Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MIT To End Open-Network Policy In Response To Recent Attacks

samzenpus posted about a year and a half ago | from the ruining-it-for-everybody dept.

Security 144

An anonymous reader writes "MIT announced that despite a long history of running an open network (so that any student can run a server on any port, without any questions asked), it will now end this policy due to recent denial-of-service attacks and gunman hoax. From a letter sent by Executive Vice President and Treasurer Israel Ruiz: 'I am deeply and personally committed to safeguarding our community, protecting our campus and securing our systems. Together with our colleagues dedicated to campus safety and security, with the support of senior academic leadership and in collaboration with the campus community, we are deploying all necessary resources to this effort. It will require the dedication of all of us to promote safety awareness, complete necessary emergency training, and adhere to reinforced cyber security guidelines. IS&T staff members are working with information technology (IT) leadership and partners across campus in making the changes described above. We continue to explore all opportunities to further strengthen our preparedness, and will communicate additional information as these plans evolve.'"

cancel ×

144 comments

Sorry! There are no comments related to the filter you selected.

frist post? (-1)

Anonymous Coward | about a year and a half ago | (#43354477)

Though not entirely sure!

AC

Lame. (0, Troll)

girlintraining (1395911) | about a year and a half ago | (#43354495)

"over a gunman... blah blah... blah..."

Okay, thanks MIT. You just let the terrorist win. Giving into fear is a stance the country as a whole has never given into. Even after 9/11, the most destructive terrorist attack on US soil ever, we said "Fuck the terrorists. We don't negotiate. Ever." And yet, here you are, one of the premier educational institutions in the country, where our best and brightest come to learn, caving like a house of cards.

You're pathetic.

Re:Lame. (-1)

Anonymous Coward | about a year and a half ago | (#43354509)

You are under the impression the USA did nothing after 9/11?

Re:Lame. (5, Insightful)

Wookie Monster (605020) | about a year and a half ago | (#43354515)

Terrorists didn't win you say? Consider that the next time you're at the airport.

Re:Lame. (1, Insightful)

girlintraining (1395911) | about a year and a half ago | (#43354537)

Terrorists didn't win you say? Consider that the next time you're at the airport.

We did that of our own free will, which is perhaps more damning. But no terrorist demanded or coerced us into fortifying our airports with questionably useful security. That's my only point: We never gave in to terrorist demands. We may have responded in a less than thrilling and intelligent manner, but we didn't just cave.

Re:Lame. (2)

Anonymous Coward | about a year and a half ago | (#43354641)

I'm not getting this. The gunman hoax didn't issue an ultimatum that MIT close their network. MIT did that of their own free will*. Just as the hijackers of 9/11 didn't demand that we send travellers through enhanced patdowns at the airport. We did that of our own free will. What's the difference?

*Hell, the demands linked to the DDoS demanded the opposite - a greater commitment to the same spirit that led MIT to create the open network policy in the first place.

Re:Lame. (1)

Anonymous Coward | about a year and a half ago | (#43354799)

We responded by being terrorized (demanding ineffective security).

We caved.

That whole 'he who sacrifices liberty for security achieves neither' quoteish thing? Yea, we did that.

They won. // Captcha: "censor"

Re:Lame. (1)

Anonymous Coward | about a year and a half ago | (#43354805)

We gave into the demands of terrorists. They just happened to be elected into office, and we pretend they serve us.

They don't. They're criminals operating outside the law.

Re:Lame. (1)

elashish14 (1302231) | about a year and a half ago | (#43354811)

Free will, eh?

But of course. Nobody in the US has ever acted irrationally before.

Re: Lame. (0)

Anonymous Coward | about a year and a half ago | (#43354939)

No. The 9/11 terrorist demanded that we get out of Saudi Arabia. .... Which we promptly did.

Re:Lame. (2)

X.25 (255792) | about a year and a half ago | (#43355437)

We did that of our own free will, which is perhaps more damning. But no terrorist demanded or coerced us into fortifying our airports with questionably useful security. That's my only point: We never gave in to terrorist demands. We may have responded in a less than thrilling and intelligent manner, but we didn't just cave.

Holy Mother of God.

Do you even understand what you are saying?

Re:Lame. (1)

StoneyMahoney (1488261) | about a year and a half ago | (#43355633)

Didn't he once, a long time ago, mention something about saving the town by destroying it?

Re:Lame. (1)

dbIII (701233) | about a year and a half ago | (#43354775)

That's right, you have a choice of the scanner with uncertain radiation emissions or getting blackballed (if the TSA guy squeezes too hard).

Re:Lame. (2, Funny)

Anonymous Coward | about a year and a half ago | (#43354913)

Terrorists didn't win you say? Consider that the next time you're at the airport.

Yup, that's what the terrorists REALLY wanted, forget all the religious, ideological, or political crap; annoying airport security procedures. They sure showed us!

Re:Lame. (-1)

Anonymous Coward | about a year and a half ago | (#43354549)

This gets a 3? slashdot turns into slantdot.

Re:Lame. (0)

Nimey (114278) | about a year and a half ago | (#43354557)

Racist.

Re:Lame. (-1)

Anonymous Coward | about a year and a half ago | (#43354741)

Fucking spineless chickenshit bootlicking little mamas-boy FAGGOTS! Why didn't you stop it?

YeeeeeARRRRRRRGH!
 
  -- Ethanol-fueled

Re:Lame. (1)

Anonymous Coward | about a year and a half ago | (#43354747)

slant.. you know like a slanted view? biased? lol. the world we live in.

Re:Lame. (0)

Anonymous Coward | about a year and a half ago | (#43354597)

Fuck the terrorists. We don't negotiate. Ever.
 
Perhaps we don't negotiate. I'm not sure about that. But we did suck a lot of al Qaeda dick with the TSA and the Patriot Act. Bush bowed down. Obama bowed down. Next to no one in the federal legislature questioned it. Even after more than a decade later with Osama Bin Dyin' out of the picture and all our senior "leadership" saying that al Qaeda is a done deal we're still sucking at the teat of false security.
 
Just one power grab after another turning us into a nation of slaves. The one party system tricking you into giving up your guns, your privacy and your humanity. Who's hands will the blood be on when Big Brother is rationing out chocolates and feeding you newspeak?

Re:Lame. (5, Insightful)

macraig (621737) | about a year and a half ago | (#43354625)

You ruined your own argument halfway through the rant. It's not about "Fuck the terrorists. We don't negotiate. Ever." It's about reacting knee-jerk to terrorism by altering values, restricting freedoms, and generally making the society more closely resemble the repression of the terrorists' own culture. So actually the "country as a whole" did in fact give into terrorism. We have the Patriot Act (still) and a whole tanker fleet full of other repressive and invasive institutions and programs that either didn't exist at all beforehand or were mere shadows of what they are now.

The terrorists did win, regardless of per capita casualty stats. Our society now looks a bit more like their ideal than it did in 2000, not the other way around.

What MIT has done here is exactly the same behavior.

Re:Lame. (2)

girlintraining (1395911) | about a year and a half ago | (#43354669)

What MIT has done here is exactly the same behavior.

You're saying two wrongs make a right. The government failed, therefore MIT should also follow in their fail-steps, thus leading to The Right Thing.

Re:Lame. (0)

Anonymous Coward | about a year and a half ago | (#43354685)

Actually, he didn't say much about whether it was The Right thing at all. It's only you who have been dragging right and wrong into this. You just made a flawed metaphor and now have an entire thread of discussion about it.

Re:Lame. (1)

macraig (621737) | about a year and a half ago | (#43354705)

I didn't say anything of the sort. I said your argument failed. :-)

Re:Lame. (0)

Anonymous Coward | about a year and a half ago | (#43354927)

altering values, restricting freedoms, and generally making the society more closely resemble the repression of the terrorists' own culture

Are we still talking about U.S. airport security?!

Do you know ANYTHING about Islamic extremism? Are you serious?

Re:Lame. (0)

Anonymous Coward | about a year and a half ago | (#43355999)

Still, nobody is as bad as North Korea right now. The bullshit those people go through...

I wonder if they are still up for starting a war again.
Goooogle news, here I come.

Re:Lame. (0)

Anonymous Coward | about a year and a half ago | (#43356087)

well yeah, except there is no spoon^Wterrorists

Re:Lame. (3, Insightful)

uncqual (836337) | about a year and a half ago | (#43354725)

Would we say that because MIT locks some of the doors to some of their rooms some of the time that the thieves and burglars have won long ago? Would we say that MIT "caved" to the thieves and burglars?

Re:Lame. (2)

girlintraining (1395911) | about a year and a half ago | (#43355299)

Would we say that because MIT locks some of the doors to some of their rooms some of the time that the thieves and burglars have won long ago? Would we say that MIT "caved" to the thieves and burglars?

You're making a strawman argument here. I have thieves and burglars in my neighborhood. It doesn't mean I hide under the couch, stroking my gun, and mumbling "The time of purification is soon..." There is this thing called proportional response: And considering the massive benefits of the open-network policy in terms of the innovations that have come out of MIT versus the uncommon and not terribly harmful issues that have come up because of it, it's a terrible decision. The very start of hacking and humanity's first foray into artificial intelligence got its start because of that open policy.

If you wanna throw that away because of some burglars and thieves, you're a fool.

Re:Lame. (4, Insightful)

uncqual (836337) | about a year and a half ago | (#43355567)

Okay. Since you want to make this personal. No, you're a fool.

MIT's open policy was simply a convenient exception to most institutions. However, the risk of the open policy interfering with productive use of the network has now, in the judgement of adults, exceeded the value of letting anyone run a child porn service (or similar, including DDOS attacks) on/from MIT's network. Early mass produced automobiles didn't have door locks or ignition locks - do you expect to have a door lock on a new car you buy? Time moves on.

Serious students who want to develop whatever they want to will simply set up N virtual machines on their laptop on a local virtual network to do whatever they need to do. If they want to expose it to the world, they will either apply for the "opt out" option with MIT or just use AWS or something like that to open it up to the broader world and end up launching the next Google or Facebook. It's not 1995 anymore - grow up - automobiles have door locks now.

Re:Lame. (1)

cheater512 (783349) | about a year and a half ago | (#43354851)

Erm the 9/11 guys didn't want to negotiate at all.

In fact even if the military/politicians were going to negotiate, it had all happened before they noticed anything was wrong.
There was no opportunity at all for negotiations.

Re:Lame. (1)

Forty Two Tenfold (1134125) | about a year and a half ago | (#43355483)

There was no opportunity at all for negotiations.

There were many years of opportunities to avoid that attack (if it was in fact from outside).

Optional (5, Insightful)

Sarten-X (1102295) | about a year and a half ago | (#43354535)

Apparently, the new policy is just by default:

Those engaged in research, teaching and learning activities will be given the option to opt out of the default network security policy through a self service mechanism.

Basically, it looks like someone in administration finally asked "What if we're actually a target?" and the response was "we're royally screwed". Yes, it's nice to give open access to everything, but I doubt most college students, even at MIT, follow reasonable security procedures. So now, they're going to block everything by default, and if someone wants to open access, they can do it themselves. Best case, there's no problems and nobody notices. Worst case, MIT's network isn't such a help during an attack.

So a university changed its default security policy. Big deal. I don't see how this is newsworthy.

Re:Optional (4, Interesting)

Nimey (114278) | about a year and a half ago | (#43354551)

It sounds to me like students were allowed to run arbitrary servers before, and that group is not included in the passage you quoted, therefore students will no longer have this option at all unless it's for an assignment.

Re:Optional (3, Funny)

Sarten-X (1102295) | about a year and a half ago | (#43354567)

Students aren't engaging in "learning activities"? What exactly are they doing at college, then?

...I ask as I take another sip of my beer...

Re:Optional (1)

Nimey (114278) | about a year and a half ago | (#43354583)

Exactly. Running your public Minecraft server doesn't have anything to do with "learning" except in the broadest possible sense.

Re:Optional (2, Insightful)

Anonymous Coward | about a year and a half ago | (#43354619)

I learned more running a public nethack server than I did in half the required classes for my CS degree. (Admittedly, I didn't go to MIT.)

Re:Optional (1)

girlintraining (1395911) | about a year and a half ago | (#43354653)

Exactly. Running your public Minecraft server doesn't have anything to do with "learning" except in the broadest possible sense.

Making available a public and shared resource does lead to things that aren't strictly in-scope, but can you tell me you don't play flash games at work? Or post to a certain technology website to take a mental break from the tedium of what you're supposed to be working on, so you can come back to it refreshed?

Google gives its employees part of their workday off to do whatever they want, and it's resulted in some rather amazing products. And none of the company's resources used during that time is strictly for business either. Sometimes, loosening up regulations just a bit results in a lot of liquidity that can be leveraged to get bigger and more useful projects off the ground that otherwise wouldn't pick up enough momentum.

And Minecraft is a perfect escape for the kinds of people that build robots and program in their dorms -- they're still building things, just abstractly.

Re:Optional (0)

Nimey (114278) | about a year and a half ago | (#43354683)

All of what you said is utterly irrelevant.

Re:Optional (1)

Bing Tsher E (943915) | about a year and a half ago | (#43356103)

You are correct, that Minecraft is the perfect escape from building robots and programs. I cannot count the number of hours I have spent fighting mobs when I could have been coding something.

My choice, and I make it freely. But I don't sugar coat it.

Re:Optional (5, Insightful)

Sarten-X (1102295) | about a year and a half ago | (#43354699)

Cute, but wrong.

Minecraft (and other game) servers are just as good at learning proper administration techniques as the IRC servers I ran in my college days. The admins must go through the configuration process, think about uptime, anticipate resource needs, and put some concern into security, while carefully handling (or intentionally not) the interpersonal conflicts that arise among users... all the same tasks a good admin must mind in the real world of IT.

Coincidentally, I'm currently mentoring a high-school student preparing for an IT program at college. We're going over some basic admin skills in advance of his classes, focusing on the real-life experiences from my day job as an IT admin at a finance company. His main service is actually a Minecraft server... but behind the scenes, he's running Bash scripts for backup & housekeeping, Apache for a web-based world map, Nagios to alert him if/when something crashes, and some Perl hacks (that I wrote) to add a few server functions.

Of course, that's just for a silly little game, but it doesn't really matter what the user-facing service is. The demands of IT administration are pretty generic. I use similar services daily, though the backups are done less with Bash and more with Enterprise Agentless Backup Manager Plus Professional Ultimate Corporate Edition.

Re:Optional (1)

Nimey (114278) | about a year and a half ago | (#43354727)

Now you're just being obtuse and begging the question. If you're a student, running your game server (or Net-accessible model railroad controller, or whatever) doesn't have anything to do with what you're paying MIT for and there's nothing stopping you from getting it hosted at a colo somewhere.

It's a hobby, which may be interesting and even valuable, but ultimately MIT has to make sure their network is serving classes, faculty, research, &c (that being what people are paying for). It's a matter of priorities (classrooms and research being a higher priority than a random student's hobby), and it ties into my point in a different thread that a few assholes are going to ruin things for everyone.

Re:Optional (1)

Anonymous Coward | about a year and a half ago | (#43354833)

The whole point of an academic environment is to be allow people to learn in their own ways, not just follow directions given from high up. So yes, the ability to experiment with network servers that are not directly later to any class the students are taking is precisely why the MIT (and a lot of ther universities that still understand academic ideals) don't stop students from running network servers.

Re:Optional (2)

10101001 10101001 (732688) | about a year and a half ago | (#43355161)

... it ties into my point in a different thread that a few assholes are going to ruin things for everyone.

You're right. University administrators are too interested in CYOA to actually do the right thing. They are assholes.

Oh, and if you were referring to the "terrorists" (as others have put it), well, no, they don't have the power to do jack squat, so they're clearly not the assholes who ruined things for everyone. It's the University administrators that cowered and changed policy. And it's not like gun hoaxes or denial of services are some magically new thing that warrants *any* change in policy--just like terrorists attacking planes or destroying buildings wasn't a new thing on 9/11. No, this is just cowardly kowtowing to--well--hypothetical parents and hypothetical interest groups. What part of "I am deeply and personally committed to safeguarding our community, protecting our campus and securing our systems." doesn't scream kiss-ass, double-talk?

The most secure systems in the world are the ones that are constantly under attack. They're the ones that have to actually combat real-world threats and not just all those hypothetical, isolated ones. Evolution itself is predicated on that very idea, that nature and life is a savage world in which there's a constant struggle all-over the place and extinction-level events have occurred repeatedly. To turn tail and thinking closing off their network will solve things... No, I don't think they believe that. But, it does suddenly give the IT department--and by extension the University administration--(a) the power to deny people on a whim and (b) the power to otherwise monitor activity that they would otherwise be completely unaware of--and that's a good sign that suddenly having monitoring activity will grant them to make non-issues issues predicated on their own beliefs.

In short, the ultimate goal of University should be to enrich the lives of their students, professors, etc by broadening their horizons. No part of IT department or administration micro-management really should enter into it--and sadly, I think it happens too much already with department heads in general treating their department as their personal fiefdom, so I can see where the administrators would get the idea. What's next? Random dorm room inspections?

Re:Optional (1)

rmstar (114746) | about a year and a half ago | (#43355555)

If you're a student, running your game server (or Net-accessible model railroad controller, or whatever) doesn't have anything to do with what you're paying MIT for and there's nothing stopping you from getting it hosted at a colo somewhere.

Also, if the reputation of MIT as a pressure cooker is true, you won't be a student at MIT for too long if you waste your time running and administrating your own game server.

Re:Optional (1)

Bing Tsher E (943915) | about a year and a half ago | (#43356111)

Near as I can tell, the people chiming in about Minecraft servers didn't go to MIT.

Re:Optional (1)

Anonymous Coward | about a year and a half ago | (#43356165)

I attended MIT. You'd be *amazed* at how many chances they give you to hang yourself before finally cutting you off. 1 in 4 students does not gradutate, but I'd be shocked if it was more than 1 in 500 who was expelled or permanently suspended for misbehavior.

And their security has traditionally been horrible. Go ahead. Scan MIT's /8 network for NFS servers. Until a month ago, you'd have been *amazed* at how many public facing NFS servers you could find, with private correspondence from professors and student information in violation of Massachusetts law.

Re:Optional (1)

dbIII (701233) | about a year and a half ago | (#43354785)

Dunno about that - I learnt a bit about networking from multiplayer Quake.

Re:Optional (0)

Anonymous Coward | about a year and a half ago | (#43354777)

Students aren't engaging in "learning activities"? What exactly are they doing at college, then?

Not in a majority of US colleges or public schools they aren't.

Passwords (3, Insightful)

Sarten-X (1102295) | about a year and a half ago | (#43354555)

Bad form to reply to myself, I know, but I did find one noteworthy detail in that memo upon further inspection:

Passwords will also be tested to ensure a minimum level of complexity; existing weak passwords will be required to be changed.

...so MIT stores its passwords in a form that allows complexity testing... Interesting.

They could just be brute-forcing 7 characters and calling it a day, or adding something to a commonly-used login system... but if it's feasible to test how complex an existing password is, I have to wonder about how the passwords are being stored.

Re:Passwords (1)

Nimey (114278) | about a year and a half ago | (#43354573)

You know, it's possible to check a password's complexity /before/ hashing it. Various Linux distros and Windows do it that way.

Re:Passwords (1)

Sarten-X (1102295) | about a year and a half ago | (#43354603)

For the "existing" passwords that the memo says they'll be checking, they should be stored already hashed, so it's too late for that. If it's a check done at login (before the client hashes), that implies that there's a feasible way to inject code to access the unhashed password, and frankly that worries me more.

Linux distros and Windows will happily keep existing simple passwords, if you've set them before enabling complexity requirements. After enabling the requirements, the old passwords aren't re-checked, as MIT's memo implies they will do.

Re:Passwords (1)

Nimey (114278) | about a year and a half ago | (#43354631)

My guess is that they're consulting rainbow tables, then. Got to be plenty of those out there for various hashes.

Re:Passwords (0)

Anonymous Coward | about a year and a half ago | (#43354813)

Actually this is probably a good idea to do for all the passwords since hashing has collisions. Your 30 character password could have the same hash as a 3 letter one.

Re:Passwords (0)

Anonymous Coward | about a year and a half ago | (#43354801)

You are not thinking very hard here.

Client sends password over SSL > Server decrypts
Now the server has the plain text password > Server hashes password
If the hashed password matches > Server performs complexity test on the unhashed password you just sent
If the unhashed password is weak > Server does $something requiring you to change the password.

Re:Passwords (0)

Anonymous Coward | about a year and a half ago | (#43354845)

Congratulations. You've flunked encryption 101. You never send the plaintext password over the wire, because you can't trust the middleman. Salt and encrypt on the client end, then salt and encrypt on the server end.

Re:Passwords (1)

drkstr1 (2072368) | about a year and a half ago | (#43355099)

Congratulations. You've flunked encryption 101. You never send the plaintext password over the wire, because you can't trust the middleman. Salt and encrypt on the client end, then salt and encrypt on the server end.

SSL is better than anything you could cook up on the client-side, ya dummy.

Re:Passwords (1)

drkstr1 (2072368) | about a year and a half ago | (#43355093)

Yeah, don't worry about it. That's actually how it's supposed to be done. Passwords should be sent over SSL and hashed server-side. Using some half baked client-side crypto is not the way to do it.

Re:Passwords (2)

ultranova (717540) | about a year and a half ago | (#43355097)

For the "existing" passwords that the memo says they'll be checking, they should be stored already hashed, so it's too late for that.

Or they could simply be running a password cracker, and you're putting too much weight on exact wording. In fact, I'd almost bet it was that; after all, the point is to make passwords hard to crack, so testing whether they are makes more sense than some arbitrary rules.

If it's a check done at login (before the client hashes), that implies that there's a feasible way to inject code to access the unhashed password, and frankly that worries me more.

What client? It is pointless to do hashing on client end, and of course the system admin can inject code to their login procedure.

Re:Passwords (1)

RyuuzakiTetsuya (195424) | about a year and a half ago | (#43354579)

You can capture weak passwords during login when you've confirmed the hashes match. If it is weak, flag the account as having a weak password.

Re:Passwords (0)

Anonymous Coward | about a year and a half ago | (#43354599)

They probably have a table of n-digit alphanumeric passwords, hashed with their favorite salt, handy. If not, they'll generate them. Easy since they know the salt.

Re:Passwords (1)

fgodfrey (116175) | about a year and a half ago | (#43354859)

MIT is almost certainly using Kerberos for their authentication since a) they invented it and b) that's what they were using at least as recently as 2005. In any event, how Kerberos stores passwords depends on the exact implementation, but in at least some implementations (admittedly old) you could decrypt the password database on the Kerberos key server with a key stored in a file in /etc. The Kerberos server is supposed to be kept extremely secure, with Kerberos being the only service running on it and it being kept in a physically secure location.

Re:Passwords (1)

TarpaKungs (466496) | about a year and a half ago | (#43355901)

IME most kerberos servers store the database key in what they term a "stash file". That's current practise too.

Unless you need the level of security that you have to go upto the console and present a key when the system reboots or the KDC service restarts, there isn't any other way. Essentially, for most real world systems, the kerberos primary and slaves need to be regarded as machines to be kept highly secure or it's game over.

Is AD any different?

Re: Passwords (0)

Anonymous Coward | about a year and a half ago | (#43354971)

all this means is that everyone whose password is passw0rd will be getting a memo.

Re:Optional (2)

starfishsystems (834319) | about a year and a half ago | (#43354849)

It's noteworthy. It represents the end of an era which, I appreciate, many Slashdot readers are too young to have experienced. That doesn't mean that it was unimportant.

As a preeminent place for the exploration of ideas, MIT held a refreshingly open attitude towards all forms of intellectual curiosity, collaboration and information exchange - both ancient and emerging. That spirit is what I associate with people like Richard Feynman, Noam Chomsky and Richard Stallman, who not only have fundamentally interesting ideas to share but are particularly outspoken about the freedom to be outspoken.

It's significant that the MIT Lisp Machine and its various exotic descendents provided no authentication. This was a fairly extreme design decision that, in my view, only makes sense in this particular social context. Many of us objected to that decision on technical grounds, but in fact no one knew whether it would turn out to be a brilliant move or a naive one.

Well, now we know. The letter from Israel Ruiz gives a nod to the original spirit of the Internet:

MIT has a long history of operating an open network environment, allowing devices on MIT's network unrestricted incoming and outgoing access to the Internet.

Re:Optional (-1)

Anonymous Coward | about a year and a half ago | (#43355383)

Yeah? Well to me it sounds to me like MIT turned to SHIT. The "policy change" won't make any difference no matter how popular "security by illusion" is. Real security "by default" is extremely cumbersome and rare and uncommon even for military installations. That goes for both physical security and any other security.

MIT would have been much better off not being assholes in the first place but it's too late and now they're simply getting a little bit of what they deserve. We all know why right?

History rhymes (1)

Nimey (114278) | about a year and a half ago | (#43354539)

A few assholes can and will ruin a good thing for everyone.

Re:History rhymes (1)

Anonymous Coward | about a year and a half ago | (#43354639)

No. Freedom & Liberty will persist until the day cowards are required to make sacrifices to preserve them. Unfortunately, once a coward shirks their responsibility to persevere, the damage is permanent loss of ground to the enemy.

You will never prevent people from acting like assholes provided the opportunity, but you can choose how you react to those people; based on principle, or without it.

It's not enough to elect the lesser of two evils, we should be choosing the most principled of two libertarians. So long as we have a two party system, we will always be losing ground to politicians & policymakers who are just crooked enough to not get fired.

Re:History rhymes (3, Funny)

Nimey (114278) | about a year and a half ago | (#43354647)

BINGO!

Hah, got my card filled out that time.

Re:History rhymes (1)

cffrost (885375) | about a year and a half ago | (#43354657)

A few assholes can and will ruin a good thing for everyone.

The assholes are the people who impose restrictions, not the people the assholes point to for justification.

Re:History rhymes (1)

Nimey (114278) | about a year and a half ago | (#43354695)

Riiiiight. The asshole is, say, the government for telling Company X they have to stop polluting waterways with dioxin and not Company X.

Libertarians can be so simple-minded about their religion.

Re:History rhymes (1)

cheekyjohnson (1873388) | about a year and a half ago | (#43354791)

The asshole is, say, the government for telling Company X they have to stop polluting waterways with dioxin and not Company X.

Well, the government is certainly the one trying to stop them from polluting in that example, but that doesn't mean they're wrong for imposing the restrictions. I don't believe anyone is saying that restrictions are always bad.

Clearly some people here do think MIT is wrong since innocents are being punished as well.

Re:History rhymes (1)

cffrost (885375) | about a year and a half ago | (#43354903)

Riiiiight. The asshole is, say, the government for telling Company X they have to stop polluting waterways with dioxin and not Company X.

I thought we were talking about situations where the freedoms of innocent people are restricted in response to the malicious or negligent actions of others — for example, MIT restricting network access to non-attackers and non-hoaxers.

Re:History rhymes (1)

3.5 stripes (578410) | about a year and a half ago | (#43356121)

You are, the river is everyone's to use, now the US gov just made a rule saying that no one can have a drain from their backyard in the river because company X is using it to get rid of dioxins..

Courage is in short supply. (3)

mlwmohawk (801821) | about a year and a half ago | (#43354635)

The "Home of the Brave" is a joke at MIT, and U.S. universities across America. Once the wussy administrators take hold, all is lost without a fight. Wussy administrators will use security and safety as they cudgels, They will hide behind their desks and enact policy that eliminates any freedom that may challenge the status quo.

This is, in fact, what America deserves unless and until we ALL have the courage to fight it everywhere it is. I would say "Shame On You" to MIT, but I would be decades late.

Re:Courage is in short supply. (1)

EmperorArthur (1113223) | about a year and a half ago | (#43354719)

Reminds me of my time in college.

/Begin Rant

I don't know how many of you have had to deal with the Cisco Security Agent, but it's a nightmare.
It's a service that runs on windows boxes that requires AV software has been updated to the latest version, and that the user logs in.
The product docs explicitly say it allows remote code execution by the network administrator, and it sucks at it's main purpose. That's because the only AV software that the university seems to recognize is McAfee.

Thankfully CSA is a broken piece of crap, so half the time I could get an open port for my VPN, and it allows *nix boxes on with just a login page. I just hope you don't want to run an Android or BlackBerry, given that the admin decided it's not worth the time to configure the server to allow it. Oh, and don't forget the monitoring and logging of all net traffic.

Taken together, it's no surprise that most students end up paying for cable internet for there dorms. When Comcast has a University beet on speed, reliability, privacy, and customer service, you know you have a problem.

/End Rant

I really hope MIT doesn't do the same thing as the University of Alabama in Huntsville does. While I doubt that they would, primarily because they (probably) have a competent networking staff, I fear for all MIT faculty and students as they go down this ramp.

Fear ... (0)

Anonymous Coward | about a year and a half ago | (#43354643)

Of those who ... know ... and do ... infinitely ... more ... than he.

Executive Vice President and Treasurer Israel Ruiz [the he] shows the length of his Penis, his most valued object that he worships 24/7 with devout devotion, is the deciding 'criteria' on anything now and forevermore MIT.

This is all about how they screwed Aaron Swartz (0)

Anonymous Coward | about a year and a half ago | (#43354649)

they were just waiting for an excuse to kill open access... this may even get rid of RMS

This will not end well (1)

drwho (4190) | about a year and a half ago | (#43354665)

MIT students really like the freedom that they have on their nets, and in fact, have come to take it for granted. I forsee massive disobedience to this, along with protests. and I'll be standing there right beside them.

Re:This will not end well (1)

mwvdlee (775178) | about a year and a half ago | (#43355855)

Any MIT student that protests this instead of hacking his way around it doesn't deserve to be an MIT student.

Try reading the actual article (4, Informative)

murdocj (543661) | about a year and a half ago | (#43354709)

I mean, yes, this is Slashdot, so the kneejerk reactions are appropriate, but if you bother to read the article, the changes are just plain common sense. They are going to enforce reasonable passwords, and if you want to have an externally accessible server, you either need to use a VPN, or opt out of the security policy. All this foaming at the mouth about the end of academic freedom sounds a lot like the NRA freaking out when someone proposes limiting how many rounds you can fire off at a time without reloading.

Re:Try reading the actual article (1)

nomadic (141991) | about a year and a half ago | (#43355019)

"I mean, yes, this is Slashdot, so the kneejerk reactions are appropriate"

The sad thing is I'm convinced that a lot of the people shrieking about how evil MIT is for doing this are the same ones who respond to posts about DDOSes by shrieking how it's all the administrators fault for not properly locking down their networks.

Re:Try reading the actual article (0)

Anonymous Coward | about a year and a half ago | (#43355151)

Why would one need more then ten ports open at a time!

Re:Try reading the actual article (1)

stenvar (2789879) | about a year and a half ago | (#43355403)

Bad analogy. You can't "opt out" of gun control limits, you can "opt out" of MIT's network policy.

Re:Try reading the actual article (0)

Anonymous Coward | about a year and a half ago | (#43355433)

I mean, yes, this is Slashdot, so the kneejerk reactions are appropriate, but if you bother to read the article, the changes are just plain common sense. They are going to enforce reasonable passwords, and if you want to have an externally accessible server, you either need to use a VPN, or opt out of the security policy . All this foaming at the mouth about the end of academic freedom sounds a lot like the NRA freaking out when someone proposes limiting how many rounds you can fire off at a time without reloading.

So if I want to run an externally accessible server at SHIT I can opt out of the "security policy"? Sounds good lol XD

Pro NRA/gun ownership, pro freedom/liberty, and pro free and open source all go extremely well together and if you think otherwise you might be suffering from some severe cognitive dissonance.

A dark day for MIT (2)

Casandro (751346) | about a year and a half ago | (#43354929)

Here they admit they don't understand the Internet, by limiting incomming "connections" and acting if there was a difference between a server and a client. It's a testament that freedom and education are now less important than stupidity and the fear of imaginary dangers.

Faculty (2)

puddingebola (2036796) | about a year and a half ago | (#43354941)

What is the faculty's response to this response?

This is what happens (-1)

Anonymous Coward | about a year and a half ago | (#43354951)

When you let MEXICANS cross the motherfucking border. They're terrorizing all of us honest, hardworking Americans, and they deserve to be treated like the fucking garbage that they are.

I say round them up, put them in concentration camps, and gas the sons of bitches.

They ain't good for fucking NOTHING.

America is for Whites. Send those Mexicans back to Mexico, or KILL THEM ALL. They aren't even human, so it's not like we would be doing anything wrong.

2 wrongs don't make a right (1)

zenlessyank (748553) | about a year and a half ago | (#43354955)

Anything that is in existence can serve 2 purposes, good or evil. Period. Controlling that particular 'anything' is someones' ego gone wrong. We all deserve the total freedom to do whatever we want and then JUDGED after we choose the wrong choice. Fools.

One of the "wishes" was... (1)

ibsteve2u (1184603) | about a year and a half ago | (#43355039)

One of the "wishes" was

a commitment to a “free and unfettered internet.”

We had a "free and unfettered internet"...and then the spammers-, virus coders-, and hackers-for-profit moved in.

Re:One of the "wishes" was... (0)

Anonymous Coward | about a year and a half ago | (#43355467)

Which is actually how it should be, but then the suit-and-tie "saviours" moved in with their pseudo-econo-political bullshit and tried to cram an evolving ecosystem into a spreadsheet.

But the internet didn't die even at that point, it simply moved elsewhere. It did route around the problem.

WALLED GARDENS ARE NOT THE INTERNET NO MATTER WHAT THEY*RE CALLED.
Have you ever been on the internet?

not a brain dead one size fit all solution (0)

Anonymous Coward | about a year and a half ago | (#43355157)

From what it sounds like they are trying to be reasonable, and not a brain dead one size fit all solution

"Cybersecurity", "cyberwar", "cyberthis and that" (1)

gsiarny (1831256) | about a year and a half ago | (#43355187)

I'm dismayed that MIT, of all places, uses the thoroughly awkward term "cyber security" in its official correspondence. Outside of a few sci-fi novels, "cyber" seems to be the province of clueless congressmen and the reporters who love them. It's a buzzword for media outlets, politicians, and consultants who don't understand the net, want to profit from others' lack of understanding of the net, or both.

Who gives a shit what MIT does with their network? (0)

Anonymous Coward | about a year and a half ago | (#43355261)

How does this effect me? How does this effect 99.9% of the world? Who cares?

Re:Who gives a shit what MIT does with their netwo (0)

Anonymous Coward | about a year and a half ago | (#43355861)

It probably doesn't _affect_ you at all, since you apparently didn't get an MIT education, let alone any education.

Liberty ? (0)

Anonymous Coward | about a year and a half ago | (#43355305)

Common US rule :
For your security, we are getting rid of your liberty.

Re:Liberty ? (1)

EmagGeek (574360) | about a year and a half ago | (#43356051)

What liberty? MIT owns the network. They can do what they want with it, including setting rules and terms of access and use.

Property rights are the ultimate form of liberty. If it's my property, I can do what I want with it, and control who can access and use it and for what purpose.

Clear message indeed. (0)

Anonymous Coward | about a year and a half ago | (#43355347)

Shows this guy's "commitment", dunnit?

If it acts like an old woman, talks like an old woman, ...

Shit, both my grandmothers had more spine than he.

This is news? (1)

ThisIsSaei (2397758) | about a year and a half ago | (#43355539)

Honestly after the whole Swartz case we knew it wasn't a 'free network.' You know, it would have been nice if they "secured it" to their liking before they harassed someone to death for using it.

Can you say.... (0)

Anonymous Coward | about a year and a half ago | (#43355971)

False flag?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?