freistilbox Blog

Page 1 of 17 » Older articles

We’re dropping TLS 1.0 support in January

The SSL protocol and early versions of its successor TLS have many known vulnerabilities. In recent years, exploits like POODLE, BEAST or Logjam got wide public attention, and on our edge routers, we’ve disabled many a cipher and hash algorithm that turned out to be too weak for proper web security.

The freistilbox edge routers receive web requests from the internet and pass them on to the freistilbox cluster running the respective website. In between, they decrypt inbound HTTPS requests and encrypt the outbound responses. This method named SSL termination takes computational load off the rest of our managed hosting platform and allows us to optimise these servers for high-performance cryptography.

With TLS 1.0, we’re now going to say goodbye to a whole protocol version. It has long been known as insufficient for secure data transfer, and its use is expressly advised against by industry guidelines like the Payment Card Industry Data Security Standards (PCI DSS). In its Appendix A2, PCI DSS v3.2 states that

  • New implementations must not use SSL or early TLS as a security control.
  • All service providers must provide a secure service offering by June 30, 2016.
  • After June 30, 2018, all entities must have stopped use of SSL/early TLS as a security control, and use only secure versions of the protocol.

At freistilbox, we’ve been providing our customers with the highest quality in secure data transfer and DDoS protection for many years. In order to ensure this quality for the future, we’re going to end TLS 1.0 support on January 31st 2018.

After this date, our edge routers will not accept incoming connections using the TLS 1.0 protocol anymore. While TLS 1.0 is no longer a requirement for most web applications, we ask all our customers to make sure in due time that the proper operation of their web applications does not depend on TLS 1.0 being available. You can use websites like How’s My SSL where you can check the compatibility of your web browsers and other HTTP clients. And if you need help, please don’t hesitate to contact our technical support team.

Vienna calling!

Final preparations for DrupalCon Vienna are underway, and of course freistilbox is going to take part in Europe’s biggest Drupal conference!

Vienna might very well be the last European DrupalCon because the Drupal Association came to the conclusion that major changes are required to return the conference to a successful path, from both a financial and community management perspective. There will be interesting discussions at and after DrupalCon for sure!

But next week, we’ll still party like it’s 1999! Each day will be packed with presentations, code sprints and Birds-of-a-Feather (BoF) sessions. I myself am going to venture out of my comfort zone and this time give a talk not in the familiar DevOps track but in the Project Management track! In Lean Web Operations — Planning for the Unpredictable, I’m going to describe the journey of our web operations team out of growing chaos to consistent progress. During the last 12 months, we’ve gained a tremendous amount of experience with planning, distributing, tracking and, most importantly, actually finishing our work. If you’d like to see how we turned the freistilbox ship around before it could hit the rocks, come to room Schubert 3 on Wednesday at 15:45!

And if you’d like to chat about managed Drupal hosting or learn more about our ideas on Docker hosting, I’ll be happy to meet you somewhere around the venue!

You’ll find all the important details on my talk and how to get hold of me during the conference on our DrupalCon page. See you in Austria!

Proactive renewal of RapidSSL certificates to prevent Chrome issues

After a number of scandals related to dodgy SSL certificates, Google decided in March 2017 to take measures against Symantec and its brands Thawte, GeoTrust and RapidSSL. Google’s initial proposal included many limitations, for example removing ‘trust’ in existing Symantec certificates from the Chrome browser, showing Symantec EV certificates as domain validation certificates without a company name and green address bar, and limiting certificate validity to 9 months. After long discussions on the Chrome mailing list, a new proposal defined revised, less disruptive measures. Still, Google states that starting 31 August 2017, Chrome may gradually begin mistrusting Symantec, GeoTrust, Thawte and RapidSSL branded certificates that were issued before 1 June 2016.

At freistilbox, we’ve been partnering with DigiCert for many years to provide our customers with owner-validated SSL certificates. The security of these certificates has never been in doubt.

However, our customers have been able to choose RapidSSL as a less cost-intensive alternative for domain-validated SSL certificates. Since the proposed changes in Chrome could cause some operational disruption for customers using RapidSSL certificates, we’re taking action to prevent any issues in advance.

We’re in the process of reissuing all valid RapidSSL certificates that we provided before June. Our web operations team coordinates the renewal process with each affected customer via individual support tickets. These certificate renewals are free of charge and will not interrupt website operation.

Providing secure and reliable SSL encryption on our managed hosting platform has always been a priority for us at freistilbox, and we’re continuing to do so with these proactive measures. If you too would like to work efficiently and sleep peacefully while we take care of running your Drupal and WordPress websites, check out our hosting plans and prices!

Increased data centre internet bandwidth

Every month, the websites of our managed hosting customers deliver many terabytes of content. That’s why it’s important for us to have high-performance connections to as many global networks as possible.

We’re happy to report that our data centre has recently increased its total internet bandwidth to 2.02 Terabit/s. I wouldn’t mind having my office connected with this bandwidth; it would take me 4 seconds to transfer a terabyte of data!

In detail, the following upstreams were added or upgraded:

  • Peering points
    • 20G Netnod
    • 10G STH-IX
  • Private peerings
    • 60G Google
    • 40G RETN

Drupal businesses need better support

There is a lot of unmet demand in European Drupal businesses, especially in SMEs, for better support with growing their customer base and entering new markets. This is my main takeaway from the recent European Drupal Business Days in Frankfurt.

Some people in the Drupal community wonder if we need business events. From what I saw and heard at the European Drupal Business Days in Frankfurt, we do. Many talk and discussion topics at the conference hit a nerve for its 180+ attendees.

I focused my attention on the CXO Day that started the conference, not only because I’m from one of the (still few) Drupal businesses that aren’t agencies but also because I was invited to give two talks — getting into the right state for presenting always limits my attention span. The day was structured as a series of group discussions, each preceded by a few presentations. The three core topics were Specialisation, Verticals and Business Model Innovation, Marketing and Sales Strategies and Growth and Expansion.

At Drupal conferences, it seems to be, as we say in software engineering, a pattern to leave the warm-up to a well-known keynote speaker and community member named Jeffrey A. McGuire, and this one was no exception. In his talk, Jam explained why Drupal isn’t enough anymore. Next, Taco Potze shared his experience with transforming his company From offering services to products, leading perfectly into Manuel Pistner’s talk about Recurring revenue in the Drupal business. The first group assignment was to use the Business Model Canvas to design the Drupal agency of the future. What made this exercise much more interesting to me was that the group I was in decided to deviate from this goal. Our discussions quickly led us to the conclusion that most Drupal agencies, both existing and future ones, share the same challenge: convincing enterprise customers that Drupal is a viable (if not better) alternative to contenders like Sitecore and Adobe Experience Manager. Drupal managed to get onto Gartner’s Magic Quadrant, but only by piggybacking on Acquia’s success. And although the Drupal Association is making an effort to sell Drupal, doing the split between community and business support is a tough nut to crack. Drupal shops are looking for better support with both growing their share of the market and the market itself. That’s why our group decided to design an imaginary Drupal Business Foundation instead of an agency. It turned out to be an inspiring thought experiment that I think is worth revisiting at the DrupalCon Business Summit (which, by the way, has been resurrected by the local Drupal community!).

Michel van Velde opened up the next topic block with his talk Why Drupal needs marketing, a view that had shaped the Drupal Business Foundation idea earlier. In the final block, Janne Kalliola stated that You need to grow to stay alive!. From his talk, the statement that stood out most for me was that if you’re in an expanding market and you’re not growing, your business is in reality shrinking.

Before Iztok Smolic shared his experience with Transforming an agency to a profitable business, it was my turn to talk about what I had to learn about not just growing a team but also making growth effective for your business. I felt a bit uncomfortable being so transparent, but the feedback after my talk confirmed that we’re far from alone in going through growing pains and that the recent changes we’ve made inspired quite a few of the attendees.

The official CXO dinner turned out to be much more fun than I expected. I had booked my ticket just as a nice networking opportunity in a not too noisy location — taking part in conversations in loud places like pubs tends to wear me out quickly. Not only was the dinner location (the top of the Main Tower building) breathtaking and the food amazing, I got to have a great conversation with Stephen Kenealy, the co-founder of Monsoon Consulting, a Drupal agency also based in Ireland.

After breakfast the next morning, I spent an hour and a half rehearsing my second talk titled Under Pressure — Building Resiliency in IT Teams. The fact that I was a bit drained from the day before became apparent when I laid down on my bed to relax for a few minutes. I woke up two hours later. After returning to the conference just in time for lunch, I spent most of the time before my lightning talk with attending the earlier ones to see how the other speakers do them. To be honest, Lightning was only used as a synonym for short here. Actual Lightning Talks have special rules that force speakers to be very concise, and I think not having them in place was a missed opportunity. My talk went over well and although it didn’t draw a huge crowd, the active Q&A afterwards showed that dealing with stress is a topic in Drupal circles.

Out of the conferences that I attended in the last twelve months, the European Drupal Business Days was one of the best. The CXO Day was a great opportunity for me to catch up with and learn from other Drupal business leaders. Thanks to the diverse topics and especially the group discussions, I was able to take away much more than from the Business Summit at DrupalCon Baltimore where I only got to watch a few presentations about topics that didn’t interest me too much.

How could the European Drupal Business Days be improved? Honestly, I don’t see too many things. It would have been nice to know further in advance that the conference part would end on Friday and that Saturday was set aside for sightseeing only. Since I had to be in Edinburgh for our company retreat on Monday, I had decided to fly there directly from Frankfurt on Sunday; had I known that the weekend was free, I would rather have spent it with my family back in Ireland. The requirement for speakers to send in slides early was a clever move but having to present from PDF files instead of your familiar presentation software made it harder to touch all the important points and keep a steady pace and flow. Apart from that, it’s all thumbs-up, a Drupal business event well done!

I’m excited to see what Ivo and his team will come up with for DrupalCon and I’m looking forward to seeing all you great Drupal business folks again in Vienna!

Page 1 of 17 » Older articles