2. Set Expectations
3. Practice Incident Response
The site blogs are currently locked down, and the latest notice is in effect [2004-07-29]
The goal is to revive the blogs one at a time, verifying that I can post successfully without further corruption. Before I do that, I will establish an incident-response procedure that allows for rapid response, roll-back, and reporting in the event of a new incident.
This is being accomplished in small steps:
Announce this process in case anybody is watching.
Let people know what they will see as recovery take place.
Make the incident-response setup for Spanner Wingnut first.
Practice the incident response on Spanner Wingnut, tuning the process and the materials.
Stabilize Spanner Wingnut as the the model for incident response and reporting on all of the blogs.
For each production blog, clone the appropriate incident-response materials and then reactivate the blog:
Post an entry announcing the reactivation.
Make other adjustments for being in full operation, including template changes
Restore operation with attention to regular backups.
Post an entry when full operation is restored.
Continue operation with appropriate backup procedures so that new incidents are captured rapidly and the blog is restored to operation quickly.
The following notice is added in the Spanner Wingnut site feed, followed by replication in the other site feeds:
This announcement is formed here with the following conditions:
- The entities that FrontPage inserts for extra spacing must be replaced by the direct character entity for a non-breaking (mandatory) space:  .
- <img ... > must be replaced by <img ... /> to satisfy XHTML formatting.
- <br> must be done as <br /> and the same for all other unbalanced HTML constructs.
- Make sure that all borders show up in preview, adding the px-suffix to attributes that need it.
- All URLs, including in <img>-elements, must be absolute URLs.
The notice is added at the beginning of a site-feed entry is as the content material of an entry having the following customized form:<entry> <title mode="escaped" type="text/html">Incident Response Setup</title> <link href="http://orcmid.com/sostegno/X040702C.htm" rel="alternate" title="X040702C: Incidence Response Setup" type="text/html"/> <id>http://orcmid.com/sostegno/X040702C.htm</id> <modified>2004-07-30T18:20:00Z</modified> <issued>2004-07-29T16:45:00-07:00</issued> <content type="application/xhtml+xml" xml:base="http://orcmid.com/BlunderDome/wingnut/" xml:lang="en-US" > <div xmlns="http://www.w3.org/1999/xhtml"> <!-- The content material goes in this space. --> </div> </content> </entry>
The variable information is shown in blue text.
This is the notice designed for announcing what can be expected to each of the currently locked-down site feeds:
[to be continued]
|You are navigating Orcmid's Lair||
created 2004-07-24-19:11 -0700 (pdt) by orcmid