Difference between revisions of "Project:Cholten99/VMsInHackspace"
(needs consideration of accountability, acceptable uses, privacy and security) |
|||
| Line 14: | Line 14: | ||
: Also, are these VMs going to be running for long periods of time? I think encouraging uptime is basically encouraging people to run them when not necessary. Perhaps I'm misunderstanding what you mean... [[User:Ms7821|Ms7821]] 15:51, 16 April 2011 (UTC) | : Also, are these VMs going to be running for long periods of time? I think encouraging uptime is basically encouraging people to run them when not necessary. Perhaps I'm misunderstanding what you mean... [[User:Ms7821|Ms7821]] 15:51, 16 April 2011 (UTC) | ||
| + | |||
| + | I think we need a bit of thought on acceptable uses, privacy and security here. | ||
| + | (I'm tempted to raise this on the list but I really don't like sending emails that | ||
| + | go to a thousand people without putting a lot of thought into it). | ||
| + | |||
| + | |||
| + | There is mention of using Lovelace for this. Last time I looked the iptables rule I put on | ||
| + | lovelace to block all remote SSH access to lovelace was still in place. It's is quite annoying when someone remotely does shutdown -now, potentially causing people to loose work, because they don't like the music or are having a childish squabble. | ||
| + | There are people around who would think it hilarious to remotely play music or Japanese scat porn on a public computer in the space. | ||
| + | I'd prefer public terminals that lots of people use for casual internet access not be remotely accessible at all. Trolls will abuse remote access. | ||
| + | |||
| + | At the moment paying members with an account on babbage can remotely use the internet connection at the space for IRC or anything else you can do from a shell. Individual accounts give some level of visibility and accountability. | ||
| + | |||
| + | Lovelace currently has an account with well known username and password used by everyone. Having that externally accessable would rapidly bring trouble. | ||
| + | |||
| + | If a VM can be used by any random person on the internet it HAS to be firewalled off from connecting out to the internet and from messing with visitors laptops on the LAN and even then I'm dubious. There have been a few services on the internet for many years that allow anyone to use a shell (grex, sdf.lonestar.org etc). They have always been and will always be a battleground between the admins, script kids and spammers. | ||
| + | |||
| + | Considering privacy, lovelace is a public terminal and it's acceptable for anyone to have a poke around in the download directory and browser history to see what interesting things people have been using it for. I would like the boundaries for VMs to be clearly defined, do we want someone to have their own personal private VM full of secret stuff that they don't think anyone else should be able to look in? | ||
| + | |||
| + | There is potential for people to find all sorts of creative things to do with VM's that will make heavy use of the ADSL connection. I think it's well established that anything that noticably affects web surfing or the webcams to be unacceptable. | ||
| + | We probably need to preemptively forbid game servers or seeding torrents. | ||
| + | |||
| + | People tried running a minecraft server on babbage and there was minor grumbling about it. | ||
| + | |||
| + | The choice with a load of VM's is either to set some guidelines from the start or wait for the hijinks and bickering to start. --AJP | ||
Revision as of 09:50, 18 April 2011
VMs in Hackspace
1) http://docs.petervg.nl/index.php/component/content/article/57-virtualbox/101-virtualbox-cli
2) Link from wiki server list page (move to front page) to a page that lists status of VMs
3) And IRC (list all real and virtual) servers in the space and how to log in via SSH)...
...
Guess we need a list of real and virtual servers plus SSH / Remote-Desktop addresses available to folks. Do we run our own DNS server so that we can hang the VMs off the hackspace.org.uk for named external access? Easiest way I guess would be to set up something like tomcat so that a page can be auto-generated with all the information and linked off the front of the wiki (with bonus points for uptime, etc).
- Is there a need for external access currently? For now, people can ssh in, and we use internal DNS. I'd really avoid tomcat if at all possible - iptables and mod_rewrite can do it for much less effort and overhead. Ms7821 15:49, 16 April 2011 (UTC)
- Also, are these VMs going to be running for long periods of time? I think encouraging uptime is basically encouraging people to run them when not necessary. Perhaps I'm misunderstanding what you mean... Ms7821 15:51, 16 April 2011 (UTC)
I think we need a bit of thought on acceptable uses, privacy and security here. (I'm tempted to raise this on the list but I really don't like sending emails that go to a thousand people without putting a lot of thought into it).
There is mention of using Lovelace for this. Last time I looked the iptables rule I put on
lovelace to block all remote SSH access to lovelace was still in place. It's is quite annoying when someone remotely does shutdown -now, potentially causing people to loose work, because they don't like the music or are having a childish squabble.
There are people around who would think it hilarious to remotely play music or Japanese scat porn on a public computer in the space.
I'd prefer public terminals that lots of people use for casual internet access not be remotely accessible at all. Trolls will abuse remote access.
At the moment paying members with an account on babbage can remotely use the internet connection at the space for IRC or anything else you can do from a shell. Individual accounts give some level of visibility and accountability.
Lovelace currently has an account with well known username and password used by everyone. Having that externally accessable would rapidly bring trouble.
If a VM can be used by any random person on the internet it HAS to be firewalled off from connecting out to the internet and from messing with visitors laptops on the LAN and even then I'm dubious. There have been a few services on the internet for many years that allow anyone to use a shell (grex, sdf.lonestar.org etc). They have always been and will always be a battleground between the admins, script kids and spammers.
Considering privacy, lovelace is a public terminal and it's acceptable for anyone to have a poke around in the download directory and browser history to see what interesting things people have been using it for. I would like the boundaries for VMs to be clearly defined, do we want someone to have their own personal private VM full of secret stuff that they don't think anyone else should be able to look in?
There is potential for people to find all sorts of creative things to do with VM's that will make heavy use of the ADSL connection. I think it's well established that anything that noticably affects web surfing or the webcams to be unacceptable. We probably need to preemptively forbid game servers or seeding torrents.
People tried running a minecraft server on babbage and there was minor grumbling about it.
The choice with a load of VM's is either to set some guidelines from the start or wait for the hijinks and bickering to start. --AJP