In the past we allowed sending e-mails over the D-PHYS mailserver from everywhere inside ETH to allow D-PHYS users to send e-mail via VPN or WiFi without the need to enter a password.
However the amount of misuse of this rule in the form of sending out spam from compromised machines inside ETH but outside D-PHYS raised significantly in the last few weeks.
Due to this development, we are forced to restrict password-less sending of e-mail via the D-PHYS mail server to a few D-PHYS networks — and in the future we might tighten this even more.
For now this means that you will need to authenticate yourself with your D-PHYS account, when sending e-mail via the D-PHYS mail server from outside D-PHYS. This includes sending e-mail via the ETH WiFi networks and connections via ETH VPN. This change is effective immediately.
Please see our documentation about how to send e-mails from outside D-PHYS if you need help reconfiguring your e-mail client.
UPDATE Thu 12.09. 07:30 If you’re trying to connect to a SMB share from an unmanaged Windows machine, you have to use “ad\USERNAME” instead of just “USERNAME” from now on.
UPDATE 21:15 apart from the IGP group shares (which will be back in a few hours) all systems are back to normal. Please let us know if you experience any problems.
In order to upgrade the operating system on several core infrastructure servers of the Department, we schedule a general maintenance downtime on
Wednesday September 11, starting at 17:00, lasting for several hours.
Most services will be affected and unavailable during that time, as they require an authentication with your D-PHYS account (email, file server, print server, managed workstations). Note that, even though you will not be able to check your emails or send new ones, all incoming mails will be received and safely delivered to your inbox afterwards.
Please make sure to save all open documents before 17:00 on that day.
Since we will also change the way file server mounts are authenticated, users who haven’t updated their passwords in a very long time might not be able to mount their home directories or group shares after the migration. If you run into this problem on Thursday morning, please first change your password. If the issue persists, contact us.
We will post an update when things are back to normal.
Yesterday (August 21), between about 13:42 and 21:25, the virus filter on our mail server flagged some legitimate mails as containing a virus. The reason was a bad signature in the virus database that came in via the automatic updates. This signature was automatically removed by a subsequent update.
Like all viruses these false positives were quarantined. Once we understood the problem we could reinject them back into the regular processing of mails. If you were affected by this, you should receive the mails shortly.
We apologize for the inconvenience.
Microsoft will end the extended support cycle for Windows XP on April 8, 2014. This means that after this date no more security patches or maintenance updates will be released by Microsoft. For all practical purposes, Windows XP will be dead after this date.
We at the Physics Department are going to face some problems when XP reaches its end of life:
- Our client computer network is directly exposed to the Internet, thus we depend on a continuous availability of operating system patches. Furthermore we are bound to ETH’s Acceptable Use Policy for Telematics Resources (BOT), which orders every system owner to install OS upgrades to avoid security issues. Since for Windows XP no more security patches will be available after April 9, 2014, from then on it is not possible to fulfill the BOT requirements and to ensure overall system security. Running Windows XP connected to the ETH network will become a security issue after the April 8, 2014 and will not be tolerated by ETH’s network security.
- A network scan unveiled several dozen Windows XP machines still connected to our client computer network. One reason may be that measurement instrument controller software still depends on that version of Windows. Also old hardware might be in use which does not run well with a newer operating system.
Regarding these facts, we would like to ask you to start analyzing your Windows XP machines and the dependencies and reasons of the existence of this operating system. The following points provide some steps and hints about the process to eliminate or upgrade current Windows XP machines.
- Check whether there are Windows XP machines still in use in your computer ecosystem and analyze whether a software or hardware component really depends on this version of Windows.
- In case your Windows XP installation is needed to control specific lab equipment and you are locked to this OS version, please check with the manufacturer of the equipment whether new software or drivers are available or a hardware upgrade allows to migrate this Windows XP computer to a newer version of Windows.
- If an upgrade to a newer Windows release generates extra cost, now would be a good time to spend this money to keep your systems and equipment up to date and to have a stable environment without running into IT security concerns in the near future.
- Please draw up any possible cost to the 2014 budget so new hardware/software can be ordered prior to the end of life date of Windows XP and the system can be upgraded in advance.
- If you face a situation in which it is not possible to upgrade to a higher version of Windows for technical or financial reasons, please contact us. We can help you analyze your specific situation and can try to find particular solutions to isolate your Windows XP installation from the network or maybe find a way to upgrade to a higher OS release.
You are welcome to contact us in any case of questions or concerns relating the Windows XP end of life topic. We can provide help to migrate away from Windows XP as swift as possible so you can keep your systems secure and stable.
Please note that after April 8, 2014, Windows XP will not be tolerated on the ETH network and we will be required to enforce this rule.
In the wake of Prism and Tempora I guess this comes exactly at the right time:
In collaboration with our colleagues at Informatikdienste we are proud to open the beta test to a new ETH-wide cloud storage service: polybox.
If you’ve ever used dropbox et al., you’ve probably come to appreciate the convenience of seamlessly sharing data from one computer or even mobile device to another via a cloud storage service. Effortless though this might be, you always have to keep in mind that your data will live ”somewhere out there” in the cloud, and as we’ve learned the hard way in the last few weeks, the audience looking at your data is often larger than we think.
With polybox, this is fundamentally different: your data never leaves ETH’s servers unless you carry it away yourself. In contrast to basically all other cloud storage services out there, polybox is therefore suited for storing data you don’t want everybody and their cousin to read.
The service is now open to beta testers and provides 5 GB of cloud storage to every ETH student and employee. You can access your data via web frontend or install the handy sync clients that come with it. Please note that the documentation still lists some open issues (last two links in German) in the beta version, so please be prepared to provide feedback if you encounter any errors.
Please also note that polybox uses your n.ethz account and not your physics account and hence has no relation to your data at D-PHYS.
Due to a test relating the electric power supply of the HIT building there will be a planed interruption from 6:30am to 9:30am on Monday the 15th of July.
Please note that the whole HIT building will be without electric power during this time (The server room HIT D 13 is excluded from this interruption). Shutdown your computer and switch off (use main switch if available or unplug) your electrical devices in advance to avoid local data loss and help prevent start-up peaks when electric power is switched back on.
Historically the D-PHYS print server has been accessible under the host name
printer.ethz.ch. As it turns out, this name violates ID’s DNS rules and they have requested we change it. We therefore have modified all references pointing to
printer.ethz.ch to now address
printer.phys.ethz.ch. We have incorporated some technical solutions that redirect many connections automatically, and also our managed workstations have been migrated, but there might be individual configurations that need manual intervention. So if printing stops working after Wednesday evening, you might have to change the print server address — see our printing documentation.
Read the rest of this entry »
We will perform a maintenance reboot of several infrastructure servers on Thursday, 16th of May 2013, starting around 5pm. This will cause a downtime of all e-mail related services (receiving + sending mail, accessing webmail and non-cached mails) as well as the license server for IDL, the control server for Condor grid computing, and most hosted virtual machines.
We expect the downtimes to be short and sequential.
Update 17:50: Everything went fine, we’re back to normal.
On Monday, March 25, ISG will be on an all-day field trip to CERN. No mails, tickets or phone calls will be answered on that day. We’ll catch up with your requests on Tuesday.
Last night the regular daily software update on the managed Ubuntu workstations removed the network-manager package. This left most of the workstations unusable. We are working to restore the network connectivity.
We apologize for the inconvenience.