Astaro.org

Hi All. My name is Sherwin (aka Sure Win) and I am responsible for the Sophos Community.

We've spoken with moderators like BAlfson and read a number of comments and suggestions on how we can improve the experience of Sophos Community. It's understandable that the UX and UI needs improvements and some of the features found in Astaro.org are not the same or available here. But, these are things we want to work with everyone here to improve on.

The Sophos Community is new and very much beta. I hope we can continue to work together to build and refine the community so that you and others want to come and read the latest and greatest while drinking a cup of coffee (Billybob). 

Send us your feedback here and if you wish, you may contact me directly at sherwin.pao@sophos.com

Sherwin, because of our discussions and the presentation that Mike Anderson made at the Partner Conference in Las Vegas, I know you're aware that this outage will cause everyone to immediately turn to Support. I've done so once already today when a client had a problem I hadn't seen before. I can imagine that less-knowledgeable users and resellers will flood Support with questions answered easily in the forums.

As you can tell from the foregoing comments, the impression given is one of desperation. Were any former Astaro employees consulted about the ability of the UTM to protect astaro.org? It's as if someone above Mike said, "Thank goodness, now we don't have to worry about shutting that BB down - we have to!" Otherwise, we'd have gotten a clear technical explanation instead of Alan using his brains and depth of knowledge to be a good team player.

Cheers - Bob

Hi Sherwin, great to see you here. I would generally be willing to provide more feedback but for some reason recently, I get the feeling that the user feedback is used more for pageantry and fanfare than actually changing anything.

For one, I would like to change the user's ability to like their own posts. We were mostly professionals participating on the astaro.org board and not a bunch of adolescents that needed to like their own posts.

I also find it interesting that astaro.org which matched the UTM theme died a tragic death right before the GA of copernicus which unbelievably matches the new community website.

In any case, sorry for sounding unhappy...

Regards
Bill

Edit: BAlfson,  can you give us some details on the actual vulnerability that was so hard to patch/workaround that astaro.org went dark so quickly.

Perhaps that's meant to be a funny comment vilic, but let me be blunt. We were always planning to migrate away from vBulletin. This isn't a secret, and we were fully planning to migrate to this forum system, from the extremely old version of vBulletin we were using. We were not running the most recent version of the software, because a key plugin we were using offered no upgrade. Upgrading vBulletin without being able to upgrade this plugin would break the entire site, in some very bad ways. We could create a replacement for this plugin ourselves, but it would take far too long. Our IT security team has already been pushing for the site to be upgraded or retired for quite some time. Now, with this latest vulnerability, our security team determined that this was simply too much risk to accept. Perhaps it would have been harmless to leave the site up, but there was simply too much uncertainty, and given the age of the code we were on, and the inability to upgrade to a newer version, it would be irresponsible to leave the site up based on a maybe. You can argue the decision if you like, but it's Sophos who bears the biggest risk of being wrong.

For those who have some frustrations with this site, please be patient. There are still a few pieces that were meant to be in place before we started the migration. Because of the accelerated timetable, there's still a few more wrinkles than we wanted to show you, and there are a couple features this site doesn't have. But the point of this forum is for our users to share information with each other. To ask questions, and find answers, and also to allow discussion between our users. This new site, and its features, are more suited to this goal, than the old vBulletin. As for the mobile app, the one available for astaro.org was on its last legs already. It was end-of-lifed by its vendor, several years ago, and would have stopped working had we simply upgraded to the latest vBulletin version.

The bottom line is that astaro.org was aging none too gracefully. We had hoped for a little more time to make the transition smoother, but as you can see, we didn't get it, and I am sorry for the frustrations you may feel from this.

Sherwin, there is no defending the indefensible. The discussions of closing "our" BB did not include one, not one, of the moderators. If Sophos doesn't understand that that alone was incredibly disrespectful of all of the participants, I just don't think I can explain it to them. Mark, you, Laura and Mike all four have my cell phone number and have called me before, and I believe you would have called me if you had been consulted.

I want the healing to start between the members and Sophos, but that needs to start with Sophos realizing that the underlying problem is attitude. Kris Hagerman should be asking questions.

Cheers - Bob

BAlfson  The way this was done was very non-Community like. I agree with you and I will take that up with the respective teams. But we, Sophos, identified a security issue that we felt was severe enough to have to take it offline. There was no ill-intention. We believe we are putting the user's security and protection at the forefront.

You're correct that we will field more calls and submissions but we'll also do our best to provide the support while it is offline on this community. The Sophos support team is aware and are prepared. I hope that you and the other moderators will also lend a hand while we sort this out through this community in the meantime. Once more information is available, I'll provide updates

I hope we can all heal from this and look to a more positive experience with your help and guidance.

Billybob The feedback has had actions for the general community. You can see Ruckus showcasing some of those changes in the General Forums. I see you requested to remove liking of their own posts. Something that I can look into and I am guilty of this...sometimes I really like what I wrote. But really I don't see the harm in it to leave it for now. I'll put it in as a minor feature change request as this is not a configuration change that I can find. Thanks for the feedback!

I am not going to beat this dead horse any more and move on. Most of my interactions on astaro.org were with other beta testers/devs/mods. Astaro long time ago set up a tradition of sharing everything. The devs shared inside knowledge including command line hacks to enable stuff that was crippled or disabled for one reason or another. Other linux users offered neat tricks that were only available because someone had a special need and they tinkered with configurations under the hood. All the moderators were always pleasant, helpful and polite. Even bending backward sometimes to admit their mistakes. Fascinatingly, most of them were doing this for free and donated their own time for helping others. This is what has been lost forever. No amount of community developers and other company employees can offer this level of support and understanding as it takes years to develop the skills and relations to nurture and sustain a community the size of astaro.

AlanT said:

Perhaps it would have been harmless to leave the site up, but there was simply too much uncertainty, and given the age of the code we were on, and the inability to upgrade to a newer version, it would be irresponsible to leave the site up based on a maybe. You can argue the decision if you like, but it's Sophos who bears the biggest risk of being wrong.

I don't understand why the site wasn't left as read only or better why there are no up2date copies of that website for research purposes hosted at sophos on this new system.  I understand that the final stain would have been on sophos' shirt if the site had got hacked but you have to understand that there was years and years worth of hidden code on that website that will never be replaced. The worst part is that all the google links will soon be lost too once the caches start to expire. I guess its time to move on to copernicus.

BAlfson said:

Sherwin, there is no defending the indefensible. The discussions of closing "our" BB did not include one, not one, of the moderators. If Sophos doesn't understand that that alone was incredibly disrespectful of all of the participants, I just don't think I can explain it to them.

You have nothing to explain to anyone Bob. This was a final blow to completely sever ties with astaro. Its been in the making for a while, the timing and methodology was a little amateurish. You have always been nice and understanding and the most helpful mod along with Scott. Someone at sophos decided to do this whether be the IT team or management. However I do feel that sophos has had a lot of time to move the site over but haven't for some reason. I have better backups than this at home that can bring about 12 vms from a total disaster to up within a few hours. I thought they were going to set this new site up, move all the astaro content over and then make the other site read only. I don't think the read only part was ever considered. Why don't we at-least have a read only version of site backed up here already is really telling.

Sure Win 2 said:

Billybob The feedback has had actions for the general community. You can see Ruckus showcasing some of those changes in the General Forums. I see you requested to remove liking of their own posts. Something that I can look into and I am guilty of this...sometimes I really like what I wrote. But really I don't see the harm in it to leave it for now.

I was joking about the feedback as I really don't see the point. We already disagree on like buttons. See... We are not on facebook. We are discussing security of an enterprise where more than likely facebook is already blocked for most regular users. So like buttons although nice to say thanks in a hurry to others, serve no purpose if you are trying to pat your own back and have narcissistic tendencies ;-)

Its was a pleasure knowing everyone that taught me something new everyday at astaro.org. I will be around for further betas etc. But for now RIP ASTARO.ORG. 

I guess I'll have to be the second one to go negative so that BillyBob doesn't have to go it alone.

This new form software and the way the old one was taken down absolutely suck. There I said it!

astaro.org was like a reference Bible and to simply vaporize it off the face of the earth was to quote Rush Limbaugh, "industrial-strength stupid!"

I have no doubt that the moderators will step up and we will be able to ask questions of Bob, Scott and some of the other greats on this new vTurdBoard and we will receive receive their astute reply, but the loss of a decade worth of information and hundreds of thousands of posts to read through on vBulletin so that you don't actually even have to ask for lots of things will be a major setback to getting things done when deploying UTMs.

I second the comment that the content at the old URL should have been left as read only so that all of the information was not lost. Everything on that site is indexed by Google and it is a crying shame that any Google search for an answer will now result in a redirect instead of an actual answer. Will we really have to resort to archive.org for answers?

Also, I side with Bob in his statement that the vBulletin site being behind a UTMs Web Protection would have been more than adequate to protect it from any vulnerability, especially in read-only mode. In read-only mode even if it did somehow get hacked a real IT person could just restore from another backup copy in minutes and once again the information would not be lost. They could have even used something like Faronics Deep Freeze and a simple reboot could have restored the old site to normal operation in mere seconds. Sophos could not have handled this more poorly.

As for Alan's statement that all of the content from the old site will be migrated over I must say I am more than a bit skeptical. I imagine it can be done but my initial thought is how do you migrate a users posts if the user does not exist on this new site or alternatively if the people that have come to this new site because they have no choice and registered will not be able to be migrated because they have already registered their username over here. One of these scenarios or both would seem to present a problem.

In any case I just had to come here and give my two cents on how poor of a decision it is for Sophos to eliminate an extremely vibrant community and replace it with this empty shell. Most will be well if the content is restored to this new site from the old site but if not then much has been lost.

I guess we'll just have to wait and see.

HTG

I've seen many communities dying because of wrong management.
Let's see, if Sophos can handle it in a way that doesn't make all the old and experienced members run away...

Latest experiences in decisions and communication let me be in doubt about that...

Hi All,
So sad to hear about the "quick n' dirty" turnaround with the BB's :-(
I'm all in for new systems, but I must say this clearly came from the top - no doubts in that!
vBulletin is still maintained, and it would be possible to upgrade the vBulletin 3.8.6 to the newest one with NO vulnerabilities (version 4.2 at the moment):
www.vbulletin.com/.../
PLEASE consider that!! - My only problem now, is that I deerly miss astaro.org for knowledge!, it's the biggest KB for Sophos UTM, not even Sophos's own have theese articles in store.
The add-ons you talk about AlanT, just disable them, and astaro.org could be up and running ,just put the whole site in READ-ONLY mode.
Your supportmail (support@sophos.com) will be stormed, and people would get much poorer responses now, then that they had in the BB.

For now, it's RIP astaro.org, but you can always find it here, in the Internet Archive:

web.archive.org/.../

-------
Best regards
Martin ;)