From bobgeorge33 at ucc.gu.uwa.edu.au Thu May 1 13:30:14 2014 From: bobgeorge33 at ucc.gu.uwa.edu.au (Mitchell Pomery) Date: Thu, 1 May 2014 13:30:14 +0800 (WST) Subject: [tech] IPv6 Outage Message-ID: Hey Wheel/Tech@, IPv6 Will be temporarily disabled for UCC's IP range by Information Services while they update UWA's network to roll out IPv6 to more locations. IPv6 will be disabled on the 22nd of June for approximately 6 weeks. If this will affect anything that you use at UCC, please start looking for alternative configurations now. This means that anything that uses ipv6 (ie. email at ipv6.ucc.asn.au) will be unavailable. Kind Regards, Mitch Pomery UCC President 2014 From zanchey at ucc.gu.uwa.edu.au Thu May 1 18:27:38 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Thu, 1 May 2014 18:27:38 +0800 (WST) Subject: [tech] IPv6 Outage In-Reply-To: References: Message-ID: On Thu, 1 May 2014, Mitchell Pomery wrote: > Hey Wheel/Tech@, > > IPv6 Will be temporarily disabled for UCC's IP range by Information > Services while they update UWA's network to roll out IPv6 to more > locations. > > IPv6 will be disabled on the 22nd of June for approximately 6 weeks. If > this will affect anything that you use at UCC, please start looking for > alternative configurations now. > > This means that anything that uses ipv6 (ie. email at ipv6.ucc.asn.au) will > be unavailable. Using email at ipv6.ucc.asn.au is pretty brave anyway! Unless anyone really wants to set up alternative routing arrangements, I've made a note to comment out all our AAAA records on June 21. David From zanchey at ucc.gu.uwa.edu.au Thu May 1 18:36:21 2014 From: zanchey at ucc.gu.uwa.edu.au (David Adam) Date: Thu, 1 May 2014 18:36:21 +0800 (WST) Subject: [tech] [wheel] IPv6 Outage In-Reply-To: References: Message-ID: On Thu, 1 May 2014, David Adam wrote: > On Thu, 1 May 2014, Mitchell Pomery wrote: > > Hey Wheel/Tech@, > > > > IPv6 Will be temporarily disabled for UCC's IP range by Information > > Services while they update UWA's network to roll out IPv6 to more > > locations. Also - could you ask the IS contact whether there is any likelihood that IPv6 reverse DNS will be delegated at any stage? That's basically the only thing missing from our IPv6 Experience(tm) at present. [DAA] From matches at ucc.asn.au Mon May 5 18:02:44 2014 From: matches at ucc.asn.au (Sam Moore) Date: Mon, 05 May 2014 18:02:44 +0800 Subject: [tech] Wheel/Tech Meeting and the File Server Build (Finally) In-Reply-To: References: Message-ID: <536761C4.1010606@ucc.asn.au> The last tech meeting (in which the fileserver was a topic of discussion) was minuted and sent to tech@ but only saved in a super secret ultra protected wheel bunker where no mere mortals dare tread. I've added it to the 2013 committee minutes page: http://www.ucc.asn.au/infobase/minutes/2013/2013-08-09.tech I have prepared an Executive Summary (TM) of things and what happened since then as practice for when I have to do it for my Literature Review (this is work, I swear): - It will be too hot in summer things will die - They did - [BOB] used his super powers to keep the SAN and Netapp alive - We need to get a new file server - We did, thanks to [*OX], [BOB], [BG3] (and no thanks to me) - We also got another Netapp but no one has set it up - People reflected on the possibility of making mirrors - Should we replace mussel? - Mussel had been crashing a lot (due to issues with Xen on mylah) - [SLX], [TPG] and I tried with neomussel/muscle/notsugo/mantis - [BOB] just moved mussel to medico (and succeeded) - mantis still lives as www.ucc.asn.au though - Should we replace mylah? ("we got it out of a public loo") - mylah (still) does: SAMBA and NFS forwarding of the SAN/Netapp - The file server would replace the SAN/Netapp but not SAMBA - PIZZA TIME - (It wasn't) - Should we migrate to SAMBA 4 - Kerberos might or might not actually be a thing we want - LDAP might be terrible but is it terrible enough? - (My favourite quote) "It may be a step backwards" [DAA] sent some clarifications of things, but at this point you really know enough to look in the tech@ archives if you care. Another thing that has pretty much not been talked about anywhere in any official UCC communication channels was the merging of IRC services with ECU, Curtin and Murdoch. I believe [LAW], [DAA] and [BG3] sorted that out on the UCC side. [SZM] Who has done nothing of note since the last wheel meeting On 19/04/14 17:56, Mitchell Pomery wrote: > Hello People, > > The File Server is nearly ready for building! So on Friday the 9th of May > (as to avoid overlapping LANzac and the quiz night, and also to allow me > to check we have all the needed cables), there will be a wheel/tech > meeting. All Welcome. > > Date: 9th May > Time: 6PM > > The Agenda for the meeting is: > - A SSOE that can be used for things like Learn2Linux and Intro to > Programming - Wether we want it, what sort of environment it would be etc > etc. > - Rules for Colos and VMs and maybe some sort of network usage monitor > - The UPS, what happened, and it's current state > - What machines need upgrading/replacing in the next year > - The NetApp that was donated to us by NetApp > - Neatening up the Machine room - Making cables easier to trace > - And of course, Building the new File Server > - Anything else people want to talk about > > > Mitch > UCC President 2014 From bob at ucc.gu.uwa.edu.au Fri May 9 10:42:45 2014 From: bob at ucc.gu.uwa.edu.au (Andrew Adamson) Date: Fri, 9 May 2014 10:42:45 +0800 (WST) Subject: [tech] [wheel] Wheel/Tech Meeting and the File Server Build (Finally) In-Reply-To: References: Message-ID: Don't forget this is on tonight people! Andrew Adamson bob at ucc.asn.au |"If you can't beat them, join them, and then beat them." | | ---Peter's Laws | On Sat, 19 Apr 2014, Mitchell Pomery wrote: > Hello People, > > The File Server is nearly ready for building! So on Friday the 9th of May (as > to avoid overlapping LANzac and the quiz night, and also to allow me to check > we have all the needed cables), there will be a wheel/tech meeting. All > Welcome. > > Date: 9th May > Time: 6PM > > The Agenda for the meeting is: > - A SSOE that can be used for things like Learn2Linux and Intro to Programming > - Wether we want it, what sort of environment it would be etc etc. > - Rules for Colos and VMs and maybe some sort of network usage monitor > - The UPS, what happened, and it's current state > - What machines need upgrading/replacing in the next year > - The NetApp that was donated to us by NetApp > - Neatening up the Machine room - Making cables easier to trace > - And of course, Building the new File Server > - Anything else people want to talk about > > > Mitch > UCC President 2014 > From harrymc at ucc.asn.au Fri May 9 14:09:09 2014 From: harrymc at ucc.asn.au (Harry) Date: Fri, 09 May 2014 14:09:09 +0800 Subject: [tech] [wheel] Wheel/Tech Meeting and the File Server Build (Finally) In-Reply-To: References: Message-ID: <536C7105.9030809@ucc.asn.au> Pls disregard moderator approval for original sent from wrong address :( Try again: ---------- Hello May I add to the agenda: - where is the archive of 68HC11 code for snack ? or - should the latest 68HC11 code be unzipped from the installed EPROM (as was the cunning Bernard et. al. plan) ? I have a copy here of snack Ver. that I grabbed from a UCC server cvs originally (I think). I'm interested in seeing if any Intro to Prog people want to do some C and hardware interaction. A possible start is to build an EEPROM based "emulator" for the EPROM and an Arduino programmer for it. Next get the emulator running on snack with the existing HC11 binary. Then I can retire my UV eraser from the belly of snack :-) - SSOE .. can has HC11 compilation (does it need a specific gcc version or anything) ? All the best Harry On 09/05/14 10:42, Andrew Adamson wrote: > Don't forget this is on tonight people! > > Andrew Adamson > bob at ucc.asn.au > > |"If you can't beat them, join them, and then beat them." | > | ---Peter's Laws | > > On Sat, 19 Apr 2014, Mitchell Pomery wrote: > >> Hello People, >> >> The File Server is nearly ready for building! So on Friday the 9th of May (as >> to avoid overlapping LANzac and the quiz night, and also to allow me to check >> we have all the needed cables), there will be a wheel/tech meeting. All >> Welcome. >> >> Date: 9th May >> Time: 6PM >> >> The Agenda for the meeting is: >> - A SSOE that can be used for things like Learn2Linux and Intro to Programming >> - Wether we want it, what sort of environment it would be etc etc. >> - Rules for Colos and VMs and maybe some sort of network usage monitor >> - The UPS, what happened, and it's current state >> - What machines need upgrading/replacing in the next year >> - The NetApp that was donated to us by NetApp >> - Neatening up the Machine room - Making cables easier to trace >> - And of course, Building the new File Server >> - Anything else people want to talk about >> >> >> Mitch >> UCC President 2014 >> > _______________________________________________ > List Archives: http://lists.ucc.gu.uwa.edu.au/pipermail/tech > > Unsubscribe here: http://lists.ucc.gu.uwa.edu.au/mailman/options/tech/harrymc%40ucc.gu.uwa.edu.au > From matt at ucc.asn.au Fri May 9 18:58:55 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Fri, 9 May 2014 18:58:55 +0800 Subject: [tech] [wheel] Wheel/Tech Meeting and the File Server Build (Finally) In-Reply-To: References: Message-ID: <20140509105855.GS18884@ucc.gu.uwa.edu.au> On Fri, May 09, 2014 at 10:42:45AM +0800, Andrew Adamson wrote: > > - Rules for Colos and VMs and maybe some sort of network usage monitor Could the Palo Alto Networks virtual router do that kind of usage graphing and stuff? Matt From matches at ucc.asn.au Fri May 9 20:20:21 2014 From: matches at ucc.asn.au (matches at ucc.asn.au) Date: Fri, 09 May 2014 20:20:21 +0800 Subject: [tech] Minutes of Wheel/Tech Meeting 2014-05-09 Message-ID: <5145b2099d852d83574c2ee7f9f0b423@secure.ucc.asn.au> Wheel/Tech Meeting 2014-05-09 Wheel: [SZM] [SLX] [BOB] [TPG] [MTL] [BG3] [GOZ] [NTU] [*OX] Others: [GEE] [VIJ] Alice (Simplebard), [DOM] [JDN] The Agenda for the meeting is ------------------------------ - A SSOE that can be used for things like Learn2Linux and Intro to Programming - Wether we want it, what sort of environment it would be etc etc. - Rules for Colos and VMs and maybe some sort of network usage monitor - The UPS, what happened, and it's current state - What (important) machines need upgrading/replacing in the next year - The NetApp that was donated to us by NetApp - Neatening up the Machine room - Making cables easier to trace - And of course, Building the new File Server - Anything else people want to talk about [things added during meeting] - Password Escrow for Wheel - [HMC] wants to know about the Snack Machine firmware, does anyone have a copy of the code? - Committee wants to look into running a VM to provide other clubs with mailing lists, preferably on their own domains - Donation of Virtual Routers Meeting opened at 18:11 by [BOB] - [BOB] explains what meeting is A SSOE that can be used for things like Learn2Linux and Intro to Programming ---------------------------------------------------------------------------- - [SLX] explains it; it is a boring standard environment that isn't Redhat - To be used for events so all machines are running the same thing - We currently just get everyone to ssh to motsugo (PuTTY for Windows) to get an SOE - Downside: No graphics - Haven't had any graphics events yet but might (eg: Intro to OpenGL) - [BOB] who wants to be involved? - [SLX] if it happens (not sure it should) [*OX] arrives 18:15 - VirtualBox raised - people have had problems - [SLX] 1. Need to login and start VM, takes time, 2. ... - [TPG] Fix the thinterms? - They are broken for - [BOB] whatever we do has to be quick and easy and Just Work - [*OX] doesn't think so... - A lot of events are targeted at having members participate in the club - It teaches people how to deal with the club - [TPG] Netboot environment? Not the same as thinterms because they are evil - They are evil - [BOB] next event? - [GOZ]'s programming talks, but these have been cancelled until next semester - [BG3] When will we have the next meeting? - [SLX] We can talk about after this meeting - [BOB] Netbook, LiveUSB or LiveCD Rules for Colos and VMs and maybe some sort of network usage monitor -------------------------------------------------------------------- - We had an incident that coincidentally happened at the same time as heartbleed but was unrelated - At the same time we actually had a heartbleed issue though but we will ignore that one - People need good passwords - People need to patch their machines - [BOB] thinks they are similar problems, for most intents and purposes they are the same thing - [TPG] policy "Wheel must have a key so they can run password checks" - [BOB] recommends Cronjob for Jack The Ripper - Asks for volunteers - How do commercial VM providers deal with it? - They nullroute (drop all packets from VM) - [SLX] Recommends a "After 24 hours if you haven't patched it and we can tell, block all ports" policy - Can things be done in Proxmox? - Detection? - Network monitoring - [BOB] setup VMs are on different VLANs so we can pass different ranges through filtering - [ASH] ignored this (using IPs on clubroom range) - Discussion of fixing it for [ASH] - Too many VMs - What do we need for Network Monitoring? - [BOB] Netblocks Blue - [TRS] says it is glorified IPTABLES (says [BOB], [TRS] not here) - [BOB] says it works - [SLX] an alert when a machine does lots of traffic would be good - [TPG] how do you tell it's not just an iso - Mitigation? - [TPG] Anti source spoofing, do we do it, we should - [*OX] suggests using the Packeteer to restrict things to 100Mb inside - Again, how do we tell it isn't legitimate traffic (eg: LaTeX downloads) - [TPG] - Packeteer upstream of VMs - Murasoi monitoring traffic - Call for volunteers - [VIJ] any hardware? - Only the packeteer - Call for volunteers? [BOB] says to look at Netblocks Blue - It can detect other things (Brute force, Virus, Wierd Stuff) - [TPG] Best solution is connection limiting on Murasoi. - But people need to react, we need more automation - Rules! - Rules! - Wheel members need access to a VM. Easy access. Not "technically possible". - A key. That has to be on VMs. - [*OX] how would this work for Windows? A written down password? - People want to ignore windows - Linux VMs need to have a key on it, wheel will check it is there periodically - [BOB] Improve documentation - Explain things to people with Colo machines - [SZM] had tried to do this in the case that brought all this up - Jack The Ripper is better than an external attack because it doesn't get slowed by Fail2Ban - People want to vote on a policy that Wheel Members need root access to a machine - Discussion over whether it should be all of wheel or just 1, 2, etc... - People might not trust all of wheel - People might pick wheel members that are no longer active - [TPG] Wheel members can get in if they want to anyway, no point restricting to just one wheel member - [NTU] access needs to be logged and the owner informed - [BOB] alternative to wheel keys is giving a root password to wheel - That makes automated checks harder - Standard ISOs! Standard OS! Puppet is mentioned... - Uh oh - Abort! - [SLX] motion: For a machine that runs SSH, that the user does not object, either all wheel keys or a specific key which all wheel members have access to ... - Discussion over keys vs key - [*OX] VM Manager user... - CIRCLES DETECTED - CIRCULAR MOTION IS MADE - Or not - Wheel members can get around the circles - Logs are discussed. And found to be imaterial. - [BOB] amend motion so that Wheel members don't do anything unless it is an emergency - [SLX] Wheel members need access to machines, if this is too hard or people complain we will discuss on a case by case basis. - All in favour [DAA] arrives 18:44 - [BOB] wants to make another rule... - Only members can have shell access on UCC machines or member VMs - [DAA] Controversial! - Controversy ensues - Some people are giving shell access to VMs to friends or group members who don't really need it and aren't members - [DAA] can Fish have an exception? - It does make Group Projects annoying - [TPG] suggests requiring emails to Wheel - [SLX] wants to talk about Fish - If there are any non members accessed, wheel needs to know - [*OX] wants to find out who is doing this. [BOB] points finger at [LAW]. - Retroactively Unanimous (the wheel needs to know, not the pointing fingers at [LAW]) - [SZM] can wheel make policies? How do we convince people they are actually rules? They'll probably ignore us - [DAA] says to send them to committee to endorse - [SZM] agrees - [MTL] and [*OX] say we can just turn the VMs off - [BOB] says committee is scared of making these sorts of policies The UPS, what happened, and it's current state ---------------------------------------------- - [BG3] It charges to about 50% but dies and drains - [BOB] thinks batteries are shorted, [BG3] says they are fine - It is losing mains power basically - [BOB] thinks it is batteries, will pull apart and check - Built the battery packs in 2010 - They are probably screwed - Power point is fine - Do we want another one? - It has been useful a couple of times - People talk about why UPSs are good - Servers not instantly turning off is good in many ways - RAM the caches - Don't need as much beef - Would be better off making machines cooler - Paint them red - There are 36 batteries in 3 packs. Or maybe 8 in a pack. So 24. - $480 from Altronics - [*OX] when was the last time we didn't lose power due to UWA cutting the power intentionally? - Eg: UWA cut power whilst we were at the camp - We have two circuits, we should use both - We do (usually) get advance notice. Sometimes no one prepares. - 30 seconds counts... - Caching! - Smaller UPS for individual machine (fileserver) - [BOB] if batteries are the only problem, spend the $400 - Will suggest to committee - [BOB] and [BG3] to deal with Interlude discussing how long the minutes are [MTL] leaves at 18:57 Back to UPS - Is there monitoring software? - The software is for Windows XP, have fun - We should un rack mount it - [BOB] hints at people not on wheel fixing it - Yay! - [VIJ] foolishly mentions interest What machines need upgrading/replacing in the next year ------------------------------------------------------- - The Fileserver! - It isn't here yet! (missing cable for MiniSAS backplane -> main board) - Parts will be here in a week - What to put on it? FreeNAS, ZFS, various scary things are suggested - [SLX] We tried ZFS on Red, it worked until everyone fucked it up - [DAA] ZFS is curiously anticlimactic (it just works??) - [BOB] thinks not - [SLX] (does not) recommend BTRFS - [DAA] we have good backups now. They actually work. 150Mbs overnight - Everything except vmstores - [*OX] other options, - FreeNAS - OpenFILE (linux based, [DAA] says its shit don't use it) - Solaris based (OpenIndianda) - - No - Discussion of "Pirate Debian", breaks the GPL or something? - Just a linux server with LVM? - Boring but functional - ([SZM] would settle for boring but functional in a fileserver...) - [SLX] The people that shout the most about ZFS can configure it - Does anyone have any other suggestions? - Windows (hahaha) - FreeNAS - LibreNAS (???) - FreeNAS FreeNAS FreeNAS - Web interface (!? Shitttt) - [DAA] it is FreeBSD with something nice that is awful that is not terribly bad - [TPG] can always kill with fire - If it can do the things we want... - [TPG] Fileserver seperate from domain master (SAMBA) - We want to get things off Mylah - People want to kill Mylah - [BOB] wants to kill Mylah, then put Mylah on Mylah as a VM - Even though we have old machines like Mylah they are pretty good. - Only machine running out of RAM is Medico with all its VMs - Discussion of RAM usage efficiency due to VM distros - [DAA] does Mylah support hypervirtualisation? - We aren't sure. [BOB] checks right now. - [SLX] we will get rid of Mylah as a logical machine and what it was physically on may become a VM host - Trial the new proxmox maybe - [DAA] we will need to put the SAMBA domain master on something else - [BOB] likes Mylah as a host, just virtualise it - Mylah was virtualised at one point in one of its 9999 lives... - It got unvirtualised because of reasons (possibly because of running VMs on VMs?) - What are we putting on the fileserver? - [BOB] Someone does tests and emails wheel and then we argue and then do what they suggested anyway - [*OX] we install FreeNAS tonight and are done - When [BOB] picked Proxmox he tried other things first - [*OX] we try FreeNAS tonight and then we move on - Back to Mylah - We want to kill it to reduce peak heat loads - What do we replace it with - Somehow we are at boosting medico to run more VMs on it - Hang on, don't VMs still make heat - Concensus is that Medico will be less hot even running things as VMs than the VMs would be as not VMs - Camwhore is being virtualised TONIGHT! - [BOB] asks how? - By "Virtualising" [BG3] may not mean making a VM, just moving to something else (?) - Murasoi is the next machine to have its right to exist debated - It was dying because its temperature cutout was low - It is also in the hottest spot - [BOB] stopped it dying by increasing the cutout until it stopped dying - When it is on fire we will blame [BOB] - Murasoi is deemed to be worthy of existing as a non-virtual machine (NVM) - Distractions happen - Mooneye's fate? - Who is brave enough to attack it - It runs mail, bind, the wiki - [BOB] threatens to replace it with a raspberry pi - Mooneye IS the webserver (ucc.asn.au) contrary to popular belief - SAMBA - Back on Mylah - [BOB] moves to buy another Medico or similar and that when/if we get it, we get rid of Mylah and put Mylah on the new VM host as a VM - It will be cool, redundant, capacious, kills many birds with one stone, much server - [DAA] just make the new VM host mylah, don't bother VMifying - Mylah does more things than people realise, this could cause problems if it is a VM (it NFS forwards the SAN) - Motion amended by [SZM] to not specify what will happen to Mylah - Silently. Without shouting. - [SLX] Motion is: We will chuck out Mylah as soon as we can. - Unanimous - Motion to get a second VM host: Unonimous - [DAA] Discussion about Manbo in 2004 having 16G of RAM and 16CPUs - Historical information! We had to take some out because it was too big, the signal took too long to get from one side to the other Sideways tracking occurs - Can we get a 10Gb card for Bitumen - SAN is fast (2Gb) - Card for Bitumen is $$$$ - Some guy that [GOZ] can't remember the name of... - Ben? Brad! - ... he still has a bunch that they throw out all the time - [BOB] will take 3 - SAN is slow (100Mb) because of PCI Bus? Or Mitch-tech - Something something - And then someone suggested we get Food! Not :( - [VIJ] volunteers to make a network map. - Black isn't black - Slightly darker black is the new black - [BOB] We should get a black permanent marker that is actually black [SLX] clubroom machines are breaking - [BOB] says to not install Debian... - Religious war ensues! - Religious war continues! - [SLX] Lets not argue about the distros... - Scientific Linux is the ONE TRUE DISTRO - Distro war continues - Shouting happens - We agree that AMD's proprietry driver is crap and we will not install it The NetApp that was donated to us by NetApp ------------------------------------------- - FAS2020 - [BOB] says to use it as /scratch - [TPG] keep half disks as cold spares - [BOB] could replace disks on other NetApp (some died, power surge?) - We have all the licenses - [*OX] is going to setup a mirror - Discussion of Netapp breeding program - It has been a LONG meeting - We don't really need more space. - [SZM] let's let someone who is interested do what they want as a NetApp, and move on - People agree - Other people want to use the NetApp for backups - [TRS] How will you feel about a FAS2020 in the server room? - [TPG] wants to backup the coke database infinitely, INFINITELY - Discussion of what time interval is sufficient - Discussion of why we want the coke database to go back infinitely or possibly less Donation of Virtual Routers --------------------------- - Yes "Back in my day" stories ensue - [SLX] We had to carry the parity bits up the hill both ways - [DAA] "You wouldn't download a router" - [BG3] talked to people at Whackhon - Yes - Yes - Yes - yes | yes | less - The nods have it [*OX]'s things - Fix OCSInventory - Cry about mantis - Bitch about Sprocket / Winadmin / Coke / Door - Uh oh... policies detected - Committee will be merging coke and door maybe. There is now a LOLCATDOG. - Discussion of whether wheel members are by definition on door - Committee members are in favour, non committee members are not - wheel isn't entirely active members and aren't by definition valuable door members - [SLX] TO THE LISTS - Wheal don't care Password Escrow for Wheel ------------------------- - Escrow not Escroe - Crow is my favourite character from a video game - [DAA] both times VMs got rooted in living memory was shitty passwords. There are 14 people with passwords that broke in under a minute. - Distraction whilst people look at list of crappy passwords - [GOZ]'s brother is shamed - [NTU] and [*OX] discuss - [NTU] can we log admin access to VMs? - [BOB] Proxmox web interface logs things. - This won't work for ssh keys, the things we wanted to put on VMs so wheel had access - [*OX] "You wouldn't download a car Bob" - I don't get it... - [BOB] Hang on, what actually is an s-crow? - [NTU] "I'm keeping the password in a safe place in case you can't get to me" - Eg: Escrow software - Eg: Money transfers - Should we have a central password vault (slightly different concept?) - [*OX] was going to talk but gave up, he's gone - He's back - Other people talk - [NTU] File store on dedicated raspberry pi or something - [DAA] put it on Mooneye, if Mooneye is fucked we're all fucked anyway - Bikeshedding occurs - raspberry pi vs mooneye; raspberry pi = minimal power - ... It's not like we'd shut off Mooneye (is it? Refer back to fate of mooneye topic?) [*OX] leaves at 19:48 - On the note of "Minimal Power" we should have a red notebook and write all the passwords in it and padlock it in a box in the machine room Discussion of GPG and PGP - GNU and not GNU [DAA] leaves at 19:50 because he has a life - Mylah does not support hypervirtualisation - [BOB] checked already Central password store - [BOB] talks about hierarchy of trust... you get passwords as you need them on Wheel not straight away - Discussion of changing passwords [BG3] Next Meeting - 3rd week of second semester [BOB] Who is doing Camp Network? - [BOB] and [TPG] will be away - [SLX], [GOZ] volunteer - [BOB] lectures about preparing with meetings [LAW] arrives at 19:57 - [TPG] Remember Beatentrack == Cabellera with different hard disk - Discussion of caching steam apps - Deffered to preparation meeting - Or not That's all there is. There isn't anymore. Except GitHub. Meeting Closed at 20:00 - [BOB] to organise pizza run - [BOB] says "Fuck No" - Someone who cares to organise pizza run - [JDN] volunteers! And is welcomed to wheel! (not really) Also available at: http://www.ucc.asn.au/infobase/minutes/2014/2014-05-09.tech From trs80 at ucc.gu.uwa.edu.au Sat May 10 00:17:34 2014 From: trs80 at ucc.gu.uwa.edu.au (James Andrewartha) Date: Sat, 10 May 2014 00:17:34 +0800 (WST) Subject: [tech] Minutes of Wheel/Tech Meeting 2014-05-09 In-Reply-To: <5145b2099d852d83574c2ee7f9f0b423@secure.ucc.asn.au> References: <5145b2099d852d83574c2ee7f9f0b423@secure.ucc.asn.au> Message-ID: On Fri, 9 May 2014, matches at ucc.asn.au wrote: > A SSOE that can be used for things like Learn2Linux and Intro to > Programming > ---------------------------------------------------------------------------- http://mikelev.in/ux/ > Rules for Colos and VMs and maybe some sort of network usage monitor > -------------------------------------------------------------------- > - What do we need for Network Monitoring? > - [BOB] Netblocks Blue > - [TRS] says it is glorified IPTABLES (says [BOB], [TRS] not here) > - [BOB] says it works Netbox Blue. It'll show you traffic, but it's not what it's designed for. There are other firewalls that are better for detecting stuff, eg Palo Alto or Fortinet. > - It can detect other things (Brute force, Virus, Wierd Stuff) It has snort and a forked (in 2007) version of l7-filter. > Back to UPS > - Is there monitoring software? > - The software is for Windows XP, have fun What's the model? There may be a driver for nut. > - Discussion of "Pirate Debian", breaks the GPL or something? > - Just a linux server with LVM? > - Boring but functional > - ([SZM] would settle for boring but functional in a > fileserver...) OpenMediaVault? It's basic Linux with LVM and a web ui. Maybe ask the Proxmox list? I had a brief look at the forum but couldn't really find any recommendations. > - Mooneye IS the webserver (ucc.asn.au) contrary to popular > belief Technically yes, actually no: motsugo:~> telnet ucc.asn.au 80 Trying 130.95.13.9... Connected to ucc.asn.au. Escape character is '^]'. GET / HTTP/1.0 Host: ucc.asn.au HTTP/1.1 303 See Other Date: Fri, 09 May 2014 13:59:02 GMT Server: Apache/2.2.22 (Debian) Location: http://www.ucc.asn.au/ Vary: Accept-Encoding Content-Length: 305 Connection: close Content-Type: text/html; charset=iso-8859-1 motsugo:~> host www.ucc.asn.au www.ucc.asn.au is an alias for mantis.ucc.gu.uwa.edu.au. mantis.ucc.gu.uwa.edu.au has address 130.95.13.23 > Donation of Virtual Routers > --------------------------- > - Yes These are Palo Alto? > [*OX]'s things > - Fix OCSInventory > - Cry about mantis Can we get rid of mantis? > - Discussion of whether wheel members are by definition on door > - Committee members are in favour, non committee members are not - > wheel isn't entirely active members and aren't by definition valuable > door members > - [SLX] TO THE LISTS > - Wheal don't care Yep, whenever I need to dispense door I su to root, then su to tpg because I can't otherwise. > - Should we have a central password vault (slightly different > concept?) > - [*OX] was going to talk but gave up, he's gone > - He's back > - Other people talk > - [NTU] File store on dedicated raspberry pi or something > - [DAA] put it on Mooneye, if Mooneye is fucked we're all fucked > anyway > - Bikeshedding occurs > - raspberry pi vs mooneye; raspberry pi = minimal power > - ... It's not like we'd shut off Mooneye (is it? Refer back to > fate of mooneye topic?) I came across http://rattic.org/ earlier this year, perhaps it could suit? Also anyone on wheel should get tech emails through mailman magic somehow. -- # TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \ # UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best | [ "There's nobody getting rich writing ]| -- Collect and hide your | [ software that I know of" -- Bill Gates, 1980 ]\ nuts." -- Acid Reflux #231 / From matches at ucc.asn.au Sat May 10 01:08:33 2014 From: matches at ucc.asn.au (Sam Moore) Date: Sat, 10 May 2014 01:08:33 +0800 Subject: [tech] Minutes of Wheel/Tech Meeting 2014-05-09 In-Reply-To: References: <5145b2099d852d83574c2ee7f9f0b423@secure.ucc.asn.au> Message-ID: <536D0B91.9020108@ucc.asn.au> On 10/05/14 00:17, James Andrewartha wrote: > On Fri, 9 May 2014, matches at ucc.asn.au wrote: >> - Mooneye IS the webserver (ucc.asn.au) contrary to popular >> belief > > Technically yes, actually no: > > motsugo:~> telnet ucc.asn.au 80 > Trying 130.95.13.9... > Connected to ucc.asn.au. > Escape character is '^]'. > GET / HTTP/1.0 > Host: ucc.asn.au > > HTTP/1.1 303 See Other > Date: Fri, 09 May 2014 13:59:02 GMT > Server: Apache/2.2.22 (Debian) > Location: http://www.ucc.asn.au/ > Vary: Accept-Encoding > Content-Length: 305 > Connection: close > Content-Type: text/html; charset=iso-8859-1 > > motsugo:~> host www.ucc.asn.au > www.ucc.asn.au is an alias for mantis.ucc.gu.uwa.edu.au. > mantis.ucc.gu.uwa.edu.au has address 130.95.13.23 > Sorry, we know mantis is www.ucc.asn.au, and mooneye redirecting to it was stated in the meeting. Mooneye does have the wiki on it, which is far more useful than the main website. It still doesn't have a wiki page. If anyone wants to get rid of mantis I'm not going to stop them. There are more important things, people reading this thread should read [TRS]'s full email instead of just the bit I quoted. [SZM] From mattman at ucc.gu.uwa.edu.au Sat May 10 08:19:02 2014 From: mattman at ucc.gu.uwa.edu.au (Matt Didcoe) Date: Sat, 10 May 2014 08:19:02 +0800 Subject: [tech] Minutes of Wheel/Tech Meeting 2014-05-09 In-Reply-To: <536D0B91.9020108@ucc.asn.au> References: <5145b2099d852d83574c2ee7f9f0b423@secure.ucc.asn.au> <536D0B91.9020108@ucc.asn.au> Message-ID: > > > - Discussion of whether wheel members are by definition on door > - Committee members are in favour, non committee members are not - > wheel isn't entirely active members and aren't by definition valuable > door members > - [SLX] TO THE LISTS > - Wheal don't care > >From Door Policy V0.4 (2013): "In general, any member of the Committee and of "Wheel" (that being all who have control over the UCC's machines, as defined by the Committee) are automatic members of the 'door group'. This concession does not extend to those specifically removed from door by the Committee or to the First Year Representative, who shall be admitted when the Committee sees fit." I'm in favour of keeping this in place for the simple fact that if something dies it might be one of those less than active (define: active btw) members that comes to fix the problem and they need the clubroom to be open for that to happen. [MRD] -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20140510/27c70313/attachment.htm From matches at ucc.asn.au Sat May 10 09:55:58 2014 From: matches at ucc.asn.au (Sam Moore) Date: Sat, 10 May 2014 09:55:58 +0800 Subject: [tech] Minutes of Wheel/Tech Meeting 2014-05-09 In-Reply-To: <5145b2099d852d83574c2ee7f9f0b423@secure.ucc.asn.au> References: <5145b2099d852d83574c2ee7f9f0b423@secure.ucc.asn.au> Message-ID: <536D872E.8040303@ucc.asn.au> Next time could we go around the room and have each person say: 1. What they are working on or have worked on since the last meeting 2. What they want to do before the next meeting Preferably without getting shouted at. Then have the General Shouting and hurling abuse at Mylah (it seems traditional). [SZM] From alex at theducks.org Sat May 10 10:18:31 2014 From: alex at theducks.org (Alex Dawson) Date: Fri, 9 May 2014 19:18:31 -0700 Subject: [tech] Minutes of Wheel/Tech Meeting 2014-05-09 In-Reply-To: <5145b2099d852d83574c2ee7f9f0b423@secure.ucc.asn.au> References: <5145b2099d852d83574c2ee7f9f0b423@secure.ucc.asn.au> Message-ID: <4DE8C08E-F394-4C27-AFCA-71B9F6FCCB99@theducks.org> On 9 May 2014, at 5:20 am, matches at ucc.asn.au wrote: > - Neatening up the Machine room - Making cables easier to trace As started in Arts, and continued in my Professional Services Goon career: - get a label printer - print out two copies of labels with a unique identifier - apply to each end of cable - there is no step 4* (Ok, step 4 - for unique identifiers, UCC001, UCC002 etc. Print in large batches, or keep track of last label printed on whiteboard near label printer. If you lose track, add another digit at the beginning) If you need to trace a cable, find the end you know, take a guess where the other end is, look for that number. If you want to map everything, make a record of each port/identifier mapping pair, insert into SQL, then do a JOIN on the identifier. Or use a Perl script, whatever. For label printers, the Brother PT2730 is nice, or you can buy sheets of self laminating cable labels, like these - http://www.eql.com.au/sharpmark.htm From shmookey at shmookey.net Tue May 20 15:21:55 2014 From: shmookey at shmookey.net (Luke Williams) Date: Tue, 20 May 2014 15:21:55 +0800 Subject: [tech] [GANDI] Domain name creation In-Reply-To: <20140520055610.78FDD2310E@mailer2.gandi.net> References: <20140520055610.78FDD2310E@mailer2.gandi.net> Message-ID: Hi all, I have registered universitycomputer.club for two years and hereby donate it to the club. I've forwarded the confirmation email below. Wheel members can find further details in the usual place. I've set up the new domain with bind/zonemake and added the new 'club' zone to every name that had the 'ucc' zone in ucc.machines. If we want member subdomains to work, zonemake will need to be modified to add a ServerAlias for the new domain. And like, yeah, have fun with that. Hope you like global variables. Anything need to be done for our DNS secondaries? Cheers, Luke On Tue, May 20, 2014 at 1:55 PM, wrote: > > Dear customer, > > This is an automatic message to confirm the registration of the following domain(s) you have just registered at Gandi: > > universitycomputer.club (http://en.gandi.net/whois/details/?search=universitycomputer.club) > > The domain was successfully created, though it may only be fully functional after a standard DNS propagation delay of several hours. > > If your order contains other domains not listed here, you will see them in another email shortly, as their creation proceeds. > > In any event, you can go to your Orders in Progress page to verify the state of your order (or cancel duplicate orders): > > https://www.gandi.net/admin/orders > > If you're using Gandi's nameservers, you can add web forwarding entries or modify the domain's zone file to point it at your website from the domain's control panel: > > https://www.gandi.net/admin/domain > > You can also edit the domain's contacts, nameservers, and GandiMail settings at the link above. > > Need help getting started? We have tutorials for setting up your domain with various services on our wiki: > > http://wiki.gandi.net/en/domains/management > > Did you know? When you create a domain name at Gandi, you get free stuff and discounts! > These include a standard Gandi SSL certificate for one year, and, if this is your first domain purchase at Gandi, a promo code good for 50% off the purchase or renewal of a Simple Hosting instance for one year. > > See your promo codes here: > https://www.gandi.net/admin/billing/promos > > > Feel free to contact our Customer Care Department should you have any questions or require any additional assistance: > http://www.gandi.net/faq/contact_support > > Thank you for choosing Gandi! > > Best Regards, > -- > GANDI - https://www.gandi.net From shmookey at shmookey.net Tue May 20 16:17:44 2014 From: shmookey at shmookey.net (Luke Williams) Date: Tue, 20 May 2014 16:17:44 +0800 Subject: [tech] [GANDI] Domain name creation In-Reply-To: References: <20140520055610.78FDD2310E@mailer2.gandi.net> Message-ID: On Tue, May 20, 2014 at 3:21 PM, Luke Williams wrote: > If we want member subdomains to work, zonemake will need to be modified to add > a ServerAlias for the new domain. Realising that I probably needn't worry about using duct tape and rubber bands to fix a machine made out of duct tape and rubber bands, I went ahead and made the change. Member subdomains for universitycomputer.club appear to be working now. Cheers, Luke > On Tue, May 20, 2014 at 1:55 PM, wrote: >> >> Dear customer, >> >> This is an automatic message to confirm the registration of the following domain(s) you have just registered at Gandi: >> >> universitycomputer.club (http://en.gandi.net/whois/details/?search=universitycomputer.club) >> >> The domain was successfully created, though it may only be fully functional after a standard DNS propagation delay of several hours. >> >> If your order contains other domains not listed here, you will see them in another email shortly, as their creation proceeds. >> >> In any event, you can go to your Orders in Progress page to verify the state of your order (or cancel duplicate orders): >> >> https://www.gandi.net/admin/orders >> >> If you're using Gandi's nameservers, you can add web forwarding entries or modify the domain's zone file to point it at your website from the domain's control panel: >> >> https://www.gandi.net/admin/domain >> >> You can also edit the domain's contacts, nameservers, and GandiMail settings at the link above. >> >> Need help getting started? We have tutorials for setting up your domain with various services on our wiki: >> >> http://wiki.gandi.net/en/domains/management >> >> Did you know? When you create a domain name at Gandi, you get free stuff and discounts! >> These include a standard Gandi SSL certificate for one year, and, if this is your first domain purchase at Gandi, a promo code good for 50% off the purchase or renewal of a Simple Hosting instance for one year. >> >> See your promo codes here: >> https://www.gandi.net/admin/billing/promos >> >> >> Feel free to contact our Customer Care Department should you have any questions or require any additional assistance: >> http://www.gandi.net/faq/contact_support >> >> Thank you for choosing Gandi! >> >> Best Regards, >> -- >> GANDI - https://www.gandi.net From matt at ucc.asn.au Tue May 20 21:35:45 2014 From: matt at ucc.asn.au (Matt Johnston) Date: Tue, 20 May 2014 21:35:45 +0800 Subject: [tech] [GANDI] Domain name creation In-Reply-To: References: <20140520055610.78FDD2310E@mailer2.gandi.net> Message-ID: <20140520133545.GA18884@ucc.gu.uwa.edu.au> On Tue, May 20, 2014 at 03:21:55PM +0800, Luke Williams wrote: > Anything need to be done for our DNS secondaries? I added it to he.net and afraid.org Nice work with the domain. I bet all those people with .io domains aren't so smug now. Matt From matches at ucc.gu.uwa.edu.au Fri May 30 13:43:43 2014 From: matches at ucc.gu.uwa.edu.au (Sam Moore) Date: Fri, 30 May 2014 13:43:43 +0800 (WST) Subject: [tech] Robotnik In-Reply-To: <20140515102854.026DD20074@motsugo.ucc.gu.uwa.edu.au> References: <20140515102854.026DD20074@motsugo.ucc.gu.uwa.edu.au> Message-ID: On Thu, 15 May 2014, Jon Van Buren wrote: > UCC Committee Meeting Minutes 2014-05-15 > [BOB] : [REDACTED] just buy a goddamned power supply for robotnik > ~ [GOZ] says to chill > ~ [TJB] to look into replacing Robotnik > > MOTION: [BG3] To purchase a power supply for robotnik. Second [TJB] > FOR: 4 AGAINST 3 > MOTION PASSED > (What a stupid motion) (can???t believe it got through) The stupid wires on the power supply have been spliced and it was plugged into the stupid robotnik and we now have a stupid music server again. Yours stupidly, [SZM]