Author Archives: TimL

Restarting Noodle service

  • Microsoft
    • sc stop noodle
    • sc start noodle
  • Linux like sysvinit/Upstart
    • service noodle restart
  • Linux like Systemd
    • systemctl restart noodle
  • Linux like launchd
    • launchctl unload /System/Library/LaunchDaemons/noodle.plist
    • launchctl load /System/Library/LaunchDaemons/noodle.plist
  • Linux like SMF
    • svcadm restart noodle

  1. Make sure the port you want to use is not already in use:
    • Linux-like systems
      • netstat -ln | grep ":80 "
    • Microsoft
      • netstat -na | findstr ":80"
  2. Edit the connection port in server.xml (a text file) to an available port.
  3. Remember to update the OS and network firewalls.
  4. restart the Noodle service
  5. Update the Noodle setting “System Tools > Settings > URL for Noodle”

Microsoft Windows runs http.sys on port 80 by default. Disable http.sys by running these 2 commands:

  1. sc config http start= disabled
  2. net stop http /y

Or if you want to use both you can bind them to different IPs:

  1. http.sys IP (netsh http add iplisten ipaddress=192.168.0.101)
  2. Noodle IP (Edit the connection address in server.xml to 192.168.0.100)

Hosted:

  • Service includes any sub domain of intra.net.
  • Service includes use of any domains managed by 3rd parties.  Please use a DNS CNAME to the PTR of the server, and send us your HTTPS certificate is desired.

Local install:

  1. For assistance please contact your registrar and/or software suppler (NetBIOS is a limited alternative)
  2. Update the Noodle setting "System Tools > Settings > URL for Noodle"

Information about our hosted security:

  • Rackspace standards, and certifications.
  • Amazon standards, and certifications.
  • Google standards, and certifications.
  • Your data is not shared with anyone, and is only viewed by Vialect on your request.
  • Backups are taken daily for one day, and monthly for 3 years, encrypted, and stored in multiple cities. Optimal space conservation is used in favor of optimal recovery time.
  • Only the strong password protected ssh key of our security manager has full assess to hosted environments.
  • Stable Linux branches are used and security updates are evaluated or applied daily.
  • Data sovereignty; People who want to avoid government oversight should encrypt a local install and host the data with a less intrusive government.
  • Clients will be notified within a day if our Intrusion detection systems ever detect a security breach.
  • Application Security
  • regulation compliance

Please read this overview for a summary of applicable regulations.

    • ISO 27001
      • Compliant, not certified.
    • HIPAA
      • Not applicable as we do not store client health data.
      • Employees are covered by OHIP which exceeds USA standards.
    • Data Protection Directive / GDPR
      • Client implementation / usage dictates compliance.
      • Compliant by clients opting to represent Vialect in the EU.
    • C-28
      • Automated Noodle emails contain a one click unsubscribe link
    • PCI DSS
      • A local install is required to comply.
    • SOC 2
      • Compliant, not certified.

Please contact us if you have specific questions about regulation compliance.

Public network application security options:

  • SSL (prevent passwords collection from public wifi)
  • White list (prevent application inspection from known hostile networks)
  • "Session Security Level" to 4 (prevent session hijacking)
  • "Minimum password length" to 8 (make password guessing harder)
  • Auto blacklisting block IPs that use the wrong password to often (defaults to 20 per minute)
  • 2 factor authentication
  • Authentication keys for RSS, and Calendar subscriptions.
  • Injection detection
  • Analytics
  • Active Directory Authentication

Chrome Bugs:
  • Version 37.0.2062.120 (and 39.0.2159.0 canary) inconsistently crash with "Aw, Snap!".
    • Empty the cache, etc, and restart the browser.
    • Send us your ids from chrome://crashes/ (Google keeps some bug reports private, but any IDs we are sent will be added as related to our report or one of the 72937 other outstanding chromium bugs).
  • Version 40.0.2214.111 will not run functions if they have ever been called(onmouseover) from another window (iframe)
    • reported as a regression.
  • Version 44.0.2403.125 loses scope on deeply nested AJAX
  • Version 50 Disabling "Use a prediction service to load pages more quickly" is advised to avoid incorrect redirects.
  • Version 72+ web driver is not blocking and thus unusably buggy
  • Version 84+ resets live CSS changes only when developer tools is open
  • Version 85 writes it's own CSS instead of respecting dark mode
Solutions:
  • Use Firefox.
  • Upgrade
  • avoid nested AJAX

LAN security options for the server:

  • Whole disk encryption (prevents bypassing security by reading the disk with another computer).
  • Dedicated server (reduces exploitable surface area).
  • Automated Linux updates
  • Firewall blocking all but ssh and the Noodle http[s] ports (reduces exploitable surface area).
  • ssh keys (prevents password guessing on ssh).
  • IDS, and resource alerts