(A)bort, (R)etry, (I)gnore: Perspectives on Information Security

http://chronicle.com/article/Chapel-Hill-Researcher-Fights/124821/

The article is fairly sympathetic to her (Bonnie C. Yankaskas, Ph.D.) plight; if those are substantially the facts as reported, this looks like an administration undertaking C-Y-A security measures.

Can a non-specialist, even as PI of the project, be blamed for not following “best practices” when most best practices are (1) ill-defined and (2) worthless against skilled attackers?

If I were a CISO, persecution is _exactly_ the wrong way to go about convincing people about the importance of protecting PII. Quick everybody, break out your snake oil…the people at UNC will shortly be buying.

I recently updated this blog from the WordPress control panel. All it takes to update is a single mouse click.

This action was ill-advised, uniformed, and generally ignorant. First, I did not follow the advice in the upgrade dialog that urged me to back up my content. Second, when the update finished, none of my posts were available. The front page of the site said something like “no posts matched your search criteria.” And it has been like that for about a week. Today I decided to get to the bottom of the issue. I was alarmed because the Yahoo control panel indicated that my database was using zero MB and had never been backed up.

Calling Yahoo support did not help much. I’ll leave out the details, but the nice technical person on the other end of the call basically said that WordPress-related issues, database-related issues, and other pertinent issues were out of Yahoo’s scope of support. In short, they supply the rope, and you do the hanging (and I deserved to hang for not having taken precautions to understand just what I was doing).

How did we resolve this issue?

I installed phpMyAdmin through the Yahoo control interface. This was immediately reassuring because it claimed that my blog’s database had 21 tables in it, and the table overview showed that most of them had data.

The “wp_posts” table, however, was marked as “in use”, and issuing queries (such as `DESCRIBE wp_posts;’) returned an error:

Can’t open file: ‘wp_posts.MYI’ (errno: 145)

This forum web page helped tremendously. It seems like during the upgrade, some process belonging to the previous PHP code or some process belonging to the upgrade PHP code failed to detach itself from using the table. The table was thus locked, and no other processes (including new requests from the new PHP code to display posts) could read or write the table.

Fortunately, phpMyAdmin contains two options: “check table” and “repair table.” Issuing the first SQL command confirmed that the table was ‘marked as crashed’ and that ’1 client is using or hasn’t closed the table properly.’ After coming back to the view of the tables, the wp_posts table was no longer marked as in use. I then issued the repair command. Within five minutes, post content was visible on the site.

Whew.

Now, I’m not a big fan of some of Microsoft’s business practices or software, but I reserved a special disdain for their often impenetrable “documentation” — particularly Knowledge Base articles that seemed written by marketing and lawyers to keep any useful technical information away from the public.

In terms of explaining things to office desk jockeys, however, It looks like the situation has improved. I recently came across an tutorial on their site about how to create Gantt Charts using Excel (Microsoft’s “Project” software is the main way to do this, but I don’t have Project).

http://office.microsoft.com/en-us/excel-help/create-a-gantt-chart-in-excel-HA001034605.aspx