Retiral of iFriend Service

The computing team has been reviewing the services it provides to the School in order to identify and withdraw support for those services which are no longer seeing significant usage, can be replicated by a centrally provided service, or present a significant maintenance challenge.

Originally introduced in 2007, iFriend has provided a means for users outside of Informatics to access some of our services. Its codebase is now very old, and unmaintained, and its use within Informatics has been dwindling over the years.

We have therefore taking the decision to retire the iFriend service at the end of May 2024.

Please get in touch via the support form if this is likely to cause any problems.

Toby

Posted in Service Update | 1 Comment

informatics.ed.ac.uk change

In preparation to replace the existing www.ed.ac.uk/informatics/ pages with new web pages hosted at (www.)informatics.ed.ac.uk, the DNS entries informatics.ed.ac.uk and www.informatics.ed.ac.uk have changed to point at the IS (Information Services) web hosting service, rather than our own server.

It was accepted that this may break any old existing www.informatics.ed.ac.uk URLs (which has been deprecated for years), but we didn’t consider the impact this would have on old CVS based web publishing.

Longer standing members of staff who still use CVS to publish web pages probably still have references to www.informatics.ed.ac.uk in their CVS/Root and ~/.cvspass files, and possibly even a $CVSROOT environment variable. These people will now find they get errors when trying to update web pages via CVS.

The fix is to replace any mentions of www.informatics.ed.ac.uk with the usual www.inf.ed.ac.uk in the files and variable mentioned above. This command can help with that for the various CVS/Root files you will have in your checked out copy of the web pages:

cd <root of your checked out copy>
find . -name Root -type f -path \*/CVS/\* -exec sed -ie s/@www.informatics.ed.ac.uk/@www.inf.ed.ac.uk/ {} \;

and remember to check your ~/.cvspass file.

Neil

Posted in Information, Service Update | Leave a comment

blog.inf.ed.ac.uk being proxied

It has come to our attention that this service – blog.inf.ed.ac.uk – is being mirrored/proxied/scraped by the site “t e c h f u n l a n d <dot> c o m”, obfuscated here so as not to give them any more publicity.

It means content on blog.inf.ed.ac.uk is being passed off as coming from this other (not related to Informatics or the University of Edinburgh) domain. As all our web server sees is a connection from the web for a web page, just like a regular user’s web request, there is little we can do to stop this.

We have spotted that the requests are coming from a particular nework IP, so we have blocked that, however it seems the site then just presents a previously fetched version of the page, if it had previously successfully fetch the page prior to our block.

We have also contacted the ISP who provided the domain, but nothing has happened.

It is unclear what they hope to achieve by serving our content as theirs, perhaps some reputational benefit. There is at least one page that when fetched, does not present the original blog.inf page, but instead a phishing/scam page (which is not on the blog.inf site), so perhaps another goal of the site is to bury malicious content in otherwise safe content.

Neil

Posted in Information, News | Leave a comment

Microsoft Safelinks

On Tuesday 12th of December 2023 Informations Services (IS) enabled the “SafeLink” feature of the Office 365* mail service.

This doesn’t seem to have been very well announced, and came as a surprise even to the Informatics computing staff.

The basics are now that when a mail is delivered into your Office 365 mailbox, any links in it are rewritten into a https://eur02.safelinks.protection.outlook.com/…. style URL, so that anyone clicking on it will actually be taken to a service that checks the original destination URL for malware and the likes, and only forwarding you onwards if it is deemed safe.

This is being done to lessen the chance of someone falling victim to a phishing or ransomware attack, and the potential damage this could cause the University.

If you are already used to HTML based email, and use Microsoft products to read your mail, then you may hardly notice this change. “plain text” users, however, will see these quite intrusive changes.

We have already passed on our concerns about the communications around this change, and the data privacy (as each “safelink” URL now contains user identifiable data in it). We are awaiting a response to these issues, and will update this post with their reply.

For more details on this change, see https://www.ed.ac.uk/information-services/help-consultancy/it-help/email-and-office365/microsoft-365-safe-links which also points out this feature affects also affects Teams and other MS applications like Word, Excel etc.

For some Microsoft technical details on Safelink, see https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-about

Neil

* Office 365 is now officially called “Microsoft 365”

Update 25/1/2024

A College level complaint about the rollout and implementation of Safelinks was sent to IS a week or so ago, we are still awaiting an official response to the points raised.

The DPIA question was raised, and the existing DPIA for the general use of Office 365 was used to cover any concerns. However this can be reviewed, given the now obvious real world implications of the use of Safelinks, and private data being leaked when forwarding or coping and pasting URLs.

Presently only two of our services have been white listed: lists.inf and web.inf, however we are hopeful that some 50 other inf.ed.ac.uk services will be added to that list shortly.

Update 22/2/2024

An official response was received, and can be viewed in the documents attached to https://computing.help.inf.ed.ac.uk/safelinks . We are also now temporarily able to exempt all academic and research staff from SafeLinks, see post to staff dated 21/2/2024.

 

Posted in Information, News | 1 Comment

Our emergency computing systems alerts have moved

You can now find them at https://mastodon.social/@infalerts

We occasionally post systems alerts when network or computing facilities suffer an outage which seems bad enough to stop people from reaching University or School of Informatics systems.

Previously we used a Twitter account for that, but since those accounts are no longer reliably visible to people who aren’t logged in to that site, we’ve moved to Mastodon, where our posts can be seen without a login.

We’ve deactivated our old Twitter account. You can find our emergency alerts on https://mastodon.social/@infalerts. Feel free to follow us there from any mastodon or other fediverse or ActivityPub account, or just bookmark the URL.

The usual place to look for Informatics computing help is https://computing.help.inf.ed.ac.uk

Details of University IS alerts (Information Services) are published at: https://alerts.is.ed.ac.uk

 

Posted in Uncategorized | Leave a comment

Virtual DICE is now available

We’re pleased to announce a new version of Virtual DICE for 2023–24.
Here’s how to download it.

What’s Virtual DICE?

The managed Linux machines here in the School of Informatics run an environment which we call DICE. It’s based on Ubuntu Linux. We use DICE on desktop computers and on servers, but there’s also a virtual version called Virtual DICE. It runs in VirtualBox, and it’s meant for personal machines. Each year we release a new version.

It has most of the software that’s needed for first and second year undergraduate exercises.

You can change it

Because Virtual DICE is a virtual machine, designed to be run on personal laptops and the like, it does not by default have a large amount of memory, file space or CPU cores, so it’s not useful for big, demanding computing applications. However, since it’s a virtual machine, you can change its hardware specification as you like. You’re only limited by your host machine.

You also get root access, so you can reconfigure Virtual DICE as you like.

To find out more read the Virtual DICE help pages.

Please upgrade from earlier versions

If you have an earlier version, please export whatever files you want to keep (for example, copy them to your AFS home directory) then delete it and install this new version instead.

Reporting problems

If you try it and you want to report a problem, we’d love to hear about it. Please use The Support Form, mentioning Virtual DICE in your message. Thanks!

Posted in Uncategorized | Leave a comment

MFA is coming

(Now updated to mention otpclient.)

As you may know, the University is introducing MFA, or Multi-Factor Authentication. It’s doing this to increase security, to protect us from increasingly severe online threats. At the moment MFA is specifically for Microsoft services – Teams, email, SharePoint, Office 365, and so on.

What is MFA?

In practice what this means is that when you use one of these services, as well as being asked for your username and password you will occasionally also be asked to validate your login in some other way, usually by providing a 6 figure number, different each time.

You can get this number – a validation code – in a number of ways. For example, you can use an authenticator app on your smartphone or other device, or you can validate using a text message, or by means of a phone call to a phone number which you provide – perhaps your office phone if you have one.

You must register in advance

You can use whichever of these methods is convenient at the time, but you need to have set up each method before you can use it. This only has to be done once for each method you want to use. It’s a good idea to set up several different ways of validating your Microsoft login, so that if your favourite one isn’t available (say, if you lose your phone), you can still validate your login.

Of course, you need to have set these up in advance, before you need to use them. Don’t worry – it’s easier than you might think.

Who uses MFA?

We will all use it eventually, but the University is doing it in stages. In Informatics, Professional Services staff have already moved to MFA. At the time of writing, our research staff and research students will be moving to it soon. Everyone will be moved to it at some point this year or next.

To find out more

The University’s MFA site tells you all about it, including how to set up your validation methods and which ones might be right for you.

Need help?

The dedicated MFA support team can provide help when you need it, 7 days a week.

MFA validation on DICE

On DICE you can generate your MFA codes using otpclient. There’s also a command line version called otpclient-cli.
Each of these has a man page, but there’s also an excellent writeup of how to use them on the otpclient wiki at How to use OTPClient (external link).

To add otpclient as an authenticator for your Office 365 account, use the University’s instructions for Alternative authenticator apps.

There’s a version of this article at computing.help.inf.ed.ac.uk/mfa.

Posted in Uncategorized | Leave a comment

Changes to https://lists.inf.ed.ac.uk/

There has been a unpublished local feature of the mailman lists service running on https://lists.inf.ed.ac.uk which has changed. The short version is that if you used to deliberately use the URL https://lists.inf.ed.ac.uk/mailman/… to log you into list, you should now use https://auth.lists.inf.ed.ac.uk/mailman/…

Now a bit more detail and history. The original web interface to the list management pages were only available on the HTTP website http://lists.inf.ed.ac.uk/, and any authentication used mailman’s built in mechanisms. Later, as a convenience to local Informatics users, the HTTPS version of the site, https://lists.inf.ed.ac.uk, used weblogin.inf.ed.ac.uk and Cosign to authenticate you, and if you were on (or managed) the list using your UUN@inf.ed.ac.uk email address, then you’d get the appropriate access*. This saved you having to remember your mailman password, and used the more secure HTTPS protocol.

This feature was not widely announced, as its usefulness is limited. It didn’t work for non-Informatics members of lists, and also doesn’t work if you are Informatics, but are on the list with an address other than your UUN@inf.ed.ac.uk style address*.

Nowadays modern web browsers will prefer to use the HTTPS versions of websites, rather than the HTTP version. This has been leading to more problems for users of lists.inf.ed.ac.uk, as non-Informatics people were unable to authenticate and hence use the https://lists.inf.ed.ac.uk URL. If they forcibly used the HTTP version, then they would be OK (apart from HTTP being a poor choice for things asking for passwords!).

So we have now removed the Cosign authentication from the https://lists.inf.ed.ac.uk/ version of the URL. It now behaves the same way as the HTTP version of the site, but over the more secure HTTPS connection.

For those that did use the Cosign feature of the previous version of the HTTPS site, this has now moved to the new URL https://auth.lists.inf.ed.ac.uk/… however, as before, this feature is only really of use for Informatics users who manage (or are on) lists with their UUN@inf.ed.ac.uk email address*.

Neil

[*] This is not strictly true, your @ed.ac.uk email address may also work, depending on what is registered as your primary contact email address.

Posted in Information, Service Update | Leave a comment

Remote desktop service upgrade

We will be upgrading the Informatics XRDP Remote Desktop (remote.inf) cluster from Ubuntu Focal to Jammy on Thursday this week (14th September).

The work will begin at approximately 09:00 and we expect the service to be unavailable for several hours.

Whilst the service is unavailable those users with DICE desktops can access that via RDP through the Informatics VPN. Staff also have the option of using the alternate service on staff.xrdp.inf.ed.ac.uk

You can find more information on our XRDP service on our help site

If you have any queries about this work please contact the Computing Team via our support form.

Posted in Uncategorized | Leave a comment

Brief shutdowns of Informatics services

What you need to know

In the next few weeks quite a few Informatics web servers – and other computing services – will be shut down for a short time. Most of them will go down for only a few minutes, but a few servers will have to be down for an hour or two. The shutdowns will happen one at a time, so we can’t give precise times for each one – but we will do our best to avoid busy periods. Normally we avoid downtime (see “hot migration” below) but on this occasion it’s necessary.

What will be affected?

  • Many of the school’s web servers, including those for research groups and institutes
  • The RT (issue-tracking) servers which we use for student services and for computing support
  • At least one AFS database server (so there will be a few minutes during which there could be slight delays to AFS file access)
  • At least one print server
  • The new users’ password portal pp.inf.ed.ac.uk
  • This server, blog.inf.ed.ac.uk

Why?

Informatics computing staff are having a busy summer. There’s lots to do, but in particular we’re working fast to finish the upgrade of the 1250 or so DICE (managed Linux) computers to Ubuntu Linux.
The urgency is because security support for Scientific Linux, our old OS version, will stop later this year. Security updates are a crucial part of protecting our web servers and other computers from botnets, ransomware and other attacks.

We started the upgrade project some years ago, and it’s mostly done – including the lab desktops for instance – but there are still a few hundred computers to go, mostly servers and virtual machines running a variety of services.

We have hundreds of managed virtual machines (VMs). They do various jobs for us. For instance, most of our many websites run on VMs, and so do a lot of infrastructure services (authentication management, automated configuration, printing, all sorts of things).

The VMs are mostly hosted on a few larger servers. From time to time those servers need maintenance, and when that happens, we usually “hot migrate” their VMs to other servers. Hot migration happens transparently – while the VM is moved to another host it appears to keep running without an interruption. That’s very handy. This time though, it’s not possible to hot migrate between an SL7 VM server and an Ubuntu VM server – their virtual hardware support is just too incompatible. Instead, the VMs have to be shut down, then transferred across, reconfigured, then booted up again.

For most VMs this takes just a few minutes. Many of those brief shutdowns won’t be noticed, and in fact most of them have already been done, but a few will be obvious – hence this blog article.

If you have questions, please drop a line to computing support. Thanks.

Posted in Uncategorized | Leave a comment