TALUG Meeting Notes =================== // :Author: Andrew Grieser // :Email: agrieser@gmail.com :Date: March 1, 2008 // :Revision: 1.0 :Key words: Joomla, OpenPGP, PGP, GPG, key-signing party, TALUG link:/events/20080301/joomla.pdf[Joomla!]: Presented by Andrew Grieser ---------------------------------------------------------------------- The idea for this presentation got started when Abdul, Adam, and Andrew decided they needed to install some form of content management system on the TALUG website. After trying a couple, and Joomla was decided on as the best mix of features for the TALUG website. After installing, configuring, and getting the new website off the ground it was decided that it would make a good presentation topic. Since the secretary was presenting at this meeting, the meeting notes might get a bit sparse. For details on the presentation, see the above link to view the full presentation. Setup ~~~~~ Abdul offered use of his remote infra-red mouse / laser pointer for the presentation. It worked out of the box with Debian Etch, and made it nice not being tied to the computer. Presentation ~~~~~~~~~~~~ Topics covered included: - What is a content management system? - Why would you want to use one? - How does it work? - Choosing a content management system * Popular choices * Test driving at link:http://www.opensourcecms.com/[opensourcecms.com] - What can Joomla be used for? - What does Joomla offer? - What does Joomla look like? - Where does Joomla come from? * Fork from Mambo * GPL compliance - Installing Joomla (demo) * Requirements * Creating a MySQL database * Live installation - Extensions - Complaints - TALUG website demo Questions ~~~~~~~~~ Is Joomla in the repositories??? Probably not. Since the installation consists only of extracting the archive, there is no real need. Can you auto-update Joomla to the latest release??? No. You have to manually upgrade. How big is the installation??? The default install is about 10 (correction, about 25) megabytes. The talug.org installation (with extensions) is about 60 megabytes. Can users be allowed to write and submit articles, but require approval before posting??? Yes, this is the default behavior of the ``author'' category. Is Joomla WC3 compliant??? Yes. The default behavior is to put a link on the bottom of the page to check compliance. Is the css kept separate? How hard is it to change templates??? Yes. The templates are kept in individual folders in the `templates` directory. Changing templates is easy, there is a GUI option to do this. DDOS Attacks ------------ The subject of the talug.org DDOS sendmail attacks was raised and discussed. A number of potential actions were discussed including: - Spam filters - Putting the talug.org website on a TALUG box (either at unique systems, or elsewhere) in order to have root access to deal with these problems ourselves. - Having one or two security experts help the officers out and manage the security aspect of the TALUG website (semi-official positions). PGP Key-Signing Party --------------------- TALUG had it's first ever PGP key-signing party, following interest in the November encryption meeting. As it was the first one, glitches were inevitable. Here is how it went: Preparation ~~~~~~~~~~~ Prior to the meeting, members sent their keys to the organizer, who compiled a list of attendees. This list included the key ID, owner name, email address, fingerprint, size, and type of the key. It also had two check boxes, one for verifying key information, and the other for verifying identity. In addition to sending their keys to the organizer, participants were supposed to bring the following information from their *OWN* keyring: - Key ID - Key Fingerprint - Key Size - Key Type - Positive photo ID By bringing all of this information from their own keyring, they could verify that the printout provided had no errors (intentional or accidental). Unfortunately, there was some misunderstanding on this part, and at least one member did not bring their own information and was unable to participate. Identity Verification ~~~~~~~~~~~~~~~~~~~~~ After a brief false start where one member (cough Loren cough) made a grab for the printouts and went on their own way verifying, we began the identity verification. Although there was some arguing over the best way to do it, the official method was used. All members formed a line with their photo ID and printouts. The first person in line then went down the line and had their ID verified by every other person. This person then took a spot at the end of the line, and the new first-in-line person went down the line repeating the process. This was continued until everyone had verified the identity of everyone else. The preferred method of identification was passport, but drivers licenses were accepted. Key Verification ~~~~~~~~~~~~~~~~ The next step was the key information verification. In this step, each person took a turn standing at the front of the room and reading the key information they brought from home. Everyone else verified this information on their printouts to confirm that there were no errors (intentional or accidental). Next Steps At Home ~~~~~~~~~~~~~~~~~~ The next step (after the meeting) would be to import the keys into your personal keyring. One by one, the keys should be verified against the already verified printout in each category. If the person is satisfied that everything matches, they can sign the key. More information can be found in the link:http://www.gnupg.org/gph/en/manual.html[GnuPG Users Guide], the link:http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html[PGP Key-Signing Party Howto], and the link:http://www.gnupg.org/documentation/faqs.en.html#q4.15[List Of GPG Compatible Email Clients]. Nominations ----------- At the end of the meeting, we had nominations for TALUG officers for 2008-2009. A number of current officers were planning on leaving the Toledo area in mid 2008, so new volunteers were needed. The nominations are as follows: President:: Neal Dudley Vice-President:: Denny Pettee Secretary:: Scott Vargovich Treasurer:: Steve Tryc It was proposed that the current officers continue to help out until the end of summer 2008. After Meeting Activities ------------------------ After the meeting, dinner was proposed. Initially, we decided on Ipo, a Chinese restaurant on the corner of Door and Byrne. However, when we got there, we found it was not open Saturday evenings. The backup plan was Happy Rose, another Chinese restaurant. Approximately seven of the meeting attendees went, and discussions included cryptography, encryption algorithms, web development, virtualization, and more. // vim: set syntax=asciidoc: