|
Grex > Coop > #267: Feb 2010 Board Meeting Minutes | |
|
| Author |
Message |
denise
|
|
Feb 2010 Board Meeting Minutes
| 
Feb 9 21:18 UTC 2010 |
Grex Board Meeting, 2/7/10
Present: gelinas*, aruba, kentn*, keesan, jim, steve*, tsty*, unicorn
[by phone]*, denise*
[* = board members; board member cross missing]
7:58 pm, meeting called to order.
-- Officer election results:
Chair [president]: kentn
Treasurer: tsty
Secretary: denise
--Staff report:
STeve summarized the hardware problems we had [he posted a summary
in, I believe, item 4 in agora].
Backups were discussed, doing remote backups for now, then in a
month or so, try doing a usb backup.
Discussed adding members to staff. gelinas moved to add tsty and
remmers to staff [with root access], denise seconded, motion passed.
Staff would like to meet with tonster to get more info before adding him
to staff.
--Next Meeting: Sunday, March 7, 6pm at Zingerman s
--Grex status and future:
What is/should be our policy of disseminating info from taped
meetings? Should discuss in co-op. tsty moved and gelinas seconded: All
grex meetings recorded for board members to use and to provide mp3
files to be available if needed for other use/dissemination, subject to
board approval. Motion passed.
What has happened to the old grex equipment? Steve and mdw have most
of it; keesan has recycled some of the old equipment. Current Inventory
includes:
-I386 Box
-external usb disk
-spare motherboard
-2 modems
-gavel? [Slynne, do you still have this?]
-speaker phone
-treasurer s records
-domain name
The board has received email from srw [steve weiss] stating that veek
has been in touch to see about using srw s photos he has to use in a
wikipedia article about grex. Does the board agree with this? There were
no objections; go for it!
Where to communicate when Grex is down? Possibilities:
-Posterous [sp?]
-M-net: people can post info on mnet but mnet will not be the
[only] place for staff to discuss info.
-twitter/facebook/myspace: looking into setting up accounts on one
or more of these.
-HVCN -doesn t work
-Check google page
Email question/item in coop posted by veek about the possibility of
using postfix/
white listing. Will be discussed in veek s item as well as with staff.
What about having personalized web domains? Will look into this, can
also discuss online. What can we do without having to involve
provide.net?
9:45 pm, gelinas moved to adjourn meeting, Steve seconded; motion
carried.
|
| 66 responses total. |
tsty
|
|
response 1 of 66:
|
Feb 10 01:24 UTC 2010 |
w0w .. fasssssssssst and good! tnx
|
mary
|
|
response 2 of 66:
|
Feb 10 01:40 UTC 2010 |
Could someone please clarify the bit about opening up board meetings by
both simulcasting and keeping those audio/video recordings available for
folks to listen/watch at their convenience? The coop discussion seemed to
support doing this. Yet the minutes are fuzzy as to what came down.
What's up?
|
cross
|
|
response 3 of 66:
|
Feb 10 02:23 UTC 2010 |
Could someone please clarify the staff issues? My understanding was that
Remmers and TS do Not have root access.
|
veek
|
|
response 4 of 66:
|
Feb 10 12:45 UTC 2010 |
Re #0: so SRW didn't forget :) Regarding the personalized web URL
thing.. it could be done by creating a subdomain called
xyz.cyberspace.org and delegating authority for the subdomain to a
nameserver run on grex.cyberspace.org, so any further changes would be
local BUT this would require that staff do the initial one-time
delegation on Provide.
BUT, I'm thinking that perhaps this could wait till later - the actual
benefits being, rather marginal..
Anyway, so could we decide something for sure (even migrating to
tonster's box is okay with me) regarding Mail, MySQL and Ping/
Traceroute/NMap (i'll open a thread on this). All are very useful for
ppl using the shell.
|
tsty
|
|
response 5 of 66:
|
Feb 10 16:11 UTC 2010 |
one amplificatoin about he hardware inventory ... apparently the
board-at-the-time was wholly disinteresdsted in keeping arond (or
offering to return) anyhtiikg that was not activly in-use.
keesan said she recycled a lot of it ... mdw & steve captured some that
was going to head to teh shredder .. and some hit the shredder.
i think i have that right .. at least close.
re 3 ... dunno about remmers but i don;t ahve root at this second, but
it should be coming along some time soon.
re 4 .. teh xyz.cyberspace.org was brought up sted *.org/~xyz for
persoanl sites and the board (between meeings) is considering how
to best effect the idea whilst -also- benefiting grex, i.e., some $$$.
|
remmers
|
|
response 6 of 66:
|
Feb 11 21:46 UTC 2010 |
I'm of the opinion that root access should be parceled out conserva-
tively on an as-needed basis. In particular, since I don't know
exactly what I'll be doing as staff yet, I don't know if I need it.
Certain kinds of administrative tasks can be carried out without
root - for example, I didn't need it to run the recent board vote;
just needed privileged access to certain directories and files.
If I'm going to be authorized to go to Provide and hit reset,
I don't need root for that either. On the other hand, if I'm
going to fight fires such as runaway processes and the like, then
I'd need root.
I think staff needs to get together, either in person or online,
and figure out who's going to do what. Then I'll know if I
actually need root.
At the December board meeting, a staff meeting was scheduled
for early January. It didn't happen because Grex was still down
with disk problems. I think it's time to schedule another one.
If it's an in-person meeting, I'm out of town at the moment but
will be available from February 21 on.
|
nharmon
|
|
response 7 of 66:
|
Feb 12 00:55 UTC 2010 |
I'm surprised the root password isn't sealed by the board in a
tamper-evident envelope with staff just given least privileges via sudo,
with a couple of staffers having root-level sudo.
|
kentn
|
|
response 8 of 66:
|
Feb 12 01:26 UTC 2010 |
It's more likely in a hermetically sealed mayonnaise jar under
Funk and Wagnalls' porch.
|
nharmon
|
|
response 9 of 66:
|
Feb 12 01:47 UTC 2010 |
*snort*
|
tonster
|
|
response 10 of 66:
|
Feb 12 05:51 UTC 2010 |
resp:7: that's how ford used to keep their root passwords sealed.
|
nharmon
|
|
response 11 of 66:
|
Feb 12 09:58 UTC 2010 |
It's also the recommended safe practice for financial institutions.
|
kentn
|
|
response 12 of 66:
|
Feb 12 13:16 UTC 2010 |
That doesn't sound like all that bad an idea, actually.
|
jgelinas
|
|
response 13 of 66:
|
Feb 13 18:34 UTC 2010 |
The board approved root access for both tsty and remmers. When either
will get that access is, I guess, up to the staff.
Most of the stuff is done by sudo now, I think. Note that sudo just
makes more passwords lucrative targets.
There is still some disagreement on broadcasting the board meetings.
Thus the limits on recording and disseminating the recordings. We are
probably going to have to take membership-level action to get it
'right.'
|
cross
|
|
response 14 of 66:
|
Feb 13 22:15 UTC 2010 |
resp:13 Sudo does *not* "just make(s) more passwords lucrative
targets." Sudo is a very, very useful tool and is the preferred
mechanism for doing things as the superuser these days.
I have given root access to both Remmers and TS via adding them to
the 'wheel' group. Both should use sudo to access things as root.
I don't even know what the root password is, but it would probably
be a good idea if someone changed it to something that they know,
write it down, and store it somewhere securely.
I should state publicly that I have serious objections to adding
remmers to staff. When I lobbied to get re-added to staff some
years ago, remmers objected strongly. When I got re-added to staff
and elected to the board, remmers resigned from both.
I find that timeline suspicious and have found him difficult to
work with. He created what I felt to be a very divisive forum to
discuss Grex being down during the recent outage, which fragmented
the discussion, *despite* being asked not to do so, by me, as a
baord and staff member. In the past, he was not responsive to
email; I recall asking him multiple times to create me an account
on the machine that housed Grex's CVS server and he did not respond
until after I'd resigned from staff. I feel like John is the type
of guy who likes to "take control." I feel like he doesn't work
particularly well with others, and I'm concerned about him having
root access.
A lot of John's technical ideas are not well thought out and tend
to rely on things he's heard, rather than things that he's done.
He lobbied strongly to put in a complicated content-management
system on Grex, without having even used it. I find that problematic,
and I'm worried that, with root access, John will do things that
are not easily supportable by the rest of us. Similarly with his
ideas about virtualization.
I see his no-staff-stamp addition to staff as something of a coup
by the Grex old-guard. I would have been happy to have him do
webmaster things, but full-on root access is an entirely other
matter.
|