Slicehost

A vulnerability exists in many versions of the Debian OpenSSL library that produces predictable keys.

What you should do if you are running Debian or Ubuntu

If you are running any version of Debian or Ubuntu, you should install the patched version of the openssl package and regenerate any cryptographic keys or certificates that were built using the old version. Updates also exist for related packages that blacklist use of known bad keys.

Ubuntu OpenSSL advisory

Ubuntu OpenSSH advisory

Ubunty OpenVPN advisory

Debian OpenSSL advisory

Note that simply updating the packages is not sufficient to patch this issue, you will need to actively replace any and all keys that are vulnerable.

A test for vulnerability can be downloaded here

To update an existing slice-

Debian
aptitude update
aptitude upgrade && aptitude dist-upgrade

Ubuntu 7.10 & 8.04
aptitude update
aptitude safe-upgrade && aptitude full-upgrade

What you should do if you are running any other distro

Due to the way your slice is initially built, other distro's that are not directly vulnerable may have weak ssh host keys. We would recommend regenerating all slice host keys at this time, which would look something like this-

rm /etc/ssh/ssh_host_[rd]sa_key
ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
/etc/init.d/ssh restart

Note that only the 2 host keys on non-deb/ubuntu slices would potentially be affected.

Our Debian and Ubuntu base installs are updated to fix this issue. Any slices built after Wed May 14 GMT 17:00 are already patched.

For questions and comments please use this forum thread

Recorded last Friday for your listening pleasure. We introduce Tony Dolan, discuss mod_rails, a new Ubuntu image, our new office, Jason’s memristor lust and Yahoo-Microsoft. Intro music is What’s the Altitude (Cut Chemist) and exit music is Ghost (Neutral Milk Hotel).

Direct download

Subscribe to the podcast feed

iTunes link

Remember when getting a rails app running took 4 cans of Redbull and an afternoon of googling? Ahh the good old days. Over on our articles site, Paul has new tutorials up on installing mod_rails and using it to serve your app. Should take you all of 2 minutes. Kids today have it so easy.

Paul prepared the 8.04 LTS (Hardy) images last night. If you’ve been waiting for the latest version of Ubuntu, it’s available now for new slices and rebuilds. Enjoy!

Most of you are familiar with Pickled Onion’s famous articles and tutorials site. Wanting to hit some topics in greater detail, he’s been working on ebooks designed for those new to the Slicehost community. The first batch covers SliceManager:

• Slicehost Account Creation and Login
• Slicehost Account Management
• Slice Administration
• SliceManager DNS Administration

We hope those of you using our services for the first time find these books helpful. Please let us know what you think and send ideas for more topics. And a big cheer for Pickled Onion who put these together!

Recorded last Friday for your listening pleasure. We discuss 4GB slices, the website redesign, the API, new iPhones and new Macbook Pros for Matt and Jason and taxes. Intro music is Hey by The Pixies and exit music is You Can’t Always Get What You Want (Soulwax mix).

Direct download

Subscribe to the podcast feed

iTunes link

The Slicehost API is an interface to Slicehost services, allowing users to automate tasks as needed. Please note that the current iteration allows access to DNS only. This will change in the future as we add access to more services.

To use the API, you must have a Slicehost account. You may enable or disable API access from this account, and you may re-generate your API password as you see fit. You can find this option in the SliceManager on the API page under the Accounts tab. This API follows a standard ActiveResource pattern as seen in Ruby on Rails.

Resources

• Slicehost API Reference (PDF)
• ActiveResource README
• PyActiveResource

The original Slicehost site was a product of our elite design skills. Has everyone stopped laughing yet? We’re grateful that our customers focused more on the message and less on the look. Alas, it was time to retire the old site and bring in the professionals. Steve Smith of Ordered List, a long time Slicehoster, was up to the task. He created a great new design for the site that stays true to the original and does not look like it was made by a ten year old with a CSS book on christmas morning. Months later that still stings Michael :)

Everything, including old links, should be working. Just in case the blog is now at www.slicehost.com/blog and the feed is here. We hope you like the new style. Please let us know what you think!

Has that 2048slice been cramping your style? Today 4096slices are available to everyone for resizes and new slices. That’s 4GB of RAM, 160GB of storage and 1600GB of bandwidth for your computing pleasure. 8GB here we come…

A few weeks ago, we received an email from Stephen Spector of Citrix. He’s the Community Manager for Xen.org and wanted a site for the Xen blog. He knew we were proponents of Xen and after a brief chat the blog was up and running. We’re honored to have the site at Slicehost and grateful for the work that goes into the Xen.org project. If you’re looking for updates and news on the virtualization software that powers your slice, blog.xen.org is the place to go.

We’re pleased to have Tony Dolan joining us starting today. Tony lives in St. Louis and came highly recommended via a mutual friend of ours. He has a background in managed hosting and has worked extensively with J2EE deployments using Tomcat and Resin. He’ll be assisting with systems administration, hardware management and customer support. Stop by the chatroom and give him the standard hazing.

Slicehost was mentioned in an interview with Dmitriy Samovskiy at High Scalability. Dmitriy discusses an article he wrote for Linux Journal, Building a Multisourced Infrastructure Using OpenVPN. He proposes using OpenVPN to connect servers in multiple datacenters to minimize downtime and risk. It’s an interesting read for customers looking to ensure availability and pertinent for people running slices in both of our datacenters.

For your listening pleasure, the 3 way handshake episode 8. Myself, Jason and Paul discuss a breaker trip from last week, OpenID in SliceManager, Linux kernel vulnerabilities, new Macbook Pros and iPhones. Intro music is Motivational Speaker by Cut Chemist and exit music is Mercy Me by What Made Milwaukee Famous.

Direct download

Subscribe to the podcast feed

iTunes link

Jeff from Magnetk sends a $5 off coupon for ExpanDrive, lowering the price to $24. Great tool for Mac users working on their slices.

Coupon code: ZQCGHPX2LEGFLFI6

It’s good for 50 users. Thanks Jeff!

Lot’s of buzz for the new Mac app ExpanDrive. There’s even a plug on the Textmate blog, where folks have been clamoring for a remote editing solution for as long as I can remember. ExpanDrive allows you to mount SFTP servers in finder, making remote work easier. Gruber says:

For many typical tasks, ExpanDrive is far more convenient and seamless than a standalone client like Interarchy or Transmit. You don’t have to worry about uploading or downloading, it works more like a USB flash drive — you just save and open files directly. If you open remote files checked out of an SVN (or other revision control system) repository, you can use the built-in SVN commands in BBEdit or TextMate, just as though the files were part of a repository checked out on your local drive.

And everyone comments on how fast and easy it is to use. If you’ve been working on your Slices’ apps via SFTP, this could be the tool you’ve been waiting for.

Update – Jeff from Magnetk sends a $5 off coupon for Slicehost customers. It’s good for the first 50 users and lowers the price to $24. Coupon code: ZQCGHPX2LEGFLFI6