[HCS-D]office hours notes

Gregory N. Price gprice at fas.harvard.edu
Tue Dec 7 01:14:18 EST 2004

  On Mon, Dec 06, 2004 at 11:59:33PM -0500, Matt Gline wrote:
    3) Steve is currently doing two things so far as I recall related to
    this problem: 1) Finding suspect php code (though this is pretty much
    done?) and letting users know that they're running bad code, and 2)
    creating a list of canonical php scripts (e.g. phpBB, which happened to
    be the broken one in this case) to recommend to our users. This way we
    can also keep appraised of security updates to these scripts and tell
    people running them to upgrade when vulnerabilities arise.

There's also a more fundamental reason for this project, which isn't
really about security.

What HCS does is provide students with technical infrastructure to
help them run the myriad groups and projects we Harvard students run.
Several groups have asked just in the past six months about how they
can set up things like a bulletin board, a file repository, or even a
spreadsheet for multiple people to edit without emailing new versions
back and forth.  Many more have demonstrated they want such things by
just going and installing them.

It's therefore quite central to what we do that we be able to tell
these folks `sure, you want a bulletin board, here's some good
bulletin-board software' rather than `gee, I don't know, try Googling
for some.'

This project is related to the TWiki, iSites, and CampusShare
projects; we want to know what's out there for the things our users
want, so we can give them the best infrastructure available to help
them do the totally computer-unrelated things they actually want to do.


More information about the hcs-discuss mailing list