We (foo, iang, binsh, martin) got together at Philip’s place 2nd May and had another go at getting LDAP moved. Progress:

• extracted and modified for new home into Roy
• Loaded up and running
• Databases extracted…
• Tech tech fed and watered (thanks to Delfine)

Things left to do: resolve the Bind <–> LDAP connection, set up Roy as DNS, try it all…

• blogs/
  • blog sign on is a problem
  • spammers are getting through the open-sign on.
  • maybe 1000 attempts a month
  • need an email address - use
  • we need a contract — terms & conditions, etc. ==> SunTzu
    
  • welcome text for new users
• need LDAP for MUworkpress
  • bernhard talking to Matthias
  • need LDAP sign-on site.
  • LDAP sign on / create new account is through evolve
  • need to rewrite the login page.
• evolve new account procedure
  • click on Login, under About Evolve, short graphical how to …
  • evolve should have a “Apply for Sonance Membership”
  • it is some work
  • Martin can do that
• streaming stuff
  • martin suggests: meeting / workshop
  • inviting tell people about theScreen
  • lucas is doing something with Ella
  • martin knows diete who is a painter that wants to do some live streaming
  • let’s email lukas and ella (marting talked to lukas)
• goten
  • no apache on goten — it is decided.
  • move mail long-term to the VM farm.
• database admin
  • philip might help us
  • “you guys keep it limping along until than”
• 3rd DNS server
  • Bernhard talked to sysadm on Hetzner…
  • could do 3rd DNS
  • not interesting at the moment coz still on goten
• programming web page
  • submission system
  • lots of stuff already there
  • It is like “changing the name of the new content button”
  • Martin … would not be the (sole?) programmer
  • next step is to write the requirements
• access to clem for iang ?

Tech team

Present: binsh, foo, martin, suntzu, stefan
Also: pablo, julia

• Matthias G: It’s all done, Virtually speaking! VMs are set up awaiting…
• Admins should request SSH passwords on all services …
• Sonance core applications => Candy !!!! this is the area for Martin.
  Drupal, PHP5 only!!
  ISPagent also installed.
• install a new Mediawiki version on Candy.
  get it going with LDAP.
• Need an SVN repository. How to run it? … Stefan could experiment from summer.
  Onto candy.
• Instiki-wiki … Matthias can identify who top users are and tell them it is going to be shut off.
• Martin wants to be “taken off” Roy (DNS, LDAP, ISPman).
• Hoss (databases) is installed MySQL … running on localhost only so far.
• Users to get new passwords.
• How to move the users? Do the users move themselves….. Decide this when DNS is going, below ===>
• If they show no sign, they disappear?????…… If they show up on wednesday or move it themselves, we can help! Board decision or not?

DNS

• Talked to Subik, sent him all the stuff. List of VMs, plan of split services.
• Subik should be preparing the DNS.
  This is now a critical blocking action!!!
• DNS is to go onto Roy.
• Question to DNS/team: how are internal names set up like hoss and roy/ldap?
  Internal /etc/hosts file?
  ldap.sonance.net, mysql.sonance.net, ?

Stream

• Gernot for typo3
• But it needs ImageMagic
• ImageMagic needs fopen() which is what caused the hack.
• Therefore not on candy as yet!
• In 1.5 months exactly, Matthias G and Oliver will complete Stage 1 of
  the Streaming and Converting Booster rocket.
• onto adam/stream.
• Then we have to think about how to integrate it to drupal….
• Streaming server had Flash converter,
  streams video … can either embed Quicktime or use a Flash player …
  Only streaming tech that Flash supports is RTMP (sp?)
  only streaming service that is free/not open source is
  “Flash Streaming Server” and possibly Helix.
  This way we can stream video in flash.
  is useful because it supports Quicktime …
• But we shall instead wait 1.5 months and then it will be solved.
  The installed copy had a dodgy past…

Misc

• (Martin) Antony was mentioned by Martin, is PHP/UN/CC/BG.
  Can he be brought in … YES!
• (SunTzu) CAcert might ask for support from sonance when they bring in a new guy to manage system moves: machines, space, net, sysadms, etc. More as it develops.
• (binsh) Pooool migration work is done, moved to sing.
• Pooool main portal is PHP, wordpress, mediabase (problem security wise)
  Needs ISPman Management tool … on Sing
• Should go on Clem.
  ISPman

Present: iang, virtual-matthias-G

Zentrix hacked again and again …

• Zentrix VM got hacked last friday night.
• Cleanup lasted minutes and it was hacked again by monday.
• vector of attack was either mod_perl or mod_php, no clarity on this point
• PHP was opened up again last September.
• Only active sysadms now have access, and new security policy is in place.
• subik moving dns to new VM with assistance from FF’s Wolfgang
• subik will solve ldap domains change problem.