This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro.org

Hi Everyone,

we've been planning a migration to a newer and more capable forum site for some time now, and were just a few weeks away from kicking off this process. Unfortunately, a recent vulnerability has appeared in the wild, affecting vBulletin, the software we were using for the astaro.org communities site. Astaro.org was not compromised from this vulnerability, but as a precaution, we did take the site down, to protect our users. 

The site used a number of add-ons, and some custom plugins, which would need weeks of effort to convert and replace, if we were to upgrade the site and apply fixes for this vulnerability. As we were planning to migrate by that time anyway, we've made the decision to cut immediately to the new communities site, which has been running successfully for other Sophos products. To that end, we've spun up two forums quickly, where astaro.org users can again congregate. unfortunately, it will still take some time to complete the migration, so user accounts, and previously posted content has not yet been migrated. This process will take a matter of weeks to complete. In the interim, we will create a static view of the astaro.org, so content there will still be accessible. This should be completed later today.

This certainly wasn't the introduction we wanted for our new communities site, but we are excited about the new platform, and its capabilities. Please be patient as we step through this transition as quickly as we can. There will be some pain, but we will try our best to minimize it for you. 

Thanks everyone for your patience, and understanding!

Alan Toews

Technical Product Manager, Network Security, Sophos



This thread was automatically locked due to age.
Parents
  • I really appreciate the frustration that this is causing people, so please understand that I'm not saying in this post "you shouldn't be frustrated". In the interest of transparency,

    I have been in countless meetings over the past months, trying to make even the SMALLEST changes to the astaro.org site. In every case, the answer - coming from the former astaro team in Karlsruhe who maintains the system, was that said changes would take weeks of work, and come with great risk. For example, changing the button that said MyAstaro at the top of the page to MyUTM. MyAstaro hasn't existed for years. it's been renamed to MyUTM quite some time ago, but even just to change that button name was a supreme effort, because of custom scripting that was built to dynamically import the header content from another site. This is one example of many. Our implementation of vBulletin had been extended in ways that made it far more fragile than you can appreciate, unless you were involved in its maintenance. I can't sum up the hours of discussions and complicated explanations of why the answer was always no. Nobody likes to air their dirty laundry, so-to-speak, but there was no "you could have just done ..." with astaro.org. It's been dead for some time, from a technology standpoint, you just couldn't see it from the outside. This latest vulnerability was just the final straw.

    What would have been indefensible, is knowingly not patching known serious vulnerabilities, putting our users at risk, because at least some known form of an attack can be stopped by a waf. Any security vendor that suggests otherwise, is not doing you a favor. I didn't make the call to pull the site down, but I did make the call to leave it down. I'm as "Astaro" as they come in sophos, and while I'm far from a junior person here, I'm certainly not a "higher-up", either.

    We are all adult professionals here, so lets please stop with the accusations of dishonesty, conspiracy nonsense, and overly dramatic statements. There was a plan to swap out a piece of old software, and make the transition as painless as possible. Content would be migrated, user accounts would have been migrated, and some notable features would have been implemented. Clearly none of that happened yet, and it wasn't because we wanted it this way. We'll keep working on those things, but they will take weeks. In the mean-time, we will be making the content of astaro.org available as a static site, so you can at least continue specific conversations here. I thought we might have that yesterday, but it's not quite ready yet. It might be today, or it might be early next week. while not ideal, we're working hard to make SOMETHING available for you earlier than we'll be able to migrate the forum content directly into here.

    Again, I know you're frustrated by this change. I am too. For starters, the last thing I wanted to do was manage a major site change like this, while also managing a major product launch preparation. But our community wasn't vBulletin, or even the name Astaro. We may have identified those things, as the signs and markings of the place we all meet, and they may have even shaped our community some, but they weren't our community. The site Astaro.org didn't get a name change years ago, only because of the fragility I mentioned above. If it did, I'm sure there would have been upset posts back then, and people complaining that this spells the end of Astaro, the death of the community, and other such things, just as happened when we changed the UTM UI from orange and black, to white. But even then, we continued. if we had changed the name before now, we would have continued. we've changed out vBulletin, and we will still continue. There are things you don't like about this site. Let's focus on that and move forward, and as a community, let's help make this tool that our community now has to use, better.
  • I've said what needed to be said about this issue. As a favor to Alan, this is my last comment about it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I've said what needed to be said about this issue. As a favor to Alan, this is my last comment about it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data