Web   ·   Wiki   ·   Activities   ·   Blog   ·   Lists   ·   Chat   ·   Meeting   ·   Bugs   ·   Git   ·   Translate   ·   Archive   ·   People   ·   Donate

#olpc-admin, 2008-12-16

Index | Today     Channels | Search | Join

All times shown according to UTC.

Time Nick Message
16:02 hhardy #topic Agenda
16:02 _dogi hi all
16:02 hhardy <- glares at bot
16:02 edmcnierney hello, _dogi
16:02 hhardy lol
16:02 Purpose of the VIG -- discussion of "make the sysadmin's life easier"
16:02 Improving documentation process and availability wiki git
16:02 Adric rt report
16:02 Future of VIG and OLPC community
16:02 New Business
16:02 oops before new business
16:03 multiple-wiki-discussion
16:03 who is here beside edmcnierney and dogi and ffm?
16:03 nada ok
16:04 _dogi hmm
16:04 cjl hides in corner
16:04 hhardy first question is to discuss the previously agreed "purpose of the VIG" per the VIG page
16:04 ah hi cjl
16:05 cjl hi
16:05 hhardy    *  Make the sysadmin's job easier
16:05    * Improve the infrastructure systems through "many hands/many minds"
16:05    * Strengthen ties with the community
16:05 Dogi and I had agreed some better wording but couldn't remember it the next day
16:06 the important point is that we hope that by using the community we can reduce the need for paid sysadmin staff support and free up those people to do other things for the project
16:06 _dogi but only for make the sysadmins job easier ...
16:06 hhardy it isn't about "I don't feel like working let the volunteers do it"
16:07 edmcnierney To some folks, that's what "Make the sysadmin's job easier" sounds like.
16:07 lfaraone hhardy: and give people the warm and fuzzies for helping maintain OLPC's infra. (and the resume-stuffers)
16:07 edmcnierney (although I think the best way to make the sysadmin's job easier is for HP to ship a working printer ;) )
16:07 _dogi lol
16:08 hhardy so if someone can come up with some suggested wording we can improve that
16:08 lol
16:08 cjl hhardy: I see two slightly different ways in which this happens.  1) take things off plate of staff ro complement time coverage on monitoring systems 2) do things that are good, but wouldn't get staffed.
16:08 hhardy #topic Purpose of the VIG -- discussion of "make the sysadmin's life easier"
16:09 I want to concentrate more on 1 than 2 but yes
16:09 cjl hhardy: 2 is the carrot that gets dangled :-)
16:10 hhardy if I wanted my job to be sysadmin + mai tais ont he beach I should move back to Santa Cruz...
16:10 thats not a horrible idea actually :)
16:10 cjl hhardy: another critical element is sharing knowledge and skills
16:10 hhardy thats good
16:10 adric squeaks, "Sorry, running a few minutes late, as the print queue was holding my check :) I'll be home in a few and back then."
16:10 cjl An advisory resource
16:11 actually gets paid to advise software company on beaches, most recently in Roatan Honduras :-)
16:11 _dogi empower the community to help the sysadmins ...
16:11 hhardy just as long as it isn't Croatan, VA :)
16:12 dogi: yes were agreeing on something like that
16:12 so this could go into the mailing list or discussion of the VIG wiki page
16:12 edmcnierney cjl: If I were in Roatan I wouldn't be wasting time on the beach - I'd be underwater!
16:13 cjl edmcnierney: Wife and I got our PADI Open Water cards :-)
16:13 edmcnierney cjl: Whale sharks - yum.
16:13 hhardy ahem moving right along :)
16:13 edmcnierney hhardy: Are we off-topic?
16:13 cjl little advising went on underwater though, that was at beach bar
16:13 hhardy #topic Improving documentation process and availability
16:14 cjl hhardy: Much of that is you reviewing internal wiki things?
16:14 hhardy right now most of the interesting/useful documentation for sysamdin is on internal wiki
16:14 volunteers don't have access, and its fairly useless when wiki itself or network is down
16:15 cjl Just as an FYI, I am creating an RT training resource on teamwiki (mostly of use to SG)  http://laptop.org/teamwiki/index.php/RT
16:15 lfaraone hhardy: can it be moved to teamwiki? (under a sysadmin: namespace, maybe?)
16:15 hhardy suggestion is: move to a more accessible wiki, either a section on teamwiki or a new wiki on a new virtual machine
16:15 _dogi bingo
16:15 cjl teamwiki (if possible)
16:16 hhardy 2) use wget to make a static copy daily, and commit it to git
16:16 so we can have checked out copies locally when everything is down
16:16 discuss
16:16 2) is more of a priority for me than 1
16:16 m_stone how well does it meet the requirements set out at http://wiki.laptop.org/go/User[…]/Infrastructure_1 ?
16:17 lfaraone hhardy: we need a private git tree then...
16:17 hhardy mstone: do you feel that git insures data integrity?
16:17 a wiki certainly doesnt
16:17 in that many people can write to it
16:18 m_stone hhardy: I think it does okay, if you put the right data into it and use signed tags when appropriate.
16:18 hhardy we dont have a written threat model as far as I know, there is only the rough diagram mstone and I made on the whiteboard about 6 months ago
16:19 _dogi :)
16:19 hhardy mstone would you be happier if "official" docs were gpg-signed?
16:19 m_stone (I don't want to take over this discussion, by the way. it's your discussion. I just want to point out that, when deciding on a system, you ought to judge it according to the criteria you helped me write up!)
16:19 hhardy mstone: agree and thanks for reminder
16:20 lfaraone hhardy: wikis _do_ provide integrity,.
16:20 hhardy: we have verification on who wrote what, and it's all private(ish)
16:21 hhardy: (imho, we should REQUIRE https for team and internalwiki, but w/e)
16:21 hhardy #IDEA require https for critical/secure docs
16:22 m_stone lfaraone: just for humour: are you familiar with geeki-geeki?
16:22 cjl teamwiki (as a closed wiki) is reasonably good at ease, integrity, (timely addressed with git push) credential, publish, trail
16:22 lfaraone m_stone: quite.
16:22 m_stone lfaraone: the best of both worlds! :)
16:22 lfaraone m_stone: I've browsed bernie's site.
16:22 http://www.codewiz.org/wiki/GeekiGeeki
16:23 hhardy ok rough count on teamwiki vrs new wiki isntance
16:23 teamwiki:
16:23 +1
16:23 _dogi ... ikiWiki ???
16:23 cjl teanwiki
16:23 _dogi mom hardy
16:23 lfaraone hhardy: +1
16:23 _dogi -1
16:23 thx for have me made my points
16:23 hhardy and for new wiki instance:
16:24 edmcnierney abstains
16:24 hhardy I think teamwiki is more of a consensus
16:24 _dogi i like more the idea that we set up a new wikiinstance maintained by the VIG
16:24 m_stone hhardy: w/ 2/5 approving?
16:24 hhardy however I dont object if we have a "backup wiki"
16:25 _dogi i dont want to every user of the as sysadmin
16:25 m_stone ah, 3.
16:25 missed cjl.
16:25 _dogi +VIG
16:25 cjl dogi, why when there is already a wiki that has needed features?
16:25 _dogi no
16:25 no wiki maintained by VIG
16:25 lfaraone _dogi: we have per-namespace access control.
16:26 _dogi: only ppl we approve can see our stuff.
16:26 _dogi but only admins can add users ...
16:26 cjl I have teamwiki access only to Team space, beleive me I've checked :-)
16:26 adric If the public wiki (main one) is down, where will we be looking for our documentation?
16:26 m_stone lfaraone: (for the record, with the integrity question -- I was really asking how you'd detect disk failure, or DB-hacking)
16:26 hhardy thats 2) above, look at your local static copy checked out of git
16:26 lfaraone adric: teamwiki isn't our main wiki
16:27 _dogi: hhardy is an admin.
16:27 m_stone lfaraone: (not data entry by normal means by unauthorized persons)
16:27 lfaraone m_stone: oh. well then... no, we wouldn't know.
16:27 adric lfaraone: S'not? Okay.. I admit to spending very little time on Teamwiki
16:28 cjl adric: Here is Team manin page  http://laptop.org/teamwiki/ind[…]hp/Team:Main_Page
16:28 _dogi i dont like to start the vote bevor all person had spoke ... but .... this is hhardy style not mine ...
16:28 hhardy ok dogi who had not spoken?
16:28 cjl dogi, Can you explai nwhat advantage a new wiki has over existing Teamwiki?
16:29 adric cjl: hmm, login still work, once i remember that I'm adric there, not adricnet
16:29 hhardy people are carrying out a discussion, its not a vote per se
16:29 cjl trying to cut infrastructure tasks with Occam's Razor
16:29 hhardy what cjl said!
16:30 cjl adric: pro forma evidence tha security on teamwiki is adequate :-)
16:30 hhardy the lockout extension is not foolproof
16:30 lfaraone hhardy: lockdown*
16:31 hhardy lockdown
16:31 "If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job."
16:31 lfaraone hhardy: which is why I think that http://www.mediawiki.org/wiki/[…]gGroupPermissions is more secure
16:31 adric What sorts of secrets are we trying to protect .. oh, it's integrity, not confidentialty so much... hmm
16:31 hhardy http://www.mediawiki.org/wiki/Extension:Lockdown
16:31 lfaraone hhardy: (the latter is a mediawiki-builtin function)
16:32 hhardy adric: yes
16:33 #topic Adric rt report
16:33 anything new besides the nice RT docs going up?
16:33 adric I don't have any news. There is one point I'd like to ask about.
16:34 docs?
16:34 cjl adric: on teamwiki :-)
16:34 I'm doing an intro to SG RT tasks
16:34 hhardy whats that link again?
16:35 adric The SSH bug that I hi on rt (production) that stopped me cold last time I had time to work on rt-sandbox has not been fixed.
16:35 hhardy I'm getting better at setting up custom autoresponders and scripts in RT
16:35 cjl http://laptop.org/teamwiki/index.php/RT
16:35 adric cjl, hhardy Yay
16:35 hhardy WB dogi
16:36 adric cjl: Wow, that is cool! Was there mail on that I missed?
16:36 dogi back
16:37 cjl adric: It has been going up over past three days, with help from Culseg, will announce wider soon.
16:37 adric So, should i just upgrade the packages to patch the bug, on the prod system? Or work around the flaw and keep working on the sandbox?
16:37 hhardy cheers for cjl and culseg
16:37 cjl adric: ticket number in RT of SSH issue?
16:37 hhardy adric: ticket on the bug?
16:37 adric cheers!
16:37 http://rt.laptop.org/Ticket/Display.html?id=26233
16:38 hhardy we should update openssh on the rt virtual machine
16:38 adric two week old ticket on a 8+ month old bug
16:38 cjl Well if that is blocking any forward motion on RT, that is a problem.
16:38 hhardy I will up priority
16:38 adric I tripped over it. There's a workaround...
16:39 It is really the greater issue that concerns me.
16:39 cjl hhardy: I know SJ and holt are anxious to see RT upgrade
16:39 hhardy oh I already made it 30...
16:39 adric cjl: Then obviously they need to hire some more help.
16:39 hhardy adric: thats a non starter for now
16:39 adric hhardy: Okay, sure, then so is most of what we are trying to do here. *shrug*
16:39 hhardy we are in the "do more with less" mode
16:39 cjl adric: Well, that is what VIG is heere to try to alleviate (somewhat).
16:40 adric And that is why this rant is on-topic.
16:40 hhardy lol
16:40 adric There is no other mode, in this crappy business, that I've witnessed *fume*. People want the their computers to do miracles , for free.
16:41 cjl Ther will always be a need for OLPC sysadmin actions as blockers for big things, the goal would be to take other things off the plate to allow them to handle those blockers on a timely basis.
16:41 hhardy I will be on vacation next week, adric if you want to ping me we can see what we can do about openssh on rt
16:41 that is you can ping me this week on it or wait till Jan
16:41 adric shrugs.
16:41 I have had to stop caring.
16:41 hhardy *hug* adric
16:41 adric I can patch the machine if you want, but I won't be able to fix it if it breaks something critical.
16:41 cjl blows pixie dust in adric's direction.
16:41 hhardy you dont have to stop caring just dont carry your hurt around and use it like a shield
16:42 adric Thanks. I am only letting myself type this crap in the hope some one has an idea here.
16:42 hhardy open hearts open minds :)
16:42 adric Busy people, other projects.
16:42 cjl adric what do you assess the risk of patching to be?  What is time cost of "real" soultion?
16:42 hhardy adric do you have a copy of "The Devil's Dictionary?"
16:43 adric Anyway, that's enough time wasted. Apologies.
16:43 hhardy seems like you could use one :)
16:43 adric Bierce is usally available online?
16:43 hhardy yes
16:43 one of my favorite authors
16:43 adric cjl: It's a crypto weakness. All communications to, and some from, the server are in danger of compromise.
16:43 cjl adric: thjat is risk of NOT patching.
16:44 What is risk that patching will break something (that anyone will notice)
16:44 adric the patch will upgrade the opensll libraries and openssh binaries and blacklist (block!) connections from unpatched machines
16:44 If there are other OLPC machines unpacthed they will no longer be able to SSH and possibly SSL to this server (the rt instance on solar)
16:44 hhardy it is pretty straightforward just we will first back up everything in case of some odd occurance
16:44 adric Thats the forseen consequences.
16:44 cjl ah, that sounds like a potential risk that can be quantified and mitigated.
16:45 adric the unforseen is something tha linked to a specific version of a library could break.
16:45 hhardy most/all of the production machines have the ssl bug fixed
16:45 adric And yeah, you guys know this stuff better than I do,
16:45 cjl RT is running on a VM?
16:45 hhardy yes a vserver on solar
16:45 adric vserver instance .. a directory
16:46 cjl: Thats' in the public RT page :) *tease*
16:46 hhardy lfaraone: what was your topic again? sorry it scrolled up and I'm too lazy to parse the log to find it
16:46 cjl Just spitballing here, but other than mail-service pointers, there shouldn't be a lot of interaction with other systems should there?
16:47 adric Instance solution probable. process changes? ...
16:47 hhardy cjl: yes
16:47 adric I can't think of any, other that what we're doing
16:47 hhardy the server key will change, everyone with strict checking anabled will be locked out till they update the key
16:48 afk 2 min
16:48 adric correct.
16:48 lfaraone hhardy: multiple wikis off a single codebase.
16:48 cjl Downside risk of not patching.  Long known vulnerability to security issue with well-known fix.  Blocked on m,oving RT upgrade forward
16:49 edmcnierney Can we accurately enumerate "other OLPC machines" that need to connect?
16:49 adric Anywho. I ahve to deal with this kind of nonsense and worse at $paying_job, so I'm unhappy to see it here too. If IT isn't given resources, users should stop asking for features.
16:49 cjl Downside of patching.  Low likelyhood of RT system (probably no other system) disruption until restoration to status quo ante is possible.
16:50 adric yeah, we could break production RT somehow for .. a few minutes while we roll it back
16:50 lfaraone that's not that bad.
16:50 the mail will be queued.
16:50 adric (this is not specifically a VIG problem. ask me about handbills)
16:50 lfaraone And our replys can wait.
16:50 adric mail coming in will be queued, webui would be unavailable, yeah
16:51 hhardy edmcnierney: those machines from which adric and I might ssh
16:51 I want to get to lfaraone's point if thats ok
16:51 edmcnierney hhardy: Yes, I understand the description of the machines - I asked if we could enumerate them (make a list).
16:52 hhardy yes I can as far as I know they are allready all updated and I understand how to delete old key from known_hosts
16:52 primarily in my case, thinker.laptop.org
16:52 dogi edmcnierney: i have a picture on my machine
16:52 hhardy a gdk is here quick let's hide!
16:52 edmcnierney dogi: Thanks
16:52 gregdek lol
16:53 cjl Then making a list and testing immediately post RT SSH patch should vcover testing to see if rollback (or other work around)  might be needed
16:53 dogi and hhardy: http://wiki.laptop.org/go/User:Dogi/VIGwiki
16:53 edmcnierney cjl: +1
16:54 hhardy dogi: https works fine on teamwiki for me
16:55 dogi ups
16:55 hhardy #topic http://wiki.laptop.org/go/User:Dogi/VIGwiki
16:55 opps
16:55 lol
16:55 #topic multiple wikis off a single codebase.
16:55 lfaraone you have the floor
16:56 lfaraone: yo
16:57 we will come back to this
16:57 #topic Future of VIG and OLPC community
16:57 lfaraone is back.
16:57 heh.
16:57 hhardy ah ok
16:58 #topic multiple wikis off a single codebase.
16:58 lfaraone: you have the floor
16:59 lfaraone Ok, if/as OLPC/SL decides to host additional wikis (for say.. spesific languages or groups) it can quickly become unwieldy to maintain all of those codebases.
16:59 This was per a SL thread on hosting wikis for local labs.
16:59 I just wanted to throw http://www.mediawiki.org/wiki/Manual:Wiki_family out there.
17:00 hhardy #link http://www.mediawiki.org/wiki/Manual:Wiki_family
17:00 lfaraone (I'm not sure wheter 1cc wants to use separate wikis for different languages etc)
17:00 hhardy I would like to see unified wiki with language localization, I think SJ favors a wiki for each language ala wikipedia
17:01 lfaraone Fortunately we've also implemented openID, so that allows people to link their wiki accounts with another.
17:01 hhardy I dont know what the building thinks...
17:02 lfaraone (http://www.mediawiki.org/wiki/[…]nsion:CentralAuth is what WMF uses, but that's SSO, not OpenID, and it's limitted to the 1CC network)
17:02 hhardy this dovetails with my last item which I will pose as a thought-problem
17:02 #topic Future of VIG and OLPC community
17:03 I the manga "Ghost in the Shell: Stand Alone Complex (;»_Պ) there is a concept of a "vanishing mediator"
17:03 someone/thing which sets in motion a social movement then vanishes from the stage
17:04 Can OLPC be such a vanishing mediator, can we eventually push out everything to the community/movement?
17:04 if so how
17:05 adric Well, Prof N got Sugar out the door already, what's next?
17:05 hhardy yes what next
17:06 cjl hhardy: Having watched the series on CartoonNetwork, I am frightened by the possibilities you may be envisioning.
17:06 hhardy nothing so apocalyptic I hope
17:07 adric They didn't get the nukes out until the sequel, right?
17:07 hhardy Dogi and I are off next week
17:07 adric lol
17:08 adric I think we have too much to do to get things running soothly in house to work on this now. It should remain a guiding principle.
17:08 hhardy someone want to volunteer to facilitate the next meeting?
17:08 I will try to check in but not sure if I will have internet access
17:08 cjl hhardy: Let's call it a by-week
17:09 hhardy ok so we will say no formal meeting next week but please feel free to congregate on here and hash things out
17:09 edmcnierney hhardy: I could volunteer, but I think cjl's got a good suggestion - attendance will be thin.
17:09 hhardy agree
17:09 lfaraone hhardy: oh, and who's currently using teach.l.o?
17:09 hhardy bunch of people, mstone admins it
17:09 lfaraone hhardy: it's currently in a state of disrepair, and prolly needs rebuilding.
17:09 hhardy send ticket
17:09 pls
17:10 be specific on whats broken
17:10 lfaraone hhardy: when I run yum update:
17:10 Error: Missing Dependency: libdvdread.so.3 is needed by package mencoder
17:10 hhardy Thank you all for your help and support it means a lot to me
17:10 lfaraone hhardy: among a host of other dep-hell problems.
17:10 hhardy and OLPC is important it brings hope to the whole world
17:10 cjl lf file ticket
17:11 hhardy so *hug* to all
17:12 #endmeeting

Index | Today     Channels | Search | Join

Powered by ilbot/Modified.