Last night, a failure in the storage layer caused most of our services to be unavailable. In the week before, we replaced a failed hard drive. In the week before that, a so-called Virtual Fabric Adapter failed, causing a hypervisor to shut itself off. Since the most recent incident was the more serious downtime, that’s what we’ll start our reporting on.
Over the course of today, we’ve upgraded our environment to run Collabora Online 3.2. Having waited for a point in time where no collaborative editing sessions had been ongoing, no-one should have noticed any service interruption.
Our team has received multiple inquiries about our service’s compliance with GDPR. We answer these individually, but here’s a short-form of the types of questions that we answer.
For most people, it’s been looming about pretty silently over the past few years, but TLS v1.0, the oldest and earliest version of Transport Layer Security is considered deprecated. The Payment Card Industry (PCI) data security standard (DSS) version 3.2 from April 2016 recommends full deprecation by the end of June 2018.
In compliance with these standards, while originating from the payment card industry, widely regarded to as a guiding standard for other industries, Kolab Now has disabled support for TLS v1.0.
Why? What does that mean?
Privacy Badger is a browser extension by the Electronic Frontier Foundation, that prevents sites from tracking your visits across the web. It’s available for Chrome (the most popular browser among our visitors and customers), Firefox (second) and Opera (nowhere to be found).
I’m considering adding a little bit of transparency to how, and perhaps how well, Kolab Now infrastructure is run, or is running.
In recent times, Bitcoin payments have suffered three major blows;
- Our payment provider now requires customer’s wallets to use a Bitcoin Payment Protocol, while some wallets are simply not compatible,
- Transaction confirmation times have increased, and then increased some more, both inconveniencing our users and increasing the underpay/overpay problem,
- Transaction fees have gone through the roof, making the use of Bitcoin less and less attractive, especially for smaller transactions.
Obviously, this is causing some of our customers some grief. Some of the customers that choose to want to use Bitcoin payments exclusively will actually use profanity in expressing their frustration over these changes, but our support staff does not deserve that. I, for one, will defend my staff and cause those customers to find themselves on the losing end of this “conversation”.
In the past, we’ve had several occurrences of DNSSEC signatures on DNS zones expiring — partly by not using our own product to the fullest extent of its capabilities. Embarrassing, if you ask me, but it’s more like a misappropriation of the features we did use, where we maybe should have used another feature better suited to our processes and collective work-flows.
So let me explain how we use Kolab’s features to battle our recurring task to refresh signatures, and why and how this is a task that requires manual intervention.
If I were to summarize the issue with these vulnerabilities then in principle they would, when successfully exploited, allow reading memory that doesn’t belong to the process, the user or even the same operating system instance. In just that way, the Kolab Now infrastructure isn’t impacted.
However, we’re still going to need to patch this out. The only way we can is by updating software and rebooting systems, and this will happen during the weekend of Saturday January 13th and Sunday January 14th.
This is a reminder that our annual certificate renewal period is coming up soon. Usually, we have our certificates issued some time in December, and certificate issuers allow for a grace period up to some time in January. We’re now in that grace period, so our certificates are going to be renewed and cycled throughout our infrastructure.