting engine, which is also a modular architecture targeting a backend. Basically you're writing in Windows-Script, and VBScript, JScript, and even PerlScript. Python also works well in this area too. (Before you screech about PerlScript, Perl also supports Apple Events, it's never been a least-common-denominator thing). Then Macs have AppleScript, so it really leaves Unix and X toolkits out in the cold. Motif is kinda scriptable, but it's a joke. All the other toolkits are stone age.

    NT's plenty scriptable, it just has a command shell that isn't capable of doing it on the fly, a scripting front-end that still requires three-letter file extensions to determine the language (and actually pops up a bloody SPLASH SCREEN), and of course you can't redirect I/O from status windows and such.

    I wonder if Notepad STILL has a tiny file size limit? Been what, 10 years?
  • HAHAHA!!! Go administer a network of 1000 machines with your graphical tools! Then go do it with scripts! Then come back and tell us what you really think!
  • Bleh, I left some words out. The various languages like vbscript, jscript, python, perlscript all TARGET the back-end, the sort of "windows-script" (which is laughably primitive, but seems to be enough so far).
  • SSH comes to mind..
    Stan "Myconid" Brinkerhoff
  • >>The whole multiuser thing is like a blast from the 70s.

    Maybe, but it's a better holdover than using a letter designation for each drive volume.

    >To the _vast_ majority of users and uses it has absolutely no use for a kernel to be fundamentally multiuser.

    Microsoft don' need no stinkin' multiuser!

    >However please note that Windows 2000 does have a multiuser kernel.

    Oooo, users don't need mutiuser, but we'll give it to them just in case. How thoughtfull. But only if they shell out the big bucks for the 'Advanced' version.

    >Although this is hard to fathom, most NT services allow administration through remote network (ex. TCP/IP) tools. DHCP, events, servers, services, DNS, WINS, Performance counters, etc. etc. etc.

    Not hard to fathom, just not particulary usefull.

    Event log-
    A network error occured on the VPN between machineA and machineB.

    Server manager for domains-
    Try and find who has d:\data\datafile.idx locked,
    when there are 300 people with files open and no way to sort, search, or even view more than five
    open files at a time.

    Services-
    highlight 'www service', click stop, 'this service cannot be stopped because it is not currently running'. Start button remains greyed out.

    Performance meter-
    Try and figure out a way to get this to show _who_ is tying up all the bandwidth with proxy server.

    >Having used both console tools and graphical tools, I will take the graphical tools anyday and can only chuckle at the script kiddies purporting themselves to have some sort of elitist knowledge because vi is their friend.

    Hmph. GUI tools are more useful than console tools if you don't have a clue what you're doing. Or useing NT. Chuckle away, I do have elitist knowledge, and vi _is_ my friend.

    >Bah.
    Bah indeed.
  • ..or ssh
    Stan "Myconid" Brinkerhoff
  • If you worked at Microsoft (which I did until recently), what was your 7 digit employee ID number? If you're not willing to give that out, which area code and exchange code was your phone number at MS (that's the first 6 digits)? What's the difference between building 6 and building 7 on the MS campus?

    NT is not based on DOS either. You're talking crap.

    Simon
  • Ummmm, hello? Dumbass?

    The JavaScript and META tag stuff on the Guestbook was posted through the Guestbook. They need to fix the Guestbook so that kind of thing no longer works; I'm shocked that they didn't do it right the first time (it's not hard to fix). This did not involve having root access to the machine.

    In order to have root access, you have to either be at the local console, or you have to telnet in as another user (the account jcarr does exist, but I don't know the password) and then su to root and enter the root password, or you have to figure out some other way in (exploiting a bug in Apache or its CGIs, since that's the only other thing running).

    For awhile, they had a message in /etc/issue.net reminding everybody that you can't log in as root. Looks like they took that out.
  • Not everything on your redhat box is editable from the command line. Try managing your RPM database by hand. Whups, it's a berkeley db database, ain't it?

    I might note that although solaris's pkg* tools suck, that the database, such as it is, can be hand-edited such that I can put a new file under the ownership of an existing package or remove a single file from package control.
  • 4. "Nobody ever got fired for buying Microsoft."

    (Or so the modified saying goes)

    --

  • Well, it is true that Linux users tend to generally be better computer users than Windows users-- they almost always are. However, from my experience, I have /never/ had linux crash in the two years that I've been consistantly using it. And it's not often that I get through a day without having Windows NT crash or break on me.
  • Take the serial cable from the UPS the NT system is connected to and connect it to another machine. You now can cycle power remotely! You can also put in one of those LAN cards that control power.... ;) Doah!
  • Well, NetCat (from L0pht) [l0pht.com] is totally free (totally insecure, too... but free). I can't find it on their web site any more, but it was ported to NT by Weld Pond.

    I used to have a cgi script to start a netcat session from IIS, with some minor security provisions. Not really secure, but it wasn't always listening

    But, if you start it through IIS, your rights are whatever the IIS (guest?) account is. You can start it as a service, but that is a gaping hole without a good wrapper.
  • Sorry, FTP is off. Just telnet and Apache.
  • Nice to see that Win2k is down at the moment (3.30pm BST) and LinuxPPC is still solid as a rock. ;o)

  • Orgs I've worked in licence MS stuff per Seat (not per Server/Workstation), so adding servers and the like have a minimal software cost. The big problem with NT Workstation is that it has an arbitrary limit on network connections (256?) that makes it unusable for application serving.

    I really doubt many MS shops will run telnet (running to the server room keeps you in shape!) -but it's an option.
    --
  • Take a look at This page [ex.ac.uk] for pie charts of what the sites are doing. I go through a proxy chain to check stuff and if it gives me Remote server was not contacted, document may be out-of-date ,I count that as a 203

    At time of writing windows2000 is all 203 but hey...i understand this test runs for a month

  • by Anonymous Coward
    1.) Windows 2000 is in beta. Expect bugs, lots of them. 2.) Windows 2000 in my experience is far superior to anything previously released by Microsoft. I use mswin2k several hours every day. It's stable, and great. (UNIX is still better :-) ) 3.) Be less confrontational. "they copied linuxppc by posting the root password"? c'mon! you could say linuxppc copied Microsoft by starting the same sort of contest. Big deal. 4.) Quit the bashing on their guestbook, their site isn't the place for maniacal linux evangelism, it's a site to test out Windows 2000. It's ridiculous when I actually want to try and READ something useful. 5.) The Linux evangelism has to tone down, it's ridiculous, it didn't help the Mac, and it isn't going to help Linux. Linux isn't the Be All, End All. One could say NT is a much richer web-serving platform. I know persnally from tests, when you take 2 identical x86 boxes loaded with ram and cpu, the NT boxes prevails on file-serving capabilities. Both OSes need a lot of work. And I supppose all of Linux's hardworking developers must get peeved when end users get into petty flame wars...You're only hurting them. 6.) Microsoft isn't evil, Bill Gates isn't the devil. They're a business, they're out to make money, that's what businesses do, this is America, this is where it happens.
  • > Read "The Microsoft Files" if you have any doubt about Gates' Napoleonic excesses.

    Read "The Plot to Get Bill Gates" for another POV. Can't be any more biased than the first.
  • Unless it's some kind of joke, there's already an annoying little JavaScript window that pops up speaking in ye olde B1FFish. A crack, if you ask me.

    Anyone? --

  • > I constantly had to reinstall windows and its applications every 6 months on all the boxes to keep them up and running without a crash every day.


    I call that phenomenom "System Rot". Windows is notorious for rot. Actually the absolute worst offender is the mac, but remote reinstalls on a mac network were as easy as dragging the install folder from the master install server (which I just kept open) to the offending machine. Keeping an old configuration was similarly easy, just copy the system folder.

    When I supported MS Exchange, it was fascinating how badly that application rotted. First the spellchecker went away, then some property pages here and there, and it would progressively decay until it was unusable, sometimes taking personal folders files with it. Thousands of Exchange users, five of us techs did an average of four exchange reinstalls a day.

    I'll say one thing: most games these days actually respect the system. DirectX may be a developer's idea of a joke (every API call has the version number in the function name even though VC++ *does* do namespaces), but it does at least stay managed a lot better than the way installers simply overwrite files willy-nilly.
  • Peter Drucker is a well-known management guru. I read http://www.amazon.com/exec/obidos/ASIN/0887306187/ qid=934124320/sr=1-14/002-7959264-563220 5 Innovation and Entrepreneurship some years ago and thought it was quite good. The link has a few reviews, although if you want to buy one of his works, I'd recommend getting the omnibus edition ($22.95 for three of his works including I&E).

    D

    PS Anyone know why links don't work in comments anymore? Sigh.
    ----
  • Well, the main reason for NT is to make Microsoft money, and to crush Unix. (I'm honestly not sure which is more important to Bill - he has a vindictive streak a mile wide, which is a major reason so many of us hate him).

    The reason people buy in on NT is that there are billions of applications and server programs for it. It's pretty easy to write database-driven web sites in ASP or Cold Fusion, which I think is the main reason NT has acquired market share as a web server. Of course it's also easy to write the same applications using mySQL and PHP-FI or mod_perl, but these technologies are not well promoted in the marketplace.

    I tried to convince one of the people I work with to consider PHP/FI. He said that he hadn't heard of it and it didn't have "market power". He wants to use the technologies that have "market power", whether they work or not. I guess the idea is that if clients have heard of a technology, it's an easier sell for him. I told him Apache is the number one web server. He wasn't convinced. Any idea how to convince him? I don't think he's a true PHB, but he does see things from a business perspective, not technical.

    D

    ----
  • Sadly, nothing really interesting. A Microsoft Windows logo, an ugly greyish colour scheme, and a tiny amount of information about the challenge. The layout conformed to the ultra-boring Microsoft graphical and layout standards.

    Strangely enough, on the one time I was able to access it, it was running really fast - maybe people were giving it a break. But I have tried many, many other times (including yesterday evening) without getting through. You're bound to be disappointed if you put much effort into it.

    Someone did put up a mirror, though.

    D



    ----
  • You can buy a third-party telnet tool for $ 189.

    Yes, it provides you with the standard command.com shell and nothing more.

    It can be useful to do things like remote pkzipping of files.

    I believe you can get the Bash shell for NT, but you apparently have to add the whole suite of Unix command line tools in order for it to work.

    Incidentally, please reply to this message if there's a free or at least cheaper NT telnet tool out there - I'm loath to pay $ 189 for it, and there are times when it would be helpful.

    D

    ----

  • Put it this way - the company who tried to get rich selling a $200 telnet daemon for NT got put out of business about a year ago by Microsoft when MS released a free Telnet server.

    Admittedly, users/seat licences still cost money.
    --
  • We don't need tons of "crackers" putting HTML and Javascript tags in the guestbooks of each site. Yes, it's funny that both sites have been spammed with tags to pop up windows, spin in infinite JavaScript loops, etc, and redirected (to both porn sites and freebsd.org - cool) with meta tags.

    But unless you can tickle their cgi into running system commands and giving you a shell (or downloading/running BO2K) then it's all pointless. Microsoft figured it out and filtered out tags eventually; LinuxPPC will too.

    The DOS attacks are annoying, but not completely worthless - it's interesting to see LinuxPPC pages come up after as much as a minute under the network spamming, while MS is unpingable for hours on end.

    No - what I'd like to see is a page with traceroute stats - a script to probe their networks (routers, other computers on the same subnet, etc) repeatedly and save the results. Someone on Linux Today asserted that he could ping both MS's routers and other computers in the same 255.255.255.0, during the period when they "were having router problems". If he's right, then Microsoft is just plain lying to a whole lot of reporters and to the public - but we could hardly say so without evidence. If the script hit the main web pages regularly, that would be good too - there have been periods where the MS server was pingable but IIS wasn't responding.

    I'd like to see this for both servers, of course. Someone said crack.linuxppc.org wasn't pingable once, but I tried 5 minutes after his comment was posted and both ping and Netscape (although slowly) got through.

    It would be important to summarize the stats, of course. Neat graphs of things like percentage of dropped pings and timed out HTTP requests would be cool.

    I'd do this myself, but I'm tired and lazy. If anyone else wants to do it with Perl and LWP, though, I'll help.
  • It's just lame ass script kiddies trying to (misguidedly) look cool by sticking meta-refresh tags and javascript into the guestbook. Not a crack (it just messes with YOUR browser, not the server); just lame and inconvenient.

    Simon
  • by mattdm ( 1931 ) on Saturday August 07, 1999 @06:03PM (#1759114) Homepage
    Not exactly -- they just neglected to secure the guestbook. Nothing on the actual machine has been touched. But definitely a mistake on the linuxppc people's part.

    --

  • "Netscape's network connection was refused by the server www.windows2000test.com. The server may not be accepting connections or may be busy. Try connecting again later."

    (And LinuxPPC has always worked just fine, stupid javascript tricks aside.)

    --

  • You are perfectly correct, but what you cannot do is edit the rpm database information by hand, as you need something specialized to read the rpm db, that being the rpm command itself in most cases. I'm not knocking it, I am saying that editable text files are overrated in some instances.

    As for the previous person's comment about the registry, you should be able to write a script that exports the registry into a .reg file, throws it into vi, then uploads it back. You'll get some nice bonuses of atomic transactions too, it'll either upload or it won't at all (at least I believe that's how it works).

    Mind you the usual stupidity I run into with NT is institutional ("it doesnt come with the OS and it doesnt cost $10,000 or more so it must be an unstable hack"), and the fact that it has no decent out-of-the-box remote admin tools. Perhaps W2K will fix that, let's see if it can be kept from falling over as well.
  • In my world, even a badly-written application should not rot the rest of the system. The usual rot problem was preferences. Prefs files became corrupt so often, everyone pretty much got used to making regular copies of them just so they wouldn't have to redo their setup every time. Prefs files became corrupt usually because of the constant reboots typical to a Mac, which although they're decreasing in frequency, the reboot reflex on our resident Mac-freaks was, shall we say, practiced. Don't even start on "well-written apps", it wasn't Illustrator's fault the backup TSR ... er, INIT crashed the system. When the system would come back up, prefs would be corrupted. Apparently Macs never heard of a fsck, heck any kind of disk check at all is third party (was at the time I was there anyhow). Would spoil the illusion of a fast boot I guess, though now it does pop up a warning that in true Windows fashion makes you want to punch its "friendly" face ("Your computer was not shut down cleanly" -- "NO SHIT, YOU MADE ME HARD BOOT IT").

    Even my linux system displays some instability over time, though it's often *forced* by applications demanding the latest bleeding edge gtk+ or whatnot (*cough*xmms*cough*). I've never really managed to cause that rot without root, except KDE has displayed some rot in that it will no longer come up with more than two desktops (I have six) despite saving preferences.

    I guess the only way to really avoid it is to code to anal-retentively detailed and strict specifications. But that wouldn't be as "fun".

  • W2K has a telnetd built in. Where'd you get the $200 figure?
    --
  • You can use Back Orifice as a telnet tool - set it up to bind a port to command.com, and then telnet to that port. Not so hot as far as security goes, of course, but you could write your own BO2K plugin that does authentication if you wanted.

    As for bash, Cygnus has a whole UNIX environment for Windows - bash, DJGPP (gcc port), grep, ls, cat, and everything else.
  • by Trepidity ( 597 )
    Well, even though crack.linuxppc.org hasn't actually been cracked, it would appear to the casual observer that it has been. That, to me, seems to say that LinuxPPC can be great and secure, but it doesn't do you any good if you're going to run crappy CGI guestbooks on it. Maybe the LinuxPPC guys need to hire an admin...
  • I notice that the MS astro-turfers are out in force this evening, spreading their own brand of joy (not!).

    Anyhow: NT *CAN* be remotely administered, but it is (of course) an additional product, and it doesn't work all that well due to the fact that NT wants you to reboot every time you sneeze. ("Your mouse has moved -- please reboot to make this change effective", heheh). Go look up SMS on Microsoft's site. It's a laugh. They are touting features like "capable of installing software onto remote machine" . Gosh, didn't know you needed extra software to do that with Microsoft software (Melissa, anybody? :-). If you want a real blast, go to msdn.microsoft.com and do a search on "SMS". Read the directions for how to install Office 2000 via SMS. Gosh, they figured out how to make their client machines run 'mirror' from a special-duty ftp site then run a script to install any new programs, what will they 'invent' next?!

    -E

Diplomacy is the art of saying "nice doggy" until you can find a rock.

Working...