Hi --

Mark here.

I'm sorry, but the Forum's down and probably will be for a while.

On 12 November, Willem emailed me, alerting me to the fact that someone had messed up the forum, and indeed it was true -- junk postings, and clicking on a link returned ASP errors. Good news: nobody got anything. Bad news: it's clearly a very, very bad idea to start up the Forum software again.

Snitz, the software that has powered our forum since 2002, isn't really maintained and hasn't been for a long time. I've worried that someone would find a "kill" vulnerability and I guess someone did. We've been putting off migrating to something else because we couldn't really find a good alternative that (1) didn't cost a pile of money, (2) gave us the guarantees that we wanted to decamp if we needed to, and (3) could migrate the 12 years of forum traffic we have.

After consulting with a few members, I decided to take down the Web server until I could actually get home, disconnect the thing from the Web and spend a day looking at the logs to see if (1) someone got to the database (which would be bad because of the names and passwords in it) and/or (2) that person tried to move to another part of the server. As I said, the answer to both of those questions was "no," but until I can understand 100 percent of the Snitz vulnerability, I really feel that turning the Snitz software back on would be criminally stupid and negligent. (I mean, I HOPE you guys don't use the same user name and password here that you do at your bank, but... :-)

When I have time, I think a day's hacking around with the Snitz code will allow me to run the forum in a mode that (a) does not accept registrations, (b) runs with just one or two accounts, and (c) runs in read-only mode. That'd allow me to delete the user database altogether and hey, if the hacker wants to steal our 12 years of conversation, the slime is welcome to it. Then we can get moving on finding a new home.

You all know where to find me, so drop me a line if you'd like to know more or offer suggestions. (If there's an ASP expert out there who'd like to do the evisceration of the Snitz code, I'd be grateful.) Thanks for your patience and support!

Mark Minasi