[HCS-D]office hours happenings

Matt Gline gline at fas.harvard.edu
Tue Dec 14 01:28:35 EST 2004

Hullo all. Here's the weekly summary of what happened at office hours
this week. I promise I'll make this one shorter than they've been,
though it seems pretty likely I'll accidentally break that promise as I
start remembering things. Two notes, before I begin:

1) You can follow along with our progress from home, as we're sort of
kind of keeping the wiki up to date these days! hcs.harvard.edu/~twiki
redirects to the HCS web. Note in particular the ToDo topic, the
ProJects topic, and the ever-so-exciting RecentlyCompleted topic. And
please, please, please, please, please if you've done anything, notice
anything you want to do, or are in charge of a project, update the
relevant page! Hopefully in the near future the concept of Project will
be formalized enough for it to be clear what that means (though not too
much... I don't like formalizing things) but in the meantime the
mishmosh approach seems consistent with the wiki philosophy anyway.
Eschew organization for content, that's what I've always said...

2) ELECTIONS ARE NEXT WEEK! Maybe you don't feel that warranted all
caps, but I do and I get to send the emails, so hah. It'd be nice to
have a super-big turnout so we can feel like a legitimate political
entity and so that our new board can claim to have a popular mandate to
do good in the world.

Okay, enough with the public service announcements. On to the evening.

Members present: Nick, Matt (that's me), Matthew (that's not), Greg
Price, Yves, Steve, Ivan, Mike, and a few very nice members of the
general non-hcs public who had questions either about their account or
about hcsish stuff in general. 

Things that happened, in no particular order:

1) RT continued to confuse. Anyone who wants to see exactly how it's
confusing can go to hcs.harvard.edu/rt/ and note the nondescript error
message, both on the page and in the httpd logs in /usr/local/www/log/.
It could have something to do with suexec and ownership and permissions
and where the files live - I'm not rightfully sure. We've tried
ownership by root, www, and gline, and right now the files all live in
/opt/rt3/blah. Anyone have any good ideas how to make this work? It's
probably something funky with apache configs... At any rate, the status
of RT has been advanced from 20% complete to 30% complete by Matt
Fasman, who is the official spiritual and political leader for the

2) pf was started, really this time. We had some minor configuration
hiccoughs, but Mike used his 1337 sk1llz to smoothe them out and left us
with a very pretty firewall that seems to work pretty well. We'll know
for sure when those Brazilians resurface and try and use hcs as an irc
server... Sorry all for the brief downtime.

3) Ivan gave us a good 5 minute demo of the beauty of kernel ACLs.
They are indeed beautiful, and have the potential to make things quite
secure in hcs-land. There's still some discussion to be done weighing
their benefits (a locked down environment where insecure PHP code can
essentially cause no damage and users can't open inappropriate sockets
and so on) with their costs (installation of new software would require
an additional password, and so on) but it seems there's no good reason
at the very least not to try them out. So we will when we move toad over
to debian.

4) Steve has notified users of phpBB2 and others that their code is
broken, and is working on collecting a good library of php scripts. If
anyone can recommend some php scripts that do things like bulletin
boards and calendars which we might in turn suggest to our users, please
do so.

5) We finally bit the bullet and fixed mysql permissions for everyone
(thanks to Greg, who wrote a monstrosity of a shell one-liner, though I
think eventually it got split up into a legit shell script...). We also
cleaned up (read: eliminated) the mysql account "facebook," which looks
to be the remnants of some partially completed hcs project from
yesteryear which was now gathering dust and leaving accumulated cruft in
our mysql logs. Incidentally, if anyone out there in internet land knows
with any certainty what this was doing, I, for one, am curious :)

6) We cleaned up the motd a lot. And eliminated the block letters. Sorry
if there were any block letter devotees. 

7) We checked some httpd configuration files into RCS. We've also noted
we have some issues with the ways in which HCS code is distributed
across the machine - we're maintaining "parallel" versioins of access
and group-add.sh, which is bad. We aim to rectify this problem. In
particular, unless there's a good canonical solution, we're going to
build a tool for it. We'll stick a custom header at the top of each
script that specifies where the script should be installed, and our tool
will copy the script over and swap the header out with a big nasty block
letter bold faced comment informing any would-be smart-aleck sysadmin
that the correct place to edit the scripts is in /usr/local/localsrc or
whatever. Does anyone know if there's a "right" way to do this?

8) We shored up the election rules. The consensus IIRC is this: 
   * to vote, members must have attended at least two hcs meetings this
   * to run, members must have attended at least two hcs meetings this 
   * anyone may declare their intention of running at any time before
   	the election for a particular position is held. Those running
	for a position will give a brief position statement and then
	we'll discuss and vote. 
Someone correct me if I have this wrong.

9) We talked about Those Two Machines. We're gonna try and get some new
RAM and make them work. Kartik'll let us know what the processors are so
we get the right stuff.

I think I've broken my promise already, so I'll stop there. Here's my
usual summary of things:

Things that got done:
1) pf is now running
2) rt is closer to running, though there are still issues.
3) mysql now works for everyone
4) more discussion of kernel ACLs, and a demo
5) some users helped
6) *** We've started to use systems at hcs. Manager will be replaced...
	soon! *** 

Things to be done:
1) newlist.hcs wrapper code to deal with spam bounce...
2) publicize twiki more
4) do to group-add.sh what was done to makelist - create a script
that'll read the email in mutt and make the group.
5) make makelist.php do more sanity checking. check against /etc/passwd,
among other things.
6) fix our backup system, really. This is important. I swear. We should 
do it soon. Even if we get snapshot directories or a netapp or whatever.
7) clean up the logging system
8) clean up hcsa. Take some entries out of the procmail and dump some of
the archives we don't need anymore.
9) upgrade mailman (maybe this could coincide with migrating lists?)  
10) inquire with frank steen about obtaining control over our own DNS.
This'd be cool.
11) fix script installation procedure, RCS in general should work better
12) create an acctserv duty calendar (or whatever you want to call it)
13) deal with numerical user IDs, which are a holdover from the hard
drive copy this summer.
14) deal once and for all with the "portions of home directories
accidentally owned by root" problem, another holdover from this summer.
15) draft a policy proposal to suggest to FASCS regarding Firefox and
16) ___________ (verb) the __________ (adjective) ____________ (noun)

More information about the hcs-discuss mailing list