As me, you have probably been in this situation many times:
You spend hours on putting together the most perfect email presenting the project document that you have spent a month putting together, You select the most exquisite words from the vocabulary and make sure that every comma is in the right place and no spaces are left unaccounted for. You get ready for the perfect time to deliver this document to the influential audience of your mail. You press the
SEND button – the email leaves your screen with a small sound ….
Continue Reading “Don’t forget the attachments..”
In the past, we’ve had several occurrences of DNSSEC signatures on DNS zones expiring — partly by not using our own product to the fullest extent of its capabilities. Embarrassing, if you ask me, but it’s more like a misappropriation of the features we did use, where we maybe should have used another feature better suited to our processes and collective work-flows.
So let me explain how we use Kolab’s features to battle our recurring task to refresh signatures, and why and how this is a task that requires manual intervention.
Continue Reading “Incidents and Recurring Tasks”
As may have already been brought to your attention, some software mitigation is needed for vulnerabilities dubbed “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753, CVE-2017-5715).
If I were to summarize the issue with these vulnerabilities then in principle they would, when successfully exploited, allow reading memory that doesn’t belong to the process, the user or even the same operating system instance. In just that way, the Kolab Now infrastructure isn’t impacted.
However, we’re still going to need to patch this out. The only way we can is by updating software and rebooting systems, and this will happen during the weekend of Saturday January 13th and Sunday January 14th.
Continue Reading “Announcing Service Windows: Reboot Weekend”
This is a reminder that our annual certificate renewal period is coming up soon. Usually, we have our certificates issued some time in December, and certificate issuers allow for a grace period up to some time in January. We’re now in that grace period, so our certificates are going to be renewed and cycled throughout our infrastructure.
Continue Reading “Annual SSL Certificate Refresh”
A second factor protects your account, but to such extent that if you loose the one device you are normally using, you will have lost access to your account. Hence, we’re going recursive and get you a second second factor (22FA, 2FA^2).
Here’s the process;
- Create a first second factor and call it your Secondary.
- Take a picture or screenshot of the QR code, so that you can print it and store it offline, some place safe.
- Continue with enabling the first, but secondary, second factor and type the validation code so you know everything works.
- Create a new second factor, and confirm the high-security with your Secondary.
- Call the new factor Primary; this will be the one you keep on your phone, and use in your day-to-day.
- In order for this token to be scanned, you’ll have to remove the Secondary from your device.
- Continue with the process of getting your primary second factor on to your device.
- Log out.
- Loose your phone.
Help! Now what?
- Buy a new phone.
- Add back your secondary second factor using the piece of paper stored safely offline.
- Log back in using this backup TOTP-based second factor.
- Go to your settings and remove the primary token; you’ll need to confirm it using your secondary.
- Add a new factor and call it New Primary.
- Remove the secondary from your phone.
- Continue with adding back a primary token and enjoy your new token!
Simple, right? Nothing to it. Too easy.
On Saturday morning (CET) the DNSSEC records expired on one of our DNS servers. This caused a group of customers to have troubles logging in and connecting to Kolab Now services. The record has been renewed and all customers should have access (at 22:49 CET – Please read below).
Continue Reading “Incident Report: DNSSEC record expired”
Secure and confidential communication is an important requirement for a society, and something, I think, we should provide to as many people as possible.
A popular mechanism to achieve this is to use public-key cryptography, which allows a person to encrypt a message to a persons key, so that only the intended recipient can decrypt the message. This means that even if an attacker would get his hands on the encrypted message, without the key, it’s only useless gibberish.
As one of the primary usecases of Kube is communication, it should also support you in doing so in a secure and confidential fashion.
Continue Reading “PGP encryption for Kube”
This weekend, at approximately 12:00 UTC on Sunday, an issue on one of the hypervisors went by unnoticed for too long, and was finally resolved in the morning of Monday. This post explains what happened, why it happened, and what we’re going to be doing to address the situation.
Continue Reading “Incident Report: Hypervisor Failure”
One of the most frustrating user experiences is when you get an error message that you can’t do anything about, or even worse, that you don’t even understand.
While it’s very well possible that the error message is entirely justified, wouldn’t it be great if the system didn’t just tell you that something is wrong, but also what you can do about it? Error messages can be even more infuriating if they block you from doing your work even if they are not directly related, thus interrupting your workflow unnecessarily. Wouldn’t you rather have a notification that something does not work as it should, while otherwise letting you go about what you wanted to do, instead of just popping up a blocking popup that you have to click away before you can do anything else?
That’s what we’ve worked on last week.
Continue Reading “Error feedback in Kube”
In the last few days, I’ve spent hours and hours configuring accounts on my private iPhone 6 running iOS 11 in order to attempt to nail down where its connection issues originate.
I’m happy to be able to tell you I seem to have nailed it down, and there’s a quick fix for it, that we can apply on the server-side.
Continue Reading “iOS IMAP Connection Issues Resolved”