MIT SIPB Script Services for Athena

MS Office XML and file types added to white list

June 8, 2011 at 11:24 pm by in

Our whitelist of file types served directly to the web has for a long time included .doc, .xls, and .ppt. With the advent of new XML-based Microsoft Office formats, and with the popularity of LibreOffice and, there have been requests for whitelisting these additional file types. As of yesterday, the new Office XML filetypes — .docx, .xlsx, .pptx, etc. — as well as ODF file types — .odt, .ods, .odp, etc. — will also be served directly to the web.

In addition to files you place in your locker, this also affects files uploaded to your website via the standard upload feature of apps such as MediaWiki and WordPress.

The full list of whitelisted extensions is posted in our FAQ.

* certificate signed by Equifax

June 5, 2009 at 2:20 am by in

We’re glad to let you know that we’ve purchased an SSL/HTTPS certificate for * domain names that’s signed by a well-known signatory, Equifax, instead of by the MIT Certificate Authority. This means that you can use HTTPS URLs for those domain names in any popular browser without having to download and trust the MIT CA in advance — great news for those of you running websites that target people outside the MIT community. MIT client certificates continue to work as normal.

We’ll also be installing an Equifax-signed certificate for soon, but we continue to encourage the use of * names instead of names for their improved security properties.

For those of you with * names, you can continue to use or request MIT-signed certificates as always, or you can have the secure parts of your site use a * URL or discuss other arrangements with us.

Java no longer broken on

June 5, 2009 at 1:10 am by in

Yesterday it was brought to our attention that our resource limits were preventing Java from working, because the JVM attempted to allocate more memory than our limits.

Because of problems in the past with Java instances using 2 GB or more memory causing out-of-memory conditions, we recently reimplemented a 1 GB per-process resource limit. However, the Java startup code’s attempt at allocating a “reasonable fraction” of the total physical memory on the server makes it attempt to grab about 1.05 GB. (This is a known issue in Java.) This amount might be reasonable for a server running nothing but Java, but is entirely too much for a shared host like So, we’re setting the JAVA_TOOL_OPTIONS=-Xmx128M environment variable to limit the maximum Java heap size, and Java should be working again.

If this isn’t enough for your application, you can create a .hotspotrc file in the same directory as your script or Java code, containing the option MaxHeapSize=256M (or possibly 512M; note that we’ve tested 768M and found it to be unstable), or you can pass -Xmx256M on your Java command line.

It looks like we don’t have very many Java users at all because this problem went unreported, but if you have any questions, as always, please let us know at

Problems with some scripts sites over the weekend

April 19, 2009 at 8:04 pm by in

Over the weekend we had some issues with content for virtual hosts/CNAMEs (* sites, only not * sites) that had not requested a SSL server certificate assigned to them. The issue mostly affected these sites when accessed over SSL on port 444.

First, for a couple of minutes on Friday night, I made a change to one of our web servers that accidentally caused requests to all such sites to receive the content for (the alphabetically first vhost with its own certificate). That change did not reach the other server, and the misdirection was fixed as soon as I realized my mistake.

However, this only fixed http and https, and did not take effect for port :444. This was corrected earlier today after one of our users reported it while testing a site that he had requested an SSL certificate for.

I sincerely apologize for any trouble this may have caused. Hopefully this did not affect many sites, because those intending to use SSL should have a certificate, and sites with certificates installed were not affected.

Subversion upgraded to version 1.5

March 3, 2009 at 2:37 am by in

Coincident with the svn locker and with Linerva, Subversion on has been upgraded to version 1.5. This is mostly of interest in case your scripts website is a SVN checkout; unless you’re using BDB (which doesn’t really work in AFS anyway), v1.4 and v1.5 can be used against the same repository.

We have not yet enabled GSSAPI authentication for our Subversion hosting service because it is not directly compatible with our virtual hosting security model, although we’re looking into how to make this work, and it is a planned feature.

PLT Scheme (mzscheme) command line changed

January 13, 2009 at 12:15 am by in

As part of a standard system upgrade, we upgraded PLT Scheme to a newer version that seems to have different command line options. In particular, if you were using the syntax

mzscheme -L lang

to enable the “Pretty Big” language, you now need to say

mzscheme -l lang/

(note the change from capital to lowercase L). In addition, to get a REPL, you’ll need to say -i with this option. Some other options have also been removed; run mzscheme —help to see what is available.

Cron issues (resolved)

August 21, 2008 at 11:35 pm by in

We’re aware of reports that some cron scripts are failing with “No such file or directory” errors in getcwd. We’re investigating the problem and trying to determine the cause, and we’ll post an update when it has been resolved.

There are also issues of files in AFS not appearing updated on scripts after being changed on other servers. We’re also looking into the issue. If you run into this, let us know at and we’ll see what we can do.

Updated (08/25): The problem has been resolved, and cron scripts should be working correctly. Working with the OpenAFS maintainers, we have identified this as a bug in OpenAFS and have reported it upstream.

Announcement: server upgrade and URL changes

August 19, 2008 at 12:31 am by in

We have just completed an upgrade to Fedora 9 from Fedora 7; this brings us in line with the latest feature, stability, and security upgrades to the software installed on the servers. Most software did transfer, but some was unavailable in the Fedora 9 repository.

For example, we do not have Python 2.4 installed because it is not in the Fedora repository, and we haven’t installed the compat-python24 package from a third-party repository since we believe it is not used (in favor of Python 2.5). If you would like us to install Python 2.4, or any packages that are not currently installed, please e-mail

We also recently announced a planned URL change from the form
The new URLs are cleaner and provide improved security isolation (cookies, etc.) between sites. Don’t worry; the old URLs will continue to work until the end of fall term, and even then we will redirect them to the new URLs.

More information is available in the full announcement .

We are planning an autoupgrade in the fall (well in advance of the cutoff) to provide support for the new URL style for sites from the autoinstallers.

© 2004-2020, the SIPB project.
These pages may be reused under either the GFDL 1.2 or CC-BY-SA 3.0.
Questions? Contact

You are currently connected to