Over the last few days there has been some concern regarding an announced but not yet published vulnerability in Xen. Some large parties announced urgent maintenance, a security advisory was announced but placed under embargo and several technical news outlets speculated on the severity and impact of this leak.
The embargo was lifted today and the vulnerabilty was published.
As you may already have read late yesterday a large vulnerability called 'Shellshock' was found in bash, a software package used on virtually every Linux, Unix and Mac OSX server. Bash is most known as a shell interpreter which allows logged-in users to execute commands.
Apart from this bash is used extensively in a number of different ways such as shell scripts, supporting language for packages like CUPS and DHCP clients and in some cases as the language of choice for CGI scripts.
The vulnerability presented yesterday allows attackers to manipulate environment variables which are then treated as commands and executed by bash. This also means that all systems using bash are in theory vulnerable, the extent however to which they are vulnerable is determined by the way bash is used.
As of today, we have made it possible to secure access to the CloudVPS Interface and the Skyline interface for our OpenStack services using Two Factor Authentication (TFA).
Security experts explain TFA as: "There are 3 independent authentication factors: What you know (password), what you have (hardware token, mobile phone) and who you are (fingerprint). Two Factor Authentication means the system is using two of these factors for authentication.
Especially after the heartbleed bug in OpenSSL, TFA is increasingly demanded by serious internet users: "If an single authentication factor is being compromised, a second factor should be necessary for gain access to a system. Using a password often is not good enough.".
On the 19th of May we have launched our OpenStack Compute platform. Over the summer hundreds of customers have put the platform into use running more than a thousand servers at the moment.
The initial prices and packages were determined on a very conservative basis. Now we are getting an increasing amount of information regarding the actual performance of the platform it turns out to be so high that we can start using somewhat less conservative assumptions. This means our cost prices reduces and we can pass that advantage on to our customers. We implemented a CPU upgrade last month. This time we want to adjust our virtual server packages (Flavors) and the pricing of Volumes (extra harddisks) in favor of our customers.
CloudVPS launches a long expected new piece of software, CloudVPS BOSS, or Backup to Object Store Script. This program allows you to backup Linux servers to our highly redundant and cheap CloudVPS Object Store, instead of to our backupservers.
This article is an extensive guide on building high available clusters with Ansible and Openstack. It is written by CloudVPS cloud admin Remy van Elst and was published last week on his personal blog raymii.org.
We'll build a Highly available cluster consisting out of two load balancers, two database servers and two application servers. This is all done with Ansible, the cluster nodes are all on Openstack. Ansible is a super awesome orchestration tool and Openstack is a big buzzword filled software suite for datacenter virtualization.
At the lanch of CloudVPS Compute on the 19th of May 2014 the initial prices and cloud server sizes (flavors) were estimated on a conservative basis. Now we have actual usage data we can provide our customers with more capacity or lower prices. Today we have increased the CPU capacity of most flavors on offer. In the near future you can expect us to lower the cost of extra volumes.
As of today we've added FreeBSD to our available OpenStack images. This is a bare install of FreeBSD 10.0-RELEASE x86-amd64. It is prepared with BSD Cloudinit so that ssh keys and resizes work with Openstack.
We also added a Fedora 20 image. This is the official Fedora 20 64 bit Cloud Image, taken directly from cloud.fedoraproject.org. The image is configured with cloud-init, and so will take advantage of the OpenStack metadata services for provisioning ssh keys. Note that the root account is disabled, but sudo access is granted to a special login user. For Fedora 19 and newer releases, this user is 'fedora'.
We have recently added a suite in Equinix AM3 as one of our main points of presence. We decided to add a second Equinix managed location to our growing network because of the positive experiences we have had with the company as a customer in Equinix AM2. Also important is that AM3 is the top datacenter in the Netherlands both in terms of sustainability and resilience.
Equinix is the largest datacenter group in the world with a focus on the quality of their service. They currently manage more than 100 datacenters in countries around the world.
This blog is written by CloudVPS developer Koert van der Veer, it was published earlier this month on his personal blog.
There are a ton of CMS systems for personal blogs. Wordpress is probably the most popular one, but there are many others. These CMSs tend to have an online admin panel, protected by a password. Creating a blog entry is usually pretty easy, although when you're a bit picky about the appearance of your post, you'll end up editing HTML.
While these systems are perfect for non-techsavvy users, they have one major weakness: both the software and the content need to be on the same server. This means that the software you use is exposed to the entire internet. Just google wordpress vulnerability to get a sense of the implications. Moreover, you'll need a server configured for some script language, usually PHP, which has both cost and performance implications. Lastly, if your blog gets slashdotted, there is often no good way to scale your blog, as there are many dynamic components.
If nice wysiwyg editing is not among your requirements, you could decide to switch to a static blog system. In this blog I'll be using the CloudVPS objectstore as a storage medium, but there are many alternatives for that, too.