From james at jtaylor.id.au Wed Apr 2 12:52:05 2014 From: james at jtaylor.id.au (James Taylor) Date: Wed, 02 Apr 2014 15:52:05 +1100 Subject: [tech] Testing my DMARC Message-ID: <533B9775.6070704@jtaylor.id.au> By the way, you should really coax UWA into setting up DMARC validation. :) Rgds, [JTK] From zanchey at ucc.gu.uwa.edu.au Sat Apr 5 21:16:53 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Sat, 5 Apr 2014 21:16:53 +0800 (WST) Subject: [tech] Musundo - upgrade to Solaris 11 Message-ID: Hi all, I want to upgrade Musundo from the old build of OpenSolaris (snv_130) that it's currently running to Solaris 11, but unfortunately this requires reinstalling from scratch. It should be possible to do this somewhat non-destructively (by splitting the disk mirror), but I don't have high hopes. It hasn't been on for a few months, and I haven't heard any complaints, so I assume there's nothing that anyone is particularly attached to. If there is, please let me know in the next couple of days, otherwise I'm going to go ahead and wipe it. David Adam UCC Wheel Member zanchey at ucc.gu.uwa.edu.au From bobgeorge33 at ucc.gu.uwa.edu.au Sat Apr 5 21:27:09 2014 From: bobgeorge33 at ucc.gu.uwa.edu.au (Mitchell Pomery) Date: Sat, 5 Apr 2014 21:27:09 +0800 (WST) Subject: [tech] List Archives in list footer Message-ID: I'm testing adding a link to the list archives at the bottom of the email. It has probably gone horribly wrong in this email. You can view the fail below. [BG3] From bobgeorge33 at ucc.gu.uwa.edu.au Sat Apr 5 21:29:56 2014 From: bobgeorge33 at ucc.gu.uwa.edu.au (Mitchell Pomery) Date: Sat, 5 Apr 2014 21:29:56 +0800 (WST) Subject: [tech] List Archives in list footer In-Reply-To: References: Message-ID: And with that it should now be fixed.* Though I am really tempted to add it to the email header, instead of the footer. [BG3] *maybe On Sat, 5 Apr 2014, Mitchell Pomery wrote: > I'm testing adding a link to the list archives at the bottom of the email. > > It has probably gone horribly wrong in this email. You can view the fail > below. > > [BG3] > > List Archives: ucc.gu.uwa.edu.au/pipermail/tech > > Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au > From zanchey at ucc.gu.uwa.edu.au Sat Apr 5 21:46:09 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Sat, 5 Apr 2014 21:46:09 +0800 (WST) Subject: [tech] Musundo - upgrade to Solaris 11 In-Reply-To: References: Message-ID: On Sat, 5 Apr 2014, David Adam wrote: > I want to upgrade Musundo from the old build of OpenSolaris (snv_130) that > it's currently running to Solaris 11, but unfortunately this requires > reinstalling from scratch. Whoops, Solaris 11 isn't supported on UltraSPARC IV+ chips, which includes Musundo (a SunFire V490). I can't even convince it to boot at present, so perhaps we should be looking for something newer. The list price for a new T4 is something like $20k... [DAA] From zanchey at ucc.gu.uwa.edu.au Mon Apr 7 16:57:27 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Mon, 7 Apr 2014 16:57:27 +0800 (WST) Subject: [tech] Napoli Message-ID: I have upgraded Napoli to Mac OS X 10.9 ("Mavericks"). LDAP logins and NFS home directories seem to work - they didn't at first, but I altered the mapping in Directory Utility to map 'NFSHomeDirectory' directly to 'homeDirectory' from LDAP, and then created a symlink for /home to the /net/services.ucc.gu.uwa.edu.au directory and things are ok. (I suspect a cached entry was screwing this up for a while.) I have installed iTerm 2 and Xcode 5 as well, and the command-line tools for Xcode. I have also installed Homebrew. This is software that is poorly designed for a multi-user system; it cowardly refuses to run as root and so is currently owned by me. David Adam UCC Wheel Member zanchey at ucc.gu.uwa.edu.au From tech at ucc.asn.au Sun Apr 6 13:14:11 2014 From: tech at ucc.asn.au (tech at ucc.asn.au) Date: Sun, 6 Apr 2014 13:14:11 +0800 (WST) Subject: [tech] Computer Hardware Advice Message-ID: <20140406051411.B0EF23C080@mooneye.ucc.gu.uwa.edu.au> On the forum, sK0pe said: Sorry had 2 midsems. That was a query and an example.I was looking at the 780 TI and the R9 290x but had no idea about that AnandTech article.I'll be saving some money up to grab one of the two.Also, what are people's recommendations on CPU upgrades (strictly gaming purposes). I'm currently till on a Nehalem i7.Which would be a better expenditure -Upgrading the CPU and therefore motherboard and RAMJust installing an SSD and wait till the next architecture (I'm still running off a 6 year old WD Velociraptor as my system drive) ----- Note: HTML content in the forum post may have been lost. View the forum post here: https://forum.ucc.asn.au/viewtopic.php?f=4&t=30&p=118&e=118 tech at ucc.asn.au From Tech at ucc.asn.au Mon Apr 7 21:16:47 2014 From: Tech at ucc.asn.au (Tech at ucc.asn.au) Date: Mon, 7 Apr 2014 21:16:47 +0800 (WST) Subject: [tech] Computer Hardware Advice Message-ID: <20140407131647.EF06B3C07F@mooneye.ucc.gu.uwa.edu.au> On the forum, trs80 said: Quote: sK0pe wrote:Sorry had 2 midsems. That was a query and an example.I was looking at the 780 TI and the R9 290x but had no idea about that AnandTech article.I'll be saving some money up to grab one of the two.Also, what are people's recommendations on CPU upgrades (strictly gaming purposes). I'm currently till on a Nehalem i7.Which would be a better expenditure -Upgrading the CPU and therefore motherboard and RAMJust installing an SSD and wait till the next architecture (I'm still running off a 6 year old WD Velociraptor as my system drive) SSD, no contest. How much RAM do you currently have? ----- Note: HTML content in the forum post may have been lost. View the forum post here: https://forum.ucc.asn.au/viewtopic.php?f=4&t=30&p=139&e=139 Tech at ucc.asn.au From Tech at ucc.asn.au Wed Apr 9 22:02:36 2014 From: Tech at ucc.asn.au (Tech at ucc.asn.au) Date: Wed, 9 Apr 2014 22:02:36 +0800 (WST) Subject: [tech] Computer Hardware Advice Message-ID: <20140409140236.687D53C080@mooneye.ucc.gu.uwa.edu.au> On the forum, sK0pe said: Quote: trs80 wrote:SSD, no contest. How much RAM do you currently have? I'm currently only running on 6gb.I've got an HTPC which has an SSD as does my laptop and I know what I'm missing out on but I've seen. The load time seems to be fairly important as games that I run at home without an SSD take quite a while longer to load stages especially if textures are set to the highest levels.I'll probably be going for a Samsung 840 Pro. ----- Note: HTML content in the forum post may have been lost. View the forum post here: https://forum.ucc.asn.au/viewtopic.php?f=4&t=30&p=140&e=140 Tech at ucc.asn.au From matches at ucc.asn.au Thu Apr 10 11:44:16 2014 From: matches at ucc.asn.au (Sam Moore) Date: Thu, 10 Apr 2014 11:44:16 +0800 Subject: [tech] OpenSSL "Heartbleed" Issues Message-ID: <53461390.5080203@ucc.asn.au> Servers ------- From #ucc I gather that [DAA] already updated all our servers. But if you have a collocated machine you need to update your openssl libraries yourself. Desktops / Clients ------------------ Today in #ucc kronicd pointed out that clients can also be vulnerable, and that since murphy (the IRC bot) wasn't restarted it was still vulnerable. This isn't a huge deal because murphy shouldn't have anything important in it's memory. I have restarted murphy and it is OK now. Using the same tool from https://github.com/Lekensteyn/pacemaker, I have found that (up to date) browsers such as iceweasel and chromium on debian testing might also still vulnerable. These clients only return 7 bytes, whilst the examples in the readme return 65535. From what I understand they still shouldn't be doing that. In terms of UCC machines, firefox on cabellera at least does this. I am running `yum upgrade`, but it is Scientific Linux so I'm not too hopeful (also note that the graphics drivers will break again as a result). I'm running the test server on https://curious.ucc.asn.au To save you setting up your own, I'm logging to http://curious.ucc.asn.au/pacemaker.txt The first entry is iceweasel 17.0.10, the second is wget 1.15, the third is murphy (Supybot on mussel) after being restarted. 7 bytes doesn't seem like a huge problem but I really don't know what I am doing here. Any comments? More general issues ------------------- What I understand of this bug is that a malicious client or server can access arbitrary memory used by the other (if it is vulnerable). But I don't understand exactly how this may have affected UCC, or continue to affect us, in the unlikely event our servers were exploited before someone updated them. What advice, if any, should we give our members? Eg: should we be recommending people change their passwords if they have used https services such as webmail or the forum? We are running an apache2 server, but the pages authenticate via the ldaps server on mussel, which is a different protocol entirely. Does this mean it is not possible for password related memory to have been leaked via apache? Probably the best explanation I've found so far: http://superuser.com/questions/739427/how-to-use-the-internet-while-heartbleed-is-being-fixed [SZM] UCC Wheel Member From matches at ucc.gu.uwa.edu.au Thu Apr 10 13:57:31 2014 From: matches at ucc.gu.uwa.edu.au (Sam Moore) Date: Thu, 10 Apr 2014 13:57:31 +0800 (WST) Subject: [tech] Why we should not use Mint as the SOE Message-ID: [SLX] tried to update it, this was apparently extremely difficult. From matches at ucc.gu.uwa.edu.au Thu Apr 10 14:35:05 2014 From: matches at ucc.gu.uwa.edu.au (Sam Moore) Date: Thu, 10 Apr 2014 14:35:05 +0800 (WST) Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: References: Message-ID: Reason #2: It appears to use a web page as the login manager. This web page only allows logins for murphy. On Thu, 10 Apr 2014, Sam Moore wrote: > [SLX] tried to update it, this was apparently extremely difficult. > > _______________________________________________ > List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech > > Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/matches%40ucc.gu.uwa.edu.au > From bobgeorge33 at ucc.gu.uwa.edu.au Thu Apr 10 15:40:26 2014 From: bobgeorge33 at ucc.gu.uwa.edu.au (Mitchell Pomery) Date: Thu, 10 Apr 2014 15:40:26 +0800 (WST) Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: References: Message-ID: But we should have some setup so that every machine has the same UI when we want to try show people how to do things (i.e. Fresher Welcome, Introduction to Programming). If not Mint, what? [BG3] On Thu, 10 Apr 2014, Sam Moore wrote: > [SLX] tried to update it, this was apparently extremely difficult. > > _______________________________________________ > List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech > > Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au > From james at jtaylor.id.au Thu Apr 10 17:59:07 2014 From: james at jtaylor.id.au (James Taylor) Date: Thu, 10 Apr 2014 19:59:07 +1000 Subject: [tech] OpenSSL "Heartbleed" Issues In-Reply-To: <53461390.5080203@ucc.asn.au> References: <53461390.5080203@ucc.asn.au> Message-ID: <53466B6B.3060109@jtaylor.id.au> On 10/04/2014 13:44, Sam Moore wrote: > These clients only return 7 bytes, whilst the examples in the readme > return 65535. From what I understand they still shouldn't be doing that. Those 7 bytes should represent a TLS failure, and thus the clients (which use libnss) aren't vulnerable and are replying with a correct response as per the RFC :) [JTK] From james at jtaylor.id.au Thu Apr 10 18:03:05 2014 From: james at jtaylor.id.au (James Taylor) Date: Thu, 10 Apr 2014 20:03:05 +1000 Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: References: Message-ID: <53466C59.10701@jtaylor.id.au> A particular UI shouldn't restrict you to a particular distribution, and having a mixture of distros (ideally with the same DE's installed) would be preferable. Common ones are cinnamon, Gnome 3, and XFCE... What is the default DE in Mint anyway? [JTK] From matches at ucc.gu.uwa.edu.au Thu Apr 10 18:12:13 2014 From: matches at ucc.gu.uwa.edu.au (Sam Moore) Date: Thu, 10 Apr 2014 18:12:13 +0800 (WST) Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: References: Message-ID: My personal preference would be debian (stable... not testing) with MATE. It actually comes with menus by default. KDE would also be acceptable. I think the diversity in our desktops is actually a good thing and it is cooler to have this diversity on actual physical machines people can sit down and use than pointing them at VMs. We *could* adopt a blanket Mint policy, but it isn't fun to update, it doesn't have a net installer, there are no menus by default, and the default login manager is completely and utterly broken. [SZM] On Thu, 10 Apr 2014, Mitchell Pomery wrote: > But we should have some setup so that every machine has the same UI when we > want to try show people how to do things (i.e. Fresher Welcome, Introduction > to Programming). > > If not Mint, what? > > [BG3] > > On Thu, 10 Apr 2014, Sam Moore wrote: > >> [SLX] tried to update it, this was apparently extremely difficult. >> >> _______________________________________________ >> List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech >> >> Unsubscribe here: >> http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au >> > From matches at ucc.gu.uwa.edu.au Thu Apr 10 18:36:40 2014 From: matches at ucc.gu.uwa.edu.au (Sam Moore) Date: Thu, 10 Apr 2014 18:36:40 +0800 (WST) Subject: [tech] OpenSSL "Heartbleed" Issues In-Reply-To: <53466B6B.3060109@jtaylor.id.au> References: <53461390.5080203@ucc.asn.au> <53466B6B.3060109@jtaylor.id.au> Message-ID: On Thu, 10 Apr 2014, James Taylor wrote: > On 10/04/2014 13:44, Sam Moore wrote: >> These clients only return 7 bytes, whilst the examples in the readme >> return 65535. From what I understand they still shouldn't be doing that. > Those 7 bytes should represent a TLS failure, and thus the clients > (which use libnss) aren't vulnerable and are replying with a correct > response as per the RFC :) Well that makes more sense now. From bobgeorge33 at ucc.gu.uwa.edu.au Thu Apr 10 19:37:38 2014 From: bobgeorge33 at ucc.gu.uwa.edu.au (Mitchell Pomery) Date: Thu, 10 Apr 2014 19:37:38 +0800 (WST) Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: References: Message-ID: I'm not suggesting all of them run this setup as the default install, I'm suggesting this as a secondary OS that runs on all UCC's machines that we can boot into when need be. Mint would be my preference because of the default UI I had when using it, and Debian would follow, but they are the only OS's that I've properly used outside UCC. We could debate this at the yet to be announced, upcoming wheel meeting! [BG3] On Thu, 10 Apr 2014, Sam Moore wrote: > My personal preference would be debian (stable... not testing) with MATE. > It actually comes with menus by default. KDE would also be acceptable. > > I think the diversity in our desktops is actually a good thing > and it is cooler to have this diversity on actual physical machines > people can sit down and use than pointing them at VMs. > > We *could* adopt a blanket Mint policy, but it isn't fun to update, it > doesn't have a net installer, there are no menus by default, > and the default login manager is completely and utterly broken. > > [SZM] > > On Thu, 10 Apr 2014, Mitchell Pomery wrote: > >> But we should have some setup so that every machine has the same UI when we >> want to try show people how to do things (i.e. Fresher Welcome, Introduction >> to Programming). >> >> If not Mint, what? >> >> [BG3] >> >> On Thu, 10 Apr 2014, Sam Moore wrote: >> >>> [SLX] tried to update it, this was apparently extremely difficult. >>> >>> _______________________________________________ >>> List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech >>> >>> Unsubscribe here: >>> http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au >>> >> > _______________________________________________ > List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech > > Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au > From matt at ucc.asn.au Thu Apr 10 20:37:43 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Thu, 10 Apr 2014 20:37:43 +0800 Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: References: Message-ID: <4799fd56-bb19-4725-8ed3-b8834e67e91b@email.android.com> I assume you can get Docker containers for Linux desktops? Just make sure all of the OSes have a recent enough LXC and stuff, then when there's a need for a common environment let people run it in a container. Alternatively just run the "standard environment" over remote X. Matt On 10 April 2014 7:37:38 pm AWST, Mitchell Pomery wrote: >I'm not suggesting all of them run this setup as the default install, >I'm >suggesting this as a secondary OS that runs on all UCC's machines that >we >can boot into when need be. > >Mint would be my preference because of the default UI I had when using >it, >and Debian would follow, but they are the only OS's that I've properly >used outside UCC. > >We could debate this at the yet to be announced, upcoming wheel >meeting! >[BG3] > >On Thu, 10 Apr 2014, Sam Moore wrote: > >> My personal preference would be debian (stable... not testing) with >MATE. >> It actually comes with menus by default. KDE would also be >acceptable. >> >> I think the diversity in our desktops is actually a good thing >> and it is cooler to have this diversity on actual physical machines >> people can sit down and use than pointing them at VMs. >> >> We *could* adopt a blanket Mint policy, but it isn't fun to update, >it >> doesn't have a net installer, there are no menus by default, >> and the default login manager is completely and utterly broken. >> >> [SZM] >> >> On Thu, 10 Apr 2014, Mitchell Pomery wrote: >> >>> But we should have some setup so that every machine has the same UI >when we >>> want to try show people how to do things (i.e. Fresher Welcome, >Introduction >>> to Programming). >>> >>> If not Mint, what? >>> >>> [BG3] >>> >>> On Thu, 10 Apr 2014, Sam Moore wrote: >>> >>>> [SLX] tried to update it, this was apparently extremely difficult. >>>> >>>> _______________________________________________ >>>> List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech >>>> >>>> Unsubscribe here: >>>> >http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au >>>> >>> >> _______________________________________________ >> List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech >> >> Unsubscribe here: >http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au >> >_______________________________________________ >List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech > >Unsubscribe here: >http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/matt%40ucc.gu.uwa.edu.au -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20140410/aefe2c4e/attachment-0001.htm From bob at ucc.asn.au Thu Apr 10 21:18:39 2014 From: bob at ucc.asn.au (Bob Adamson) Date: Thu, 10 Apr 2014 21:18:39 +0800 Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: References: Message-ID: My experience for dual booting machines in UCC so far is that the lesser-used OS becomes hopelessly out of date, and then when you do boot into the lesser-used OS you spend all your time updating it or being pestered by update messages. It gets worse the more operating systems you add to a machine. If you want a consistent+identical environment to boot to for things like the fresher welcome, what about imaging a bunch of USB sticks and booting all the machines off those? Bam, guaranteed to be up to date and consistent for all users at the event, and we can even use the windows machines. Bob -----Original Message----- From: Mitchell Pomery Sent: Thursday, April 10, 2014 7:37 PM To: Sam Moore Cc: tech at ucc.asn.au Subject: Re: [tech] Why we should not use Mint as the SOE I'm not suggesting all of them run this setup as the default install, I'm suggesting this as a secondary OS that runs on all UCC's machines that we can boot into when need be. Mint would be my preference because of the default UI I had when using it, and Debian would follow, but they are the only OS's that I've properly used outside UCC. We could debate this at the yet to be announced, upcoming wheel meeting! [BG3] On Thu, 10 Apr 2014, Sam Moore wrote: > My personal preference would be debian (stable... not testing) with MATE. > It actually comes with menus by default. KDE would also be acceptable. > > I think the diversity in our desktops is actually a good thing > and it is cooler to have this diversity on actual physical machines > people can sit down and use than pointing them at VMs. > > We *could* adopt a blanket Mint policy, but it isn't fun to update, it > doesn't have a net installer, there are no menus by default, > and the default login manager is completely and utterly broken. > > [SZM] > > On Thu, 10 Apr 2014, Mitchell Pomery wrote: > >> But we should have some setup so that every machine has the same UI when >> we >> want to try show people how to do things (i.e. Fresher Welcome, >> Introduction >> to Programming). >> >> If not Mint, what? >> >> [BG3] >> >> On Thu, 10 Apr 2014, Sam Moore wrote: >> >>> [SLX] tried to update it, this was apparently extremely difficult. >>> >>> _______________________________________________ >>> List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech >>> >>> Unsubscribe here: >>> http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au >>> >> > _______________________________________________ > List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech > > Unsubscribe here: > http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bobgeorge33%40ucc.asn.au > _______________________________________________ List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/bob%40ucc.gu.uwa.edu.au From matches at ucc.asn.au Thu Apr 10 22:45:26 2014 From: matches at ucc.asn.au (Sam Moore) Date: Thu, 10 Apr 2014 22:45:26 +0800 Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: <53466C59.10701@jtaylor.id.au> References: <53466C59.10701@jtaylor.id.au> Message-ID: <5346AE86.8090200@ucc.asn.au> This is a good suggestion. Especially since some distros just don't seem to run on some machines (eg: Cabellera). Mint on Porcupine defaulted to MATE. However it unfortunately did not have any menus. Trying to create the application menu eventually leads to a choice between 4 different menus and picking the best one fixes the problem. [SZM] On 10/04/14 18:03, James Taylor wrote: > A particular UI shouldn't restrict you to a particular distribution, > and having a mixture of distros (ideally with the same DE's installed) > would be preferable. Common ones are cinnamon, Gnome 3, and XFCE... > > What is the default DE in Mint anyway? > > [JTK] From james at jtaylor.id.au Fri Apr 11 00:08:48 2014 From: james at jtaylor.id.au (James Taylor) Date: Fri, 11 Apr 2014 02:08:48 +1000 Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: References: Message-ID: <5346C210.9030803@jtaylor.id.au> On 10/04/2014 23:18, Bob Adamson wrote: > If you want a consistent+identical environment to boot to > for things like the fresher welcome, what about imaging a bunch of USB > sticks and booting all the machines off those? Bam, guaranteed to be up to > date and consistent for all users at the event, and we can even use the > windows machines. I actually like this idea... Hell, you could even set up a premade netboot live environment for the distros if you want to go further, with a nice menu to choose which image to boot from rather than fumbling with USB drives :) [JTK] From matches at ucc.asn.au Fri Apr 11 00:11:42 2014 From: matches at ucc.asn.au (Sam Moore) Date: Fri, 11 Apr 2014 00:11:42 +0800 Subject: [tech] Something to do with all those USBs! (Was: Why we should not use Mint as the SOE) In-Reply-To: <5346C210.9030803@jtaylor.id.au> References: <5346C210.9030803@jtaylor.id.au> Message-ID: <5346C2BE.6090202@ucc.asn.au> They have the UCC logo on them and everything! On 11/04/14 00:08, James Taylor wrote: > > On 10/04/2014 23:18, Bob Adamson wrote: >> If you want a consistent+identical environment to boot to >> for things like the fresher welcome, what about imaging a bunch of USB >> sticks and booting all the machines off those? Bam, guaranteed to be up to >> date and consistent for all users at the event, and we can even use the >> windows machines. > I actually like this idea... Hell, you could even set up a premade > netboot live environment for the distros if you want to go further, with > a nice menu to choose which image to boot from rather than fumbling with > USB drives :) From james at jtaylor.id.au Fri Apr 11 00:21:18 2014 From: james at jtaylor.id.au (James Taylor) Date: Fri, 11 Apr 2014 02:21:18 +1000 Subject: [tech] Something to do with all those USBs! (Was: Why we should not use Mint as the SOE) In-Reply-To: <5346C2BE.6090202@ucc.asn.au> References: <5346C210.9030803@jtaylor.id.au> <5346C2BE.6090202@ucc.asn.au> Message-ID: <5346C4FE.9050707@jtaylor.id.au> How many GB are the drives? Could fit a few distros on a stick with multiboot and hand them out to freshers to play with :) [JTK] On 11/04/2014 02:11, Sam Moore wrote: > They have the UCC logo on them and everything! > > On 11/04/14 00:08, James Taylor wrote: >> On 10/04/2014 23:18, Bob Adamson wrote: >>> If you want a consistent+identical environment to boot to >>> for things like the fresher welcome, what about imaging a bunch of USB >>> sticks and booting all the machines off those? Bam, guaranteed to be up to >>> date and consistent for all users at the event, and we can even use the >>> windows machines. >> I actually like this idea... Hell, you could even set up a premade >> netboot live environment for the distros if you want to go further, with >> a nice menu to choose which image to boot from rather than fumbling with >> USB drives :) From matches at ucc.asn.au Fri Apr 11 00:28:26 2014 From: matches at ucc.asn.au (Sam Moore) Date: Fri, 11 Apr 2014 00:28:26 +0800 Subject: [tech] Something to do with all those USBs! In-Reply-To: <5346C4FE.9050707@jtaylor.id.au> References: <5346C210.9030803@jtaylor.id.au> <5346C2BE.6090202@ucc.asn.au> <5346C4FE.9050707@jtaylor.id.au> Message-ID: <5346C6AA.3030002@ucc.asn.au> 4GB with what appears to be a ancient version of the 2014 fresher guide on them. On 11/04/14 00:21, James Taylor wrote: > How many GB are the drives? Could fit a few distros on a stick with > multiboot and hand them out to freshers to play with :) > > [JTK] > > > On 11/04/2014 02:11, Sam Moore wrote: >> They have the UCC logo on them and everything! >> >> On 11/04/14 00:08, James Taylor wrote: >>> On 10/04/2014 23:18, Bob Adamson wrote: >>>> If you want a consistent+identical environment to boot to >>>> for things like the fresher welcome, what about imaging a bunch of USB >>>> sticks and booting all the machines off those? Bam, guaranteed to be up to >>>> date and consistent for all users at the event, and we can even use the >>>> windows machines. >>> I actually like this idea... Hell, you could even set up a premade >>> netboot live environment for the distros if you want to go further, with >>> a nice menu to choose which image to boot from rather than fumbling with >>> USB drives :) > > _______________________________________________ > List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech > > Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/matches%40ucc.gu.uwa.edu.au > From zanchey at ucc.gu.uwa.edu.au Fri Apr 11 08:37:18 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Fri, 11 Apr 2014 08:37:18 +0800 (WST) Subject: [tech] Why we should not use Mint as the SOE In-Reply-To: References: Message-ID: On Thu, 10 Apr 2014, Bob Adamson wrote: > My experience for dual booting machines in UCC so far is that the > lesser-used OS becomes hopelessly out of date, and then when you do boot > into the lesser-used OS you spend all your time updating it or being > pestered by update messages. It gets worse the more operating systems you > add to a machine. If you want a consistent+identical environment to boot to > for things like the fresher welcome, what about imaging a bunch of USB > sticks and booting all the machines off those? Bam, guaranteed to be up to > date and consistent for all users at the event, and we can even use the > windows machines. If only there was some way of utilising a single computer to serve as a central interface for a bunch of terminals. A terminal server, if you will. This is a good segue into "Unfortunately the thinterms don't boot at the moment" because the disk server (nbd-server) on Meersau keeps cowardly refusing to serve the disk image, with messages like this: nbd_server[4613]: Size of exported file/device is 426975232 nbd_server[4613]: Negotiation failed/1: Bad file descriptor I've backported nbd-server 3.8 but that didn't help. The only other thing I have tried is upgrading the thinterm images to wheezy, but I haven't been back to the clubroom to test this yet. David Adam zanchey at ucc.gu.uwa.edu.au From Tech at ucc.asn.au Wed Apr 9 22:58:45 2014 From: Tech at ucc.asn.au (Tech at ucc.asn.au) Date: Wed, 9 Apr 2014 22:58:45 +0800 (WST) Subject: [tech] Computer Hardware Advice Message-ID: <20140409145845.DC7253C07F@mooneye.ucc.gu.uwa.edu.au> On the forum, xreaper said: the sweet spot is 8-16GB of ram these days, more if you're wanting to run lots of vm's or something ----- Note: HTML content in the forum post may have been lost. View the forum post here: https://forum.ucc.asn.au/viewtopic.php?f=4&t=30&p=142&e=142 Tech at ucc.asn.au From Tech at ucc.asn.au Wed Apr 9 23:15:52 2014 From: Tech at ucc.asn.au (Tech at ucc.asn.au) Date: Wed, 9 Apr 2014 23:15:52 +0800 (WST) Subject: [tech] Computer Hardware Advice Message-ID: <20140409151552.0A8C03C080@mooneye.ucc.gu.uwa.edu.au> On the forum, sK0pe said: Quote: xreaper wrote:the sweet spot is 8-16GB of ram these days, more if you're wanting to run lots of vm's or something Unfortunately I would have to and grab 3 sticks of RAM that wouldn't work in any other build as X58 setups had a higher base voltage for the ram.However when I upgrade RAM, CPU and motherboard, I'll most likely be going with your recommendation. ----- Note: HTML content in the forum post may have been lost. View the forum post here: https://forum.ucc.asn.au/viewtopic.php?f=4&t=30&p=143&e=143 Tech at ucc.asn.au From tech at ucc.asn.au Fri Apr 11 22:28:24 2014 From: tech at ucc.asn.au (tech at ucc.asn.au) Date: Fri, 11 Apr 2014 22:28:24 +0800 (WST) Subject: [tech] OpenSSL "Heartbleed" Issues Message-ID: <20140411142824.71C983C080@mooneye.ucc.gu.uwa.edu.au> On the forum, matt said: I made a new Globalsign *.ucc.asn.au certificate which is installed various serversmussel/mantis apachemotsugo dovecotmooneye postfixIt has a new key too for good measure ----- Note: HTML content in the forum post may have been lost. View the forum post here: https://forum.ucc.asn.au/viewtopic.php?f=4&t=45&p=176&e=176 tech at ucc.asn.au From matches at ucc.asn.au Sun Apr 13 09:50:33 2014 From: matches at ucc.asn.au (Sam Moore) Date: Sun, 13 Apr 2014 09:50:33 +0800 Subject: [tech] Formatting on the Forum In-Reply-To: <20140413013515.34D143CBBF@mooneye.ucc.gu.uwa.edu.au> References: <20140413013515.34D143CBBF@mooneye.ucc.gu.uwa.edu.au> Message-ID: <5349ED69.3040507@ucc.asn.au> It has problems, here are some I just fixed. Note that if you use a '#' character you'll probably break everything by adding extra newlines. Lists and tables and things won't work. The forum poster hasn't implemented posting a html email yet because that was too much effort, but in theory it could be changed to just email the html verbatim. Also, there is a strife@ email list and Strife forum board for testing the forum cross poster. You too can fix the formatting! https://github.com/ucc/strife [SZM] -------- Original Message -------- Subject: Formatting Tests Date: Sun, 13 Apr 2014 09:35:15 +0800 (WST) From: strife at ucc.asn.au To: strife at ucc.asn.au On the forum, matches said: Alright. We'll fix these as people complain about them. New lines They are Being Stripped. That is very annoying. Also "quotes" From matches at ucc.asn.au Tue Apr 15 00:46:18 2014 From: matches at ucc.asn.au (Sam Moore) Date: Tue, 15 Apr 2014 00:46:18 +0800 Subject: [tech] OpenSSL "Heartbleed" Issues In-Reply-To: <53461390.5080203@ucc.asn.au> References: <53461390.5080203@ucc.asn.au> Message-ID: <534C10DA.5060604@ucc.asn.au> On 10/04/14 11:44, Sam Moore wrote: > Servers > ------- > > From #ucc I gather that [DAA] already updated all our servers. > > But if you have a collocated machine you need to update your openssl > libraries yourself. > A reminder to people that yes you actually do need to update ssl on your VM or collocated machine or bad things can (and did) happen and we will kill it with fire. Or it will kill us. But hopefully the former. [SZM] From ian at mckellar.org Tue Apr 15 00:56:31 2014 From: ian at mckellar.org (Ian McKellar) Date: Mon, 14 Apr 2014 16:56:31 +0000 Subject: [tech] OpenSSL "Heartbleed" Issues References: <53461390.5080203@ucc.asn.au> <534C10DA.5060604@ucc.asn.au> Message-ID: Is there a scanner we can run against the VMs? Actually generally are there vulnerability scanners we can run automatically against the VMs? Seems like anything unpatched could be warned & then firewalled to the UCC. Could be a fun security project for someone who was so interested. Ian On Mon Apr 14 2014 at 9:46:33 AM, Sam Moore wrote: > On 10/04/14 11:44, Sam Moore wrote: > > Servers > > ------- > > > > From #ucc I gather that [DAA] already updated all our servers. > > > > But if you have a collocated machine you need to update your openssl > > libraries yourself. > > > > A reminder to people that yes you actually do need to update ssl on your > VM or collocated machine or bad things can (and did) happen and we will > kill it with fire. Or it will kill us. But hopefully the former. > > [SZM] > _______________________________________________ > List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech > > Unsubscribe here: http://lists.ucc.gu.uwa.edu. > au/mailman/options/tech/yakk%40ucc.gu.uwa.edu.au > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20140414/85d3be73/attachment.htm From matches at ucc.asn.au Tue Apr 15 01:20:35 2014 From: matches at ucc.asn.au (Sam Moore) Date: Tue, 15 Apr 2014 01:20:35 +0800 Subject: [tech] OpenSSL "Heartbleed" Issues In-Reply-To: References: <53461390.5080203@ucc.asn.au> <534C10DA.5060604@ucc.asn.au> Message-ID: <534C18E3.7040103@ucc.asn.au> I'm currently scanning the 130.95.13.0/24 range using the `ssltest.py` script from pacemaker (see original tech@ email), which someone should probably have done much earlier than this. [BOB] has just raised in #ucc that we need to check/upgrade all our old machines (eg Camp Router "beatentrack" etc) before we use them again. Anyone with a colocated machine or VM please actually subscribe to tech@ and also email wheel@ or tech@ to confirm you have updated your machine, or we will shut it down (This is regardless of the results of the scan. Don't trust me to get it right). I have updated curious. There's been a lot of traffic to the https server on it from port scanners by the way. Also some traffic by vulnerable clients that spit back interesting html/javascript :S We should probably check all our desktops as well. The 7 bytes from Iceweasel was a red herring, but clients like wget and lynx may be vulnerable. I think [SLX] has upgraded at least one desktop that had a vulnerable client? There won't be any more emails to ucc@ - subscribe to tech@ if this affects you or you care otherwise. [SZM] What passes for a wheel member these days... PS: I updated curious on 10/04/14 On 15/04/14 00:56, Ian McKellar wrote: > Is there a scanner we can run against the VMs? Actually generally are > there vulnerability scanners we can run automatically against the VMs? > Seems like anything unpatched could be warned & then firewalled to the > UCC. Could be a fun security project for someone who was so interested. > > Ian > On Mon Apr 14 2014 at 9:46:33 AM, Sam Moore > wrote: > > On 10/04/14 11:44, Sam Moore wrote: > > Servers > > ------- > > > > From #ucc I gather that [DAA] already updated all our servers. > > > > But if you have a collocated machine you need to update your openssl > > libraries yourself. > > > > A reminder to people that yes you actually do need to update ssl on your > VM or collocated machine or bad things can (and did) happen and we will > kill it with fire. Or it will kill us. But hopefully the former. > > [SZM] > _________________________________________________ > List Archives: http://lists.ucc.gu.uwa.edu.__au/pipermail/tech > > > Unsubscribe here: > http://lists.ucc.gu.uwa.edu.__au/mailman/options/tech/yakk%__40ucc.gu.uwa.edu.au > > From matches at ucc.asn.au Tue Apr 15 01:40:30 2014 From: matches at ucc.asn.au (Sam Moore) Date: Tue, 15 Apr 2014 01:40:30 +0800 Subject: [tech] OpenSSL "Heartbleed" Issues In-Reply-To: <534C10DA.5060604@ucc.asn.au> References: <53461390.5080203@ucc.asn.au> <534C10DA.5060604@ucc.asn.au> Message-ID: <534C1D8E.5010704@ucc.asn.au> On 15/04/14 00:46, Sam Moore wrote: > On 10/04/14 11:44, Sam Moore wrote: >> Servers >> ------- >> >> From #ucc I gather that [DAA] already updated all our servers. >> >> But if you have a collocated machine you need to update your openssl >> libraries yourself. >> > > A reminder to people that yes you actually do need to update ssl on your > VM or collocated machine or bad things can (and did) happen and we will > kill it with fire. Or it will kill us. But hopefully the former. > > [SZM] To elaborate slightly, this was the source of all the network issues we were having today which to most people would have been apparent as a lot of IRC netsplits. [SZM] From zanchey at ucc.gu.uwa.edu.au Tue Apr 15 09:01:34 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Tue, 15 Apr 2014 09:01:34 +0800 (WST) Subject: [tech] OpenSSL "Heartbleed" Issues In-Reply-To: <534C10DA.5060604@ucc.asn.au> References: <53461390.5080203@ucc.asn.au> <534C10DA.5060604@ucc.asn.au> Message-ID: On Tue, 15 Apr 2014, Sam Moore wrote: > On 10/04/14 11:44, Sam Moore wrote: > > Servers > > ------- > > > > From #ucc I gather that [DAA] already updated all our servers. I did all the machines that are on phonehome. So there are probably a few floating around that don't have the new versions. Phonehome is in the SOE so people responsible for creating those machines (isn't there a new print server or something) need to add it. > > But if you have a collocated machine you need to update your openssl > > libraries yourself. > > > > A reminder to people that yes you actually do need to update ssl on your > VM or collocated machine or bad things can (and did) happen and we will > kill it with fire. Or it will kill us. But hopefully the former. Like what? Can't we just firewall them off? [DAA] From matches at ucc.asn.au Wed Apr 16 10:09:02 2014 From: matches at ucc.asn.au (Sam Moore) Date: Wed, 16 Apr 2014 10:09:02 +0800 Subject: [tech] OpenSSL "Heartbleed" Issues In-Reply-To: References: <53461390.5080203@ucc.asn.au> <534C10DA.5060604@ucc.asn.au> Message-ID: <534DE63E.7000102@ucc.asn.au> On 15/04/14 09:01, David Adam wrote: > On Tue, 15 Apr 2014, Sam Moore wrote: >> A reminder to people that yes you actually do need to update ssl on your >> VM or collocated machine or bad things can (and did) happen and we will >> kill it with fire. Or it will kill us. But hopefully the former. > > Like what? Can't we just firewall them off? The mysterious bad things mentioned had nothing to do with Heartbleed which is a passive attack. Sorry. We could just firewall machines but "killing with fire" sounded more dramatic. Also, to give an example: Our https services that back onto LDAP for authentication were a case where someone could possibly have got a usernname and password that would allow a shell login via ssh. On 10/04/14 11:44, Sam Moore wrote: > We are running an apache2 server, but the pages authenticate via the > ldaps server on mussel, which is a different protocol entirely. Does > this mean it is not possible for password related memory to have been >leaked via apache? To answer my own question: The web server does have to have the user name and password in memory at some point, which means such things could be leaked. There was a vulnerable server on our network. Although it wasn't actively doing "bad things", when I scanned this server just once there was a user name and password in the leaked memory. After saying all this, it must be noted that not having 'toor' as your root password is probably more important than upgrading openssl. [SZM] From 20367585 at student.uwa.edu.au Thu Apr 17 12:26:43 2014 From: 20367585 at student.uwa.edu.au (Rahul Gupta) Date: Thu, 17 Apr 2014 12:26:43 +0800 Subject: [tech] Assistance with servers Message-ID: Hi, I'm from the UWA Motorsports club and our servers have been acting up quite a bit lately. I was hoping to get some help from talented members of the University Computer Club with this matter. Thanks, Rahul 0431327246 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20140417/f9a9734c/attachment.htm From zanchey at ucc.gu.uwa.edu.au Thu Apr 17 18:38:03 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Thu, 17 Apr 2014 18:38:03 +0800 (WST) Subject: [tech] Musdea virtualised Message-ID: Hi all, The last of the UCC Charlie/Delta machines is finally ready to be turned off - I have created a new VM for the FreeBSD machine (musdea) and reinstalled it with FreeBSD 10. There's no real reason for it to not be on the machine room network so it now mounts /home instead of /away. Software can be installed as root with `pkg`, which is a reasonably easy-to-use system. Anyone in the machine room in the next few weeks should feel free to de-rack and destroy the physical machine labelled 'musdea'. David Adam UCC Wheel Member zanchey at ucc.gu.uwa.edu.au From bobgeorge33 at ucc.gu.uwa.edu.au Sat Apr 19 17:56:58 2014 From: bobgeorge33 at ucc.gu.uwa.edu.au (Mitchell Pomery) Date: Sat, 19 Apr 2014 17:56:58 +0800 (WST) Subject: [tech] Wheel/Tech Meeting and the File Server Build (Finally) Message-ID: Hello People, The File Server is nearly ready for building! So on Friday the 9th of May (as to avoid overlapping LANzac and the quiz night, and also to allow me to check we have all the needed cables), there will be a wheel/tech meeting. All Welcome. Date: 9th May Time: 6PM The Agenda for the meeting is: - A SSOE that can be used for things like Learn2Linux and Intro to Programming - Wether we want it, what sort of environment it would be etc etc. - Rules for Colos and VMs and maybe some sort of network usage monitor - The UPS, what happened, and it's current state - What machines need upgrading/replacing in the next year - The NetApp that was donated to us by NetApp - Neatening up the Machine room - Making cables easier to trace - And of course, Building the new File Server - Anything else people want to talk about Mitch UCC President 2014 From james at jtaylor.id.au Sun Apr 20 12:35:12 2014 From: james at jtaylor.id.au (James Taylor) Date: Sun, 20 Apr 2014 14:35:12 +1000 Subject: [tech] Wheel/Tech Meeting and the File Server Build (Finally) In-Reply-To: References: Message-ID: <53534E80.5060102@jtaylor.id.au> On 2014/04/19 19:56, Mitchell Pomery wrote: > Hello People, > > The File Server is nearly ready for building! So on Friday the 9th of May > (as to avoid overlapping LANzac and the quiz night, and also to allow me > to check we have all the needed cables) Would just be two minisas cables and two minisas-sata fanout cables, right? Power would be pre-wired so no problems there :) Should be a beast of a server once you fill it! :D [JTK] From zanchey at ucc.gu.uwa.edu.au Sun Apr 20 17:12:28 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Sun, 20 Apr 2014 17:12:28 +0800 (WST) Subject: [tech] Moonwrasse - new Solaris VM Message-ID: Since Musundo is unbootable[1], and I have some stuff I want to test on Solaris, I've created a new VM on Medico for running Solaris 11.1 (x86): Moonwrasse[2]. Solaris is a bundle of fun to get running, but it supports NFS home directories[3], LDAP logins[4] and SSH public key logins too[5]. Solaris is UNIX, but it's a bit different to GNU/Linux. If you're logging in, you might want to include /opt/csw/bin, /usr/xpg6/bin and /usr/xpg4/bin in your $PATH before /usr/bin. Also, be careful with `killall`. Wheel members should be able to log in and use `/opt/csw/bin/pkgutil` to install extra software. David Adam UCC Wheel Member zanchey at ucc.gu.uwa.edu.au [1]: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/2014-April/004463.html [2]: thanks to [TRS] for the name. [3]: with nfs-props/client_versmax clamped to NFSv3, and IPv6 enabled, otherwise the terrifying "permission denied" error persists [4]: http://wiki.ucc.asn.au/LDAP#Solaris_LDAP_clients [5]: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/2007-February/003146.html