[DC-Users] Silent but still around

DuckCorp Admin Team dc-admins at lists.duckcorp.org
Sun Jul 12 22:29:57 CEST 2015


Coin,

Long time no quack, but even if there was some work and maintenance  
done, not much was really visible and needed advertisement.


=== Still Looking for Sponsoring ===

Our most important machine, Orfeo, is gonna be kicked out of its cosy  
sponsored place. Currently the costly but possible plan is probably a  
few months far but we have no certainty about the exact date of  
availability and we may be forced to remove the machine very soon. So  
if you have any knowledge about generous people who may be willing to  
host this small (1U) machine, please tell us.


=== Upcoming Maintenance ===

The PostgreSQL database is gonna be upgraded, which means a few things  
will be on hold until it finishes (mostly incoming mail and webmails).  
This would probably take a few hours, so please be patient.

We'll been upgrading servers under the hood, but it is now time to  
remove obsolete feature: the old Apache ACLs will be deactivated in a  
matter of hours/days.

Moreover, to finish these upgrades, we need to reboot Orfeo and  
Toushirou, which is gonna take place on the next we (2015-07-18/19).


=== Security Updates ===

With all the bad bugs and protocol problems discovered, the insecure  
SSH DSA keys were removed.

On all services the accepted ciphers and algorithms were, again,  
tightened, so you should upgrade your systems too if you don't want to  
be out one day.


=== Security Certificated ===

As we are using a self-signed CA, this is a recurring topic when  
people try to access our services. The way to solve this problem in a  
secure fashion has been summarized here:
   http://ca.duckcorp.org/

We also had time to implement a security alternative: DANE/TLSA[1]. If  
you are using secure DNS[2] (DNSSEC validation) on your systems, then  
you may have another way to access our services securely.
Currently the software support is not very widespread and requires  
additional software. Plugins for major browsers have been implemented  
here and seems to be working well:
   https://www.dnssec-validator.cz/
On Chromium nevertheless the plugin is a bit ugly to install. The  
browser may still complain about the certificate, but if you proceed  
to the page the DNSSEC+TLSA indicators should help recognize you're  
connected to the right site.

[1] https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
[2] https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions


  === Quick News ===

* [2015-07-08] Throfinn was rebooted due to an hypervisor problem in  
the Hivane architecture
* [2015-07-11] Jinta was rebooted
* [???] stuff.duckcorp.org improvements: new SMS (not MMS!) app,  
experimenting a new Notes app (old notes are in your Files), raised  
quota from 1GB to 5GB \o/


Have a pleasant summer!

-- 
Marc Dequènes (Duck)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: PGP Digital Signature
URL: <https://lists.duckcorp.org/mailman/private/dc-users/attachments/20150712/a3e6e5b6/attachment.sig>


More information about the DC-Users mailing list