20 years a blogger

It's been twenty years, to the day, since I published my first blog-post.

I'm a blogger.

Blogging - publicly breaking down the things that seem significant, then synthesizing them in longer pieces - is the defining activity of my days.

https://boingboing.net/2001/01/13/hey-mark-made-me-a.html

Over the years, I've been lauded, threatened, sued (more than once). I've met many people who read my work and have made connections with many more whose work  I wrote about. Combing through my old posts every morning is a journey through my intellectual development.

It's been almost exactly a year I left Boing Boing, after 19 years. It wasn't planned, and it wasn't fun, but it was definitely time. I still own a chunk of the business and wish them well. But after 19 years, it was time for a change.

A few weeks after I quit Boing Boing, I started a solo project. It's called Pluralistic: it's a blog that is published simultaneously on Twitter, Mastodon, Tumblr, a newsletter and the web. It's got no tracking or ads. Here's the very first edition:

https://pluralistic.net/2020/02/19/pluralist-19-feb-2020/

I don't often do "process posts" but this merits it. Here's how I built Pluralistic and here's how it works today, after nearly a year.

I get up at 5AM and make coffee. Then I sit down on the sofa and open a huge tab-group, and scroll through my RSS feeds using Newsblur.

I spend the next 1-2 hours winnowing through all the stuff that seems important. I have a chronic pain problem and I really shouldn't sit on the sofa for more than 10 minutes, so I use a timer and get up every 10 minutes and do one minute of physio.

After a couple hours, I'm left with 3-4 tabs that I want to write articles about that day. When I started writing Pluralistic, I had a text file on my desktop with some blank HTML I'd tinkered with to generate a layout; now I have an XML file (more on that later).

First I go through these tabs and think up metadata tags I want to use for each; I type these into the template using my text-editor (gedit), like this:

   <xtags>

process, blogging, pluralistic, recursion, navel-gazing

   </xtags>

Each post has its own little template. It needs an anchor tag (for this post, that's "hfbd"), a title ("20 years a blogger") and a slug ("Reflections on a lifetime of reflecting"). I fill these in for each post.

Then I come up with a graphic for each post: I've got a giant folder of public domain clip-art, and I'm good at using all the search tools for open-licensed art: the Library of Congress, Wikimedia, Creative Commons, Flickr Commons, and, ofc, Google Image Search.

I am neither an artist nor a shooper, but I've been editing clip art since I created pixel-art versions of the Frankie Goes to Hollywood glyphs using Bannermaker for the Apple //c in 1985 and printed them out on enough fan-fold paper to form a border around my bedroom.

As I create the graphics, I pre-compose Creative Commons attribution strings to go in the post; there's two versions, one for the blog/newsletter and one for Mastodon/Twitter/Tumblr. I compose these manually.

Here's a recent one:

Blog/Newsletter:

(<i>Image: <a href="https://commons.wikimedia.org/wiki/File:QAnon_in_red_shirt_(48555421111).jpg">Marc Nozell</a>, <a href="https://creativecommons.org/licenses/by/2.0/deed.en">CC BY</a>, modified</i>)

Twitter/Masto/Tumblr:

Image: Marc Nozell (modified)

https://commons.wikimedia.org/wiki/File:QAnon_in_red_shirt_(48555421111).jpg

CC BY

https://creativecommons.org/licenses/by/2.0/deed.en

This is purely manual work, but I've been composing these CC attribution strings since CC launched in 2003, and they're just muscle-memory now. Reflex.

These attribution strings, as well as anything else I'll need to go from Twitter to the web (for example, the names of people whose Twitter handles I use in posts, or images I drop in, go into the text file). Here's how the post looks at this point in the composition.

<hr>

<a name="hfbd"></a>

<img src="https://craphound.com/images/20yrs.jpg">

<h1>20 years a blogger</h1><xtagline>Reflections on a lifetime of reflecting.</xtagline>

<img src="https://craphound.com/images/frnklogo.jpg">

See that <img> tag in there for frnklogo.jpg? I snuck that in while I was composing this in Twitter. When I locate an image on the web I want to use in a post, I save it to a dir on my desktop that syncs every 60 seconds to the /images/ dir on my webserver.

As I save it, I copy the filename to my clipboard, flip over to gedit, and type in the <img> tag, pasting the filename. I've typed <img src="https://craphound.com/images/ CTRL-V"> tens of thousands of times - muscle memory.

Once the thread is complete, I copy each tweet back into gedit, tabbing back and forth, replacing Twitter handles and hashtags with non-Twitter versions, changing the ALL CAPS EMPHASIS to the extra-character-consuming *asterisk-bracketed emphasis*.

My composition is greatly aided both 20 years' worth of mnemonic slurry of semi-remembered posts and the ability to search memex.craphound.com (the site where I've mirrored all my Boing Boing posts) easily.

A huge, searchable database of decades of thoughts really simplifies the process of synthesis.

Next I port the posts to other media. I copy the headline and paste it into a new Tumblr compose tab, then import the image and tag the post "pluralistic."

Then I paste the text of the post into Tumblr and manually select, cut, and re-paste every URL in the post (because Tumblr's automatic URL-to-clickable-link tool's been broken for 10+ months).

Next I past the whole post into a Mastodon compose field. Working by trial and error, I cut it down to <500 characters, breaking at a para-break and putting the rest on my clipboard. I post, reply, and add the next item in the thread until it's all done.

*Then* I hit publish on my Twitter thread. Composing in Twitter is the most unforgiving medium I've ever worked in. You have to keep each stanza below 280 chars. You can't save a thread as a draft, so as you edit it, you have to pray your browser doesn't crash.

And once you hit publish, you can't edit it. Forever. So you want to publish Twitter threads LAST, because the process of mirroring them to Tumblr and Mastodon reveals typos and mistakes (but there's no way to save the thread while you work!).

Now I create a draft Wordpress post on pluralistic.net, and create a custom slug for the page (today's is "two-decades"). Saving the draft generates the URL for the page, which I add to the XML file.

Once all the day's posts are done, I make sure to credit all my sources in another part of that master XML file, and then I flip to the command line and run a bunch of python scripts that do MAGIC: formatting the master file as a newsletter, a blog post, and a master thread.

Those python scripts saved my ASS. For the first two months of Pluralistic, i did all the reformatting by hand. It was a lot of search-replace (I used a checklist) and I ALWAYS screwed it up and had to debug, sometimes taking hours.

Then, out of the blue, a reader - Loren Kohnfelder - wrote to me to point out bugs in the site's RSS. He offered to help with text automation and we embarked on a month of intensive back-and-forth as he wrote a custom suite for me.

Those programs take my XML file and spit out all the files I need to publish my site, newsletter and master thread (which I pin to my profile). They've saved me more time than I can say. I probably couldn't kept this up without Loren's generous help (thank you, Loren!).

I open up the output from the scripts in gedit. I paste the blog post into the Wordpress draft and copy-paste the metadata tags into WP's "tags" field. I preview the post, tweak as necessary, and publish.

(And now I write this, I realize I forgot to mention that while I'm doing the graphics, I also create a square header image that makes a grid-collage out of the day's post images, using the Gimp's "alignment" tool)

(because I'm composing this in Twitter, it would be a LOT of work to insert that information further up in the post, where it would make sense to have it - see what I mean about an unforgiving medium?)

(While I'm on the subject: putting the "add tweet to thread" and "publish the whole thread" buttons next to each other is a cruel joke that has caused me to repeatedly publish before I was done, and deleting a thread after you publish it is a nightmare)

Now I paste the newsletter file into a new mail message, address it to my Mailman server, and create a custom subject for the day, send it, open the Mailman admin interface in a browser, and approve the message.

Now it's time to create that anthology post you can see pinned to my Mastodon and Twitter accounts. Loren's script uses a template to produce all the tweets for the day, but it's not easy to get that pre-written thread into Twitter and Mastodon.

Part of the problem is that each day's Twitter master thread has a tweet with a link to the day's Mastodon master thread ("Are you trying to wean yourself off Big Tech? Follow these threads on the #fediverse at @[email protected]. Here's today's edition: LINK").

So the first order of business is to create the Mastodon thread, pin it, copy the link to it, and paste it into the template for the Twitter thread, then create and pin the Twitter thread.

Now it's time to get ready for tomorrow. I open up the master XML template file and overwrite my daily working file with its contents. I edit the file's header with tomorrow's date, trim away any "Upcoming appearances" that have gone by, etc.

Then I compose tomorrow's retrospective links. I open tabs for this day a year ago, 5 years ago, 10 years ago, 15 years ago, and (now) 20 years ago:

http://memex.craphound.com/2020/01/14

http://memex.craphound.com/2016/01/14

http://memex.craphound.com/2011/01/14

http://memex.craphound.com/2006/01/14

http://memex.craphound.com/2001/01/14

I go through each day, and open anything I want to republish in its own tab, then open the OP link in the next tab (finding it in the @internetarchive if necessary). Then I copy my original headline and the link to the article into tomorrow's XML file, like so:

#10yrsago Disney World’s awful Tiki Room catches fire <a href="https://thedisneyblog.com/2011/01/12/fire-reported-at-magic-kingdom-tiki-room/">https://thedisneyblog.com/2011/01/12/fire-reported-at-magic-kingdom-tiki-room/</a>

And NOW my day is done.

So, why do I do all this?

First and foremost, I do it for ME. The memex I've created by thinking about and then describing every interesting thing I've encountered is hugely important for how I understand the world. It's the raw material of every novel, article, story and speech I write.

And I do it for the causes I believe in. There's stuff in this world I want to change for the better. Explaining what I think is wrong, and how it can be improved, is the best way I know for nudging it in a direction I want to see it move.

The more people I reach, the more it moves.

When I left Boing Boing, I lost access to a freestanding way of communicating. Though I had popular Twitter and Tumblr accounts, they are at the mercy of giant companies with itchy banhammers and arbitrary moderation policies.

I'd long been a fan of the POSSE - Post Own Site, Share Everywhere - ethic, the idea that your work lives on platforms you control, but that it travels to meet your readers wherever they are.

Pluralistic posts start out as Twitter threads because that's the most constrained medium I work in, but their permalinks (each with multiple hidden messages in their slugs) are anchored to a server I control.

When my threads get popular, I make a point of appending the pluralistic.net permalink to them.

When I started blogging, 20 years ago, blogger.com had few amenities. None of the familiar utilities of today's media came with the package.

Back then, I'd manually create my headlines with <h2> tags. I'd manually create discussion links for each post on Quicktopic. I'd manually paste each post into a Yahoo Groups email. All the guff I do today to publish Pluralistic is, in some way, nothing new.

20 years in, blogging is still a curious mix of both technical, literary and graphic bodgery, with each day's work demanding the kind of technical minutuae we were told would disappear with WYSIWYG desktop publishing.

I grew up in the back-rooms of print shops where my dad and his friends published radical newspapers, laying out editions with a razor-blade and rubber cement on a light table. Today, I spend hours slicing up ASCII with a cursor.

I go through my old posts every day. I know that much - most? - of them are not for the ages. But some of them are good. Some, I think, are great. They define who I am. They're my outboard brain.

Anonymous:

Do you have any advice on how to start an rp blog? I feel like there's so much to do and so many specific things, it looks intimidating, but I really want to get into it (and your blog seems like a safe space to ask as a baby in the matter)

Hi! Thanks you for asking and for trusting. I do admit that rping on tumblr can look daunting and there is a series of things that are considered “etiquette” that might not be obvious for newcomers. And the only way to learn is to ask, right? As I’m not sure if you would like something more specific or a step-by-step, I’m going to go through the whole process.

note: this is a repost from an ask in a more reblog-friendly format

1.       Setting up the blog

You might want to make a new e-mail account for each blog you want. I recommend making a gmail/google account, so you may be able to use other services and associate them with your blog. I’ll go into more details in a minute.

Some people would rather have a personal blog and then making the RP blog as a side-blog. Or a “hub” blog and many side-blogs so they have everything centralized. The downside is that you can’t follow people with side-blogs, only the main – and some rpers are a little suspicious of personal blogs, so if you intend to go this route it might be a good idea to state somewhere in your blog that you have a RP blog.

Tip : It isn’t said too often, but I recommend saving your blog’s e-mail and password somewhere, maybe a flashdrive or even google drive. This way, if something happens you will be able to retrieve your account.

When picking the URL, for a very long time tumblr had problems tagging URLs with a hyphen ( - ). I’m not sure if it has been fixed or if there are still some issues, so I recommend only using letters and maybe numbers. Other than that, pick anything that sounds nice to you!

Themes are nice, but not entirely necessary. Not everybody has photoshop skills and all that. Some people do have commissioned themes, but if you want to try your hand at it my first stop is usually @theme-hunter  or @sheathemes . They reblog many themes from many creators, so there are always many options that might suit your needs.  Some creators offer very newcomer-friendly themes that you can configure a lot of things without much hassle but some might require basic HTML knowledge – a few creators have guides on how to properly set up their themes and are willing to and answer questions, so don’t be afraid to contact them! You can also send me an ask, I’m not a specialist but I can certainly help walk you through the basics.

Tip: @glenthemes have very good themes and a basic installation guide here.

When fiddling with the options, try to pick colors that have nice contrast and are easy to read. If you are bad at picking colors or have problems in finding the code for them, I recommend trying this link. There is also this one that auto-generate palettes.

Tip : If you mess with your theme, remember there is the Theme Recovery.

Tip: If you use Chrome or Firefox you can set up different profiles and associate each with a different blog, so you don’t need to log out from any of your accounts.

There are two pages that I recommend having: one is an about your muse. If they are an OC, it is always a good idea to have at least some information out there to make things easier. If they are from a canon source, not everybody is familiar with the material so it might be a good idea to state. For example, if you are going to roleplay as Altria/Arturia, it is a good idea to have a “RP blog for Saber (Altria Pendragon) from FGO/FSN “ somewhere visible. The other page that is a good idea having is a rules/guidelines page. This one can be a little intimidating, but it is usually a way to communicate important things. For example: are you comfortable writing violence? Do you have any personal triggers? There is something you absolutely won’t write? There are things you may figure out along the way and it is absolutely ok to fine-tune this session every now and then. Some people also credit source for their icons and graphics in general in their rule/guideline page.

If you are using the tumblr default themes, when you create a new page you can turn on the option to show a link to the page. If you are using a custom theme, most of the time you will have to link it manually.

Oh, and if you are planning to do a multimuse, it might be a good idea to list which muses you have. The same goes for a hub blog; list the muses and link to the pages.

Icons aren’t necessary but are considered commonplace. You can find some icons I’ve done here but there are plenty of other sources. If you want to do your own icons, keep in mind to don’t make them too big, as a courtesy to your mutuals.

Tip: Anything larger than 300 pixels will be stretched to fit the post. As of today ( 4/29/2021 ) the posts are currently 540 pixels wide. This can be useful as making banners for your blog.

Tumblr allow users to “pin” posts. This mean that they will always visible if you access your blog, even on dash/mobile. You can use this to set up a post with basic links for mobile users or something else. For example, if you are out on vacations and won’t be able to do replies, you can pin a hiatus notice and then remove the pin once you are back.

2.       Introducing yourself

Time to officially join the fun! (insert a “Hi, Zuko here” joke) Don’t worry if you don’t have a fancy promo graphic or anything, most people make their initial introduction with a simple post.

(as you can see, I’m not very good at saying ‘hi’)

Try to introduce yourself in a few lines, but make sure to state which muse you RP as. Some people also like adding their pen name/alias and establishing a brand. Follow as many people as you want that reblogged or liked your post, and tumblr is going to start recommending other blogs that are related to the tags you use normally or have any relation to the people you follow. You can put as many tags as you want, but tumblr will disregard more than 6 tags in their system. Try tags like “<fandom> rp” and “<fandom> roleplay” along with the media, such as “movie” “video game”, “anime” and so on.

It might also be a good idea to follow a few RP memes blogs. They often have options to break the ice, like one-liners that your mutual can send you.

Tip: Don’t forget to turn on the asks and the anon

3.       Practical advice

Alright, now that you have a few mutuals, it is time to get to some general tips:

Tumblr can be a little “iffy”, and a great quality of life extension for RPers and navigation in general is installing the New Xkit extension. They offer a number of options to enhance your tumblr experience, but the ones I consider essential are the “editable reblogs”, “quick tags” and “blacklist”. Get it for Chrome or Firefox.

As a rule of thumb I recommend writing your RPs using Google Docs before posting or replying. By doing this you can do some spell check and if your browser crashes for any reason you can easily recover your work. You can also use Word, Open Office, or any text editor you feel like.

Because I’m a bit of a perfectionist, I also have Grammarly ( Chrome / Firefox ) installed for an extra layer of spell/grammar check. There is a subscription option, but the free one works perfectly fine.

To make things easier to locate, always tag the URL of your RP partner when doing a reply. There are other useful things you can tag, such as open starters, memes, and such.

Risking being obvious here, but when you are not interacting as your character it might be a good idea to tag as “ooc” or “out of character”.

Some people like making google docs with basic info and other useful stuff for easier access on mobile. It is a recent trend, it might be easier to edit as opposed to going through tumblr page editor and dealing with the HTML.  You can find some templates here and here.

Tumblr’s activity can be unreliable, so don’t be afraid of contacting your partner to see if they have gotten your reply after a few weeks. However, some people also enjoy using the RP Thread Tracker in order to be on top of things. It might be a good idea to check it out.

Because of Tumblr shadowbanning and shenanigans, it isn’t unusual for people to have NSFW sideblogs (sometimes referred as ‘sin blogs’). If you want to write smut, it might be a good idea to consider making one.

Some people don’t like replying to asks, as Tumblr won’t let you remove the initial ask. It has become common to see people making new posts to reply to asks.  This is a simple example:

As you can see, I used the mention to have the RP partner notified then I copied and pasted their question on my post and used the quote to indicate it. You can also have fancy graphics, like a line to separate the contents, just do whatever you feel like with the formatting or keep it simple.

To make sure your partner got the answer, I recommend copying the link to the post and pasting on the ask and then replying it privately.  An example sent to my rp blog:

4.       Basic Etiquette

Ok, this is a little subjective most of the time but here are a few things that are considered universal courtesy.

Never reblog someone else’s headcanons. If you enjoy it, maybe it should politely contact the author and ask if it is ok to write something based on their original idea but you should never downright copy or lift something from another creator. It is considered rude, or even theft in some cases.

Don’t reblog threads you are not involved with. It is ok to leave a like, but never reblog. This is because Tumblr can mess up the notifications and disrupt the flow of the RP.

Don’t copy other people’s graphics. It is very rude and sometimes they commission (aka: paid) for it.

Trim your posts. What does that mean? Every time you reblog with a reply, the post tends to get longer and longer, and it can cluster your and your mutuals’ dashes. This is why the New X-Kit’s “editable reblogs” is an almost must-have tool. If for some reason you can’t install X-Kit (if you are on mobile for example), then remove the previous post or ask your partner to trim for you.

Never take control of your RP partner’s muse. This is called “godmodding” and it is heavily frowned upon. It is ok to control your muse and the possible NPCs that you inserted, but never seize someone else’s character. Likewise, it can also be very upsetting if you use what people call “meta-gaming”, applying knowledge that your muse shouldn’t know about the other. For example, let’s say your RP partner’s muse is a vampire, but they have never disclosed that information to your muse, who also doesn’t have an excuse to know that (for example, being a vampire hunter) so it can be quite jarring sometimes. When in doubt, contact your partner.

This should go without saying, but RPing sexual themes with users under the age of 18 are illegal. It doesn’t matter if the age of consent in your location is lower, once you join Tumblr you are abiding by their user guidelines and the law of the state they are located in. If you are an adult, don’t engage minors with these topics, maybe a fade to black would be a better option. If you are a minor, don’t insist or you might cause a lot of legal problems for others.

Try to tag anything triggering. Violence, gore, NSFW. Both Tumblr and the New Xkit have options to block keywords.

When picking PSDs or graphics for your blog, you should avoid templates that change the color of the skin of POCs muses and try to pick the right race/ethnicity of the muse you are going to RP as. I won’t go through a lot of details, as it is a rather lengthy subject in an already lengthy conversation but keep this in the back of your mind.

Some RPers don’t like when you reblog memes from them without sending anything. Try to always reblog from a source or to interact with the person you are reblogging from, it can be rather disheartening to be seen as a meme source rather than a RP blog. This isn’t a rule and some people don’t mind, but it is always a good idea to try to do this.

This might be more of a pet peeve of mine than proper etiquette, but it is ok to use small font. What is not ok is use small font + underscript. Some people have disabilities that might make it harder for them to read it, so it might be a good idea to refrain from using it. Maybe if you feel like doing something fancier every now and then, but I wouldn’t recommend making this a habit.

Mun and Muse are different entities. Remember that it isn’t because a muse does something (especially a villain one) that the mun condones something. Never assume anything about the mun, when in doubt talk to them.

Be mindful of your partners and treat them the way you would like to be treated.

As a rule of thumb, always talk to your RP partner. It is only fun as long both of you are enjoying it.

5.       Closing Words

This got longer than I expected.

Despite all of that, don’t be too worried about not being very good at first. I assure you that you will get better with time, so don’t be afraid of experimenting as long you feel comfortable. And don’t be afraid of saying “no” if something bothers you.

My inbox is always open to questions and ideas, so feel free to contact me anytime!

I would also ask my followers: there is advice I missed/overlooked? Anything you would like someone have told you when you first started? Add your thoughts so I can update this.

Happy RPing!

Coding for Security!

A little primer with some basic stuff on coding for security.

Software security is an enormous topic. As a short reminder, always consider STRIDE when you are writing your code and consider whether what you're doing is vulnerable to a STRIDE category:

S: Spoofing

Spoofing means to pretend to be someone you are not.

Example:

1. Read PERSONID from query string 2. Check CRM for Person record 3. Display record In this example, there is no check to confirm that the current user is the person whose record is being retrieved. It relies only on the PERSONID passed in. This means anyone can guess PERSONIDs until they get one that works.

Solution:

1. Read PERSONID from query string 2. Read PERSONID of currently logged in user 3. If not logged in, or not matching PERSONID, then deny request. 4. Else, check CRM and display record Always check the user is who they say they are.

T: Tampering

Tampering means altering information to try and crack the system.

Example:

1. Read shopping cart from user's POST 2. Charge user for total price stored in shopping cart 3. On success, confirm sale. In this example, a malicious user could easily change the shopping cart data being posted to the server (perhaps amending hidden fields using their browser's DevTools, or crafting a request in Postman or Fiddler) and give themselves a hefty discount.

Solution:

1. Read shopping cart from user's POST 2. Retrieve shopping cart item prices from stock control system 3. Calculate total price based on data from stock control 4. Charge user for total price 5. On success, confirm sale Confirm data is correct against relevant systems once received from user

R: Repudiation

Repudiation means to plausibly deny that something happened. If I steal your lunch, and you accuse me of doing so without proof, then I can repudiate your accusation by denying it happened.

Example:

In a routine business-as-usual activity, we notice a purchase record that shows a customer has received thousands of pounds worth of training for a substantially low price.  When confronted, the customer denies all knowledge of wrongdoing and claims they purchased the training legitimately.  IT check their transaction logs and find no information at all to confirm or deny wrongdoing, so the matter must be dropped.

In this example, we are confident that a malicious user has done something to crack our systems and fraudulently buy training at a huge discount. However, because there are insufficient logs in place, we cannot confirm or deny what happened so our response to the malicious activity is very limited.

Solution:

A customer notices that they can tamper with data on an ordering form and add in a large discount.  Luckily, the shopping cart was logged in our transaction history.  Further more, the response from the user was also logged in our web server and in our rolling code log.  When the fraud is noticed, we can compare the purchase record with the shopping cart log, the web server log and the rolling code log.  We can see that the user has changed the shopping cart by adding in a discount.  We now have non-repudiation and can take appropriate action.

Log transactional data: what happened, when and by whom.

I: Information Disclosure

Information disclosure relates to giving away clues or details that the user has not authenticated themselves to retrieve.

Example:

A malicious user is trying to crack the administrator account. They do not know the username, or the password.  They first try 'administrator' and 'password'.  The system returns an error, stating "User not found."  Next they try 'admin' and 'password'.  This time the system returns an error saying 'Password incorrect'.  The malicious user now knows the user name is 'admin' and is 50% of the way to breaking in to the system.

In this example, the error messages returned by the system are trying to be helpful and user-friendly. Unfortunately, in trying to be helpful, they are revealing more than they should. They allow a malicious user to identify when they have correctly guessed a user name, rather than remaining vague over whether user name or password is the mistake.

Solution:

A malicious user is trying to crack the administrator account. They do not know the username, or the password.  They first try 'administrator' and 'password'.  The system returns an error, stating "User name or password incorrect."  They must now try every combination of user name and password to find the credentials.

Don't give out more information that is more sensitive than that which the user has given to you

D: Denial of Service

A denial of service attack (and its variants) involves hammering a system to take advantage of it or to render it unusable for others.

Example:

A malicious user wants to see what will happen if they DoS the Billing Information screen in a web system.  They set up a script to hit the page thousands of times a second.  This causes a race-condition in the code that returns another user's data on the billing screen and results in a Data Protection breach.

Often, DoS attacks are about simply slowing or crashing a system to be an inconvenience or for blackmail. However, it may also be a technique used by crackers to access data: DoS puts the target system into an exceptional state, where it may behave unexpectedly. Race conditions may occur, memory overflows could happen, methods that are not thread-safe may overwrite one another. In these situations, the attackers may be able to steal valuable data or gain knowledge about the inner workings of the system.

Solution:

A malicious user wants to see what will happen if they DoS the Billing Information screen in a web system.  They set up a script to hit the page thousands of times a second.  The server begins dropping their connections, since it detects a flood of requests, to prevent the system from being overloaded.  The malicious user gets nothing but status code '429 Too Many Requests' back.

Be aware of edge cases and exceptional circumstances, and how they can be mitigated

E: Elevation of Privilege

Elevation of Privilege is similar to Spoofing, but in this circumstance the user has authenticated themselves accurately and been legitimately allowed into the system. However, they have since found a way to gain additional powers beyond those granted to them based on their credentials.

Example:

A user logs in to an online message board.  They notice that there are standard users, of which they are a member, and that there are administrators with additional powers.  As a guess, the user tries changing the address in their web browser to include '?admin=true' and they suddenly find all the administrative functions are available to them.

This example shows that a user with a particular role can gain access to elevated powers. This user can now act as an administrator and do whatever that role permits them to do.

Solution:

A user logs in to an online message board.  They notice that there are standard users, of which they are a member, and that there are administrators with additional powers.  As a guess, the user tries changing the address in their web browser to include '?admin=true'.  The system shows them a screen which reads 'Forbidden'.

What should be done in this circumstance is to check the role of the authenticated user against the action they are trying to perform and only allow it if their role permits it.

Gatekeep power-user/admin functions with role-based controls

Summary

The STRIDE methodology is not exhaustive, but provides a useful framework for thinking about how a system may be compromised. Solutions are also not mutually exclusive, for example Elevation of Privilege can be mitigated by role based access + logging, Tampering can be mitigated by logging + encryption.

Common themes when developing secure .Net applications are:

Digitally sign assemblies so they cannot be altered

Run code with the minimum viable privilege (eg NetworkUser)

Use SSL/TLS at application boundaries (eg on SOAP endpoints)

Check roles before allowing a user to perform an action

Log transactions, with details of what happened, when and who did it

Encrypt data when it travels across application boundaries to prevent changes

Don't give out more sensitive data then the user has provided

Consider rate-limiting or throttling requests, at either server or code level.

Check credentials before displaying sensitive data

Confirm back-end system data to prove it has not been altered.

Specific Security Vulnerabilities

In addition to the general STRIDE principals, it is useful to have a grasp of some of the more common exploits that malicious users might try to implement.

Cross-site scripting vulnerabilities (XSS)

This is when a malicious user is able to inject content (usually JavaScript) into a page. Common vectors for this are comment fields, message board-style systems and anything allowing file upload. Rich text fields are also a vector.

Most .Net frameworks (WebForms and MVC) make it intentionally difficult to allow a user to upload scripts and then have those scripts displayed raw back on the site to prevent this.

See also: RequestPathInvalidCharacters, RequestValidationMode and RequestValidationType.

SQL Injection

Often an application will take input from the user and then use that to query a database. Care must be taken that, where user input is sent down to the database, that their input is correctly parameterised (or 'escaped' in PHP parlance).

Most ORM and DataAccess frameworks (EntityFramework, EnterpriseLibrary, ADO.Net but not dapper) do this by default, although you can explicitly code it if you want.

Without correctly parameterised user input, a user could potentially write SQL code and have that executed on the database- revealing sensitive data or just dropping an entire table.

[[okay so for the THIRD time now, I'll be attempting to reply to tides-and-seabreeze. If the browser crashes in the middle again, I'm going to scream.]]