Slashdot Mirror
Yale Switching To Gmail, Not Without Opposition
PwnSnake writes "While it makes sense for small (and large) corporations to move to Gmail, something seems amiss when a top private university decides to hand everything over to Google. Although most in that community seem to welcome the change, several organizations on campus have joined forces to call for a transparent process and get students and faculty thinking about the downsides of the switch. The problem is choice (users can already forward mail to Gmail; it doesn't make sense to force that option and not have a backup or opt-out mail server)."
Anyone ignorant of the possible problems of things like this need to become educated.
Ugh, idiots.
I was a grad student there, and most of the people I knew hated the Horde webmail interface. I practically never used it, since I've always set up IMAP.
My current university also outsources most of their student e-mail services to Google... again, I almost always access it through IMAP. The main downside I've run into is that the university version of Gmail doesn't have access to Labs features that you get with regular Gmail.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
God, I wish my university would do this. We have 40MB account limits and professors routinely send out 10MB worth of attachments. Sure, you can forward it all to gmail (and who doesn't), but don't forget to delete your mail off the university's shitty server once a week or you'll get everything bounced!
This game will waste your life. Don't clicky!
Whatever they decide to do, some people are going to complain. The gmail-based service lets people use POP and IMAP so they can use a different UI if they want. So you've got real flexibility, and a default UI that (in most people's opinions) doesn't suck. So... what was the problem again?
When I was with their dept of psychiatry at the med school, they had terrible problems with constantly infected and reinfecting machines, both theirs and customers'. They had good admins, but couldn't keep up. With email farmed out, perhaps they can tackle the problem now.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Harvard, just to spite Yale, has switched its mail system over to Yahoo! Mail. Also, 3 MIT students are currently being investigated for breaking into the accounts of the presidents of both universities and sending out notices to their entire university saying that the cafeteria systems at their universities had recently added a free bar.
I am officially gone from
My university is also switching to not just gmail, but integrating the other Google apps also.
If a man empties his purse into his head no man can take it from him. An investment in knowledge pays the best interest.
Government mail, now with 100% legal links to the NSA.
You would think Yale having all the Skull and Bones types someone would know about not trusting mail servers.
After China are the terms "off-site" and Google "maintain it" of any real use to US academia?
Domestic spying is now "Benign Information Gathering"
Besides, it's a deplorable state of affairs when a university can't muster the resources to at least operate an on-site forwarding mail server.
According to TFA, it's going to save 12GB of on site storage per student. If I was a university IT manager and a corporation offered me that *for free*, I'd bite their hand off.
Whoever you are, why spend money when there's an alternative?
It's a service. Just like the phone company, janitorial services, accounting, and insurance.
The students and faculty don't clamor for input and transparency on which payroll company the university uses to issue paychecks and work/study payments, and there's something they use every day. Sounds to me like this is a lesson to be learned for a bunch of college brats who can't adjust to change.
Tell me, please: what is almost impossible about running a distributed mail server cluster for a few tens of thousands of users and 100% cluster uptime? This has been a common achievement implemented using VAXclusters in academia since the '80s, so I'm curious as to what's gone wrong with engineering ability since then.
I get this impression sometimes that people think 100% availability via "cloud" distributed computing is an invention of this century. The only thing that's new is assuming that all but a few large corporations are sufficiently competent to do something that local IT was expected to do: then with expensive, hard-to-replace machines.
It's not free. As you point out, Google is a corporation and they don't do things unless they expect to get something out of it. What Google is getting is a LOT of information about Yale students, staff and faculty.
You don't like your email being read by someone else? Then why are you sending it as a postcard? And if you don't care about that then who cares if Google reads it and sells the information to advertisers?
FireGPG and others make encrypting webmail easy, and PGP/GPG and SMIME have been integrated into most mail clients for years.
Deleted
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using GMail, because it involves sending privileged information to a third party corporation and, in this case, a corporation that has a vested interest in using the information they're gathering.
Outside of that, many people like to protect their own privacy.
You're just making up what Google does with that data.
http://www.google.com/support/a/bin/answer.py?hl=en&answer=60762
They mine it for ad targeting. And that's all.
I think the main things they get out of it is PR, and graduates with a positive experience of Google Apps.
The IT dept will have a budget. That budget is set by whoever controls the finances. If the person controlling the finances thinks you are only worth 40Mb of storage, then that's all the IT dept will give you.
If you want more, then bitch to whomever controls the finances. There is almost certainly no point bitching to IT because they can only go to the finance people and say give us more money. The people controlling the money aren't feeling the pain so why should they spend the money?
BTW, this isn't just for IT. This is any organisation, government or private.
Deleted
Horde is pure, utter shite, obviously written by weekend PHP developers with short attention spans, and wouldn't know a decently-designed user interface if it jumped up and bit them in the face.
The university I went to used (and probably still does) use it. It's a pain to use, and a pain to administer.
What's so hard about writing a decent Web email client anyway?
It's pretty easy to create a robust mail server cluster.
It's significantly more difficult to do it at the price Google is offering.
I'm an IT manager at a major University.
okay... so the thing is, everyone loves gmail. They love it because it's a pretty, intuitive interface, they have good spam filtering, it's free, plenty of storage, hugely distributed servers for good and reliable performance, nifty features, lots of happy fun time. Why *wouldn't* you switch your whole IT mail system to gmail?
You wouldn't do it because google's entire business model is based on profiting from the content of your data. Mining that
data for targeted advertising (yes, even if they're not displaying ads in your gmail, they are mining your data for useful stuff to sell to advertisers), gleaning useful tidbits about your behavior and buying practices, etc., etc. They *own*
the content of your email.
If you are working on potentially profitable research, you'd be insane to collaborate on it through google.
If you are handling privacy-sensitive data (such as student records), you'd be insane to communicate that data
through google.
If you are handling any other sensitive information (like passwords to financial accounts, potentially embarrassing
internal memos, career- or relationship- destroying office gossip), you'd be insane to communicate it through google.
GOOGLE READS YOUR EMAIL. When you sign up with google, you AGREE TO LET THEM DO IT FOR FUN AND PROFIT.
They are providing this service for free -- if something goes wrong and they lose a bunch of your data, they'll have
a minor public relations black eye and move on. You'll be out a bunch of valuable data. You can't fire anyone,
you can't take tangible measures to make sure it doesn't happen again (or that it doesn't happen in the first place), etc.
There are lots of reasons NOT to take your IT mail to google. It's mostly about data security, privacy, and accountability.
You are surrendering all of that when you go to google. If those things aren't important to you, then by all means, switch to google.
And I'm not saying this just because I'm not anxious to have my job outsourced. I'm saying it because after 20 years of
being responsible for this sort of data, giving it to google is one of the worst things you could do with it. It's not all about "Easy interface, low cost", but unfortunately anyone who ISN'T responsible for managing the data only sees those two things.
Oh, yeah... and universities don't generally prioritize storage/systems/personnel for student email. TFA talks about saving 12 TB of space, which these days I could install new (and reliably) for well under $10k, if someone was willing to spend the money on it.
If google provided free software to run a webmail system locally, now THAT's something I could get behind. THAT is what
Universities should be trying to get google to provide. Let them provide the interface, and let your local guys set it up and manage the data, keep the storage servers local.
YMMV, especially if your local IT guys just suck. :)
All of the issues they're clamoring over are completely non-unique. The simple fact that Google is giving Yale their Google Mail service for free is an advantage that cannot be glossed over in one sentence (as these authors did) for the following reasons:
This doesn't include the fact that no system, regardless of how well it's put together, is immune to the occassional outage. One can argue that administrators don't have much control over fixing an outage on Google's turf, but they have shown consistently that they can get everything back in working order extremely quickly. Plus, being able to manage millions of accounts (which include calendaring and contact storage for almost every account) while retaining extremely reliable levels of uptime is impressive.
I think the only reason why large-scale corporations haven't considered doing the same is to retain compliance. (Legal would never allow it).
I work for a higher-ed institution, and we recently provided a university-sponsored GMail option. We heard this issue about sending private data via GMail, from some folks in our health departments.
Our response was: why are you emailing anything with private data in it!?
Email of any kind, whether run locally at the department level, institution-wide at the central IT level, or outsourced to someplace like Google ... Email is an inherently insecure transport method. You don't send private data over the Internet. Period.
So, let me amend your statement:
Anybody doing any sort of human research, say from the medicine, biomedical and psychology faculties, shouldn't be using email, because it involves sending privileged information over the Internet.
It's called outsourcing, contractors and management.
I work at a University that has recently outsourced their student e-mail to GMail. The University IT group has really bad management. There is a CIO, 3 Vice Presidents and 5 directors for an IT group roughly 300 people with 70% of them being contractors. Each group within the IT group (Exchange, Unix, NT, Mail, Helpdesk, Networking...) has their own 1 or 2 managers.
Of course when it's time to look for a solution, the contractors love to propose their 'appliances' and 'do-it-all software' with 'vendors' and 'partners' because their contracting companies are being sponsored by those companies. That's why we have Exchange with Quest Extensions ($25000/server for a piece of software that only SHOWS the flow of e-mail on a pretty screen), NetApp storage at $5/GB/year, PeopleSoft, Microsoft SMS/WSUS with Quest Extensions (so you can attempt to use WSUS on a Mac bound to Active Directory and Novell Linux bound to Active Directory - Solaris and Debian what's that), some random companies DHCP server appliances - $2500 for a piece of hardware that only does DHCP based on the open source dhcpd, a paid version of SysLog (the actual open source syslog-ng software) with licensing based on logs per hour.
Management thinks that this is normal and the way to do business. Of course their overhead is so large that hardly anybody uses their services as it is cheaper to get your own sysadmin and invest in hardware. So University IT supports about 20 of the smallest departments - those that are too small to pay for a single sysadmin, they need about 200 people to do that job (the other 100 are in networking, server admins and telephone)
Custom electronics and digital signage for your business: www.evcircuits.com
1) GMail. 2) n.a.
3) Chose another university.
Seriously. The university chose the food management company, the cleaning contractors, and the security guard service. They also chose the e-mail contractors.
Like the undergrads care about e-mail privacy while they're simultaneously posting their frat party pictures to FB.
Put identity in the browser.
I work for a higher-ed institution that's in the Big Ten. We recently provided GMail on campus, to all faculty, students, and staff. It was a remarkably easy transition for us to make. Here's how we did it:
Opt-in.
Really, that was it. We said, "Here's the GMail system that we arranged through Google and the University. If you want to move to GMail, please do - here's a link to make that happen. If you prefer to remain on the existing University email system, that's fine, we aren't taking that away and we're still committed in supporting the University system."
It's worked out well. As of last week, our overall adoption rate is 26% across faculty and staff (I don't have the student numbers) with several colleges and departments already at 100%. Overall, students opted in very quickly. Our outliers have been staff and faculty - this is likely because moving to GMail is a change, and change can be scary. (Note you can use the web interface, or access GMail using POP/IMAP.)
It's not entirely opt-in, though. Incoming students are not given an option - they'll be issued a University GMail account by default. The goal is that over the next 4 years, we'll gradually have all student accounts move to GMail automatically. (But as I said, students tended to opt-in very quickly.)
If the schools email system failed to properly send your class assignments and you didnt receive emails properly,
you should have contacted the university and appealed your grade. At the very least the university would have
allowed you to retake the class without cost or GPA penalty. You couldnt have been the only person in school this happened to.
You may still be able to appeal if nothing else to just get the F removed from your transcript(I assume to retook the course).
If you kept your emails since then you can print out your email directory where the old emails are missing.
I work at a University that has recently outsourced their student e-mail to GMail. The University IT group has really bad management. There is a CIO, 3 Vice Presidents and 5 directors for an IT group roughly 300 people with 70% of them being contractors. Each group within the IT group (Exchange, Unix, NT, Mail, Helpdesk, Networking...) has their own 1 or 2 managers.
I'd pretty much agree with this. The trend of University outsourcing is the result of symptoms caused by bad management. As you describe, the management will have become bloated and influenced by consultants with deep conflicts of interest.
The money is being wasted on these managers and consultants, and that is where the budget cuts need to be made - not in actually providing services to students. Also, a couple of excellent IT admins and some commodity hardware is cheaper than a dozen pen-pushers!
(Also, I probably wouldn't recommend VMS as a mail system today. While it's still incredibly robust, and until 4 years ago I was collecting mail from an AlphaServer which, IIRC, *never* crashed while deployed, Fiorina had already dealt HP a death blow in enterprise innovation.)
Maybe someone better informed than I could say whether or not if using Gmail corporate services would also expose you to randomly-applied 'great ideas' such as the screwup that is Buzz?
In a word, No.
When my university moved to GMail, the central IT folks get to administer the university GMail system. [Disclaimer: I work in our central IT, but am not part of the GMail team, although I am in the same overall unit.] That means the university central IT gets to choose what new add-ons our users get access to. So, central IT gets to be the gatekeeper for new stuff that appears in Labs, or new bolt-ons like Buzz. In our university, I believe we use a pretty vanilla GMail. This is (mainly) to help with support issues, but privacy concerns like Buzz probably play into this too.
Incidentally, it's the same with corporations that use GMail, IIRC. Except in that case, the corporation is paying $$$ to Google to be hosted on GMail. But the corporate IT staff still manage the featureset for things like Labs and Buzz.
Tell me, please: what is almost impossible about running a distributed mail server cluster for a few tens of thousands of users and 100% cluster uptime? This has been a common achievement implemented using VAXclusters in academia since the '80s, so I'm curious as to what's gone wrong with engineering ability since then.
The GP didn't say "uptime", he said "reliable". Those two words are not the same.
If the users aren't checking their email because the interface blows, then it's not a reliable way to get a message from A to B, no matter how many nines are in the uptime. Schools and universities have a choice right now: either offer something reasonably close to the state-of-the-art interface, or watch professors collect their students' gmail addresses at the start of the semester and having a TA create a mailing list. A five-nines mail server is great...if people use it.
"Reliable" is a people-problem. "Uptime" is a technical solution. The latter is only a small piece in the puzzle of the former.
Are you quite mad? I seriously hope you don't really have a job in IT. Email was invented by academics as a means to share information with other academics. Telling them not to use it is the most ridiculous thing I have ever heard.
Departments with sensitive information should be using mail clients with GPG, and running their own PKI, but at least by running your own email servers you have more control (eg limit logins to campus IP addresses and provide VPN for remote login).
Phillip.
Property for sale in Nice, France
Email is an inherently insecure transport method.
This statement was true in the mid 90's. It is no longer universally true.
Using techniques such as opportunistic SMTP over TLS, a.k.a. SMTPS, it is possible to provide link-level encryption of email without requiring any special configuration on the part of the end user. This setup is more common than you think, especially in universities. I would estimate that about half of all US universities already deploy SMTPS. Email traveling over SSL/TLS is not that bad from a security point of view -- the only way to intercept it is to compromise a mail server or one of the end users' machines, and if a hacker has that level of access, you have much bigger problems than email.
SMTPS will not encrypt the link between the MUA and the MTA. For that, the end user needs to explicitly configure IMAPS or POP3S. However, this link is one of the easiest links in the chain to secure, even without cryptography. Ethernet switches (not hubs) and physical access control will prevent the vast majority of local sniffing attacks, and WPA2 is good enough for WiFi links.
You don't send private data over the Internet. Period.
I disagree with this statement. At the very least, it is almost impossible to function in modern society without sending private data over the Internet in some form. For example, if you never send your credit card number over the internet, then e-commerce is almost impossible, and if a merchant subscribed to this philosophy, he would not remain in business. As another example, you almost certainly had to send your slashdot password over the internet in order to log in, and you probably consider it to be private (if not, feel free to tell me what it is).
I agree that you should never send unencrypted private data over the Internet, but I would stop well short of recommending a complete ban on sending even encrypted private data, which is what you seem to be saying.
When one of the top public universities already switched?
Email at UVa: Account Choices
Account choices:
- Students: Microsoft Live and/or Gmail
- Alumni: Gmail
- Faculty/Staff/Special cases: Exchange and/or CMS (former mail system)
It's probably cheaper to outsource e-mail providers, but UVA still maintains control of the @virginia.edu domain and forwards e-mail to Live or G-mail.
There are a number of good reasons for *not* hosting your own email.
None of this precludes the fact that there are compliance and privacy issues surrounding email. FERPA, HIPPA, GLB, SOX, and Privacy Act may all apply. It's not an easy decision. There are at least as many factors supporting retained hosting. Outsourcing student email hosting can make a lot of sense. I don't recommend outsourcing faculty/staff email for an educational institution, but there are certainly a lot of reasons to consider it.
Figure out the "real cost" of maintaining a separate, local mail system in addition to Gmail. Hardware, software, maintenance, and the salaries and benefits of any staff needed just to maintain the local system. Then give people the option of using the local one instead of gmail, and charge them their share of the total cost minus whatever Google is charging per Gmail account. Since most people will go with Gmail, the local accounts will likely end up being absurdly expensive. But if you REALLY want one, its there for you.
GMail is a horrible bodge [...]
Subjective. I had my own mail server. I ditched it years ago for GMail, because in my own subjective view there wasn't an SMTP/POP/IMAP client with as useful a user interface.
Maybe nowadays there are better local mail applications available - but I have absolutely no complaints about GMail from a usability perspective.
Thank you for being pedantic - there's nothing wrong with sending a Word file over email. It has no major advantages or disadvantages these days for file size (older versions would store uncompressed images, which led to horrible file sizes - today you can tell it to only store the part you need, at the output resolution you need).
That's funny about your TA. He must be an idiot - unless you sent him a file which couldn't be read on his system at all. I can open an ascii file in Word just fine. I can even save to plain text. Personally, I pine for the days of Wordperfect, but I find Word to be useful for most professional documentation.
Is it just my observation, or are there way too many stupid people in the world?
Using techniques such as opportunistic SMTP over TLS [wikipedia.org], a.k.a. SMTPS, it is possible to provide link-level encryption of email without requiring any special configuration on the part of the end user.
That definitely helps, but on the other hand you don't know all of what happens to email in transit. If I send you an email, I might know that my server is pretty secure, but I don't really know how many servers the mail will be routed though, what the security policies might be on those servers, or even whether they might be compromised. And then I don't know whether you're using encryption for SMTP/IMAP on your client end.
So while I might say you can secure email within your organization pretty well, once it's going over the Internet, email isn't very secure-- not unless you're using something like GPG.
The problem is choice (users can already forward mail to Gmail; it doesn't make sense to force that option and not have a backup or opt-out mail server)."
the difference is that they won't have to manage / maintain campus mail servers. they won't have to field support calls related to email problems.
Google's IMAP implementation is horrible, to the point of only barely being usable.
Um, no? I have 3 Gmail accounts all accessed through IMAP and they all work perfectly and always have. Making a blanket statement about an entire implementation is completely groundless. YOU may have problems, and I know it would suck, but GMail works perfectly fine for 99% of people.
Except at some universities, like mine, there were lots of things sent to your university account. Some classes required it. Not exactly opt-out.
Im a troll because I disagree with you.
I feel duty bound to mention RFC4217 FTP/TLS. FTP's biggest problem is that firewall vendors hate it.
But for transferring large files point-to-point, you can't do better than rsync over SSH -- with its ability to resume partial transfers.
...at least for the arts and sciences college. Like a good Slashdotter, I'm in engineering, which hosts their own mail (we even get a proper mailspool on our Unix home-directory). We have Pine or IMAP, or basically whatever we want.
Meanwhile "they" have Live Hotmail. I feel just terrible for them, and I'm embarrassed we're even doing such a thing.
In short, Yale - it could be worse.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
One of the things to consider is that Google's service is not available in all countries. Some countries block Gmail. This would be a downside for those international students.
Gmail does not implement IMAP standard correctly. I am aware of two currently existing problems (and there were more iirc): ENVELOPE response is occasionally misformed for more complex messages. Gmail sends EXPUNGE unsolicited responses when it is forbidden by the standard. Gmail sends the responses to some queries out of order - this behaviour is formally correct but is not what some IMAP clients expect. Still, many IMAP clients which use IMAP in a POP fashion and never - or rarely - encounter these problems. Try using a more sophisticated IMAP client which makes an effort to optimize the amount of transferred data and keeps long-lived network connections the way IMAP was designed for - and you will understand what the grandparent had in mind.
Having also attended graduate school there, I was shocked and dismayed by the childish and incompetent atmosphere in Yale's IT services. Prestigious the university may be, but the IT facilities they provide for students are dismal. That Yale ITS are still unable to effectively manage an email system, to the point where it has become easier to cut them out of the loop entirely, comes as no surprise to me. Back in my time, email was accessed via Pine on an overburdened and often-inaccessible Sun machine (minerva.cis.yale.edu anyone?) that was run by some of the most unprofessional people I ever had the displeasure of encountering. Basically, they ran things like they were sysops at some penny-ante BBS.
Compared to my undergraduate experience, at a state school which was (and remains) on the cutting edge of technology, and where the IT infrastructure was effectively and professionally managed, it was a real eye-opener.
You're probably thinking of Berkeley. Yale does have a CS department (not a big one), and there are some smart cookies there, but the smarts seem pretty well contained within the academic sphere.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
You can know quite a bit, if you take the time to look.
You can find out how many servers your outbound mail always goes through by sending a message to yourself at an external email address and looking at the headers.
You can find out whether the recipient organisation handles its own email by looking up the MX records and then checking the IPs for each server to see whose address space they're in.
You can find out whether your correspondent is using SMTPS or STARTTLS, and whether there's an unbroken encrypted chain, by looking at the headers of messages you receive from him or her.
About the only thing you can't always find out on your own is whether he/she is using SSL for IMAP. Though if you're familiar with the institution, you could always ask. Or if it's a large organisation with a public web page for mail configuration details, you could try yourself and see if unencrypted IMAP/POP sessions are entertained, and the same for their webmail. If not, then you can probably rest assured on that score too.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
At many schools there is not much relationship between the CS department and IT, or more accurately, the relationship is often hostile. Years ago when I was at Stanford in spite of the presence of an excellent CS department IT was antedeluvian.
SUNY Buffalo did the same thing starting this past August. Oh Gods, it broke EVERYTHING. The Law School in particular sends out torrents of daily emails, all of which go to different people, different classes, &c. When we switched to Gmail, every single one of the recipient lists had to be recreated by hand. It took two months. I, for one, wish Yale the best of luck in dealing with the shitstorm they're about to unleash.
Gmail does not implement IMAP standard correctly. ... Gmail sends the responses to some queries out of order - this behaviour is formally correct but is not what some IMAP clients expect.
So Gmail is correctly implemented but the clients aren't and you blame Gmail?