Thursday, April 10, 2014

CVE-2014-0160 ("Heartbleed") openssl vulnerability update

On Monday, an extremely serious bug in openssl was announced. The bug affected all recent versions of openssl, including the version in use on all OCF servers.

Every OCF server was patched against the bug within an hour of Debian releasing a fix. However, because the bug was present in openssl for multiple years, there is no guarantee that private keys or other sensitive information (like user passwords) were not leaked.

As a precaution, we have revoked all SSL certificates in use by OCF (~9 of them), discarded old private keys, and installed new certs and keys in their place.

Some estimates suggest that over 66% of all HTTPS websites were vulnerable to this bug, and it is known that many high-profile sites were. We encourage you to update your OCF password, as well as your passwords on every website you use.

Daily printing limit raised

The weekday printing limit has been raised from 10 pages/day to 15 pages/day for the remainder of the semester.

Monday, April 07, 2014

System reboot scheduled for Tuesday night

Out of an abundance of caution, we will be rebooting all OCF systems Tuesday night after 11pm in response to CVE 2014-0160. Expected downtime is less than 15 minutes.

Wednesday, March 19, 2014

Network issues

OCF has been experiencing network connectivity issues intermittently since Monday night. The problems appear to be due to a faulty switch generating noise on the campus end. We have been moved to a different switch temporarily while they replace the bad one. We should be moved back later today.

As of 10:18am, everything is operating as normal, and our access to the outside network seems to be fully functioning.

Monday, March 17, 2014

Network inaccessible

As of 7:59pm, OCF has lost connectivity to the campus network. OCF services will not be accessible. We are investigating the cause.

Update 8:27pm:  Connectivity restored. The cause is not known but appears to be a temporarily disconnected link or switch on the campus end.

Friday, March 14, 2014

File server maintenance

File server maintenance will take place Friday and Saturday night between about 10pm and 3am. Most OCF services will be affected.

Friday, March 07, 2014

Kernel upgrades and file server maintenance

All OCF servers will be restarted late Friday night (03/07) to apply kernel security updates. File server maintenance will take place early Saturday morning, and some services may experience extended downtime. All services should be restored by 3am Saturday.

Update: All servers have been restarted. File server maintenance has been postponed to late Saturday night/early Sunday morning. Downtime is expected some time between about 11pm-3am.

Wednesday, November 20, 2013

Email service changes

In an effort to increase the quality of our offered services, the Board of Directors is phasing out email services. Over the next few months, a two-phase plan will give our members time to retrieve their data and transition to alternatives.

Note: Email virtual hosts for groups are not affected by Phase 2.

Phase 1: Forward-only


Effective Sunday, October 20

OCF currently supports a few ways to read mail received by username@ocf.berkeley.edu:
  1. Forwarding to another email address
  2. IMAP, POP (e.g., Thunderbird, Apple Mail)
  3. Web-based email interface (webmail)
  4. Command-line clients (e.g., mutt)
On October 20, OCF email service will become forward-only. OCF will no longer support the storage and access of mail on OCF servers (2-4).

If you do not already use forwarding, create a .forward file in your home directory (~/.forward) containing the email address to forward to. Otherwise an attempt will be made to use the email address from CalNet (if publicly listed) or provided when the account was originally requested.

After this date, email that is stored on OCF servers (including files in /var/mail, ~/Mail, ~/mail) will be deleted. If you need assistance migrating your stored email to another service, please visit staff hours.

Note: No email was deleted.

Phase 2: Email service discontinued


Effective date TBA

At a future date (yet to be determined), email service will become internal. We will cease to support email sent from a username@ocf.berkeley.edu email address to an address from another domain (e.g., recepient@example.com). Similarly, we will reject mail from other domains sent to recepient@ocf.berkeley.edu.

There are two relevant exceptions to this policy:
  • Groups with email virtual hosts (@group.berkeley.edu) will not be affected
  • Forwarding of email sent from within the OCF

We arrived at this decision after much debate and deliberation. We found that the vast majority of current students forward their OCF email and do not send emails from this address. In addition, we face a significant spam email problem requiring constant policing of email sent and received on our mail server. Accordingly, we decided to focus our volunteer efforts on different services.

We welcome feedback in person during our weekly meetings on Thursdays at 8pm in the California Conference Room (across the lab).