Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Behind the Scenes at MIT's Network

Zonk posted more than 7 years ago | from the mighty-interesting-technology dept.

Networking 118

BobB writes "MIT's head of computer networks and security gives an inside look at how the techie school is fending off hackers, cranking up its network to handle voice over IP and become a fiber network operator to link to other research institutions. From the article: 'Q - How do you actually enforce security standards among MIT's departments and network users? A - Enforce is not a word you can use at MIT. We try to entice people to do the right thing. We've made a lot of progress. We've removed the financial incentive to run your own network, which used to be cheaper than having us do it. We've been a cost-recovery network since forever now though. At many universities the network is free and they just fund it out of operating costs.'"

cancel ×

118 comments

Sorry! There are no comments related to the filter you selected.

this is pretty danr cool (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17682938)

yay first post

The main security problem (4, Insightful)

zappepcs (820751) | more than 7 years ago | (#17682948)

FTFA:
Q:.. I know MIT has not been immune to breaches either, but what do you think when you hear about new breaches like these?

A:.. The problem we all have is the Microsoft patch of the week. I hate to say it, but it's sort of the payback for universities not paying attention to security for decades or being sloppy about administrative computing. ....

Not that MS is the only problem, but they helped secure that mentality. I don't think Linux would have made it easier or better either. He goes on to talk about use of SSNs and other bad ideas. If only businesses would listen to this type of advice!!

Re:The main security problem (5, Insightful)

TodMinuit (1026042) | more than 7 years ago | (#17683030)

If only businesses would listen to this type of advice!!

If only consumers would demand that business listen to this type of advice.

Re:The main security problem (0)

Anonymous Coward | more than 7 years ago | (#17688594)

If only consumers were experts at the inner workings and industry best practices of every product they purchased, before they purchased them.

Re:The main security problem (2, Insightful)

bugg (65930) | more than 7 years ago | (#17688818)

If only ideas were evaluated on their merit, rather than based on the amount of money people can throw towards them.

"Market forces" don't guarantee smart outcomes, especially given that smart isn't correlated with wealthy.

Re:The main security problem (1)

ZachPruckowski (918562) | more than 7 years ago | (#17683588)

I don't think Linux would have made it easier or better either. I don't have to reboot as often when patching in Linux vs MS and OS X (yes, I have all three). That offers a bit of an advantage, in the sense of the lack of downtime encouraging patching more often (after testing, naturally)

As A Failed MIT Network Technician (0, Offtopic)

AssCork (769414) | more than 7 years ago | (#17683018)

You must feel pretty bad about yourself.

MIT on wireless security (4, Funny)

mabu (178417) | more than 7 years ago | (#17683066)

FTA:

What about dealing with wireless on campus these days?

We recently started surveying our community about what mobile devices they are using, how they are using them, etc. We have a team of people worrying about this.

Re:MIT on wireless security (2, Interesting)

rucs_hack (784150) | more than 7 years ago | (#17683348)

Wireless on a whole campus? Wow. Is that standard in the US?
At my uni we have wireless within the CS dept only, and that only within a small part of the building. It's monumentally shit.

Re:MIT on wireless security (3, Interesting)

Marxist Hacker 42 (638312) | more than 7 years ago | (#17683418)

It's becoming standard. Heck, my CITY [oregonlive.com] is going wireless, and this article says the building I work in will be covered by MetroFi in the next 4 months.

It happens, but not "standard." (4, Informative)

Kadin2048 (468275) | more than 7 years ago | (#17683524)

It's not "standard," but there are places that do it. Generally small campuses, or ones that didn't build-out wired infrastructure when they should have, and are now trying to catch up and be 'wired' using 802.11 as a substitute for a real copper network.

I know there are quite a few schools deploying it strategically, which seems like a good plan. It only takes a few minutes walking around a college campus to realize that there are a few key places where wireless would be most useful, and a lot of places where it would probably be underutilized. Libraries are huge -- go into any uni library and you'll see rows of people typing away on laptops. If you can't afford to put an Ethernet drop at every study carroll, wireless is the next best thing. (Well, actually, both would be best.) Study lounges and communal spaces are probably next, followed by cafeterias and big lecture halls (if you want to encourage people to use laptops in class; some schools might have faculty that would rather discourage that). In warm climates, outdoor locations can be great locations for Wifi, too.

But deploying it all over a large campus would, for most schools, be impractical. It would take too many base stations and would cost too much for the number of users you'd probably have at a time on most of them. I think if you did roll it out everywhere, you'd probably find pretty quickly that some nodes took huge amounts of load, while others were basically never used. For this reason, most large places with a competent IT staff don't just shotgun it all over campus, but are more selective.

Re:It happens, but not "standard." (2, Interesting)

Jjeff1 (636051) | more than 7 years ago | (#17684288)

MIT has deployed wireless all over the place [mit.edu] . I go there once a year for the MIT Mystery Hunt [mit.edu] . I was amazed last year as part of the hunt took us into a boiler room deep inside the basement of some building. The boiler room was a maze of pipes and of questionable safety, but screwed to the wall was a WAP; in the boiler room.

Re:It happens, but not "standard." (1)

Critical Facilities (850111) | more than 7 years ago | (#17686608)

That's actually not all that unusual. Building Automation [automatedlogic.com] is definitely taking MAJOR advantage of Wireless Technologies. So, that WAP you saw in the boiler room is probably associated with the Building Automation System and thus very unlikely to be connected to the internet and DEFINITELY not connected to MIT's Intranet.

Wireless solutions are being deployed much more frequently in newer buildings and also in older facilities in lieu of having to replace devices that are depracated and run new wires (both of which can be impractical/impossible/expensive).

Re:It happens, but not "standard." (1)

porcupine8 (816071) | more than 7 years ago | (#17688362)

Knowing the likelihood of MIT students to be in boiler rooms and other such locations, it would not surprise me in the least to find that you can, in fact, pick up a wireless internet connection there. Whether or not that particular WAP was involved is another question.

Re:It happens, but not "standard." (1)

yppiz (574466) | more than 7 years ago | (#17692744)

I remember heading down to one of the mechanical rooms (possibly the same one you saw) that leads to the long steam tunnel and seeing an RJ-11 ethernet wall-jack back in the mid-90s. This was at a time when my entire campus was connected to the internet via a 56k microwave link that would go down every time it rained.

Was I envious? Just a bit.

Re:It happens, but not "standard." (0)

Anonymous Coward | more than 7 years ago | (#17689234)

I am a student at Louisiana State University, and you'd be hard pressed to find anywhere on the whole campus that isn't in range of a wireless AP. Granted, there are sometimes intermittant issues where the IT guys drag their collective feet to fix it, but we have wireless everywhere. I know personally how useful it is, and how it must not be "too expensive" for large campuses. Most rooms in the hundreds of buildings have a little POE wireless AP chugging away, and it's tremendously useful to have ubiquitous internet access as a student.

Re:MIT on wireless security (3, Interesting)

Overzeetop (214511) | more than 7 years ago | (#17683740)

Not quite "everywhere", but Virginia Tech has it in most places on campus (~30k students over a pretty big area). It's pretty fast, even in well-populated areas. Interestingly, the hardwired, general access 10bT ports are no faster than the wireless, as I found out one day when I figured I might get a speed boost while d/l a new knoppix image off a (known) very fast server. Still peaked at 3Mb - really no better than my DSL at the office. Go figure.

Re:MIT on wireless security (1)

zerocool^ (112121) | more than 7 years ago | (#17692418)

A 10 base T port wouldn't be faster than a decent wireless connection, but I was under the impression that there weren't many of them left on campus, that almost all the ports were now either 100-base Tx or gig-e.

I run the CS department's mirror (http://mirror.cs.vt.edu) at VT, and I have contacted the Knoppix folks about becoming an official mirror. I never got a response, and got lazy and never set up my mirror server to mirror knoppix. I'll look into it; you could then download it off of my server at (presumably) 10 megabytes per second if you get full linespeed.

I use the local university computing center mirror to load fedora core - I just get the iso for the network boot, and boot it up, and point it at mirror: mirror.cc.vt.edu, path /pub/fedore/linux/core/6/i386/os/ and it downloads the installer and runs everything from the network, at roughly 7 or so megaBytes per second - far faster than I ever could via CD and without swapping the CD's out. I also try to set up a Fedora repo in /etc/yum.repos.d/ to use the local vt mirror. Still not 100% sure how that all works, though.

Anyway, if you need linux distros, almost all the popular ones are mirrored by either the computing center ( http://mirror.cc.vt.edu/ [vt.edu] ) or by me ( http://mirror.cs.vt.edu/ [vt.edu] ).

~Wx

Re:MIT on wireless security (1)

cheater512 (783349) | more than 7 years ago | (#17683956)

My Uni has gone overboard when it comes to wireless.

We have a access point in every room and two in lecture theatres.
You can get a decent connection half way in to the city!

Re:MIT on wireless security (1)

quanticle (843097) | more than 7 years ago | (#17685472)

I don't know about the rest of the country, but at my school (University of Minnesota, Twin Cities) we have large outdoor area with wifi, and almost all of the buildings have wireless internet as well.

However, the building wireless networks are controlled by the departments that reside in the buildings, so, while there is internet, you may not be able to access it.

Re:MIT on wireless security (2, Interesting)

Stevecrox (962208) | more than 7 years ago | (#17685556)

I thought MIT was the big tech University, at my Uni (University of Plymouth (UK)) we've had a wireless network that covers the ENTIRE campus, its powerfull enough that you can actually still pick it up in the city centre (I keep meaning to investigate that because I can pick it up a quater of a mile away and that sure as hell breaks the 802.11g spec.)

Plymouth University isn't small (about 30000 students enroled) because of the cost of notes the IT department modifed MS Exchange and started putting all lecture material online. Plymouth University also has 6 smaller campuses all of which can access this network (wirelessly on their campuses) there was a major network failure for the first time recently (A recently bought batch of Hard Drives failed badly in the SAN taking most of it out two days before the christmas break, by the end of the next day most of the network was working bar personal account space and personal email) by the new year (a week and a half after the failure) the full list of services were running as far as I've been able to make out only emails sent the night of the failure were lost (it happened at 7PM.) Since all external connections go through the Uni's VPN its also pretty secure.

Now this is for a university which is primarily a humanties university, why is a technology university only now looking at providing wireless access for laptops and PDA's when some have been doing it for five years? Why has a Tech University only recently got any good at doing things others have been doing well for years? I think thats the real question in my mind

Re:MIT on wireless security (4, Informative)

yandros (38911) | more than 7 years ago | (#17686464)

MIT has had wireless networking essentially everywhere for about 10 years now.

The article is talking about efforts to develop and support new uses. In particular, it is surveying new uses for wireless devices at the moment (the most public being an opt-in program that will tell you where your friends are connected to the network in real time).

Re:MIT on wireless security (1)

Bender0x7D1 (536254) | more than 7 years ago | (#17691142)

At Iowa State University we have wireless over our entire campus - including our 50 acre central campus green. Here is a map [iastate.edu] that shows all of the APs. The overall service is really good - both for signal strength and bandwidth.

Re:MIT on wireless security (1)

zerocool^ (112121) | more than 7 years ago | (#17692342)


I work for the Computer Science department at Virginia Tech (www.cs.vt.edu).

Our campus networking people (communications network services, or CNS) run all our networking and telephone services, and they have FULL campus coverage for 802.11 wireless. They use positional testers to make sure that all indoor areas have full signals. They use full cisco systems access points, and power-over-ethernet to ensure that they can put them pretty much everywhere.

All classrooms, libraries, dorms and cafeterias on VT's campus have wireless, with very few exceptions - it's about 40 acres of wireless access coverage, excepting some areas where there are large outdoor expanses.

So, yes, I'd say it is the standard in most universities with decent funding for their network services. Our CNS people do charge - each ethernet port on campus is subject to an activation fee and monthly fee which is transfered from department overhead or other sources to CNS as cost recovery, which means that CNS is very well funded.

~X

Public IPs (5, Informative)

avalys (221114) | more than 7 years ago | (#17683116)

The cool thing about MIT is that they own the entire 18.0.0.0/8 Class A address space, so every device on campus has a public IP.

And all computers (even student machines) are connected directly to the Internet - no NAT, no firewall, no protocol limitations, no bandwidth caps.

The catch is that all computers need to have a registered MAC address in order to get on the network, so if your Windows machine gets infected with a virus, they can disconnect you in a hurry.

Re:Public IPs (1)

frieza79 (947618) | more than 7 years ago | (#17683258)

The cool thing about MIT is that they own the entire 18.0.0.0/8 Class A address space, so every device on campus has a public IP.
And all computers (even student machines) are connected directly to the Internet - no NAT, no firewall, no protocol limitations, no bandwidth caps.



how is that a 'cool' thing?
I realize most students at MIT can probably secure themselves, but an institution not enforcing a firewall or NATs is asking for trouble.

Re:Public IPs (1)

ajs318 (655362) | more than 7 years ago | (#17684574)

It's only a problem if you haven't read and understood (or had a trustworthy, competent person read and understand on your behalf) the source code of the software you are running, and know for sure that it does only what you want and expect it to do.

Note that the vendors of software cannot necessarily be trusted to write software which does what you expect it to do, since they get paid whether or not the software behaves itself; but their willingness (or otherwise) to allow such independent third-party auditing speaks volumes about the quality of their software.

Re:Public IPs (1)

Frosty Piss (770223) | more than 7 years ago | (#17684796)

It's only a problem if you haven't read and understood (or had a trustworthy, competent person read and understand on your behalf) the source code of the software you are running, and know for sure that it does only what you want and expect it to do.

Yes, and we know everyone does that, right? Right?

Re:Public IPs (1)

cspariah (958194) | more than 7 years ago | (#17685470)

My feeling is that if you are at MIT, you can be expected to do this.

Re:Public IPs (1)

Frosty Piss (770223) | more than 7 years ago | (#17688932)

My feeling is that if you are at MIT, you can be expected to do this.

You might think that. But, do you want to bet your network on it? And, not all of the disciplines revolve around computers. There may very well be scientists there who computer geeks might consider Luddites.

Re:Public IPs (1)

JimXugle (921609) | more than 7 years ago | (#17683350)

Easy Solution... ban Windows.

Linux FTW!!! /duck

Re:Public IPs (0, Troll)

evilkiksass (966414) | more than 7 years ago | (#17683534)

great idea, just make Linux significantly more user friendly for computer illiterate people and then it will succeed.

Re:Public IPs (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17684180)

I'd just have to say, ok, maybe you're right...

BUT this is MIT.

'Nuff said.

If they can't figure out Linux (i.e. it's not simple enough) - maybe they should reconsider schools?

Re:Public IPs (0)

EonBlueTooL (974478) | more than 7 years ago | (#17683396)

no NAT, no firewall

WHY?!?!?!

Giving a windows machine a public ip address is a death sentence isn't it? If not now eventually? What keeps a fresh install of windows from getting blasterized the second you hook it up to download updates? (assuming not everyone has a nice copy of sp2 with their windows xp)

I'm no expert and the only "real" (used lightly) security for my home is a box running pat.

Re:Public IPs (1)

Chandon Seldon (43083) | more than 7 years ago | (#17683546)

So then the user can run a DSL router. What's the problem?

Re:Public IPs (0)

Anonymous Coward | more than 7 years ago | (#17683662)

So then the user can run a DSL router. What's the problem?

But what if I have a cable modem router? That would mean I have to buy a new router! No way dude!

Re:Public IPs (1)

Chandon Seldon (43083) | more than 7 years ago | (#17683738)

That's actually amusing. I obviously meant "home networking router", where the WAN port is Ethernet.

Hooray for Public IPs (2, Interesting)

ejtttje (673126) | more than 7 years ago | (#17684768)

Giving a windows machine a public ip address is a death sentence isn't it? If not now eventually? What keeps a fresh install of windows from getting blasterized the second you hook it up to download updates? (assuming not everyone has a nice copy of sp2 with their windows xp)
Hahahah, ahhhh, thanks for once again reminding me why it's so nice to run a machine that *isn't* windows.
Our school also gives public IP address to all our machines. It's so nice to be able to directly ssh/scp/sftp to your lab machine from home -- no tunnels, no firewalls, no VPN. Just you and your encrypted password. And then we go to some other institution and wonder why they take forever to load a web page -- and discover all the traffic for the entire network is being funneled through some machine which is trying desperately to NAT the entire campus's network. Siiiigh.

Yes I'm spoiled. It's good to be at a university that doesn't need to baby its users. If you run Windows and it's not up to date, it's kicked off the network until you patch it. Don't like that? Then run your *own* firewall, or switch to a system that doesn't leak like a sieve. Don't expect to ruin it for the rest of us because *you* choose to run insecure software.

Re:Public IPs (4, Interesting)

Zackbass (457384) | more than 7 years ago | (#17683450)

All computers on that use DHCP need registered MACs, if you've got a static IP there's no need at least as far as my experience has been.

IST does a damn fine job, the stakes on having the network running smoothly are quite high and they get it done, but more importantly is the amount of freedom they allow. We've got the most heterogeneous environment I can think of with hundreds of Course 6ers looking for new ways to bend the network and Course 15s finding new ways to try to break it. There's everything from half broken 486s to Playstation 3s running SVN repositories to completely custom embedded devices sitting all over the network (not that they support these devices) running like a well oiled machine.

Re:Public IPs (1)

mdboyd (969169) | more than 7 years ago | (#17683684)

IST? Are you sure you don't mean ITS?

As far as DHCP needing registered MACs, you're half right. If you need your computer to only use one IP address, then yes, you would need to "lock-in" a MAC address to that IP in the DHCP configuration. If you don't mind who gets what IP, you can just set up a pool of addresses and let DHCP assign leases to those addresses for a period of time -- not good for something such as a web server. The latter is what most home routers do for wired connections.

Re:Public IPs (1)

mdboyd (969169) | more than 7 years ago | (#17683730)

Nevermind about IST/ITS.. i realize now you were talking about the school of IST and their research... my apologies

Re:Public IPs (1)

porcupine8 (816071) | more than 7 years ago | (#17688472)

No, there's no school of IST... The people who run networking at MIT used to just be called Information Services (I/S), but are now called Information Services and Technology (IST). It's not an academic department, it's the same as the IT dept at most schools.

Re:Public IPs (1, Troll)

Aerion (705544) | more than 7 years ago | (#17683916)

IST? Are you sure you don't mean ITS?

As far as DHCP needing registered MACs, you're half right. If you need your computer to only use one IP address, then yes, you would need to "lock-in" a MAC address to that IP in the DHCP configuration. If you don't mind who gets what IP, you can just set up a pool of addresses and let DHCP assign leases to those addresses for a period of time -- not good for something such as a web server. The latter is what most home routers do for wired connections.


The parent poster is a student at MIT. You're obviously not.

He doesn't mean ITS. He means IST [mit.edu] , the on-campus group that keeps the networks running. They have little cars that they use to run around campus and fix stuff that breaks.

As for needing to register MACs, he's talking about the MIT network specifically, not DHCP in general, so he's completely right, not half right. The MIT wireless will refuse to hand you an IP address until you register your MAC and provide credentials (either by logging in, or by identifying yourself as a visitor). Students have to clone the MAC addresses of DS's and Wiis temporarily so that they can register those MACs in order to get them on the network.

Re:Public IPs (0)

Anonymous Coward | more than 7 years ago | (#17684848)

They have little cars that they use to run around campus and fix stuff that breaks.

Not black & white VW Bugs, I hope. That would be pretty sad if MIT's network was kept up by Geek Squad.

Re:Public IPs (1)

Geoffreyerffoeg (729040) | more than 7 years ago | (#17693086)

As other people have said but not as clearly, grandparent was talking about MIT's particular setup.

You do need to register your MAC to get a public IP address over DHCP, because they do keep track of who has which IP (legal and administrative reasons).

"IST" was a typo for IS&T = Information Services and Technology, the network-running people at MIT.

-geofft.mit.edu (18.242.0.29).

18.242.*.* is my dorm. That's 65536 IP addresses for under 400 residents.

Re:Public IPs (2, Interesting)

curlynoodle (1004465) | more than 7 years ago | (#17683550)

Penn State issued a public IP for every machine connected to their network. It still may be so. Before Napster came down, I hosted my music collection, amongst other things, on the Internet via FTP.

In my time there, they did not, however, actively monitor systems for viruses and malware. I often received spam from student PCs attempting to spread viruses via attachments. Many lab systems suffered from various malware, although that improved in my last year after they switched to a pseudo-thin client setup.

Today, I see such IP allocations as wasteful. The worst is a power utility which I worked for a few years back. They have (had) a direct allocation (can not recall the exact size), which they used of course for business purposes. However, they also assigned public IPs to devices never exposed to the Internet, i.e PLC controllers and process control computers. Most unfortunate IMHO.

Re:Public IPs (0, Offtopic)

petabyte (238821) | more than 7 years ago | (#17684006)

In my time there, they did not, however, actively monitor systems for viruses and malware. I often received spam from student PCs attempting to spread viruses via attachments. Many lab systems suffered from various malware, although that improved in my last year after they switched to a pseudo-thin client setup.

In my time there (I was only on campus in 2000), they did regularly scan the machines on the network for exploits and they would disconnect you for SubSeven or Nimbda or the like. I never had any problems in the lab and indeed I was impressed that for my last semester at school, they actually had two linux machines in the labs you could use. They weren't exactly configured properly but when you logged on and realized that these were Xenons with SCSI hard disks ... well someone in ASET likes Linux :).

My only complaint in the dorms was the massive amount of IPX traffic smashing into my firewall. Living in an all guy's dorm with Counterstrike blasting away as far as the ear could hear ...

Re:Public IPs (1)

wolrahnaes (632574) | more than 7 years ago | (#17690964)

What the hell were you seeing IPX traffic from in 2000? Unless someone in your dorm was running a Netware network that was badly configured, it shouldn't have ever reached your machine. On top of that, unless you had IPX enabled on your computer (another WTF in 2000) you shouldn't have seen it, especially on an ordinary software/home user hardware firewall.

Re:Public IPs (1)

allscan (1030606) | more than 7 years ago | (#17683654)

My little college of 6,000 students had an entire /16 which meant student computers had a "public" IP. However, they were all routed through firewalls and packet shapers. I knew this long before my internship because I could never access my machine by using its IP address, damn security. Also, student machines were on a separate VLAN so when someone brought there computer from home that just so happened to have zotob or melissa on it, it couldn't infect all school owned systems. On a side note, when I interned for computer services there the head network guy mentioned that no P2P is blocked, only throttled so it can't kill the bandwidth.

Re:Public IPs (1)

Workaphobia (931620) | more than 7 years ago | (#17693072)

I believe my college (RPI) has a /16 or two, but I'm vague on the details. We're also visible yet firewalled from the public Internet. At least this means dyndns works within the network. If I need to access something on my personal machine from the outside, I generally log into one of my accounts on the school's network and proceed from there. So I can indirectly access files and what not, but not a game server.

We're (currently or at least recently) ranked among the top ten most wired campuses. Apparently this means 10 Mb/s networks in the residence halls. Oh well, the uplink from there is still good enough to make many FPS gamers jealous.

Re:Public IPs (1)

houghi (78078) | more than 7 years ago | (#17684612)

The catch is that all computers need to have a registered MAC address in order to get on the network, so if your Windows machine gets infected with a virus, they can disconnect you in a hurry.


"Dumb BOFH closed me down AGAIN. Very soon I will be running out of MAC adresses to spoof. I hope that happens after I graduate. I hear other people are disconnected as well and the adresses they use are somehow the same as mine."

Or something like that. Looks a lot like security through obscurity.

Re:Public IPs (1)

wolrahnaes (632574) | more than 7 years ago | (#17691002)

U of Toledo does the same thing. Let's just say after going through DE:AD:BE:EF:F0:0D, DE:AD:BE:EF:F0:0F, DE:AD:BE:EF:F0:10, etc. for about 20 iterations they apparently got pissed off and rather than banning my MAC address again they traced it through the switches and physically disconnected all 8 ports in my suite.

They apparently weren't happy about the fact that my (campus only) DC++ server had about 10TB total shared and about 450 regular users constantly transferring gigabytes upon gigabytes across the campus net.

Why not just make a cereal out of ads? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17683176)

Yummy low-fat link [networkworld.com]

Huh? (0)

Anonymous Coward | more than 7 years ago | (#17683280)

What's this: No pictures?

Nickling and diming (0)

Anonymous Coward | more than 7 years ago | (#17683334)

"We've removed the financial incentive to run your own network, which used to be cheaper than having us do it."

Sounds like here at $IVY, where it was actually more financially viable to run all of your own cabling and just pay the monthly cost on a gateway than it was to pay $CENTRAL_IT for each jack and IP. Then $CENTRAL_IT caught on and instituted a minimum bandwidth cost on every single IP address, thus "removing the financial incentive."

Then they charge $80 to flip a dipswitch to "on".

enforce? (3, Funny)

Anonymous Coward | more than 7 years ago | (#17683336)

How do you actually enforce security standards among MIT's departments and network users?

I like to rely on my friends Mr. Louisville and Mr. Slugger.

Re:enforce? (1)

hcdejong (561314) | more than 7 years ago | (#17687856)

Ah, percussive reasoning.

Printable version (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17683434)

Obligatory karma whore attempt [networkworld.com] .

Just kidding, I'm a coward.

Only at MIT... (3, Funny)

Anonymous Coward | more than 7 years ago | (#17683456)

From the article: "our toilet server, which does voice mail and all the other crap, runs Asterisk software"

Wow, at MIT, even the *toilets* are servers? No wonder they have their own class A! :-)

Re:Only at MIT... (4, Funny)

zstlaw (910185) | more than 7 years ago | (#17685458)

When the toilet server goes down the sh*t really hits the fan.

~Z

Re:Only at MIT... (1)

MoonBuggy (611105) | more than 7 years ago | (#17686928)

Clearly the voice of someone who's never seen Random Hall's laundry server [mit.edu] :)

Disappointed... (2, Interesting)

creimer (824291) | more than 7 years ago | (#17683474)

I really hate articles that describes all these great networks and server rooms but don't have any pictures of the hardware. It's not like someone is going to search a picture to find an unsecured air vent in the ceiling so they can drop down among the laser sensors to hack into the computer.

Re:Disappointed... (1)

revlayle (964221) | more than 7 years ago | (#17683722)

Really?

*scribbles out "Get in through AIR VENT*
*jots down, "trying entering through a loose floor tile"*

yes... no one would ever do that!

Re:Disappointed... (1)

Joebert (946227) | more than 7 years ago | (#17685260)

What if they're running the same hardware that tom hacker has been studying since the hardware was released & knows how to make do things that not even the inventor knows are possible ?

Re:Disappointed... (1)

creimer (824291) | more than 7 years ago | (#17685568)

Software hackers been doing that to Windows for years.

I'm not sure which disturbs me more (2, Funny)

Marxist Hacker 42 (638312) | more than 7 years ago | (#17683548)

That MIT-level hackers (See Steven Levy's book) have direct, Class-A network access to the Internet, or that a school like MIT still doesn't get the idea of the network as an infrastructure utility rather than a cost-recovery service.

Re:I'm not sure which disturbs me more (0)

Anonymous Coward | more than 7 years ago | (#17686688)

Much of the stuff that you now take for granted on the Internet came from "MIT Hackers" and their friends at Stanford and other places.
Any do you really support yourself by charging $50 for cleaning up after teenage LAN parties?

Re:I'm not sure which disturbs me more (1)

Marxist Hacker 42 (638312) | more than 7 years ago | (#17686988)

Much of the stuff that you now take for granted on the Internet came from "MIT Hackers" and their friends at Stanford and other places.

Agreed- no problem with that statement.

Any do you really support yourself by charging $50 for cleaning up after teenage LAN parties?

No, in fact I don't- which is why I worked very hard to get a government job. If I was younger, or had more advertisers, maybe. But only doing 3-4 such parties a year does not pay the bills. Same with my Virus/Spyware Detection and Elimination jobs. Sure, they're good for repeat business about 4 times a year, but "support myself"? No, just a little extra pocket money for taking the family out to eat. I do know people who used this to get through the 2001-2004 computer programmer depression though.

If you really want to set yourself up in that business, I'd suggest downloading my anticyberterrorism toolkit- really just a collection of free virus/spyware scanners and firewalls for Windows- and for the LAN parties I'd now suggest using Linksys USB 802.11G equipment. Lots less cables to trip over- unlike my original method which used pocket 10BaseT hubs.

Huh? (1)

smooth wombat (796938) | more than 7 years ago | (#17683558)

The fact that the phone is a different color is going to be upsetting to some of them.


I know users can be pretty dense where change is concerned but to say that people would be upset because the phone is a different color is even worse than what I had to go through recently.

I was assigned to replace someone's pc with one of our new ones. After I was done I got a call from him asking if he could have his old keyboard back because the keys on the new one weren't the same. I looked at the old one and compared it to mine (the same type he had). The only difference was the six buttons where Home, PgUp and so forth are located are arranged vertically on the new keyboard compared to horizontally on the old one.

So, to answer this question [slashdot.org] , it's not the fault of those of us in IT that we have bad attitudes when we have users like the above to deal with.

Not a trivial change. (4, Insightful)

Lethyos (408045) | more than 7 years ago | (#17683770)

I looked at the old one and compared it to mine (the same type he had). The only difference was the six buttons where Home, PgUp and so forth are located are arranged vertically on the new keyboard compared to horizontally on the old one.

When I switched to a keyboard that rearranged my “Super Six”, I was distraught too. I kept hitting the wrong keys and it was annoying for some time. This is not a trivial difference for people used to not staring at their keyboards as they work.

Re:Not a trivial change. (1)

VWJedi (972839) | more than 7 years ago | (#17684354)

I don't get it... What possible benefit could keyboard manufacturers gain by changing the layout of these keys?

Re:Not a trivial change. (1)

ajs318 (655362) | more than 7 years ago | (#17684786)

Even worse, IMHO, is the loss of the "insert" key on some modern Logitech keyboards, which have a double-sized "delete" key instead. As well as being used (with CTRL) as a shortcut for "copy" and (with SHIFT) for "paste", it's also used for "scroll up one line" in Links.

I bet the microcontroller still recognises the contact pair and sends the code, though. In fact, I'd be surprised if the FPC didn't have space for a key there.

Re:Not a trivial change. (1)

wolrahnaes (632574) | more than 7 years ago | (#17691064)

I think the loss if Insert is because while some like you apparently use it, most of the rest of us accidentally hit it when aiming for other keys and then get pissed as we type over a few words without noticing.

Also, using it for Copy and Paste? That's what Ctrl/Cmd + C/V are for, or and middle click, or any of the other standard ways to copy/paste. I've honestly never heard of using Insert in copy/paste operations, and I like to think I'm fairly experienced in the computer world.

Re:Not a trivial change. (1)

tuxicle (996538) | more than 7 years ago | (#17692118)

What about the abomination called the F-lock key [wikipedia.org] on many newer Microsoft/Logitech keyboards? At least if they had the default power-on mode to "F-lock" it wouldn't be so bad... except for Joe Sixpack I guess.

Re:Huh? (5, Funny)

RajivSLK (398494) | more than 7 years ago | (#17683802)

Are you kidding me? All he wanted was his old keyboard back. If somebody gave me one of those new keyboards with the vertical layout I would probably beat them around the head with it.

Re:Huh? (5, Insightful)

geekoid (135745) | more than 7 years ago | (#17683828)

If someone wanting thwe same keyboard gives you a bad sttitude, it's not the customer, it's you.

Did you consider when using his keyboard he didn't look at the keyboard?

If this person job is data entry, then YOU were in the wrong for not anticipating then need for the same keyboard layout.

Re:Huh? (0)

smooth wombat (796938) | more than 7 years ago | (#17683924)

Um, no. Everyone is getting new pcs and they come with the same keyboard. And no, he's not in data entry. In fact, he only uses one of those keys for one particular purpose when in a mainframe session.

Further, it's not the keypad keys I was talking about. It was the same six keys but in a group to the left of the keypad. On the old keyboard those six were horizontal. On the new keyboard, vertical. In fact, the key he used was one spot to the right of where it was on the old keyboard.

If people can't adapt, that's their problem.

What, you think because someone doesn't like something because it's different we should coddle them?

"Oh my, how do I operate this car now that I don't a stick to shift gears"

"Holy hell! I don't have a dial to turn when I use the phone. How am I going to call someone?"

"What happened to the knob on the tv? How am I going to change the channel?"

Re:Huh? (0)

Anonymous Coward | more than 7 years ago | (#17684048)

1. Techs jobs are to support the customers, and letting him keep a keyboard he liked (for whatever reason) and stashing the new (better condition) keyboard as a replacement -- sounds like a good deal to me. We do it all the time with new deploys where the customer likes their old mouse keyboard.

2. Any loss is there productivity (even the tiny bit of moving a single key) is loss for the company your there to support and make work better.

3. You say that people should adapt to change, but why spend the effort and time changing if the adaptation takes away from the productivity and the net gain of the change is nill. Change for the sake of change isn't a good bussiness model or tech practice.

4. GET OVER IT.... IT'S JUST A KEYBOARD!

Re:Huh? (2, Funny)

llamadillo (936949) | more than 7 years ago | (#17684084)

I totally agree with you. Much as with your example of the rotary phone, the world will pass this user by if he does not adapt to the new keyboard layout. This is precisely why the Western world was able to move beyond the inefficient QWERTY keyboard with only limited resistence.

I applaud your efforts to avoid 30 seconds of work, and especially the hour you've subsequently spent bitching about it.

Re:Huh? (1)

Cassini2 (956052) | more than 7 years ago | (#17684258)

Changing peoples' keyboards can have a significant impact on the bottom-line results for your company. Rearranging keys on someone's keyboard can really slow them down. Also, certain job types and people retrain far more slowly than others. People in highly stressful jobs, managers, and older workers do not pick up on changes quickly. Giving a user their old keyboard back is a zero-cost change, and won't reduce their productivity. Unless you have a pressing reason not to do it, then let them have their old keyboard.

Incidentally, when purchasing new computers, I check the keyboard layout before purchase. Annoying users is a poor career strategy.

Re:Huh? (4, Insightful)

honkycat (249849) | more than 7 years ago | (#17684352)

What, you think because someone doesn't like something because it's different we should coddle them?
No, but people get very comfortable using their tools. Is it really a ridiculous request to keep the old keyboard? Is it really something worth mocking him over? As an IT worker, your job is to support the users, not to make arbitrary changes to their working environment. If there's a good reason that the request NOT to have his keyboard changed would create a serious problem, then he's got to adapt. Otherwise, it's just a jerk in IT going on a power trip.

Frankly, the keyboards with those 6 keys vertical bug the heck out of me, too. It's a lot harder to feel where the middle row is when it's 3-high instead of 3-wide, since my fingers are arranged horizontally on the keyboard.

Re:Huh? (1)

BluMeNe (1035866) | more than 7 years ago | (#17684526)

What, you think because someone doesn't like something because it's different we should coddle them? "Oh my, how do I operate this car now that I don't a stick to shift gears" "Holy hell! I don't have a dial to turn when I use the phone. How am I going to call someone?" "What happened to the knob on the tv? How am I going to change the channel?"
in each of these instances, it would be a poor user who voluntarily changed to something they hate. Changing a user's keyboard is instead having their choice made FOR them.

Re:Huh? (1)

smooth wombat (796938) | more than 7 years ago | (#17684798)

Of the three, the only one someone has a choice in is purchasing a stick or automatic car.

The remaining have been forced upon people. Try finding a rotary phone in the store or a tv which has a knob (not buttons on the front) to turn channels with.

Re:Huh? (1)

kv9 (697238) | more than 7 years ago | (#17686304)

BadAnalogyGuy would be spinning in his grave, if he were dead now. people *love* their keyboards. I curse and moan every time I have the misfortune of using one of the L-shaped-enter ones and the backslash suddenly isn't *there* anymore. I won't even mention the lappy/desktop switching. drives me crazy. give the guy a break, and let him have his keyboard back. as someone stated above, he should beat you over the head with the new fancy one.

Re:Huh? (1)

wolrahnaes (632574) | more than 7 years ago | (#17691116)

Of the three, the only one someone has a choice in is purchasing a stick or automatic car.
 
The remaining have been forced upon people. Try finding a rotary phone in the store or a tv which has a knob (not buttons on the front) to turn channels with.
 
 
Have you gone car shopping recently? Try finding anything with a big engine and a stick. Aside from small cars and cheap trucks, stick shifts are rare in the modern vehicle marketplace. Hell, on my Thunderbird, I had the choice of a V8 engine OR a stick. Most full-size trucks are the same way. That boggles the mind, because the reason I want a stick is the be able to better control how I put more power to the ground, not just to make up for a shitty V6 that can't feel fast with a slushbox.

The problem is a combination of most people now learning on automatics and increased traffic. I love a manual, but I'll be the first to admit gridlock with a stick sucks. Aside from that, people just don't appreciate how much fun a manual can make driving. It makes you care about driving, rather than just pushing the gas and pointing it the right way while putting on makeup/eating/talking. I'd argue that those who drive stick are more attentive behind the wheel because they have to actually think while driving and it's beneficial to plan shifts ahead of time when approaching traffic.

Re:Huh? (1)

Kreigaffe (765218) | more than 7 years ago | (#17685550)

Now, I know it's very tiring to carry a keyboard all the way back there, and exhausting to have to lean over to switch the plug for the new keyboard, but exercize is good for you.

I'm using a keyboard I got with my computer.. the one I had 3 boxes ago. Actually, it's so hard-used that the little nub on the J key is worn off.. and the one on the F key is getting there.

It's not just key positions people get used to, but the angle of the keyboard itself, and the feel of the keys. Feel of the keys is HUGE for me.

So basically, you're just saying that you're so cantankerous that you couldn't switch a keyboard to a user's preferred older keyboard, a change that would entail less than 5 minutes work on your part -- hell, you could just tell him to walk by and hand him the old keyboard in exchange for the new one, even idiots can switch them -- because.. why?

Re:Huh? (2, Insightful)

SomeGuyFromCA (197979) | more than 7 years ago | (#17686760)

On the old keyboard those six were horizontal. On the new keyboard, vertical. In fact, the key he used was one spot to the right of where it was on the old keyboard.
 
 
And the point of this key rearrangement?

Each of the three things you note is change for the sake of benefit. Automatic transmission*, direct access to the number, arbitrary number of channels.

What is the point of rearranging the six-block that you describe?

If someone said "Here's your new phone. You have to use it constantly for your job. Oh, by the way, we rearranged the numbers so they now go

789
456
123
  0

, would you just accept this change-for-the-sake-of-change, or would you want to know why the primary interface that you use to function in your job has been suddenly changed for no apparent benefit?"

Different is not necessarily better...

(*: not that an automatic transmission is automatically a benefit. Let's have the example of a "stick"-shift that has paddle shifters on the steering wheel with an automatic clutch. That's also change, but it's change with a benefit, because you no longer have to take your hands off the wheel to shift."

Re:Huh? (2, Funny)

skis (920891) | more than 7 years ago | (#17686054)

If someone wanting thwe same keyboard gives you a bad sttitude, it's not the customer, it's you.

Looks like you were one of the people getting new keyboards.

Re:Huh? (3, Insightful)

Anonymous Coward | more than 7 years ago | (#17683948)

Yes, it is, you nimrod.

You probably spend a ton of time picking out your gadgets or aligning things to just the way you like them, but I suspect you just throw any old thing at users and expect them to "deal with it", after all, they're just clueless anyway, right? Hey, if the user liked the keys arranged horizontal v vertical, then what's wrong with that, and why does it justify your bad attitude becuase of it?

You give us IT "professionals" a bad rep.

Re:Huh? (3, Insightful)

eldepeche (854916) | more than 7 years ago | (#17684028)

I can't believe someone with enough technical responsibility to replace someone else's computer would use those keys so seldom that he wouldn't care if they were rearranged. It's bad enough that my laptop isn't big enough to have them, but if they were all there and I had to look at them, I would flip out.

Re:Huh? (0)

Anonymous Coward | more than 7 years ago | (#17685388)

This is absolutely normal. At my old job I opted to use an AZERTY keyboard [wikipedia.org] while being setup as QWERTY in the OS, rather than having to use a keyboard with vertical layout for ins,home,etc, or use a keyboard with power,sleep,wake buttons between the six buttons and the arrow keys; they were way to annoying. I had less problems with the difference between what was written on the keys and what appeared on the screen than with this two layouts.
A layout change that gave me almost no problems was switching to a keyboard with the F keys grouped in 4 groups of 3 keys (F1F2F3 , F4F5F6 , etc) instead of 3 groups of 4 keys.

Re:Huh? (0)

Anonymous Coward | more than 7 years ago | (#17686534)

well, not just the keyboard layout, but then there is the edging for keys, and the spring resistance. I find a huge difference when using a rigid keyboard like this compared with a smooth, flatter laptop keyboard, or an old acorn keyboard which is a little worn, so the keys are much smoother, and easier to press.
add to that that some people have to use 2 different computers in their lives, and if one is a vertical home/end etc area, and the other is horizontal (as is the case for me) - it can be quite annoying... especially for bulk data entry

My keyboard is 11 years old... (1)

nairb774 (728193) | more than 7 years ago | (#17689074)

Not that I am going to win a prize on Slashdot...but my keyboard is 11 years old - half the age I am. My keys are smooth, not rough like some new ones, and the letters are staring to fade. (Do the math, I have only been able to use it a lot for the last couple of years.)

Re:My keyboard is 11 years old... (1)

wolrahnaes (632574) | more than 7 years ago | (#17691178)

I win by default. I have an original IBM PC/AT keyboard from 1984 that I pull out whenever I need something for my headless servers (they are old boxes with only PS/2 ports and all my other keyboards are USB). It's the oldest keyboard you can readily use on a brand new computer. Since I don't have any devices with a full size DIN AT connector, I cut that off and installed a mini-DIN PS/2 connector.

The keyboard is two years older than me and built sturdy enough that I've stepped on it many times without damaging it. Somehow, I don't think my G15 would survive the same.

Re:Huh? (1)

cdwiegand (2267) | more than 7 years ago | (#17692838)

Are you kidding? I hate that Microsoft decided to reorganize the keys, removing the insert key. I use that key! And the stupid stupid Function Lock. Ugh! No one I know uses the "Application menu" key - why not play with that? But don't mess with my function or insert keys.

FBI and Lawyers (1)

us7892 (655683) | more than 7 years ago | (#17684208)

From the article:
The FCC chief of staff told Educause this wasn't about universities and to go away, but Educause wouldn't let it go and asked the FBI. And of course if you ask the FBI if they'd want cameras in every bedroom of every American citizen, they'd say of course, we could cut down on domestic violence. They woke a sleeping giant. For now, CALEA is a source of angst for IT, but the lawyers are busy.

CALEA = Communications Assistance for Law Enforcement Act, http://www.askcalea.net/ [askcalea.net]

So, they've had to make provisions to allow wiretapping on their VOIP network inside MIT, because some consider them a "telecommunications carrier"? Or, they are fighting it now, hoping they don't need to make provisions.

From the CALEA website:
The objective of CALEA implementation is to preserve law enforcement's ability to conduct lawfully-authorized electronic surveillance while preserving public safety, the public's right to privacy, and the telecommunications industry's competitiveness.

Article Text (0)

Anonymous Coward | more than 7 years ago | (#17684842)

That was too short to put up with 8 pages. (The first question was the first page!?! Fer cryin' out loud.)

Behind the scenes of MIT's network
Network Manager/Security Architect Jeff Schiller on buying into VoIP and fiber in a big way

By Bob Brown, Network World, 01/18/07

Massachusetts Institute of Technology Network Manager/Security Architect Jeff Schiller is leaning back in a plum-colored recliner in his office, but he isn't relaxing. The victim of a back problem that has forced him to forgo a more traditional office chair for now, the 25-year MIT network veteran has more than enough to do, with the school forging ahead with several major network projects, including a massive VoIP rollout and its foray as a regional fiber-optic network operator. Schiller covered the gamut in a recent interview with Network World Executive News Editor Bob Brown.

How's the VoIP project coming along?

We have 500 people on our voice-over-IP system, so we've really moved beyond the pilot stage to the service stage, and we're ramping up to 1,500 users in the next couple of months, and to be a VoIP campus not too many years from now, MIT plans to switch all 15,000 of its phones to VoIP. We've got it going in the IT department, since you've got to eat your own dog food. (Some people asked if it was really wise that the phone path to the IT department would use VoIP, but we told them if the network is down, we know.) One of the arguments for having us do it by department or building is that the hard part is getting our 5ESS [phone switch] people to manually route their phone numbers to us so that people can keep their phone numbers (putting new employees on the VoIP system is much simpler, as the school uses a common name space and via a Web administration page can set up new end users with a Session Initiation Protocol address that's the same as the e-mail address).

What's the story behind your VoIP project?

If you would have come here a year ago you would have found that I had an ISDN phone, as we put in ISDN in 1986 [now he has a Polycom IP phone and is among the 500 initial users of VoIP at the school]. We bought a 5ESS phone switch from AT&T that went online in 1988. AT&T rewired the campus at that time and that's how we got our first fiber plant. Around 1999 they contacted us and told us that switch would be obsolete by 2001 because they weren't making any more software updates for it. Our CIO came to me and asked if we could do VoIP by 2001. I said "I wish I could tell you yes, but the technology is just not mature enough," so we went and bought another 5ESS, which was hugely expensive. If you estimate a 10-year life cycle for that phone system that meant the vendor was going to be coming back to us before long to let us know we'd need to buy another one. But now voice over IP is ready, and I told our CIO about a year ago that if we want to be a voice-over-IP campus by 2010 that we'd need to start now.

What technologies are you using for the VoIP system?

We're not 100% decided on some parts, but I'm currently using a Polycom system. The media gateways to the 5ESS are Cisco high-end voice-over-IP switches, and of course we do everything in pairs in different locations. We're running the OpenSER SIP Express Router [MIT is also evaluating commercial offerings] on Dell 2850s redundantly, and our toilet server, which does voice mail and all the other crap, runs Asterisk software. It's fair to say it's mostly an open source deployment. The open source stuff not only is relatively inexpensive but we can integrate it into our infrastructure and customize it. The killer app has been sending voice mail to e-mail., something the Octel voice mail system on the 5E couldn't do. As for the rest of the infrastructure, the voice-over-IP phones are running on a separate VLAN. We have to upgrade the general infrastructure just because it's time to do that. We have physicists who want to send data sets of gigabytes to CERN, and the Media Lab wants to do real-time video. But voice over IP itself is not a very demanding user of the network.

What sorts of challenges or concerns have you run into with the system?

The biggest aspects of it are not technology; it's the sheer numbers of people, it's a staff training issue. The fact that the phone is a different color is going to be upsetting to some of them. We want to minimize disruptions and that's why we hired a full-time project coordinator.

What about security?

One reason for having the VoIP phones on a separate VLAN is we firewall it. It turns out all these phones have Web servers -- not browsers -- in them and one way to configure them is to talk directly to the phone. All you need is the phone admin password, which is the same one in every phone and it's in the manual, so we don't let Web connections get to the VoIP phones, so security is at that level. I would love it if the phones would encrypt the voice stream. They don't do that today and there's nothing I can do about it except indicate to the vendors that I really want that feature and hope we'll even get it. It's a concern. But so are cell phones. If there hadn't been cell phones I'd be much more worried. We don't want to go overboard on something that's not a real threat yet.

If I put my IETF hat back on, VoIP security in general has been a real disaster. Like everyone who does technology, the VoIP vendors don't want to think of security when they're designing, and they aren't convinced the bad guys are really out there just because they're not attacking yet (and of course they won't attack until you have 100 million handsets out there to make it worth their while). The other problem with VoIP is that there have been a lot of Bellheads involved and they have a security model that's completely whacked -- the "trust the network" model. In the Internet space you don't trust anybody, particularly the network. You better do end-to-end security if you care.

Then there's the whole damn government. I don't know this but I suspect if the Polycoms and Ciscos of the world had had these phones do end-to- end encryption on Day 1, then the U.S. government probably would have come in and tried to stop it. They want to maintain the ability to do surveillance even if we all have to walk around naked.

OK, on to project No. 2. What's MIT doing to become a regional optical network player?

Through an arrangement with Internet2 and their FiberCo arrangement we have a pair of fibers from Boston down through Rhode Island, Connecticut and eventually terminating at 32 Avenue of the Americas in New York City, and a redundant pair up the Hudson River and that cuts across Massachusetts. We got it at a price we could afford, so we went for it. We're lighting it up with optical gear that will give us 72 10G waves. This means in New York City we can peer with CERN and with a lot of the major players. The contract for our fiber wasn't 24 hours old when through the grapevine our researchers found out about it and were enthused about using it for high-speed access to various national and international assets.

MIT doesn't already have access to high-speed links for research through Internet2 or other networks?

Internet 2 backbone now is 10G I think, and links to this part of country are around 1G. Our researchers want 10G to CERN and now we can give them that. We also did this before Internet2 announced its new network [which had gone by the working name NewNet and boasts 10G lambdas.

I'm very annoyed about the competition that emerged between Internet2 and the National LambdaRail network people. It was a national embarrassment that literally got down to name calling. The networks were going to merge but turned out to be like water and oil, so now they're competing. A side effect was that the Internet2 people didn't talk to us before they announced one of their NewNet nodes would be in Boston, so now we're in the same facility as them. Even so, we're still getting a better deal on price to get to New York City. Meanwhile, we have a history of cooperation in the Boston area with other schools, such as Boston University and Harvard, such as through the Northern Crossroads facilities. Some asked why we didn't buy the new fiber under Northern Crossroads, but it was just a timing issue: We had the money and couldn't wait for approvals from the others.

This all sounds too easy . . . .

It wasn't. It's amazingly complicated. First the IRU [Indefeasible Right to Use] agreements, and it's Level 3 fiber, so we have to sign agreements with them. And it's not just the fiber, you have to get space in huts along the fiber path to put in regeneration and optical amplification equipment [Nortel installs most of the equipment]. It turns out there's paperwork to be done for each of those sites, plus lots of legal contracts. And we're a nonprofit organization, so we need to file paperwork in every single township along the way to demonstrate this.

And this is still going to pay off?

Oh yeah. Intercity fiber is like gold. We expect by the end of January to turn it up and send data down it.

A couple of high-profile schools, UCLA and Texas, recently announced that they had data breaches. I know MIT has not been immune to breaches either, but what do you think when you hear about new breaches like these?

The problem we all have is the Microsoft patch of the week. I hate to say it, but it's sort of the payback for universities not paying attention to security for decades or being sloppy about administrative computing. The mentality goes back to the times of disconnected, batch-oriented mainframes when the Internet was not even on the horizon and the attacks we face today were unheard of. One area in which we've been a little ahead of our peers is not using Social Security numbers for employee and student IDs. That goes back more than 20 years. Having said that, the SSN is used in more cases on campus than it should be, but we're working to reduce that. The fundamental problem behind all of this is that the SSN can be so easily abused. It's easy to learn someone's SSN yet it is viewed as a secret by many institutions so it can be used as an authenticator. This is broken. We need legislation that says anybody who makes decisions based on authentication, which is knowledge of an SSN and a home address, they're taking the risk in the transaction, not the consumer. People will scream: 'But how are we going to authenticate people?' Figure it out. Part of the solution is to have some sort of mandatory education. If I want to handle data for research on humans I need to be certified. That's [a National Institutes of Health] requirement. I think we need to start with having a certified administrative data handler. There's not a government agency pushing that like NIH on human research, but within institutions like ours, we could do this. I don't think there's a technical solution that doesn't involve training people.

What other headaches are schools dealing with?

CALEA [Communications Assistance for Law Enforcement Act, a wiretapping law; see details at www.askcalea.net/ ] is one. [Industry trade group] Educause did us a great disservice by panicking and screaming that the sky was falling. In my view, CALEA was not targeted at higher ed. What I think it really goes back to is making sure that if the telephone companies have to be compliant then the cable guys do too. But the language used was overly broad and could include universities. The FCC chief of staff told Educause this wasn't about universities and to go away, but Educause wouldn't let it go and asked the FBI. And of course if you ask the FBI if they'd want cameras in every bedroom of every American citizen, they'd say of course, we could cut down on domestic violence. They woke a sleeping giant. For now, CALEA is a source of angst for IT, but the lawyers are busy.

What about dealing with wireless on campus these days?

We have a potpourri of devices on campus. We recently started surveying our community about what mobile devices they are using, how they are using them, etc. We have a team of people worrying about this. We'd like to make recommendations, but how do you do that when the devices are changing so quickly? Security is an issue, though the amount of memory on most of these devices is small enough now that we don't have to worry about people downloading too much and then losing devices. We're not going to have someone lose a Treo with every student record on it, for example. But we already have to worry about laptops and there's been a push for hardware encryption there. I hope the handheld device makers figure this out before they make products that have enough storage to rival laptops.

How do you actually enforce security standards among MIT's departments and network users?

Enforce is not a word you can use at MIT. We try to entice people to do the right thing. We've made a lot of progress. We've removed the financial incentive to run your own network, which used to be cheaper than having us do it. We've been a cost-recovery network since forever now though. At many universities the network is free and they just fund it out of operating costs. It was hard doing it our way at the beginning because we had no income and we ran deficits for the first bunch of years so that we wouldn't have to charge a huge amount of money to the early adopters. Indeed, as we ramped up we did break even and even started bringing in more money, which we've always found a way to spend. Another big university a couple of years ago was told by the senior administration to do everything they did that year and more on half the budget in the next year. Suck it up. That hurts, but we've been immune to that sort of thing.

Getting Personal: Jeff Schiller

Organization: Massachusetts Institute of Technology

Title: Network manager/Security architect (has managed the MIT Campus Computer Network since its inception in 1984)

Responsibilities: Managing a network that has about 10,000 switches, largely a mix of Enterasys and Cisco boxes, and that supports 20,000 to 30,000 people and 50,000 to 60,000 computers. "Our backbone is 10G. Our network has a simple star configuration with 10G switches in the middle and 10G links to each router, then 10/100/1000 Ethernets from there that run the gamut depending on the building. Everything is SNMP-manageable. A couple of departments run their own networks, but we discourage that except for departments where they really should run their own, like the Media Lab."

Staff size: 7

Annual budget : Undisclosed

Pervious jobs: None

Education: S.B. in electrical engineering, MIT 1979
If he wasn't in IT he'd be doing: Academic research

Claims to fame: Author of MIT's Kerberos authentication system; formerly area director for security within the Internet Engineering Steering Group; a founding member of the steering group of the New England Academic and Research Network (NEARnet), now part of Level 3.

Fun fact: Raises guinea pigs. "Cleaning up after guinea pigs offers an interesting contrast with the high-tech world of computers, though some argue it is the same, cleaning up someone else's mess!"

ep?O.. (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17686830)

can n0 longer be [goat.cx]

you insens1tive Clod! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17687422)

so thaht 7ou don't

If they used ITS, it would be much better (1)

atomicthumbs (824207) | more than 7 years ago | (#17690490)

Everything was better with ITS! Just get a DECnet hooked up between a few PDP-10s, and... TADA! No viruses! (Not that I'm old enough to remember ITS... :P I'm a retrocomputing geek.)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?