After a review of our security practices brought on by the recent Debian ssh key security issue (which does not affect our FreeBSD-based service), we’ve decided to upgrade the strength of our RSA ssh host key from 1024 bits to the same length that we recommend you use, 4096 bits.
The correct/current RSA host key:
For most of our production servers, we run FreeBSD 6.3, which is a well-tested, stable, and excellent-performing release. However, the FreeBSD world moves on and FreeBSD 7.0 was released earlier this year. The primary benefit to the new version is supposed to be vastly improved performance, ranging from 350% to 1500% faster, under heavy workloads.
Hey, we have some heavy workloads…
Continue reading Experimental FreeBSD 7 + ZFS + MySQL technology trial…
It’s often hard to think about disaster planning. The thing about all disasters is that they’re really unlikely, but the consequences of winning the disaster lotto are, well, disastrous.
We don’t want anything horrible to happen to our service, we don’t expect anything horrible to happen, and (for the paranoid among us) aren’t aware of any horrible about to happen. Prudence simply dictates that we acknowledge that disasters are possible and take reasonable precautions to ensure that, were our disaster ticket to get punched that we would be eventually able to recover. (We’re talking about large scale the-entire-datacenter-is-permanently-gone-or-unusable disasters here.)
For us, this means keeping heavily encrypted offsite copies of our key databases, all of our custom server source code, and a lot of configuration information. That’s all the stuff we would need to rebuild our service, member and account balance records from scratch. What it does not include is offsite copies of our members’ content. While we would love to be able to do that automatically, there’s so much of it that the expense would be considerable. We’ve chosen instead to allow people to choose for themselves whether they feel that level of additional protection (and cost) is justified. In a lot of cases, it probably won’t be, but it’s something we need to do for our data so we want you to have the option to do it for yours as well.
Therefore, we’ve entered into a relationship with highly-regarded backup provider rsync.net to offer an innovative (we think) kind of offsite backup service for hosted sites and MySQL processes.
Continue reading New offsite dead-drop backup service…