Reply With QuoteI hope for your sake this doesn't mean you are moving to one of the big IT outsourcers.
After about 19 years of running my own server for mail, website, and the like, it looks like it is all coming to an end. The college is moving to some superduper vlan setup, which means that there can no longer be a route from the outside (WAN/internet) to my server (LAN).
It might be that we can do something to preserve my website (including all the photos posted on this forum), but it is not a sure thing.
When it comes to the web, the college is now a gated community. So sad.
Best wishes,
Bob
Last edited by rfrazier; 20th October 2014 at 11:31. Reason: Typo.
I hope for your sake this doesn't mean you are moving to one of the big IT outsourcers.
This sort of thing is becoming all too common. The days of the fun, open and easily routed Net are over. :-( One might hope that colleges and universities could still have some freedom but it seems not.Originally Posted by rfrazier
They almost certainly could route packets into your server, couldn't they, if they wanted to cooperate. But I presume it is now 'policy' not to...?
Anyway, a basic virtual server at Amazon is free for the first year. Perhaps that would provide a safe way forward, at least for the time being?
Indeed!
No, I don't think so, although I'm no longer in "the loop" when it comes to the college's IT. I think that what it means is that I'm on the last segment of "old and busted" network. Everyone else moved over to the "new hotness" some time ago. The IT folks kindly worked around me for quite some time, but no longer can.
Even the university (not college) IT folks have been helpful. It turns out that about 15 years ago when they set up the new system, they manually put in some routing which made my email bypass the university's main email system and go straight to me. I had to ask them to change their routing table.
However, dinosaurs eventually become extinct.
Best wishes,
Bob
Sure. It is the cost and complexity, more than anything. The infrastructure has changed.
Best wishes,
Bob
You are more understanding that I think I would be. :-)
I don't think that what you are/were doing is dinosaurish. To my mind, it is a simple and natural expectation that technical users will not be satisfied with the standard arrangement.
I could see it coming. Think about driving or flying, or using radios (wireless). When they were new, licenses weren't needed, there were few regulations, etc. Once they become more widely used, things changed. I might disapprove, but understand.
Best wishes,
Bob
Luckily theres is a million cloud options now a days.
I believe there are even some blackhat services out there that are not joined with the NSA at the hip. :-)
What OS?
morgan
I use linux.
Finding space is no problem. What I don't want to do, however, is lose the domain name for my website. I've had it so long that it always comes up high on Google searches. ;) But, since it is a college domain name, I can't move it. So, I'm hoping that a place will be found for my website on a college server. Otherwise, I'm happy to rent webspace and use one of the inactive domain names I have.
For the other services. We hope to be moving soon. When we do, I'll just get a big pipe, and an ISP which allows servers.
Best wishes,
Bob
Last edited by rfrazier; 20th October 2014 at 11:57.
This is true in practice. But politically and philosophically it doesn't suit me and I despise such backward and limiting 'progress'. I prefer laissez faire, chaos, the unregulated market, and individuality. One the reasons I like technology and am naturally drawn to it is that it enables and facilitates liberty in this manner. When technology is misused for policy-based reasons (rather than anything technologically substantive) to limit what was previously possible then, to my mind, it is fundamentally failing (or rather those implementing it are failing).
Imagine you are a university IT Security Manager.
You are responsible for keeping all of the student's data and the university network safe. You helped implement a nice secure network with IPS, IDP, AV and you have discovery tools flying around the place ensuring compliance.
One day you find an odd watch hobbyist running none standard software on the public internet. Given you will be fired if the data on this machine gets leaked, what would you do?
You have two (realistic) choices. Find a way to secure and maintain it, or bin it. I'd bin it every time. As has been mentioned there are plenty other places one can go to do the same stuff that won't be on the university network.
In fact I administer firewalls and network configuration for a number of clients (businesses of varying sizes). I am acutely aware of what is possible, what is feasible, and what I think is reasonable. Many modern policies (note, policies, not technological limitations) are not reasonable in my opinion and unnecessarily limit what the technology is capable of. I perceive this to be a despicable failure at many levels.
But in this you are making an appeal to "policy", not technological capability.
Do I think that someone running their own server in this manner is reasonable? Yes. The technology is easily capable in general of accommodating this, safely and securely, especially when using VLANs. It is a wholly feasible request. Philosophically speaking, the whole point of technology, in my view, is to enable; it does not exist to limit.
You mention "non-standard". Oh the horror! How frightened people have become of "non-standard". To my mind, if the "standards" or "policies" or whatever you prefer to call them preclude such a reasonable, safely implementable and feasible requirement then this is prima facie evidence that the standards and policies are insufficient. The technology is capable of more and should be used properly and fully.
The world moves on but progress, to my mind, must mean progress to greater liberty, not towards arbitrarily imposed limitations for the convenience of some at the cost of others. As I mentioned previously, that is why I am naturally drawn to technology: It is a natural enabler and facilitator of liberty and to use it to arbitrarily or unnecessarily limit liberty because that is perceived to be convenient or because that is compliant with "policy" or "standard" is, as I said, a mindset of utter human failure that I despise.
Well, that is the purpose of technology, isn't it! That is what networking is effectively for. It's hardly an unreasonable thing to do. It could be done before and so to think it could not be done now, safely and securely, would be absurd.
Might it take some effort to include something unusual within the operational procedures and standards? Yes. But so what? That's what the job should be about!
Ah, without wishing to create conflict, I call this the lazy admin's approach. ;-)
Some people think that being "lazy" in this context is a good thing: They mean everything is squared away, sanitised and 'standardised'. I say that, yes, standards and documented operations are a good and necessary thing but that competently designed and implemented standards can and should also be capable of accepting and coping with exceptions that are reasonable (even if some effort is required, that is what an admin is for). I think that what the OP is doing is a perfectly reasonable thing, even if it's unusual nowadays. Unusual != unreasonable.
This is true and, despite everything I have said, I too think it would make more sense in the longer run for the OP to move his hosting elsewhere! However, even here there seems to be a limit in that the OP does not want to lose his existing domain names (and quite reasonably so). Again, surely his new IT providers could cope with a little bit of forwarding/redirection/whatever, and build it into their standards. The technology is almost certainly capable of it... it would just take some (very small) effort on their part instead of laziness. They can always build it into their standards.
Last edited by markrlondon; 20th October 2014 at 14:42.
Bob,
Gotcha. Well, i'm surprised they let you run the service for this long. ;-) I guess if they really like you they can either do a DNS redirect or a server side redirect to your new thing - but realistically, any DIS worth his salt, should say no. :-)
Cheers
Morgan
Of course. It's always about the people, and the money. If I was a security guy, I'd only be thinking of the data, people and the cost. Sure, it's technically possible for a professor who dabbles in Linux and hosts his own watch pictures to secure and maintain his own system, and sure there are tools that I could buy to see that he does it correctly.
However, those tools are expensive and there doesn't seem to be a lot of business benefit to supporting the current custom service.
I agree, when it's worthwhile. I'm guessing the OP doesn't have enough of a business case to keep the things the way they are though.
Fine. I get all this. However, if a service costs more to implement, maintain and introduces more risk than the value it adds then it's pointless.
I prefer stingy, than lazy.
If the non-standard thing add more business value that it costs, then it can be done. Otherwise I reject the RFC.
To my mind, if you feel you have to cite a business case to promote the accommodation of the reasonable (and previously accepted) then you have already fundamentally failed in the context in which I am thinking of all this. And I realise from the way you are writing this context is very different to yours, despite the fact that I think we do understand each other's mental contexts.
Yes, I know I'm not looking at it from a very corporatish perspective but, to me, that's just fine.
You and I are speaking at cross purposes on this, it seems.
Again, you seem to be looking at it purely from a business perspective. That's fine but it is one, very limited, viewpoint. To mind this is not purely a business issue (or even not a business issue at all if this is an educational establishment).
Also, in this particular case, there need be no (measurable or significant) cost for implementation or maintenance and there is no additional risk, as long as the system is correctly configured. Yes, correct configuration would require some effort (and thus some tiny cost compared to the whole) but it would be utterly absurd to imagine it would be or could be significant.
To be clear: I am not in favour of exorbitant or unnecessary spending! I am simply saying that what the OP wants to do in this context really should be achievable without significant or even meaningfully measurable extra expenditure on software or admin time (and this is even more true today than it has ever been before).
I prefer enabling and facilitating. To limit unnecessarily or unreasonably is, to my mind, to fail. "Stingy" is orthogonal to this.
Last edited by markrlondon; 20th October 2014 at 14:50. Reason: Added clarification
Although the college isn't a business in the standard sense, and, on my view, it is a very bad idea to think of it as one, it does have to watch costs. The problem isn't that the tools I use are non standard. They are actually pretty standard, mainstream tools. Nor is it that I'm much of a security risk (19 years, no compromises, I did the security for the college for a number of years, etc.). Rather it is the new network topology. The college is going to a VLAN. So, I need to be on it. A server needs to to face outwards. So I would have to be facing both directions. It is bad policy (from my point of view, wearing my computer security hat) to have many machines facing both ways on such things. When it was just a firewall, they routed my traffic through it, and let me handle my own security. However, it would be much more complicated, a bad policy idea, and somewhat more expensive to do so now. That's why I'm not upset about it.
Best wishes,
Bob
I wish Bob well well with sorting something out to allow access to his web site and the years worth of info stored there I have found this one of the most interesting and confusing threads of recent weeks probably because I'm an IT dinosaur myself.
I thought Linux was a character from Peanuts.
Keep up the good work I'm acronym challenged with IT
TTFN KYBO
Can't you just stick it on Geocities?
Obviously I don't know the details of your college's network but in general a VLAN-based system should surely facilitate placing your server in what is effectively an outward-facing DMZ VLAN. I.e. Your server would face outwards to the public Internet but internal hosts could still access it via loopback on its public interface just as if they were any other public host. In other words, what they are implementing should surely fairly easily be able to cope with your (or other) servers internally.
What I have said here is at least feasible and, in general, really should not cost a fortune to implement (in fact hardly anything since the infrastructure to do it is the very thing that they are implementing) and would not need additional compliance/monitoring/detection software over and above whatever they have already costed for. Risk of infection or compromise via your public facing server would effectively be nil since it would be in its own VLAN and unable to directly touch other machines on the internal network.
I know that in writing the above I am telling you how to suck eggs and, as I said, I don't know the details of your network but it does seem odd to me that a new VLAN-based approach is being used to deny what you have previously been doing when it should actually be capable of facilitating (and further securing!) what you've already been doing (without meaningful, or even any, additional cost). On this basis, it does read to me like a triumph of rigid policy over common sense.
Anyway, all that said, I do accept that the better place for a server is not on a user-focussed network (VLANs or not)! It's just that the denial of what was previously accepted, especially when the new system should on the face of it be more than capable of securely handling a server at trivial or no additional cost, annoys me greatly from a philosophical and moral (as well as technological) perspective.
P.S. Can the admin team redirect whatever URLs you need to a new server elsewhere? That should surely not be beyond their policies or abilities.
Last edited by markrlondon; 20th October 2014 at 15:08.
They might be able to give me room on a college server for my website. If so, then they can point the domain I'm currently using at that. But the chances of having an Oxford University address pointing at a non Oxford University outside machine (in general, but especially simply for my convenience), approaches nil.
The reason, I think, why using a VLAN makes things difficult is that there is reduced security within it. For example, some services are accessible within it that wouldn't be accessible from outside it. So, a compromise of one machine has a greater affect. Also, I think, that it they are inclined to use private network addresses, ones which aren't routable. Of course they could do port forwarding for specified ip addresses, etc., but it does add complications. If it were crucial to my work, sort of the equivalent of "a strong business case", no doubt something could be arranged. But, it isn't, or those parts of it that are can be handled in other ways.
Best wishes,
Bob
You're not wearing a watch in your college photo...
Well spotted!
It turns out that although I have about 10 or so within arm's reach, I'm not wearing one at the moment either. I seldom wear a watch when doing stuff at home, but I generally put one on for photos. I never leave the house without a watch on. Not even to go to the corner store.
The photo is a self portrait, taken at home.
Best wishes,
Bob
Bob,
If you want to give me some details (via PM probably) I might be able to help as I know the Oxford University IT people pretty well (in a professional capacity).
Cheers,
MarkC
I run a research lab system for a big site in Asia and as mentioned before a VLAN should be helpful to you. It should enable the admins to place a server outside of their realm so if it was compromised it would be separate to the rest of the machines.
I would go as far as asking them for a virtual machine (KVM for example) on one of their internet facing servers. I'm sure if they are running services for labs hosting their own websites then they should have all this set up already.
Works for u you never know this could be good for you in the long run as they should take care of all the hardware leaving you just the software.
Over thinking this a bit really. Move the site anywhere you want and set up redirects (and use Google Webmaster Tools to tell Google you've moved the site).
It is worse than I thought, and I've been way out of touch with the changes over the last year or so. They are simply getting rid of the college's network, except for some central offices. Instead, everyone is to use the university's wifi network. For almost everyone, this change occurred over a year ago. I'm on an old bit of the network, so I still had a wired connection and a static address. But they are turning off the lights. In the future, no wired connection and no static address. So sad.
I could have a website using my old address. But, it would have to be using some funky CMS system, like Drupal. So, it is the end.
The DoorsThis is the end, beautiful friend
This is the end, my only friend, the end
Of our elaborate plans, the end
Of everything that stands, the end
No safety or surprise, the end
Best wishes,
Bob
Switch off the light and shut the door on your way out, Bob my friend.
You're still going to be around though Bob?
Cheers,
Neil.
I expect so, Neil.
Best wishes,
Bob
The spirit of your web site might linger for a while.
https://web.archive.org/web/20090515...chch.ox.ac.uk/
That's great.
Cheers,
Neil.
^^^^
+1
What a couple of weeks of computer havoc! Most of it self made.
Since I was doing computer stuff, I decided I would move back to FreeBSD, which, in many ways, I prefer to linux. The reason I moved to linux was hardware support, and because I could run a couple of Windows programs on it using Wine, and FreeBSD didn't have Wine at the time. FreeBSD does have Wine now. Unfortunately, I never even got around to getting Wine to work on it, as the hardware/software support on FreeBSD was patchier than I thought. So, after losing over a day trying to get things sorted, I reversed gears and moved back to linux, using a clean install to get rid of cruft. Leave well enough alone. I should have remembered.
During this time I also had to get a website and point my domains at it. The hosting folks made a mistake in the DNS settings (not a huge deal, as DNS is always tricky), so it took longer than I expected. The DNS settings finally propagated last Sunday. After that it took about 15 minutes to move my website.
There was some good news. They haven't taken down my bit of the net yet, so I'm running my web server with a server http 301 redirect. This indicates that the web pages have permanently moved to a new domain (kant1.chch.ox.ac.uk -> www.rlfrazier.org). It took only a week for the search engines to take this on board and point to the new site, and, Google, at least, kept the old ranking. So, my stuff that was towards the top in the search rankings stay there. Of course, links to pictures in threads on boards like this will disappear once the old site is down, although requests for them are, at the moment, being redirected to the new website. ( I edited all my posts in "Classic Posts" to reflect the location of the new website, however. :) )
Perhaps I can now get back to working on watches for a little while.
Best wishes,
Bob
Last edited by rfrazier; 9th November 2014 at 03:51.
And of course we've not had the pleasure of any of your lovely b/w photos for a while.
Speaking of black and white. Something that I've been experimenting with is using monochrome/greyscale on my monitors and my phone. Two main things I've noticed. The first is that, like with b/w photography, it shows where composition (e.g., of a website) is good or crummy. The second is that it saves a boatload of juice when using an AMOLED screen. (I still sometimes switch to colour when looking at pictures, or viewing a film.)
Best wishes,
Bob
PS A third is that it is much more restful for my oldish eyes.
RLF
Posting Permissions
