Handling Campus AUP (non-)Violations? 134
speby asks: "I am a CS student at Northern Illinois University and I recently compiled a working peer-to-peer file web-based file indexing system. I refused to sign their agreement that says I violated their Acceptable Use Policy because I sincerely believe I did not violate them. My system scans a large portion of my school's network hosts looking for openly accessible, anonymous Windows File Shares, and bandwidth usage is minimal. The AUP does not mention scans and I did not 'break' or 'crack' security in any way. I agreed to shut the service down for a period of time until I can figure something else out. I do not agree with their stance on this issue and I believe I have a right to design, implement, and make available such a service. I certainly did not see anything in their terms of service that would disallow such a system. Do these other universities that allow this kind of system care? Why can this system not exist here?" I have no problem with a student being told to shut down a homebrew service if they find it offensive, but I do have a problem with them treating said students like criminals, even when they do comply with their wishes. What should students do, when they are bullied by their colleges into signing violations that are more stringent than the situation merits?
"I was contacted by the IT department after a few weeks of its public running. I did not actively promote the system. It works in ways similar to the file search engines like the ones at Iowa State University and Georgia Technical Institute. In terms of programming, this idea is so trivial anyone could do it with the help of some simple scripting and a lightweight database."
excessive data storage or network bandwidth (Score:5, Informative)
That's about the only thing in the AUP that I could see them having a problem with. Perhaps you want to show the ISU and GA search engines to them as an example of what's going on. Also, you might implement a bandwidth throttle. My 2 cents.
A nit to pick (Score:1)
That would be the "Georgia Institute of Technology," otherwise known as Georgia Tech.
Re:excessive data storage or network bandwidth (Score:2, Insightful)
Excessive data storage shouldn't be a problem; this is an SMB lan where everyone has there own computers and storage, not one user taking up all of the scratch space on NIUVAX or the university UNIX box.
Further, about the network bandwidth: what is the difference between his program doing this, and sitting up all night surfing the LAN? Before the WWW took off, my floormates and myself spent many a late night running through fellow student's computers looking for pron, .wav's, text files... anything interesting. File sizes were seldom the more than half a megabyte, but it was also on thinnet coax, and I'm sure bandwidth was much less than even 10mb/s.
Welcome to the real world... (Score:5, Insightful)
I don't know enough about how much trouble you're facing or what options you have, but you've violated Acceptable use of NIU information technology resources is based on common sense, common decency, and civility applied to the networked computing environment. and probably All authorized users have the right to expect reasonable privacy with regard to all computer files and e-mail.
More importantly...
I do not agree with their stance on this issue and I believe I have a right to design, implement, and make available such a service.
OK, now this is where you're being a dumbass. There are going to be plenty of idiots here telling you to keep sticking it to The Man. If you're smart, you'll do what Kevin Mitnick and Randal Schwartz wouldn't -- stop when you've been told to stop.
Re:Welcome to the real world... (Score:4, Insightful)
If you close your blinds, you can expect privacy. This is law enforcement authorities require a warrant for microwave or infrared monitoring, but standard video cameras don't. The general public can't see what you would be doing, so under general circumstances neither than the authorities.
Now.. If you leave your computer open with full read access, I'd say you forgot to shut the blinds and can expect the privacy that goes along with it. Reading your email at a public terminal certainly doesn't grant you rights to privacy. You've used absolutly no precautionary rights.
Bandwidth and sales (or general broadcasting) of such material may have cases, but the fact you were allowed to read the data means you're allowed to read the data.
In summary, don't read those all important and secret corporate financial reports on a crowded subway. Those are you have the right to read them as well, regardless of whether you consider it rude to read over anothers shoulder.
Re:Welcome to the real world... (Score:4, Insightful)
You and MrResistor are perfect examples of the advice I'm warning him against. Of course I understand why he doesn't think he did anything wrong. And I'm not arguing the right or wrong of it, although it's not clear to me if his "web-based" system involved redistributing those files publically, which I would say is wrong. But, anyway, I'm not arguing the right or wrong of it but rather explaining to him that he's going to get in trouble for it. Life isn't a programming contest, and cleverness doesn't carry the day. He can either follow the accepted norms of behavior on his network, or he can keep courting trouble, get bounced out of school and have the consolation of knowing that you said he's in the right.
Go look in your neighbors windows and see how your justifications go over with them.
(*Woohoo, my 700th post!*)
Re:Welcome to the real world... (Score:1)
Re:Welcome to the real world... (Score:1)
Re:Welcome to the real world... (Score:1)
I think a more appropriate analogy would be of trespassing. Privacy is a complex and cloudy issue, but criminal trespass is well defined.
The protection of law on this issue is not conditional; in other words, you don't have to secure your home in order for unauthorized entry into it to be illegal. If your door is unlocked and I wander in off the street, I can be arrested and charged with the crime of criminal trespass.
If I then take something from your home, I can be charged with burglary, which is the crime of unlawful entry with the intent of committing a felony or theft. All this, even though the door was unlocked the whole time.
If there were a legal question here-- which there isn't-- I think the argument that a person's computer is comparable to his home is a compelling one. If you don't put a password on it, shame on you. But whether there is one or not, it's still against the rules to log in without authorization.
Re:Welcome to the real world... (Score:3, Insightful)
I understand what you're saying, but I still think that that if the university or individuals have a problem with the search engine, they should focus on educating windows users on the basics of filesharing, and secure passwords.
For instance, if everybody set a secure password for their administrator accounts (on NT based systems), and made sure to share everything with a password, then his search engine wouldn't do any damage.
Re:Welcome to the real world... (Score:3, Insightful)
That's exactly like saying that by leaving my back door unlocked, I've authorized the psycho down the block to come in to my house. It just doesn't hold water to me.
Further more, I would argue that by responding to connection requests, the servers have authorized the client to connect and attempt further authentication.
Ye-es... I would agree that the fact that I have a door means people are welcome to knock... to the extent that they don't make a nuisance of themselves. I'll buy this one.
After all, it is fairly trivial with most recent operating systems to firewall ports to remove access from groups of IPs that are 'unauthorized" to connect.
I think your definition of "fairly trivial" could use some revising. Yes, it's trivial to me and to you, but it's not at all trivial to the sociology major two dorms over who bought her computer to write her senior thesis.
Besides, I have to go back to my analogy. Just because it's trivial to lock your door doesn't mean that the law requires it before offering you protection from illegal trespass.
For instance, if everybody set a secure password for their administrator accounts (on NT based systems), and made sure to share everything with a password, then his search engine wouldn't do any damage.
You're assuming that the school's only justification for prohibiting the kid's activity is the potential for damage. That doesn't necessarily have to be the case. If we were talking about a truly public network, then an argument based around the potential for harm (or the absence thereof) might make sense. But this is a private network. The school can revoke a student's access for any reason at all, with or without due process. So I don't think saying that the software wouldn't do any harm really makes a difference to anybody in this situation.
Re:Welcome to the real world... (Score:2)
That's exactly like saying that by leaving my back door unlocked, I've authorized the psycho down the block to come in to my house. It just doesn't hold water to me.
I think the idea is that it's more like leaving your door open with an automated system set up that invites anyone who knocks to come in.
I'm not sure I agree with it, but it's an interesting point which deserves some thought.
Re:Welcome to the real world... (Score:4, Insightful)
But if we want to continue this analogy, even with all it's flaws, it needs to be thought as a conversation.
Scanner: Knock Knock.
Computer: Hi.
Scanner: I'm comming in.
Computer: OK. I assume you are authorized since you wouldn't just barge in if you wern't, and I have not been instructed on who is authorized and who is not.
Scanner: Ahh. I see you have some nice files in here.
Computer: Yes. I have files.
Scanner: I'm copying them.
Computer: Whatever.
There is no "automated system" that invites you in. You have to turn the knob and open the door, step in, and do shit. It's a standard request / response protocol. If you don't make the request, you don't get a response.
The basic reasoning flaw or morals problem you and some other seem to have is that you have default permission to go into any computer you want regardless of the owners wishes. Most computer users don't understand security. Period. They don't even know that their computer is wide open. Most users also don't want random unknown people plowing throught their files.
Shit man, it's the stuff they teach you in pre-school. Be nice to others, don't take their stuff, if you want to play with someone elses toys you NEED TO ASK FIRST. Oh, and that't the PERSON you ask, not the TOY.
You can't equate web searching (like google) to file share searching. When you put something on the web, you are usually publishing for others. File shares however are frequently enabled automagically by pooly designed and configured OS's. They are RARELY setup for the INTENT of general public access.
The "intent" is everything.
Does this help?
Re:Welcome to the real world... (Score:3)
Name a single OS that automagically enables file shares. I can't, and I'm quite familiar with several.
Even under the most piss-poor Windows install a file share has to be set up intentionally, and in that dialogue box the user has the option of giving it a password or leaving it totally unprotected.
They are RARELY setup for the INTENT of general public access.
Are you joking, or do you just have no idea what you're talking about? Every unprotected share I've ever seen was specifically for the purpose of general public access by everyone on the network. That's the whole point. If you don't want everybody and their third uncle checking out your stuff you put a freaking password on it in the dialogue box you had to open to set up the share in the first place.
If you scanned a computer and found open services, you must get authorization from the computer OWNER. The computer itself doesn't know who the hell you are, or whether you REALLY should be there or not.
The OWNER has given PERMISSION by opening an UNPROTECTED SHARE on a PUBLIC NETWORK. The computer knows who should or shouldn't be there by letting in only the people who know the password, and if there isn't a password that means EVERYONE.
And as for your dialogue above, for an unprotected windows share it's more like:
Scanner: Knock Knock.
Computer: Hi.
Scanner: Can I come in?
Computer: Yeah, sure! Make yourself at home! Would you like to run some unauthorized code?
Re:Welcome to the real world... (Score:1)
Re:Welcome to the real world... (Score:2)
I might be mistaken, but it is pretty obvious what you are doing when you click "SHARE" on a drive or folder, or when you put something into the "SHARED DOCUMENTS" folder.
Re:Welcome to the real world... (Score:1)
I see your posts on a regular basis (usually pretty good ones) but I also see your sig.
Are you really still unemployed after gawd-knows-how-long?!?!?!?!?!? I mean dang!
(Or did you just forget that was your sig?
Re:Welcome to the real world... (Score:1)
(an no, I haven't recieved any job solicitations as a result of my
Re:Welcome to the real world... (Score:2)
Legalities aside (this wouldn't go here in Denmark), there is quite a difference between
1) You happen to walk by an open window and see something that you mention to a friend, and
2) You build a multi-camera webcam system that scans all visible windows, detects where blinds are open, recognizes interesting activity, and shows it all on the web.
If you do #2, expect to get in trouble with the law, with the public opinion, and with one of he muscular fellows whose girlfirned is living behind those windows... Don't expect much sympathy even here, iven if building that machine was a cool hack.
Re:Welcome to the real world... (Score:2)
Re:Welcome to the real world... (Score:3, Insightful)
Read the article again, because you obviously missed some important parts. All he did was scan for open shares, he did not exploit or violate them in any way.
Had he actually violated anyones privacy or trespassed on their systems I would agree with you. But just scanning? Unless scanning is srictly against the AUP, he didn't violate a damned thing and he is completely in the right.
Or perhaps you are suggesting it is illegal for me to walk down the street and notice that someones door is open? If that's not illegal in the real world there's no reason it should be illegal in the electronic one.
Re:Welcome to the real world... (Score:1)
All he did was scan for open shares, he did not exploit or violate them in any way. Had he actually violated anyones privacy or trespassed on their systems I would agree with you.
The scanning might be enough to get him in trouble but I understood him differently. "Peer-to-peer file web-based file indexing system" doesn't sound like a simple scan to me. It suggests he's at least downloading files and possibly redistributing them. I think his rationale is that the files are being freely shared but it's basic etiquette that you don't touch obviously private documents just because you can.
That's my understanding of what he did, anyway. Maybe I'm wrong.
Re:Welcome to the real world... (Score:2)
The AUP does not mention scans and I did not 'break' or 'crack' security in any way.
It sure sounds to me like all he did was scan for open shares. As I said, if he trespassed on someone elses system, I agree that he should be in trouble. However, an "indexing system" doesn't suggest downloading or redistribution at all, it only suggests indexing. The "peer-to-peer file web-based file" part makes no sense, and only suggests that he doesn't know what he's talking about.
Anyway, if all he's doing is scanning then I agree with him. If he's rummaging around in other people's systems and downloading their files, I agree with you. The way I read the article all he's doing is scanning.
Re:Welcome to the real world... (Score:2)
It's funny, because we're all too ready to assume that there are public shares (no login/password) that exist without people knowing about them. The scenario described in the question seems to imply that he's not trying to exploit anything (in other words, he's not trying to use the open shares to exploit a bug or gain further access to the system).
This seems perfectly reasonable to me. If I set up an anonymous FTP service, I expect people to use it, look around, maybe take some stuff, and then leave. I imagine that having an open share is the same thing.
The door analogy isn't appropriate. The assumptions he's working under include that people intend other network users to access those shares. Why else would you create those shares in the first place?
Anyway, my point is that I don't agree that it's wrong to download the files. If they're in a public share that looks as if the owner intended for folks to access them, why is it wrong to download the files? He's not rummaging, he's simply using the share in its intended manner. Let's be honest here... this is a college network, and many people still share MP3's and other things with their friends in these "low tech" ways.
Sujal
Not To Butt In... (Score:3, Insightful)
The shares are open to the network but they are not legally open to people. I left my back door open this evening when I took out the trash, but that doesn't give you a right to enter my house through that open door and rifle through my unlocked desk drawers.
Can you or anyone cite a legal precedent that states someone who has open shares on a PC in their possession retains no right to the privacy of those shares, and that that data on those shares is legally accessible by anyone who can get to it?
Re:Not To Butt In... (Score:2)
Of course not, because there isn't one.
However, I don't believe that is an issue in this case because the way I read the article he's just walking down the street looking for open doors, not going through them.
The door analogy is a poor one in this case, though, since a share that isn't protected by a password invites in anyone who makes an inquiry. Certainly if you leave your door open that doesn't mean I have the right to enter your house, but if you set up an automated system near your open door that invites me in when I knock, I would not be in the wrong by coming in.
I don't condone trespassing, and I thought I stated that clearly in my post. My impression is that he was merely scanning, and there is certainly nothing wrong with that.
Re:Not To Butt In... (Score:2)
I think many people would find uninvited scanning to be intrusive and a privacy violation. Certain, many here would be quite angered if Microsoft, for example, periodically scanned the net for open shares.
In any case, the original poster claimed he was providing a service. Quietly finding open shares isn't much of a service, so I assume he plans to use those shares for something else.
Re:Not To Butt In... (Score:2)
Second, there's no reason that merely finding open shares couldn't be a service, it all depends on what you do with the information you gather. If you use the info to contact people and politely let them know that they've left their computer wide open for anyone to poke around in, that would certainly be a benevolent use of the service, even if "you" happens to be Microsoft. In fact, that would be an excellent way for them to improve their security reputation since so many security problems are caused by "admins" who don't know what they are doing. (Along those lines, I think MS should start releasing security patches for Outlook and IE as viruses that repair their own exploits after they replicate. Sadly, that's the only way some servers would ever get patched.)
Finally, saying that scanning a public network that one is a member of is intrusive or a privacy violation is absurd. Do the people who would say this actually know what scanning is? It's no more intrusive or privacy violating that me noticing that you left your front door open.
Re:Not To Butt In... (Score:2)
(E.g., I used to work in an office that banned making online purchases via their network. You could browse as you pleased, but could not conduct a transaction. Never made sense to me. Usage was monitored; first violation got you a warning; continued violations got you no network access.)
Re:Not To Butt In... (Score:2)
Humboldt State University (California) was building a new libraray. As with all such projects, it ended up over budget and behind schedule (IIRC, around $5M and 2 years, respectively). The students brought a class action against the school for a partial refund of their tuition for the years when this new library, which was a service they were paying for as part of their tuition, was unavailable to them. They won.
Similarly, if a network access fee were deducted from your paycheck, you would be able to sue your employer for restricting access/activity on that network.
Re:Welcome to the real world... (Score:2)
Not admitting to a violation is not the same as continuing in the behavior which was considered a violation.
The First Amendment also guarantees him the right to bitch about it and claim he had a right to do it.
Re:Welcome to the real world... (Score:1)
No, what we admins don't like is twits giving the world access to the directory with their assignments in it and then whinging because they've been accused of plagiarism after someone copied their assignment and handed it in.
Admins don't have a problem with this sort of thing. Heck, we use it to do thing like look for likely virus-infested open shares and grab MP3s without having to incur additional bandwidth costs.
Just because you have read access to something doesn't mean you ought to be using it [...]
Something like a web page, you mean ?
[...] and certainly doesn't mean you'll be looked upon favorably if you write a tool to do it on a large scale.
You mean like, say, Google ? Yeah, everyone hates those guys.
College (Score:4, Insightful)
Colleges make up for this by providing all sorts of 'perks' that don't have anything to do with the service they are providing. Sports facillities, money for student associations and clubs, and a fat connection as well. They charge for these by tuition. It's a lump sum, so you can't opt-out of anything.
Since corporations are too badly mis-run to actually do real screening for ability in applicants, you need a bit of college. It's not such a bad place. Unfortunately, there are too many youngsters who are used to the authority of their parents and high school teachers. They don't understand the customer--business relationship. And college administrations take advantage of it.
So here's the solution. Like any badly run buearacracy, the college administration will fold, give in to your demands, and bend over for you, if you give them enough grief. Don't do anything that they can kick you out for, but give them a truck-load of pain through all the official channels possible. And if you run out of official channels, make some up. Don't give up until they give you a new car and a Phd as a settlement agreement.
If you are thinking of modding this funny--don't. It's all true.
Re:College (Score:2, Insightful)
And what you all are buying can all be got for free at any good public library.
A degree?
Re:College (Score:4, Funny)
Re:College (Score:4, Insightful)
Don't listen to this guy. It's not the truth. Far from it. Of course, there are party schools out there. I'm not denying that. But to go to a party school and be surprised you're really not learning anything & it's basically a club med... well, let's just say perhaps it's best you didn't go to a higher caliber school after all.
There are quite a few schools, however, that challenge you. Raise your critical thinking skills. Teach you how to learn. Interact with experts. Help you grow. Looking back, while some of the most valuable lessons I learned where from books, a significant portion came from reading something like the Apology with a peer group at the same time and discuss it's ideas. To work all night in group trying to write an AI simulator for the brain of ant on a beach shore.
Yes, you can learn from books. I love books. But a lot of the books you seem to be referring to can teach you nothing more than facts. In fact, a lot of good schools don't even waste time teaching you what you can get from a book. Go read & come back is usually the attitude. Oddly enough, despite being a CS major, I never took an introduction to Lisp, C, etc course. First day of my data structures class our processor announced all our homework would be in C. He understood none of us probably knew it, this was an intro course, gave us a few books titles, and told us to get cracking. The first homework assignment, in C, was due in a week.
When I look to hire people, I don't really care what facts they know, how well they know C, etc. You can teach a monkey C. It's a lot harder to teach people how to think, analyze, adapt, and overcome.
Then again, maybe I'm biased. After all, my school was chosen last, at 300, in terms of party schools.
My two cents,
-Bill
Re:College (Score:1)
You went to Rolla?
Re:College (Score:1)
But to go to a party school and be surprised you're really not learning anything & it's basically a club med... well, let's just say perhaps it's best you didn't go to a higher caliber school after all.
I don't care what school you go to, if you want to learn and have the time (don't underestimate that factor) any school will do. You have the internet if you need to discuss things and need help and examples.
There are quite a few schools, however, that challenge you. Raise your critical thinking skills. Teach you how to learn. Interact with experts. Help you grow.
Except for the last part, I tend to disagree again. Sure they'll help you, but in the end it all comes down to your own motivations. Most of the time college involves procedures, bureaucracy, teachers who don't care about students thinking differently etc, etc. I guess you could learn to roll with the punches from that, but I have yet to see a class that actually teaches you how to learn. I'd sign up for it in a blink of an eye.
And yes, books are basically collections of (mostly) facts. Thinking and writing about it, and implementing ideas and seeing how they work is how you really learn. But I still don't see how you need a college for that unless you're in a field like nano-technology, and even then you can write yourself a little emulator..
And lastly, if you hire people for an IT department, yes, it is important that they can communicate, learn quickly and adapt, write essays/documentation etc, but if you tell me you don't care if they even know the language they are going to write in, I'd say you're really bad at hiring good people.
(And yes, of course I'm biased too.. I took all the CS classes at college for credit only. I didn't learn anything there... and eventually I got so fed up with it that I left [that and I ran out of money]. I'm still planning on going back and finishing [yeah, yeah you've heard that a thousand times] but I really disagree with the assertion that you HAVE to go to college to learn.)
And to you moderators, tangents are not offtopic. This is a direct response.
Re:College (Score:1)
But really, I could hardly expect more of someone who went to college to learn how to monkey with computers rather than learn a real subject. Whenever I pick up one of the various journals on algorithmic complexity for a lark, it depresses me to see what passes for mathematics in the the field of computer science. In reality, the only reason computer science exists at all, is because corporations needed more people to run computers than were smart enough to pass the mathematics courses. Even the name suggests an inferiority complex. You have to tack on the science word at the end or nobody will believe you.
Raise your critical thinking skills. Teach you how to learn. Interact with experts. Help you grow.
That is repeated again and again without any evidence ever given to back it up. The degree farms that we call universities--and no I'm not talking about 'party schools'--don't do a great deal more for critical thinking skills than any other option that a young person can choose at that stage in life. And in many ways it does less. I've been challenged by many people in my life, whether they happen to be a professor, a employeer, a friend, or a lover.
You can teach a monkey C. It's a lot harder to teach people how to think, analyze, adapt, and overcome.
Which could explain why colleges are so terrible at it. In fact, they aren't even great at the former. Thinking, analyzing, and adapting are all things learned from living. The temporary refuges from the outside world that most colleges set up do more to hold back than push forward.
Tell me. When you want to hire someone. How do you judge their critical thinking skills? Do you just read the name in the section of the resume labelled Education?
Re:College (Score:2, Interesting)
I think it's fair to say that you take out of the college experience what you put into it, and most people who graduate with a bachelor's degree aren't particularly wise or insightful individuals. But it seems to me that it's easier for a person to learn to think critically in college than out of college.
College is nothing more than an environment, like a petri dish for teenagers. Some of them will keep their heads down, finish their assignments, and walk away with a piece of paper. Others will thrive, and emerge much better off for it.
I don't know. Maybe I'm idealistic about college because I dropped out of it and never got the chance to go back.
Re:College (Score:1)
Interesting place where the computers are already teaching the CS classes. I'm still at a stuck-in-the-stone-age school where my classes are taught by people. Usually of the older type, granted, but I can at least speak English to them.
Re:College (Score:1)
You're lucky. My freshman-level intro to data structures class was taught by a Mandarin, the TA was Israeli, and the class was a pretty even mix of Americans, Japanese, Chinese, and Indians. The only language our whole class had in common was C++!
Re:College (Score:2)
OK -- while I don't agree with all the crap the preceeded the above quote -- the above is right on the money. What you need to do is to escelate the problem up the buearocracy. Make a stink, and make their admins looks bad -- real bad.
I remember years ago, when I was just starting college, my friend wrote a little C app to periodically scan wtmp (or was it utmp?) on our SunOS system to see when his friends logged on and off. He sent it out to all of his friends to test. While he was testing, he experimented by including all 1500 users for about 5 mins and ate a big chunk of memory and CPU and one of the student admin's ZSH processes wouldn't fork. Our student-admin did a find in the /student/ directory and sent a nasty-gram to everyone who had the app in their homedirectories. The reaction was appropriate, but the content of the letter was so abusive and out of line that it provoked a response from me similar to what I think that you should do. His letter was so amazingly BOFH-like, I had to keep it around for humor's sake...I'll include here:
I wrote a nasty-gram back, telling him that it was an independant, academic project and the college should be supporting that kind of activity. I also CC'ed it to Academic Computing and various other administrative folks. It got results. Had we just rolled over and let this guy abuse us, he would have got the impression that it was OK to talk to people like that in his job function (alot of SA's do) and continued to run his system with an iron fist. Remember -- the network, and its associated staff is there for you to make use of.
The right thing to do is to write your SA a letter, write IT a letter, write one to academic computing, and write one to your dean of student affairs. Also, figure out who the SA works for, and who they work for. It wouldn't hurt to talk to a CS prof and get them on your side (professors have a lot more pull with the administration than you).
You didn't do anything wrong. Put those bastards in their place. If Shawn Fanning found his way to a brief geek-rockstardom from a project (and innovative way of thinking) similar to yours...this kind of thing should be rewarded.
As an addendum to the story, the guy who wrote "void" went on to work for a number of video game shops, eventually landing at Bungie, writing much of Halo's 3D engine..which, from where I sit, is quite successful. Experiment, fuck around, push the limit of the rules, and if anyone gets in your way -- don't back down. It may take you very far.
Re:College (Score:2)
As for your more interesting question:
Twice. Our high school had this huge library with private study rooms. They had windows, but if you went all the way to the back when it was late, there usually wasn't anyone to bother you. For the period of my life between puberty and getting a car, it was make-out central.
Now a public library, that sounds hard. It's easy to pick up a girl at a library, but actually getting laid in the library...
There is always the bathrooms, but that is kind of gross.
Between rows of thick books might be possible, I suppose. The religion section would be a wonderful place to try it. It feels naughty, and there are never that many people checking it out.
Thank you, AC, I'll report back to you in a week.
You know what I mean (Score:2, Insightful)
Re:You know what I mean (Score:1)
Nolo contendere: I didn't do it, and I promise never to do it again.
Re:You know what I mean (Score:4, Interesting)
I'm work as a Unix tech at a University and I see this all the time. Rather than take what turns out to be a rather minor telling off (IE me in the office telling them what they did is bad and not to do it again) and throwing out a quick appology they'd rather stand there arguing the toss about it until the technician involved gets so fed up with them he escalates the incident higher and the student gets into real trouble. Just for being a cocky little sod.
We had a female student here almost get kicked out of the Uni for eating in the labs. She'd do it everyday and everyday someone would catch her while doing the rounds (We don't allow eating and drinking in our labs). She always accused the techs of lying and picking on her and then would carry right on doing it. She used to line up chips on the keyboard and eat them off one by one. Our academic director even caught her once and she still said we were lying.
After months of dancing around like this it was refered to the student discapline board and she got a final warning with the threat of being kicked out of the University.
We don't know what would have happened next since she failed her course and left anyway. However if she'd just accepted the initial telling off from whichever technician caught her and then waited until she'd finished in the lab before eating that would have been it. End of story.
Some people have no sense however. Tip for the story poster. Don't argue with it. Just sign the appology and forget about it. It'll be easier in the long run than getting kicked out of school.
wow. (Score:5, Interesting)
Re:wow. (Score:1)
That's what a good Internet caching system is designed to do. The good ones are not just for the web, but for FTP and potentially anything that uses the FTP or HTTP protocols with the correct routing rules.
Re:wow. (Score:2)
Re:wow. (Score:2)
k thx
Perhaps... (Score:4, Interesting)
Unacceptable uses include, but are not limited to, the following
Re:Perhaps... (Score:2)
Then I can get you arrested for something that isn't even in violation of any law.
Don't use the word "Peer" (Score:4, Interesting)
Instead, call it a "Client-side SAN", or my favorite: "Internal Email Network over Windows-Induced File-Transfer-Mechanisms" (or IENWIFTM) the 'email' label gives it a freindly name.
Oh yah, and next time you get caught doing this, have your BOFH calendar handy. (This [0xdeadbeef.info] calendar gave me "Domain Controller not responding". It would have been a perfect explanation on your windows network. Tell them your proggie was actually a DC backup that kicked in and it was notifying all the windows clients that it was up.)
Re:Don't use the word "Peer" (Score:1)
No good. Reminds them of DeCSS, which they may not know what does, but do know it is something criminal.
College network vs College dorms... (Score:5, Insightful)
I am a college student.
Several time a week, I walk into every office building and college dorm and attempt to open every door to see if the door is unlocked, and to see if something is inside. If the door is open, I walk in, take a picture, and catalog my findings in an MySQL database.
I don't think this is unethical, but the school admins don't like this.
I don't like being treated as a criminal. What do I do?
Re:College network vs College dorms... (Score:2, Interesting)
Perhaps a more appropriate analogy would be walking into a job fair, and looking around to see who is offering pamphelets.
Re:College network vs College dorms... (Score:2)
Yes, but they are hidden administrative shares. You need an administrator password to access them. The article is about public (i.e. no password) shares.
Re:College network vs College dorms... (Score:2)
Re:College network vs College dorms... (Score:1, Insightful)
I'm a college student who thinks he knows it all and I run a program I wrote on the campus network that the admins don't like. Rather than take the (small) telling off and move onto other things I decide (Like most students) to make an issue of the entire thing.
I'm really cocky. I'm *always* right and I can't understand why my snooping might not be liked. I'm also a pedantic tit who plays the letter of the rules rather than the spirit to suit my own ends.
---------------
The above is true. Maybe not for this guy but for lots of students like him. I'm an admin at a university and we see a lot of this sort of thing. I don't care what the guy's intentions were. If he was trawling around my network like that I'd nail his arse to the wall. God only knows what v2.0 of the software would do.
Oh and btw. Before anyone tells me to get my security sorted out so that the shares aren't open you're talking to the wrong admin. I'm a Unix admin. You want the idiot (PC) team.
Re:College network vs College dorms... (Score:2)
Now if he were using PostgreSQL that would be a different story.
Remember, colleges IT folks are not paid enough (Score:1)
Obviously, that's not always the case, but where I went to school, we got into trouble more than once for things that we shouldn't have. When you deal with them, just remember that they have a job to do, and frankly, what you're doing falls outside of the 99.95% of what their used to. "Waah, my email got rejected", "Waah, there's not enough bandwidth for me to do my porn surf... Oops, I mean research"
And with all of the media attention that the RIAA and folks have brought to P2P apps, as soon as you mention that phrase it becomes a buzz phrase with a negative connotation. If you can prove what you were doing is benign, be patient and professional while you're doing it, and try to understand the situation from their perspective, you'll come out unscathed.
Good luck!
Re:Remember, colleges IT folks are not paid enough (Score:1)
Don't turn the thing back on, please- even if you weren't originally breaking the rules, you're breaking the rules if you turn it on after they asked you to leave it off. They may well expel you for that, and they would be within their rights.
This is worth fighting, but college is worth completing, for the credentials if nothing else. Besides, where else are you going to find thousands of single women (or men, if that's your thing) between 18-23 all grouped together? To ensure that you get to stay in school, fight this fight through the proper channels. You may well win- but even if you lose, you can drown your sorrows in cheap beer and impresssionable young women (or men, if that's your thing).
Do it by hand... (Score:1)
If all your script does is comb through Windows shares, how did they decide that your application looked suspicious? They identified network patterns -- can you reproduce those network patterns by hand?
It'll take some time, but try doing what your program does by hand. Try to get some of your friends or supporters to do it also. Then, when IT complains again, you can honestly tell them that you were just browsing the Windows shares.
If they are going to allow NetBIOS traffic, what do they think you'll use it for?
Come on... (Score:2, Insightful)
He got caught, now he's going the rightous route to either justify what he is doing or pray on the general additude of the
Give me a break.
He got caught, get over it Cliff, "Being treated like criminals", my god, cry me a river.
This is a college network... (Score:2)
The one exception was that by the end of the year, many people locked it down by IP (If they could) so that people couldn't connect from outside (This was the era of Scour), or else password-protected the content, and had a public README saying, for example, "The password for this share is the name of the dormitory I am in".
The "unlocked door" analogy doesn't hold because while you can forget to lock a door (Actually, depending on the lock, this can be hard, as "locked" is the default on many modern locks, i.e. you can open it from the inside while it's locked but not from the outside. I'd say it's FAR easier to lock yourself out than it is to accidentally leave the door unlocked.), Windows *DEFAULTS TO NO SHARING* - In fact, on a default Win9x box, you have to intentionally add the MS service.
Also, you have to *specifically* choose to make it world-readable without a password.
Given the fact that it takes *intentional effort* to create a Windows SMB share without a password for read access, it can be assumed that SMB shares without a password are intentionally public. (WLANs are a different story, since unWEPed APs are factory default behavior. If WEP was default behavior, then one could safely assume that unWEPed APs were intentionally public)
Umm, no. (Score:5, Insightful)
Re:Umm, no. (Score:3, Insightful)
Re:Umm, no. (Score:1)
Re:Umm, no. (Score:1)
If this school is like the others that I'm familiar with, payment of fees do not entitle the student access to the computer network. I suppose it's possible that a school might have an "Internet access fee" line item on their annual bill, but I've never seen one. Instead, access to the computer network is a privilege that can be revoked at any time for, essentially, any reason.
So no, he probably doesn't have any sort of right to network access.
Re:Umm, no. (Score:1)
Actually, my school (Calvin College [calvin.edu] in Grand Rapids, MI) has a $70 per semester fee for accessing the 'net from the dorms - otherwise the jacks are turned off. They even prohibit roommates from buying a hub and sharing the connection - you have to each pay. Of course, with a NAT-enabled wireless AP, they'd never know.
However, he probably was required to sign some kind of contract when he signed up for the service, maybe even in his housing contract somewhere, so the point is probably moot.
Why are you asking us and not them? (Score:3, Insightful)
I would try to work (in person) with whomever contacted you, and try to understand why this makes their life difficult, and try to address though concerns.
Without knowing why they are upset, there is little anyone on Slashdot can do to help you.
-Bill
Been there, done that.... (Score:4, Insightful)
Bottom line is, you may think you have some kind of right to do something like this, but the service is ultimately there for educational purposes. If you can convince them that you're using the search for educational purposes, you're in the clear. Otherwise, you're probably not going to get away with this one. Searching computers for random files, not related to your education, is not acceptable use, I'm sorry to say.
Re:Been there, done that.... (Score:2, Insightful)
The college had no more right to demand that it was only used for educational purposes than they'd have the right to demand that your room was only used for educational purposes. Now, basic sanity rules are good, just like the 'can't have loud music at all hours' rule. But that is more like a housing covenant than university rules.
Now, internet access, on the other hand, is iffy by default, because it's not entirely paid for by the students living there. But the internal network is, and not really the university's business.
Re:Been there, done that.... (Score:2)
Port scanning is scary. While not technically illegal, or even dangerous, in and of itself, it is just one step away from an attack. Personally, I don't want anyone on my network port scanning boxes, especially if some of those belong to me.
While you may just be scanning for open window shares today, a simple rewrite of the code, and you're scanning for any open port, and maybe you're looking for any vulnerability to exploit. Or maybe you aren't, but your friends who have a copy of your code are. All these "authorized" port scannings may indeed mask a whole bunch of "unathorized" scannings.
Personally, and this is just me speaking, any computer that port scans me is immediately blacklisted from any network I control.
Did this at northeaster, briefly (Score:2, Informative)
Re:Did this at northeaster, briefly (Score:3, Insightful)
Re:Did this at northeaster, briefly (Score:1)
LAN scans (Score:1)
I scanned the ResNet here for NFS servers and haven't gotten in trouble either.
It is quite simple (Score:2, Insightful)
Create and test your own software on an isolated network and stop using the public network for your experiments. If this is a research project, then you should be able to make a proposal and get access to such a testing environment.
If you had previously received written permission from an instructor or other university employee, then you could refer the matter to that employee. Since you proceeded to use the university's network for you own testing, you've already crossed the line and they're already suspicious of you.
Imagine it this way, if you went around to people's houses and checked for unlocked doors and then attempted to inventory the furniture in those houses, do you think the police would be forgiving?
Your computer was scanning other computers (without authorization) and probably setting off intrustion detection systems. There is nothing to differenticate your scan from any other hacking attempt, so the university's computer support staff must assume that you are trying to crack into their systems and take appropriate action.
One other thing, you will find that one of the primary concerns of any university is staying out of legal hassles whenever possible. If you do anything that could in any way possibly get them into any legal trouble, you'll end up getting shut down.
Re:It is quite simple (Score:1)
Changing system time is a relatively important action, under Windows NT/2K/XP -- and note that this is true even in Linux. For a variety of reasons it is not desireable to have every user of a system able to make such changes.
The root of the problem is really that the Windows variants do not allow for the possibility that someone might just want to open the Date Time Properties to look at the calendar. Microsoft's attitude seems to have been "if they open it they can commit changes, therefore they shouldn't be permitted to open it," rather than "maybe we should let them open it but not permit them to make changes."
So what it comes down to is that your retard-filled IT department doesn't give anyone with a logon Administrator or Power User rights to the lab PCs. The horror! Gee, they sure are retarded! Next you'll tell me they don't give everyone in the CS department root access to all the servers -- after all, that would certainly allow for lots of experimentation on the part of young and brilliant students! Sure, they might make a few mistakes, like deleting everyone's campus mail from the spool directory, but that would certainly be "perfectly educational."
Perhaps one day you will realize that the world is more complex than you imagine, and that in all likelihood your "retarded" systems administrators know more about those systems than you do. I know it's hard to believe that anyone could be smarter or less retarded than a CS student at NIU, but in all likelihood this won't be the biggest shock of your life.
start pirate ethernet (Score:1, Interesting)
Unfortunately, you're basically screwed (Score:5, Informative)
I wrote/administer the aformentioned search engine, Buzzsearch [buzzsearch.org], at Georgia Tech. I've never had a problem with the network staff - I do everything I can to be a good campus netizen (blocking off campus searching, for example) and they don't acknowledge that I exist. But I'm definitely not doing this for my "ideals", or to "fuck the man", yadda yadda... I sure as hell wouldn't risk my degree for Buzzsearch - if OIT came knocking on my door I'd hand over my server in a second flat.
You're in a bad environment with uncool admins... deal with it and give up. It's not worth possibly fucking up your education.
He Uses The Nework at the College's Pleasure (Score:3, Insightful)
Re:He Uses The Nework at the College's Pleasure (Score:1)
Re:He Uses The Nework at the College's Pleasure (Score:1)
Actually, the network was likely paid for by government and research grants. His tutition likely didn't pay for much of it at all. Any usage that is not research or university-business related could probably be found to be in violation of policy. shane.
Re:He Uses The Nework at the College's Pleasure (Score:3, Insightful)
Many self-desciribed geeks seem to think any network that they can get into is, therefore, public. That's not true. Private networks are private property.
Re:He Uses The Nework at the College's Pleasure (Score:2)
Nonsense. Your taxes go, in part, to maintaining public roads and highways, but that doesn't give you the 'right' to drive on them, use them, or do anything with them, really.
Re:He Uses The Nework at the College's Pleasure (Score:1)
How would you like to live in a dorm where this guy's P2P stuff was preventing you from accessing your coursework on Blackboard?
Similar idea (Score:2, Informative)
Between those, I decided it would be best to leave off with the project.
Find A Reasonable Person (Score:2, Interesting)
There was this guy, who was pretty smart and worked for the residentual halls for a while. He knew too much for his own good because he was constantly battling the director about how she was doing things. (His way was right most of the time.) Eventually, they fired him. However, he left with a lot of good information about how the residentual networks worked (specifically, in this case, he knew the DHCP IP Address ranges for at least his dorm.)
Six months later, on a Friday evening, his dorms network went down. He deduced that there DHCP had stopped handing out IP Addresses. After calling to get the issue addressed, and being ignored, he set up his own DHCP server, restoring service to his entire dorm. He was a hero to his classmates (but I bet it still didn't get him laid... but that's another story)
The director of the residentual internet services through a raging fit and was going to bring him up on charges and have him expelled for conducting a denial of service attack. When the director of security at Ohio State Security saw it for what it was, he patted the kid on the back, said be a good boy and stop fueding with the residential director, and sent him on his marry way. No suspension, no legal charges, no nothing.
Therefore, my suggestion to you is there are a lot of whack-jobs at a University, but there are a lot of reasonable people too. Find the reasonable ones to help you out.
Had similar case (Score:2, Informative)
Re:Had similar case (Score:2)
Sorta off topic (Score:2)
This reminds me of my college years. When I was a senior, a few things had happened to me-- among them was learning the value of silence and respect. Maturity was not one of them.
I had this neighbor, a sophomore, who exercised his free speech rights (on private property on the campus of a private school) by putting vulgarities, profanities, artwork (I've seen similar art and links to such moderated as trolls here, to give you the idea) on his door. And, he had the idea that, as long as his door was closed, his stereo could be as loud as he wanted. The stereo at 3am on a school night was too much for me.
One day, I had suffered the last time asking him to turn his stereo down and having him turn it up another notch and ask if THAT was better. Bastard had a friend who would watch out for campus security coming over to get him to turn it down and it would be quiet 100% of the time they came by. I figured out the IP of his "stereo". With my lack of maturity, limited experience of Linux and hatred of my neighbor, I found the site www.rootprompt.org and the ability to silence my neighbor.
From then on, the only way for him to know his stereo was too loud was a BSOD. His temper tantrums were louder than the music, but for a 2 minute screaming session I would get 2 hours of silence. A while :; do loop helped me get the sleep I needed finals week.
You have what rights they give you. (Score:1)
It's simple. If the administration says you don't have such rights, you don't. It doesn't matter what the AUP says, it doesn't matter what you think, it doesn't matter what *anyone* thinks except those who control and administer the network and systems. If those people say you don't have the right, then you don't.
You don't own the network or the systems you're accessing. You don't have *any* "rights" on the network or systems except those that are explicitly given to you. And what rights you have can be taken away.
If it's a useful and legal tool, then make your case -- prove that it *is* both legal and useful. Prove that it doesn't use significant amounts of bandwidth, and that it is unlikely to ever use significant amounts of bandwidth. If you can't make a convincing argument that your tool is worth allowing, maybe it's really not all that useful anyway.
Sean.
I see myself in a similar situation soon. (Score:1)
Their network, they rule. You were responsible and took it off when asked, so you don't deserve any punishment. And if this project is part of your studies, then obviously they have to expect that if you make something that is network oriented, you're gonna use the college LAN to test it. That's what a college is there for. So as things stand, IMHO, things are all square. So I wouldn't sign the AUP thingy either.
This is a lot like the store I work at saying "Arriving for work under the influence of illegal drugs or alcohol shall constitute gross misconduct" then making me work New Year's Day.
Ali.
But they own the system (Score:1)
Re:They own you (Score:1)
Re:Run, don't walk! (Score:1, Interesting)
Re:Run, don't walk! (Score:1)
No, but they would likely cave if he actually got one, at least on the student discipline portion. Threatening just pisses them off, but an actual letter from a paid attorney would get the administration's attention.
~~~