Archive for July, 2005

Someone Downloads a File, Someone Uploads a File

Wednesday, July 20th, 2005

Author Cory Doctorow is unusual in many ways, but most notably in that he publishes his work under the Creative Commons license, which is much looser than the normal “This work cannot be reproduced without permission. All rights reserved” form of copyright.

I saw a somewhat favorable review of Someone Comes to Town, Someone Leaves Town in Wired Magazine and was interested in reading it. Then I saw that he had made it freely available for download on his website, and he even encourages people to port it to new devices (such as a Palm Pilot, etc.)

I have a huge backlog of reading to do, so I’m not sure when I’ll get around to reading his novel (probably on the plane to LinuxWorld Expo in August), but I did read the first couple of pages where he answers the questions “Why do I do this?”.

We often get the same questions concerning OpenNMS: why open-source? So I thought I’d try to answer the question in a similar way, with Short Term, Long Term and Medium Term goals.

Another Day Gone By Too Quickly …

Thursday, July 14th, 2005

Today has been a busy one. It’s seems lately I sit at the keyboard and start typing and I don’t stop until it gets dark outside.

Not much OpenNMS news today. We got on the IRC channel (#opennms on and discussed 1.3. We are going to try and merge a number of branches in preparation for a 1.3.0 release. The tests pass, so cross your fingers.

A friend of mine, Lyle Estill was mentioned on Doc Searles’ weblog. You might also wanna go buy his new book if you are in to that sort of thing.

64-bit OpenNMS

Wednesday, July 13th, 2005

I haven’t been doing much that’s “blog worthy” today, but since I am trying to keep this thing updated a little more frequently, I thought I’d at least post some thoughts.

We’re getting close to 400 registrations on the new Wiki. This is pretty cool. We had close to 4000 on the last one, but I think there were some duplicates as the “remind me of my password” feature was broken, and due to a configuration error, you needed to be a registered member to access some of the content (please tell me if you can’t get to something on the blog as an anonymous user – all content should be available read-only without registration). We have also had over 60,000 page views in the last two weeks.

Speaking of page views, I noticed that the fourth highest hit on Google for OpenNMS was a three-year old article by Shane O’Donnell. It’s pretty inaccurate these days (it includes the old lynx installer) so I spent most of the day re-writing it. It’s been submitted, so I hope it gets accepted. If not, I’ll post it here anyway.

David’s in Geneva at a client site this week. They are trying to monitor 80,000 nodes from one instance of OpenNMS. Let me summarize his trip in one phrase: OpenNMS on 64-bit rocks. This isn’t even Opterons – it’s Xeons with EM64T. Even with 200,000 events in the database, clicking on “View Events” is instantaneous.

I’m working on trying to get someone to provide a free/inexpensive deal on an Opteron system for LinuxWorld Expo so we can really show off 1.3. Wish me luck.

We Wuz Hacked

Tuesday, July 12th, 2005

For those of you who might have wondered about “where in the heck did go” today, I stopped the server in order to figure out how our site got hacked.

It turns out it was a vulnerability in the old wiki, so it’s now gone. Please let me know if you needed anything off of that and I’ll try to put it back.

I run Debian, and I keep a pretty close eye on things, so as far as I can tell they weren’t able to install a rootkit or anything. All of their programs were owned by the web user.

It was OpenNMS that tipped me off that something was wrong. I got a notice that SMTP was down on I thought that was odd, since I use that for my outgoing mail, and it seemed to be working fine.

I decided to check the state of the server, and the load average was up around 4. Extremely unusual. Top showed a number of processes called “a1tsdos” as using up most of the CPU. A quick Google turned up no matches (one of the reasons I am writing this) and “locate” didn’t find it either, so I knew it must be a new file.

I found it in /var/tmp and it was owned by the web server. I moved it out of the way and killed all a1tsdos instances and stopped the web server. Then I called in the troops.

We found out that a process called “crond” was running:

crond == O Backdoor do OutLaw Group foi Executado com exito

and a1tsdos was described as:

A1TS -DoS Tool by Bim_Laden

The crond “app” had opened a TCP connection from our server to a site in Mexico City (I dropped a line to the ISP but I doubt it will do any good), and using that IP address I was able to track the attack.

I thought it might be due to the new wiki, Bitweaver, so I jumped on the #bitweaver channel. spiderr pointed me to an xmlrpc vulnerability that could have been the problem, so since we don’t use that functionality, I quickly removed it (it’s one of the nice things about BW – easy to remove things you don’t use).

Using the IP address and the web logs:

[12/Jul/2005:12:14:46 -0500] "GET /tiki-index.php HTTP/1.1" 200 25286 "*.php&hl=es&lr=&start=20&sa=N" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

I could see that it was the ”old” Wiki that listed the vulnerability. Sure enough:

[12/Jul/2005:12:15:32 -0500] "GET /tiki-xmlrpc_services.php HTTP/1.1" 200 375 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

There was the xmlrpc code that caused the problem.

I think everything is cool now, but the old wiki is gone. Please let me know if you need anything off of it. Outside of Bitweaver, everything else we use is off of Debian packages, so we should be covered. Sorry for any inconvenience.


Monday, July 11th, 2005

Last week we had the pleasure of a visit from Craig Gallen from the University of Southampton, near London.

Craig is working on his Engineering Doctorate and he is basing his work around a project called OpenOSS. In this case, OSS stands for Operation Support System and it’s kind of an Enterprise Resource Planning (ERP) system for carriers. It’s supposed to be able to handle provisioning, billing, monitoring, etc. for the entire tele-communications network for a given carrier.

As one can imagine, these systems are not small, nor inexpensive, and most of the time they are pretty monolithic. In much the same way that open source is nibbling away at other traditionally large, expensive and monolithic systems, Craig is out to prove that it can do the same for OSS.

(left to right: Craig Gallen, David Hustace, Jessica Hustace, Tarus Balog, Matt Brozowski)

OpenOSS is based on the NGOSS specification put forth by the Telemanagement Forum and implemented using OSS/J.

While the NGOSS spec is huge, Craig was able to demonstrate a system in Nice, France back in May that showed the potential of open source in OSS. OpenNMS played the role of the network monitor and trap receiver. We spent two days with Craig to improve the role that OpenNMS currently plays within OpenOSS as well as perhaps expanding into other sections of the OSS model.

It was exciting and we are proud to be a part of OpenOSS. Over the next six months as we move to a pure Java implementation of OpenNMS, expect to see at least an OSS/J interface for the event data from OpenNMS.

For more information, check out the OpenOSS project or join the #openoss IRC channel on