Slashdot Mirror
University Professor Chastised For Using Tor
Irongeek_ADC writes with a first-person account from the The Chronicle of Higher Education by a university professor who was asked to stop using Tor. University IT and campus security staffers came knocking on Paul Cesarini's door asking why he was using the anonymizing network. They requested that he stop and also that he not teach his students about it. The visitors said it was likely against university policy (a policy they probably were not aware that Cesarini had helped to draft). The professor seems genuinely to appreciate the problems that a campus IT department faces; but in the end he took a stand for academic freedom.
Good to see some university professors still have integrity.
How we know is more important than what we know.
Maybe i ought to uninstall tor now
gods damn BGSU
always runing on office porn searching
Could they not be bothered with actually checking the policy since they were there to enforce it?
He says himself
Widespread use of Tor could be a huge headache for network-security administrators, particularly in higher education. My university alone has more than 21,000 students. Imagine what would happen if even a tenth of them and a similar percentage of faculty and staff members started using Tor regularly. With all the spam scams, phishing scams, identity theft, and related criminal enterprises going on around the world -- many of which involve remotely hijacking university-owned computers -- we could approach technological anarchy on the campus.
So he knows that tor could effectivly ruin his universities network if everyone used it, but he's better and special. He has the RIGHT to use it, of course, nobody else should. It's a tool only for the gifted.
I'm not sure what the story is here, the right to use tor on someone elses network? Does he have that right? It's not his network. I've used tor at home, but completely understand I cant use it at work, and if during my university days, had it existed (maybe it did but whatever), and was told I couldnt use it, I'd just deal with that.
You don't need tor to browse the web anonymously - I dont see how anybody came to him because he was doing so - but they came because they saw it as a malicious app, giving and recieving connections from all sorts of shady IP's worldwide.
I don't need no instructions to know how to rock!!!!
Another typical Slashdot "editing" job. Was the university mentioned? Nope.
All these words were wasted to tell us about what happened, but a significant detail such as the name of the university was never mentioned, even though such a mention would help tremendously in putting pressure on the unnamed university to reverse their policy.
I can't believe people get paid to do basically nothing.
I think that if they would want to keep something like Tor quiet on the campus this is probably the worst way possible.
If anything, it will do more damage.
"But in 2000, Amazon admitted experimenting with so-called dynamic pricing, charging different people different prices for the same MP3 player; the prices were presumably based on estimates of what each user would be willing to pay, considering prior purchases. Online merchants could all do that, thanks to traffic analysis. They know who I am when I log on -- unless I delete their cookies or use Tor."
And pay only in cash. And ship to an untraceable address.
--"The other men were not familiar, but a quick glance at their cards told me they were detectives on our campus police force."
_Detectives_ of the campus police force. What's next? Agents of the Campus Intelligence Agency?
the Department of Campus Security?
This is really ridiculous.
How does Tor enable those things, and how would more people using Tor make those things worse than they already are?
According to the article, he's in Bowling Green State University, which is in Ohio. So DHS will be on this case in no time.
Nothing really happened to him... no sanctions, penalties, threats of actions... they didn't even say "Halt thy nefarious actions, or I shall chastise thee anon!"
Overblown.
You can't talk about Wikipedia's flaws on Wikipedia
but in the end he took a stand for academic freedom.
I wasn't aware that "Academic Freedom" meant sucking up as much resources as you can use. I suppose that's what you get when people think that "oil freedom" means driving a car that gets 10MPG and we just have to have wars to support it. Don't be brainwashed Irongeek.
Asking the professor not to use Tor on the university-owned network is reasonable.
Attempting to censure what he can say to his students is clearly not reasonable.
Oh wait - maybe he is.
After all, they were able to identify him as one of the users of the application.
File under 'M' for 'Manic ranting'
If using the service was against university policy, they very well could have Tor him a new one.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
What is it about university IT departments that attracts such incompetent people?
Hint: If you're pouncing on people as often as a small frisky dog does, you're the problem.
http://outcampaign.org/
In a summary, sounds like police were just questioning a homeowner for selling mustache kits and wigs out of his garage. Homeowner, "Well, some people cannot grow a beard or hair". Officer, "Well, you know some kids will try to buy beer with this." Homeowner, "Possibly, but I run a practice as an Oncologist who treats radiation patients." Officer, "Very well, remember you need a business permit to do that. Good day."
I hope, when they die, cartoon characters have to answer for their sins.
What university?
WTF is Tor? It kind of rings a bell though...
No wonder there is a love affair between slashdot and google. Half the stories require googling to find out what the topic is about.
I attended said university, I know Paul very well. I still run into him in town occasionally, and I will be sure to shake his hand for this.
I could say a lot of BAD things about *university* ITS, but I'd probably get me in far more trouble than it is worth to say them out loud. I am not there anymore, they don't effect me. I will just be happy that Paul is still the fine individual I have always looked up to.
--Nuintari
slashdot : where an opinion can be wrong.
The DoD (or Naval Research Laboratory, I suppose) sponsored the creation of TOR:
r k)
http://en.wikipedia.org/wiki/Tor_(anonymity_netwo
It's not exactly counter-government and I'm not sure why you think DHS would get involved.
At most places, if you act like you've got tenure, it's almost as good.
With 25% of Windoze PCs already part of a botnet, I imagine more than 1/10 of those computers are already using some form of TOR. What will thwarting my privacy achieve again?
Friends don't help friends install M$ junk.
If TOR is so good at anonymising, how did they know he was using it?
Weirdly, I've read the whole article and they just seem to mention 'logs'. I don't understand, can anyone tell me?
If he had only used Log Deleter 5.0, there would have been no record of his router hopping.
Proud member of the American Non Sequitur Society. We might not make much sense, but boy do we love pizza!
He likely has several students in his class from countries, such as China, that have such censorship. If he can reach out to a few of these and give them the tools to combat that censorship, then he will have helped them make a difference when they return to China, if they are so inclined.
Ben Hocking
Need a professional organizer?
So, Dr. CESARINI, are you a Windoze user? It may be time to wipe and reload.
Friends don't help friends install M$ junk.
Well, the fact is that TOR is also used by less-than-savory netizens.
Here's how I first found about TOR: A friend's website used a well-known (and well-exploited) forum app. As expected, it was exploited well. Going through logs for him, I traced the activity to a TOR node. From that moment, knowing nothing else about TOR (except its allegedly legitimate use as described by wikipedia), I'd have loved to simply deny any and all access to any requests originating from TOR nodes. First impression == bad! Just like a network admin narrows down bandwidth-abuse to Bit Torrent clients/ports.
Just as people cry and whine that Bit Torrent is very often used for legitimate purposes and shouldn't be controlled/throttled/discriminated against, there's also a significant portion of that kind of traffic which is dedicated to illegal activities of one kind or another. The creators of TOR couldn't have possibly missed this, and anyone who complains should remember that when you lie with dogs, you may wake with fleas. You're going to have to take the bad with the good.
Go ahead and mod me down. I've got karma to burn.
I only post comments when someone on the internet is wrong.
From TFA: "Someone looking up potentially sensitive information might prefer to use [Tor] -- like a person who is worried about potential exposure to a sexually transmitted disease and shares a computer with roommates."
So, sharing a computer with roommates might give you an STD and Tor will protect you from it? Hmmm...
Oil, farming, auto (roads), space (NASA), rail (AMTRAK), the defense industry, telecom, utilities,
I looked at the Tor website and while I followed the basic description, I can't see how packets can get from point A to point B without having the full route indicated somewhere.
Here's how I understand it; please correct as necessary.
(1) The client decides on a route to get a packet from point A to point B, by knowing where several Tor servers are located.
(2) The packet goes to the first location encrypted and determines where it goes next.
This is where I get confused. Once the packet gets from node 1 to node 2, how does node 2 know where to send it next? Is the route encrypted in the packet somewhere? Are there several layers of encryption, so that as each node peels away a layer of encryption, the next destination is exposed, leaving the remainder of the packet still encrypted?
If this is the case, then at some point the client must have negotiated keys with each node in the selected path. Can't these negotiations be watched to see what path the packet takes?
I see how each node individually may not know the source AND destination of the packet at the same time, but there must be a full path somewhere at some point. Otherwise how does the final node know where to send the unencrypted packet?
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
Its possible that I'm simply missing the point, but if Tor is so effective then how exactly did a university IT guy and two campus cops find out it was in use and trace it so easily to the professor in question? Isn't anonymity the whole point?
Of course, anonymous Web surfing can be used to conceal fraud and other forms of electronic malfeasance. That was why the police had come to see me. Sure, that logic is like saying, "Of course, steak knives can be used to commit murderous crimes. That was why the police had began questioning all of the patrons at a local Outback Steakhouse..."
It's not really surprising to have Detectives on a campus police force. There are rapes, burglaries, drug deals, prostitutes, assaults, and even the occasional murder on large college campuses, and the cities that the colleges are located in usually don't have the resources to direct that much attention to that area. Also since much of the in-residence populace is temporary the city's funding wouldn't be as stable for covering that segment of the population. The campus police force is paid for ultimately by tuition and/or state money based on enrollment and need.
Also, campus-exclusive cops would have a much better feel for what's going on around them and would probably also know where to look when there's a problem due to experience. While a Constable on Patrol would be able to address most of what's going on, higher-profile cases would require detectives just like a normal municipal police force, and if a particular kind of crime (rape, assault, and the like) is reasonably common then an internal investigator would remove the need for an outside inspector to attempt to conduct an investigation in a microcosm that is unfamiliar. Obviously crimes like murder would use the municipality's law enforcement, but that kind of crime is also reasonably rare.
I will agree that Campus Traffic Police suck though.
Do not look into laser with remaining eye.
i liked the ending. anyway, well i didn't know about tor before, but i do now. i'm glad they kept quite otherwise i would never know.
He doesn't mind sharing the costs for essential services with his peers in good faith. The jobless waifs he's referring to are benefiting from those services in bad faith: they have no intention of bearing any of the burden. Not all of the jobless are waifs of course, but he wasn't talking about them either.
Can you be Even More Awesome?!
The university does have an absolute right to dictate how their network is used.
The university does, but the IT department and the campus police don't. Their function is merely to implement university policies, they ultimately don't have a right to make them.
I'm curious about the problems that Tor creates. I was talking with someone who runs a Tor node, and he was dismayed that he was banned from most EFNet IRC servers. My guess was that people had abused Tor and used it to escape bans on IRC. It seemed perfectly reasonable to ban all Tor nodes if it created those problems.
So my question is, what problems does Tor create for us all? I'm all for people being able to escape governments that want to control what they do.. but I can't imagine that this doesn't create other problems, so of which might not be immediately apparent.
AccountKiller
Department of Intracollegiate Campus Killing Stoppers (DICKS)
If you can read this sig, you're too close.
I was a university IT director a few years ago. The university told me outright when they hired me that they expected to pay me 25% less than an identical job would pay in industry, because they're a not-for-profit organization, and that I should desire to accept this because of the benefits of working in an academic environment (which they listed as long term job security and minimum of four weeks of vacation per year). Okay, fine. They weren't happy when I came back with documentation showing that my industry value was about twice what they thought, but they coughed up the 75% of my industry value that they said they would.
Then when I wanted to hire anyone, however, they dictated to me what I could offer, and refused to accept any input regarding what industry norms were. So, when I needed a DBA (and frankly needed a really good one), they told me I should get someone Oracle certified, and that I should pay no more than $50k. Skilled, experienced, product certified DBAs, as you may know, tended to go for over twice that (usually more like three times that) a few years back in Boston, and our database wasn't Oracle anyway. I ended up hiring a junior-level person (when I really needed a senior level person) because that was the best I could get for the money they were offering (in fact the only applicant we had received who had any experience with the database products we actually used), and told HR they could forget about certification. Their response was to complain a lot that I hadn't hired a good enough person, despite that they hadn't actually asked me (his manager) about his performance, and he was actually doing unusually well for someone of his level. They also nagged me extensively to replace him with a woman who had applied who was oracle certified (which was still useless because we still didn't have oracle), but didn't actually speak English. (Presumably that's why she was willing to take the lousy pay rate.)
10 months after I was hired the university outsourced my job, proving that their claim of long term job security was a lie in the first place. (I hear they had to hire three consultants to replace me, each one at a cost of two to three times my salary.)
I've seen this pattern repeatedly in university IT groups; they won't pay what it really costs to get someone who can really do the job, but they insist on unreasonable qualifications given the pay level they're offering, so instead of either shelling out what it costs to get what they want or accepting the best qualified person who would normally be in the pay range they're offering, they instead hire the loser who is willing to both take the low pay rate AND inflate their qualifications (either by exaggeration or outright lies) to meet the university's unreasonable demands. So, when they most need a skilled, experienced person, they're most likely to get a lying fraud who can't get the job done and will give everyone else a hard time to try to make it look like nothing is their fault.
Another typical slashdot "commenting" job. Was the article read? Nope.
All these words were wasted to complain about the editor, but a tiny effort such as clicking on the article link and scrolling down was never made, even though such an effort would help tremendously in giving this guy a fucking clue.
I can't believe people have the audacity to sign off on such idiotic comments.
Freenet, Entropy, Tor... they usually host "secret" stuff that can be googled off open sites anyway. The kid porn pervs have their own networks. Even bittorrent is now mostly blocked through tor.
Tor is Good. Support Tor.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
But if you wear flea powder the whole issue becomes moot.
Quack, quack.
I only mod funny =D
Most likely, they're not paying his salary and didn't even pay for his equipment. His grants are probably paying for the majority of his salary (as well as part of the salary of some liberal arts professors), and possibly for his computers. (Unfortunately, many computer science grants won't actually pay for computers, so that's no guarantee.)
Ben Hocking
Need a professional organizer?
I was ready to drop everything and move there.
Quack, quack.
"TIME FOR GO TO BED..."
---GEC
I'm but the humble pupil, seeking to snatch the scratchbuilt pebble from the master's fully articulated hand
I used to work for a large Midwestern University, and we blocked outgoing connections to some services, such as VPNs and some proxies. The reason we did this was during the outbreak of the virus (can't remember the name), that hammered Windows on Port 135, we blocked incoming Port 135 connections at the University border. It was hypothesized that if users VPNed to other networks, they would circumvent the port block and become a vector.
I know everyone worth their weight in IT realizes that a secure border isn't enough. We had virus protection available for free for every seat on campus, however, in a huge distributed environment (where departments and colleges were "islands" in a network ocean, with their own IT staff) we couldn't gaurantee the integrity of these machines. But we were sure going to be the ones to take the hit when their "nice kid that they liked to much to see them move on after graduation system admin" didn't bother to CHECK to see if the definitions his AD-out-the-box for dummies was pushing those defs.
We also disallowed some of these services because it became harder to effectively monitor our network. When some s5r1pt k1dd13 in CIS 201 decides that he is now a UNIX god is and is going to put "Bush Sucks - $college_name is #1, fark $rival" on whitehouse.gov to impress his pink haired, pot smoking, PETA member across the hall in the dorms who only talks to him when he removes the spyware she got trying to download off KaZaa, we look like complete dickheads when the Feds show up (or the **AA) and the best we can do is say "I don't know... what goes on in them there tubes" the suits tend to get pretty agrivated.
On the other hand, even if they are SSHing into an intermediary (which we strongly encouraged over telnet), we can at least say "Well, we had an outgoing SSH connection from 4 machines on campus at that time going to these 4 addresses, do any of those ring a bell? We happened to have authenticated WPA, so we can tell you who these folks are even if the machine name is PoPPySeeD420 and done from the student union.
Privacy is wonderful, but when the shit hits the proverbal fan, IT would like to know who is pulling shenanagins on the network. The rest of the time, 99.9999% of the time, we'd rather NOT know what you're up to, and every one of us in the office (except for that one windows fanboi MS office specialist who we used to throw beanbags at) had our open source/linux/free as in beer and freedom/crypto-privacy street cred.
Forgive my spelling from time to time. I'm often posting during short breaks.
Everyone says the free market leads to freedom. It seems to lead to people having to shut the hell up or not eat, to me. Wage slavery is still slavery. No matter that you are free to pick your master, if you can't speak your mind or do what you want with your time and resources, you are a slave.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Admins should be more concerned about Tor's Hidden Service feature. It's handy to avoid censorship and all, but it allows you to connect to hosts behind a NAT or firewall (the node keeps a circuit open). Not only that, the person using the service remotely is unrelated to the host that shows up in the logs... It's a drop-in backdoor tool. Instant access to the internal network.
"Strangers have the best candy" -Me
Academic freedom, my ass. Supporting whatever the flavor-of-the-week professor wants, my ass.
University IT, just like a business, is there to keep the IT functions running to complete the mission objectives. In most cases, it means making sure people can get their mail, do their homework, get journals, and all that jazz. It also includes billing, grades, transcripts, payroll and all that other backroom stuff that keeps the lights on.
It may include various research areas, but in order to be able to conduct research safely and not violate the other business areas/be violated by them, they should be isolated.
So, we'll go back to the article.
So, he installed a Tor client.
This serves to render a lot of firewalling and intrusion detection COMPLETELY useless.
If his endpoint was compromised over tor, they would not be able to detect it until maybe after it started attacking/compromising other university systems.
If his endpoint was compromised, it could attack other systems over tor.
If he was acting as a router, rather than an endpoint, the situation gets just that much worse.
So, he did something that broke firewalling, intrusion detection, and/or auditing -- all of which could have compromised everyone ELSE doing their work.
Believe me, if he got his ass owned, and it took down backroom servers or another flavor-of-the-week professor's favorite toy, there would be MOBS outside IT's door -- complete with pitchforks and torches.
Having been in a few meetings where administrators quoted policy to the people who wrote it and then went on to bash faculty and students over the head with illogical interpretations of that policy, I don't find this surprising at all.
These people have hard jobs, but so do we. Should someone teaching computer security not be able to use or talk about things which are important in doing computer security? I know my University administrators think they shouldn't.
Many people come to academia to get away from the frustration of petty, ineffective management only to find it just as entrenched here.
As TOR is a tool used by people to hide their internet activities from repressive regimes, and the USA is obviously not one, it's use should be repressed. QED.
Home fucking is killing prostitution.
if its use can be detected.
What?
Whoa--you are not dropping "cherry picking" in the middle of a sentence like that and getting away with it!
Other than a lot of theft of bicycles (I lost two in six months), there's not all that much crime on campus. Lots of drugs, I'm sure, but bad things happening to people are pretty rare. We're more than adequately served by the same police stations that protect the rest of Auckland City.
Of course, we are a country that doesn't even have permanently-armed police officers. Quite why we would devolve policing functions to employees of some private institution is completely beyond me. I suspect, though, that not even the likes of Cambridge or Oxford would have their own police forces. The notion of letting non-state employees enforce the law seems to be quite uniquely American, witness their gun-toting security guards who patrol gated communities.
"God, root, what is difference?" - Pitr, userfriendly
Funny, /. won't let users log in from tor either. Not even from non-exit tor nodes.
Seems like a wee bit of a double standard, no?
Merely repeating the University's capricious and overreaching-on-uncertainties line is hardly insightful. Bringing hardcopies of a text doesn't imply having read and understood that text. Universities ought to understand this concept, what with all the students toting their mostly unread textbooks around campus.
As for who's unsure: One can reasonably infer that the detectives and network-security technician probably hadn't read or completely understood the policy, certainly not as well as the professor who helped write it. But they seemed sure in the professor's description of what happened when they first brought the complaint to the professor:
In the paragraph following this one, it was the professor who said the policy was vague. The visitors may have been less sure by the time they left, but a larger issue had arisen by then.
Don't ever step up to defend the actions of someone who asks you not to teach someone something new as these visitors asked of the professor when they requested "that I stop using Tor, and that I avoid covering it in class". This is flatly unacceptable anywhere in society and should be anathema at a University.
Too many people who frequent /. don't appreciate freedom—note the number of people who champion the "open source" lines about adopting and recommending non-free/proprietary software—but the professor's conclusion should not be overlooked here. This is about academic freedom and we would all do well to work to spread awareness and defense of it.
Digital Citizen
Actually last year a popular news program came to the conclusion that a lot of the cost of medical care can be traced to the "save me at all costs" mentality. An undertsandable mentality (who doesn't want everything humanly possible to be done when they're sick?). However it's not a sustainable mentality. Some hard decisions are going to have to be made. Also IMHO I think that a lot of the publics approach to health care is reactive, instead of proactive. We wait till we are ill before doing something, instead of living a good clean life, and then dealing with the much smaller number of situations were any form of health care would be effective. In other words the system is being overwelmed, and it doesn't matter what kind of system you have. e.g. socialism, capitalism, etc.*
*I lean more towards a blend of minimum socialism with a layer of free market were I can shop for my medical care, and pay for it out of my pretax dollars, with catastrophic (shared risk) for the most extreme medical conditions. e.g. insurance. This does put a burden on me to manage my affairs properly, but then that's the way all things should be, unless I want to pay someone else to manage. e.g. a funds manager, pensions, etc. Freedom will always have a price. That's mine.
Here's a legit situation I can see coming up - if a faculty person was somehow using 90% of our internet bandwidth, we'd have to have a chat. Sure, it might be for their research, but that doesn't matter in that case. It's a shared resource, there's a limited (by the University) budget, and it's not an academic freedom issue. It might be convenient for one of the physics faculty to have a supercollider as well, but it's not in the University's budget. You have to partner with someone outside, or get grants, etc. Every instituation has limits and priorities.
But this? This is bizarre. The only awkward situation I can think of in some states is that state schools can fall under open records laws that require that the public can check on certain information (in some states, browser histories have come up in the past). In that case, as a state employee, they might be violating the open records law by going out of their way to hide their activity. Hell, even under a Patriot Act search, we'd have to give them whatever information we had about a user, but we're not obligated to keep information to track back every outbound internet connection - even under CALEA. We probably can't link a PAT assignment on the outside of our firewall to an inside machine for more than a couple of days, at best We just don't have the space to keep the logs.
I can't stand how the word "majority" has in recent years disappeared from our language and been replaced by the phrase " vast majority" (at least in any context that's even remotely political).
This may sound like mere linguistic pedantry, but it really isn't -- this usage both feeds, and is part of, the trend toward polarization and "extremification" (yes, afaik, I just made up that word) of political discourse. When you claim not just a majority but a vast majority, you're doing more than just adding emphasis: you're actively marginalizing the other side (by implying that they're not just a minority but a tiny, insignificant minority).
And it's self-escalating: it creates a sort of "linguistic arms race", where "everyone else does it", so people feel compelled to tack on the "vast", lest it sound like their side is only a mere "majority". But that just leads to linguistic inflation: when (almost) everyone says "vast", it loses its meaning, sending everyone scrambling to find ever-more-emphatic (and more insulting) modifiers, like "overwhelming".
It may seem to make your argument sound a bit stronger, but the constant minor insults don't help us get anywhere closer to building true consenus. After all, wouldn't the overwhelming majority prefer to see a political arena with more true communication and less poo-flinging?
David Gould
main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
Look up the term 'mutual aid', then look up anarchism and libertarian socialism. No, it's the complete opposite of Russion/Chinese communism, that is, anti-statist socialism.
Without the right to express yourself without fear of censorship, democracy cannot exist. Tor is a fundamental tool of democracy and accepting its use is a true test for a democratic government. Those who criticize it are directly criticizing the Constitution of the United States of America.
I think he needs to add another country to his list. And find a better technology.
"Porn? Well... guess what... someone may be doing acedemic research into porn and needs to access porn sites."
Works well at those private catholic universities.
"It was debated because well... what if someone had a legitimate acedemic need to recieve viruses in email?"
Biotech-U.
"No firewalls, no filtering... unfettered access, because if someone needs it, they need it."
I need a spam relay. Can you accommodate me?
While I'm not sure whether this was the case or not, it pays to be aware that Tor, while OSS, was originally funded by the Naval Research Laboratory. So it is probably wise to use Tor with the assumption that the NSA can probably still see what it is you are getting up to.
I read the following on wikipedia, and it gels with what I remember from reading the Tor site many moons ago:
"Tor is not suitable for protection against observation when the observer has access to both ends of the communication, for example a government with access to a large number of Internet service providers."
Not that I think Tor is any worse than those private anonymity proxy servers, where in addition to letting the NSA read your stuff, you also let another questionable private entity read your stuff, and you can't see their source code or logs.
If I have seen further it is by stealing the Intellectual Property of giants.
I have a question for you. Do you think that freedom means that actions shouldn't have responsabilities or even consequences? Everyone here talks about freedom this, and freedom that. But I've noticed the large hole known as "a discussion on the responsabilites and consequences that go with freedom". Now why do you think that is? I don't expect an answer, and silence would say far more than any words.
http://www.bgsu.edu/downloads/cio/file9602.pdf
12. Attempting to circumvent computer system or computer network security systems. Attempting to circumvent University computer system or computer network security systems, or using University computer systems or computer networks in attempting to circumvent security systems elsewhere.
and
22. Anonymous use, or use of pseudonyms on a computer system or computer network to escape responsibility. No person shall use a computer system or computer network anonymously or use pseudonyms to attempt to escape from prosecution of laws or regulations, or otherwise to escape responsibility for their actions.
Now, the first one seems like it is worded vaguely and may or may not apply in this situation, but the second one is pretty clear: as long as you are using anonymity services "to escape responsibility". Clearly, the professor was not trying to skirt the law or detection for any shady behaviour. of course, in the eyes of admins, allowing any use of such anonymizers could be dangerous to their network, and make their jobs harder.
I take most issue to the detectives' request that the professor refrain from discussing Tor in his classes. It would be academically unethical for the prof to bend to this pressure because a little pressure was put on him by the rent-a-cops. The detectives can ask the professor to do whatever they want, but dictating what he can and cannot teach in his classroom is inappropriate.
Shriver
And a thousand thousand slimy things
Lived on; and so did I.
On my read of the article it sounds like the network admins were going to talk the to the professor about TOR, and were not out to bust the dude. The second thing to note in the article is that this Paul Cesarini seemed to realize that TOR would be a problem for the University admins if a large number of people started using it.
I can't tell if the admins in this article were the goons that many of the posts in this thread assume that they were. For example, it is completely apropriate for an administrator to ask someone to cease an activity until they have a policy in place. That is not a denial of academic freedom.
The relation university's have with there network is somewhat amusing in light of the network neutrality debate. American Universities have this massive government funded network with bandwidth up the wazoo that fills all of us in the private sector with envy.
The administrators of these networks share a single minded passion. They do not want commercial activities taking place on their precious little taxpayer funded socialized network heaven. Widespread use of Tor might make avenues where commericial traffic gets in sullies the university backbone with commercial traffic.
It is really funny because professors will come out and spit venom about the idea of a telephone company breaking net neutrality, but will turn a strange shade of blue if you were to suggest that university servers should be neutral and allow commerce on the internet meant exclusively for university traffic.
What you say is true, up to a point. When I'm asked if I have something to hide, I have to answer 'Yes - my privacy'.
It is good to hear that this is important in the US, that the majority shouldn't lose their freedom because there may be a minorty who would misuse. If only this fairness was extended to others as well, like people 'suspected' of terrorism. I'm not talking about letting people off the hook easily, but about fairness, you know the thing that legal justice was supposed to be all about, which is enshrined in such principles as being told what the charges and evidence against you are, so you have the chance to defend yourself. The principle that you are innocent until PROVEN guilty in a court of law etc.
He work at Bowling Green State University (bgsu.edu) (in Ohio). The IT acceptable use policy is at http://www.bgsu.edu/its/page9605.html
--LWM
ps - whooooooo telling campus police to p*ss off!
Laissez-Faire capitalism is in one sense the most free because it puts least restriction on the players in the market. It's sort the of BSD approach to running an economy. But that form of capitalism isn't stable. It inevitably seems to lead to an imbalance, as the rich and powerful leverage their existing success to give themselves an advantage in gaining more money and power.
Thus, during the 20th century, we moved over to a regulated system, that tries to use the law to enforce principles of political freedom. We sacrificed freedom of action for the developers (corporations and lobbyists) to preserve certain rights of the users (consumers and workers). This represents a GNU-style of "free" market.
From this analysis, we can conclude once and for all that the GPL is superior. Join us now, hackers, and you'll be free!
for blood pressure and cholesterol medicine alone.
Try garlic for the cholesterol. I have a great uncle who had a serious cholesterol problem (he was a butcher, might have something to do with it) and he managed to improve it significantly by regularly eating a whole ball of garlic. It's apparently great roasted in the oven with some toast.
Can't guarantee it won't affect your social life, though.
Apology accepted, easy on that trigger finger cowboy. How would you recognize a repressive regime? Possibly one that indulges in repression?
Home fucking is killing prostitution.
Until quite recently, there was a mirror of Apache's maven repository on playboy.com. We found out because someone on the Apache/Cocoon mailinglist complained that his employer blocked access to a randomly assigned mirror.
Your post is absolutely the most perceptive comment that I have ever seen on the single most grossly misleading political PR technique of the entire millenium. I concur wholeheartedly and without reservation, and so do all my imaginary friends.
But seriously, yes, it's damned annoying, and for what it's worth, I too wish people would remember how to argue a case using clear, objective, non-inflammatory language.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
third party health care payor are in the middle and competing at both ends; here's what frequently happens. Company A may pay a higher reasonable and customary fee to the provider (95%), but they may also demand that the provider accepts the payment, this means the provide can not charge the patient the difference between what the insurance pays and what the provider's normally charges and has to write-off the difference. Company A may also play games by"losing claims" at random and especially near end-of-month, end-of quarter or end-of-year; they also reject about 10% for no appearent reason. Company B pays less, 75%, but actually pays without playing games and allow the provider to collect the difference from the patient. Now your the doctor, who are you going to deal with? some companies have more patients to send you, some have less; for some you may be the only provider and will get more than you can handle. Some companies have higher quality patients, you know ones that actually cooperate with treatment, show up for appointments and on time and appreciate the work your doing, others get the lower quality patients that no-show with out notice, don't participate with the care and blame the provide for not have a magic wand to make everything instantly all right. That's how the Medical/Dental business works.
Apocalypse Cancelled, Sorry, No Ticket Refunds
At my university, they even have a special contact for DMCA-related issues!
I usually fire them a nice little email when I think a spammer has copied the entire directory (which is copyrighted, probably as a collection).
The spam tends to go away but the DMCA people never reply...
The primary purpose of the "campus police" (as once explained to me by a campus officer) is to pick up the drunk, unruly college students before the city police do.
I've heard this before, and disagree partly because it ignores a distinction between a respect for the freedom of the individual that exists by default (in Locke's "state of nature") and a "right" to take things by force from other people.
That is, under a social contract theory of government, each person gives up some range of the things they would be able to do under anarchy, such as shooting anyone who annoys them. A relatively small government takes away only a limited range of that freedom of action, creating a framework of rules by which people can form enforceable contracts and protect themselves from violence. The purpose of that framework is to protect the remainder of individuals' freedom. A large and intrusive government does something fundamentally different: it invents new rights to receive goods and services at others' expense. Taxation -- taking wealth by force -- becomes not just a necessary evil to fund basic regulation of society, but a way of redistributing wealth.
So, failing to distinguish between a right not to be robbed and a right to rob others seems to me a failure to distinguish between what we could plausibly call "natural rights" and a series of invented rights. These invented rights actually limit individual freedom rather than protecting it.
(See Frederic Bastiat's The Law.)
Revive the Constitution.
All this is very interesting. Too bad Tor doesn't work as advertised. Just installed it on my Win2K system, plugged in the Firefox plugin .. and lost my Internet. Privoxy pops up, says I have no connectivity (doh), says it might just be temporary (it's not) .. not very useful.
Settings mean nothing to me, defaults should work but don't. Disable Tor (via the handy button at the bottom right of Firefox's screen) and all is working again.
So much for privacy.
Pretty much puts all this self-righteous finger-pointing/name calling in the proper perspective. Thanks for the mid-morning laugh.
ah.clem
"Life is not magic." Dr. Ron Weiss - "If we don't play God, who will?" Dr. James Watson
OK, I admit I don't know much about Tor. I know what its role is and what it does. I don't know anything about the protocol, such as what ports are used. But it seems to me that if the IT department network people know how to selectively log it (which means they know more about it than I do), then perhaps they can just block it at the firewall (if they believe any use of it whatsoever will somehow destroy the campus network ... which is silly). If they are concerned that excessive use of Tor would somehow overload the campus network with traffic that they cannot determine is acceptable use or not, then why not just bandwidth throttle it to something like 2% of the connectivity bandwidth, which could allow the legitimate uses but effectively discourage the uses the policy is probably focused on (pirating copyrighted content and spewing out tons of spam).
now we need to go OSS in diesel cars
If the school sends someone to ask him not to do something specific with those things, then his reaction should be, "Oh, I'm sorry. I didn't realize. I'll stop now." The school has every right to do so. They also have the right to ask him not to cover the topic in the class. These are the people paying his salary, and if they don't want this going on, they can tell him to stop.
I think the point is not that the school is asking him to do anything, it's the school's IT department along with the school's rent-a-cops. We don't know what the school want's only what some of the school's employees want an other school employee to do. Finding out what the School wants is going to be like mating elephants, it'll be noisy, it'll take place at a high level, it'll take two years to produce results, and the mice are likely to be trampled and the IT dept and the rent-a-cops are most likely to be the mice.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Can Tor successfully fight Google logging all your search queries? More than once now, Google -- who are reported to have a database of every query ever made to their search engine -- have given police lists of searches made from a given computer. Would Tor stop them from being able to do this? Would this destroy a valuable asset of Google if Tor became widely used?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
If I do not own property, who does? Who has the right to say what can and can not happen to a piece of property? If the governing body reserves the right to seize anything at anytime, what motive is there for me to accomplish anything in life? "Someone" or "something" _always_ has the right to physical property (except in cases of great abundance), and I find it difficult to believe that if it were centralized in a governing body of a few individuals it would not become abused.
Your body belongs to you and you alone. Who is restricting you from movement? Is everyone being restricted equally? If it is a governing body, why was it granted this power over you by your peers?
Society craves security, which is different from protection. "Security" is a concept where if something "bad" befalls a person in society, society will punish the offending individual. "Prevention" usually refers to steps to deter a repeat of the "bad", with the most effective steps being the least involved ones. While "protection" is the misguided belief that all "bad" can be prevented from happening in the first place.
In many times and places, the governing body of a society was not actually put in place by that society. Enacting change on the existing government is difficult, and overthrowing a governing body is very very daunting. So these hardships are suffered because they seem tolerable compared to the alternative. If everyone were to rise up at once, it would change. But no one wants to be the first to rise up, and to remain alone.
"This is not something that you have which is then removed, or a freedom curbed by government, but rather a service provided to you by others."
You know the above could be applied to content created by others. Musicians, directors, etc.
the statistics used also seem to show that 24% of Linux machines are also part of botnets?
No, they show that 0.092% of Linux machines are in a botnet, if we can trust the poster. His link to marketshare did not work but his numbers were:
OS Market Share(Percent) Botnet(Percent)
Windows 93.87 23.47
Mac 5.67 1.42
Linux 0.37 0.09
Other 0.09 0.02
The way you want to look at it, the botnet numbers should add to 100%. They don't, so the numbers don't mean what you want them to.
If you want to be usefull you could find a working link, preferably from a site that shows Linux market penetration at something more realistic than 0.37%.
Friends don't help friends install M$ junk.
I don't know too much about VPN. My employer (Israeli Open University) gives me a Windows client called "CheckPoint VPN-1 SecuRemote" that I can download from their site and install to access the network from home (needless to say, I need to use my username and password). Most people use it to connect their PC and access their email from home using Outlook, accessing their files and folders on the intranet and accessing the internal website that is only accessible from withing the intranet. When I use it (I don't do it often) it connects me to the intranet and displays a Windows desktop for me to use logged into my account. It automatically mapped my local drives until I configured it to stop doing so fearing that I am connecting my Hard drives to the same Windows machine with lots of others that connect from home and might have all kinds of malware.
I don't really understand the logic of this: is it really safer to have people connect using VPN than to let them access specific services using authentication? (like use IMAP to use work email from home, connect to the intranet website using usermname/password authentication (perhaps only over ssl) and using a protocol like webdav or ftp (over ssl) to access files? And am I being paranoid about connecting my machine to the internal network this way (given that in the university all users are using Outlook+IE on Windows admin accounts, and at home I don't use either and only use limited privileges account for anything but maintenance).
I think this link could be usefull: http://www.pnrec.org/2001papers/DaigneaultLajoie.p df
"Use cases are fairy tales..." I. S. 2005