Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security

Handling Campus AUP (non-)Violations? 134

Posted by Cliff from the there-was-a-time-when-colleges-were-for-learning dept.
speby asks: "I am a CS student at Northern Illinois University and I recently compiled a working peer-to-peer file web-based file indexing system. I refused to sign their agreement that says I violated their Acceptable Use Policy because I sincerely believe I did not violate them. My system scans a large portion of my school's network hosts looking for openly accessible, anonymous Windows File Shares, and bandwidth usage is minimal. The AUP does not mention scans and I did not 'break' or 'crack' security in any way. I agreed to shut the service down for a period of time until I can figure something else out. I do not agree with their stance on this issue and I believe I have a right to design, implement, and make available such a service. I certainly did not see anything in their terms of service that would disallow such a system. Do these other universities that allow this kind of system care? Why can this system not exist here?" I have no problem with a student being told to shut down a homebrew service if they find it offensive, but I do have a problem with them treating said students like criminals, even when they do comply with their wishes. What should students do, when they are bullied by their colleges into signing violations that are more stringent than the situation merits?

"I was contacted by the IT department after a few weeks of its public running. I did not actively promote the system. It works in ways similar to the file search engines like the ones at Iowa State University and Georgia Technical Institute. In terms of programming, this idea is so trivial anyone could do it with the help of some simple scripting and a lightweight database."
This discussion has been archived. No new comments can be posted.

Handling Campus AUP (non-)Violations? More

Handling Campus AUP (non-)Violations?

Comments Filter:

  • excessive data storage or network bandwidth (Score:5, Informative)

    by mhesseltine ( 541806 ) on Wednesday October 09, 2002 @08:27PM (#4420774) Homepage Journal

    That's about the only thing in the AUP that I could see them having a problem with. Perhaps you want to show the ISU and GA search engines to them as an example of what's going on. Also, you might implement a bandwidth throttle. My 2 cents.

    • That would be the "Georgia Institute of Technology," otherwise known as Georgia Tech.

    • Excessive data storage shouldn't be a problem; this is an SMB lan where everyone has there own computers and storage, not one user taking up all of the scratch space on NIUVAX or the university UNIX box.

      Further, about the network bandwidth: what is the difference between his program doing this, and sitting up all night surfing the LAN? Before the WWW took off, my floormates and myself spent many a late night running through fellow student's computers looking for pron, .wav's, text files... anything interesting. File sizes were seldom the more than half a megabyte, but it was also on thinnet coax, and I'm sure bandwidth was much less than even 10mb/s.

  • Welcome to the real world... (Score:5, Insightful)

    by Otter ( 3800 ) on Wednesday October 09, 2002 @08:28PM (#4420779) Journal
    Sorry, but this isn't the sort of thing admins like, and it's not the sort of thing you can get away with. Just because you have read access to something doesn't mean you ought to be using it and certainly doesn't mean you'll be looked upon favorably if you write a tool to do it on a large scale.

    I don't know enough about how much trouble you're facing or what options you have, but you've violated Acceptable use of NIU information technology resources is based on common sense, common decency, and civility applied to the networked computing environment. and probably All authorized users have the right to expect reasonable privacy with regard to all computer files and e-mail.

    More importantly...

    I do not agree with their stance on this issue and I believe I have a right to design, implement, and make available such a service.

    OK, now this is where you're being a dumbass. There are going to be plenty of idiots here telling you to keep sticking it to The Man. If you're smart, you'll do what Kevin Mitnick and Randal Schwartz wouldn't -- stop when you've been told to stop.

    • Re:Welcome to the real world... (Score:4, Insightful)

      by rtaylor ( 70602 ) on Wednesday October 09, 2002 @08:45PM (#4420858) Homepage
      Unsure where you are, but if you leave your blinds open you can expect to have zero privacy. Neighbours and others are well within their right to watch and record anything you do within your home.

      If you close your blinds, you can expect privacy. This is law enforcement authorities require a warrant for microwave or infrared monitoring, but standard video cameras don't. The general public can't see what you would be doing, so under general circumstances neither than the authorities.

      Now.. If you leave your computer open with full read access, I'd say you forgot to shut the blinds and can expect the privacy that goes along with it. Reading your email at a public terminal certainly doesn't grant you rights to privacy. You've used absolutly no precautionary rights.

      Bandwidth and sales (or general broadcasting) of such material may have cases, but the fact you were allowed to read the data means you're allowed to read the data.

      In summary, don't read those all important and secret corporate financial reports on a crowded subway. Those are you have the right to read them as well, regardless of whether you consider it rude to read over anothers shoulder.

      • Re:Welcome to the real world... (Score:4, Insightful)

        by Otter ( 3800 ) on Wednesday October 09, 2002 @09:23PM (#4421047) Journal
        Oh, yeah. I forgot to tell him to ignore all the people who are going to be coming up with analogies about open blinds and unlocked doors and assuring him that he's fine.

        You and MrResistor are perfect examples of the advice I'm warning him against. Of course I understand why he doesn't think he did anything wrong. And I'm not arguing the right or wrong of it, although it's not clear to me if his "web-based" system involved redistributing those files publically, which I would say is wrong. But, anyway, I'm not arguing the right or wrong of it but rather explaining to him that he's going to get in trouble for it. Life isn't a programming contest, and cleverness doesn't carry the day. He can either follow the accepted norms of behavior on his network, or he can keep courting trouble, get bounced out of school and have the consolation of knowing that you said he's in the right.

        Go look in your neighbors windows and see how your justifications go over with them.

        (*Woohoo, my 700th post!*)

        • Actually, the blinds example isn't that bad, but his advise was way off. Just because someone leaves the blinds open doesn't give you a right to look in. If your walking down the street, and look into a house, there's nothing wrong, but the open blinds don't allow you to walk up the the window and watch until you see something 'interesting' your breaking the law.
      • Unsure where you are, but if you leave your blinds open you can expect to have zero privacy.

        I think a more appropriate analogy would be of trespassing. Privacy is a complex and cloudy issue, but criminal trespass is well defined.

        The protection of law on this issue is not conditional; in other words, you don't have to secure your home in order for unauthorized entry into it to be illegal. If your door is unlocked and I wander in off the street, I can be arrested and charged with the crime of criminal trespass.

        If I then take something from your home, I can be charged with burglary, which is the crime of unlawful entry with the intent of committing a felony or theft. All this, even though the door was unlocked the whole time.

        If there were a legal question here-- which there isn't-- I think the argument that a person's computer is comparable to his home is a compelling one. If you don't put a password on it, shame on you. But whether there is one or not, it's still against the rules to log in without authorization.
        • By allowing a user to login w/out a password, the server has authorized the client to use its services. Further more, I would argue that by responding to connection requests, the servers have authorized the client to connect and attempt further authentication. Ater all, it is fairly trivial with most recent operating systems (OS X, many flavors of unix, windows 2000, and windows xp) to firewall ports to remove access from groups of ips that are 'unauthorized' to connect.

          I understand what you're saying, but I still think that that if the university or individuals have a problem with the search engine, they should focus on educating windows users on the basics of filesharing, and secure passwords.

          For instance, if everybody set a secure password for their administrator accounts (on NT based systems), and made sure to share everything with a password, then his search engine wouldn't do any damage.
          • By allowing a user to login w/out a password, the server has authorized the client to use its services.

            That's exactly like saying that by leaving my back door unlocked, I've authorized the psycho down the block to come in to my house. It just doesn't hold water to me.

            Further more, I would argue that by responding to connection requests, the servers have authorized the client to connect and attempt further authentication.

            Ye-es... I would agree that the fact that I have a door means people are welcome to knock... to the extent that they don't make a nuisance of themselves. I'll buy this one.

            After all, it is fairly trivial with most recent operating systems to firewall ports to remove access from groups of IPs that are 'unauthorized" to connect.

            I think your definition of "fairly trivial" could use some revising. Yes, it's trivial to me and to you, but it's not at all trivial to the sociology major two dorms over who bought her computer to write her senior thesis.

            Besides, I have to go back to my analogy. Just because it's trivial to lock your door doesn't mean that the law requires it before offering you protection from illegal trespass.

            For instance, if everybody set a secure password for their administrator accounts (on NT based systems), and made sure to share everything with a password, then his search engine wouldn't do any damage.

            You're assuming that the school's only justification for prohibiting the kid's activity is the potential for damage. That doesn't necessarily have to be the case. If we were talking about a truly public network, then an argument based around the potential for harm (or the absence thereof) might make sense. But this is a private network. The school can revoke a student's access for any reason at all, with or without due process. So I don't think saying that the software wouldn't do any harm really makes a difference to anybody in this situation.
            • By allowing a user to login w/out a password, the server has authorized the client to use its services.

              That's exactly like saying that by leaving my back door unlocked, I've authorized the psycho down the block to come in to my house. It just doesn't hold water to me.

              I think the idea is that it's more like leaving your door open with an automated system set up that invites anyone who knocks to come in.

              I'm not sure I agree with it, but it's an interesting point which deserves some thought.

              • Re:Welcome to the real world... (Score:4, Insightful)

                by walt-sjc ( 145127 ) on Thursday October 10, 2002 @02:06AM (#4422279)
                Possibly you are taking analogies too far. If you scanned a computer and found open services, you must get authorization from the computer OWNER. The computer itself doesn't know who the hell you are, or whether you REALLY should be there or not. It's just following it's pre-programed tasks.

                But if we want to continue this analogy, even with all it's flaws, it needs to be thought as a conversation.

                Scanner: Knock Knock.
                Computer: Hi.
                Scanner: I'm comming in.
                Computer: OK. I assume you are authorized since you wouldn't just barge in if you wern't, and I have not been instructed on who is authorized and who is not.
                Scanner: Ahh. I see you have some nice files in here.
                Computer: Yes. I have files.
                Scanner: I'm copying them.
                Computer: Whatever.

                There is no "automated system" that invites you in. You have to turn the knob and open the door, step in, and do shit. It's a standard request / response protocol. If you don't make the request, you don't get a response.

                The basic reasoning flaw or morals problem you and some other seem to have is that you have default permission to go into any computer you want regardless of the owners wishes. Most computer users don't understand security. Period. They don't even know that their computer is wide open. Most users also don't want random unknown people plowing throught their files.

                Shit man, it's the stuff they teach you in pre-school. Be nice to others, don't take their stuff, if you want to play with someone elses toys you NEED TO ASK FIRST. Oh, and that't the PERSON you ask, not the TOY.

                You can't equate web searching (like google) to file share searching. When you put something on the web, you are usually publishing for others. File shares however are frequently enabled automagically by pooly designed and configured OS's. They are RARELY setup for the INTENT of general public access.

                The "intent" is everything.

                Does this help?
                • File shares however are frequently enabled automagically by pooly designed and configured OS's.

                  Name a single OS that automagically enables file shares. I can't, and I'm quite familiar with several.

                  Even under the most piss-poor Windows install a file share has to be set up intentionally, and in that dialogue box the user has the option of giving it a password or leaving it totally unprotected.

                  They are RARELY setup for the INTENT of general public access.

                  Are you joking, or do you just have no idea what you're talking about? Every unprotected share I've ever seen was specifically for the purpose of general public access by everyone on the network. That's the whole point. If you don't want everybody and their third uncle checking out your stuff you put a freaking password on it in the dialogue box you had to open to set up the share in the first place.

                  If you scanned a computer and found open services, you must get authorization from the computer OWNER. The computer itself doesn't know who the hell you are, or whether you REALLY should be there or not.

                  The OWNER has given PERMISSION by opening an UNPROTECTED SHARE on a PUBLIC NETWORK. The computer knows who should or shouldn't be there by letting in only the people who know the password, and if there isn't a password that means EVERYONE.

                  And as for your dialogue above, for an unprotected windows share it's more like:

                  Scanner: Knock Knock.
                  Computer: Hi.
                  Scanner: Can I come in?
                  Computer: Yeah, sure! Make yourself at home! Would you like to run some unauthorized code?

                • Maybe it is just me, but if I set something up in a share, I sure as hell mean for it to be accessed by anyone one the network.

                  I might be mistaken, but it is pretty obvious what you are doing when you click "SHARE" on a drive or folder, or when you put something into the "SHARED DOCUMENTS" folder.
          • This is totally off-topic, but I have to ask.
            I see your posts on a regular basis (usually pretty good ones) but I also see your sig.
            Are you really still unemployed after gawd-knows-how-long?!?!?!?!?!? I mean dang!

            (Or did you just forget that was your sig? :)
      • [...]if you leave your blinds open you can expect to have zero privacy. Neighbours and others are well within their right to watch and record anything you do within your home.

        Legalities aside (this wouldn't go here in Denmark), there is quite a difference between

        1) You happen to walk by an open window and see something that you mention to a friend, and
        2) You build a multi-camera webcam system that scans all visible windows, detects where blinds are open, recognizes interesting activity, and shows it all on the web.

        If you do #2, expect to get in trouble with the law, with the public opinion, and with one of he muscular fellows whose girlfirned is living behind those windows... Don't expect much sympathy even here, iven if building that machine was a cool hack.

        • Yes, sorry, broadcasting is an entirely different matter, as you normally cannot broadcast anything without the persons knowledge and consent. There are special provisions for news worthy events but I've never really looked into it.

    • Just because you have read access to something doesn't mean you ought to be using it and certainly doesn't mean you'll be looked upon favorably if you write a tool to do it on a large scale.

      Read the article again, because you obviously missed some important parts. All he did was scan for open shares, he did not exploit or violate them in any way.

      Had he actually violated anyones privacy or trespassed on their systems I would agree with you. But just scanning? Unless scanning is srictly against the AUP, he didn't violate a damned thing and he is completely in the right.

      Or perhaps you are suggesting it is illegal for me to walk down the street and notice that someones door is open? If that's not illegal in the real world there's no reason it should be illegal in the electronic one.

      • See also my response to the other guy who replied, but...

        All he did was scan for open shares, he did not exploit or violate them in any way. Had he actually violated anyones privacy or trespassed on their systems I would agree with you.

        The scanning might be enough to get him in trouble but I understood him differently. "Peer-to-peer file web-based file indexing system" doesn't sound like a simple scan to me. It suggests he's at least downloading files and possibly redistributing them. I think his rationale is that the files are being freely shared but it's basic etiquette that you don't touch obviously private documents just because you can.

        That's my understanding of what he did, anyway. Maybe I'm wrong.

        • From the article:

          The AUP does not mention scans and I did not 'break' or 'crack' security in any way.

          It sure sounds to me like all he did was scan for open shares. As I said, if he trespassed on someone elses system, I agree that he should be in trouble. However, an "indexing system" doesn't suggest downloading or redistribution at all, it only suggests indexing. The "peer-to-peer file web-based file" part makes no sense, and only suggests that he doesn't know what he's talking about.

          Anyway, if all he's doing is scanning then I agree with him. If he's rummaging around in other people's systems and downloading their files, I agree with you. The way I read the article all he's doing is scanning.

          • i was just going to read this thread, but something you said crystalized my thought on this thread. What he's doing is the same as all those FTP search engines out there. I dont't think "rummaging" really enters into the picture at all.

            It's funny, because we're all too ready to assume that there are public shares (no login/password) that exist without people knowing about them. The scenario described in the question seems to imply that he's not trying to exploit anything (in other words, he's not trying to use the open shares to exploit a bug or gain further access to the system).

            This seems perfectly reasonable to me. If I set up an anonymous FTP service, I expect people to use it, look around, maybe take some stuff, and then leave. I imagine that having an open share is the same thing.

            The door analogy isn't appropriate. The assumptions he's working under include that people intend other network users to access those shares. Why else would you create those shares in the first place?

            Anyway, my point is that I don't agree that it's wrong to download the files. If they're in a public share that looks as if the owner intended for folks to access them, why is it wrong to download the files? He's not rummaging, he's simply using the share in its intended manner. Let's be honest here... this is a college network, and many people still share MP3's and other things with their friends in these "low tech" ways.

            Sujal

      • Not To Butt In... (Score:3, Insightful)

        by reallocate ( 142797 )
        ...but, would your opinion about the scanning change if Microsoft was doing it? Or the college itself?

        The shares are open to the network but they are not legally open to people. I left my back door open this evening when I took out the trash, but that doesn't give you a right to enter my house through that open door and rifle through my unlocked desk drawers.

        Can you or anyone cite a legal precedent that states someone who has open shares on a PC in their possession retains no right to the privacy of those shares, and that that data on those shares is legally accessible by anyone who can get to it?
        • Can you or anyone cite a legal precedent that states someone who has open shares on a PC in their possession retains no right to the privacy of those shares, and that that data on those shares is legally accessible by anyone who can get to it?

          Of course not, because there isn't one.

          However, I don't believe that is an issue in this case because the way I read the article he's just walking down the street looking for open doors, not going through them.

          The door analogy is a poor one in this case, though, since a share that isn't protected by a password invites in anyone who makes an inquiry. Certainly if you leave your door open that doesn't mean I have the right to enter your house, but if you set up an automated system near your open door that invites me in when I knock, I would not be in the wrong by coming in.

          I don't condone trespassing, and I thought I stated that clearly in my post. My impression is that he was merely scanning, and there is certainly nothing wrong with that.

          • >> ...he was merely scanning, and there is certainly nothing wrong with that.a

            I think many people would find uninvited scanning to be intrusive and a privacy violation. Certain, many here would be quite angered if Microsoft, for example, periodically scanned the net for open shares.

            In any case, the original poster claimed he was providing a service. Quietly finding open shares isn't much of a service, so I assume he plans to use those shares for something else.
            • First, he didn't promote the service, so likely only he and maybe a few friends knew about it. That says nothing about what he planned to do with it in the future, but I'll get to that below.

              Second, there's no reason that merely finding open shares couldn't be a service, it all depends on what you do with the information you gather. If you use the info to contact people and politely let them know that they've left their computer wide open for anyone to poke around in, that would certainly be a benevolent use of the service, even if "you" happens to be Microsoft. In fact, that would be an excellent way for them to improve their security reputation since so many security problems are caused by "admins" who don't know what they are doing. (Along those lines, I think MS should start releasing security patches for Outlook and IE as viruses that repair their own exploits after they replicate. Sadly, that's the only way some servers would ever get patched.)

              Finally, saying that scanning a public network that one is a member of is intrusive or a privacy violation is absurd. Do the people who would say this actually know what scanning is? It's no more intrusive or privacy violating that me noticing that you left your front door open.

              • Yes, but the network he is on appears to belong to the college. I.e., from the viewpoint of the college, it's a private network. That's the governing principle. They get to make the rules, or change them, no matter how simple ot innocuous the behavior. Aside from convincing the college that they should do what he's doing, his only alternatives are acquiescing or launching a legal challenge.

                (E.g., I used to work in an office that banned making online purchases via their network. You could browse as you pleased, but could not conduct a transaction. Never made sense to me. Usage was monitored; first violation got you a warning; continued violations got you no network access.)
                • It's a matter of semantics, I suppose. It is a privately owned network, but it is offered as a public service to the students. While your office example is valid in a business situation, it isn't necessarily in a school environment. At work the network is a tool of the business which, like the copy machine, is there for the specific purpose of getting work done. At a school the network is part of a service/education package the students are paying for, and yes, there is legal precedent for this:

                  Humboldt State University (California) was building a new libraray. As with all such projects, it ended up over budget and behind schedule (IIRC, around $5M and 2 years, respectively). The students brought a class action against the school for a partial refund of their tuition for the years when this new library, which was a service they were paying for as part of their tuition, was unavailable to them. They won.

                  Similarly, if a network access fee were deducted from your paycheck, you would be able to sue your employer for restricting access/activity on that network.

    • He did indeed stop, however he refused to sign a document that said he was a criminal.

      Not admitting to a violation is not the same as continuing in the behavior which was considered a violation.

      The First Amendment also guarantees him the right to bitch about it and claim he had a right to do it.
    • Sorry, but this isn't the sort of thing admins like [...]

      No, what we admins don't like is twits giving the world access to the directory with their assignments in it and then whinging because they've been accused of plagiarism after someone copied their assignment and handed it in.
      Admins don't have a problem with this sort of thing. Heck, we use it to do thing like look for likely virus-infested open shares and grab MP3s without having to incur additional bandwidth costs.

      Just because you have read access to something doesn't mean you ought to be using it [...]

      Something like a web page, you mean ?

      [...] and certainly doesn't mean you'll be looked upon favorably if you write a tool to do it on a large scale.

      You mean like, say, Google ? Yeah, everyone hates those guys.

  • College (Score:4, Insightful)

    by Henry V .009 ( 518000 ) on Wednesday October 09, 2002 @08:31PM (#4420792) Journal
    You have to understand. College is Club Med for young people. You all are the customers. And what you all are buying can all be got for free at any good public library.

    Colleges make up for this by providing all sorts of 'perks' that don't have anything to do with the service they are providing. Sports facillities, money for student associations and clubs, and a fat connection as well. They charge for these by tuition. It's a lump sum, so you can't opt-out of anything.

    Since corporations are too badly mis-run to actually do real screening for ability in applicants, you need a bit of college. It's not such a bad place. Unfortunately, there are too many youngsters who are used to the authority of their parents and high school teachers. They don't understand the customer--business relationship. And college administrations take advantage of it.

    So here's the solution. Like any badly run buearacracy, the college administration will fold, give in to your demands, and bend over for you, if you give them enough grief. Don't do anything that they can kick you out for, but give them a truck-load of pain through all the official channels possible. And if you run out of official channels, make some up. Don't give up until they give you a new car and a Phd as a settlement agreement.

    If you are thinking of modding this funny--don't. It's all true.

    • Re:College (Score:2, Insightful)

      by anthony_dipierro ( 543308 )

      And what you all are buying can all be got for free at any good public library.

      A degree?

    • Re:College (Score:4, Insightful)

      by wdr1 ( 31310 ) <wdr1@p[ ]x.com ['obo' in gap]> on Wednesday October 09, 2002 @09:00PM (#4420927) Homepage Journal
      Clearly you didn't do your homework before going to whatever party school you ended up choosing.

      Don't listen to this guy. It's not the truth. Far from it. Of course, there are party schools out there. I'm not denying that. But to go to a party school and be surprised you're really not learning anything & it's basically a club med... well, let's just say perhaps it's best you didn't go to a higher caliber school after all.

      There are quite a few schools, however, that challenge you. Raise your critical thinking skills. Teach you how to learn. Interact with experts. Help you grow. Looking back, while some of the most valuable lessons I learned where from books, a significant portion came from reading something like the Apology with a peer group at the same time and discuss it's ideas. To work all night in group trying to write an AI simulator for the brain of ant on a beach shore.

      Yes, you can learn from books. I love books. But a lot of the books you seem to be referring to can teach you nothing more than facts. In fact, a lot of good schools don't even waste time teaching you what you can get from a book. Go read & come back is usually the attitude. Oddly enough, despite being a CS major, I never took an introduction to Lisp, C, etc course. First day of my data structures class our processor announced all our homework would be in C. He understood none of us probably knew it, this was an intro course, gave us a few books titles, and told us to get cracking. The first homework assignment, in C, was due in a week.

      When I look to hire people, I don't really care what facts they know, how well they know C, etc. You can teach a monkey C. It's a lot harder to teach people how to think, analyze, adapt, and overcome.

      Then again, maybe I'm biased. After all, my school was chosen last, at 300, in terms of party schools. ;-)

      My two cents,
      -Bill
      • Then again, maybe I'm biased. After all, my school was chosen last, at 300, in terms of party schools. ;-)

        You went to Rolla?

      • I'd have to disagree in part here..

        But to go to a party school and be surprised you're really not learning anything & it's basically a club med... well, let's just say perhaps it's best you didn't go to a higher caliber school after all.

        I don't care what school you go to, if you want to learn and have the time (don't underestimate that factor) any school will do. You have the internet if you need to discuss things and need help and examples.

        There are quite a few schools, however, that challenge you. Raise your critical thinking skills. Teach you how to learn. Interact with experts. Help you grow.

        Except for the last part, I tend to disagree again. Sure they'll help you, but in the end it all comes down to your own motivations. Most of the time college involves procedures, bureaucracy, teachers who don't care about students thinking differently etc, etc. I guess you could learn to roll with the punches from that, but I have yet to see a class that actually teaches you how to learn. I'd sign up for it in a blink of an eye.

        And yes, books are basically collections of (mostly) facts. Thinking and writing about it, and implementing ideas and seeing how they work is how you really learn. But I still don't see how you need a college for that unless you're in a field like nano-technology, and even then you can write yourself a little emulator..

        And lastly, if you hire people for an IT department, yes, it is important that they can communicate, learn quickly and adapt, write essays/documentation etc, but if you tell me you don't care if they even know the language they are going to write in, I'd say you're really bad at hiring good people.

        (And yes, of course I'm biased too.. I took all the CS classes at college for credit only. I didn't learn anything there... and eventually I got so fed up with it that I left [that and I ran out of money]. I'm still planning on going back and finishing [yeah, yeah you've heard that a thousand times] but I really disagree with the assertion that you HAVE to go to college to learn.)

        And to you moderators, tangents are not offtopic. This is a direct response.
      • Insult my credentials. The first refuge of an incompetant, hide-bound, traditionalist. For your information, I wasn't the one who said the college is Club Med for the young. Rather, it was Mark Edmundson, Professor of English, from the University of Virginia. His essay is interesting and can be found here [virginia.edu]. Maybe he considers himself a teacher at a 'party school,' I doubt it.

        But really, I could hardly expect more of someone who went to college to learn how to monkey with computers rather than learn a real subject. Whenever I pick up one of the various journals on algorithmic complexity for a lark, it depresses me to see what passes for mathematics in the the field of computer science. In reality, the only reason computer science exists at all, is because corporations needed more people to run computers than were smart enough to pass the mathematics courses. Even the name suggests an inferiority complex. You have to tack on the science word at the end or nobody will believe you.

        Raise your critical thinking skills. Teach you how to learn. Interact with experts. Help you grow.

        That is repeated again and again without any evidence ever given to back it up. The degree farms that we call universities--and no I'm not talking about 'party schools'--don't do a great deal more for critical thinking skills than any other option that a young person can choose at that stage in life. And in many ways it does less. I've been challenged by many people in my life, whether they happen to be a professor, a employeer, a friend, or a lover.

        You can teach a monkey C. It's a lot harder to teach people how to think, analyze, adapt, and overcome.

        Which could explain why colleges are so terrible at it. In fact, they aren't even great at the former. Thinking, analyzing, and adapting are all things learned from living. The temporary refuges from the outside world that most colleges set up do more to hold back than push forward.

        Tell me. When you want to hire someone. How do you judge their critical thinking skills? Do you just read the name in the section of the resume labelled Education?
        • Which could explain why colleges are so terrible at it. [teaching people how to think]

          I think it's fair to say that you take out of the college experience what you put into it, and most people who graduate with a bachelor's degree aren't particularly wise or insightful individuals. But it seems to me that it's easier for a person to learn to think critically in college than out of college.

          College is nothing more than an environment, like a petri dish for teenagers. Some of them will keep their heads down, finish their assignments, and walk away with a piece of paper. Others will thrive, and emerge much better off for it.

          I don't know. Maybe I'm idealistic about college because I dropped out of it and never got the chance to go back.
      • ...our processor announced all our homework would be in C...

        Interesting place where the computers are already teaching the CS classes. I'm still at a stuck-in-the-stone-age school where my classes are taught by people. Usually of the older type, granted, but I can at least speak English to them.
        • Usually of the older type, granted, but I can at least speak English to them.

          You're lucky. My freshman-level intro to data structures class was taught by a Mandarin, the TA was Israeli, and the class was a pretty even mix of Americans, Japanese, Chinese, and Indians. The only language our whole class had in common was C++!
    • So here's the solution. Like any badly run buearacracy, the college administration will fold, give in to your demands, and bend over for you, if you give them enough grief. Don't do anything that they can kick you out for, but give them a truck-load of pain through all the official channels possible. And if you run out of official channels, make some up.

      OK -- while I don't agree with all the crap the preceeded the above quote -- the above is right on the money. What you need to do is to escelate the problem up the buearocracy. Make a stink, and make their admins looks bad -- real bad.

      I remember years ago, when I was just starting college, my friend wrote a little C app to periodically scan wtmp (or was it utmp?) on our SunOS system to see when his friends logged on and off. He sent it out to all of his friends to test. While he was testing, he experimented by including all 1500 users for about 5 mins and ate a big chunk of memory and CPU and one of the student admin's ZSH processes wouldn't fork. Our student-admin did a find in the /student/ directory and sent a nasty-gram to everyone who had the app in their homedirectories. The reaction was appropriate, but the content of the letter was so abusive and out of line that it provoked a response from me similar to what I think that you should do. His letter was so amazingly BOFH-like, I had to keep it around for humor's sake...I'll include here:

      Date: Sat, 13 Apr 1996 14:28:11 -0400 (EDT)

      From: (BOFH's name withheld)
      To: (withheld)
      Subject: void is NOT


      void is NOT to be run on hamp any longer. Period.

      I have noticed the load average go up as I note void processes going out of control. When I kill void processes the load average goes down and the system is happy again. That makes me happy again.

      I do not like seeing:

      zsh: fork failed.

      it makes me unhappy.

      You don't like it when I'm unhappy. Even if you don't know it or not.

      If you want to continue running void on hamp, then do two things.

      1) Send me the source code and if I have time I will see if I can spot any bad monkeys in the code causing this problem.
      2) run a profiler on your code to see how badly it can tax the system.

      As for #1, I probably won't get around to fixing your code. I have plenty of other more useful and interesting things to do. I would be interested in seeing the code, though.

      As for #2, If you don't know how to profile your code, then don't ever run void or similar programs again. Profile your code and figure out how to stop causing so many problems with the system, such as filling up the process table, &c, and, pending that you fix it, you can runI would advise you to run the program on your own machines. Port your code to whatever platform(s) you have in your own room and crash and mangle your own machines. I don't have time to track down all the little problems that users want to cause for their own petty fun & excitement - whatever those may be. There are a good number of folks who use hamp for academic purposes. Academic purposes have the first priority over anything else (including banter over e-mail, news, irc, &c).

      I don't give a wet slap about supporting the system for miscreants that use the system for more than an Academic purpose.

      Personally, I'm all for fun and games and pettiness, but I'm not going to spend time SUPPORTing it. And when it actively causes problems with the system, I'm going to grab the problem 'round the neck and throttle it with quite some fierceness.

      So, the solution here is simple and straightforward as I've outlined above. If you have questions or comments, send them to me by all means. I am very firm on this point. It is the end of the semester and I want as few problems with the system as possible. If I see you running void, I will kill the process immediately, unless you otherwise e-mail me telling me you are profiling or attempting to fix the problems with the program at the time I see void running. Period.

      Thank you for your cooperation.

      (name withheld to protect the BOFH)

      I wrote a nasty-gram back, telling him that it was an independant, academic project and the college should be supporting that kind of activity. I also CC'ed it to Academic Computing and various other administrative folks. It got results. Had we just rolled over and let this guy abuse us, he would have got the impression that it was OK to talk to people like that in his job function (alot of SA's do) and continued to run his system with an iron fist. Remember -- the network, and its associated staff is there for you to make use of.

      The right thing to do is to write your SA a letter, write IT a letter, write one to academic computing, and write one to your dean of student affairs. Also, figure out who the SA works for, and who they work for. It wouldn't hurt to talk to a CS prof and get them on your side (professors have a lot more pull with the administration than you).

      You didn't do anything wrong. Put those bastards in their place. If Shawn Fanning found his way to a brief geek-rockstardom from a project (and innovative way of thinking) similar to yours...this kind of thing should be rewarded.

      As an addendum to the story, the guy who wrote "void" went on to work for a number of video game shops, eventually landing at Bungie, writing much of Halo's 3D engine..which, from where I sit, is quite successful. Experiment, fuck around, push the limit of the rules, and if anyone gets in your way -- don't back down. It may take you very far.

      --Turkey
  • This sounds like the basic child-raising dilema. You tell you kid what he can't do, he goes ahead and does something similar, but technically not the same. You find out about it and confront him, he says "but I didn't do that" and you say "you know what I mean" and smack him. You should have known that snooping around for Windows shares would get you in trouble sooner or later. Tell them that you didn't violate their agreement, offer to write up what you did so they can modify the agreement and promise not to do it again.
    • Tell them that you didn't violate their agreement, offer to write up what you did so they can modify the agreement and promise not to do it again.

      Nolo contendere: I didn't do it, and I promise never to do it again.

    • Re:You know what I mean (Score:4, Interesting)

      by Kanon ( 152815 ) on Thursday October 10, 2002 @02:26AM (#4422329)
      Exactly.

      I'm work as a Unix tech at a University and I see this all the time. Rather than take what turns out to be a rather minor telling off (IE me in the office telling them what they did is bad and not to do it again) and throwing out a quick appology they'd rather stand there arguing the toss about it until the technician involved gets so fed up with them he escalates the incident higher and the student gets into real trouble. Just for being a cocky little sod.

      We had a female student here almost get kicked out of the Uni for eating in the labs. She'd do it everyday and everyday someone would catch her while doing the rounds (We don't allow eating and drinking in our labs). She always accused the techs of lying and picking on her and then would carry right on doing it. She used to line up chips on the keyboard and eat them off one by one. Our academic director even caught her once and she still said we were lying.

      After months of dancing around like this it was refered to the student discapline board and she got a final warning with the threat of being kicked out of the University.

      We don't know what would have happened next since she failed her course and left anyway. However if she'd just accepted the initial telling off from whichever technician caught her and then waited until she'd finished in the lab before eating that would have been it. End of story.

      Some people have no sense however. Tip for the story poster. Don't argue with it. Just sign the appology and forget about it. It'll be easier in the long run than getting kicked out of school.

  • wow. (Score:5, Interesting)

    by timdorr ( 213400 ) on Wednesday October 09, 2002 @08:33PM (#4420807) Homepage
    I'm a student at Georgia Tech and a heavy user of Buzzsearch. We used to have a previous system in place that was actually a resnet-created invention (browse.resnet.gatech.edu). However, with the increasing quality of buzzsearch and the aging code that powered browse.res, it was shut down and now our file-sharing is a student-run affair. Perhaps the biggest reason why our college support this (and many others should as well IMO) is bandwidth usage. Namely, external bandwidth usage (aka, the stuff your school PAYS for). It doesn't cost anything for our school to have me send a file from me to my roommate, but it costs a recurring fee of an OC12 line to send something to my friend in New Hampshire. Realistically, you could EASILY come accross to your school saying that you're saving their bandwidth costs wtih such a system in place. Plus, keeping it student-run will keep down on their liabilities. Oh, and you could always "lose" some logs if there's an incident :) If I were you, I'd be fighting tooth and nail to keep that service up. You are browsing PUBLIC information. You're not exploiting some bug in an operating system. You're not spreading a virus accross campus. You're simply allowing students to find the stuff they want in a faster, less costly, and more privatized manner. Put it back up and don't stop until they pull the plug. Then bitch and moan load enough to get them to allow you back up :)

    • That's what a good Internet caching system is designed to do. The good ones are not just for the web, but for FTP and potentially anything that uses the FTP or HTTP protocols with the correct routing rules.
    • Actually, buzzsearch was shut down by the Georgia Tech legal offices for trademark violations. gatech=shafting students since..uh, forever.

  • Perhaps... (Score:4, Interesting)

    by PhilipChapman ( 325188 ) <philip&no-skill,com> on Wednesday October 09, 2002 @08:34PM (#4420808) Homepage
    You should take a look at this line:

    Unacceptable uses include, but are not limited to, the following

  • Don't use the word "Peer" (Score:4, Interesting)

    by penguin_punk ( 66721 ) on Wednesday October 09, 2002 @08:34PM (#4420810) Journal
    Hasn't any of these students learned that the word "Peer" scares the living bejoovies out of netadmins running open networks these days? Any thought (or mention) of p2p brings to mind 100% bandwidth utilization.

    Instead, call it a "Client-side SAN", or my favorite: "Internal Email Network over Windows-Induced File-Transfer-Mechanisms" (or IENWIFTM) the 'email' label gives it a freindly name.

    Oh yah, and next time you get caught doing this, have your BOFH calendar handy. (This [0xdeadbeef.info] calendar gave me "Domain Controller not responding". It would have been a perfect explanation on your windows network. Tell them your proggie was actually a DC backup that kicked in and it was notifying all the windows clients that it was up.)

  • College network vs College dorms... (Score:5, Insightful)

    by Anonymous Coward on Wednesday October 09, 2002 @08:36PM (#4420822)
    Dear Slashdot,

    I am a college student.

    Several time a week, I walk into every office building and college dorm and attempt to open every door to see if the door is unlocked, and to see if something is inside. If the door is open, I walk in, take a picture, and catalog my findings in an MySQL database.

    I don't think this is unethical, but the school admins don't like this.

    I don't like being treated as a criminal. What do I do?
    • Ahh..but remember that Windows Shares are "opt-in" -- by default turned off. Users enable them to allow sharing of files. Not like doors which are accidentally left unlocked.

      Perhaps a more appropriate analogy would be walking into a job fair, and looking around to see who is offering pamphelets.

    • Re:College network vs College dorms... (Score:1, Insightful)

      by Anonymous Coward
      Dear Ask Slashdot,

      I'm a college student who thinks he knows it all and I run a program I wrote on the campus network that the admins don't like. Rather than take the (small) telling off and move onto other things I decide (Like most students) to make an issue of the entire thing.

      I'm really cocky. I'm *always* right and I can't understand why my snooping might not be liked. I'm also a pedantic tit who plays the letter of the rules rather than the spirit to suit my own ends.

      ---------------

      The above is true. Maybe not for this guy but for lots of students like him. I'm an admin at a university and we see a lot of this sort of thing. I don't care what the guy's intentions were. If he was trawling around my network like that I'd nail his arse to the wall. God only knows what v2.0 of the software would do.

      Oh and btw. Before anyone tells me to get my security sorted out so that the shares aren't open you're talking to the wrong admin. I'm a Unix admin. You want the idiot (PC) team.

    • In that case, he should be expelled (and shot) for even using MySQL in the first place. ;)

      Now if he were using PostgreSQL that would be a different story. :)

  • When dealing with the campus IT folks, just remember that those positions are generally not paid very well, which means you usually get folks there that do not fully understand technology, nor do they necessarily have a desire to.

    Obviously, that's not always the case, but where I went to school, we got into trouble more than once for things that we shouldn't have. When you deal with them, just remember that they have a job to do, and frankly, what you're doing falls outside of the 99.95% of what their used to. "Waah, my email got rejected", "Waah, there's not enough bandwidth for me to do my porn surf... Oops, I mean research"

    And with all of the media attention that the RIAA and folks have brought to P2P apps, as soon as you mention that phrase it becomes a buzz phrase with a negative connotation. If you can prove what you were doing is benign, be patient and professional while you're doing it, and try to understand the situation from their perspective, you'll come out unscathed.

    Good luck!
    • As a recent grad and former student IT employee, I can vouch that our school had significantly *better* IT people, especially where network security and infrastructure were concerned, than the IT companies that I have experienced since then. Better educated, more experienced, more willing to listen. But also more willing to put the almighty smackdown on a student that violates the rules.

      Don't turn the thing back on, please- even if you weren't originally breaking the rules, you're breaking the rules if you turn it on after they asked you to leave it off. They may well expel you for that, and they would be within their rights.

      This is worth fighting, but college is worth completing, for the credentials if nothing else. Besides, where else are you going to find thousands of single women (or men, if that's your thing) between 18-23 all grouped together? To ensure that you get to stay in school, fight this fight through the proper channels. You may well win- but even if you lose, you can drown your sorrows in cheap beer and impresssionable young women (or men, if that's your thing).
  • No no no ...ya'll get your mind outta the gutter now... ;)

    If all your script does is comb through Windows shares, how did they decide that your application looked suspicious? They identified network patterns -- can you reproduce those network patterns by hand?

    It'll take some time, but try doing what your program does by hand. Try to get some of your friends or supporters to do it also. Then, when IT complains again, you can honestly tell them that you were just browsing the Windows shares.

    If they are going to allow NetBIOS traffic, what do they think you'll use it for?

  • Come on... (Score:2, Insightful)

    by dpete4552 ( 310481 )
    It's pretty obvious as to what his program was designed to do. That is, scan for windows boxes ran by not-so-smart users that didn't password protect their shares, and for him to snoop in on them.

    He got caught, now he's going the rightous route to either justify what he is doing or pray on the general additude of the ./ community to gain support.

    Give me a break.

    He got caught, get over it Cliff, "Being treated like criminals", my god, cry me a river.
    • Most likely, if the student actually had the knowledge to set up a directory for sharing on the dorm network, it was INTENTIONALLY left without a password. On my dorm network freshman year, it was pretty obvious from the contents of shared directories (MP3s, video clips - No pirate movies, DivX didn't exist yet, but stuff like badday.mpg) that these were INTENDED to be public-readable within the dorm.

      The one exception was that by the end of the year, many people locked it down by IP (If they could) so that people couldn't connect from outside (This was the era of Scour), or else password-protected the content, and had a public README saying, for example, "The password for this share is the name of the dormitory I am in".

      The "unlocked door" analogy doesn't hold because while you can forget to lock a door (Actually, depending on the lock, this can be hard, as "locked" is the default on many modern locks, i.e. you can open it from the inside while it's locked but not from the outside. I'd say it's FAR easier to lock yourself out than it is to accidentally leave the door unlocked.), Windows *DEFAULTS TO NO SHARING* - In fact, on a default Win9x box, you have to intentionally add the MS service.

      Also, you have to *specifically* choose to make it world-readable without a password.

      Given the fact that it takes *intentional effort* to create a Windows SMB share without a password for read access, it can be assumed that SMB shares without a password are intentionally public. (WLANs are a different story, since unWEPed APs are factory default behavior. If WEP was default behavior, then one could safely assume that unWEPed APs were intentionally public)

  • Umm, no. (Score:5, Insightful)

    by HotNeedleOfInquiry ( 598897 ) on Wednesday October 09, 2002 @08:54PM (#4420899)
    "I do not agree with their stance on this issue and I believe I have a right to design, implement, and make available such a service." Sorry pal, but not until you buy the bandwidth, the cable, the servers and the big Cisco box do you have the right. It's their network and they make the rules, even if it is make-it-up-as-you-go-along. Shut down your server, say you're sorry, get your degree, earn lots of money and buy your own network. Then you'll have the right to tell people what services they can run.

    • Re:Umm, no. (Score:3, Insightful)

      by Raiford ( 599622 )
      The property right is more like a lease on an apartment. You can use it and furnish it, but you can't just go and paint the walls bright red if the apartment owners say renters can't paint the walls

  • Why are you asking us and not them? (Score:3, Insightful)

    by wdr1 ( 31310 ) <wdr1@p[ ]x.com ['obo' in gap]> on Wednesday October 09, 2002 @09:04PM (#4420938) Homepage Journal
    It sounds like you don't have a full understanding of why they are upset with the system. It could be misperception or that you're causing a problem without realizing.

    I would try to work (in person) with whomever contacted you, and try to understand why this makes their life difficult, and try to address though concerns.

    Without knowing why they are upset, there is little anyone on Slashdot can do to help you.

    -Bill

  • Been there, done that.... (Score:4, Insightful)

    by egerlach ( 193811 ) on Wednesday October 09, 2002 @09:32PM (#4421095)
    When my friend was in residence (I was in my own house at the time), I helped him build a system very similar to the one you're describing. Exactly the same thing happened. IST found out about it, and shut it down. The reason they gave was that it was eating up internal bandwidth. When he inquired how his search system was eating up so much bandwidth, they told him it wasn't the search that was eating up bacndwidth, but the fact that everyone started getting files from other people's Windows Shares all the time. Now these aren't smart users either. They'd play files directly form others' HD's, without getting a local copy first.

    Bottom line is, you may think you have some kind of right to do something like this, but the service is ultimately there for educational purposes. If you can convince them that you're using the search for educational purposes, you're in the clear. Otherwise, you're probably not going to get away with this one. Searching computers for random files, not related to your education, is not acceptable use, I'm sorry to say.
    • I don't know what's going on in your school, but at SPSU, the internal network was paid for by the housing authority, which is completely paid for by the student living there.

      The college had no more right to demand that it was only used for educational purposes than they'd have the right to demand that your room was only used for educational purposes. Now, basic sanity rules are good, just like the 'can't have loud music at all hours' rule. But that is more like a housing covenant than university rules.

      Now, internet access, on the other hand, is iffy by default, because it's not entirely paid for by the students living there. But the internal network is, and not really the university's business.

    • I think you have to look at the issue from a network administration point of view.


      Port scanning is scary. While not technically illegal, or even dangerous, in and of itself, it is just one step away from an attack. Personally, I don't want anyone on my network port scanning boxes, especially if some of those belong to me.


      While you may just be scanning for open window shares today, a simple rewrite of the code, and you're scanning for any open port, and maybe you're looking for any vulnerability to exploit. Or maybe you aren't, but your friends who have a copy of your code are. All these "authorized" port scannings may indeed mask a whole bunch of "unathorized" scannings.


      Personally, and this is just me speaking, any computer that port scans me is immediately blacklisted from any network I control.

  • My friends and I wrote something similar to this at northeastern. A few months after we first started I got a letter from our "internet security" guy. When I contacted him he said that a netbios attack on one of ther computers had come from my computer. I told him what we were doing and that we were only looking at public windows shares. He said we needed permission from the owner of the computer before we could look at the computer shares. We havn't done much with it since unfortunately. However you have a good implementation over at umass. http://www.canofsleep.com What they did was have people who wanted to use the service sign up, which basically means they are giving permission to have people look at their stuff. It should be rather easy to implement and we are thinking of doing that here as well. Should make everyone happy.
    • Since when do you have to have permission to browse public windows shares? The entire point of having them public (i.e., no password), is so you can do it with OUT permission. Sharing files publicly is the same thing as running a web server: anyone is able to access it, and they don't have to ask your permission to do so.
      • I spent 10 minutes on the phone trying to explain this to the guy. I finally gave up and said whatever. He isn't the brightest crayon in the box. Had a great idea to disconnect AIM every 20 minutes throughout campus cause he heard of an Aimster exploit. Thats just an example.
  • Someone here at MTU runs a similar thing, I have yet to hear of s/he getting in trouble.

    I scanned the ResNet here for NFS servers and haven't gotten in trouble either.

  • It is quite simple (Score:2, Insightful)

    by yancey ( 136972 )

    Create and test your own software on an isolated network and stop using the public network for your experiments. If this is a research project, then you should be able to make a proposal and get access to such a testing environment.

    If you had previously received written permission from an instructor or other university employee, then you could refer the matter to that employee. Since you proceeded to use the university's network for you own testing, you've already crossed the line and they're already suspicious of you.

    Imagine it this way, if you went around to people's houses and checked for unlocked doors and then attempted to inventory the furniture in those houses, do you think the police would be forgiving?

    Your computer was scanning other computers (without authorization) and probably setting off intrustion detection systems. There is nothing to differenticate your scan from any other hacking attempt, so the university's computer support staff must assume that you are trying to crack into their systems and take appropriate action.

    One other thing, you will find that one of the primary concerns of any university is staying out of legal hassles whenever possible. If you do anything that could in any way possibly get them into any legal trouble, you'll end up getting shut down.

  • start pirate ethernet (Score:1, Interesting)

    by Anonymous Coward
    start a pirate wireless ethernet in your dorm (i'm assuming you live in a dorm)... that'd be kind of cool, like college pirate radio.. but for warez :P

  • Unfortunately, you're basically screwed (Score:5, Informative)

    by nutsack ( 238174 ) on Wednesday October 09, 2002 @10:48PM (#4421472) Homepage
    I would just sign the agreement if I were you (although I have no idea what the punishment is going to be if you do). If your network admins aren't bright enough to see what you were doing was a non-intrusive search, you're not going to be able to sweet-talk them into believing you're not "hacking" people's computers.

    I wrote/administer the aformentioned search engine, Buzzsearch [buzzsearch.org], at Georgia Tech. I've never had a problem with the network staff - I do everything I can to be a good campus netizen (blocking off campus searching, for example) and they don't acknowledge that I exist. But I'm definitely not doing this for my "ideals", or to "fuck the man", yadda yadda... I sure as hell wouldn't risk my degree for Buzzsearch - if OIT came knocking on my door I'd hand over my server in a second flat.

    You're in a bad environment with uncool admins... deal with it and give up. It's not worth possibly fucking up your education.

  • He Uses The Nework at the College's Pleasure (Score:3, Insightful)

    by reallocate ( 142797 ) on Wednesday October 09, 2002 @10:54PM (#4421501)
    It's the college's private network, not his. He uses the network because the college grants him the privilege. They can withdraw that privilege. He has no "right" to use it.
    • His tuition goes toward paying for that "college's private network" so he EVERY RIGHT to use it. They can only withdraw that priviledge if he violated one their preset rules directly. The college can not go along making up rules as they go to pinhole people they don't agree with. If anything I think he should take this one to court, and watch the University settle the case real fast. The amount of bad publicity over such a stupid thing can cost tens of thousands of dollars worth potentional tuition money from other geeks who were thinking about going there.
      • His tuition goes toward paying for that "college's private network" so he EVERY RIGHT to use it.

        Actually, the network was likely paid for by government and research grants. His tutition likely didn't pay for much of it at all. Any usage that is not research or university-business related could probably be found to be in violation of policy. shane.

      • Paying someone for services provided does not give you rights to their property. Paying my doctor bill doesn't mean I have a right to borrow his boat for a spin in the bay.

        Many self-desciribed geeks seem to think any network that they can get into is, therefore, public. That's not true. Private networks are private property.

      • Nonsense. Your taxes go, in part, to maintaining public roads and highways, but that doesn't give you the 'right' to drive on them, use them, or do anything with them, really.

      • He has every right to use the College network - but so does every OTHER student. Somebody has to make sure that a few hogs don't screw things up for everyone else, so that people can actually do their schoolwork.

        How would you like to live in a dorm where this guy's P2P stuff was preventing you from accessing your coursework on Blackboard?

  • Similar idea (Score:2, Informative)

    by LastToKnow ( 449735 )
    I was actually starting to program a service very much like this at my college, and I stopped for two reasons: First, there were an unusual number of computers that had their hard drives shared as C, full access, no password or anything. I dunno if some local "we'll set up your internet access for you" was doing a little more than promised, or what, but they were all over the place. I didn't want to index shares that could be used maliciously. (Actually, I left notes in some of their 'desktop' folders saying how to disable the share, but there were too many to do this for all the ones I found). Also, during some early stages my program ran afoul of a router, and I got a phone call from ITS the next day. "Mess with us again, and we're pulling the plug on you".

    Between those, I decided it would be best to leave off with the project.
  • I used to work at Ohio State University in the central IT department (provides general services to campus).

    There was this guy, who was pretty smart and worked for the residentual halls for a while. He knew too much for his own good because he was constantly battling the director about how she was doing things. (His way was right most of the time.) Eventually, they fired him. However, he left with a lot of good information about how the residentual networks worked (specifically, in this case, he knew the DHCP IP Address ranges for at least his dorm.)

    Six months later, on a Friday evening, his dorms network went down. He deduced that there DHCP had stopped handing out IP Addresses. After calling to get the issue addressed, and being ignored, he set up his own DHCP server, restoring service to his entire dorm. He was a hero to his classmates (but I bet it still didn't get him laid... but that's another story)

    The director of the residentual internet services through a raging fit and was going to bring him up on charges and have him expelled for conducting a denial of service attack. When the director of security at Ohio State Security saw it for what it was, he patted the kid on the back, said be a good boy and stop fueding with the residential director, and sent him on his marry way. No suspension, no legal charges, no nothing.

    Therefore, my suggestion to you is there are a lot of whack-jobs at a University, but there are a lot of reasonable people too. Find the reasonable ones to help you out.

  • Had similar case (Score:2, Informative)

    by kalvyn ( 561263 )
    I ran Seek42 [sourceforge.net] at Northwest Missouri State last year. This system runs at University of Missouri-Rolla [umr.edu] and the university supports it. At Northwest however, they didn't tell me to turn it off. They deactivated my port and then sent me a summons. I was charged with copyright infringement, aiding in mass copyright infringement, and running a webserver in my dorm room. After presenting my case to the board, everyone on the board was VERY interested and supported my implementation of it, but I understand they had a job to do. I was found in violation of only running a web server in my room. (Yes, I knew this was a violation before I started I originally started this up there as a proof-of-concept project. I just wanted to know that I could get it to work up there. They've got a crazy network anyway. In the end, I got a $50 fine and banned from network usage until Dec 30, 2002. It's not fair, but that's life I guess.
    • Actually, Seek42 is not supported by UMR in any way, shape, or form. In fact, they've tried to shut Ryan (the creator) down several times, but it's too simple to get around their so called security.

  • This reminds me of my college years. When I was a senior, a few things had happened to me-- among them was learning the value of silence and respect. Maturity was not one of them.

    I had this neighbor, a sophomore, who exercised his free speech rights (on private property on the campus of a private school) by putting vulgarities, profanities, artwork (I've seen similar art and links to such moderated as trolls here, to give you the idea) on his door. And, he had the idea that, as long as his door was closed, his stereo could be as loud as he wanted. The stereo at 3am on a school night was too much for me.

    One day, I had suffered the last time asking him to turn his stereo down and having him turn it up another notch and ask if THAT was better. Bastard had a friend who would watch out for campus security coming over to get him to turn it down and it would be quiet 100% of the time they came by. I figured out the IP of his "stereo". With my lack of maturity, limited experience of Linux and hatred of my neighbor, I found the site www.rootprompt.org and the ability to silence my neighbor.

    From then on, the only way for him to know his stereo was too loud was a BSOD. His temper tantrums were louder than the music, but for a 2 minute screaming session I would get 2 hours of silence. A while :; do loop helped me get the sleep I needed finals week.

  • I do not agree with their stance on this issue and I believe I have a right to design, implement, and make available such a service.

    It's simple. If the administration says you don't have such rights, you don't. It doesn't matter what the AUP says, it doesn't matter what you think, it doesn't matter what *anyone* thinks except those who control and administer the network and systems. If those people say you don't have the right, then you don't.

    You don't own the network or the systems you're accessing. You don't have *any* "rights" on the network or systems except those that are explicitly given to you. And what rights you have can be taken away.

    If it's a useful and legal tool, then make your case -- prove that it *is* both legal and useful. Prove that it doesn't use significant amounts of bandwidth, and that it is unlikely to ever use significant amounts of bandwidth. If you can't make a convincing argument that your tool is worth allowing, maybe it's really not all that useful anyway.

    Sean.

  • Their network, they rule. You were responsible and took it off when asked, so you don't deserve any punishment. And if this project is part of your studies, then obviously they have to expect that if you make something that is network oriented, you're gonna use the college LAN to test it. That's what a college is there for. So as things stand, IMHO, things are all square. So I wouldn't sign the AUP thingy either.

    This is a lot like the store I work at saying "Arriving for work under the influence of illegal drugs or alcohol shall constitute gross misconduct" then making me work New Year's Day.

    Ali.

  • It's their hardware. Their software. Their electricity. If they tell you to stop, stop !

Slashdot Top Deals

Dynamically binding, you realize the magic. Statically binding, you see only the hierarchy.

Close