18 May
2021
18 May
'21
7:33 p.m.
I ordered a new router for Omni with sudo mesh funds.
It is a small low power (~8 W) AMD system with 4 gigabit ethernet ports:
https://www.pcengines.ch/apu4d4.htm
I also ordered a 240 GB SSD and an appropriate case for it.
Daniel is donating more gigabit PoE routers so we can replace the broken
one and the one that's still running (but at least one fan is broken), I'm
coordinating with Jake to go pick them up. We are actually getting a tall
stack of these
I met up with Alex at the Omni and we went over how we should improve the
current infrastructure. We decided that it makes sense to use VLANs
instead of separate LANS and to get two more passively cooled lower power
gigabit ethernet rackmount switches. One will live in the main rack and
take care of all non-PoE routing for Omni. We can then put that switch and
the new main router on the rackmount UPS that Alex donated and we can
connect the VDSL modem and a single access point to that UPS as well. That
way there will at least be wifi in sudo room during a power outage. If we
tried to run the PoE switch and thus all the wifi access points, from the
UPS then it would not last long. Since we're switching to VLAN we will only
need one PoE switch and one regular switch in the rack but we are planning
to install another PoE switch that will be powered off but configured
identically since we'll get plenty of them for free.
The other passively cooled ethernet switch will replace the very noisy one
outside the Omni office.
We need to find VLAN capable affordable passively cooled switches with 24
ports (or more) that can handle the temperatures we get (I'd say 45 C
ambient as an estimate).
Some of us (Alex, Jake, Keenan and myself) have also been scheming on
expanded door access control. I'll have an update on that soon. It looks
like I'm handling the replacement for sudo humans and have been researching
and trying different solutions. So far I'm leaning toward adding
functionality to MemberMatters from the Brisbane hackerspace. Some research
is here:
https://sudoroom.org/wiki/List_of_existing_hackerspace_access_control_softw…
We're also looking at options for upgrading our wifi as we look toward a
future where Omni has a gigabit ethernet connection. Again we've been
trying different solutions and I'll send an update soon.
Does anyone have any feedback or reasons why we should do any of this
differently?
--
marc/juul
18 May
18 May
9:55 p.m.
Thank you for buying hardware!!!!! I'm so excited to put a new OS on
this. How soon do we expect it? I'm leaving town in a month (for ~4~8
weeks) but I'd love to get this sorted before I go. If this one works
out, can we buy another one to use for space.local?
I assume by "VLANs instead of separate LANS" you mean we'll continue
using 100.64 for everything by default, and reconfigure those
long-suffering devices which still expect 192.168? What would then be
the purpose of a VLAN? They can be convenient sometimes but I wouldn't
rely on them for any security. I would still assume that any device
can reach any other if it really wants to. Which is fine with me.
So far I'm leaning toward adding functionality to
MemberMatters from the Brisbane hackerspace
Been a minute since I helped deploy anything python. Looking forward to it.
10:30 p.m.
On Tue, May 18, 2021 at 9:55 PM Yardena Cohen <yardenack(a)gmail.com> wrote:
Cool!
Thank you for buying hardware!!!!! I'm so excited
to put a new OS on
this. How soon do we expect it?
No problem. It should arrive on the 26th at the latest :)
If this one works
out, can we buy another one to use for space.local?
Sure if you think having two physically separate computers is the best
solution? It's more power usage but I guess another 8 W isn't that bad.
It's about $250 for one of these things so also not too expensive. I'm
planning to do some stress testing in a heated box to ensure they stay
stable at 40 C ambient before getting another one.
I assume by "VLANs instead of separate LANS"
you mean we'll continue
using 100.64 for everything by default, and reconfigure those
long-suffering devices which still expect 192.168? What would then be
the purpose of a VLAN? They can be convenient sometimes but I wouldn't
rely on them for any security. I would still assume that any device
can reach any other if it really wants to. Which is fine with me.
We want to have at least one public network and one not quite as public
network for infrastructure. This isn't really much for security but more
for having reliable wifi on different channels that's still usable during
events with lots of people. We also have some devices that just have shit
security that we'd like to put behind _sometthing_ e.g. the HDMI to
ethernet video encoders and maybe some printers. We used to have two
internal networks using two different switches until one of the PoE
switches died. Doing it with VLANs just means we can use less power. The
public wifi network at omni is 100.64 because that's what we use for the
wider sudo mesh network so we can continue that and then use e.g. a 172.30
or something like that for the less public network where the wifi has a
password. 192.68 and 10. make things annoying for sudo mesh folk because a
lot of hardware use those addresses as defaults and then we run into
conflicts.
I'm curious though why you think VLANs are insecure. I guess you rely on
non-open software running on the switches to handle the tagging which could
have unknown security issues? Anyway I don't think anything at Omni is very
high security.
So far I'm leaning toward adding
functionality to MemberMatters from the
Brisbane hackerspace
Been a minute since I helped deploy anything python. Looking forward to it.
19 May
19 May
12:21 a.m.
I'm curious though why you think VLANs are
insecure. I guess you rely on non-open software running on the switches to handle the
tagging which could have unknown security issues? Anyway I don't think anything at
Omni is very high security.
I trust the router somewhat because I installed it, I keep it updated,
and it's behind a tenuous physical barrier. I trust everything else a
zero amount. Simple as that.
If vlan makes someone's life easier, I'm all for it.
1312
days inactive
1312
days old
3 comments
2 participants
participants (2)
-
Marc Juul -
Yardena Cohen