Category Archives: education

Universities and Napster

Somebody posted to Slashdot today about George Washington University making a deal with Napster. The list of comments about this is more interesting than the actual deal (since Penn State and the University of Rochester struck deals with the digital music service a while ago). Many of the comments focus on the argument that a) this won’t really stop students from downloading copyrighted music illegally and b) it’s lame that universities are spending money (read: tuition) on providing this type of service instead of on educating students.

While those arguments are somewhat valid, they are also short-sighted. And I don’t know if it’s because people don’t know much about how universities work or because when you have an online forum, you get a lot of not-very-thought-out comments. Probably both. In any case, my point is that yes, it won’t stop students from downloading copyrighted music illegally, but it will probably stop a significant percentage of them since not every college student jumps on the illegal file-sharing bandwagon as quickly as the media and the entertainment industry makes it out to seem. You still have to actually know about programs like Kazaa and BitTorrent and whatever-the-next-thing-is and you have to know how to use these technologies, where to look, etc. And with bandwidth caps and shaping, sometimes even blocking, of file-sharing traffic on an increasing number of college campuses, it makes it even harder. Not to mention that it’s getting harder and harder nowadays to get a decent download of a song on the first try. Realistically, if you find the right price point that’s trivial enough for the average college student, they will pay for music. And no matter what record companies might say, there are still plenty of college students who may download copyrighted music illegally but also buy CDs on a regular basis. The Try before you buy digital music model actually works a lot of the time.

But in general, when you’re talking about how many college students listen to digital music, an investment into some type of campus digital music service isn’t an idea that should be dismissed so readily. And especially when you consider how much of a resource suck DMCA complaints and file-sharing has become on college campuses, it’s worth it to many universities to come up with a better solution. Many universities are drowning in a sea of file-sharing and copyright melodrama and everybody is scared shitless of the threat of liability. That’s why universities are forming groups like the Joint Committee of the Higher Education and Entertainment Community Members— it may seem like they’re just getting in bed with the RIAA and the MPAA, but there’s also a desperation in alliances like this one. Universities know that something needs to be done because it really can’t go on like this– with students getting sued and university legal offices and IT departments spending all of their resources on handling DMCA issues– much longer. By choosing to provide a service like Napster, some universities are simply hoping that they’ll save money in the long run so that they can get back to the business of educating their students instead of the business of worrying about everybody getting sued.

Personally, I think that big (read: rich) universities like Stanford and MIT should lead the charge in standing up to the RIAA and the MPAA. I know, the real fear is that if they did do something like that, the RIAA and the MPAA could unleash all of their resources against them and even higher-ed powerhouses like Stanford and MIT could most likely never fight back with the same force. But you never know. These universities are leaders in technology and research and are home to people like Larry Lessig and campaigns like Computer Scientists for Social Responsibility and Verified Voting. Who knows what support they might be able to drum up if they decided to fight this fight?

In the meantime, I think digital music services like iTunes and Napster should consider offering educational pricing for all students and not worry about making deals with each individual institution. Verifying enrollment and student status might be a challenge, but think about how many college students would jump on that!


The Burden of ResNets

Well, another year, another ResNet. I’m always amazed whenever I leave a ResNet conference at the sheer variety in attitudes, policies, practices and resources available at ResNet organizations throughout the country. A vital part of each ResNet conference is chatting with people from other schools at BOFs, during meals, and on the always-long-ass bus ride to the closing dinner, but the strange thing is that more often than not, I usually end up feeling really uncomfortable whenever I talk shop with someone from another school and it’s not just that ResNet folks might be some of the most socially awkward people in the world. It’s the fact that talking shop usually involves talking policy and unfortunately, more and more schools are opting for draconian network management practices. While some are certainly driven by philosophical differences– e.g., they really do believe you shouldn’t let students run their own servers or file-share– many are driven to draconian practices by lack of resources and funding. I’ve been to three ResNet conferences so far and I was a Technical and Security theme guide this past year and the two main issues driving policy lately are file-sharing and viruses. Both are huge resource sucks– file-sharing, obviously, takes up a lot of time and resources because ResNet staffers are often the DMCA agents for their residential networks and with the rise in p2p, that one ResNet guy who was responsible for managing a network used by thousands of students and providing end user support for all of those students is suddenly expected to respond to hundreds, possibly even thousands, of DMCA complaints. (Good thing the RIAA just filed more lawsuits. The record companies keep talking about taking money out of the hands of artists, but not only are their lawsuits not very good at stopping file-sharing, they’re taking money and resources out of the hands of educational institutions.) On top of the legal issues, file-sharing is usually just a huge bandwidth suck– even with traffic shaping tools like Packeteer, file-sharing traffic usually takes up as much network bandwidth as it possibly can. As a result, many schools are issuing bandwidth caps per student (since most schools can’t afford to pay for a lot of commodity Internet bandwidth) which can severely limit your network experimentation and usage even for legitimate purposes and some even ban all file-sharing traffic completely. I mean, we’re talking refer you to Judicial Affairs, take away your network connection for a semester or even a year, get in real trouble kind of trouble. Talk about traffic shaping.

And of course, then there are the viruses. I remember last year, even before RPC Hell, one campus actually banned Windows 2000 from their campus. ResNet organizations are just seriously at a loss. There are a number of universities who are taking advantage of open source solutions like Snort, buying commercial solutions like Perfigo or Bradford Campus Manager, or developing their own homegrown solutions. But what do you do when your ResNet is that one guy again who is still trying to manage a network for thousands of students, provide end user support, and respond to DMCA complaints? Suddenly, on top of that, you’ve got operating system vulnerabilities and exploits, email viruses, spyware, adware and more. And even if you did have the time to look into network wide solutions, if you’re the one guy managing the whole ResNet, what’s the chances that your university is willing to fork over the money for a commercial solution or even a few servers for a free or cheap solution? Probably not, so instead, you’re left with either just complete network chaos (not necessarily a bad option) or just shutting people down left and right for the health of the network. Which might seem like a valid option at face value, but then you realize that one guy has to turn all those people back on at some point, which could take a really. Long. Time. In the end, you could lose your network connection for some indefinite time which, considering how important being online is nowadays for schoolwork and otherwise, is a high price to pay just because you happened to miss a Windows Update.

The one man ResNet situation is, of course, a worst-case scenario, but this situation of lack of funding, resources, and staff and, as a result, draconian policies and practices, are prevalent throughout the country in varying degrees. And in the end, even if ResNet staffers push these policies because they have to and not because they want to, ResNet organizations usually don’t have enough political power within their universities to do anything, to effectively demand money and resources or change policy. We are the grassroots organizations, the Greenpeace, the Legal Aid of university computing organizations. We are the underdog and our political successes are, lately, few and far between. Which is really sad in the grand scheme of things because while students are the bread-and-butter of the education business, their personal computing needs are perhaps among those with which we are least concerned. Instead of student needs, support for personal student computing (not computer labs and such) lives and dies by how far you can stretch a fixed amount of resources and money, a fixed number that was set in the mid-nineties before the Internet really took off, before almost every single college freshman owned her own computer, and before we realized how important technology would really be to a whole generation of young people for which we would be responsible in many ways. In the end, universities and even the companies that include universities in their list of customers for software and hardware products will pay a high price. Some students will never get to experiment and learn and truly spread their wings because they can’t explore all the technologies out there, whether old or new. How many innovative ideas will never come to fruition because a student wasn’t allowed to explore or experiment? How many bad ideas will get played out in the real world because a student couldn’t test it out during their college years when the consequences wouldn’t cost somebody a job? And how many software and hardware companies will lose the chance to establish a user base and develop consumer buy-in and trust among millions of college students across the country? Before Napster fell with a big bang for all the world to see and hear, it managed to spread like wildfire on college campuses throughout the country and the RIAA is still trying to deal with the legacy it left behind and the undeniable place file-sharing and, more importantly, digital music holds now in our world. And even with its fall, universities like University of Rochester are signing huge contracts to bring legal, for-pay services to thousands and thousands of their students. Wouldn’t it be nice to be the company that is the source for digital music for millions of college students across the country?

Personal computing services are not like call waiting or caller ID. It is not like cable TV. It is an integral part of the learning process and essential to the principle of learning through experimentation and exploration, to the idea that a university’s responsibilities include providing students with the opportunity to learn both in and outside of the classroom through a comprehensive approach to education. Just because a computer sits in a student’s room doesn’t mean it’s not vital to the educational process. If anything, it is more important because of the undeniable role it plays it that student’s life and how it can and will be used to do great things, even if those great things are just allowing the student the opportunity to learn something new on her own. And ResNet organizations are the ones who are helping to shape that process even with the few resources we have. While ResNet organizations first grew out of utility, they are now at an important stage in the history of how technology can shape education and learning. Let’s see how many universities will seize this opporunity.

Big Brother is not welcome!

I really have to congratulate Texas A&M for delivering a network security solution that still protects privacy (thanks to the direction of their administration that encourages non-invasive security practices). The Security Team there has built an open-source solution that effectively monitors for network instrusion and dynamically blocks (through a firewall) compromised or vulnerable computers before they can get onto the network. Their product, NetSQUID, is simply a Perl script that sits between Snort and IPTables. Computers are blocked according to the Snort rules the network administrators choose to deploy and Web requests from those computers are automatically redirected to an information page that lets the user know what’s happened, how to fix their computer, and how to get help if they need it.

This process is similar to the one we’re using at Stanford, but it’s so much better! It’s much more elegant and consistently applied across the residential network– they’ve put a server in front of every single residential hall (i.e. every single subnet) and it handles all network intrusion detection and management through one system. This is really a great example of how a university can leverage readily available, free, open-source products out there (it even runs on Linux) and significantly improve security and network health in one simple move– the only real cost to them is the initial staff time to develop the product and then the hardware that it runs on. And really, considering how much time and money improved network security and effective reaction plans can save, these are relatively small, but very worthwhile investments. Stanford lost millions in staff time from the Blaster and Welchia attacks alone last year.

And they’re still maintaining user privacy! The Texas A&M security team admits that they did not consider network management options that required desktop clients (e.g., Perfigo, BigFix, etc.) because they didn’t want to require users to have a particular piece of software on their computers. This is great since products like Perfigo’s CleanMachines and BigFix are primarily designed for corporate environments and can often return lots of properties about a computer on your network. While those types of solutions might be great for managing University-owned computers, they are not the right answer for privately owned student computers. How would you feel if Verizon or Comcast or whoever your ISP was could find out how much hard drive space you had (free or otherwise) or what version of Microsoft Office you’re running? Residential students live where they work. This is not just school to them; it is their home and it is their community. And Big Brother is not welcome!

Educational freedom

Jason Schultz, an EFF attorney wrote an entry in his blog about Penn State’s presentation at the EDUCAUSE policy conference on its ban on students running servers and their new Napster program. Schultz gets it right when he points out the problem with Penn State’s approach to copyright problems– they’re simply taking computing tools away from their students and hindering educational experimentation. If anything, computing has become that much more essential to student life and having computing resources not only available for use, but also for experimentation is an integral part of the educational experience today.

I recently went to a presentation/panel discussion on computing resources at Stanford during our Admit Weekend. Our department has been doing this for years and one of the main “frequently asked questions” we answer during our preliminary spiel is “Do I have to have my own computer?” We give our usual answer of “no, you don’t have to have your own computer” and point out the many public computer clusters available in every residence and in central locations all around campus. And while this answer may thankfully comfort the one or two kids who can’t afford their own computers or who don’t want to get their own computers for whatever reason, the reality is that the vast majority of students today are digital natives (see Rich Holeton’s presentation on “Generation Keyboard”). Most of the students in the incoming class we spoke to (Class of 2008) were born in 1986, some in 1987. That means that they have never known a world without the personal computer and few of them can really remember a world without the Internet. Despite all the talk about the Digitial Divide, even if some high school students don’t have computers of their own, they often have at least a “family” computer in their home or have access to computers at their schools. And no matter how old those computers or how slow those Internet connections might be sometimes, nobody is writing their papers by hand anymore like we did (remember “cursive”?) and nobody is using the five-year old encyclopedia in the library for the research either.

So, when these digital natives make it to college and are often presented with, more often than not, technology resources so much greater than they previously had, isn’t it natural to allow them to experiment, to explore, to learn? College is huge step in the pursuit of learning– young people are making the decision to be full-time students, (hopefully) committed to pursuing their course of study. Students who live on campus are even more immersed in the educational process and, as the residential life programs on many campuses reflect, their entire lives, not just the part of it they spend inside the classroom or doing classwork, is an educational experience and universities who choose to embrace this can give their students an incredibly rich and valuable experience. As Schultz mentioned in his blog, both Google and Yahoo! were started by Stanford students running their own servers. Stanford has always had a relatively liberal network usage policy specifically to encourage that type of entrepeneurship, self-learning and initiative. And it doesn’t just have to result in a multi-billion dollar IPO– there are countless ways in which students have experimented with computing resources to do great things and learn important skills, such as setting up and running a server, creating and running a Web site, learning about networking or security, and more. And the rewards we reap aren’t always through enjoyable experiences. Getting your server hacked is a valuable lesson learned early for any budding system or network administrator. When mp3 technology first became popular and students suddenly began sharing files through Windows networking, IRC and FTP, the huge bandwidth and network usage was an early lesson all those years ago to students and university staff– digital music would be an important issue in the future. We all know Napster was the work of a college student and spread like wildfire first on college campuses and while the RIAA and the MPAA might think that this is the very argument against letting students experiment, I disagree. Napster and everything like it has revolutionized the way music is distributed and sold and, more importantly, has made us stop and reevaluate unfair and, in the light of digital technology, obsolete copyright laws that have gone unquestioned for so long.

Some have responded to Schultz’s article and many university system and network administrators, not surprisingly, have commented that they believe Penn State’s policy to be fair and reasonable, citing liability issues. Some (in not very nice ways) try to argue that unlimited and unrestricted network usage is not a right and students should be focusing on their studies, not running servers out of their rooms or downloading music. But university policies should not be driven by fear of liability, but desire to fulfill the educational mission. And to think that coursework is the only venue in which learning can and should be pursued is shortsighted and narrow-minded. While universities, of course, may not be able to outright ignore complaints accusing students of breaking the law, they can avoid implementing policies that will, instead of protecting them from possible liability, more likely only hinder creativity, innovation, and ultimately, learning.

On the road

I loved the movie The American President, so I don’t know quite why it took me so long to start watching The West Wing. But I’ve started and am catching up on all four seasons before this current one. And I’ve got to say, I love it. I can’t get enough. It’s one of the few shows, if not the only one that I can watch countless episodes back to back and never get tired of it. That’s the case for a lot of reasons, including a great cast, intelligent and witty dialogue, and compelling storylines. Yet, as I find myself three-quarters through the second season, I realize that one of the greatest reasons for enjoying the show is that the ideals the Bartlett administration works for resonate with me and it makes me feel good to see people, particularly politicians working to achieve those ideals. And of course, it’s a television show, a sugar-coated, dramatized version of how things really work, how things really happen, but I can’t help feeling like I wish I could be part of something like that.

And then I realize I guess I am. Despite all my frustration with work these past few months, with RPC hell and interdepartmental bureaucracy, working at a university and specifically at Stanford is extremely rewarding. In the beginning, I took the job with Residential Computing because in the face of a rapidly failing economy and tough job market, the university was offering a relatively interesting software development job with good pay and benefits. Then, after holding the position for a while, I was rewarded with the feeling of accomplishment and independence– I run my own software development program with relative autonomy and I got a lot done in my first year. But as I got the hang of the software development part, I became more involved in the staff part– being part of a staff that serves almost all students at the university and thanks to the people who work with me, serve them not only as a computing resource, but as advocates.

Technology pervades our lives more and more each day and today, it is what tests our social, political, economic and moral values. Today, and into the future, technology is deeply political and brings to the surface much deeper, much more essential issues. It’s similar to the AIDS epidemic– when we look at the problem of HIV and AIDS, we’re not just dealing with a medical problem. We’re dealing with a social problem, a political problem and an economic problem. There’s a reason why people of color, women, poor people– the same people often fall into these three categories– are suffering the most from the AIDS epidemic. When we look at the problem of AIDS, we would be remiss not to look at the problems of poverty, discrimination, and education. In the same way, talking about technology, working in technology is not just about building faster computers or getting everybody onto the Internet. It’s about looking at how technology can not only help our lives, but how it shapes our lives and ideals and what the way we use a technology or what technologies we pursue says about us as people.

My job isn’t just about writing code or building tools to help run the network better. It’s about building tools to faciliate and shape the educational process. It’s about being part of a staff that helps shape important policies regarding not just technology use, but student rights. The undergraduate experience at Stanford, partially thanks to the Residential Education model, is a truly engrossing experience and aims to provide learning opportunities not just in the classroom, but during your entire time at school and in all areas of your life while at school. And because technology is such an integral part of young people’s lives today, helping them learn how to use it more effectively, providing them with all the technology tools possible, and helping to influence University policy to ensure students are free to thrive in an open and encouraging environment is an extremely important and rewarding job. My college years are not so far in the past and being naturally inquisitive and having a thirst for learning as most Stanford students are and do, I remember how good it felt like, still feels like to be at a place like Stanford that is open and filled with rich resources of both technology and people to help me explore and learn.

Sometimes it’s frustrating and sometimes it feels like, as my friend put it, that I’m trying to drive a Jaguar on a go-cart track, but at least I’m on the road.

RPC Hell

The beginning of the school year has finally arrived and thankfully, I’ve survived somehow. Since my last post, I’ve been busy getting ready to release all the cool new projects we’ve been working on all summer, but the whole end of summer rush only got worse because of RPC hell.

For those of you who have been living under a rock, I’m referring to the numerous RPC vulnerabilities on Windows NT, 2000 and XP machines and the unbelievably fast-spreading worms that have exploited them. As the computing organization that supports the approximately 10,000 on-campus housed students (almost all undergraduates and most graduates), we are responsible for a huge part of the campus network and total number of computers, especially considering 99% of students have their own computer. We had hundreds of computers hacked during the summer when there were very few people on campus and we knew that it would only get worse once school started and all 10,000 were back on campus– over 85% of our users run some flavor of Windows.

But we weren’t too worried.
Continue reading RPC Hell

More file-sharing madness…

I just got back from the ResNet conference at Ferris State University in Big Rapids, MI. Yes, that’s right: Big Rapids, not Grand Rapids. Apparently, they jumped the gun when they found Big Rapids and ended up finding even bigger rapids.

During these four days of good ol’ Midwestern fun (if I never see Ranch dressing again, it will be too soon), residential networking/computing groups from colleges and universities all over the country (and a couple world-wide) come to learn from each other, have a little fun and network (no pun intended). Last year’s hot topic was bandwidth and was a pre-cursor to this year’s hot topic: file-sharing and copyright law.
Continue reading More file-sharing madness…

File-sharing: missing the big picture?

File-sharing is still a hot topic in the news. On one hand, most of the media out there is still touting file-sharing as “piracy” and “theft.” Both the complaining parties (mostly the RIAA and the MPAA) and self-proclaimed file-sharers are arguing that file-sharing continues simply because people can get away with it. Record companies are attributing the drop in CD sales over the past two years to file-sharing, not to the drop in CD production overall (fewer titles) and very real recession from which the country is suffering (which has spanned the past two years while file-sharing has been around since 1998).

At Stanford, the Daily publishes articles and editorials regularly on file-sharing and University policy, often causing many headaches for the administration and legal counsel. There is much argument over Stanford’s, not to mention any University’s responsbilities and policies as an ISP and under Title II of the DMCA.

However, most of this media coverage is missing the big picture– nobody should be talking about whether file-sharing is illegal when it comes to copyrighted material. It’s illegal. End of story. What the discussion, the argument, the media coverage should really be about is whether it should be illegal and what millions of people continuing to share digital music and video files says about the future of file-sharing, copyright and the entertainment industry.
Continue reading File-sharing: missing the big picture?

Living in Oblivion

The music industry continues to live in denial as it insists on squashing digital music file sharing. Specifically, the RIAA recently filed lawsuits against three college students for operating campus file search software that faciliated file swapping on the campus network, presumably to help students find illegally shared music files.

Ironically enough, one of my coworkers did this in a semi-official capacity, setting up a Gnutella server in our office and advertising it to our student employees. The server was not set up to share music files. Instead, it was set up so that Stanford students could list it as one of their hosts when connecting to the Gnutella network. With Stanford students connecting to a common on-campus host, they would find each other instead of off-campus computers and take advantage of unlimited bandwidth between on-campus computers, reducing traffic travelling in and out of the campus network, traffic that uses very expensive bandwidth the university has to pay for. Realizing how much file-sharing does go on and how much it uses up network bandwidth (despite our packet-shaping efforts), the real aim of this little experiment was to decrease traffic between campus and the commodity Internet, a goal of any good university network and systems administrator. Apparently, the MPAA did not find the experiment as interesting and innovative as we did. They faxed a threatening letter to the university and the server’s network connection was promptly turned off (while most of us were away on Winter break). The decisive action was certainly a shock– while we have, in the past, shut off students’ network connections after the MPAA and RIAA notified us that they were illegally sharing copyrighted materials, staff network connections are rarely, if ever, shut down, especially not without notifying the staff member first. After meeting with many important people, including the Provost and Stanford’s in-house counsel, they decided it was a good idea to leave the server shut down. While Stanford maintains a liberal attitude toward network use, a university provided way to faciliate file-sharing didn’t go over so well.
Continue reading Living in Oblivion

Fee for service? Not in education!

Despite the .org suffix for my domain name, I am very much a for-profit person. However, I think there’s little place for a for-profit, fee-for-service model in education. I work for the residential computing group of a university and the department, in turn, is part of larger computing group that aims to serve the academic needs of the university community through the provision of public computer clusters and consulting and technology resources for faculty, staff and students. (This organization is separate from the overall IT organization for the university that is more focused on university-wide systems and infrastructure, such as the network and central databases.)

Somehow, the larger computing group that my department is part of was given the responsibility to turn around a fee-for-service group on campus. They were something like two million in the hole, but the university hoped to give them to us so that we can make them self-sufficient and possibly, profitable. While I’m sure they’re good people and don’t want them to be put out on the street, I don’t really see how the group fits into our department’s, much less the university’s mission as a whole. In general, they provide Web services (Web site design, online surveys, logo design, etc.) to groups on campus that can pay market prices for their services. They are encouraged to conduct business only with university organizations, although they can work for outside clients on a very limited basis (if only to break even).

There are two major problems I have with this model (outside of my own reservations about the quality of their work):

  1. A fee-for-service group of qualified professionals is a great resource for those university groups that can’t afford to, or even want to hire full-time staff for special projects, like conducting an online survey or having their Web site redesigned. However, if they are charging market prices, it makes the entire endeavor less cost effective for the client. Because they are a fee-for-service group, long-term support is either non-existent or existent, but very expensive, cancelling out the value of having the fee-for-service group in the first place.
  2. The group was made part of a regular university department, I’m assuming, to be tied into that department’s and the university’s mission and to take advantage of the management resources available within the department. They are required to be financially self-sufficient (which is good in this economy and the current state of budget cuts), but they still take resources from the department. Besides the management resources required to keep the group running, management has been encouraging “working together,” which essentially amounts to taking homegrown software solutions and other tools built within the department and selling them as part of their services. While we are being monetarily being compensated for use of our products and staff time (as we normally do since we offer them as services for other departments ourselves, albeit at a much, much lower price), they are essentially getting to offer a much more valuable suite of services because of their attachment to our organization. In exchange, the theory is that they offer their own services– free Web design work, consulting, etc. However, since we are a computing group, we already have staff that are specifically assigned to work on those types of projects. So, the question is: is the exchange equal or even necessary?

In my opinion, no.
Continue reading Fee for service? Not in education!