Something just struck me. We’ve done some amazing stuff with ECT in the last 30 days.

We’ve been building a writing/editing/publishing tool with ECT. It was used to publish a kindle book last summer that’s selling nicely. In December, for the first time, it was used to publish a book in Kindle, paperback and hard-cover editions: The Ants and The Coffee Pot. pressWoodInk was asked to appear at a publishing panel and local book fair. In ten days, Ants went from a dozen image files and a copy of the text to being available for purchase in all three formats. The book even has a book trailer on YouTube. A few weeks later, another book was published with ECT: City Limit (GrandViaduct). For us, it’s gravy that they’re great titles with striking covers. It’s doesn’t hurt that people are doing great work with our technology.

I mention covers for another reason. Amazon doesn’t want covers to appear at the front of books. Some people have found a way to force the cover to appear at the front. But, it has what’s called the double cover issue: the cover appears twice. We discovered a way to deliver what readers expect: to pick up a book, see the cover and then open to the beginning of the book. And we rolled that into our technology.

And, I’m now using a release of Nootcards day to day. I open it on my phone, tap create and then tap in my notes, maybe give it a title. Nothing exciting… yet. The first big innovation is chai. Chai let’s you socialize with yourself. Tap and a nootcard becomes an email or a task in Teamwork. Later: a dropbox file, calendar item, blog entry, Tweet. If I tap email, it asks for an email address and delivers the nootcard by email. If I choose teamwork, it asks me which project, what task list and what date to start and then delivers it to Teamwork for me. When I choose WordPress, it will ask me which blog (say a WordPress one) and when do I want it released. This won’t replace those other programs but it will let me do many simple things much faster. As we add support for Calendars, WordPress and Twitter, it’s going to become a hub driving, creating my world.

At its simplest, how do I deal with “the bad guy” is another version of what do I do when things go wrong, when it breaks.

Breaks means, of course, that it used to work. That’s what you want back. With websites and web applications, that “used to work” is the combination of what the people who host your website provide and your website. Usually the people who host your website will also back it up. So, some disasters, are simply a matter of calling them and asking them to restore it from their backups

Except when they can’t or won’t. The company that, at the time of the attack, hosted one of our customer’s sites didn’t restore the website and our login until almost a month after the attack. I don’t think they were hanging out at the pub trading stories instead of handling our trouble ticket. Or maybe they were. Either way, if your website is down for almost a month, you’ve got a problem.

Going forward, part of ours is providing independent restoration of those websites. In other words, if their support people can’t be reached, we can restore things. And, if they’re completely down, we can restore the website to a completely different website. And in about the same time.

Now for the fun bit. Even if “the bad guy” (yes I’m enjoying putting that in quotes) gets inside the walls, destroys the hosting company and takes us out, too, there’s Plan C (or Plan 9…).

Google actually keeps a copy of every page it indexes. If people can find your site, Google has cached part or all of it. And you can pull it out.

We learned a few things in cleaning up after several of our customers had their sites defaced.

We’ve have better methods to protect sites and, when things happen, we’re better prepared to clean things and bring them back.

We learned a whole bag of new tricks to secure websites. It’s impressive what’s possible. At this point, we could literally write a book. Perhaps Security Best Practices for WordPress.

But, that’s really only one piece. Last year, I read an article about how they approach take to security in Africa. Our approach is to build the strongest castle possible to keep “the bad guys” out. In Africa, companies often don’t have the resources to pay to build those castles. They assume the bad guys will get in. They’re right. Sometimes “the bad guy” is one of the employees. Or “the bad guy” convinces an employee they’re the server repairman. Or, “the bad guy” finds the security hole that only shows up at low tide under a full moon that allows him to crawl through the castle wall.

If the castle walls won’t keep “the bad guy” out, what do you do when it happens?

One thing I’ve been proud of is that none of the websites we’ve created have ever been hacked. Until last month. WordPress released an update (3.4.2) that had a security hole. Out of the many sites we’ve created, two sites we’re hacked. We believe that the just released WordPress 3.50 closed the hole and we worked with the companies hosting the two sites to restore the sites and install the update.

Now for a little personal political commentary. As they say, eDao, Inc., it’s employees, owners, affiliates and lackeys are not responsible for what follows. Me, myself and I are responsible for the opinions that follow.

One of the two  sites —GrandViaduct.com— was replaced with a message of protest “against disrespect of the prophet Mohammad”.

The image is cropped because you can guess a lot of the rest (and because I’m not going to give this site cracker any credit).

What I will do is draw a contrast with Anonymous. Anonymous targets their actions. They don’t declare war against the world, they declare it against a specific company, group government. Sticking with that war analogy, they’re following one of the core tenets of the laws of war: you don’t attack non-combatants.

On the other hand, this type of attacker is blasting anything and everything; whether or not they’re involved. He or she apparently missed the fact that the filmmaker is now in prison for what amounts to fraud related to making the Innocence of the Muslims. The U.S. government condemned the video.It’s a bad piece of video and a good case has been made that the “filmmaker’s” purpose was to enrage people and cause exactly what happened.

“Protests” like the one posted to GrandViaduct’s website don’t work. If you disagree with bozos like those behind the Innocence of the Muslims, YouTube, blogs, Twitter, etc., enable you to convince people.

Me, I just got convinced to pepper this post with the title of a stupid video. Because I can. And because what I just did is more likely to convince people. Of what? That both those who make videos like Innocence of the Muslims and those trashing non-combatant websites are wrong.

The “filmmaker” is paying for his crime. If there’s a balance to these things, “protestors” who target non-combatants will, too. Who knows, maybe the warden can shack them up together. And then can they work out their differences in person..