December 16th, 2009 by Dario Solera | 2 Comments | Filed in Uncategorized
As a couple of my favorite bloggers recently suffered a total data loss on their server and they had no reliable backup plan, I thought someone would be interested in how we do backups for the ScrewTurn website.
For a starter, the SVN repository is hosted at Unfuddle. svn.screwturn.eu is just a read-only mirror.
The backup is done this way, daily, via a set of batch scripts:
- a comprehensive backup of the MySQL database (used for phpBB and WordPress) is generated using the integrated scheduler
- the database backup file and all the other data (websites, SVN repository, etc.) is packed in a ZIP file
- the ZIP file is downloaded via FTP from a remote machine; the latter runs in Italy while the server runs in New Jersey, USA.
The most important part: how can we make sure that the backup works? Because we used it to migrate the site to a new server, and it works. The backup is all-inclusive: even scheduled tasks are backed up. The only thing that is not included is the IIS metabase, but for that I have a copy stored on my PC (also backed up daily).
Trivia:
- daily backups are preserved for an entire month offsite and for a week on the server, in case we need to restore something that’s been accidentally deleted (or hacked)
- the ZIP file containing the backup is roughly 465 MB, growing 1.5 Mb a day
- backups take up to 25% of our daily network traffic.
I’m personally a bit paranoid about backups, but I think they’re worth the time and money spent.
Bottom line: in case the whole datacenter blows up, we would only lose a day worth of data, which consists of a dozen forum posts, on average. All the other data is either a copy itself (SVN) or does not change very frequently (content of the wiki, the blog).
November 12th, 2009 by Dario Solera | No Comments | Filed in Internet, Security
It happens that there is an old version of a PHP-based CMS application that is affected by a bug that, if I understand correctly, allows an attacker to alter the content of a part of a site, called snippet.
ScrewTurn Wiki has snippets (but they’re secure).
The funny thing is that we get a ton of attacks that try to apply the same technique used for the above-mentioned CMS to our website because, I think, there is a page called snippets. Crackers are getting dumber I guess…
STW, in such cases, simply crashes as the HTTP query string is a complete mess, so no worries, we fail fast. At any rate, even if the request was well-formed, an attacker cannot bypass the security configuration like she’s doing in the above-mentioned CMS: permissions are checked for every single request, including all post-backs.
October 23rd, 2009 by Dario Solera | 3 Comments | Filed in Off-Topic
Do people understand free licenses? Most importantly, do they understand the difference between the GPL, the Apache License, the BSD license? I don’t think so.
Why am I saying this?
You might be aware that I recently introduced an “Internal Usage” commercial license for ScrewTurn Wiki. It started as an experiment to see how many people would ask to purchase such license because their business isn’t compatible with the GPL. It turns out that there is roughly one request per week.
I’m generally a honest and fair person, so every time a user asks to purchase such a license, I invariably force them to notice that they can use and even modify the public packages for free, without any type of small print involved. I wouldn’t feel right selling them something that others get for free.
I’ve been surprised to know that quite a few managers or business owners in the software development field don’t even understand what the GPL is and what does it grants you to do. They’re ready to waste 100 Euros for getting even less than what is publicly available (commercial packages don’t include translations for example). It’s not much money, I know that, but what if it was 500€? or more? What if you’re doing the same mistake for many other applications, or even worse the mistake of not using a useful and perfectly suitable application because you’re afraid of its free license?
Guys, please, please spend a couple of hours studying the different free software licenses that the industry has agreed upon in the last several years. It’s very important for your business and, given the trends of the industry, you’ll probably have to deal with free software even more in the upcoming months and years.