CRX resource website???
Thread Starter
Joined: Jul 2002
Posts: 22
Likes: 0
From: Butler, PA, USA
CRX resource website???
don't know if this has been covered yet.. i did a search but... where did the crx resource website go??? u know.. the resource.crx.org page, with the forums? anyone know?
Member
Joined: Oct 2001
Posts: 1,285
Likes: 0
From: WNC
Re: CRX resource website??? (IXLR8TL3.2)
Canned Reply from Steve Jones:
------------------------------------
The Resource is down for the count. I don't have much information to go on at this time. I have to guess we were hacked. We have a backup server, but I'm not keen to deploy it as it has the same software build as the current server. It'll only get hacked again.
Toward the end, I tried security through obscurity. I couldn't update some critical packages on the server to plug known vulnerabilities. I turned off some services and moved others to high ports, hoping to avoid the script-kiddie autorootkits. It worked for a time. In spite of that, I think our OpenSSH was trojaned. I was able to log into the server using SSH, even though *MY* SSH daemon was unavailable for comment.
In spite of my best efforts, I couldn't update some of the software on the server. Intel built a tidy little package, replete with bells and whistles, and sporting a dandy web-based management console. They also thought enough to hook everything together to a central watchdog -- and that was my undoing. Anything I compiled for the system caused the watchdog to hiccup and reboot the server -- over and over again. I was stuck.
Intel provided no relief. I contacted them earlier in the year, requesting access to the source for the code they modified. A large majority of the software they used was covered by the GNU Public License, so this should have been a no brainer. They declined, in violation of the various authors' copyrights.
But enough sob stories and finger pointing. The server is down, and I'm responsible. I regret the inconvenience, and I'm hard at work building a maintainable suite of software packages on the backup server. The Resource will be down for some much needed renovation over the holidays. Look for us sometime after the New Year. We won't look any different on the showroom floor, until you pop the hood.
-Steve Jones
------------------------------------------------
It looks pretty bad.... i'm guessing that we're looking at a worst-case restart date of around Jan 15th sometime
------------------------------------
The Resource is down for the count. I don't have much information to go on at this time. I have to guess we were hacked. We have a backup server, but I'm not keen to deploy it as it has the same software build as the current server. It'll only get hacked again.
Toward the end, I tried security through obscurity. I couldn't update some critical packages on the server to plug known vulnerabilities. I turned off some services and moved others to high ports, hoping to avoid the script-kiddie autorootkits. It worked for a time. In spite of that, I think our OpenSSH was trojaned. I was able to log into the server using SSH, even though *MY* SSH daemon was unavailable for comment.
In spite of my best efforts, I couldn't update some of the software on the server. Intel built a tidy little package, replete with bells and whistles, and sporting a dandy web-based management console. They also thought enough to hook everything together to a central watchdog -- and that was my undoing. Anything I compiled for the system caused the watchdog to hiccup and reboot the server -- over and over again. I was stuck.
Intel provided no relief. I contacted them earlier in the year, requesting access to the source for the code they modified. A large majority of the software they used was covered by the GNU Public License, so this should have been a no brainer. They declined, in violation of the various authors' copyrights.
But enough sob stories and finger pointing. The server is down, and I'm responsible. I regret the inconvenience, and I'm hard at work building a maintainable suite of software packages on the backup server. The Resource will be down for some much needed renovation over the holidays. Look for us sometime after the New Year. We won't look any different on the showroom floor, until you pop the hood.
-Steve Jones
------------------------------------------------
It looks pretty bad.... i'm guessing that we're looking at a worst-case restart date of around Jan 15th sometime
Honda-Tech Member
Joined: Sep 2002
Posts: 117
Likes: 0
From: Ks
Re: CRX resource website??? (ComposiMo)
Not to change the topic, but I was trying to remember the website that Jonny black posted about the projectors for 200 dollars, I posted a topic about this on the resource shortly before it was hacked, and still havent been able to remember the address. If either you or Jonny could post back Id be very grateful, but if not, Im sure Ill remember it sooner or later, Thanx
Thread
Thread Starter
Forum
Replies
Last Post
