chasers-general — General CHASERS list traffic

[Chasers-general] status of servers

[Tamara M. <tam...@ya...>]

Ken,
The server situation is on hold for a moment as the
head honcho - John Hickman, wants us to review the
Iris system used by CCS for their client caseload
chrono notes. Iris, like MPW, is a system purhcased by
CCS for a TON of money ($2M) and as such, he wants to
know why we ruled it out. Given we never really looked
at IRIS, since it's a case management approach
specific to mental health, we have no real reasons to
rule it out yet. So, Bob and I are planning to meet
Monday next week with the person who knows the most
about IRIS up at Randolph Carter Center and review the
system. We've made plenty of notes to justify CHASERS
and now just need to make notes to rule out IRIS> 

Anyway, the long and short is that getting the server
has grown into a complicated political football and we
are in the game. Hopefully, by end of next week, John
will be convinced we can move ahead. If not, the only
way forward would be for us to acquire a server
without purchase approval...which would mean out of
our pockets. Cross that bridge when we come to it. 

Development is on hold until we know the answers from
John Hickman on purchasing the server. All computers
throughout AHA are now required to meet his approval
first. Drats.

Will update you as soon as I get word.

Tamara

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: [Chasers-general] Initial efforts with CHASERS

[Jonathan H. <jhe...@de...>]

Using MD5 passwords _should_ simply be a matter of setting the  
'USE_MD5' element of the $CG_AUTH array in chasers_config.php to true 
rather than false. Then making sure the users have md5 passwords set 
(store the md5 hash rather than the raw password)-- this would be the 
staff_password_md5 field in tbl_staff for now (future releases will have 
a separate password table for staff passwords).
-Jonathan

Ken Tanzer wrote:

> Hi Dan.  Glad to see you folks are digging into CHASERS, and it was 
> cool to see your running version (I like the Frye logo!).  Can you 
> give us some idea of the customizations you're looking to make, and 
> any general difficulties you've encountered so far?
>
> Hopefully you folks are tracking your changes in some way, so that 
> you'll be able to update as we release newer versions.
>
> I'm not sure if there have been any problems with the MD5 passwords 
> that we may have already fixed (Jonathan could probably comment on 
> that).  I would add that although MD5 passwords are definitely more 
> secure than 'flipbits', the 'flipbits' aren't _quite_ as bad as they 
> sound.
>
> The passwords themselves are always MD5 encrypted when sent from the 
> client to the server--it's a question of how they're stored in the 
> table.  With flipbits, you could determine what someone's password is, 
> but you'd have to have access to the staff table in order to do so.  
> CHASERS won't let you directly access the password field, so you'd 
> most likely need to have database access in order to get someone's 
> password.  And if you have database access, you've already got access 
> to all that sensitive data anyway!
>
> The only advantage of flipbits is that you _can_ retrieve someone's 
> password, so if they're having trouble you can either look it up or 
> log in for them.  We are going to move away from it ourselves 
> (reluctantly) because of the security issues, but it sure has been 
> handy to have at times!
>
> What's the status with your new server?  Has it been ordered and/or 
> arrived?  Enquiring minds want to know!
>
> Ken
>
> Daniel Watling wrote:
>
>> For CHASERS to work for the Frye, some customization will need to 
>> happen.  I would love to
>> see how CHASERS was customized for the "Donor DB".  (Any possibility 
>> of obtaining a patch
>> of the differences?)
>>
>> The CHASERS setup we have accessible from the internet 
>> <http://207.225.247.58:8080/> is using the 'flipbits' security setup.
>> I've had problems getting the 'md5' security setup to work and plan 
>> to analyze the problems
>> soon. (As Victor has pointed out, due to the extreme sensitivity of 
>> the information in the system,
>> the Frye installation should use the 'md5' setup.)
>
>

Re: [Chasers-general] Initial efforts with CHASERS

[Ken T. <kt...@de...>]

Hi Dan.  Glad to see you folks are digging into CHASERS, and it was cool 
to see your running version (I like the Frye logo!).  Can you give us 
some idea of the customizations you're looking to make, and any general 
difficulties you've encountered so far?

Hopefully you folks are tracking your changes in some way, so that 
you'll be able to update as we release newer versions.

I'm not sure if there have been any problems with the MD5 passwords that 
we may have already fixed (Jonathan could probably comment on that).  I 
would add that although MD5 passwords are definitely more secure than 
'flipbits', the 'flipbits' aren't _quite_ as bad as they sound.

The passwords themselves are always MD5 encrypted when sent from the 
client to the server--it's a question of how they're stored in the 
table.  With flipbits, you could determine what someone's password is, 
but you'd have to have access to the staff table in order to do so.  
CHASERS won't let you directly access the password field, so you'd most 
likely need to have database access in order to get someone's password.  
And if you have database access, you've already got access to all that 
sensitive data anyway!

The only advantage of flipbits is that you _can_ retrieve someone's 
password, so if they're having trouble you can either look it up or log 
in for them.  We are going to move away from it ourselves (reluctantly) 
because of the security issues, but it sure has been handy to have at times!

What's the status with your new server?  Has it been ordered and/or 
arrived?  Enquiring minds want to know!

Ken

Daniel Watling wrote:

> For CHASERS to work for the Frye, some customization will need to 
> happen.  I would love to
> see how CHASERS was customized for the "Donor DB".  (Any possibility 
> of obtaining a patch
> of the differences?)
>
> The CHASERS setup we have accessible from the internet 
> <http://207.225.247.58:8080/> is using the 'flipbits' security setup.
> I've had problems getting the 'md5' security setup to work and plan to 
> analyze the problems
> soon. (As Victor has pointed out, due to the extreme sensitivity of 
> the information in the system,
> the Frye installation should use the 'md5' setup.)

[Chasers-general] Initial efforts with CHASERS

[Daniel W. <dan...@gm...>]

For CHASERS to work for the Frye, some customization will need to happen. I=
=20
would love to
see how CHASERS was customized for the "Donor DB". (Any possibility of=20
obtaining a patch
of the differences?)

The CHASERS setup we have accessible from the
internet<http://207.225.247.58:8080/>is using the 'flipbits' security
setup.
I've had problems getting the 'md5' security setup to work and plan to=20
analyze the problems
soon. (As Victor has pointed out, due to the extreme sensitivity of the=20
information in the system,
the Frye installation should use the 'md5' setup.)

[Chasers-general] Re: Chasers-general digest, Vol 1 #4 - 1 msg

[Tamara M. <tam...@ya...>]

Frye received and forwarded code to Victor Gonzalez and Dan Watling for review. 

cha...@li... wrote:Send Chasers-general mailing list submissions to
cha...@li...

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/chasers-general
or, via email, send a message with subject or body 'help' to
cha...@li...

You can reach the person managing the list at
cha...@li...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Chasers-general digest..."


Today's Topics:

1. CHASERS code sent to Frye (Ken Tanzer)

--__--__--

Message: 1
Date: Tue, 10 May 2005 14:32:43 -0700
From: Ken Tanzer 
Organization: Downtown Emergency Service Center
To: cha...@li...
Subject: [Chasers-general] CHASERS code sent to Frye

This is a multi-part message in MIME format.
--------------040704070705090201060208
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

We just sent a copy of the CHASERS code off to Tamara and Bob so that 
you folks can start looking, testing, etc. The code is still 
confidential and not yet free software--we have a simple written 
agreement with The Frye allowing you folks to use it, but no 
redistributing, publishing, etc.!

And lots of caveats, like we haven't cleaned the code up as much as we'd 
like to, and still plan to, there are undoubtedly still bugs, etc., 
etc. We're gonna keep doing some more of this cleanup, and hope to have 
a real open source release in the fairly near future, hopefully before 
you folks "go live" with your own implementation.

To that end, and probably as good practice anyway, you folks should keep 
track of what changes you make to the code, and preferably have those as 
patches or some other format that would allow you to get an updated copy 
of the code in the future, and then re-apply your changes.

Please use the mailing list for any support/technical questions that 
come up, and also please do what you can to help fill out the CHASERS 
Wiki (linked from http://chasers.desc.org/). There's specifically a 
page for The Frye to document things specific to your installation, but 
whatever else you can do to flesh out the documentation will be greatly 
appreciated.

That's it for now. Give it your best shot! :)

Ken

--------------040704070705090201060208
Content-Type: text/x-vcard; charset=utf-8;
name="ktanzer.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="ktanzer.vcf"

begin:vcard
fn:Kenneth Tanzer
n:Tanzer;Kenneth
org:Downtown Emergency Service Center
adr:;;507 Third Avenue;Seattle;WA;98104;USA
email;internet:kt...@de...
title:Director of Information Services
tel;work:(206) 464-1570 x 3061
tel;fax:(206) 624-4196
url:http://www.desc.org
version:2.1
end:vcard


--------------040704070705090201060208--



--__--__--

_______________________________________________
Chasers-general mailing list
Cha...@li...
https://lists.sourceforge.net/lists/listinfo/chasers-general


End of Chasers-general Digest


		
---------------------------------
Do you Yahoo!?
 Yahoo! Small Business - Try our new resources site! 

[Chasers-general] CHASERS code sent to Frye

[Ken T. <kt...@de...>]

We just sent a copy of the CHASERS code off to Tamara and Bob so that 
you folks can start looking, testing, etc.  The code is still 
confidential and not yet free software--we have a simple written 
agreement with The Frye allowing you folks to use it, but no 
redistributing, publishing, etc.!

And lots of caveats, like we haven't cleaned the code up as much as we'd 
like to, and still plan to, there are undoubtedly still bugs, etc., 
etc.  We're gonna keep doing some more of this cleanup, and hope to have 
a real open source release in the fairly near future, hopefully before 
you folks "go live" with your own implementation.

To that end, and probably as good practice anyway, you folks should keep 
track of what changes you make to the code, and preferably have those as 
patches or some other format that would allow you to get an updated copy 
of the code in the future, and then re-apply your changes.

Please use the mailing list for any support/technical questions that 
come up, and also please do what you can to help fill out the CHASERS 
Wiki (linked from http://chasers.desc.org/).  There's specifically a 
page for The Frye to document things specific to your installation, but 
whatever else you can do to flesh out the documentation will be greatly 
appreciated.

That's it for now.  Give it your best shot! :)

Ken

[Chasers-general] Re: Hardware Specs and Card Readers

[Ken T. <kt...@de...>]

Victor sent these questions earlier in an email:

>First, the hardware specs for the machine the Frye will acquire for a
>server. These are what I think are reasonable requirements; I have focused on data archiving
>and reliability, rather than power. Ken and Jonathan, I'd ask you two
>to comment if any of these are too little or too much:
>
>* 2.8 ghz or better Pentium-4
>* 800 mhz front-side bus
>* At least ONE gigabyte of RAM
>* TWO matching hard drives, capacity of at least 100 gigabytes, using
>the SATA protocol if possible. Three drives would be better.
>* ONE RAID PCI card that can do RAID 0-5.
>* ONE fairly high-speed DVD burner for archiving
>* ONE CD reader for software installs
>* ONE floppy drive
>* Motherboard should have onboard gigabit ethernet
>* No video card needed IF the motherboard has onboard video
>* Serial ports on motherboard, or add serial PCI card
>* Decent cooling system (several fans)

I would think a machine like that would _probably_ more than do the trick.  As we've caveated before, we've only used it for ourselves, so it's hard to say what kinds of specs will be needed for other installations.  This will all depend on the number of simultaneous users, the size of your database, etc.

A lot of what you specified is for redundancy or backup, which I think is a great idea, esp. if you can find the money for it.  I know we've tried to include enough RAM on our database server so that it doesn't need to do much reading from the disk.  Again not knowing how big your databases will be, you might want to just be aware of whether the machine you pick has the capacity to accept additional RAM in the future.



>Second, Ken and Jonathan, we talked about the cardreader and the fact
>that DESC uses a second machine. I want to confirm that one machine
>will do all tasks

I can't think of any reason that one machine wouldn't work as both server and card reader.  As mentioned, we split them up because we wanted the card reader to keep capturing data even if the server was down.

I'm also not sure if you're talking about one machine as both server and a "client" that people would use to access CHASERS?  The way our card reader machine is set up, the display is dedicated to showing who is coming in, so it would be hard to use CHASERS from that machine at the same time.

Hope this makes sense!

Ken

[Chasers-general] Corrected link for engine documentation

[Ken T. <kt...@de...>]

Dave Tanzer pointed out to me that the wiki link for the PDF document 
describing engine was broken.  I fixed the wiki link.  Here's the direct 
link:  http://www.desc.org/documents/CHASERS/engine_documentation.pdf.

Ken

[Chasers-general] Documentation Updates

[Ken T. <kt...@de...>]

We've gotten some more documentation up that might be useful.  It can 
all be found in the wiki.  In particular, we've posted a sample copy of 
chasers_config, which is the main config file for chasers, along with a 
sample of config_client.  There's also a 30ish page document describing 
how "engine" (the generic record view/edit interface) works.

Let us know if you have any questions.  Thanks.

[Chasers-general] First / Test Mailing

[Ken T. <kt...@de...>]

Just checking to see if this message comes through OK.