Meeting (to be) held on 2007/12/06 at 19:00 in Mary Campbell Room
Banned words for this meeting: DPA, privicy, LDAP, RAID. If anyone mentions these words they have to put 50p in a pot which goes towards a SOWN social.
- 1 Minutes
- Rejected Nodes = 21
- Not in current deployment area (12): 8, 9, 13, 27, 30, 31, 46, 53, 56, 57, 59, 60
- Too close to current/prospective node (9): 14, 16, 24, 25, 32, 40, 47, 52, 54
- Emails sent to all rejected nodes.
- Newly Accepted Nodes (11): 22, 23, 37, 42, 43, 45, 50, 51, 55, 58, 61
- Total number of nodes to be collected = 16
- Total number of nodes available for deployment = 21
- Requests still pending:
- 26 - Dependent on 23.
Deployed Node Problems
(New) Nodes 278 and 277 are not up. What should we do?
- Email sent Wednesday 5th to ask if they are having problems setting up their node
- 277 was initially up but has been down for since Saturday night at the latest
public account for the Drummond, and any other pub for their patrons.
- Problems: The username/password should only work on the pub-node.
- Pub-users should not be able to roam to home-nodes, or even campus nodes.
- Suggested solution: Create a 'PUB' chain which is the same as 'NET', pub-users are a member of PUB, but not NET.
- Oversight: Pub-users can roam between pubs... (who cares?)
- One-time passwords were discussed. Pub users should not be allowed to change the account password.
- This system will need to be created and tested, probably at a workshop.
Node Status Secuirty Issues
It was agreed that in-active nodes should disappear from the public map after 48hours downtime.
LOC records in DNS for nodes-only or all addresses or none-of-the-above?
- Not to be used, people should not be able to find a location from an IP address
Andy's location tracker: This is fine, provided the information is opt-in by a user. e.g. I give You permission to see where I am.
Andy's external authentication program: Not necessary, any peering would use our radius server.
Not covered this week as Stuart not present.
Guy's new How To Connect Page
How can we include pictures on the wiki?
- You cannot upload pictures to the wiki because it is centrally managed by ECS. They have a wiki engine.
- The page is good, we can't easily include pictures on the wiki.
- Its not necessary for this page to be editable, so it may be moved to the main pages.
ISS power-outage has been postponed until early January)
- Also, remove vpn's dhclient, it breaks DNS
- We are unlikely to be allowed to move equipment over this period, we may need another occasion to move the servers.
Testing of various lengths of cable and connectors was done at the Surgery, no new-cards yet, so nothing exciting.
New to SOWN
Some nodes are unreliable, still a work-in-progress.
- The Debian build is very old, we will look into upgrading it.
- Services should be divided between ipv4 and ipv6.
- Ports 80 and 443 should be monitored on at least auth.
The SOWN-vlan has v6, the will be setup on campus nodes soon. Home-nodes are an issue, as we can't stop and start ipv6 tunnels easily. This seems to be a bug with network interfaces being held open by the neighbor-discovery code.
IRC logs are now available online. Demonstration of the searching. Anyone who wants to write better searching is quite welcome.
Security surrounding parts of the public-website which are generated. As ever we don't want to expose critical machines, but need some way of getting up-to-date data out of them.