HTML Injection Attacks: Impact and Mitigation Strategies
The Tech Side of Project Argo
1. THE TECH SIDE OF
PROJECT ARGO
Marc Lavallee Wesley Lindamood
Project ARGO tech. architect Project ARGO web designer
@lavallee @lindamood
mlavallee@npr.org wlindamood@npr.org
10/19/2010
Wednesday, October 20, 2010
3. BACKGROUND
What is Project ARGO?
Wednesday, October 20, 2010
4. It’s designed to...
"...beef up coverage of critical issues at the local
level, and, second, to begin to establish an online
network that can transform itself into a news
powerhouse of unparalleled depth and quality."
-- Vivian Schiller, CEO and president of NPR
Wednesday, October 20, 2010
5. Our model
• Editorial Strategy
• Technology Platform
• Sustainability Plans
Wednesday, October 20, 2010
6. The pilot scope
A network of twelve
topical websites:
• Staffed by a single
blogger/editor
• Associated with an NPR
member station
• Adding to that station’s
web presence
Wednesday, October 20, 2010
7. Basically, we’re a startup
flickr / Rev. Xanatos Satanicos Bombasticos
... within
Wednesday, October 20, 2010
8. The ARGO Platform
Mostly , with some
Standard WP 3.0 with Content aggregation app.
some customizations. Hooked into WordPress:
• admin widgets
• settings panel
• content widgets
Combination gives us flexibility to use best tool for the job.
Wednesday, October 20, 2010
9. OUR STARTING POINT
Maintainability,
Structure and
Flexibility
Wednesday, October 20, 2010
10. Maintainability
OUR DEVELOPMENT TEAM
You’re looking at it...
Wednesday, October 20, 2010
11. Structure
from Alaskan Dude via Flickr
Wednesday, October 20, 2010
12. Flexibility
From Melvin Schlubman via Flickr
Wednesday, October 20, 2010
32. How can we improve it?
For the blogger:
• Create the right kind of glue between systems
• Take away as much manual effort as possible
For the user:
• Don’t let the origin drive the placement
Wednesday, October 20, 2010
33. Example: Link Roundups
and aggregation
• Blogger saves links to
Delicious
• The aggregator
automatically pulls in
those links
• Blogger sees links in
WordPress admin
Wednesday, October 20, 2010
34. Link Roundups
• Blogger edits links
and sends to editor
window.
• Blogger adds video,
does final check, and
publishes.
Wednesday, October 20, 2010
36. Aggregation
If the Blogger uses certain
tags, links automatically
appear on other pages.
Same system used for
aggregating content from
Daylife and Twitter.
All external content lives
in one database and can
be used in multiple ways.
Wednesday, October 20, 2010
38. Hosting
Hosted in the cloud, entirely with Amazon Web Services:
Our “webserver” is two parts:
• A “hard drive”: Elastic Block Storage (EBS)
• A “CPU”: Elastic Computing instance (EC2)
Our “database server” is the Relational Database Service
(RDS)
Ylastic for monitoring/alerts
Wednesday, October 20, 2010
39. Webserver setup
• We run nginx, Apache, and Django on one server
• nginx handles all requests from users, and
• handles static content (.js, .css, etc) itself
• dispatches PHP requests to Apache
• dispatches aggregator requests to Django
Wednesday, October 20, 2010
40. WordPress architecture
• WordPress 3.0.1
• One MultiSite instance for all 12 blogs.
• Each site has its own child theme.
• Domain Mapping plugin for multiple domains.
• Unfiltered MU plugin so bloggers can post videos.
Wednesday, October 20, 2010
41. Caching & Performance
• nginx keeps the load off of Apache
• W3 Total Cache plugin is the Swiss Army knife of
caching.
• we implement disk caching for pages
• Not using Amazon’s S3 at this time; no immediate
need.
Wednesday, October 20, 2010
42. Behind the scenes
from bagaball via Flickr
Wednesday, October 20, 2010
44. We’re hiring
NPR is launching a similar project called
“Impact of Government”
• Application Developer
• Editorial/Interactive Designer
• Project Manager
• Editorial Coordinators
Talk to us or go to http://www.npr.org/about/careers/
Wednesday, October 20, 2010