Minutes of SRCF committee meeting held 16th May 2008

Venue: The Castle Inn

In attendance:

Minutes

  1. Matters arising from previous minutes:
    • Postponed pending publication of minutes.
  2. Reunion dinner:
    • Highly successful.
    • Next year is our 10th anniversary; we should organise another dinner to celebrate this.
    • Action: Kristian to ask Martin Keegan for the exact date of the anniversary.
  3. LAN party:
    • Another LAN party will be held during May Week.
    • Action: Malcolm to liaise with Rob Bricheno to book a room (ideally Friday during May Week, or the Saturday before).
  4. Garden party:
    • Can be held any day except Sunday.
  5. Stash:
    • Poor response to design competition (only one non-committee submission).
    • Discussion took place on the merits or otherwise of including the CRSIDs of those people who order t-shirts on the t-shirt (in a similar manner to JCN). It was decided that for various reasons this would not be desirable (e.g. if irritating users ordered t-shirts).
    • The preferred design is Malcolm's (ASCII-art SRCF made from SSH keys on front, GPG signatures of this by committee on back), but recent events have necessitated changing this key after the design was produced. A possible modification was discussed, as follows:
      • Front: design as above using old SSH keys, crossed out in pen; new key handwritten underneath, followed by "Thanks Debian :-)".
      • Back: key fingerprints (in all six formats) in an easily-typeable form (no tabs or extra spaces), with detached GPG signatures as above.
    • Action: Malcolm to prepare graphics (of this design or a variation thereof), solicit orders in the garden party announcement email, and ideally have t-shirts printed before the garden party (or if not, solicit orders there too).
    • We should aim to produce a new design every year. Next year, we should make a special 10th anniversary t-shirt.
  6. PhoCUS:
    • PhoCUS (University photographic society) have asked for a large amount of disk space for a photo archival system. We are worried that the system as proposed may grow indefinitely and rapidly.
    • We should show an interest in what they are doing, how they are doing it, and who is using it — as it is a potentially high-profile project, and also because we should make sure that the resources are being well-used.
    • Additionally we should make it clear to them that space is limited.
    • Action: inform PhoCUS that, to start with, they should do a small-scale installation using standard society account resources, then apply for increased resources once the system is successfully in operation.
  7. Bank account access:
    • Malte now has access to the account, but statements etc. are being posted incorrectly to "Malte Schwarzkopf, Jesus College" rather than John's.
    • Jesus are aware of the situation, holding the post for Malte to collect, which is workable for now.
    • Action: pester HSBC to sort this out properly.
  8. Security:
    • Action: Kristian (in his sysadmin capacity) to write a script to look for world-readable files whose names suggest that they may contain database passwords (*config*.php, localsettings.php, etc.)
  9. Societies' fair:
    • Kristian is aware of the impending signup urgency and will deal with this as soon as CUSU announce that signup is open.
    • We should get a small stall with electricity, and actually make good use of electricity this year — for example, display a slideshow on a large monitor.
    • Action: Kristian to look into possible things to give out at the stall, e.g. SRCF pens
    • During the fair, we should go around other societies in order to:
      1. Advertise to societies who are not hosted with us (which we can determine from the CUSU societies directory)
      2. For those who are, ask them if they mind us sticking a "Hosted by the SRCF -- find us at $location" sticker on their posters.
  10. Other publicity ideas for next year:
    • Posters for college computer rooms and CL noticeboard
    • Advertising at the start of a 1A CST lecture — Action: Malcolm to contact Christine Northeast regarding this.
    • Publicise good use of the SRCF, e.g. "you should do your own backups and keep software up-to-date", more obviously.
  11. Sysadmin request tracking:
    • Action: sysadmins to investigate the pros and cons of moving to a request tracker or a shared IMAP mailbox.
  12. Update of terms of service (webmaster action):
    • "6. Backups will be made" → "Take your own backups"; don't mention at all that we take backups to encourage users to do so.
    • "9. Users are not permitted to compromise...":
      • Remove outdated information about sysadmin-run automatic cracking.
      • Split into two points:
        1. "You are responsible for maintaining the security of your passeord"
        2. "Don't mess around and violate the privacy of others' accounts"
    • "7. You may run CGIs...": we don't need to state that explicitly; merge the security aspects into clause 3.
    • Point 10 is very poorly written; "in statu pupillari" technically limits the service to students, which is not at all what we want to achieve. Reword to limit to e.g. "people with CUDN access".
    • We should write a more complete privacy policy (using the Hermes one for inspiration).
    • We need to stress that we are run by volunteers and we cannot guarantee anything.
    • Add a point stating that we may change the ToS by announcing the change on the website at least n weeks in advance.
  13. Miscellaneous sysadmin actions:
    • Move /tmp and /var/tmp off the root filesystem.
    • Consider automated vulnerability scanners e.g. Nessus.
    • Document good practice for sysadmins, e.g. setting reply-to to the appropriate rôle address when sending email.
    • Add stock emails to the wiki, particularly those which regularly confuse users, e.g. SSH host key change and user expiry.
    • Add the servers to each others' /etc/ssh/known_hosts.
    • Check whether PWF Windows or Linux has outdated SSH key fingerprints for us again, and if so, ask them to update.