Tuesday, August 08, 2006

Lamont's Offer

I just spoke with the Lamont campaign. It seems that they have offered the Lieberman campaign the use of a tech person to fix their servers. They have not responded.

Also, will the more tech savvy than me please chime in below... Any campaign has all their code stored someplace, just in case something (like this) happens. How long would it take to put the website up on another server? Ten minutes? An hour? Surely less than 24 hours, right?

It seems that the news story has more value than their website, because they are not taking the steps necessary to get it back up as soon as possible.

Also, why aren't the mainstream media people asking the tech writers/correspondents at their own outlet? They should be able to answer these questions...

UPDATE:

Charles Gaba in the comments (in full, because he said it better than I could have):

I'm a web developer, not an actual sys admin, but I can tell you this much: the Lieberman campaign SHOULD have a full backup of the site, the database, redundant servers and power supplies. They SHOULD have several alternate domain names to redirect the primary domain towards, and each of those domains should be set up on a different server with at least a "bare bones" version of the website (the static stuff at least).

For that matter, I'm a bit stunned that a campaign as large and expensive as this one is doesn't have their web server in-house in the first place (instead of using an external 3rd-party hosting company). That's the sort of thing I'd expect from someone running for state house or city council, not the United States Senate (especially an incumbant!). I have no idea whether the Lamont campaign site is hosted in-house or not but I'd be pretty surprised if it isn't.

The bulk of the Lieberman campaign's static content (positions, photos, media files, etc) should have already been hosted on at least one backup site, hosted separately, at (for example) lieberman2006.com or something like that. In that situation, all they would have to do would be to change the name servers to repoint towards the alternate site--or, at worst, put a "this site has moved HERE" link on joe2006.com, just like you'd see on the simplest mom & pop site.

None of this is meant to forgive whoever took it down, but it shows a stunningly sloppy IT team at the Lieberman camp IMHO.


The Lieberman campaign sloppy? Couldn't be...

29 comments:

Anonymous said...

Is the Lamont camp offering the person who hacked the Lieberman website or another one of its techies? Just curious.

DemOfficeHolder said...

The website has been down, on and off, for 14 hours or so. The Lieberman campaign has had ample time to switch to new servers.

Instead, its techies are posting on Connecticut Local Politics.

I'm not accusing the Lieberman campaign necessarily of acting in bad faith, but they're clearly not in any hurry to get their website back online.

The True Gentleman said...

Gabe, I agree with you that this story has more value than the website. As the day progresses and people who have yet to vote hear allegations of hacking/denial of service attacks which may be (but in reality are not likely to be) the acts of the Lamont campaign, it may swings some votes Senator Lieberman's way.

bluecoat said...

Maybe BR or somebody up on this stuff can answer this question for me. Yesterday the Bridgeport DTC ran several half page ads in the CT Post asking/advising the Democratic voters to vote in the primary for the DTC endorsed candidates. They even ran an ad dissing Kevin Boyle who is running in the primary for probate judge against incumbent democrat Paul Gainm. Is that according to Hoyle? I would link the ads but I can't link ads that aren't on-line.

Gabe said...

Anon - 2:28 - I assume you have some facts to back that up, right? No? Just randomly making accusations, huh? Well, you are supporting the right guy, I guess.

dem office holder - why would they? They are getting free press by not fixing it..

Charles Gaba said...

Gabe--

I'm a web developer, not an actual sys admin, but I can tell you this much: the Lieberman campaign SHOULD have a full backup of the site, the database, redundant servers and power supplies. They SHOULD have several alternate domain names to redirect the primary domain towards, and each of those domains should be set up on a different server with at least a "bare bones" version of the website (the static stuff at least).

For that matter, I'm a bit stunned that a campaign as large and expensive as this one is doesn't have their web server in-house in the first place (instead of using an external 3rd-party hosting company). That's the sort of thing I'd expect from someone running for state house or city council, not the United States Senate (especially an incumbant!). I have no idea whether the Lamont campaign site is hosted in-house or not but I'd be pretty surprised if it isn't.

The bulk of the Lieberman campaign's static content (positions, photos, media files, etc) should have already been hosted on at least one backup site, hosted separately, at (for example) lieberman2006.com or something like that. In that situation, all they would have to do would be to change the name servers to repoint towards the alternate site--or, at worst, put a "this site has moved HERE" link on joe2006.com, just like you'd see on the simplest mom & pop site.

None of this is meant to forgive whoever took it down, but it shows a stunningly sloppy IT team at the Lieberman camp IMHO.

bluecoat said...

I should ad that they didn't just call for voting for the DTC enedorsed csndidates but all of the Party endorsed candidates including Malloy and Lieberman.

FatGuyinMiddleSeat said...

MSNBC had their tech guy on.

Also, McDonald's wouldn't allow Burger King access to their computers- we have a general potentially ahead.

Anonymous said...

bluecoat-

I realize you didn;t ask me but I am involved in party politics and have no idea what you mean by your question. Is it in relation to an individual or the ad?

The True Gentleman said...

CharlesGaba, thanks for the web lesson. My only contention with your post is that it doesn't matter whether Senator Lieberman's IT team is sloppy. What matters is the allegation of impropriety as the reason that the site is down.

bluecoat said...

anon 2:46: Is it legal (according to Hoyle) for the DTC to run DTC financed ads the day before the primary asking the voters to vote for party endorsed candidates? is it legal for the DTC to run DTC financed ads the day before the primary disparging the record one of the Democrat challengers who is in the primary race against the party endorsed probate judge?

Anon 246 said...

bluecoat--

OK, I got it now. Does it say on the bottom of the ad who paid for it?

bluecoat said...

I says at the bottom of the ad that the DTC paid (financed) for it. Sorry, as a novice I don't always use the right lingo.

Charles Gaba said...

TheTrueGentleman--

Oh, I agree that IF this does turn out to be a deliberate attack, the attacker is scum and should be punished accordingly, whomever it turns out to be.

HOWEVER, the "sloppiness factor" *is* relevant for the following reason: if the Lieberman camp really is that clueless, it's also possible that they completely underestimated the bandwidth (traffic limits) that their host server could handle, and that the server really WAS overloaded with last-minute traffic, or something else which wouldn't be a deliberate attack by anyone.

Not saying this is the case, of course.

Anonymous said...

Did they say "Vote for xxxx" or did they just list the candidate they'd endorsed? Have a copy of the ad you can post?

bluecoat said...

No, as I said I can't link the ads because they are not on-line. Yes they said to vote for Malloy, Liberman, Ganim and the rest of the "endorsed" candidates specifically by name. They also had another ad that said specifically what was worng with Boyle who was not endorsed by the DTC.

Anon 246 said...

The law says that you cannot use party funds in a primary.

I am not positive in this instance as it isn't directly the candidate but the DTC...and without seeing the ad. Does it mention a general message about voting today?

If you are concerned you could always forward the ad to Election Enforcement.

The True Gentleman said...

Good point, CB, I didn't think about that (b/c I am web system illiterate). I also try to make sure that I use the word allegation or allegedly when describing the sequence of events. But wouldn't your example be defeated by the fact that the website's message has changed a couple of times in the last 24 hours rather than just stating that the site is busy?

bluecoat said...

I have no standing to complain as I am not a Donkey or a Bridgeport resident.

Anon 246 said...

You have every bit of standing as you are a registered voter and it may be illegal.

Weicker Liker said...

I believe the Party Rules - not State Election Law - say party funds can not be used to advocate candidates in a Primary.

Charles Gaba said...

True Gentleman--

Not necessarily. The ever-changing messages simply means that the IT staff is making changes of some sort to the server. Any time you move a domain name to a new server, there's some amount of propagation time--from a few moments to several hours, although it should go through pretty fast if it's on the same network.

An actual Unix system administrator has a post up which explains some more security weirdness at joe2006.com better than I can:

LINK

(yes, it's on Daily Kos, but that doesn't make the technical info less valid)

In short, there's all sorts of BASIC security measures that evidently weren't taken by Team Lieberman--according to this guys' research, they didn't even have a basic Firewall set up, which even the most humble web server should have.

Anonymous said...

Bluecoat: Weicker Liker is correct (2d time in 2 days for the record). The Republican party rules do not allow this, but the Democratic party rules do allow it. Not surprising. These ads are typical Bridgeport DTC, which is run by Stafstrom (one of Joe Ganim's boys and hand picked by Mario Testa). New name, new face, same old ethics. He even had a drug dealer and the Mayor's coke supplier on the DTC and did nothing about it. The Bridgeport DTC went overwhelmingly for Lieberman and Malloy, even though most Ds in the city favor Lamont and JDS.

BRubenstein said...

Bluecoat..id have to see the ad before passing judgement

Aldon Hynes said...

Let me address some of the comments going on here. Many of you know me from my comments here in the past. I am currently working as the technology coordinator for the Lamont campaign. We have put together a great team handling many aspects of our technology, and I want to thank everyone who has been involved.

One of our biggest concerns when we were first setting up our site was to make sure that we had as secure and reliable a site as possible. We have spent extra money making sure that our servers are safe. We do not host the servers in house. There are people that do a much better job of providing safe and secure servers than we ever could. We are actually using several different hosting companies as part of our redundancy plan.

From what I’ve seen, it does appear as if the Lieberman campaign did not establish sufficient IT security policies. It may be that the site has gone down due to the burst of traffic the campaign has generated, or it may have gone down due to some sort of hacking, probably a distributed denial of service attack.

To a certain extent, it is inappropriate to ‘blame the victim’. Just because someone didn’t properly secure their site doesn’t vindicate people who are illegally breaking in. On the other hand, before getting involved in politics, I was a technology executive on Wall Street. Any information security officer at a financial institution who places blame for a site going down on the perpetrators could kiss his career goodbye.

At the Lamont campaign, we are fortunate that we haven’t suffered from a successful attack. Such attacks are bad for democracy and should be condemned. I hope the Lieberman site gets back up soon and everyone can focus on getting the vote out.

Anonymous said...

It is absolutely and completely legal for the DTC to run ads or spend money on a primary - take that to the bank. Done it personally in at least 50 races.

bluecoat said...

Legal, maybe; but ethical and in the best interest of the democratic process? Probably not. Thanks for all of the feedback.

Charles Gaba said...

Aldon Hynes--

Thanks for answering the question of whether Lamont's site is hosted in-house or not; I guess you're right, I presume a solid, professional co-location/dedicated server company would be more secure overall. My larger point is still valid, though, of course; this sounds like horribly sloppy work on the part of Lieberman's web folks.

The sick part is that some voters may actually vote for Lieberman because they *think* you guys had something to do with it. Even if the truth comes out tomorrow morning--whatever the actual cause--it'll be too late to change their votes.

Anonymous said...

Also for those campaigns that need internal webservers...here a quick walk-through....
http://switch.richard5.net/isp-in-a-box-using-a-mac-mini/

-Rellguru