As you know from earlier messages, there’s been an ongoing problem with Macintosh printing and most of our laser printers.  Some documents with embedded graphics lock up the printers completely and, in some cases, lock up the print queues on the server, too.

After much experimentation, we’ve finally come to some conclusions and are ready to move forward. Briefly, the main source of the problem is an incompatibility between OS X (beginning with 10.5) and the Postscript interpreter that HP printers use.  We’ve had occasional documents in the past that ran into problems, but now it happens quite frequently.

Unfortunately, the only scalable solution is to replace the printers - HP has no fix.  Working with ITS and the computer store, we’ve decided that Okidata laser printers are our best choice, going forward.

To try to make lemonade from this bad situation, we are planning to move toward COLOR laser printers that still allow monochrome pages at or below the same cost/page as traditional monochrome printers.  Then we will set up BOTH monochrome and color print queues to each printer so only print jobs that require color will incur the extra cost of color.

This is going to be an expensive and time-consuming problem to fix, so please bear with us.  Because the problem only affects Macintosh printing, we’re going to leave HP printers in place in Windows-only locations like Dell-filled computer classrooms (at least for now).  We’ll replace the printers in Macintosh classrooms and most of the shared (eg hallway) printers — about 14 printers total.  HP printers that are removed from service will be “recycled” internally, replacing older printers that don’t allow duplexing, for instance, and sent to other places on campus.  Existing non-HP (ie Okidata and Panasonic Workio) printers will also stay in place.

The large “Sabin-Reed 130″ color laser will also be replaced.  It is susceptible to the same Macintosh incompatibility and it needs serious refurbishing anyway.  The replacement will be a larger Okidata color printer that also supports 11 X 17 paper.

We’ll be creating new print queues and driver packages for all these printers as quickly as possible.  Expect much of the changes to occur over January break.

I’ll be contacting many department chairs individually about how to handle department-owned printers and some special circumstances.  If you have questions, concerns, or suggestions, let us know!  Send email to me directly or to cats@email.smith.edu.

Here’s a list of printers planned for replacement soon:
Macintosh Computer Classroom Printers -
Burton 209 and 301
Sabin-Reed 126
Bass B-2 and 102

Faculty/Staff/Research Shared Printers -
Sabin-Reed 130 (xerox room) color laser
Burton 2nd Hall
Burton 303
Sabin-Reed 126 (shared with classroom)
Sabin-Reed 2nd, 3rd, and 4th Hall
Bass 206 and 410
McConnell 209

1. It is somewhat slower to bring up the initial page
2. It will ask you to accept a “certificate” before you connect the first time (Tell it to accept “permanently”)
3. Your web browser will show that you have a “secure connection” (just like purchasing an item on Amazon.com)

What a secure connection (or SSL) means to you is that your connection is encrypted. This means your username and password are encrypted before leaving your computer and flying across the internet where any “bad guy” could be sniffing for them.

In the future, ONLY encrypted connections will be allowed to Groupwise Web, but right now, it’s your choice. Because we STRONGLY feel that passing your password in clear text is a VERY BAD IDEA, we are changing the link on the Science Center home page to go to the secure connection. It’s a minor inconvenience that could protect the security of everything you do on the internet.

If you’ve got questions, let us know!

FTP is a file transfer program that allows you to copy files between computers that support the protocol. In the Science Center, we currently have FTP working on “websci” (our webserver) and “science” (the Novell server that provides your H: drive).

FTP is an insecure service; it passes everything you type, including your username and password in cleartext over the internet. We’ve known this for years of course, but for various reasons could not quite justify shutting off the services. However today there are secure alternatives to FTP, so you can replace it without any problem. For that reason, beginning on June 1, 2007, we will disable all unencrypted/unsecured ftp services on websci and science.

How does this affect you? Probably many of you have never used FTP and can continue that! For those of you who do use it, here are your alternatives:

FTP on websci

If you currently use FUGU (on the Macintosh), you should be all set. Fugu uses only the Secure FTP protocol (SFTP). Another common Mac FTP client is Fetch. Fetch will use Secure FTP if directed.

If you now use WS_FTP on windows, you will need to quit using that and switch to a secure shell file transfer client. One is already located in your Start menu under “Programs/Internet/Secure Shell File Transfer.” The program is very similar to WS_FTP: you connect to the remote computer using your username and password, then you drag and drop files between the two windows. An very similar alternative is to use CoreFTP (see below under “FTP on science”).

If you use Macromedia Dreamweaver to edit your webpages, it already supports SFTP so you may need to do nothing, or simply edit your server configuration. CATS can help walk you through the steps if you need help.

If you use Macromedia Contribute, it also supports SFTP. Again we can help you with that if it’s not already setup correctly. Older versions of Contribute may not support SFTP; in that case we advise an upgrade.

FTP on science

The easiest method of moving files to/from Science is to skip FTP altogether and go to the science web page, click on Web Services (at the top) and read about NetStorage and NetDrive! Really, if you need to copy files to and from, say your home PC, and SCIENCE, you should use the above programs; they are much better (and more secure) than FTP.

If you must use FTP, we have enabled an SSL-encrypted FTP on Science, and have a free client called “coreFTP” available on the “software downloads” page on the science website. Instructions are on the webpage, but we are also available to help configure coreFTP. Note: coreFTP can also be used as an SFTP client with “websci”.

“The new subject prefixes [**spam**] and [**phish**] are being added by the McAfee virus protection appliances. The latest software update on these appliances incorporated a fee-free implementation of SpamKiller. Right now we have configured the McAfee appliances to merely add the spam scoring information to the headers and to prefix messages it identifies as spam. They are not taking any blocking action on messages based on spam content.

The MessageScreen anti-spam appliances are the next stop for messages. Several new rules have been added to look for SpamKiller scores and to take appropriate action. SpamKiller is much better at identifying image based spam for instance. However, MessageScreen will still honor user trusted sender lists and will deliver messages from trusted senders and domains no matter what the content. This explains why some messages arrive in your mailbox with the spam/phish prefixes.”

… this is not a technology based scam; this is a lack-of-awareness scam. If someone calls you, or leaves you a number to call them, that is not a good reason to give them your personal details about your credit card and bank account. Further, if your bank issued your credit card they certainly already know the security code on the back of the card. This would make a good awareness Tip of the Day:
If anyone ever contacts you about your credit card, thank them, hang up, and call the number on the back of your credit card.

- Stephen Northcutt
Pres., SANS Technology Institute
7/21/06