Wednesday, February 09, 2000
“I know I left it here somewhere … ”
I just spent the past few hours working on this journalblog, updating the pages and internal links, getting ready to get this thing live hopefully in the next few days. Internal links are still worthless, but hey, only a few people should be reading this anyway.
Now I just have to find some code I wrote a few months ago in preparation
for the Electric
King James site. If I can find it, and adapt it to use strings instead
of integers, then I can retrofit it into
mod_litbook and use
it in (tenanively titled) mod_jb.
But that's the problem … I don't even remember what I called it, nor where I stuff the code. And I have a lot of code on this system.
Sigh.
“I have a bad feeling about this.”
On Monday (which I didn't report), I went to Atlantic Internet to do some consulting. One of the salespeople there is involved in some projects and I was brought in to help.
While there, the box being used, a RedHat 6.0 distribution, appeared to have
been compromised. No like
my roommate's box but still,
syslogd wasn't running like it should, and there appeared to be an
abnormal amount of httpd's running, but it's a webserver so I
didn't think anything of it.
I shut off ftpd and added entries to /etc/hosts.allow and
/etc/hosts.deny until it could be patched up or upgraded.
Fast forward to today (way early or way late, take your pick) and I'm reading Slashdot when I come across the article about some recent DoS attacks against some very large sites. In the discussion, I follow one of the links to an analysis of stacheldraht, a program that is suspected to have been used in the DoS. And the code seems to have been written for Solaris 2.x and Linux, specifically the RedHat 6.0 distribution.
Like TFN, C macros ("config.h") define values used for expressing commands, replacement argument vectors ("HIDEME" and "HIDEKIDS") to conceal program names, etc.:
#ifndef _CONFIG_H /* user defined values for the teletubby flood network */ #define HIDEME "(kswapd)" #define HIDEKIDS "httpd" #define CHILDS 10
The box in question, like I stated, is a RedHat 6.0. What I haven't
mentioned is that it's sitting behind a T3. And there were an abnormally
large number of httpd's running.
I have a bad feeling about this.
No problem
Finally was able to check the machine today. It's clean.
So where are the fault-tolerant Unix systems of today?
… and by October of 1990 a complete nanokernel was running on the Omron Luna/88K. The current nanokernel contains approximately 20,000 lines of C code and less than 2,000 lines of assembler code….
In addition, the ability to recover all run-time kernel data from checkpointed state means that an interruption of power does not disrupt running programs. Typically, the system loses only the last few seconds of keyboard input. At UNIFORUM '90, Key Logic pulled the plug on our UNIX system on demand. Within 30 seconds of power restoration, the system had resumed processing, complete with all windows and state that had previously been on the display. We are aware of no other UNIX implementation with this feature today….
The paging system is tied to the checkpoint mechanism, and is discussed in the section on checkpointing, below. Persistence extends across system shutdown and power failure. Several IBM 4341 systems ran for more than three years across power failures without a logical interruption of service.
KeyKOS Nanokernel Architecture
Accordingly, KeyKOS also received a B3 security rating, and it's a multitasking, multiuser system. At best, Unix can get a C2, and Windows NT can get that if it's networking is removed. I don't think it's generally available, but one that is based upon KeyKOS, EROS, is available, and GPLed.
I'm so vain. I bet I think this website is about me.
I get curious at times. At one point I wanted to register spc.com,
being my initials and whatnot, but Time Magazine registered that one on July
14, 1994. I've never bothered to ask if I could have it, but I can't
imagine what they're using it for (nothing, as I can tell).
So I decide to check out spc.org, which seems to be a better domain
for my use anyway. When I tried a few years ago, it was taken but I forgot
who had it. The current owners registered it June 7, 1997. So I might have
gotten it had I been on the ball three years ago, but I wasn't.
They seem to be using though, so I can't complain there.
And that leaves spc.net, which was registered to the Special
Products Company on June 22, 1996, and
they seem to be using it
as well.
I can't have conman.com because that is being sit upon by a domain
name speculator company, noname.com.
But the big surprise is
conman.net. Last time
I checked (a few weeks ago) it was being held by noname.com but
that doesn't seem to be the case anymore. It is now held by
Conner
Huff.
Now, conner.com is owned by
Seagate, the
harddrive manufacturer. Understandable, Conner used to be a well-known
harddrive manufacturer before being bought out by Seagate.
conner.org and conner.net are owned by
MailBank.com, an
organization that gives out email addresses. As of today,
sean@conner.org
is available as an email address, but at US$9.95/month, I think I'll stick
with what I have.
