[Babase] Re: Ranker security problems
Jun Yang
junyang at gmail.com
Sat Aug 18 13:05:05 EDT 2007
Hi guys:
You *should* now be able to connect to directly from biology.duke.edu
machines without using VPN. Instructions on
https://papio.biology.duke.edu/babasewiki/RankerProgram
have been updated to reflect this change.
I only tested it remotely because it's a bit complicated to run java app
from papio from home (X-windows setup is currently messed up on my
laptop). Lacey, please give it a try and let me know if it works now.
--- Jun Y.
On 8/17/07, Karl O. Pinc <kop at meme.com> wrote:
>
> On 08/16/2007 10:46:15 PM, Jun Yang wrote:
> > On 8/15/07, Karl O. Pinc <kop at meme.com> wrote:
> >
> > > 1) Change the security regime at Duke so that it does
> > > not disable the VPN software's installation on Lacey's
> > > machine.
> >
> > This seems really odd... Is it just OpenVPN or any
> > VPN client?
>
> It's not that odd. MS Windows boxes are hard to secure.
> Many insitutions re-image their MS Windows computers,
> or portions thereof, regularly and automatically.
> Even more often the register is restored and the
> firewall settings are re-set. Just the kind of
> thing that messes with VPNs.
>
> I don't know about other VPN clients but if it's the
> MS Windows firewall settings that are getting munged then
> I would expect other VPNs to have problems too.
>
>
> > I think (2b) is clean and should be pretty easy to do.
> > Regardless of what issues we have with VPN, the
> > ranker should be made more flexible.
>
> At least 95% of real-world coding is dealing with
> exceptions and interfacing with a person. Mostly
> the exceptions involve interacting with a human.
>
> >
> > On the other hand, I think we still might need to
> > address the (orthogonal) problem of VPN not working
> > on biology.duke.edu Windows PCs. For example,
> > hypothetically speaking, what if Princeton hosts
> > the database and we need to run ranker at Duke?
>
> I like the idea of figuring out the Duke VPN problem.
> Finding out what's going wrong should be trivial,
> once the right person is found who's willing
> to talk to us. Making things work could be
> entirely another issue because it undoubtably
> involves policy surrounding computer support
> and security. But it's always good to know
> what's going on. Unfortunatly, it sounds like
> Lacey has gone as far as she can investigating
> this. You or I might be able to get farther...
>
> By the time papio moves to Princeton things
> security policies and problems may have changed
> so much that what we learn now won't be relevent.
>
> > > 5) Rewrite the ranker so that it runs over the web.
> >
> > Certainly possible, but it will be a completely different code
> > base, and it will introduce many new requirements on the Web
> > server that runs on papio. Since Web 2.0 is still evolving
> > these days, I think the pure client-side Java application
> > (which is what ranker is right now) will be much easier to
> > maintain.
>
> I agree.
>
>
> Karl <kop at meme.com>
> Free Software: "You don't pay back, you pay forward."
> -- Robert A. Heinlein
>
>
More information about the Babase
mailing list