DC-Users

dc-users@lists.duckcorp.org

79 discussions

by DuckCorp Admin Team

Coin, === New Website === It has been a great while since we last took care of the official web page. No CMS was really that nice, so we decided to revamp it completely by hand (or mostly). It is still an "institutional" site, meant to stay quite static, but more opened to the human world. The old and obsolete content was removed/updated, so it reflects better what DuckCorp really is like today. === Changes in the Admin Team === Arnau was quite busy for a while, and not very active, so he is now a "fallback admin". Once again, happy volunteers are welcome ! === Jabber/XMPP Problems === Our server had strange problems recently, and was completely broken between 2010-04-27 and 2010-04-29. It seems to be "willing" to serve us again, so please pray the XMPP god it stays that way. === NTP === We have been running a stratum 3/4 server since a while, but it was not very advertised. Since 2010-04-22, it has been upgraded to stratum 2, advertised publicly on the ntp.org site, and registered in the pool project[1] (public stats[2] available). === LDAP Auth === The PostgreSQL server is now LDAP-ified, so users can now use their global identifiers. === Daneel's Disks Saga === One of the repared disk died on 2010-04-10, so we keep rotating disks until Seagate's warranty proves to be useful... === Mail === Since 2010-03-24, the maximum message size switched to 10Mo (was previously 5Mo), as requested by a few users. Do not forget we've got a FTP area for sending BIG files. === WebDesk === Since a recent Horde upgrade, tasks have been unusuable due to an uncompleted database migration. It has been fixed. That's all folks ! [1] http://www.pool.ntp.org/ [2] http://www.pool.ntp.org/user/DuckCorp -- Marc Dequènes (Duck)

12 years, 11 months

DuckCorp, 10 years old already !

by DuckCorp Admin Team

Coin, You are a DuckCorp user, sponsor, or friend, so we wanted to invite you to the 10th anniversary of DuckCorp. It's the first time a such a "social" event is organized, but this time we wanted to meet you and have a look back at what we've done so far. The meeting will take place on 2010-05-29 near Paris (so you can book this date for sure). We do not want a corporate party, but something unaffected and relaxing, so we decided to organize a picnic. As the weather seems to get better and better each day, it should be enjoyable :-), but we can still fall back on indoors eating if necessary. The exact location and time would be communicated later, but it should start around 13:00. I've been told it would be interesting for people to visit a datacenter (most "normal" people don't live in there and have never seen how the Internet works), so it should be possible to visit Toushirou in the morning before the picnic, for a small amount of persons (but we may still organize another visit later if too much people are interested). In the evening, it is highly probable some of us end-up in a bar and/or restaurant for an unofficial continuation, so you are welcome to follow us :-). By the way, we started a new wiki dedicated to user-oriented information here: https://users.duckcorp.org/ You'll see a map of the network and some kind of historical résumé from the creation. It is currently readable by everyone (but this may change in the future), and users may login and contribute with their LDAP account (only a few pages are locked, but can be discussed). Please tell us if you expect to attend this meeting. It is necessary to "register" for the datacenter tour at least a week in advance to organize the visit(s). May the CoinForce be with you ! P.S.: You may reply to 10th-anniversary(a)duckcorp.org for general-interest discussions, but please use the Dc-Admin mailing-list to notify your coming or ask specific questions, so as not to spam people. -- Marc Dequènes (Duck)

12 years, 11 months

Jacked up and good to go.

by DuckCorp Admin Team

Coin, === Backup and Toushirou's recovery === Daneel's second disk died too (around 2010-02-06), but it was replaced quickly and is working nicely now. As a reminder, Daneel is performing our backup. Toushirou was severely hot by a nasty kernel bug[1], but is back to his "nominal" stability factor now. === Mail === Spammers worked hard, even during X-mas, and are online again brand new methods to circonvents our filters, so it is time for counter-attack :-). First, our antispam software (DSPAM) was upgraded again (2010-02-09), with a few fixes, both to the learning code and for optimizations. You'll see the web interface now support translations and French is now available (ask if you need another language). Second, we added new sources for our anti-virus software (2010-03-11), to now also be able to catch classic Phishing/fakes/... mails without the need for any DSPAM learning. Third, we are now using a new software (2010-03-13, policyd-weight) aimed at doing extra checks (some using RBLs) at the early stage of receiving mails, to be able to reject them as soon as possible. We hope this would help keep the learning burden for you as low as possible.. === IRC <-> IM gateway === Our new Gateway software has been upgraded and now support authenticating users using our global database (PAM+LDAP), so don't have to remember yet another password. To protect your password, TLS support has also been activated: you must then connect using implicit TLS/SSL, on the same 6670 port (unsecured connections are no more possible, and STARTTLS is not yet implemented in minbif as well as most IRC client softwares yet). Ask for an account if you want to try. === PHP 5.3 Migration === PHP was frozen on our hosts, as more recent 5.2.x versions were crashing like hell quite often. Seems like the 5.3 branch is stabilized a bit, and all oud hosts have migrated but Toushirou (the hosting web server). One extension, php5-imagick, is still non-functional, but we plan to switch to this new version at the end of the month. Beware it introduces a few incompatibilities, so please read the migration guide[2] if you are maintaining a PHP software on Toushirou (packaged software will of course be handled by the Admin Team). If you need a delay before upgrade, get in touch with the Team. === New pseudo-Machine === Thanks to the Nerim Root offer, we now have a new pseudo-machine available, Thorfinn (thorfinn.duckcorp.org). As was quite unpleased to see it was run by VMware, and ensured to cleanup the whole image before using it first. I heard it is planned by Nerim internally to replace VMware by something respectable (like XEN or KVM), but we have no schedule yet. So, please welcome Thorfinn among us :-). As Toushirou has to be rebooted once in a while, and even if it is not so horrible these days (beside the recent kernel bug), we are considering buying a new machine during this year. Before that, people having long term SSH sessions may now switch it to Thorfinn, which is expected to be more stable, and with a not so frequent need for major upgrades; this could save you a lot of effort. Thus, people having SSH access to Toushirou have automatically been grant ed an SSH access to Thorfinn. Feel free to ask for necessary softwares. === SSH Keys === As you may have seen, most SSH Keys are now in our magical database (LDAP), and managed automatically on all hosts where you have access to. Managed keys are marked between comments in your 'authorized_keys' file. They were initially seeded to ease transition, but it won't be automatic since now. You can ask an administrator to add/remove/replace keys as you see fit. You may add per-host keys manually if you wish, and they will be preserved locally. have a lot of FUN ! [1] http://bugs.debian.org/566532 http://patchwork.kernel.org/patch/72981/ [2] http://php.net/manual/en/migration53.php -- Marc Dequènes (Duck)

13 years

Need something destroyed?

by DuckCorp Admin Team

Coinyear ! :-) Hope this one would be awesome ;-). === Webstats === Authentication for webstats was <del>broken</del> a bit sick (due to the cold weather probably), and you'll be happy to ear it is cured now. === SIEVE Migration === In the past the SIEVE protocol (for the MANAGESIEVE service) used the TCP port 2000. This port was already used by another common application, and SIEVE has been assigned an official port: 4190. We plan to switch our service to this new port in the begining of february; until then, and starting from now, both ports are available, to ease the transition. === MySQL Migration === We switched from 5.0 to 5.1 yesterday night, and everything went like a charm. We didn't test every app/webapp using MySQL, but many were tested and seemed to work very well. If you need to adapt your SQL code, remember the doc is here: http://dev.mysql.com/doc/refman/5.1/en/upgrading-from-previous-series.html === Horde === Horde has been added a new module providing comics. The list of available strips is the default one provided by the module, but you can ask for addition or removal. It would be nice if you could report which one you like, so as to reduce the list to an acceptable size (and corresponding ressources on the server). === Backup failure === When i was away, a software problem (still undetermined yet) caused the backup to stop functionning at the end of december. Later, while we were all busy eating and drinking good stuff, a disk just died. Hopefully, thanks to RAID, nothing was lost, and the disk was replaced this evening. The service has been restarted and things you come back to normal soon. === Bitlbee is DEAD === Bitlbee software is mostly unmaintained. When Yahoo! or another naughty provider changes its protocol, it is quite a pain to get a fix (and sometimes you've got to wait weeks without been able to connect). It is not acceptable. Someone wrote a replacement, minbif (http://symlink.me/wiki/minbif), which is more IRC-ish, with funny new features, and using the pidgin library; the later is quite ugly, but probably not more than the Bitlbee counterpart, and would ensure up-to-date plugins for your favourite IM networks (with more choice btw). So, we decided to drop Bitlbee support and switch to minbif completely in the begining of february. If you want to switch to minbif, or discover it, please ask an admin for an account. === Tōshirō's Reboot === Here it comes. Toushirou started again misbehaving, after 224 days working nicely, so it will be rebooted tomorrow (2010-01-07) during the afternoon. A full disk check is needed, so please be patient. SSH users, don't forget to close your session before reboot; it will be advertised on IRC a few minutes before. Hope the rest of the year would be more calm... -- Marc Dequènes (Duck)

13 years, 2 months

Reportin’ for duty

by DuckCorp Admin Team

Coin, === Secured FTP === One user reported a connection problem with the secured server, resulting in the following error: 534 Unwilling to accept security parameters This was due to a weird configuration problem on our server (probably a software bug). It is now fixed. === Postponed work === Due to overloading, the following tasks are postponed: - MySQL migration (5.0->5.1) was planned in november but will likely happen during the christmas holidays or at the end of january, so be prepared - Toushirou's reboot will perhaps happen during chrismas hollidays, but as it is not easy to plan, i'd rather contact people on IRC a few hours before - IRC migration should happen soon, as the test server is working nicely; you'll be warned... on IRC === Begging Time === Ho, this is already the end of the year. Not a so bad year, but we are still missing a few things : - workforce, to maintain DC/MP and help improve services and tools - funds, to pay the bill for these services - and a trusted and controlled KVM hosting, or perhaps a new machine, so as to restore the Earendil Hurd machine (used by HurdFr) and be able to debug it easily If you think you can help in one of these areas, just contact us. This said, have a merry X-mas everybody ! :-)) -- Marc Dequènes (Duck)

13 years, 3 months

A few activities between summer sunny nap and winter hibernation

by DuckCorp Admin Team

Coin, === Orfeo Migration === Everything went fine. IPv6 connectivity was restored a few hours later. Thanks Hivane for handling this move quite transparently. More planification would be better though ;-). === Arch Support is Gone === As planned, Tla/Arch support was removed on Toushirou. Users which had not converted their projetcs to another VCS can find a backup of their data in a 'arch-devel-archives.tgz' archive in their home directory. It was a nice tool... === FTP Security === As one user reported, ftp.duckcorp.org is not very secure, as you authenticate on an unsecured connection when you need to upload new content. So, we decided to improve the situation. From now on, you should be using ftps.duckcorp.org instead. This virtual host enforce using TLS before authenticating. Around october, 15th ftp.duckcorp.org will connect you to the public part of the FTP data, and you won't be able to do any modification using this vhost. Nevertheless, authenticating using TLS would probably be retained, in order to leverage a few limitations, like FXP allowance. In the meantime, the physical layout in the /ftp directory will be changed to allow more vhosts in the future. === DB Migration === As users do not use PostgreSQL, migration to 8.4 was done recently. Do not hesitate asking for an account if you need. MySQL is widely used, and is being upgraded to a new major version soon, around november, 15th. So, we will take care of any wide needed actions, like running REPAIR on all tables (needed for FULLTEXT indexes and probably a few other things), but we need YOU to check for incompatible changes in the software you use. System-wide softwares, like Mediawiki and Gallery2, will be handled by our staff, so you don't need to care about. For more information, please look at: http://dev.mysql.com/doc/refman/5.1/en/upgrading-from-previous-series.html You can contact us in order to provide a SQL script to run at migration time if needed. === Toushirou Kernel upgrade === Toushirou is being used for shells/screens and IRC proxy (bip), so it is not easy to reboot it without you noticing, but sometimes, because of so much security problems, it is needed. We plan to reboot it soo, probably September, 19th, around midday. === IRC Plan === The test server is working pretty well. We plan to upgrade it to a testing version very near the final release, test it a bit (mostly SSL links, with another test server), and replace production softwares before the end of the year. === LDAP Work === Important changes were done, and further migrations should be less intrusive.. That's all for now. Don't forget help and donations are still warmly welcome.. -- Marc Dequènes (Duck)

13 years, 6 months

Short partial downtime happening _Today_

by DuckCorp Admin Team

Coin, Due to complex sponsoring needs, we needs to move Orfeo to a new location _today_. Unfortunately, it could not be planned better, and the machine is being moved in an hour or two. Our sponsor Hivane would take care of almost everything transparently. We'll stop the machine at the last moment and take care of checking network connectivity and services as soon as online again. Affected services would mostly be Mail related (several others having redondancy, like IRC, DNS, MX2, or Jabber/XMPP). Sorry for the inconvenience. Regards. -- Marc Dequènes (Duck)

13 years, 6 months

Summer of Work

by DuckCorp Admin Team

Coin, === LDAP Work == Since 2007, most of our core infrastructure has remained identical. To improve it, we have begun an heavy work on the LDAP database and related softwares. We no longer rely on firewalling for security, as every involved server now use TLS communications with certificate check. The schema is being improved and work on better administration/user tools will follow. The LDAP infrastructure will soon be opened to all properly authenticated and securized access to everyone. This should allow more transparency on retained user information, and is a continuation of the "Experimental Tool" Banya (see previous mail in march). That is to say, this work could introduce some disturbance, mostly at night (from a GMT+2 point of view) or during legal holidays, even if we try to minimize it as much as possible. === Mail === Latest sunday (and probably the previous one), you may have experienced problems connecting to the mail services. Unfortunately, our SPAM database suddenly grow quite large, and it was necessary to shutdown to do some urgent maintenance. Several things were done to improve the situation, and the software was also upgraded to take advantage of several database optimizations. The web interface and processing speed have been improved a bit too. As several persons do not use much the spam filtering facility, the default training method was changed to ensure a reduced ressource usage when unnecessary (it can still be changed in the web interface). The mail software has been upgraded too, coming with a much better server-side mail filtering engine (SIEVE), with many fixes compared to the previous one, and the following new extensions: - variables - imap4flags (replacing the obsolete imapflags) - enotify (replacing the obsolete notify) - encoded-character More info on SIEVE and these extensions can be found here: http://sieve.info/ People using our SMTP from a roaming connections may have had a few problems with certain restrictions, this is now fixed. === Mail from Webapps === We spotted a few strange mails, and found a few of you are using forum or website with open registration with no or not-very-efficient anti-bot protection, leading to a few SPAM messages. From now on, webapps using the traditionnal mail functions will have their mail follow a special path, to ensure we can spot these problems easily and be able to train our antispam with problematic mails. This should ensure our mail servers are not banned. === Webmails === First, a few weeks ago, a Horde upgrade led to firstnames being screwed in the Contacts, due to a bug in the upgrade script. We had not enough time to work on restauration, and as very few of you were concerned, we decided this was too much of a workload. Sorry for the bother. The SIEVE filtering plugin for webmail.duckcorp.org has been upgraded and has better support for SIEVE extensions (but not 'variables' yet). === RCS === The Arch webdav access was broken, not working with https and auth with tla, and buggy with baz, so it was merely dropped. Moreover, Arch not updated upstream since a while (baz was even dropped and corpse hidden by Canonical a few years ago), so, Arch support is scheduled for removal in September. You are not obliged to move to a new RCS, but tools will disapear on our servers. WHen times come to and end, remaining archives in '/rcs/arch-devel-archives' will be moved to the corresponding user's home directory. == SAFT is Back === In DuckCorp, we like oldies, abandonwares and the like. Once upon a time, DC servers were prodiving a service to send files to a remote UNIX user, SAFT. This funny service is asynchronous and retry-aware, and can be used when the sender and recipient can't share a common place to exchange data (FTP for example), and sending a huge mail would be horrible or even impossible. The receiver needs to run a simple and light server, and the receiver to use the 'sendfile' command (available in Debian). One is now running on Toushirou, and received files can then be found with your shell access and the 'receive' command, or via your FTP account in '/sendfile/<uid>/'. You're address for the service would then be <uid>@saft.duckcorp.org. More info on this subject can be found here: http://fex.rus.uni-stuttgart.de/saft/sendfile.html Have FUN !!! -- Marc Dequènes (Duck)

13 years, 8 months

Acontios|Wrk has quit (Killed (irc.t1r.net (Bad Nickname))) << hey fuck you t1r !

by DuckCorp Admin Team

Coin, === Cleanup === For the people _rarely_ using Toushirou to compile stuff, this is now _over_. For historical reasons this machine supported such feature, but as it is not secure enough, and not useful enough for really building things (as you cannot install build dependencies), this has definitevely been shutdown. === Cheers === That's perhaps just strange eons, or just a dream i made, but it seems Toushirou has reached 42 days being up and without an Oops. So i guess that's a good reason to drink (even if not real) :-) ! === IRC Stumblings === Once upon a time, a lord, after having had a big party, or the like, dicided to rename its "Etch" castle in "Lenny" castle. Unfortunately, during his hard work modifying the residence in accordance to the new name, he overlooked a part of his domain. One of his men decided to lay down his own rules, banishing people generously for no good reason. Later, a neighbouring lord, seing all this mess crossing boundaries of his own land, decided to give a hand. Both, with great bravoure, restored peace and justice over the world ! Hum. This is to say... sorry for the so many disturbances while T1R IRC server was upgraded, and later when the other IRCd crashed while prepared the upcoming new IRC services. The good news, is that we are using improved IRC services now. Most news are polishing and bug fixes, but there also a new service (even if not really useful): MEMOSERV, for leaving offline messages. There is also a translation of services messages, but only in russian and bulgarian :-/, so if someone is willing to help... === Experimental Tool === Since a while there are several services available, but yet most of them cannot be set up by the user themself. For people having a shell account, there still is a delegating script to access the part of perso.duckcorp.org apache log related to their web space, and people may still read the logs of their personnal websites. Their was also another script to allow modifying their DNS master zone, but since Orfeo was back and not opened to user accounts, it was no more working. So, it has been a while something was missing. A new tool is being written to address part of the problem. It is currently totally experimental and doing almost nothing yet, but yet you could help us test it. You need to have a GPG key, have one of the MP admins signed it and registered into the service, to be able to use it (for obvious security reasons). Then you can write a _signed_ mail to "MilkyPond Administration Officer" <banya(a)milkypond.org>, and in the body use the following commands (one per line): - DNS INFO to get the list of DNS <zone>s you can manage (and probably more in the future) - DNS GET ZONE <zone> to get the DNS <zone> content - DNS SET ZONE <zone> @<i> to replace the current DNS <zone> content with the <i>st/nd/rd/th attachment (text/plain accepted only) As your zone content can be *secret*, then you can get the Banya key D0CCBBA55460719D515C11E6E770C685EF410567, signed by Arnau and me, and encrypt the mail with it. The mail should be RFC3156-compliant, and should not use the combined method described in chapter 6.2 of this RFC (not supported yet). The subject is purely informational, for you to identify the reply to the corresponding demand. Have FUN !!! -- Marc Dequènes (Duck)

14 years

Still on Air

by DuckCorp Admin Team

Coin, === Coinings === First of all, Happy new year to everybody. We are late because we were still eating chocolates and drinking beer, and had no time for lusers :-). === Network Migration === We love it... Our network provider now has a wider range of IPv6 addresses, but unfortunatly this is not an extension of the previous one, so we are going to move to new addresses during the we. In fact HQ and tunnel provider addresses were already moved, but the other changes may not be unnoticed, so you are warned. === Webdesk === We recently (this night) added the Trean extension to Horde, so you can play with bookmark management from now on. === Calls === I know this is quite boring, but i'd like to remind the call for help and the call for funds are still actives. No more bad news for today... ;-) -- Marc Dequènes (Duck)

14 years, 1 month

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

DC-Users