[Info-vax] Meditech in the news

[George Cornelius]

Arne Vajh?j <arne at vajhoej.dk> wrote:

[...]

> Hewlett Packard said in a letter published by Kyoto University on 
> December 29, 2021 that it took "100% responsibility" for the issue
> ...
> HPE said: "The backup script includes a find command to delete log files 
> older than 10 days. In addition to functional improvement of the script, 
> the variable name passed to the find command for deletion was changed to 
> improve visibility and readability."
> ...
> The company added: "However, there was a lack of consideration in the 
> release procedure of this modified script. We were not aware of the side 
> effects of this behavior and released the [updated] script, overwriting 
> [a bash script] while it was still running," HPE admitted. "This 
> resulted in the reloading of the modified shell script in the middle of 
> the execution, resulting in undefined variables. As a result, the 
> original log files in /LARGE0 [backup disc storage] were deleted instead 
> of the original process of deleting files saved in the log directory."
> </quote>

Say what you will, 100% online backup storage does not replace
magnetic tapes that are removed from tape drives and moved to a
tape rack or an external vault when the backup is complete.

Backups should be physically secured, or at least something close to
that: an interlock associated with each backup such that it takes
more than mere programmatic action by root to overwrite it. Now that
ransomware takes steps to erase your backups, an interlock that
requires human intervention, perhaps at the storage array console
itself, in order to be overridden, should be the norm, not the
exception.

Wasn't there a time when tape management systems were considered to
have become so reliable you no longer needed to remove the "write rings"
from your nine-track tapes to avoid overwriting crucial data? The
beginning, of course, of a rather long and slippery slope down.

George

> Arne