capturED replacement

The lecture capture system (capturED) that has been in place throughout the University for a number of years is now no longer supported by IS. As a result of the efforts of AHSS (in particular, the Business School), CSE has found an alternative (Panopto) which has been piloted and is now installed in the majority of lecture theatres.

A number of lectures have now been recorded successfully using panopto. Although it does have its limitations e.g. in the majority of lecture theatres, it is only possible to capture screen and audio, the feedback so far suggests that it has proved reliable and simple to use. There is now a page on computing.help which links to clear instructions created by PPLS on how to use panopto.

computing.help.inf.ed.ac.uk/panopto

The pages do, however, refer to contacting PPLS support – if you do have any questions or need support, please contact Informatics support in the usual way rather than PPLS.

You may also have seen a recent news article about the University targeting an improved student digital experience by investing in a state-of-the-art lecture recording system covering 400 rooms. The process has only just started and there is an opportunity to take part in the User Consultation process. If you would like to contribute to this process, you can take a look at:

https://www.wiki.ed.ac.uk/display/LRec/Lecture+Recording+User+Consultation

and add any comments/suggestions that you may have.

Posted in Uncategorized | Leave a comment

Linux “Dirty COW” vulnerability

On 20th October 2016 it was announced that a serious security hole had been discovered in the Linux kernel which was already being actively exploited. This vulnerability has been dubbed "Dirty COW" due to the exploit using a race condition in the implementation of the copy-on-write mechanism. Although described as a local exploit the bug can be exploited via web frameworks such as WordPress so we consider this to be a critical remotely exploitable vulnerability.

DICE machines have been updated and rebooted to apply the fix. All users with self-managed machines MUST ensure their machines are running a kernel which is not exploitable via this vulnerability. All Linux distributions now have fixes available, see the "Dirty COW" website for details.

If you need advice or assistance with dealing with this issue please contact the Computing Team via our support form.

Posted in Uncategorized | Leave a comment

Virtual DICE

A new version of Virtual DICE is now available for download. (Here’s how to download it.) If you don’t know what Virtual DICE is, read on.

The managed Linux machines here in the School of Informatics run an environment which we call DICE. We use DICE on desktop computers and on servers, but we also make a VirtualBox virtual machine version of it, intended for personal machines. This virtual version is called Virtual DICE.

Twice a year we release a new version of Virtual DICE. The latest version, released on 2 November 2016, has the hostname priuli and this login screen:
Virtual DICE login screen

If you have an earlier version of Virtual DICE, please export whatever files you want to keep (for example, copy them to your AFS home directory) then delete it and install the new version instead.

Because Virtual DICE is a virtual machine designed to be run on personal laptops and the like, it does not by default have a large amount of memory, file space or CPU cores, so it’s not useful for big, demanding computing applications. However, since it’s a virtual machine, you can change its hardware specification as you like, up to the limits imposed by your host machine.

To find out more read the Virtual DICE help pages.

Posted in Uncategorized | Leave a comment

Changes to DICE Password Policy

We have introduced a new password policy for DICE accounts:

http://computing.help.inf.ed.ac.uk/password-policy

The significant changes made to the previous policy are:

  • We now have a more flexible approach to the number of character
    classes required in any password – specifically that the longer the
    password, the fewer number of distinct character classes is required.

  • All password checking is now undertaken on the server-side – prior to
    these changes, we had a mixture of client and server side checks.

Posted in Uncategorized | Leave a comment

IPv6

The “IPv6 investigation” project has made good progress since my previous post in January.  We have had global connectivity since February, and have been testing on a variety of subnets since then, including all of our “server” subnets, and most recently the “Appleton Tower” (including Forrest Hill and Wilkie) managed DICE desktop subnet.

We have seen few issues with these, so will be rolling IPv6 out to the Forum DICE subnet on Tuesday of next week (6th September).  All SL7 machines on that subnet will then acquire IPv6 addresses, which they will start to use, often in preference to their IPv4 addresses.  DNS entries will also be created for all of these machines.

(Servers are being given IPv6 addresses individually as their managers deem the services on them to be IPv6-ready, particularly as regards access control.)

Unfortunately we won’t be able to roll out IPv6 to self-managed machines for a while yet.  Many of our network switches are currently lacking some security features which are required before it would be safe to open these subnets to the variety of systems we have on them.  We had hoped that these switches would have been upgraded by now, but the process was blocked by IS’s ongoing EdLAN review.  We’ll post again once we’re in a position to begin IPv6 tests with self-managed machines.

Managed Windows desktops will also be IPv4-only for now.  We identified a few issues with these in testing, which we have passed back to IS for evaluation, and await their response.

The project’s working documentation, including useful links, can be found here.

Posted in Uncategorized | Leave a comment

SSH Server Upgrade

We need to upgrade the general access SSH server (schiff) to SL7. We plan to start this work at 9am on Tuesday 16th August. We expect the service to be unavailable for approximately 2 hours, we will send out another message when the work has been completed.

During the period of downtime an alternative SSH server – staff.ssh.inf.ed.ac.uk – will be available for those with permission to access that server (all staff and postgrad students).

If you have any queries regarding this please use the User Support form.

Posted in Uncategorized | Leave a comment

Git in the School of Informatics

Git is a version control system which has become very popular within Informatics. In fact it has become so popular that we are now offering no less that three different Git related services within the School! At this point, if you are familiar with Git, you may be wondering why we bother since it is trivial for any user to set up a Git repository in their home directory with a couple of simple commands. This is true, and indeed may be all you need if you are the only person using that repository. Setting up a Git repository to be used by others is trickier and it is this need which the School Git services aim to meet.

First up, we have git.inf.ed.ac.uk and its close associate https://gerrit.inf.ed.ac.uk, the longest running of the three service and the closest to a “classic” Git service. This supports Git over the git:// and ssh:// protocols. So far, so nothing special but as the second URL suggests, this Git service is run in conjunction with a Gerrit instance. Gerrit is a web based code collaboration tool. Because it is web based, it means that external collaborators can access repositories by creating an iFriend account and, after visiting the gerrit URL (which automatically creates an account for them), register one or more ssh public keys allowing them to contribute to the Gerrit repositorys if they have the necessary permissions. This last condition is necessary because Gerrit provides fine grained control over what access registered users have to a project. Finally, Gerrit provides code review which may be important for some projects. You can find out more about the Git/Gerrit service here.

One issue with Gerrit is that it can be tricking to configure and manage permissions for, and contributions to, a project. In an effort to provide a multi-user Git service which would offer many of the advantages of Gerrit without all the complexities, we have introduced git2.inf.ed.ac.uk. The main feature which makes the git2 service stand out is that the Git repositories are located on AFS file space. When a repository is set up (and another advantage of git2 is that repositories can be set up by users, there is no need to request Computing Support to set up a repository), two AFS groups are set up, one giving read access to the repository and the other write access. The repository owner can therefore control access to the repository by putting users in the appropriate groups. Access is via the file:// protocol (though repositories may also be made readable via the git:// protocol if desired). It will be seen therefore that for a user to be able to access a repository, they must have AFS access. iFriend accounts can be given AFS credentials allowing external collaborators to access repositories though they can do so only through an AFS client. Find out more about this service here.

Finally, we have gitlab.inf.ed.ac.uk, a local Gitlab-CE instance and intended as a short term stand in until a mooted college-wide Gitlab service comes along. This is very much a test service at the moment and as such does not feature some aspects which would normally be expected of a DICE service such as integrated sign-in via Cosign. Instead, you must currently create your own account when you first connect to the service and will have to set up a password which is unconnected to any other School or University password (and please don’t reuse an existing password!). Access to the Gitlab Git repositories is currently only available via the http:// protocol. External users can make use of this service but will also need to create an account. As mentioned, this is a test service which will continue to be developed and is subject to withdrawal at very short notice if necessary (for example if there are security concerns). This Gitlab service can be found at gitlab.inf.ed.ac.uk

So which Git service should you use? If you absolutely must have code review, then Git/Gerrit is the one to use. If you want a straightforward self-service Git service and all your external collaborators who will need to contribute to the repository have access to an AFS client, then git2 may be a good fit for your needs. And if you would like to try a web based development environment and can live with the possibility that it may disappear at short notice, then why not give Gitlab a try?

Questions and suggestions about how these services might be improved are welcome. Please use the support form to make contact.

Posted in Uncategorized | Leave a comment

Staff SSH server upgrade

We need to upgrade the staff SSH server (brendel) to SL7. We plan to do this at 9am on Tuesday 9th August. We expect the service to be unavailable for most of that morning, we will send out another message when the work has been completed.

During the period of downtime the alternative SSH server – ssh.inf.ed.ac.uk – will be available.

If you have any queries regarding this please use the User Support form.

Posted in Uncategorized | Leave a comment

New smtp.inf.ed.ac.uk certificate

The x509 certificate used to secure communications with smtp.inf.ed.ac.uk changed this morning.

The authenticated SMTP service uses an automatically generated certificated, ultimately signed by the University’s root CA. The service certificates only last a year, and this morning it was automatically replaced with a new certificate.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3811 (0xee3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Scotland, O=The University of Edinburgh, OU=Informatics, CN=Automated Server Key CA
        Validity
            Not Before: Jun 28 02:49:21 2016 GMT
            Not After : Jun 28 02:49:21 2017 GMT
        Subject: CN=smtp.inf.ed.ac.uk, OU=Informatics, O=The University of Edinburgh, L=Edinburgh, ST=Scotland, C=GB

If you have previously had to accept a warning from your mailer indicating that you trust the smtp.inf.ed.ac.uk certificate, you will probably have to do so again for this updated certificate.

Our apologies for not warning you in advance.

Neil

Posted in Uncategorized | Leave a comment

SL7 Software Collections

We have recently added support for the Redhat Software Collections (2.1) on SL7 DICE machines. Redhat describes these as:

For certain applications, more recent versions of some software components are often needed in order to use their latest new features. Red Hat Software Collections is a Red Hat offering that provides a set of dynamic programming languages, database servers, and various related packages that are either more recent than their equivalent versions included in the base Red Hat Enterprise Linux system, or are available for this system for the first time.”

By default we have added gcc 5.2.1 from the Developer Toolset (4.0), others are available and can be added on request. Full details of the software collections are available and the details for the Developer Toolset are also available.

Redhat have recently announced Software Collections version 2.2 and Developer Toolset 4.1. Once that becomes available for Scientific Linux we will update DICE.

Information is available for this topic on the Computing Help site. Any questions or requests for additional software should be submitted via the usual support form.

Posted in Uncategorized | Leave a comment