Update Thursday 07:15 - all systems back to normal. whew.

Update Wednesday 11:00 - first rack back to normal. The picture shows how it looked during the remodeling.

Update Wednesday 07:00 - the most difficult part is over and the first rack is being retrofitted as we speak

All of D-PHYS's important servers (and services: mail, homes, SAN, web) reside in two water-cooled racks in HIT D 13. On Wednesday, August 20 those racks will have to be retrofitted by our colleagues of Informatikdienste since certain spare parts are no longer available. We have an elaborate plan how to externally power the servers while the racks are offline that schedules a 5-minute downtime that most of you won't even notice. However, there is a small chance that this external power supply does not work as expected which would lead to a longer interruption. Unfortunately we have no influence on the date, time and procedure of this modification and can only try our best to minimize potential consequences. So if something should go wrong next Wednesday, please don't panic, we'll be hard at work to fix it ASAP.
Thank you for your cooperation.

On Monday, May 5, there will be a scheduled power outage in the HPT building, between 13:00 and 22:00. This will also affect ISG's offices, but none of the servers. Our services will run as usual, but we'll have to move the helpdesk to a temporary location during the outage. So please be patient when calling and wait for your call to be redirected to our pager or write an email instead. We hope to be back to normal by Tuesday morning.

This post is meant to give you a short overview of what has been accomplished in D-PHYS IT by ISG this year. We've been hard at work to further improve and extend our services for you, our customers. Some highlights of 2013:

• New apprentice: As of August 14, Anastassios has started his apprenticeship with us and is already deeply involved in a complex PHP/Ajax/PostgreSQL project. Keep it up!
• Mailserver: This year saw a massive increase in spam and especially phishing attacks. They're getting more and more sophisticated and now include valid logos and even personal names. We were forced to tighten email policies and further fortify our mail server in order to battle those waves.
• Backup: For the data on our file servers we provide one month of nightly backups. Now our powerful backup system based on COW BTRFS snapshots allows us to extend this period to up to one year in exponential intervals for most file systems. Note that anything beyond 30 days is best-effort only and we might have to cut back again in single cases. A new web frontend shows the status of all backup runs.
• Windows server: Several Windows server installations have been moved to a new powerful virtualization server and the Active Directory setup has been improved.
• Printer portal: All information regarding our printers can now be found on one website. You might want to check there if you have issues with a particular printer or just to get an idea about printing volume.
• Portal for managed workstations: Our new Chic! frontend shows the software status of our managed Windows and Mac workstations and allows you to request additional software packages. This service will be officially announced in January 2014.
• GitLab: We run a GitLab instance to facilitate collaborative programming projects and sharing of code. Get in touch if you'd like to use it.
• System upgrades: 2013 brought another round of OS upgrades, also for our servers. We updated most servers silently and combined all critical systems into one migration on September 11 in order to minimize downtime for our users.
• Windows XP exile: As reported previously, Windows XP will be end-of-life in April 2014. Since there's still a substantial number of XP machines out there (most of which cannot be upgraded due to soft- or hardware constraints), we'll provide a locked-down exile network that will allow a limited and well-controlled survival of those machines under certain conditions. We'll post an announcement when the system is ready.
• IPv6: This year we laid the groundwork for the slow migration towards IPv6 connectivity in our networks. In particular, we got our monitoring system IPv6-ready and prepared a NFSv4 rollout. We'll keep you posted about our IPv6 progress.

Apart from these highlights, of course there have been numerous small projects and improvements to our setup, making both your and our life easier.
I would like to take this opportunity to thank my whole team for their hard and dedicated work all year long.

Happy Holidays and see you in 2014!

UPDATE Thu 12.09. 07:30 If you're trying to connect to a SMB share from an unmanaged Windows machine, you have to use "ad\USERNAME" instead of just "USERNAME" from now on.

UPDATE 21:15 apart from the IGP group shares (which will be back in a few hours) all systems are back to normal. Please let us know if you experience any problems.

In order to upgrade the operating system on several core infrastructure servers of the Department, we schedule a general maintenance downtime on

Wednesday September 11, starting at 17:00, lasting for several hours.

Most services will be affected and unavailable during that time, as they require an authentication with your D-PHYS account (email, file server, print server, managed workstations). Note that, even though you will not be able to check your emails or send new ones, all incoming mails will be received and safely delivered to your inbox afterwards.

Please make sure to save all open documents before 17:00 on that day.

Since we will also change the way file server mounts are authenticated, users who haven't updated their passwords in a very long time might not be able to mount their home directories or group shares after the migration. If you run into this problem on Thursday morning, please first change your password. If the issue persists, contact us.

We will post an update when things are back to normal.

In the wake of Prism and Tempora I guess this comes exactly at the right time:

In collaboration with our colleagues at Informatikdienste we are proud to open the beta test to a new ETH-wide cloud storage service: polybox.
If you've ever used dropbox et al., you've probably come to appreciate the convenience of seamlessly sharing data from one computer or even mobile device to another via a cloud storage service. Effortless though this might be, you always have to keep in mind that your data will live ''somewhere out there'' in the cloud, and as we've learned the hard way in the last few weeks, the audience looking at your data is often larger than we think.
With polybox, this is fundamentally different: your data never leaves ETH's servers unless you carry it away yourself. In contrast to basically all other cloud storage services out there, polybox is therefore suited for storing data you don't want everybody and their cousin to read.
The service is now open to beta testers and provides 5 GB of cloud storage to every ETH student and employee. You can access your data via web frontend or install the handy sync clients that come with it. Please note that the documentation still lists some open issues (last two links in German) in the beta version, so please be prepared to provide feedback if you encounter any errors.
Please also note that polybox uses your n.ethz account and not your physics account and hence has no relation to your data at D-PHYS.

On Monday, March 25, ISG will be on an all-day field trip to CERN. No mails, tickets or phone calls will be answered on that day. We'll catch up with your requests on Tuesday.

This post might help to clarify some questions related to the warranty conditions of new hardware. It is the result of internal inquiries we performed in reply to customer requests. Skip if you're not interested.

Switzerland, like other European countries, knows two forms of liability a vendor has to/can offer to clients of its hardware products: Gewährleistung and Garantie.

• Gewährleistung is mandated by law and covers basic liability if a piece of hardware fails. In Switzerland, Gewährleistung was just extended from 12 to 24 months on Jan 1st, 2013. This means that for the first two years, any defect whose cause was already present at the time of purchase has to be covered by the vendor. As you can probably guess, the part in italic can be the crucial one.
• Garantie is a voluntary service offered by most, but not all vendors. Its conditions can be pretty freely chosen by the vendor, unlike Gewährleistung where the terms are given by law. Garantie can cover a wider range of defects and it can also be a service you have to pay for.

Now how does this matter to you? Let's take a current real life example: you'd like to buy a new Apple MacBook Pro 13". Right now, you have a number of interesting options:

• Neptun: CHF 1305.-, 2 years of Gewährleistung (by law), 3 years of Apple Garantie (price of Apple Care included)
• Dataquest: CHF 1240.-, 2 years of Gewährleistung (by law), 2 years of Dataquest Garantie. Additionally, you can pay CHF 99.- for a third year of Dataquest Garantie.
• Apple EDU Store: CHF 1268.-, 2 years of Gewährleistung (by law), 1 year of Apple Garantie. Additionally, you can pay CHF 210.- for another 2 years of Apple Garantie. IDES offers the same to ETH employees for CHF 195.-

It's hard to tell if the conditions of the additional Garantie are really more accommodating than those of the mandatory Gewährleistung. Wear parts like the battery for example are typically covered by neither. Harddisks on the other hand (most common failing part in a laptop) should be covered by both. In the end the best option will also depend on your usage pattern and the expected life time of your device. Regardless of the type of warranty you have, you should always report any problem you'd like to get fixed as soon as possible.

Sources:
Apple warranty conditions
Computer World article

Apparently this time they mean it:

On Thursday, February 14, ETH facility services will conduct extensive power network tests in the HPT building, where ISG (and hence the helpdesk) is located. Power will be gone for ~ 2 hours starting around 13:30. During this time we will not be able to answer the helpdesk phone or work on your tickets. We'll post an update when power is back.

Update, 10:30h: We're already offline since in other floors of the building power has already been cut and caused a network outage on other floors.

For the last 4.5 years, our customers could choose from two webmail solutions: Roundcube and TWIG. With the introduction of Roundcube we announced the eventual removal of the old TWIG service which hasn't been updated in years and poses a serious risk in terms of security and spam distribution. Now the time has come to finally turn it off. All remaining TWIG users: please switch to Roundcube, TWIG will be disabled tomorrow, February 5, 2013.

Update: The upgrade to FM12 is completed.

Usually Filemaker upgrades are pretty seamless as newer clients can deal with older server versions. This time however the Filemaker company decided to implement major changes into their FM12 upgrade that require a new database format. This means that FM12 server can't talk to FM11 clients and vice versa. Hence we have to upgrade both server and client in one go.
This migration will take place on

Monday, February 11, starting at 17:00.

This upgrade will affect you if you either:
a) use remote databases from fm.phys.ethz.ch,
b) use one of our managed workstations on which the client will be upgraded, or
c) both.

Actually, case c) will be the easiest as after the migration things should just work again on FM12. In case of a) you'll have to make sure that you upgrade your local FM11 client before you can continue using our remote databases (see this howto). For b): if you're on a managed workstation, you'll find the new FM12 client on Tuesday morning. If you're working with local databases (not from fm.phys.ethz.ch), you'll have to upgrade those databases to the FM12 format. FM12 will do this for you automatically when you open FM11 databases for the first time.
The server migration itself will probably take one hour during which time the remote databases on fm.phys.ethz.ch will NOT be available. The clients will be installed during the night Monday -> Tuesday. If you need access on your managed workstation on Monday evening after ~18:00, please let us know so that we can upgrade the client on your machine earlier.