Can this forum have a secure login?
10-31-2010, 08:21 PM,
#1
Can this forum have a secure login?
I guess this is a question for Steve. I'm using the free wifi at McDonald's today. Last week brought some scary news about packet sniffing tools that make it easier than ever for script kiddies and other malicious types to eavesdrop on unsecured logins. Little would be gained by subverting my account here, however I do wonder if a secure login option (over https) could be available for this forum.
Find all posts by this user
Like Post Quote this message in a reply
11-07-2010, 10:30 AM,
#2
RE: Can this forum have a secure login?
Hey Questioner, I've been following this story as well, mostly because I work in software. For those that don't know a couple of security researchers released a firefox plugin called FireSheep which makes it extremely easy to hijack sessions to popular sites such as gmail, facebook and myspace. The plugin does not attempt to steal passwords for sites which don't implement secure login. Instead it targets sites which do have secure login, but then down-step users to an unsecure connection once they have authenticated. The other thing to keep in mind is that the plugin targets popular sites and must be configured to add additional sites. So unless the 'hacker' specifically configures the tool to target bring4th.org, you have less to worry about. BTW, I use the term 'hacker' loosely here because it's easy enough for anyone to use.

There is a plugin which the EFF developed for firefox which attempts to correct this issue for popular sites: https://www.eff.org/https-everywhere/.

The truth is that hackers with the appropriate tools can retrieve your password to this site. I agree that it would be to our advantage to implement secure access to the site.
Find all posts by this user
Like Post Quote this message in a reply
11-07-2010, 11:59 AM,
#3
RE: Can this forum have a secure login?
just installing a cheap rapidssl cert for bring4th.org would do it. some $30 or so yearly.
can reach me@ unity100-gmail
Find all posts by this user
Like Post Quote this message in a reply
11-07-2010, 05:53 PM,
#4
RE: Can this forum have a secure login?
That and adding a snipit of code to the site which switches http: to https:.
Find all posts by this user
Like Post Quote this message in a reply
11-08-2010, 05:57 AM,
#5
RE: Can this forum have a secure login?
...or just believing 100% that you are always safe and that no one can hack your comp, and let the metaphysical magic flow!

Tongue
Godspeed!
Find all posts by this user
Like Post Quote this message in a reply
11-17-2010, 01:12 AM,
#6
RE: Can this forum have a secure login?
Hey there!

Yes, for the reasons that we are not harboring any private or sensitive data, L/L decided to use a standard login for the site when we first put Bring4th together since we were already using SSL in the store, and because the hosting plan allowed only one cert per domain. But since the store login deals with sensitive data, we naturally chose to put the cert where it is most important.

Hackers won't really be able to do much if they got into the system. There's a pile of posts, which are backed up nightly (as well as the server and all of Bring4th), and all passwords use a hashing algorithm called MD5, which means that even if someone got a hold of the database, the passwords would appear as gibberish. So worst case, we'd have to roll the site back a maximum of 24 hours, or as little as a couple hours.

As far as what we should do moving forward, I think the idea is definitely worth considering for version 2.0 of Bring4th, which will go into development after a few other projects clear the deck. So worse case, there will be just a small delay. :-)

For a quick workaround, if you know you are going to a public wi-fi location, you could always log into Bring4th from home so that the session cookie is placed on your computer. Then when you go to McDonalds and connect to Bring4th.org, it will automatically place you into the site, since you haven't logged out, and the site looks for existing sessions to save you from having to log in each time.

Let me know if you have any more questions!
Take care,
Steve
Find all posts by this user
Like Post Quote this message in a reply
11-17-2010, 03:50 AM,
#7
RE: Can this forum have a secure login?
Thanks for clarifying the options and the current situation.

I guess to be safest with the session cookie, I should log out and log back in when at home. That way, a sniffed session cookie from yesterday's eavesdropping couldn't be replayed to hack today's session.

However the chances that anyone at my local McD's is sophisticated enough to run a packet sniffer, and also devious enough to want to spoof random strangers on random sites, feels pretty small to me. Most of the kids who frequent there seem to have enough trouble spelling their own names with their spray cans.

Of course, some people might think that a random hacker's impersonation of me is more insightful than the real me. Who knows, they could be right. Big Grin
Find all posts by this user
Like Post Quote this message in a reply
11-17-2010, 10:51 AM,
#8
RE: Can this forum have a secure login?
(11-17-2010, 01:12 AM)Bring4th_Steve Wrote:  Hackers won't really be able to do much if they got into the system. There's a pile of posts, which are backed up nightly (as well as the server and all of Bring4th), and all passwords use a hashing algorithm called MD5, which means that even if someone got a hold of the database, the passwords would appear as gibberish. So worst case, we'd have to roll the site back a maximum of 24 hours, or as little as a couple hours.

its not an issue of them hacking into database. a script kiddie can hijack a session and start posting v1agRa ads all around the forum with a user's account. or, start deleting their posts just for kicks. or editing them.

Quote:For a quick workaround, if you know you are going to a public wi-fi location, you could always log into Bring4th from home so that the session cookie is placed on your computer. Then when you go to McDonalds and connect to Bring4th.org, it will automatically place you into the site, since you haven't logged out, and the site looks for existing sessions to save you from having to log in each time.

Let me know if you have any more questions!
Take care,
Steve

at this state, its better they didnt do that. the problem is not login/pass getting transmitted over unencrypted connections. its the cookie/session being hijacked.

http://en.wikipedia.org/wiki/Firesheep

its all the rage these days.
can reach me@ unity100-gmail
Find all posts by this user
Like Post Quote this message in a reply
11-23-2010, 01:14 AM,
#9
RE: Can this forum have a secure login?
MyBB 1.6 is out, why not upgrade?
Laugh and enjoy yourself
- Quo
Find all posts by this user
Like Post Quote this message in a reply
11-23-2010, 01:31 AM,
#10
RE: Can this forum have a secure login?
We will be going to 1.6 when we create the next version of Bring4th.

We can't upgrade to it now because I had to do some heavy modding to the source code in order to do "single sign-on" for the blog system, chat, forums, and store. The store was SSO at one point but we had to have separate sign-ons in order to comply with the merchant's security policy.

Also, 1.6 is a huge code-rewrite, according to MyBB. So I tend to avoid upgrading right away until bugs are worked out and it is known to be stable. By the time bring4th 2.0 is created, we should be in good shape.

Steve

(11-23-2010, 01:14 AM)turtledude23 Wrote:  MyBB 1.6 is out, why not upgrade?
Find all posts by this user
Like Post Quote this message in a reply
11-23-2010, 03:02 AM,
#11
RE: Can this forum have a secure login?
Unity, we have to draw the line somewhere. There are no perfect answers when it comes to security. There are only practical answers. If someone wants to get into a system badly enough, they will find a way. Mentioning FireSheep just makes me want to counter with suggesting BlackSheep, which sits on Firefox as well, and notifies the user if Fire Sheep is being used to sniff packets.

Again, since we are not managing things like financial transactions, if a script kiddie gets in and edits or adds a slew of posts, we can always roll back the few minutes or hours that transpired. Thankfully our members are so proactive and protective of bring4th that we find out about spam and bots "minutes" after any offensive action is made. So that is where practicality trumps overkill.

Anyway, the interesting outcome from this thread is that I may look to explore the possibility of running the entire site off of SSL.

Thanks for the great feedback!
Steve

(11-17-2010, 10:51 AM)unity100 Wrote:  
(11-17-2010, 01:12 AM)Bring4th_Steve Wrote:  Hackers won't really be able to do much if they got into the system. There's a pile of posts, which are backed up nightly (as well as the server and all of Bring4th), and all passwords use a hashing algorithm called MD5, which means that even if someone got a hold of the database, the passwords would appear as gibberish. So worst case, we'd have to roll the site back a maximum of 24 hours, or as little as a couple hours.

its not an issue of them hacking into database. a script kiddie can hijack a session and start posting v1agRa ads all around the forum with a user's account. or, start deleting their posts just for kicks. or editing them.

Quote:For a quick workaround, if you know you are going to a public wi-fi location, you could always log into Bring4th from home so that the session cookie is placed on your computer. Then when you go to McDonalds and connect to Bring4th.org, it will automatically place you into the site, since you haven't logged out, and the site looks for existing sessions to save you from having to log in each time.

Let me know if you have any more questions!
Take care,
Steve

at this state, its better they didnt do that. the problem is not login/pass getting transmitted over unencrypted connections. its the cookie/session being hijacked.

http://en.wikipedia.org/wiki/Firesheep

its all the rage these days.
Find all posts by this user
Like Post Quote this message in a reply
11-23-2010, 12:21 PM,
#12
RE: Can this forum have a secure login?
(11-23-2010, 03:02 AM)Bring4th_Steve Wrote:  Again, since we are not managing things like financial transactions,

steve, i think that what are being discussed here, are much more important than any financial transaction. some things are hitting the fan, there are going to be a lot of changes in the inner world of people, and even in the outer world soon, and whatever people share/discover together here or in similar places will have a long lasting effect for decades to come, for many people, and maybe even more.

indeed, i truly believe what are being discussed here is much more important than anything else going on in this planet. because, these are the very things that affect not only people's minds and hearts and choices and perception, but they also have a solid effect in time/space, due to the nature of concepts discussed. and anything that settles in time/space, eventually comes into being in space/time.

my concern is :

Quote:if a script kiddie gets in and edits or adds a slew of posts, we can always roll back the few minutes or hours that transpired. Thankfully our members are so proactive and protective of bring4th that we find out about spam and bots "minutes" after any offensive action is made. So that is where practicality trumps overkill.

if, the site is being backed up with one week retention or so, that's good. but, it is rare for web hosts to do that, since it requires a whopping storage even with an incremental system.

moreover, back a year ago or so, one of the mid-size web shared hosts got almost destroyed. someone hacked their racks, not only that, they also got into their backup, due to the software running to back it up in that system. they also erased their backups. they had to roll back to a much earlier date.

granted, that was a more sophisticated attack on a rather guarded target. however :

Quote:Anyway, the interesting outcome from this thread is that I may look to explore the possibility of running the entire site off of SSL.

Thanks for the great feedback!
Steve

it isnt much. its just some cheapo ssl cert for $30-40 yearly, bought for the bring4th.org domain. yet, it could alleviate a lot of potential issues regarding script kiddies. there are a lot of places, rapidssl, geocerts etc to buy them from.

i dont think funds of ll is lacking for $30-40 a year. even if it is, a lot of people here would provide it anonymously, without blinking.
can reach me@ unity100-gmail
Find all posts by this user
Like Post Quote this message in a reply
11-23-2010, 10:05 PM,
#13
RE: Can this forum have a secure login?
It appears that there is more to it than just getting a cert. we'd also need to get another public IP address. Bring4th.org currently has an SSL cert for store.bring4th.org on the same IP address.

i.e.

> http://www.bring4th.org
Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1

Non-authoritative answer:
Name: bring4th.org
Address: 74.52.106.43
Aliases: http://www.bring4th.org

> store.bring4th.org
Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1

Non-authoritative answer:
Name: store.bring4th.org
Address: 74.52.106.43

They must be using host headers to separate sites on the same IP address. You can't do the same with SSL.
Quote this message in a reply
11-23-2010, 10:28 PM,
#14
RE: Can this forum have a secure login?
Well, not necessarily. We don't "have" to have the store on a sub-domain. If the operating budget only allows for one IP, then we'll get a certificate for the http://www.bring4th.org and simply have the store live at http://www.bring4th.org/store. We then simply point the non-SSL sub-domain (store.bring4th.org) to the new store URL that is protected by SSL (http://www.bring4th.org/store).

(11-23-2010, 10:05 PM)seejay21 Wrote:  It appears that there is more to it than just getting a cert. we'd also need to get another public IP address. Bring4th.org currently has an SSL cert for store.bring4th.org on the same IP address.

i.e.

> http://www.bring4th.org
Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1

Non-authoritative answer:
Name: bring4th.org
Address: 74.52.106.43
Aliases: http://www.bring4th.org

> store.bring4th.org
Server: vnsc-pri.sys.gtei.net
Address: 4.2.2.1

Non-authoritative answer:
Name: store.bring4th.org
Address: 74.52.106.43

They must be using host headers to separate sites on the same IP address. You can't do the same with SSL.
Find all posts by this user
Like Post Quote this message in a reply
11-23-2010, 10:33 PM, (This post was last modified: 11-23-2010, 10:39 PM by unity100.)
#15
RE: Can this forum have a secure login?
An ip should be at most 1 buck per month. at least, theplanet (before being bought by softlayer) have used to give them at that rate. that means, any shared host should be offering it from at most 1-2 bucks a month to their clients. so, its a trivial matter.

however the method steve says would also work seamlessly. but it should be with a 403 permanently moved redirect, so that google will carry over the stats of stores.bring4th to the new url.
odd,

geocerts, rapidssl etc do not sell from that rate, but, $19/year ssl certs are available from RapidSSL in my reseller account at enom. hah

http://www.clickssl.com/rapidssl/rapidssl-products.aspx

there are resellers selling them from even 15.
can reach me@ unity100-gmail
Find all posts by this user
Like Post Quote this message in a reply
11-23-2010, 11:13 PM,
#16
RE: Can this forum have a secure login?
Quote:steve, i think that what are being discussed here, are much more important than any financial transaction. some things are hitting the fan, there are going to be a lot of changes in the inner world of people, and even in the outer world soon, and whatever people share/discover together here or in similar places will have a long lasting effect for decades to come, for many people, and maybe even more.

I understand why you feel the content of this site can be seen as priceless. But I was not speaking about the subjective value of lost content. Rather, I was using financial transactions to justify where one might draw the line in terms of the degree of security measures implemented.

1. Transaction data, if hacked, can wreak havoc on many people's financial lives, as personal data is usually transferred to others for nefarious purposes.

2. Content data from Bring4th, if hacked, can simply be restored. Two entirely different levels of security concern.

Quote:indeed, i truly believe what are being discussed here is much more important than anything else going on in this planet.

That's great! But we are not talking about perceived value, we're talking about the degree of security implemented being directly proportional to the sensitivity and impact of the potential data lost. Again, no matter what happens to Bring4th, it can be restored within moments. Therefore, login security to a forum does not need to be the same as, say, an online store, where credit card information is passed to an outside party and could potentially be sniffed and lifted.

Quote:my concern is :

Quote:if a script kiddie gets in and edits or adds a slew of posts, we can always roll back the few minutes or hours that transpired. Thankfully our members are so proactive and protective of bring4th that we find out about spam and bots "minutes" after any offensive action is made. So that is where practicality trumps overkill.

if, the site is being backed up with one week retention or so, that's good. but, it is rare for web hosts to do that, since it requires a whopping storage even with an incremental system.

Bring4th is backed up every 24 hours via a process called "differential backup". It does not require whopping storage. The host backs up our data once, and can roll back to whatever day we wish, within a greater window of time. To save space, the web host only stores new data from day to day, not duplicates of the entire database and web directories/folders.

Quote:moreover, back a year ago or so, one of the mid-size web shared hosts got almost destroyed. someone hacked their racks, not only that, they also got into their backup, due to the software running to back it up in that system. they also erased their backups. they had to roll back to a much earlier date.

In addition to automated datacenter backups, I run my own backups, including copies of the forum database once a week. So even if our hosting center were to fall into the ground, the worst case is that we would lose a week of posting. Considering the extreme example of an actual datacenter literally falling into the ground, I think our members would be gracious enough to understand the extreme circumstances. I am not downplaying your argument that that events do happen, Unity. Datacenters even have its users sign hosting contracts acknowledging that "Acts of God" can occur, and that data is not absolutely safe nor guaranteed.

Quote:
Quote:Anyway, the interesting outcome from this thread is that I may look to explore the possibility of running the entire site off of SSL.

Thanks for the great feedback!
Steve

it isnt much. its just some cheapo ssl cert for $30-40 yearly, bought for the bring4th.org domain. yet, it could alleviate a lot of potential issues regarding script kiddies. there are a lot of places, rapidssl, geocerts etc to buy them from.

i dont think funds of ll is lacking for $30-40 a year. even if it is, a lot of people here would provide it anonymously, without blinking.

Yep, the expense is not really the issue, it is taking the time to integrate it into the site, since many of our moving pieces would start complaining if we were to suddenly mix secure and unsecure data. This is not something where you can just throw an SSL certificate on a domain and be done with it. There are many, many considerations and modifications that need to be implemented, especially when using multiple applications and data sources that aren't natively using secure means. We are also using newer technologies like AJAX, which has its own moods when dealing with mixed content (SSL vs non-SSL). This is why you don't see every web site running site-wide SSL, and it is also why I mentioned I think it's a good idea to consider the feasibility of site-wide SSL first, during the planning period for our version 2.0 of Bring4th.

Steve
Find all posts by this user
Like Post Quote this message in a reply
11-23-2010, 11:20 PM,
#17
RE: Can this forum have a secure login?
(11-23-2010, 10:33 PM)unity100 Wrote:  An ip should be at most 1 buck per month. at least, theplanet (before being bought by softlayer) have used to give them at that rate. that means, any shared host should be offering it from at most 1-2 bucks a month to their clients. so, its a trivial matter.

Yep, I understand. I might need to clarify. When I said that it is an expense for consideration, I did not mean that it is an expense that L/L could not afford. Clearly, $30/year here, and $19/year there is completely digestible.

I was only referring to the fact that there is more than one way to solve the issues at hand. For example, we don't need 2 IPs, or two SSL certs, since there are other ways to easily provide the same protections through simple site re-engineering.

So when the two options are proposed to a non-profit organization, I would suspect that they would be in favor more of any "free" options, versus ones that cost money, no matter how trivial the expense may be. "Every little bit helps!" :-)

Steve
Find all posts by this user
Like Post Quote this message in a reply
11-24-2010, 10:44 AM,
#18
RE: Can this forum have a secure login?
(11-23-2010, 11:13 PM)Bring4th_Steve Wrote:  Bring4th is backed up every 24 hours via a process called "differential backup". It does not require whopping storage. The host backs up our data once, and can roll back to whatever day we wish, within a greater window of time. To save space, the web host only stores new data from day to day, not duplicates of the entire database and web directories/folders.

So, they are doing a one week retention or what ? or, just one day ? that matters. a lot of hosts do say that they are doing daily backups, and differentially too, but they do not state whether they are having one week retention or not.

if there isnt one week retention, you can only roll back to the last day's state. if someone messes with the site just a few hours after retention, you cant roll back at all.


Quote:
Yep, the expense is not really the issue, it is taking the time to integrate it into the site, since many of our moving pieces would start complaining if we were to suddenly mix secure and unsecure data. This is not something where you can just throw an SSL certificate on a domain and be done with it. There are many, many considerations and modifications that need to be implemented, especially when using multiple applications and data sources that aren't natively using secure means. We are also using newer technologies like AJAX, which has its own moods when dealing with mixed content (SSL vs non-SSL). This is why you don't see every web site running site-wide SSL, and it is also why I mentioned I think it's a good idea to consider the feasibility of site-wide SSL first, during the planning period for our version 2.0 of Bring4th.

Steve

none of these will be a problem if the site was coded with relative urls, without addition of domain names. only in places where there are links in between separate installations of features probably, like store and the site. but i believe you have integrated various open source scripts to establish most of the features, so, they should be ok within themselves.

Quote:That's great! But we are not talking about perceived value, we're talking about the degree of security implemented being directly proportional to the sensitivity and impact of the potential data lost. Again, no matter what happens to Bring4th, it can be restored within moments. Therefore, login security to a forum does not need to be the same as, say, an online store, where credit card information is passed to an outside party and could potentially be sniffed and lifted.

im not talking about perceived value either.

something someone will read here, will change his/her fate, decisions, even a lot of things in spiritual realm, and then these will reflect eventually back into physical realm. real lives. real people. real acts. real results. real world.

i personally would dread losing a single bit of anything someone shared, because that could be the piece which would affect a random person's life fundamentally for the good. and when you sum up a lot of stuff like that, it totals to serious consequences for a lot of people.

i dont know. it feels to me that maybe you are underestimating the value of what is happening here.
can reach me@ unity100-gmail
Find all posts by this user
Like Post Quote this message in a reply
11-25-2010, 12:45 AM,
#19
RE: Can this forum have a secure login?
Quote:i dont know. it feels to me that maybe you are underestimating the value of what is happening here.

Unity, you are starting to make this personal, so let's get back on track again.

In all fairness, I probably don't appear to be as concerned as you because I know we have redundant, daily backups of our data and of the site. It's as simple as that from a day-to-day operations perspective.

Now, I do understand your point of view that a single post could make the difference between a person "awakening" or facilitating a life change--something that is priceless. I am not dismissing the importance of the concept, as we are taught that all actions in one's life are sacred and important, even if the action is self-judged to be unimportant, trivial, or irrelevant to one's spiritual progress.

However, I feel you have not yet recognized that if a catalyst becomes "exceedingly important" to experience at this exact space/time nexus, and it does not materialize or become experienced due to something like a web site data loss problem, then we--before incarnation--would have "most probably" created an alternative catalyst and/or timeline to manifest an exact or similar catalyst in another form, to prevent missing the intended lesson or experience.

One could also argue that a particular space/time event is NOT the time and place for a particular soul to have such an awakening, and so a catastrophic failure of the web site is orchestrated and agreed to by all parties, before incarnation, so that the person could avoid receiving a premature catalyst that ultimately is not in his/her best interest at such space/time.

The only other option is for Bring4th and the Archive site to be hosted in a clustered, co-located, fully redundant (peripheral & power), underground environment (to avoid the potential effects of warfare, Earth events, and/or coronal mass ejections) with military-grade physical security and green, off-grid secondary power sources, all of which operates in geographic locations that are known industry-wide to be low-risk for catastrophe. But to pay for that level of service goes beyond the means of L/L, unfortunately. So I do hope you appreciate that we are doing what we can, within the organization's means.

In weighing risk-versus-budget-versus-practicality, I don't know how else to help put your mind at ease. If you have some ideas, please send them in to Gary so the entire L/L team can weigh the pros and cons of any recommendations, especially as version 2 undergoes planning. I'm sure we are all in agreement that the more protection we can offer L/L's web sites, the better. And there are certainly a million ideas out there that are better than my own, so please feel free to offer what you feel would work best.

Steve
Find all posts by this user
Like Post Quote this message in a reply
11-25-2010, 11:45 AM,
#20
RE: Can this forum have a secure login?
To be fair, a daily backup cycle is really more than sufficient for a social forum... Our company doesn't do a better job than that.

The idea that some post seen by some person suddenly triggers a life change is very hypothetical. Even if we were for some reason to lose all posts this would not severely hamper the forum. Yes it'd be a loss but my usual business is 99% reading and adding new stuff, and 1% reading back through old posts.

99% of my enjoyment of this forum thus won't be hindered even in the worst case.
Find all posts by this user
Like Post Quote this message in a reply
11-25-2010, 11:53 AM, (This post was last modified: 11-25-2010, 12:34 PM by unity100.)
#21
RE: Can this forum have a secure login?
(11-25-2010, 12:45 AM)Bring4th_Steve Wrote:  
Quote:i dont know. it feels to me that maybe you are underestimating the value of what is happening here.

Unity, you are starting to make this personal, so let's get back on track again.

In all fairness, I probably don't appear to be as concerned as you because I know we have redundant, daily backups of our data and of the site. It's as simple as that from a day-to-day operations perspective.

Now, I do understand your point of view that a single post could make the difference between a person "awakening" or facilitating a life change--something that is priceless. I am not dismissing the importance of the concept, as we are taught that all actions in one's life are sacred and important, even if the action is self-judged to be unimportant, trivial, or irrelevant to one's spiritual progress.

However, I feel you have not yet recognized that if a catalyst becomes "exceedingly important" to experience at this exact space/time nexus, and it does not materialize or become experienced due to something like a web site data loss problem, then we--before incarnation--would have "most probably" created an alternative catalyst and/or timeline to manifest an exact or similar catalyst in another form, to prevent missing the intended lesson or experience.

One could also argue that a particular space/time event is NOT the time and place for a particular soul to have such an awakening, and so a catastrophic failure of the web site is orchestrated and agreed to by all parties, before incarnation, so that the person could avoid receiving a premature catalyst that ultimately is not in his/her best interest at such space/time.

this is a very long discussion with very intricate details. i will not branch into that.

Quote:And there are certainly a million ideas out there that are better than my own, so please feel free to offer what you feel would work best.

Steve

a $20 buck a month rsync backup from some place like bqbackup com or another, set up to do 7 day retention with the backups, would more than suffice.

im easily backing up 200 clients' websites with that method. same solution would be enough to make a 7 day retention, maybe even a month's retention for a forum this size.

.................

As a sidenote, im backing up close to 225 or so websites, totally uncompressed with above rsync method. Ie, their core folders and dbs are being directly copied to a backup partition without being compressed, and rsynced from out there to remote server, again without being compressed. the space requirement for a compressed backup would probably be much lower.
can reach me@ unity100-gmail
Find all posts by this user
Like Post Quote this message in a reply
11-25-2010, 06:52 PM,
#22
RE: Can this forum have a secure login?
Quote:i dont know. it feels to me that maybe you are underestimating the value of what is happening here.

Just want to comment that this forum has the potentiality (at least) of this that is being discussed here. If we consider that The Ra Material in many portions is Ra talking/communicating with the Ra Soul Complex's Wanderer (and others). If we also take into account that many here are precisely Wanderers from Ra (again, probably among others, including a few 3D) we can see from a 3d perspective that a "tune" is starting to form.

There is not much time left. Many just with their presence will change things around. (By the way, how many of you have moved to another area in the last few years or recently?).
Quote this message in a reply
11-26-2010, 12:14 AM,
#23
RE: Can this forum have a secure login?
Hi Unity,

Yep, we are doing something very similar right now with CRON jobs, and backing up to a separate server located across the country (in addition to the web host's own differential backups).

I'll look up that service you talked about. rsync is pretty much the norm in my datacenter at work, so I think you and I are on the same page. I'll propose to L/L that we should subscribe to a service like the one you mentioned, to do the backing up (instead of me doing it daily with a script). I like that there is retention in that service you mentioned, as opposed to retention just with my web host.

Thanks for the info!
Steve

(11-25-2010, 11:53 AM)unity100 Wrote:  
(11-25-2010, 12:45 AM)Bring4th_Steve Wrote:  
Quote:i dont know. it feels to me that maybe you are underestimating the value of what is happening here.

Unity, you are starting to make this personal, so let's get back on track again.

In all fairness, I probably don't appear to be as concerned as you because I know we have redundant, daily backups of our data and of the site. It's as simple as that from a day-to-day operations perspective.

Now, I do understand your point of view that a single post could make the difference between a person "awakening" or facilitating a life change--something that is priceless. I am not dismissing the importance of the concept, as we are taught that all actions in one's life are sacred and important, even if the action is self-judged to be unimportant, trivial, or irrelevant to one's spiritual progress.

However, I feel you have not yet recognized that if a catalyst becomes "exceedingly important" to experience at this exact space/time nexus, and it does not materialize or become experienced due to something like a web site data loss problem, then we--before incarnation--would have "most probably" created an alternative catalyst and/or timeline to manifest an exact or similar catalyst in another form, to prevent missing the intended lesson or experience.

One could also argue that a particular space/time event is NOT the time and place for a particular soul to have such an awakening, and so a catastrophic failure of the web site is orchestrated and agreed to by all parties, before incarnation, so that the person could avoid receiving a premature catalyst that ultimately is not in his/her best interest at such space/time.

this is a very long discussion with very intricate details. i will not branch into that.

Quote:And there are certainly a million ideas out there that are better than my own, so please feel free to offer what you feel would work best.

Steve

a $20 buck a month rsync backup from some place like bqbackup com or another, set up to do 7 day retention with the backups, would more than suffice.

im easily backing up 200 clients' websites with that method. same solution would be enough to make a 7 day retention, maybe even a month's retention for a forum this size.

.................

As a sidenote, im backing up close to 225 or so websites, totally uncompressed with above rsync method. Ie, their core folders and dbs are being directly copied to a backup partition without being compressed, and rsynced from out there to remote server, again without being compressed. the space requirement for a compressed backup would probably be much lower.
Find all posts by this user
Like Post Quote this message in a reply
11-26-2010, 12:20 AM,
#24
RE: Can this forum have a secure login?
Friendly Reminder!

We need to make sure this thread stays on topic. I am even guilty of inviting Unity out on a philosophical jaunt at one point in this thread, which he smartly deferred to another time/place. hehe

I am thinking that in the next version of Bring4th, we'll add another forum that will be for improvements or technical considerations. This thread has been great in helping me fine tune things.

Thanks for all of your input, everyone!
Steve
Find all posts by this user
Like Post Quote this message in a reply
11-26-2010, 05:35 AM,
#25
RE: Can this forum have a secure login?
bqbackup doesnt provide retention in itself. it just provides a rsync backup place. ie a full fledged rsync.

people do rsync's retention themselves.

if, the backup you are now using is capable of doing retention for 7 days or so, it would do just as good as any other backup.

datacenters also provide incremental backups with retention often. theplanet (now merged into softlayer) provided an in house backup named disksync based on rsync. it had a quite developed interface which allowed easy formatting of schemes, retention periods, incremental data etc etc.

alternatively, apparently, if the site is hosted on a cpanel/whm server, it is possible to take incremental backups over it it seems :

http://forums.cpanel.net/f5/question-about-incremental-backups-57925.html

i didnt know that.

so, it seems its possible to take inctremental cpanel backups of all accounts for a retention period.

these then can be rsynced to the remote backup server as they are. cpanel does the retention/incremental, rsync does the remote hauling.

actually when the incremental retentions are ready it doesnt matter how they are copied to the remote server i believe.

i gotta look into this.


(11-26-2010, 12:14 AM)Bring4th_Steve Wrote:  Hi Unity,

Yep, we are doing something very similar right now with CRON jobs, and backing up to a separate server located across the country (in addition to the web host's own differential backups).

I'll look up that service you talked about. rsync is pretty much the norm in my datacenter at work, so I think you and I are on the same page. I'll propose to L/L that we should subscribe to a service like the one you mentioned, to do the backing up (instead of me doing it daily with a script). I like that there is retention in that service you mentioned, as opposed to retention just with my web host.

Thanks for the info!
Steve
can reach me@ unity100-gmail
Find all posts by this user
Like Post Quote this message in a reply
11-26-2010, 12:28 PM,
#26
RE: Can this forum have a secure login?
Thank you Steve, for all your efforts in maintaining this forum, and for serving the community that comes here.

If all of our login acccounts get hacked, backup jobs fail, and your server become a botnet zombie, I will always be thankful for the friends I had found here, and the education in Love and Light.

THANK YOU!
Quote this message in a reply




Users browsing this thread: 1 Guest(s)