Slashdot Mirror
Certificate Expiry Leads to Total Outage For Microsoft Azure Secured Storage
rtfa-troll writes "There has been a worldwide (all locations) total outage of storage in Microsoft's Azure cloud. Apparently, 'Microsoft unwittingly let an online security certificate expire Friday, triggering a worldwide outage in an online service that stores data for a wide range of business customers,' according to the San Francisco Chronicle (also Yahoo and the Register). Perhaps too much time has been spent sucking up to storage vendors and not enough looking after the customers? This comes directly after a week-long outage of one of Microsoft's SQL server components in Azure. This is not the first time that we have discussed major outages on Azure and probably won't be the last. It's certainly also not the first time we have discussed Microsoft cloud systems making users' data unavailable."
What's an expirty?
Timothy!! It's your fucking JOB!
I guess that azure cloud was just a sunset.
Had better get fired. I normally don't condone firing over mistakes, but this is pretty huge.
Although, it's also a point of proof of the cloud's inability to be reliable if not set up right.
The spell check is strong with this one.
Not the first time they've made such blunders:
http://slashdot.org/story/03/11/06/1540257/microsoft-forgets-to-renew-hotmailcouk
If only Redmond had some sort of calendar system to help them remember this stuff.
Maybe rtfa-troll and Timothy's spell checkers were hosted on Azure.
If you can't trust Microsoft for such kind of small but essential things, should you trust them with bigger ones?
I wonder what color the error screen was?
Perhaps it was... Azure?
Mod me down, my New Earth Global Warmingist friends!
How does Timothy fuck up so many words?
Occam's Razor applies here. The simplest explanation is: because he's an incompetent, stupid cunt who can't do basic things correctly.
The really amazing thing is that if you look at their service dashboard, it took them 12 hours to update the certificates on their site:
http://www.windowsazure.com/en-us/support/service-dashboard/
They spent several hours doing "test deployments" ... while it's great to make sure you aren't going to make something worse, updating an SSL cert isn't exactly rocket science. I'd had to see how long it took to recover from a more serious service issue triggered by a software bug.
You're dining in an expensive restaurant with family and out-of-town guests in tow. After a great meal you hand the waiter your credit card. Several minutes later, the man comes back and says
"Sorry sir, but your cloud server's security certificates have been declined."
There's an awful lot of BS'er in Microsoft these days. They'll have had a process manual written long ago. Someone will have been taught that following that manual is the definition of quality, and a load of BS middle managers will have been looking for any departure from the manual so they can pass blame over to someone else.
I could point a finger, but that's for the MS Board to do, and if they fail it's for the shareholders to intervene.
I wonder how long it will be before there's a major failure loop in the cloud, something like the certificate for cloud X is stored in service Y, which actually uses cloud X as its backend. So when certificate for X stops, the whole thing grinds to a halt with no way to restart it (unless backdoors)...
Non-Linux Penguins ?
Anyone have the link?
Do you have ESP?
http://slashdot.org/story/13/02/21/2216221/microsoft-azure-overtakes-amazons-cloud-in-performance-test?sdsrc=prev
"Microsoft Azure's cloud outperformed Amazon Web Services in a series of rigorous tests conducted by Nasuni, a storage vendor that annually benchmarks cloud service providers (CSPs). Nasuni uses public cloud resources in its enterprise storage offering, so each year the company conducts a series of rigorous tests on the top CSPs' clouds in an effort to see which companies offer the best performing, most reliable infrastructure. Last year, Amazon Web Services' cloud came out on top, but this year Microsoft Azure outperformed AWS in performance and reliability measures. AWS is still better at handling extra-large storage volumes, while Nasuni found that the two OpenStack powered clouds it tested — from HP and Rackspace — were lacking, particularly at larger scales."
Outperforms in reliability, huh? bullshit
An out of reach place where you give other people your stuff and hope they will hand it to you when you ask.
I don't want my head in the clouds.
Silence is a state of mime.
The cynical explanation is it produces more posts in a story.
Microsoft's Azure could!
... this is what you get. Sure, it's possible the same thing can happen for any company. But at least then you can fire your incompetent staff.
.. 'Cloud' computing is just remote virtual servers over the Internet. It's really not something new and original. People act like it's some amazing new 'thing'. Well .. it's not. It's just another way of letting companies with limited or no tech skills put up a web site or store data. It's expensive, proprietary, and I doubt very cost effective in the long run.
Once you deploy to a vendor, you are stuck. From what I've seen, you can't easily move data and code from one vendor to another. One of our clients is in the UK Azure cloud and we have to BCP about 6M rows from their server to our system every week. Takes over 90 minutes, and constantly fails because of losing the connection. We've looked at deploying systems to various clouds, and the costs were not worth it.
I will NEVER put any critical business system in someone else's cloud. At worst, I might put it in someone's data center on *MY* servers. The cloud seems to be fine for small business startups and non-important data for personal use. Businesses who no one would even notice if their site was down for a day.
BTW
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
Back in the bad old days, IBM had a solution for down time in mission critical systems - such as for United Airlines. It was called redundancy - a complete dual system. Or as we described it: when one of the two parallel systems detected an error, it automatically sent a signal to the second system so that it could go down too.
When you are dancing with wolves, never limp
The system works! Certificates work! Yeah!
Now fire the idiot who forgot to update the certs and we can get on with life.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
I find it hard to believe anyone who maintains such a large fleet of services wouldn't have setup some sort of trivial monitoring (I know they own a product or two) that would include SSL Certificate expiration warning. 30+ days out, a ticket (or some sort of actionable tracking mechanism) should have been generated, alerting those responsible to start taking action. Said ticket should have become progressively higher severity as the expiration date loomed (meaning nothing had been updated), which in any sane company, would have implied higher and higher visibility.
That way, if an extensive test plan for such a simple operation was required, they had plenty of time to execute upon it and still not miss the boat.
Working with MS in other ways, and combined with both the lack of foresight and inability to act quickly, just shows that this sort of customer-forward thinking just doesn't exist inside the MS mind.
$ man woman *
-bash:
Um, so why is The Cloud(tm) such a good idea?
I guessMS somewhere in their licensing of this stuff have a clause that states they are not liable. Basically, 'bollocks to the Customers' when we fuck up [again].
So I cannot understand why people use them at all (once bitten, twice shy, twice bitten.. etc.).
Are you suggesting that /. Editor commuted the unpardonable sin of using ie!
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
lalalalaa feeling so azuuuuure
Where there are clouds there is rain.
"If any question why we died, Tell them because our fathers lied."
Remember when they forgot to renew it's domain name. http://slashdot.org/story/03/11/06/1540257/microsoft-forgets-to-renew-hotmailcouk
Paul: Father... father, the sleeper has awakened! - Dune
I probably need to find another website to chime in on my opinion on the subject (confirmation bias anyone?) but after working with skydrive (consumer cloud storage) and MS office 2013 (not the 365 subscription one, I can't address that). The pretty much seamless integration between the two, with native app support on a few platforms I use frequently (android, iOS, windows) as well as a pretty solid web based version of office for many other situations has been great for me. I haven't had any down time (probably happened - didn't affect me yet). Since it automatically syncs to local storage on as many platforms as you want, a dropout (short-term) wouldn't hurt too bad.
There are some downsides - only basic file system usage on Linux - can mount it R/W but that's about it. I spend about half my time doing tech work in the Linux world and the other half doing reporting, analysis, power point engineering and other administrative work in the windows world. I suggest anyone with a similar mix (or more slanted towards windows) give it shot. For much of my work none of the cloud services are secure enough for usage, so there are some limitations. I was using Google for these activities, and for me MS is the clear winner on this type of service.
So don't focus completely on the bad news with a dropout on a MS cloud service, and open your eyes a bit on their other progress on the user experience with consumer cloud services. You might be surprised. Or you might have your mind made up before you do.
I'm not a shill, I like all OSes from Windows to VxWorks - they ALL have their uses in the right environments depending on your needs.You may note I didn't crap on any of them.
So wrong in so many ways. Any reason you wouldn't purchase a 100 year certificate and just roll with it? Too bad about 1/3 of all Azure disk space is used for endpoint backup. This reminds me of the leap-year calculating bug - Feb 29 2012, you couldn't generate a site because the default is to generate a certificate for 1 year, and well, Feb 29 2013 just doesn't exist. http://blogs.msdn.com/b/windowsazure/archive/2012/03/09/summary-of-windows-azure-service-disruption-on-feb-29th-2012.aspx
From a business perspective, it makes perfect sense: If Azure were reliable, secure and fast, customers could start to wonder why the other products by MS are not. This could heighten customer expectations, and that would be bad as MS really does not have the engineering capabilities to build, say, a good OS or a good office productivity suite and then customers may leave for the alternatives. So I applaud them for their foresight in making Azure just as bad as their other things are. This may actually be quite beneficial for their bottom-line.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Me chill-out, who's the one calling someone a cunt because they missed a spelling mistake, I'm not the one who needs to chill out here.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Imagine if someone's signature on your PGP identity expired. It might be a bit of a blow, but people would still have other trust pathways toward you. Then you get a new signature from 'em, or someone else.
Certs can fail in so many ways, both false positives (compromised CAs) or false negatives (such as this expiration), and a myriad of subjective failures since different people have different reasons to trust (or not trust) different CAs. The risks aren't even theoretical. Failure really happens, to the extent that it's almost routine and we see a story about it here on Slashdot every month.
And Phil Zimmerman totally solved the problem(!) in, what, 1988? Why are we still using obsolete-the-day-it-came-out single signer systems? So brittle. So unrealistic.
The only reason I can think of, is that it would work too well. MitM attacks would become nearly impossible for even the most powerful governments. Certs would become so competitive and cheap that the CA business would collapse.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Calling someone a cunt because they missed a typo is not constructive criticism.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
but in accordance with Mr (shiny head) Balmer's rules, it's stored in the Cloud.... :)
Does it take to reboot after every rollback?
Calling someone a cunt for any reason wouldn't make constructive criticism. When I use say it, it definitely isn't an attempt at anything constructive. I still love the word though.
Pull my finger for my public key.
My perception of Ballmer and Dell is that they virtually started with their companies and neither person has a wide ranging training in business management & psychology of managing. Ballmer is famous for his chair throwing and viscous firing with a loud voice, sometimes for trivial reasons & banning Apple products in most places inside the company. Dell has been reported to become physically withdrawn when competitor Apple is mentioned.
Neither of those responses to common activities speak good of a stable CEO who delegates well & thus the company's results suffer.
When you have a bunch of power suits rushing to build something, there is "GO GO GO" all day every day. They chase here and shout there. Motivation is very high. Other people don't have ideas and aren't allowed to contribute because only business school provides people with the ability to think (those science/math/philosoply people are *SO* wrong all the time, and those arts people aren't creative *AT ALL*). So we rush and build and sell before the paint is dry. There are 10,000 things that must be done on an on-going basis to keep the as-built system working properly. Some might be more obvious than others "Keep power switches to servers left 'on'". "Keep paying power bill". Some are less technical, more business oriented like "pay business taxes", "pay payroll", "bank deposit", and there are some that are a cross between technical and business oriented "re-register domain name prior to expiry date" and "renew signing certificate prior to expiry". A smart business (any smart business) will have a to-do list with expiry dates and things that must be done on a day-by-day basis that are routine but important. It doesn't have to be the boss looking after it, but someone has to look after it. This isn't the first time microsoft has fucked up like this. Their software is crap, they fuck that up all the time, but I remember the ICANN domain name for microsoft.com expiring before too (I could have acquired it for a small sum and sold it back to them for $300,000). Its like no one is minding the store.
Shut up and stop acting like a cunt.
I'm calling you a cunt cause you're acting like it.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
n/t
* expire date: 2013-11-15 18:15:53 GMT
Call this from a cronjob script which should then take suitable action if the date is too close.
IE10 has a spell checker now. They're only 5 years late, but they got there.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Shyeah. Even a total idiot knows it's 'expirtation'.
Crumb's Corollary: Never bring a knife to a bun fight.
MS came late to that game and they don't seem to be very good at it.
But they don't care: they're still good at milking unsuspecting customers. The good news is that for the knowledgable ones there's a way out and more and more people are starting to notice it.
Why wasn't this mentioned in the story? Amazon has had several very high profile glitches in S3 and EC2 in the last few months. One of them recently brought down Netflix.
In other words, Microsoft Operating systems experience lower uptime than google linux based systems