Start of change of default domain on Linux systems

The department is moving from the ‘AD’ domain to the ‘DC’ domain. Linux systems use the DNS to decide which the default should be if none is given. We shall be moving certyain test hosts over to DC in the vulnereable period on Tues 20th Feb, and depending how things go, at later vulnereable or non-vulnerable periods.

Use ‘klist’ to see what your Default principal is. You can force kinit to use a particular domain, e.g. ‘kinit pb22@AD.CL.CAM.AC.UK‘.

Please reporet any problems to sys-admin.

Posted in Local IT systems | Tagged , , , | Comments Off

Server Room Cooling Failure

Overnight between the 27th and 28th of February the building cooling failed. This was due to the pipes on the roof freezing due to very low temperatures. Emergency actions was taken at in the middle of the night to shut down enough machines to prevent a total outage of core services. The cooler has now been inspected and declared beyond repair. This is because it had no anti-freeze in the circuit.

We now have some temporary coolers installed and are monitoring their efficiency. However, please contact sys-admin before turning on additional servers.

Posted in Local IT systems | Comments Off

New Remote Desktop Service

The previous remote access Windows machines ts01 and ts02 have now been retired. In their place is a newer version running on Windows Server 2016. The local unix command cl-rdesktop has been updated to point to this service. To login you must authenticate against the DC domain either by quoting your identifier as DC\crsid or as just crsid. Windows or MacOS users should connect to to access the new servers.

Posted in Local IT systems | Comments Off

Problem with new VPN certificate corrected

Some people using the VPN service at may have been experiencing difficulties since the server certficate was updated on 2018-02-13. We issued a warning applicable to Windows users, but we forgot to point out that some Linux and Android clients require a local copy of the server certificate to verify.

Even if you worked this out for yourself, the problem was compounded by the UIS forgetting to update the downloadable copy of the certificate, so even if you refreshed it, it would not have helped. This oversight has now been corrected.

If you are running a VPN client which needs a local copy of the server certificate for, please download a new copy using the link on the page:

and install it in the same way as you originally did.

If your VPN connections are currently working, there is no need to do anything.

Posted in Local IT systems | Comments Off

SE18 due to be cleared by 1 June 2018

The deadline for moving equipment out of SE18 has been set to the 1st June 2018. The removal of the air-conditioning has been arranged to start them.

Anyone with any equipment remaining in that room will need to ensure that it is relocated ahead of that date.

Posted in Local IT systems | Comments Off

ely reboot in vulnerable period 28th Feb

This reboot is necessary to complete the installation of some security updates. Apologies for missing the reboot on the earlier advertised date.

Posted in Local IT systems | Comments Off

Bjarne Stroustrup named recipient of the 2018 IEEE-CS Computer Pioneer Award

Bjarne Stroustrup has been selected to receive the IEEE Computer Society’s 2018 Computer Pioneer Award.

The award is given for significant contributions to early concepts and developments in the electronic computer field, which have clearly advanced the state-of-the-art in computing. Bjarne is being recognized “for bringing object-oriented programming and generic programming to the mainstream with his design and implementation of the C++ programming language.”

Bjarne, a graduate of the University of Cambridge Department of Computer Science and Technology, is an Honorary Fellow of Churchill College, Cambridge.

Posted in Awards and honours, Frontpage | Comments Off

CL VPN certificate replacement

The SSL certificate used to authenticate the CL-specific instance of the UIS VPN service at is scheduled for routine replacement on Tuesday 13th February at about 08:00. The purpose of this certificate is to give the VPN client the assurance that it is communicating securely with the correct service.

The change ought to be entirely transparent, but on this occasion there is a known issue which may affect Windows users. The replacement certificate is signed by a different certificate authority from the previous one. Owing to the way that Microsoft manage certificate trust, a VPN connection may fail if the machine has not previously connected to a web site which uses the same CA.

If you encounter this problem, or wish to pre-empt it, the simplest workaround is to visit using Internet Explorer, Microsoft Edge, or Google Chrome. (Firefox will not work for this). Simply visiting the site will have the side effect of updating the trusted root store which will allow the VPN connection to work.


Posted in Local IT systems | Comments Off

Bjarne Stroustrup to receive 2018 Charles Stark Draper Prize

The National Academy of Engineering has announced that Bjarne Stroustrup will receive the 2018 Charles Start Draper Prize for Engineering.

The prize has been awarded ‘for conceptualizing and developing the C++ programming language’.

The $500,000 annual award is given to engineers whose accomplishments have significantly benefited society.

Bjarne, a graduate of the University of Cambridge Department of Computer Science and Technology, is an Honorary Fellow of Churchill College, Cambridge.

Posted in Awards and honours, Frontpage | Comments Off

Filer software update Tuesday 9th Jan 2018

The next scheduled vulnerable period (2018-01-09 0700-1000) will be used to perform a software update on the NetApp filers elmer and eldo. Elmer is the main filer directly visible to users and eldo provides the backing store for virtual machines.

This is a fairly minor update intended to get the filers running the best supported version for our hardware. This software version has been running on the backup filer for several months.

The upgrade process exploits the redundancy inherent in the hardware to minimise disruption. There are two identical controllers, and while one is upgrading the other can continue to service clients on its behalf using the redundant paths to the shared pool of discs. Nevertheless there will be some disruption: Windows and Mac clients using CIFS are likely to be disconnected at least twice during the process, and there will be some short periods during which the NFS service does not respond, as the service is handed over from one controller to the other.

As with every filer outage, however short, there is a risk of consequential disruption to other services. In particular it is possible that Xen-based virtual machines will need to be rebooted afterwards if their virtual discs go into “read only” state. If this consequential disruption does happen, it may extend later into the day as the problem is not always immediately apparent.

People may like to know that at the time of writing, these filers have been running without interruption for 1113 days and have serviced about half a trillion NFS requests.

Posted in Local IT systems | Tagged , | Comments Off