- DC-Users - DuckCorp Mailing-Lists

Orfeo Housing Migration
by DuckCorp Admin Team 10 Feb '25

10 Feb '25

Quack folks, Happy New Year! Hope you enjoyed with your loved ones. Orfeo is very old and needs a new body. We also knew we would need to leave the current housing. We planned to change the hardware and move the machine in one go in the near future but unfortunately we were asked to leave the housing much earlier than planned. Tomorrow morning I'm going to remove the hardware with Pilou and Acontios and setup a temporary machine at Pilou's place with a tunnel to keep the IPs. We've changed a few services to mainly use Toushirou since we will have a much better Internet access and we're trying to minimize the impact. Later we'll finish working on the new hardware and move to the new location; we'll keep you updated about these steps when we're ready. We'll need some time to setup everything but hopefully by Wednesday or Thursday it should be fine. Later if you experience difficulties reaching services please let us know. \\_o< -- Marc Dequènes (Duck)

1 0

Maintenance on Toushirou planned today early evening (2024-12-05)
by Pierre-Louis Bonicoli 05 Dec '24

05 Dec '24

Bonjour, Today (2024-12-05) early evening (after 6pm CET), the network card of Toushirou will be upgraded - due to a hardware compatibility issue the previous try was not successful. Expect some disturbances and a bit of downtime (most web services). Regards, -- Pilou / Pierre-Louis

1 0

Maintenance on Toushirou planned today early evening (2024-11-12)
by Pilou 12 Nov '24

12 Nov '24

Bonjour, Today early evening (2024-11-12), the network card of Toushirou will be upgraded. Expect some disturbances and a bit of downtime (most web services). Regards, -- Pierre-Louis Bonicoli (Pilou)

1 0

Urgent Server Move
by DuckCorp Admin Team 09 Jan '24

09 Jan '24

Quack, Happy New Year everyone! We recently got informed that one of our hosting is going to end very soon. The service provider is moving to another datacenter and in the process decided to change their services and end rentals of small spaces. Consequently our server Toushirou is loosing its home and we've been looking for a replacement. We just found one and we have the opportunity to make the move easily thanks to a friend but this has to be done today, January 9th, French time. It's happening too quickly to prepare all configurations beforehand, so we're focusing on proper network and management access and we'll fix services afterwards. That is to say that many services won't work during the move and some time afterwards too, sorry. Mail will continue to work but mailing-lists and the webmail will not. We'll keep you informed on IRC as usual. Btw, Orfeo is not in a stable situation and we were thinking about moving it too (and refreshing the hardware too), but to a different place to ensure availability of core services. We have a plan but the move has not happened yet. In the past we heavily relied on kind sponsoring and this helped us a lot financially, but unfortunately this time has ended and that's why we were not sure what would happen to Orfeo, or the low renting prices for Toushirou. This two moves are going to ensure our services are safer but the housing cost is going to ramp from 63.18€/month up to around 200€/month (it's an estimate, I'll update the cost in the wiki when we get the final details). That is to say if you feel like giving a bit from time to time, that would be very helpful 😊. \\_o< -- Marc Dequènes (Duck)

1 0

Migration to Debian Bookworm
by DuckCorp Admin Team 09 Jul '23

09 Jul '23

Quack, The migration has already started but we took care of server with no or very low user impact first. Very soon we'll be migrating our two main servers and there will be some disruption. DNS, mail deliveries, IRC and few other things should not be impacted much since they are available on multiple nodes but websites (including the webmail and stuffcloud) and a few other services will have a short downtime. Redmine instances will also need more attention and may be down a little bit. The start/end of each migration, reboot… will be announced on IRC. \\_o< -- Marc Dequènes (Duck)

1 1

Maintenance on Toushirou planned next Monday afternoon (2022-06-06)
by DuckCorp Admin Team 04 Jun '22

04 Jun '22

Bonjour, Next Monday afternoon (2022-06-06), we will investigate an issue related to the Toushirou host. This issue prevents us to reboot Toushirou remotely, see [1] for the technical details. The investigations will take place from the data center. Expect some disturbances and a bit of downtime (most web services). [1] https://projects.duckcorp.org/issues/769 Regards, -- Pierre-Louis Bonicoli (Pilou)

1 0

Last Minute Maintenance on Toushirou
by DuckCorp Admin Team 11 Apr '22

11 Apr '22

Quack, Toushirou is unfortunately loosing one of its network link and we need to reorganize the whole network configuration. It's a little bit touchy, especially with the remote storage decryption procedure so we may need to do a trip at the datacenter to finish the setup. We should have warned you a little bit earlier (even if this bad news came not long ago). We're working on it this very day, so expect some disturbances and potentially a bit of downtime (most web services). Regards. \_o< -- Marc Dequènes (Duck)

1 0

Quack for the Year
by DuckCorp Admin Team 11 Feb '22

11 Feb '22

Quack, Happy New year! (slightly late, sorry) We hope you're still safe and doing well. === Memory Problems on Orfeo === Orfeo is old and lacks memory but only recently did we hit problems. During the last few weeks we had to restart failed services and we started investigating. Nothing major changed on our side but the antivirus's update method had changed to be more efficient at the cost of more memory usage (clamav's ConcurrentDatabaseReload) and we though that was it. Unfortunately something seems to be leaking memory, we could not find the source and decided to reboot. Orfeo took a very long time to come back (03:10-08:40 CET) and we though it lost. Everything's working fine again but we'll be monitoring the situation. === Misc News from end of 2021 === - LDAP improvements: the deployment was totally reworked to be simpler, with better security rules and now all three servers are replicating each other (n-way sync) which means there is no single point of failure anymore. - all machines were upgraded to Debian Bullseye successfully. - Matrix experimentation is going on well: the web interface improved and communities were replaced by spaces; ask for an invitation on IRC if you wish to join the DuckCorp space. - the webmail was upgraded bringing dark mode (to preserve your eyes) and other improvements/fixes. - we use certbot to generate Let's Encrypt certificates and it's missing an [important feature](https://github.com/certbot/certbot/pull/7244). so far we used the patch in this ticket but it does not seem it will be included. Until this is resolved one way or another we're now using a simpler workaround patch to ease the maintenance and we're also evaluating using another tool (acme.sh for e.g.). Hugs. \\_o< -- Marc Dequènes (Duck)

1 0

Teru-teru-bozu, teru bozu, Do make tomorrow a sunny day, Like the sky in a dream sometime…
by DuckCorp Admin Team 29 May '21

29 May '21

* song by Kyoson Asahara and Shinpei Nakayama (https://en.wikipedia.org/wiki/Teru_teru_b%C5%8Dzu) Quack, We hope you're safe and doing well. === Improved Mailing-Lists === We upgraded our mailing-lists to Mailman 3. It's not just about the shiny UI, the underlying mail routing daemon is better in many way. We plan to add LDAP authentication but integration requires extra work since it's not available out of the box. === New System for Users' DNS Primary Zones (aka DNS4Tenants) === Banya, our GPG Mail Command gateway, is soon going to retire. This was inspired by Debian tools and made to be very secure, but unfortunately sending a properly GPG-signed/encrypted mail with most MUAs is still not that trivial, making zone updates more painful that it should be. The script doing the mail handling and DNS update was also far too brittle and maintenance over time proved problematic. We're replacing the current system with something easier to use without compromising security: tenants can now edit their zones in a git repository of their choice and under 5 minutes a script should pick the changes, check the zone validity, send errors to the user, and publish the result if all is fine. It might not sounds like it but the new script is by far simpler and smaller. The git repository will be fetched using HTTPS and can be hosted anywhere (including DC). If you wish to keep your zone hidden then it needs to be accessible using the script's SSH key; most forges allow that. At DC this is also possible but we're working on a better solution. DC and MP zones are now managed using the new system and available in our openinfra repo. We'll contact users to handle the migration. === Web Key Directory Service === If you have an email in @dc.o or @mp.o you can now make your GPG key available using this protocol if you use them in one of your UIDs. It is an alternate way of fetching keys: the owner of the domain certifies it is a valid email address and the key association. It is supported by more and more MUAs, and after all the security problems discovered in Key Servers' implementations, it should both improve security and usability. This comes with an automated way to setup and update the association, so you start using it right away. We can also provide this service for hosted domains. And some documentation: https://users.duckcorp.org/index.php/Services/WKD === Misc news === * Matrix: * the server is working well; we still have made no decision about IRC mapping. * Documentation is now available: https://users.duckcorp.org/index.php/Services/Matrix * IRC: thanks to Mikachu's suggestion we now have a DNSBL configured and it seems to be working well against the recent SPAM; it is also used for antispam (weighted) * DNSSEC: work has been done both upstream and on our side to fix various problems. Full automation is not yet complete but making progress. * Backup: Pilou added an extra disk for the backup on Nicecity. We have a basic backup but the target system is still WIP Hugs. \\_o< -- Marc Dequènes (Duck)

1 0

Quack for the Year
by DuckCorp Admin Team 09 Feb '21

09 Feb '21

Quack, We wish you a better year (a bit late, sorry). Many hugs to you. === Toushirou's Move === We need to move Toushirou since Nerim is closing the room where it is currently housed. Pilou is kindly handling the physical part of it since I cannot do that remotly from Japan. We'll send more detailed info about the disturbance and timing. === IRC Upgrade === We recently upgraded our IRC servers. This version of the software reached end of upstream support and that will make switching to the soon to come new Debian release easier anyway. The documentation was updated accordingly: https://users.duckcorp.org/index.php/Services/IRC Highlights: - problems with older IRC clients (https://docs.inspircd.org/faq/#why-does-my-client-not-show-mode-changesoppe…) on Thorfinn IRSSI was fine but weechat was upgraded to a backport (I tried using the /upgrade command but it crashed so avoiding a restart is probably not possible) - SASL/EXTERNAL method is now available, practical with certfp (recommended) to get security and autologin (TLS required); read the doc on the wiki for more info - STS is supported to suggest IRC clients to switch to TLS === IRC Policy Changes To increase security, privacy and ease fighting disturbing people that do not forget to visit us every year we are changing some requirements. MilkyPond will become a TLS-only network starting early March. Nowadays IRC clients on all OSes/devices all support TLS and it's just one single checkbox to check so it should not be difficult for non technical people to switch. The available port list will not change, only insecure connections won't work anymore. Registering an account is not compulsory but recommended too; channel owners might require it though. Using certfp and SASL/EXTERNAL it is very easy to automagically login to your account while connecting. It's the same recommendation you can find on freenode and other major networks and it's not very difficult to setup (see on the wiki). #DuckCorp is our admin channels. We ought to always be able to discuss peacefully even when the IRC network is being spammed, so we are going to require an account to join this channel at the same date we make TLS compulsory. This does not affect other channels. === The world of Matrix === We wanted to experiment running a Matrix server to provide an alternative method of communication. We still use IRC but not everyone find it practical, XMPP is available too but lost traction, several of us use Signal but even if the clients are opensource the server is not and it's totally centralized, so we're now providing a new method for those who wish to try. It works fine so far but some features are still missing. The wiki is not yet updated but if you wish to try you can connect with your LDAP uid/password on the "milkypond.org" domain (no need to register with us, your Matrix account is created at first login) with: - the MilkyPond Web UI: https://matrixonweb.milkypond.org/ - Quaternion on a GNU/Linux desktop - Element on Android (available on F-Droid) (other clients exist but they were not tested) We also experimented with a bridge to join communication between the #MilkyPond and #DuckCorp IRC channels and their Matrix counterpart, sorry for the noise, but that did not work well because of several limitations and the fact end-to-end encryption was enabled on Matrix thus preventing the discussions to flow towards IRC which does not support such encryption. The goal was to prevent splitting the community but maybe that's not such a good idea. Ideas welcome. If you lack a service that would make this time less painful, please tell us. Be safe. \_o< -- Marc Dequènes (Duck)

1 1