Slashdot Mirror
Behind the Scenes at MIT's Network
BobB writes "MIT's head of computer networks and security gives an inside look at how the techie school is fending off hackers, cranking up its network to handle voice over IP and become a fiber network operator to link to other research institutions. From the article: 'Q - How do you actually enforce security standards among MIT's departments and network users? A - Enforce is not a word you can use at MIT. We try to entice people to do the right thing. We've made a lot of progress. We've removed the financial incentive to run your own network, which used to be cheaper than having us do it. We've been a cost-recovery network since forever now though. At many universities the network is free and they just fund it out of operating costs.'"
FTFA:
....
Q:.. I know MIT has not been immune to breaches either, but what do you think when you hear about new breaches like these?
A:.. The problem we all have is the Microsoft patch of the week. I hate to say it, but it's sort of the payback for universities not paying attention to security for decades or being sloppy about administrative computing.
Not that MS is the only problem, but they helped secure that mentality. I don't think Linux would have made it easier or better either. He goes on to talk about use of SSNs and other bad ideas. If only businesses would listen to this type of advice!!
Support NYCountryLawyer RIAA vs People
FTA:
What about dealing with wireless on campus these days?
We recently started surveying our community about what mobile devices they are using, how they are using them, etc. We have a team of people worrying about this.
The cool thing about MIT is that they own the entire 18.0.0.0/8 Class A address space, so every device on campus has a public IP.
And all computers (even student machines) are connected directly to the Internet - no NAT, no firewall, no protocol limitations, no bandwidth caps.
The catch is that all computers need to have a registered MAC address in order to get on the network, so if your Windows machine gets infected with a virus, they can disconnect you in a hurry.
This space intentionally left blank.
How do you actually enforce security standards among MIT's departments and network users?
I like to rely on my friends Mr. Louisville and Mr. Slugger.
From the article: "our toilet server, which does voice mail and all the other crap, runs Asterisk software"
:-)
Wow, at MIT, even the *toilets* are servers? No wonder they have their own class A!
I really hate articles that describes all these great networks and server rooms but don't have any pictures of the hardware. It's not like someone is going to search a picture to find an unsecured air vent in the ceiling so they can drop down among the laser sensors to hack into the computer.
It's not "standard," but there are places that do it. Generally small campuses, or ones that didn't build-out wired infrastructure when they should have, and are now trying to catch up and be 'wired' using 802.11 as a substitute for a real copper network.
I know there are quite a few schools deploying it strategically, which seems like a good plan. It only takes a few minutes walking around a college campus to realize that there are a few key places where wireless would be most useful, and a lot of places where it would probably be underutilized. Libraries are huge -- go into any uni library and you'll see rows of people typing away on laptops. If you can't afford to put an Ethernet drop at every study carroll, wireless is the next best thing. (Well, actually, both would be best.) Study lounges and communal spaces are probably next, followed by cafeterias and big lecture halls (if you want to encourage people to use laptops in class; some schools might have faculty that would rather discourage that). In warm climates, outdoor locations can be great locations for Wifi, too.
But deploying it all over a large campus would, for most schools, be impractical. It would take too many base stations and would cost too much for the number of users you'd probably have at a time on most of them. I think if you did roll it out everywhere, you'd probably find pretty quickly that some nodes took huge amounts of load, while others were basically never used. For this reason, most large places with a competent IT staff don't just shotgun it all over campus, but are more selective.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
That MIT-level hackers (See Steven Levy's book) have direct, Class-A network access to the Internet, or that a school like MIT still doesn't get the idea of the network as an infrastructure utility rather than a cost-recovery service.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
I know users can be pretty dense where change is concerned but to say that people would be upset because the phone is a different color is even worse than what I had to go through recently.
I was assigned to replace someone's pc with one of our new ones. After I was done I got a call from him asking if he could have his old keyboard back because the keys on the new one weren't the same. I looked at the old one and compared it to mine (the same type he had). The only difference was the six buttons where Home, PgUp and so forth are located are arranged vertically on the new keyboard compared to horizontally on the old one.
So, to answer this question, it's not the fault of those of us in IT that we have bad attitudes when we have users like the above to deal with.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
When I switched to a keyboard that rearranged my “Super Six”, I was distraught too. I kept hitting the wrong keys and it was annoying for some time. This is not a trivial difference for people used to not staring at their keyboards as they work.
Why bother.
Are you kidding me? All he wanted was his old keyboard back. If somebody gave me one of those new keyboards with the vertical layout I would probably beat them around the head with it.
If someone wanting thwe same keyboard gives you a bad sttitude, it's not the customer, it's you.
Did you consider when using his keyboard he didn't look at the keyboard?
If this person job is data entry, then YOU were in the wrong for not anticipating then need for the same keyboard layout.
The Kruger Dunning explains most post on
Yes, it is, you nimrod.
You probably spend a ton of time picking out your gadgets or aligning things to just the way you like them, but I suspect you just throw any old thing at users and expect them to "deal with it", after all, they're just clueless anyway, right? Hey, if the user liked the keys arranged horizontal v vertical, then what's wrong with that, and why does it justify your bad attitude becuase of it?
You give us IT "professionals" a bad rep.
I can't believe someone with enough technical responsibility to replace someone else's computer would use those keys so seldom that he wouldn't care if they were rearranged. It's bad enough that my laptop isn't big enough to have them, but if they were all there and I had to look at them, I would flip out.
I totally agree with you. Much as with your example of the rotary phone, the world will pass this user by if he does not adapt to the new keyboard layout. This is precisely why the Western world was able to move beyond the inefficient QWERTY keyboard with only limited resistence.
I applaud your efforts to avoid 30 seconds of work, and especially the hour you've subsequently spent bitching about it.
From the article:
The FCC chief of staff told Educause this wasn't about universities and to go away, but Educause wouldn't let it go and asked the FBI. And of course if you ask the FBI if they'd want cameras in every bedroom of every American citizen, they'd say of course, we could cut down on domestic violence. They woke a sleeping giant. For now, CALEA is a source of angst for IT, but the lawyers are busy.
CALEA = Communications Assistance for Law Enforcement Act, http://www.askcalea.net/
So, they've had to make provisions to allow wiretapping on their VOIP network inside MIT, because some consider them a "telecommunications carrier"? Or, they are fighting it now, hoping they don't need to make provisions.
From the CALEA website:
The objective of CALEA implementation is to preserve law enforcement's ability to conduct lawfully-authorized electronic surveillance while preserving public safety, the public's right to privacy, and the telecommunications industry's competitiveness.
Changing peoples' keyboards can have a significant impact on the bottom-line results for your company. Rearranging keys on someone's keyboard can really slow them down. Also, certain job types and people retrain far more slowly than others. People in highly stressful jobs, managers, and older workers do not pick up on changes quickly. Giving a user their old keyboard back is a zero-cost change, and won't reduce their productivity. Unless you have a pressing reason not to do it, then let them have their old keyboard.
Incidentally, when purchasing new computers, I check the keyboard layout before purchase. Annoying users is a poor career strategy.
Frankly, the keyboards with those 6 keys vertical bug the heck out of me, too. It's a lot harder to feel where the middle row is when it's 3-high instead of 3-wide, since my fingers are arranged horizontally on the keyboard.
Our school also gives public IP address to all our machines. It's so nice to be able to directly ssh/scp/sftp to your lab machine from home -- no tunnels, no firewalls, no VPN. Just you and your encrypted password. And then we go to some other institution and wonder why they take forever to load a web page -- and discover all the traffic for the entire network is being funneled through some machine which is trying desperately to NAT the entire campus's network. Siiiigh.
Yes I'm spoiled. It's good to be at a university that doesn't need to baby its users. If you run Windows and it's not up to date, it's kicked off the network until you patch it. Don't like that? Then run your *own* firewall, or switch to a system that doesn't leak like a sieve. Don't expect to ruin it for the rest of us because *you* choose to run insecure software.
Of the three, the only one someone has a choice in is purchasing a stick or automatic car.
The remaining have been forced upon people. Try finding a rotary phone in the store or a tv which has a knob (not buttons on the front) to turn channels with.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Now, I know it's very tiring to carry a keyboard all the way back there, and exhausting to have to lean over to switch the plug for the new keyboard, but exercize is good for you.
I'm using a keyboard I got with my computer.. the one I had 3 boxes ago. Actually, it's so hard-used that the little nub on the J key is worn off.. and the one on the F key is getting there.
It's not just key positions people get used to, but the angle of the keyboard itself, and the feel of the keys. Feel of the keys is HUGE for me.
So basically, you're just saying that you're so cantankerous that you couldn't switch a keyboard to a user's preferred older keyboard, a change that would entail less than 5 minutes work on your part -- hell, you could just tell him to walk by and hand him the old keyboard in exchange for the new one, even idiots can switch them -- because.. why?
... still waiting for this free-as-in-beer free beer I keep hearing about.
If someone wanting thwe same keyboard gives you a bad sttitude, it's not the customer, it's you.
Looks like you were one of the people getting new keyboards.
BadAnalogyGuy would be spinning in his grave, if he were dead now. people *love* their keyboards. I curse and moan every time I have the misfortune of using one of the L-shaped-enter ones and the backslash suddenly isn't *there* anymore. I won't even mention the lappy/desktop switching. drives me crazy. give the guy a break, and let him have his keyboard back. as someone stated above, he should beat you over the head with the new fancy one.
Stop Computers/Cars Analogies on S
And the point of this key rearrangement?
Each of the three things you note is change for the sake of benefit. Automatic transmission*, direct access to the number, arbitrary number of channels.
What is the point of rearranging the six-block that you describe?
If someone said "Here's your new phone. You have to use it constantly for your job. Oh, by the way, we rearranged the numbers so they now go
789
456
123
0
, would you just accept this change-for-the-sake-of-change, or would you want to know why the primary interface that you use to function in your job has been suddenly changed for no apparent benefit?"
Different is not necessarily better...
(*: not that an automatic transmission is automatically a benefit. Let's have the example of a "stick"-shift that has paddle shifters on the steering wheel with an automatic clutch. That's also change, but it's change with a benefit, because you no longer have to take your hands off the wheel to shift."
if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
Not that I am going to win a prize on Slashdot...but my keyboard is 11 years old - half the age I am. My keys are smooth, not rough like some new ones, and the letters are staring to fade. (Do the math, I have only been able to use it a lot for the last couple of years.)
Everything was better with ITS! Just get a DECnet hooked up between a few PDP-10s, and... TADA! No viruses! (Not that I'm old enough to remember ITS... :P I'm a retrocomputing geek.)
http://pinopsida.com
The remaining have been forced upon people. Try finding a rotary phone in the store or a tv which has a knob (not buttons on the front) to turn channels with.
Have you gone car shopping recently? Try finding anything with a big engine and a stick. Aside from small cars and cheap trucks, stick shifts are rare in the modern vehicle marketplace. Hell, on my Thunderbird, I had the choice of a V8 engine OR a stick. Most full-size trucks are the same way. That boggles the mind, because the reason I want a stick is the be able to better control how I put more power to the ground, not just to make up for a shitty V6 that can't feel fast with a slushbox.
The problem is a combination of most people now learning on automatics and increased traffic. I love a manual, but I'll be the first to admit gridlock with a stick sucks. Aside from that, people just don't appreciate how much fun a manual can make driving. It makes you care about driving, rather than just pushing the gas and pointing it the right way while putting on makeup/eating/talking. I'd argue that those who drive stick are more attentive behind the wheel because they have to actually think while driving and it's beneficial to plan shifts ahead of time when approaching traffic.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
Are you kidding? I hate that Microsoft decided to reorganize the keys, removing the insert key. I use that key! And the stupid stupid Function Lock. Ugh! No one I know uses the "Application menu" key - why not play with that? But don't mess with my function or insert keys.
. Define sqrt(x) as something really evil like (x / rand()), and bury it deep. Watch your coworkers go nuts.
After I was done I got a call from him asking if he could have his old keyboard back because the keys on the new one weren't the same. I looked at the old one and compared it to mine (the same type he had).
A call. Meaning you weren't there. So you spent effort to go back, compare keyboards, and complain.
If you had said "Certainly; I'll drop the old keyboard by when I go by your department" / "I'll send it by interdepartmental mail" / "Come pick it up from my office", you wouldn't have had to spend any actual effort and would've made the user happy.
There's a reason he's called the user. He's the one using it. You're paid to support him, not to decide what he likes.
A call. Meaning you weren't there. So you spent effort to go back, compare keyboards, and complain.
Not quite. If you look closely, you'll see that the OP wrote, "I looked at his old keyboard and compared it to mine" (i.e., the one in his own office, which was the same as the user's new one). Not, "I went back to his office and compared it to his new one".
And he didn't say that he did not return the old keyboard, he merely expressed his annoyance that the user made what he viewed as a silly and arbitrary request; as long as he didn't vent at the user or someone who might pass the comment along, there's no real harm. Although I might want the old keyboard back too, if keys that I used heavily were rearranged; if you're a touch-typist, that sort of thing can be pretty annoying until you retrain your fingers.
-Mike
I'm sorry; I don't know what I was thinking!
City College of San Francisco converted to VoIP, oh, a year or two ago IIRC. Had some conversion issues, but it works well now far as I know. CCSF has some 3,000 employees IRRC (largest community college district in the US with nearly 100,000 students and seven or more campuses.)
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
I sincerely doubt anybody will truly be thrown off by the color, but IS&T has a long
history of grossly underestimating their users. It's been over a decade since DPMS
was conceived, but the Athena boxen (run by IS&T) don't use it or any other kind of
power saving; for fear that someone will sit down in front of a machine with a black
screen and be so stunned and bewildered that they'll come running and screaming and
bother the sysadmins.
As for dealing with the bone-headed keyboard layout propagated by MS/laptop makers,
it runs afoul of muscle memory. 'tis no different than all the extra typos/time
lost due to switching between board with different pipe/backspace placements.
Were that I say, pancakes?
This is actually not a trivial change. For people who are fast touch-typists, particularly developers and/or writers, this is significant.
I use the Home/End very very often, and Delete, and PageUp/PageDown quite a bit as well. If the button layout gets rearranged, then you have to re-learn.
Plus the horizontal six (the common layout on large keyboards) is much more efficient, as you just move your hand over and can find any of the six keys with nearly zero hand/finger movement. Finding them in the vertical arrangement, however, requires more movement, and is harder to do by touch.
You've got to be kidding. That vertical layout is the worst thing to happen to keyboards in a long time. Half the keyboards here are like that, and they are impossible to use if you use those keys even occasionally (which I do while developing)