Oklahoma city threatens to call FBI over 'renegade' Linux maker

The Register ^ | 24th March 2006 20:20 GMT | Ashlee Vance

[N3WBI3]

Oklahoma city threatens to call FBI over 'renegade' Linux maker Our mistake is YOUR problem By Ashlee Vance in Mountain View Published Friday 24th March 2006 20:20 GMT New year, new job? Click here for thousands of tech vacancies.

The heartland turned vicious this week when an Oklahoma town threatened to call in the FBI because its web site was hacked by Linux maker Cent OS. Problem is CentOS didn't hack Tuttle's web site at all. The city's hosting provider had simply botched a web server.

This tale kicked off yesterday when Tuttle's city manager Jerry Taylor fired off an angry message to the CentOS staff. Taylor had popped onto the city's web site and found the standard Apache server configuration boilerplate that appears with a new web server installation. Taylor seemed to confuse this with a potential hack attack on the bustling town's IT infrastructure. SPONSORED LINKS

IT gurus seek Your counsel - Jobsite, The best people for the job

We answer 99.6% of all support calls within 5 seconds. Rackspace Managed Hosting with Fanatical Support

You inspire awe - Jobsite, The best people for the job

I-NET+ CERTIFICATION from the Register's training library

"Who gave you permission to invade my website and block me and anyone else from accessing it???," Taylor wrote to CentOS. "Please remove your software immediately before I report it to government officials!! I am the City Manager of Tuttle, Oklahoma."

Few people would initiate a tech support query like this, but these are dangerous times, and Taylor suspected the worst. (Er, but only the world's most boring hacker would break into a site and then throw up a boilerplate about how to fix the hack.)

CentOS developer Johnny Hughes jumped on the case and tried to explain the situation to Taylor.

"I feel sorry for your city," he replied in an e-mail. "CentOS is an operating system. It is probably installed on the computer that runs your website. . . . Please contact someone who does IT for you and show them the page so that they can configure your apache webserver correctly."

That response didn't go over so well.

"Get this web site off my home page!!!!! It is blocking access to my website!!!!~!," Taylor responded, clearly excited about the situation and sensing that Bin Laden was near.

Again, CentOS jumped in to try and explain some of the technical details behind the problem. It pointed Taylor to this page, saying it was the standard page for a web server and noted that it provides instructions on how to fix the problem. The CentOS staffer suggested that Taylor contact his service provider or have an administrator look into the issue.

That response didn't go over so well.

"Unless this software is removed I will file a complaint with the FBI," Taylor replied.

Later he added,

"I have four computers located at City Hall. All of these computers display the same CentOS page when attempting to bring up Tuttle-ok.gov. Now if your software is not causing this problem, how does it happen??? No one outside this building has complained about this problem. This is a block of public access to a city's website. Remove your software within the next 12 hours or an official complaint to the FBI is being filed!"

And later,

"I am computer literate! I have 22 years in computer systems engineering and operation. Now, can you tell me how to remove 'your software' that you acknowledge you provided free of charge? I consider this 'hacking.'"

After a few more exciting exchanges, CentOS managed to track down the problem for Taylor. It turns out that hosting provider Vidia Communications is running CentOS on some of its servers and had not configured the Tuttle web site properly. CentOS informed Taylor of the situation, and, a day later, Taylor had calmed down.

"The problem has been resolved by VIDIA who used to host the City website," he wrote. "They still provide cable service but do not host the website. The explanation was that they had a crash and during the rebuild they reinstalled the software that affected our website."

"I am sorry that we had to go through the process and accusations to get the problem resolved. It could have been resolved a lot quicker if the initial correspondence with you provided the helpful information that was transmitted in the last messages. My initial contact with VIDIA disallowed any knowledge of creating the problem."

Er, so despite the fact that CentOS went out of its way to figure out the problem for Tuttle, Taylor still places the blame on CentOS for not fixing the problem - that it didn't create - sooner. In addition, Taylor didn't really start off the whole process on the best foot despite Tuttle being a town "Where People Grow - Friendly!" Grow friendly, threaten to bring in the FBI at the drop of a hat - what's the difference?

As of this writing, one Tuttle web site still had not been fixed, although you can find the charming Tuttle man Taylor over here.

Taylor has yet to respond to our request for comment.

It seems that Tuttle has quite the hacking epidemic on its hands. The Tuttle Times newspaper's web site, for example, has had its Forum section cracked. Click at your own risk to see it or have a peek at our screen grab.

To see the full transcript of the web server war, travel over here. It's classic reading. ®

[frogjerk]

"I am computer literate! I have 22 years in computer systems engineering and operation. Now, can you tell me how to remove 'your software' that you acknowledge you provided free of charge? I consider this 'hacking.'"

22 years of computer systems engineering and this guy doesn't know what an Apache default page looks like? What a dummy!

[zeugma]

Look everyone! Now the freaking troll is accusing folks of plagiarizing!

I'm suprised he hasn't hijacked the latest IE defect thread yet. 

[ShadowAce]

That statement has no hope of allowing respectable communication to ever take place.

The statement that precluded any respectable communication was in Jerry Taylor's first e-mail :

Who gave you permission to invade my website and block me and anyone else from accessing it???

The page he was looking at was a typical Apache test page that indicated what to do. In particular, it says:

If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.

This is rather straightforward and simple--especially for someone who claims 20+ years of computer industry experience. However since he began the entire exchange, not with a query, but with an extremely hostile query, he deserved the derision he received.

He not only failed to noticed that what he got was a test page, but he also failed to notice that it was an Apache test page, and not a CentOS test page. The fact that it says "powered by" is irrelevant, as the page clearly indicates what software is being displayed.

Personally, I would not have sent that particular e-mail, but then I'm nicer than most.

[N3WBI3]

A statement of fact, this site has *nothing* to do with the war on terror or national security... Your attempt to co-opt the war to pick a fight is worthy of Hillary..

So what if it's a small city, it is a city in America, and deserves to be responded to appropriately.

Actually I think every city in America deserves a manager who is levelheaded, and knowledgeable about their own limitations, tuttle has neither..

[Dinsdale]

22 years pushing paper at E-systems. Obviously dumb as a rock.

Most people couldn't be as funny as this moron if they tried.

GE is trying.

PHBs have got to stick together.

[N3WBI3]

GE is trying.

LOL! There goes my drink

[N3WBI3]

plagiarizing the work of others?

This coming from a man who had post pulled off of free republic because they violated the copyright terms of the IP owner? I am referring to the time you posted a comic with a big watermark (c) and refused to read the very simple faq which stated you cant repost his work without express permission...

[Golden Eagle]

Obviously he mistook them for hackers, as one unfamiliar with CentOS could do.

But any respectable firm would not have immediately resorted to equal if not greater insults like CentOS did. But that's what we expect from open source zealots anyway.

[antiRepublicrat]

What, are you denying CentOS isn't a bunch of copyleftists whose product isn't anything more than a cheap copy of the work of others?

Since it's the exact same source as RHEL, it isn't a "cheap" copy, but pretty much an exact one (minus the trademarked stuff). Personally, I don't know why they even exist, as to me they provide no real service, and they contribute nothing to the software itself. I could be wrong, but that was my impression of CentOS. To me, the spirit of open source software is to add some value, not just recompile and rename.

However, it is not copyright infringement, nor is it non-infringing plagiarism since they acknowledge the source of the work. The issue of your second instance of libel remains on the table.

[ShadowAce]

...as one unfamiliar with CentOS Apache could do.

Fixed it. The page displayed is a standard Apache page--as anyone with 20+ years in the industry would be able to identify. The "powered by CentOS" phrase is the only modification to it. Heck, I didn't even see it the first time I saw the page in question.

Everything about this exchange screams "incompetence" on the part of Mr. Taylor.

[Golden Eagle]

The WTC had nothing to do with it either, everyone knows we need to secure everything more now, except you boys, who don't want any protections on anything. A software world without borders, but thankfully they're finally getting shut down some. And they will more and more, not less.

[ShadowAce]

I don't know why they even exist, as to me they provide no real service, and they contribute nothing to the software itself.

Is it possbile to DL RHEL? If not, then the value they add is to assemble all the parts available into a RHEL-like package, minus any support not wanted/needed by the end user.

Of course, that begs the question of "why not just use Fedora?" but I'll not get into that... :)

[antiRepublicrat]

Computer security is important at all times but especially those like these, this man is in charge of it at a city in our nation

The man is a total incompetent in the area of IT. He has no business whatsoever having anything to do with the town's web site. I feel sorry for his town, too, as they deserve better, especially in times like these.

CentOS is a bunch of hackers who obviously don't respect his position or authority to question them on the issue.

Respect my authoritah!

I don't give a damn whether someone is President Bush or the Pope. Demonstration of incompetence and irrationality of this magnitude removes the need to show any respect. The CentOS team showed more respect than was due in the face of such irrational abuse.

[antiRepublicrat]

You guys just don't have any manners.

Bwahahahahaha! You should talk.

That guy was concerned about his security, and I can guarantee you Sun or Microsoft or Apple won't be treating their customers this way,

Those companies have people they pay to take this kind of abuse. However, you should see what the helpdesk people say after they hang up the phone.

That statement has no hope of allowing respectable communication to ever take place.

I'd say the first communication, the one from the city manager, is what left little hope for respectable communication. Yet CentOS managed to help him despite himself. I'd say that's pretty admirable.

"Still no formal apology"

Still none from you for two instances of libel and one flat-out, factually-proven lie.

[Golden Eagle]

ow the freaking troll is accusing folks of plagiarizing!

Just CentOS, isn't that pretty much all those clowns do? They sure suck at customer support!

[zeugma]

Why do you care troll?

[BeHoldAPaleHorse]

They obviously weren't helpful or they could have actually resolved the situation rather than inflaming it and now attempting to mock the guy which trash rags like Register love to do, especially to Americans.

1. The city had no contract with CentOS. No pay, no play.

2. One cannot help the willfully stupid.

[N3WBI3]

You keep going with that 'he was worried about national security line'...

[BJClinton]

Add me to da ping list bitte schon.

[N3WBI3]

Of course, that begs the question of "why not just use Fedora?"

I like Fedora, its my desktop and one of my personal servers at home but it is defiantly a bleeding edge OS and I would not webhost off of it. Cent is a better choice than Fedora but I wont use them either, its RedHat or Novell for me..