Campus computing resources

Training

A variety of campus organizations are available to help with research computing and the broader topic of data science.

  • D-Lab provides services, support, and training in data-intensive social science research.
  • The Berkeley Institute for Data Science hosts talks and workshops designed to advance scientific discovery through collaboration across research domains.
  • The local Python community sponsors events and maintains a list of useful links for learning Python.
  • The Department of Statistics provides a free consulting service to members of the campus community.

About CalNet passphrases and access keys

Your CalNet identity is used to authenticate and authorize your use of many campus web applications and services--notably, bMail's webmail interface. Normally you provide your CalNet identity and passphrase in a web portal when accessing these services. However, some applications and services cannot capture access through a web portal, and these require an access key instead of the usual CalNet passphrase. Such services include AirBears2/Eduroam and bMail when accessed through a mail client (Thunderbird, or the Mail client on a mobile device). Go to bConnected to manage your access key if you use one of these services.

Data Security

A few suggestions on how to keep your data secure.

Passphrases:

  • Diceware is a good way to generate secure passwords that are relatively easy to remember. A six- or seven-word passphrase is plenty for securing encrypted files. Skip the discussion on that page if you want and go directly to the steps outlined in the 'Using Diceware' section.
  • An easy way to generate truly random dice throws is with the Australian National University Quantum Random Number Generator. Choose Live Numbers > Fun Stuffs > Dice Throw. For five dice throws you would select 5 sets of numbers, 6 numbers in each set, minimum 1, maximum 6, *with* replacements.
  • It is usually better to write down a strong passphrase and keep it in a physically secure location than to use a weak passphrase.

Encrypting files

Q. Why encrypt?

A. It's the only way to secure any sensitive data stored on your computer. Your user password offers essentially no protection if someone gets physical access to your computer—if it's lost or stolen, for instance. Also, you need encryption to protect your data when sending over an unsecure network (the Internet) or when putting your data in the hands of a third party, like an online backup service or dropbox.

Q. What to encrypt?

A. Any Restricted Data or anything else you regard as sensitive.

Q. How to encrypt?

A. Truecrypt (a very good solution, not the only one)

  • Truecrypt is a cross-platform, open source program for creating mountable encryption containers where you can store files containing sensitive data.
  • Recommended way to use truecrypt:
    • In truecrypt preferences, *unselect* 'Preserve modification timestamp of file containers' setting. If you don't change this setting from the truecrypt default, your backup software might not automatically back up your container when the contents change.
    • Keep your encrypted containers in a single location (e.g. Documents\encrypted). Doing this makes it easy to make sure your encrypted containers will be backed up by your backup software.
    • When creating an encrypted container, accept default values, which are good enough. (Create an encrypted file container; Standard TrueCrypt volume; Encryption Algorithm AES; Hash Algorithm RIPEMD-160; Filesystem FAT.)
    • Use a strong passphrase!
    • When mounting an encrypted container, unselect 'Never save history' (optional).
    • Unmount encrypted filesystem whenever the data is not in use.
    • Unmount encrypted filesystem whenever you are not in physical control of your computer. You can relax this restriction if you set your computer to automatically require your (strong) password when waking up from sleep or returning from the screensaver.
    • When backing up your computer, back up the encrypted containers, not the unencrypted mount.
  • What these recommendations do:
    • Keep your data secure from unauthorized access if someone has physical access to your machine or otherwise gets a copy of your encrypted container.
  • What these recommendations don't do:
    • Hide the fact that you have senstive data.
    • Hide the fact that you have made changes to senstive data files.
    • Protect unencrypted copies of your sensitive data that the operating system or applications might make when you are working with files containing sensitive data. These temporary copies may exist in volatile memory or on disk.
    • Encrypt your entire home folder.
    • Encrypt your email.
    • Encrypt your web browsing.
  • Pros:
    • You can securely share files with most colleagues, regardless of their platform, using standard tools like email, sftp, dropbox, etc. All you have to do is put the files in an encrypted container and send the container.
    • Encrypted containers can be securely backed up to third-party services.
    • Easy to identify encrypted vs. unencrypted files—the containers in Documents\encrypted vs. everything else.
  • Cons:
    • Risk of loss of access to your data if you forget the passphrase.
    • Large encrypted containers (several GB or more) can be cumbersome to transfer or back up.