Firewall pioneer wanted a 'super-secure' blogging service ... so he's built his own

Bill Cheswick doesn't want to let commercial blogging software within hacking distance of his hardened Web server

So, is blogging software insecure? How can this be? I am not sure about specific blogging solutions, but I do know from my sources that most Unix systems that are compromised these days are invaded through weaknesses in PHP and Web software. There is no excuse for this in my mind: We ought to be able to engineer robust solutions, perhaps requiring some limitations on capabilities.

So I need a blog, because good service requires RSS feeds. I could go to someplace like blogspot and leave it to others, but I want to understand the issues, and see if a strong solution can work with my strong Web browsing solution.

And it does, if I don't allow comments and other user-created stuff.

"Working securely" means that it meets a set of threats I have worried about for 20 years: invasion over the network from afar. I can (and have) made a list of the threats that I worry about. The assurance level I require is higher than most people. Am I just overly frightened, or eager not to have to clean up the mess?

I think there is a need for super-secure services of all sorts, if they can be managed. And we aren't doing very well right now, except perhaps in the financial and commercial online access area. I discussed "super-secure" blogging with other security friends at Usenix Security last weekend, the likes of Steve Bellovin, Matt Blaze, and Ed Felton. We all care about super-secure services, and each tends to build our own. Most solutions were similar to mine.

As a writer, you probably need a user comment area, so the solution you use is going to be more dangerous. But you would probably just have the IT department fix the problem, and move on if you got defaced.

I want a strong level of security confidence, born of simplicity, easy auditablity, and layers to protect my services, so I can think about other things.

One example: There was an openssl security hole revealed about five years ago. Though the hole would allow someone to spoof my Web server, it was jailed, and the server was safe. I assume that the software I use is insecure. Everyone should be engineering solutions that make this assumption.

Browsers and mail readers are unlikely to ever be secure: They require too much functionality. We propeller-heads have to engineer containers to make these safe to use.

So, the fruits of this labor are two: one, a working blog, and two, a set of notes suitable to instruct the curious on how to replicate the arrangement.

Spoken like a true propeller-head.

By the way, the bloom appears to be off Cheswick's iPhone infatuation, witness this "My iPhone Sucks" rant of his posted yesterday with his new super-secure blogging set-up. "Little did I know that an update was a few hours away," he tells me this morning. "I haven't played with it enough to see if they fixed it."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul McNamara

Network World
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?