We now understand the attack vector. Turned out to be simple, and some of the things we have done have now closed that door. It was a pretty simple door, but still worth noting. BTW: some don’t like early disclosures of exploits. I have heard from ~6 people (off the Rocks list) since posting that they have seen similar attacks attempted. The entry point was via a shared user account. Once this account was compromised, our new friend from Romania started working.

A customer has a Rocks cluster, and it was compromised yet again. We have tried hardening the system, but it appears that there is another vector, associated with key loggers and windows machines. Sadly this customers problems are largely self inflicted, as they can’t seem to operate without running as root user. I could say more, but I am somewhat pissed off that some of our critical advice was ignored, and then we are the target of some anger for the fact that they ignored the advice and were hacked.

One of our ISPs does indeed have an outage today. SLA? We don’t need no steen-keen SLA … We have redundancy.

The term Perfect Storm represents a coincidence (temporal or spatial near simultaneity) of events that cause a much larger effect than any one of the events normally would on its own. Perfect storms are in some ways, a superposition of events. Every now and then you get to see one in action. Like now. I won’t describe current economic times, or what I think are the causative effects. Just what I observe.

(or how to fail without really trying) We have a redundant pair of links into our site. Long history of seeing outages take down even (supposedly) SLA covered systems. This is why when I hear of SLAs for these systems, I snort in finely honed derision. They don’t work in these scenarios, and arguing about it won’t make them work. Redundancy is your only option. Anyone arguing otherwise hasn’t had an SLA and a company refusing to honor it to deal with.

No protest against Microsoft which owns that service. Just the unfortunate fact that hotmail is apparently the conduit now for a DoS attack against us. No, its not working. But I am assuming that someone somewhere has managed to corrupt the inbound mail access at hotmail. Have discarded about 12000 mails in the last 12 hours. May start blocking hotmail at the firewall, not even let it traverse our network. Sad.

what if you discovered that your efforts in trying to win business were in fact being used to lever some other group down, and the groups speaking to you were simply there to use you as a lever. Or a 2x4 (two by four: basically a large block of wood used for support in framing, or used for, in a proverbial sense, beating people and companies up ). Since you are not going to win, no matter what you do, should you even expend the effort?

Just built it this morning, as I wanted to test out a few things tomorrow. So I loaded it on the build machine. So far so good. Everything works. A bit faster too. Hmmm…. maybe it forgot to scale the processor speed down during idle? Will look later. Ok, this machine has an nVidia Quadro FX/1100. Nice graphics card. Pull down the latest nVidia drivers, build them, and … nothing.

I eschew talking politics on this blog. I simply don’t think it is right to do so here. This is a comment on a current event, and simply skip it if you have no interest in such things. I watched in fascination and abject horror as our media descended upon a plumber one state and maybe 100 miles south of me. Full story and background at a humorous site I occasionally read.

OFED 1.4-beta1 on IA64 (actually this is Ubuntu 8.04 server on IA64) in the office. I need a machine to act as a source/sink for IB for some testing. root@itanic:~# uname -a Linux itanic 2.6.24-19-mckinley #1 SMP Thu Aug 21 01:16:49 UTC 2008 ia64 GNU/Linux root@itanic:~# ifconfig ib1 ib1 Link encap:UNSPEC HWaddr 80-00-04-05-FE-80-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.11.239 Bcast:192.168.11.255 Mask:255.255.255.0 inet6 addr: fe80::208:f104:396:3d36/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:2044 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:10 overruns:0 carrier:0 collisions:0 txqueuelen:128 RX bytes:728 (728.