Heartbleed; our recommendation for anynines users

Update: Wednesday April 9 at 16:55 CET we created new certificates for a9s.eu and a9sapp.eu, anynines’ gateways.

April 7th the OpenSSL team released a new version of OpenSSL to address a serious security issue that might leak sensitive data to anyone who is able to connect to your SSL services (if you are running OpenSSL version 1.0.1). CVE-2014-0160 is the official reference to this bug. The website heartbleed.com hosts a writeup of the consequences this bug might have.

StackOverflow related forums were literally overflowing with questions the last couple of days and rightly so. This serious vulnerability affects a substantial number of applications running on the internet, including anynines. We advise all anynines users to update their passwords as a precautionary measure.

If you are currently running SSL, you should re-key and reissue your certificate and update it, as it may have been exposed.

OpenSSL upgrade

All our servers, including all host machines of anynines and SSL gateways, are running automatic upgrades, started every 10 minutes by Chef. These upgrades have installed successfully at April 8, 6:36 AM CET and our webservers are now using the most recent OpenSSL dynamic library.

anynines certificates

The issue was fixed in all our systems directly after the new libopenssl version was available. We have checked all our hosts with open ports and SSL for any leaks and we are ‘all green’ on our side.

However, we cannot know for certain if any private SSL key is stolen. Therefor we advise you to re-key and reissue your certificates.

In case you have any questions, please send us an email at support@anynines.com.

Howto write a blog CMS with Sinatra (and Contentful)

contentful.png
This is a guest post by Andreas Tiefenthaler, Software Developer at Contentful. During a hack day at Contentful two weeks ago, he wrote a simple Sinatra blog app, backed by Contentful’s Content Delivery API, and deployed it on anynines (where else?). We asked him to share his experience.

My plan was to create a dead-simple blog application, to demonstrate how to use the contentful.com Ruby Gem. I decided I wanted to deploy the app from the very first commit on to avoid a hassle at the end of the hackathon, as we were supposed to showcase running applications.

Getting started with Contentful

Contentful is a CMS as a Service and allows you to create your own platforms without building the same backend over and over again. Contentful’s Content Delivery API works with JSON data; images, videos and other media is delivered as files. The API is a globally distributed CDN for content: All content, both JSON and binary, is served from the server closest to where a user is requesting content from, minimizing latency. (more…)

Attending the Ruby User Group Berlin April meetup at Kauferportal

On Thursday we attended the Ruby User Group (RUG::B) April meetup at Kauferportal. With 3 normal talks and 5 lightning talks the program was pretty packed. Good thing I summarized it for you:

Migrating databases like a Pro!

Hans Hasselberg, responsible for Ops at 6wunderkinder, talked about migrating databases. And not just your usual db/migrate, but actually moving an entire database to another server. 6wunderkinder uses AWS with PostgresSQL type db.m2.2xlarge. Preparing to move to a smaller server and improving efficiency (and thus optimizing for scalability), Hans had to simulate production load to make sure the new, tinier server won’t die under its load. How? By enabling query logging maybe, but that would mean touching the database. Or one could sniff the traffic. Say hello to ngrep. With a one time operation and a fixed set of operations however, you might miss an important set and you can’t compare how the new database behaves as apposed to the old one. (more…)