Latest Entries »

Our Response to “Heartbleed”

OpenSSL Heartbleed VulnerabilityAs many of you may already be aware, information was released on Tuesday this week about a major Internet vulnerability widely referred to as “Heartbleed”.

This vulnerability affected a common software library called “OpenSSL” which is a cryptography system built to encrypt passwords and other sensitive information on around two-thirds of all websites on the Internet.

Many popular websites, including Twitter, Yahoo!, Gmail and Facebook had been found vulnerable to Heartbleed, which if exploited could potentially reveal the contents of a server’s memory, including passwords and other sensitive information.

Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL“, reveals the website devoted to explaining the bug.

Whilst many of these websites have now this week been updated/patched against Heartbleed, the vulnerability itself has been present in the latest versions of OpenSSL for the past two years, but has only recently come to light and details publicly disclosed this week.

Our MIDAS servers run OpenSSL, however, we have no reason to believe that the vulnerability has been exploited to compromise the integrity or confidentiality of any of our services or of our users’ data. Even so, due to the hard-to-detect nature of the attack, we’re taking a very broad view of the potential vulnerability and have responded accordingly.

What has MIDAS done in response?

Our MIDAS servers run OpenSSL, and we’ve been proactive in making sure that our users’ data and accounts are kept safe. Specifically:

  • Our servers have been patched.
    As of Wednesday 9th April 03:33 UTC, all of our servers have been updated to use a newer, protected version of OpenSSL.

  • We’ve reset SSL keys and certificates for our public *.mid.as servers.
    As of Thursday 10th April 21:51 UTC all of our public servers are using newly-generated keys and certificates. Additionally, we’ve asked AlphaSSL to revoke our old certificates, just to be on the safe side.

What can you do?

We have no reason to believe that the Heartbleed vulnerability has been exploited to compromise the integrity of any of our services or of our users’ data. Even so, if we “host” your MIDAS and you want to be extra careful, you can change your MIDAS password at any time, once logged in via the “Change Password” near the top of your MIDAS screen.

Here’s some handy tips for creating better passwords:

MIDAS Password Security Settings

  • Avoid using the same password for multiple websites
  • Make your passwords at least 8 characters
    – In MIDAS, you can enforce a minimum password length for users via MIDAS Admin Options → Manage MIDAS → Security → Minimum Password Length

  • Include a mixture of numbers, upper & lowercase letters, and symbols in your password
    – MIDAS can randomly generate such passwords for users, via MIDAS Admin Options → Manage Users & Permissions → [select user] → Password → Random.

  • Avoid complete words
  • Avoid common passwords such as “123456″ and “password”
  • Change your password often, ideally several times a year.
    – In MIDAS, you can force users to change their passwords regularly via MIDAS Admin Options → Manage MIDAS → Security → Force Password Change Every X Days

Mozilla Corporation

You’ve probably heard of Mozilla – they’re the folks behind the well known and popular Firefox web browser, and as you may know, we develop a powerful browser-based Room and Resource Scheduling System, MIDAS, which we support in all major browsers, including Firefox.

In fact, ever since we first began development of MIDAS back in 2005, the primary browser we continue to do the bulk of our development and debugging in has been Firefox! It’s been our browser of choice, and we’ve long since been admirers of Mozilla’s open and inclusive approach to the development of Firefox and the web, and their company ethos, that:

“Mozilla believes both in equality and freedom of speech. Equality is necessary for meaningful speech. And you need free speech to fight for equality”

However, today Mozilla have demonstrated that this ethos is in fact untrue, and that they no longer believe in equality and freedom of speech for ALL.

Here’s a brief outline of what’s happened:

Mozilla Firefox Last month, Mozilla appointed a new CEO, Brendan Eich. Eich was the inventor of Javascript (one of the programming languages that our software utilizes!) and co-founder of http://mozilla.org.

Six years earlier, in 2008, long before he became CEO, Eich made a personal donation to a campaign for “California Proposition 8“, a bill which, rightly or wrongly depending upon your view, opposed same-sex marriage taking place in the state of California.

Following his appointment to CEO of Mozilla last month, a number of Mozilla employees, board members, and members of the global L.G.B.T community expressed their unhappiness with his appointment to the role of CEO, as they felt that because he’d previously supported a campaign opposing same-sex marriage this made him unsuitable to be CEO of a company that had equality and freedom of speech at the very heart of its core values.

For the past several weeks, since Eich’s appointment, there has been a sustained and vicious campaign targeted against Mozilla, Firefox, and Eich himself, with pressure from all sides for Eich to stand down/be removed from his role as CEO.

Today, following this sustained pressure, Eich has stepped down as CEO.

Many are celebrating this, however, regardless of your view of Brendan Eich or your position on same-sex marriage, Mozilla as a company promoted “equality and freedom of speech” for ALL. By this token, Eich (along with every other Mozilla employee, regardless of position, gender, religion, or sexual orientation) has the same right to express his views without fear of censorship or persecution – whether you agree with his views or not.

No one should be denied the right to express their PERSONAL opinion or view on any subject, and remember, this was only a personal view of Eich, not an official Mozilla/Firefox view/policy/position.

In pressuring and forcing their CEO to step down because of his *personal* view on a subject, Mozilla have denied Eich his right to equality and demonstrated that they no longer stand for true equality and freedom of speech for everyone.

We used to believe that Mozilla were promoting an “open web for all” – we are now struggling to reconcile this ethos with Mozilla’s actions and stance today.

Many Firefox users have since taken to Twitter to vent their anger & disappointment at @Mozilla and @Firefox‘s stance on this matter, with many previously loyal users uninstalling and boycotting their products in protest.

Our web based Room and Resource Scheduling Software MIDAS is supported in Firefox, but also supported in Internet Explorer, Google Chrome, Apple Safari and Opera browsers as well – as we believe in giving you the choice over which browser (and company) you choose.

UPDATE 6th April:
Two days later, and Mozilla’s own customer feedback site (http://input.mozilla.org) clearly shows the amount of negative feeling towards the company as a result:

Mozilla Customer Feedback Site

World Backup Day

World Backup Day

Today is World Backup Day, the purpose of which is to raise awareness of the importance of keeping your critical digital files and data backed-up.

A “backup” is a secondary copy of all your important files – for example, your family photos, home videos, documents and emails.

Instead of storing a single copy all in one place (like your computer), you keep another copy of everything somewhere else as well, in case anything should happen to the originals.

We strongly believe in the importance of backing-up data you can’t afford to loose, and we’ve built in a number of backup features to our popular web-based room and resource scheduling software, MIDAS to do just that!

By default, MIDAS automatically and seamlessly takes a complete backup on your database upon the first successful login each day. These database backups are compressed (typical backups are less than 1MB each in size), and are stored on the server where your MIDAS resides for a length of time you specify.

To further protect your data, these daily backups can also optionally be emailed to a pre-defined email address on a daily basis too, so that you can keep your own “off-site” copy too!

In addition, a manual database backup can be initiated instantly at any time via MIDAS Admin Options → Manage MIDAS → Database → Backup Now.

Previous backups can also be easily and readily restored too, either partially or in full, via the simple user interface through MIDAS Admin Options → Manage MIDAS → Database → Restore.

Backup and Restore in MIDAS

For more information on the backup/restore features of MIDAS, please see http://mid.as/help/manage_database_settings

For our “hosted” customers (who don’t run MIDAS on their own infrastructure, but instead opt to have their MIDAS remotely “hosted” by us), we also take complete database backups daily, which are then stored off-site for a period of six months.

So, that’s how we ensure that your important MIDAS booking data can be kept regularly backed-up, but on World Backup Day today, why not take a moment to backup your own important family photos, home videos, documents and emails too!? It may seem like a hassle, but you’ll be glad you did should anything ever happen to the originals!

Tomorrow, Saturday March 29th at 8:30pm local time, millions of people across the world will be switching off lights for 60 minutes as part of “Earth Hour“.

Earth Hour is an annual global event, organized by the World Wide Fund for Nature (WWF), encouraging individuals, communities, households and businesses to turn off their non-essential lights for one hour as a symbol of their commitment to our planet through a reduction in energy consumption.

We are once again very happy to be supporting this effort!

As you can imagine, running a global web-based business like MIDAS consumes a fair amount of energy to keep our infrastructure and administration up and running.

But at the same time, we take our environmental responsibilities seriously! That’s why we’ve already invested in servers with lower power consumption (some of our administrative servers draw as little as 18w of power!), and by replacing traditional mechanical hard drives with newer, more energy efficient Solid State Drives (SSDs)

We’d like to encourage other web & cloud based businesses like ours to do the same, and that’s why at 8.30pm tomorrow, we’re once again joining in with “Earth Hour” and will be switching off non-essential systems – not just lights – for 1 hour.

Note: This will not affect access to our website, or prevent our “hosted” customers from accessing their MIDAS scheduling systems during this period, but our non-essential administrative systems will be shut down for 60 mins, which may lead to a slight delay in responses to emails, etc.

So go on, make a difference and support Earth Hour at 8.30pm wherever you are in the world tomorrow!

We’re improving the statistics/reports that MIDAS can generate for you in v4.06 with three exciting new additions:

Venue Utilization Statistics

Venue Utilization Report
The new Venue Utilization report shows you the amount of usage that each venue has over a period of time. It will tell you for how many hours each venue is booked out of the total amount of hours available (taking into account the venue’s hours of operation too!), and give you a percentage utilization figure too!

Resource Statistics

Resource Statistics Report
The brand new Resource Statistics section generates a report into your resources (equipment, consumables, and staffing) over a period of time. It provides details of the number of each resource in use during that period, and an estimate of the income potential from each. In addition, the report indicates the current totals of all resources (as well as unique resources) in your MIDAS, and also provides an insight into the most “watched” resources.

Individual Client Statistics

Individual Client Report
Improvements to Client reports now mean that with v4.06 you can see detailed reports for each individual client. These reports show when the client was added to the system, how many bookings and invoices they have, the dates/times of their first, previous, next and last bookings (which can be clicked to jump directly to those bookings). The report also calculates the total combined length of all the client’s bookings, as well as the average length of their bookings.

MIDAS v4.06 is currently available to beta testers and is expected to become generally available in the coming weeks. To be amongst the first to know when MIDAS v4.06 is publicly released, be sure to join our mailing list and follow us on Twitter (@mid_as)

Switch to our mobile site