Reply: The Red Web: Mortis

Hi. I've been binging your podcast while stuck on the wrong coast. I noticed that you didn't give any contact e-mail addresses, and from a few remarks you made in one or two episodes, setting up your own website was somewhat unusual, so I figured that sending you a URL through your social media feeds was the best way to get in touch with you. Love your theme music by the way, I get a real Tron Legacy vibe off of it.

I have a few comments on the Mortis episode...

"...it was soon discovered the website hid terabytes of data."

This sounds somewhat implausible for the year 1997.ev. Around that time 2GB IDE hard drives had just come down in price so that prosumers could buy them. That a server would have... let's say for the sake of argument 2TB of data means that there would be somewhere in the neighborhood of 2000 hard drives storing all that data. Probably more because hot-spare drives would be needed for data integrity, and data storage techniques of the time (which aren't all that different from ones now) would require additional storage for metadata. And the hardware required would be massive, easily a half-dozen 44U racks. Data storage on that scale probably existed at the time, but it wouldn't be anywhere on the public Net due to how expensive it would be to set up and maintain.

Also, did anyone ever say what kind of information was stored there? Raw data? Images? Documents? Database dumps?

Looking back on it, I would have to guess that the amount of data there grew to implausible levels as the story was retold. Very urban legend-like in that regard.

"And who's to say that this podcast don't the way doesn't get deleted as well?"

I hate to tell you, but if you don't host it yourself that's the risk you take. I noticed that your podcast is syndicated across multiple networks, which lessens the risk (LOCKSS (lots of copies keep stuff safe)), but just in case you might want to keep offline backups of your episodes and maybe upload them to the Internet Archive for safe keeping.

Off topic but I'm a professional geek. This sort of thing gets my attention. Anyway.

"Usenet files were found to be linked back to this website."

Sounds like somebody was posting links to files on Usenet. Not unusual for Usenet for the time, before the Eternal September happened and spammers pretty much took over.

"..and the largest one was 39 gigabytes."

Holy cats. Somebody built a stonking big server at the time, which mean somebody had a shit-tonne of money to throw at it. net.access to the home wasn't a thing then, so somebody was dropping large on a colo for that beast.

Implication: Whoever built it had lots of disposable income because drives big enough to easily build an array to hold a single file of that size probably cost as much as a car at the time. Also, colo services aren't cheap (never were because rack space and floor space are always at a premium) so their monthly burn rate was significant. If you wanted to figure out who ran the site, start looking at whoever was making lots of money around that time.

"..how do you get login access?"

Someone setting up reasonably sized for the time (smallish, really) servers for friends would often give out login credentials to their friends, and occasionally shell access. It was pretty common among geeks for one person to build a box, give out accounts, and we'd throw our crap up there. A few folks would set up early websites, mostly we played around with UNIX or Linux on that system, occasionally there would be a private IRC server to shoot the breeze on. Significantly smaller than Mortis, but I think the principle would apply: "Hey, you want someplace to throw your crap? I'll give you a login, just send me a couple of bucks every month because it's expensive."

Implication: Figure out who all had accounts, build the social graph, figure out who might have been the admin.

"...probably using some kind of hacking tool..."

Yeah, something like Hydra or a home-grown Perl script. Those are pretty much "skiddy's first icebreaker."

"Why shut it down?"

When you've got most of 4chan trying to crack your box, at some point somebody's going to find a way in. On top of that, all those attempts take up a lot of bandwidth and amount to a DDoS attack. The admin could have gotten fed up with not being able to access their own stuff, maybe the other users were complaining, maybe the hosting provider was getting upset so the hit the big red switch.

"...by doing a WHOIS..."

That dates roughly when the domain was registered. Domain privacy didn't really become a thing until the last ten years or so. In the late 90's it didn't exist. There were also so few domain registrars back then it was pretty much a Ma Bell-like monopoly. Network Solutions was the lead dog then as I recall.

"...however, there were nine other, or more websites besides Mortis..."

That also implies the admin having quite a bit of disposable income. For the time, registering a single domain cost somewhere around $65us per year, which for a lot of folks was exorbitant. Also a huge pain in the ass because the web control panels that we take for granted today just didn't exist.

"Is this like domain parking, is that what's happening here?"

Quite possibly. 1998 (when those other domains were registered) was the very early days of the first dot-com boom. Speculators were buying up domains left and right in the hopes of selling them to desperate entrepreneurs. Remember how much money sex.com sold for?

Also around that time, fake domain registrars were popping up where you could search for a domain name you wanted, and the fake registrar would check to see if it was registered behind the scenes and if it wasn't would file a domain registration for it immediately. They'd tell you that they'd e-mail you when they found it, and a day or two later (after Network Solutions had sold them the domain) they'd offer to sell it back to you for much more than they paid. Real jagoff move there.

"Can you imagine when the Internet was first just booming, like, how crazy all the, like deep dark web sites must have been?"

To be honest most of them were pretty boring. Once in a while a couple of groups of skiddies would crack a server and hide their "hey, look at us!" site in it, but it was mostly the same old text files containing information that had been done to death in the earlier, more established 'zines like Phrack or that tech journal that AlephOne ran back in the day out of MIT's Voyager server. All of the kind of stuff you mean implicitly was on IRC back then, on private channels on EFnet, traded user to user.

What you did see was lots of solid information on the web at the time. Lots of folks at companies would throw up a website with resources pertaining to what they were doing (aerospace, parsing, protocols, radio, stuff like that).

The Net was very much like the Wild West, though. Security was even more of a joke than it was now, and most of the infosec luminaries of today got their start as hackers back them. Interesting and fun times.

"We assume that these are all attributed to Ling himself, rather than another Thomas Ling, simply because all of these come from the registrar Pair Networks, Incorporated, which is in fact headquartered in Pennsylvania, which is why it makes sense Mortis is registered to a Pennsylvania location."

Pair Networks (pair.com) is a venerable company based out of Pittsburgh - South Side, specifically. They've been around since 1994 or 1995, built the second real data center in Pittsburgh (the first was telerama.com in 1990), and they were (at the time) a Network Solutions reseller. Their value add was that they took NetSol's astoundingly shitty user interface and made it easier to use. You could also host websites and email lists there (I used to hang out on a few of them). You could colo your own boxen there if you paid them enough. That all those domains would be found in Pittsburgh just makes sense, that's how the Net worked back then.  Furthermore, that he would go with Pair Networks back then just made sense - they sucked the least.

"...essentially, almost a response to the fact that these files were found..."

This makes a lot of sense; up until very recently bandwidth was metered (we paid per megabyte transferred to or from our servers). "Use all the bandwidth you like" network connectivity at hosting providers is a relatively new idea. So, it makes sense for someone with a lot of data to tell the Archive "Hey, don't spider my sites, you'll bankrupt me."

"...but a user agent such as 'ia_archiver' is software that is acting on behalf of a user..."

The user agent string identifies the nature and some of the capabilities of software the user is operating. Subtle but very important difference.

"..both sites were developed by the same person."

Maybe. Maybe not. Template robots.txt files were a thing back then just as they are now.  Stand up a new site, get a standard index.html and robots.txt file.

"Can we attach robots files to ourselves, maybe tattoo it on our backs?"

Some years ago, some privacy advocates came up with a QRcode that would, in theory, translate to the message "STOP PHOTOGRAPHING ME" if the person wearing the pin, button, patch, or whatever was photographed. It didn't go anywhere.  This, on the other hand... https://arxiv.org/abs/2001.11137

"It just feels so much like someone's laying clues."

Nah. That was the late 90's incarnation of shitposting. Lot of sites never got past that stage, no content ever came.

"Do you think he's maybe in it for the long con?"

Highly doubtful.  90% hard "no." Buying and sitting on domains was a thing back then, and some folks would grab the ones they wanted so that scammers wouldn't get hold of them. Still a thing these days but it's closer to shitposting than anything else (e.g., https://butt.holdings/). It's not even that it'll be worth something in the long run, they just don't want someone else to buy it and sell it back to them or point it to something they don't want their family named linked to (like, John Smith probably wouldn't want john-smith.com to be a redirect to fuck-the-fbi.com).

"It just seems so archaic in terms of the way to do it..."

Yup. That's what folks did back then. Not everybody was on Usenet or IRC or even BBS networks, so throwing up images and telling people to go to your site was what you did.

"Can you imagine if, instead of having a social media handle, everyone had their own websites?"

Those were the days... :)

"Every podcast has its own website..."

Yup. Miss those days.

"...third party sites that clumps everything together and allows you to search..."

Just like podcast aggregators today - The Red Web is available on at least six different services, and I don't think you submitted your work to all of them. They seem to have found your episodes and added them to their directories of stuff to download and listen to, usually mirroring the MP3s also. That's how one of my agent networks found your podcast earlier this week.

Also, webrings did that. They're rare but a few are still around: https://l00p.hackers.town/

"Or, maybe it's just like, thirty year old family business, we're now on the web!"

Yeah, sounds about right. Setting up crappy little sites for family businesses and nonprofits was a good way to make a little pocket money at the time. Fits the profile.

"cthulhu.net... what's the point if you're just moving the text..."

Again, early shitposting. I recall seeing that site on alt.horror.cthulhu alongside shoggoth.net (RIP). Maybe the webmaster was just playing around with the latest best practices for HTML design once in a while. Maybe they were toying with CSS as the spec evolved, too.

"cthulhu.net will awaken soon..."

Another site that never got off the ground. For every site you see these days, there were 50 that vanished into the ether.

"...has been intentionally scrubbed from the Internet."

Or fallen victim to bit rot. It happens.

"..most of this mystery will be found in the theories..."

I really doubt there was anything there. This fits the profile of a vanity site that never went anywhere.

"There's a lot of claims floating around." "Yeah, where's the proof though?"

I'd say, pretty much all of them are jetwash. This whole thing is pretty much classic Internet, pre-Eternal September. Some interesting stories are being written from the perspective of today, though - far be it from me to dissuade someone from exercising their imagination.

"Why did Thomas Ling register so many websites, and what were the purpose of those websites?"

He probably did because he could. He probably had some ideas for websites (which were a pretty racy concept back then), bought a handful of domains, but only did anything substantial with a small number of them. It was what you did if you were on the Net back then and had some money to burn.

"...hundreds of terabytes..."

Again... nah. That figure sounds grossly inflated as the story was told and retold over and over again. A few hundred megs in a file dump, sure. That sounds much more plausible.

"It could just be some weird person, and they stored a bunch of random stuff."

Definitely a thing, then and now. File dumps where you threw your crap that you thought you might send a link to at some point were a thing, and still are thanks to forum and *chan culture. Hell...

https://drwho.virtadpt.net/graphics/

tl;dr - not terribly odd. Someone just happened to find a file dump.

"..you must be working with videos, right?"

Even back then, no way.  Digital video was nowhere near the point where a single raw video would take that much storage.  Maybe if you the NRO running a spy satellite in HEO.

Also, nobody ever says what kind of data they found. I'd have thought that'd be part of the stories that get passed around, kind of like the kid everybody knew in high school who bragged that he had a collection of snuff films, or had played and beaten early versions of video games that weren't even out in Japan yet, let alone the States.

"To host that is pricy.."

Yeah. Back then disk quotes were 5-10 megabytes per account, and you had to pay more per meg per month. When I threw some con pictures up back in 2000, I was paying double my monthly bill (regular service, and for all the disk space I was using). If the volumes of data really were that large, whoever was running it would have been paying a couple of grand a month at least, which seems highly implausible.

"Perhaps this was a WoW guild page.."

For the time it would probably have been Ultima Online. But they weren't terribly private back then, they posted what they were and how to apply. None of this mystery stuff because that wasn't what they were interested in, it was the game they were interested in.

"..so I took that link, put it into the Wayback Machine..."

You can also look at the disambiguation page's revision history: https://en.wikipedia.org/w/index.php?title=Mortis&action=history

Anyway, that's what was going through my head listening to this episode.  Thank you for the food for thought, and I look forward to season 2.

mail: drwho at virtadpt dot net

XMPP: drwho at jackpoint dot virtadpt dot net