DISQUS

Incompetent Tucows promised restored service at 11pm. It's 8am the next day and although I can get into my account, NONE of the emails from yesterday have arrived. So it has been down 24 hours and counting.

I sent a test email to myself around 8am yesterday, so it's not fixed until I receive that. I say we all short sell Tucows stock and send Ross Rader to the poorhouse.

Looks like one of the highly capable Tucows "technicians" accidentally unplugged the Atari 2600 email server while performing an "upgrade." Here is their spin, yet again showing their utter lack of knowledge of the need for REDUNDANT systems and BACKUPS.

Email Service Bulletin
Posted By: Ross Rader On: 10 Jan 2009 10:45 AM
Details At the completion of the mail maintenance window yesterday evening, hardware issue caused a failure in the mail system for some of our customers.

At the completion of the mail maintenance window yesterday evening, hardware issue caused a failure in the mail system for some of our customers. We are uncertain how many of our NetIdentity and Domain Direct customers have been affected by this failure, but we expect that it is most, if not all, of our customers.

The OpenSRS Email team is estimating that it will take approximately 16 hours to fully restore mail service for all customers and is projecting that this will complete around 10pm EST this evening.

Details are not fully available at this point, so we will report more later when we hear more from the engineering team, but at this point, it looks like one of the Network Appliance servers that houses the mail stores is suffering from some sort of a manufacturing defect (i.e. bad hardware) and will need to be swapped out and the data restored. The OpenSRS team is working closely with the team from Network Appliance to resolve this issue.

During this period, you may be unable to send or receive email and may experience "Service Unavailable" errors if you are using webmail. None of your inbound mail has been lost, we are queuing all inbound mail and it will be delivered to your mailbox when the mail service has been fixed.

On Friday I noticed the netidentity service was starting to go buggy when it would ERASE any messages after hitting the send button with the message "Could not connect. Try again later." What kind of programmer writes a webmail client that deletes a message in the event of a server-side failure??

Let's hope the recession puts Tucows out of business and Ross Rader into a soup kitchen line where he belongs.

In iTunes 8 it is under the options tab and instead of "Video Kind" it is called "Media Kind".

Quoting Robert: "Vic: these are profitable companies with strong balance sheets. I’m even hearing IBM is having a tough time getting credit. This is a credit crunch. Do you now get it? Even people and businesses with GREAT credit are having trouble getting credit. That is why this is really troubling to me."

Robert, you sound like an idiot stating the obvious.

Easy solution to this, just goto your Network options and disconnect from the net. The game is trying to get on the station online and it's holding it up for some reason. Just get off the net and load the game, easy as could be.

oh come now, you just posted that so that I would continue to read this site even though I see no content day after day...

I'm just curious on the firewall comment...what OS comes with a outbound firewall enabled by default? It seems more like something which was on your wishlist and which you only are mentioning because you're disappointed...It seems like there are plenty of other things you could put on that same wishlist and call out in this article :S

umm...Tom, did you ever try that cron -e thing you suggested? Because it doesn't work (which I didn't really think it would) since cron stuff is handled by launchd, not crontab proper...

@Ralf
Seriously, that is exactly the type of question to put on the apple-focus list instead...this will all get sorted out in time, but you need to have it somewhere with more visibility than buried 87 comments down on a blog post!

I mean, I definitely support this discussion 100%, but I don't like reading it like this, with everything jumbled together

Come on Thomas...step up and move the discussion to a reasonable location

@Ralf

If you want to see the code signing interact with the per-application firewall, open the developer tool "BigTop"...it adds itself with a "allow all incoming connections" rule

p.s. this IS retarded having this conversation via blog comments rather than mailing list...

I'm not bob btw :)

The first thing I did was run out and try to see ASLR in action with a simple printf the function pointer main()...I saw what you say, addresses not changing...however I don't think it's necessarily a correct test...while searching around I saw this in the ld man page

" -pie This makes a special kind of main executable that is position independent (PIE). On Mac OS X 10.5, the OS will load a PIE at a ran-
dom address each time it is executed. You cannot create a PIE from .o files compiled with -mdynamic-no-pic. That means the codegen
is less optimal, but the address randomization adds some security.
"

and then I noticed that my gcc -v doesn't include ld anywhere in it, must less have anything related to this -pie option...

something to look into anyway, as I dropped it there and had to move on and wait for proper documentation of what's going on ;)

Also, can you explain what you did with the cron test with guest? I just want to try it (for instance to see it opening a backdoor listener)

You need to go read Dragos's post on the apple-focus list. He explains that that stuff will probably be opened up eventually.

http://www.securityfocus.com/archive/142/464216...

what is a CSR? Cyclic shift register? :)

@ Mr. G
That's 2nd Ltd. Dole to you civilian! Anyway, if that's all you meant (heh, I think you're refering to maynor...and I think maynor needs to make the flaw public and then someone needs to RE the apple patch to see if it's the same thing) then you could have at least mentioned M$ specifically since they say in their stuff that they won't thank people who don't disclose nicely :)

@ Mr. G and Patrick
It would be better to say 15 *was* a count of all vulnerabilities they *were* aware of at the time of reporting. CVEs are assigned first come first served basis starting from 00:00 Jan/1. Interestingly (since I was following the issue), at the time it was active, all 1-14 before it were reserved but not filled in. I see now that subsequently 14 has been filled in...that still leaves 13 undisclosed vulnerabilities that someone is sitting on...of course if that was accurate inference, then what do we think about CVE-2006-0011? :)

What other choice could they possibly have made besides acking MOAB?

Thus Dr. Ptacek has revealed his salary to be 260k a year ;) Lucky him!

Dee Ddeee Dee....Microsoft. The Sony example sucks, I don't use my video camera 10 hours a day and have to reboot it at least 2. I don't want to hear anything. ANYTHING. No clicks, no songs, jingles.. nothing.

Stop. Shut up.

spreads malware only to microsoft brand browsers ...