Tension and Flaws Before Health Website Crash

Thanks to a huge effort to fix the most obvious weaknesses and the appointment at last of a single contractor, QSSI, to oversee the work, the website now crashes much less frequently, officials said. That is a major improvement from a month ago, when it was up only 42 percent of the time and 10-hour failures were common. Yet an enormous amount of work remains to be done, all sides agree.

via Tension and Flaws Before Health Website Crash – NYTimes.com.

Systems like this should require 5 9s availability from the beginning.  This means that the system should be operationally up 99.999% of the time.  This allows for around 5.7 minutes downtime per year.  I suspect companies like Amazon, Facebook, and Google meet this standard for high availability.  There are all kinds of methods and tricks to achieve this that have been learned over the past century in telecommunication systems.

In the last week of September, the disastrous results of the project’s inept management and execution were becoming fully apparent. The agency pressed CGI to explain why a performance test showed that the site could not handle more than 500 simultaneous users. The response once again exhibited the blame-shifting that had plagued the project for months.

Jekyll

Jekyll is a simple, blog-aware, static site generator. It takes a template directory containing raw text files in various formats, runs it through Markdown (or Textile) and Liquid converters, and spits out a complete, ready-to-publish static website suitable for serving with your favorite web server. Jekyll also happens to be the engine behind GitHub Pages, which means you can use Jekyll to host your project’s page, blog, or website from GitHub’s servers for free.

via Welcome.

Honeypot Stings Attackers With Counterattacks

The PHP portion included a field for “members” to enter their “secret code” to enter the “private zone,” he explains. “So it’s a good idea to try a SQL injection attack” there, he says of the lure.

“My script had [a] few checks for some patterns, and when a SQL injection attempt was detected, the script [threw the] Java applet, ‘GUI for member zona. Welcome,'” he says. The Java applet then installed a backdoor on the attacker’s Windows machine, he says.

via Honeypot Stings Attackers With Counterattacks – Dark Reading.

In his research paper (PDF) on the experiment, Sintsov explains it this way: “Obviously, reverse penetration has a number of moral, ethical and legal issues

OAuth – A great way to cripple your API

Even the original social networking sites behind OAuth decided they really need other options for different use-cases, such as Twitter’s xAuth, or Yahoo offering Direct OAuth, which turns the entire scheme into a more complicated version of HTTP Basic Authentication, with no added benefits. Perhaps the most damaging point against OAuth, is that the original designer behind it decided to remove his name from the specification, and is washing his hands clean of it.

via Insane Coding: OAuth – A great way to cripple your API.

Re-architecting for world domination

Buytaert, who is also the founder of Drupal services firm Acquia, has ambitious goals for Drupal, as it continues to shift away from purely a content management system towards a unified Web platform that organisations can standardise on to build Web-based services, for both internal and customer-focussed sites.

via Drupal 8: Re-architecting for world domination – open source, cms, content management, drupal – Computerworld.

Apache plugin turns legit sites into bank-attack platforms

Bureau didn’t say how the site running the plugin was hacked. Many legitimate websites used in malware attacks are commandeered after administrator credentials are compromised. He said the malicious Apache plugin is separate from a Linux rootkit discovered last month that also injects malicious content into otherwise legitimate webpages.

via Apache plugin turns legit sites into bank-attack platforms | Ars Technica.

Building Web Services the REST Way

Representational State Transfer is intended to evoke an image of how a well-designed Web application behaves: a network of web pages (a virtual state-machine), where the user progresses through an application by selecting links (state transitions), resulting in the next page (representing the next state of the application) being transferred to the user and rendered for their use

via.  Building Web Services the REST Way

Upgrade PHP 5.1/5.2 to 5.3 on CentOS

I’m finding that more and more software developers are being quite inconsiderate and are making code that requires PHP 5.3. Since many server-based and long-term support distros are still on PHP 5.2, this can make things difficult quickly.

via Upgrade PHP 5.1/5.2 to 5.3 on CentOS :: Chris Jean.

Here here!  I needed to do the following on CentOS 5.7:

#sudo yum erase php

#sudo yum erase php-commons

#sudo yum install php53

#sudo yum install php53-mysql