As you’ve probably heard all over the net, a vulnerability was found in a very popular and critical piece of software that a lot of sites on the net use. While we also use said piece of software, our version is a bit older and therefore we’re not affected by this bug. There is no need to change your password, unless you use a common password on any of these affected sites listed in the link above.
To get an idea of how serious this issue is, take a look at this stunning list of affected sites!
But, don’t take our word for it. Use this link to check to see if musicbrainz.org is affected.
Now go and change your passwords. NOW!
On Sunday, December 29th at 1pm PST, (2pm AZ, 4pm EST, 9pm UK, 10pm CET) we’re going to swap out our network switch. During this time all MusicBrainz sites hosted in California will be unavailable. (that is all sites, save for the primary and secondary FTP mirrors and the FreeDB gateway).
The work will not start exactly at 1pm, but we’re doing to start executing our plan at 1pm. The exact time for the outage will be announced via Twitter and via the banner on musicbrainz.org
We hope that this outage will last only 10-15 minutes, but as these things typically go, you’ll never know how long it will really take.
Sorry for the inconvenience.
We need to do essential maintainance on the main MusicBrainz database server today (specifically upgrading to Ubuntu 12.04 LTS). We’re aiming to get this work completed within an hour, and will require MusicBrainz to be in read-only mode for the duration of the upgrade. We’re going to go read-only from 2PM UTC (6AM PST, 9AM EST, 3PM CEST) to begin this work.
Sorry for the inconvenience!
Yesterday in our dev meeting we agreed to take the HTTPS plunge for all of our web site traffic in as little as 2 weeks time. This means that all web site traffic (not the web service) will be served over HTTPS; if you visit any MusicBrainz HTTP URL (e.g. http://musicbrainz.org ) you will be redirected to the equivalent HTTPS URL (e.g. https://musicbrainz.org ). This will not be applied to our web services, you’ll still be able to access those with HTTP. However, we do encourage all of our web service users to make use of HTTPS when possible.
We have one bug to address before we make this switch. And if we can find a sufficient fix for this in time, we’re going to make the HTTPS switch on 16 September 2013. If we can’t find an acceptable fix, we’ll have to postpone this switchover.
If for some reason you can see that switching all web site traffic to HTTPS is a bad idea, please leave us a comment ASAP.
The OSU Open Source Lab hosts our FTP site in the US (thanks!!), but downloading from it from the EU is quite slow. We’re wondering if anyone would be interested in setting up an FTP mirror that is located in the EU? Sadly, we have no idea what sorts of bandwidth would be required for this, but we’re currently using less than 50GB of disk space.
If you’re interested, please leave a comment. Thanks!
Part 2 in our housecleaning series concerns our mailing lists. Hosting mailing lists is quite a pain and we’d rather leave this pain to people who specializein mailing lists. So, we are proposing to do the following things:
- Remove the under-utilized list musicbrainz-italian.
- Remove the musicbrainz-commits mailing list. Github (and similar sites) have better notification systems, so we don’t really need this list anymore.
- Ask the Xiph Foundation to find a new home for the XSPF Playlist mailing list.
- Remove the under-utilized musicbrainz-users list since the forums are predominantly used for end-user discussion. We’ll point people to the forums for those.
Finally, we would like to get some suggestions and feedback on where we should host our mailing lists. We’re considering:
- Nabble: This has gotten mixed reviews from various users.
- Librelist: This site is quite new and UI reservations have been noted about it.
- Savannah: This site has many more features than just mailing lists. We’re not certain if we can move only our mailing lists here.
- Google Groups: We’ve heard complaints about spam and spam fighting tools. Has this improved recently?
If you have any comments on any of these solutions or proposed list consolidation ideas, please let us know. Also, if you know of a cheap/free/good list provider that we didn’t list, please let us know!
We have one aging machine (scooby) that has been in continuous service since 2006. Back then we didn’t have as many options for hosting source code, mailing lists and blogs. Today, we have a lot more choice and we’re opting to host fewer things so that we can focus our energy on hosting MusicBrainz and not a bunch of ancillary stuff. Our goal is to retire scooby soon and move the services that run on that server elsewhere.
Our blog is the first thing to move: We’re moving it to wordpress.com and we’re nearly done with the move. But, we dont have a decent wordpress MusicBrainz theme for our blog. If anyone is interested in taking an existing wordpress theme and making it a custom MusicBrainz theme, we would love your help!
If you’re interested, please leave a comment and we’ll get in touch with you to coordinate this process.
Digital West, our ISP, will be doing some router maintenance on December 30, at 12:01am Pacific Time. We may experience 1-2 minutes of loss of connectivity around that time.
For once, the problem will not be us. :)
We’ve just updated our search servers with a new release. This release adds support for a new improved json format for the search server and will be publicly available after the next mbserver release. We also now output the date (in the XML/json) the index was last updated so you know how old the results received are. This will be exposed to the end-user in the web search results in an upcoming release of musicbrainz-server.
Thanks to Paul Taylor and Aurélien Mino for making this release happen!
- [SEARCH-232] – Search server should return information about when the indexes were last updated
The maintenance we were doing is complete. You can safely resume editing now.