Yesterday (August 21), between about 13:42 and 21:25, the virus filter on our mail server flagged some legitimate mails as containing a virus. The reason was a bad signature in the virus database that came in via the automatic updates. This signature was automatically removed by a subsequent update.

Like all viruses these false positives were quarantined. Once we understood the problem we could reinject them back into the regular processing of mails. If you were affected by this, you should receive the mails shortly.

We apologize for the inconvenience.

Last night the regular daily software update on the managed Ubuntu workstations removed the network-manager package. This left most of the workstations unusable. We are working to restore the network connectivity.

We apologize for the inconvenience.

As some of you may have noticed there are a lot of viruses these days that arrive by e-mail and that slip through the virus filters. The current pattern involves ZIP attachments that contain executable code (EXE) inside it. The mail pretends to come from DHL, UPS, FedEx, or Xerox. We expect other fake senders like airline or hotel reservation systems to follow. We also expect to see infected PDF or MS office attachments.

The current viruses appear long before their signatures make it into the lists of the major anti-virus (AV) software. By the time the signature appears in the official lists the virus wave is usually already over. Be aware that no AV software can protect you reliably form viruses. All the AV software can do is keep the old known viruses at bay.

We are currently working hard to find such viruses and we keep our internal list of unofficial signatures. Once we recognize a new virus we clean them out of the user inboxes and move them to the SpamBox. However, we cannot garantee that we find all viruses.

Please be vigilant and do not trust attachments. ZIP and EXE are almost always bad. PDF are often OK but sometimes bad. Mail senders can be faked so make sure that you really expect an attachment from the sender.

Sunday Aug 21, 2011 around 2:30-2:40 pm the ETH Hönggerberg campus experienced a power outage. For some buildings (and/or power lines) the interruption was short and led to reboots of the affected computers. The HCI building remains without power as of this writing (4:20 pm). The server room at HIT D 13 seems not to have been affected by the power loss.

Some of our IT services are affected among them one of our DHCP servers and some of our backup servers. We will have to wait until power is restored in HCI to restart the affected services.

We apologize for the inconvenience.

Update 5:15 pm power is restored in HCI since about 4:30 pm.

For reasons still unknown our home directory server fulen stopped serving any files via NFS at about 5:20 pm. This stopped most active Linux logins. In order to restore functionality we had to reboot the file server. As of 5:35 pm fulen is again functioning.

Unfortunately, due to the necessary reboot we cannot fully assess the reason for the incident. It follows a history of poor performance that we have been investigating intensly for the last couple of weeks. We are still trying to find the ultimate cause.

We apologise for the inconvenience.

The current wave of password phishing mails seems to provoke an unusually high attention rate.  People seem to think that mail allegedly coming from help@ethz.ch may be genuine.  The german text itself is so bad that its spammy character is obvious to long time mail users.

Remember: any part of a mail can be faked. This is in the design of the mail system and cannot be fixed without making mail usage a lot harder for everybody.  And even if we used a better system (like cryptographic signatures) the rest of the world would not follow.

Therefore, be sceptic about any mail until the complete impression including the writing style fits the picture.  No IT support worth their salt will ask you to reveal your password.  And if they do they deserve to be ignored!

The Informatikdienste of ETH will change their AFS policy by March 31 of this year. AFS functionality will be provided through a dataless AFS cell at ETH.
If you still require an AFS account which is connected to storage you need to act now and arrange an agreement for your use or move your data to some other place. Please consider the following points:

1. data on the ETH AFS server: This service will only be available under a contract with the Informatikdienste as a paid service. We recommend moving your data away from AFS if possible. NAS services (SMB/CIFS, NFS) are available from the Informatikdienste or the Department of Physics. Please ask the ISG D-PHYS if you need help or advice.
2. an AFS identity as user coming from the ETH: If you own data on other AFS servers around the world that are tied to your AFS identity from ETH you may want to keep your ETH AFS identity or transfer ownership to some other AFS identity. This service will be provided by Informatikdienste as a general service free of charge but only upon request. If you need this please let us (isg@phys.ethz.ch and tilo.steiger@id.ethz.ch) know.
3. access of AFS servers as an anonymous user: This service will continue for the foreseeable future without further action required from your side at this time.

Without a reaction from your side we assume that you don't need an AFS account anymore and you will become an anonymous user to AFS.

Note: you can use an AFS identity from another cell if you have one. You don't need an ETH AFS identity for that. E.g., to use your CERN AFS identity on the Linux workstations use klog -cell cern.ch

Further reading: Wer braucht noch AFS??? by Tilo Steiger at the ID-Blog