Lab Organization

This page is an attempt to codify the Unwritten Constitution of the CrySP Lab. It contains information that should be helpful to new members of the lab, and serves as a central hub for organization.

CrySP wiki

In the odd event that you are not reading this document on the web already, the live version can be found at:

The wiki is used to manage most aspects of daily life as a CrySP member. Any member can have an account to edit any page, and in fact this is encouraged to help keep the wiki informative and up-to-date. HTML can be used on the wiki, but we have made an attempt to stick to TWiki syntax when possible. The WYSIWYG editor has a tendency to mangle page source code, and it is advisable to use "Raw edit" mode instead. This mode can be made the default by changing the preference on your userpage. Markup can be protected from WYSIWYG mangling by surrounding it in <sticky></sticky> tags.

Weekly meetings

CrySP meetings are held weekly, and attendance is generally considered mandatory if you do not have another conflict with the time slot (such as attending a conference). Two members of the lab present half-hour talks at each meeting on a rotating basis. New students are usually added to the end of the rotation so that they have a chance to experience many talks before giving their own.

Your Computer

All new students are given a computer for research purposes. Before you arrive, your supervisor should ask you whether you want a laptop or a desktop machine, and which operating system you prefer. Your computer will either come with Windows, Ubuntu, or both, depending on what you told your supervisor.

The computers in the lab are managed by the Computer Science Computing Facility (CSCF). By default, the machines grant full remote root access to CSCF staff, and the drives are not encrypted. All tech support requests should be submitted to CSCF through Adrian (see student responsibilities for a list of student roles in the lab). In general, expect CSCF to be slow to respond to requests (if they respond at all) that are submitted via email. For urgent situations, you should physically go to the CSCF offices in the building to ask for assistance.

Unlike other institutions and departments, you are permitted to change your computer. For example, it is completely fine (and common) to wipe the HDD as soon as you arrive and install your own OS. However, if you modify the core system, you will not receive CSCF support for that system. Only reinstall the OS if you are confident enough to manage your own computer.


All machines in the lab are behind a firewall that blocks most incoming ports. There are exceptions for ports 22, 80, 443, and 8080. If you would like to have additional ports unblocked for your workstation, ask the Quartermaster (Adrian) to submit a CSCF request.

Even though we are behind a firewall, you should install and enable a host-based firewall on your machine, since misconfigurations can and do happen. You probably already have a favorite, but if you don't, then we suggest ufw for Linux machines. On Ubuntu or Debian, simply sudo apt-get install ufw and then sudo ufw enable. See the manual for instructions for adding rules (e.g., sudo ufw limit in from any to any port 22 proto tcp). The built-in firewall for Windows machines is enabled by default and should be sufficient.

Additionally, you should be aware that SSH servers running on lab computers are routinely attacked by random zombie machines (expect tens or hundreds of brute force attempts per day). You should secure your SSH server. At the very least, you should disable password authentication and use only certificate-based authentication. If you don't need SSH, disable it completely (but note that this will prevent you from receiving CSCF support).

Lab door policy

All members of CrySP, including those with separate offices, should have keyfob access to the lab's front door (DC3332). The "door policy" determines when the door should be left open or closed.

After several past incidents, we've established the following door policy:

  • The front door should be closed at all times.
  • The back door should be closed at all times except when office hours are being held in the lounge; the door can be propped open for the duration of the office hours.


There is a list of all printers in the building available at: The following printers are considered the most convenient for people that sit in the lab.

Location Model Connection string Notes
DC 2583 (grad mailroom) HP LaserJet M605x
HP LaserJet M605x
Technically the only printers grad students are allowed to use, but they're a bit of a walk from the lab. You need to install the HP Laserjet M604 M605 M606 Postscript PPD file to use as the driver. In Ubuntu and Debian, you can get this driver by installing the printer-driver-postscript-hp package.
DC3116 Xerox WorkCentre 5335
HP LaserJet P4015x
In a utility room along the corridor to MC (i.e., turn left, walk straight, the door is on your left). Generally open already from 9-5 M-F. Xerox PPD driver file for Linux. The HP printer is used more often, so we recommend using the Xerox to avoid the congestion.

IRC channel

We have a student-run IRC server for the lab. Many of us idle here, and we encourage all CrySP students to join. The sysadmin for the IRC server is currently Justin.

  • Host:
  • Port: 6697
  • TLS is required
  • Ask another CrySPer for the password
    • Please don't write the password on your whiteboard. Yes, multiple students in the Cryptography, Security, and Privacy lab have done this before.
To prevent constant joining and leaving, and to allow you to switch between on- and off-campus devices seamlessly, there are several software solutions available. If you do not have an always-on computer, you have an unstable Internet connection, or you don't want to set up the below solutions for any reason, then you can ask Justin to allocate a Quassel core for you on the IRC server itself. This is a very simple process, so don't worry about asking for one to be set up. Otherwise, here are some options lab members have found to work well in the past:

Irssi is a command-line IRC client, which means it can be run in Screen or tmux and thus connected to from anywhere via SSH. Many of us keep irssi running in a Screen or tmux session on our lab desktops, or other always-on machine.

To make an "irc" command, create the following alias:

irc=screen -S irc -D -R

To connect to the CrySP server in irssi:

/connect -SSL 6697 <password>

When using irssi and screen, you might consider using Mosh instead of SSH to connect using mobile devices, since Mosh is more resilient to roaming and other connection changes. Alternatively, if you don't have access to a static external IP with open ports for SSH, you can configure your machine to expose SSH on an onion service. These two configurations are, unfortunately, incompatible, because Mosh relies on UDP, which Tor does not support.

If you would like to make your SSH setup a bit more secure, you can set up irssi in its own user account, with its own accepted SSH keys and no sudo privileges (e.g., so your phone won't have full access to your lab machine). If you do, calling the alias mentioned earlier at the end of that account's .bashrc file also lets you automatically open up IRC when you connect.

Quassel is a similar solution for Windows, Linux, Mac, Android, and iOS. Compared to irssi+screen, Quassel is primarily GUI-based and does not require SSH or command-line operations. When using Quassel, you should run a Quassel "core" (i.e., server) on one machine, and connect to it with multiple Quassel clients.

If you are installing Quassel on Debian or on Ubuntu 16.10 (Yakkety Yak) or later, you should not install the quassel package, since this package combines the core and client into a monolithic installation (i.e., it does not allow you to use multiple clients). Instead, you should install the quassel-core package on a stable computer (such as a lab Desktop machine) and the quassel-client package on every computer you'd like to use to access IRC. You can use Quasseldroid for Android devices, or iQuassel for iOS devices.

Finally, there is a sort of hybrid of the above two options: Weechat is a command-line IRC client like irssi, but has its own client-server protocol like Quassel to allow GUI apps to also use it. Most notably, it has an Android app available that is a lot nicer to use on a touchscreen than a terminal app would be (you can find it on Google Play or F-Droid). To use it, you can set it up the weechat core as you would irssi, then set up any additional clients you want to connect to it, most likely by providing an SSH key to the app and pointing it at your IP or onion service.The main advantage of irssi over Weechat is that irssi is older, simpler, and better known. E.g., you can find irssi installed already in many server environments, including the system you should have access to. Otherwise, Weechat is the more featured IRC client.

CrySP library

There is a small bookshelf in the CrySP Lounge that has a variety of crypto-related books you may find useful.


Various responsibilities for lab upkeep are delegated to CrySP students. Positions are assigned on a volunteer basis, but students should avoid holding more than one or two titles at a time. Descriptions of each position and their duties should be placed on an associated TWiki page.

The current holder and title of a position is set in a variable on CrySP.WebPreferences, so that changes can be made from a central location. The student assigned to a role may freely change the title of that role with absolutely no effect on the associated responsibilities.

Title Responsibilities Assigned person
Scheduler of the Meeting Picking group meeting time Rasoul
Assistant Vice Speaker Rotator Managing the speaker rotation Justin
Typey Lad Updating the speaker archives with notes from weekly talks Lucas and Sajin (backlog)
Spider-Man Updating the CrySP website Ted
Quartermaster Assigning cubicles, fobs, CSCF interactions, and coordinating repairs & facilities Adrian
Ancient of Knowledge Managing the library and poster displays Bailey and Miti (scripting)
CPI Mailing List Maintainer See Information for CACR Representatives. (Duties are currently in flux while CPI operating procedure is established.) Nils
Operator Maintaining the IRC server running in the lab Justin
TWikir General wiki maintenance that doesn't fit other categories Justin
Area Deputy Interfacing with faculty hiring committee Bailey
Town Crier Posting content to lab social media accounts Thomas
Outer Space Committee Designing plans for the upcoming lab expansion Ian and Nik

Changing seats

If you have a seating preference that is not currently being fulfilled, speak to the Quartermaster (currently Adrian) and it may be possible to change desks (or get on the waiting list for a departing student's spot). For more information, see the lab space allocation page.

Edit | Attach | Watch | Print version | History: r38 < r37 < r36 < r35 < r34 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r38 - 2021-09-01 - JustinTracey
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback