|
|
| Author |
Message |
| 25 new of 547 responses total. |
gelinas
|
|
response 513 of 547:
| 
Oct 28 04:39 UTC 2003 |
John, the staff meeting was on Wednesday, October 22. The staff report in
the minutes of tonight's BoD meeting pretty much sums up the discussion.
The Next Step is installing OpenBSD 3.4.
|
jep
|
|
response 514 of 547:
|
Nov 9 20:09 UTC 2003 |
The question was asked in general, has OpenBSD 3.4 been installed?
|
gelinas
|
|
response 515 of 547:
|
Nov 10 00:40 UTC 2003 |
Not last I checked.
|
bhoward
|
|
response 516 of 547:
|
Nov 10 01:20 UTC 2003 |
I understand from the earlier discussion that Jan and the other staff
configuring grex have been documenting the configuration in detail.
For folks like myself curious about the technical nitty-gritty, is any
of that documention publicly available yet?
|
janc
|
|
response 517 of 547:
|
Dec 19 02:53 UTC 2003 |
I haven't read all of what's above.
I should have a lighter work-load over the holidays, but the kids won't be
in school as much, so I might not have all that much time to work on Grex
either. Still, I expect to be able to do some work.
Last night I started work on upgrading to OpenBSD 3.4. It's up and working,
and I am about half way through the business of following the instructions
to redo the installs and configuration changes that had already been
documented. As I've been working, I've also been updating and clarifying
the install documents.
Mostly the install documents have worked fine. It's not just documentation.
A lot of it is custom scripts. So setting up the /suidbin partition, moving
appropriate suid files to it and replacing the old copies with symbolic links
took about 7 minutes. Full install and setup of party took four commands and
four minutes (most of the time to ftp the source over). Configuring Apache
and the external authenticator took about 4 minutes too. There are still
some glitches - my scripts to install Orville-Write seem to have failed.
However, the goal is to be able to build a new Grex in fairly short order,
and we've made good progress toward that.
I don't have a good way to make these documents public right now. It's
nothing amazingly interesting.
One bit of good news - I've done lots of reboots as I installed stuff, rebuilt
kernels, and such. So far the ethernet interface has initialized correctly
every time. I don't know if the ethernet driver got fixed in the 3.4 release,
or if my new router just plays better with OpenBSD, but it looks like this
issue is solved.
Right now I'm just playing catch-up to get the system back to where it was
before we upgraded to 3.4. I hope to get a substantial amount of forward
progress done over the holidays. I hope other staff members will too.
|
cross
|
|
response 518 of 547:
|
Dec 19 04:02 UTC 2003 |
Great! Okay, how about relocating the machine to the pumpkin?
|
janc
|
|
response 519 of 547:
|
Dec 20 01:39 UTC 2003 |
For the next few weeks, I'll likely have some time to work on the thing.
I don't know what advantage moving it to the pumpkin would have, at least
during that time period. However, if there is any strength of opinion
favoring that, I'd actually love to have it off my desk. It's fans are
loud and it takes up scarce desk space.
|
cross
|
|
response 520 of 547:
|
Dec 20 03:42 UTC 2003 |
If it's coming up on the network reliably now, the advantage is that
(a) we an test out network services other than those that you poke holes
in your firewall for, and (b) it's closer to oldgrex, and (c) it's already
in place for when grex shifts to it.
|
gelinas
|
|
response 521 of 547:
|
Dec 20 04:08 UTC 2003 |
All good reasons, but I'd like to see it a bit closer to being ready for use
before moving it. I'd like to see it move early in January, earlier if
possible.
|
mary
|
|
response 522 of 547:
|
Dec 20 13:15 UTC 2003 |
Thanks, Jan.
|
janc
|
|
response 523 of 547:
|
Dec 21 17:43 UTC 2003 |
Actually being able to make it accessible via http and smtp and things like
that may be useful for testing. Well, for other people. I can access those
services just fine :).
I'll move it as soon as any staff member says they'd find it easier to do
their work if it was moved, or at the end of the first week of January, at
which point I'm booting it out my house no matter what state it is in.
|
cross
|
|
response 524 of 547:
|
Dec 21 19:58 UTC 2003 |
I think it'd be a lot easier to set up a decent mail configuration if it were
moved earlier.
|
janc
|
|
response 525 of 547:
|
Dec 21 20:20 UTC 2003 |
OK.
|
janc
|
|
response 526 of 547:
|
Dec 21 20:22 UTC 2003 |
However, before we move it out from behind my firewall, we need to check
that this isn't going to be a security problem. Are there any services
we need to turn off?
|
jp2
|
|
response 527 of 547:
|
Dec 21 20:48 UTC 2003 |
This response has been erased.
|
remmers
|
|
response 528 of 547:
|
Dec 21 20:51 UTC 2003 |
I would find http useful.
|
bhoward
|
|
response 529 of 547:
|
Dec 22 01:21 UTC 2003 |
As a general principal, I agree with #527.
Taking a quick look at what's currently running on nextgrex, I would turn off
tcp and udp ports:
daytime (13)
time (37)
auth (113)
I don't see any particular need for any of these to be running.
Leaving ssh, www, 8080, https, smtp open should be fine with the caviat that
we may want to populate /var/www/htdocs with something closer to the real
grex html files before opening it generally.
I would turn off "submission" (587) in the sendmail cf files beneath /etc/mail
as we don't currently offer that on old grex.
finger (79) is currently off but presumably you will want to turn that on later
at somepoint since we do offer that on old grex.
|
gelinas
|
|
response 530 of 547:
|
Dec 22 03:41 UTC 2003 |
auth/ident should be left open, I think. It's one we've traditionally left
open.
|
janc
|
|
response 531 of 547:
|
Dec 22 04:52 UTC 2003 |
http and https should be OK to leave open. I've already configured those
(https with a self issued certificate). /var/www/htdocs is no longer ht
document root. The document root is /usr/local/www as on the traditional
Grex, and it currently contains only a place-holder index.html and some
backtalk images. I should probably delete /var/www/htdocs, or symlink it
to /usr/local/www.
I'm not exactly sure how to schedule the move. I'd pretty much have to do
it at night. Wouldn't hurt to have someone else around to help.
Anyone know what IP addresses are free in the pumpkin? I suppose it would
be save to use the old grease IP address.
|
carson
|
|
response 532 of 547:
|
Dec 22 14:21 UTC 2003 |
(Jan, if you just need physical help in moving, I can be available.)
|
janc
|
|
response 533 of 547:
|
Dec 22 14:49 UTC 2003 |
Don't think I really need physical help. It's not a heavy computer. I don't
suppose I really need help at all. Figuring out how to get it onto the
network, getting it configured, moving junk around to make space for it,
someone to hold door while someone else carries it...it'd be pleasanter with
two people, but it'll work with one, and the difficulty of scheduling time
in advance means one is probably the best choice. I guess I'll tentatively
aim at moving it this evening, sometime after the kids are in bed.
|
gull
|
|
response 534 of 547:
|
Dec 22 16:05 UTC 2003 |
The only security problem with ident that I'm currently aware of is it
can be used to determine what username servers are running under. It's
probably worth running it on Grex because it lets other sites inform us
of which of our many users is causing them trouble, in the event of
abuse.
|
janc
|
|
response 535 of 547:
|
Dec 23 01:16 UTC 2003 |
I'm aborting the plan to move Next Grex to the pumpkin tonight.
I just released that I haven't got a monitor for it. Right now it's on the
secondary inputs of my dual input monitor. The only monitor we have free in
the pumpkin not a VGA monitor. (Monochrome CGA, I think.) To set it up in
the pumpkin I'd need to borrow the monitor and keyboard from gryps. I could
do that, but it's not a very satisfactory solution. I think we should let
the move wait till we have a monitor and keyboard. The reasons to do it
now are not all that strong and a monitor should not be all that hard to find.
People all over town are paying money to get rid of them.
I think I have a spare keyboard someplace. I'd have to dig around a bit.
I think Dan Gryniewicz (dang, if you must have a last name like that, I wish
you'd get a unique first name so I wouldn't have to type the last one all the
time) had offered the donation of a monitor. I don't know if he's even in
town right now.
|
janc
|
|
response 536 of 547:
|
Dec 23 02:04 UTC 2003 |
Steve Weiss says he has a monitor. Maybe I'll grab that and make the move
tommorrow night.
|
davel
|
|
response 537 of 547:
|
Dec 23 02:28 UTC 2003 |
We bought all the hardware & didn't get monitor & keyboard?
|
