Proposal to deprecate Transport Layer Security TLS 1.2

Transport Layer Security – or “TLS”- is a cryptographic mechanism to facilitate secure connections and communications across the internet. For example, the https network connection between your device and secure websites or applications, like MIDAS.

Several incarnations of the Transport Layer Security protocol have been developed over the years, the most recent being 1.3:

ProtocolReleasedCurrent Status
TLS 1.01999Deprecated
TLS 1.12006Deprecated
TLS 1.22008In use since 2008
TLS 1.32018In use since 2018
TLS Protocol History

TLS 1.0 and 1.1 are now considered “legacy protocols” and “weak” by today’s cryptographic standards. That’s because they’re susceptible to several vulnerabilities. Modern web browsers automatically default to preferring more secure TLS 1.2 and 1.3 connections. In fact, they may even display a warning when connecting to a website that only supports the now obsolete TLS 1.0/1.1 protocols.

As security and cryptographic standards have evolved over the years, we have too! We’ve previously dropped support for TLS 1.0 connections to our network in 2017. We then subsequently dropped support for TLS 1.1 connections in 2020.

As part of our ongoing commitment to security, we’re now proposing to also deprecate support for TLS 1.2 connections to our client servers in early 2025. Going forward, we propose to only support TLS 1.3 (the latest Transport Layer Security protocol version) connections.

But wait.. isn’t TLS 2.0 still considered secure?

In the past few years, researchers have discovered cryptographic weakness in the ciphers and algorithms that TLS 1.2 uses.

While TLS 1.2 can still be used, it is no longer considered the most secure option. TLS 1.2 is only considered “safe” when weak ciphers and algorithms are removed.

On the other hand, TLS 1.3 supports the latest modern encryption with stronger encryption algorithms and more robust authentication mechanisms. At time of writing, it currently has no known vulnerabilities, and also offers performance improvements over TLS 1.2.

What impact would disabling TLS 2.0 support have?

Most modern browsers and operating systems support TLS 1.3.

Therefore, the vast majority of users will be unaffected by our proposal to switch off support for TLS 1.2 in early 2025. However, if you’re using an older device or operating system, you may need to take action.

Here’s a list of browsers and devices that will be affected when TLS 1.2 connections are blocked:

  • Internet Explorer: All versions of Internet Explorer do not support TLS 1.3. This should not impact any of our users, as our MIDAS software has not been supported in IE since 2019.
  • Edge Legacy: Versions of Edge Legacy prior to April 2018 do not support TLS 1.3. Users would need to update to a newer version of Edge or a different browser.
  • Safari on macOS 10.12 Sierra or earlier: These older macOS versions do not support TLS 1.3 in Safari. Users would need to upgrade their macOS or use a different browser.
  • Very old versions of other browsers: Browsers that haven’t been updated in several years might not support TLS 1.3.
  • Older Android devices: Devices running Android 9 (and earlier versions) do not support TLS 1.3.
  • Older iOS devices: Devices running iOS 12 (and earlier versions) do not support TLS 1.3.

Web browsers and devices that do support TLS 1.3:

  • Microsoft Edge (current versions): Supported since April 2018 (Edge 79+)
  • Google Chrome: Supported since April 2018 (Chrome 70+)
  • Mozilla Firefox: Supported since October 2017 (Firefox 63+)
  • Apple Safari (on macOS 10.13 High Sierra or later): Supported since September 2018 (Safari 14+)
  • Opera: Supported since April 2018 (Opera 57+)
  • Android: Android 10 (or later)
  • iOS: iOS 13 (or later)

Important Information For Hosted API users:

If you’re a cloud-hosted MIDAS customer utilizing the optional MIDAS API you may need to take action before TLS 1.2 connections to our network are disabled in early 2025.

You’ll need to ensure that your applications and the underlying programming language you develop in can support (and are correctly configured for) TLS 1.2 connections.

For instance Java 7 (1.7) (and lower) and .NET 4.7 (and lower) languages don’t support TLS 1.1/1.2.

If your applications/programming languages do not support TLS 1.3 encryption, your MIDAS API calls will begin to fail in early 2025 once we disable TLS 1.2 support across our network.

Please refer to the vendor of your programming language if you’re unsure whether it supports TLS 1.3, or for assistance enabling such support in your development environment.

Remind me again.. when is this all happening?

Currently, we are proposing to drop support for TLS 1.2 connections to our network in early 2025.

We have not fixed a specific date in 2025 for this as yet (as we want to hear from you – see below).

However, anything can change over the course of a year. Should new vulnerabilities be discovered in TLS 1.2 during 2024, this may prompt us to bring our plans to deprecate 1.2 support forward.

We Want To Hear From You!

We are currently only proposing to deprecate TLS 1.2 connections to our network in early 2025.

However, we’re open to feedback from you our users in the meantime.

If you feel you have a particular usage case that would require continued reliance on TLS 1.2 support, please reach out to us to discuss.

Optimizing Software Code using AI

Often in the release notes for our MIDAS room scheduling software, you may see the entry “Code Optimization”.

What is “Code Optimization”?

Code optimization is the process of refining our software’s source code to make it execute more efficiently, consume fewer resources, or improve its overall performance. It involves strategically modifying source code whilst at the same time ensuring the new code still produces the correct results.

Key goals of source code optimization:

  • Enhanced speed: Executing tasks more quickly
  • Reduced resource consumption: Using less memory, CPU cycles, or power
  • Improved scalability: Handling larger workloads effectively
  • Maintainability: Making code easier to understand and modify

Some common source code optimization techniques involve:

  • Algorithm optimization: Choosing more efficient algorithms
  • Loop optimization: Reducing loop iterations or overhead
  • Memory optimization: Minimizing memory usage and allocations
  • Input/output optimization: Streamlining data reading and writing
  • Caching: Storing frequently used data for faster access
  • Compiler optimization: Leveraging compiler features for automatic optimization
  • Profiling: Identifying performance bottlenecks to focus optimization efforts

Code Optimization in MIDAS

Over the years we’ve been developing MIDAS, all our code optimization work has been done manually.

This work has involved attempting to simplify and rewrite parts of the source code to be more efficient.

Code Optimizing with AI

In our latest release, MIDAS v4.35, for the very first time, a small section of source code has been optimized with the assistance of AI (or Artificial Intelligence).

We did this as an experiment to see whether AI could potentially be used to aid our development processes in the future.

We chose a small “subroutine” from our software and asked an AI if it could optimize it for us.

A “subroutine” is essentially a small block of code which can be re-used and “called” repeatedly during a program’s execution.

The subroutine within the MIDAS software code that we asked an AI if it could optimize for us was basically a function which converts dates to “epoch” time.

Epoch time is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT).

How did the AI do?

Our original subroutine was 15 lines of code long. AI was able to optimize this down to just 9 lines of code.

However, the initial source code that the AI generated for us did not just work “out of the box”. In fact, it didn’t work at all!

But using this AI generated code as a “template”, our team was able to modify the generated code so that it worked and produced the correct results.

Our team then extensively tested the new subroutine to ensure that it consistently produced the same expected output as the original subroutine.

Once we had a working subroutine that we were confident in, the next step was to “benchmark” the new routine against the old one. After all, there would be no point in using the new routine if there were no performance gains to be had, or indeed if the new code performed worse than the original.

To test this, we ran each subroutine 10,000,000 (10 million times), and analyzed the results:

Our Original Subroutine:
30 wallclock secs (30.28 usr + 0.00 sys = 30.28 CPU) @ 330229.18/s (n=10000000)

AI Optimized Subroutine:
27 wallclock secs (27.09 usr + 0.00 sys = 27.09 CPU) @ 369085.41/s (n=10000000)

To explain the above results, over 10 million iterations of each subroutine, the new AI optimized subroutine was more efficient. It ran (executed) quicker, and consumed less processing (CPU) power to achieve the same results as the original subroutine.

On our test server, the optimized subroutine was able to run 369,085 times in the space of one second, compared with 330,229 times in the space of a second for the original subroutine.

Ok, so the original subroutine was pretty quick and efficient to begin with – but with the assistance of AI, we were able to improve its efficiency by almost 12%.

Where do we go from here?

Firstly, don’t worry, Artificial Intelligence is not about to take over the development of our MIDAS software!

MIDAS has been – and will remain – coded, developed, and maintained by human programmers.

But our experiment – on a very small part of our code – has demonstrated that AI tools may be able to assist our human developers to write ever more efficient source code.

The result of such carefully applied optimizations is that our software can potentially run faster, use resources more efficiently, and provide a better overall user experience.

MIDAS v4.35 introduces support for generating “Quotations” for prospective bookings.

Generate quotations when making tentative bookings
Generate quotations when making tentative bookings

Used in conjunction with the “Tentative Bookings” feature, you can generate quotations for clients when making tentative bookings for them.

Should the client accept and pay the quotation online, their “tentative” booking(s) automatically convert to regular “confirmed” bookings.

A number of configurable options are available with the new Quotations feature, including:

Automatically Update Booking Type

When a quotation is accepted and paid online, MIDAS can automatically update the corresponding booking’s “type” to be any confirmed booking type you’ve already defined.

Choose whether bookings become confirmed if their quotations are partially or fully paid

You can control when a “tentative” booking automatically converts to a “confirmed” booking based on how its associated quotation is paid.

Automatically change a booking's type when a quotation payments are received
Automatically change a booking’s type when a quotation payments are received

MIDAS can either “confirm” a tentative booking on just a partially paid quotation, or only confirm the booking once its quotation has been paid in full.

New Quotation Template

Templates” in MIDAS allow an administrator to customize a range emails, invoices, and more.

There’s already separate templates available for regular, deposit, and cancellation invoices, as well as receipts and credit notes.

v4.35 adds a further template now for your Quotations.

New customizable Quotation template
New customizable Quotation template

The default quotation template is very similar to the default regular invoice template, but introduces some new “placeholder” template variables too.

An example of a new placeholder variable available for the quotation template is “%QUOTEEXPIRES%”.

This special variable is substituted (at time the quotation is printed or emailed) with the date and time that the quotation expires.

By default, a quotation expires when its corresponding tentative booking(s) would expire in MIDAS.

However, there’s a further option available….

Variable quotation terms

As mentioned above, quotations by default are only valid up until the expiration time of their corresponding tentative booking(s).

So as an example, let’s say a tentative booking is made to commence at 9am on a Monday. The tentative booking settings are set to expire the booking if it’s not confirmed at least 2 hours before it is due to commence.

If the tentative booking hasn’t been confirmed by 7am on the Monday, the booking will automatically expire and be removed from the system.

In essence, a quotation generated for the above booking would remain valid until 7am on the day of the booking.

After this time, the quotation (and tentative booking) will have expired.

Now one of the new quotation options allows MIDAS to convert a tentative booking to a confirmed booking is only a partial payment has been made against the quotation.

In such instances, we’ve included an option to allow you to update the quotation’s terms to be the same as your standard invoice terms (i.e. for example 30 days).

Change a quotation's terms upon partial payment
Change a quotation’s terms upon partial payment

This means that as long as a client pays something towards the quotation, they will then have longer to pay the remaining balance, just as if they were paying a regular invoice.

In a previous article, we talked about the various default input fields included in MIDAS as standard. One of the standard client input fields is for their “Facsimile” number (more commonly know as their Fax number).

We’ve included Fax as a “standard” client field since we first started MIDAS over 17 years ago. But our previous article got us thinking…. are fax machines still a thing in 2023?

We’ll admit, here at MIDAS HQ, we can’t remember the last time we received a fax. In fact, we can’t recall ever having sent one either!

What is a Fax Machine?

Now, it occurs to us that some reading this article may never have come across a fax machine! (Yes, we’re showing our age!)

So, if you’re not familiar, a fax machine – short for “facsimile machine” – is a technology used for transmitting documents over a traditional telecommunication (phone) network. It allows the near-instantaneous reproduction of text and images (all be it at low resolution) at a distant location.

A Fax Machine
A Fax Machine

The History Of The Fax Machine

Early Conceptualization (19th Century):
The concept of transmitting images over long distances actually dates back to the 19th century. In 1843, Scottish inventor Alexander Bain received a patent for his idea of a “Copying Telegraph” that could transmit images using a series of synchronized pendulums.

Pantelegraph (1865):
In 1865, Italian inventor Giovanni Caselli developed the “Pantelegraph,” which was the first practical fax machine. It used a rotating stylus to scan and transmit handwritten messages and images over telegraph lines.

Facsimile Transmission (1920s):
During the 1920s, advancements in radio technology led to the development of early versions of fax machines that utilized radio waves for transmission. These machines were primarily used for newspaper photo transmission.

Telephotography (1930s):
In the 1930s, “telephotography” systems emerged, allowing photographs to be sent over telephone networks. However, these systems were expensive and not widely adopted.

Xerox LDX (1964):
The first commercialized fax machine was the Xerox LDX (Long Distance Xerography), introduced in 1964. It used the then-common electrostatic printing technology to transmit documents over long distances.

ITU Standardization (1980s):
In the 1980s, the International Telecommunication Union (ITU) developed standardized protocols for fax transmission, which facilitated interoperability between different fax machines and networks.

Thermal Transfer Fax Machines (1980s-1990s):
In the 1980s and 1990s, thermal transfer fax machines gained popularity due to their lower cost and improved printing quality.

Internet Faxing (1990s):
With the rise of the internet, fax technology evolved to include internet faxing or “fax over IP,” which enabled faxes to be sent and received through email and online fax services.

Decline and Legacy (2000s-2010s):
As digital technologies like email and document scanning became more prevalent, the use of traditional fax machines declined. However, fax technology continues to be used in some industries, especially in areas where secure document transmission is essential.

Modern Fax Services (Present Day):
Today, faxing has largely transitioned to digital platforms and online fax services. These services use internet protocols to send and receive faxes electronically, eliminating the need for physical fax machines and allowing for more efficient and secure document transmission.

Though the traditional standalone fax machine’s popularity has waned, the concept of faxing lives on in digital form, offering a reliable means of transmitting documents in various professional settings.

How popular are fax machines today?

The number of people using fax machines has declined due to the increasing adoption of digital communication methods like email, cloud-based document sharing, and secure messaging platforms. As a result, faxing has become less common in many regions, especially in developed countries.

While some specific industries and regions might still rely on fax machines for certain purposes, it’s safe to say that the number of people using traditional fax machines globally has significantly decreased. Online fax services and digital communication in general provides a more efficient and convenient way to send and receive documents these days.

You Got A Fax

Getting The Facts on Fax!

As MIDAS includes a field to enter a Fax number for each client record, we were keen to understand how – and indeed if – our customers use this field.

We took an anonymized random sample of 190 of our cloud hosted customer’s MIDAS systems. Between them, this sample of MIDAS systems contains a total of 213,887 individual client records. Here’s what we found…

90% of MIDAS systems have the “Fax” field enabled

We were quite surprised that this was figure so high! However, it should be noted that the Fax field is actually enabled by default in all fresh installations of MIDAS. Therefore, only 10% of customers have taken action and disabled this field.

Of the 90% of MIDAS systems where the “Fax” field is enabled, not a single system has been configured to mark this as a “Required” field.

Only 0.44% of clients have a fax number

We found that only 0.44% of client records within our anonymized sample of cloud-hosted MIDAS systems we host, contained an entry in the “fax” field. It’s also possible that some customers actually use the “Fax” field to record other client data – like an additional cell/mobile number. Therefore, it’s reasonable to assume that less than 0.44% of clients have an actual fax number.

Facing The Facts on Fax!

So what are our key takeaways from these facts? How can we use this information moving forward?

Despite 90% of MIDAS systems having the Fax field enabled, this field is utilized by less than half a percent of clients.

It’s fair to say that the “Fax” client field isn’t really used!

Our first takeaway from this is that the “Fax” field probably shouldn’t be enabled by default. By initially “hiding” this field, it will simplify the editing of client records. It’s therefore likely that we’ll make this change for fresh installations of MIDAS in the near future.

In the future, we may also consider removing “Fax” as a standard MIDAS client field all together. Instead, if customers do wish to capture client fax numbers, they could easily create a custom client field for this purpose instead.

If we do take the decision to drop the standard “Fax” client field in a future update, existing customers still using it need not worry! We’ll ensure that our update process automatically migrates your client fax data over to a custom client field.