«Sostegno» Notes
Job Jar & Diary
|
|
«Sostegno» Notes |
A running diary and job jar of ideas for the incident notes compiled under Orcmid's Lair. Sometimes, this is at the meta-level of sustainability too. "Are you a solution-space witch or a problem-space witch?"
Status |
Date |
Description |
|
done 2005-04-17 |
2005-04-16 |
The no-follow link |
| done | 2005-04-16 | Start a support folio on the Blocco setup firmware resetting itself to default. That happened again sometime in the past 48 hours and I don't like it one bit. I want to start blogging about Orcmid's Lair /sostegno, /strumenti, and /centrale items in support of my risk management and configuration maintenance, so we'll start with this one. |
| 2005-04-16 | If there are folios here that have not be externally linked (e.g., from my own blog), scrape them into the 2004/ folder quickly so we can unclutter this top-level Orcmid /sostegno directory as much as possible without breaking in-bound links. | |
| done | 2005-04-16 | Start a 2005/ sub-folder at once before making anything new. |
| 2005-04-16 | There are too many provisional things cluttering the catalog. Scrape the ones with no actual folio to here for treatment as a backlog that won't be forgotten. | |
| 2004-09-17 | Review X000001-log for provisional creations and placeholders that are tied to entries here. | |
| moved | 2004-09-17 |
Privacy is a big deal. Get that incident on the boards
now. |
| 2004-09-17 | Create an incident on the problem I had with a quarantine page keep going back over the corrected intended post. This appears to be a FrontPage artifact, but that is just one suspicion about it. | |
| 2004-09-17 | Make a specific incident about my slip-streaming missteps and the practices being put in to mitigate that. See 2004-08-27 and 2004-07-25. | |
| closed 2004-09-16 |
2004-08-27 | It looks like the Google Blog got bit by the lagging-archive-page phenomenon. I realize that I don't worry about it because archives are not linked to be anything any more (except for bugs like X040901). [dh:2004-09-17 When the feed was corrected and the Google Blog was still broken on creation of a new posting there, I made an incident report on 09-13. By the time Blogger support checked and responded to me on 09-16, the problem was cured and all of the necessary pages were accessible on Google Blog. |
| done | 2004-09-04 | Initiate incident report X040901 on Degraded Blogger Feed. |
| 2004-08-27 | The business about double titles and single titles is a bug that I created. I should log it as an incident report and also point out how I found it and how I fixed it. [dh:2004-09-17 This is described in "Seeing Double," "Deja Double Vu," and "Ending the Madness: Deja Triple Vu." I need to create the incident report.] | |
| 2004-08-26 | Add an item about the FTP problem in being able to do a seamless slamdown from a different directory. | |
| in
progress 2004-09-07 |
2004-08-25 | Respond to the Alan Cooper triad on architecture, engineering, and programming. I don't get what he says about engineering and the collapse of engineering and experimentation. I do experimental architecture, experimental [software/system] engineering, and experimental programming. Also a lot of what passes for programming as described by Cooper is experimental and heavily heuristic and it suffers from the lack of engineering. It all suffers from the lack of architecture and addressing the problem space, I grant him that. Maybe it is about design. And not prematurely optimizing as well as being sure to look at the entire lifecycle and the different costs and risks. For example, if one looked at the cost of assurance, security and maintenance, having the programmer's job be so complicated would be seen as the design failure that it is. This is not a problem for programming to solve, either. [dh:2004-09-17 I posted "To Engineer Is To Tinker?" on 2004-09-07. What I haven't done is mention it to Chris Sells or, more importantly, Alan Cooper. And I have yet to say much of what is in this diary entry.] |
| 2004-08-25 | I am doing all of this manually for far too long. I am content that there always be a manual way to do it, and maybe even alongside of any computer-aided procedures that go farther than what I use (web page editor!). It just struck me that writing code would have been a form of premature automation, but I stay with the manual methods a little too long, and at some point the opportunity cost becomes too high. I suspect that, for others, the opportunity cost seems too high without even trying it. Something else to mull over. [dh:2004-09-17 There is something in Joel Spolsky's work, mentioned in "Trustworthy Software Security" under Roadmap to Better Code. | |
| 2004-08-25 | Look at models for ensuring coverage and analysis and noticing the places where there is intervention, etc. These are meta-topics? The use of data-flow diagrams in the Threat Modeling Tool is encouraging, and it looks like I need to put in performance architecture plus trust points (because they reveal where there are unknowns and aspects that need to be confirmed). Then there is working in the solution space. This is becoming a very revealing experience for me. | |
| 2004-08-25 | Add a lessons learned and something about operating in the solution space instead of the problem space with regard to incident-handling. | |
| done | 2004-08-25 | Add incident report on the NewsGator behavior when I got the feed wrong, and what it actually did with it. |
| 2004-08-25 | Add incident report on "Now You See It, Now You Don't" about the way I change state on the web site. This is about "throwing down from above" and what that reveals around the dissonance for the problem-space versus solution space that. | |
| 2004-08-25 | Add incident report on "Fooled by the Cache" and what that reveals | |
| 2004-08-25 | I have been coming up with MSN Messenger active and the problem of it changing state spontaneously (actually after a small flurry of traffic) when it is pretending to be off-line irritates me. I guess I need to begin to see what the game is and why do I think I have to play it. A good incident report. | |
| 2004-08-24 | There is a weird thing about caching of XML pages and the way that the time stamps may be preventing a reset page being fetched. The later but revoked page is still served. This impacts the slam-down procedures. | |
| done | 2004-08-24 | Create incident report on Malformed Atom Feed and the NewsGator behavior, the workaround, and the longer-term solution. |
| 2004-08-23 | There are a number of failed certificates on Microsoft pages and I need to get underneath that. | |
| 2004-08-22 | There is an interference with the Windows Download Manager here on Compagno. I was unable to ever get an XPSP2 OSI image download to start on Compagno, but it worked fine on Centro. | |
| 2004-08-22 | I need to figure out what is going on with Cookies on my system and how that interacts with the Firewall. I found that I was providing a Cookie to radio.weblogs.com, but it was a weird one. Cookies don't get set though. [dh:2004-09-17 This is watched under X040902 also, though that is not enough.] | |
| 2004-08-22 | Incident with POST to a comment page on Scobleizer showed that the POST file was corrupted in a peculiar way. I have confirmed that it works if I take down the Firewall, but I don't have the end-to-end case nailed down. I have captures, screen shots, and .MHT files in comando/orcmid that should allow this to be documented and analyzed. Although suspicions are on the firewall, it could be that ZoneAlarm was corrupted some other way. | |
| 2004-08-17 | Open incidents on the Microsoft Threat tool. Include the following that we have noticed: Wrong version on download page, Version not on About ... box, Report as HTM for Fabrikam fails without Visio 11 (2003). Visio renders incorrectly in the Fabrikam model. The XML does not have a default namespace, although others are specified. | |
| 2004-08-16 | The search page that comes on the MSDN Subscription Index CD doesn't work on my Win98 or my XP Pro machine. It hangs on searching for "Visio" and I have to kill it with the task manager. Also, the little (unsigned) SHELEXEC.EXE wants to access the network, bless its heart. I wouldn't be surprised if this wasn't another Firewall interaction. The on-disc index is now in XML and Rowset files and they are pretty gigantic. There is something weird in all of this. It is no longer simply browsable! (Actually, there is a browsable one, but it took some effort to find it.) | |
| 2004-08-14 | Open an incident analysis on the Errors on Page - Object Expected drill that keeps coming up [when I am browsing -- dh:2004-08-25]. | |
| 2004-08-13 | ZoneLabs now has a version 5.1 of ZAPro, and I need to find out what it fixes and whether to install it. [dh:2004-09-17 I have installed it. It fixes some things and others are apparently now intermittent. I have a breakdown in my Intranet connectivity/security.] | |
| 2004-08-13 | Include the Liverpool failed SSL certificate as an exercise in trust and whatnot. | |
| 2004-08-13 | Add the Citi phisher that I saw and describe the humor of it (e.g., monocultural email client assumption) | |
| 2004-07-28 | Create analysis of the Centrale Attack Surface [dh:2004-09-17 Coordinate with X040705] | |
| done | 2004-07-28 | Analyze the Gibson Research Vulnerability Reports and Determine Where Blocking is occurring. |
| done | 2004-07-28 | Create analysis of the Compagno Attack Surface |
| 2004-07-25 | The installation of Windows XP SP2 should be viewed as an incident with risk management and other concerns. In particular, I don't know what it will do to the way I use IIS as a development server on my local XP Pro machine. | |
| in
progress 2004-08-31 |
2004-07-25 | The number of false starts in getting clean entries for the blog Lockdown Notices into the Atom Feeds reminds me that I need to deal with myself about slip-streaming and explore the lessons of that in my comment on what I think is a source of problems for Blogger.com too. [dh:2004-09-17 This was addressed in terms of Blogger in "Honey Where'd You Put the Bloggo?", the companion "A Feed Too Far," and the foretelling in "Your%20Message%20Here." That leaves an incident and a practice for me to be figured out. It probably goes with X040901 Lessons learned too. It deserves to stand on its own as a holder for my own missteps and also the creation of a powerful practice in this area.] |
| 2004-07-25 | I have made promises in postings to my Information Security Engineering class and it would be good to have them in view out here where I can manage their existence and fulfillment. Go get those, plus what I have said will be available on Monday, 07-26. | |
| 2004-07-25 | So I have not been living the talk about risk analysis. My approach is as ostrich-emulating as anyone else's blundering ahead in denial and overlooking of the unwarranted trust that is being placed everywhere. OK, I guess I can work my way into all of this as an incident and support case. | |
| 2004-07-25 | An important incident response has to do with unavailability, either because of a misadventure, system outage, travel incident, or computer-unrelated emergency. Incident response and risk mitigation have broader aspects in how I live my life, provide for my household, and have ductile responses in the face of life's eventualities. | |
| 2004-07-25 | There's no threat analysis either. I need to deal with these as incidents, since they are exposures and I am aware of them. What I haven't done is seriously bring myself to account for the state of the systems I blindly trust in. I've been whistling through graveyards. | |
| 2004-07-25 | I have no Incident Response System for the overall system, not just the web site. This needs to be fragmented a number of ways, but Incident Response should be there along with Business Interruption and a number of other things. | |
| done 2004-09-17 |
2004-07-24 | Version the catalog page so that we can move closed incidents off over time |
| done | 2004-07-24 | Start an incident report on the Visio 2000 Image Conversion Incoherencies, using the validAtom PNG as an example. Another one is on my business-card images and the difference between Visio and Word at saving images. |
| done | 2004-07-23 | Start an incident report on the need to have a properly-described XML encoding and agreement with web-server content encoding to have everything work |
| 2004-07-18 | Add the problems with FirstClass client and off-line operation as another case study and incident analysis. [dh:2004-07-25 Three problems: loss of connection when offline [?], performance, and freezing.] | |
| done 2004-08-28 | 2004-07-18 | Change Orcmid's Lair Blog to use default.asp as the default page, instead of lair.asp. This provides for the same technique to be used in slam downs and in posting rolled-back, pages, locked-down or not. |
| started
2004-08-14 done 2004-08-31 |
2004-07-18 | Create weblog slam-down pages, one for the atom feed and one for the default page, and demonstrate them. Done for: Spammer Wingnut, Numbering Peano, Orcmid's Lair, and Professor von Clueless. |
| completed 2004-08-23 |
2004-07-18 | Add a notice to the atom feed about what happens when there is an incident underway and what happens to the site feed when operation is restored: There are three cases - the normal feed, the slam-down feed, and the rolled-back feed, then restoration of the normal feed. The site information should also include a link to the weblog status page. The notices should refer to persistent pages so that less customization is needed to initiate incident handling. |
| done | 2004-07-15 | Clone an ODMA Incident report for use as the template here. I really want to keep a support folder and incident logs. So be it. |
| done | 2004-07-15 | Start a support note that carries the running status of the blog sites. |
| done | 2004-07-15 | Bring the incident related notes from BlunderDome to this diary. |
| moved 2004-09-17 |
2004-07-15 | Record an incident on the Blogger privacy-related insertions in the blog pages here. |
| 2004-07-15 | Record an incident for the ZoneAlarm Pro version 5.0 upgrade failure | |
| done | 2004-07-15 | Start an incident report for the Blogger FTP corruption |
| done 2004-09-17 |
2004-07-15 | Version this page and be prepared to roll older completed material onto an archive page. |
| done | 2004-07-15 | Create minimum diary and log in preparation for logging and tracking of incidents. |
| moved 2004-09-17 |
2004-07-02 | Put up a lab note on the problems with cookies and the references to Blogger that go with drawing a feed. |
| 2004-06-27 | Capture incoherence around ZAPro: My status says Firewall Software is up-to-date. It doesn't give me anything to click. If I go to settings, there is a button that I can press to check. That tells me there is a critical update (.043, the one I know about), and I set it to not download (I already have it, but to remind me in 5 days). But because I went to the download site, ZapPro reports that it is updated. [This is security software. What other holes this large are lurking here? --dh:2004-08-25] I should use this example because it just happened. | |
|
You are navigating Orcmid's Lair |
created 2004-07-15-21:53 -0700 (pdt) by orcmid |