We give thanks this Thanksgiving

Happy Thanksgiving from DataYard!

Our friends and customers make our jobs bright every day.

In this time of gratitude, we want to stop for a moment to give thanks for you. We appreciate the confidence you place in us each day. Counting you among our friends and customers is something for which we are especially grateful.

On behalf of all of us at DataYard, I wish you a very happy Thanksgiving.

To honor the holiday, DataYard’s offices will be closed for normal business on November 26 and 27.

For non-urgent needs during this time, submit requests by web, email, or phone using the following:

www.datayard.us/contact
[email protected]
937.226.6896
x1 Sales • x2 Support • x3 Billing

Requests will be reviewed and handled as we return on Monday, November 30.

Remember to follow us on Twitter, updated in real time as things happen!

@DataYard – News, fun, tips and tidbits, etc.
@DataYardTechOps – Behind the scenes on maintenance, outage info, etc.

With many thanks,

David Mezera
President

Holiday servings of spam

“My Inbox has exploded!”

It’s November. Fall is in the air, and so is seasonal marketing. If you think your email Inbox is suddenly a lot busier, it most certainly is not your imagination.

The holiday selling season kicks off just after Halloween and won’t really peak until it’s too late for express delivery to get that package under the tree in time for Christmas. As a general frame of reference, January email volume typically falls over 30% off of December’s campaigns.

That’s great if you’re seeking great sales, free shipping, and early peeks at Black Friday and Cyber Monday goodies.

The festive season, however, comes with side effects. High in that list is the corresponding increase in unwanted email making it into the inbox – Spam.

Spam also rises as the holidays approach. Why? This is truly the million dollar question – actually millions of dollars in potential sales for the spammers’ goods and services. Taking advantage of the surge in email of all kinds, the folks sending unwanted email find it easier to fly under the radar and hit inboxes when traffic across the board is a lot higher. In a nutshell, it’s easier for spam to hide when there’s more email flowing overall. It becomes a smaller percentage of total volume, making it less visible to detection algorithms.

The impact hits both personal email accounts used for eCommerce along with business accounts. If your address has been out and about long enough, you’ll be on a list somewhere both in a business and consumer capacity. A quick online search for “B2B and B2C email lists” returns hundreds of thousands of results.

The numbers back this up. Symantec’s October Intelligence Report is telling: Spam has reached a six month high of 53.5%. Join this with their corollary finding that Crypto-ransomware was up once again during October, setting its own high for 2015.

That’s right. Hiding in all the spam vying for a piece of holiday spending are the nasty buggies–malware intent on doing damage.

What to do? Keep your basic email rules in mind, even when offers sound great!

Don’t open email from senders you do not know, and remain skeptical if an email from someone you do know looks odd or uncharacteristic of their messages. Do not click on links or attachments if you are at all uncertain without confirming the source!
Don’t click unsubscribe links if you haven’t requested email in the first place. That just confirms a valid address exists.
If you’re seeing repeat spam, report it as spam to your ISP. As an ISP ourselves, we work with our customers to adjust spam settings and filters to the best of our ability to keep it contained.
Keep your anti-virus and anti-malware detection software current, along with keeping current backups of your data just in case something makes it through! If you are hit by the type of ransomware mentioned above, encrypting and locking all of the data files it can reach, you’ll have to wipe the infected machine(s) and start again from a clean backup.

As always, if you have questions about email or want to talk to us about system security and backups, that’s why we’re here! Give us a call at 937.226.6896 or submit a request online!

It’s a wrap: NodeBots 2015

NodeBots 2015 was a “smashing” success!

The event, sponsored by Sparkbox, DataYard, and Gem City JS, gave folks the opportunity to experiment with an Arduino, motors, a simple robotic frame, and Javascript code (via NodeJS) to glue it all together and make a functional robot. Everyone came up with a different robot using the assortment of materials provided, and it was crazy seeing what everyone’s imagination produced. Amazing stuff!

DataYard's bot entry, "Yellow Jacket". — DataYard’s bot entry, “Yellow Jacket”.

The DataYard bot, “Yellow Jacket”, battled very well but was eliminated in the final round against “Tarnation”. Wherever their bots finished, everyone seemed to have a great time learning and competing.

I’m already looking forward to NodeBots 2016!

The Conductor: New Tool to Manage DataYard Services!

I’m excited to announce that yesterday we pushed out version 1.0 of The Conductor, the web portal we developed to equip customers with the tools to perform basic administrative functions on their DataYard services.

We only have support for Connect Exchange services built into The Conductor today, but that’s what we set out to accomplish with this version. The Conductor allows our customers to do the self-service tasks people expect to be able to do on their own: create mailboxes, delete mailboxes, change passwords, adjust settings, and the like — any time, day or night.

Good security was a huge part of our develop effort for the interface, so users of the The Conductor have to be flagged by their unique email addresses as admins for their particular domains. DataYard customers who already have Connect Exchange and want access to the tools should contact our support staff by phone at 937-226-6896, or email them at [email protected]. We’ll enable your access after confirming your identity as a domain admin.

By the way, Connect Exchange is DataYard’s implementation of our hosted Exchange offering. It’s perfect for organizations who need to share calendars and contacts, or use multiple devices and need to synchronize communications across desktops, laptops, tablets, or phones. The infrastructure for the entire platform is here in Dayton, Ohio, so your important data is “offsite, but not out of sight”. If you’re interested in learning more about this service please contact our sales department. We’d be happy to talk through the details with you.

In the Spotlight: Net Awards Nominees – Sparkbox and Wonderful Machine

DataYard’s friends vie for Agency of the Year and Redesign of the Year!

We love sharing good news about our friends, so when we heard that both Sparkbox and Wonderful Machine were nominated for net awards, we just had to tell you more!

Net awards

The net awards stand out because they’re not a pay to play recognition system. Nominations come from net magazine’s editorial team to recognize excellence in pushing the web forward—no entry fee and no application.

Nominated for Agency of the Year, Sparkbox stands out for us too! We spend a lot of time on the web and love to see different approaches to site design. The Sparkbox mission to make a more accessible and enjoyable web stands out in the sites they build and in their commitment to shared knowledge and education. Want to know how they rebuilt their own seesparkbox.com? No secrets, in fact, it’s a deep case study shared with everyone.

As site designers, though, Sparkbox knows that teamwork with the customer is key. Wonderful Machine was on a journey to rebrand, bringing a new logo to the game, and rebuilding their website from the ground up.

“We realized that the branding and website we were using to represent ourselves went against the advice we give to photographers every day, and it was time to take our own advice and start fresh,” blogged Creative Director Melissa Ginsiorsky.

Challenged with a need to be beautiful, device-independent, and database driven, Wonderful Machine joined with Sparkbox to build their vision. Working together, the collaboration is nothing short of impressive. We were honored at DataYard when these great teams selected us to host the platform that supports the new site.

Wonderful Machine’s net award nomination for Redesign of the Year is well-earned!

“Working with Wonderful Machine and Sparkbox through this re-design and deployment was a rewarding experience – even before I saw the beautiful site and learned of the nomination. I’m pumped for both of them, and pumped to be a part of their future,” says DataYard Account Manager Alek Mezera.

A rising tide lifts all boats.

There is more to these teams than just personal success. DataYard recognizes that making a better web helps everyone who builds sites and everyone who uses them too. It’s integral to our own mission, and key to the success of partnerships as we witnessed here.

“A very important part of my job here is working with photographers on their branding, giving them advice about how to present themselves (and their work) in the best light and letting them know when what they’re doing isn’t working,” shares Ginsiorsky. She was drawn not only to talent when she sought out Sparkbox to work on the new site, but also to the Sparkbox culture of giving back.

The Sparkbox crew’s Build Right initiative lets us all in on the game. Internal training, conference workshops, and the fabulous local Maker Series (with DataYard as a proud sponsor) have something for everyone collaborating on a site. This is the clincher that really binds these two business cultures into something truly special.

Vote for Success

We want you to help! Net awards voting remains open – through July 13, 2015. Use these links below to vote for:

Sparkbox! Wonderful Machine!

NodeBots 2015

I’m thrilled to announce that DataYard is a sponsor for GemCityJS’s local “NodeBots” competition on July 25!

In a nutshell, participants will get a bag of parts when they check in at the Firefly Building, the venue hosting the event. The parts bag will have an Arduino, some motors, a motor control board, a T-shirt, and other goodies. We’ll also have tools and materials available for everyone to use. The instructors will give some basic demos on how to use an Arduino to control hardware, and then participants will be off to the races to build a Javascript-controlled robot. We’ll have pizza for folks to eat, more building, and then a head-to-head “battle bot” style competition to determine the winning robot.

The tickets are $35 now, going up to $45 as the day approaches — just to defray costs. Everything participants build will be theirs to keep and tinker with after the event.

I think anyone, adult or teen, could have a lot of fun doing this, and no advanced Arduino or programming experience is required. As the NodeBot web site says, “The only prerequisite to attend is a desire to build.”

Come on out and have a blast learning something new, building something cool, competing to win, and meeting new folks in the Dayton Maker community!

To get more details online visit http://gemcityjs.com/nodebots.

SSLv3 Man in the Middle (POODLE)

What Is It?

Padding Oracle On Downgraded Legacy Encryption (POODLE) – a security vulnerability that forces the downgrade of negotiated session protocol to SSLv3, a legacy protocol used to establish secure web communication (HTTPS). The vulnerabilities are limited in scope and several client and servers restrict the use of SSLv3 which is a 15-year-old protocol. If a server is vulnerable, a man-in-the-middle attack can be executed to compromise the encrypted session.

How Does It Work?

This is a man-in-the-middle attack that forces browsers and sites to downgrade the security protocol to SSLv3 from TLS. This is done by interrupting the handshake between the client and server. This forces the retry of the handshake to earlier protocol versions. It is important to understand that in order to successfully exploit the POODLE vulnerability, the exploiting user must either be on the same network of the client or server or be able to successfully execute malicious JavaScript.

DataYard’s Actions?

DataYard has already disabled SSLv2 and SSLv3 on all of our shared infrastructure and internet facing servers. We are in the process of contacting managed customers to disable earlier protocol versions. Currently, the only workaround is to stop using SSLv3. The only downside to disabling SSLv3 is that legacy operating systems with legacy browsers that do not support TLS (Windows XP / IE 6 and earlier) will not be able to access sites and services with SSLv3 disabled.

OpenSSL Security Vulnerability: Heartbleed

Late yesterday, a vulnerability in the OpenSSL libraries, CVE-2014-0160, was announced. The OpenSSL libraries are used to provide the secured or encrypted connections for web stores like Amazon or EBay, banks, and other sites like Google, Facebook, and Twitter. This vulnerability would allow attackers to learn the private keys used to encrypt and decrypt the secured information.

Several of our servers were affected by this vulnerability, including our Linux Fusion platform and Connect webmail interface. We have updated all vulnerable services but strongly recommend that all customers with SSL enabled sites get the SSL certificates revoked and re-issued. Some customers may see warnings when connecting to SSH/SFTP for the Linux Fusion platform as we have also re-generated the keys for SSH/SFTP. If you have any questions or concerns please contact support at 800-982-4539 or by email at [email protected]

For more information on the vulnerability please visit: http://heartbleed.com/ or http://www.kb.cert.org/vuls/id/720951

Forging a Team of Technical Professionals

Over the last year, I’ve had the pleasure of watching DataYard’s Technical Operations team work under intense pressure. On the surface it may seem oddly sadistic for me to talk about it being my “pleasure” watching the team perform under these conditions, but I mean it with the deepest respect and admiration. The difficult conditions, the pressure, has done its work perfecting the diamond.

Over the last year I’ve had the pleasure of watching DataYard’s Technical Operations team work under intense pressure. On the surface it may seem oddly sadistic for me to talk about it being my “pleasure” watching the team perform under these conditions, but I mean it with the deepest respect and admiration. The difficult conditions, the pressure, has done its work perfecting the diamond.

In the years leading up to 2012 we talked and dreamed frequently about building a new facility. We’d been in our previous facility for nearly ten years, but we outgrew it at least three years earlier. Planning began early in 2012 for a new office space and data center, and the Technical Operations Group got involved in the process from the very beginning. They participated in design, oversaw construction of the data center, and began an aggressive test and checkout phase of the data center as soon as it became available.

We moved into our new facility at the end of October 2012, and began moving production server and network equipment into the new data center a few weeks later. Like all projects of this size and scope we encountered problems in the first phase of the migration, which lead to delays implementing our migration plan. An already compressed schedule became additionally compressed, and the increase in our collective stress level was palpable.

Earlier in the year, I gave the team the charge to complete the technical services migration before the end of the 2012. Two primary data centers running in tandem meant two sizable rent payments, two sizable electrical bills, and twice the facility maintenance burden — obviously, a situation that we didn’t want to continue a day longer than was absolutely necessary. As construction continued the likelihood of a schedule slip in the facility completion date became more apparent. It would have been easy for any other group facing a similar situation to lower expectations, to justify a schedule slip of their own lasting another month or two. Instead, this group pressed on.

The mettle of DataYard’s Technical Operations Group has been forged in fire over the last month. They’ve worked tirelessly to delicately migrate services over one by one — in the very early morning hours, in the very late evening hours, and over weekends — whatever it took to get the job done for the group with the least amount of impact to our customers. They’ve been careful, professional, and selfless, helping each other at every turn. I haven’t seen this kind of esprit de corps from a group this size since my days in the military.

DataYard’s Technical Operations Group is the finest team of technical professionals in the Dayton region, and we are honored to have them on our team.

Open House — Under the Hood at DataYard

Open House at DataYard

On November 9, 2012, we hosted an Open House at our new facility. We called it our “Under the Hood” tour, and gave our visitors a chance to see what makes our new facility, particularly our new Data Center, tick.

Below are some select photos from the event.