[sudo-sys] New router for Omni

Tue May 18 22:30:56 PDT 2021

On Tue, May 18, 2021 at 9:55 PM Yardena Cohen <yardenack at gmail.com> wrote:

> Thank you for buying hardware!!!!! I'm so excited to put a new OS on
> this. How soon do we expect it?

No problem. It should arrive on the 26th at the latest :)

>  If this one works
> out, can we buy another one to use for space.local?
>

Sure if you think having two physically separate computers is the best
solution? It's more power usage but I guess another 8 W isn't that bad.
It's about $250 for one of these things so also not too expensive. I'm
planning to do some stress testing in a heated box to ensure they stay
stable at 40 C ambient before getting another one.

> I assume by "VLANs instead of separate LANS" you mean we'll continue
> using 100.64 for everything by default, and reconfigure those
> long-suffering devices which still expect 192.168? What would then be
> the purpose of a VLAN? They can be convenient sometimes but I wouldn't
> rely on them for any security. I would still assume that any device
> can reach any other if it really wants to. Which is fine with me.
>

We want to have at least one public network and one not quite as public
network for infrastructure. This isn't really much for security but more
for having reliable wifi on different channels that's still usable during
events with lots of people. We also have some devices that just have shit
security that we'd like to put behind _sometthing_ e.g. the HDMI to
ethernet video encoders and maybe some printers. We used to have two
internal networks using two different switches until one of the PoE
switches died. Doing it with VLANs just means we can use less power. The
public wifi network at omni is 100.64 because that's what we use for the
wider sudo mesh network so we can continue that and then use e.g. a 172.30
or something like that for the less public network where the wifi has a
password. 192.68 and 10. make things annoying for sudo mesh folk because a
lot of hardware use those addresses as defaults and then we run into
conflicts.

I'm curious though why you think VLANs are insecure. I guess you rely on
non-open software running on the switches to handle the tagging which could
have unknown security issues? Anyway I don't think anything at Omni is very
high security.

>
> > So far I'm leaning toward adding functionality to MemberMatters from the
> Brisbane hackerspace
>
> Been a minute since I helped deploy anything python. Looking forward to it.
>

Cool!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sudoroom.org/pipermail/sudo-sys/attachments/20210518/c3204202/attachment.html>