New login activity viewer

Posted on May 16, 2013 by squinney

It’s now easier to see whether or not your account has been compromised.

As part of our ongoing work to enhance the security of the computing infrastructure within the School of Informatics we have developed a new web interface which allows users to review their recent login activity. The site is accessible at: https://cabin.inf.ed.ac.uk/authview/

This web interface allows users to review their logins made to DICE systems using the Secure Shell (SSH) and any access to Cosign protected web services. The intention is that we will extend this to also cover other methods used to remotely access our systems (e.g. openvpn).

You are a much better judge of what constitutes unusual login activity than we ever could be so we hope that you will take the opportunity to review this information regularly. In particular look for sources you do not recognise: the country of origin is not always guaranteed to reflect your real location but it is a very good guide. The times of day should also be checked: a login at 4am, when you’re normally sound asleep, is likely to be a problem unless you were at a conference in Australia!

In June we will begin sending out monthly emails which summarise all login activity from remote sites for the previous month. In the web interface the access from remote sites is highlighted as a guide as to which entries are most in need of review. If you believe there has been any unauthorised use of your account please contact the Computing Support Team via the usual support form

The information presented is based on data collected from the system log files. This data is stored for 120 days on our central log host. This data is stored securely and is only accessible to the Computing Team. At the end of the retention period some data is retained in an anonymised form so that we can calculate long-term statistics.

Posted in Uncategorized | Leave a comment

Sleep graphed

Posted on May 9, 2013 by Chris Cooke

We want to save energy, so we try to ensure that DICE computers sleep when idle. The graph below shows how many DICE desktops were asleep during each hour of a recent week.
Graph showing DICE desktop sleeping in one week in 2013
It was produced by David Sterratt, and I’d like to thank him for his work on it and for his interest in sleep and energy saving. Stephen Quinney also helped a lot with his log processing software which took so much pain out of boiling down the system log entries into this handy summary.

We hope to produce such graphs regularly, and David will be looking into what else he can mine from the sleep data (when he has time!). It’ll be interesting to see how the number of sleeping machines changes, especially next month, when we will have configured DICE machines to safely fall asleep while someone is still logged in. That’ll be covered in more depth in another blog post nearer the time.

There are a few things to bear in mind. Firstly the graph includes only those computers which slept at some point during the period. We estimate that we have about 800 active DICE desktops; 300 of them didn’t sleep during that week so didn’t appear in the graph. Secondly we know that our logs are missing a small part of their data: we’re looking at that problem. Thirdly the figures don’t separately count any machines which were switched off: they appear either in the “Awake” section or in the unsleeping 300 which don’t appear in the graph. However we don’t normally have many DICE machines switched off except at Christmas. Lastly the bars on the graph are each an average over an hour – every computer was awake at some point of every day of this period.

Posted in Uncategorized | Tagged , , | Leave a comment

“DHCP” network problems 20th-22nd April

Posted on April 23, 2013 by George Ross

A number of users of our self-managed “DHCP” subnet experienced problems accessing the network starting some time on Saturday 20th up until 14:45 on Monday 22nd.  We believe that this was caused by a rogue DHCP server, and that disabling its network access restored the service for everyone else.

Please be careful when adding devices to the network.  In most cases these will cause no problem, but depending on how they are configured they do bring the possibility of disrupting the service for everyone else on the subnet.  In particular, please check your settings when bringing in devices from a home environment, as what may be valid (indeed required) there may be completely inappropriate in our larger-scale situation.

We do use the network switches’ built-in features to protect the network and its users where possible.  Unfortunately not all our switches have as much capability in this regard as we would like.  As part of our rolling upgrade policy they will be replaced in due course by more capable switches, but given budgetary constraints it is likely to be a couple of years before this is complete.

Posted in Uncategorized | Leave a comment

New SSH server

Posted on April 12, 2013 by squinney

On Tuesday 16th April we plan to replace the SSH server named “dunlin”
which hosts student.ssh.inf.ed.ac.uk and ssh.inf.ed.ac.uk with a
machine named “kubelik”.

All that will happen is that at about 09:00 on Tuesday we will change
the DNS aliases to point to the new machine. This change can take some
time to propagate so we will not switch off access to dunlin
immediately. It will be left running as normal until 12:00 Friday 19th
April. This should also allow sufficient time for users logged in at
that point to finish their existing sessions and move to the new
server.

The IP address for the service will change from 129.215.202.104 to
129.215.202.105, your SSH client may warn you about this change and
request verification. The SSH host keys for the service will not
change when we switch to the new server. For reference the RSA host
key fingerprint is:

11:6c:8d:35:a3:05:c4:c5:57:92:d4:88:3d:0b:c8:9c

If you encounter any problems accessing the SSH service please contact us via the Computing Support Form.

Posted in Uncategorized | Leave a comment

Student Survey Results

Posted on March 27, 2013 by alisond

You can now find a summary of the responses to the Student Survey carried out last year.

We found the responses very helpful in planning and prioritising some changes which include:

1. Improved documentation
Our new documentation was announced recently – see http://computing.help.inf.ed.ac.uk

2. Improving awareness of services e.g. afs, openvpn, vnc, student.compute

3. Looking into processing stats from labs to identify trends in usage.

4. Scheduling CO clinics in AT for taught students.
We got no response to our first attempt at running a CO clinic but will continue to consider other ways to engage with the student community.

5. Increasing default home directory space.
This has been announced.

6. We have introduced automated reporting to detect when mice and keyboards are missing and also to identify ‘dead’ machines.

7. The technicians are looking in to providing more power sockets in the labs. In the meantime, we ask that you do NOT unplug any DICE desktops. They are a shared resource and unplugging them is very frustrating to other users who are running background jobs! The machines will go to sleep when inactive but are designed to wake up to receive necessary updates when required.

If you have any further suggestions or comments, please do not hesitate to contact support.

Posted in Uncategorized | Leave a comment

SAN Disk failure

Posted on February 26, 2013 by neilb

Virtually all of Informatics storage is via our redundant Storage Array Network (SAN). All our arrays are configured as either level 1, 5 or 10 RAID. Meaning that if one of the physical hard disks fails, the data on the RAID array remains intact, allowing us to replace the failed disk without any interruption to service.

Though most times users never notice a single hard disk failure, last Thursday night (21/2/2013) one physical disk making up a RAID5 array did fail, and unusually this caused the array to go offline briefly. This is not normally the case. Unfortunately one of our servers was writing to the array at this time, which caused the kernel to report an error and took the mounted device off line. In this case it affected some 5 or so group file space areas stored on that array. These group areas remained off line until the computing staff were able to investigate the problem, check and repair any potential problems, and re-enable the group areas.

We’ve been in touch with the suppliers of this SAN unit, as this is not the expected behaviour, and they’ve pointed out that the firmware on the SAN unit is out of date, and we are there for assuming this was a bug in the old firmware, which has since been rectified.

We will be looking to update the firmware to the recommended version, but though it should be safe to apply the update to the running hardware, we will schedule some downtime to avoid the risk of any problems affecting the data on the array. Unfortunately this will mean disruption to any users with data on the array. We will notify users once we have a date and time in mind.

Neil

Posted in News | Leave a comment

New AFS Quotas

Posted on February 4, 2013 by Craig Strachan

One of the outcomes from the 2012 student survey was a decision to increase the AFS home directory quotas for all users. The new limits agreed were:

  • UG1/UG2 – 2GB
  • UG3/UG4/PGT – 5GB
  • Staff/PGR – 10GB

Unfortunately, our policy of not overloading student partitions (that is not allocating more space for users use than the actual size of the partition on the assumption that not everyone will use their full quota), combined with a temporary shortage of mirror space at KB means that we are unable to implement these changes for all users at the moment. As a compromise, we’ve decided to increase the quotas of all users within 20% of their existing quota to the new levels and these increases have now taken place. We hope to to make the increases for all other users within the next month or so. If you have any questions about this, please mail services-unit@inf.ed.ac.uk.

Craig Strachan

Posted in Uncategorized | Leave a comment

“groups” web server upgrade to SL6.3

Posted on January 11, 2013 by neilb

The web server that hosts the
groups/conferences/workshops/events.inf.ed.ac.uk web sites, and
various other research sites, is long overdue an upgrade. Currently it
is still running the SL5 OS, whereas virtually all other DICE
computers are SL6.3. If things go to plan, the switchover date will
be Thursday 24th of January at 1pm. During which time all of its sites
will be unavailable for about 5mins.

If you are not responsible for these web sites/pages, then you can
probably stop reading now.

Though the vast majority of site/pages will just work after the
upgrade, sites which use PHP are the ones most likely to require some
remedial work, as the PHP version will be changing from 5.1.6 to
5.3.3.

The new server is up and running, and currently serving the same
content as the existing “groups” web server, but on a URL prefixed
with “sl6.” (that’s SL6 in lower-case) so you can test the
content. When the upgrade is complete, the “sl6.” prefix will be
removed, it is just for testing purposes. For example these:

http://groups.inf.ed.ac.uk/talk/

http://conferences.inf.ed.ac.uk/pact2013/

can be tested by going to:

http://sl6.groups.inf.ed.ac.uk/talk/

http://sl6.conferences.inf.ed.ac.uk/pact2013/

Below is a list of all the .inf.ed.ac.uk sites which are hosted on the
“groups” web server, for which there is now a “sl6.” prefix version
for testing. There is also a list of all non-inf.ed.ac.uk sites which
are also hosted on the server, but as we don’t manage the DNS for the
majority of these, I can’t set-up an SL6 version of the URL. It may
still be possible to test the content though by using an equivalent
groups.inf.ed.ac.uk URL. eg

www.openk.org/

is also available as

groups.inf.ed.ac.uk/OK/drupal/

So to test is SL6 version you can visit:

http://sl6.groups.inf.ed.ac.uk/OK/drupal/

Which gives a blank screen, so does need some work to fix it. In this
case I can tell the owner of the site that apache is reporting this error:

[Fri Jan 11 11:52:54 2013] [error] [client 129.215.25.101] PHP Fatal error: Cannot redeclare date_diff() in …/cisa-web/OK/drupal/sites/all/modules/date/date_api.module on line 780

Presumably because “date_diff()” is now a standard function in PHP
5.3. But I digress.

This email is also available as a blog post at http://blog.inf.ed.ac.uk/systems/2013/01/11/groups-web-server-upgrade-to-sl6-3/

where I will add further comments and hints that turn out to be useful
to people.

Thanks for reading this far.

Neil

= List of .inf.ed.ac.uk sites as their sl6. equivalents =

sl6.groups.inf.ed.ac.uk
sl6.conferences.inf.ed.ac.uk
sl6.workshops.inf.ed.ac.uk
sl6.events.inf.ed.ac.uk
sl6.proofgeneral.inf.ed.ac.uk
sl6.www.etaps05.inf.ed.ac.uk
sl6.www.ilsi.inf.ed.ac.uk
sl6.www.cav2005.inf.ed.ac.uk
sl6.www.icdt2005.inf.ed.ac.uk
sl6.ijaied.inf.ed.ac.uk
sl6.aied.inf.ed.ac.uk
sl6.uitp05.inf.ed.ac.uk
sl6.dbibd-05.inf.ed.ac.uk
sl6.safecomp.inf.ed.ac.uk
sl6.waim-05.inf.ed.ac.uk
sl6.hoppers.inf.ed.ac.uk
sl6.data.cstr.inf.ed.ac.uk
sl6.infcricket.inf.ed.ac.uk
sl6.aicat.inf.ed.ac.uk
sl6.media.inf.ed.ac.uk
sl6.newbuildpics.inf.ed.ac.uk
sl6.ref2014.inf.ed.ac.uk
sl6.touchscreens.inf.ed.ac.uk
sl6.openafs2012.inf.ed.ac.uk

= Other sites hosted on the “groups” server =

data.cstr.ed.ac.uk
downloads.specknet.org
history.dcs.ed.ac.uk
inf.statmt.org
www.arcoe.org
www.arcs.im
www.bctcs.ac.uk
www.bioinformatics.ed.ac.uk
www.classic-project.org
www.computersciencepodcast.com
www.ehmn.bioinformatics.ed.ac.uk
www.entrepedia.org
www.euphoria-project.eu
www.healthagents.net
www.hscma2011.org
www.hscma.org
www.inspace.ed.ac.uk
www.milepost.eu
www.neosim.org
www.neurogems.org
www.n-s-t.org
www.openk.org
www.pactconf.org
www.smart-society-project.eu

If you don’t have a “groups.inf” style alternative URL to try your site, let me know and I can tell you what it is or set one up.

Posted in Uncategorized | 2 Comments

@inf mail problems over the 2012/13 New Year

Posted on January 9, 2013 by neilb

Due to a sequence of unfortunate events, triggered by a failing power supply over the holiday period, it came to the attention of the computing staff on January 1st that external email addressed to @inf.ed.ac.uk email addresses was being rejected and returned to the sender.

Though it was the holiday season, this was fixed at 7:45pm on January 1st. Investigation of the problem showed that from 9:22am on December 31st 2012 to 3:15pm January 1st (ie for some 30 hours) email connections from the outside world were being rejected. This resulted in the mail being returned to the sender and them being notified that their mail to @inf.ed.ac.uk had failed.

This probably shouldn’t be a problem for humans used to sending mail to @inf, as hopefully they’d (correctly) put this down to a temporary fault, and try again at a later date. Which if they did so after 3:15pm on the 1st, would work the second time around.

Slightly more problematic would be email from automated systems, eg mailing lists. However, usually they are reasonable too and will allow a few failures before taking any automated suspension or unsubscription action. This will depend on the automated system in question.

As the connections were immediately rejected by the mail server, we have no record of who the rejected email was for, or who it was from.

Given the time of year, it is hoped that not too much legitimate email was bounced during this period. If you’ve seen odd messages from friends or systems asking if your email was working over the holiday period, the above will probably explain why.

Needless to say we’ve made changes so that this particular sequence of events should not occur again.

Neil

Posted in News | Leave a comment

EdLAN upgrade work by IS Network Services

Posted on January 9, 2013 by George Ross

The following dates have been set for IS Network Services to perform essential replacement work on the core EdLAN network routers:

Appleton Tower – Saturday 19th January 2013 08:00-10:00 (then at risk 10:00-12:00)

The Appleton Tower work will cause an outage for our bridged network services in both the Forum and AT.  In particular, VoIP phones and wireless will be unavailable while the work is carried out.  Routed IP traffic should continue as normal, for the most part, though there may be some initial delays for AFS file access.

King’s Buildings – Saturday 26th January 2013 08:00-10:00 (then at risk 10:00-12:00)

The King’s Buildings work should leave the Forum and AT mostly unaffected, though again there may be some initial delays for AFS file access.

Please see https://wiki.inf.ed.ac.uk/DICE/EdLAN2013Upgrade for more details about the Informatics services which we expect will be affected, and for links to IS’s alerts giving details of the central University services which they expect to be affected.

Posted in Uncategorized | Leave a comment