Coin,

Long time no quack, but even if there was some work and maintenance done, not much was really visible and needed advertisement.

=== Still Looking for Sponsoring ===

Our most important machine, Orfeo, is gonna be kicked out of its cosy sponsored place. Currently the costly but possible plan is probably a few months far but we have no certainty about the exact date of availability and we may be forced to remove the machine very soon. So if you have any knowledge about generous people who may be willing to host this small (1U) machine, please tell us.

=== Upcoming Maintenance ===

The PostgreSQL database is gonna be upgraded, which means a few things will be on hold until it finishes (mostly incoming mail and webmails). This would probably take a few hours, so please be patient.

We'll been upgrading servers under the hood, but it is now time to remove obsolete feature: the old Apache ACLs will be deactivated in a matter of hours/days.

Moreover, to finish these upgrades, we need to reboot Orfeo and Toushirou, which is gonna take place on the next we (2015-07-18/19).

=== Security Updates ===

With all the bad bugs and protocol problems discovered, the insecure SSH DSA keys were removed.

On all services the accepted ciphers and algorithms were, again, tightened, so you should upgrade your systems too if you don't want to be out one day.

=== Security Certificated ===

As we are using a self-signed CA, this is a recurring topic when people try to access our services. The way to solve this problem in a secure fashion has been summarized here: http://ca.duckcorp.org/

We also had time to implement a security alternative: DANE/TLSA[1]. If you are using secure DNS[2] (DNSSEC validation) on your systems, then you may have another way to access our services securely. Currently the software support is not very widespread and requires additional software. Plugins for major browsers have been implemented here and seems to be working well: https://www.dnssec-validator.cz/ On Chromium nevertheless the plugin is a bit ugly to install. The browser may still complain about the certificate, but if you proceed to the page the DNSSEC+TLSA indicators should help recognize you're connected to the right site.

[1] https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities [2] https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions

=== Quick News ===

* [2015-07-08] Throfinn was rebooted due to an hypervisor problem in the Hivane architecture * [2015-07-11] Jinta was rebooted * [???] stuff.duckcorp.org improvements: new SMS (not MMS!) app, experimenting a new Notes app (old notes are in your Files), raised quota from 1GB to 5GB \o/

Have a pleasant summer!