Dispatches From The Geeks

News and Announcements from the MCS Systems Group

Brief rolling outages/reboots for security patching starting today (1/30/15)

Due to a serious security vulnerability, we’ve had to patch our Unix-based machines over the past few days. To complete the patching process, we need to reboot these machines. We’re going to a schedule of rolling reboots to ensure any issues that occur during reboots don’t take out too many services at once. We also believe we’ve mitigated the issue that caused the long outage for www.mcs.anl.gov earlier this week, and the current reboots should take much less time.

The schedule is as follows, with the machines being rebooted in a staggered fashion within the 30 minutes following the start time.

TODAY:
12:30PM: squall (Drupal server), typhoon (JLSE Atlassian Server), blizzard (collab – MCS Confluence Server), cyclone (xcollab, xjira – CELS external Confluence and Jira servers), login1 and login4 (SSH login servers)

2:00PM: login2 and login3 (SSH login servers), cvs.globus.org, variant (MCS SVN/Trac server), caveat (trac.mpich.org), repo.anl-external.org (External SVN repos)

More reboots will be announced as machines are identified and patched. Please let us know if this poses a particular problem for you.

Thanks!

Written by Craig Stacey

January 30, 2015 at 11:04 am

Posted in Uncategorized

MCS Webserver Outage

The web server is back online and serving traffic as of about 10:00. Again, sorry for the inconvenience. Please let us know if there are any issues you have after this update.

From: <Leggett>, Ti Leggett <leggett>
Date: Wednesday, January 28, 2015 at 8:55 AM
To: "cels-systems-announce" <cels-systems-announce>
Subject: MCS Webserver Outage

A very serious security vulnerability was disclosed yesterday and patches made available. In order to patch the web server that hosts the main MCS web site as well and personal web homes a reboot was required. Unfortunately the reboot is taking longer than anticipated, but the server should be up between 9:30 and 9:45. We’re sorry for any inconvenience this causes.

Written by Craig Stacey

January 28, 2015 at 10:50 am

Posted in Uncategorized

MCS Webserver Outage

A very serious security vulnerability was disclosed yesterday and patches made available. In order to patch the web server that hosts the main MCS web site as well and personal web homes a reboot was required. Unfortunately the reboot is taking longer than anticipated, but the server should be up between 9:30 and 9:45. We’re sorry for any inconvenience this causes.

Written by Craig Stacey

January 28, 2015 at 8:55 am

Posted in Uncategorized

CIS offering Web Application Developer Training, Jan 13.

Please see the below announcement from CIS. I encourage anyone who’s doing web application development to attend, or at least one person from each group engaged in that sort of activity.

As the systems administrators, we get notified whenever a web app on a system we’re responsible for has a detected vulnerability, and based on what we’ve encountered, I think there’d be some real benefit to picking up on some good coding practices (especially sanitizing input).

All,

WHAT ARE WE DOING?

The CSPO is sponsoring web application developer training for anyone interested. The training will go over threats to web applications and best coding practices to mitigate attacks.

WHEN WILL THIS OCCUR?

January 13th , 2015, 10:00am-2:00 p.m. Building 240 Rm. 1416

WHAT DO YOU NEED TO DO?

Forward this message to any developer that codes web applications and/or web service admins. Attend the training!

WHAT IS THE EFFECT ON YOU?

Hopefully you come out of the training with some action items to check the health of your web applications that are running in your inter/intra nets.

FOR MORE INFORMATION

Please contact the cyber office for any more details. More information will be sent specifically to the CSPRs who requested their web applications to be tested.

Written by Craig Stacey

January 7, 2015 at 11:05 am

Posted in Uncategorized

CIS Decommission of File Transfer Application

The “File Transfer Application” provided by CIS has been supplanted by Box as the preferred method of sharing large files with outside collaborators. The existing app will be decommissioned next week. See the below announcement.

Sent: Thursday, December 11, 2014 9:53 AM
Subject: Decommission of File Transfer Application

To IT Admins,

WHAT ARE WE DOING?

The file transfer application (http://inside.anl.gov/tools/applications/file-transfer-application) will be decommissioned. For sharing files, it is now recommended to use Box. Box is Argonne’s secure cloud-based file system that allows you to organize, share, and collaborate on files without the use of VPN.

WHEN WILL THIS OCCUR?

Thursday, December 18, 2014 at 5:00 p.m.

WHAT DO YOU NEED TO DO?

You do not need to take any action. This message is for your information only.

WHAT IS THE EFFECT ON YOU?

If you’ve previously uploaded files to the file transfer application, please see the Box FAQ for help on setting expiration dates on links to share a file.

FOR MORE INFORMATION

· Visit the Box Service page on Inside Argonne for FAQs and other information.

· Report problems or issues to the Argonne Service Desk at ext. 2-9999 option 2.

Justin Hurst

Argonne Service Desk

Written by Craig Stacey

December 11, 2014 at 9:59 am

Posted in Uncategorized

Blue Jeans video conferencing and Chrome under Mac OS (and Linux).

If you’re running the latest version of Chrome (and, really, you should always be running the most recent stable version of any browser for security reasons), you will have issues using Blue Jeans on either Mac OS X or Linux.

“Service Advisory: Mac customers upgraded to Chrome version 39 or above will not be able to download the browser plugin. You will need to use Firefox or Safari as a substitute. Our engineering team is working on a fix. For details, see: http://bluejeans.force.com/KnowledgeSearch/articles/Knowledge_Base/Browser-Plugin-will-not-work-on-certain-Chrome-versions-on-Linux-MAC/

As noted on the above page, Blue Jeans claim they will have the Mac problem licked by next week. No word on when the linux fix is coming.

In each case, you can work around it by using Firefox (linux/Mac) or Safari (Mac).

Written by Craig Stacey

November 20, 2014 at 9:42 am

Posted in Uncategorized

CELS Helpdesk closed Wednesday 11/19 through Friday 11/21.

Due to the installation of cubicles, walk-up service to the CELS help desk will be unavailable Wednesday through Friday. During this period, if you require assistance, please contact us via email (systems@mcs.anl.gov or help@cels.anl.gov) or via telephone (x6813). In a pinch, you can stop by room 2136.

Thanks!

Written by Craig Stacey

November 17, 2014 at 10:19 am

Posted in Uncategorized

Systems Announce Git, SVN, trac currently down

These services should be back online. The networking maintenance over the weekend resulted in a missed configuration on the routers and some hosts in 221 lost their routes. If you notice any other downed hosts, please let us know and we’ll get them taken care of.

From: <Leggett>, Ti Leggett <leggett>
Date: Monday, November 10, 2014 at 8:18 AM
To: "cels-systems-announce" <cels-systems-announce>
Subject: [Systems Announce] Git, SVN, trac currently down

The Git, SVN and trac services are currently down. We are working to get them fixed ASAP and will announce when all services are back and functional.

Written by Craig Stacey

November 10, 2014 at 9:36 am

Posted in Uncategorized

Git, SVN, trac currently down

The Git, SVN and trac services are currently down. We are working to get them fixed ASAP and will announce when all services are back and functional.

Written by Craig Stacey

November 10, 2014 at 8:18 am

Posted in Uncategorized

A series of announcements (Wifi changes, Maintenance Weekend, and summary of this weekend’s outage)

Rather than inundate you with mailings, I’m sending this omnibus note with pointers to blog postings outlining the issues. I’ll also note you can follow @mcssys on twitter or check the blog at https://mcssys.wordpress.com (or http://mcs.anl.gov/systems/blog) for updates as well.

First up, for a summary of the repo.anl-external.org outage, see http://wp.me/p3jwfN-77.

Next, a notice on wifi changes from CIS: http://wp.me/p3jwfN-79

The short version of the story is that next week, you will notice a change in the wireless network names used onsite. Specifically instead of the many options you currently see, there will primarily only be two: Argonne-auth and Argonne-guest. As with the current setup, connections to the “auth” network require authenticating with your Argonne credentials and gain you access to a trusted VPN network. Connections to the “guest” network requires no authentication, but does require filling out a web registration form which you will see on your first browser connection.

Finally, a notice on the upcoming maintenance weekend in CIS: http://wp.me/p3jwfN-7b.

This includes information about other maintenance activity. Although, short of voicemail and phones being unreliable Friday evening, and desktop networks being unavailable Saturday morning, you may not be affected by these.

Written by Craig Stacey

November 3, 2014 at 2:21 pm

Posted in Uncategorized

Follow

Get every new post delivered to your Inbox.

Join 49 other followers