I had mentioned that there may be some downtime as I transitioned this site (and a number of my other sites) over to new servers. I'm starting to think that this will never happen. I mentioned the servers that I had ordered last week from 1and1 (a company who's service I've been impressed with for the past 5 years or so). The servers were prepared quicker than expected, one with CentOS 5 and one with Windows Server 2003. I began using CentOS 5, however I realized that I'm much more a fan of the Debian structure, so I requested a server reimaging with Debian 4.0. (1and1 has a reimage on command button with a wide range of images). I got my Debian server up and running and everything was going well.
Sudden, however, I couldn't SSH into it. I checked via console (you also get console access) and found that it was down. I rebooted and all was well. A day later the same thing happened. So now the server has crashed at least once every 24 hours, since I got it. On Friday I'd been going fine for a day and a half or so and suddenly it locked up again. Completely unresponsive. So I sent in a support ticket and received a response with the phone number for their 24 / 7 dedicated server support. I called and after a brief conversation was told that if my server had nothing important, they would have the hardware replaced and the machine reimaged. I'd have to reconfigure it again but that was all, so I said sure. A couple hours later I got an email saying it was ready to go, so I went through and configured it again Saturday morning. Saturday night, it hung yet again, so I decided their may be something wrong with their Debian system and went back to CentOS 5. I configured it (compiling nothing from source, and using only the yum repositories to ensure it wasn't software I installed). Yet this morning the server was down yet again. This time with libc related segfaults on the console during boot.
I called in and was rather unimpressed. I was told that since it wasn't hardware this wasn't the type of issue they deal with. I couldn't believe the response... it's their hardware, their image, their yum repository. I haven't obtained anything that they were not the source of, and they still wouldn't help. At this point, I'm pretty fed up... but at the same time I've received great customer service for so long. It's really disheartening. I recommend 1and1 to everyone I know and now it's blowing up in my face.
I've decided to give the server one more try (this time on Ubuntu -- my favourite Linux distro) and if it still fails then I'm going to walk away and start a letter writing campaign.
Hey All,
I just wanted to let everyone know that this website will be transitioning over the next few weeks (just in case their are any ups and downs along the way).
I was starting to hit the occasional database connection limit exceeded (the sole downside that I've found with my host is that connections are hardcoded at 18 and you can't pay to upgrade that limit). I also have a VPS, but I've found it just doesn't cut it for some of the shell related things that I want to do.
As a result I'm getting rid of the VPS and I picked up two servers, a 'Root Server' and a 'Windows Server'. I'm fairly happy that the costs are reasonable (compared with the other services that I looked at) and I liked the concept of one Windows, one Linux rather than 1 bigger server... Once I have all the software I want installed and everything configured, I plan on transitioning this blog to the 'Root Server'. Once there it will have it's own IP and associated SSL cert. I will also have a few test beds to play with.
Server Specs:
2.2Ghz AMD Athlon 64 3500+
1GB RAM
160GB w/ Software RAID 1
2TB Monthly Transfer (per server)
So I finally got a ASUS EEE PC. I've wanted a small laptop for a while now, and there happened to be a great mail rebate option (valid in Canada until Aug 31st for anyone thinking about getting one).
I went with the 900 in Galaxy Black. The first thing I did was set it up to use Advanced Mode... the second thing I did was install nmap. It's quite a bit of fun... even in basic mode, I could see it being useful to a lot of people. I have a USB Enclosure and a spare DVD-RW, I'm going to assemble it and hook it up and see if it's detected. If it is, then it'll be perfect.
Attn Parents: If you're sending your kids away to college (it is that time of year), consider getting them one of these, and consider the Linux version. Really it has everything they need... it's nicely secured (compared to getting a full blown laptop)... In basic mode the ease of use is way up there and with a USB DVD-RW and maybe an external monitor, they have everything they need. Although the screen would be ok for watching DVDs.
I went with the solid state drives, but there is a option with a 80GB drive (I believe it was 80GB). Simply to play with solid state, and because it seems more logical for something that might get tossed around a bit.
Specs on mine:
8.9" Screen
900Mhz Celeron Processor
1GB RAM
4GB OS Drive (1.5GB seems to be used, with the remainder holding an image that I can restore to by holding F9 on boot (apparently)).
16GB Storage Drive (mounted as /home)
1.3M WebCam
3 x USB, 1xHeadphone, 1xMic, 1xVGA, 1xSD
Just a quick little note to share with people. In my efforts to add to the social activities associated with SecTor and to foster discussion, I've created a new website, SecTorAttendees.com. On the page you'll find a forum and a mailing list. I would invite everyone who is attending SecTor to join both and share in the discussion. For those of you that aren't quite sure yet, sign up and you'll most likely find a reason (hopefully in time to beat the end of August price increase)... and for those of you that can't make it to SecTor this year, you're all welcome as well, you'll see what's happening so that you can make it next year.
Hey All,
I wanted to do a brief repost over here to direct everyone to the 5-part non-technical blog series that I did on cons (for the most part) and con experiences. This was my contribution to blogging following Blackhat / DEFCON.
- Being a Research Engineer at a Blackhat Booth
- Competitors Can Be Civil
- Why DEFCON Sucks
- Why the Social Aspect of Cons is Important
- What Can Be Done to Improve the Cons.
Enjoy!
I thought this was interesting... I don't seldom have emails that are this long, but since every survey submission is seen as part of the same resonse, I've been seeing it. It appears as though every 61 messages, the thread is cut and a new one is started. Has anyone else seen this and possibly experienced a different number? If everyone else is indeed seeing 61, does anyone know why?
Does anyone from Google read this? If so, why cut the threads at 61?
Side Note; Anyone know when Google Apps will be getting the 'Always use SSL' checkbox?
Hey All,
Thanks to everyone who's filled it out, for those of you that haven't... you still can (survey). A large number of people are prefering to stay anonymous, but I have gotten some rather interesting comments. To date 169 people have filled out the survey. If all goes well, I'm hoping to start analyising the results after about a week or so.
To clarify, for anyone who reads this first... When I say Denial of Service, I'm not considering packet flooding (these days you essentially need DDoS for that)... I'm thinking single packets that cause servers to crash, or malformed pages that cause browsers to crash. That being said, I don't want to influence anyones answers... that's why I provided plenty of places for notes. Feel free to tell me what you really think.
Lastly, in the goal of making an interesting whitepaper out of this, I've started contacting vendors. Currently I've contacted Adobe, Apple, Google, Microsoft, Red Hat and Sun. I've asked them to answer the survey (and provide me with unique information via email that they will put in the name, email and url portions (for proper identification)) and I've passed on a few vendor specific questions. I've taken the route of contacting their PR agencies, so we'll see what happens.
Categories: IT, Security Tags: Adobe, Apple, Denial of Service, DoS, google, microsoft, Red Hat, Sun, Survey, tyler reguly
Hey All,
Quick post here as I'm trying to gather some statistics related to Denial of Service and people's perception related to it. I've posted a small survey @ http://tinyurl.com/dossurvey, if anyone is interested in filling it out.
Thanks,
Tyler
Hey Everyone,
So Blackhat/Defcon is behind us... Instead of blogging about the talks, I've taken a different approach and I've been doing some non-technical blogging. In the end it will be a 5-part series, but the first three are already up.
They are:
- Being a Research Engineer at a Blackhat Booth
- Competitors Can Be Civil
- Why DEFCON Sucks
The last two will most likely appear early next week.
Also, now that Blackhat/ DEFCON are over... What's next? As far as I know the next Con I'll be attending is SecTor. Last year was the first SecTor and I had the opportunity to attend. SecTor will actually make it's way into my upcoming blog series (from above) on the VERT Blog. That being said, I wanted to remind people that it's coming up, after all... it's held in Toronto and I live in Toronto, so the more people that attend, the more people I get to meet.
For anyone who didn't get a chance to visit SecTor last year and is curious about the quality / style of the talks, I tried to write-up everything that I saw.
Of course, these are biased because they're all my opinion, but I do recommend the Con for anyone that can make it up this way. Let me know if you'll be coming up and we'll make arrangements to get together for a beer.
