This ad reads (and looks) like the occasional, but still very annoying job post on craigslist where someone’s got some stealth company/product/service or just an idea and sends out an open call for business partners, often for engineers to actually do the heavy lifting (for equity instead of money, of course). In this case, they’re looking for an already successful Internet company executive to help break down their only barrier to success– lack of marketing skills and the right connections– therefore, plucking this company and product out of obscurity and launching them into the Fortune 500.

Maybe this whole thing is legit, they really do have a great product, some accomplished Internet all-star will answer their call, and they will become The Next Big Thing, but the following points give me pause:

1. The ad’s design/look– plain, black and white ad consisting completely of plain text with the occasional key word or phase appearing in bold– could have been posted in nearly identical form to craigslist for $75 instead of over $4000 for a full-page black and white ad in Stanford. Granted, then they wouldn’t be targeting Stanford alumni, but a) everybody checks craigslist and b) I have the feeling qualified, experienced, accomplished executives aren’t exactly flipping through the classifieds to find a job as president/CEO.
2. The title– “Have You Run a Top Internet Company? or Held a Top Position At Such a Company?” sets up the tone: we’re looking for senior staff from an already successful Internet company. Okay… good to aim high, I guess… but if you want to attract that kind of talent, you’ll need to give a little…
3. While you have to have the right experience and contacts, they basically say everyone in the entire world (maybe universe) is eligible– as long as you’re between 25 and 55 (which most candidates probably fall into, but why flat out discriminate by age?).
4. They have “some of the world’s most talented people,” unknown and unrecognized genius just waiting for the right person (see #1) with “marketing skills” (admittedly, maybe this ad proves the truth in this) and “important contacts.”
5. They have been working (presumably in stealth mode) for three years not on the product, but the “website to make and sell this product.” Their secret, but “great product” with “huge potential demand” that, despite reading the description several times, I still can’t seem to even narrow down what kind of product it is. Is it software, a website? Is it some type of health or beauty product (they mention that it can be an add-on for AVON)? Or is it some type of wireless media since they mention Verizon and AT&T as well as digital TV? Sounds more like a random list of key words and phrases for SEO. Or like the confusing rhetoric from IdeaFarm.
6. They also say their product is an “annual fee based item,” but don’t worry, there’s a “very, very high expected renewal rate.” Hmm, annual fee based product or service related to the Internet… yeah, because people can’t possibly expect to use a website or other Internet service for free…
7. Rolodex? Really? I assume they just mean a contact list because the only time I hear about Rolodexes lately is in old “Law & Order” episodes and it’s usually the dead guy’s Rolodex.
8. Position available: President. Since when do startups, especially one that claims to have such a great product with so much potential, just place open calls for not just any C-level executive, but President! Although, to be fair, apparently “Paul”– the man behind the ad– can give you that “role and title” because he’s actually already the president!
9. Oh, one last thing: you have to be “financially secure” because they can’t pay you anything, at all, until “the profits come in.” But you get “significant interest in the company” and the revenue will be rolling in soon after, okay? Because not only do they project “revenues of $50 million by the end of the second year,” but there will be “exponential growth thereafter.” Forever.

Seems too good to be true, eh?

Related posts:

1. Joost

I don’t know when the sign was put up, but apparently, the automatic espresso machine set up by Coupa Cafe on the first floor of Meyer Library at Stanford is under audio and video surveillance at all times. The machine was installed as a substitute for the currently vacant kiosk between Meyer and Green Libraries. MoonBean’s Coffee originally occupied the space– for eleven years, starting in 1998– but lost the bid for the space when its contract expired at the end of 2008. It’s sad really: the coffee spot was the only drink/food stop in this particular area of campus– conveniently between the two major undergraduate libraries (although Meyer only houses books on the fourth floor now and the rest is devoted to public computing/study spaces and staff offices). On top of that, Jennie Reynolds, the owner of MoonBean’s, had already closed her other Bay Area cafes to focus on the Stanford spot and her effort wasn’t wasted– MoonBean’s became a beloved part of the Stanford community, as noted in the community’s reaction to the news and this farewell message in The Stanford Daily.

The drama around the cafe space continues long after our farewell to MoonBean’s though, and not just in this closely (and creepily) monitored espresso machine. Coupa Cafe, which already has an on-campus location at Y2E2 as well as in Palo Alto, Beverly Hills and Caracas, won the bid for the space and was originally set to take over when MoonBean’s moved out at the end of June 2009. That launch date was then pushed back to January 2010 after Coupa ran into delays while trying to get the necessary county building permits. Then, when January finally came, they first said that they would be pushing back the opening date to February, again because of issues with building permits. Toward the end of January, they again announced that Coupa Cafe would be opening March 3 at the earliest, but really, they were saying that even if they completed construction/renovation by March 3, the site wouldn’t be fully operational. Well, obviously, March 3 has come and gone and there’s still no Coupa Cafe. Last week, they finally announced that they would be opening by spring break (which starts next week, finals end this Friday, March 19), but of course with the caveat that they pass all inspections and besides, there’s actually no official date set. I have a clear view of the space from my office (which made it convenient to see if it was a good time to get coffee, depending on the line) and they have been working on the space, but it’s not clear if they’re going to make the spring break deadline. I don’t see any new signage or the like and the outdoor seating/furniture hasn’t been changed, something highlighted as one of the renovations being done by Coupa. And let’s not even get into the fact that after all is said and done, this remodel is going to cost the Stanford Libraries around $180,000.

But back to the espresso machine: it was advertised as a substitute until Coupa opened and a convenient 24-hour option after the opening (the first floor of Meyer Library is open 24 hours now, not just the “infamous” 24-hour study room). I found somebody lauding its virtues to a visitor one day– e.g., it uses freshly ground beans– but really, you’re paying over $2.00 for a mediocre, small cup of vending machine espresso. Oh, and it only takes plastic, so forget about using that loose change to spring for a quick cup of coffee. And hopefully, when you decide to avail yourself of this service, there will be cups (and sugar, etc.) available and it doesn’t decide to randomly clean itself, making you wait until whatever foaming ritual is necessary.

In any case, it’s not really clear to me why the surveillance is necessary or what the purpose of it is. The Libraries are usually* good about privacy– you should be able to read and research without being monitored– and I suppose the espresso machine is in a relatively empty back hallway, but it still gives me the creeps. Is it because there are credit card transactions involved (and they are monitoring usage like they do at ATMs)? Are they trying to deter vandalism? Or do they just want to make sure we don’t steal the cups?

* Although I heard there are other cameras in the libraries and I really, really wish they would install electronic detectors again at the exits so that they don’t have to search my bag (for stolen library books) every time I leave the library.

The “bridge” entrance to Meyer Library (awkwardly marked in the photo) is not actually attached to or part of the building. From what I’ve heard, the whole structure is actually firmly, but oh so gently pushed up against the building.

Yesterday, I was sitting out there on the landing at the top of the bridge, my butt on the landing that’s still part of the building and then my feet resting on a stair that’s part of the bridge. From there, you can see where the building ends, where the bridge begins, and the flimsy adhesive material that somehow holds the two together securely. I assume securely because there have been times when this entrance has been closed because, among other reaons, the bridge was not considered stable or safe. What changed to make it safe again? I have no idea and from what I can tell, there’s nothing visibly different about the “safe” bridge compared to the “unsafe” one.

And this theory that there actually isn’t anything different and it’s not “more secure” now is further supported by the fact that, when I was sitting there that day, I could feel and see the entire bridge shaking continuously while a (normal-sized) person– a single person– walked down the thing.

And yet, I still sat there and will probably sit there again. And I will use the bridge to get in and out of Meyer every single work day, just like I did yesterday soon after the whole thing shook before my eyes.

Hmm.

(And can you believe this website is still around? I can’t and I’m the one who created it.)

Related posts:

1. Accidental death

Because of the challenges and general annoyances the above caused, when it came time to develop our own software product as part of our curriculum, our team decided to build an effort logger– namely, the “Surreal Effort Logger,” or SEL for short– to better address the above need. (Our team was called “Team Surreal.” From what I remember, when faced with the always troublesome task of coming up with a team name, we used a random word generator, stumbled across the word “surreal” and went with it.) SEL was built as a webapp where you could hit a button to start the clock, work, hit a button to stop the clock, and then enter what you had worked on– the “task”– and the webapp would log the amount of time spent. SEL let you see the totals for individual and team effort for a given period of time.

As it turns out, somebody actually went ahead and built a “real” version of SEL called “Toggl, It’s complete with a timer, start/stop button (rendered as a shiny red power button), task, project and client tracking, and reports. I think the need to track software development time was the impetus, but the system can be used for any type of work that needs easy and accurate time tracking, especially when having to calculate billable hours and generate reports to be used as invoices.

Toggl is a “use anywhere” tool since you use it to track time for projects,There’s also a desktop version so you don’t have to have a browser window open to keep the timer going– you don’t even have to worry about logging out. and for Mac OS X users, a dashboard widget for greater convenience. (The widget was developed by a Toggl user– not by Apprise, the Estonian company behind Toggl– and was released today, which is eerie, considering I was thinking of developing a widget myself today.) You can even embed it as a gadget in iGoogle or GMail.

More things that are great about Toggl: there is a free version that has “minimal limits”; for example, you can have as many projects and tasks that you want. The “premium” (for pay) versions also include features like support for planning ahead, avoid having to end tasks before your session

I couldn’t find the exact date, but Toggl was created some time before 2007, so it was out before my CMU team built it, probably even conceived of the idea! Now, if only Team Surreal had thought to take SEL to the next level…

Noticed this in the basement of Dinkelspiel Auditorium (or Dink Meeker Auditorium, as I like to call it). Ha ha, very funny. Those crazy Stanford kids.

Related posts:

1. The Stanford Copyright Integrity Initiative
2. Mr. Bush comes to Stanford
3. Stanford Facebook Class: 10 Million in 10 Weeks

Disclaimer: I actually know a really smart and talented engineer who, after so many years in the industry, but no official degree, did his undergraduate degree through them so he could move on to a Master’s and I can’t blame him. Good for him.

Related posts:

1. Is it racist?
2. Bill Cosby to be CMU Commencement Speaker
3. Purple Kid (2)

Here’s one of the most troubling paragraphs from the National Review article:

By its own terms, Stanford is failing to live up to its housing contract. As parents, Stanford holds us responsible for payment of our daughter’s bill. We, in turn, expected Stanford to enforce the terms of its own housing contract. It should not be acceptable for any group of students to alter the conditions of that contract. Furthermore, it should not be up to individual students to determine whether to protest a housing arrangement which so obviously violates this contract. There would clearly be social difficulties for any student who protested. Thus, it is Stanford that should rectify the situation.

In reality, Stanford holds the student responsible for payment of her bill, not her parents. And why shouldn’t it be up the individual student to make a complaint? If a student is unhappy with her housing assignment or feels that the housing contract has been violated, it’s up to that student to speak up. Social difficulties are a part of life and especially part of speaking your voice– if you’re not willing to endure the possible social difficulties, then you’re saying the issue is not important enough to you.

In any case, the article is riddled with unfortunate comments– when you read Daisy’s various responses to the article and if you know anything about co-op housing, which I’m sure Daisy did before choosing to live in Columbae– you’ll see that this is a parent blaming Stanford for the differences between her daughter and herself. Karin didn’t even find out about the rooming situation until the end (during winter break) and makes it sound like her daughter was unhappy with the room assignment, saying “she didn’t ask for this room arrangement” and that “she doesn’t want to upset everyone’s consensus arrangements.” She didn’t even get the reason why her daughter wasn’t at the meeting right (she appointed a proxy because she was on a plane, not because she had a friend visiting). In general, Karin expresses a sense of entitlement, that she had the right to know everything about her daughter’s life at Stanford. Unfortunately, that’s not the way it works– while FERPA provides students with access and control over their education records, it also specifically limits to what parents have access. Specifically, when the child turns eighteen, the child takes responsibility of her education records and schools are not required to notify parents of general information that does not directly apply to the student or even answer questions about the student. At the end of the day, it is a rights and privacy act, with the student at the center.

Karin, in response to her daughter’s decision to live in the co-ed room during fall and winter quarter, pulled financial support for her daughter’s final quarter at Stanford, making Daisy take $3,000 in loans (in addition to the loans her original financial aid package included). Given that her daughter is, being well over eighteen, an adult, that’s certainly Karin’s prerogative, but at the same time– again, as an adult– Daisy should be free to make her own decisions. In the course of a lifetime, those few thousand dollars is a small price for Daisy to pay for her freedom and an ultimately trivial amount over which her mother is making a gesture simply to prove a point. (Ironically, her parents pulled financial support for the current spring quarter during which Daisy is actually living in a single-gender room. Co-ops often switch around room assignments each quarter as part of the consensus decision-making process.) I completely empathize and sympathize with Daisy as a member of a sometimes overbearing family and while I hope she works out this disagreement with her parents, I also hope she stays confident that she had and has the right to make her own choices.

(And of course, I’m still one of the top hits for “ragtotes.” w00t!)

Related posts:

1. Amusing Google Search: “ragtotes”
2. Amusing Google search
3. How do you prove a computer is yours and is this an illegal search?

This truth is that this clever little stunt was part of the annual fake Daily published by the Stanford Chaparral (or the “Chappie” as it’s affectionately called), Stanford’s student humor magazine. The article is actually quite well-researched and well-written, including references to actual facts, such as the highly publicized “three strikes” policy” in which students not only face increasingly severe disciplinary actions for repeated DMCA violations and complaints, but are also charged increasing amounts of money through associated “reconnection fees.” The article also says that over thirty students have reached their third strike in the past year with settlements with the complaining record companies totaling over $100,000. While the numbers are about right– over thirty students and settlements totaling about $100,000 in the past year– they actually apply to the results of the record companies’ “pre-litigation letter” campaign that started in 2007 and in which they target college students all over the country with the threat of lawsuits. As part of the new “integrity initiative,” the article explains, Stanford is now scanning its network for DMCA violations and actively reports the culprits to the “RIAA and other appropriate authorities.” In the first day alone, the article continues, “78 unnamed students” have already been reported and the University’s IT organization “predicts that approximately 34% of Stanford undergraduates will be contacted by the end of Wednesday.” (That’s approximately 2,274 students.) The article goes on to direct students on how to find out if they’ve been flagged (via riaa.stanford.edu) and in turn, find legal help (the EFF gets a nod).

The article itself was pretty funny– Stanford, like other universities, has been spending increasing amounts of resources dealing with illegal file-sharing and copyright and personally, I think it was a good jab at how ludicrous the effects of the DMCA and intimidation tactics of the entertainment industry have become.* Just last week, I was summarizing the results from the annual undergraduate computing survey and many students commented on their dissatisfaction with the University’s handling of file-sharing and copyright issues, wishing Stanford would take a stronger stance against the RIAA and the MPAA’s efforts.

The website though… I don’t want to be a spoilsport, but aside from probably breaking some basic network usage policies (for setting up riaa.stanford.edu, use of the Stanford seal, etc.), the website took it a little too far. The reality is that since the first lawsuits targeting students (circa 2003), the University really has been stepping up their efforts to stop illegal file-sharing and punish repeat offenders and something like this initiative isn’t completely impossible. The reality is that over thirty Stanford students– peers and perhaps even friends of the Chappie staff members– really have been sent pre-litigation letters and really have had to pay approximately $100,000 in settlement deals. The reality is that the entertainment industry really is targeting college students– people who have little knowledge of their legal options and/or resources to defend themselves. When you enter your name and hit submit at riaa.stanford.edu, it looks like they use your name to randomly** give you either a thumbs up (you haven’t been reported) or thumbs down (you’ve already been reported and look forward to a letter in the next three to four weeks). I would hate to think that a student who’s already paid out thousands of dollars because of a pre-litigation letter was tricked into going to the website and got a thumbs down.

I don’t know how long the site will stay up and working, so if you’re curious, here are some screenshots, etc.:

• riaa.stanford.edu front page
• PDF copy of the online version of the article
• screenshot of the “you’ve been reported” message
• screenshot of the “you haven’t been reported” message

Notes:

* If you’re curious about Stanford’s actual policies on file-sharing and copyright, check out my department’s FAQ on File-Sharing & Copyright (also used by the General Counsel’s Office as well as the Information Security Office as the University’s “official” FAQ on the issue).

** It’s pseudorandom– the algorithm they’re using is deterministic. Unfortunately, no matter what Leland Stanford, Jr. does, he will always show up reported to the authorities.

Related posts:

1. links for 2007-04-28
2. links for 2007-05-25
3. Stanford’s New DMCA Policy and changing the discussion

I’ve been working somewhat with, among others, the instructors (especially BJ Fogg and Dan Ackerman Greenberg) for the Stanford Facebook class CS377W: Creating Engaging Facebook Apps, figuring out how to use Facebook and its application development platform to encourage development of apps to promote student life, aid in teaching and learning, reach out to alumni, and more. (My department, Student Computing, is currently running an app contest to encourage development of just those kinds of apps.) Wednesday night, I attended the class final– a full-blown presentation on the class (including the journey from the Stanford Persuasive Technology Lab exploring how to computerize persuasion in 1993 to the development of the class itself), aims of the course, lessons learned, and, most importantly, the apps produced by the class’ 25 student teams.

The class has gotten a lot of hype, especially in the blogosphere, and much of it has been about how students were looking to find the secret to building the next big app and, in turn, making big money from it (check out this WREX-TV, NBC11.com video and try not to be distracted by the dumbed-down and sometimes nonsensical tech imagery for the narration). Much of the class focused on metrics and taking advantage of the viral nature of social networking sites like Facebook– aiming, for each app, a high number of users (especially daily active users) and high engagement (number of page views and time spent with the app). The apps developed, as you can tell from the phrase “10 million in 10 weeks,” were largely successful in achieving these goals with over 10 million installs, over one miliion daily active users, and a handful ranking in Facebook’s top 100 apps (out of over 10,000): Perfect Match, Send Hotness, Hugs, and KissMe (originally based on the Full Moon on the Quad tradition at Stanford). (Sorry if I missed any that reached the top 100.)

However, focusing on getting the largest number of users doesn’t always result in developing the “deepest” or most “socially meaningful” applications– as one commenter put it, even the “Stanford intellectual elite [can be] devoted to producing such monumental drivel.” (Before the Stanford-developed KissMe app, just think of the success of the unbelievably simple Zombies app.) So, instead of focusing on the apps that had the highest number of users, I want to point out two apps that are particularly socially conscious and show how to take advantage of the power of the Facebook network:

• The Giving Tree – the developers of this app partnered with Kiva to piggy-back on the growing awareness of the power of microlending. Facebook users don’t even need to pony up their own money– instead, once 50 people have added one of the selected businesses to their profile, $25 is pushed to the business using money donated from companies.
• Save the Rainforest – here, the developers partnered with The Nature Conservancy to take advantage of some of the time Facebook users are spending on the site everyday. Users play a vocabulary game and for every six correct answers, one square foot of the rainforest will be adopted through The Nature Conservancy’s Adopt an Acre program. As of the class’s final presentation night (December 12, 2007), 5,000 square feet had already been saved!

You, like me, are probably trying to reduce the app clutter on your Facebook profile, but if you’re going to use apps, I think these two are certainly worth it.

And with that, I leave you with a short video of Dave McClure leading the audience in The Wave to get them psyched up for the presentations:

Related posts:

1. links for 2007-10-24
2. Update: YMU and Stanford
3. How to get into Stanford

In the bag full of stuff at GHC, from Northwestern University Female Researchers in EECS– “At the Bleeding Edge.” We jokingly said it was a tampon holder, then we thought it was a pencil holder and then… we realized it’s right there on the box. It really is a tampon holder.

Wow.

At first I thought, a) “what corporate gift catalog do you find that in?” and b) “isn’t there collective agreement that we shouldn’t be referring to menstruation as ‘the rag’? Or is this some kind of female empowerment thing where we’re trying to claim that word back?”

Anyway, check it out: ragtotes.com.

And I am still reserving judgment about the second time. Awesome.

Related posts:

1. Another amusing waste of time using the Internet
2. Fee for service? Not in education!
3. Well delivered apology = good customer service

Related posts:

1. Book piles
2. Comic book heroes and history

Can you guess what it is?

Related posts:

1. In our own backyard

I’m slowly recovering from helping to put on the Virtual Goods Summit yesterday– got up at 5am and was running around all day, helping with everything from printing badges and registration lists, configuring and setting up computers and networking support, checking in attendees, and, most difficult of all, trying to steer a ridiculously heavy media cart with only two out of four pivoting wheels around campus and narrow building hallways. I finally got home around 7pm and went straight to make sure I drank my beer for the day (a story for another time).

But to recap on the conference itself, I didn’t get to sit in most of the sessions because of all the running around, but from what I did get to attend and from what I overheard, the very first Virtual Goods Summit seems to have been a success– all of the sessions were panels focused around a particular topic and included three to four speakers and a moderator directing the discussion. Whether it’s because virtual goods and economies are such an emerging technology and market or it’s because it was such a humble setting– the 350-person capacity basement auditorium of the Cummings Art Building on the Stanford campus (I don’t think it’s ever seen so many laptops and the network slowed to a crawl as 300+ people did God knows what during the breaks)– but as I overheard one attendee put it, unlike most conferences, there was less grandstanding (regardless of what the grandiose term “summit” might imply) and more open, honest discussion among key players in this space. Rather than what many conferences have degenerated into– simple vendor fairs and opportunities for companies to advertise and sell their products and services– it really felt like a summit: some of the most important and interesting companies and people involved in virtual goods coming together to talk about the present and future of the space.

On one hand, there was plain old valuable information– explanation of what virtual goods and economies are and how they work in their various settings, both in terms of technology (gaming, social networks, etc.) and geography/culture (especially the US and the West versus Korea and the East). On the other hand, there was also interesting discussion around current hot topics, such as the effects of money moving through and back and forth between the virtual and real worlds. These are issues that are becoming increasingly relevant to not just gamers accruing arsenals of virtual weapons or teenagers exchanging virtual gifts on social networks, but to everyone in the real world. Why? Because, as one speaker mentioned in kind of an overblown example of a Venn diagram, the virtual and real worlds are not separate and they don’t intersect per se, but rather, the virtual world is completely encompassed by the real one. In one way, the virtual world is a subset of the real world, but more simply, the better way to think of it is that they are inexorably connected– we spend real time playing games in virtual worlds and we spend real money buying virtual goods. In the end, they are all real choices with real consequences and when you realize and accept that, the line between virtual and real becomes blurred, perhaps even erased, and the discussion becomes that much more important. I look forward to much more growth in this space, much more discussion, and hopefully, another exciting summit next year.

Check out: vgsummit2007 on Flickr

Related posts:

1. Virtual Goods Summit 2007
2. Virtual Goods Summit 2007: One Last Plug
3. links for 2007-06-21

I’ve been spending an increasing amount of my time the last couple of weeks helping to pull this thing together, so here’s one last plug for the Virtual Goods Summit 2007, which I mentioned here a few weeks ago. In short, my friend Charles Hudson is organizing this conference and Student Computing at Stanford University (the department I work for) is serving as the event sponsor. The one day conference is shaping up to be a very interesting and exciting one on virtual goods and economies and will include speakers from leading companies in the social networking, virtual worlds, and casual gaming spaces. A number of interesting questions and issues will be raised and discussed, including:

• How will virtual goods and virtual currencies impact social networking?
• Are virtual goods the next big business model?
• What does it take to successfully launch a virtual goods offering?
• Are virtual goods poised to go mainstream?
• What does it take to nurture and develop a successful virtual economy?
• Why are users embracing virtual goods?

The conference is this Friday, June 22– please register in advance (since we don’t know how many on-site registrations we will be able to accommodate)– and if you’ve already registered/once you’re registered, remember to try to join fellow conference attendees on Thursday for happy hour at Blue Chalk Cafe in Palo Alto from 8-11pm.

For more info on virtual goods, check out: Virtual Goods: the next big business model, a recent article posted to TechCrunch by Susan Wu, a Principal with Charles River Ventures and a special advisor for the conference itself.

Related posts:

1. Virtual Goods Summit 2007
2. links for 2007-06-21
3. Virtual Beer Pong and Keepin’ It Real

I stopped by the CS 194 Senior Project Faire today– for those of you unfamiliar with it, Stanford computer science majors are required to complete a senior project to graduate. The course serves as a capstone to their years of study and the projects are displayed and demonstrated at a type of trade show for students, staff, faculty, and visitors from industry. Prizes are also awarded in a number of categories (and not to brag, but back in 2001, I was also an award winner).

One of this year’s projects was a virtual version of Beer Pong (also known as Beirut by some), by Ned Rockson, Luiz Pereira, and Fred Thompson (and a special shout out to Fred, a member of the Residential Computing family). The demonstration showed a very impressive implementation with realistic physics and polished graphics and the use of the extremely popular Nintendo Wii remote as the input device. Check out this photo of one of our coworkers, Becky, in action.

Of course, in the end though, what’s the fun of beer pong without the beer (and usually cheap beer at that)? And especially the resulting increasing inebriation, spilled beer, and all the mess that goes with the aforementioned?

Interestingly, most of the project team hadn’t even played beer pong in real life and they relied on one team member’s “expertise” for their requirements gathering and analysis. I’ve never been much of a beer pong player myself (I don’t need a game for an excuse to drink), but as I watched people take their hand at lobbing the virtual ball into a virtual cup, I reminisced about the many games of real beer pong I’ve watched in my day. Perhaps the most memorable was at a party last Thanksgiving weekend in my hometown: like most games of beer pong, the table wasn’t a ping pong table. However, in this case, the table was a retired kitchen counter that’s seen better days (including the hole for the sink) with a makeshift net and resting on two sawhorses. I think the beer was Coors Light or some other reasonably cheap analogue and the setting was an unfinished basement. You can’t get more ghetto fabulous than that. I wonder if version 2.0 of Virtual Beer Pong will have an option for something like that.

Related posts:

1. Virtual Goods Summit 2007
2. That’s not beer: distractions at the John Mayer show
3. Real life in cartoons: abusive relationships

Obviously, I’ve been sitting on commenting on this announcement for a couple of weeks, partly because I’ve been busy with my own life and partly because I wanted to be sure about what I wanted to say on the issue. On one hand, I’m a current employee of the University– I work for Student Computing and Residential Computing– and no matter how I feel about the policy itself, I have to enforce it to whatever extent my job requires. On the other hand, I obviously have an opinion about the policy, one way or another, just as I have strong opinions about file-sharing, copyright, the DMCA, and especially how they all relate to students and universities, and feel that this is an important issue to comment on, as I have before on previous University policies. On top of that, in addition to being an employee, I’m also a Stanford alumna (class of 2001, BS in Computer Science) and often find myself deeply invested in University policy and how it generally treats its students. That’s not to say that other Stanford employees who are not alumni don’t feel this way as well, but I mention it to point out why I find myself so frustrated so often– my four years at Stanford as a student were an extremely important part of my life, as college years are for most people, and when faced with policies such as this one, I am particularly bothered because I see them as the University stepping away from what I valued so much about my undergraduate experience and why I’m (for the most part) proud to call myself a member of the Stanford community. In any case, my point is that the above touches on the complicated relationship I have with the University, probably why I don’t sleep at night as well as I should, and why I haven’t blogged about the announcement yet despite a fair amount of national press coverage.

The truth is that the blogosphere commentary that picked up the story within two days of the announcement hit on a lot of the immediately obvious issues– the appearance that Stanford is turning DMCA complaints into a money-making business (modifying the Stanford S into a dollar sign was a particularly nice touch), that Stanford’s policy is particularly harsh and perhaps a disproportionate reaction to being placed on the MPAA’s 25 most wanted list, and the general feeling that the policy reflects poorly on the University and how it treats it students. DMCA complaints are, after all, allegations only (and there’s been plenty of stories of, in one way or another, bogus complaints) and to take such a hard line against alleged complaints as opposed to proven offenses/violations of the law sends a negative message about Stanford’s attitude towards its students– at least when it comes to choosing between bowing to the legal pressures and threats of the entertainment industry and standing behind treating students honestly and fairly. (To be honest, I think the “three strikes” policy already in place where students lose Stanford network privileges, including their network logins, after three DMCA complaints is overly harsh and started us down this slippery slope.) Slashdot coverage and comments even include thoughts such as students choosing to apply or attend other schools competitive with Stanford because of this policy and what it reflects about the University.

For me, the sad thing is when I found out about the policy change– only about a day in advance– I actually wasn’t that surprised. A year or two ago, my head would probably have exploded, my blood pressure rising, and there would have been a lot of yelling and swearing. But somewhere in the last couple of years, like I said, we already started down that slippery slope and to be honest, it’s not like we reinvented the wheel here– other schools have had similar “reconnection fee” systems in place for a while. My only point would be that calling it a “reconnection fee” doesn’t make anybody feel any better and, in the end, is simply misleading (at least for the first complaint, you can get reconnected without paying a fee). We should call it a fine because that’s what it is and that’s what it’s meant to be– I don’t agree with it, I don’t like it, but I at least understand it. The University has obviously decided that the current system is not sufficiently punitive, that inflicting fines is the only way to further discourage illegal file-sharing, and that $100, $500, and $1000 today as prices are measures of how severe the punishment should be and/or how important discouraging file-sharing is. In hindsight, I would have probably preferred this measure over taking someone’s network privileges away– it’s nearly impossible to be a student in today’s computing environment without network access; it’s probably a lot easier to scrape together some money.

The interesting thing about all of the negative coverage surrounding Stanford’s new policy is that I have seen some change in the national discussion– maybe it took Ohio University completely shutting down p2p file-sharing on its network or Stanford implementing this new policy, but the discussion is finally turning to why colleges and universities are bearing the burden of policing copyright for the entertainment industry and why all of their measures so far have failed to satisfy the RIAA, MPAA, and Congress itself. Not only are these already under-staffed, under-funded non-profit organizations being asked to spend precious resources policing networks, responding to complaints, and shutting down repeat violators, but they are now being asked to start inflicting monetary fines and even academic disciplinary actions, including expulsion, an area I think is far beyond the reach of the entertainment industry or Congress. When is it enough?

Finally, as I sit here listening ironically to Public Enemy at this very moment, I really do wish and hope that people start to fight the power. The policy announcement did not contain any stipulations on exactly how to challenge the complaints going on your Stanford record (as opposed to a legal counter-claim, e.g.), how to challenge the “reconnection fee” assessment, or the ensuing process thereafter. I think students are entitled to due process and they’re going to have to start demanding it. I hold no hope that Stanford is going to change or take back this policy, but I wish one of our sister institutions would stand up and start the fight– those schools didn’t make it on the top 25 because those student bodies objectively have the greatest amount of file-sharing. They made it onto that list because the RIAA and/or the MPAA targets those schools and in the same way that they target students– people who have little knowledge about their legal options or resources to defend themselves– they target specific colleges– institutions that have enough name recognition to make the papers, but that are afraid enough of what would happen if all of the entertainment industry’s lawyers came crashing down on their heads. But if top-tier schools that have large endowments and profess themselves to be leaders in technology, politics, law, and social awareness don’t start standing up for their students and for themselves, we’re only going to continue losing this battle.

Read: Stanford to hit P2P users in the wallet with reconnection fees
Illegal Internet users to face fines (The Stanford Daily)
Copyright Silliness on Campus By Fred von Lohmann (EFF)
A Rough-and-Tumble Debate on File Sharing

Somebody once told me I was one of the realest people she had ever met, so it’s odd that I find myself as one of the sponsors of a conference on virtual goods From the website:

The Virtual Goods Summit is a one day conference focused on the emerging market opportunity for virtual goods and economies. Once restricted to the world of online gaming, virtual goods and currencies are beginning to influence the development of social networks, community sites, and many other new and exciting markets.

This year’s conference will bring together leading entrepreneurs, venture capitalists, technologists, and industry participants to spend the day discussing the present and future of this exciting new space.

The department I work for– Student Computing at Stanford University– is serving as the event sponsor. College students and soon-to-be college students (and definitely the demographic that will end up studying in the heart of Silicon Valley) are huge consumers of virtual goods and make up a large part, if not the majority of virtual communities. Hopefully, there will be more discussion for the academic at the conference, but the program and list of speakers are shaping up to look pretty good.

For more information on the conference, contact my friend and the event producer Charles Hudson (and visit his blog too while you’re at it).

Related posts:

1. links for 2007-02-17

Cool.

Read: Bill Cosby to Deliver Keynote Address

Now what do I do with all my free time?

Related posts:

1. Why DRM systems are a bad idea and the freedom to tinker
2. Educational freedom

This one does not make me want to bang my head on my desk until something comes out because I’m actually really happy with my latest round of hiring– it’s from an article on The Most Common Hiring Mistakes and How to Prevent Them. Mistake #2 is on using successful people as a model– basically, using top performing people as a model for success is not as simple as just looking at them and copying their traits or characteristics. When trying to figure out what makes high performers high performers, you have to determine what differentiates them from everyone else. As the article says (paraphrasing here):

A major study showed that good salesmen were well-groomed and wore conservative, black shoes. But so did bad salesmen.

Note the copycat version of video sharing: Viacom’s replacement for all those video clips pulled after the mother lawsuit against Google over their YouTube clips. It’s not a bad reproduction of YouTube functionality in terms of letting me embed this clip here or pass around the URL, but I certainly don’t get my pick of clips, which I suppose is part of the point, but also the ultimate price. Case in point: again on The Daily Show, Larry Wilmore and John Oliver did a great piece last week on the proposed N-word ban in New York City. The piece quickly made it onto YouTube and was subsequently taken down due to copyright complaints by Viacom, but it wasn’t in turn made available by Viacom on the Comedy Central site. As a result, another brilliant combination of comedy, journalism, and social commentary is lost in the endless bowels of cable TV history, only to be re-experienced or heard of again by the lucky re-run watcher. Are you happy Viacom?

Related posts:

1. links for 2007-03-30
2. links for 2006-10-30

Seen in a Stanford dorm room window today while walking into work.

Related posts:

1. Fee for service? Not in education!
2. KimbAladdin
3. Lovely seaturtles

Rockin’ tiger’s head at the entrance of Kimball Hall as part of their theme for this year. It’s got flashing eyes and it even roars. Hand made by the creative residence staff.

(Kimball is an undergraduate dorm of about 200 upperclassmen and is one of Stanford’s Focus Houses– it’s focus being the Arts & Performing Arts. Focus houses are, among many other things, one of the cool parts of the Residential Education program, a long and rich tradition at Stanford and the strength of which makes the undergraduate experience at Stanford particularly unique and interesting.)

When Chelsea Clinton was a student at Stanford and her parents came for visits, there was never this much disruption on campus. I mean, sure, when there were suddenly ten big black SUVs parked outside of Wilbur Hall or something, we knew the First Lady or the President was in town, but neither parent, including the Leader of the Free World himself, managed to shut down campus when he visited.

Of course, the real kicker is that it’s one of the worst weekends to have a high maintenance visitor come to campus– it’s Admit Weekend and over 1500 newly admitted students and their parents have been on campus since Thursday morning. Obviously, it’s a very busy and important weekend and I hear they already had to cancel an event at Memorial Auditorium (one of our largest indoor venues) because of the President’s visit. Shutting down foot traffic on parts of campus, having helicopters fly overhead constantly as Admit Weekend activities are occurring all over (indoor and outdoor), and just making it generally difficult to get around campus isn’t the best thing this weekend.

The only positive thing that I can take away from President Bush’s visit is that, just like everywhere else in the Bay Area, protesters were out and ready for his arrival, including students who had Admit Weekend responsibilities, but were sure to take time out to voice their opinions. It’s a part of Stanford that I’m kind of glad that ProFros (prospective freshmen) got a chance to see.

Related posts:

1. How to get into Stanford
2. YMU and Stanford

Of course, let me remind you that I don’t work in the Admissions Office nor do I affect admissions in any way, shape or form. This is all just based on what I’ve gleaned after getting into Stanford, getting my degree, and working here for the last four years. So, here it is:

Now, (again) there’s no clear answer on how to get into Stanford and even after hearing all of your qualifications, there’s still no clear way to know if you’ll get in. Your application is assessed in its entirety and in the context of the others in the application pool. But there are certain hurdles that you will probably have to get over and certain things you should remember to be competitive:

First, your high school coursework, GPA, and SAT scores. Yes, yes, no university’s admissions office will tell you that there’s a minimum number of AP courses, a minimum GPA or a minimum SAT score. But let’s face it: the profile of students accepted at Stanford and other universities at this level is pretty consistent. Of course, there are exceptions to the following guidelines, but when you look at the distribution, you want to shoot for the center or higher to be safe. So, you should have a challenging high school courseload (and if you’re from an unheard of high school in the middle of nowhere, it should probably be the most challenging possible) and a pretty high GPA, somewhere between 3.7 to 4.0 (not taking into account weighting and normalized on a 4.0 scale). You should be at least in the top 20% of your class, 10% is better. As for your SAT scores, you should be breaking 1300 (based on the original 2-part test’s verbal and math scores). The higher the better of course, but what can you really say about the difference between someone who scores a 1490 and a 1520? Your standardized test scores, whether for the SAT or the AP, only really serve to validate your transcript– it provides a way to get an idea of whether you have a 4.0 because you went to an easy school or because you can compete with students who have just as good grades from some of the best and most challenging schools in the country.

A note about SAT classes: I know parents love to send their kids to these classes, thinking that they will help their kids get that “edge,” thinking if they just score a little higher on the SAT, it will give them a better chance of getting into whatever school of their choice. To be honest, the only thing these courses teach you is how to take the test better. If you’re a bad test taker, the class might be worth it, but I would suggest working with the books and studying on your own first. Even if you take the classes, your score will probably only go up by a few hundred points and if you don’t have a competitive starting score already, that’s not going to help you that much. If you need the classes to make you study for the SAT, then you should be worried about whether you have the discipline to go to such a competitive school and trust me, you’re going to need the discipline.

After the grades and test scores, the next issue is extracurricular activities. I’ll be honest: Stanford students are extremely talented students inside and outside of the classroom. There’s a reason we win the Sears Director’s Cup every year. So, you should be involved in extracurricular activities. You should be good at them. You don’t have to be a concert pianist and you shouldn’t spread yourself too thin being the president of every single club, but your extracurricular activities should show that you’re well-rounded and that you are passionate, committed and hard-working.

Now, the essay. Let’s face it: if you’re applying to Stanford, you probably have already taken a challenging courseload, have really good grades, scored well on the SATs, and are involved in extracurricular activities. At the end of the day, the essay is your real opportunity to show who you are as a person and make yourself stick out.

Every college application essay prompt is a little different, but they all get at the same thing: a personal statement. Discuss what unique perspective and experiences you will bring to the table. It’s your opportunity to show why the university should invest in you and what you will contribute back to the university and your fellow students. This may be blunt, but Stanford gets over 20,000 applications for about 1,600 spots; it’s your job to sell yourself. But remember: be honest, be genuine. You may think you’re being slick, but it’s pretty easy to see through fluff or double-talk. They’ve been doing this a lot longer than you have.

And that’s really it. At the end of the day, we’re looking for students who excel inside and outside of the classroom and who will bring unique perspectives and interesting experiences. There’s really not much mystery and it’s pretty straightforward– it’s just that there’s a lot of people in the world and there are only so many spots. And even if you’re the best of the best, it’s still kind of a crap shoot in the end: why do some people get into Stanford, but not Harvard, or Harvard, but not Stanford, or both? It’s a numbers game at some point and that’s just the way it is at some point.

The most important thing to remember though is that of course it’s important to go to a good school, but it’s also important to go to a school that’s a good fit for you and where you’ll be happy. When I applied to schools, I applied to Stanford on a whim, never thinking I would actually go out all the way to California, and Harvard was my end-all, be-all first choice and when I was waitlisted, I hoped and hoped that I would still be able to go. Thank God I didn’t. I cut my losses early, decided on Stanford, and couldn’t have been happier with my choice. Stanford was an incredible fit for me and I wouldn’t still be here as a staff member if I didn’t love my experience here as a student, didn’t want to continue to be a part of the institution, and didn’t want to continue to contribute to its future. So, don’t apply to Stanford just for the name, but apply because you think it will be a good fit for you because no reputation will make up being miserable for four years in the prime of your life. And make sure you remember that picking a college is about more than academics– it’s about the culture, the atmosphere, the people, the location, etc.

So look onward, Class of 2010! Good luck on your applications and get ready for one of the best times of your life!

Related posts:

1. Update: YMU and Stanford
2. YMU and Stanford

The official press release is at the Stanford Report.

Related posts:

1. YMU and Stanford
2. Microsoft redeems itself… a little
3. New site design

The criticism was certainly not unexpected– I predicted that list of points (and more) a year ago when this all started. The only real issue I have with that Letter to the Editor is that, well, we actually did run a survey (2 actually, one for undergraduates and another for graduate students) to get a better picture of the digital music landscape at Stanford. It was part of the annual residence evaluation, a pretty well-advertised survey, and included questions on filesharing, copyright, portable music devices, and for-pay online music services. We had a whopping 46% of undergraduates and 29% of (on-campus housed) graduate students respond to the survey, as we do every year. And based on that data, not just the mere assumptions about the student population, the student is right in pointing out that Yahoo! Music Unlimited is not compatible with the 20% (!) of students who own Macs (unless you want to run Virtual PC) and when they say it’s compatible with iPod, it’s not really.

So, blame us for picking a subscription service that doesn’t meet your specific needs (and this was a long decision making process that I will get into after the service actually launches), but don’t blame us for failing to collect data about student consumption of digital music because we certainly did. Guess people just weren’t paying attention.

Related posts:

1. MIT Weblog Survey

But there is one silver lining that I want to take note of: the way the educational community is coming together. Universities, including those I’m directly affiliated with, Stanford and Carnegie Mellon, are coming together to reach out to college students affected by the hurricane and to help make sure that their educations are not severely interrupted. Despite my frequent frustrations, I have to say that a part of me is proud to be part of the higher education community today.

But of course, what about the young children who don’t have homes or food, much less a school to go to today or tomorrow or the next day? How many children will be orphaned and how many dead bodies will continue to be pulled out from the waters? Americans are certainly capable of supporting its citizens– consider the outpouring of support for victims of 9/11. While we may not have terrorists to band against in this circumstance, certainly the suffering and need for help is just as great.

The project grew into something of a legend within the computer science department and campus network administration offices. At one point, the BackRub crawler consumed nearly half of Stanford’s entire network bandwidth, an extraordinary fact considering that Stanford was one of the best-networked institutions on the planet. And in the fall of 1996 the project would regularly bring down Stanford’s Internet connection.

“We’re lucky there were a lot of forward-looking people at Stanford,” Page recalls. “They didn’t hassle us too much about the resources we were using.”

If that’s not one of the best arguments for liberal computing and network usage policies on university campuses, I don’t know what is, especially considering the direct monetary benefits Stanford has reaped from Google’s success.

Related posts:

1. The Wisdom of Average People

Unfortunately, Circuit City didn’t really consult anybody about this so-called guide.

Since my department is primarily responsible for putting together recommended configurations (we don’t have a computer purchase requirement or minimum requirements for computers), I was interested to see what Circuit City had listed for Stanford. See, we’ve never been contacted about what they should include in their guide, so I was interested to see if they had somehow talked to someone else at the University and put together a listing. Needless to say, the listing was both confusing and completely wrong– they recommended Windows 95/98/ME as an operating system, simply “32″ for memory and just “1″ as a hard drive. I guess that means that they recommend you have a hard drive.

So, I politely contacted customer care with the following email:

Hi, I work at Stanford University supporting student computing.
I noticed that you have added your College Guide for computers and that
there is a technical recommendation for Stanford. Where did you get
this information and/or who was your contact at the University for this
information?

In less than 24 hours, I received the following message:

Thank you for writing to Circuit City.

I understand that you wish to know where and how did we get this
information about the technical recommendation for Stanford.

I would like to address this query, but I would recommend you to go to
the local Circuitcity store and seek information regarding it.

Right. If that’s not a canned answer, I don’t know what is.

Thanks to the RIAA and the MPAA, our department has a new found closeness with the University’s legal and business affairs offices, so suffice it to say, they’re contacting Circuit City to clear up the matter.

And what matter is that? Not just that they have wrong information, but that Circuit City foolishly thought that they could pass themselves as affiliated with or a representative of Stanford or any of the other 800+ colleges and universities listed in their guide. The sad thing is that we, along with other universities, would have probably been glad to work with Circuit City and many other vendors to provide accurate and up-to-date information on technical recommendations. But of course, no, that would have taken real effort to reach out to schools and develop actual relationships. Stanford has been working closely with Apple, Dell, and the Stanford Bookstore to offer this exact type of deal– putting together specific bundles with special pricing for our students and making them readily available through online and brick-and-mortar vendors. Students can find packages that fit their specific needs, but will meet the minimum requirements for use on our network and will most likely last them for the majority if not all of their time at Stanford. You’d probably be surprised how much staff time goes into coming up with these recommendations every year, especially this year as we try to come up with more helpful recommendations. And yet, with one stupid move, Circuit City cancels out this hard work. I can only imagine how much trouble this is going to cause for schools with mandatory purchase requirements.

Well, hopefully, I’ve started enough of a ruckus around this to take this stupid college guide down– I’ve already passed on the news to colleagues around the country and many are taking action right away. Had these universities been approached beforehand, the guide could have been a useful marketing tool, but instead, many have said they are asking Circuit City to remove their listings altogether. Aside from the general principle of refusing to work with them after this stupid stunt, Circuit City would most likely not be able to offer an accurate picture of technical recommendations (e.g., they would not include information on Macs, giving the impression that these campuses were Windows-only). My next step is to swing by a store and see if they’ll try to sell this thing to me as an “official recommendation.” (Hopefully, I can still pass for an incoming freshman.)

So, if you’re about to start college this fall and you’re looking for computer purchase recommendations, don’t trust Circuit City– if you’re coming to Stanford, check out the letter we sent to you in your “Approaching Stanford” packet or view it here online. If you’re going to any other school, check directly with your school– they’re definitely a better source than Circuit City. (And they probably won’t send telemarketers to extend your product warranties like Circuit City does too.)

CMU Professor’s Rebuttal Against RIAA Propaganda (from Slashdot)

Related posts:

1. Fan fiction hits the stands?
2. Universities and iPods now

RIAA cracks down on Internet2 file swapping

There are a lot of obvious comments I could make about this new witchhunt by the RIAA, most of which have already been said by many other people. Nevertheless, I might as well reiterate a few important points:

Internet2 is a “closed” network. The RIAA declined to answer how they were able to get onto the network to discover the alleged copyright infringement in the first place. I hope this will finally push someone to seriously challenge the questionable way the RIAA (and now the MPAA as well) is monitoring these networks. Unless they have people working on the inside (which is not completely out of the realm of possibility), there is some seriously sketchy network “monitoring” going on.

Targeting I2. It’s pretty clear why the RIAA is targeting I2– because it’s considered a closed and centrally-controlled network, it is more regulable and can be used to set a precedent for regulating similar special networks. (Again, if it’s so closed and regulable, it begs the question, how did the RIAA get on there in the first place?) Check out Ed Felten’s comments on the subject.

Liability. Obviously, when asked to comment, the folks behind the i2hub community have stated that they do not condone activities that breach the rights of copyright owners. Well, I’m assuming that they’re not so naive to think that this wasn’t going to cause problems, especially since they so clearly identify themselves on their Web site (where they also say that this whole project is under the umbrella of “collaboration” between students). While universities come down harder and harder on p2p on their campuses for fear of being sued, there hasn’t been a case yet where the ISP (the university) has been sued. However, the entertainment industry first went after those running file-sharing services on campuses back in 2003 and has not hesitated to go after Grokster, Kazaa, and, most recently, BitTorrent tracker sites, so there’s little evidence that they would not go after the i2hub folks. I will assume that the i2hub folks aren’t stupid, so they should have been expecting something like this to happen eventually. If that’s the case, I hope they’re also willing to stand up and fight.

Digital music services. A number of the schools at which students were sued have university-wide deals in place for legal music services for their students (e.g., Napster, CDigix, Ruckus, etc.) I had thought that making a deal with the devil might offer those universities some comfort, but I guess not. This also shows that the amount of illegal file-sharing does not necessarily go down significantly just because you have legal services available. Both of these points don’t give universities much incentive to make campus deals.

In any case, we’ll see what happens. The RIAA sued no more than 25 students at each of the 18 schools (this statistic somehow meant to make us feel better since they claim to have evidence of many more cases of infringement). I sincerely hope that at least one of those students will fight back, will file a countersuit, will do something to stand up to the entertainment industry’s targeting of college students and universities in general. Maybe then they can get back to actually providing entertainment rather than punishing their customers and we can get back to the business of educating students.

Related posts:

1. RIAA continues fight while new company tries paradigm shift
2. Universities and Napster
3. Told you so: SP2 on campus

A faculty member was giving an overview of what’s involved in this next task and he mentioned that we could use Together to generate some skeleton code. It was mentioned in passing really and if you didn’t recognize the word “Together” as anything other than an adverb, you probably wouldn’t have caught the reference. You probably wouldn’t have even realized that there was something to ask about because it just sounded like he was saying that we would be “generating the code together” rather than “generate the code WITH Together.”

In any case, so we let the reference pass by and in general, people weren’t asking many questions. Towards the end of the meeting, another faculty member asked if we knew what they were talking about when they mentioned “Together.” Frankly, I don’t think people even understood the question– this is the problem with naming a piece of software a common adverb. Well, maybe it was the blank looks that set him off, but the faculty member asked why we didn’t ask what Together was if we didn’t understand the reference and then proceeded to go around the room and ask every single person (about 10 in the room and another three on the conference line) whether s/he knew what Together was. In the end, only one person knew because he was already familiar with the software from his job. This whole episode digressed into a “why didn’t you ask if you didn’t understand?” and “what else have you not asked about?” scolding session.

I’ll admit that we were, in general, not a lively bunch last night, but as I’m discovering, there’s very little direction in general. Now, I’m not saying that they should be holding our hands the whole way and I understand that they’re trying to simulate a real working environment through the “story-centered” curriculum, but sometimes, there’s so little to go on that you can’t even get enough information to ask the right questions. For example, even after asking for more info, there was no real information given about last night’s meeting– all we knew was that it was a kickoff for the next task (in fact, they even rescheduled it with only a few days notice because they didn’t realize they had originally scheduled it for Valentine’s Day). After actually having gone to the meeting, it seemed like they had expected us to have gone through all of the materials for the task and come prepared with lots and lots of questions.

Well, gee, I would have had I known.

Frankly, most of the time they were looking at me with annoyed expressions at our lack of questions, I felt like shrugging my shoulders, rolling my eyes and yelling, “Quit looking at me. It’s not that I don’t care– I just don’t know enough yet to even ask any questions.” I suppose we could have asked questions on exactly how to execute all these tasks we’ve been given, but I think we figured that for the most part, those are things we need to try to learn on our own and this meeting wasn’t supposed to be about walking us through our homework.

The really disturbing part of this whole thing was that I felt like I was being yelled at. I don’t think I’ve ever been just plain yelled at in an academic setting since middle school. In an academic setting, the primary disclinary structure is grading, not scolding. What are you– my mom? If I don’t do my homework, if I don’t participate enough in meetings, if I don’t know the answer when you call on me, what are you going to do– tell on me? For chrissake, I’m a grown ass woman. I mean, take off points, give me more work, give me a lower grade, but I don’t think I really need to be flat out berated.

In any case, the whole thing was very bizarre to be in a graduate program at supposedly one of the best engineering schools in the country and to be yelled at like a bunch of little kids. Hopefully, this isn’t the CMU way.

So, after I almost had a nervous breakdown when they postponed the Information Security and Networking program until an undetermined date, I talked to the West Campus admissions folks, including the head of the Software Engineering program, and figured out what options I had left. Luckily, my acceptance to the SE program was still good back from last December (I can hardly believe it has been this long) and I was even eligible to go into the new Software Development and Management program, although for Fall 2005 (this program didn’t exist when I originally applied in Fall 2003). I will admit that even though I’m anxious to start my Masters program, I wasn’t sure if I wanted to go into either one of these programs. At face value, software development/engineering programs are not exactly interchangeable with a program in information security and networking and like I said earlier, that’s a lot of time and money to waste on something I don’t necessarily want. But after speaking to the department and getting more information on the program, I realized that it might not be exactly what I wanted, but I can still make it what I want and need. The skill focus is a little different and the topic is a little broader, but I can certainly tailor my studies to focus on the desired areas, including my interest in information security and privacy as well as my desire to develop more management skills. And the folks in charge of the program were very helpful, encouraging me to start the program and letting me know that they would be happy to help me tailor the program to my needs.

As I’ve said before to others, after working for a university for a few years, I am more than aware that there is very little relationship between internal university operations and academic excellence. As prestigious as Stanford is, you’d be surprised how decentralized and disorganized we are when it comes to regular operations (although I will acknowledge that the undergraduate admissions process is very streamlined and conducted very well). Simply scheduling a classroom is a bureaucratic drama. So, even with the entire admissions ordeal, my confidence in CMU’s academic strength was still there. And after speaking to the folks I did at the West Campus, their helpfulness and willingness to come to the best solution as simply and quickly as possible was really what sold me. They were very understanding of my frustration, clearly expressed why attending the SE program would be beneficial to both CMU and myself, and that because of that, they were willing to be flexible and come up with the best solution for both policies. And now, I’m excited to start the program and feel like not only will I have a good experience and learn a lot, I am welcome to the program and that my contribution will be valued.

So, it looks like the drama has been resolved. I’m filling out the final paperwork, ordering books for the new semester, setting up my computer, and more. Finally!

Related posts:

1. CMU, more debt, information security, and privacy

Are you kidding me right now?

Tuition for the 2005 Spring semester is due on January 3rd and classes are scheduled to start on January 10th. (Most of this information I gathered by sifting through the INI Web site and the CMU West Web site as well as flat out asking inviduals running the program.) I got the bad news via email at 11:24 am today, December 20th. I suppose the only thing worse would have been to send me the bad news an early holiday gift decorated in CMU colors– seal it in an envelope, place the envelope in a huge gift box wrapped with luminescent cardinal wrapping paper, tie white and silver ribbons all around, and then send it out on Christmas Eve via first-class mail with no delivery confirmation and to the wrong address. That sounds about right, if you take into consideration how things have been going for over a year now.

Let’s go back to when my particular drama with CMU started. Now, for most people, when they hear “Carnegie Mellon,” they vaguely recognize that it’s a pretty good school somewhere among the mid-Atlantic states. Now, if you grew up on the East Coast (especially in or around the Tri-State area) or you’re into tech and/or are an engineer of sorts, you’ll know that Carnegie Mellon University is actually quite a prestigious university located in Pittsburgh (not Philadelphia), Pennsylvania and is ranked by US News and World Report as 22nd among national universities, following University of California – Berkeley (#21) and tying with University of Michigan – Ann Arbor and University of Virginina. And specifically, you’ll know that it’s one of the best engineering schools in the country– #9 among undergraduate engineering programs (at schools where the highest degree is a PhD), #11 among graduate schools of engineering.

I’ve always intended to pursue another degree, at first an MBA, but now more likely another degree in or related to computer science and engineering. But most programs like these are full-time and to be honest, I’m not really in the financial position to be going back to school and even if I did, the personal temperament to go through that. But last year, I found out about CMU’s West Campus, an example of a trend among many upper eschelon schools offering part-time, distance programs. I was glad to find out about this and hoped that this would be a great way to get my Masters degree while still continuing to work and live in the Bay Area. Additionally, by attending CMU, I could continue to be part of the tradition of academic excellence, especially in engineering, that I began with my undergraduate years at Stanford. So, over a year ago, last fall, I applied and was eventually accepted to the Masters program in Software Engineering (MSIT-SE). Unfortunately, the way the admissions schedule works there, I was basically told of my acceptance right about this time of year– a few days before Christmas. I had little time to apply for financial aid, do the paperwork for employer tuition reimbursement and more. So, I deferred until the following Summer or Fall semester, the next time a new cohort might be starting.

However, when I originally applied in the early fall of 2003, I was at the edge of my work as a software developer and my interest in it. Yes, I still do it and a fair amount of my day is still about writing and fixing plain old code. However, that fall was perhaps the last I would still be engaged in that work and thinking of it as part of my future– the focus of the world around me and as a result, my job, was quickly changing and both my interests and skills began to shift toward network management, information security, and privacy. Sure, my title is still “Systems Software Developer,” but a good chunk of that development is now directly related to investigating and developing host and network security tools. And a good chunk of my day now is spent working on relationships with networking, security, and legal departments and developing strategy, educational materials, and more related to networking and security. The change happened very quickly, but it’s a change I like, for the most part.

So, when the West Coast campus decided to start offering the Masters program in Information Security and Privacy (through the Information Networking Institute), I decided to apply. I figured, after reevaluating my education, recent work and career hopes, that this was the more appropriate program for me and even if I didn’t get in, I had the SE program in my back pocket. This was back in February 2004.

So I applied and didn’t hear anything back. In the meantime, I took the necessary steps to get ready for the MSIT-SE program– filling out a FAFSA, filling out the CMU financial aid application, applying for my staff tuition reimbursement program, etc. Summer semester neared and I still hadn’t heard back about the MSIT-ISP program. I was still holding out on it though, so I deferred again until Fall 2004. I followed up with the MSIT-ISP people, trying to find out what was going on, when they were sure they would start a cohort out here, but I got back very little. The only thing I heard back was that they would not be offering the MSIT-ISP program until January 2005. So, for the third and final time, I deferred my acceptance to the MSIT-SE program to January 2005.

Around September of this year, I saw that the application had changed for the MSIT-ISP program and that it was now being administered through Pittsburgh by the INI. I asked questions about the new application, wondering how previous applicants would be evaluated. I was told that I would not be penalized for having completed the earlier application, but if I really wanted to, I could fill out a new application. So, I went to take a look at the new application and saw that they were now requiring a GRE score (they had not previously). So, I told them that I would just stay with my old application since I had not taken the GRE. Unfortunately, they told me a GRE score is now required and that an email had gone out informing earlier applicants of this new requirement. When I said I had not received any email, a representative told me that many people seemed to have been saying that, leading her to believe that either emails sent out had bounced (and nothing was done to resolve the bounces) or the list passed on from the West Coast campus to them was incomplete. Utterly surprised by this, I asked if they even had my application– the answer, of course, was no. My application had been misfiled because I had been accepted to the earlier program and was never sent over with the other applications to the Pittsburgh campus. So basically, had I not prodded and asked repeatedly what was going on, I would never have known that they didn’t even have my application and that there was a new GRE requirement. This was almost at the end of September. I was told that I should get my GRE score in by the beginning of November, which left me about three weeks to study for, register for, and take the GRE. I have been out of college for over three years and have not taken a standardized test since high school.

And of course, I have been plagued with sickness and fatigue this whole fall/winter and although I studied and took the GRE in mid-October, I didn’t do as well as I think I could have. Anyone can have a bad testing day. But you can only sit for the test once a month, so I would have to wait another two to three weeks to sit for the test and hopefully do better. I was frustrated and felt like, maybe, it wasn’t in the stars that I attend this program. I was ready to withdraw my application and call it quits and although it wasn’t quite what I wanted, go ahead with the MSIT-SE program. But what happened? That day, I get an email saying, “Congratulations! You’ve been accepted to the MSIT-ISP program for January 2005!” Basically, they had decided that I was very qualified for the program based on my application from March and that I should be accepted to the program. I didn’t have to study for, pay for, or take the GRE, the first time or otherwise. So, I was out $200 (test fee, study books), a vacation day, and three weeks of standardized test cramming, but at least I had gotten into the graduate program I wanted. This was at the end of October.

So, a few weeks ago, I thought everything was settled. It took a few weeks to actually get my official acceptance letter (they kept saying they were re-writing drafts and then they sent it to my office instead of my home) and I quickly sent back my letter of acceptance of admission and graduate student information sheet. I eagerly waited to be entered into the system to finalize my financial aid– my FAFSA had been processed in April and I had already signed a promissory note for the loans– and send in my tuition reimbursement paperwork. I had notified my boss of my class schedule and that I would be leaving early twice a week. I had told my coworkers that I won’t be able to quite pull the sixty, eighty hour weeks anymore since I’m starting a part-time masters program. Hell, I even announced it on my blog. I started my vacation (most of Stanford is shut down for the Winter closure) and thought, by January, I’ll be refreshed and excited, ready to return to work and to start school.

Apparently, no go. There are other options being offered to me now, but I seriously don’t know what to do anymore. Today’s email “apologized for the inconvenience,” but I think canceling a Masters program three weeks before its supposed to start is a little more than an inconvenience. Yes, a full-time program is usually logistically much more complicated– you have to deal with relocation, much larger tuition and financial aid, etc.– but a part-time program involves a fair amount of logistics on the part of the student. We still have to figure out tuition and synchronize work and class schedules. For those with families, the time management problem only becomes more challenging. And changing Masters program isn’t like changing majors when you’re an undergraduate.

I’m tired, I’m frustrated and I feel like I’ve been jerked around for a year. I don’t want to spend time and money pursuing a Masters degree I’m not really that interested in anymore, but at the same time, I feel like I’ve jumped through a lot of hoops this past year to get here, only to feel like I’ve been screwed. And I don’t want to wait around to see if the MSIT-ISP will ever be offered out here or reapply to another program only to be screwed over again. Six months ago, I was seriously looking at changing jobs and moving in a new direction, maybe even to a new city. Two days ago, I turned down an interview offer. All of this because I had, in my mind, committed to continue working at Stanford for the next two years while I worked on my Masters degree. I’m only twenty-five years old, but for all the opportunity and time I have in the world, I had to start to do something, but when I did, the immediate future I had constructed for myself all just fell apart this morning. My level of disappointment right now is unbelievably high.

Here’s a thing though– the program is in Information Security and Privacy. That’s right. Information Security AND Privacy. They go together. You can’t talk about one without the other. Maybe more people should remember that.

Related posts:

1. BigFix followup in The Chronicle

Plugging Holes in the Security Dike

Although I wish that somebody actually working for Information Security Services at Stanford was quoted (and not just the director emeritus), it’s interesting to see that we’re not the only ones who were concerned about privacy and liability. Now, if only we would act on those concerns rather than just recognizing that they are an issue and moving on in the name of security at all costs.

Related posts:

1. Temptation, thy name is BigFix

The deal is this: the decision to use BigFix was first made by the folks at ITSS (and given the go ahead, of course, by higher ups). At Stanford, the IT structure is a little strange. It’s divided into two main groups: ITSS, who focuses on administrative systems, infrastructure, etc., and the Libraries, who focus on academic computing needs (including residential needs since Stanford has a strong committment to residential education and most students live on-campus). But of course, real management of computing resources and services is even more decentralized than this strange arrangement, so as one can guess, managing the network and deploying technology throughout campus usually involves getting a lot of people from different groups to work together. You can imagine how folks in charge of administrative systems and infrastructure can often disagree with folks in charge of promoting the academic mission and student life. On one hand, allowing students to connect whatever computer they want to the network and experiment with their computers is, I believe, a key part of educational freedom and promotes self-learning. On the other hand, it’s a nightmare for network security and management, not to mention desktop support. Another part of this balancing act is the fact that a university computing environment isn’t necessarily a corporate computing environment and in addition to regular university employees , you have faculty who often have experimentation with computing technology at the heart of their research and you have students who live on-campus and make it their home, their community. Certainly, there are significant differences between what kind of programs a faculty member can run on computers paid for with research funds and what a residential student can do with his personally-owned computer and what a university employee can do with his university-owned computer.

In the end, the compromise was to provide supplementary documentation for residential students, hoping to educate students about the privacy concerns and let them make the right choice for their own computing needs. Our main goal was to make sure that students were educated (what a novel idea at a university) and had all the information necessary to make the right decision for themselves. The one thing we wanted to avoid was to have the University hand down BigFix as a requirement for getting onto the network. While I certainly agree that the University should be able to require students to patch and secure their machines, I do not believe they should be asked to install a potentially invasive piece of software on their computer and in the name of security, give up their privacy rights. Some may say that the list of retrieved properties is nothing to get so worked up over, that collecting this information automatically will help local network administrators and departments have better inventory information, and that most people won’t care if the University collects this information about their computers. Well, I hardly think that poor record keeping and inventory management on the part of local network administrators or the fact that most people just won’t mind are reasons to ask 10,000 students to install, in one sense, monitoring software on their personal computers.

Personally, BigFix for University-owned machines, especially those that store confidential information (including email), is a no-brainer– I believe that in those situations, computers should be imaged and employees should have locked-down configurations (no administrator access) anyway. And because we are talking about workplace resources, I understand that there is no reasonable expectation of privacy (although, I believe that a more relaxed approach fosters higher employee morale). But when it comes to my personal computer, I will not choose BigFix. In some ways, my situation is similar to those of the residential students my department supports– as part of my employment, Stanford provides me with “Stanford DSL,” paying for my service and giving me Stanford IP addresses for my home network. And realistically, when I come home from work, my employer can still monitor my network usage. In my home, my situation is very similar to students living on campus (although, unlike them, I have the option of a different broadband provider) and given that situation, I won’t be using BigFix at home. For me, I am more than capable of following good security practices to keep my computer, and in turn, my little part of the Stanford network secure. I don’t believe that there is an urgent and pressing need for the University to know how much total drive space I have or the serial number to my personal computer. Some of the retrieved properties might seem trivial– what my CPU speed is or what my computer name (something that’s already available via Windows networking)– but I should still be able to choose whether or not people know. It might seem trivial for people to know what color my couch is or what shape my dining table is, but it’s still my right to decide who knows these things. The most important thing, at least right now, is that we hold onto the right to choose because while it may seem trivial today, who knows what our “trivial” personal information could be used for tomorrow.

Which brings me to my final point: one of the big reasons why we must protect our personal privacy is that unfortunately, there are many out there who might use it against us. When we were in the thick of the privacy argument over BigFix, we realized there was a fundamental misunderstanding– some thought our reluctance to use and promote BigFix was because we feared that the information collected would not be secure, because we feared that the central databases would be broken into somehow or that console operators would abuse their access to this confidential information. These are concerns, of course, but our greater fear is that tomorrow, the next day, or sometime after that, suddenly the information would be used by the proper officials through the proper channels in a way that we do not agree with. Today, some collected information might be used only for inventory purposes, tomorrow, it could be used to unfairly profile network users. Today, total disk space might just be for statistical purposes, tomorrow, it might be used make unfair accusations about what that disk space might be used for. It’s a propos that I just finished reading Dan Brown’s “Digital Fortress.” A recurring theme is “Who will guard the guards?”

Last week, I finally got my console operator account access and logged in to take a look at the console software. I had sworn to myself, to my fellow console operator, and to the folks at ITSS that I would not be looking at the retrieved properties. We collect our own statistics during network registration and our yearly survey (with over 50% participation each year) and keep organized network node records– we don’t need to look at records for inventory purposes and we don’t want to look. And for us, we believe and have proven that spreading the word, using our RCCs and the dorm community network to educate and encourage students to follow good security practices, actively managing and policing our network, knowing our users, is the best way to maintain good security. We don’t necessarily need a 100% solution– we need one that keeps our networks manageable and usable. But when I pulled up the console software, I couldn’t help but look. Retrieved properties for hundreds of computers just come up automatically as soon as you login. Ah temptation, thy name is BigFix. I only looked around for a few minutes, but by the time I had logged off, I felt like I had violated so many with a few easy clicks. If I could do it so easily, believing so strongly against looking at the data, imagine how easy it would be for those who want to look, are dying to look and analyze and use this data for their own purposes. Who will guard the guards?

In the end, that question was never really answered– or rather, few believed somebody needed to guard the guards. But there was the final piece of our compromise: we asked that a notification list be created for all BigFix users, that the option to subscribe to the list was presented during installation, and that whenever the list of retrieved properties changed, everyone on the notification list would be notified. It’s not a perfect solution– we would have preferred mandatory and automatic subscription for all users who install the program and a heads up before the list was changed– but it’s something because it, once again, lets us hold onto choice. Today, I might be willing to give up this much privacy in the name of security and convenience; if you ask me tomorrow to give up a little more, I might decide that the price has become too high and I can exercise my choice to opt out. And isn’t that the basis for freedom, educational or otherwise– choice?

Related posts:

1. Big Brother is not welcome!
2. Microsoft redeems itself… a little

Windows XP SP2 Upgrade Causing Campus Headaches

This is exactly the problem I started to predict over a week ago:

Desperately Seeking SP2
Microsoft redeems itself…a little

While I can say “told you so,” it’s still going to suck for university IT workers everywhere. Especially considering Microsoft is only giving universities one CD for every 50 students and won’t let universities make their own copies for distribution. An average undergraduate dorm at Stanford has about 100 students, so that’s only 2 CDs per dorm. (We actually have a different deal, but let’s go with this basic deal.) Assuming that the average time to install SP2 is about 30 minutes to an hour (calculating in time between passing off the Microsoft-pressed CD to the next person, variable computer speed and performance, etc.) and that you could probably get people patching for a total of 8 hours spread throughout the day, you could get about 16 people upgraded a day. So, it would take about six or seven days to upgrade an entire dorm. Of course, this is a very optimistic estimate– calculate in the time that somebody just isn’t around for a few days and doesn’t pass on the CD in a timely manner or somebody’s computer is slow and it just takes a long time or somebody just loses the damn CD. It could be upwards of two to three weeks before everyone gets SP2 installed and that’s a lot of time during which a vulnerability and exploit can come out and wreak havoc.

The point is that schools will have to institute a mixed model of distributing CDs and installing over the network. But how do you do that when students are more preoccupied with meeting friends and roommates, buying books, picking and registering for classes, paying bills, going to Target to buy some extra-long twin sheets, etc.? Not to mention all of the community building activities Stanford’s Residential Education program pushes. How do you encourage students in a way that will a) get them to install an important security update in a timely manner and b) do it in a way that is evenly distributed over multiple channels? On one hand, you’ll have students who try to get the CD as soon as possible so that they can be patched and secure. Okay, in a dorm of 100 students, after the first two grab those CDs, what about the other 98? Well, they’re busy and they’ve got to go run errands and meet up with friends and talk to professors and whatever else they have to do, so they don’t have time to be waiting around to meet up with Joe down the hall so that they can get the CD. They’ll either run Windows Update themselves or wait until Automatic Update happens or never get patched at all. That’s not very good distribution.

Last year, before RPC hell and back, Stanford’s IT organization decided to cut back on costs and not distribute an Essential Stanford Software CD, a CD which, among other things, included anti-virus software and was traditionally given to all new students when they came to campus. But come late July, the RPC exploits began to hit and suddenly, everyone realized that the CD was a pretty good idea and that it would be the perfect way to get people patched before they got onto the network. So then, there was a mad rush to get CDs pressed and distributed to not just new students, but all 10,000 students living on campus. I wonder what will happen if an exploit hits around September 1 and suddenly it becomes critical to get students patched with SP2 before they connect to the network. Will Microsoft be willing to allow us to copy and distribute CDs then? Or will universities have to bear the burden of whatever new exploit as they are asked to pay for more CDs and wait for Microsoft to press and ship them out?

Who knows what will happen? I think many of us are just simply going to get the CDs out there and hold our breath, hoping that a new vulnerability and/or exploit doesn’t come out, that SP2 won’t break too many computers, and that it won’t make our networks not only sluggish, but just completely roll over during this important period where students– and university staff– are trying to get the school year started, a process of which the Internet has become a critical part. We have seen how much network usage and hits to central campus servers spike during this period and we’ve seen our mail servers slow to a crawl. We’ve seen how much network traffic is hit already with email and file-sharing viruses and spyware. We’ve seen the Windows Update site fail under the burden of users trying to patch their computers. I guess we’ll just have to see what happens when they are all put together.

An incoming junior gets a new computer right around the end of August. Because most computer vendors aren’t installing SP2 yet on their drive images, his computer doesn’t have SP2 installed. But the student comes back to school and moves onto campus around September 26th and hooks his computer up to the network. Among other reasons, because he’s living off of the “free” electricity and high speed network available to him for only $10 per month, he leaves his computer on and connected to the network all the time. Now, hopefully, he’ll have automatic updates turned on or he’ll have listened to his RCC’s recommendations to install the latest OS patches or he’ll have installed Stanford’s new BigFix client to help with keeping his computer up-to-date. So, his computer gets SP2 pretty soon after he gets onto campus and he gets to, theoretically, take advantage of all the new security features that SP2 provides.

However, once SP2 is installed and the firewall is turned on, there are certain things that don’t work. Specifically, certain ports are blocked, so now he can’t log on using PC-Leland, Stanford’s desktop application that allows Kerberos single sign-on. Well, this is kind of annoying because most likely, he’s already configured his email client to use PC-Leland for accessing his Stanford email account, so his email probably doesn’t work now. Also, every time he tries to access anything on the Web behind Stanford WebAuth, including signing up for classes, accessing Coursework (Stanford’s course management system), etc., he has to login via the authentication page on the Web. But the problem is that there’s a known caching problem with the WebAuth page and if his browser’s not checking for new content every time he visits a page, he’ll go into an endless loop after authenticating and never be able to actually get to the page he was trying to access.

But no worries. He walks down the hallway and tells his RCC about his problem. The RCC is a little overwhelmed with beginning of the year computer problems or doesn’t want to confuse his not necessarily tech-savvy resident with complicated directions on how to open up ports, so he tells him to run the little SP2 configuration tool that has been put out by Stanford. Well, he’s not a new student, so he didn’t get a copy of this year’s CD, so he’ll have to go download the tool off of the Web site. Oh, but wait, that Web site is behind WebAuth, so he’ll run into the same caching problem. Okay, well, then the RCC will take some time out to help him fix that and then finally he’ll be able to get the configuration tool, get the right ports open, and get going.

A possible addendum to this scenario: if this student had installed the BigFix client when he got onto campus, at the recommendation of ITSS, he might have gotten SP2 pushed out to him through this system rather than Automatic Update (since it’s not clear how quickly someone would get SP2 pushed out to them over AU even with constant high speed network connectivity). But the second SP2 is successfully installed, BigFix would not work thereafter since the port it uses to push out patches is now blocked with the firewall. So, BigFix was able to push out SP2, but if there are new vulnerabilities and additional critical updates (which there most certainly will be), BigFix will not be able to push those out. We’ll have to hope that the student will be able to open up the correct ports soon or have Automatic Update running so that he can get his computer patched. Ironically, BigFix could end up shooting itself in the foot– an issue outside of the major concerns we had about this new system.

Of course, many of the user support issues here are not all the fault of Microsoft or even Stanford and in the end, a large OS upgrade like this will cause user support issues no matter what (although let’s not even get into the weird conflicts SP2 causes with popular antivirus software). And in the end, I give credit to Microsoft for actually listening to the one suggestion we gave them last year after RPC Hell– to give us resources to easily put critical patches and updates onto a CD and get users patched without having to put them on the network. I have to say, after over a year of constant struggles with security, privacy, and copyright, this little victory is both surprising and welcomed.

As a woman engineer or a woman in computer science or whatever you want to call me, I always find it interesting (read: stupid) how most people look at this problem. First of all, it’s just kind of mean that the primary motivating factor for tech firms to solve this problem is that, simply put, they’re running out of guys. Restrictions because of homeland security issues and growing hiring needs in general because of the tech boom are leaving an increasingly smaller pool of people to pick from when it comes to filling tech positions. So, let me get this straight: you can’t fill your tech jobs with foreign nationals anymore and you’re running out of guys in the US, so now you decide that hey, there’s a whole half of the population that we haven’t tapped. This is like when men were sent off to war, there was suddenly a workforce shortage so they decided to get women to work in factories and the like. It’s like they’re saying, “Uh, the boys have been doing all the heavy lifting lately when it comes to computers, but we’ve got a lot of work to do, so you ladies better start pulling your own weight.” Gee, I thought that having a workforce in tech more representative of the general population– at least when it comes to gender– would be a good thing for tech no matter what. Or that it might just generally be important to show impressionable young women that girls can do anything that boys can do and that having a vagina doesn’t disqualify you from being part of one of the most important, influential, not to mention lucrative, industries ever.

But even if we put aside the somewhat selfish motivation for trying to attract women to CS, most of the programs put into place seem like things men came up with because that’s what they think women want or need. Because they think that the issue is how women feel rather than what women know. Yes, although I never took advantage of groups like these while I was at Stanford, these “support groups” (how fucking sad to call it that– is it a disorder to be a woman in CS?) and mentorship programs might be helpful to many women because they feel more comfortable being around other women. But like I’ve said a thousand times, “separate, but equal” is rarely ever actually equal and getting women in CS together to make them feel better about being women in CS doesn’t solve the big picture problem.

Any type of gap like this starts at a much earlier stage– before entering the workforce, before college, before high school. It starts on the very first day people around you begin to shape your learning, inside and outside of the classroom. Ten, fifteen years ago, we all recognized that boys tended to be more interested in and excel more at math and science because they were simply encouraged to do so and girls were explicity discouraged. This naturally extends to CS. Just because kids today are digital natives– they don’t know a world without computers and the Internet– doesn’t mean that girls and boys have the same interaction with computers. You know why women feel so insecure and inadequate when they take programming classes in college? You know why women feel like they’re always behind and they’re just not as good at it as everyone else? Because we’re not as good at it as everyone else (at least at that point). And you know why that is? Because we haven’t been doing it our whole fucking lives. Just because someone grew up using computers her whole life doesn’t mean she knows anything about, has ever been exposed to anything that’s actually remotely related to computer science. How many male CS students already know how to program when they come to college? How many male CS students breeze through introductory classes because they’ve been programming in C or C++ for years and have already been exposed to some engineering fundamentals? Women who feel like they’re drowning even in introductory CS classes feel that way because they are drowning– they’re playing catch up and with the rigor of most engineering programs, it’s not an easy thing to do. Support groups might make women feel better because they realize that other women feel insecure too, but it doesn’t really solve the problem of why they feel insecure in the first place. If an overweight person feels insecure because he’s overweight, it might help to have him be around other overweight people so that he doesn’t feel alone, but you know what? He’s still overweight and that’s something that still needs to be addressed.

And on top of that, women miss out on all the random, but valuable things you learn on the side from talking tech with your friends. When a bunch of CS guys are together, they’ll talk about everything geeky, from programming languages to gaming to operating system choices to new technologies (ahem, e.g., file-sharing). I don’t know if it’s the estrogen in the air or the breasts that throw them off, but when a girl comes around, even if she is a CS girl, suddenly the conversation changes. Maybe CS guys think that a girl wouldn’t want to talk about these things. Maybe they think that they can impress her by trying to show her that they’re not just CS geeks. Maybe so, maybe not, but the gender gap isn’t going to get any smaller if both men and women don’t start getting their acts together– men need to start actively including women in their old boys network and women need to stop shying away from all-male geek circles and just get in there and learn. Get involved.

Case in point: my department did some brown bag lunch sessions with the Society of Women Engineers at Stanford and we started with a free-for-all “what do you want to learn about?” session. Now, here’s a group of about forty or fifty Stanford engineering majors– not a group to be taken lightly– and what do they want to learn about? How to FTP, how to set up a Web server, how to make a Web page. Shit like that. These are things that aren’t taught in class, but that most CS students know how to do– you know why? Because they sit around and learn how to do it on their own or pick it up from their friends. I realized that I knew how to do all these things because I was lucky enough to find a circle of friends freshman year that happened to be male CS students and more importantly, weren’t afraid to talk tech in front of me, with me. And when I didn’t know something, I, being the fearless young woman I am, would ask and they would tell me all about it. They would show me. And without being condescending about it! At the end of the day, so much is learned from just interacting with your peers and if you set CS women off to one side because you think that it will make them feel better, they’re never going to be exposed to the valuable things they can learn from being around CS men and they’re never going to be able to pass on those things to other women. The gender gap will never get smaller.

Ever notice that girls who grow up with lots of brothers often have (among other interests) traditionally “boy” interests? Like playing or following sports? It’s because they’re exposed to it growing up. And they’re not afraid to talk about sports or play sports with men later in life because they are confident about they’re own knowledge and abilities. You don’t create a divide between girls and boys and later in life, you don’t have a divide between men and women. You can see it with the digital divide too– giving a kid from a traditionally disadvantaged background a computer when he gets to high school might help the situation a little bit, but the real solution is not to simply donate some computers, but to close the math divide, the reading divide, the food divide, the housing divide. You empower them early so that they do not fall behind later.

You won’t be able to truly, effectively close the CS gender gap unless we work to close the gender gap in general, unless we work to encourage all types of learning equally among boys and girls from an early age. We won’t have to have mentorship programs or have to actively recruit women into computer science– women will naturally be attracted to CS because they will have been exposed to it early on and been able to cultivate that ability and interest as they grew up. And when they get to college, they won’t feel insecure or like they’re catching up because they won’t be catching up. They’ll know just as much as their male counterparts and have had the same opportunities to have the proper preparation for a CS curriculum. They won’t need a support group because they’ll be able to support themselves. They won’t need to find female CS role models because their gender will no longer separate them. To borrow from affirmative action, it will level the playing field and by providing equal opportunity, we’ll come closer to having equal results.

I wonder though if this kind of stuff continues, whether the RIAA and the MPAA will make a stink that universities are just encouraging illegal downloading of copyrighted materials. I mean, unlike the recent Napster deals, giving out iPods doesn’t discourage illegally downloading music. Duke is distributing the portable digital music players as “part of an initiative to encourage creative uses of technology in education and campus life.” Which makes me smirk because that’s what many of us have been saying is the reason for college campuses to have liberal computing and network usage policies– to promote the university’s educational mission by allowing experimentation and self-learning, especially the exploration of “creative uses of technology.” And many people would consider file-sharing, breaking DRM systems, and experimenting with what you can get on and off portable storage devices like iPods certainly as “creative uses of technology.”

Or maybe the next big iPod security risk will be violation of the Honor Code. I’m assuming that even though Duke will encourage iPods to be an integral part of coursework, the powers-that-be will have to ban them from exams (much like how many have had to ban cell phones and in a previous generation, graphing calcultors).

Links:
Slashdot post
Duke News & Communications release

Related posts:

1. Universities and Napster

While those arguments are somewhat valid, they are also short-sighted. And I don’t know if it’s because people don’t know much about how universities work or because when you have an online forum, you get a lot of not-very-thought-out comments. Probably both. In any case, my point is that yes, it won’t stop students from downloading copyrighted music illegally, but it will probably stop a significant percentage of them since not every college student jumps on the illegal file-sharing bandwagon as quickly as the media and the entertainment industry makes it out to seem. You still have to actually know about programs like Kazaa and BitTorrent and whatever-the-next-thing-is and you have to know how to use these technologies, where to look, etc. And with bandwidth caps and shaping, sometimes even blocking, of file-sharing traffic on an increasing number of college campuses, it makes it even harder. Not to mention that it’s getting harder and harder nowadays to get a decent download of a song on the first try. Realistically, if you find the right price point that’s trivial enough for the average college student, they will pay for music. And no matter what record companies might say, there are still plenty of college students who may download copyrighted music illegally but also buy CDs on a regular basis. The Try before you buy digital music model actually works a lot of the time.

But in general, when you’re talking about how many college students listen to digital music, an investment into some type of campus digital music service isn’t an idea that should be dismissed so readily. And especially when you consider how much of a resource suck DMCA complaints and file-sharing has become on college campuses, it’s worth it to many universities to come up with a better solution. Many universities are drowning in a sea of file-sharing and copyright melodrama and everybody is scared shitless of the threat of liability. That’s why universities are forming groups like the Joint Committee of the Higher Education and Entertainment Community Members– it may seem like they’re just getting in bed with the RIAA and the MPAA, but there’s also a desperation in alliances like this one. Universities know that something needs to be done because it really can’t go on like this– with students getting sued and university legal offices and IT departments spending all of their resources on handling DMCA issues– much longer. By choosing to provide a service like Napster, some universities are simply hoping that they’ll save money in the long run so that they can get back to the business of educating their students instead of the business of worrying about everybody getting sued.

Personally, I think that big (read: rich) universities like Stanford and MIT should lead the charge in standing up to the RIAA and the MPAA. I know, the real fear is that if they did do something like that, the RIAA and the MPAA could unleash all of their resources against them and even higher-ed powerhouses like Stanford and MIT could most likely never fight back with the same force. But you never know. These universities are leaders in technology and research and are home to people like Larry Lessig and campaigns like Computer Scientists for Social Responsibility and Verified Voting. Who knows what support they might be able to drum up if they decided to fight this fight?

In the meantime, I think digital music services like iTunes and Napster should consider offering educational pricing for all students and not worry about making deals with each individual institution. Verifying enrollment and student status might be a challenge, but think about how many college students would jump on that!

Link

Related posts:

1. RIAA continues fight while new company tries paradigm shift

And of course, then there are the viruses. I remember last year, even before RPC Hell, one campus actually banned Windows 2000 from their campus. ResNet organizations are just seriously at a loss. There are a number of universities who are taking advantage of open source solutions like Snort, buying commercial solutions like Perfigo or Bradford Campus Manager, or developing their own homegrown solutions. But what do you do when your ResNet is that one guy again who is still trying to manage a network for thousands of students, provide end user support, and respond to DMCA complaints? Suddenly, on top of that, you’ve got operating system vulnerabilities and exploits, email viruses, spyware, adware and more. And even if you did have the time to look into network wide solutions, if you’re the one guy managing the whole ResNet, what’s the chances that your university is willing to fork over the money for a commercial solution or even a few servers for a free or cheap solution? Probably not, so instead, you’re left with either just complete network chaos (not necessarily a bad option) or just shutting people down left and right for the health of the network. Which might seem like a valid option at face value, but then you realize that one guy has to turn all those people back on at some point, which could take a really. Long. Time. In the end, you could lose your network connection for some indefinite time which, considering how important being online is nowadays for schoolwork and otherwise, is a high price to pay just because you happened to miss a Windows Update.

The one man ResNet situation is, of course, a worst-case scenario, but this situation of lack of funding, resources, and staff and, as a result, draconian policies and practices, are prevalent throughout the country in varying degrees. And in the end, even if ResNet staffers push these policies because they have to and not because they want to, ResNet organizations usually don’t have enough political power within their universities to do anything, to effectively demand money and resources or change policy. We are the grassroots organizations, the Greenpeace, the Legal Aid of university computing organizations. We are the underdog and our political successes are, lately, few and far between. Which is really sad in the grand scheme of things because while students are the bread-and-butter of the education business, their personal computing needs are perhaps among those with which we are least concerned. Instead of student needs, support for personal student computing (not computer labs and such) lives and dies by how far you can stretch a fixed amount of resources and money, a fixed number that was set in the mid-nineties before the Internet really took off, before almost every single college freshman owned her own computer, and before we realized how important technology would really be to a whole generation of young people for which we would be responsible in many ways. In the end, universities and even the companies that include universities in their list of customers for software and hardware products will pay a high price. Some students will never get to experiment and learn and truly spread their wings because they can’t explore all the technologies out there, whether old or new. How many innovative ideas will never come to fruition because a student wasn’t allowed to explore or experiment? How many bad ideas will get played out in the real world because a student couldn’t test it out during their college years when the consequences wouldn’t cost somebody a job? And how many software and hardware companies will lose the chance to establish a user base and develop consumer buy-in and trust among millions of college students across the country? Before Napster fell with a big bang for all the world to see and hear, it managed to spread like wildfire on college campuses throughout the country and the RIAA is still trying to deal with the legacy it left behind and the undeniable place file-sharing and, more importantly, digital music holds now in our world. And even with its fall, universities like University of Rochester are signing huge contracts to bring legal, for-pay services to thousands and thousands of their students. Wouldn’t it be nice to be the company that is the source for digital music for millions of college students across the country?

Personal computing services are not like call waiting or caller ID. It is not like cable TV. It is an integral part of the learning process and essential to the principle of learning through experimentation and exploration, to the idea that a university’s responsibilities include providing students with the opportunity to learn both in and outside of the classroom through a comprehensive approach to education. Just because a computer sits in a student’s room doesn’t mean it’s not vital to the educational process. If anything, it is more important because of the undeniable role it plays it that student’s life and how it can and will be used to do great things, even if those great things are just allowing the student the opportunity to learn something new on her own. And ResNet organizations are the ones who are helping to shape that process even with the few resources we have. While ResNet organizations first grew out of utility, they are now at an important stage in the history of how technology can shape education and learning. Let’s see how many universities will seize this opporunity.

Related posts:

1. Why DRM systems are a bad idea and the freedom to tinker

This process is similar to the one we’re using at Stanford, but it’s so much better! It’s much more elegant and consistently applied across the residential network– they’ve put a server in front of every single residential hall (i.e. every single subnet) and it handles all network intrusion detection and management through one system. This is really a great example of how a university can leverage readily available, free, open-source products out there (it even runs on Linux) and significantly improve security and network health in one simple move– the only real cost to them is the initial staff time to develop the product and then the hardware that it runs on. And really, considering how much time and money improved network security and effective reaction plans can save, these are relatively small, but very worthwhile investments. Stanford lost millions in staff time from the Blaster and Welchia attacks alone last year.

And they’re still maintaining user privacy! The Texas A&M security team admits that they did not consider network management options that required desktop clients (e.g., Perfigo, BigFix, etc.) because they didn’t want to require users to have a particular piece of software on their computers. This is great since products like Perfigo’s CleanMachines and BigFix are primarily designed for corporate environments and can often return lots of properties about a computer on your network. While those types of solutions might be great for managing University-owned computers, they are not the right answer for privately owned student computers. How would you feel if Verizon or Comcast or whoever your ISP was could find out how much hard drive space you had (free or otherwise) or what version of Microsoft Office you’re running? Residential students live where they work. This is not just school to them; it is their home and it is their community. And Big Brother is not welcome!

I recently went to a presentation/panel discussion on computing resources at Stanford during our Admit Weekend. Our department has been doing this for years and one of the main “frequently asked questions” we answer during our preliminary spiel is “Do I have to have my own computer?” We give our usual answer of “no, you don’t have to have your own computer” and point out the many public computer clusters available in every residence and in central locations all around campus. And while this answer may thankfully comfort the one or two kids who can’t afford their own computers or who don’t want to get their own computers for whatever reason, the reality is that the vast majority of students today are digital natives (see Rich Holeton’s presentation on “Generation Keyboard”). Most of the students in the incoming class we spoke to (Class of 2008) were born in 1986, some in 1987. That means that they have never known a world without the personal computer and few of them can really remember a world without the Internet. Despite all the talk about the Digitial Divide, even if some high school students don’t have computers of their own, they often have at least a “family” computer in their home or have access to computers at their schools. And no matter how old those computers or how slow those Internet connections might be sometimes, nobody is writing their papers by hand anymore like we did (remember “cursive”?) and nobody is using the five-year old encyclopedia in the library for the research either.

So, when these digital natives make it to college and are often presented with, more often than not, technology resources so much greater than they previously had, isn’t it natural to allow them to experiment, to explore, to learn? College is huge step in the pursuit of learning– young people are making the decision to be full-time students, (hopefully) committed to pursuing their course of study. Students who live on campus are even more immersed in the educational process and, as the residential life programs on many campuses reflect, their entire lives, not just the part of it they spend inside the classroom or doing classwork, is an educational experience and universities who choose to embrace this can give their students an incredibly rich and valuable experience. As Schultz mentioned in his blog, both Google and Yahoo! were started by Stanford students running their own servers. Stanford has always had a relatively liberal network usage policy specifically to encourage that type of entrepeneurship, self-learning and initiative. And it doesn’t just have to result in a multi-billion dollar IPO– there are countless ways in which students have experimented with computing resources to do great things and learn important skills, such as setting up and running a server, creating and running a Web site, learning about networking or security, and more. And the rewards we reap aren’t always through enjoyable experiences. Getting your server hacked is a valuable lesson learned early for any budding system or network administrator. When mp3 technology first became popular and students suddenly began sharing files through Windows networking, IRC and FTP, the huge bandwidth and network usage was an early lesson all those years ago to students and university staff– digital music would be an important issue in the future. We all know Napster was the work of a college student and spread like wildfire first on college campuses and while the RIAA and the MPAA might think that this is the very argument against letting students experiment, I disagree. Napster and everything like it has revolutionized the way music is distributed and sold and, more importantly, has made us stop and reevaluate unfair and, in the light of digital technology, obsolete copyright laws that have gone unquestioned for so long.

Some have responded to Schultz’s article and many university system and network administrators, not surprisingly, have commented that they believe Penn State’s policy to be fair and reasonable, citing liability issues. Some (in not very nice ways) try to argue that unlimited and unrestricted network usage is not a right and students should be focusing on their studies, not running servers out of their rooms or downloading music. But university policies should not be driven by fear of liability, but desire to fulfill the educational mission. And to think that coursework is the only venue in which learning can and should be pursued is shortsighted and narrow-minded. While universities, of course, may not be able to outright ignore complaints accusing students of breaking the law, they can avoid implementing policies that will, instead of protecting them from possible liability, more likely only hinder creativity, innovation, and ultimately, learning.

And then I realize I guess I am. Despite all my frustration with work these past few months, with RPC hell and interdepartmental bureaucracy, working at a university and specifically at Stanford is extremely rewarding. In the beginning, I took the job with Residential Computing because in the face of a rapidly failing economy and tough job market, the university was offering a relatively interesting software development job with good pay and benefits. Then, after holding the position for a while, I was rewarded with the feeling of accomplishment and independence– I run my own software development program with relative autonomy and I got a lot done in my first year. But as I got the hang of the software development part, I became more involved in the staff part– being part of a staff that serves almost all students at the university and thanks to the people who work with me, serve them not only as a computing resource, but as advocates.

Technology pervades our lives more and more each day and today, it is what tests our social, political, economic and moral values. Today, and into the future, technology is deeply political and brings to the surface much deeper, much more essential issues. It’s similar to the AIDS epidemic– when we look at the problem of HIV and AIDS, we’re not just dealing with a medical problem. We’re dealing with a social problem, a political problem and an economic problem. There’s a reason why people of color, women, poor people– the same people often fall into these three categories– are suffering the most from the AIDS epidemic. When we look at the problem of AIDS, we would be remiss not to look at the problems of poverty, discrimination, and education. In the same way, talking about technology, working in technology is not just about building faster computers or getting everybody onto the Internet. It’s about looking at how technology can not only help our lives, but how it shapes our lives and ideals and what the way we use a technology or what technologies we pursue says about us as people.

My job isn’t just about writing code or building tools to help run the network better. It’s about building tools to faciliate and shape the educational process. It’s about being part of a staff that helps shape important policies regarding not just technology use, but student rights. The undergraduate experience at Stanford, partially thanks to the Residential Education model, is a truly engrossing experience and aims to provide learning opportunities not just in the classroom, but during your entire time at school and in all areas of your life while at school. And because technology is such an integral part of young people’s lives today, helping them learn how to use it more effectively, providing them with all the technology tools possible, and helping to influence University policy to ensure students are free to thrive in an open and encouraging environment is an extremely important and rewarding job. My college years are not so far in the past and being naturally inquisitive and having a thirst for learning as most Stanford students are and do, I remember how good it felt like, still feels like to be at a place like Stanford that is open and filled with rich resources of both technology and people to help me explore and learn.

Sometimes it’s frustrating and sometimes it feels like, as my friend put it, that I’m trying to drive a Jaguar on a go-cart track, but at least I’m on the road.

For those of you who have been living under a rock, I’m referring to the numerous RPC vulnerabilities on Windows NT, 2000 and XP machines and the unbelievably fast-spreading worms that have exploited them. As the computing organization that supports the approximately 10,000 on-campus housed students (almost all undergraduates and most graduates), we are responsible for a huge part of the campus network and total number of computers, especially considering 99% of students have their own computer. We had hundreds of computers hacked during the summer when there were very few people on campus and we knew that it would only get worse once school started and all 10,000 were back on campus– over 85% of our users run some flavor of Windows.

But we weren’t too worried.

The campus IT organization was (and still is) notifying administrators of hacked computers that they’ve been hacked and are throwing them into a DNS blackhole to further get their attention. They even provided a little tool that would scan (and clean) the most common worms as well as apply the latest hotfixes. Beyond that, we and our faithful student staff that live out in the residences could only work to educate students and help them get clean and patched when hacked. We figured that while fast-spreading, the worms weren’t doing TOO much damage and in the end, students are still adults and they should be expected to take care of their own machines.

The campus IT organization that essentially owns the wire we operate on didn’t see it the same way. Panic and hysteria ensued when they realized 1600 freshman would be arriving by the 18th and after that, the rest of the on-campus students that weren’t already here would arrive within days. Without getting into the details, I have spent A LOT of time over the past couple of weeks integrating tools to help ensure students get cleaned and patched before they get onto the network. Eighteen hour days for two weeks straight, especially when it’s something that we’re being forced to do, is not my idea of fun.

To summarize the situation, the analogy I use is this: there’s an STD going around. Our campus IT organization was treating it like HIV when really, it was just the clap– easily recognized and treatable. But more than that, it was like they were saying you couldn’t even come into casual contact with someone of the preferred sex until you had an STD test. In fact, better yet, they would have preferred everyone have their gonads removed and once checked, you could request to have them put back in/on. Draconian response, anyone?

Well, in the end, we’ll hopefully get some free X-Boxes out of this thing.

During these four days of good ol’ Midwestern fun (if I never see Ranch dressing again, it will be too soon), residential networking/computing groups from colleges and universities all over the country (and a couple world-wide) come to learn from each other, have a little fun and network (no pun intended). Last year’s hot topic was bandwidth and was a pre-cursor to this year’s hot topic: file-sharing and copyright law.

Stanford’s been dealing with the file-sharing and copyright game in a variety of ways for a while now, much longer than most universities out there, but at the end of the day, probably takes what one would consider a more “liberal” approach to the entire controversy (Larry Lessig is a Stanford Law professor, after all). It was interesting to see how many universities take such drastic measures when it comes to controlling file-sharing in terms of both bandwidth usage and copyright law. Most schools have bandwidth caps, but mostly because they have limited bandwidth available for the university as a whole and in the end, this slows down the file-sharing phenomenon on their campus. (Stanford has a gigabit backbone and shapes traffic to give priority to certain types of traffic, but does not limit bandwidth.) In terms of copyright, a few schools treat DMCA notices as junk mail, but most take them relatively seriously and try to fulfill the requirements set forth by the DMCA. Specifically, it usually involves passing on a copyright violation notice to a student (since they are usually filed against an IP address) and if the student does not comply (i.e., notify the DMCA agent that he/she stopped sharing the specified file), turn off his/her network connection. Some schools throw in some meeting with the judicial affairs group at their universities and some general education on file-sharing law and copyright.

The interesting thing at the conference was the moral stance many people took on the issue. Yes, it is a pain in the ass to many residential network staff since it takes up a lot of time and energy handling DMCA notices and dealing with students over the matter, but some people were pointing out that it was our duty as university employees to mold, to shape these young people and make sure they realized how wrong, how immoral it was to continue to participate in illegal sharing of copyrighted materials. The interesting thing was that this concept had never really come up among our staff at Stanford– yes, we know it’s technically illegal and that we should not encourage students, or anyone else, to break the law. And while we do realize the responsibility we hold as part of an educational institution to not only facilitate learning, but also to shape character, we do not consider ourselves parents or police. And specifically when it comes to file-sharing, many of us feel that file-sharing, outside of the legal issues, is not “immoral.”

I think most students feel the same way. I think if we started giving them lectures of the “moral” and “ethical” issues of file-sharing and copyright law, students would start calling the university a bunch of fascists. Just look at what happened with the alcohol policy.

Much mainstream media explains this phenomenon by stating that people to continue to file-share despite the fact that it’s illegal because “everybody’s doing it.” That’s certainly part of it– much like speed limit laws– but I know for many people at Stanford, it’s also about thumbing our nose at the establishment, showing the entertainment industry (and the people they control on Capitol Hill) that their maniacal hold on how music and movies are distributed is slowly starting to slip– as it should. Everybody talks about Microsoft as a monopoly, but people forget that there are only a handful of entertainment companies– they’re just hidden well with all their subsidiaries and partners. And consumers, file-sharers, are finding that the Internet and digital media is the start of the way to cause a revolutionary change in how business is conducted, to get their power back.

We know it’s illegal, but we break it because we believe the law to be wrong and in hopes that the law will be changed. Isn’t that what America is all about? The Internet was born here, in our research institutions and our government organizations, and it has spread across the country, the world and has invaded, pervaded every aspect of our lives, from the trivial to the essential. How can we be surprised that the Internet and digital technology have become the driving force behind revolutionary change in intellectual property rights and consumer empowerment?

Related posts:

1. File-sharing: missing the big picture?

At Stanford, the Daily publishes articles and editorials regularly on file-sharing and University policy, often causing many headaches for the administration and legal counsel. There is much argument over Stanford’s, not to mention any University’s responsbilities and policies as an ISP and under Title II of the DMCA.

However, most of this media coverage is missing the big picture– nobody should be talking about whether file-sharing is illegal when it comes to copyrighted material. It’s illegal. End of story. What the discussion, the argument, the media coverage should really be about is whether it should be illegal and what millions of people continuing to share digital music and video files says about the future of file-sharing, copyright and the entertainment industry.

Record companies and the like are filing grievances as copyright holders and while they do have the right to protect their creative works, current copyright law severely slows down the passing of material into the public domain where it can be used for learning and more importantly, to build on top of for new creative work. What good is all this art if you can’t have access to it, learn from it and build on top of it? While Disney and whoever else might want to work day and night to hold onto the rights to their own creative works, after a certain amount of time, most people don’t mind their work passing into the public domain for others to access freely and build on. (Check out the The Eric Eldred Act.)

Moreover, we spend all this time fretting over Microsoft’s OS monopoly, but we ignore the fact that the entertainment industry is controlled by a handful of companies– television, magazines, newspapers, movies and music are all owned and controlled by subsidiaries of a few media giants– and for some reason, they’ve decided to fight the changing tide of consumer activity. With the growth of the Internet, people have greater access to information than ever before and they have– and want– everything at their fingertips.

I don’t want to have to go the corner store and pick up a newspaper– I just want to quickly visit some news sites, or better yet, I want to open up my browser homepage and take a quick glance at customized headlines and content put together just for me at my favorite Internet portal.

If I or my TiVo miss that last episode of ER, I don’t want to have to wait until the reruns a year from now– I want to be able to get a copy of the episode ASAP and get caught up on the story. And my favorite episodes of the season? Oh yeah, I want those ASAP too. I can’t wait for the DVD release three years from now.

I don’t want to have to go to the bookstore and go through aisles and aisles in search of a book I know I want, but can’t seem to find because it’s either A) somewhere I don’t think it would be or B) simply out of stock. I want to be able to do a quick search online, order a book I know is in stock and have it delivered to my doorstep.

I don’t want to have to suffer through conversations with incompetent salespeople and long lines to order a new hard drive or digital camera– I just want to go online, see what’s available, read a thousand reviews on a particular type of product, and pick the one I want for the best price I can get. Even if the best price is from a noname electronics store in the middle of Kansas.

And I don’t want to have to pay for an entire CD if I don’t want to– I just want the songs I like. I’ll try the other ones, but only for free and if I like them, then I’ll buy the whole CD. And I don’t want to pay for the cost of media, packaging and liner notes that I never get in a digital media.

The current controversy over file-sharing should not be about whether or not it’s wrong to steal music– we know it’s wrong. But we aren’t doing it just because we can get away with it– well, maybe just a little. The more important thing is, we don’t care– we’ve found a better way to get our fix of movies and music and the truth is, we’re willing to pay for it. But if the entertainment companies aren’t going to provide it, we’ll find another way.

Ironically enough, one of my coworkers did this in a semi-official capacity, setting up a Gnutella server in our office and advertising it to our student employees. The server was not set up to share music files. Instead, it was set up so that Stanford students could list it as one of their hosts when connecting to the Gnutella network. With Stanford students connecting to a common on-campus host, they would find each other instead of off-campus computers and take advantage of unlimited bandwidth between on-campus computers, reducing traffic travelling in and out of the campus network, traffic that uses very expensive bandwidth the university has to pay for. Realizing how much file-sharing does go on and how much it uses up network bandwidth (despite our packet-shaping efforts), the real aim of this little experiment was to decrease traffic between campus and the commodity Internet, a goal of any good university network and systems administrator. Apparently, the MPAA did not find the experiment as interesting and innovative as we did. They faxed a threatening letter to the university and the server’s network connection was promptly turned off (while most of us were away on Winter break). The decisive action was certainly a shock– while we have, in the past, shut off students’ network connections after the MPAA and RIAA notified us that they were illegally sharing copyrighted materials, staff network connections are rarely, if ever, shut down, especially not without notifying the staff member first. After meeting with many important people, including the Provost and Stanford’s in-house counsel, they decided it was a good idea to leave the server shut down. While Stanford maintains a liberal attitude toward network use, a university provided way to faciliate file-sharing didn’t go over so well.

Long after the fall of Napster, the battle continues. Personally, I think the music industry needs to get it together and realize that digital music is the future. They’re right– downloading files of music that you do not own is stealing. But that little reality isn’t going to stop the millions who are trading music today, no matter how many lawsuits they file. The underground network of music fans and computer geeks will always find a way. Before Napster, there was IRC and ratio FTP sites. After Napster, there’s Gnutella and Kazaa. It never ends. People want to be able to download music whether it’s a single song or an entire album. The real question is, are they willing to pay for it?

I have to admit– when I was a student, I downloaded music freely and outside of some Sting and Dave Matthews Band albums, I didn’t buy CDs. Why should I when I could download all the music I wanted, including yet unreleased albums, off of a high-speed Internet connection? But alas, that was when I had a lot more time and a lot less money on my hands. Now, it’s not worth it to me to spend an evening trying to get high quality copies of albums, even with a high speed connection. The real value behind Kazaa and other file-sharing technologies for me is that I can sample and explore. I can go through the playlists for KMEL and download songs I hear on the radio. I satiate my need for immediate gratification and if I really do like them, I try to download more songs from the album and in the end, might decide to just buy the entire album. It’s not worth it to me to sit there trying to download the entire album, checking if it’s the right song, checking if there are any skips or errors, renaming files, fixing ID3 tags, etc.

Additionally, I’m just getting better quality sound with CDs. Unfortunately, most MP3s out there aren’t encoded at 192 kbps or greater and when you listen to music on a higher quality sound system, you start to hear the drop in quality. If you really love music, you’ll opt for getting the CD so you can hear it at its highest quality.

Of course, sometimes I don’t buy the album. Why? Because I only like one song on the album and I don’t want to shell out $20 for one song. And if I couldn’t try out the music beforehand and ended up buying an entire CD that I didn’t like, the neo-Nazi return policies of music stores would leave me SOL. Honestly, even before file-sharing, I didn’t buy CDs that often because of this very predicament.

Or what about when I get nostalgic and I have to hear that Rick Astley song that’s been playing in my head all day? I certainly don’t want to go buy the entire album or even a compilation album of other 80′s and 90′s hits. If I want a compilation, I’ll make it myself– every person’s got different tastes when it comes to what makes a good mix CD. But for those particularly hard to find songs, it might take me a while to find a high quality, no skip, no error, correct version of the song I’m looking for. If the music industry could provide me with that service, I would definitely be willing to pay 50 cents or $1 for that convenience and guarantee.

Still left to draw people to P2P networking are the really rare files– recordings of live performances, special remixes or editions of songs, etc. I don’t really know how you would get around this. I used to do traditional tape-trading, starting with actual cassette tapes and moving to CDs, but that requires a lot of finding out who has what, negotiating trades, mailing stuff all around the country, and waiting anxiously for your stuff to arrive, provided it doesn’t turn out to be a bad trade and you’re left with nothing. The Internet is a great way to trade live recordings of shows, legal or otherwise, and it’s the only place to get really rare versions or performances of songs.

Of course, the irony of all of this is that I don’t think file-sharing really affects CD sales. The rise of file-sharing coincided with the fall of the economy and while the music industry might think that file-sharing is the cause of their drop in sales, it might want to consider the fact that Americans are suffering from a very real recession and have little money to spend on music, much less anything else. Additionally, while my friends might be the exception to the rule, most students who download illegally shared files still end up buying CDs. The whole proposition that digitial music provides an effective way for people to try out music and then motivate them to go and buy the entire CD actually does work.

Somehow, the larger computing group that my department is part of was given the responsibility to turn around a fee-for-service group on campus. They were something like two million in the hole, but the university hoped to give them to us so that we can make them self-sufficient and possibly, profitable. While I’m sure they’re good people and don’t want them to be put out on the street, I don’t really see how the group fits into our department’s, much less the university’s mission as a whole. In general, they provide Web services (Web site design, online surveys, logo design, etc.) to groups on campus that can pay market prices for their services. They are encouraged to conduct business only with university organizations, although they can work for outside clients on a very limited basis (if only to break even).

There are two major problems I have with this model (outside of my own reservations about the quality of their work):

1. A fee-for-service group of qualified professionals is a great resource for those university groups that can’t afford to, or even want to hire full-time staff for special projects, like conducting an online survey or having their Web site redesigned. However, if they are charging market prices, it makes the entire endeavor less cost effective for the client. Because they are a fee-for-service group, long-term support is either non-existent or existent, but very expensive, cancelling out the value of having the fee-for-service group in the first place.
2. The group was made part of a regular university department, I’m assuming, to be tied into that department’s and the university’s mission and to take advantage of the management resources available within the department. They are required to be financially self-sufficient (which is good in this economy and the current state of budget cuts), but they still take resources from the department. Besides the management resources required to keep the group running, management has been encouraging “working together,” which essentially amounts to taking homegrown software solutions and other tools built within the department and selling them as part of their services. While we are being monetarily being compensated for use of our products and staff time (as we normally do since we offer them as services for other departments ourselves, albeit at a much, much lower price), they are essentially getting to offer a much more valuable suite of services because of their attachment to our organization. In exchange, the theory is that they offer their own services– free Web design work, consulting, etc. However, since we are a computing group, we already have staff that are specifically assigned to work on those types of projects. So, the question is: is the exchange equal or even necessary?

In my opinion, no.

A better approach is to have the group work as regular, full-time staff at the university as an independent department. Any money being spent to currently manage the department could go toward staff compensation, equipment, etc. Other costs could be recovered through the fee-for-service work, but the group should charge much lower prices, making it truly cost-effective for departments who have little money, but many technology needs. Still not enough money? They should really start looking into student labor. While full-time staff is able to respond quickly to high-priority projects, student staff is a valuable resource for long-term projects, such as the development of useful tools that can become value-add services for future clients, and for administrative and lower-priority work.

Whether or not my version of this model would work is up in the air, but the real solution to providing technology resources to university departments is regular, full-time staff who is trained, experienced and truly believe in the university’s academic mission. Educational institutions are not known for being lucrative endeavors. Yes, many private universities have large endowments and countless donors, but to be cutting edge, it takes great faculty, staff and facilities. In the end, university employees will still be underpaid by market standards. However, great universities– and great companies in general– become great because of the buy-in they get from their employees. We believe in the academic mission, the chance to serve students and affect future leaders, and the opportunity to use the educational playground as the scene for innovation, creativity, and learning. Making decisions based on financial factors alone just doesn’t work because there isn’t much “finance” to discuss. Instead, what drives us to get and go to work everyday is that we get to pursue these goals and get paid to do it. Isn’t that how every job should be?