Apparently 14% of SSL certificates were signed using vulnerable MD5 algorithm.

Netcraft’s SSL Survey shows that 14% of valid third party SSL certificates have been issued using MD5 signatures . an algorithm that has recently been demonstrated to be vulnerable to attack by producing a fake certificate authority certificate signed by a widely-trusted third party certificate authority.

The researchers achieved this by producing a hash collision . they submitted valid certificate requests to a certificate authority (CA), while producing a second certificate that had the same signature but entirely different details. When the CA signed the valid certificate, the signature applied also to the invalid certificate, allowing the researchers to spoof any secure website that they liked. This attack is the first practical use against SSL of already-known attacks against the MD5 checksum algorithm.

A lot of crypto mumble jumble there. For the mere mortals like us, it’s probably easier to just check the websites that we are hosting are indeed using the more hack-proof SHA1 rather than MD5 to sign the certificate.

It’s going to be a new year in a few more days. Similar to what I have done last year, I think it will be worthwhile to look back what I have done over here in 2008.

I reckon the logo on Linode Wiki needs a change. Via Linode’s latest blog post, it is now possible to roll your own operating system with Linode’s pv-grub support. There’s even a tutorial on wiki on how to install NetBSD, although it’s far from “click and deploy” like its Linux Xen VPS offerings.

Besides a few earlier failed attempts to install FreeBSD and a few years of experience with Mac OS X, I am completely clueless on getting a xBSD box up and running. I’ll probably go for something like RootBSD’s Xen-based FreeBSD 7.0 VPS (which I presume will be much easier to set up than Linode’s) if I ever want to get into the daemon land.

Via TechNation, The Podcast Network, probably the world’s first podcasting network, went offline on Saturday due to technical issues, i.e. crashed hard drive(s) on their dedicated server. As of now (Monday, 48 hours later), the site is still not back.

On Saturday Dec 20, the hard drive on TPN’s server suddenly died. We are in the process of restoring and re-building all of our sites and will have all of the shows back online asap.

Hard drive crashes — it’s not if but when, and when that actually happens, are you prepare for it? Especially when it keeps every file of your online business, how much down time can you afford to loose, and how much are you willing to pay to reduce the downtime?

Well. Here is a review that was supposed to be done 9 months ago. Back in February, Nicolas from Gandi.net contacted me about reviewing their Xen VPS hosting product, which was under beta testing back then. I had a review VPS from them for two weeks, did a few tests, but was not able to write a review due to my circumstances back then (I have been very busy this year). Then last week Wendy from Gandi independently contacted me again asking whether I would like to review their VPS product. I logged back into Gandi’s control panel — and surprise!! — the VPS is still there (the expiry was at the end of this year)! So here it is, a Gandi.net Xen VPS review that’s 9 months overdue.

A few months ago I reviewed VPS Media’s Xen VPS. It was a relatively young hosting start up (although with years of experience behind it). In the email interview I asked Carlos of VPS Media about their up-coming plans, a customised control panel is on the card so they can ditch HyperVM. However the detail was pretty secretive…

Then a few days ago I received an email from Carlos about a new service that they are going to launch — Webbynode, which is currently recruiting beta-testers.

Two years ago I wrote about a Woot-like 1 deal a day site in Australia, Zazz, and how using shared hosting might have lost them business as the hosting server simply cannot cope with flood of traffic at that specific time of the day. Now Zazz is hosted at Rackspace, a premium managed dedicated server hosting company (which also recently became the parent company of SliceHost, whom I use to host this website). Good choice I guess, as I have not experience any more stability and performance issue from Zazz again.

Gee. It has been a while since I’ve last written here, and it will be a while again for my next post as I will be on holidays from next Monday (visiting families in Hong Kong and Taiwan). Let me share one small utility program that I wrote quite a while ago.

We all know that the Linux command free(1) is pretty useless inside an OpenVZ VE, even those with meminfo virtualised. So I basically wrote this little util to grab the data from the dreadful user_beancounters and format them into something useful. It’s written in C and only depends on libc so it’s pretty light weight. It also does a little bit of analysis instead of just dumping the data, which I will explain later on.

Latest offering from Amazon Web Services? A Content Delivery Network! Got this from email a few minutes ago:

Many of you have asked us to let you know ahead of time about features and services that are currently under development so that you can better plan for how that functionality might integrate with your applications. To that end, we are excited to share some early details with you about a new offering we have under development here at AWS — a content delivery service.

Nice.

First of all, I did admit that I used DreamHost web space for personal backups. It’s fast, much more scriptable than Amazon S3, and have lots of space in my $10/month web hosting package — why not?! Except it is against their ToS and they have been cracking down on users using their allocated space for backup rather than for public websites. While you could put your files in “web accessible” directories and then guard it with a .htaccess file, at the end of day the message is clear — DreamHost doesn’t welcome their servers being used for backups.

However DreamHost is now changing the game. In their August 2008 newsletter, Josh Jones has announced their new feature — 50GB personal backup space for all web hosting users.