On 2010-10-17 05:44, Steve Davidson wrote:
Johnny Billquist
On 2010-10-17 05:16, Steve Davidson wrote:
Johnny Billquist
On 2010-10-17 04:01, Johnny Billquist wrote:
So here is a new suggestion for the bridge which is "hubbed" around Update.
0 Publicly available systems
1 Update
2 BQT
Let me know, and I'll happily assign LAT groups for others as well.
Small correction to that list:
0 Public systems
1 Update
2 Update
3 BQT
4 BQT
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a
psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" -
B. Idol
Johnny,
The way I do it around here is use group 0 for public access. It is the
default group anyway. I use group 19, which is also my DECnet area for my
private use. This allows us to have 63 private areas if we map to DECnet area
numbers. Areas from 64 to 255 can be special case. I use 64 whe I want to
combine my group with someone else.
Nice that we agree on group 0. :-)
However, I see very little need to combine groups. If you want to
combine groups, just set the port to access both groups instead.
I would suggest that
group 0 be public
group 1 through 63 be private based on DECnet area # (self managed)
groups 64-255 be managed (and reserved) (each area could have 4 such #s)
I see a problem with that. Areas are not a good separation here. There
are several different people in area 1, for instance, which don't really
match the groups of systems that might be public or private.
I am (as you might have noticed) separating me (BQT) from Update, even
though we're both in area 1. There are more people in area 1 as well,
which I would believe it would make more sense to place in other groups
as well.
Also, I have further separated my groups into two parts. General access
systems and special services.
So, for me and Update, it now looks like this:
0 General public access
1 General public access for Update users
2 Consoles for Update machines
3 General access for my systems
4 Consoles for my systems
So, for Update terminal servers, I have set them to see machines in
group 0 and 1.
For my terminal servers, I see group 0,1 and 3 by default (since I'm
also using Update machines regularly).
When I need to fool around with systems, I also add group 2 and 4.
When Update people would need to fool around, they would add group 2,
they don't have access to my systems in general, and there is no point
for them to see those (my console) services.
I hope you see the point here.
Because I am already using group 64 I am reserving it. I make it available to
others when it makes sense for me to "share" as it were. Reserved groups
should be by invitation only because as you point out the list does get
cluttered.
No problem with that. I'm definitely no where near group 64 so far.
But I also think that people should not set their machines to be in
other groups than their own unless it is very obvious that the machines
actually belong in several groups.
But (as you probably know), there is no way to prevent anyone from
setting up any group numbers they want, so this will be very much by
voluntary participation.
The use of passwords is a great idea for the DECservers we have in HECnet.
Some of mine have it, some do not - personal choice.
Just making suggestions. :-)
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a
psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" -
B. Idol
When I rebuilt BUBBLE for Mark I enabled group 4 for his local group of
machines and group 19 so that we could go back and forth as necessary.
This was prior to your announcement of groups you proposed to use.
I just made a proposition because I started thinking that the list when I do a "SHOW
SERVICE" starts to look a bit long and cluttered with machines that really are
irrelevant for me to see.
However, I have absolutely no problem using other groups for me and Update, so it's
not about the numbers as such. But I definitely can't work with a mapping to area
numbers, since area numbers don't reflect any division as such. It's more of a
connectivity issue, with different levels of routers.
Also, since LAT is not routed, this numbering scheme is very local to the machines
connected to this specific bridge segment, and is not global for HECnet as a whole.
So I'll happily move myself to another LAT group. I just want two groups for Update,
and two for myself, so I can make a sensible separation between different groups of
services. And it would be nice to not have a bunch of services in group 0 which are
private, and possibly even not general connections to login services.
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic
trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" -
B. Idol