Lab Meeting - May 10, 2004 Attending: Jan, Jeff, Gretchen, Todd, Scott, Dave, Jeremy Sites has offered to let us use their radmind images for free. Sites would not manage (or support) our machines, but would rather offer their radmind files and transcripts for replication to us. They provide a master server, we mirror it, and can add our own loadsets on top of it. So, should we take them up on it? One of the main reasons we didn't originally go with their solution was cost: $475 (with rover support) $350 (no rover support) and also some pretty hefty hardware requirements. No one really wanted to make cost an issue and it was negotiable. Users will continue going to their DSAs for support, not sites. SNI should continue being used for an original load, and radmind gets used to maintain a machine. This isn't particularly useful to those using NetBoot labs. Some departments may not find it useful because some departments will have to do so much customization that the effort to integrate their loads would outweigh just maintaining our own. Need some more information... Right now a lot of things are just opinions. We might want to develop a matrix to come up with some numerical comparisons. Using sites' transcripts requires a fundamental shift in policy of how much the college is supporting vs just the departments. Previously we decided that each department would maintain everyone on their own - doing this implies that the college/sites maintains at least the OS. SNI and radmind won't conflict - SNI just speeds up the original load. Regardless of what we use in an automated fashion, it would be useful to at least get copies of their transcripts to see HOW they're doing things (what gets managed, what doesn't, etc). Probably what makes it most difficult right now is departments haven't decided exactly what they need... Software licensing: keyserver has a trust relationship - we're working this summer to collaborate with the sites keyserver to make licensing a non-issue. Scott will work on a matrix Gretchen will find out exactly what they're offering (what gets copied and how often?) If they're using radmind for servers, we definately would like to at least see their transcripts. Questions: can a department (like CSG) actually use their radmind servers so long as the support relationship remains through the college? Are we talking JUST transcripts, or transcripts+source files If we used sites' stuff, would we replicate it automatically, or do we have to come up with a manual replication agreement? Are they offering that LSA can use their transcripts and their servers? ie - could we do overload transcripts and keep those on their servers? Questions for later: What overlap is there from what they've done and what we've done? What's considered "redundant"? If we get answers, we'll plan on meeting after the college-wide meeting on Wednesday to discuss the answers. Jeremy will have to lower the time he can spend on the OSX stuff due to increasing work on Linux now that it's moving along at a rapid pace. ############################################################ OFW LOCK: First program: looks for a file in /tmp that contains the cleartext password - it encodes the cleartext password and puts it into a new file. Also includes "ofpw" program Second program: actually sticks the encoded password into NVRAM security-mode: none = even if security-password is set, it's never used (completely open) command = require the password for changing the boot full = requires the password for every boot ??? Files: /tmp/ofwl.txt = contains cleartext password /tmp/ofwc.txt = contains encoded password + OFW mode Demo: put cleartext password in ofwl.txt Run "OpenFirmwarePasswordEncoder.pkg" (converts ofwl.txt to encoded ofwc.txt) Run "OpenFirmwareLocker.pkg" (sends contents of ofwc.txt to NVRAM)