[DC-Users] What happened while you were on the beach?

Marc Dequènes (duck) duck at duckcorp.org
Mon Sep 4 14:06:32 CEST 2017


Quack,

=== Backup Back Online ===

It took a while, but thanks to Pilou's hard work we have full backup 
coverage again.

If you'd like some data to be excluded from backup, either because it's 
useless or because you prefer not, you just need to add an empty 
'.nobackup' file in the directory to ignore (recursively). It's the same 
behavior as before, so if you already setup things, nothing changed.


=== More Changes after Stretch Migration ===

Noone asked about the Webdesk, so we're going to remove it very soon.

We have a new cute IRC on Web as previous one was unmaintained, and 
broken after migration, enjoy!

Former stats using Awstats were utterly broken and noone noticed; Piwik 
has been working well since a while and was promoted instead. Please use 
webstats.dc.o (no more webstats-ng.dc.o). Ask if you need your website 
to be integrated into the new system.

The photos website (using Gallery2) was utterly broken after migration; 
we have no replacement yet but we're looking into it, sorry.

Blogs were never used and broken after migration; they were removed.


=== A few Security Changes ===

Users with shell access should review their SSH keys (both stored and 
authorized); DSS and low grade RSA will soon be removed (advice: use 
ed25519).

Persons (not only users) managing a DNS zone should use DNS CAA RR to 
protect from domain hijacking (please read 
https://www.isc.org/blogs/certificate-authority-authorization-records/). 
This is far from a perfect solution but may still help. We can do that 
for you if the zone is hosted by DC, just ask us.

We've activated HTTP2 support on all websites, and this comes with 
improved ciphers and web settings. Also we plan to ensure all websites, 
user ones included, are all redirected to HTTPS, no exceptions.


=== Mail Security when using the Webmail ===

There is now an option to PGP encrypt/decrypt mails using our webmail 
(Roundcube) using Mailvelope. It is a browser extension allowing to use 
your PGP key locally, so it stays stored on your computer and the 
encryption/decryption occurs on your computer too. Unfortunately it does 
not handle signatures but let's hope the support in Roundcube improves. 
You can have a look here:
   https://www.mailvelope.com/


=== Quick NEWS ===

* 2017-07-29 around 09:00 CEST and for ~2h a DNSSEC problem broke all 
DNS resolution on duckcorp.org domain due to a bug in OpenDNSSEC; 
happily noone seem to have noticed


\_o<

-- 
Marc Dequènes


More information about the DC-Users mailing list