Printer Changes in Informatics

During the recent lockdowns, new working practices have developed which place far less reliance on the printing out of materials. Recognising this, and wishing to reduce the financial and environmental impact of printing across its estate, the University has adopted a policy on sustainable printing, the implementation of which will see printers with low levels of usage in their existing locations being redeployed to areas where new printing requirements have been identified. This is being done in preference to procuring new devices for these areas.

In Informatics, the printers identified as suitable for redeployment are the small mono A4 devices located in the SW corner of each floor of the Forum and the labs on level 3 and 5 of Appleton Tower, hardly surprising since usage levels of all of these devices have been consistently low, even before lockdown. One of the Forum printers has already been moved to the Wilkie Building to accommodate Informatics students who have relocated there, and a second was recently moved to another part of the University. It’s not possible at present to say when the other devices will be removed since this will depend on when new locations are identified for them. Note that the A3 colour printers will still be available on all floors of the Forum, and that the colour printers on levels 4, 6 and 9 of Appleton tower will also remain.

Craig.

Posted in Service Update | Leave a comment

DMARC change to mailman lists

DMARC is a technology designed to combat forged email coming from
senders other than those who are entitled to send as a particular
domain.

Unfortunately there are times where you may want to legitimately “forge”
the sender address of an email. eg on mailing lists. Typically if a
poster sends a message to a list it arrives from their actual email
address, eg jbloggs@some.domain.org.

The mailing list software then sends that email to all the members of
the list, and depending on the list settings, usually as the original
sender’s email address, in this case jbloggs@some.domain.org. So if
this list is hosted at inf.ed.ac.uk, then our mailserver has to
“forge” the email to look like it has come from the @some.domain.org
domain.

Through DMARC the owners of some.domain.org say inf.ed.ac.uk is not
authorised to send mail as @some.domain.org, and anti-spam filters
will take this into account when deciding to deliver the “forged”
email.

This situation is now affecting the use of some of our lists, eg if
they contain non-inf.ed.ac.uk addresses, and those members post to the
list. The lists involved could be changed so that all posts to the list
appear to come From: listname@inf.ed.ac.uk (rather than the original
sender), but then all replies would automatically go to the list,
which is not usually what you want.

The mailing list software we use, mailman, has an option to detect if
a poster is posting from an address using DMARC, and for their posts
it changes the From: field to be listname@inf.ed.ac.uk, and sets the
Reply-To: their original address. This should then keep the anti-spam
filters happy, and still mean that replies would tend to go direct to
the poster, rather than the list.

This setting is now the default for new informatics mailing lists,
and shortly we will be retrospectively enabling this setting for
existing lists.

If you are a list owner, then you check the setting under Privacy
options -> Sender Filters -> dmarc_moderation_action

Neil
Services Unit

Posted in Information, Service Update | Leave a comment

Research Data Management

The University runs a Research Data Management Service which encompasses all aspects of Research Data Management including recording Data Management Plans, storing active data, sharing data, archiving data and providing forums and training facilities.

The main features are:


  • DMPonline
    Free and open web-based tool to help researchers write data plans
  • DataStore
    To store data in active use
  • DataSync
    ‘Dropbox-like’ file-hosting service for non-sensitive data
  • DataShare
    Edinburgh DataShare is the University’s Open Access (‘OA’) multi-disciplinary data repository run by the Research Data Service
  • DataVault
    Provides a long-term, low-cost, immutable, and safe storage solution for your research data, which is no longer active or not intended for publication.
  • PURE datasets
    Pure is the University’s Current Research System which provides a data catalogue and is used to populate Edinburgh Research Explorer

For more information on Research Data Management, please read the recently created computing.help page which gives a summary of all the options available within the University Research Data Management Service and

Research Data Management

Posted in Uncategorized | Leave a comment

Shut down of Informatics servers at KB

To improve the resilience of the services hosted in the JCMB server room, a new Uninterruptible Power Supply (UPS) is being installed to cover the whole room.

Unfortunately this work needs the power to be switched off for a period of time. That will mean shutting down servers and services.

The thing that will affect most users will be a delay on some machines when they try to access their files in AFS, as one of the AFS Database servers is in JCMB. If an AFS client is using that DB server, it will take a couple of minutes for it to fail over to one of the others in the Forum or Appleton Tower.

Servers will be powered down from 5pm on Friday (11th June), and restarted as soon as they can be once the work is complete. We expect this to happen on late Saturday afternoon/evening.

Other services will also be affected, including the student lab booking service lbs.inf.ed.ac.uk, but their owners have been contacted separately. However, any oddities from Friday evening until Saturday evening are likely to be related to this power work.

Thank you for your understanding.

Posted in Information, Service Update, system event | Leave a comment

Routing changes between Informatics and EdLAN

For many years we have used the OSPF routing protocol to exchange IPv4 and IPv6 routes with the rest of EdLAN as well as internally within Informatics.  As a result of the University’s network replacement project, however, that’s going to have to change as EdLAN adopts a more layered structure.  We’ll continue to use OSPF internally, as it suits our needs well, but we’re going to adopt BGP instead to exchange routes with EdLAN.

It’s a bit more fiddly to set up, as there are many more knobs that can be adjusted to allow for different users’ situations, but it does have the advantage (to both us and EdLAN) that policy decisions over which routes are accepted by either side are much more clearly set out, so in the long term there should be better stability and fewer surprises.

We’ve been trying this out on a couple of test routers for a while now, and are reaching the point where we’re ready to bring it into service.  The cutover date for the Informatics Forum EdLAN distribution router is likely to be Tuesday 15th June, though before that can happen we do need to upgrade all of our Linux Forum edge routers.  This will be happening over the next week or so, and will require each one to be rebooted in turn.  Most of this work shouldn’t be noticed, for the most part, but there will be short breaks while the Forum main router and the OpenVPN endpoint are rebooted.  We’ll try to give as much notice of these as we can, though given the time constraints of the EdLAN replacement project, the Covid restrictions, and the fact that we really want to be on-site for this work, it probably won’t be possible to delay much,

Once the Forum is bedded in, we’ll move on to convert the Appleton Tower part of our network and our (mostly-)DR site at JCMB.

In due course there will also be changes to the way our network edge is set up, but the details of that will have to be worked through nearer the time.

Posted in Uncategorized | Leave a comment

Making your website HTTPS

For a few years now, modern browsers like Chrome, Firefox and Edge
have been warning as “insecure”, web sites that are served as plain
text over HTTP (port 80).

web browser insecure HTTP screenshot

Example web browser warning when visiting an HTTP site.

Informatics are working through making all our managed websites
available over encrypted HTTPS (port 443). If you run your own website that
is only accessible over HTTP, then you probably want to be thinking
about making it accessible via HTTPS.

At some point web browsers are likely to drive home the point more
forcefully that users are visiting an HTTP only site, and
may even stop supporting HTTP only sites.

If you’ve already configured your own web server, then adding HTTPS is
relatively straightforward, the trickier part being obtaining a
suitable HTTPS SSL certificate for your site.

You will probably have the option to generate a “self-signed”
certificate, which will at least encrypt the web traffic between your
site and the browser, but will lead the web browser flagging a
different warning about a site using a self-signed certificate.

To obtain a trusted SSL certificate, you could use something like Let’s Encrypt
(https://letsencrypt.org/), or perhaps purchase one from your ISP, or a
separate commercial SSL provider.

Good luck.

Posted in Information, News | Leave a comment

Remote desktop now needs the VPN

To use our remote desktop service, or any RDP connection to a computer at Edinburgh University, you must now (edit: from 07:00 on Wednesday 28 April) use a University VPN. If you don’t, you won’t get a connection.

If you already use the University VPN or the Informatics OpenVPN, carry on – RDP should work for you. You won’t need the VPN if your computer is already on the University of Edinburgh network – for instance in a computing lab or an office on campus.

RDP without VPN has been blocked for security reasons.

See these pages for more help:

Posted in Uncategorized | Leave a comment

New SSH Server

On Monday 1st March we will replace the SSH server named “bruegel” which hosts ssh.inf.ed.ac.uk and student.ssh.inf.ed.ac.uk with a new machine named “auriga“.

All that will happen is that at about 09:00 on Monday we will change the DNS alias to point to the new machine. This change can take some time to propagate so we will not switch off access to bruegel immediately. It will be left running as normal until 12:00 Friday 5th March. This should allow sufficient time for users logged in to finish their existing sessions and move to the new server.

The IP address for the service will change from 129.215.202.74 to 129.215.202.38, your SSH client may warn you about this change and request verification. For reference the new SHA256 host key fingerprints are:

  • RSA – aviY6lcxhKE0H7PofATPrxHA+j7W6WOp+aO2sTXRDWQ
  • ECDSA – PAvZ5s2rxWV/IyI8+sBkbZmP3iCffArdUt/IdhgBrS0
  • ED25519 – WicgoLcme2IviSSQ+WUHLqDBT/VI5e05NWS/qW8g9lE

More information regarding the SSH service can be found on our help pages. If you encounter any problems accessing the SSH service please contact us via the Support Form.

Posted in Uncategorized | Leave a comment

Power cut, Sunday February 7th 2021

The BBC news website tells us (https://www.bbc.co.uk/news/uk-scotland-edinburgh-east-fife-55979665) that:

“A large swathe of Edinburgh and the Scottish Borders was plunged into darkness following a power outage on Sunday night.

“SP Energy Networks said about 88,000 homes experienced the power cut just after 21:00.

“Households in the capital were affected, as well as properties as far south as West Linton and Cardrona.

“The power cut, due to a fault on the transmission network, lasted for up to 45 minutes.”

That power cut affected the Informatics Forum, among other places. If you’re wondering why our main computing services were not affected, well, we have our fairly-recently-installed server room UPS to thank for that.

At the start of the power cut, the UPS switched over to its battery supply and reported an expected run-time of 57 minutes. The power cut in the Forum lasted about 40 minutes. At the end of that time, the UPS reported that its batteries had been run down to about 27% of their capacity – i.e. the ‘expected’ and ‘actual’ figures for the performance of the UPS more-or-less match.

It’s always nice when something works out, isn’t it?

Note that our UPS is sized so that, were it supporting its full potential load of 200 kW, it should have a battery run-time (or ‘autonomy’, to use the official UPS jargon) of 30 minutes. Our current total server room power load is about 110 kW.

In the UK, lengthy power cuts are thankfully relatively unusual events; generally, 95% of all mains outages last for less than five minutes

Posted in News | Tagged | Leave a comment

Significant Issues with the School’s OpenAFS File System

We are currently experiencing significant issues with the School’s OpenAFS file system. This contains our user’s DICE home directories along with the majority of the School’s group and research data. The majority of our administrative data is now held on the University’s DataStore service and so is unaffected.

This issue is not restricted to Informatics but is affecting OpenAFS file systems world wide. The OpenAFS community, which includes organisations such as CERN and Carnegie Mellon University, has been working on this problem and it is believed that the cause has been identified and a solution will soon be available.

The general consensus is that there is no risk of permanent data loss due to this issue but users should be aware that they may at any time, without warning, temporarily lose access to any data they may have stored in our OpenAFS file system. They may therefore wish to copy any data they may need access to in the next few days to a SECURE location outwith the School’s file system. Ideally, data should be moved to another University service such as DataStore or DataSync (see http://computing.help.inf.ed.ac.uk/central-data-storage for more details of these services) but users may find it more convenient to copy their data to their local machine. Users should only do this if their local machine is secure (i.e. in a safe location and with an encrypted disk) and if they can make local arrangements to back up any changes made to their data.

We apologise for the inconvenience this may cause you and will keep you informed of progress in addressing this issue. If you need help with moving your data or have any questions, please contact Computing Support using the form at http://www.inf.ed.ac.uk/systems/support/form/ in the usual way.

Update 11am 15th January 2021

  1. The cause of the issue has been identified and a patch produced by Jeffrey Altman of Auristor. Many thanks to Jeffrey for his quick action.
  2. We now believe that the School OpenAFS file system will remain available, albeit with possible short interruptions as file servers are updated, PROVIDED THAT YOU DO NOT REBOOT YOUR MACHINE. Rebooting your machine will cause you to lose access to your data.
  3. We are currently planning deployment of the patch to desktop and lab machines. We will issue a further update later this afternoon with details of how this will happen.

Update 5pm 15th January 2021


  1. The servers providing the OpenAFS infrastructure have been patched and restarted.

  2. All desktop and lab machines will be patched and rebooted automatically at some point early next week.

  3. Until this patching takes place, machines should still be able to access the file system. If you do encounter issues, we recommend that you reboot the machine immediately. This will install the patch and should fix the issues.

As ever, if you are having problems, or have questions about any of this, please contact Computing Support using the contact form at http://www.inf.ed.ac.uk/systems/support/form/.

Posted in Uncategorized | 1 Comment