Minutes of the SIPB Meeting of 2025-11-03 The meeting was called to order at 19:35 by psvenk. In attendance were Student keyholders: psvenk, innaavo, dtemkin, alwinfy, guoj1112, rgabriel, bzelnick Associate keyholders: almonds, scj643, kenta Members: kshitij, ryanruiz Guests: '() Administrivia: psvenk: does anyone have anything not related to vault. we have a new keyholder. welcome bzelnick nmorgan: We should do a dinner sometime. I don't know when. alwinfy: before thanksgiving? [prison discussion] psvenk: innaavo will make a poll and we can regroup next week, anything else? scj643: vault can be used with a yubikey. we can eventually get an hsm for experimenting. as there is a lack of education at MIT about it. I would like to allocate $120 for two Yubikey 5 Nanos which will be used for opening vault rgabriel: what is an hsm? scj643: vault is a way for us to have secure secret storage. for example server passwordsd can be stored in vault and thennyou can grant acess to them through a moira membership. and you can use them for database credentials. instead of giving system direct acces to credentials you give them vault acces which has to be renewed. so that way, if someone steals that token, they can't steal the credentials psvenk: as far as I understand, the main objections had to do with cost and maintenence overhead. I share these concerns, when it comes to both of these, i would like to hear everyones perspective. hsm (hardware security module) purchase may be valuable to teach students. at minumum dealing with yubikeys is fine, I was worried about admin and transfer of power which may be an issue. It seems that will not be the case. scj643: if we did not have yubikeys there would be maintenence overhead. with the way vault works with the hsm we only need recovery keys which can be stored between the office and the SMR. psvenk: i want to ensure everyones concerns are adressed, any questions? innaavo: so if we get this, does everyone have to use it? scj643: it would be opt in turino14: I like how you phrased it as a learning opportunity, but is this only for keyholders? scj643: for management of vault it would be only keyholders for actually accessing vault and storing secrets that would be available to everyone psvenk: any other thoughts, are people generally for or against almonds: and the YubiKey 5 Nano can do RSA 4096, preferable to 2048 scj643: I would like to allocate 120 for yubikeys and 30 for flashdrive. almonds: I can second that psvenk: motion to white ballot turino14: seconded. [motion passes for $150] psvenk: I think the hsm could be a good idea scj643: the hsm is $650 innaavo: the budget is not an issue psvenk: so how much would we be allocating for HSM scj643: it would be $650, it includes free shipping alwinfy: i think we should do it psvenk: motion to allocate $650 for the HSM. scj643: seconded psvenk: all in favor [motion passes 11-0-0] scj643: VyOS it is a router software which is open source, I have contacted them to get a license for SIPB which would give us technical support psvenk: Its a distribution of Debian that is fully open source. If you are a non-profit you don't need to pay for it. scj643: I have contacted them but we need someone from MIT to sign off on the three year 100% discount they offer kenta: The standard advice at student group financial training is that students should not sign contracts; MIT has people to sign contracts. scj643: we are not signing it, we need someone who has the power to review and sign on our behalf psvenk: who volunteers to open a helpdesk ticket and cc scj643 and psvenk scj643: we need someones email to give to their team. This relates to Vault because Vault will be [?] VyOS. almonds: can this be a mailing list? scj643: yeah psvenk: ill do it Project Reports: scj643: Vault continues. nmorgan: ark continues psvenk: hydrant continues dtemkin: a pr was merged psvenk: I beat you to it dtemkin: CourseRoad continues (in theory) turino14: HWops continues. almonds: the mobile hotspots we ordered arrived, according to the tracking number, but it's unclear where exactly it was delivered Other: scj643: we could have went with javacard if we wanted to alwinfy: i dont think we want to Other Other: almonds: local elections tomorrow psvenk: go out and vote if you are eligible and able guoj1112: 6.1220 has a quiz tomorrow and I need to study for that. if anyone else is taking that class you should study psvenk: good luck ryanruiz: so basically I went home to NJ and turned on my computer for something. I think my graphics card started hitting the death bed scj643: I had the same thing happen a few months ago psvenk: I think the same thing is happening with my wificard psvenk: sorry you had to talk through a potato, potato talker affectionate The meeting was adjourned at 20:00. Minutes taken by guoj1112 and innaavo and submitted by $nmorgan.