[IMC-Sysadmin] Re: [IMC-Tech] Re: [Listwork] new sarai. or not?
mycosys at octapod.org
Sun Oct 31 22:25:06 PST 2004
On Mon, 1 Nov 2004 00:26:24 -0500, mtoups wrote
> for those of you wondering like I was, the date is actually 1 Nov
> not 1 Apr.
> having our lists on a server with such an unreliable network
> connection would disrupt the indymedia network far more than
> any government could hope to do on its own -- in my opinion
> as someone who has dealt with the struggle to keep such services
> reliable over the past 1.5 years. we've seen that relatively minor
> network disruptions
what makes you suggest that wireless is unreliable?
I administer a server which has been connected via wireless for 6 years.
Our level of service interruption is minor (it only happens when our ISP dies
completely, it is never the wireless link), and we serve over 5000 hits a day
at some times of the year
>>It is the most valuable server we have, and has more identifying data than any
>>other server on the indymedia network.
> what identifying data are you referring to?
The archives. the plain text trasmissions our out there for moments
> your proposal makes me wonder if you've ever maintained a
> high-availability mail server.
I am the primary administror for mail sevices on this machine.
We, like cat, run mail services for a multitude of community organisations,
all over our wireless (which has been about the most reliable connection I
have come across)
We also serve many high demand websites, and are developing systems to
facilitate community groups to more easily produce and manage sites.
> i appreciate the interesting
> idea, and it might even be applicable to services like p2p
> networks or even distributed web services; but not mail, at
> least as described by rfc 821, if you want it to work well.
Frankly, from 5 years experience in this environment, bull
> if you're serious about email security, please help promote the
> use of proven tools like TLS, gnupg, mixmaster, and the like.
It is the archive I am most worried about.
But yes, I agree that SSL should be used for mail transport where possible
as to shayne's thoughts on wireless security, a 27dBi Aerial (ie 1m Conifer)
from the mail server combined with several relays using slotted waveguides
should make hunting the thing down bloody difficult, espescially compared to a
system where the location of the server is stored at the office of some telco.
I will say though that some interesting wiring from the wireless firewall to
the server would be a very nice touch, as will the OPENLASER systems when I
get them working
Please try to show a little respect to those with MUCH more experience than
you, I have been a computer profesional for 15 years and am qualified as an
electronic technician, specialising in Computers, Audio, and RADIO COMMUNICATIONS.
Try to get some information before you make such silly comments. All the big
buisnesses use microwave for this purpose, and have for decades.
> On Mon, 1 Nov 2004, kev wrote:
> > Hey guys
> > I have a strong request regarding this server
> > It is the most valuable server we have, and has more identifying data than any
> > other server on the indymedia network.
> > I the cuurent climate, I feel the physical security of this server should be
> > considered paramount.
> > To this end I would like to propose the following:
> > That the server be linked to a masquerading server (which does NOT log IPs)
> > via 802.11b on NON DIRECTIONAL aerials, preferably over several relays, making
> > the server EXTREMELY hard to find, and VERY easy to move.
> > That the masquerading server be on a rotating IP, with updates to the domain
> > DNS server being sent every time the local IP changes (this will make the
> > masquerading server hard to find too, and make DOS attacks difficult).
> > Software and hardware to achieve this are readily (and in the case of hardware
> > chaply, software is GNU) available, and set up of such a network is pretty
> > easy even for a non geek (the masquerading and IP rotation bit will need a
> > geek). I would even suggest moving the new hardware inro the wheeled box once
> > the migration is finished, making moving the server even easier.
> > A backup of the masquerading system should be kept on the listserv, so that in
> > the event the masq server is captured, we have enuf warning to move the
> > listserv, and set up a new masquerading server. Total downtime should be no
> > more than a few hours (depending on how far the system is moved, travel time
> > could increase this somewhat), with no loss of data .
> > Please consider this seriously
> > |/
> > ||ev
> > On Sat, 30 Oct 2004 13:21:37 +0800, Pabs wrote
> >> stefani wrote:
> >>> i was not very involved in setting up sarai, so i an not familiar with
> >>> how postfix was modified, if we'll even need to patch it or not if the
> >>> sarge version is used; same for mailman, spamassassin, or alternative
> >>> spam filtering, antivirus, etc.
> >> afa mailman goes, there are lots of patches to transfer, including
> >> ones against non-python stuff (apparently - jb, any details on
> >> these?). In order to expediate this process, we could simply port
> >> the patches to mailman 2.1.5 (sarge version), and split the patch up
> >> at a later date when we add some more patches.
> >> Perhaps we can do the same with pipermail->lurker etc, focus on
> >> getting stuff moved, and then all the cool new stuff (that isn't
> >> quite ready yet) can happen.
> >>> so i guess i'm asking for help in making the move.
> >> I'm available from next weekend to actually do stuff, inc porting
> >> patches etc.
MycOsys AtatAt OctapOd DoT org
Love is the Law
More information about the imc-sysadmin