[Babase] Re: Ranker security problems
Karl O. Pinc
kop at meme.com
Sat Aug 18 15:37:19 EDT 2007
On 08/18/2007 12:05:05 PM, Jun Yang wrote:
> Hi guys:
>
> You *should* now be able to connect to directly from biology.duke.edu
> machines without using VPN. Instructions on
> https://papio.biology.duke.edu/babasewiki/RankerProgram
> have been updated to reflect this change.
I don't _think_ that papio is allowing such connections
right now. I'm going to assume I've got Hunter's
permission and go ahead and set that up. I'll
write when it's working.
>
> I only tested it remotely because it's a bit complicated to run java
> app
> from papio from home (X-windows setup is currently messed up on my
> laptop). Lacey, please give it a try and let me know if it works now.
>
> --- Jun Y.
>
> On 8/17/07, Karl O. Pinc <kop at meme.com> wrote:
> >
> > On 08/16/2007 10:46:15 PM, Jun Yang wrote:
> > > On 8/15/07, Karl O. Pinc <kop at meme.com> wrote:
> > >
> > > > 1) Change the security regime at Duke so that it does
> > > > not disable the VPN software's installation on Lacey's
> > > > machine.
> > >
> > > This seems really odd... Is it just OpenVPN or any
> > > VPN client?
> >
> > It's not that odd. MS Windows boxes are hard to secure.
> > Many insitutions re-image their MS Windows computers,
> > or portions thereof, regularly and automatically.
> > Even more often the register is restored and the
> > firewall settings are re-set. Just the kind of
> > thing that messes with VPNs.
> >
> > I don't know about other VPN clients but if it's the
> > MS Windows firewall settings that are getting munged then
> > I would expect other VPNs to have problems too.
> >
> >
> > > I think (2b) is clean and should be pretty easy to do.
> > > Regardless of what issues we have with VPN, the
> > > ranker should be made more flexible.
> >
> > At least 95% of real-world coding is dealing with
> > exceptions and interfacing with a person. Mostly
> > the exceptions involve interacting with a human.
> >
> > >
> > > On the other hand, I think we still might need to
> > > address the (orthogonal) problem of VPN not working
> > > on biology.duke.edu Windows PCs. For example,
> > > hypothetically speaking, what if Princeton hosts
> > > the database and we need to run ranker at Duke?
> >
> > I like the idea of figuring out the Duke VPN problem.
> > Finding out what's going wrong should be trivial,
> > once the right person is found who's willing
> > to talk to us. Making things work could be
> > entirely another issue because it undoubtably
> > involves policy surrounding computer support
> > and security. But it's always good to know
> > what's going on. Unfortunatly, it sounds like
> > Lacey has gone as far as she can investigating
> > this. You or I might be able to get farther...
> >
> > By the time papio moves to Princeton things
> > security policies and problems may have changed
> > so much that what we learn now won't be relevent.
> >
> > > > 5) Rewrite the ranker so that it runs over the web.
> > >
> > > Certainly possible, but it will be a completely different code
> > > base, and it will introduce many new requirements on the Web
> > > server that runs on papio. Since Web 2.0 is still evolving
> > > these days, I think the pure client-side Java application
> > > (which is what ranker is right now) will be much easier to
> > > maintain.
> >
> > I agree.
> >
> >
> > Karl <kop at meme.com>
> > Free Software: "You don't pay back, you pay forward."
> > -- Robert A. Heinlein
> >
> >
> _______________________________________________
> Babase mailing list
> Babase at www.eco.princeton.edu
> http://www.eco.princeton.edu/mailman/listinfo/babase
>
>
Karl <kop at meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
More information about the Babase
mailing list