Project

General

Profile

GRIPES
( updated {{last_modified}} )

In Sep 2012, Rob Roser, head of the Scientific Computing Division,
asked the experiments/projects to summarize our problems with Fermilab computing,

These are to be general gripes, issues and policies that are not getting handled
through the usual channels of the Servicedesk and normal operations.

This is our chance to document those things that irritate us.
There is no guarantee that these things will be fixed,
but he wants to know what is going on.

I will seed the list with some things that I know about ( )

  • Mail forwarding from to can be very confusing for visitors.
    • finger and ldap are no longer supported, so it's hard to tell what is happening
    • requests to change forwarding have been rejected on the grounds that, by policy, mail cannot be forwarded
  • Kerberos and Services password policies seem inconsistent and arbitrary
    • Services passwords, considered less a risk than Kerberos, have to be changed twice as often, twice a year.
    • Changing passwords at all seems to be completely unnecessary,
      except that somebody thinks somebody in DOE would be offended if we did not do it.
  • University users generally favor SSH / GSSAPI authentication, and do not understand the need for kerberos.
  • The Grid Certificate system is difficult to deal with.
    Too many unexplained acronyms in documents, too hard to get them loaded in browsers, too hard to get registered.
  • Getting passwords reset from offsite is difficult, especially with timezone differences.
  • Printing from visiter's laptops (Windows/Mac/Linux) is a frequent problem. We could use better support and documentation.
  • It would be great to have a Cryptocard and SSH gateway system outside the Fermilab security domain
    • Users with croptocards or using ssh would log into the the gateway, then kinit, then ssh to Fermilab systems.
  • The Cisco VPN requires installation of propietary software on the remote client, and is limited to supported clients.
    Users would prefer more open choices.
  • We are unable to test remote connections to Fermilab when we are physically on site.
    • Fermilab support staff need access to a system that is truly outside the Fermilab security domain.
    • The guest WIFI access point goes partway there, but has issues.
  • The oft-repeated policy of not supporting Linux Desktops and Laptops seems to make no sense.
    • Desktops can get support by re-labeling them as Workstations.
    • Laptops are widely used, support is just decentralized and disjointed.
  • Connecting from Windows to Linux appears to be unsupported. That's just silly.
    • The are apparently free, easy to use, good ways of doing this, but no support from Fermilab.
    • As a result, an enormous amount of time is wasted on solutions that do not quite work.