Glenn class=”textlink”>reports that Jeff Goldstein is suffering another DDOS attack, limiting access to the Protein Wisdom we all crave.
I agree with the Instafellow: this is indeed getting out of hand.
So I have a thought. It seems that what we bloggers need is a way to combat a Distributed Denial Of Service (DDOS) attack which leverages the same principals as the attack itself — most particularly, the Distributed part. Call it a Distributed Guarantee Of Service.
The challenge is this: how could we establish a system so that a blogger suffering a DDOS attack (or simple system downtime, even) could be guaranteed a way to post during their outage.
The key part would be setting up a way for member blogs to ‘host’ a downed blogger’s posts. It seems to me that there are two categories of bloggers that matter here: those that are on limited / controlled hosts such as Blogspot (who therefore can’t run server-side scripts, but can generally include Javascript code) and those who have full hosts (who can run PHP or other server-side scripts).
So what I’m picturing is a PHP script that would provide the actual ‘hosting’ which would run on the full hosts, and actually act as a temporary guest home for a downed blogger. And then perhaps a Javascript applet for the limited hosts which could at least serve as a notifying beacon that there is a blogger in ‘down’ status, and link a reader to the full hosts to actually see that blogger’s posts.
There’s lots of design details to be done here. How could the blogger post? E-mail, or via a simple web-form hosted by the full members? How can the post, once entered on one full member’s site, be replicated automatically to all other members? (That’s the magic: it has to be replicated so that the DDOS attacker can’t just re-target a single backup site).
I’ll noodle on this more and post further thoughts, but I’d like to open the discussion and get some other smart minds working on this problem. Comments are open — let’s get to work!
-N.Z.
Update: OK, we’ve got some good discussion rolling in the comments. So here’s the deal: I’ve got ideas, and I can contribute support & a bit of thought bandwidth to this effort. But there’s no way I can be the primary driver of this, what with everything else I’ve piled on my plate. So we need some volunteers who do have some bandwidth to form a working group to further flesh out this problem and potential solutions, and then go ahead and actually do it.
So: if you’re interested in being part of such an effort, speak up in the comments, and/or e-mail me directly. If necessary, I can set up a Wiki or a mailing list to facilitate the discussion — but if someone else can do that, go ahead and do it! I won’t be offended.
With that said, a few more ideas on the substance of the problem:
I believe our goal is not strictly “fault tolerance” for a given blog or set of blogs. I think accomplishing that is impractical, and would involve some kind of mirroring solution that would be overkill for what we’re trying to accomplish. In my mind, our goal should be to ensure that when a blogger’s site is down:
- a) They have a place to post new blog posts
- b) There is an established system so that their readers can find those new blog posts
- c) The new posts are hosted in a distibuted manner so that they are mirrored on many different sites and are therefore protected from a secondary DDOS attack.
Note that what this essentially means is that we wouldn’t be constantly mirroring every participating blog’s site — we’d simply be mirroring new posts by a downed blogger once the system is activated. This strikes me as a simpler, and more realistic approach, although I’m open to thoughts about some crude level of mirroring for recent, pre-DDOS attack posts. Terry proposed using RSS feeds below, which is a good first thought, but I can say from my experience with TTLB that the main problem there is many bloggers don’t include full content in their RSS feeds. I suspect a better solution might be brute force: just have a way to copy the full HTML of each blog’s front page to a distributed archive. The cleverest way would be to somehow have each blog copied to a small number of mirror-blogs (let’s say 10) — if we have a solution spanning hundreds or thousands of blogs, it obviously doesn’t make sense to have every blog mirrored at every other blog’s site.
Finally, I’d suggest that we approach this problem in several phases:
- Phase 1: Quick, Dirty, and Manual: With only a little bit of coordination, we could set up a mostly-manual system virtually immediately which would allow a downed blogger to have a place to go. This could be as simple as identifying several volunteers with MovableType or other full-hosted blogs who are willing to create a special “DGOS blog” within their installlation that, in the event of an attack, a downed blogger would be given access to for posting. I’m sure there are other ways to approach the problem manually too — let’s start there!
- Phase 2: Automated and Distributed: With a manual solution in place, we can focus on implementing the whiz-bang approaches I’ve started outlining above, or alternatives.
- Phase 3: Nirvana: With any complex implementation, I find that the first release is never really the full solution you wanted. We’ll probably find that we’ve got a medium-term Phase 2 solution that will work, but isn’t perfect, and a long-term Phase 3 solution that is really everything we want it to be.
OK, that’s enough from me for now. Like I said, please speak up if you’re willing to join a working group and get cracking on this, and even if you are not, please spread the word on this idea. Thanks!
-N.Z.
Update 7/11: I’m pleased to report that Tim at Aardvark Salad has joined the effort, and his initial thoughts on the problem can be found here. Tim has requested a SourceForge project site for the effort, which should hopefully be available later today. More to come…