Category: Computer bits

Just installed the latest Firefox nightly build (20040326) and either I’m on speed or the Firefox guys have made some amazing speed improvements over the last nightly build I installed (from a couple of days ago). Or else I’m just imagining things. But at any rate, it sure seems a lot faster than it did a few minutes ago. Especially rendering pages with tables (one of the things I’ve always thought Mozilla could do better).
Firefox just keeps getting better and better every day.

If you’re interested in some of the latest up and coming goodies for your system, check out Tom’s Hardware Guide‘s coverage of CeBIT in Hanover.
I’d heard about this new 0.85″ drive from Toshiba, but I thought it was 0.85″ thick. No big deal. Then I saw this, and realized that it was the platters that were 0.85″ and have up to 4 GB capacity! Whoa! And I thought IBM Microdrives were small.
I think the Superpower case is particularly cool. And how about those motherboards…ooo yeah, baby…
Drool…

Yesterday my server got hit by about 15 attempts to find what I guess to be some kind of buffer overflow vulnerability in my webserver using some kind of HTTP SEARCH method. Never knew there was such a method until now. At first, about the only verifiable reference I could find about it was an old W3C page indicating it was only a proposed method. No mention of it in the HTTP RFC 2616 document at all. Then I found (thanks to Google) a reference in someone’s presentation on DAV properties starting here. Seems to be a DAV thing. I only found mention the SEARCH method in a draft document.

The client invokes the SEARCH method to initiate a server-side search. The body of the request defines the query. The server MUST emit an entity matching the [RFC2518] PROPFIND response.
The SEARCH method plays the role of transport mechanism for the query and the result set. It does not define the semantics of the query. The type of the query defines the semantics.

Of course now that I know it’s a DAV thing, there’s plenty of stuff out there about it.
Basically the attack consisted of sending a really long SEARCH request (similar to sending a HEAD/GET/POST request I suppose) containing well over 8K worth of \x90, \xb1, \x02 and probably followed by other things. Apache 2 logs it as “request failed: URI too long (longer than 8190)”. I take that as a good sign Apache 2 isn’t vulnerable to this kind of attack.
All of the requests came from very different IP addresses which points to some kind of DDoS type of attack.
Always a good idea to keep an eye on the log files. They can tell you a lot about what’s going on with your system. One of these days I’ll have to make like every other decent sysadmin type out there and set up some scripts that scan the log files and mail me the interesting bits.

Wow, is this sweet or what. A 400 GB Hitachi Deskstar hard drive in a 3.5″ form factor. SATA and ATA interfaces too. And to think, just a little while ago I was happy as a clam when I stuck the 160 GB drive into my computer. Now with just 3 drives, I can have over 1 TB of storage at my fingertips.
The specs look reasonably decent. 8.5ms seek time isn’t great, but for something this size it’s not bad.
Let’s hope that Hitachi’s fixed the early drive failure problem that IBM was having with the Deskstar line.
Found at Slashdot.org