Pixy, I got this email from N.Z. Bear today. I thought rather than just forward it, I'd share it here because we have quite a few tech-savvy munuvians.
I present it without judgment, because I have the technical skilzz of a blind cave salamander.
The email is below the fold, here's his post on the subject.
Glenn reports that Jeff Goldstein is suffering another DDOS attack, limiting access to the Protein Wisdom we all crave.
I agree with the Instafellow: this is indeed getting out of hand.
So I have a thought. It seems that what we bloggers need is a way to combat a Distributed Denial Of Service (DDOS) attack which leverages the same principals as the attack itself --- most particularly, the Distributed part. Call it a Distributed Guarantee Of Service.
The challenge is this: how could we establish a system so that a blogger suffering a DDOS attack (or simple system downtime, even) could be guaranteed a way to post during their outage.
The key part would be setting up a way for member blogs to 'host' a downed blogger's posts. It seems to me that there are two categories of bloggers that matter here: those that are on limited / controlled hosts such as Blogspot (who therefore can't run server-side scripts, but can generally include Javascript code) and those who have full hosts (who can run PHP or other server-side scripts).
So what I'm picturing is a PHP script that would provide the actual 'hosting' which would run on the full hosts, and actually act as a temporary guest home for a downed blogger. And then perhaps a Javascript applet for the limited hosts which could at least serve as a notifying beacon that there is a blogger in 'down' status, and link a reader to the full hosts to actually see that blogger's posts.
There's lots of design details to be done here. How could the blogger post? E-mail, or via a simple web-form hosted by the full members? How can the post, once entered on one full member's site, be replicated automatically to all other members? (That's the magic: it has to be replicated so that the DDOS attacker can't just re-target a single backup site).
I'll noodle on this more and post further thoughts, but I'd like to open the discussion and get some other smart minds working on this problem. Comments are open --- let's get to work!
-N.Z.
Posted by Vinnie at July 10, 2006 08:23 PM | TrackBackPixy, could you include DDOS insurance in Minx? I'm thinking of something like this:
1. When you sign up for blog insurance, your templates and last few dozen posts are backed up at 10 random Minx hosts. Also your SHA-encrypted password.
2. Every Minx host keeps a list of the backup hosts of all blogs.
3. To get insurance, you must place a "Get any insured blog" icon near the top of your blog.
4. When end users click on the icon, the original blog host is accessed. If that fails, a backup host is accessed, and the accessing host adds itself to the list of backup hosts.
5. The blogger can log in on any backup host to add new posts.
Of course, I've left out a lot of details, but I hope you get my drift.
Posted by David Boxenhorn at July 10, 2006 10:02 PMI'm just going to throw this out there, and in turn, reveal my not-having-meditated-on-the-above-post-for-more-than-3-seconds-&-instead-typeblurting-this-out:
Can the attacker just change his/her/their target from the primary blog in its crosshairs and then focus on attacking the other backup hosts?
Or is the idea that the posts would be backed up on multiple "mirror" blogs and then the doinkhead would just give up?
Posted by kyer at July 10, 2006 11:13 PMFor the commercial operation, we'll have clusters of servers at multiple datacenters, with everything replicated between them. Any server in any cluster can act as the host for any blog. And each server has (at least) five IP addresses.
So if the attackers focus on a particular IP, we just block that one and keep on going on the other 149.
It wasn't designed that way primarily as DOS-mitigation: We need it to be extremely scaleable, and cheaply scaleable, and we need to be able to take hardware down for maintenance without the users even noticing. That the solution is also highly resistant to DOS attacks is a bonus.
Posted by Pixy Misa at July 11, 2006 01:44 AMWow, Pixy, that's great!
What if people want to run Minx on their private server?
Posted by David Boxenhorn at July 11, 2006 05:26 PMWell, there may be an open source release at some point. But initially, it will be closed all the way. Mine! Mine mine mine!!
Posted by Pixy Misa at July 11, 2006 11:25 PMYou know, there is another model: selling it. I think that people might pay for blog insurance.
Posted by David Boxenhorn at July 13, 2006 12:55 PMSelling the application?
The problem is, to have the blog insurance, you have to have Minx running your blog on multiple servers. No individual blogger is going to go to that effort and expense (it's a lot harder to install than a typical PHP app), and the people who would do it would be in direct competition with the new site. Not very workable.
But a stripped-down version of Minx released as open source might be a possibility.
I was thinking that the Minx blogs as a group would insure each other. I think that could be done (though Minx is not necessarily built to do it).
Posted by David Boxenhorn at July 14, 2006 02:29 PM