Last night, several security patches were released for Drupal and several modules. I will be working on getting these fixes applied today. The site may be slow at times or experience various performance issues throughout the day today.
Sympa is once again having severe delays. It appears that the current delay is 2 hours, but I expect it to get worse as the day goes on and lists become more active. We are actively working to put a permanent solution in place.
Secure connections to web servers have relied on the SSL and TLS protocol suites for years. The recently discovered POODLE attack has demonstrated that SSLv3 is insecure. The ALA team will have disabled SSLv3 on all of our web servers by the end of the day. We do expect some customer impact from disabling SSLv3. Some older browsers do not support the newer TLS protocol suites or have SSLv3 enabled in their browser settings by their IT departments. Some older browsers trying to reach our websites will error out with a message saying
“This webpage is not available. The webpage might be temporarily down or may have moved permanently to a new web address. Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH.“
To fix this problem, you may have to disable SSLv3 in your browser settings, enable TLS v1.0 in your browser settings, upgrade your browser to the latest version, or contact your IT department if they control your browser installation or settings.
To address industry wide security vulnerabilities, we will be temporarily disabling website logins starting at 4:00PM CST on Friday November 21st. Functionality should be restored by 5:00pm.
Once this change has been made some older browsers will be unable to login to our websites. Affected users must use a more modern browser.
There is a critical security update for Drupal that we will be rolling out tomorrow morning at 9:30am. There will be a rolling outage where a single microsite will be put into maintenance mode while the update is installed, then it is taken live after it completes. Then it will proceed onto the next microsite and repeat the process. During testing, this maintenance window has been roughly 90 seconds per site.
Our Postini spam detection software is being replaced on December 10th, 2014. To make a new solution for spam detection possible, a change in our email routing is required for ALA’s mailing lists.
Effective Thursday, November 13th, 2014, all mailing lists will have a slightly different address: firstname.lastname@example.org. For example, email@example.com will become firstname.lastname@example.org, email@example.com will become firstname.lastname@example.org, etc.
This means that starting on November 13th, all messages to an ALA mailing list will need to be sent to the list’s new @lists.ala.org address.
We know this is a major communication change, so please help us spread the word.
This evening, the ALA website and all microsites will be put into maintenance mode for a critical Drupal update. The outage will begin at 7pm, and I anticipate that they will be back up at 8pm. This outage will not affect blogs, wikis, Connect, nor Moodle.
Due to an issue with a function in the new IMIS upgrade, a small number of accounts have been unable to login to the website. We have resolved this issue, and all accounts should be able to login now. Users that were having problems may need to clear their browser cache and cookies. Anyone that is still having issues logging into the ALA website through Shibboleth, please enter a TrackIT ticket with a detailed report of the problem. Thank you.
The ITTS Strategic Technology Directions Report Update Fall 2014EBD#12.4 provides an update on major projects in the ITTS Strategic Directions 2014-2017 Directions Report sent to the ALA Executive Board in April 2014. The summary blog post and links to the full April 2014 ALA Executive Board report can be found on the ITTS blog at http://itts.ala.org/news/2014/05/16/ala-strategic-technology-directions-2014-2017-technology-roadmap/
The iMIS 20 membership system upgrade is scheduled for this weekend Friday, October 17th. The iMIS database will be put in read-only mode beginning at 5:00pm CT, Friday October 17th . A copy of the database will be upgraded and put in place over the weekend.
During the upgrade:
Our members and staff will be able to:
Our members and staff will not be able to:
The new iMIS 20 desktop will be made available to staff on Monday, October 20th . The new interface is very similar to the existing one and the web front end will look the same. We will send an email to all staff when the upgrade is complete and full access is restored. There will be a note on the homepage about this before and during the upgrade process.
Check the ALA Twitter account for the most current updates over the weekend.
We want to thank you for your patience.
Director, Information Technology & Telecommunication Services