I’ve killed all the WordPress and Joomla sites, and almost done with the Drupals
Monday Status – a very productive day! I’m going to ignore all the nonsense going on in DC for the next four years and as my hero Afu says, “Focus on the work!”
To reduce the surface area of attacks, we’re ditching all CMS (No more WordPress, Joomla, or Drupal!) and rolling our own using the StreetCred Trust System and Adam Langely’s magical nonces (RoughTime). All pages served through Quantum now have magical headers added, but we haven’t fully implemented the RoughTime protocol yet. I’m sure about having to do batch processing for the signatures, but still unsure about the Merkle-tree distribution model as proposed. Google currently operates the only RoughTime server constellation, so Phr3sh-err is pricing the costs of operating our own in the cloud.
I’ve killed all the WordPress and Joomla sites, and almost done with the Drupals (1 and 1/4 sites left to convert). I’ll try to finish those before end of week. I want to use standard MVC (Model-View-Controller) programming models with Google’s Material Design coding standards. I’ve already written a NetBeans connector to our Google Cloud, so development should go forward quickly.
Tomorrow I want to layout a SOC framework, and eventually try to open source it. We’re worried about the bad guys getting our code and reverse engineering it, so the only viable option will to be to offer it as a service. Phr3sh-err wrote up specifications for our HPaaS, but I haven’t figured out a way to get the costs down enough for small businesses to afford them. They are the ones who need help the most!
Most small businesses only spend a few thousand on their websites. They can’t afford a $100,000 security person, much less a team to monitor 24/7/365. It also does no good to hire them, if you don’t invest the $200,000 a year to keep them trained. We have to use automation and other force multipliers to get costs down. What are most businesses doing currently? Most don’t have access to their server logs (and those that do don’t monitor them), so they don’t have a clue if they’ve been hacked for nearly a year after each incident. We have get businesses to shift from being reactive to proactive, but that is EXPENSIVE. If a small business could afford $1 million a year for a secure web site, they likely wouldn’t be considered a small business. How do we bridge that gap and make security affordable for everyone (if not free)??? I bet there are tons of cybersecurity grants out there, so I may do some research in that area over the weekend.
I sent my drone back to China, and getting a better graphics tablet to work on Blender 3d projects. I’ve written a python script that allows us to create render farms in the Google Cloud using preemptive VMs to get the costs down. We’re going to do some benchmarks soon, but none of these servers have GPUs. We really need to have a server farm just for Blender renders, but for now we have to share resources.
Thanks everybody for all of your help! We’ve gotten an amazing amount of work done over the past month. I appreciate all of your hard work and feedback!
Author Gary Wright