Interland bought Trellix last year for more than $12 million. On March 11 Interland closed the former Trellix headquarters in Concord, Mass. and laid off most staff at that office, prompting reports that the entire Trellix unit was shutting down. That's not the case, according to Fabrice Klein, Interland's vice president of strategy and investor relations. "It's a live platform with revenues, so we obviously want to support that," said Klein. "Customers are not going to see any change in service." Numerous ISPs, portals and domain registrars use Trellix Web Express as their private-label site building tool.

The report by the Cooperative Association for Internet Data Analysis (CAIDA) says Witty broke new ground by simultaneously infecting dozens of machines maintained by security-savvy users, and targeting a very recent vulnerability. Witty's spread was limited primarily by its destructive nature and the small installed base of the ISS products it exploited, CAIDA noted, positing that similar tactics could be repeated using huge "botnets" of compromised boxes targeting Windows machines.

The current excitement over blogs is curious, since they amount to little more than personal Web pages. Although a standard history of blogging dates the phenomenon to 1997, the key attributes of the blog - a page of selected links and comments in reverse chronological order - can be found as far back as June 1993 on the NCSA What's New site, one of the most popular destinations of the nascent Web world.

In those days, such a constantly-updated page was enormously useful, since it could aspire to provide links to almost all of the new Web sites as they came online. Today, blogs necessarily offer only a partial view of the vastly greater resources now available. This, of course, is their strength: they represent a very personal filter of the otherwise overwhelming data deluge.

One of the best examples of this classic blog is also one of the earliest. Dave Winer, a software industry veteran and co-developer of one of the first blogging software tools, has been producing his blog Scripting News since April 1997. Another of his sites shows new blogs, but the number is now so great that its simple listing is no longer useful. Today there are as many blogs as there were Web pages a few years ago; this has led to the rise of a range of blog search engines.

Inevitably, this will lead to speculation that SCO might add the RIAA to the list of Linux using organizations currently receiving attention from its lawyers.

Of course, the RIAA is itself well endowed with lawyers should it need to defend itself, and just yesterday announced the latest in its own series of lawsuits against Internet users it believes are improperly sharing copyrighted music files.

The RIAA site has been offline since March 17 in an outage that closely tracked a scheduled distributed denial of service (DDoS) attack from computers infected by the MyDoom.F virus.

If MyDoom.F was indeed the culprit, it raises an ongoing threat for the RIAA site, as the malware is programmed to launch its DDoS between the 17th and 22nd days of every month.

Jim Gray won the 1998 Turing Award "for seminal contributions to database and transaction processing research." More recently, he has been working as a Distinguished Engineer in Microsoft's Scalable Servers Research Group, based in San Francisco, on the creation of terabyte-sized distributed online databases. Talking with Glyn Moody, Gray reflects on his career, the power of Web services, and the arrival of sentient machines later this century.

In this month's Web Server Survey the number of IP addresses with sites using ASP.NET has overtaken those using JSP and Java Servlets. The number of IP addresses found with ASP.NET has shown very strong growth in the past year with a 224% increase from 17.2K to 55.8K. JSP & Java Servlets despite being overtaken is the next fastest growing in percentage terms with a 56% increase.

One which seems to have started is auction giant eBay, which has recently begun shifting some of its web infrastructure from Windows NT4 to Windows Server 2003. WinNT4 continues to power much of eBay's main site, which handled 971 million auction listings in 2003.

eBay is hardly alone, as other major enterprise companies still running their public web sites on Windows NT4 include Gateway, The Bank of New York, Heinz, Hershey Foods, Ikea, Kroger and Diebold. In the UK, 10 members of the FTSE 100 run on NT4/98, among them the retailer Next Group PLC, and LLoyds TSB.

Network Solutions' unusual offer of 100-year domain registrations may appeal to those who envision domain names as family heirlooms, or a way to ensure that their new baby's domain will still be there when he turns 100. But don't get any crazy ideas about transferring away after 75 years and asking for a pro-rated refund. The 100-year service is "non-transferable and non-refundable," according to Net Sol.

Network Solutions has decided to compete on term rather than price, maintaining its one-year .com price at $34.99 even as some providers offer them as low as $4. The long-term "discount" is still well above pricing for multi-year renewals from registrars with shorter time horizons - like the $6.95 per year rate for a 10-year registration with Go Daddy. In seeking promotional hooks, NetSol is hoping to lock in the customer base clamoring for that additional 90 years.

A dynamically updating graph of the sites targeted for DDoS by various MyDoom variants is available here.

The worm, which appeared overnight Friday, exploits a weakness in the widely-used Black Ice security products, and is not detected by antivirus software, as it resides in memory. When an infected system is rebooted, Witty deletes a randomly chosen section of the hard drive, rendering some machines unusable.

The Internet Storm Center raised its incident alert level to yellow, and advised that vulnerable systems be taken off the network. "Disconnect systems running BlackIce as soon as possible," said the advisory at the ISC, run by the SANS Institute. Symantec also advised that network admins disconnect machines running Black Ice.

The UK's top 20 betting sites have suffered 33 separate outages since March 1, according to an analysis by the BBC which has been investigating Internet based extortion in the gambling industry. Fifteen of the 20 bookies have been offline during that time. Four of the providers - William Hill, Betdaq, Totalbet and UKBetting - have said they were either attacked or received extortion demands by criminals prior to the March 15 start of the Cheltenham Festival, a leading horse racing event is experiencing its second extended outage in less than a week. .

TotalBet is among the betting sites that acknowledge being targeted by distributed denial of service (DDoS) attacks in recent weeks, and was offline for nearly 36 hours on March 16-17.

A dynamically updating graph of the top 20 UK betting sites is available here.

Anecdotal reports are that it is imperative for sites not to pay off DDoS blackmail demands, as the capability to perform DDoS attacks is quite widespread and information on soft targets circulates rapidly amongst that community.

At first sight, the story is about convergence: the fact that more computers are portable these days, and that mobile phones now pack a considerable computing punch: contemporary mobile phones such as the Sony P800 are more powerful than the machine that ran Netcraft's first Web Server Survey. But at another level, it is symptomatic of an even more profound change: a move from wired Internet connectivity centred on the users of a Net connection - companies or individuals - to a wireless Internet connectivity of objects, essentially independent of users.

The DDoS component of MyDoom.F also targets www.microsoft.com, which has experienced no significant problems. Antivirus vendors say MyDoom.F has been found on as many as 45,000 machines. A dynamically updating graph of the sites targeted for DDoS by various MyDoom variants is available here.

OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, and is used in security products from numerous vendors. Cisco has already released an advisory for customers, while Oracle and Symantec say none of their OpenSSL-based products are affected. OpenSSL is also used in products from IBM, FreeBSD, Red Hat, SUSE and others. The advisory from UK's National Infrastructure Security Co-ordination Centre (NISCC) includes an updated list of vendor responses.

Last summer the NISCC identified several similar vulnerabilities in OpenSSL. In December, Oracle issued a critical update to address security holes in its implementation of OpenSSL.

The scam employs e-mails with subject lines reading "Official information" or "Urgent information to all credit card holders," and asserts that a new law requires Internet users to identify themselves to the government to "create a secure and safer Internet community." The e-mail links to a Web site masquerading as regulations.gov and asks readers to provide personal financial information.

The notion of retaliatory attacks was panned by security analysts and network operators, who say such actions would congest networks, damage innocent parties and violate acceptable use policies - if not the law. Such tactics are unlikely avenues for corporate DDoS victims such as Microsoft or The SCO Group.

But they may be of interest to subjects of "DDoS blackmail" schemes, which in recent months have targeted online gambling sites. Several online casinos have admitted making payments to cyber-extortionists. Some who have refused to pay, including the Irish bookmaker Paddy Power, say their operations were subsequently disrupted by DDoS attacks.

The California Security Breach Information Act (full text here), which took effect on July 1, requires companies with customers in California to notify them whenever their personal information may have been compromised. "You want to make sure there's full and complete disclosure as required by law," Allegiance spokesman Jerry Ostergaard told Security Focus, which first reported the incident.

The exploit affects a feature in WebHost Manager through which resellers can let their users retrieve lost or forgotten passwords via email. The setting, found in WebHost Manager in the "Tweak Settings" section, "is built into all compiled cPanel binaries and as such can not be patched," according to an advisory on the BugTraq mailing list, which includes instructions on addressing the vulnerability.

cPanel is found on about 1.4 million hostnames worldwide. The software is widely used by many large hosting companies, especially those offering dedicated servers. Its user-friendly interface automates many elements of web site management for resellers and customers. The issue affects versions up to 9.1.0 build 34. All builds released after that have been fixed.

With its huge customer base and reseller network, Go Daddy is positioned to make a sudden impact in the SSL market, where the vast majority of certificates are issued by three companies - VeriSign (which also owns Thawte), GeoTrust and The Comodo Group. "We're looking to become a major player in this particular industry," Go Daddy President and CEO Bob Parsons said in an interview yesterday. "We've spent about a year preparing for this."

The GoDaddy certificates are priced at $89.95, well below comparable products from GeoTrust ($149 a year) and VeriSign ($199 to $349 a year and up). Comodo's Pro SSL certificate sells for $69, but differs slightly from the others in that it relies upon a "chained" root owned by a third party, BeTrusted.

Although Tim Berners-Lee richly deserves his knighthood for creating one of the most important technologies of the 20th century, in one respect the World Wide Web has failed to deliver. It may have been global from the start - potentially accessible anywhere in the world - but making it truly international - able to reflect all cultures, irrespective of their language or writing system - has been an enormous struggle for the non- Anglophone world.

The first problem to be addressed was how to create Web pages with characters other than standard ASCII. The solution seemed simple enough: the use of extended sets, which allowed different non-ASCII characters to be employed on a per-page basis. But the solution brought its own problems, with many alternative extensions for a given script.

Therefore, an overarching approach called Unicode was developed that defined a single, universal coding scheme embracing all scripts. Unicode may not yet include everything, but all the major families are there, and many of the less common ones will be added soon (even Egyptian hieroglyphs are being worked on).

A dynamically upgrading graph is available here.

This trend bears watching, as the presence of an SSL certficate was intially touted by consumer protection groups as a way to differentiate between scams and legitimate sites. The U.S. Federal Trade Commission, for example, offered this advice to consumers concerned about phishing: "Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission."

But security professionals are focused on the limitations of SSL in the wake of a recent scam targeting Earthlink users (mentioned near the bottom of this story) which employed an SSL certificate so the bogus page displayed the lock icon. In this case, the certificate appeared legit because it matched the URL of the fake page mimicking the Earthlink web site, but had no connection to Earthlink. Visitors would only detect the deception if they reviewed the certificate.

If the USPTO decision survives an expected appeal, it will likely void a $521 million jury award against Microsoft for infringing on the Eolas patent with features of its Internet Explorer browser. It also spares Microsoft the need to make modifications to its Windows operating systems and IE browser to allow them to continue to use popular multimedia plugins from Apple, Macromedia, Real Networks and Adobe. Microsoft outlined the planned changes last year but put them on hold in late January as it awaited a ruling from the patent office. The ruling would also avert the need for developers to modify millions of web pages using the HTML tags APPLET, OBJECT and EMBED, which would have been affected by the patent ruling.

The patent in question is held by the University of California and licensed to Eolas Technologies. It covers systems allowing browsers to "access and execute an embedded program object," and is based on work by a Cal team led by Michael Doyle. This "plugin" concept is now widely used to display multimedia within a browser window.

The concept was widely discussed at the time on the www-talk mailing list hosted by Web creator Tim Berners-Lee, as well as by Dave Raggett in the HTML+ specs he authored in 1993-94 for the Internet Engineering Task Force (IETF).

Nonetheless, the University of California's 1994 patent application for the technology was approved by the USPTO in 1998. Microsoft noted that the U.S. Patent and Trademark Office has only invalidated 151 patents out of nearly 4 million awarded since 1988. That doesn't reflect patents that have been invalidated by outside court proceedings.

Ten years ago today, spam as we know it was born. On 5 March 1994, a message was posted to some Usenet newsgroups by a law firm called Canter and Siegel, advertising their services for the U.S. Green Card lottery. It sounds mild enough today, but at the time that move and its follow-ups provoked increasing outrage across the Net. Many were appalled that "netiquette" - the unspoken rules that hitherto had maintained order in cyberspace - had been breached, sensing perhaps that things would never be the same again.

They were right, of course. By daring to try what no one had done before, those first spam messages opened the floodgates to the deluge we battle daily. When it became clear from Canter and Siegel's continued postings that their spams were being neither effectively blocked nor ignored, others soon followed in their footsteps.

"I would discount ANY reports or quotes of a 7 figure cash payment as has been reported," Marsh wrote in a post on the company's customer forum. "We did agree to a one time payment, however we did not agree to pay a 7 figure cash payment as reported in the media."

Blake Stowell, SCO's director of public relations, told eWeek Monday that EV1Servers "didn't pay full retail price on each server, but the deal was still worth seven figures all together for SCO." Similar quotes attributed to SCO appeared in Network World, Information Week and ComputerWorld, and the figure has been repeated widely in online forums discussing the deal.

What's not clear is whether EV1 and SCO are splitting hairs over definitions - Marsh addressed cash payments, while SCO has talked in terms of "worth" - or there is a larger disconnect between SCO's public statements and the undisclosed financial terms of the deal.

SCO contends that Linux includes copyrighted code from its own operating system, and is asking Linux users to pay $699 per server for a license to use its intellectual property. Under the terms of the agreement announced Monday, SCO will provide EV1Servers.Net with a site license that allows the use of SCO IP in binary form on all Linux servers managed by EV1Servers.Net in each of its hosting facilities.

However, the defence may take heart that the court in which SCO filed suit runs its own web site on Linux. Plaintiffs filing lawsuits enter copies of their legal documents in Adobe PDF format in the court's Case Management/Electronic Case Filing (CM/ECF) system, which will provide electronic updates of case information for the litigants and their lawyers. Our initial analysis indicated that this system ran on Linux, but court personnel have since indicated that CM/ECF system runs on Solaris, suggesting the initial reading was detecting content management equipment rather than the web server.

SCO's numerous press pronouncements have thus far not mentioned whether its lawyers sent the Nevada court a cease-and-desist letter prior to filing the documents, or indeed whether it plans to file suit against the court itself.

Of AutoZone's web-visible servers, the only machine running Linux is firefly.autozone.com, apparently the front end of an intranet connecting its retail stores that includes more than 3,000 Linux machines, according to a 1999 agreement with Red Hat in which the Linux vendor was to provide consulting and support services.

Autozone's public web site runs on Solaris, as do its training and store development extranets. AutoZone's All Data and All Data DIY sites are also hosted on Solaris. The company also runs an internal site on Windows 2000.

AutoZone's dealings with IBM were discussed in a legal filings in SCO's lawsuit against IBM, which were published on Groklaw. The post includes comments from a user identifying himself as an AutoZone technical employee, who said he was involved in its Linux installation and rebutted SCO's claims.

AutoZone is a Memphis-based auto parts chain with more than $4.5 billion in annual sales. It sells auto and light truck parts and accessories through 3,000 retail stores in the U.S> and Mexico, as well as automotive diagnostic and repair software through its network of web sites.

Netcraft tracks the operating system and web server for over 24K hostnames belonging to the top 1.5K enterprises on a worldwide basis. The dataset is updated on a monthly basis and is available on a company license basis. Please contact us (sales@netcraft.com) for further information of costs.

By paying a licensing fee to insulate itself against SCO's legal claims, EV1Servers drew immediate fire from many corners of the Linux community, with some Slashdot readers suggesting a boycott of the company. EV1Servers is one of the largest dedicated hosting companies, with more than 11,000 Linux servers visible on the Web, according to our most recent survey

"We realize we may be vilified by some diehards within the industry, but we feel a real obligation to take care of our customers," Marsh said in an interview this afternoon. "We had private discussions about this issue with some of our customers, and they were quite concerned about the uncertainty and the potential for a legal quagmire. What we've done is ensure that it's not an issue for our customers."

SCO's press release stated that EV1Servers "joins other Fortune 1000 companies that have signed up for a SCO IP license," but not identified themselves publicly. Marsh said he never considered a similar stealth agreement. "In terms of being public about it, that's the way we do business," said Marsh. "We feel an obligation to be upfront with our customers and deal with them in an honest and straightforward manner."

The domains advertised in the e-mail solicitations include carder.org, carderclan.net, carderportal.com, carderportal.org, the cc.ru, mazafaka.ru, lncrew.com, majordomo.ru and agava.com. A sample mail illustrates the structure of the pitch:

Hello, Thank you for registration on our board
http://www.carderclan.net & http://www.carderportal.com

Your Login & Password:
Login: User871
Password: MkSCs4c

On our site you will find:
Spam Hosting - from 20$ per mounth.
Fraud Hosting - from 30$ per mounth.
Stolen Credit Cards, Fake ID, DL's.
Spam For free only from 5.02.2004 to 14.02.2004.

Welcome: http://www.carderclan.net & http://www.carderportal.com

During February both the Pair Networks and Seeweb sites were faultless with no failed requests at all from any of our five measurement points.

Linux-based hosting operations posted the strongest hostname growth in February, capturing the top three spots and seven of the top 10 in our monthly Hosting Switching Summary. Leaders Go Daddy (up 117K) and 1&1 Internet AG host the majority of their sites on Linux.

Domain registrar eNom, which recently accelerated up its push into shared hosting, was the fastest-growing Windows-based host. Yahoo was February's strongest performer among FreeBSD hosts, with a gain of 13.8K.

1&1 Internet continued to gain traction in the U.S. hosting market, which accounted for 34K of its gain of 52K hostnames for the month. The German hosting company's American unit launched its paid services on Jan. 21.

The Toronto company has been developing its Blogware weblog service for a year, and began beta-testing it wirth a small group of resellers in October. Tucows hasn't released information on pricing, but resellers are currently offering Blogware for between $5 and $14 a month.

In the March 2004 survey we received responses from 48,038,131 sites.

For the third month in a row, despite significant growth in absolute terms, the percentage market share of Apache and Microsoft have change by less than the 0.3% resolution of the graph, so the graphs are flat.