Project:Cholten99/VMsInHackspace

From London Hackspace Wiki
Jump to: navigation, search

VMs in Hackspace

1) http://docs.petervg.nl/index.php/component/content/article/57-virtualbox/101-virtualbox-cli

2) Link from wiki server list page (move to front page) to a page that lists status of VMs

3) And IRC (list all real and virtual) servers in the space and how to log in via SSH)...

...

Guess we need a list of real and virtual servers plus SSH / Remote-Desktop addresses available to folks. Do we run our own DNS server so that we can hang the VMs off the hackspace.org.uk for named external access? Easiest way I guess would be to set up something like tomcat so that a page can be auto-generated with all the information and linked off the front of the wiki (with bonus points for uptime, etc).

Is there a need for external access currently? For now, people can ssh in, and we use internal DNS. I'd really avoid tomcat if at all possible - iptables and mod_rewrite can do it for much less effort and overhead. Ms7821 15:49, 16 April 2011 (UTC)
Also, are these VMs going to be running for long periods of time? I think encouraging uptime is basically encouraging people to run them when not necessary. Perhaps I'm misunderstanding what you mean... Ms7821 15:51, 16 April 2011 (UTC)

I think we need a bit of thought on acceptable uses, privacy and security here. (I'm tempted to raise this on the list but I really don't like sending emails that go to a thousand people without putting a lot of thought into it).

Security concerns

There is mention of using Lovelace for this. Last time I looked the iptables rule I put on lovelace to block all remote SSH access to lovelace was still in place. It's is quite annoying when someone remotely does shutdown -now, potentially causing people to loose work, because they don't like the music or are having a childish squabble.

Umm, did you tell anyone about this? Lovelace isn't on at the moment, so I can't tell if it's still the case, but it's pretty useful to have remote access to it. None of our machines should be depended on, but Babbage is there for when you're working on something continuously. That said, if someone turned Lovelace off while you were sitting at it, that's a dick move, and I think it's reasonable to call them up for it. Ms7821 10:43, 18 April 2011 (UTC)
I believe I mentioned it on IRC --AJP

There are people around who would think it hilarious to remotely play music or Japanese scat porn on a public computer in the space. I'd prefer public terminals that lots of people use for casual internet access not be remotely accessible at all. Trolls will abuse remote access.

At the moment paying members with an account on babbage can remotely use the internet connection at the space for IRC or anything else you can do from a shell. Individual accounts give some level of visibility and accountability.

Lovelace currently has an account with well known username and password used by everyone. Having that externally accessable would rapidly bring trouble.

There was a plan to use LDAP for all the computers, but so far that hasn't been necessary. This is actually the first suggestion for a few months that we need it. I agree that making externally accessible would spell trouble. Unfortunately, if people are in the space, they can give themselves root access anyway - there's no technical fix we can do. Ms7821 10:43, 18 April 2011 (UTC)

If a VM can be used by any random person on the internet it HAS to be firewalled off from connecting out to the internet and from messing with visitors laptops on the LAN and even then I'm dubious. There have been a few services on the internet for many years that allow anyone to use a shell (grex, sdf.lonestar.org etc). They have always been and will always be a battleground between the admins, script kids and spammers.

Considering privacy, lovelace is a public terminal and it's acceptable for anyone to have a poke around in the download directory and browser history to see what interesting things people have been using it for. I would like the boundaries for VMs to be clearly defined, do we want someone to have their own personal private VM full of secret stuff that they don't think anyone else should be able to look in?

If you're poking around in the history, don't forget that people might accidentally leave cookies in the browser or personal files on the desktop. As for VMs, if someone has a private one that isn't causing trouble, I see no problem with it staying there, as long as it's being used. If it's causing trouble or eating too much space, other members can just turn it off or (after warning) delete it. Ms7821 10:43, 18 April 2011 (UTC)

There is potential for people to find all sorts of creative things to do with VM's that will make heavy use of the ADSL connection. I think it's well established that anything that noticably affects web surfing or the webcams to be unacceptable. We probably need to preemptively forbid game servers or seeding torrents.

People tried running a minecraft server on babbage and there was minor grumbling about it.

There's actually a minecraft server in the space at the moment. The main issue is that our previous router couldn't deal with it, but we can now enforce traffic shaping and connection limits. I'm happy to take responsibility for this. Ms7821 10:43, 18 April 2011 (UTC)

The choice with a load of VM's is either to set some guidelines from the start or wait for the hijinks and bickering to start. --AJP

I don't think VMs are going to take off on a large scale, but Hackspace is about trying stuff Ms7821 10:43, 18 April 2011 (UTC)