I read on Slashdot today that the forthcoming Star Wars movie Episode II finally has a title: Attack of the clones.

Most people seem to think it's cheezy and bad. I don't really care that much. It should prove to be entertaining, at least.

Is Code Red... Code Red?

The Code Red virus/worm is affecting the entire Internet right now. It hit us last month with it's primitive attempt to bring down the White House website. The tech industry sat and waited while not much happened on August 1 when it was thought that Code Red would start propogating again. By August 2, many technology journalists were saying the days of Code Red were over; that the impending catastrophic dismantlement of the Internet was an overhyped hoax.

Here we are at August 6. Code Red attacks on webservers have grown exponentially in the last six days. Everyone with a web server -- Microsoft or not -- is feeling the effects as Code Red bombards every Internet node it can find in an attempt to find another NT or 2000 system it can infiltrate.

The entries in my web server log look like this:

24.20.17.221 - - [07/Aug/2001:00:18:19 -0600] "GET /default.ida?XXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u90 90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b0 0%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 282

I've had over 700 Code Red derived requests hit my gateway system here at home in the last day. A little fewer than that than the day before. On August 4, I had about 500. On August 3, 27.

On my little dinky home web server!

What really cracks me up is that some of the media are saying that Code Red gives Microsoft the chance to play the good guy by cooperating with investigative authorities in tracking down the creator of the worm and helping innocent victims (and would-be victims) patch their servers.

The simple truth, however, is that Microsoft is really the only place you can place blame for such a destructive piece of software. Microsoft develops and tests pretty much everything they market and distribute behind closed doors. Software required in today's world has become so complex and sophisticated, nobody can rigorously test an application well enough by themselves. Microsoft has been naive to think they can develop something like NT or IIS, provide their users with feature-rich hooks, bells, and whistles, debug and test everything in house, and eat their cake too.

Only with the strength of open source development can a sophisticated software development project maintain stability and security in today's software world.