Tag Archives: fail

Uncategorized

[Tech] Not what I expected to come out of his toolbox..

Leave a comment

I have just had a very nice man fix my boiler* with a bicycle pump.

No really, the expansion vessel had lost pressure which was causing the pressure release valve to empty the heating system into my back garden.
The fix to this is to repressurize the expansion vessel with a bicycle pump.

As a geek, this is somewhat disappointing, as I could have done that.. if I had known.  Ok I didn’t know, and while I did do some research on the web that was one of a few potential solutions so it was best for me to hire someone who has had the required training.

* No he wasn’t from the AA but Centrona Gas Services.. **
** This isn’t much of a plug, more so I remember them for next time..

Uncategorized

[Home] When the music stops..

Leave a comment

This weekend has not been my finest, I had a couple of DIY jobs to do and some other jobs to get on with..

The short version of the story is me drilling through my ring main, and having to knock a rather larger hole in the wall than I was expecting..
Everyone is fine this is a tail of ineptitude not of mortal perils or bloodshed..

This means that I have been spending rather a lot of time trying to put that right so not looked at anything else that I was supposed to be doing.. arg.

In the longer story, I was fitting a new plug socket in the kitchen, and patching up a small section of wall which had been behind the cupboards which I took down, (or rather I had help taking down), so we could have a new fridge.
That should have been not that hard, I have done similar before..
Only I had miss remembered the exact route taken to get to the other kitchen sockets and quite neatly drilled through the ring main..

I knew what had happened, as the drill stopped and more importantly so did the radio and everything else..

So to fix that I had to chase out a section of cable so I could replace the damaged section, and move where I was going to site my new socket..
All of which resulted in me hacking quite a large amount of plaster off the wall..

Now the wall behind the new socket location was unstable, so I couldn’t drill into it to mount the new socket, so I had to mix up some morter and try and fill it in..

After leaving that over night to dry, I was disappointed to discover that it had failed to go off and was basically just sand.. which crumbled at the slightest touch.
So I had to hack that all out again, go buy some fresh morter and start again..

I now have a more solid looking wall behind the socket, I will have to leave it a bit longer before I am willing to drill holes in it to mount the socket back box..

Once that is in, I will be able to wire everything back up again and turn the power back on..
Oh and slowly start filling on the rest of my gigantic hole..

I will get it fixed, it is just going to take rather a lot longer than I was hoping..

Technology, Web

[www] Microsoft IIS HTTPS ping of death

Leave a comment

So I have been intrigued by the news coverage or lack of it from a bug reported in Microsoft’s IIS webserver last week.  What makes this slightly unusual is that Microsoft released a patch on Tuesday, and by Thursday some bight spark had worked out what exactly the patch fixed and worked out that if you gave a very interesting poke at an unpatched IIS webserver then it would blue screen.

The interesting magic to test if a server is vulnerable being:

curl -v [ipaddress]/static.png -H "Host: test" -H "Range: bytes=0-18446744073709551615"

Simply change the 0- to 20- and the server instantly hits the blue screen of death. Manual intervention is required some poor operator has to reboot the computer for it to be usable again.

So how much press did this bug get, practically zero. It was reported in the Register, but from the main stream news outlets nothing. Which is interesting, as the recent must patch now bugs for Linux, heartbleed for example got quite a bit of press. Admittedly that bug was in the openSSL package, that is used for encryption, but it also didn’t have the power to crash the server. Maybe it was the fact it had a way cooler name that helped it get attention.

What is very interesting is that both bugs were caused by the same very simple mistake. Accepting input and not checking that input is valid before you act on it. A very clear explanation of the heartbleed issue in cartoon form is given by XKCD. In one it can be used to reveal information, and in the other crash the server.

Hang on a minute, an instruction sent to an open port on a server had the opportunity to crash the whole server! Not just the webserver, or the currently active thread that is returning a single web page, but the whole server. Really.
This is because of an arms race between IIS and Apache that happened a few years back, both were trying to demonstrate that they were the fastest webserver at a range of tasks, one of which was returning HTTPS webpages.
In order to try and gain an advantage in that race, Microsoft broke a security model. They moved the HTTPS handling of the IIS webserver into the kernel, the main core part of the operating system. This made the processing of HTTPS pages faster, but it means that a simple bug will crash the whole server.

Which is why people don’t host critical systems on Microsoft webservers, they know that bugs like this one will be out there, the code base isn’t being independently checked, and that security standards are ignored to try and satisfy performance problems.