|
When you send an initial request, you will receive an e-mail from RT acknowledging receipt. If you do not receive this, then there may be a problem so you should contact your local support office. If your mail is moved to another queue, you will also receive an e-mail detailing which queue your ticket has been moved to. You will also receive an e-mail when one of the CO/CSO staff take ownership of the ticket.
You can, of course, reply to any of these e-mails if you require an update or if you have further information to give us to help solve your problem. To give you an idea of the volume of requests that we receive, here are some statistics for the past few months:
| November | December | |||
|---|---|---|---|---|
| All Queues | Support Queue | All Queues | Support Queue | |
| Total | 761 | 343 | 479 | 188 |
| Resolved | 579 | 315 | 297 | 172 |
| Stalled | 7 | 1 | 3 | 0 |
For more details please see: http://www.inf.ed.ac.uk/systems/support/rtuseraccess.pdf
The network team is now investigating how wireless coverage may be improved at our four sites. Forrest Hill, in particular, is likely to prove awkward to cover reasonably completely, due to the nature of the building, and we will therefore be conducting some experiments there first before attempting to install the access points in anything like their final locations. Meanwhile, if you are aware of coverage holes at AT, BP and KB which you haven't already discussed with the network team, we would be pleased to hear from you.
The OpenVPN system which we have set up for DICE managed laptops has also proved effective for DIY-DICE machines. However, we are aware that Windows and Mac users find their built-in PPTP mechanism rather easier to set up, and we are therefore researching the possibility of providing an Informatics PPTP endpoint as an alternative to the central EUCS-run VPN gateway for these machines. Initial investigations suggest that this may now be somewhat easier to achieve than in the past, when kernel patches and firewalling issues proved problematic, though there are some serious security concerns which may ultimately rule PPTP out. Look out for progress reports in future newsletters!
Under Redhat 7, the recommended DICE dialup program was EzPPP
which was a heavily-modified GUI interface to the PPP dialup system.
Under Redhat 9, the GUI toolkit on which EzPPP was based became
obsolete, and we decided to replace it with alternative approach to
dialup connections that relies on more standard code (wvdial)
and integrates more closely with the configuration of other network
types, such as LAN and wireless.
A basic dialup connection can now be established simply by typing:
dial -v
hangup
The standard DICE "network scheme editor" nse, has been
extended to include information on dialup connections, so that dialup
details can be entered in the same way as details for any other type
of connection. Once the connection is established, all the associated
configuration changes are implemented in exactly the same way for all
networks types, providing a uniform interface.
If you want to store information about a particular dialup
configuration, or you want to explicitly specify values for certain
configuration parameters, then you can use nse to create a new
scheme. The dial command can be instructed to use that scheme, simply
by providing the scheme name on the command line:
dial -v <my-scheme>
Note that if you choose to store any passwords in the scheme, they will (currently) be stored as plaintext in you local scheme file. Important passwords should therefore be left blank in which case the dial command will prompt for them.
By the time of publication, full details the dialup process should be available in a new document which describes how to connect to different networks using all the various technologies.
EzPPP did contain a number of features which are not available under the new process, and we would like to know if any of these are still considered important.
When you login to a DICE machine you will automatically get an X.509 certificate which is then made available in Mozilla/Firefox through a browser plugin (part of our default environment). When you are using a non-DICE machine (WindowsXP or self-managed for example) and when you are using a machine outside of the Informatics infrastructure (a PC at home or at an Internet Cafe for example) you can still acquire an X.509 certificate by going through our Authentication Portal (where you enter your normal DICE account username and password). Most of our X.509 authenticated web services will bounce you to the Authentication Portal automatically if you do not have a valid X.509 certificate anyway.
We currently use KX509 to provide automated authentication for the following web services:
If you normally use a DICE machine you probably don't even notice the complex processes that happen in the background to allow you to use any of the above services without any further authentication step. Things are unfortunately not quite so smooth when going through the Authentication Portal. This is largely because the system is very browser/version sensitive, see the Authentication Portal User Guide for more detailed information on how to use the Authentication Portal (particularly from Internet Explorer).
Another aspect to be aware of when using the Authentication Portal is that the acquired X.509 certificate is held in the browser until it xpires. This is of most concern when accessing our services from an Internet Cafe for example, where, unless they do the right thing, it means that anyone using the machine after you will have access to your own identity (until the certificate expires). There is no real solution to this problem other than by making it as simple as possible to destroy your own certificate. In this situation you should at the moment use the browsers builtin certificate management tools to explicitly remove your X.509 certificate before leaving.
The University as a whole is moving to a single sign-on system called EASE which also uses Kerberos (via a mechanism called Cosign, which is like KX509 and is also developed at the University of Michigan). EASE is a cookie based authentication, which while not quite as secure as KX509 is considerably more browser portable. We are currently reviewing what the advantages and disadvantages of integrating our system with the University system would be.
Tim Colles
Authentication and Authorization Team
By far the best way of ensuring that your data is backed up regularly and reliably is to store it on one of the School's 6 main fileservers, either within your home directory or in other filespace allocated to you by the file services team. With very few exceptions, all user data on the school fileservers is incrementally backed up directly to tape daily and has a full backup to tape every 6 weeks or so. The incremental tapes are recycled every 6 months and the full tapes every year with the exception of the September tapes which are not recycled.
In addition to being backed up to tape, all user data is also mirrored to a machine on a remote site nightly. If your username is 'fred', you can find the mirror copy of your home directory in:
/yesterday/home/fred
on any DICE machine.
Things are slightly different for DTC students. Any DTC student who would like to access the mirror copy of their home directory should contact support for details.
It is appreciated that for reasons of efficiency and performance, some users may need to store information on the local disks of their DICE workstations, non-DICE desktop machines and laptops. This data is NOT BACKED UP and it is the responsibility of the user to make sure that this data is regularly copied back to their Informatics home directory for backing up.
Possible ways of doing this include rsync and scp
for Unix users and Samba for Windows and Mac users. Support can help
with any queries users may have regarding how to go about this.
In the special case of laptops which may be connected to the network extremely infrequently, we can use a program called Retrospect to directly backup Windows machines and Macs. It is possible that we may be able to extend this service to Linux based machines in the future.
For more details about how Retrospect backups work, see: http://www.inf.ed.ac.uk/systems/backups
It is perhaps worth pointing out that events of just over two years ago demonstrated that data archived to a writable CD or similar and then stored in the drawer of the desk the machine is sitting on may be of little use in the event of a catastrophe any greater than a disk failure.
Backing up research data may pose its own problems, due mainly to the large amounts of data which may be involved. At present most research data is backed up as part of the normal backups but this may change in the near future. Researchers who would like to discuss their backup needs are welcome to get in touch with myself.
Within Informatics, backups are mainly performed as part of the School's disaster recovery strategy rather than as an archiving service to the user. Although the backups team will make every effort to recover lost or misplaced data for users, the time consuming nature of this task coupled with other demands on our time means that it may take anything up to a week to recover lost data from backups.
Craig Strachan
Backups Team Leader
Possibly the most significant outcome of this feedback has been the demand for a secure filesystem technology that would permit self-managed machines to access the shared DICE filesystem. This is a difficult problem, both technically, and in terms of the implications that it may have for the way in which users interact with other aspects of the system. However, this has now been assigned a high priority, and more detailed proposals and plans should be available in early 2005.
It was also pointed out that "lightweight" DICE machines will actually involve more effort from the user, and should probably be called something different! Hence the new name: "DIY DICE".
The current plan is to offer a range of management options at the same time as the DICE upgrade to a new operating system, next summer:
/usr/contrib). Of course,
the responsibility for supporting the additional software and ensuring
that it remains compatible with DICE upgrades would remain with the user.
To contribute hints or tips to the next newsletter, please contact the docs-team@inf.ed.ac.uk.
right-click on the desktop, choose
"Run Command..."
enter "kicker" in the box
click "Run".
ldapsearch uid=LOGIN
Where you obviously replace LOGIN with the student's login.
A nice way to use this is with a function in your .brc:
function edwho ()
command ldapsearch uid=$1 2>&1|grep cn:
Now you can -
edwho LOGIN
It's useful for staff with non-standard logins too, e.g.:
mull[gsteel] edwho dr
cn: Dave Robertson
@reboot
- so that you can have a service started when your machine boots.
find . -name \*.class -exec rm -vi {} \;
R is a system for statistical analyses and graphics. It is an implementation of the S language (which forms the basis of the S-PLUS systems) that can can be run on the Unix, Windows and Mac operating systems. A rather wide variety of statistical and graphical techniques are provided (linear and nonlinear modelling, statistical tests, time series analysis, classification, clustering, ...).
The R project page: http://cran-r-project.org
A very short introduction: http://cbs.sportsline.com/collegebasketball/stats
A good document to get started: http://cran.r-project.org/doc/contrib/rdebuts_en.pdf
|
Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail: school-office@inf.ed.ac.uk Please contact our webadmin with any comments or corrections. Logging and Cookies Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh |
