Coin,
=== New Website ===
It has been a great while since we last took care of the official web
page. No CMS was really that nice, so we decided to revamp it
completely by hand (or mostly).
It is still an "institutional" site, meant to stay quite static, but
more opened to the human world. The old and obsolete content was
removed/updated, so it reflects better what DuckCorp really is like
today.
=== Changes in the Admin Team ===
Arnau was quite busy for a while, and not very active, so he is now a
"fallback admin".
Once again, happy volunteers are welcome !
=== Jabber/XMPP Problems ===
Our server had strange problems recently, and was completely broken
between 2010-04-27 and 2010-04-29. It seems to be "willing" to serve
us again, so please pray the XMPP god it stays that way.
=== NTP ===
We have been running a stratum 3/4 server since a while, but it was
not very advertised. Since 2010-04-22, it has been upgraded to stratum
2, advertised publicly on the ntp.org site, and registered in the pool
project[1] (public stats[2] available).
=== LDAP Auth ===
The PostgreSQL server is now LDAP-ified, so users can now use their
global identifiers.
=== Daneel's Disks Saga ===
One of the repared disk died on 2010-04-10, so we keep rotating disks
until Seagate's warranty proves to be useful...
=== Mail ===
Since 2010-03-24, the maximum message size switched to 10Mo (was
previously 5Mo), as requested by a few users. Do not forget we've got
a FTP area for sending BIG files.
=== WebDesk ===
Since a recent Horde upgrade, tasks have been unusuable due to an
uncompleted database migration. It has been fixed.
That's all folks !
[1] http://www.pool.ntp.org/
[2] http://www.pool.ntp.org/user/DuckCorp
--
Marc Dequènes (Duck)
Coin,
You are a DuckCorp user, sponsor, or friend, so we wanted to invite
you to the 10th anniversary of DuckCorp. It's the first time a such a
"social" event is organized, but this time we wanted to meet you and
have a look back at what we've done so far.
The meeting will take place on 2010-05-29 near Paris (so you can book
this date for sure). We do not want a corporate party, but something
unaffected and relaxing, so we decided to organize a picnic. As the
weather seems to get better and better each day, it should be
enjoyable :-), but we can still fall back on indoors eating if
necessary. The exact location and time would be communicated later,
but it should start around 13:00.
I've been told it would be interesting for people to visit a
datacenter (most "normal" people don't live in there and have never
seen how the Internet works), so it should be possible to visit
Toushirou in the morning before the picnic, for a small amount of
persons (but we may still organize another visit later if too much
people are interested).
In the evening, it is highly probable some of us end-up in a bar
and/or restaurant for an unofficial continuation, so you are welcome
to follow us :-).
By the way, we started a new wiki dedicated to user-oriented information here:
https://users.duckcorp.org/
You'll see a map of the network and some kind of historical résumé
from the creation. It is currently readable by everyone (but this may
change in the future), and users may login and contribute with their
LDAP account (only a few pages are locked, but can be discussed).
Please tell us if you expect to attend this meeting. It is necessary
to "register" for the datacenter tour at least a week in advance to
organize the visit(s).
May the CoinForce be with you !
P.S.: You may reply to 10th-anniversary(a)duckcorp.org for
general-interest discussions, but please use the Dc-Admin mailing-list
to notify your coming or ask specific questions, so as not to spam
people.
--
Marc Dequènes (Duck)
Coin,
=== Backup and Toushirou's recovery ===
Daneel's second disk died too (around 2010-02-06), but it was replaced
quickly and is working nicely now. As a reminder, Daneel is performing
our backup.
Toushirou was severely hot by a nasty kernel bug[1], but is back to
his "nominal" stability factor now.
=== Mail ===
Spammers worked hard, even during X-mas, and are online again brand
new methods to circonvents our filters, so it is time for
counter-attack :-).
First, our antispam software (DSPAM) was upgraded again (2010-02-09),
with a few fixes, both to the learning code and for optimizations.
You'll see the web interface now support translations and French is
now available (ask if you need another language).
Second, we added new sources for our anti-virus software (2010-03-11),
to now also be able to catch classic Phishing/fakes/... mails without
the need for any DSPAM learning.
Third, we are now using a new software (2010-03-13, policyd-weight)
aimed at doing extra checks (some using RBLs) at the early stage of
receiving mails, to be able to reject them as soon as possible.
We hope this would help keep the learning burden for you as low as possible..
=== IRC <-> IM gateway ===
Our new Gateway software has been upgraded and now support
authenticating users using our global database (PAM+LDAP), so don't
have to remember yet another password. To protect your password, TLS
support has also been activated: you
must then connect using implicit TLS/SSL, on the same 6670 port
(unsecured connections are no more possible, and STARTTLS is not yet
implemented in minbif as well as most IRC client softwares yet). Ask
for an account if you want to
try.
=== PHP 5.3 Migration ===
PHP was frozen on our hosts, as more recent 5.2.x versions were
crashing like hell quite often. Seems like the 5.3 branch is
stabilized a bit, and all oud hosts have migrated but Toushirou (the
hosting web server). One extension, php5-imagick, is still
non-functional, but we plan to switch to this new version at the end
of the month. Beware it introduces a few incompatibilities, so please
read the migration guide[2] if you are maintaining a PHP software on
Toushirou (packaged software will of course be handled by the Admin
Team). If you need a delay before upgrade, get in touch with the Team.
=== New pseudo-Machine ===
Thanks to the Nerim Root offer, we now have a new pseudo-machine
available, Thorfinn (thorfinn.duckcorp.org). As was quite unpleased to
see it was run by VMware, and ensured to cleanup the whole image
before using it first. I heard it is planned by Nerim internally to
replace VMware by something respectable (like XEN or KVM), but we have
no schedule yet. So, please welcome Thorfinn among us :-).
As Toushirou has to be rebooted once in a while, and even if it is not
so horrible these days (beside the recent kernel bug), we are
considering buying a new machine during this year. Before that, people
having long term SSH sessions may now switch it to Thorfinn, which is
expected to be more stable, and with a not so frequent need for major
upgrades; this could save you a lot of effort. Thus, people having SSH
access to Toushirou have automatically been grant
ed an SSH access to Thorfinn. Feel free to ask for necessary softwares.
=== SSH Keys ===
As you may have seen, most SSH Keys are now in our magical database
(LDAP), and managed automatically on all hosts where you have access
to. Managed keys are marked between comments in your 'authorized_keys'
file. They were initially seeded to ease transition, but it won't be
automatic since now. You can ask an administrator to
add/remove/replace keys as you see fit. You may add per-host keys
manually if you wish, and they will be preserved locally.
have a lot of FUN !
[1] http://bugs.debian.org/566532http://patchwork.kernel.org/patch/72981/
[2] http://php.net/manual/en/migration53.php
--
Marc Dequènes (Duck)
Coinyear ! :-)
Hope this one would be awesome ;-).
=== Webstats ===
Authentication for webstats was <del>broken</del> a bit sick (due to
the cold weather probably), and you'll be happy to ear it is cured now.
=== SIEVE Migration ===
In the past the SIEVE protocol (for the MANAGESIEVE service) used the
TCP port 2000. This port was already used by another common
application, and SIEVE has been assigned an official port: 4190. We
plan to switch our service to this new port in the begining of
february; until then, and starting from now, both ports are available,
to ease the transition.
=== MySQL Migration ===
We switched from 5.0 to 5.1 yesterday night, and everything went like
a charm. We didn't test every app/webapp using MySQL, but many were
tested and seemed to work very well. If you need to adapt your SQL
code, remember the doc is here:
http://dev.mysql.com/doc/refman/5.1/en/upgrading-from-previous-series.html
=== Horde ===
Horde has been added a new module providing comics. The list of
available strips is the default one provided by the module, but you
can ask for addition or removal. It would be nice if you could report
which one you like, so as to reduce the list to an acceptable size
(and corresponding ressources on the server).
=== Backup failure ===
When i was away, a software problem (still undetermined yet) caused
the backup to stop functionning at the end of december. Later, while
we were all busy eating and drinking good stuff, a disk just died.
Hopefully, thanks to RAID, nothing was lost, and the disk was replaced
this evening. The service has been restarted and things you come back
to normal soon.
=== Bitlbee is DEAD ===
Bitlbee software is mostly unmaintained. When Yahoo! or another
naughty provider changes its protocol, it is quite a pain to get a fix
(and sometimes you've got to wait weeks without been able to connect).
It is not acceptable.
Someone wrote a replacement, minbif (http://symlink.me/wiki/minbif),
which is more IRC-ish, with funny new features, and using the pidgin
library; the later is quite ugly, but probably not more than the
Bitlbee counterpart, and would ensure up-to-date plugins for your
favourite IM networks (with more choice btw). So, we decided to drop
Bitlbee support and switch to minbif completely in the begining of
february.
If you want to switch to minbif, or discover it, please ask an admin
for an account.
=== Tōshirō's Reboot ===
Here it comes. Toushirou started again misbehaving, after 224 days
working nicely, so it will be rebooted tomorrow (2010-01-07) during
the afternoon. A full disk check is needed, so please be patient. SSH
users, don't forget to close your session before reboot; it will be
advertised on IRC a few minutes before.
Hope the rest of the year would be more calm...
--
Marc Dequènes (Duck)
Coin,
=== Secured FTP ===
One user reported a connection problem with the secured server,
resulting in the following error:
534 Unwilling to accept security parameters
This was due to a weird configuration problem on our server (probably
a software bug). It is now fixed.
=== Postponed work ===
Due to overloading, the following tasks are postponed:
- MySQL migration (5.0->5.1) was planned in november but will
likely happen during the christmas holidays or at the end of january,
so be prepared
- Toushirou's reboot will perhaps happen during chrismas hollidays,
but as it is not easy to plan, i'd rather contact people on IRC a few
hours before
- IRC migration should happen soon, as the test server is working
nicely; you'll be warned... on IRC
=== Begging Time ===
Ho, this is already the end of the year. Not a so bad year, but we are
still missing a few things :
- workforce, to maintain DC/MP and help improve services and tools
- funds, to pay the bill for these services
- and a trusted and controlled KVM hosting, or perhaps a new
machine, so as to restore the Earendil Hurd machine (used by HurdFr)
and be able to debug it easily
If you think you can help in one of these areas, just contact us.
This said, have a merry X-mas everybody ! :-))
--
Marc Dequènes (Duck)
Coin,
=== Orfeo Migration ===
Everything went fine. IPv6 connectivity was restored a few hours
later. Thanks Hivane for handling this move quite transparently. More
planification would be better though ;-).
=== Arch Support is Gone ===
As planned, Tla/Arch support was removed on Toushirou. Users which had
not converted their projetcs to another VCS can find a backup of their
data in a 'arch-devel-archives.tgz' archive in their home directory.
It was a nice tool...
=== FTP Security ===
As one user reported, ftp.duckcorp.org is not very secure, as you
authenticate on an unsecured connection when you need to upload new
content. So, we decided to improve the situation.
From now on, you should be using ftps.duckcorp.org instead. This
virtual host enforce using TLS before authenticating. Around october,
15th ftp.duckcorp.org will connect you to the public part of the FTP
data, and you won't be able to do any modification using this vhost.
Nevertheless, authenticating using TLS would probably be retained, in
order to leverage a few limitations, like FXP allowance.
In the meantime, the physical layout in the /ftp directory will be
changed to allow more vhosts in the future.
=== DB Migration ===
As users do not use PostgreSQL, migration to 8.4 was done recently. Do
not hesitate asking for an account if you need.
MySQL is widely used, and is being upgraded to a new major version
soon, around november, 15th. So, we will take care of any wide needed
actions, like running REPAIR on all tables (needed for FULLTEXT
indexes and probably a few other things), but we need YOU to check for
incompatible changes in the software you use. System-wide softwares,
like Mediawiki and Gallery2, will be handled by our staff, so you
don't need to care about. For more information, please look at:
http://dev.mysql.com/doc/refman/5.1/en/upgrading-from-previous-series.html
You can contact us in order to provide a SQL script to run at
migration time if needed.
=== Toushirou Kernel upgrade ===
Toushirou is being used for shells/screens and IRC proxy (bip), so it
is not easy to reboot it without you noticing, but sometimes, because
of so much security problems, it is needed. We plan to reboot it soo,
probably September, 19th, around midday.
=== IRC Plan ===
The test server is working pretty well. We plan to upgrade it to a
testing version very near the final release, test it a bit (mostly SSL
links, with another test server), and replace production softwares
before the end of the year.
=== LDAP Work ===
Important changes were done, and further migrations should be less intrusive..
That's all for now. Don't forget help and donations are still warmly welcome..
--
Marc Dequènes (Duck)
Coin,
Due to complex sponsoring needs, we needs to move Orfeo to a new
location _today_. Unfortunately, it could not be planned better, and
the machine is being moved in an hour or two. Our sponsor Hivane would
take care of almost everything transparently. We'll stop the machine
at the last moment and take care of checking network connectivity and
services as soon as online again. Affected services would mostly be
Mail related (several others having redondancy, like IRC, DNS, MX2, or
Jabber/XMPP). Sorry for the inconvenience.
Regards.
--
Marc Dequènes (Duck)
Coin,
=== LDAP Work ==
Since 2007, most of our core infrastructure has remained identical. To
improve it, we have begun an heavy work on the LDAP database and
related softwares. We no longer rely on firewalling for security, as
every involved server now use TLS communications with certificate
check. The schema is being improved and work on better
administration/user tools will follow. The LDAP infrastructure will
soon be opened to all properly authenticated and securized access to
everyone. This should allow more transparency on retained user
information, and is a continuation of the "Experimental Tool" Banya
(see previous mail in march).
That is to say, this work could introduce some disturbance, mostly at
night (from a GMT+2 point of view) or during legal holidays, even if
we try to minimize it as much as possible.
=== Mail ===
Latest sunday (and probably the previous one), you may have
experienced problems connecting to the mail services. Unfortunately,
our SPAM database suddenly grow quite large, and it was necessary to
shutdown to do some urgent maintenance. Several things were done to
improve the situation, and the software was also upgraded to take
advantage of several database optimizations. The web interface and
processing speed have been improved a bit too. As several persons do
not use much the spam filtering facility, the default training method
was changed to ensure a reduced ressource usage when unnecessary (it
can still be changed in the web interface).
The mail software has been upgraded too, coming with a much better
server-side mail filtering engine (SIEVE), with many fixes compared to
the previous one, and the following new extensions:
- variables
- imap4flags (replacing the obsolete imapflags)
- enotify (replacing the obsolete notify)
- encoded-character
More info on SIEVE and these extensions can be found here:
http://sieve.info/
People using our SMTP from a roaming connections may have had a few
problems with certain restrictions, this is now fixed.
=== Mail from Webapps ===
We spotted a few strange mails, and found a few of you are using forum
or website with open registration with no or not-very-efficient
anti-bot protection, leading to a few SPAM messages. From now on,
webapps using the traditionnal mail functions will have their mail
follow a special path, to ensure we can spot these problems easily and
be able to train our antispam with problematic mails. This should
ensure our mail servers are not banned.
=== Webmails ===
First, a few weeks ago, a Horde upgrade led to firstnames being
screwed in the Contacts, due to a bug in the upgrade script. We had
not enough time to work on restauration, and as very few of you were
concerned, we decided this was too much of a workload. Sorry for the
bother.
The SIEVE filtering plugin for webmail.duckcorp.org has been upgraded
and has better support for SIEVE extensions (but not 'variables' yet).
=== RCS ===
The Arch webdav access was broken, not working with https and auth
with tla, and buggy with baz, so it was merely dropped. Moreover, Arch
not updated upstream since a while (baz was even dropped and corpse
hidden by Canonical a few years ago), so, Arch support is scheduled
for removal in September. You are not obliged to move to a new RCS,
but tools will disapear on our servers. WHen times come to and end,
remaining archives in '/rcs/arch-devel-archives' will be moved to the
corresponding user's home directory.
== SAFT is Back ===
In DuckCorp, we like oldies, abandonwares and the like. Once upon a
time, DC servers were prodiving a service to send files to a remote
UNIX user, SAFT. This funny service is asynchronous and retry-aware,
and can be used when the sender and recipient can't share a common
place to exchange data (FTP for example), and sending a huge mail
would be horrible or even impossible. The receiver needs to run a
simple and light server, and the receiver to use the 'sendfile'
command (available in Debian). One is now running on Toushirou, and
received files can then be found with your shell access and the
'receive' command, or via your FTP account in '/sendfile/<uid>/'.
You're address for the service would then be <uid>@saft.duckcorp.org.
More info on this subject can be found here:
http://fex.rus.uni-stuttgart.de/saft/sendfile.html
Have FUN !!!
--
Marc Dequènes (Duck)
Coin,
=== Cleanup ===
For the people _rarely_ using Toushirou to compile stuff, this is now
_over_. For historical reasons this machine supported such feature,
but as it is not secure enough, and not useful enough for really
building things (as you cannot install build dependencies), this has
definitevely been shutdown.
=== Cheers ===
That's perhaps just strange eons, or just a dream i made, but it seems
Toushirou has reached 42 days being up and without an Oops. So i guess
that's a good reason to drink (even if not real) :-) !
=== IRC Stumblings ===
Once upon a time, a lord, after having had a big party, or the like,
dicided to rename its "Etch" castle in "Lenny" castle. Unfortunately,
during his hard work modifying the residence in accordance to the new
name, he overlooked a part of his domain. One of his men decided to
lay down his own rules, banishing people generously for no good
reason. Later, a neighbouring lord, seing all this mess crossing
boundaries of his own land, decided to give a hand. Both, with great
bravoure, restored peace and justice over the world !
Hum. This is to say... sorry for the so many disturbances while T1R
IRC server was upgraded, and later when the other IRCd crashed while
prepared the upcoming new IRC services.
The good news, is that we are using improved IRC services now. Most
news are polishing and bug fixes, but there also a new service (even
if not really useful): MEMOSERV, for leaving offline messages. There
is also a translation of services messages, but only in russian and
bulgarian :-/, so if someone is willing to help...
=== Experimental Tool ===
Since a while there are several services available, but yet most of
them cannot be set up by the user themself. For people having a shell
account, there still is a delegating script to access the part of
perso.duckcorp.org apache log related to their web space, and people
may still read the logs of their personnal websites. Their was also
another script to allow modifying their DNS master zone, but since
Orfeo was back and not opened to user accounts, it was no more
working. So, it has been a while something was missing.
A new tool is being written to address part of the problem. It is
currently totally experimental and doing almost nothing yet, but yet
you could help us test it. You need to have a GPG key, have one of the
MP admins signed it and registered into the service, to be able to use
it (for obvious security reasons). Then you can write a _signed_ mail
to "MilkyPond Administration Officer" <banya(a)milkypond.org>, and in
the body use the following commands (one per line):
- DNS INFO
to get the list of DNS <zone>s you can manage (and probably more
in the future)
- DNS GET ZONE <zone>
to get the DNS <zone> content
- DNS SET ZONE <zone> @<i>
to replace the current DNS <zone> content with the <i>st/nd/rd/th
attachment (text/plain accepted only)
As your zone content can be *secret*, then you can get the Banya key
D0CCBBA55460719D515C11E6E770C685EF410567, signed by Arnau and me, and
encrypt the mail with it. The mail should be RFC3156-compliant, and
should not use the combined method described in chapter 6.2 of this
RFC (not supported yet). The subject is purely informational, for you
to identify the reply to the corresponding demand.
Have FUN !!!
--
Marc Dequènes (Duck)
Coin,
=== Coinings ===
First of all, Happy new year to everybody. We are late because we were
still eating chocolates and drinking beer, and had no time for lusers
:-).
=== Network Migration ===
We love it... Our network provider now has a wider range of IPv6
addresses, but unfortunatly this is not an extension of the previous
one, so we are going to move to new addresses during the we. In fact
HQ and tunnel provider addresses were already moved, but the other
changes may not be unnoticed, so you are warned.
=== Webdesk ===
We recently (this night) added the Trean extension to Horde, so you
can play with bookmark management from now on.
=== Calls ===
I know this is quite boring, but i'd like to remind the call for help
and the call for funds are still actives.
No more bad news for today... ;-)
--
Marc Dequènes (Duck)