[Babase] Re: Ranker security problems

Karl O. Pinc kop at meme.com
Fri Aug 17 17:36:11 EDT 2007


On 08/16/2007 10:46:15 PM, Jun Yang wrote:
> On 8/15/07, Karl O. Pinc <kop at meme.com> wrote:
> 
> > 1) Change the security regime at Duke so that it does
> > not disable the VPN software's installation on Lacey's
> > machine.
> 
> This seems really odd... Is it just OpenVPN or any
> VPN client?

It's not that odd.  MS Windows boxes are hard to secure.
Many insitutions re-image their MS Windows computers,
or portions thereof, regularly and automatically.
Even more often the register is restored and the
firewall settings are re-set.  Just the kind of
thing that messes with VPNs.

I don't know about other VPN clients but if it's the
MS Windows firewall settings that are getting munged then
I would expect other VPNs to have problems too.


> I think (2b) is clean and should be pretty easy to do.
> Regardless of what issues we have with VPN, the
> ranker should be made more flexible.

At least 95% of real-world coding is dealing with
exceptions and interfacing with a person.  Mostly
the exceptions involve interacting with a human.

> 
> On the other hand, I think we still might need to
> address the (orthogonal) problem of VPN not working
> on biology.duke.edu Windows PCs. For example,
> hypothetically speaking, what if Princeton hosts
> the database and we need to run ranker at Duke?

I like the idea of figuring out the Duke VPN problem.
Finding out what's going wrong should be trivial,
once the right person is found who's willing
to talk to us.  Making things work could be
entirely another issue because it undoubtably
involves policy surrounding computer support
and security.  But it's always good to know
what's going on.  Unfortunatly, it sounds like
Lacey has gone as far as she can investigating
this.  You or I might be able to get farther...

By the time papio moves to Princeton things
security policies and problems may have changed
so much that what we learn now won't be relevent.

> > 5) Rewrite the ranker so that it runs over the web.
> 
> Certainly possible, but it will be a completely different code
> base, and it will introduce many new requirements on the Web
> server that runs on papio. Since Web 2.0 is still evolving
> these days, I think the pure client-side Java application
> (which is what ranker is right now) will be much easier to
> maintain.

I agree.


Karl <kop at meme.com>
Free Software:  "You don't pay back, you pay forward."
                  -- Robert A. Heinlein



More information about the Babase mailing list