Bureaucrats, checkuser, Administrators
3,313
edits
Project:Cholten99/VMsInHackspace: Difference between revisions
From London Hackspace Wiki
no edit summary
(needs consideration of accountability, acceptable uses, privacy and security) |
No edit summary |
||
| Line 19: | Line 19: | ||
go to a thousand people without putting a lot of thought into it). | go to a thousand people without putting a lot of thought into it). | ||
== Security concerns == | |||
There is mention of using Lovelace for this. Last time I looked the iptables rule I put on | There is mention of using Lovelace for this. Last time I looked the iptables rule I put on | ||
lovelace to block all remote SSH access to lovelace was still in place. It's is quite annoying when someone remotely does shutdown -now, potentially causing people to loose work, because they don't like the music or are having a childish squabble. | lovelace to block all remote SSH access to lovelace was still in place. It's is quite annoying when someone remotely does shutdown -now, potentially causing people to loose work, because they don't like the music or are having a childish squabble. | ||
: Umm, did you tell anyone about this? Lovelace isn't on at the moment, so I can't tell if it's still the case, but it's pretty useful to have remote access to it. None of our machines should be depended on, but Babbage is there for when you're working on something continuously. That said, if someone turned Lovelace off while you were sitting at it, that's a dick move, and I think it's reasonable to call them up for it. [[User:Ms7821|Ms7821]] 10:43, 18 April 2011 (UTC) | |||
There are people around who would think it hilarious to remotely play music or Japanese scat porn on a public computer in the space. | There are people around who would think it hilarious to remotely play music or Japanese scat porn on a public computer in the space. | ||
I'd prefer public terminals that lots of people use for casual internet access not be remotely accessible at all. Trolls will abuse remote access. | I'd prefer public terminals that lots of people use for casual internet access not be remotely accessible at all. Trolls will abuse remote access. | ||
| Line 28: | Line 30: | ||
Lovelace currently has an account with well known username and password used by everyone. Having that externally accessable would rapidly bring trouble. | Lovelace currently has an account with well known username and password used by everyone. Having that externally accessable would rapidly bring trouble. | ||
: There was a plan to use LDAP for all the computers, but so far that hasn't been necessary. This is actually the first suggestion for a few months that we need it. I agree that making externally accessible would spell trouble. Unfortunately, if people are in the space, they can give themselves root access anyway - there's no technical fix we can do. [[User:Ms7821|Ms7821]] 10:43, 18 April 2011 (UTC) | |||
If a VM can be used by any random person on the internet it HAS to be firewalled off from connecting out to the internet and from messing with visitors laptops on the LAN and even then I'm dubious. There have been a few services on the internet for many years that allow anyone to use a shell (grex, sdf.lonestar.org etc). They have always been and will always be a battleground between the admins, script kids and spammers. | If a VM can be used by any random person on the internet it HAS to be firewalled off from connecting out to the internet and from messing with visitors laptops on the LAN and even then I'm dubious. There have been a few services on the internet for many years that allow anyone to use a shell (grex, sdf.lonestar.org etc). They have always been and will always be a battleground between the admins, script kids and spammers. | ||
Considering privacy, lovelace is a public terminal and it's acceptable for anyone to have a poke around in the download directory and browser history to see what interesting things people have been using it for. I would like the boundaries for VMs to be clearly defined, do we want someone to have their own personal private VM full of secret stuff that they don't think anyone else should be able to look in? | Considering privacy, lovelace is a public terminal and it's acceptable for anyone to have a poke around in the download directory and browser history to see what interesting things people have been using it for. I would like the boundaries for VMs to be clearly defined, do we want someone to have their own personal private VM full of secret stuff that they don't think anyone else should be able to look in? | ||
: If you're poking around in the history, don't forget that people might accidentally leave cookies in the browser or personal files on the desktop. As for VMs, if someone has a private one that isn't causing trouble, I see no problem with it staying there, as long as it's being used. If it's causing trouble or eating too much space, other members can just turn it off or (after warning) delete it. [[User:Ms7821|Ms7821]] 10:43, 18 April 2011 (UTC) | |||
There is potential for people to find all sorts of creative things to do with VM's that will make heavy use of the ADSL connection. I think it's well established that anything that noticably affects web surfing or the webcams to be unacceptable. | There is potential for people to find all sorts of creative things to do with VM's that will make heavy use of the ADSL connection. I think it's well established that anything that noticably affects web surfing or the webcams to be unacceptable. | ||
| Line 37: | Line 41: | ||
People tried running a minecraft server on babbage and there was minor grumbling about it. | People tried running a minecraft server on babbage and there was minor grumbling about it. | ||
: There's actually a minecraft server in the space at the moment. The main issue is that our previous router couldn't deal with it, but we can now enforce traffic shaping and connection limits. I'm happy to take responsibility for this. [[User:Ms7821|Ms7821]] 10:43, 18 April 2011 (UTC) | |||
The choice with a load of VM's is either to set some guidelines from the start or wait for the hijinks and bickering to start. --AJP | The choice with a load of VM's is either to set some guidelines from the start or wait for the hijinks and bickering to start. --AJP | ||
: I don't think VMs are going to take off on a large scale, but Hackspace is about trying stuff [[User:Ms7821|Ms7821]] 10:43, 18 April 2011 (UTC) | |||
