Yes, a can of worms... But general direction would be nice...
sasha at asksasha.com
Thu Jul 16 13:53:33 MDT 2009
>Amen. It's great to be able to say something bad "probably" didn't
>happen, but that's a big ole fat "probably" (proportionate to the cost
>of having it happen). My motto has always been to be as paranoid as I
>can afford to be.
I agree that we need to not be sloppy with backups or security. If it
takes you only 5 minutes to secure against the improbable, do so by
all means. As long as it does not become 5 minutes x 1000. What I am
saying is that sometimes we lose touch with reality and go overboard.
Let's consider a real-life example. Somebody with a budget of about
$300 who runs a relatively small site that makes maybe $500 a month
from online ads comes to you and asks you why there is some weird
wrote the web application for him a long time ago. He does not have a
full-time sysadmin to do backups or anything close to that. When bad
things happen he hires a consultant. Yes, he does value his data, it
brings him $500 a month. No he does not value his data by more than
$500 a month, he cannot spend most or all of it on a sysadmin "doing
it right". So what do you do?
A) Tell him he's got it all wrong, he needs a sysadmin to run his
system. Since he does not have a backup and who knows what his
application does now after being hacked, he needs to re-install the OS
on his dedicated server that is 1000 miles a way, and the application
needs to be re-written from scratch to be sure.
B) Find the offending code, remove it. Investigate the break-in, close
the holes. Instruct him on how to make a backup and encourage him to
do it regularly. Spend the rest of the time permitted by the client's
budget securing the most vulnerable parts of the system.
A real-life analogy to illustrate what I am talking about. Hwy 6 is
dangerous, many people have lost their lives driving on it. When you
go to Moab from Provo do you take I-15/I-70 route instead to avoid Hwy
6 just to be sure?
AskSasha Linux Consulting
Fast Running Blog.
Run. Blog. Improve. Repeat.
More information about the PLUG