OLPC:Volunteer Infrastructure Group: Difference between revisions

From OLPC
Jump to navigation Jump to search
Line 39: Line 39:


Here are some proposals on how to publish and protect i-g documentation.
Here are some proposals on how to publish and protect i-g documentation.
<OL>

1) Put docs, passwords and other information onto a protected area of
<LI>Put docs, passwords and other information onto a protected area of
teamwiki.
teamwiki.


2) Put the information onto public wiki, and use encryption such as
<LI>Put the information onto public wiki, and use encryption such as
gpg to encipher sensitive data such as passwords.
gpg to encipher sensitive data such as passwords.


3) Use git, and rely on git access controls for protection. Possibly transclude git to wiki.
<LI>Use git, and rely on git access controls for protection. Possibly transclude git to wiki.


4) Put data into a text file on the root directory of a machine.
<LI>Put data into a text file on the root directory of a machine.
</OL>


Please edit and add arguments pro and con.
Please edit and add arguments pro and con.

Revision as of 19:15, 20 August 2008

Infrastructure gang

Are you an experienced *NIX sysadmin looking for a way to volunteer for One Laptop per Child?

One Laptop Per Child is pleased to announce OLPC's Infrastructure-group! We are looking for a few good sysadmins to assist with our public-facing infrastructure.

Possible initial tasks include:

  • Trac and git maintenance
  • wiki extensions/improvements
  • RT updating and administration
  • Mailing list administration
    • The Library and Sugar mailing lists could use some list administration help [1] 23:34, 19 August 2008 (UTC)

We will consider expanding the scope of the project as we learn more about what works.

Purpose of the Volunteer Infrastructure Group aka infrastructure-gang

  • Make the sysadmin's job easier
  • Improve the infrastructure systems through "many hands/many minds"
  • Strengthen ties with the community

Contacts

The following infrastructures are in place to support this initiative:

Weekly meetings

Next IRC meeting will be at irc.oftc.net:#olpc-admin 5:15 pm EDT (-04:00 UCT), every Tuesday

I-g documentation discussion

Currently most sysadmin documentation is on OLPC internal wiki, which is generally only open to NDA'ed employees and select contractors.

Here are some proposals on how to publish and protect i-g documentation.

  1. Put docs, passwords and other information onto a protected area of teamwiki.
  2. Put the information onto public wiki, and use encryption such as gpg to encipher sensitive data such as passwords.
  3. Use git, and rely on git access controls for protection. Possibly transclude git to wiki.
  4. Put data into a text file on the root directory of a machine.

Please edit and add arguments pro and con.

Hhardy 17:41, 20 August 2008 (UTC)

See Michael's proposed infrastructure-documentation-system requirements

13:59 < m_stone> cjl: what did I miss?
14:00 < cjl> traceability of actions?
14:00 < m_stone> good.
14:00 -!- gregdek [~gdk@wireless-nat-pool-rdu.redhat.com] has joined #olpc-admin
14:00 < m_stone> cjl: actions on the documentation or actions on the system?
14:00 < m_stone> sorry, on the infrastructure being maintained.
14:00 < m_stone> gregdek: 
http://wiki.laptop.org/go/User:Mstone/Commentaries/Infrastructure_1 might 
                 interest you.
14:01 -!- _sj_ [~sj_@wireless-19-210.media.mit.edu] has joined #olpc-admin
14:02 < cjl> In my environment (Win) we enforce a separation between admin 
             identities and user identities so that most daily work by admins 
             is done with minimally priv'ed accounts.  Possibly not as 
             necessary in Linux environment, less credential hijacking.
14:02 < cjl> sort of a Windows sudo
14:02 < cjl> I have superman and Clark Kent accounts 
14:03 < cjl> m_stone: depends on ease of keeping such logging on various types 
             of actions.  On docs, you are talking version control and history, 
             on systems, it is an accountability/logging thing.
14:06 < cjl> both are desirable, tolls make the difference between how easily 
             either is done.  For any security measure, you need to have a 
             "threat model" that is realistic and not just a strawman or you 
             would turn off all your computers and hide them in the closet.
14:06 < cjl> s/tools/tools/
14:08 < cjl> It is of course one of the worst kept secrets in the IT world that 
             the greatest threats are internal (apropos henry's quis custodiet 
             ipsos custodes), and so it is generally a matter of risk 
             mitigation, not prevention.
14:10 < cjl> logging is an excellent risk mitigation tool because most of us 
             have reputations tha we value (semi-pseudonymous or otherwise) and 
             logging poses the risk of discovery and exposure of malfeasance or 
             misfeasance.
14:14 < cjl> In a high-risk environment (e.g. my Sarbanes-Oxley compliant 
             accounting system) actual examination of such logging is needed, 
             in a low-risk environment, the simple existence of such logs is a 
             deterrent and a valuable forensic/recovery resource
14:17 < cjl> m_stone: Sort of a long explanation, but does that answer your 
             question?

Adric's draft RT_Strategies doc

User:Adricnet/RT_Strategies

Meeting notes

Internal notes