Let's begin with the bad news.
=== Credentials and potential LDAP info leak ===
Our MediaWiki instances configuration, as all the rules of our infra are
opensource. Unfortunately certain secrets were not protected as they
should have been:
* database credentials: MariaDB is not available from the outside, so
it's not a big deal
* contact emails: we try to hide all emails to avoid SPAM; webmaster,
HappyPeng and myself are affected
* wiki secret key: used to generate entropy when a proper source is not
available, which is not our case
* LDAP service account: this is a nasty part as most user information
might be accessed; we do not keep more than needed to run the service
but realnames and email addresses could have been listed; all
credentials are safe and no modification is possible though
We did not find any suspicious activities in the logs, but that's
difficult to assess.
So obviously before sending this email we remedied the situation. We
also plan to limit how this account can be used even more.
Deeply sorry for this mistake :-/.
=== Progress on the new hardware ===
Nicecity's hardware gave some difficulties and a new disk was needed. It
is now almost fully deployed with Ansible, so we should soon be able to
use it in production.
Toushirou-NG's deployment is done and we're regularly syncing it. We're
keeping it up-to-date with current production and are preparing the
=== StuffCloud login Security ===
Two factor authentication (2FA) using TOTP and U2F has been activated
and tested for some time now. We did not have any problem with both
method, so we strongly suggest you try it.
The documentation has been updated to give more information on how to
set this up: https://users.duckcorp.org/index.php/Services/StuffCloud
=== Wiki Migration ===
The shared wiki (wiki.duckcorp.org), running on MoinMoin, is going to
migrate soon to MediaWiki in order to avoid having to maintain two
=== Mail and Sync User ===
Some users prefer to sync emails on their machine, which can be handy if
you travel, wish to access them offline and later have all your
modifications propagated. It can also be useful as a backup mechanism.
On problem with most tools is their inability to "move" mails (instead
of "copy"), which prevent then to use the 'Junk' folder
A simple solution is now available, described here:
=== Web and PHP ===
We were already investigating using PHP FPM instead of the embedded
Apache mod_php. This is more secure and flexible as you can run the
wanted number of workers using a dedicated UNIX user, thus avoiding one
instance to read files from the others.
It happens that we activated HTTP2 in the past and some related fix
unfortunately required to change the Apache MPM, which is not possible
with mod_php, or to abandon HTTP2, so this changed priorities a bit.
The full migration has just been done for all PHP-enabled vhosts, so
tell us if you encounter any problem.
Hope you enjoyed the Hanami!
Marc Dequènes (Duck)