Installation Guide for BC401_2012 Notes: You must have Administrator privileges on your computer.

1. Install Firefox 3.6.8 included on the CD in the folder BC401. Yes this is an old version but it works well with Chime.
2. Install MDLChime26SP7 located in the BC401/BC401_2012/Software (PC)/Chime_2.6 Folder. Allow this to install for Internet Explorer.
3. Go to C:\Program Files\Internet Explorer\Plugins and copy the npchime.dll file to C:\Program Files\Mozilla Firefox\plugins
4. Bring up Mozilla Firefox that you installed in step (1).
5. On the Mozilla Firefox menu bar; Select Tools->Add-Ons. An Add-Ons window will pop-up.

Verify that you see the MDL Chime 2.6 listed under the Add-ons.

Now you can update Mozilla Firefox to the latest version 14.0.1 located in the BC401 folder by double clicking on the file “Firefox Setup 14.0.1”. Verify that the npchime.dll file still exists in the C:\Program Files\Mozilla Firefox\plugins folder after installation of 14.0.1.

To view files on the CD; Double click on the Mozilla Firefox icon and the File->Open and select the file from the BC401_2012 folder then either 3D_Models folder or the Amino_Acids_Drill folder.

Dr. Hansen will inform you of the files you should be looking at in relation to his lecture material.

We have just released a new version of the CNSIT Pangea connection App for Windows.  This applies to the Hadron instance of Pangea which means only Biochemistry and Chemistry are affected.  When you next launch the Windows Pangea Connection App, you will see a notice letting you know an update is available.  Please be sure to click ‘OK’ to update to the newest version.

This update contains fixes for off campus update checking, and off campus location detection, as well as prepares Pangea for the IPV6 world.  All hard IP references have been replaced with Fully Qualified Domain Names (FQDN).  This should work fine as long as DNS is configured properly on the client computer.

With the release of Mac OS X Lion, Apple made the decision to hide the user Library folder.  This decision was based on their need to protect the user from accidentally deleting important files needed by various programs as well as the operating system itself.  It became even more necessary for most users with the widespread use of the OS X App Store.  However, I have found that some users still need access to this directory from the Finder, and am pleased to post the following fix.  This is taken from the TUAW article cited at the bottom.

1. In the Finder, select the Go menu from the menu bar at the top of your screen. You’ll notice a list of folders across your system such as Desktop, Downloads, Home, etc.
2. While the Go menu is displayed, hold down the option key on your keyboard. Like magic, the Library folder will appear between the Home and Computer folders. Click on it to open a Finder window displaying all of the files inside your Library folder.

Adapted from http://www.tuaw.com/2011/08/25/mac-101-easily-show-the-library-folder-in-lion/

However, there are others that would prefer to have this folder reappear more universally.  This involves using a Terminal command window (Applications->Utilities->Terminal.app).  All you need to do is to paste the following into the Terminal window, change the text for [username] to your username directory (of course) and hit enter.  That should do it!

chflags nohidden /Users/[username]/Library/

A New Pangea?

That’s right!  CNSIT South has purchased a new server to act as the Pangea head machine.  This new server boasts additional memory, CPU capacity, redundant power supplies, and bonded network adapters.  With any new hardware upgrade, we are also looking at how we can improve the service and simplifying administrative functions.

Below you will find some of the big changes in store for those using Pangea.  We do not currently have an estimated migration date, but will be sure to communicate this when we know more.  The migration will most likely include a period of downtime where Pangea data will be unavailable.  Also, to keep your mind at ease, all data will of course remain intact – those sources are remaining as they are, and will simply connect to a new Pangea head server.

Server Merge

Pangea Two is being implemented on new server hardware.  This new hardware will provide service to both existing Pangea instances currently in production; the Biology instance, and the BMB/Chemistry instance.   This single Pangea instance will now allow Biology members, and BMB/Chemistry members to collaborate together!

Share Structure

Pangea shares are now divided, physically, into 3 categories, and are represented by 3 separate share points.

Home Share – This has a volume name which is the same as your CSU eID that you used to log in to Pangea.

Pangea Groups – This is now the location of all affiliate groups you are a member of.  These do not include web groups.

Pangea Web – This is now the location of all affiliate web groups that you are a member of.  As before, these groups are associated with a web URL of some kind.

Pangea Connection App

As a result of the Share Structure changes, the connection apps have been updated to take into account the possibility of more than one mount point.  This primarily affects the Windows app, although the Mac App also received some backend improvements.

Macintosh App – This app will now list the three mount spaces in the new Share Structure, and you can choose which to mount locally.  All other operations remain the same.

Windows App – The Windows App is now programmed to detect multiple local mount points.  Primarily in an effort to make it easy for a new user to un-mount drives that are not their own (accidentally left mounted by a previous user).  Mapping, however, is not the default access method any more.  The new App takes advantage of the Windows Explorer to display the shares and content without mapping the drive.  A user can always choose to map the drive locally from within this Explorer Windows (right click – Map Network Drive), but this is not required.  This should be particularly useful for lab environments, where many people use the same computers throughout the day, and often forget to log out.

Other Stuff

Beyond the many changes that make administering Pangea much simpler, there are also a few that will affect end users.

Fixes

No more symlinks – This new setup and Share Structure will no longer use symbolic links to establish group membership.  Access to groups is provided solely by membership on the domain controller, and can no longer be accidentally revoked through link deletion.

No more error 86 – There is no longer a need to make changes to newer Windows OSs in order to authenticate properly.  This fix also enhances the security of the authentication process.

Coming Soon

Quota Check Web Page – Shortly after Pangea Two goes live, a quota check page will be made available through the CNSIT-TOOLS page located at https://cnsit.natsci.colostate.edu/tools.  This will allow you to check on the usage for all groups you are a member of, at your convenience.

Pangea Access Request Form – To simplify the “back and forth” that often occurs when a new personnel is granted access to Pangea, an easy to use web form will be implemented on the CNSIT-TOOLS page located at https://cnsit.natsci.colostate.edu/tools.  This page will allow a requestor to include all needed information to hasten the creation of any user’s Pangea access.

Improved Online Documentation – We will also be generating improved documentation for end-users.  These How-To style tutorials will provide Pangea users plenty of information on how best to take advantage of Pangea.

Rootkit Viruses are stealthy viruses that can cause great damage to your operating system and even to your hardware if they are in the “firmware rootkit” class. Several classes of rootkit viruses exist: persistent, memory-based, user-mode, kernel-mode and firmware driven. Installation of these rootkit viruses are automated and can evade many anti-virus programs. Removal of these viruses can be difficult, especially if they are the kernel-mode or firmware driven versions.

The latest rootkit virus that seems to be causing much damage and is spreading at a medium rate is the Rootkit.Sirefef.Gen.

There is a rootkit scan tool called RootkitRevealer v1.71 from microsoft support.

There is also a rootkit remover tool from the bitdefender website available.

Most of us are aware of this by now, but I received the following, very well written explanation of the problem and steps to take at this point.  As before, when I get these, and feel they should be given a wider audience, I will repost for the CNSIT community.

“As everyone is probably painfully aware, Java has some major problems right now… and Oracle hasn’t been overly convincing in providing a fix, despite releasing a patch over the weekend. The Department of Homeland Security has reiterated its recommendation to uninstall/disable Java, but we rely heavily on Java for a few critical applications and we can’t just shut it down. So what I can do is outline the issues, give an overview of the CSU use cases, and make our best recommendation. Alas, there’s not a clean, elegant way to solve this that both enables and protects our mission-critical applications.

Java version numbering can be a bit confusing, so here’s a quick primer:

• “Java 7” is a shorthand notation for the Java Standard Edition numbered 1.7.x, where the ‘x’ is the update number. The other naming scheme that tends to be used looks like Java 7ux (for example, Java 7u11). The problematic update that contained the most recent critical security vulnerability was 1.7.10, or Java 7u10. The patch released to fix that problem is 7u11, and is the most recent version that a web download or auto-updater should install.
• “Java 6” is the similar naming scheme for the previous major release; the most recent patch of that line is 6u38. It’s not perfect from a security point of view, and it lacks some of the functionality introduced in the Java 7 line, but it has continued to receive updates and it does seem to be immune from the particular vulnerability introduced last week. It’s also the required version for our central Oracle apps (read on…). That update can be accessed on Oracle’s Java 6 download site: http://www.java.com/en/download/manual_v6.jsp

The major applications/suites on campus that use Java: (there are others in use, but these are the big three)

• Oracle HR and the other Oracle apps reachable via CAP (includes Timecard Approval). Doesn’t support Java 7, so some version of Java 6 is required. Appears to work well under the most recent version of this line (6u38).
• RamCT Blackboard. Several features (including chat and file uploads) require Java. Has been tested to work well under both Java 6 and Java 7. RamCT Blackboard doesn’t work well if more than one version of Java is installed, so if one computer does both Blackboard and Timecard Approval, then Java 6u38 should be used.
• Junos Pulse VPN (aka Juniper SSL gateway, secure.colostate.edu). For Windows and IE, Java is not a requirement, as all advanced functions can be performed with ActiveX controls (though with no Java at all, there will be a few error messages to click through when initially installing some of the controls). For other combinations (Windows + Firefox, Windows + Chrome, and all combinations on Mac and Linux), Java is required to do more than the basic HTML redirect… so RDP, SSH, Network Connect, Secure Meeting (now Pulse Collaboration), and Secure Application Manager… these all require Java of some sort. Getting them to work under Java 6 can be problematic, so heavy users will probably want to use the latest version of Java 7.

So here are the possible stances:

1)      I don’t use any of those applications; I’ll just remove Java from my system. Safe from harm, though other sites may stop working correctly.

2)      I just use RamCT Blackboard: Java 7u11 with auto-update enabled OR Java 6u38 with auto-update disabled (either should work).

3)      I just use central administrative apps: Java 6u38 with auto-update disabled.

4)      I use both RamCT Blackboard AND central administrative apps: Java 6u38 with auto-update disabled.

5)      I don’t use Blackboard/CAP, but use the SSL gateway on Windows with IE: may be able to get by without any Java at all.

6)      I use the SSL gateway with some other combination of OS/browser: should probably have Java 7u11.

One important note, no matter which you choose: many applications (including both Blackboard and the SSL gateway) get cranky if there’s more than one version of Java installed, so it can’t be as simple as just installing both versions. Alas…

Of course, we’ll keep an eye on what Oracle does with Java, both from a security point of view and for its ability to interface with our central administrative applications. If we find a simple fix, you’ll be the first to know about it!”

The new software for the LAS 500 is now located on pangea in the bmbequipment/IQTL folder. The department has a 5 user floating license that is installed on the BMBTYPHOON computer. This means that 5 licenses or 25 windows can be used at once. If that is exceeded the user will get an access denied message and you will have to try again later. Please remember when you are using this software to quit the program when you are finished. If you fail to do so, you are using a license and preventing someone else from accessing the software and doing their work.

The software is a zipped file. Please copy this folder to your desktop, then double click on the folder. Do NOT double click on the folder within the pangea space. Once you have double clicked on the folder – you will see an IQTL Installation folder.

Go into the IQTL Installation folder and double click on setup.

You will see:

Click OK.

Next you will see:

Choose “I agree” and then click “Install”

You will see the following after .Net installs:

Click OK.

Then you will see:

Choose Install ImageQuantTL

Then you will see:

Click Next

Accept the License Agreement. Click Next.

Click Next. If this fails you might not have enough disk space on your C: drive.

Click Install.

If everything went correctly – when it is done installing you should see this message.

We have just released the Pangea connection app version 2.5.0.4 for the CNSIT Pangea instance.  This instance is for the Departments of Biochemistry and Chemistry.  This does not affect the connection app for the Department of Biology Pangea instance.  This only affects the Windows connection app as well, not the Macintosh connection app.

This update adds support for the increased volume size one of the new storage arrays, so that the app will recognize it as a Pangea source.  Older versions of the connection app will automatically prompt for this upgrade to be installed, and should be as soon as possible.

As you have probably heard, ACNS is updating the eID password Policy, starting April 1st.  This change will not affect everyone at once, but beginning in April, all new password reset messages you conduct will require the following rules to be applied:

1. Passwords must be between 15 and 30 characters long.
2. Passwords must include at least one letter.
3. There’s no requirement to use upper-case or special characters (though they can be chosen, other than those in #4).
4. The same list of special characters NOT to choose based on some back-end Oracle applications is still with us; now it’s enforced across the board, for consistency and ease of support. Note that this includes a prohibition against blank spaces. (Banned Characters: @ $ & ” ( ) ‘ ; = # * blank_space < > , )
5. Certain password choices are not allowed, and will be prevented by the password change tool:
   • The user’s eName, real first name and real last name cannot be used as part of the password.
   • Single 15+ character words are not allowed (this is called a “dictionary check”).
   • Password history will be retained and checked: the user must choose a different password at each change.
   • Some weak choices and easily guessed phrases are also being blocked (including sequential strings like ‘abcdefgh’, movie/book titles, CSU fight song lyrics, and passwords used as examples on the web site and in presentations that have been given as part of this policy transition).
6. With this new list of requirements, the refresh rate moves from 6 months to 1 year. So any password created after April 1st will be good for a year from the date of the change.

Here are some of the concepts that drove ACNS in the decision-making for the new policy:

1. Our current password scheme is simply too weak, given the advances in attacks.
2. In choosing a stronger password, we want to avoid unnecessary complication and ease usage wherever possible.
3. Expanded use of mobile devices has made traditional “strong” passwords, which rely on excessive complexity and obfuscation, increasingly difficult to use (particularly on phones that require multiple screens to access all the special characters).
4. Difficulty of guessing, difficulty of remembering, and difficulty of typing a password are separate concepts.
   • Our current scheme asks users to select passwords that can be difficult to remember and type, but are easy for computers to guess.
   • Our goal is to create passwords that are easy for humans to remember and type, but hard for computers to guess.
5. So here’s how longer, simpler passwords address those three concepts (guessing, remembering, and typing):
   • Longer strings of lower-case letters, even when arranged into a sequence of real words, can provide better defense against guessing than short, complex character strings. Expressed differently: length is much more important than complexity.
   • A string of common words can be more easily memorized than a string of nonsense characters or special-character substitutions. Each word can be remembered as a “chunk”, requiring only a few word-sized chunks rather than a much longer series of individual special characters or substitutions.
   • A sequence of real words in all lower-case letters is easier to type than special characters that require Shift or Alt on a normal keyboard or additional entry screens on mobile devices.

    

And, finally, here is some much needed comic relief: http://xkcd.com/936

We have just released the Pangea connection app version 2.5.0.5 for the CNSIT Pangea instance.  This instance is for the Departments of Biochemistry and Chemistry.  This does not affect the connection app for the Department of Biology Pangea instance.  This only affects the Windows connection app as well, not the Macintosh connection app.

This update adds support for the increased volume size one of the new storage arrays, so that the app will recognize it as a Pangea source.  Older versions of the connection app will automatically prompt for this upgrade to be installed, and should be as soon as possible.

Microsoft Office 2013 Professional Plus 2013 is now available for CNSIT South departmental computers.

Here is a good collection from Microsoft about what is new with Office 2013: http://office.microsoft.com/en-us/support/whats-new-in-office-2013-HA102830213.aspx

CNSIT South will be using this version as the new default build option on all new computers.  Existing machines may opt in to the upgrade by requesting access to the install media via a CNSIT support ticket at the following URL: https://cnsit.natsci.colostate.edu/help

We have just released the Pangea connection app version 2.2.0.12 for the Biology Pangea instance.  This instance is for the Department of Biology only.  This does not affect the connection app for the Departments of Biochmeisty or Chemistry (CNSIT) Pangea instance.  This only affects the Windows connection app as well, not the Macintosh connection app.

This update fixes several bugs, most notably one involving on campus detection in newer devices.  Older versions of the connection app will automatically prompt for this upgrade to be installed, and should be as soon as possible.

As of May 20th (the start of the Summer 2013 semester), the Chemistry B201 Computer lab will be relocated to Yates 412.  We will begin moving the computer hardware on the 20th, so it may be a few days before the lab is at full operation in terms of capacity.  Yates 412 will adopt the same swipe card access as B201 did, meaning that all Chemistry affiliated students will have access 24 hours a day.

Oh, and Yates 412 has WINDOWS (the kind you can look out of, not the Operating System).

We have just released the Pangea connection app version 2.2.0.13 for the Biology Pangea instance.  This instance is for the Department of Biology only.  This does not affect the connection app for the Departments of Biochmeisty or Chemistry (CNSIT) Pangea instance.  This only affects the Windows connection app as well, not the Macintosh connection app.

This update contains several text updates and bug fixes, as well as the behavior of the app when the client is detected as being off campus.  The app will still allow the client to attempt a connection, warning that it will most likely fail.  Older versions of the connection app will automatically prompt for this upgrade to be installed, and should be as soon as possible.

We have just released the Pangea connection app version 2.5.0.6 for the CNSIT Pangea instance.  This instance is for the Departments of Biochemistry and Chemistry.  This does not affect the connection app for the Department of Biology Pangea instance.  This only affects the Windows connection app as well, not the Macintosh connection app.

This update contains several text updates and bug fixes, as well as the behavior of the app when the client is detected as being off campus.  The app will still allow the client to attempt a connection, warning that it will most likely fail.  Older versions of the connection app will automatically prompt for this upgrade to be installed, and should be as soon as possible.

New Departmental Color Printer in MRB210

We have a new HP Color Laserjet CP4525dn printer located in MRB 210. To add this printer to your computer, please follow these instructions:

•  Make sure you can access the new printer driver location in by clicking here.
• Click on the link that describes your operating system.
• Look under “Driver” and Use the “HP Color Laserjet Enterprise CP4025/CP4525 PCL6 Driver with HP Driver Installation Utility”

To install the printer, follow these instructions dependent upon your operating system.

Windows 7 / Vista

1. First, click on the ‘Devices and Printers item that appears in your Start Button.
2. Click the ‘Add a printer’ button
3. On the new dialog window that appears, select the second option for ‘Add a Network, wireless or Bluetooth printer’
4. Your computer will now attempt to scan for printers on the network.  Instead of waiting for that, click on the item at the bottom for ‘The printer that I want isn’t listed’
5. On this new screen, select the third radio button option for ‘Add a printer using a TCP/IP address or hostname’
6. Enter the following in on the next screen:
7. Device type: Set this to ‘TCP/IP Device’
   Hostname or IP address: Enter the IP Address 129.82.125.209
   Port name: This will fill in automatically – you do not have to change this
   Keep the checkbox for ‘Query the printer and automatically select the driver to use’ selected.
8. The install Wizard will most like find the find the appropriate driver automatically. It will ask you for a printer name, put in whatever makes sense to you. If it asks for the make and model – select the link above and use the download utility .

Windows XP

1. Open Printers and Faxes

2. Under Printer Tasks, click Add a printer to open the Add Printer Wizard, and then click Next.

3. Click Local printer or stand-alone network printer, clear the Automatically detect and install my Plug and Play printer check box, and then click Next.

4. Click Create a new port, and then click Standard TCP/IP Port.

5. Click Next to run the Add Standard TCP/IP Printer Port Wizard, click Next again.

6. Enter the IP address 129.82.125.209.

7. The install Wizard will most like find the find the appropriate driver automatically. It will ask you for a printer name, put in whatever makes sense to you. If it asks for the make and model – select the link above and use the download utility .

Mac

1. Open System Preferences and select the Print & Scan (may be Print & Fax for older versions of Mac OS X) item.

2. Click the + sign and you will see the Printer Browser open.

3. Select the ‘IP’ tab/button at the top.

4. Fill in the new form as described below:

Protocol: HP Jetdirect -Socket
Address: 129.82.125.209
Queue: Leave this blank
Name: MRB210CO
Location: Enter the building and room number where this printer lives
Print Using: Select the company that makes your printer, then select the model number of your printer. If you do not see an exact match, select something that is similar enough – drivers are often universal between similar models.  Mac OS X Lion will attempt to select this automatically, and 95% of the time you can use what it preselects.

5. Now click the Add button.

6. Select the appropriate Installable Options. If you are unsure, leave this as it is and click Continue.

7. Now, open up a web browser and print a test page such as http://www.google.com to make sure the printer is set up properly.

One of the hidden tricks with CNSIT Pangea is its ability to allow a user to serve files via their personal space to the world through a web server.  This is handled via the “public_html” folder located in the root of  your personal Pangea space.  Don’t be surprised if you do not see this folder as it is not enabled for an account on default.  To request personal web space to be enabled, simply let CNSIT know by filling out a support ticket at the following URL: https://cnsit.natsci.colostate.edu/help.  CNSIT will then create the folder, and link it up properly so that it is served to the world.

Once you have your public_html folder, anything you place in there will be available to the world at the following URL, depending on your home department:

Biochemistry: http://sites.bmb.colostate.edu/eName
Biology: http://sites.biology.colostate.edu/eName
Chemistry: http://sites.chem.colostate.edu/eName

(eName is your CSU eName of course).

This space is useful not only for serving a personal web site, but also allows for the possibility of sharing large files with users off campus as the following article describes: http://wp.natsci.colostate.edu/cnsit/use-pangea-to-share-large-files-with-people-outside-of-csu

Enjoy!

WIFI and mobile device users may have started noticing a new SSID being broadcast within the CNSIT South buildings lately.  That is, the csu-net5 network.  ACNS sent us out a good explanation of what this is, and perhaps is something you should try out!

FROM ACNS

All areas of campus should now have at least 3 wireless networks available – “csu”, “csu-net”, and “csu-net5”. The last, “csu-net5”, is restricted to the 5GHz channels that are less subject to interference from microwave ovens, cordless phones, Bluetooth, etc. The setup for this wireless lan is identical to the setup for “csu-net”. The signal level may be somewhat lower than the 2.4GHz “csu-net” equivalent but due to less interference and utilization it should give superior performance in most cases. Please encourage your users and helpdesk staff to test connections to this new network. If a device doesn’t display “csu-net5” it means the device doesn’t have a 5GHz radio or see the channel in that area.

Also, as a reminder, the “csu” wireless network should not be used by anyone with an eID. This network is only for guest wireless users and does have bandwidth restrictions in place by design. Removing old and unused networks from the wireless profile list is good security practice and improves the wireless network for all users since the wireless adapter will send broadcasts looking for those networks.

For users of newer Macintosh computers running Mac OS X 10.8 and newer (Mountain Lion and Mavericks at the time of posting) you may need to address the following error when attempting to run the Pangea connection App.

Basically, you should know that the Pangea App is safe, and you can use it – but you will need to use a keyboard shortcut to do so.  Instead of just double clicking the App icon to launch it, you should Ctrl+click or right click on the app and select Open from the contextual menu.  Pangea will open and you should be able to use it normally from now on.

There are also ways to globally make this change, as illustrated from the following source.  Be warned though, this new security is there for a reason.

http://www.imore.com/how-open-apps-unidentified-developer-os-x-mountain-lion

With yesterday’s announcement and release of the newest Mac OS X, 10.9 aka Mavericks – I discovered that the existing Pangea connection App did not function properly.  I have fixed and posted the updated App bundles for both the Biology Pangea instance, and the CNSIT (Biochemistry and Chemistry) instance.  These new versions are backwards compatible as far as I have tested, so if you are reading this you should be set to update regardless of Mac OS X version.

Biology Pangea Instance

Mavericks Support Version 1.02 – http://www.biology.colostate.edu/pangea

CNSIT (Biochemistry and Chemistry) Instance

Mavericks Supported Version 1.1.2 – http://wp.natsci.colostate.edu/cnsit/pangea