Meeting 1300-1430h (Patrick had to duck out at 1400)

Present: Daniel, Fraser, Guoxiang, Patrick, Mike.

Agenda

1. What do we have running Linux? Undergrad labs (Daniel), staff desktop PCs (who knows?), researchers on desktop and servers (Mike)
2. Mirroring Linux (and other free OSes?) - Daniel will talk about this a little
3. Security updates: why we don't have them yet
4. Printing - still a problem
5. Policy document: CsLWGMeeting20040422 talked about this, but we don't have it yet

CS Inventory of Free OS Machines

• WatForm Dell servers: six, all running sarge
• BioInformatics use Debian; Tomas Vinar is a big supporter
• williams.cscf is MikePatterson's workstation, currently running Ubuntu "hoary"
• at two laptops deployed (DB lab), one with Ubuntu and another with FC3
• MikeGore has an unknown number of alg and other PCs deployed: mostly RH9/FC2,3. SciCom use RH. Most of these machines are dual-boot.pporter. DanielAllen sez they have 30.
• Other staff? Daniel, Dave Gawley at least use it daily.
• Stefanus du Toit told me CGL have about 35 Linux machines.
• Other faculty? Who knows. Guess 25.
• Daniel sez undergrad graphics lab has 22 Debian sarge machines.

This makes about 275 machines of various vintages, mostly running vanilla Debian. Almost exclusively x86 hardware. Plus we have more exotic equipment running Linux: pilatus (Altix), plg3/4, and PLG are buying a bunch of dual CPU machines. The exotics tend to be mostly outside of CSCF administration though. Mike went and counted in hardware lab after meeting; there are 7 undeployed scspc's, so there are 67 deployed and one under his desk (the "golden client" for now).

Other free OSes:

• JeremyBarbay, MikePatterson big FreeBSD advocates (freebsd5.cscf, torres, alg41, oates). Also we had the NAA wireless.cs.
• NetBSD: at least a couple of grad students use it for both personal edification and research
• How long before we can add Solaris 10 to this list, at least nominally?

A member of the group mentioned IST are still meeting re: Linux. But nobody from CS was invited? Or anywhere else possibly. He'll let us know. Engineering are also using Linux (Fedora).

Patrick asked about security: Mike described the problems with patching sarge. Fraser said if we had one person who could do this we could all benefit from his efforts.

Daniel asked about NIDS - we've talked about that. Fraser mentioned tripwire and other hostbased intrusion detection. We can't do this on our gradpc's.

Patrick suggested: what if we say every 4 months, we install new image on the machine? We could do that: everybody with school-owned PCs must have research support. Fraser thinks we could lose configs. That's a concern, but...

Patrick sez in IST, they guarantee that every 18 months you get refreshed PCs.

Basically we need a way to enforce client upgrades before login on Linux machines (this relates to the problem of dual-boot machines).

One big security risk: stupid passwords. What if we can run crack or john the ripper on client PCs? We do have cscf-adm account on the machines; we can get on to them passwordless. Fraser thinks we could use this to get some automated tools going.

Patrick would like to be able to check this by forcing machines we can't get onto off into a sandbox network.

mirror.cscf

Daniel has a dual CPU machine that he can use for this purpose - it will replace debian30.math for mirroring debian. It'll have a fibre-channel disk. What about offering this machine's resources to off-campus? Argument that it's a high visibility machine (but UW is high-visibility anyway). Fraser: what about authenticating against uwdir? Mike: Yes, via ssh/PAM.

Printing

Problem is our current method requires a certain amount of trust in the users of the machines, particularly when they have admin access.

We need to document how to set up one of our standard Linux PCs such that they can print.

Digressed into a more general issue with hostnames and such: hostnames don't match queue names. Fraser said one of the problems we've run into is Samba just chooses a name from among the available names.

Daniel: how big a mess are we in? Mike: a big mess. Fraser: doesn't disagree. He'd like to see a list of actual problems that we've run into. That's a good idea; Mikes + Trevor will gather list. (suggestion from Daniel: gather at LinuxPrintingIssues)

Can we configure our CS machines such that, f'rinstance, Mozilla can choose one? Worth looking at for the grad pc's at least. Fraser doesn't see a problem with pre-populating print queue stuff with lists of hostnames and users.

Policy Document

We agreed that we still should write something.

Future Meetings

Fraser thinks at least once a term is reasonable. Nobody else disagreed.

What is our mandate, exactly? What should we do at our meetings? Daniel thinks monthly meetings would be a decent frequency.

When should we have our next one? Fraser has gripes Monday Wednesday, Guoxiang does Thursdays. Tuesday afternoon at 1500h sounds ok to most. Mike will try to pick a date.