Development log: 2022-03-25

johnwalker · 25 March 2022 14:37

2022 March 25

Made a mirror backup to Juno

Made a backup AMI:
    Scanalyst Backup 2022-03-25  ami-0ccda660ae2fae1f8
        /           snap-0e7378a0c77989f2c
        /server     snap-09a022b95471c760b

The system had been up for 55 days.

Installed 32 update packages, 19 for security.
    super
    yum update

Stopped Discourse.
    cd ~/discourse/image
    ./launcher stop app

Rebooted.

The system came up promptly after the reboot.  We are still running on
kernel 4.14.268-205.500.amzn2.x86_64.

The Discourse Docker container started automatically after the reboot
and serves HTTP requests normally.

On the Discourse Upgrade manager page:
    https://scanalyst.fourmilab.ch/admin/upgrade

docker_manager was already Up to date.

I upgraded:
    discourse-math      (MathJax)
    discourse-spoiler-alert
    discourse

There was no need to rebuild the Discourse image after this update.

The Admin page now reports we're running on 2.9.0.beta3.

Verified that spoilers and MathJax are working after being updated.

1789Libertarian · 25 March 2022 18:29

John, forgive my stupid question, but some of this looks like code. Should you be airing portions of code out in the open like this? Again, I know I am not the tech guy here, but I can recognize code, I am paranoid, and I like plausible deniability. Thank you in advance.

johnwalker · 25 March 2022 20:00

This is an extract from my development log for the site, which is posted in this group as I make entries in it. I have always published development logs for all software I develop or maintain, and consider it a part of the radical transparency which improves the quality of software and users’ experience with it.

Nothing in these logs is security related: the few odd items which might be, such as administrative passwords, are blanked out in these published editions. Discourse, the software that runs this site, is free and open source software. Anybody who is interested can download their own copy of the source code and examine it to their heart’s content. Want your own copy? Here you go!

Attempting to make systems secure by hiding implementation details is called “security through obscurity”, and it doesn’t work, or at least not for very long. True security is achieved by making the complete implementation details of the software available to anybody interested, regardless of the colour of their hat, and relying upon many independent sets of eyeballs to discover subtle vulnerabilities.

1789Libertarian · 25 March 2022 20:02

Thanks for the answer John. Like I said, I’m paranoid.