[dh:2004-08-27-06:00Z Crossing My Fingers]
Well, I did most of my writing and development about this on the web site, and I'll provide links to a proper account later. Right now I am ready to start posting again. I'm ready with the firehose and a bucket of sand, for whatever might happen. First, I am expecting the first post of this message to fail. I haven't given Blogger.com any access to my web site yet (I think, It has been a while since I did the lockdown on July 2).
[dh:2004-07-18-19:40Z Taking Stock]
I haven't been here in a while, since I can't post anything yet. The blogs are still locked down and I don't have a roll-back procedure for Wingnut yet. I see, since I was here last, that Blogger has slip-streamed another update into the system and now the Edit procedure has changed a lot, with a WYSIWYG composing view and an Edit HTML view as well as a Preview selection. The default font appears to have changed too. It's just wonderful the way they do this [;
On the site forensics work, I have made some slow progress:
- I have created manual entries in the Atom feeds that report the locked down status.
- I have begun a blog status page and an incident tracking page that I will link on the default pages so that there is always access to status.
There are further actions to take before I am ready to turn on blogs, one at a time:
- Add more manual information to the atom feed about what happens when a lock-down is relaxed and the site is brought into operation again.
- Create persistent material that reflects the same information so that slam-down and roll-back procedures can point to that in the future.
- Create an emergency roll-back procedure that slams warning pages into the default and atom feed files as soon as a failure is detected.
- Create the drill for regular backups and roll-back following a "technical difficulties" slam-down. The idea is to capture failed pages quickly, replace them with the slam-down warning pages, then calmly collect incident material and restore to the roll-back point. Any lock-down notice gets added to the roll-back, so that readers are protected from corrupt material and they have accurate information about the incident being addressed. Then, once readers are taken care of and the incident data is sequestered, the incident information is reported to blogger.com.
This is going to be a standard crime-scene and forensics approach that I will apply to other situations, including for software on my local system. There are further nuances, such as atom feeds on the incident reports (!) and other accountability measures. These are all great topics for Professor von Clueless.
- Listening to:
-
Richie Havens "Freedom," Canned Heat "A Change Is Gonna Come," Sha-Na-Na "At the Hop!" Woodstock: The Director's Cut Warner Brothers (1969, 1970, 1994, 1997) DVD edition.
[dh:2004-07-10-17:41Z Notices Posted - Reviewing Options]
On July 8, I updated all of the blog default pages to reflect the current lockdown situation. I am now on Wingnut cleaning up and getting to where I might try posting this note, but only after I have a set of rollback pages ready to go if this posting fails. I am also reviewing Atom information to see if there is a notice I can put in my atom feeds to let people know about the lockdown without actually posting via Blogger. I am in the middle of course work and may not do more on this until Sunday (2004-07-11) after I have all of my course assignments up to date.
[dh:2004-07-03-00:00Z LockDown Accomplished]
The lockdown is completed and the only access rights that Blogger now has to my host site is FTP access to
orcmid/BlunderDome/wingnut/. This may inconvenience someone who wants to leave a comment, but I am going to leave it for now until I have delivered on some other commitments. What I have now is that
- Blogger can only access wingnut/.
- All of my other blogs are locked down against updating by anyone but me.
- All blogs are backed-up on a site image that I keep, on my IIS/FrontPage development site, and in Visual Source Safe.
I am comfortable for now.
A new consideration is that the administration interface for my hosted site requires me to allow scripts to run and also accept running of ActiveX components. Although I have it listed as a trusted site for Internet Explorer, I also have my Internet Options set high for scripts and components because of a series of exploits that involve intrusion via scripts from subverted Microsoft IIS web sites. It is white-knuckle time.
[dh:2004-07-02-23:16Z Locking Down Blogger]
The first step, I realize, is to lock down my blog sites so that, in case Blogger has been hacked, I can defend my published blogs from spurious updates and any effort to subvert my pages in some way. I've been down this road before and it will be easier this time.
- First, I will set up my screen-capture utility and walk through shutting down directory access to the FTP account I provide for Blogger's exclusive use. I could lock down that account with the check of a single box, but I want to allow Blogger access to the Muddleware Laboratory for trouble-shooting and demonstration to the Blogger folk, if they happen to ask for details and confirmation.
- Then I will update the default pages on the three other blogs to carry announcements of the lock-down and pointing out that any commenting will fail.
- Then I will set up a "restore point" for refreshing Muddleware Laboratory any time I manage to corrupt it in my efforts to analyze the problem.
- Pondering:
- It's time for me to figure out my classwork for the second week of Information Security Engineering, and working it in with having my son Doug visiting too, along with the Sunday national holiday here. I will do the lockdown at once, and the rest will come later.
- Listening to:
-
Marlon Brando. Clip from On the Waterfront, "I coulda been a contender; I coulda been somebody." All Things Considered, NRP News, retrospective on Marlon Brando who died yesterday at the age of 80. It followed on to a perspective suggesting that Marlon Brando pissed away a historical talent as one of the greatest players ever. I wept. Thanks Marlon, for all that you did provide.
[dh:2004-07-02-22:41Z FTP Corruption Investigation Starts]
It seems that Blogger is capable of sending corrupt FTP posts to my host sites where I keep my blogs posted. This happened early the morning of July 2 on Clueless. I have some notes about the recovery effort to restore the pages to last-good postings (which I did have in a backup of the site image) and post a warning. There are now new things to deal with, including seeing how reproducible the situation is, or whether it appears to have healed. I won't post this draft here in the Muddleware Lab until I am ready to do a recovery, if needed.
I have some ideas I am working on with regard to warning people and also having the posts be put up manually until I am sure what is happening. I don't know what to do about the syndication feed, since that was creamed also and manually updating the feed requires me to learn more things about Atom than I know now. What I learned from a simple inspection is that the content is not in the feed, it is referenced from the feed, and the reference is to a blogger site that apparently delivers whatever my aggregator digests and turns into HTML-formatted notes (dangerous, those, because I can't preview a web link before using it).
1. So, first, I want to have a place where I document the problem that it is outside of the blogs and it can be referenced from the top banner of manually-restored default pages.
2. I need to announced the suspension of my other blogs in the same way that was done for clueless. For here on Muddleware, I need to announce that there is construction and blasting and that the site is unreliable while I try things. That basically means that I have a clean version for roll-back every time I need it, so that restoring the site is done quickly.
3. I need to mention in all of my warnings that the Atom feed is also damaged during these events. I hate to see what syndicators do with this binary junk when they are looking for something close to well-formed XML.
4. I would like a way to make a manual feed update that has content to supply announcing the difficulty. It looks like it may have to pull something off of my site, and I don't know what that would be like yet.
- Listening to:
-
Heart Rate Radio. MSN Radio Plus. While working out on the rowing machine.
Yoga, Yoga, Yoga. MSN Radio Plus. While cooling down and making the first draft of this note.
