DC-Users

dc-users@lists.duckcorp.org

1 participants
82 discussions

Happy Duck Time
by DuckCorp Admin Team 18 Jun '17

18 Jun '17

Quack, Debian has been released! Omedetou!!! === Global Thermonucl^WUpgrade === Joshua will shortly upgrade all hosts and schedule reboot to use the new kernel. We will announce disruptions on IRC. We have already decided to deprecate a few services (see below) and more may come. Maintaining unused softwares is painful and if noone cares then we'd better redirect our efforts elsewhere. If we announce a deprecation and you're still an active user or the replacement does not suit your need, then please contact us. === Webmail === Squirrelmail is unmaintained, has security issues, and will be removed during the previously announced upgrades. Someone even told me it fell broken recently, so I guess it's a sign retirement has been postponed long enough. Horde works, and should continue to, but does not add much now that RounCube made quite some progress (and more after upgrade) and the extra apps are not very useful compared to what StuffCloud offers; it will be reevaluated, so tell us if you wish it to stay. === StuffCloud recent upgrade === Well, not so recent now. For a few hours the file view was utterly broken after an upgrade due to a bug, sorry for that. A new 'Circles' application allowing private/shared groups has been added. In the past we add an application for personal groups but it was not well maintained and this one makes this feature available again and more (and should be better maintained as it is a core-app). === Quick NEWS === * [2017-04-30] updated TLS certificates => services restart (very short disruption) * VCS: ** It has never been properly advertized but rcs*.duckcorp.org are deprecated and will be removed in September; please use vcs* addresses instead ** Git protocol enabled for Bip project, thanks to Trou for pointing this was missing * IRC on Web: The qwebirc instance available on https://irconweb.milkypond.org has been updated to use TLS while connecting to the IRC server * NTSX: Noone is using it and now tethering, plans, and local free WIFI (when you travel for eg) improved quote a bit so it is useless now and is gonna be removed soon Don't forget your umbrella. \_o< -- Marc Dequènes (Duck)

1 0

Grumpy Bear time
by DuckCorp Admin Team 02 Mar '17

02 Mar '17

Quack, Long time no quack, busy being ill… === Mail Rejection === As announced we had to change Orfeo's IPv4 recently. The new one was unused, so no previous spammer owned it, but the big corps have wittingly decided to consider it having a bad reputation by default. Also we discovered a user recently had his account compromised and it was used to relay SPAM. So we're stripping naked and leaking their asses to get our mails accepted, but it's taking time and maybe we'll need to give more of ourselves to get it. So please bear with us and report your problems with as much details as possible so we can debug and act accordingly (even if much of it is out of our control). === StuffCloud Ultimate Upgrade === This is an upgrade we've been postponing for too long. At some point having no fixes and no security support is really bad (even if it's not that great anyway). Also the next Debian release is coming and this software would not work anymore. So we've decided to switch from OwnCloud to NextCloud, and upgraded step by step. This was not easy to get something working in the end but here we are. Please tell us if you experience any difficulties. The list of apps is quite similar, so no data loss. The interface gained a bit of slowlessness too, charming. But there's fixes and a few new features you may like. Please note there is a NextCloud Android app on F-Droid, so while the old OwnCloud one still works, you should probably replace it. Also, to ease communication with the rest of the world, we decided to use letsencrypt to provide the HTTPS certificate for this service. This means it is now easier to give URLs to external people for sharing (no certificate to add to the browser manually). We may use letsencrypt for other websites in the future, but no decision made yet. === Out of Backup === Our previous backup system (Bacula) had some shortcomings and we ended-up having all backup expired and purged while we were busy elsewhere. We believe the current behavior is flawed and this software has proved to be slightly complicated to maneuver, so it is time to have some fresh air. We're working on deploying a new system, but in the meanwhile we're naked and if you have critical data I would advise you to do your own backup for the time being. We're really sorry of the situation and hope to have it solved really soon. Grrr Grrr Grrr \_o<

1 0

Strap yourselves in, boys. Planned maintenance during the night of 2/3 February
by DuckCorp Admin Team 31 Jan '17

31 Jan '17

Happy new year ! === Planned maintenance === In order to apply updates, all servers will be restarted during the night of Thursday 2 and Friday 3 February. Restarts will be performed one by one in the following order: Orfeo, Thorfinn, Jinta, Toushirou. All services will be affected, hopefully services with some redundancy will remain available: - mail (redundancy: mx1.duckcorp.org, mx4.duckcorp.org) - websites - DNS (redundancy) - IRC (redundancy: irc1.duckcorp.org, irc2.duckcorp.org) - Bip - IRC2IM gateway - Jabber - PostgreSQL - MySQL - LDAP (redundancy) - NTP sorry for the inconvenience. === Orfeo: accommodation === Thanks to Hivane, Orfeo has now a more durable location. Again, big thank to Hivane for the hosting, you may want to consider making a donation to them [1]. === Orfeo: new IPv4 address === Soon, the main IPv4 address of Orfeo will be changed from 193.17.192.211 to 193.200.43.105. The new IPv4 is already added, we still need to update the DNS configuration. [1] http://www.hivane.net/donate.html -- Pilou

1 0

This is not an idle threat! Planned outage: Orfeo 2016-02-26
by DuckCorp Admin Team 26 Feb '16

26 Feb '16

Youhou, === Planned outage === Our most important machine, Orfeo, is gonna be kicked out of its cosy sponsored place: Orfeo will be moved on 2016-02-26 in the afternoon to a new short term hosting. Big thanks to Hivane for the short term hosting. A few services will be unavailable: - mail (mx1.duckcorp.org) - websites (webmail, lists, webdesk, web IRC) - DNS (but Toushirou should handle) - IRC (but Jinta should handle), - Jabber (but Thorfinn should handle), - PostgreSQL - IRC2IM gateway - LDAP (but other nodes should handle in read-only mode), - NTP, sorry for the inconvenience. Orfeo === Still Looking for Sponsoring === The new accommodation is temporarily, Orfeo will be moved again before this summer. If you have any knowledge about generous people who may be willing to host this small (1U) machine, please tell us. バイバイ。 -- Pilou

1 1

This is not an idle threat! Planned outage: Orfeo 2016-02-26
by DuckCorp Admin Team 25 Feb '16

25 Feb '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Youhou, === Planned outage === Our most important machine, Orfeo, is gonna be kicked out of its cosy sponsored place: Orfeo will be moved on 2016-02-26 in the afternoon to a new short term hosting. Big thanks to Hivane for the short term hosting. A few services will be unavailable: - - mail (mx1.duckcorp.org) - - websites (webmail, lists, webdesk, web IRC) - - DNS (but Toushirou should handle) - - IRC (but Jinta should handle), - - Jabber (but Thorfinn should handle), - - PostgreSQL - - IRC2IM gateway - - LDAP (but other nodes should handle in read-only mode), - - NTP, sorry for the inconvenience. Orfeo === Still Looking for Sponsoring === The new accommodation is temporarily, Orfeo will be moved again before this summer. If you have any knowledge about generous people who may be willing to host this small (1U) machine, please tell us. バイバイ。 - -- Pilou -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQGcBAEBCgAGBQJWzmJfAAoJEFmb43K6MKeM/pAL/jxfjYyAWc4F6Y34EAESEV2I GzXSgTo6qjFzzFVh0jLVClY1EtwVzAt9U70wtNXIR8250/nuTHEq3PnkYp5BCzN5 P7ROCmscNYjNgtvy8HZfYDUdsYHu3SwB8153cP6zTEqAP/qj5pCDASPs26fyMuhT kXOd0uH3cioYkaTzkh8rnhzu7y5N6ffXAj2X77F36FN/RWk8+5i9YgSQ0Zs3bs11 mtR7l9wM9O/I+AUYstES2af0VISnIfIYoRU6PkC9xXWr4qUKVTkP8jpA/n3yz7RF 83f3xFhBV9EPOiUs6kN8le9uzfEujKnupkIR5w0lWBZtCGqEDnYfCLbGcTcHyMaq RnrLL8aesIXvRF935/yjYU6SaIOPptjYRonkOjp0s8A3m818TyJUzKfv9odjmPjD NuC/8kIu5e2Brf7Q4FIVG1P3KpuotOOFpHYmbEYyaat5bO0IlNFaxhGLjBB+ulpb pqBe8mnSUF5dD8fN+6zZ6M/uUGZZNwaXukzMR6TnJw== =u5wI -----END PGP SIGNATURE-----

1 0

Silent but still around
by DuckCorp Admin Team 12 Jul '15

12 Jul '15

Coin, Long time no quack, but even if there was some work and maintenance done, not much was really visible and needed advertisement. === Still Looking for Sponsoring === Our most important machine, Orfeo, is gonna be kicked out of its cosy sponsored place. Currently the costly but possible plan is probably a few months far but we have no certainty about the exact date of availability and we may be forced to remove the machine very soon. So if you have any knowledge about generous people who may be willing to host this small (1U) machine, please tell us. === Upcoming Maintenance === The PostgreSQL database is gonna be upgraded, which means a few things will be on hold until it finishes (mostly incoming mail and webmails). This would probably take a few hours, so please be patient. We'll been upgrading servers under the hood, but it is now time to remove obsolete feature: the old Apache ACLs will be deactivated in a matter of hours/days. Moreover, to finish these upgrades, we need to reboot Orfeo and Toushirou, which is gonna take place on the next we (2015-07-18/19). === Security Updates === With all the bad bugs and protocol problems discovered, the insecure SSH DSA keys were removed. On all services the accepted ciphers and algorithms were, again, tightened, so you should upgrade your systems too if you don't want to be out one day. === Security Certificated === As we are using a self-signed CA, this is a recurring topic when people try to access our services. The way to solve this problem in a secure fashion has been summarized here: http://ca.duckcorp.org/ We also had time to implement a security alternative: DANE/TLSA[1]. If you are using secure DNS[2] (DNSSEC validation) on your systems, then you may have another way to access our services securely. Currently the software support is not very widespread and requires additional software. Plugins for major browsers have been implemented here and seems to be working well: https://www.dnssec-validator.cz/ On Chromium nevertheless the plugin is a bit ugly to install. The browser may still complain about the certificate, but if you proceed to the page the DNSSEC+TLSA indicators should help recognize you're connected to the right site. [1] https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities [2] https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions === Quick News === * [2015-07-08] Throfinn was rebooted due to an hypervisor problem in the Hivane architecture * [2015-07-11] Jinta was rebooted * [???] stuff.duckcorp.org improvements: new SMS (not MMS!) app, experimenting a new Notes app (old notes are in your Files), raised quota from 1GB to 5GB \o/ Have a pleasant summer! -- Marc Dequènes (Duck)

1 0

Maintenance: Thorfinn rebooted Saturday
by DuckCorp Admin Team 12 Feb '15

12 Feb '15

1 0

DuckCorp CA rollover -- update your config *NOW*
by DuckCorp Admin Team 06 Nov '14

06 Nov '14

Coin, All our encrypted services are based on our self-signed CA which in turn generates SSL/TLS certificates for all secure services. Our current CA is now 10 years old and using older encryption algorithms, so it's time to rollover. Thus, you need to add the new 'duckcorp.crt' file on your systems _before_ 2014-10-04. The switch may occur a tad later but i plan to swiftly get this over with. If you don't know to install the file, you should have a look in the wiki: https://users.duckcorp.org/index.php/Services/Security#TLS.2FSSL-based_Serv… Beware you need to leave the previous file around until the switch is done (simply rename it). As for the new file itself, 'duckcorp.crt', it is attached in this mail (and updated in the wiki too). Nevertheless, if you have keysigned (GPG) with one of the admin, you should verify and extract it using the following command: gpg --output duckcorp.crt <pilou_duckcorp.crt.asc (replace 'pilou' by 'arnau' or 'duck' accordingly to your web of trust) Have a Lot of FUN ! -- Marc Dequènes (Duck)

1 1

Beach reading
by DuckCorp Admin Team 29 Jul '14

29 Jul '14

Coin, === Team changes === Pilou is a new fallback admin in charge of hardware/breakage rescue. Arnau being in Japan and as i'm willing to fly away sometime in the future, it was necessary to get help to handle things that can only be done live. === Services Secuuuuuuuuuure Certificates === If you upgraded Firefox to version 31 you may have had difficulties reaching our websites. Firefox has upgraded his certificate validation methods[1] leading to our certificates being rejected. We did not change our certificates configuration during the last decade and a few things needed to be updated. We fixed and regenerated all certificated (for all services). By the way, our custom CA (master certificate) has been there for almost a decade and is gonna die soon. We will prepublish the new one soon to have some time before we break the world. [1] https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificat… === Thorfinn OoO on 2014-07-13 === Probably due to scripts/bots the resources on this machine went down to a nasty point. Unfortunately we were on "admin vacation" and the Jabber notifications broke on our supervision software, so we had to reboot the machine because to was too late for a medic. You're welcome to have long-running scripts on this machine but please check it does not go mad or consume too much resources. If you know anything about TLS/SASL we'll welcome your help debugging this (Zabbix) bug. === Quick News === * new TT-RSS plugin (openinbgtab) to open articles in background tab (Chrome/Opera only) * new Tasks app in owncloud, see our users' wiki for more info * the PHP accelerator (Xcache) is still broken, it was disabled everywher; no hope of fixes at the moment * our Webdesk was painfully slow since the PHP accelerator problem but it's now ok * Nob (IRC bot) has been retired (Rbot is not working well with recent Ruby and is being removed from Debian) * the secondary IRC node will need an upgrade (first one was upgraded recently), so we'll announce the restart on IRC Have a pleasant summer. -- Marc Dequènes (Duck)

1 0

Hey! We'll sleep when we're dead. C'mon!
by DuckCorp Admin Team 12 Mar '14

12 Mar '14

Coin, === Plans for the Futur\WPresent === Toushirou is a bit overloaded. After some care it is stable again, but it really needs some help. Besides, Thorfinn is a VDS gained/included in my ADSL offer, and I need to be free to move in the future. I wish we could have been able to rack a machine Finger kindly obtained for us, but we failed on this (we asked a lot of people for sponsoring but to no avail). Thus I've asked Hivane to provide us two VDS in order to handle this situation fast. One of them may still be transferred to a real machine one day. Hivane kindly accepted and created them lightning fast. Thus, several services will move to Jinta (revival), with almost no consequences: - our dico will still be accessible from http://dico.duckcorp.org/ but the DICT server will move to dict.dc.o - same for the streaming service https://radio.duckcorp.org/ and stream.dc.o Later, user shells and bots will move to Thorfinn (NG); we'll send further instructions and schedule soon. === Future Maintenance === Orfeo will be rebooted on 2014-04-05/06 on a new kernel (security…). === Blogs are not for Sissies === Seems several of you still like writing. We had an old blog engine used for HurdFr which was crumbling into pieces, so we resurrected this service with a maintained software and opened it to all DC users. It is not well tested yet but should work fine. Ask if you need an account. === XMPP is dead, long live XMPP! === We've had a hard time keeping the XMPP service working properly and we decided such workload was not acceptable anymore. We found another software to take the place and it seems to work nicely ever since. We lost the cluster functionality, which means there is only one single node and point of failure, but better than multiple failing nodes. Please note the obsolete MSN gateway was removed in the process. === Quick News === * News fetch frequency was too high (5min) and was changed to 30min (helping cooling down Toushirou) * Mail indexing has been much improved, and should be more accurate and faster than before * stuff.dc.o was improved: - new Firefox Sync application (please note it is incompatible with the bookmark application because FFS data are encrypted in your browser and then unusable for any app) - interface was adapted to better work on touchpads even though moving files is still not user-friendly on such devices - interface is now Japanese-friendly * web: - mod_fcgi has been removed, as previously announced - xcache (PHP accelerator) was disabled because it breaks badly (see Debian#739789), sorry if you're using its API; we hope to reenable it soon (and regain some speed in the process) * filesystem migration to ext4 is done now That's all for now. Have a pleasant time. -- Marc Dequènes (Duck)

1 1

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

DC-Users