Gabe, I think the OSU proposal addresses your concerns (having people volunteer redundant servers is also a great idea). The machine that was cracked hasn't bounced back quickly because I'm the only one with physical access to it and I've been on vacation. I'm back and waiting now on getting an access pass (which should be assigned to me tomorrow) so that I can get in and swap out the hard drive (with one with a fresh OS)). We have the backups from Anvil though so movement to a new machine at OSU doesn't really need to wait on anvil at this point. Anvil really was never intended to be a production machine and having Code4Lib hosted at OSU where there is a sysadmin attending to it (and policies about access, what can be installed, etc.) seems to me like it will solve the problems we've had in the past. It was fine letting Code4Lib grow a little in the anvil space, but I think the needs of its community have outgrown anvil (and I think this was the general consensus in the channel today). Thanks to OSU for stepping up and giving us a viable alternative! I know we'll have at least two places willing to mirror the Code4Lib site. The more the merrier though! Kevin On 8/1/07, Gabriel Farrell <[log in to unmask]> wrote: > I look forward to the proposal from OSU that should be mailed out to > the list shortly. The discussion that just took place in #code4lib > got me thinking. > > As I see it, the issue here has two parts. First, the machine was > cracked, and, second, service hasn't been restored following the attack. > > The code4lib.org site and its various subdomains have served a community > with a variety of needs, many of which require command line access and > the ability to install programs and services. Maybe some increased > restriction as to who has this access and what may be done with it is > called for, but even with greater restriction and more vigilant > sysadmins it's likely that the machine will get cracked again at some > point. > > While I hope we'll have a more secure box for code4lib in the future, > I'm also excited about plans for a system that can bounce back quicker. > In addition to local and remote backups, we could use full mirrors ready > for a dns switch. Several mirror host machines were even offered in the > discussion. Are there other strategies we might employ to make > code4lib.org more resilient? > > > On Fri, Jul 27, 2007 at 05:18:06PM -0400, Ed Summers wrote: > > As you may have seen or experienced code4lib.org is down for the count > > at the moment because of some hackers^w crackers who compromised anvil > > and defaced various web content and otherwise messed with the > > operating system. anvil is a machine that several people in the > > code4lib community run and pay for themselves. > > > > Given that code4lib has grown into a serious little gathering, with > > lots of effort being expended by the likes of Jeremy Frumkin and Brad > > LaJenuesse to make things happen -- it seems a shame to let this sort > > of thing happen. We don't have any evidence, but it seems that the > > entry point was the fact that various software packages weren't kept > > up to date. > > > > Anyhow, this is a long way of inviting you to a discussion Aug 1st > > @7PM GMT in irc://chat.freenode.net/code4lib to see what steps need to > > be taken to help prevent this from happening in the future. > > Specifically we're going to be talking about moving some of the web > > applications to institutions that are better set up to manage them. > > > > If this interests you at all try to attend! > > > > //Ed > > >