Notre nouvelle plateforme est disponible sur www.gandi.net

Découvrir le nouveau Gandi

A new critical security vulnerability will be publicly announced Thursday, October 29. The Xen team has already communicated fixes to Gandi. This flaw is found in the Xen virtualization software.

Following this announcement we applied the necessary patches, thus reinforcing the existing security measures we had previously implemented. Over the past week, we have continued to study the vulnerability. As a preventive measure, we have decided that a reboot of Xen-based VMs is required in order to ensure that all possible attack vectors have been mitigated.

We will contact affected customers directly via email to provide instructions on performing the reboot on their own. This preventive reboot will not affect customers we did not contact
We strongly recommend that customers concerned by this to restart their VMs themselves, in order for them to verify that all of their services have been correctly restarted.

We will reboot the VMs of affected customers (those which were not rebooted by their owner) from Thursday, October 22 until Wednesday, October 28. An outage of 30 minutes maximum is expected for each impacted VM.

Maintenance status page: http://status.gandi.net/timeline/events/226


We recommend making sure that automatic updates are enabled for your WordPress installation, or running a manual update. There's a lot to gain, and a lot to lose if you don't, since this release is mainly focused on security fixes.

Two of the corrected vulnerabilities are XSS (Cross Site Scripting), related to the processing of "shortcode" tags in versions 4.3 and earlier, and the user list page.

The other problem is a privilege escalation which in some cases allows an unauthorized user to post private items and mark them as "sticky".

Although this version does not add any new features, it corrects a total of 26 bugs that exist in version 4.3.

In all, 64 files have been modified, with improvements to various aspects of the web interface of the world's most popular CMS, as well as its backend functions.

So, log in to your admin console and get started!

Visit the official changelog for more details: https://codex.wordpress.org/Version_4.3.1


Simple Hosting, our Platform-as-a-Service hosting option, now supports npm start scripts, a function currently used by nearly all pre-packaged Node.JS applications that also promises to offer greater functionality to advanced Simple Hosting users.

Until now, you needed to put a 'server.js' file on the root of your project in order for your application to boot correctly. Now you have added flexibility and control, specifically over the way your application starts up using a `package.json` file.

You can, then, define the point of entry of your application with `package.json["main"]` :

//package.json
{
"name" : "foo",
"version" : "1.2.3",
"description" : "A packaged foo fooer for fooing foos",
"main" : "index.js",
}

In the above example, the index.js file is used to boot your application with node.

The other option is to define a command to launch on start-up of your application with `package.json["scripts"]["start"]`

// package.json
{
"name" : "foo",
"version" : "1.2.3",
"description" : "A packaged foo fooer for fooing foos",
"scripts": {
"start": "node index.js"
}
}

Careful readers may have already discerned, correctly, that this means access to the launch parameters of the node process. This means, for example, that you can use ES6, the newest version of JavaScript, and all the latest features that entails, on your instance

//package.json
{
"engines": {
"node": ">=0.12"
},
"scripts": {
"start": "node --harmony app.js"
}
}

This new functionality allows you also to take environment variables into account with the start command. Previously, this was only possible from the application itself.

// package.json
{
...
"scripts": {
"start": "NODE_ENV=staging node app.js"
}
}

You can use this functionality to manage your application's processes yourself, with process managers like pm2.

We recommend taking a look at our wiki to see more examples of both basic and advanced uses.

If you already have a Node.js instance, this update doesn't require any change. To take advantage of the new functionalities, you just need to delete or rename `server.js` and configure `package.json` to start up according to your customization.

Of course, for your next project, we recommend starting off using these new features.

These changes will become permanent on December 1, 2015 when priority will be given to instructions found in the `package.json` file. The file `server.js` will only be referenced from that point on as a last resort.

Want to try Node.js on a Simple Hosting instance? Try a free five-day trial.


What do a slice of New York style pizza off the street, a single song off iTunes, a junior cheeseburger deluxe, and a can of spam have in common?

It's a pretty prestigious list and it's all things you can buy for a dollar. And you can now add a one-month subscription to the new Gandi Site HTML5 web editing tool to the list.

Recently, we updated our Gandi Site software to version 7 and the Gandi Site interface is now sleek and modern, with new functionality and above all the upgrade to responsive design. For those unfamiliar with the concept, this means that in version 7 of Gandi Site, you can design a single site that will adapt automatically to the context it's being viewed in. That is, the layout adapts to whether the site is being viewed in a desktop browser, on a smartphone, or on a tablet.

If you're not familiar with Gandi Site, it's what's called a what-you-see-is-what-you-get (or WYSIWYG for short) editor. Which means you don't necessarily have to be able to write code or HTML to be able to design your site with this tool. We offer a few service pack tiers, starting with the "free" pack which is included with the registration of a domain name.

At this level, Gandi Site is a great option if you want to put up a static "Under Construction" or "Coming soon" type of page for a more expansive site you intend to put online later, or for things like putting up your résumé online.

More more comprehensive uses, like a site for your store or business, or even just a personal site or to put your portfolio online, for example, there are a few other tiers available as well: Personal, Professional, and Business. For more information, we suggest this page.

From now until September 30, 2015, you can try out the new Gandi Site for just $1.00, regardless of the pack you choose (you should note that these service tiers are otherwise subject to tiered pricing).

Not only that, but if after that first month trial you love it more than that can of spam you would have bought otherwise, you can commit for a whole year and get an additional 15% discount.

In summary, we're not saying you shouldn't buy any of those other things that cost just a dollar, but we are saying that a month's subscription to Gandi Site is at least as valuable as a junior cheeseburger deluxe or a single song off iTunes (though the jury is still out on that slice of pizza), so why not try it out?


We have updated Linux kernel 3.12 (now 3.12.45) and published a new version (3.18) on our HVM platform. These new versions no longer support AUFS and might force some clients to take corrective measures for their services.

Starting today, every server that is created or rebooted on our HVM platform will automatically use version 3.12.45 of the Linux kernel, unless configured to use version 3.18 or a custom kernel.

Please note that these kernel versions do not include AUFS support. Docker users should take special notice, because AUFS has been the default storage driver for quite some time.

To continue to use Docker with this new kernel version, users must upgrade their docker client and images to use a different storage driver, such as btrfs or overlayfs (available for kernel version 3.18 only).

To use version 3.18, you can execute following Gandi CLI [4] command:

$ gandi disk update  --kernel "3.18-x86_64 (hvm)"

You can also change the kernel from the web interface by following these instructions [3].

After the operation is completed, make sure you reboot your server and update your software packages and kernel modules [1].

Clients wishing to use a custom kernel can access more information on our Wiki page [2]. You can also access more information
about kernel update history on our Changelog [5]

[1] http://wiki.gandi.net/iaas/references/server/kernel_modules

[2] https://wiki.gandi.net/fr/iaas/references/server/hvm

[3] http://wiki.gandi.net/en/iaas/references/disk/advanced-boot

[4] http://cli.gandi.net

[5] https://wiki.gandi.net/fr/iaas/references/server/kernel_changelog?&#section312


For the entire month of August, if you create an instance with a 12-month commitment, you can benefit from 10GB of additional free disk space.

How? Easy! When you launch your creation order with an annual commitment, add an additional 10 GB of disk space (for 20GB in total, or an additional €21.60 excl. VAT per year under A rates), and when you go to checkout, enter the code "10GFREE" when asked for the "promo code", validate it, and then smile!

Also, and for customers that already have an instance but who would like to have more storage space, use the promo code "10G50P" and you can have the possibility of adding 10GB of additional disk quota for half off the normal price, or €0.90 excl. VAT per month instead of €1.80 excl. VAT under A rates.


Mostly, our hosting products focus on giving our customers a platform (or at least an infrastructure) on which to run virtual machines or deploy their own code. However, we also recognize that not everyone is a Linux administrator or knows NodeJS, Python, or PHP. Since we want to focus on developing the most powerful domain name tools we can, as well as the best possible cloud infrastructure and platform services, we realize that programming a drag-and-drop site building tool is not really in our wheelhouse.

Those of you familiar with GandiSite, the WYSIWYG (what-you-see-is-what-you-get) editor we offer, probably already know that this tool is powered by BaseKit.

Previously, we were running version 6 of BaseKit's software and for a while now version 7 has been available from BaseKit. We've been waiting for the right time to upgrade Gandi Site's software to version 7. That right time came in late July this year (2015).

We knew there would be drawbacks to this upgrade, and part of the delay between the release of BaseKit's version 7 software and our implementation of it has been due to smoothing out the kinks it presented for us and our customers.

This upgrade is really a long-overdue modernization, and, as happens in crucial upgrades, some things necessarily had to fall by the wayside. So, while not all of the drawbacks could be eliminated, we proceeded with the upgrade because we felt the benefits outweighed those costs.

Now that we've had a chance to see how the new version behaves in the wild, we're ready to share with you what exactly has been upgraded and how that effects those of you who have been using version 6 of BaseKit.

Version 6 is a reliable old truck that, sure, gets the job done, but just doesn't have the kind of heavy-lifting capabilities that are needed. It's been a sturdy workhorse, but there's no stereo, just an AM radio, and there's some rust in the undercarriage. Version 7, then, is like a brand new, top-of-the-line pick-up, with GPS and satellite radio.

Responsive Pages

One of the main benefits of version 7 over version 6 is that version 7 allows you to create a responsive site. While we were using version 6 for Gandi Site, we would often get customers asking about creating a mobile version of their Gandi Site, and until now we haven't really had a great answer.

Having the possibility of making a responsive Gandi Site is a huge update to the previous platform, and one we think will be increasingly critical, especially for our e-commerce customers.

In parallel to the upgrade to a responsive site, all of the Gandi Site templates have been redone. The ones that could be were retrofitted, but some were not salvageable and unfortunately had to be put permanently out to pasture.

But now with version 7 of Gandi Site, every page you make is really three pages in one: a desktop page, a mobile page, and a tablet page.

3 pages

Because a template now is really so much more than it used to be under version 6, the number of templates available now varies according to the subscription level, accordingly:

Free pack: 5 templates available
Personal pack: 15 templates available
Professional pack: 30 templates available
Business pack: 117 templates available

Cool tools

Another great aspect of this upgrade is that there are a number of new tools that simply didn't exist with version 6.

Most notably, version 7 has a truly superb image editor. It's not Photoshop CS6, so it doesn't have content-aware autofill or photomerge, but you can make brightness and contrast corrections, crop, and even get that faux-vintage Instagram look with some filters, which in the end is actually kind of amazing for a site-building tool. Also, depending on your pack, a number of images can now be added from the Getty Image stock image library.

Beyond that, version 7 also contains a Blog feature. It may not be as fancy as Wordpress, for example, but it at least lets you easily add posts to your site.

The downside

If you know us, the you know that part of our whole "No Bullshit" thing is putting our shortcomings upfront, so in that spirit, we would be remiss not to mention the drawbacks of the upgrade to version 7 of the BaseKit software. But please, stick with us for the up-side. We promise, it's worth it.

Probably the most commented drawback so far has been the reduction in number of free Gandi Site pages we can host. With version 6 of BaseKit, we were able to offer three free pages with the purchase of a domain name, enough to host a micro-site for free. With the upgrade to version 7, we are only able to offer one page for free.  Keep in mind, though, that this one free page is now rendered so as to accommodate traffic from all types of devices, not just desktop machines. Before, if you had a free Gandi Site (or any other subscription level) and wanted to make a mobile or tablet version you had to use one of your allotted pages to make either a mobile or tablet version of your site. This upgrade eliminates that need.

Another downside we want to mention is that your version 6 site will not be totally compatible with a version 7 site. Primarily, since templates in version 6 are not responsive, they are not available in version 7. So be aware that if you are considering upgrading your site to version 7, your template may not be available, and you may need to redo all or part of your Gandi Site after upgrading to version 7. This is due to the fact that some of the version 6 templates just couldn't be ported over to the responsive design of version 7.

These certainly aren't the only changes, but these are the ones we've seen have had the greatest impact. Of course, if you find a change between version 6 and version 7 that has an impact on you that we didn't mention, please feel free to share it with us.

New pricing structure

Another consequence of this upgrade is that we are readjusting the price schedule for Gandi Site. We already mentioned that the Free Pack now includes only one free page, but additionally, we are updating the pricing on the other packs (at A rates):

Personal: formerly $6.50/month, now $5.00/month
Professional: formerly $13.00/month, now $10.00/month
Business: formerly $19.50/month, now $20.00/month

Migrating your existing site

We mentioned above that the differences in the software are such that a simple migration from version 6 to version 7 isn't possible. Here is what you need to look out for:

Free Pack

 For the free pack, due to the decrease in pages offered, we have not included a "Migrate" link. If you want to upgrade to version 7, you have the option of either upgrading to the Professional pack for v7 or making a completely new page in v7 on the Free pack. Or, you can always keep your v6 site.

Personal, Professional, and Business Packs

Click the "Migrate to BaseKit 7" link from your Gandi Site management page. Next, pick your new BaseKit 7 template. When you go into the new Gandi Site editor, you'll see your old site's text and images available in the column on the left. You can then drag and drop these elements so that their arrangement conforms with the new template.

 

Be careful, as soon as you click on the migration link, your old site won't be online anymore.

* If you have at least one domain name in your account, you can try the one-page version for free.

So, we confess, there are some drawbacks to this upgrade. But we want you to know that these drawbacks are the necessary consequences of updating and modernizing this rather robust site-building tool. We aren't trying to force change on you or inconvenience you with this upgrade, we are really just trying to bring ourselves in line with what a site building tool needs to be.

If you like your version 6 site, you don't have to upgrade it, but consider rebuilding your site, at your convenience, in version 7. We think once you give it a shot, it'll feel like a whole new Gandi Site.


Our Gandi Site platform will be temporarily unavailable this week starting Tuesday July 21 at 1:00 AM PDT until 5:00 AM PDT (approximately), due to scheduled maintenance and improvements on the platform being made by our partner, BaseKit.

 

UPDATE: The maintenance has been extended by our partner, who has been unable to tell us when the maintenance should be over. We will keep you informed of all this in this news alert as soon as we have more information.

 

Additionally, it will not be possible to create a new Gandi Site until early morning Thursday July 23 (we will update this post with the exact time once we have it).

The reason for this downtime is to give us a window to upgrade our Gandi Site tool. Please excuse any inconvenience this may cause. This downtime will allow us to make the necessary changes to provide a more up-to-date and higher-quality site-building platform, that should be as exciting for you as it is for us. Stay tuned ...


We have started to renew and upgrade the SSL certificates used for the Simple Hosting admin interfaces.

Instances in Paris (FR) and Baltimore (US) are already serving the new SHA2 certificates on addresses such as https://.admin.dc{0,1}.gpaas.net.

Instances hosted in our Bissen (LU) datacenter will also be upgraded soon.

This update should be transparent to our customers (similar to the change affecting SFTP signatures last September), but our support team is ready to help. Please contact us should you experience any trouble connecting to your instances' admin interfaces.

On a related note, if you're interested in adding SSL to your Simple Hosting instance, see how on our support wiki: How to install an SSL certificate on your Simple Hosting instance


A new security vulnerability, CVE-2015-3456, was announced last week. The flaw is found in the QEMU virtualization software, and permits an attacker to gain access to a vulnerable host from a virtual machine located on that host.

Immediately following this announcement, we applied the necessary patches, thus reinforcing the existing security measures we had previously implemented. Over the past week, we have continued to study the vulnerability. As a preventative measure, we have decided that a reboot of certain VMs is required in order to ensure that all possible attack vectors have been mitigated.

This preventive reboot will only affect a small proportion of our customers. We will contact affected customers directly via email to provide instructions on performing the reboot on their own.

We will reboot the VMs of affected customers (who have not rebooted on their own) on Monday, May 25 at 11:59 p.m. PDT (that is: Tuesday, May 26, 2015 at 07:59 UTC).

For more information, see the following resources:

If you have questions or encounter any problems regarding this issue, our support team is available to assist you.


Page   1 2 3 4 5 69 10 11
Taille du bandeau d'actualités