In mourning

Early yesterday, my mother pre-emptively mourned the death of South Korean hostage Kim Sun-il and my father stated simply that the terrorists were painfully misguided if they believed this hostage scenario would make South Korea do anything. He knew that South Korean leaders would, following the American model, refuse to negotiate with terrorists and that, if nothing else, we are a stubborn and proud people. But perhaps more importantly than these motivating factors, South Korea had made a promise of troops to the United States and unlike its northern counterpart, South Korea does not break promises to the US. In one way or another, they have been in the palm of American leaders for over fifty years now. Of course, you would think that of all countries, South Korea would question the ability of the US to set up a working democracy. You would think that the ghost of long lost North Korean brothers and sisters would haunt South Korean leaders.

What has our government gotten us, and the world, into? There was once a time when a Roman citizen could walk the earth without the danger of being touched because of the fear of Rome’s retribution. I would argue that an American citizen once enjoyed that same privilege. But today, our citizens and now even those of our allies pay the ultimate price in this attempt to bring freedom to an unprepared and uncooperative people. If this war has shown us anything, it has shown us not only the failure of the US to bring democracy by force, but also the failure of the US to protect its people throughout the world. While the Department of Homeland Security clamors to protect our borders and shield us from foreign attacks, the blanket of protection once provided by fear of US military force and retribution has been taken away from Americans throughout the world. We are hated and disrespected and being a citizen of the last superpower on earth can no longer keep us safe. Many think of the September 11th attacks as evidence that American borders are not impenetrable. I believe they also showed us that American citizenship is no longer invincible.

I mourn for the families, friends, and countrymen of Kim, Johnson, Berg and others we have lost in one way or another during this war. I mourn for America’s place in this world. We may be the richest country in the world, but each day, we lose the respect of our allies, our enemies and in the end, perhaps our own people.

The Burden of ResNets

Well, another year, another ResNet. I’m always amazed whenever I leave a ResNet conference at the sheer variety in attitudes, policies, practices and resources available at ResNet organizations throughout the country. A vital part of each ResNet conference is chatting with people from other schools at BOFs, during meals, and on the always-long-ass bus ride to the closing dinner, but the strange thing is that more often than not, I usually end up feeling really uncomfortable whenever I talk shop with someone from another school and it’s not just that ResNet folks might be some of the most socially awkward people in the world. It’s the fact that talking shop usually involves talking policy and unfortunately, more and more schools are opting for draconian network management practices. While some are certainly driven by philosophical differences– e.g., they really do believe you shouldn’t let students run their own servers or file-share– many are driven to draconian practices by lack of resources and funding. I’ve been to three ResNet conferences so far and I was a Technical and Security theme guide this past year and the two main issues driving policy lately are file-sharing and viruses. Both are huge resource sucks– file-sharing, obviously, takes up a lot of time and resources because ResNet staffers are often the DMCA agents for their residential networks and with the rise in p2p, that one ResNet guy who was responsible for managing a network used by thousands of students and providing end user support for all of those students is suddenly expected to respond to hundreds, possibly even thousands, of DMCA complaints. (Good thing the RIAA just filed more lawsuits. The record companies keep talking about taking money out of the hands of artists, but not only are their lawsuits not very good at stopping file-sharing, they’re taking money and resources out of the hands of educational institutions.) On top of the legal issues, file-sharing is usually just a huge bandwidth suck– even with traffic shaping tools like Packeteer, file-sharing traffic usually takes up as much network bandwidth as it possibly can. As a result, many schools are issuing bandwidth caps per student (since most schools can’t afford to pay for a lot of commodity Internet bandwidth) which can severely limit your network experimentation and usage even for legitimate purposes and some even ban all file-sharing traffic completely. I mean, we’re talking refer you to Judicial Affairs, take away your network connection for a semester or even a year, get in real trouble kind of trouble. Talk about traffic shaping.

And of course, then there are the viruses. I remember last year, even before RPC Hell, one campus actually banned Windows 2000 from their campus. ResNet organizations are just seriously at a loss. There are a number of universities who are taking advantage of open source solutions like Snort, buying commercial solutions like Perfigo or Bradford Campus Manager, or developing their own homegrown solutions. But what do you do when your ResNet is that one guy again who is still trying to manage a network for thousands of students, provide end user support, and respond to DMCA complaints? Suddenly, on top of that, you’ve got operating system vulnerabilities and exploits, email viruses, spyware, adware and more. And even if you did have the time to look into network wide solutions, if you’re the one guy managing the whole ResNet, what’s the chances that your university is willing to fork over the money for a commercial solution or even a few servers for a free or cheap solution? Probably not, so instead, you’re left with either just complete network chaos (not necessarily a bad option) or just shutting people down left and right for the health of the network. Which might seem like a valid option at face value, but then you realize that one guy has to turn all those people back on at some point, which could take a really. Long. Time. In the end, you could lose your network connection for some indefinite time which, considering how important being online is nowadays for schoolwork and otherwise, is a high price to pay just because you happened to miss a Windows Update.

The one man ResNet situation is, of course, a worst-case scenario, but this situation of lack of funding, resources, and staff and, as a result, draconian policies and practices, are prevalent throughout the country in varying degrees. And in the end, even if ResNet staffers push these policies because they have to and not because they want to, ResNet organizations usually don’t have enough political power within their universities to do anything, to effectively demand money and resources or change policy. We are the grassroots organizations, the Greenpeace, the Legal Aid of university computing organizations. We are the underdog and our political successes are, lately, few and far between. Which is really sad in the grand scheme of things because while students are the bread-and-butter of the education business, their personal computing needs are perhaps among those with which we are least concerned. Instead of student needs, support for personal student computing (not computer labs and such) lives and dies by how far you can stretch a fixed amount of resources and money, a fixed number that was set in the mid-nineties before the Internet really took off, before almost every single college freshman owned her own computer, and before we realized how important technology would really be to a whole generation of young people for which we would be responsible in many ways. In the end, universities and even the companies that include universities in their list of customers for software and hardware products will pay a high price. Some students will never get to experiment and learn and truly spread their wings because they can’t explore all the technologies out there, whether old or new. How many innovative ideas will never come to fruition because a student wasn’t allowed to explore or experiment? How many bad ideas will get played out in the real world because a student couldn’t test it out during their college years when the consequences wouldn’t cost somebody a job? And how many software and hardware companies will lose the chance to establish a user base and develop consumer buy-in and trust among millions of college students across the country? Before Napster fell with a big bang for all the world to see and hear, it managed to spread like wildfire on college campuses throughout the country and the RIAA is still trying to deal with the legacy it left behind and the undeniable place file-sharing and, more importantly, digital music holds now in our world. And even with its fall, universities like University of Rochester are signing huge contracts to bring legal, for-pay services to thousands and thousands of their students. Wouldn’t it be nice to be the company that is the source for digital music for millions of college students across the country?

Personal computing services are not like call waiting or caller ID. It is not like cable TV. It is an integral part of the learning process and essential to the principle of learning through experimentation and exploration, to the idea that a university’s responsibilities include providing students with the opportunity to learn both in and outside of the classroom through a comprehensive approach to education. Just because a computer sits in a student’s room doesn’t mean it’s not vital to the educational process. If anything, it is more important because of the undeniable role it plays it that student’s life and how it can and will be used to do great things, even if those great things are just allowing the student the opportunity to learn something new on her own. And ResNet organizations are the ones who are helping to shape that process even with the few resources we have. While ResNet organizations first grew out of utility, they are now at an important stage in the history of how technology can shape education and learning. Let’s see how many universities will seize this opporunity.

Big Brother is not welcome!

I really have to congratulate Texas A&M for delivering a network security solution that still protects privacy (thanks to the direction of their administration that encourages non-invasive security practices). The Security Team there has built an open-source solution that effectively monitors for network instrusion and dynamically blocks (through a firewall) compromised or vulnerable computers before they can get onto the network. Their product, NetSQUID, is simply a Perl script that sits between Snort and IPTables. Computers are blocked according to the Snort rules the network administrators choose to deploy and Web requests from those computers are automatically redirected to an information page that lets the user know what’s happened, how to fix their computer, and how to get help if they need it.

This process is similar to the one we’re using at Stanford, but it’s so much better! It’s much more elegant and consistently applied across the residential network– they’ve put a server in front of every single residential hall (i.e. every single subnet) and it handles all network intrusion detection and management through one system. This is really a great example of how a university can leverage readily available, free, open-source products out there (it even runs on Linux) and significantly improve security and network health in one simple move– the only real cost to them is the initial staff time to develop the product and then the hardware that it runs on. And really, considering how much time and money improved network security and effective reaction plans can save, these are relatively small, but very worthwhile investments. Stanford lost millions in staff time from the Blaster and Welchia attacks alone last year.

And they’re still maintaining user privacy! The Texas A&M security team admits that they did not consider network management options that required desktop clients (e.g., Perfigo, BigFix, etc.) because they didn’t want to require users to have a particular piece of software on their computers. This is great since products like Perfigo’s CleanMachines and BigFix are primarily designed for corporate environments and can often return lots of properties about a computer on your network. While those types of solutions might be great for managing University-owned computers, they are not the right answer for privately owned student computers. How would you feel if Verizon or Comcast or whoever your ISP was could find out how much hard drive space you had (free or otherwise) or what version of Microsoft Office you’re running? Residential students live where they work. This is not just school to them; it is their home and it is their community. And Big Brother is not welcome!

Why DRM systems are a bad idea and the freedom to tinker

Here’s a great speech given at Microsoft by Cory Doctorow from the EFF. The real question is how it was received by those as the MegaCorp (hopefully well).

This fits in nicely with (and includes a reference to) Princeton professor Edward Felten who gave the keynote this morning at the ResNet Conference. Yikes, it was at 9 am EST (hello 6 am for those of us from the West Coast), but well worth it to have someone remind ResNet professionals from around the country the importance of the freedom to tinker, “your freedom to understand, discuss, repair, and modify the technological devices you own.”

All the small things

I usually only write a paper check when I’m at the salon, so it’s kind of an important milestone every time I run out of checks and need to order a new box. Have I been happy with the checks I have? Should I get new ones? Should my checks express something about me? Should they be professional, simple, colorful, fun? Script or plain lettering, serif or sans-serif? Should I just get my first initial, my last initial, a picture of Winnie the Pooh?

I thought about it for about five minutes, including the time I took browsing through the pile of catalogues that are in every box of checks. And I’m going to stick with the same ones. Aside from it just being easier for me and the bank since I’m just ordering more of the same, eight percent of the proceeds also go to The Susan H. Komen Breast Cancer Foundation. In America, a woman dies of breast cancer every twelve minutes. And how many more suffer through surgery, treatment, and therapy and even then, even once you have been deemed free and clear, fear that it might return?

There’s lots more to do, but maybe this little thing with my checks can provide a little bit of help. Of course, this depends on how much they’re actually going to charge me for the checks. With the way banks are charging now, it might be just cheaper to buy checks from somewhere else and just send the Foundation one of them.

The next great (software) idea?

I went to the CS194 senior project faire here a few days ago– from the faire home page: “In CS194, Stanford’s Senior Project Course, student teams design and implement a significant software project of their own choosing. It is the capstone course–a chance for them to show us what they have learned and demonstrate that they can work with the intensity that will be required after graduation.”

I’ve been to many of these through the years as an undergraduate and as a staff member and I, of course, went through it personally during my senior year at Stanford. If you declare computer science as your major by the end of your sophomore year (like you’re supposed to), you essentially have from a year to a year and a half to come up with what you’re going to do for your senior project (because you know it’s coming) and it’s always interesting to see what people come up with. This year, there were some pretty cool projects, like the program to teach you how to play guitar (complete with 3D graphics and customizable guitar body styles and sounds) or the chat plug-in that basically allows you to use a Web cam to create a cartoon chat avatar that moves and reacts in real-time.

But realistically, even in a class with 15 or 16 Stanford student teams (supposedly some of the best and brightest computer science students out there), you only get two or three really good ideas for projects and you can usually predict the general distribution of project types within a class. You get a handful of people who do learning/teaching applications (which I guess is on your mind when you’re a student), a handful of people who do games (because it’s usually pretty straightforward to come up with a game premise and then code to your heart’s content), and then the rest with a random assortment of ideas.

But I guess getting two or three really good ideas out of a ten-week quarter is a pretty impressive track record, especially considering the load of crap around which startups usually pop up. But it is getting harder to come up with good ideas for new software these days. We have our office applications, our data management software, our Internet search engines. What will be the next great idea in the world of software?

AIDS Walk SF 2004: Change the Course of the Epidemic

It’s that time of year again– time to solicit my friends and co-workers for their hard earned cash to sponsor me for AIDS Walk San Francisco.

AIDS Walk SF helps raise money to support the San Francisco AIDS Foundation and many other San Francisco Bay Area AIDS service organizations. Founded in 1982 and one of the oldest AIDS service organizations in the country, SFAF works not just to educate, but to provide comprehensive services for those living with HIV/AIDS and to aggressively pursue public policy that will address the growing epidemic at both the federal and state levels. Last year, AIDS Walk SF raised over three million dollars to support SFAF and 36 other organizations.

With new drug cocktail treatments, AIDS may feel like it has become a “manageable” disease, but in 2003, the rate of HIV infection in the United States actually went up and of an estimated 900,000 people living with HIV in the US, one-third of them do not even know they are infected. And yet, we grow complacent.

And when we look at the picture worldwide, the picture is even bleaker. Ninety-five percent of people who are infected with HIV live in developing companies where antiretroviral therapy is not as accessible. Approximately half of the people who become infected with HIV are infected before they turn 25 and will die before they turn 35. By the end of 2001, AIDS had left behind a cumulative total of 14 million orphans. And yet, we grow complacent.

Last year, my friends and co-workers helped me raise over $600 in donations. Please join me again this year to help change the course of the epidemic. Walk. Donate. Spread the word. After over twenty years since the first cases of the disease among gay men in California and New York, so many of us have been affected by the disease in one way or another. How many of us know at least one person who is living with HIV/AIDS? How many of us have lost a loved one to this epidemic? Who do you walk for?

To participate:

• Register to walk
• Donate - Sponsor me!
• Make a general donation to AIDS Walk SF

If you’re a Stanford community member (faculty, staff, students, and alumni):

• Join the Stanford team
• Visit aidswalk.stanford.edu
• Make a Stanford team donation