29 Sep
2017
29 Sep
'17
8:02 p.m.
Hello,
Unfortunately some more serious security issues have been uncovered
in Xen which affect versions and configurations which we have
deployed.
These were pre-disclosed yesterday, with full public disclosure
coming two weeks later on Thursday 12 October as normal.
So, we're going to have to patch everything and reboot before then.
This will very likely be taking place over three nights starting in
the early hours (BST) of Tuesday 10 October, but we will be sending
out an individual email to every customer confirming when they will
be affected.
For those unaware of what this entails, it means that at some point
within an hour-long maintenance window we will shut your VPS down
cleanly as the machine it's on is shut down, and then boot it again
once the machine has booted up. It typically takes 5-10 minutes.
As a reminder, you are able to opt for your VPS to be suspended to
and restored from SSD if you don't like losing program state:
https://tools.bitfolk.com/wiki/Suspend_and_restore
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
29 Sep
29 Sep
8:39 p.m.
Blimey, Xen's giving you some right trouble at the moment!
Thanks very much for all the clear explanation as to what's up. Much
appreciated. (Doesn't affect me at the moment as my VM is idle after I
changed my original plans and have been very short of time to start again,
but the clarity is still making me glad I chose you guys).
Best
Lester
On 29 Sep 2017 21:02, "Andy Smith" <andy(a)bitfolk.com> wrote:
Hello,
Unfortunately some more serious security issues have been uncovered
in Xen which affect versions and configurations which we have
deployed.
These were pre-disclosed yesterday, with full public disclosure
coming two weeks later on Thursday 12 October as normal.
So, we're going to have to patch everything and reboot before then.
This will very likely be taking place over three nights starting in
the early hours (BST) of Tuesday 10 October, but we will be sending
out an individual email to every customer confirming when they will
be affected.
For those unaware of what this entails, it means that at some point
within an hour-long maintenance window we will shut your VPS down
cleanly as the machine it's on is shut down, and then boot it again
once the machine has booted up. It typically takes 5-10 minutes.
As a reminder, you are able to opt for your VPS to be suspended to
and restored from SSD if you don't like losing program state:
https://tools.bitfolk.com/wiki/Suspend_and_restore
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
30 Sep
30 Sep
7:21 a.m.
Hi,
In addition to Lester's email below, I have received one email
off-list expressing concern about the amount of Xen security
advisories recently, and asking whether I was considering changing
to a different hypervisor. I thought I'd respond on-list [also Bcc'd
to the person who contacted me off-list].
I am of course not happy with the amount of serious Xen security
flaws that have been uncovered recently. BitFolk turned 10 years old
this year and in the first few years it was unusual to see one
serious XSA per year. This latest set will have been the third set
in three months.
Most of the problems are being discovered by the Xen project
themselves as part of their ongoing development efforts, or by
developers at the handful of very large companies that use it, e.g.
Amazon and Oracle. I do not believe that code quality has gone down
recently; I think it is more the case that they are getting better
at spotting bugs. Most of these bugs affect all versions of Xen, so
have been present for years.
When considering another hypervisor, what that effectively means is
KVM.
There are probably more companies using KVM and it is certainly a
better known brand name in the virtualisation world, though I
suspect in terms of number of bare metal hosts running it, AWS's use
of Xen would put it ahead there.
If I started BitFolk over again then KVM would probably be the first
thing I would look at, but I'm still not entirely sure that I would
go with it.
Although Xen has seen a lot more security advisories than I would
like, especially in the last 2 years, I do appreciate its security
disclosure process. It's what enables BitFolk to be notified of
security bugs at the same time that huge companies like Amazon and
Oracle find out about them (unless they discovered them,
obviously!), 2 weeks before the rest of the Internet.
Another thing to consider is that Xen are disclosing every bug that
could ever possibly have an effect, not just bugs that are
exploitable in Linux.
When comparing the situation against KVM it's hard because the KVM
project doesn't have a security bug disclosure process at all. They
don't send advisories. The only place they show up is in the
changelog of the Linux kernel, and not all security issues make it
there. I'm sure that any that are known to be exploitable in Linux
do, of course.
So basically, I really appreciate there being a comprehensive list
of advisories for Xen¹ and BitFolk being included in a 2 week
pre-disclosure, neither of which we would get with KVM.
It's true though that I haven't had a look at KVM in a long time and
haven't ever had a proper look at it. I will do that in the next few
months just to get a better handle on things.
As regards making Xen patching a less disruptive process, as you're
probably aware I'm already pushing suspend-and-restore (almost all
of BitFolk's infrastructure VMs do it). I am next going to put
concerted effort into investigating live patching:
https://wiki.xenproject.org/wiki/LivePatch
That's basically similar to the various kernel live patching
efforts, but for Xen (which is booted as a kernel, too).
We're currently running 4.8.x and live patching was only a
technology preview in 4.7. I still don't think it is quite ready yet
and don't expect this to become really usable in production until
I've upgraded all hosts to Debian stretch and moved to Xen 4.9.
I would hope by then that most security bugs can be live patched so
as to not require a reboot.
I am sorry for the disruptions these security patchings are creating
— it's certainly no fun for me either! Not only do I have to do the
work but also the vast majority of my personal and professional
hosting runs at BitFolk too.
Cheers,
Andy
¹ http://xenbits.xen.org/xsa/
On Fri, Sep 29, 2017 at 09:39:04PM +0100, Lester Hawksby wrote:
Blimey, Xen's giving you some right trouble at the
moment!
Thanks very much for all the clear explanation as to what's up. Much
appreciated. (Doesn't affect me at the moment as my VM is idle after I
changed my original plans and have been very short of time to start again,
but the clarity is still making me glad I chose you guys).
Best
Lester
--
https://bitfolk.com/ -- No-nonsense VPS hosting
1 Oct
1 Oct
10:32 p.m.
** Andy Smith <andy(a)bitfolk.com> [2017-09-30 08:21]:
Hi,
In addition to Lester's email below, I have received one email
off-list expressing concern about the amount of Xen security
advisories recently, and asking whether I was considering changing
to a different hypervisor. I thought I'd respond on-list [also Bcc'd
to the person who contacted me off-list].
I am of course not happy with the amount of serious Xen security
flaws that have been uncovered recently. BitFolk turned 10 years old
this year and in the first few years it was unusual to see one
serious XSA per year. This latest set will have been the third set
in three months.
Most of the problems are being discovered by the Xen project
themselves as part of their ongoing development efforts, or by
developers at the handful of very large companies that use it, e.g.
Amazon and Oracle. I do not believe that code quality has gone down
recently; I think it is more the case that they are getting better
at spotting bugs. Most of these bugs affect all versions of Xen, so
have been present for years.
When considering another hypervisor, what that effectively means is
KVM.
There are probably more companies using KVM and it is certainly a
better known brand name in the virtualisation world, though I
suspect in terms of number of bare metal hosts running it, AWS's use
of Xen would put it ahead there.
If I started BitFolk over again then KVM would probably be the first
thing I would look at, but I'm still not entirely sure that I would
go with it.
Although Xen has seen a lot more security advisories than I would
like, especially in the last 2 years, I do appreciate its security
disclosure process. It's what enables BitFolk to be notified of
security bugs at the same time that huge companies like Amazon and
Oracle find out about them (unless they discovered them,
obviously!), 2 weeks before the rest of the Internet.
Another thing to consider is that Xen are disclosing every bug that
could ever possibly have an effect, not just bugs that are
exploitable in Linux.
When comparing the situation against KVM it's hard because the KVM
project doesn't have a security bug disclosure process at all. They
don't send advisories. The only place they show up is in the
changelog of the Linux kernel, and not all security issues make it
there. I'm sure that any that are known to be exploitable in Linux
do, of course.
So basically, I really appreciate there being a comprehensive list
of advisories for Xen¹ and BitFolk being included in a 2 week
pre-disclosure, neither of which we would get with KVM.
It's true though that I haven't had a look at KVM in a long time and
haven't ever had a proper look at it. I will do that in the next few
months just to get a better handle on things.
As regards making Xen patching a less disruptive process, as you're
probably aware I'm already pushing suspend-and-restore (almost all
of BitFolk's infrastructure VMs do it). I am next going to put
concerted effort into investigating live patching:
https://wiki.xenproject.org/wiki/LivePatch
That's basically similar to the various kernel live patching
efforts, but for Xen (which is booted as a kernel, too).
We're currently running 4.8.x and live patching was only a
technology preview in 4.7. I still don't think it is quite ready yet
and don't expect this to become really usable in production until
I've upgraded all hosts to Debian stretch and moved to Xen 4.9.
I would hope by then that most security bugs can be live patched so
as to not require a reboot.
I am sorry for the disruptions these security patchings are creating
— it's certainly no fun for me either! Not only do I have to do the
work but also the vast majority of my personal and professional
hosting runs at BitFolk too.
Cheers,
Andy
¹ http://xenbits.xen.org/xsa/
On Fri, Sep 29, 2017 at 09:39:04PM +0100, Lester Hawksby wrote:
> Blimey, Xen's giving you some right trouble at the moment!
>
> Thanks very much for all the clear explanation as to what's up. Much
> appreciated. (Doesn't affect me at the moment as my VM is idle after I
> changed my original plans and have been very short of time to start again,
> but the clarity is still making me glad I chose you guys).
>
> Best
>
> Lester
** end quote [Andy Smith]
I thought about commenting on the number of advisories myself, but
didn't. It's a case of whether to be concerned there are so many or
pleased they are being spotted!
Either way, I am more than happy with the way it is being managed. There
is minimal interuption to service and I'm happy to recommend Bitfolk for
hosting - and do.
--
Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001
Vice Chair, FSB Portsmouth & SE Hampshire Branch | http://www.fsb.org.uk/
=============================================================================
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
30 Sep
30 Sep
11:18 p.m.
On 29/09/17 21:39, Lester Hawksby wrote:
Blimey, Xen's giving you some right trouble at the
moment!
Thanks very much for all the clear explanation as to what's up. Much
appreciated.
Andy's transparency and honesty are why I have stopped scooting
around the internet looking for a better deal. Don't tell him,
but I would happily pay (a bit) more.
29 Oct
29 Oct
6:37 p.m.
On Sun, Oct 01, 2017 at 12:18:44AM +0100, Dom Latter wrote:
On 29/09/17 21:39, Lester Hawksby wrote:
I'm impressed how little disruption Andy manages, I let him do suspend
and restore and I basically never notice the interruptions.
Michael
Blimey, Xen's giving you some right trouble at
the moment!
Thanks very much for all the clear explanation as to what's up. Much
appreciated.
Andy's transparency and honesty are why I have stopped scooting
around the internet looking for a better deal. Don't tell him,
but I would happily pay (a bit) more. 
8:16 p.m.
On Sun, Oct 29, 2017 at 06:37:28pm +0000, Michael Stevens wrote:
I'm impressed how little disruption Andy manages,
I let him do suspend
and restore and I basically never notice the interruptions.
True, that is less disruptive. I have grown to welcome the full security
reboot process since. It used to be a big thing as I had uptimes greater
than a year (maybe two?), a reboot then would have been a great test of
weather I had correctly configured boot scripts.
With regular full boots this is no longer a problem.
--
Best regards,
Ed http://www.s5h.net/
2619
days inactive
2649
days old
6 comments
6 participants
participants (6)
-
Andy Smith -
Dom Latter -
Ed -
Lester Hawksby -
Michael Stevens -
Paul Tansom