[lug] Why is it SO easy to destroy cloud environments?

Paul E Condon pecondon at mesanetworks.net
Thu Oct 18 08:59:43 MDT 2012 

Rob,
I lurk on this list. I started when I moved to Boulder County from 
California nine years ago. I'm a retired physicist who has been 
following Linux since late in the 1990s, never reaching anything
approaching expert status. I also follow politics by lurking on
the web. 

It seems to me that your concern is much more than an annoyance to a
programmer. Leon Panetta (sp?) is in the news recently raising
alarums about terrorists attacking our cyber infrastructure.  Your's
is an issue of national importance. I can't do much about it other
than encourage you, and point out to you a local government
organization that might be able to help, and to maybe act as a
concerned citizen go between in case you have concerns about rattling
the chains of local bureaucrats. (Boulder is still a pretty small town
by national standards.)

NIST has a long history of working with industry to develop national
standards on all sorts of industrial issues. (I remember seeing at the
old campus of the Bureau of Standards, (NBS) some really big tapered
screw threads, which were described to me as the primary standards for
the threads on the ends of lengths of drill pipe in the oil
industry. NIST is the new name for NBS. ) 

According to the NIST website, they have a program in cloud computing.
They should be interested in your rant/concern. If you have tried to
talk to them and failed to get thru to anyone who appreciates the
problem, Jared Polis is our local Congressman. Like all
Congresspersons, he maintains a local office and a local staff mainly
for the purpose of helping people who want help from the government
bureucracy. It seems to me that in the current political climate,
belief that small business is the carrier of the American dream is an
article of faith. There really should be a vigorous response to even
very gentle prodding. If you don't think you can handle talking to a
politician, I can front for you to keep your name off the radar
screens of political wackos. But realize I'm not an expert in cloud,
or any other type of, computing. I may muddle the situation, if I get
involved.

It's OK for you to show this letter to anyone who questions you about
doing more that ranting on this issue. I think it's your civic duty.

On 20121009_114342, Rob Nagler wrote:
> > I can't believe you found it within yourself to type that... even in jest!
> 
> This is very serious to me, and why we have no production VMs at
> bivio.  We use the cloud, but only for development and test purposes.
> 
> How is "juju destroy-environment" any different than my for loop.
> 
> Here are the account cancellation policies for Linode and AWS:
> 
> http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/index.html?cancel-ec2.html
> http://library.linode.com/linode-platform/billing#sph_account-cancellation
> 
> Just for reference, here's what it says when I click on Cancel Account in AWS:
> 
>  Account Cancellation
> 
>     Once you select to cancel your Amazon Web Services account, you will
>     be required to sign up as a new user to begin using AWS again. All of
>     your current data will permanently be deleted and you will immediately
>     lose access to Amazon Web Services.
> 
>     Are you sure you want to cancel your AWS account? NOTE: You will not
>     be able to undo this cancellation.
> 
> The last line is amazing.  Your backups, snapshots, data, VM config,
> etc. are all going to be gone if you click "OK".  I've done this, and
> they are gone, forever.
> 
> Every cloud platform I've seen has this "Destroy World!" feature,
> which actually, is much easier than "Hello, World!".  Way more clicks
> to create and configure a single VM than to destroy your entire
> platform.
> 
> I think we have learned nothing from our past.  Read this article by
> Brian Reid from 1986:
> 
> ftp://rtfm.mit.edu/pub/reid.txt
> 
> This is worse than a screwdriver with a gelignite handle.  It's more
> like a screwdriver with a bunker busting bomb attached to the handle.
> 
> I have talked to numerous so-called experts about this problem, and
> nobody has 1) even thought of it, or 2) come up with a workaround.
> Even if you do "rm -rf /" on a real server, it doesn't destroy your
> backups, too.  It won't destroy disks in a vault, ever.  It doesn't
> destroy the physical computers.  Also, btw, it doesn't happen very
> quickly on a system with TBs of data.  Somebody would have to be
> pretty sneaky and really good to kill a large site by running rm -rf
> on all servers without you noticing.   "Destroy World!" is
> instantaneous.
> 
> I've been working in distributed systems for decades.  I have done
> some really, really dumb things, which were all recoverable.  As an
> example, I was the creator of the rsh configuration which amplified
> the problem in Reid's expose above.  There are some real issues with
> automation to this degree, and I learned that lesson in 1986.
> 
> It's only a matter of time before some large site goes down, hard and forever.
> 
> Rob
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

-- 
Paul E Condon           
pecondon at mesanetworks.net

More information about the LUG mailing list