Meeting (to be) held on 2007/12/06 at 19:00 in Mary Campbell Room

Previous meeting: 29 November 2007 19:00:00 Next meeting: 13 December 2007 19:00:00

Banned words for this meeting: DPA, privicy, LDAP, RAID. If anyone mentions these words they have to put 50p in a pot which goes towards a SOWN social.

Minutes

Node Requests

• Rejected Nodes = 21
  • Not in current deployment area (12): 8, 9, 13, 27, 30, 31, 46, 53, 56, 57, 59, 60
  • Too close to current/prospective node (9): 14, 16, 24, 25, 32, 40, 47, 52, 54
  • Emails sent to all rejected nodes.
• Newly Accepted Nodes (11): 22, 23, 37, 42, 43, 45, 50, 51, 55, 58, 61
  • Total number of nodes to be collected = 16
  • Total number of nodes available for deployment = 21
• Requests still pending:
  • 26 - Dependent on 23.

Deployed Node Problems

(New) Nodes 278 and 277 are not up. What should we do?

• Email sent Wednesday 5th to ask if they are having problems setting up their node
• 277 was initially up but has been down for since Saturday night at the latest

PUBlic Nodes

public account for the Drummond, and any other pub for their patrons.

• Problems: The username/password should only work on the pub-node.
• Pub-users should not be able to roam to home-nodes, or even campus nodes.
• Suggested solution: Create a 'PUB' chain which is the same as 'NET', pub-users are a member of PUB, but not NET.
• Oversight: Pub-users can roam between pubs... (who cares?)
• One-time passwords were discussed. Pub users should not be allowed to change the account password.
• This system will need to be created and tested, probably at a workshop.

Node Status Secuirty Issues

It was agreed that in-active nodes should disappear from the public map after 48hours downtime.

LOC Records

LOC records in DNS for nodes-only or all addresses or none-of-the-above?

• Not to be used, people should not be able to find a location from an IP address

Location Tracker

Andy's location tracker: This is fine, provided the information is opt-in by a user. e.g. I give You permission to see where I am.

Andy's external authentication program: Not necessary, any peering would use our radius server.

Press Release

Not covered this week as Stuart not present.

Guy's new How To Connect Page

How can we include pictures on the wiki?

• You cannot upload pictures to the wiki because it is centrally managed by ECS. They have a wiki engine.
• The page is good, we can't easily include pictures on the wiki.
• Its not necessary for this page to be editable, so it may be moved to the main pages.

Moving Servers

ISS power-outage has been postponed until early January)

• Also, remove vpn's dhclient, it breaks DNS
• We are unlikely to be allowed to move equipment over this period, we may need another occasion to move the servers.

802.11a

Testing of various lengths of cable and connectors was done at the Surgery, no new-cards yet, so nothing exciting.

New to SOWN

SNMP

Some nodes are unreliable, still a work-in-progress.

Nagios

• The Debian build is very old, we will look into upgrading it.
• Services should be divided between ipv4 and ipv6.
• Ports 80 and 443 should be monitored on at least auth.

IPv6

The SOWN-vlan has v6, the will be setup on campus nodes soon. Home-nodes are an issue, as we can't stop and start ipv6 tunnels easily. This seems to be a bug with network interfaces being held open by the neighbor-discovery code.

IRC-logging

IRC logs are now available online. Demonstration of the searching. Anyone who wants to write better searching is quite welcome.

AOB

Security surrounding parts of the public-website which are generated. As ever we don't want to expose critical machines, but need some way of getting up-to-date data out of them.