Who Watches the Monitors | TechSNAP 117

chris

9 years ago

Extending your office LAN for remote office workers, monitoring the monitoring service, and Zynga\’s embarrassing Apache error.

Plus a HUGE batch of your questions, our answers, and much much more!

Use our code tech249 to score .COM for $2.49!

Get private registration FOR FREE with a .COM! code: free5

Visit techsnap.ting.com to save $25 off your device or service credits.

An interesting short article from USENIX that raises the question of how do you monitor your monitoring system?
The article breaks the monitor monitoring systems down based on their features:
Automated vs. manual execution
Automated vs. manual response
Destructive vs. non-destructive response
Monitoring vs. monitoring of notification services
For example, a “dead-man switch” is an example of an automated execution (releasing the trigger happens automatically), automatic response (no other action is required to cause the response) and is generally destructive
Another complication of monitoring systems is how do you monitor the notification service?
If the sysadmin gets notified that a service is down via text message, how do you ensure they actually got the text message?
One solution mentioned in the article is sending a text message to the on-duty admin at the start of each ‘shift’. If they do not get this message, they know something is wrong and investigate
A better solution to this may be a similar alert that they must acknowledge it, possible before the off-going sysadmin is allowed to leave
It is quite possible to ‘miss’ an event, especially when it becomes routine. If you get a text message every morning at 9am, would you notice if you didn’t get it one day?
Instead, what if the text message contained a URL you had to visit in order to acknowledge the message, else the alert would repeat and eventually escalate

A system designed to prevent someone with access to a system from determining what other operations are happening on that system
Seems relevant to our previous discussion about how from inside one VM you could collect enough data to disclose the private encryption keys of another VM running on the same physical hardware
The described system, ‘Ascend’ features ‘Obfuscated Instruction Execution’ and ‘Oblivious RAM’

When Zynga users were confronted with an HTTP Error 500 page from the fb.themepark.zynga.com server, it told them to email someone @themepark.com which they did not actually own
It appears Zynga uses Apache as their web server (no wonder they were throwing 500 errors under load), and had misconfigured the ‘ServerAdmin’ directive, so the error pages contained this incorrect email address
The unfortunate recipient of emails from many whiny facebook gamers complained to Zynga, but got no response
So he decided to have some fun with it, and wrote back responses trolling the users
“I know that For Canada Day, the engineering department wraps the .ca servers in Canadian flags, and then sets a plate of poutine on top. This sometimes can cause the server to overheat, and sometimes even get gravy into the login/logout module.”

[asa]B008U5ZNIG[/asa]