Meeting:2007/12/06
Meeting (to be) held on 2007/12/06 at 19:00 in Mary Campbell Room
Previous meeting: 29 November 2007 19:00:00 Next meeting: 13 December 2007 19:00:00
Banned words for this meeting: DPA, privicy, LDAP, RAID.
If anyone mentions these words they have to put 50p in a pot which goes towards a SOWN social.
Contents
Minutes
Node Requests
- Rejected Nodes = 21
- Not in current deployment area (12): 8, 9, 13, 27, 30, 31, 46, 53, 56, 57, 59, 60
- Too close to current/prospective node (9): 14, 16, 24, 25, 32, 40, 47, 52, 54
- Emails sent to all rejected nodes.
- Newly Accepted Nodes (11): 22, 23, 37, 42, 43, 45, 50, 51, 55, 58, 61
- Total number of nodes to be collected = 16
- Total number of nodes available for deployment = 21
- Requests still pending:
- 26 - Dependent on 23.
Deployed Node Problems
(New) Nodes 278 and 277 are not up. What should we do?
- Email sent Wednesday 5th to ask if they are having problems setting up their node
- 277 was initially up but has been down for since Saturday night at the latest
PUBlic Nodes
public account for the Drummond, and any other pub for their patrons.
- Problems: The username/password should only work on the pub-node.
- Pub-users should not be able to roam to home-nodes, or even campus nodes.
- Suggested solution: Create a 'PUB' chain which is the same as 'NET', pub-users are a member of PUB, but not NET.
- Oversight: Pub-users can roam between pubs... (who cares?)
- One-time passwords were discussed. Pub users should not be allowed to change the account password.
- This system will need to be created and tested, probably at a workshop.
Node Status Secuirty Issues
It was agreed that in-active nodes should disappear from the public map after 48hours downtime.
LOC Records
LOC records in DNS for nodes-only or all addresses or none-of-the-above?
- Not to be used, people should not be able to find a location from an IP address
Location Tracker
Andy's location tracker: This is fine, provided the information is opt-in by a user. e.g. I give You permission to see where I am.
Andy's external authentication program: Not necessary, any peering would use our radius server.
Press Release
Not covered this week as Stuart not present.
Guy's new How To Connect Page
How can we include pictures on the wiki?
- You cannot upload pictures to the wiki because it is centrally managed by ECS. They have a wiki engine.
- The page is good, we can't easily include pictures on the wiki.
- Its not necessary for this page to be editable, so it may be moved to the main pages.
Moving Servers
ISS power-outage has been postponed until early January)
- Also, remove vpn's dhclient, it breaks DNS
- We are unlikely to be allowed to move equipment over this period, we may need another occasion to move the servers.
802.11a
Testing of various lengths of cable and connectors was done at the Surgery, no new-cards yet, so nothing exciting.
New to SOWN
SNMP
Some nodes are unreliable, still a work-in-progress.
Nagios
- The Debian build is very old, we will look into upgrading it.
- Services should be divided between ipv4 and ipv6.
- Ports 80 and 443 should be monitored on at least auth.
IPv6
The SOWN-vlan has v6, the will be setup on campus nodes soon. Home-nodes are an issue, as we can't stop and start ipv6 tunnels easily. This seems to be a bug with network interfaces being held open by the neighbor-discovery code.
IRC-logging
IRC logs are now available online. Demonstration of the searching. Anyone who wants to write better searching is quite welcome.
AOB
Security surrounding parts of the public-website which are generated. As ever we don't want to expose critical machines, but need some way of getting up-to-date data out of them.