Coin,
Here are some news from the Pond.
1) Mailing-lists outage:
A misconfiguration of our SMTP server was cause of mail subcription
rejects. The applied fix was wrong and every mail between 2006-03-07
early in the morning and 2006-03-08 in the night were rejected (my bad
!). This was worked out as soon as we realized what happened, and both
problems are now fully solved. Apologies.
2) Backup:
The new hard drive was installed in the backup server (whose hardware
was upgraded in the same way). Old backups are safe, and new backups are
now created. Total DC backups are now 67GB ; it was really time for
upgrade ! Moreover, the old hard drive was installed on Elwing for
private storage, but a check found it full of bad blocks !
3) Security concerns about shell access:
To avoid giving shell access to people having no real need for it, some
adjustments were necessary to let you have the same level of service.
a) Personnal web space:
The personnal web spaces are now available through your FTP account into
the 'www-perso-dc' directory. Ask for FTP access if you need.
HurdFr users can access they personnal web spaces into the
'www-perso-hurdfr' directory the same exact way.
The DC photo album upload space is in the same way accessible into the
'photos-perso-dc' directory.
Please note this is only a convenient way to access ressources and a
security improvement ; people having shell access may still manage their
files with their account.
For those who care about security, FTP is not less secure for 2
reasons:
- first, catching the local password gives a relatively short range of
priviledges, incomparable with having a shell account, whatever
priviledges it may be granted. Look at SecurityFocus news to imagine
how many local root exploits exists.
- moreover, you can increase the security level by reading the next
change below (Secure FTP).
b) SQL administration:
For those who fear about losing their shell access and be unable to
manage their database, don't worry, a phpMyAdmin interface has been made
public here:
https://sql.duckcorp.org/
c) Shell access removal:
The following users should contact us to look at their web space ACLs
and dicuss about the needs that would not be fulfiled by the provided
tools before their shell access is removed:
- cedricburnay
- js
- marius
- scop
- valfor
Note that a shell access may be reopened if necessary in the future ;
this is not a punishment, but a security measure.
3) Secure FTP:
You can now connect to our FTP server with a TLS-enabled client, this
would secure your data transfers, and moreover, avoid any password
disclosure, as the TLS mode is enabled before authentication.
Don't forget to get the DC certificate here:
https://www.duckcorp.org/dc/ca.crt
and check the signature here:
https://www.duckcorp.org/dc/ca.crt.asc
(if you trust my key, of course)
Free* tools supporting FTP+TLS:
- on GNU/Linux and GNU/Hurd, the Netkit 'ftp-ssl' package
- on Windows, FileZilla (http://filezilla.sourceforge.net/)
- on Mac OS X, Cyberduck (http://cyberduck.ch/)
* Free like in "free speech"
see http://www.gnu.org/philosophy/free-sw.html
(in french: http://www.gnu.org/philosophy/free-sw.fr.html)
4) Upgrades:
a) mySQL:
First, the database was cleaned, unuseful things were trashed, and a
naming convention was established. If your name is Arnau, GuiHome,
HurdFr or PikaPaf, then your DB users/db-names may have changed to match
the convention ; don't worry, everything was renamed for you and your
website is working as usual.
Furthermore, the database was successfully upgraded from 4.1 to
5.0. Changelog says the most important new features are:
- stored procedures
- triggers
- views
- information schema
- archive storage engine (for historical and audit data)
If this software could stop crashing once and a while, it would be the
best new feature ever dreamed of...
By the way, don't forget to do some database management periodically to
improve access to your data:
- check if no indexes are missing
- use ANALYSE to improve search capabilities
- use OPTIMIZE to clean up unnecessary data
phpMyAdmin can help you do this (with no more than 3 clicks ;-).
b) BitlBee:
BitlBee is an IM gateway through a nice IRC interface, you can only
access it localy (if you have a shell account) at the moment, using port
6668 like you would do for any IRC server.
The new 1.0.1 version was installed, fixing some nasty bugs (full
changes here: http://bitlbee.org/main.php/changelog.html) The irssi
scripts were upgraded too, allowing typing notification in the
statusbar.
You need to /reconnect to the server to benefit from these fixes.
5) Spam Learning system reminder (or not):
To improve detection of spam and avoid false positives, 2 special
mailboxes have been setup. You can send spams which where not detected
to dc-ham(a)duckcorp.org and false positives (if not destroyed) to
dc-ham(a)duckcorp.org to train the system and improve recognition.
/!\ PLEASE TAKE CARE to use the "resend" function of your mailer and
never use "forward", which would result in _yourself_ being considered
as spam or ham /!\
This said, Have a Lot of Fun in the Pond !
--
Marc Dequènes (Duck)
