4/18/14

I don't speak html particularly well, so I'll keep this brief.

WSO has provided alumni websites and mail forwarding for a long time - I don't know how far back it goes. But this winter, we were faced with the prospect of continuing to provide public-facing ssh accounts for thousands of alumni, almost none of whom we knew, in an era where university networks are sought after by attackers. So we decided that this was a service that had to be cut. Given that the server hosting these ssh accounts is also known to have the personal records of former students scattered all over the file system, we have decided that further access to the machine is out of the question. WSO has never guaranteed the reliability of its services, and the data on that machine has long been one hard drive crash away from disappearing. As for mail forwarding, we can hold onto those for a little while - we'll map all the .forward files to their contents. But in the fall, we will begin backward notification to sites that email our alumni accounts, passing the last record we have for the account instead of letting the mail through.

I joined WSO last fall, and quickly became aware that WSO had a lot of technical problems. Much of the software was outdated, and had not been updated in several years. This left the site open to a variety of known vulnerabilities. Encryption was not being applied for mail or web services. The personal information of current and former students was not being responsibly handled or stored. Mail was (and still is, but that will change in a few weeks) being bounced between three different postfix installations. Worst of all, almost no clear documentation existed for the configuration or reasoning behind any of the services running. I spent hours in the server room, just trying to figure out where anything was. Even the cabling in the back of the rack was ridiculously tangled - most of it ended up being loose cables nobody had bothered to free when they were disconnected. Running anything cooperatively is always hard, but WSO was a computer wasteland. It became clear that trying to fix the services in place would not work - everything was too messy. So we decided to start over on a clean machine, and only move things over when we understood how they worked and were able to replace it with an organized system.

We've made a lot of progress on these issues. The site is running on a clean linux installation, with an organized code repository and real security mechanisms. We are working on a unified body of documentation for future students. Mail and listservs are slated to be moved over soon, and old data will be securely wiped or destroyed before the old machines are repurposed. We're shoring up our security mechanisms, with some help from OIT. We have a young and energetic staff that is eager to expand the site in new ways. We may even get an office space on campus next year. Things look good.

If you have any questions or concerns, I can be reached at wso-sys.

Simon Chase,
Systems Administrator, WSO