I've written a series of Web Pages called "Grex Staff Notes" that exist as
a way for the Grex staff to publish details of technical information about
Grex and to explain the logic behind staff policies on various issues.
I hope we will be able to keep these current, and add other pages of other
information.
The existing pages are currently at
http://www.wwnet.net/~janc/grextech
There pages are:
- Introduction. Including some rationale for the staff notes and
a list of staff members with some kind of clue about who does what. This
also has pointers to all the other pages.
- Privacy Guidelines. This is based on the document that appeared here in
coop recently. It outlines the kinds of circumstances underwhich staff
might use their root powers to look at people's personal files.
- Security Goals. An overview of our system security philosophy and how it
differs from more conventional systems.
- Password Database. This gives a very detailed description of how password
security is implemented on Grex (with comparisons to standard Unix
methods). It talks about the shadow file, the hashed password database,
and the password encryption algorithms. It includes source code for
Grex's password encryption program (one of Marcus's inventions).
- Kernel Blocks. This gives a very detailed description of how Grex's
kernel has been modified to prevent non-members from telnetting out (or
from running eggdrop and such like stuff). It includes the source
code for the kernel blocks.
These are all draft versions, and I'd be delighted to hear suggestions. Once
we have more final versions, I'll move the pages to Grex (where any staff
member can update them) and set up links to them on our web page.
In particular, I'm not a real expert on the depths of the kernel or Marcus's
password encryption methodology, so the explanations there may be flawed.
If so, I hope we can correct them.
I've tried to address a broad audience with these. Possible readers include:
- People who want to learn about Unix and System administration purely for
their own curiousity.
- Administrators of systems with similar problems who would like to learn
from our example.
- New Grex staff members who want to learn their "jobs."
- Hackers who want to find ways to crack Grex.
In any of these catagories, there are users with wide ranges of knowledge,
ranging from zero to much more than I know. I'm trying to produce documents
that can be useful to anyone not at either extreme of the spectrum.
Explaining our security setup to hackers may seem like a bad idea. But this
is definately something the staff thinks is a good thing. There are several
reasons for this:
- One of the fundamentals of good security is that you don't achieve it
by crossing your fingers and hoping that nobody will notice the holes.
Ideally, knowing everything there is to know about how our password
system works won't let people crack it. We don't believe that this
information will actually help anyone crack Grex.
- If we are wrong, and there are holes, then going public can still be
positive. Once we have moved the dialog about these into the public
domain, we have made it easy for total strangers to send us mail like
"I've been reading your password system documentation, and it seems to
me that there is a vulnerability...". Opening up a public dialog about
these things means we are more likely to hear about it if someone sees
a problem. If you give information away, you are more likely to get
some back.
- Currently we have lots of people who try to do things like run eggdrop
or run the "crack" program on Grex. They use tons of bandwidth sending
these things over to Grex, and tons of CPU compiling them. However there
isn't a chance in heck that either one will work. So in many ways,
ignorant hackers are a bigger problem to us than smart ones. Ignorant
hackers use up lots of resources finding out that we have decent security.
We hope that educating our hackers by telling them in detail that we have
decent security will discourage them from wasting our resources (and
their time).
- Anyway, openness is one of the things Grex stands for. The fewer secrets
we have, the more Grex we are.
One thing that we want to avoid is being too arrogant about our security.
Of course, there must be weaknesses. We don't want to set ourselves up as
some kind of Holy Grail for hackers ("Think you're good? Try and crack
*our* system?"). We're not that good, and we have better things to spend
our time on than dueling with hackers. So the documents try to sound
competent but not arrogant.
Anyway, I've rambled on longer than I'd meant to. Do look at the pages
(lynx should work fine -- there are no pictures so far), and let us know
what you think.
Thanks.
28 responses total.
Thanks, Jan -- this is a great idea!
(Clueless question) How can grex publish it's password encryption program and stay secure?
yeah, I'm a little hesitant about that.
Because it is a one-way algorithm. Older Unix systems had a world readable password database without much worry, because it would take too much machine resources to try all different possible passwords through the same algorithm, and you can't send an encrypted password back through and unencrypt it. Now that faster machines exist, we hide the encrypted passwords. But there isn't any need to hide the algorithm itself, especially since other systems might use the same one.
This response has been erased.
Yup. There are two layers of security. The first is that the encrypted passwords are stored in a file that only "root" can read. If a person somehow becomes root, then he can see your encrypted passwords, but if he is root he doesn't need your password -- he can already access all your files and everything else on Grex. Even if a person somehow does get a copy of the file with the encrypted passwords, you can't use an encrypted password to log in. You need to find that password that, when encrypted gives rise to that string of garbage that is stored on Grex. That's the second level of security. This prevents even the Grex staff from being able to figure out what your password is. (Of course, the Grex has root access so having your password wouldn't give us any more power here on Grex, but many users use the same password on other systems (never a good idea) so it's important that we not be able to figure out your password here.)
Very impressive idea, Jan. I'm ticled just thinking about it.
I think I understand. Thanks.
This item as been linked from coop item 31 to garage item 58.
I've added a link to the Grex staff notes to Grex's web page.
I've also added another page:
http://www.wwnet.net/~janc/grextech/pumpkin
This is a photo tour of the pumpkin, showing pretty pictures of all our crummy
equipment, with descriptive text. There's even a map of (not to) the pumpkin.
It's the next best thing to being there.
This response has been erased.
It also has an actually photo of Steve Gibbard in action.
cool...though it spoils my perception that grex looked something like the Engineering room on the Starship Enterprise...
That's probably an illusion best spoiled. ;)
You might get the engine room on the enterprise to resemble the pumpkin if you shot the computers to component pieces with a phaser, then hooked up a cable to the antimatter tank 6 levels down, reconstructed the computers in haphazard form, and networked it all through a warp nacelle. Oh, you'd need a spare computer core gathering dust off to the side :)
And don't forget the orange paint.
<< Enterprise Engineering >> Nah, IMO by the time they make real Enterprise with Warp speed in 2300, they will use direct input from Brain Wave, IMO no keyboard/switch is fast enough to control an extremely fast space ship. Probably the engineering romm will be full of blank metal plates with few connectors, unless they use helmet with wireless transmitter.
I also thought there might be holes in the wall from pounded heads and fists when grex wasnt cooperating...but I guess Grex works so well theese days that nobody gets taht frustrated. But I'll bet in the old days at the dungeon or something when grex was slower, using inferior equipment and conections and more of ten crashed for unkonwn reason, there might hvve been a hole or two punched somewhere eh?
No, but there was a big hole in the floor that we named after STeve... (Remember, most of the staff works on Grex from their own homes.)
how doyou put a hole in the *floor*? hmm...wasnt grex in a basement?
This response has been erased.
The dungeon was also in a basement that had probably originally had a dirt floor. The ceiling was pretty low too, and it looked like the concrete was basically just thick enough to mostly hide the dirt. It definitely wasn't thick enough to support the weight our heavier staff members on a rolling office chair wheel. I think it's safe to say we've made an effort to recruit grex staffers who don't blow up or punch holes in walls. Not that this was a specific goal (although it does save on maintenance expenses), but we were looking for people who would not lose their temper when dealing with cantankerous hardware or users, and do something we'd all regret later.
Given the hardware we've traditionally used, that's been a pretty critical (if informal) consideration.
I've been doing some updates on the Grex staff notes. There have been minor
updates to many of the pages, and two new pages:
http://www.cyberspace.org/staffnote/eggdrop.html
Frequently Asked Questions about Eggdrop and IRC bots on Grex
Yes, we got a couple hundred too many people asking about eggdrop or
just trying to install it here without asking, so I put a pointer on
the web-newuser page saying "click here if you are interested in running
eggdrop or other irc bots on Grex" which leads to this page explaining
why you can't run irc bots on Grex. This was written before the
change-over to the new system, and is slightly out of date now.
http://www.cyberspace.org/staffnote/about.html
About Grex's Hardware and Software
This gives an overview of Grex's hardware and software. It's not
really finished yet.
I'd like very much any comments/suggestions/corrections/questions on these
pages that anyone has to offer.
One note: any staff member who wants changes in these is welcome to ask me to do it, but is equally welcome to make the changes themselves. I'm a habitual report writer, but they are "staff notes" not "janc notes."
This response has been erased.
I read the eggdrop page, and followed the link to the page describing why it won't work here, and followed that to the page on Grex security. (Which has a link that says something like "Want to get around our security? Click here" which gives support information for Grex. Very clever.) It's well-written. It's clear and explains a lot. It has an excellent tone; it makes it clear you aren't going to get to run eggdrop here without being offensive or challenging. It's also interesting. Nice job.
I've said it before, I'll say it again: Yea, staff!! :-)
You have several choices: