Announcing revamped mail hosting for student groups

We're excited to announce the launch of our new mail service for student groups!

The OCF has provided mail virtual hosting for many years, allowing student groups to create email addresses such as "{name}@mygroup.berkeley.edu" which forward to their primary email address.

With the new system, we're introducing a few new features:

• Easily edit addresses only. Previously, editing addresses meant modifying hidden .forward files over SSH. These files are no more!
  
  Instead, log in to our website and add, edit, and remove addresses from your web browser.
  
  
• Send or reply to mail. The old system only allowed you to receive mail. We now allow replying to that mail from your student group address (or composing new mail from it).

You can find out more about using the new system on our website.

What if my student group already had mail virtual hosting?

We've automatically migrated all of your existing forwarding addresses to the new system; there's nothing you need to do. In the future, you'll use the new web-based interface for modifying addresses instead of the .forward files.

Can I forward to multiple addresses?

Yup, each address can forward to as many other addresses as you'd like!

Can I have a catch-all address at my domain?

Yes, and the web interface will help you set this up.

How do I get mail virtual hosting for my group?

If you already have virtual hosting, then we can easily add mail service. If not, we can help you set up both a website and mail hosting.

For details on our web virtual hosting service, see here.

For details on adding mail virtual hosting, see here.

Power outage 7am-9am Sunday 9/25

All OCF services will be unavailable for a few hours this Sunday morning due to a scheduled power outage in the MLK Student Union. There will be no access to SSH and websites will be down for the duration.

We will be shutting down servers around 6:30am and hope to be back online by 9:30am.

UPDATE: Power was restored by 9:30am. All services should be back online as of 10:35am.

Taking applications for new work-study position

UPDATE: The application is closed! Thanks to all who applied!

The OCF is looking for someone to fulfill the role of OCF Operations Strategist, a new, hired position developed by OCF staff and the first known paid position in OCF history. The Operations Strategist will work closely with the OCF throughout the Fall 2016/Spring 2017 academic year to help guide the OCF as it undergoes the major transition of becoming a fully self-sustained organization starting next year.

For the last several years, the OCF has relied on the support of paid Publications and Media Center staff to open and close on time, provide security, and carry out day-to-day operational tasks when volunteer staff cannot attend the lab. This arrangement is coming to a close next year, however, and thus the OCF is currently fully committed to acquire funding and develop the strategies we need for the front desk to become 100% staffed by OCF hires when the time comes. This new position provided by the PMC will ensure a smooth transition.

The Operations Strategist will play a crucial part during the entire process, and so will need to be committed to the position for the entire academic year. Moreover, the Operations Strategist is not just a front desk job. While performing desk tasks will be a minor part of the Operations Strategist's role, the great majority of the 12-15 hour work week will be dedicated to projects vital to the OCF's transition. We are seeking someone with creative problem-solving skills who can work autonomously on solutions to problems we will face in hiring and managing our own team to staff the lab.

The link to the application is here: http://bit.ly/2deW0ry. Unfortunately, we are only considering applicants who have work-study funds to last the entire academic year.

Interviews are next week.

Ongoing lab closures due to understaffing

The OCF has already had to announce one reduction in our hours of operation this semester, and we're sorry to say that further closures on top of that will be the norm for the next several weeks. Anyone who has visited the lab or our website in the last two weeks has noticed that we are missing a couple hours on Thursday and Friday from what was previously announced, and that, for the first time in recent memory, we are closed all day every Saturday.

While we would like to say there was something we can do about this, it is unfortunately out of our control: the Publications and Media Center is responsible for providing the paid employees who man the front desk during all hours the lab is open. Unfortunately, the PMC has been operating with a reduced staff this semester and is still seeking to hire replacements. We must conclude that these additional closures will continue for a few more weeks at least.

The OCF is not happy about the state of things, but the hiring process takes time, and there is not any way for us to speed things up. In the meantime, please keep an eye on our hours page; as much as possible, if we can predict when we will be closed, we will update the hours on our website. Please also check our homepage, as we will make an announcement there as soon as possible in the event of an unexpected closure during the day.

Weak user passwords have been reset recently

We're always looking for ways to make sure our users' accounts remain secure. It's important to have strong passwords because OCF accounts aren't just used for lab access or printing, but also for web hosting and many other services. These services are accessible via the internet, which means anybody (including those with no relation to UC Berkeley) could try to guess the passwords.

Recently, we attempted to guess the passwords of our users in an attempt to find users with exceptionally weak passwords and have them upgrade to a stronger password. To do this, we used both lists of passwords from online password dumps (including passwords used by real people on other services), lists of the most common passwords, and other methods such as trying different variations of each character of a password.

This is the same thing an attacker would do to try to break into a user's account. It's important to keep in mind that we cannot read users' passwords. We store them in a non-reversible manner as password hashes. Passwords are hashed using a one-way function that can be computed at login and compared to the stored hash. At no time are OCF staff able to find out the passwords of our users, except in the way above (by trying hundreds of thousands of passwords until one matches).

The guessing method only works on the weakest of passwords; it also explains why the best way to make a password strong is to make it long, rather than trying to make it more complicated by adding numbers or special characters.

We have removed the passwords from the accounts we were able to guess passwords for. These users should either reset their password online (if they have a CalNet account linked to their OCF account, as most current and recent students do), or use the manual verification process otherwise.