	Welcome Page DEIMOS/LRIS Slitmask Submission

Welcome to the unsecure portal page for the UCO web pages, including the DEIMOS/LRIS slitmask submission pages.

Users from authorized sites can proceed directly to the
secure login page.

Most sites which do astronomical research with UCO/Lick and Keck Observatory have already been authorized to use the above link.
New users can try using the above link to see if their site is already authorized.
If the above link does not work then it will be necessary to read the following sections.

Access to the link above is restricted in order to protect the integrity of the slitmask manufacturing process at Keck Observatory.
Users from sites not currently authorized will not be able to access the secure login page.

Configuration of the UCO/Lick web server

Actions that we may have to take before our web server lets you see the slitmask interface

If access is desired from host(s) within an academic or organizational domain which has PTR entries in DNS ( reverse DNS lookup; i.e., given the IP address it is possible to find the domain name) then please provide the domain name.
Otherwise, if the host has a fully-qualified hostname in DNS (an A record) then send that.
Otherwise, if the host has a static IP address then send that along with an explanation of why you believe it is not served by DNS and why you believe it is static.
Otherwise, if the HTTP access is through a proxy (or proxies) then please send the IP address (or range thereof) used to proxy the traffic.

We are unlikely to authorize access from a machine which can only be identified by a dynamic IP address (such as is assigned by DHCP) or via PTR records which map to a domain name that might belong to any one of the customers of a commercial internet service provider. For such cases we point out that it is often possible to configure the browser to use a SOCKS proxy (such as the one implemented by the "-D" switch of OpenSSH) or some kind of VPN to tunnel the HTTPS traffic through a host that is inside your academic or organizational domain.

Please do not send any IP addresses of the form 10.x.y.z or 192.168.x.y, for these are private network addresses which are only valid for hosts hidden behind some kind of router using NAT (see RFC 1918).

Also note that we cannot support access via IPv6. If your network is IPv6 and the NAT64 is done locally with a known IPv4 address then we may be able to admit that. If your network is IPv6 and the NAT64 is done by a commercial ISP then we will not admit that.

For reference, your IP address currently appears to be 18.118.2.15
However, if your site employs a web proxy then the address above will not be used for the HTTPS access to the secure pages.

For questions about your local network configuration please consult with your local system or network administrators.

Having all this in mind, to request authorization please send e-mail to Slitmask Admin <slitmasks@ucolick.org> and include the relevant information about your site.

Configuration of your web browser

Actions that you may have to take before your browser lets you see the TAC interface

Since the advent of Firefox 3, most modern browsers may warn users that they do not recognize the SSL certificate which enables secure communications with the UCO/Lick webserver.

The words in the warning from Firefox 3 have included "invalid", but this is a distortion which simply means that UCO/Lick has not purchased an SSL certificate from an authority which has paid the Firefox crew not to put up that warning. Other modern browsers use different scary-looking text to warn users that UCO/Lick has not paid them not to put up the warning.

This is not the place for a deconstruction of the SSL Certificate Authority mechanisms which are used to secure the communications between web servers and web browsers. Suffice it to say that the SSL certificate used on the UCO/Lick webservers will ensure that the communications are encrypted. Security beyond that is usually only of concern for espionage and financial transactions. (For further reading see the story of DigiNotar.)

As indicated by Firefox, such users can proceed by informing their Firefox that the UCO/Lick SSL certificate is acceptable, for which they have used the word "exception". Other browsers use different language for the way in which they allow the UCO/Lick SSL certificate to be used. Some recent versions of Microsoft browsers simply report "Internet Explorer cannot display the webpage." with no other explanation.

It may be that your browser uses a proxy (or will have to use a proxy) to route HTTP traffic with the UCO/Lick web server. Configuration of any proxy used by your browser is your responsibility. See the discussion above for more on access via proxy.

Slitmask manufacture, storage, and configuration for observations

Keck Observatory performs all physical handling of slitmasks

We direct observers to the web pages at Keck Observatory for the operational particulars of the instruments DEIMOS and LRIS.

Observer access to the database of slitmasks is via the UCO/Lick web server, but please also see the Keck web page on using the slitmask database.

Please report any problems with the slitmask web pages to Slitmask Admin <slitmasks@ucolick.org> .