Home

[ned6]

I was very tired at the meeting, so my apologies if I have forgotton anything or my memory is at fault. Discussion did ramble somewhat and went off-topic a lot, so it's hard to be sure.

The upshot is no VPN's as not enough kit supports it reliably. They want to bring in a thing which via DHCP dumps you out of public access if your machine triggers the intrusion detection too much and you get three chances to clean your machine or you get perm banned. This would be introduced next academic year, probably.

They won't commit to removing the port blocking after this feature has been introduced as they feel it has been excellent at preventing virus spread, and no services which they guarantee to provide have been affected. I read this as meaning they won't remove the port blocking at all.

I pointed out that worm spreading attacks very specific ports ie; the ones with Microsoft code running on them - therefore, why couldn't they block just those ports (eg; all below 1050) and leave the rest open? I don't remember getting a satisfactory answer except that it might be a lot of load on the switches.

Discussion then moved to running of services on people's machines. It is currently banned for various reasons such as people intercepting SSH logins to uni computers and collecting the passwords. I suggested that a blanket ban would have no effect on that anyway as it's already illegal under criminal law - though I had meant that banning all services is somewhat overkill. Or to put it more simply, most services people would want to use are totally benign - running your own DHCP server screws with everyone, and banning ALL services just because of a tiny minority seems stupid. Never mind that, I miss my VNC access to my home machine!

Some discussion was made towards enabling gamers to run network games via a special server. I would imagine that many in here would be happy with just that.

I suggested an academic file sharing service which I emailed Ian about. I'll post it as an addendum to this, but it's unlikely to appear for some years as the installation requirements from ITS would be high.

That discussion didn't get anywhere by the time I left in order to go home for lunch. All in all a very disappointing meeting. I would like to know what the union wants to do next - Ben?

Cheers,
Niall

[ned6]

Hi Ian,

Further to what I mentioned today, the program is called LionShare
(http://lionshare.its.psu.edu/main/) and is Penn State University's
solution to sharing academic files between academics, students and the
same in other universities. A number of other US universities are also
involved.

If some acceptable file sharing solution could be found, many of
resident's concerns would be addressed. The only real remaining one would
be games and you already seem to be making progress there.

A detailed technical overview is here:
http://lionshare.its.psu.edu/main/proje ... sentations

Pros:
+ Runs on Windows, MacOS and Linux (it's Java urgh!)

+ Open source (GPL and BSD) and you can happily reconfigure it any way you
+ like

+ Backed up by generously funded academic institutions so it's
+ specifically
designed for technically less competent users in an academic setting. They
also seem pretty keen about supporting it with integrated bug reporting
etc.

+ Much better mechanism of lecturers distributing files to students than
+ WebCT
which has been problematic at best. Here they simply say "send to
repository" and it gets dumped onto one or more core permanent servers
which are augmented by anyone who downloads it eg; if someone in AMH
downloads a file, the next person in AMH gets the copy from AMH rather
than the central server.

+ It's been around two years in development, and judging by the
+ development
mailing list they are testing it to destruction. I understand the student
body in several universities has been beta testing it for the past
academic year.

+ Totally secure with full user rights, security and optional copyright
enforcement. Students can set up their own file sharing groups which no
one else can see unless they want to look hard enough. Therefore you can
catch them trading kiddie porn if necessary but otherwise it can be
treated as see no evil hear no evil.

+ Can be plugged into other academic institutions if wished. Lecturers &
postgrads will love it as you get easy access to loads of stuff you
previously had to spend hours looking up in tedious catalogues and then
ordering from some copyright library university like Cambridge. Also looks
good PR-wise as St. Andrews leads out British universities.

+ Can use existing authentication systems so each user's university
+ username &
password will automatically work

Cons:
- It's really an extension of the Gnutella protocol. This is unlikely to
affect network congestion like a typical Gnutella client as it's been
written by a university for universities. They actually mention it
improving congestion in the empirical tests.

- This means it runs a service I think on port 7791. Of course, if it were
a university authorised service due to optionally installable university
software, and only inbound on port 7791 or a short range were allowed,
this could be okay.

You can see a full list of institutional requirements at
http://lionshare.its.psu.edu/docs/build ... -reqs.html

FAQ: http://lionshare.its.psu.edu/docs/build ... s/faq.html

List of features: http://lionshare.its.psu.edu/main/users

Note that I haven't actually tested this program yet, but I shall do so
during the coming week.

Cheers,
Niall


------------------------------------------------------------------
University of St Andrews Webmail: https://webmail.st-andrews.ac.uk