On my Monday morning run I came across this:
So, by itself this is worth a few giggles and will get added to my collection of security gaffes found in the wild.
Terremark's Service Manager for vCloud Express, Kenneth Denson, contacted me this morning over my post yesterday regarding Terremark's billing for opened firewall ports that have no service behind them. He agreed that billing for 2 ports open on a fw with nothing behind them is "silly" and is refunding the May charges.
More importantly, he tried to reproduce my situation, and it sounds like they've fixed the bug - it shouldn't be possible to delete a server when a firewall is configured to send traffic to it.
Been quiet recently, new announcements will be released in the next week or two about new PI services. Quite excited about that, but for now, another Terremark rant:
I deleted my last Terremark vCloud Express VM out of disgust at the beginning of April. If you just shut down the VM, they'll keep billing you for it. You have to delete it as well.
Blippy's a fun idea. If you've got malicious intentions. See, you give them the username/password to your bank's websites, they go and get your purchase info, analyze it, and display it on their site.
Because, you really want everybody to know that every day this week you bought a frappuccino at Starbucks, and also signed up for a membership at 24hr fitness.
I should look through to see if anybody's purchased lobotomy services on there.
An Interesting set of stats came out today on Drupal 6 adoption. Looks like the majority of sites that were running Drupal 5 still are.
Been working on a client's issue for the last week or so. Basically, they have some Java and JSP code that uses tags from struts-el in struts 1.2.9. The error, though, was strange - the translation step of sourceanalyzer was running into a jasper parsing error while trying to handle one of the struts-el tags. This line:
was creating this error:
Earlier today I spoke with Carl Brooks at Tech Target about the Terremark outage earlier this week. They just ran the resulting article here. I've said my piece on that, not trying to beat a dead horse. It was a small outage, after all...
Time for a PSA...
Most of us who have been in the industry for more than a year or so know this: Avoid GoDaddy. But every now and then, I figure people need a refresher course, or at least another case study...
A client of client of mine was running a small, simple website on Go Daddy hosting. It seemed easy, it seemed to work, it wasn't that much more expensive than other options out there that they didn't know about at the time. Advertising works, I'll freely admit it.
I usually don't spend time talking about outages. We all experience them, either as users or providers. We make mistakes, hopefully they're correctable and we can get back about our day. But the dance taken during an outage has been well choreographed by now: The provider acknowledges an issue, users grumble, provider gets service back up and running, and finally sends out explanation of what happend, why, and steps taken to make sure it doesn't happen again.
Corsiare has a nice dmg to get Portswigger's Burpsuite working under OS X. Portswigger came out with version 1.3 recently, Corsaire hasn't updated their package yet, and I was getting a little hungry for new functionality, so decided to take a look-see. Turns out it's not too hard to upgrade by hand.
Presuming you installed Corsaire's version into your Applications folder, Grab the 1.3 release and then follow below: