DC-Users

dc-users@lists.duckcorp.org

79 discussions

by DuckCorp Admin Team

Coin, Hold your breath... === Toushirou's Unplanned Reboot === Bad news first, Toushirou was rebooted Saturday at 13:10, due to kernel problems. This is quite infrequent nowadays, and often improved by new kernels and system tools. So the next one should be a planned one, we hope. === Orfeo's Planned Reboot === The machine will be rebooted for kernel upgrade tomorrow, 2008-09-29 (as we change day at 05:00 in the pond), after midnight (exact time would be announced on IRC). === IPv6 Migration === Our transit provider needs to use a new range of addresses, so we need to give back our IPs and use new ones in their new range. The first easy step of the migration, HQ and IPv6 tunnels, has already been done successfully. The second and final step is to change the IPv6 connectivity of our main servers. This will be done soon, and you'll be advertise when to take this into account (DNS masters, SSH known hosts, ...) === Backup === The backup system is back alive. We took the necessary time to change and improve things a bit. it should be stable by now. In order not to fetch generated files, or big files which you already have backed-up in another location, the following filenames are excluded from the files backed-up : - Data-Secondary - *-nobackup - cache If you have programs, or websites, with temporary, cache, or template-generated files, which can be regenerated by the software and does not need to be saved, please tell us, so we can add an exclude pattern. If you have big growing files (like irc logs from epoch), and as our software is not yet able to fetch the diff only, we'd like you to split the files regularly, so as not to fetch tens of megabytes per file, per software, per user, per day (incremental daily backup). This is to save our backup capacity, thanks. === Mail === Saturday, you might have experienced, if not taking advantage of the shining sun, a few hours of unavailable incoming mails, and unavailable roaming outgoing mails. This was due to a migration i was unable to plan with the current amount of work at office, sorry. Our mail delivery software, as long as our anti-SPAM software, were upgraded. Along with a few interesting bug fixes and performance enhancements, we've gained the following new features : - full IMAP namespace support (the old 'INBOX.' private namespace is replaced by the '' namespace, inherited from our old architecture using Courier-IMAP, thus getting rid of this ugly prefix; the old one is still working, even if hidden, to allow smooth migration, but is gonna be removed in a month or two, so please update your IMAP clients) - new IMAP extensions (see Dovecot 1.1.x changelog for details) - new SIEVE extensions (include, body, copy) - SPAM filtering enhanced message analysis (new OSB tokenizer) In the past, i advised you to use 'sieve-connect' to manage your SIEVE scripts. So you'd be happy to know recent sieve-connect software (the one in Lenny at least), does not require a patch anymore, and is working quite well. === Webmail === (webmail.duckcorp.org and webmail.hurdfr.org) A few enhancements have been done: - a working spellchecker (finally!) (just ask if you need extra languages) - visual enhancements and flag management - alternative (and experimental) filters using SIEVE (can only edit its own scripts, no active script selection, own script auto-selected) === Webdesk === (webdesk.duckcorp.org) A few enhancements have been done (a few weeks ago, indeed): - global upgrade with many fixes and a _slight_ speed enhancement - a working spellchecker (finally!) (just ask if you need extra languages) - DIMP now available (dynamic version of IMP, still incomplete) - MIMP (light IMP for mobile phones) was available but broke; it has been repaired, but not all phone browsers can be detected yet (just ask if you want one to be added) - a bug triggered when people logged in with different cases of their login resulted in calendars/tasks//notes/... data to be considered owned by multiple accounts; it has been fixed === Quotas === In the DC world, quotas does not mean you have to swim in a glass or die. We have a limited amount of space, this is true, but we'll try to give you as much space as you need. If you don't ask for huge amounts, you'll never have to give us a reason. The goal for quotas, is to give you a report on the resources you're using, and asking you gently to tidy your room once in a while. Then, try first to do with your current amount, and if you need more, just ask, we'll give you more if possible with great pleasure. Quotas have been activated for mails this week. The default is 512Mo. People already above this value have been automatically given a higher amount suitable for their needs. The webmail and webdesk have been updated to display your quota usage. Filesystem quotas, for those having a shell account, is to be implemented in the future. === IRC === We are experimenting a new version of our dear IRC server software, with a few interesting features, like secure connections. You can read more about it, and instructions to help testing it on a dedicated test server (nevertheless linked to the network), here: ftp://ftp.duckcorp.org/duckcorp/ircd-test.txt === Dev === The work on RCS hosting has begun, but at the moment still restricted to people with shell access. The tla/baz webdav access is still not working, nevertheless, the git RCS is now supported. You can find a summary of available tools here: https://rcs.duckcorp.org/ A project manager has been installed recently, and can host your Free-software developments if you like (just ask). You can see it running here: https://projects.duckcorp.org/ === Restricted Access Helpers === If you have a restricted access to the web at work/school/during vacation/..., you may still access a few services. First, IRC access is available using the alternative 6669 port (and i know you can't live without it ;-). You may also use the web access using https://irc.milkypond.org/. Then, SSH access is available through the alternative host portal.duckcorp.org (both IPv4 and IPv6) using port 80 or 443. === Call for Donations === Since the first steps of DuckCorp, in early 2000, this is _the_first_time_ we ask for financial help. As our network is not very big, we don't need plenty of big machines, but sometimes disasters occurs, or upgrades are necessary (and even sometimes our brand new machine is cursed). Since then, the network has been working as follow: - main hardware expenses using Duck's personal money (thousands of euros since the beginning) - a HD donation from an anonymous donor for our backup machine (replaced since then) - bandwidth is completely sponsored by Hivane - housing of Toushirou is a monthly 41.56€ cost (since august 2007) - housing of Orfeo was sponsored by Nerim and is now sponsored by an anonymous provider - DuckCorp DNS domain is paid by Duck - MilkyPond DNS domain is sponsored by Rtp We've been quite unlucky several times, and i had to choose between stopping a great deal of DC's activities or push things again. I've always been willing to provide free-of-charge services, and that's still my wish. DC is not an official association (yet?), and anyhow we do not want to add subscription fees. Nevertheless, personal donations are still possible, so, if you feel like it, and if you can afford it, a small donation would be very helpful for the budget. === Call for Help === There's another resource we lack much these days: workforce. The DC's admin team has always been quite small, due to several trust issues and difficulties to find motivated persons. Currently, Arnau is quite unavailable since a few months, and i can't personally cope with all the requested tasks. That's why critical tasks are still done, but other tasks suffer delay or even are not done. I don't think the situation is bad, compared to other associations (or even to office), but that's not completely satisfactory. If one of you: - is motivated - has time to spend in a _regular_ manner - accept to work on delightful projects as well as boring maintenance tasks - has at least basic knowledge in system/network administration - is able to work in a team led by a demanding(dreadful?) Duck then mail us explaining the grounds of your motivation, the extent of your knowledge, and why we should trust you (as we won't just give away root access). We'll check through any serious application. How many still alive ? ;-) -- Marc Dequènes (Duck)

14 years

SSH access broken on all machines

by DuckCorp Admin Team

Coin, Unfortunately, after an "apparently" successful upgrade this night, SSH servers on upgraded machines were not restarted correctly or crashed. Consequently it is no more possible to log into Orfeo, Toushirou, or Elwing. A rescue action is planned this evening for Elwing and Toushirou, so they should be available again soon. We have a plan for Orfeo too, but i cannot tell you when it will be aplicable. Nevertheless, in a few days everything should be alright. For tests purposes and also to switch to a newer kernel, these machines will be restarted, so your sessions will die, sorry. Maintaining and upgrading machines is a delicate and sometimes difficult task. We really try to handle this process as smoothly as possible and we are very sorry for the inconvenience. Other services are unaffected. Do not hésitate mailing us if you need assistance (or via IRC). -- Marc Dequènes (Duck)

14 years, 1 month

Extraordinary Maintenance

by DuckCorp Admin Team

Coin, During 2008-07-16 evening, between 20:00 and 21:00, our main server Orfeo is to be moved to a new space in our sponsor's achitecture. A short downtime is planned, during which several services will be completely unreachable (primary mail services MX1/IMAPS/POP3S/SIEVE/Webmail/..., NS1, IRC Services, Postgres, NTP). Other services are replicated and should not be bothered. Have Fun ! -- Marc Dequènes (Duck)

14 years, 2 months

Bad News but Alive

by DuckCorp Admin Team

Coin, === Toushirou Reboots === Even if the kernel seems less bloated, regular reboot are necessary. Be sure we only resort to this solution when really there are unsolvable problems due to kernel oops or brokeness. A few days ago it was necessary, then the next one should be in a month or two. This does not really affect availability of services, as this is a matter of minute before everything is up again, but people using screens would be annoyed. === HQ Technical Problems === Due to an unfortunate accident in the HQ while moving in furniture, both the firewall and backup machine were chocked. Result is the firewall hard drive is injured, and even if the machine is still working fine, it may probably not survive a reboot. The lack of hosted services on this machine should not be a problem as there is no more important external services not available outside, but you should understand lags from my part, as i may suddenly have no internet connection, or be busy repairing. The backup machine is not responding, and my screen died by the way, so i'm currently blind. According to the strange sounds coming from it, it seems the hard drive is out of order. Then, starting from now, you shouldn't count on us having an available backup of your data, and it might even be impossible to recover older backups (as we are not rich enough to backup the backup). Orfeo and Toushirou should continue working quite fine, but please backup your crucial data in case we are not able to repair everything fast enough before another problem arise. May the heat stops injuring machines, and god bless them to avoid disasters again... -- Marc Dequènes (Duck)

14 years, 3 months

Security Problems and Miscellenous Other Changes

by DuckCorp Admin Team

Coin, As Usual, we are so busy, we didn't really have time to give much news. Follows a few unsorted news, to quickly feel the gap. === Security Problem === Due to a "BIG security issue"[1] in Debian, our software was quickly upgraded to fix the issue, but this is not sufficient, and keys/certificates are weak and must be regenerated. For the SSH host keys, they are being regenerated today, and new fingerprints will be advertised in DNS via SSHFP entries (there is no validation of such entries yet, but better than nothing). That is to say: you SHOULD verify you get the following message when you try to log back to our machines after removing the old keys in '~/.ssh/known_hosts' : Matching host key fingerprint found in DNS. Complete session initialization would be like the following : # ssh root(a)toushirou.duckcorp.org The authenticity of host 'toushirou.duckcorp.org (2001:7a8:800:6666::1)' can't be established. RSA key fingerprint is 77:40:c9:c1:f3:cc:17:22:67:50:8d:3d:1f:39:bd:46. Matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? For the user's SSH keys, you should take care of them yourself, and verify your ones are not weak with the Debian provided tool. Soon they will be blacklisted and won't work anymore (and you know you cannot log into DC's machine with passwords). If you could not fix your keys and '~/.ssh/authorized_keys' in time, just contact us to manually insert a new key. For the services' certificates, they are being regenerated soon too, and as our CA (certificate authority) is not compromized, it should be invisible to you. === HQ Unavailability === A few weeks ago, you might have expirienced unavailabilit of the HQ ans the few public services services hosted in there. The ADSL problem seems to be closed, and we are trying to improve service redondancies for the future. === Jabber Issues === As said above, we are trying to improve HQ hosted services availability, and Jabber is one of the most important ones. We added another jabber server to make a cluster, which is totaly invisible to the users. Unfortunately, it was more difficult than expected, and the downtime was followed by a long time with screwed up rosters. We managed to reinject rosters, but with a not so fresh backup. Most of our contacts were retrieved, thought, and it should be working fine now. === Backup Downtime === We just managed to restart our backup server which was down because of hardware problems during about 3 weeks. Seems fresher stuff is needed here. === Homes Synchronization === Arnau worked well coding a nice script which daily synchronize hidden files/directories in you home (those begining with a dot, mostly configuration files) accross our machines. People allowed to log into several machines won't have to manually copy their configuration files and keys and stuff. Have FUN... :-/ [1] http://www.us.debian.org/security/2008/dsa-1571 -- Marc Dequènes (Duck)

14 years, 4 months

Recent mail problems, coming maintenance, and a few other things

by DuckCorp Admin Team

Coin, === Mail Problems === As we were preparing Orfeo to host the MX1 services, we decided to upgrade the software (Dovecot part). A custom package is needed, and a mistake was made, which should not have been a big deal if another software (DSPAM) had not a silly bug. We have been warned quickly of this issue, but stil a few (not many) mails have been rejected with "unknown user" reason. We then had to block incoming mails a bit to fix this annoying situation. Sorry for this mess :-(. === Orfeo NG === Seems i forgot to say Orfeo is back alive in a new body. Same spirit inside, really ! Orfeo is gonna take over his prefered services, unloading Toushirou in the meantime. In fact, the problems with Toushirou, reason of the coming maintenance, accelerated the need to get another machine. There is it now, allowing for Toushirou's analysis without shuting down everything. === Mail Teleportation === Mail is gonna move to Orfeo, before Toushirou's maintenance. We have been a bit delayed with the previous issue, but it may happen on monday (yes it is still sunday here), or just after eating the last new year's eve chocolates. So be prepared for a short but complete mail services downtime. === Sieve === If you forgot what is SIEVE, then read this: http://en.wikipedia.org/wiki/Sieve_%28mail_filtering_language%29 Information on available features can be found here: http://wiki.dovecot.org/LDA/Sieve (we are using Dovecot 1.0.x) With the previous software upgrade, comes several sieve/managesieve fixes, which should ease your life a bit. Currently managesieve was an experimental feature, but now you may consider it production level. Still experiments with different clients should be done, like IMP, but already we managed to get sieve-connect (in Debian package of the same name) work with a small patch which can be found here: ftp://ftp.duckcorp.org/duckcorp/patches/sieve-connect_dovecot.patch You can use it both like a one-time command, or like an interactive shell, like this : sieve-connect -s sieve.duckcorp.org -u <user> This allow uploading/downloading/viewing sieve scripts in a special per-user directory. You may then activate the script you want, which would then be used for incoming mail instead of the current script. Don't worry, your former script (before using managesieve activate feature) would not be lost, but only moved in the special directory under the name "dovecot.orig". In fact the activated script is since then a symlink to the activated script in your special directory. You then don't need anymore a shell access to manage your scripts. Once Dovecot 1.1 is out, you'll be able to use the 'include' sieve feature, thus having multiple scripts manageable on the server would really makes sense. === Cummunication Services === Beware bitlbe is gonna move soon to Orfeo too. So check if you are using the proper bitlbee.duckcorp.org alias. Bip IRC bouncer is still down, but we hope to have it up again on Orfeo. Maybe the bip problems were related to the strange problems on Toushirou. === DNS move === As you may have seen, our NS1 is already Orfeo. Toushirou is meant to act as the NS2/NS3 (dual connectivity). Toushirou still needs a few cleanups, but it is not a big deal. Nevertheless, zones modifications are no more possible for users with a shell access at the moment. Do not hesitate asking us modifications via mail. Enough for today... -- Marc Dequènes (Duck)

14 years, 9 months

Toushirou maintenance

by DuckCorp Admin Team

Hello, We are going to stop services running on Toushirou in order to run diagnostic tests (we experienced a few problems with Toushirou) between 30th December and 4th January. Only the following services will be still available through Orfeo: - IRC - Mail (Webmail and Mailing Lists as well). - BitlBee (it will move forever on Orfeo and will be available on bitlbee.milkypond.org, so you should use this hostname, the password is the same than the one you are using on DC) - NS1 Sorry for the inconvenience. Regards, Arnaud Fontaine (on behalf of the DuckCorp team)

14 years, 9 months

Frozen view of the present situation

by DuckCorp Admin Team

Coin, As announced, the last migration happened this we and few things were fixed today. This was quite a difficult task, and we had several extra problems... === The Mail === The mail routing with the new antispam software was a bit difficult to setup, so the mail was reopened sunday night. The software should have sent you a welcome with all important information about how to manage your custom antispam settings (or will do so when you receive your first mail on your new box). All previous mails were moved out of Orfeo, before it dies. Seem we are cursed, as the CPU or MB is not working properly anymore, and its future needs yet to be discussed. The box Finger provided to move the data had boot problems during the migration, and died a few hours later. The good news is : nothing is lost, everything was moved or is still available, as Orfeo's disks are alive. You should then find all your previous mails in your new box. The IMAPS/POP3S/Webmail/Webdesk access are still available and working. The automatic fetchmail process is also back since this afternoon. For the people still using direct mailbox access, it is right time to use maildirs for good now, as it is now the only delivery backend available now. The procmail rulez were translated to sieve, with only minor problems, are are working well, except for the ${n} regex replacements. We are working on this issue. A ManageSieve server is available using sieve.duckcorp.org, but it seems it is quite hard to make clients interoperate with our sieve implementation. Nevertheless, the Webdesk was reconfigure to use the sieve siltering rules ; it is working quite well, except for the "Show Active Script" action, which is not very important. The mailing-lists are working too, and are spam filtered since this afternoon. Special users are available for each virtual domain, so as to be able to setup custom antispam preferences, as any other mail user would. It may be possible to give per-list custom filtering access in the futur, but we do not believe this is a needed feature, so we won't work in this direction until user's requests say the contrary. === Shells === Only a few shell access were reopened. The new policy is not yet decided, but if you need back your access, we will consider reopening it gently. Thus, by asking explicit demands, we hope to close ununsed ressources. === Communication === Our Bitlbee server was migrated and upgraded, and is now available worldwide on the 6668 port as usual (on Ipv6 too). Ask us if you need an account. The new IRC Services are coming real soon now ; Nohar kindly prepared packages for us. So, i would surely have forgotten plenty of things, but it would be clearer when we get some sleep. Do not hesitate contacting us if you need assistance. -- Marc Dequènes (Duck)

15 years

Last Mass bombing. Ignition !!!

by DuckCorp Admin Team

Coin, The last big part of the migration is coming soon. Fasten your belt and pray god :-). === Mail === Friday evening, all your mailboxes are moving to the new server, and during the we all mail functions will follow. This is to say: you won't have any mail access during the we, starting from friday, in the middle of the afternoon. Incoming mails would then be stored on secondary MX servers. As soon as possible, mail delivery and IMAPS access are gonna be restored ; webmails and MLs access would follow. Then, send every important mail you need before Friday afternoon, stored messages you need to read using the offline mode of your mail client, and use an external email in case of emergency. Everything should be restored at the end of the we, but we cannot plan when exactly. For people using procmail rules, please help us convert your rules to a sieve script. === Web === Seems Everything went fine for the remaining sites. FTP access for modifying your site is work in progress and should be available soon. Shell accesses will be reexamined and reopened _later_ for people having real needs. Webstats are disabled for now ; we plan to reopen it, but this is not a first priority task. === Communication Services === Our new IRCd is behaving quite well. IRC Services should come soon, as a package is nearly ready, thanks to Nohar. The IRC Proxy, bip, is already working well since a few days, and logs available through the private part of the FTP server. Bitlbee is quite more of a problem to move, as a local access is currently necessary. Either we would give you back a shell account, either we would allow your IPs to connect to it. It should be moved during the we or in the following week. Our Jabber server is not moving yet, and perhaps not before Orfeo is back for real. Whatever, at least we plan to link it with our new database, so adding new account would be quite painless. This is gonna happen soon, during a night. We should be able to send a server-wide message to all users, or at least warn as many people as we can on IRC. === Homedirs and other data === For people having shell access, we are moving your homedirs in the same shot as mails. All shell accesses will be closed at least until the end of the we. Depending on your real needs, shell access may or may not be reopened ; this is still an open discussion between admins on how we should allow access to this service. Whatever, we won't leave you out with your data locked, but just thin about copying things you might need during the we. Missing FTP data are moving with mails and homedirs, and will be accessible quite quickly. === RCS === RCS data were moved, and we are working on giving you proper access to it. Arch (tla/baz) archives are already viewable throught archzoom, but this is all what is working at the moment. People whose shell access will be restored would be able to use it in read/write mode. This service may be interrupted while we need to make some tests, by making files unreachable, so this is not yet a reliable service. Ok, it should be enough for this time. Do not hesitate asking questions on #DuckCorp channel on IRC. Next checkup sunday or monday, by mail if everything went fine ;-). -- Marc Dequènes (Duck)

15 years, 1 month

Checkup

by DuckCorp Admin Team

Coin, Sorry for not being talkative enough about the progress, but we were quite busy solving severals issues, and quite tired too. === Centralized Accounts === As we are now splitting services among multiple machines (in fact Elwing was also used to help Orfeo, but mostly for totaly separate services), the needed for account centralization was critical. Then we won't have to create accounts on all machines where each user needs services, and have to synchronize information (like passwords), as everything is gonna be spread automatically. This task is not fully complete : all accounts where created in the LDAP databse, but some information needs to be added for each reactivated service. This is partly why things are taking a bit longer than expected. === The Web === Webmail / Webdesk services were quickly put back only a few days ago, as a priority. And slowly other sites were switched on. As i said, many (lightweight) sites are now located on LeChat (RtpNet machine), so a database multi-master replication was necessary and a bit difficult to configure. Now this difficulty is over and we are switching on the other sites one by one. Don't worry about sql hostname modifications, either we are doing it for you, or we are contacting you for help. The web migration should be over in one or two days. == Databases == As said previously, MySQL is available on both Tōshirō and LeChat, meaning applications (not only websites) are easily relocatable to balance load. Recently a PostgreSQL database was installed on Tōshirō to provide access to a more serious database software. So you may ask for an account in a few days/weeks. No replication is planned yet, so applications outside Tōshirō won't be able to access the database yet. You may also ask for an LDAP database the same way. LDAP is being replicated on all MilkyPond hosts involded in user services. The phpMyAdmin tool is available again, with phpPgAdmin and phpLDAPadmin, on the following URL : https://db.duckcorp.org/ Beware experienced users ! The MilkyPond LDAP database is not yet ready for user access, as we are regenerating the content frequently. So any modification would be lost forever. Notice the sql.duckcorp.org DNS entry, and the corresponding website, are gonna disappear soon. More on new DNS hostnames later, they are still under discussion. == FTP storage == Both private and public data where moved from Orfeo, except for the HurdFr public data (which will be moved in the next data move). FTP profiles where activated, as it was on Orfeo. === Chat === A new IRCd software (with its services) are gonna be tested soon. Even without services ready, we would probably switch is everything is ok, so check your notices and reconnect if you find yourself alone in the channels. The (bip) IRC bouncer was moved to Tōshirō yesterday. Logs are available in the FTP storage. === Network === IPv6 is back online, with broker services. Our old broker IP range is now routed to Tōshirō, so you won't have to change your addresses and DNS entries, only the endpoint IPv4 address (using tb.duckcorp.org). Filtering rules have been strengthen a bit by the way. === Mail and homedirs === Another BIG move left, is moving mail to the new architecture. Fact is we were already working on improving the routing and processing capabilities, as well as anti-spamming methods, but we are now running short of time to have all this work together well. I won't talk about new features yet. But just give a word about the major change : the anti-spam system is being switched to the DSPAM software, which mean we would have to deal with plenty of spam until it is trained. The good news is : it should be much easier for users to manage and allow quite a lot of customizable features. It was also time to split our training database, to allow "per user" spam filtering, as we don't always agree on what is a spam or not. As soon as it is ready, we are planning a quick move, meaning you won't be able to access your mailbox during a short period of time. Incoming mails won't be lost, as they would be taken care of be our secondary MX. I just can advise you to watch your mails at least daily, or popup on IRC, to be informed when it is happening. We will surely target late night and/or we. Homedirs will be affected too, as we plan to move data at the same time. But this is not the only reason : Homedirs contains maildirs and sometimes mail routing configurations. We plan to : - replace procmail rules with sieve scripts - move fetchmail rules into the private section of the FTP storage and update the current script to use them, until a better solution is found If other changes/difficulties occur, we will inform you as soon as possible. For users having procmail rules, we would be very greatful if you could help us convert your rules to sieve. We don't want to deal with your personnal mailing stuff, and this could save us a lot of precious time. Sieve is a scripting langage for mail processing, with extended features compared to procmail capabilities. It is described here : http://en.wikipedia.org/wiki/Sieve_%28mail_filtering_language%29 The mail software we plan to use does not yet implement all the Sieve language ; it is able to understand the following features: - fileinto - reject - envelope - vacation - imapflags - notify - regex - subaddress - relational Do not hesitate to contact us if you have any problem. It is late and i may have dropped things through my strainer-memory, so i would complete this checkup in a futur post. Oyasumi nasai ! -- Marc Dequènes (Duck)

15 years, 1 month

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

DC-Users