All, it seems the Exchange mail server issues have still not been resolved. We are following up with CIS to get a status update and an estimation of when things should be back.
CIS tells us this issue has been resolved, however any tickets lost were lost permanently. So if you didn’t get any response, feel free to send a followup.
We’ve received reports of e-mails being sent to email@example.com, firstname.lastname@example.org, and email@example.com are not reaching the ticketing system. We’ve made CIS aware of the issue, and they are working on it. If you don’t get a response to your e-mail, you can try sending again, call the help desk at 630-252-6813, or use the self-service option with your Argonne account at http://help.anl.gov.
We’ll let you know more when we know more. There may be broader announcements from CIS on this as well.
Ever since IBM sold off its laptop line to Lenovo, I’ve been a little wary. Not paranoid wary, mind you, but as my role as a Cyber Security Program Representative (CSPR) at Argonne, I’ve been cautiously wary.
This wariness was not eased with each revelation of spyware installed on Lenovo laptops, including instances of it actually being installed in BIOS. I remained wary, but noted in each case the bad behavior was limited to the "consumer" line of laptops – the same lower-quality laptops they were making before the IBM PC/Laptop acquisition. I believed they would treat the Think line as sacrosanct, since it came with a customer base that was almost entirely business-based and one that was more sensitive to this type of behavior. I didn’t think they’d do anything to jeopardize that relationship.
Today, that changed. News came out of a Lenovo Thinkpad shipped with pre-installed spyware. This is a shame, since I’m still generally of the opinion that if you don’t get a Mac, the Thinkpad is the best laptop you can lay hands on.
Now this story (linked below), has a number of caveats, the main one being this was a refurbished unit. However, it indicates that a line Lenovo had previously seemed to be treating as sacred has been crossed. I don’t think, from a cyber security standpoint nor from a privacy standpoint, it’s a safe bet to trust the default software install on Lenovo laptops going forward.
Most users in CELS are running Macs, or are running Linux on their laptops. At this point (and I am carefully noting this is a personal recommendation from me and not yet a lab policy), if you wish to buy a Lenovo laptop, I strongly recommend replacing the default OS with a known safe build of either your own design or one supplied by us in Systems. If you’re going to install Linux on it, you’re probably just fine (though that’s by no means guaranteed to always be the case). If you want to run Windows, I’d recommend going with one of the Argonne-recommended laptops from Dell’s offerings. If you really want a Lenovo, and really want to run Windows, let us go over the machine before you take it on and make sure it’s running trusted software.
At some point, it wouldn’t surprise me if these spyware vectors changed and started to affect various Linux builds via BIOS infiltration methods, or possibly even hardware-level sniffing and capture methods. I don’t think it’s *likely*, but I wouldn’t be surprised.
Lenovo BIOS software installation: http://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/
Box is coming on site (date TBD) and are looking to have an open and frank discussion about document sharing and collaboration with linux users. They want to know how they can improve the product for linux users. They’re looking for 7-10 users from across the lab. If you have an opinion on this and are willing to give a couple of hours of your time, please let me know. We need to have the list finalized by next week. I was going to send this to firstname.lastname@example.org, but I wanted to cast a wide net so I’m using the general announcement list.
Also, if you have specific things you want to make sure are addressed, also let me know. Ideally, I’d want you in the room to be able to be your own advocate, but if you can’t be (or aren’t on the final list), I want to be sure the big opportunities for improvement are expressed.
Power work in the data center has taken a handful of compute nodes offline for a few hours. They should be back online early this afternoon. The affected machines are:
Sorry for the inconvenience. We didn’t believe these machines would be affected by the work, however we were incorrect.
For a list of alternative machines, see https://wiki.mcs.anl.gov/IT/index.php/General_MCS_Questions#computeservers.
The disk migration is finally finished. User home directories are now on their own partition, and the full disk problem has been rectified. There’s currently over 50GB available in user home directories on RDP for any files and programs that need local storage.
Thanks for your patience!
rdp.mcs.anl.gov is offline until further notice. The outage window is through 5PM, but I don’t expect it to take that long. I’ll post here when the work is done.
Unfortunately, the home directory migration was not yet successful, so we’re in the same boat we were in before the outage with space being very tight.
I’m going to take another crack at it on Sunday, which means from around noon to 5PM you can expect the machine to be unavailable. If anything changes, I’ll send a note to the blog and twitter feeds linked below. Thanks.