On October 1st, our Letsencrypt certificate expired, and automatic renewel failed.
Something is preventing Letsencrypt from renewing the wildcard certificate, so we have fallen back to requesting individual certificates for all branchable.com subdomains.
Due to Letsencrypt rate limiting, this is taking some time to complete. In the meantime, affected sites are only available via http, not https.
If this outage is causing you particular problems, contact us and we'll try to prioritize getting a certificate for your site.
Branchable is no longer accepting new user signups to create sites. Existing users can continue to create and branch sites on Branchable the same as before.
The reasons for this change were previously discussed in Changes at Branchable.
Lars Wirzenius has stepped away from administering Branchable. Joey Hess continues running the site.
Branchable is ten years old and it's clear it's not going to grow. That's ok. It's a sustainable tiny business with the users it has. Most of the work in running Branchable is helping the occasional new user and dealing with spammers creating new sites. Since neither is necessary for Branchable to continue operating as-is, some changes are being considered to reduce that work load.
One idea is to stop letting new users create new sites, but let anyone who owns or administers a site on Branchable to continue creating new sites. Branching existing sites using the Branchable tab might also only be allowed by existing users, or it could be allowed for new users too, if that is considered an important feature of Branchable sites.
This has not been implemented yet, and your feedback is welcomed.
Openssh is deprecating RSA keys for security reasons in an upcoming release, and many Branchable users use RSA keys with their sites.
Here's what you need to do, sometime before that deprecation happens. You probably have a few years to do it, but we wanted to document it now:
ssh keys that can push to your branchable site
If you sometimes git push
changes from a clone of your branchable site
out to the website, you must have configured it to accept your
ssh public key.
Open your Branchable site, and click on the "Branchable" tab. In there, click on the "ssh keys" link, to see a list of the ssh keys that you have configured to allow to push to your site.
Any that start with "ssh-rsa" are the ones that will eventually stop working. You'll need to generate a new ssh key, and paste the public key into that page.
For example, to generate a Ed25519 key (probably the most secure kind that ssh supports), run:
ssh-keygen -t ed25519
And then paste the content of the id_ed25519.pub
file that generated
into the web form.
ssh keys that your branchable site uses when pushing to other clones
Some Branchable sites are configured so that, after a change is made to the site, the change is git pushed out to other clones of the repository.
To check if your site has this set up, open its Preferences page and go to Setup, and search for "gitpush". If the gitpush plugin is enabled and a repository url is listed for it to push to, click on the "this ssh key" link to see the RSA public key that it's using when pushing.
Along with the RSA key, that page will list a Ed25519 public key. It's up to you to change the configuration of the repository that it pushes to so it will accept that Ed25519 key.
Branchable can now use Lets Encrypt to get https certificates.
We plan to eventually use this for all sites hosted at Branchable, but if you'd like to help test it with your site, you can now. Just go to the Control Panel, click on the Setup button for your site, check the box for "use Lets Encrypt to generate http certificate", and save the change.
It may take a day or two for your site to get a certificate from Lets Encrypt, depending on how many others are requesting a certificate. Once your site gets a Lets Encrypt certificate, it should be renewed every 90 days automatically from then on.
Today we've enabled login by email address on Branchable, as an alternative to openid login.
So, all you need to make a site on Branchable now is an email address! Also, users can log into your sites on Branchable using their email.
We know that some Branchable users were relying on now defunct openid providers like Google and MyOpenid. We can switch your sites over to use an email address instead if you want; just get in touch.
On Saturday, May 16th, Branchable will be upgraded to the new Debian 8.0 release. We do not anticipate significant downtime during this upgrade.
Update: Upgrade has completed successfully. Sites were down for 5 minutes.
Update 19 May: Branchable was overloaded this morning, due to some config changes that happened as part of this updated. This should be fixed now.
Google's Openid login support has been discontinued. Many Branchable users relied on it to log into your sites, and you'll find that once your existing login cookie expires, you can't log back in via Google.
We recommend getting an openid from a different provider, such as http://pip.verisignlabs.com/. If you created a Branchable site using a Google openid, you should email us with your new openid, so we can update your site to use it.
Update: Seems that Google has changed their minds and their openid is going to continue to work until April 2015 or possibly 2017. We still recommend changing to a different openid provider.
Update: Discontinued for real as of 23 April 2015. See login using email address for a new way to log in.
Branchable's web server was vulnerable to the heartbleed openssl vulnerability. It's possible that https private keys could have been leaked to attackers.
We've upgraded Branchable, closing the security hole. However, to regain security, any https certificates need to be regenerated, and the old keys revoked. We're working to do that for Branchable's own https certificate.
Branchable users who installed their own https certificate should consider updating it too.
Update: Branchable's SSL certificate has been replaced. We have pre-emptively closed all existing login sessions to all Branchable sites, in order to guard against session hijacking. It is now safe to log back in.
We now support use of https for Branchable sites. Every site under *.branchable.com has https enabled now. Go try yours!
If you have your own DNS for your Branchable site, you will need to get your own SSL certificate to go with it. For details, see using https.
We've also made the Branchable controlpanel be accessed using https by default.
On Thursday, May 9th between 11 am and 12 pm, Branchable will be down for scheduled maintenance of its hardware. It will probably not be down for the entire hour.
On Saturday May 11th, Branchable will be upgraded to the new Debian 7.0 release. We do not anticipate significant downtime during this upgrade.
Update: Pushing this back until May 18th. --Joey
As part of the Debian 7.0 upgrade, some new ikiwiki features will become available. The most notable feature is the addition of avatar pictures of users who post comments.
Branchable's hosting provider, Linode, recently had its security compromised by an attacker.
So far we have no evidence that the attacker could have gotten access to Branchable due to this compromise. We're continuing to investigate, and if we do see any indication that our security could have been breached, we will immediately inform our users, and reinstall Branchable from secure backups.
We'll also be evaluating how Linode deals with this security breach going forward, and deciding whether to remain at this hosting provider.
While we have no reason to believe an attacker got into Branchable, this is a good time to review our security practices. As far as your own data stored at Branchable goes, there are basically three things to think about from a security perspective:
git repository security
The git repository that stores your site prevents an attacker from modifying a file without it being easily noticed. They would have to make a git commit with any malicious changes. If you have cloned your git repository to your own computer, you can examine this clone to verify your data at Branchable has not been tampered with.
Since your site's configuration is also stored in git, in the
setup
branch, git can also be used to verify that it has not been
tampered with.
authentication security
We don't use passwords to control access to the Branchable control panel, or to your Branchable sites. We consider passwords a security hazard and like to avoid them whenever possible.
Some Branchable sites may be configured, by their owners, to allow users to
log into them with passwords. This is not a default configuration. You can
check if your site allows this by checking if it has the passwordauth
plugin enabled in the Setup page. Sites that do use passwordauth
do not
store the passwords, but only a salted hash (using Eksblowfish). Any
attacker who compromised Branchable would not be able to access the
passwords of your site's users.
personally identifying information
A small amount of personally identifying information is stored about Branchable users. This includes the name and email of our customers. It also includes a few days of web access logs.
Once again, we have no reason to believe any attacker has compromised Branchable. If we see any indications of a compromise, we'll immediately let you know.
It's my birthday today. Our hosting provider, Linode, has recently upgraded our disk space, bandwidth, memory, and CPU for free. I'm passing this upgrade on to Branchable's users.
- The basic plan has been upgraded from 2 sites to 3 sites.
- The pro plan has been upgraded from 10 sites to 15 sites.
So, go and make more sites here at Branchable! Enjoy! --Joey
Recently Branchable was having a problem, most often in the early morning (US Eastern), where pages would take a very long time to load. We've diagnosed this, and put in a fix.
What was going on was that when certian very large ikiwiki sites would be rebuilt, this blocked attempts to modify them. Behind the scenes, ikiwiki processes piled up waiting on the build to finish. While Branchable handles such load without difficulty, Apache has a limit to the number of clients it can serve at a time, and this would sometimes reach the limit. When it did, all web page accesses would slow to a crawl.
We've fixed this problem at multiple levels. Our web server now has a much higher limit to the number of clients. At the ikiwiki level, it's been modified so it can detect this situation, and, rather than waiting around, display a "Please wait" page that periodically refreshes.
The "Please wait" page is currently only enabled for a few sites that were causing the problem, as we test this new feature, but we anticipate enabling it by default. Since the user was waiting anyway, and this page can display a nice image, I feel it's overall a user interface improvement. That said, I continue to hope that one day ikiwiki will be modified to not block other site modifications while a long rebuild is going on.
We've changed the focus of Branchable, away from being a for-profit corporation. Branchable's parent company, Braawi Ltd is closing down. Branchable will continue as a service run by Joey Hess and Lars Wirzenius.
This change will be reflected in the bills we send our users going forward. The PayPal buttons on the control panel will make payments directly to Joey.
message from Joey
The above is the essence of the change, but I wanted to say something personal as well.
When Lars and I started working on Branchable two years ago, our goal was not to get rich quick. We hoped to provide ourselves with a small income that would supplement our other work and add some flexability to our lives, and we wanted to build a service for people who valued freedom from proprietary lock-in, while wanting something easy to use. I think we've succeeded well at the latter goal; as to the former, we've only made enough money to pay for operating expenses, but not for our time.
And to me, that's ok. I'd rather build something that is done right than make money. And I'm proud that there's a very easy hosting service for Ikiwiki available now, in Branchable.
So I plan to contine operating Branchable, and hope that the users keep paying its operating expenses. And if our current slow growth in new users continues, then who knows, it may still put some food on my table. Until and unless that happens, Branchable isn't a business venture for me, it's a labor of love.
message from Lars
I originally started Braawi as a backup service company, and then did several years of consulting through it. However, I'm now working in a normal job, and it takes a bit of time and money to keep the company alive, so that's why it's shutting down.
I love Branchable. It is wonderful to have a sensible hosting service for my own web/wiki/blog sites, and I enjoy being able to help others host their stuff the same way. I plan to help Joey keep Branchable alive for a long, long time to come.
Today I've installed a new version of ikiwiki, which uses a faster markdown engine called "discount". It's been benchmarked to be up to 40 times faster than the old engine, so enjoy the speed boost! --Joey
On Saturday, 26 November, at 12 pm EST (17:00 GMT), Branchable will be transitioned to new hosting. During this time we expect sites to remain accessible, but in a read-only mode. We expect the move to take less than an hour, and will post updates on identi.ca and twitter.
The move involves an IP address change. Some sites hosted here that have their own domain names hardcode our current IP address. We will contact the owners of such sites to help them move to the new IP address after the transition. To keep such sites from breaking, our old IP address will continue to work too, for the next month.
Update: The move is complete.
Our new IP address is: 66.228.46.55
Our new IPv6 address is: 2600:3c03::f03c:91ff:fedf:c0e5
Update: The old IP address was decommissioned on January 5th 2012.
Users of Blogger had a scare on Thursday and Friday when their last post or two seemed to go missing. We feel for users who pour their heart into a site, and how they must feel when that happens.
While the Blogger posts were later restored, this made us wonder: Could users of Branchable experience the same uncertainty about data they have entrusted to us?
Well, the two of us behind Branchable bring our own perspectives to keeping your data safe. Actually, we both care so much about backups that each of us felt we had to set up our own backup strategy for Branchable, even though that was redundant work for us. In total we keep at least six copies of all data.
So, we have pretty good backups (we think!), but then so does Blogger (we hope!) The key difference is that we are very interested in making sure you have a copy of all your data, no matter what happens to Branchable. That's why we built Branchable on git, and provide the entire content, including all of its history, of your site as an easy git checkout.
To make that even easier and more automated, today we've added a way to make Branchable push changes from your site out to other git repositories. So every change can be automatically pushed to Github, Gitorious, your own personal server, and as many other places as you can think of.
To turn this on for your site, see setting up git pushes from Branchable.
Remember: Many copies keep bits safe!
Today we enabled IPv6 for all sites hosted at Branchable.
We decided to take this step three months before World IPv6 Day, because we saw no reason to delay -- our IPv6 connectivity is solid; and we delight in bringing world-changing technology to our customers ahead of time.
While IPv6 is enabled by default, we do make it easy for you to opt out of using it on your site. Just go to the Control Panel, click on the Setup button for your site, and check the box to disable IPv6.
Also, of course, if you are using your own domain name, you can choose to point it at only our IPv4 address and not get IPv6.
We will be keeping a close eye on the results of enabling IPv6 this week and going forward, and if it does cause problems we may turn it off. We welcome your feedback about this.
On this Valentine's day, let's talk about commitment.
Today we've updated our pricing for Branchable. Commit to a year's service, and we'll provide it at half of the normal price. That means you can host three sites at Branchable for an entire year, for just $59.99.
To sign up for a year's hosting at this new rate, just visit your Control Panel.