24 Apr
2018
24 Apr
'18
6:43 p.m.
Hello,
Sadly today we've been made aware of another security issue that's
going to have to be patched, which means once again we have to
reboot everything.
It is a pity they couldn't have held the last one back for a week in
which case we'd have been able to roll the two patches together, but
they have a schedule for disclosure that they have to stick to.
So, this set of reboots is most likely to take place in the early
hours of the morning on 5/6/7 May. In the next couple of days we
will send out direct mails to all customers to let you know exactly
when your one hour maintenance window will be.
We should be able to use suspend/restore on this one so those who
have indicated that they want that should see that happen. You can
set that from:
<https://panel.bitfolk.com/account/config/>
For the benefit of new customers joining us what all this means is
that some time during the one hour maintenance window that you'll be
informed of individually by direct email, we will:
- Suspend to disk all the VPSes that have opted for that
- Shut down the rest cleanly
- Reboot the server into the patched hypervisor
- Restore the suspended VPSes
- Boot the rest
Although the maintenance window for each server is one hour long,
the work generally takes about 15 minutes.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
28 Apr
28 Apr
4:29 a.m.
New subject: [bitfolk] Security reboot needed, likely to be weekend of 5/6/7 May
On Tue, Apr 24, 2018 at 06:43:27PM +0000, Andy Smith wrote:
So, this set of reboots is most likely to take place
in the early
hours of the morning on 5/6/7 May. In the next couple of days we
will send out direct mails to all customers to let you know exactly
when your one hour maintenance window will be.
These emails have now gone out. If you haven't received yours,
please check your spam folder etc. and if still not found please
get in touch with support(a)bitfolk.com.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
5 May
5 May
3:06 a.m.
New subject: [bitfolk] Security reboot needed, likely to be weekend of 5/6/7 May
On Tue, Apr 24, 2018 at 06:43:27PM +0000, Andy Smith wrote:
So, this set of reboots is most likely to take place
in the early
hours of the morning on 5/6/7 May.
Today's maintenance has been completed without incident.
Last time I mentioned that newer CPU microcode was available for one
host (elephant) but had been held back by Intel for unknown reasons,
so hadn't been applied. Intel released the update last week so this
microcode update has now been applied. All of our servers are now
running the latest available microcode.
Work on the remaining hosts takes place at similar times over the
next two days. Thanks for your patience!
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
7 May
7 May
4:05 a.m.
New subject: [bitfolk] Security reboot needed, likely to be weekend of 5/6/7 May
Hello,
On Tue, Apr 24, 2018 at 06:43:27PM +0000, Andy Smith wrote:
So, this set of reboots is most likely to take place
in the early
hours of the morning on 5/6/7 May.
This maintenance work has now been completed without incident.
Details of the security issues fixed in this work will be available
at <http://xenbits.xen.org/xsa/> once the embargo ends at 2018-05-08
17:00Z.
In terms of future security bugs though, I do not think we are out
of the woods yet. :(
A whole bunch of new Spectre CPU bugs will come out of embargo later
today:
<https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html>
I think there is a good chance that these will require further CPU
microcode updates and/or fixes in software. We ("the industry")
always knew from the first disclosure that the first round of
Spectre bugs were not going to be the last that would be found.
Also the mitigation technique (XPTI) that Xen used for the Meltdown
CPU bug did impose quite noticeable performance overhead and Xen
now have a refined approach to this which reduces this overhead
considerably¹. I will not force a maintenance just for that, but I
am keen to get it deployed. In the unlikely event that it can't be
rolled in with a security fix in the near future, I may deploy new
hardware with those improvements and allow movement of VPSes to it.
Thanks for your patience!
Cheers,
Andy
¹ https://lists.xenproject.org/archives/html/xen-devel/2018-04/msg02043.html
--
https://bitfolk.com/ -- No-nonsense VPS hosting
2386
days inactive
2399
days old
3 comments
1 participants
participants (1)
-
Andy Smith