From kadie Tue Jun 18 00:05:31 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Tue Jun 18 00:04:17 EDT 1991
In this issue:
bzs@world.std.com : Re: publicly-readable "adult" gifs (was Re: Ohio State Un
W.A.Simon
Organization: The World
From: bzs@world.std.com
References david@uhunix.uhcc.Hawaii.EDU, (David, Lassner)
Subject: Re: publicly-readable "adult" gifs (was Re: Ohio State University CIS Policies)
Re: libraries subscribing to sexually explicit magazines.
When I was at Cornell (early 70's) I was surprised to see that the
library subscribed to and had extensive collections of these
magazines. One day I asked a librarian friend of mine (an older fellow
who had been at Cornell many years) why? He looked at me sort of
flabbergasted and said "because we have ``everything''".
Well, it is one of the largest library collections in the world.
I guess it's all a matter of perspective (and needless to say I was
impressed by his answer.) There's a moral lesson in there somewhere.
One person's "smut" is another's critical reference material.
I believe the govt funds a few libraries to keep such collections
(redundancy) just in case they need them. As an example, for a
criminal or other investigation.
Imagine if you, as an investigator, found out that the only photo of
some person you were seeking appeared in an explicit magazine, but no
library had a copy and there were no other (reasonable) way to obtain
a copy, the publisher long gone etc.
One could imagine other, non-prurient justifications.
--
-Barry Shein
Software Tool & Die | bzs@world.std.com | uunet!world!bzs
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
-------------------
Message-Id: <9106171219.AA03361@Larry.McRCIM.McGill.EDU>
Subject: Re: Computers and Academic Freedom (news version) 1.12
Date: Mon, 17 Jun 91 8:19:21 EDT
From: W.A.Simon
X-Mailer: ELM [version 2.2 PL9]
> Computers and Academic Freedom (news version)
> June 15, 1991
> Vol. 1, No. 12
> fwp1@CC.MsState.Edu (Frank Peters) writes:
> [...]
> >A Doctor made issues of Playboy and Penthouse available to adult
> >patients in his waiting room (with precautions to prevent minors from
> >seeing them). A nurse in his employ noticed an upswing in the number
> >of offensive comments and the like from patients. When the doctor
> >refused to stop making the magazines available she filed suit claiming
> >that the distribution of the magazines in the office created an
> >environment in which she was much more likely to be sexually harrassed
> >even though the doctor did not in any way harrass her. She won the
> >suit and the doctor was forced to stop making them available.
So, if I understand well the direction in which Justice moves,
from now on, Playboy and Penhouse can expect to be asked to cease
and desist publication, on the ground that it makes a number of
people behave in offensive manner. Once more, the trade of
liberty against safety has been performed.
> [...]
> The case you sight (site?) is certainly a tough one. [Anyone have a
> reference?]
Cite.
> I think the key to the case is that the nurse was able to make a
> reasonable case that she was actually being harassed (by the some of
It could be possible, if she herself were either very
enticing, or very hostile. I have a hard time seeing
patients hassling a nurse or being gross, in the doctor's
office. The environment is not conducive, and they know
they are likely to have to come back. They also know
the dotor is not likely to approve and they know the nurse
may have to perform some minor duties on them, which she
could easily make very uncomfortable for them. Definitely,
it doesn't add up. On the other hand I have little of the
kind of experience nurses have, so I may be off base. Have
any of the patients testified? Of course, I know that most
males, when in glandular brain bypass mode, tend to make
stupid jokes; a well adjusted nurse would know how to deal
with that.
> the patients) and that, with the removal of the magazines, this
> harassment would likely stop. The explicitness of the material was not
> (directly) relevent; if the magazines in question had been Readers'
> Digest and Highlights, the case would have been settled the same.
But would likely not have arisen.
> Also, the freedom to read in a doctor's office is not considered
> important. In contrast, the freedom to read at a university or library
> is of the highest importance.
The freedom to read in anyone's office was not the issue.
The issue was that an individual felt that a minor attack
on her mental comfort was enough justification to make a
huge dent in the freedom of all, and that the court agreed.
I suspect the court would have agreed regardless of the place
of origin of the complaint.
For the sake of argument: suppose the lady disapproved of
the presence of these magazines, and expressed her feelings
in perceptible ways (pinched mouth, look down, noises, body
language...). Wouldn't the clients perceive the hostility
and react in kind? Would they be then entitled to ask that
the lady be removed from her job? Couldn't they say that
the magazines are not the cause of their behaviour, but that
she is?
> (In a perfect world, the harassing customers and no one else would be
> accountable for their actions.)
I would hope so. However, this is consistant with cases
of drunk driving, in which the bar owner was held jointly
responsible. Justice is sliding downwards to its lowest
common denominator.
BTW, even if I find this subject interesting, how does it
come to be on eff?
> - Carl
--
Alain
Home Sweet Office: (514) 934 6320 UUCP: alain@elevia.UUCP
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 14:17:25 GMT
Message-Id: <0094A414.F456AF80@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References: , <9106151901.AA12984@eff.org>hi
Subject: Re: Punishment
In article <9106151901.AA12984@eff.org>, junger@cwru.cwru.EDU writes:
>
>some institutions the system administrators are librarians. And, finally,
>it is not true at many institutions--including CWRU--that all fcaulty, staff,
>and students ``automatically get library priveleges at all libraries on
>campus,''
Huh? So, uh, what happens if I want to check out a book? I have to bend over to
a deity?
Actually, let's consider things from the SYSTEM ADMINISTRATOR's viewpoint.
Don't they have rights and responsibilities too? One of the responsibilities
they are charged with is keeping the "system" running and available for all
users.
If an individual runs into the library and starts annoying patrons, the campus
police are called, and the individual is usually escorted off the grounds. Or
ticketed and/or arrested, depending on the severity of the offence.
The systems administrator has to serve both as librarian and cop. If a user
starts annoying other users, the systems administrator has to show annoying
person The Door. Unforunately, issuing tickets or arresting students is
workable for most electronic offenses.
>Another real problem is the inability
>of computer systems administrators to understand complicated concepts like
>fairness or due process.
Sounds like you are pretty bitter. Some CSA smack you down, or is this an
elitist mindset developed in the law school?
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 14:31:27 GMT
Message-Id: <1991Jun17.143127.7897@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , e.
Subject: Re: Punishment
In article Sanjay Kapur writes:
>>Resolved: Users should not be suspended or expelled from computer
>>systems as punishment for computer-policy infractions.
>>
>
>Karl, your resolution above is unimplementable in a real world.
>
>I would like to change your resolution to:
>
>For ALL multi-user computing resources at a University:
>
>a) Users should not be denied access to computing resources as punishment
> for computer-policy infractions except when such punishment is the
> result of a judicial proceeding.
OK.
>
>b) Suspension of access by itself does not constitute punishment if it is
> done to protect other users and the system and the resources of the
> University (e.g. Paper, toner, telephone costs etc.).
Not a chance. This allows suspension for any reason the administrator wants to
dream up--- "The user was printing too much. I suspended him. That's not
punishment". "The user was using too much CPU time. I suspended him. That's
not punishment".
>c) Suspension pending a judicial hearing is allowed only to protect other users
> and the system and the resources of the University
Not a chance. Suspension pending judicial hearing again gives the
administrator ultimate power-- to cause the student to fail. Of course the
administrator will say that he is doing it to protect other users-- doesn't
mean he is. And if the person is truly hacking, suspension will undermine
ONLY his legitimate work-- he is more likely to hack, not less likely.
>Sometimes the operating system itself suspends access to an account if it
>suspects that there is a break-in attempt, i.e. too many login attempts with
>an invalid password. Suspension when a break-in is suspected either by the
>operating system or the Systems Administrator is neither punishment nor an
>attempt to restrict access but to protect the account for the legitimate user.
This is the ONLY type of suspension which should be permitted without a
hearing. And the SYstem Administrator should have to contact the user within
48 hours (or some other reasonable time period), or AUTOMATICALLY undo the
suspension. None of this garbage where the user has to track down the sysadmin
(and end up in a runaround)
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 14:25:05 GMT
Message-Id: <1991Jun17.142505.7804@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <1991Jun14.185503.29844@eff.org>, <199106142048.AA30684@mp.cs.niu.edu>.
Subject: Re: Punishment
In article <199106142048.AA30684@mp.cs.niu.edu> rickert@cs.NIu.EDU (Neil Rickert) writes:
>In article <1991Jun14.185503.29844@eff.org> Carl Kadie writes:
>>Resolved: Users should not be suspended or expelled from computer
>>systems as punishment for computer-policy infractions.
>
> Resolved: Drivers shall not have their licenses suspended or cancelled
>as punishment for driving infractions (including, but not limited to,
>DUI).
>
>>The most common punishment for a computer-policy infraction seems to
>>suspension or expulsion from the computer. I think think is often
>>inappropriate and harsh.
>
> The most common punishment for drunk driving seems to be suspension or
>cancellation of driving privileges. I think it is innappropriate and harsh.
Nope, you broke the analogy here: the correct parallel statement would be
The most common punishment for a driving infraction seems to be suspension or
cancellation of driving privileges. I think this is OFTEN inappropriate and
harsh (emphasis mine)
Note that this is not a true statement, thus your analogy falls apart.
> The whole trouble with your view is your emphasis on PUNISHMENT. If you
>strictly mean that, I agree. Removal of computer resources, or of driving
>privileges, as punishment is usually not appropriate. But when a drunk
>driver loses his license the usual purpose is not punishment, but the
>protection of other drivers, and sometime just to get a message to the
>driver as to the seriousness of his actions. Likewise when a student
>computer privileges are suspended it is usually to prevent his further
>harm to other users, or to bring matters to his attention.
You want attention, try a letter. A phone call. See the student in person--
he probably isn't far. No. Suspension of an account is punishment. (the
idea of protection of other users is pretty ludicrous. If he's hacking your
system, he can do it from another account with a minimum of difficulty.
Student accounts are nearly always insecure, and the 'over the shoulder'
hacking method works fine).
> On this system I have students whose phone number is not available to me
>because the student has decided to keep this private. I have students who
>never read their mail. When I suspend their account in such a way that
>the next time they log on they see a message explaining why the account was
>suspended, and what action they must take to resolve the present problem and
>to avoid recurrences, I get their attention in a manner not otherwise
>possible.
Right. Like a cop hitting someone over the head with a billy club gets their
attention in a manner not otherwise possible.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 15:12:51 GMT
Message-Id: <1991Jun17.151251.8359@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , ut
Subject: Re: Punishment
In article Sanjay Kapur writes:
>For fairness and due process to work in the real world:
>
>BEFORE A USER CAN GET DUE PROCESS, SYSTEMS ADMINISTRATORS HAVE TO BE PROTECTED.
>
>
>I will NOT stick my neck out for someone to chop it. Give me good armor to
>protect my neck, and I will stick out my neck to defend due process.
Then, unsurprisingly, we remain adversaries. When a system administrators
first recourse is to chop off the users head to save his own, it can be no
other way.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 15:53:07 GMT
Message-Id: <0094A422.5263E9A0@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References: , ,<1991Jun17.143127.7897@eng.umd.edu>hub
Subject: Re: Punishment
In article <1991Jun17.143127.7897@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>>Sometimes the operating system itself suspends access to an account if it
>>suspects that there is a break-in attempt, i.e. too many login attempts with
>>an invalid password. Suspension when a break-in is suspected either by the
>>operating system or the Systems Administrator is neither punishment nor an
>>attempt to restrict access but to protect the account for the legitimate user.
>
>This is the ONLY type of suspension which should be permitted without a
>hearing. And the SYstem Administrator should have to contact the user within
>48 hours (or some other reasonable time period), or AUTOMATICALLY undo the
>suspension. None of this garbage where the user has to track down the sysadmin
>(and end up in a runaround)
Gosh, I think it is really polite that Motor Vehicles Admin. will send me a
letter notifying me that I can't renew my tags unless I pay up on my overdue
parking tickets. Their responsibilty ends there. If you can't log into your
account and/or there is a message saying "Your privs suspended" the matter is
clear enough.
Now, you could be an Evil Person and choose not to answer your phone (or be out
of town) and without any effort on your part, the suspension of privs would be
lifted. And, if you were Evil, you now have a further license to do Bad Things.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Message-Id: <9106171802.AA03058@eff.org>
From: "Gerry Santoro - CAC/PSU 814-863-4356"
Subject: Re: Punishment
-- 17 Jun 91 14:17:25 GMT
>In article <9106151901.AA12984@eff.org>, junger@cwru.cwru.EDU writes:
>>
>Actually, let's consider things from the SYSTEM ADMINISTRATOR's viewpoint.
>Don't they have rights and responsibilities too? One of the responsibilities
>they are charged with is keeping the "system" running and available for all
>users.
>
It can be even worse than this. Although the law is not evry clear there
is some precedence to the frightening fact that a system administrator
can be held liable for illegal activities done from her/his system. This
is particularly possible for cases where a system on a network (such as
the Internet) is used as a vehicle for trying to break into other
systems.
-------------------------------------------------------------------------------
| | gerry santoro, ph.d. --- center for academic computing | |
| -(*)- penn state university -- gms@psuvm.psu.edu -- gms@psuvm.bitnet -(*)- |
| | standard disclaimer --> "I yam what I yam" | |
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 18:06:52 GMT
Message-Id: <1991Jun17.180652.9830@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References , <1991Jun17.143127.7897@eng.umd.edu>, <0094A422.5263E9A0@KING.ENG.UMD.EDU>
Subject: Re: Punishment
In article <0094A422.5263E9A0@KING.ENG.UMD.EDU> sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>In article <1991Jun17.143127.7897@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>
>Gosh, I think it is really polite that Motor Vehicles Admin. will send me a
>letter notifying me that I can't renew my tags unless I pay up on my overdue
>parking tickets. Their responsibilty ends there. If you can't log into your
>account and/or there is a message saying "Your privs suspended" the matter is
>clear enough.
Is it? When the MVA sends me a letter saying I can't renew my tags,
#1: They do it BEFORE tag renewal time-- if I take the right steps, there
is no interruption of service
#2: They indicate the REASON I can't renew my tags (unpaid tickets)
#3: They indicate how I can clear this up (who to pay the tickets to)
#4: They have an address and phone number to call or write if I have
questions.
When a sysadmin suspends privileges for random reasons
#1: The account is suspended-- interruption of service
#2: No reason given
#3: No recourse given-- just says 'See *** ****'
#4: Runaround given when person tries to see *** ****
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 18:33:31 GMT
Message-Id: <0094A438.BB1DE700@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References , <1991Jun17.143127.7897@eng.umd.edu>, <0094A422.5263E9A0@KING.ENG.UMD.EDU>,<1991Jun17.180652.9830@eng.umd.edu>t
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: Punishment
In article <1991Jun17.180652.9830@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>Is it? When the MVA sends me a letter saying I can't renew my tags,
>#1: They do it BEFORE tag renewal time-- if I take the right steps, there
>is no interruption of service
>#2: They indicate the REASON I can't renew my tags (unpaid tickets)
>#3: They indicate how I can clear this up (who to pay the tickets to)
>#4: They have an address and phone number to call or write if I have
> questions.
Matt, this does not jive with your previous arguement of "If I do nothing, my
account should automagically come back with 48 hours."
I am saying that your previous arguement is bogus because you can ignore the
telephone if I try to call you and get in touch with you. If you are doing
something nasty or annoying, it'd be pretty dumb to waive one's hands for
"business as usual."
>When a sysadmin suspends privileges for random reasons
Random on his part? Or random on your perception of how he views the
situtation?
>#1: The account is suspended-- interruption of service
Depending on the situtation, item #1 is justifyable. It would be justifiable if
a users was harassing other users, being a system resource hog thereby
impinging on the rights of all the other users to do work, or if the user was
doing something which would directly affect security upon the system, thereby
screwing EVERYONE.
>#2: No reason given
>#3: No recourse given-- just says 'See *** ****'
Would you prefer a certified letter? Actually not a bad idea. Unfortunately,
generating the letter and getting it certified would prob'ly take 2-3 working
days, plus another day to get into your mailbox, given the general speed of
University Operations.
>#4: Runaround given when person tries to see *** ****
I don't suppose you tried to talk with your class instructor or TA to
immediately gain relief of the situtation? Either one of them will know the
right people to talk to.
Which person did you have to talk to at CSC in order to get your account
renewed? Most of the people over there aren't as Great Satan-ish or
bureaucratic as deplicted.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 19:26:47 GMT
Message-Id: <1991Jun17.192647.10980@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References <0094A422.5263E9A0@KING.ENG.UMD.EDU>, <1991Jun17.180652.9830@eng.umd.edu>, <0094A438.BB1DE700@KING.ENG.UMD.EDU>J
Subject: Re: Punishment
In article <0094A438.BB1DE700@KING.ENG.UMD.EDU> sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>
>Matt, this does not jive with your previous arguement of "If I do nothing, my
>account should automagically come back with 48 hours."
That was for account suspensions due to the system adminstrator suspecting
a third party breaking into the account, not to legitmate users using their
account in illegitimate ways. I believe account suspension for THAT reason
should only be done AFTER some sort of hearing is conducted-- none of this
all too common 'suspend first-- make the user come to us so we can ask
questions later'.
>>When a sysadmin suspends privileges for random reasons
>
>Random on his part? Or random on your perception of how he views the
>situtation?
In most cases, the SYSADMIN THINKS he has good reasons. Good reasons that
include 'User is making my life difficult-- I'll suspend his account and solve
that problem'
>>#1: The account is suspended-- interruption of service
>
>Depending on the situtation, item #1 is justifyable. It would be justifiable if
>a users was harassing other users, being a system resource hog thereby
>impinging on the rights of all the other users to do work, or if the user was
>doing something which would directly affect security upon the system, thereby
>screwing EVERYONE.
If the user is actively engaging in this behavior, it should be possible for
the sysadmin to contact the user right then and there-- what at least one
sysadmin did was chmod 000 the users directory, change the shell to
/bin/nologin, do the same for the user sitting next to him, who he knew to
be a friend of the first user, and reboot both workstations. He refused to
discuss his actions when confronted (physically) in the hallway outside,
instead referring both users to a different person who wouldn't be in for a
while.
>>#2: No reason given
>>#3: No recourse given-- just says 'See *** ****'
>
>Would you prefer a certified letter? Actually not a bad idea. Unfortunately,
>generating the letter and getting it certified would prob'ly take 2-3 working
>days, plus another day to get into your mailbox, given the general speed of
>University Operations.
Sure, I want a certified letter. BEFORE account suspension. Even Judicial
Programs, which I am no fan of, gives you a trial before you are hanged.
>>#4: Runaround given when person tries to see *** ****
>
>I don't suppose you tried to talk with your class instructor or TA to
>immediately gain relief of the situtation? Either one of them will know the
>right people to talk to.
>
>Which person did you have to talk to at CSC in order to get your account
>renewed? Most of the people over there aren't as Great Satan-ish or
>bureaucratic as deplicted.
I'm not going to mention names on the net. Suffice it to say that one of the
people fits the astrisk pattern above.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 20:06:21 GMT
Message-Id: <0094A445.B32AC380@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References <0094A422.5263E9A0@KING.ENG.UMD.EDU>, <1991Jun17.180652.9830@eng.umd.edu>, <0094A438.BB1DE700@KING.ENG.UMD.EDU>,<1991Jun17.192647.10980@eng.umd.edu>
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: Punishment
In article <1991Jun17.192647.10980@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>>Matt, this does not jive with your previous arguement of "If I do nothing, my
>>account should automagically come back with 48 hours."
>
>That was for account suspensions due to the system adminstrator suspecting
>a third party breaking into the account, not to legitmate users using their
>account in illegitimate ways. I believe account suspension for THAT reason
>should only be done AFTER some sort of hearing is conducted-- none of this
>all too common 'suspend first-- make the user come to us so we can ask
>questions later'.
Oh? Define "illegitimate ways." Illegitmate might be breaking security. If
you're trying to break security on a system, why should anyone with common
sense allow you extra time to try to hack it? Or continue to harass users or
suck up system resources to the detrement of the other users on the system?
>>Random on his part? Or random on your perception of how he views the
>>situtation?
>
>In most cases, the SYSADMIN THINKS he has good reasons. Good reasons that
>include 'User is making my life difficult-- I'll suspend his account and solve
>that problem'
Good reasons also include LOTS of things which you don't address, such as
system security, harassing other users, and pigging out on system resources.
>>>#1: The account is suspended-- interruption of service
>>
>>Depending on the situtation, item #1 is justifyable. It would be justifiable if
>>a users was harassing other users, being a system resource hog thereby
>>impinging on the rights of all the other users to do work, or if the user was
>>doing something which would directly affect security upon the system, thereby
>>screwing EVERYONE.
>
>If the user is actively engaging in this behavior, it should be possible for
>the sysadmin to contact the user right then and there-- what at least one
>sysadmin did was chmod 000 the users directory, change the shell to
>/bin/nologin, do the same for the user sitting next to him, who he knew to
>be a friend of the first user, and reboot both workstations. He refused to
>discuss his actions when confronted (physically) in the hallway outside,
>instead referring both users to a different person who wouldn't be in for a
>while.
If he were my staff member, I'd probably back him. If you confronted him
physically (implying two of you, one of him), he's in a no-win situtation to
begin with. For all I know, he had enough authority to pull the plug on you but
not restore it. If he did it without proper justification, I'd tar and feather
him, and apologize profusely.
The Computer Science Center does have certain instructions they give to their
lab aiders. I don't know what they are. I'd be curious to see if someone from
CSC would post 'em.
>>>#2: No reason given
>>>#3: No recourse given-- just says 'See *** ****'
>>
>>Would you prefer a certified letter? Actually not a bad idea. Unfortunately,
>>generating the letter and getting it certified would prob'ly take 2-3 working
>>days, plus another day to get into your mailbox, given the general speed of
>>University Operations.
>
>Sure, I want a certified letter. BEFORE account suspension. Even Judicial
>Programs, which I am no fan of, gives you a trial before you are hanged.
Naw. I'd give you a certified letter telling you your account was suspended,
why it was suspended, and what steps you could take to appeal the suspension.
If you have committed an offence grevious enough to get your account suspended
(note the IF), I suspect I do not have the luxury to let you poke around with
system security.
>>>#4: Runaround given when person tries to see *** ****
>>
>>I don't suppose you tried to talk with your class instructor or TA to
>>immediately gain relief of the situtation? Either one of them will know the
>>right people to talk to.
>>
>>Which person did you have to talk to at CSC in order to get your account
>>renewed? Most of the people over there aren't as Great Satan-ish or
>>bureaucratic as deplicted.
>
>I'm not going to mention names on the net. Suffice it to say that one of the
>people fits the astrisk pattern above.
Fine, send it in e-mail along with full details of the incident. I'm still
curious as to why you didn't gripe to your TA or professor about it. You can
also mention the name of the initial lab aider.
If you feel very greviously wronged, you can always call up the Diamondback.
They'll need some variety after flogging MVA and Gov' Don.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Date: Mon, 17 Jun 1991 19:45 EDT
From: Sanjay Kapur
Subject: Re: Punishment
Message-Id: <64596542C0214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>You want attention, try a letter. A phone call. See the student in person--
>he probably isn't far. No. Suspension of an account is punishment.
Here you seem to be in disagreement with common standards of what is
punishment. Suspension by itself is not punishment, just like arrest in
itself is not punishment.
>(the idea of protection of other users is pretty ludicrous.
It may be ludicrous to you, but it is highly effective.
>If he's hacking your
>system, he can do it from another account with a minimum of difficulty.
>Student accounts are nearly always insecure, and the 'over the shoulder'
>hacking method works fine).
>Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
> .sig under construction, like the rest of this campus.
If a person uses someone else's account without that person's permission, the
person may be committing a felony. IF this is compunded with theft of
service, there may even be the possibility of jail. This may keep most
hackers away.
If a person uses their own account to use the machine, it is not that easy
to estabilish that theft of service took place even when the person uses it
"illegitimately".
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Mon, 17 Jun 1991 19:37 EDT
From: Sanjay Kapur
Message-Id: <6320F4AC10214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Sender: mojo!russotto@mimsy.umd.edu
>That was for account suspensions due to the system adminstrator suspecting
>a third party breaking into the account, not to legitmate users using their
>account in illegitimate ways.
Using an account in illegitimate ways is theft of service, pure and simple.
It is extremely irresponsible for a system administrator to not stop theft.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Mon, 17 Jun 1991 19:55 EDT
From: Sanjay Kapur
Subject: Re: Punishment
Message-Id: <65AF0FFF20214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>>b) Suspension of access by itself does not constitute punishment if it is
>> done to protect other users and the system and the resources of the
>> University (e.g. Paper, toner, telephone costs etc.).
>
>Not a chance. This allows suspension for any reason the administrator wants to
>dream up--- "The user was printing too much. I suspended him. That's not
>punishment". "The user was using too much CPU time. I suspended him. That's
>not punishment".
Unfortunately in a world with limited resources and with computer resources
budgeted, it is the responsibility of the system administrator to make sure
that no one person chews up the whole budget.
The system administrator is appointed by the University so that resource
allocation is fair. Sometimes the system administrator is required to
make a decision that a user has done too much printing and the printing
money will run out if the account is not suspended. Similarily, if one person
runs ten CPU bound jobs on one machine that 20 other users are using, the
system manager will make the twenty other users extremely happy if the person
running the ten jobs is run off the machine.
>And if the person is truly hacking, suspension will undermine
>ONLY his legitimate work-- he is more likely to hack, not less likely.
>
Experience has taught systems administrators that once a hacker is stopped,
the hacker normally stops hacking and is actually unlikely to hack again.
>>Sometimes the operating system itself suspends access to an account if it
>>suspects that there is a break-in attempt, i.e. too many login attempts with
>>an invalid password. Suspension when a break-in is suspected either by the
>>operating system or the Systems Administrator is neither punishment nor an
>>attempt to restrict access but to protect the account for the legitimate user.
>
>This is the ONLY type of suspension which should be permitted without a
>hearing. And the SYstem Administrator should have to contact the user within
>48 hours (or some other reasonable time period), or AUTOMATICALLY undo the
>suspension. None of this garbage where the user has to track down the sysadmin
>(and end up in a runaround)
>
Most of the time, the real user may not have used the machine for weeks or
even months and the problem is not solved by a 48 hour period. Requiring the
system administrator to contact the user or have proof of attempted contact is
a good idea anyway.
>
>--
>Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
> .sig under construction, like the rest of this campus.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Mon, 17 Jun 1991 20:03 EDT
From: Sanjay Kapur
Subject: Re: Punishment
Message-Id: <66CA028950214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>>I will NOT stick my neck out for someone to chop it. Give me good armor to
>>protect my neck, and I will stick out my neck to defend due process.
>
>Then, unsurprisingly, we remain adversaries. When a system administrators
>first recourse is to chop off the users head to save his own, it can be no
>other way.
>Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
> .sig under construction, like the rest of this campus.
Welcome to the real world. Knowing that someone else wants to save their own
neck and is unwilling to sacrifice them for your benefit must come as a rude
shock.
We will have to remain adversaries if you are not willing to help defend a
system administrator who loses his job because he did not suspend an account.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 17 Jun 91 22:44:32 GMT
Message-Id: <0094A45B.CBDCC700@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References -, CAC/PSU, 814-863-4356),<9106171802.AA03058@eff.org>.
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: Punishment
In article <9106171802.AA03058@eff.org>, GMS@PSUVM.PSU.EDU (Gerry Santoro - CAC/PSU 814-863-4356) writes:
>>In article <9106151901.AA12984@eff.org>, junger@cwru.cwru.EDU writes:
>>>
>>Actually, let's consider things from the SYSTEM ADMINISTRATOR's viewpoint.
>>Don't they have rights and responsibilities too? One of the responsibilities
>>they are charged with is keeping the "system" running and available for all
>>users.
>
>It can be even worse than this. Although the law is not evry clear there
>is some precedence to the frightening fact that a system administrator
>can be held liable for illegal activities done from her/his system. This
>is particularly possible for cases where a system on a network (such as
>the Internet) is used as a vehicle for trying to break into other
>systems.
Hmm. That's pretty interesting. First hackers, viruses, worms, and now ...
LAWYERS! I would think you'd have to prove that the system administrator
was either allowing the activity to go on with is explicit consent and
knowledge or that s/he exhibited gross negligance, like leaving superuser
passwords written on pieces of paper in a public place.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 18 Jun 1991 01:57:40 GMT
Message-Id: <1991Jun18.015740.10628@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
Subject: User theft of service
[warning: sarcasm]
Dear Sys Admin,
In the good old days you could kick a user of the system by referring
to some vague unwritten policy. Now a days that's getting harder and
harder, as users demand written policies and due process. Fear not,
happy days are here again. Just remember the magic words "theft of
service".
Consider these hypothetical scenarios:
* An undergrad student (aka jerk) on a CIS computer at Ohio State
sends email to kadie@eff.org. The soon to be replaced,
selectively-enforced written policy for CIS computers forbids
undergrads from send email off campus.
* A student at Boston University stores a copy of the Sexual Purity
Test in his home directory and then tells a friend how to read it
[thus making (subjectively) offensive material accessible, in
violation of written rules].
* A professor at the University of Illinois working on an NCSA
workstation sends email to this list calling NCSA's firing of a student
worker last April unfair and capricious [thus using e-mail to attempt
to disadvantage NCSA, in violation of written rules.]
You could accuse the user specific offenses such as "sending email off
campus", "being a jerk", "making subjectively offensive material
accessible", "criticizing the NCSA". But let's face it; these offenses
don't sound very serious. The user might get away with just a warning.
Even worse, the hearing panel may question the legitimacy of the
computer policy itself.
A more effective approach is to accuse your users with "theft of
services". Sounds pretty serious doesn't it? Nice and vague, too.
Also, it may be a felony in your state. Accuse a user of "theft of
services" and he or she will do almost anything to *avoid* a hearing.
You will again be judge, jury, and executioner. And the world
will be a better place.
(Coming soon: Theft of service charges against students who
sleep in the study lounge or have overdue library books.)
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 02:09:24 GMT
Message-Id:
From: voronoi.cs.jhu.edu!eifrig@umd5.umd.edu
Subject: Usenet Lawyers Again
In article <9106171802.AA03058@eff.org> GMS@PSUVM.PSU.EDU (Gerry Santoro - CAC/PSU 814-863-4356) writes:
>>In article <9106151901.AA12984@eff.org>, junger@cwru.cwru.EDU writes:
>>>
>>Actually, let's consider things from the SYSTEM ADMINISTRATOR's viewpoint.
>>Don't they have rights and responsibilities too? One of the responsibilities
>>they are charged with is keeping the "system" running and available for all
>>users.
>>
>
>It can be even worse than this. Although the law is not evry clear there
>is some precedence to the frightening fact that a system administrator
>can be held liable for illegal activities done from her/his system. This
>is particularly possible for cases where a system on a network (such as
>the Internet) is used as a vehicle for trying to break into other
>systems.
This sounds like urban legend to me. Citation, please.
--------------------------------------------------------------------------------
"Just as landowners preserve the game they are going to kill during
hunting season, so do the lawyers preserve the criminal class."
--------------------------------------------------------------------------------
From kadie Wed Jun 19 00:00:48 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Tue Jun 18 23:59:44 EDT 1991
In this issue:
Sanjay Kapur
Subject: Re: Usenet Lawyers Again
Message-Id: <8E5ACA10D0213F97@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>>It can be even worse than this. Although the law is not evry clear there
>>is some precedence to the frightening fact that a system administrator
>>can be held liable for illegal activities done from her/his system. This
>>is particularly possible for cases where a system on a network (such as
>>the Internet) is used as a vehicle for trying to break into other
>>systems.
>
> This sounds like urban legend to me. Citation, please.
>
Sorry, I have no citation but more to add to the urban legend :-)
The EFF, from what I have heard is at this point in time trying to defend
a PC bulletin board operator(?) in Texas(?) whose equipment was confisicated
by the FBI and the secret service(?)
Can someone from the EFF elaborate?
I do not know of any actual convictions, but a few years back there were a
spate of arrests of PC BB sysops. Some, but not all of these bulletin boards
had information that could be used to break phone system security, have kiddie
porn exchanges etc. Some of the sysops claimed that they had no idea that
there was that kind of information on their PC.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Tue, 18 Jun 1991 00:37 EDT
From: Sanjay Kapur
Subject: Re: User theft of service
Message-Id: <8D0F131700213F97@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>A more effective approach is to accuse your users with "theft of
>services". Sounds pretty serious doesn't it? Nice and vague, too.
>Also, it may be a felony in your state. Accuse a user of "theft of
>services" and he or she will do almost anything to *avoid* a hearing.
>You will again be judge, jury, and executioner. And the world
>will be a better place.
Theft of service IS pretty serious. Ask your University what it spends on
Computers and you will realize it is a large sum of money, most of it the
taxpayers.
What I said was "illegitimate use IS theft of service". This is tuatologically
correct. The hard part is proving what is illegitimate. That is upto the
judicial body. The judicial body can also censure the system administrators
who exceeds their bounds.
You are right about one statement. If I were the judge, jury and executioner
the world WOULD be a better place :-)
>
>(Coming soon: Theft of service charges against students who
>sleep in the study lounge or have overdue library books.)
>
Sooner than you expected:
Some public libraries do have the power to get people arrested for
overdue books.
If you are not a student (say a homeless person) and sleep in the study
lounge, you can be cited for trespass.
If you are a student and sleep and snore in the the study lounge, you can be
evicted.
>- Carl
>--
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
>
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 18 Jun 1991 05:13:13 GMT
Message-Id: <1991Jun18.051313.13557@eff.org>
Organization: The Electronic Frontier Foundation
From: hshubs
References: , , <1991Jun17.151251.8359@eng.umd.edu>
Subject: Re: Punishment
In article <1991Jun17.151251.8359@eng.umd.edu> russotto@eng.umd.edu (Matthew T. Russotto) writes:
>In article Sanjay Kapur writes:
>
>>For fairness and due process to work in the real world:
>>
>>BEFORE A USER CAN GET DUE PROCESS, SYSTEMS ADMINISTRATORS HAVE TO BE PROTECTED.
>>
>>
>>I will NOT stick my neck out for someone to chop it. Give me good armor to
>>protect my neck, and I will stick out my neck to defend due process.
>
>Then, unsurprisingly, we remain adversaries. When a system administrators
>first recourse is to chop off the users head to save his own, it can be no
>other way.
>
Is there no room in this for compromise? It seems to me that in most
situations there is some leeway available for both sides to help the
other, so that neither one loses his head.
The only times I could see where this would not be possible is if one
side or the other is on a power trip: "I can kick you off the machine,
and you can't stop me!" That's when the _other_ person needs to bring
in the big guns, namely some other part of the administration and/or a
professor.
--
Howard S Shubs hshubs@eff.org
System Analysis Corporation hshubs@BYTECOSY
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 05:07:08 GMT
Message-Id: <1991Jun18.050708.1129@dartvax.dartmouth.edu>
Organization: Dartmouth College, Hanover, NH
From: snorkelwacker.mit.edu!hsdndev!dartvax!eleazar.dartmouth.edu!llama@world.std.com
References: , e
Subject: Re: Usenet Lawyers Again
>In article <9106171802.AA03058@eff.org> GMS@PSUVM.PSU.EDU (Gerry Santoro - CAC/PSU 814-863-4356) writes:
>>It can be even worse than this. Although the law is not evry clear there
>>is some precedence to the frightening fact that a system administrator
>>can be held liable for illegal activities done from her/his system. This
>>is particularly possible for cases where a system on a network (such as
>>the Internet) is used as a vehicle for trying to break into other
>>systems.
eifrig@cs.jhu.edu (Jack Eifrig) writes:
> This sounds like urban legend to me. Citation, please.
"System Administrators" have even been "held liable" for LEGAL activities
done on their system. Ever hear of the Phrack case?
----------------------------------------------------------------------------
"Read My Lips: No Nude Texans!" - George Bush clearing up a misunderstanding
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 18 Jun 1991 11:28:40 GMT
Message-Id: <1991Jun18.112840.6676@magnus.acs.ohio-state.edu>
Organization: The Ohio State University
From: snorkelwacker.mit.edu!think.com!zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!treeves@world.std.com
Subject: I'll settle for library power
The libary can tell the registrat I have an overdue book, that is now
considered lost. I cannot register until I pay. Sure I can appeal but by that
time all sort of unfortunate things may happen. It's too much hastle, I pay.
The only proof they need is that their computer says I charged out the book
and it was not discharged.
Students in computer labs can do anything the want short of things I
call the cops for, and I have to provide all sorts of proof, and try to have
them charged with academic misconduct. The registrar would laugh if I said
"don't let this student register till he settles with Academic Computing,
we'll be charging a fine for excess disk use."
Note in NO WAY do I object for rigorous standards of proof for charges
of any kind.
I just think it's interesting how much power librarians have, and this
is accepted.
They do NOT have to give me a hearing BEFORE they do this, or send
certified letters or such.
--
_____________________________________________________________________________
| That's my story, and I'm sticking to it! |
|_____________________________________________________________________________|
| Public Sites micro software support | treeves@magnus.ACS.OHIO-STATE.EDU |
-------------------
From: William W. Arnold
Message-Id: <9106181313.AA17623@cabell.vcu.edu>
Subject: Re: I'll settle for library power
Date: Tue, 18 Jun 91 9:13:13 EDT
X-Mailer: ELM [version 2.3 PL11]
comp-academic-freedom-talk-request@eff.org writes ---
> them charged with academic misconduct. The registrar would laugh if I said
> "don't let this student register till he settles with Academic Computing,
> we'll be charging a fine for excess disk use."
>
>| Public Sites micro software support | treeves@magnus.ACS.OHIO-STATE.EDU |
>
Possibly at your school the registrar would laugh, but at least here
at VCU any department may place a hold on a student for any unpaid
fines, or bills. It's just a matter of filling out one form that
allows the registrar to collect the fine for you.
| William W. Arnold Student Consultant, Academic computing. VCU |
| has8wwa@cabell.vcu.edu warnold@gnu.ai.mit.edu someone.else@somewhere.else |
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 18:08:30 GMT
Message-Id: <1991Jun18.180830.27171@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References <0094A445.B32AC380@KING.ENG.UMD.EDU>, <1991Jun18.134736.24486@eng.umd.edu>, <0094A4ED.A3823140@KING.ENG.UMD.EDU>
Subject: Re: Punishment
In article <0094A4ED.A3823140@KING.ENG.UMD.EDU> sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>In article <1991Jun18.134736.24486@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>>>Or continue to harass users or
>>>suck up system resources to the detrement of the other users on the system?
>>
>>Harass users? You mean like going over to their terminal and bugging them?
>>Putting up X-things on their display? sending them 'talk' messages? Be
>>more specific.
>
>You've given three good examples. If another user DOES NOT want to be bothered,
>then you are violating THEIR RIGHT to get their work done on time. Do you
>realize that other users have the right to get their work on time as well?
If using 'talk' was grounds for account suspension, a whole lot of people would
have their account suspended. Fortunately for me, 'mesg n' is fairly well
known, so I could protect myself from 'talk's without calling in the sysadmin.
Physically bothering other users cannot be stopped by suspension of account.
Putting up X-things on other users display is a bad thing, true-- but doesn't
a teensy bit of the blame lie with the sysadmin who made all the displays
xhost+ by default??? (for the record, I only did it a few times, to try it
out-- but once it was done, lots of other people picked up on how to do it,
and I got blamed for it weeks later-- long after I had stopped)
>>As for sucking up system resources--- you mean like disk space? Isn't that
>>what quotas are? Perhaps you mean CPU time-- isn't that what priorities are
>>for--- and in this case, there are less drastic measures available than
>>account suspension. Same goes for printer resources. And, define 'pigging
>>out'-- more than the sysadmin wants?
>
>There are certain instances, such as with scratch disk space and CPU time,
>where there is a flagent disregard for other users on the system, where account
>suspension is justified. Especially if said user has received warnings, both
>verbally and via e-mail, in the past. Did you receive either verbal or e-mail
>warnings?
I was not suspended for overuse of those resources, even as a rationalizaton.
>>>If he were my staff member, I'd probably back him. If you confronted him
>>>physically (implying two of you, one of him), he's in a no-win situtation to
>>>begin with. For all I know, he had enough authority to pull the plug on you but
>>>not restore it. If he did it without proper justification, I'd tar and feather
>>>him, and apologize profusely.
>>
>>Actually, there were two of us, two of them (and one of them was a black belt
>>in martial arts...).
>
>Oh? Did they threaten you with bodily harm? If they did, then you should have
>filed a report with the campus police.
Not at that time. Later, though. But I don't report anything to the cops--
they are on the University payroll, same as the sysadmin, which is a built
in bias against me.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 19:41:52 GMT
Message-Id: <0094A50B.71F6CC80@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References <0094A445.B32AC380@KING.ENG.UMD.EDU>, <1991Jun18.134736.24486@eng.umd.edu>, <0094A4ED.A3823140@KING.ENG.UMD.EDU>,<1991Jun18.180830.27171@eng.umd.edu>
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: Punishment
In article <1991Jun18.180830.27171@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>>>Harass users? You mean like going over to their terminal and bugging them?
>>>Putting up X-things on their display? sending them 'talk' messages? Be
>>>more specific.
>>
>>You've given three good examples. If another user DOES NOT want to be bothered,
>>then you are violating THEIR RIGHT to get their work done on time. Do you
>>realize that other users have the right to get their work on time as well?
>
>If using 'talk' was grounds for account suspension, a whole lot of people would
>have their account suspended. Fortunately for me, 'mesg n' is fairly well
>known, so I could protect myself from 'talk's without calling in the sysadmin.
Oh? If the other party didn't want to be bothered and was not as computer
literate as you, then talk is an abuse.
>Putting up X-things on other users display is a bad thing, true-- but doesn't
>a teensy bit of the blame lie with the sysadmin who made all the displays
>xhost+ by default??? (for the record, I only did it a few times, to try it
>out-- but once it was done, lots of other people picked up on how to do it,
>and I got blamed for it weeks later-- long after I had stopped)
"Daddy should have not left the keys to the car out, so I wouldn't take it,
so isn't it some of his fault I wrecked the car?" Nope. If you chose to do
this, and it annoyed people, then you take the consequences, eh?
>>suspension is justified. Especially if said user has received warnings, both
>>verbally and via e-mail, in the past. Did you receive either verbal or e-mail
>>warnings?
>
>I was not suspended for overuse of those resources, even as a rationalizaton.
I will repeat my original question: Did you receive either verbal or e-mail
warnings on other occasions before your account was suspended?
If so, why? If there is a pattern of abuse, the suspension was justified.
>>>Actually, there were two of us, two of them (and one of them was a black belt
>>>in martial arts...).
>>
>>Oh? Did they threaten you with bodily harm? If they did, then you should have
>>filed a report with the campus police.
>
>Not at that time. Later, though. But I don't report anything to the cops--
>they are on the University payroll, same as the sysadmin, which is a built
>in bias against me.
So are your professors. Do they have a built-in bias against you? Why would you
go to a university which is out to get you? Fortunately, the University is a
more complex entity than you'd like to simplify it as. Or does posting from
.eng.umd.edu mean The System hasn't caught up with you yet?
You also did not address what would happen if your role was reversed with that
of the system manager. I'm very curious to hear your answer.
I doubt it will be, "Yes, I would have sat there and let someone else screw
the system up and suffered 1 to 20 users bitching at me the next day."
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Message-Id: <199106182135.AA25490@mp.cs.niu.edu>
Subject: Re: User theft of service
Newsgroups: info.academic-freedom
References:
Organization: Northern Illinois University
Date: Tue, 18 Jun 91 16:35:06 -0500
From: Neil Rickert
In article <1991Jun18.190835.525@eff.org> kadie@eff.org writes:
>the cost of a system. Therefore the cost of a piece of email is
>between 1.5 cents and $5.8. Hardly, a felony. - Carl
I imagine that most admins don't care much about about the occasional
email message (unless they receive complaints of abusive messages).
It is rather a pain, however, when a student subscribes to mailing lists
totalling 1/2 megabyte per day, and at the end of the Semester just leaves
without bothering to cancel subscriptions.
--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Neil W. Rickert, Computer Science
Northern Illinois Univ.
DeKalb, IL 60115 +1-815-753-6940
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 18 Jun 91 20:41:41 GMT
Message-Id: <1991Jun18.204141.28615@erg.sri.com>
Organization: SRI International, Menlo Park CA
From: ads.com!sparkyfs.erg.sri.com!aalps3.erg.sri.com!rat@decwrl.dec.com
References: , g.
Subject: Re: User theft of service
In the referenced article, Sanjay Kapur writes:
>No, not the whole $5,000,000. (Although I suspect that the University of
>Illinois's computer budget is at least an order of magnitude larger).
>You may want to ask someone exactly how much it costs to send an average
>e-mail message. Include all costs (computer, systems staff, user support and
>operations staff, phone line charges, disk space etc.) that are dedicated
>to e-mail and divide by the total number of e-mail messages or total number of
>active users.
Unfortunately, this is a totally inappropriate way of figuring out the
cost of a given email message (though a common enough one among
accountants with no brains). For most university setups (leased
lines, automatic mailing, spools that get flushed when the message is
sent), the marginal cost of sending an email message is exactly zero.
The phone line costs no more when another message goes over it, the
administrators need perform no intervention when an average email
message is sent, no significant disk space is used for a significant
period of time etc., etc. The only email messages that cost money are
the decidedly *non* average ones.
If you are unfortunate enough to being on a system with no leased line
and no WATS outgoing line, you might be liable for stealing as much as
10 cents/message in phone time. Oh boy. (let's see, that's .000002%
of the computing budget, according to your estimate).
>Your e-mail message may be totally legitimate use in which case you will not
>be liable for anything. It will be almost impossible to prove that the letter
>about firing a student worker that you mention is not legitimate.
The point is that many system administrators will consider it
illegitimate. If they are allowed, by policy, to suspend your account
for sending them, they often will, legitimate or not, and there's no
way to do anything about it.
--
"When you're down, it's a long way up
When you're up, it's a long way down
It's all the same thing
And it's no new tale to tell" ../ray\..
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 20:54:20 GMT
Message-Id: <1991Jun18.205420.4643@ms.uky.edu>
Organization: The Puzzle Palace, UKentucky
From: cs.utexas.edu!asuvax!ukma!morgan@uunet.uu.net
References: , , <1991Jun17.143127.7897@eng.umd.edu>=D
Subject: Re: Punishment
In article <1991Jun17.143127.7897@eng.umd.edu> russotto@eng.umd.edu (Matthew T. Russotto) writes:
>
>>Sometimes the operating system itself suspends access to an account if it
>>suspects that there is a break-in attempt, i.e. too many login attempts with
>>an invalid password. Suspension when a break-in is suspected either by the
>>operating system or the Systems Administrator is neither punishment nor an
>>attempt to restrict access but to protect the account for the legitimate user.
>
>This is the ONLY type of suspension which should be permitted without a
>hearing. And the SYstem Administrator should have to contact the user within
>48 hours (or some other reasonable time period), or AUTOMATICALLY undo the
>suspension. None of this garbage where the user has to track down the sysadmin
>(and end up in a runaround)
Oh, I see. If the user dodges my office, ignores his electronic mail, and
doesn't return my phone messages, I should just automatically undo my sus-
pension of his account? Right. Sure. Uh-huh.
You've spoken of getting "the runaround" when trying to deal with the
administration of your site. Have you ever tried to contact a student
during the day? It can be next to impossible. I, on the other hand,
am in the same office each and every day. My phone number is part of
the directory. Every new user either meets me face-to-face or gets
my office address and phone number. In addition, every staff/faculty
member in the College knows where I work. We're listed in the building
directory, which the student sees as soon as he walks in the front door.
I'm sorry that you had such problems with your administration, but don't
assume that we're all hiding in a back room, gnawing on raw meat.
Having said that, let's move on to the crux of the discussion.
If I ever had to suspend a user, I'd probably follow a procedure like this:
- Lock the account; all the user sees on login is a message
to get in touch with me.
- If, after one or two days, the student does not contact me, I will try
to contact him via telephone. If the student has an address
listed in the student directory, I'd send a memo to him, asking him
to get in touch with me. The login remains suspended.
- If, after another few days, the user doesn't contact me, I would
send a copy of the memo to the Chairman of the student's department,
explaining why the user was suspended and that the student has not
been in touch with me after repeated attempts at contact. I would
request that the Department forward my memo to the student. I would
inform the Chairman that the login would remain suspended until I met
with the student.
- The login remains suspended until I have a meeting with the student.
If computing resources are an important asset to the user, he will make
the effort to contact me. The user's willful inaction is not sufficient
cause for me to remove my suspension of his access. If he wants his login
restored, he has to talk to me. If I am to successfully manage the system,
it cannot work any other way.
If you have an option that does not include automatic release of suspension,
I'd like to hear it.
Wes
ps> As far as hearings go, I think that it is a disservice to the other
users of the system to take up large chunks of my time with default
hearings. If the user has made the effort to contact me and discuss
his problem without satisfaction, I am perfectly willing to defend my
actions in a hearing. Forcing an initial hearing is timeconsuming and,
in most cases, overkill. The "right of appeal" is fine, but at least
give me a chance to talk to the person face-to-face first. As I've
said several times, I have yet to run into a user problem that wasn't
settled over a soda in 10 minutes. Of course, users are always able
to discuss the matter with my boss.
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
Curator of the benchmark archives at wuarchive.wustl.edu <128.252.135.4>
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 21:11:06 GMT
Message-Id: <1991Jun18.211106.9027@ms.uky.edu>
Organization: The Puzzle Palace, UKentucky
From: lll-winken!iggy.GW.Vitalink.COM!widener!ukma!morgan@uunet.uu.net
References <1991Jun17.180652.9830@eng.umd.edu>, <0094A438.BB1DE700@KING.ENG.UMD.EDU>, <1991Jun17.192647.10980@eng.umd.edu>w
Subject: Re: Punishment
russotto@eng.umd.edu (Matthew T. Russotto) writes:
>
>That was for account suspensions due to the system adminstrator suspecting
>a third party breaking into the account, not to legitmate users using their
>account in illegitimate ways. I believe account suspension for THAT reason
>should only be done AFTER some sort of hearing is conducted-- none of this
>all too common 'suspend first-- make the user come to us so we can ask
>questions later'.
>Sure, I want a certified letter. BEFORE account suspension. Even Judicial
>Programs, which I am no fan of, gives you a trial before you are hanged.
So if someone is hacking into a privileged account, or has found some
method of acquiring privileges, and is wiping disks clean, I should sit
there and let him do it while I print up a letter to the Dean requesting
disciplinary action? Who's going to answer the 1800 other users who want
to know why their files are disappearing?
>In most cases, the SYSADMIN THINKS he has good reasons. Good reasons that
>include 'User is making my life difficult-- I'll suspend his account and solve
>that problem'
Just out of curiosity, can you differentiate between "making my life
difficult" and "making the other XXXX users' lives difficult"? Short
of user-specific pranks such as mail flooding, I can't really think
of anything.
>He refused to
>discuss his actions when confronted (physically) in the hallway outside,
>instead referring both users to a different person who wouldn't be in for a
>while.
Again, don't paint all admininstrators as officious, evasive jerks based
on your experience.
>>I don't suppose you tried to talk with your class instructor or TA to
>>immediately gain relief of the situtation? Either one of them will know the
>>right people to talk to.
I noticed that you didn't answer this question in the original post.
Did you, in fact, talk to *anyone* outside of the computing staff?
Did you ask for help from *anyone* else in the organization, such
as faculty, staff, Student Affairs, the Ombudsman, your Department
Chairman, or your Dean? If not, why not?
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
Curator of the benchmark archives at wuarchive.wustl.edu <128.252.135.4>
-------------------
Date: Tue, 18 Jun 1991 18:20 EDT
From: Sanjay Kapur
Subject: Re: User theft of service
Message-Id: <218ADBEF80214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Sender: ads.com!sparkyfs.erg.sri.com!aalps3.erg.sri.com!rat@decwrl.dec.com
>Unfortunately, this is a totally inappropriate way of figuring out the
>cost of a given email message (though a common enough one among
>accountants with no brains). For most university setups (leased
>lines, automatic mailing, spools that get flushed when the message is
>sent), the marginal cost of sending an email message is exactly zero.
>The phone line costs no more when another message goes over it, the
>administrators need perform no intervention when an average email
>message is sent, no significant disk space is used for a significant
>period of time etc., etc. The only email messages that cost money are
>the decidedly *non* average ones.
>
>If you are unfortunate enough to being on a system with no leased line
>and no WATS outgoing line, you might be liable for stealing as much as
>10 cents/message in phone time. Oh boy. (let's see, that's .000002%
>of the computing budget, according to your estimate).
>
An analogy:
A passenger train is going from New York to Boston. The train will go no
matter what the number of passengers. There is no marginal cost if there
are empty seats in the train and I sit on one of them. Therefore, I should
not have to pay for the train fare. Especially since the fare is .000002%
of the operating budget for the train company.
I am not an accountant (brainless System Administrator maybe, but not a
brainless accountant) and from what I understand, in modern
computing environments, E-mail can not be considered a marginal cost.
The concept of marginal cost works only if e-mail is NOT one of the uses
that the computer and network is designed for. Otherwise the capacity of the
network and the computer has already been designed and paid for with the
requirements for e-mail taken into consideration.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 18 Jun 1991 22:28:48 GMT
Message-Id: <1991Jun18.222848.4792@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: , , <1991Jun18.204141.28615@erg.sri.com>
Subject: Re: User theft of service
The problem with "theft of service" as applied to users is not that it
doesn't fit. The problem is that one size fits all.
*Any* violation of computer policy can be called "theft of service".
To close the circle, "theft of service" can be listed as a violation
of computer policy.
The Joint Statement says "[o]ffenses should be as clearly defined as
possible and interpreted in a manner consistent with the
aforementioned principles of relevance and reasonableness."
The offense of "theft of service" does not meet this standard.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Date: Tue, 18 Jun 91 10:52:11 PDT
From: cgh@frame.com (Grant Hogarth)
Message-Id: <9106181752.AA01458@tillicum.frame.com>
Subject: Re: Computers and Academic Freedom mailing list (batch edition)
Sanjay Kapur says:
>Here you seem to be in disagreement with common standards of what is
>punishment. Suspension by itself is not punishment, just like arrest in
>itself is not punishment.
In many cases, arrest (in and of itself) *is* considered punishment. viz: court cases
where the arrested person is convicted, and sentenced to "time already served". Also,
the stigma of "arrest" is a pretty powerful punishment, as those groups who practice
"shunning" know very well. Suspension can be considered a punishment-- the person
suspended is deprived of access to resources that they had become accustomed to using.
That sounds like a punishment to me, admittedly more on the level of "you did not do your
homework, therefor (as parent) I say that you cannot watch any TV for a week."
Sanjay also says (in a subsequent post):
>Using an account in illegitimate ways is theft of service, pure and simple.
>It is extremely irresponsible for a system administrator to not stop theft.
Sorry, wrong (by degree) again!
1) Define "illegitimate".
2) Sysadmins are not officers of the law. (in most cases). Theft is a crime.
Sysadmins are responsible for controlling inappropriate use of resources
(A fuzzy area, indeed), but "theft" should be used cautiously, and referred
to appropriate authorities.
Two questions:
1) To (Doug Mohney): What is/are "Diamondback" ?
(other than a common name for a type of poisonous snake common to North America.)
2)To voronoi.cs.jhu.edu!eifrig@umd5.umd.edu: what is the source of your quote:
"Just as landowners preserve the game they are going to kill during
hunting season, so do the lawyers preserve the criminal class."?
I like it! :-)
\Grant Hogarth (cgh@frame.com) Usual disclaimers apply.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 21:47:26 GMT
Message-Id: <1991Jun18.214726.15504@ms.uky.edu>
Organization: The Puzzle Palace, UKentucky
From: cs.utexas.edu!asuvax!ukma!morgan@uunet.uu.net
Subject: Have you walked the proverbial mile?
You know, I've been reading this discussion group since its inception,
and a question has occured to me.
Large amounts of animal dung have been heaped upon system administrators
in these discussions. How many of you are, or have been, system admini-
strators in any capacity?
Most system administrators have been on the other side of this fence;
we were users before we were administrators. Can any of the partici-
pants in these discussions make the opposite claim? Unless you've
been an administrator (a PC BBS, network, mail admin, news admin,
or whatever), how can you "put horns" on all of us?
I think that users would find it educational to spend a few days
"hanging around" with the administrators. You could watch us
cringe when some user starts 8 background jobs, bringing the sys-
tem to a crawl while 20 other users are currently active. You could
hear us groan as someone decides to print 10 copies of their thesis
instead of spending a few dollars at the copy shop. You could listen
in as users walk in and say "You *have* to give me 15 Mb of disk space."
You could hear us delicately handle an irate user who demands that we
purchase documentation in their native language because "the English
ones are too hard to understand." You could learn as we explain
to a user that he shouldn't give his password out to all his friends.
None of the scenarios in the previous paragraph are fictitious; they
have all happened *to me* in the last year, some of them several times.
If you spent some time with a system administrator, you'd learn that
we're usually too busy to waste time persecuting individual users. It
takes a certain skill to juggle the needs of thousands of users. While
you may have had problems with one or two of us, don't start issuing
blanket condemnations until you've walked that mile in our shoes.
Wes
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
Curator of the benchmark archives at wuarchive.wustl.edu <128.252.135.4>
From kadie Wed Jun 19 00:02:37 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Wed Jun 19 00:01:24 EDT 1991
In this issue:
Brendan Kehoe
Message-Id: <9106181635.AA08611@cs.widener.edu>
Subject: Jolnet
llama@eleazar.dartmouth.edu wrote:
>eifrig@cs.jhu.edu (Jack Eifrig) writes:
>> This sounds like urban legend to me. Citation, please.
>
>"System Administrators" have even been "held liable" for LEGAL activities
>done on their system. Ever hear of the Phrack case?
Sorry, that's not a very good example...Rich Andrews was in no way
"held liable" for what Neidorf may have done on Jolnet---rather,
Andrews was in full cooperation with the authorities. His equipment
was confiscated as part of the investigation. (I don't know if it's
since been returned to him, although I'd hope so.) No charges were
ever brought against him.
--
Brendan Kehoe - Widener Sun Network Manager - brendan@cs.widener.edu
Widener University in Chester, PA A Bloody Sun-Dec War Zone
"Ya know, kitten tacos are really better than anything you've ever tasted
before!" "Oh, really." -- Rush Limbaugh
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 18 Jun 1991 16:43:02 GMT
Message-Id: <1991Jun18.164302.26318@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
Subject: Switching from the mailing lists to the newsgroups
This is a reminder that the Computers and Academic Freedom mailing
lists are now available as newsgroups (if you don't know what
newsgroups are, just ignore this message). The newsgroups are
alt.comp.acad-freedom.talk (gatewayed to comp-academic-freedom-talk)
- everything posted to alt.comp.acad-freedom.talk and
alt.comp.acad-freedom.news, or mailed to caf-talk@eff.org,
appears here without human intervention.
alt.comp.acad-freedom.news (a moderated newsgroup corresponding to
comp-academic-freedom-news)
- the best notes from caf-talk (as selected by me). A collection
is posted at the end of each week, and now at the end of each month.
Newsgroups offer several advantages. Incoming notes are held until
*you* want to read them. Distribution is robust and automatic so you
don't have to depend on me to keep things running (I'll be out of town
much of next month). For your computer system, newsgroup distribution
makes better use of disk because only one copy of a note is sent to
any given site. For me, more people reading the newsgroups means less
work will be required to maintain the mailing lists. Finally, for
anyone interested in these issues, newsgroup distribution means there
will be more readers as other people at your site discover the
newsgroup.
If your system offers newsgroups, but not these newsgroups, send
your sys admin a note something like this:
-------
Subject: newsgroup requests
I request that we subscribe to the alt.comp.acad-freedom.talk
and alt.comp.acad-freedom.news newsgroups.
[If you have any problem locating a feed for these newgroups,
you can contact Chris Davis (ckd@eff.org), the sys admin on
eff.org.]
Thanks
----------
Once you begin reading the newsgroups (or at any other time), you can
quit the mailing lists by sending mail to listserv@eff.org. Include
the line
delete comp-academic-freedom-
where is either talk, batch, or news. If that doesn't work,
sent email to me at caf-talk-request@eff.org.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 18 Jun 1991 16:54:33 GMT
Message-Id: <1991Jun18.165433.26644@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: , <8D0F131700213F97@ccmail.sunysb.edu>
Subject: Re: User theft of service
SKAPUR@ccmail.SUnysb.EDU (Sanjay Kapur) writes:
[...]
>Theft of service IS pretty serious. Ask your University what it spends on
>Computers and you will realize it is a large sum of money, most of it the
>taxpayers.
[...]
So, if the Univeristy of Illinois's computer budget is, say,
$5,000,000 and I write an e-mail message that says that the NCSA's
firing of a student worker was unfair and capricious, I am liable for
$5,000,000?
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 14:18:27 GMT
Message-Id: <1991Jun18.141827.24847@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <64596542C0214C4E@ccmail.sunysb.edu>m
Subject: Re: Punishment
In article <64596542C0214C4E@ccmail.sunysb.edu> Sanjay Kapur writes:
>>You want attention, try a letter. A phone call. See the student in person--
>>he probably isn't far. No. Suspension of an account is punishment.
>
>Here you seem to be in disagreement with common standards of what is
>punishment. Suspension by itself is not punishment, just like arrest in
>itself is not punishment.
>
>>(the idea of protection of other users is pretty ludicrous.
>
>It may be ludicrous to you, but it is highly effective.
Like shooting suspects on sight would be effective at reducing crime.
>>If he's hacking your
>>system, he can do it from another account with a minimum of difficulty.
>>Student accounts are nearly always insecure, and the 'over the shoulder'
>>hacking method works fine).
>>Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
>> .sig under construction, like the rest of this campus.
>
>If a person uses someone else's account without that person's permission, the
>person may be committing a felony. IF this is compunded with theft of
>service, there may even be the possibility of jail. This may keep most
>hackers away.
So you take away a suspects account in order to force him into some criminal
behavior so you can throw him in jail? Is there any wonder why the
relationship between users and sysadmins is often adversarial?
>If a person uses their own account to use the machine, it is not that easy
>to estabilish that theft of service took place even when the person uses it
>"illegitimately".
Especially when you don't have any sort of written policy as to what is
illegitimate. Account suspension for arbitrary reasons is quite a powerful
weapon.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 14:28:25 GMT
Message-Id: <1991Jun18.142825.24994@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <66CA028950214C4E@ccmail.sunysb.edu>m
Subject: Re: Punishment
In article <66CA028950214C4E@ccmail.sunysb.edu> Sanjay Kapur writes:
>>>I will NOT stick my neck out for someone to chop it. Give me good armor to
>>>protect my neck, and I will stick out my neck to defend due process.
>>
>>Then, unsurprisingly, we remain adversaries. When a system administrators
>>first recourse is to chop off the users head to save his own, it can be no
>>other way.
>
>Welcome to the real world. Knowing that someone else wants to save their own
>neck and is unwilling to sacrifice them for your benefit must come as a rude
>shock.
Nope. I'm only surprised that you admit it.
>We will have to remain adversaries if you are not willing to help defend a
>system administrator who loses his job because he did not suspend an account.
As you well know, a user is in no position to defend a system administrator.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 14:26:33 GMT
Message-Id: <1991Jun18.142633.24936@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <65AF0FFF20214C4E@ccmail.sunysb.edu>m
Subject: Re: Punishment
In article <65AF0FFF20214C4E@ccmail.sunysb.edu> Sanjay Kapur writes:
>>Not a chance. This allows suspension for any reason the administrator wants to
>>dream up--- "The user was printing too much. I suspended him. That's not
>>punishment". "The user was using too much CPU time. I suspended him. That's
>>not punishment".
>
>Unfortunately in a world with limited resources and with computer resources
>budgeted, it is the responsibility of the system administrator to make sure
>that no one person chews up the whole budget.
>
>The system administrator is appointed by the University so that resource
>allocation is fair. Sometimes the system administrator is required to
>make a decision that a user has done too much printing and the printing
>money will run out if the account is not suspended. Similarily, if one person
>runs ten CPU bound jobs on one machine that 20 other users are using, the
>system manager will make the twenty other users extremely happy if the person
>running the ten jobs is run off the machine.
And if it wasn't against the rules to run those 10 jobs, the person is going
to be quite upset. ESPECIALLY if his account is suspended, rather than
just the jobs being killed. Similiarly, if there is no rule about total amount
of printing, users are going to be justifiably upset when the sysadmin suspends
their account because they did 'too much printing'.
>>And if the person is truly hacking, suspension will undermine
>>ONLY his legitimate work-- he is more likely to hack, not less likely.
>
>
>Experience has taught systems administrators that once a hacker is stopped,
>the hacker normally stops hacking and is actually unlikely to hack again.
I suspect systems administrators here would disagree. They used terror
tactics against a lot of suspected hackers, and seem to have created more.
One user went looking for security holes, found them, reported them to the
system administrator, and ended up having his account suspended because he
had too much dangerous information in it.
(the fact that the system is ridiculously insecure didn't help. The sysadmin,
in a heavyhanded attempt to stop background jobs from being run (even though
they aren't against the rules), introduced a bug which made everyone's
cleartext password available trivially. Once it was generally known how
to do this, the amateur hacker population increased substantially)
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 13:54:12 GMT
Message-Id: <1991Jun18.135412.24561@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <6320F4AC10214C4E@ccmail.sunysb.edu>m
Subject: Re: (none)
In article <6320F4AC10214C4E@ccmail.sunysb.edu> Sanjay Kapur writes:
>>Sender: mojo!russotto@mimsy.umd.edu
>>That was for account suspensions due to the system adminstrator suspecting
>>a third party breaking into the account, not to legitmate users using their
>>account in illegitimate ways.
>
>Using an account in illegitimate ways is theft of service, pure and simple.
>It is extremely irresponsible for a system administrator to not stop theft.
Let me get this straight: A user using an account provided by the University
to all students, for the asking, and doing things not specifically proscribed,
can commit theft of services? How?
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 13:47:36 GMT
Message-Id: <1991Jun18.134736.24486@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References <0094A438.BB1DE700@KING.ENG.UMD.EDU>, <1991Jun17.192647.10980@eng.umd.edu>, <0094A445.B32AC380@KING.ENG.UMD.EDU>
Subject: Re: Punishment
In article <0094A445.B32AC380@KING.ENG.UMD.EDU> sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>In article <1991Jun17.192647.10980@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>
>>That was for account suspensions due to the system adminstrator suspecting
>>a third party breaking into the account, not to legitmate users using their
>>account in illegitimate ways. I believe account suspension for THAT reason
>>should only be done AFTER some sort of hearing is conducted-- none of this
>>all too common 'suspend first-- make the user come to us so we can ask
>>questions later'.
>
>Oh? Define "illegitimate ways." Illegitmate might be breaking security. If
>you're trying to break security on a system, why should anyone with common
>sense allow you extra time to try to hack it?
There you go, presuming guilt again. I might point out (again) that if you
remove a users ability to do legitimate work, you give them more time, not
less, to do hacking. Allowing sysadmins summary judgement just isn't just, and
is power likely to be abused.
>Or continue to harass users or
>suck up system resources to the detrement of the other users on the system?
Harass users? You mean like going over to their terminal and bugging them?
Putting up X-things on their display? sending them 'talk' messages? Be
more specific.
As for sucking up system resources--- you mean like disk space? Isn't that
what quotas are? Perhaps you mean CPU time-- isn't that what priorities are
for--- and in this case, there are less drastic measures available than
account suspension. Same goes for printer resources. And, define 'pigging
out'-- more than the sysadmin wants?
>>If the user is actively engaging in this behavior, it should be possible for
>>the sysadmin to contact the user right then and there-- what at least one
>>sysadmin did was chmod 000 the users directory, change the shell to
>>/bin/nologin, do the same for the user sitting next to him, who he knew to
>>be a friend of the first user, and reboot both workstations. He refused to
>>discuss his actions when confronted (physically) in the hallway outside,
>>instead referring both users to a different person who wouldn't be in for a
>>while.
>
>If he were my staff member, I'd probably back him. If you confronted him
>physically (implying two of you, one of him), he's in a no-win situtation to
>begin with. For all I know, he had enough authority to pull the plug on you but
>not restore it. If he did it without proper justification, I'd tar and feather
>him, and apologize profusely.
Actually, there were two of us, two of them (and one of them was a black belt
in martial arts...). And he came up, perhaps to confront us-- in any case,
after he did it, we ran into each other outside the door to the lab. Sure,
he claimed not to have the authority to restore the account. But the guy he
referred us to claimed the same thing-- and referred us right back to the
first guy.
>The Computer Science Center does have certain instructions they give to their
>lab aiders. I don't know what they are. I'd be curious to see if someone from
>CSC would post 'em.
Don't be silly-- they wouldn't produce a copy of those at my judicial hearing,
even after accusing me of violating some rule in them. And they finally
admitted that users never even saw those rules.
>>Sure, I want a certified letter. BEFORE account suspension. Even Judicial
>>Programs, which I am no fan of, gives you a trial before you are hanged.
>
>Naw. I'd give you a certified letter telling you your account was suspended,
>why it was suspended, and what steps you could take to appeal the suspension.
>If you have committed an offence grevious enough to get your account suspended
>(note the IF), I suspect I do not have the luxury to let you poke around with
>system security.
I can say that in this case there was no system security breach. One person
was messing around, creating lots of levels of nested subdirectories to see
how deep it would go. This pissed off the system manager, apparantely because
it messed up his 'tmp' directory clearer. The guy sitting next to him (me)
was merely a known troublemaker, so he suspended that one too.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 18 Jun 1991 18:00:21 GMT
Message-Id: <1991Jun18.180021.28193@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
Subject: How to back a user into a corner
[warning: sarcasm]
Dear Mr. Advice Person,
I am a sys admin who hates having users use my computer. I enjoyed
your note on user theft of service. I think it will really come in
handy someday when I what to hide the nature and exaggerate the
seriousness of a user's offense. In the meantime, what do I do about
users who annoy me by making mistakes (like accidently running a
program with an endless loop in background) and then refusing to
grovel when I point out their mistake?
Dear User Hater,
You should do everything in your power to encourage the annoying user
to break more serious rules. Here is one course of action that has
been found to be effective:
1) Suspend the user from the computer without warning. Tell the user
that she can not be reinstated until she talks to X, who is out of
town for the week. (Your user may think that homework and email is so
important that she will find some way to access the computer. Now you
have her for theft of service!)
2) Keep the meeting very informal, that is, don't tell the user before
hand what she is accused of. Bring along a couple of your friends so
you'll outnumber her. Make no mention of the possibility of a fair,
formal hearing. Just keep saying things like "you sure are in trouble;
you could lose your computer access forever."
3) At the meeting, make the user sign a statement in which she
promises "not to break any rules" (be sure there is no comprehensive
list of rules she can refer to) and "not to type any character or
sequence of characters into the computer without prior written
consent."
4) It will be impossible for the user to stick the agreement (indeed
that is the whole point). If the user ever annoys you again by, for
example, telling people about how you handled her case (or if you are
just in a bad mood), you can bring her up on University charges of
violating the agreement and theft of service. Maybe you can even have
her expelled; that will teach her not to run programs with endless
loops!
- Mr. Advice Person
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Date: Tue, 18 Jun 1991 13:29 EDT
From: Sanjay Kapur
Subject: Re: User theft of service
Message-Id:
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>So, if the Univeristy of Illinois's computer budget is, say,
>$5,000,000 and I write an e-mail message that says that the NCSA's
>firing of a student worker was unfair and capricious, I am liable for
>$5,000,000?
No, not the whole $5,000,000. (Although I suspect that the University of
Illinois's computer budget is at least an order of magnitude larger).
You may want to ask someone exactly how much it costs to send an average
e-mail message. Include all costs (computer, systems staff, user support and
operations staff, phone line charges, disk space etc.) that are dedicated
to e-mail and divide by the total number of e-mail messages or total number of
active users.
Your e-mail message may be totally legitimate use in which case you will not
be liable for anything. It will be almost impossible to prove that the letter
about firing a student worker that you mention is not legitimate.
>
>- Carl
>--
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
>
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Tue, 18 Jun 91 14:04:14 -0400
From: meckler@tigger.jvnc.net (Nancy Nelson)
Message-Id: <9106181804.AA04653@tigger.jvnc.net>
Subject: Re: Punishment
-------------------
Newsgroups: info.academic-freedom
Path: uxc.cso.uiuc.edu!paul
From: paul@uxc.cso.uiuc.edu (Paul Pomes - UofIllinois CSO)
Subject: Re: User theft of service
Message-Id: <1991Jun18.182100.15547@ux1.cso.uiuc.edu>
Organization: University of Illinois at Urbana
References: <8D0F131700213F97@ccmail.sunysb.edu> <1991Jun18.165433.26644@eff.org>
Date: Tue, 18 Jun 1991 18:21:00 GMT
Lines: 18
comp-academic-freedom-talk-request@eff.ORG (still broken software) writes:
>So, if the Univeristy of Illinois's computer budget is, say,
>$5,000,000 and I write an e-mail message that says that the NCSA's
>firing of a student worker was unfair and capricious, I am liable for
>$5,000,000?
>
>- Carl
Carl, you're beginning to take this a tad too seriously. Why don't
you get yourself a beeper and have CRL put you in charge of m.cs for
a while? It might broaden your perspective.
/pbp
--
Paul Pomes, Computing Services Office
University of Illinois - Urbana
Email to Paul-Pomes@uiuc.edu
-------------------
Date: Tue, 18 Jun 1991 14:28 EDT
From: Sanjay Kapur
Subject: Re: Punishment
Message-Id: <013FE24350214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>
>As you well know, a user is in no position to defend a system administrator.
It depends on the user's willingness to fight the system on behalf of the
system administrator.
Also, certain users who are faculty members and University administrators are
quite powerful and can do a lot to defend a system administrator.
>--
>Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
> .sig under construction, like the rest of this campus.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Tue, 18 Jun 1991 14:33 EDT
From: Sanjay Kapur
Subject: Re: (none)
Message-Id: <01D872A8D0214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>
>Let me get this straight: A user using an account provided by the University
>to all students, for the asking, and doing things not specifically proscribed,
>can commit theft of services? How?
Normally the user is not doing anything illegitimate and therefore theft of
service is not a material issue.
Theft of service can occur in many ways, One example is:
Suppose someone uses the high speed laser printer to print out 10,000 copies
of an advertisement for their brother's restuarant.
There are certain things which may not be specifically proscribed by Computing
policy but may be proscribed by University policy and Law.
>
>--
>Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
> .sig under construction, like the rest of this campus.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Tue, 18 Jun 1991 14:40 EDT
From: Sanjay Kapur
Subject: Re: Punishment
Message-Id: <02D599A2C0214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>
>And if it wasn't against the rules to run those 10 jobs, the person is going
>to be quite upset. ESPECIALLY if his account is suspended, rather than
>just the jobs being killed. Similiarly, if there is no rule about total amount
>of printing, users are going to be justifiably upset when the sysadmin suspends
>their account because they did 'too much printing'.
>
>--
>Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
> .sig under construction, like the rest of this campus.
There is a HUMAN system administrator because not all eventualities
can be predicted and rules can not be made for every thing. You may not like
this but sometimes a system administrator has to take actions which may appear
to be arbitrary.
As a system administrator, I would rather face the wrath of one user than
three thousand users who are unable to do their work or print anything.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 16:14:01 GMT
Message-Id: <0094A4EE.68AE4440@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References: , <64596542C0214C4E@ccmail.sunysb.edu>,<1991Jun18.141827.24847@eng.umd.edu>jo
Subject: Re: Punishment
In article <1991Jun18.141827.24847@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>>Here you seem to be in disagreement with common standards of what is
>>punishment. Suspension by itself is not punishment, just like arrest in
>>itself is not punishment.
>>
>>>(the idea of protection of other users is pretty ludicrous.
>>It may be ludicrous to you, but it is highly effective.
>Like shooting suspects on sight would be effective at reducing crime.
You can get your account back. You can't get your loss of function/life
back if you're shot.
>>If a person uses someone else's account without that person's permission, the
>>person may be committing a felony. IF this is compunded with theft of
>>service, there may even be the possibility of jail. This may keep most
>>hackers away.
>
>So you take away a suspects account in order to force him into some criminal
>behavior so you can throw him in jail? Is there any wonder why the
>relationship between users and sysadmins is often adversarial?
Nobody is forcing you into criminal behavior. Knowing and fully understanding
the rules, YOU make that decision. If you break the rules, you pay.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 16:08:31 GMT
Message-Id: <0094A4ED.A3823140@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References <0094A438.BB1DE700@KING.ENG.UMD.EDU>, <1991Jun17.192647.10980@eng.umd.edu>, <0094A445.B32AC380@KING.ENG.UMD.EDU>,<1991Jun18.134736.24486@eng.umd.edu>
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: Punishment
In article <1991Jun18.134736.24486@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>>Oh? Define "illegitimate ways." Illegitmate might be breaking security. If
>>you're trying to break security on a system, why should anyone with common
>>sense allow you extra time to try to hack it?
>
>There you go, presuming guilt again. I might point out (again) that if you
>remove a users ability to do legitimate work, you give them more time, not
>less, to do hacking. Allowing sysadmins summary judgement just isn't just, and
>is power likely to be abused.
Matt, if you do not have access to the system, you can't do any work. Legit or
illegitmate. If you are worried about your school work (which allegedly you
are), then you will take the proper steps by approaching your prof and TA
and/or the Systems Administrator to restore privs. How can you hack if you
can't get onto the system, unless you'd like to spend time hacking, instead of
resolving the circumstances by which you have had your access pulled.
>>Or continue to harass users or
>>suck up system resources to the detrement of the other users on the system?
>
>Harass users? You mean like going over to their terminal and bugging them?
>Putting up X-things on their display? sending them 'talk' messages? Be
>more specific.
You've given three good examples. If another user DOES NOT want to be bothered,
then you are violating THEIR RIGHT to get their work done on time. Do you
realize that other users have the right to get their work on time as well?
>As for sucking up system resources--- you mean like disk space? Isn't that
>what quotas are? Perhaps you mean CPU time-- isn't that what priorities are
>for--- and in this case, there are less drastic measures available than
>account suspension. Same goes for printer resources. And, define 'pigging
>out'-- more than the sysadmin wants?
There are certain instances, such as with scratch disk space and CPU time,
where there is a flagent disregard for other users on the system, where account
suspension is justified. Especially if said user has received warnings, both
verbally and via e-mail, in the past. Did you receive either verbal or e-mail
warnings?
>>If he were my staff member, I'd probably back him. If you confronted him
>>physically (implying two of you, one of him), he's in a no-win situtation to
>>begin with. For all I know, he had enough authority to pull the plug on you but
>>not restore it. If he did it without proper justification, I'd tar and feather
>>him, and apologize profusely.
>
>Actually, there were two of us, two of them (and one of them was a black belt
>in martial arts...).
Oh? Did they threaten you with bodily harm? If they did, then you should have
filed a report with the campus police.
> And he came up, perhaps to confront us-- in any case,
>after he did it, we ran into each other outside the door to the lab. Sure,
>he claimed not to have the authority to restore the account. But the guy he
>referred us to claimed the same thing-- and referred us right back to the
>first guy.
Knowing the way the Center works, the first person probably didn't.
>>The Computer Science Center does have certain instructions they give to their
>>lab aiders. I don't know what they are. I'd be curious to see if someone from
>>CSC would post 'em.
>
>Don't be silly-- they wouldn't produce a copy of those at my judicial hearing,
>even after accusing me of violating some rule in them. And they finally
>admitted that users never even saw those rules.
Oh did they? A shame judicial hearing transcripts are probably sealed to
protect your rights. I'd love to get a copy of them for review.
>>Naw. I'd give you a certified letter telling you your account was suspended,
>>why it was suspended, and what steps you could take to appeal the suspension.
>>If you have committed an offence grevious enough to get your account suspended
>>(note the IF), I suspect I do not have the luxury to let you poke around with
>>system security.
>
>I can say that in this case there was no system security breach. One person
>was messing around, creating lots of levels of nested subdirectories to see
>how deep it would go. This pissed off the system manager, apparantely because
>it messed up his 'tmp' directory clearer. The guy sitting next to him (me)
>was merely a known troublemaker, so he suspended that one too.
Why were you a "known troublemaker"? That begs a level of inquiry. Were you
previously warned about your behavior, either verbally and/or via e-mail? You
weren't just randomly selected, eh?
Ahh. Mr. R., if I did something which screwed up your software and you had
previously warned me NOT to do things which would disrupt normal system
operation, what would you do?
I'm very curious. Would you have let me continue to "mess around," knowing I
may do other things to further break your software? Or would you stop me?
Now, if you don't stop me, and other users are affected, where does this put
you and the other users tomorrow?
I'll tell you. It puts you with anywhere from 1 to x-number of users bitching
about how they can't get work done because the system is munged/crashed/etc.
Now YOU have to go and fix things to make them happy.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Tue, 18 Jun 1991 19:08:35 GMT
Message-Id: <1991Jun18.190835.525@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: ,
Subject: Re: User theft of service
Sanjay Kapur and I have agreed that the cost of an illegitiate
email message is somewhere between free and $5,000,000. Let's
see if we can narrow it down a bit.
Here is my back-of-the-envelope estimate. An account on a University
computer costs between $500 and $3000 per year (for an outsider). The
average user sends somewhere between 1 and 10 email messages a day
(350 to 3500 per year). Sending email represents between 1/10 and 1/2
the cost of a system. Therefore the cost of a piece of email is
between 1.5 cents and $5.8. Hardly, a felony. - Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Message-Id: <9106182033.AA01987@eff.org>
From: TK0JUT1%MVS.CSO.NIU.EDU@UICVM.uic.edu
Subject: Re: Usenet Lawyers Again
The EFF is involved in a suit with Steve Jackson Games in Texas. They are not
"defending" the company, but litigating on its behalf in response to Secret
Service (*not* FBI) raids last year. They are alleging violations of First and
Fourth amendment rights because of BBS shut-down, equipment confiscation, and
prior restraint of a game that the SS rather oddly thought to be a "handbook
for hacking."
Additional information, including a copy of the suit, can be obtained from
either the EFF ftp or the Computer underrground Digest back issues and various
documents. They are well worth reading for a quick lesson in the dangers of
law-enforcement run amok and failures of due process.
Jim Thomas
From kadie Wed Jun 19 00:04:36 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Wed Jun 19 00:03:52 EDT 1991
In this issue:
kadie : Re: How to back a user into a corner
mojo!SYSMGR%KING.E : Re: Punishment
mojo!russotto@mims : Re: Punishment
bigd@dorsai.com (D : Re: Punishment
Neil Rickert
Organization: The Electronic Frontier Foundation
From: kadie
References: , <1991Jun18.180021.28193@eff.org>
Subject: Re: How to back a user into a corner
Here is a rewrite of my original note, less the sarcasm.
If you are a user having a run in with the local sys admin over some
minor infraction, you may be tempted to make some grand gesture. If
this gesture involves more rule infractions, don't do it.
You have a right to protest and appeal an unfair rule or punishment;
you do not have a right violate an unfair rule or punishment.
More often than not, a user is given a serious punishment not
for his or her original offense, but rather for some follow-up
infraction.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 20:49:55 GMT
Message-Id: <0094A514.F3238F60@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References <0094A4ED.A3823140@KING.ENG.UMD.EDU>, <1991Jun18.180830.27171@eng.umd.edu>, <0094A50B.71F6CC80@KING.ENG.UMD.EDU>,<1991Jun18.201834.28667@eng.umd.edu>
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: Punishment
In article <1991Jun18.201834.28667@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>>I will repeat my original question: Did you receive either verbal or e-mail
>>warnings on other occasions before your account was suspended?
>>If so, why? If there is a pattern of abuse, the suspension was justified.
>
>Nope. I recieved a threat on the general order of 'stop playing around on the
>system or we will blacklist you'-- repeated by several people at CSC. None
>would say specifically what I had done wrong. My account was suspended the
>next day for activities that allegedly took place while the lab was closed.
>(seems I was messing with someone's X-terminal at 1:00am, when the lab closed
>at midnight)
A threat? Or a warning? By your own admission, you were "messing around." How
many times did you have your account suspended?
>>>Not at that time. Later, though. But I don't report anything to the cops--
>>>they are on the University payroll, same as the sysadmin, which is a built
>>>in bias against me.
>>
>>So are your professors. Do they have a built-in bias against you? Why would you
>>go to a university which is out to get you? Fortunately, the University is a
>>more complex entity than you'd like to simplify it as. Or does posting from
>>.eng.umd.edu mean The System hasn't caught up with you yet?
>
>Your existence at .eng.umd.edu makes me wonder. Should I soon worry about it
>here? As you well know, CSC does not control .eng.umd.edu.
Why don't you ask the Sun system staff? I don't speak for them either.
>As for my professors-- sure, in any dispute between me and the sysadmins, they
>would be biased against me as well. As was Judicial Programs.
Why would a professor be prejudice against you? What does s/he know about the
situtation? I cannot help your neurosis against The System.
>>You also did not address what would happen if your role was reversed with that
>>of the system manager. I'm very curious to hear your answer.
>>
>>I doubt it will be, "Yes, I would have sat there and let someone else screw
>>the system up and suffered 1 to 20 users bitching at me the next day."
>The system manager in question couldn't get bitched at by any novice user--
How do you know? He still has to clean up after the mess you've created, either
intentionally or unintentionally. You aren't. Of course, when he screws over
YOUR work by suspending your account, you become OUTRAGED that you have no
due process and no one is protecting your rights.
This, of course, does not address the time you have cost other users, and the
time needed to fix things.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 20:18:34 GMT
Message-Id: <1991Jun18.201834.28667@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References <0094A4ED.A3823140@KING.ENG.UMD.EDU>, <1991Jun18.180830.27171@eng.umd.edu>, <0094A50B.71F6CC80@KING.ENG.UMD.EDU>
Subject: Re: Punishment
In article <0094A50B.71F6CC80@KING.ENG.UMD.EDU> sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>
>>Putting up X-things on other users display is a bad thing, true-- but doesn't
>>a teensy bit of the blame lie with the sysadmin who made all the displays
>>xhost+ by default??? (for the record, I only did it a few times, to try it
>>out-- but once it was done, lots of other people picked up on how to do it,
>>and I got blamed for it weeks later-- long after I had stopped)
>
>"Daddy should have not left the keys to the car out, so I wouldn't take it,
>so isn't it some of his fault I wrecked the car?" Nope. If you chose to do
>this, and it annoyed people, then you take the consequences, eh?
Like I said, I got blamed for actions taken by others long after I myself had
stopped. (perhaps because at times I was one of the few people NOT being
annoyed, having discovered xhost -)
>
>I will repeat my original question: Did you receive either verbal or e-mail
>warnings on other occasions before your account was suspended?
>If so, why? If there is a pattern of abuse, the suspension was justified.
Nope. I recieved a threat on the general order of 'stop playing around on the
system or we will blacklist you'-- repeated by several people at CSC. None
would say specifically what I had done wrong. My account was suspended the
next day for activities that allegedly took place while the lab was closed.
(seems I was messing with someone's X-terminal at 1:00am, when the lab closed
at midnight)
>>Not at that time. Later, though. But I don't report anything to the cops--
>>they are on the University payroll, same as the sysadmin, which is a built
>>in bias against me.
>
>So are your professors. Do they have a built-in bias against you? Why would you
>go to a university which is out to get you? Fortunately, the University is a
>more complex entity than you'd like to simplify it as. Or does posting from
>.eng.umd.edu mean The System hasn't caught up with you yet?
Your existence at .eng.umd.edu makes me wonder. Should I soon worry about it
here? As you well know, CSC does not control .eng.umd.edu.
As for my professors-- sure, in any dispute between me and the sysadmins, they
would be biased against me as well. As was Judicial Programs.
>You also did not address what would happen if your role was reversed with that
>of the system manager. I'm very curious to hear your answer.
>
>I doubt it will be, "Yes, I would have sat there and let someone else screw
>the system up and suffered 1 to 20 users bitching at me the next day."
The system manager in question couldn't get bitched at by any novice user--
I only found out he was system manager because #1, I got referred to him as
part of the runaround, and #2, I could see him running a process called -u,
and put two and two together.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
for uupsi!eff.org!comp-academic-freedom-talk
Subject: Re: Punishment
From: bigd@dorsai.com (David Shapiro)
Message-Id:
Date: Tue, 18 Jun 91 18:37:01 PDT
Organization: The Dorsai Diplomatic Mission ( Mail address : user@dorsai.com )
Sanjay, do you have any text files which describe a system administrators
duties, from some sort of official source, that you could show all of use
here on the list?
-------------------
Message-Id: <199106182345.AA24794@mp.cs.niu.edu>
Subject: Re: User theft of service
Newsgroups: info.academic-freedom
References:
Organization: Northern Illinois University
Date: Tue, 18 Jun 91 18:45:19 -0500
From: Neil Rickert
In article <1991Jun18.222848.4792@eff.org> kadie@eff.org writes:
>The problem with "theft of service" as applied to users is not that it
>doesn't fit. The problem is that one size fits all.
I remember the time, some years ago, when there was discussion of the problems
of teenagers "borrowing" cars for a joy ride. Some prosecutor suggested that
the "criminals" should be charged with theft of gasoline, since that has a
more severe penalty.
Somehow the idea never caught on. Probably because the judges and juries are
not quite as stupid as we sometimes like to think.
Likewise "theft of service" charges for trivial offenses will probably be
thrown out of court. Give some credit to intelligence.
On the other hand, if the police managed to arrest a major drug dealer, but
he skillfully destroyed the evidence, the police might well resort to a
"theft of gasoline" if they could prove that. (Look at some of the cases where
tax evasion has been used as an equivalent gimmick.)
But demanding that the exact nature of every conceivable crime be spelled
out in advance before a charge can be made is quite unrealistic. You
can only spell out the things you can think of in advance. Perhaps I can
think of 1000 pages worth. But then someone uses a computer terminal as
a trampoline, and I didn't happen to think of that one, so the perpetrator
gets off scot free. You cannot run things that way. You have to permit some
flexibility for the use of common sense and good judgement. And then you
need some review procedure to be in place to protect against abuse of that
flexibility.
--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Neil W. Rickert, Computer Science
Northern Illinois Univ.
DeKalb, IL 60115 +1-815-753-6940
-------------------
Date: Wed, 19 Jun 91 00:50 GMT
From: William Hugh Murray <0003158580@mcimail.com>
Subject:
Message-Id: <22910619005022/0003158580NB4EM@mcimail.com>
Subject: Punishment
>Resolved: Users should not be suspended or expelled from computer
>systems as punishment for computer-policy infractions.
Well, perhaps. However, users are rarely suspended as punishment. Rather,
they are suspended to restore order. In many cases there is no alternative
way to restore order. If this were the policy, it might always be the only
way.
>When punishment is motivated by a desire to set an example for others
>or as response to an hysterical fear of so-called hackers, it is often
>overly harsh.
Agreed.
>Disciplinary action should respond to the indent (sic) of
>the student and the damage caused by the student, not outside pressures
Absolutely not. Disciplinary action should be based upon the
behavior of the student. It should be based upon the behavior without
regard to intent or consequences. It should be based upon the degree of
variance from the policy.
The administrator may infer intent from the behavior, but he cannot know it.
Most students claim benign, or at least neutral, motive. (RTM was an
exception. He made no specific claim of benign intent, but it was made
on his behalf in the presence of his studied silence. Rather, he
claimed that absent proof of intent to damage (as opposed to intent to
trespass, for which the code was prima facie evidence) he should not be
punished.) The adminstrator must often act immediately; he must not
be placed in the position of having to play Solomon. He should respond
to the behavior; he can know about that.
Neither should the student be able to offer as a defense that no damage
resulted. The behavior that is proscribed by the policy is proscribed
because of its potential for damage, as judged by those responsible for
knowing. The student can rarely judge the potential damage in his
actions. (Again RTM is a case in point. He acted "with reckless
disregard" of the potential consequences, both those which he could have
reasonably predicted, and those about which he could not possibly know.)
>In developing responsible student conduct, disciplinary proceedings
>play a role substantially secondary to example, counseling, guidance,
>and admonition.
Agreed. That is why a clear, well communicated policy is important.
>For example, a written warning with a copy to the student's
>file may suffice.
Well, it may, I will let others respond to that. Does it suffice for
other student infractions, or is this just another accomodation to
otherwise outrageous student behavior? The objection to suspension is
precisely because it is effective. Suspension can be measured and
responsive to the extent of the disruptive behavior.
>Resolved: The punishment that a computer administrator can impose on a
>student should be not exceed (sic) that which an instructor can impose.
Why do I have the feeling that this resolution is proposed by a student?
Why is the issue punishment? While I can visualize vindictive
administrators imposing punishment, the administrative remedies of which
students complain are mostly remedial, not punitive. It is true that
student's accounts are suspended, but the intent is not aimed at the
student. Rather, it is aimed at restoring and preserving order. It is
simply a fact that if you tolerate such behavior for hours, you may
lose control of the system and not be able to recover it. (High school,
not college, hackers got on a system at Memorial Sloan Kettering
Institute at 17:15 on a Friday afternoon. By sometime before 8:15 on
Monday, the system was so badly contaminated that there was no
non-disruptive remedy remaining to the managers of the system.)
How about? Resolved: The remedies available to a computer system
administrator shall be comparable to (not exceed) those available to a
librarian or laboratory instructor.
If students behaved in the library the way that they do in computer
systems, you had better believe that their library privileges would be
suspended. No university or public librarian will tolerate behavior on
the part of a user that interferes with the ability of other users to
enjoy the intended benefits of the library. (If you believe otherwise,
try talking out loud in mine.)
The insistence on the part of students that their privileges
cannot be suspended because such suspension interferes with their
ability to complete assignments simply will not wash. Suspension of
library privileges would have the same effect. Those are suspended for
infractions far less disruptive to other students than the ones for
which computer privileges are suspended.
Incidentally, few universities require "library policies," though most
post rules. This is because students arrive at college with an
understanding, often learned from bitter experience with the righteous
anger of librarians, of how to behave in libraries. They seem not to
have any such ingrained or learned perception of how polite people behave in
computer systems. Some will engage in behavior there, trashing other's
work, using their work without attribution, that they would never
consider in any other environment. Administrators understand,
viscerally if not intellectually, that if they tolerate such disruptive
behavior, they are not long for this world. If they cannot protect the
majority from the rude behavior of the few, the university will find
someone who can.
I am not advocating arbitrary or permanent suspensions; I do not believe
that they are indicated or necessary. However, system administrators
have the same responsibility to maintain an orderly environment as do
librarians and laboratory instructors. A computer environment is much
more vulnerable to deviant behavior than libraries or laboratories.
That is, deviant behavior on the part of computer users has a more
wide-spread effect than the deviant behavior of library users.
Administrators of commercial systems are not having this problem; it is
primarily a university problem. It results from student hubris and it
must be curbed.
William Hugh Murray
Executive Consultant, Information System Security
to Deloitte & Touche
WMURRAY@MCIMAIL.COM
-------------------
Date: Tue, 18 Jun 1991 21:05 EDT
From: Sanjay Kapur
Subject: Re: Punishment
Message-Id: <38ADE515D0214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Sender: bigd@dorsai.com (David Shapiro)
>
>Sanjay, do you have any text files which describe a system administrators
>duties, from some sort of official source, that you could show all of use
>here on the list?
No, I do not.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 01:44:55 GMT
Message-Id:
Organization: Ohio State University Computer and Information Science
From: snorkelwacker.mit.edu!spool.mu.edu!mips!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!tut.cis.ohio-state.edu!frankenstein.cis.ohio-state.edu!jgreely@world.std.com
References: , <1991Jun18.180021.28193@eff.org>spool.
Subject: Re: How to back a user into a corner
I was going to follow-up this inane drivel with an equally sarcastic
article titled "How to drag a newsgroup into the gutter", but it's not
worth my time (it could take time away from the most *important* task
of a sysadmin: persecuting *helpless*, *innocent* users who only want
to do their own thing in their own way with someone else's resources).
"Did you hear what he called me? I
hate that! Let's sneak up to his
room later and drain all the liquid
out of his body."
--
J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely)
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 23:56:20 GMT
Message-Id: <1991Jun18.235620.1859@yenta.alb.nm.us>
Organization: yenta unix pc, rio rancho, nm
From: zaphod.mps.ohio-state.edu!maverick.ksu.ksu.edu!unmvax!bbx!yenta!lazlo@uunet.uu.net
References <1991Jun18.134736.24486@eng.umd.edu>, <0094A4ED.A3823140@KING.ENG.UMD.EDU>,<1991Jun18.180830.27171@eng.umd.edu>, <0094A50B.71F6CC80@KING.ENG.UMD.EDU>
Subject: Re: Punishment
sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>> If using 'talk' was grounds for account suspension, a whole lot of
>> people would have their account suspended.
>
> Oh? If the other party didn't want to be bothered and was not as
> computer literate as you, then talk is an abuse.
Remind me never to use a system you run, Doug. Your definition of "abuse"
is ridiculous -- if someone doesn't know how to use "mesg" to shut off
unwanted chat pages, and they come to you to complain, you're going to
accuse the person issuing the chat pages of "abuse" instead of just
telling the "victim" how to use mesg to turn them off? Please. That's
like accusing me of harrassment if I keep trying to reach someone on the
phone and they don't know what that annoying ringing sound is.
>> Putting up X-things on other users display is a bad thing, true-- but
>> doesn't a teensy bit of the blame lie with the sysadmin who made all
>> the displays xhost+ by default???
>
> "Daddy should have not left the keys to the car out, so I wouldn't take
> it, so isn't it some of his fault I wrecked the car?" Nope. If you
> chose to do this, and it annoyed people, then you take the consequences,
> eh?
At one time or another, Daddy probably made it pretty clear that Junior
wasn't supposed to take the car without permission. In situations like
the above, if there isn't a specific policy against sending crap to
peoples' displays then you as a sysadmin have no right to get bent out of
shape when people start doing it. Change the rules, let everybody know
about them, and *lock the doors behind you when you leave*. Leaving xhost+
on a system where people are likely to be annoyed by noise on their
displays is very sloppy security -- if you're really interested in keeping
things running smooth for the majority of the users, then you'll have
permissions set to disallow it in the first place.
Lazlo (lazlo@triton.unm.edu)
------------------------------------------------------------------------------
STUDIO NIBBLE -- "America's Favorite Lunchtime Snack"
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Wed, 19 Jun 1991 03:01:47 GMT
Message-Id: <1991Jun19.030147.10177@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: , <1991Jun18.180021.28193@eff.org>, <1991Jun18.225345.5510@eff.org>
Subject: Re: How to back a user into a corner
Here is more (sarcasmless) advice for users.
If you want a positive outcome from a piece of e-mail, don't be obtuse
and don't use sarcasm. What you write, will not be what the recipient
reads.
For example, in a recent note, I meant to write:
"A good computer policy helps users know what is and is not
permissible. The concept of 'theft of service' is so vague that
confuses rather than helps users."
Many people read:
"All sys admin are scum out to screw users."
In another note, I meant to write:
"Both users and sys admins should work to keep small problems small. A
policy enforcement system that is perceived as fair will help."
Many people read:
"All sys admin are scum out to screw users".
Here is another piece of advice. When miscommunications occurs, don't
blame the reader. Just apologize (and I do), I hope that there will
be no hard feelings. [I still testing this last piece of advice.]
- Carl
p.s. The following is meant as joke. I just can't help myself.
----------------BEGIN JOKE-------------------
Remember there is no reason for users and sys admins to be advisaries.
After all, everyone knows the real enemy is university administrators.
----------------END JOKE---------------------
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Date: Tue, 18 Jun 1991 23:25 EDT
From: Sanjay Kapur
Subject: Re: How to back a user into a corner
Message-Id: <4C434FD6B0214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Here is more (sarcasmless) advice for users.
>
>If you want a positive outcome from a piece of e-mail, don't be obtuse
>and don't use sarcasm. What you write, will not be what the recipient
>reads.
I agree.
>Here is another piece of advice. When miscommunications occurs, don't
>blame the reader. Just apologize (and I do), I hope that there will
>be no hard feelings. [I still testing this last piece of advice.]
I am at times guilty of miscommunications and I also apologize for those
times.
>--
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
>
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
From kadie Thu Jun 20 00:09:31 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: RO
Computers and Academic Freedom mailing list (batch edition)
Thu Jun 20 00:07:00 EDT 1991
In this issue:
zaphod.mps.ohio-st : Re: Have you walked the proverbial
bzs@world.std.com : Re: publicly-readable "adult" gifs (was Re: Ohio State Un
"Gerry Santoro - C : Re: Punishment
Sanjay Kapur
Organization: The Leaning Tower of Patterson Office @ The Univ. of KY
From: zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!lll-winken!iggy.GW.Vitalink.COM!widener!ukma!sean@uunet.uu.net
References: , <1991Jun18.214726.15504@ms.uky.edu>te.
Subject: Re: Have you walked the proverbial mile?
I think what it boils down to is that the people on the machine are
divided. Some hold power over the others. When the (effectively)
powerless are affected by the decisions of those in power, they want
to know that those in power are not acting arbitrarily.
Systems administrators are responsible for ensuring the utility of the
system. Users are responsible for the tasks to which they have been
assigned.
Neither should be allowed to adversely affect others arbitrarily.
That's why we need rules and rights for both administrators and users.
Not all users are reasonable and fair, and neither are all
administrators.
----------
Here's one of my experiences with piss-poor administration:
In a low level class at the University of Kentucky, to make the job of
compiling and editing my Pascal program easier, I had spent some time
learning the shell language for PRIMOS. I developed a few shell
scripts, and in doing so, I had used about double the connect time
that other people had used. My account automatically shut down because
it was out of resources.
When I asked my TA for more time so I could complete my project, he
said no, I'd have to speak to the person in charge of accounts. I saw
professor Dave Brown. He said "Let's take a look at your account." and
proceeded to use his privileges to look through all my files while I
stood there watching him.
He raked me over the coals, told me not to do any more hacking, to
stick to Pascal, and that if I used any more excessive connect time
that I wouldn't be given any more. I was too afraid to say anything,
and I walked out feeling like I had been raped.
Have you ever read any EFF "Friend of the Court" briefs? They
sometimes talk about the "chilling effect" of overbroad laws. Well
that's what I was, "chilled." I was afraid to be curious, to explore
and learn. My education, at least temporarily, was stunted by this
man's threats, for I could have learned significantly more than the
precise curriculum of the class. Nor was I using large amounts of
resources; I was tying up a terminal, yes, but I never saw them all in
use except the night before projects were due.
That was several years ago. If it happened today, I'd have told him
off and good, talked to the Dean of the Computer Science department,
the Dean of Students, and the Academic Ombudsman. I'd explain how this
administrator was acting contrary to the goals of the University. I'd
also have contacted my professor, and most likely the President of the
University (boy if David Roselle were President then, he'd have been
steamed at Brown's actions).
There was no due process then, just Brown's attitude. A little bit of
rules and rights then (and my awareness of it) would have gone a long
way.
I know Wes, and we've both worked under the weight of a chilling
administration. Now we're both administrators ourselves, and he's as
fair as they get. Unfortunately, all administrators are not as
reasonable and fair. When that happens we need a sensible system to
determine what may and may not be done.
Sean
--
** Sean Casey
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Mon, 17 Jun 1991 05:55:29 GMT
Message-Id:
Organization: The World
From: bzs@world.std.com
References david@uhunix.uhcc.Hawaii.EDU, (David, Lassner)
Subject: Re: publicly-readable "adult" gifs (was Re: Ohio State University CIS Policies)
Re: libraries subscribing to sexually explicit magazines.
When I was at Cornell (early 70's) I was surprised to see that the
library subscribed to and had extensive collections of these
magazines. One day I asked a librarian friend of mine (an older fellow
who had been at Cornell many years) why? He looked at me sort of
flabbergasted and said "because we have ``everything''".
Well, it is one of the largest library collections in the world.
I guess it's all a matter of perspective (and needless to say I was
impressed by his answer.) There's a moral lesson in there somewhere.
One person's "smut" is another's critical reference material.
I believe the govt funds a few libraries to keep such collections
(redundancy) just in case they need them. As an example, for a
criminal or other investigation.
Imagine if you, as an investigator, found out that the only photo of
some person you were seeking appeared in an explicit magazine, but no
library had a copy and there were no other (reasonable) way to obtain
a copy, the publisher long gone etc.
One could imagine other, non-prurient justifications.
--
-Barry Shein
Software Tool & Die | bzs@world.std.com | uunet!world!bzs
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
-------------------
Message-Id: <9106171802.AA03058@eff.org>
From: "Gerry Santoro - CAC/PSU 814-863-4356"
Subject: Re: Punishment
-- 17 Jun 91 14:17:25 GMT
>In article <9106151901.AA12984@eff.org>, junger@cwru.cwru.EDU writes:
>>
>Actually, let's consider things from the SYSTEM ADMINISTRATOR's viewpoint.
>Don't they have rights and responsibilities too? One of the responsibilities
>they are charged with is keeping the "system" running and available for all
>users.
>
It can be even worse than this. Although the law is not evry clear there
is some precedence to the frightening fact that a system administrator
can be held liable for illegal activities done from her/his system. This
is particularly possible for cases where a system on a network (such as
the Internet) is used as a vehicle for trying to break into other
systems.
-------------------------------------------------------------------------------
| | gerry santoro, ph.d. --- center for academic computing | |
| -(*)- penn state university -- gms@psuvm.psu.edu -- gms@psuvm.bitnet -(*)- |
| | standard disclaimer --> "I yam what I yam" | |
-------------------
Date: Mon, 17 Jun 1991 19:37 EDT
From: Sanjay Kapur
Message-Id: <6320F4AC10214C4E@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Sender: mojo!russotto@mimsy.umd.edu
>That was for account suspensions due to the system adminstrator suspecting
>a third party breaking into the account, not to legitmate users using their
>account in illegitimate ways.
Using an account in illegitimate ways is theft of service, pure and simple.
It is extremely irresponsible for a system administrator to not stop theft.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Tue, 18 Jun 91 14:04:14 -0400
From: meckler@tigger.jvnc.net (Nancy Nelson)
Message-Id: <9106181804.AA04653@tigger.jvnc.net>
Subject: Re: Punishment
-------------------
Date: Tue, 18 Jun 1991 13:29 EDT
From: Sanjay Kapur
Subject: Re: User theft of service
Message-Id:
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>So, if the Univeristy of Illinois's computer budget is, say,
>$5,000,000 and I write an e-mail message that says that the NCSA's
>firing of a student worker was unfair and capricious, I am liable for
>$5,000,000?
No, not the whole $5,000,000. (Although I suspect that the University of
Illinois's computer budget is at least an order of magnitude larger).
You may want to ask someone exactly how much it costs to send an average
e-mail message. Include all costs (computer, systems staff, user support and
operations staff, phone line charges, disk space etc.) that are dedicated
to e-mail and divide by the total number of e-mail messages or total number of
active users.
Your e-mail message may be totally legitimate use in which case you will not
be liable for anything. It will be almost impossible to prove that the letter
about firing a student worker that you mention is not legitimate.
>
>- Carl
>--
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
>
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 18 Jun 91 16:08:31 GMT
Message-Id: <0094A4ED.A3823140@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References <0094A438.BB1DE700@KING.ENG.UMD.EDU>, <1991Jun17.192647.10980@eng.umd.edu>, <0094A445.B32AC380@KING.ENG.UMD.EDU>,<1991Jun18.134736.24486@eng.umd.edu>
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: Punishment
In article <1991Jun18.134736.24486@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>>Oh? Define "illegitimate ways." Illegitmate might be breaking security. If
>>you're trying to break security on a system, why should anyone with common
>>sense allow you extra time to try to hack it?
>
>There you go, presuming guilt again. I might point out (again) that if you
>remove a users ability to do legitimate work, you give them more time, not
>less, to do hacking. Allowing sysadmins summary judgement just isn't just, and
>is power likely to be abused.
Matt, if you do not have access to the system, you can't do any work. Legit or
illegitmate. If you are worried about your school work (which allegedly you
are), then you will take the proper steps by approaching your prof and TA
and/or the Systems Administrator to restore privs. How can you hack if you
can't get onto the system, unless you'd like to spend time hacking, instead of
resolving the circumstances by which you have had your access pulled.
>>Or continue to harass users or
>>suck up system resources to the detrement of the other users on the system?
>
>Harass users? You mean like going over to their terminal and bugging them?
>Putting up X-things on their display? sending them 'talk' messages? Be
>more specific.
You've given three good examples. If another user DOES NOT want to be bothered,
then you are violating THEIR RIGHT to get their work done on time. Do you
realize that other users have the right to get their work on time as well?
>As for sucking up system resources--- you mean like disk space? Isn't that
>what quotas are? Perhaps you mean CPU time-- isn't that what priorities are
>for--- and in this case, there are less drastic measures available than
>account suspension. Same goes for printer resources. And, define 'pigging
>out'-- more than the sysadmin wants?
There are certain instances, such as with scratch disk space and CPU time,
where there is a flagent disregard for other users on the system, where account
suspension is justified. Especially if said user has received warnings, both
verbally and via e-mail, in the past. Did you receive either verbal or e-mail
warnings?
>>If he were my staff member, I'd probably back him. If you confronted him
>>physically (implying two of you, one of him), he's in a no-win situtation to
>>begin with. For all I know, he had enough authority to pull the plug on you but
>>not restore it. If he did it without proper justification, I'd tar and feather
>>him, and apologize profusely.
>
>Actually, there were two of us, two of them (and one of them was a black belt
>in martial arts...).
Oh? Did they threaten you with bodily harm? If they did, then you should have
filed a report with the campus police.
> And he came up, perhaps to confront us-- in any case,
>after he did it, we ran into each other outside the door to the lab. Sure,
>he claimed not to have the authority to restore the account. But the guy he
>referred us to claimed the same thing-- and referred us right back to the
>first guy.
Knowing the way the Center works, the first person probably didn't.
>>The Computer Science Center does have certain instructions they give to their
>>lab aiders. I don't know what they are. I'd be curious to see if someone from
>>CSC would post 'em.
>
>Don't be silly-- they wouldn't produce a copy of those at my judicial hearing,
>even after accusing me of violating some rule in them. And they finally
>admitted that users never even saw those rules.
Oh did they? A shame judicial hearing transcripts are probably sealed to
protect your rights. I'd love to get a copy of them for review.
>>Naw. I'd give you a certified letter telling you your account was suspended,
>>why it was suspended, and what steps you could take to appeal the suspension.
>>If you have committed an offence grevious enough to get your account suspended
>>(note the IF), I suspect I do not have the luxury to let you poke around with
>>system security.
>
>I can say that in this case there was no system security breach. One person
>was messing around, creating lots of levels of nested subdirectories to see
>how deep it would go. This pissed off the system manager, apparantely because
>it messed up his 'tmp' directory clearer. The guy sitting next to him (me)
>was merely a known troublemaker, so he suspended that one too.
Why were you a "known troublemaker"? That begs a level of inquiry. Were you
previously warned about your behavior, either verbally and/or via e-mail? You
weren't just randomly selected, eh?
Ahh. Mr. R., if I did something which screwed up your software and you had
previously warned me NOT to do things which would disrupt normal system
operation, what would you do?
I'm very curious. Would you have let me continue to "mess around," knowing I
may do other things to further break your software? Or would you stop me?
Now, if you don't stop me, and other users are affected, where does this put
you and the other users tomorrow?
I'll tell you. It puts you with anywhere from 1 to x-number of users bitching
about how they can't get work done because the system is munged/crashed/etc.
Now YOU have to go and fix things to make them happy.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Message-Id: <9106182033.AA01987@eff.org>
From: TK0JUT1%MVS.CSO.NIU.EDU@UICVM.uic.edu
Subject: Re: Usenet Lawyers Again
The EFF is involved in a suit with Steve Jackson Games in Texas. They are not
"defending" the company, but litigating on its behalf in response to Secret
Service (*not* FBI) raids last year. They are alleging violations of First and
Fourth amendment rights because of BBS shut-down, equipment confiscation, and
prior restraint of a game that the SS rather oddly thought to be a "handbook
for hacking."
Additional information, including a copy of the suit, can be obtained from
either the EFF ftp or the Computer underrground Digest back issues and various
documents. They are well worth reading for a quick lesson in the dangers of
law-enforcement run amok and failures of due process.
Jim Thomas
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 03:39:16 GMT
Message-Id: <1991Jun19.033916.15559@ms.uky.edu>
Organization: The Leaning Tower of Patterson Office @ The Univ. of KY
From: zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!lll-winken!iggy.GW.Vitalink.COM!widener!ukma!sean@uunet.uu.net
References: , <1991Jun18.214726.15504@ms.uky.edu>te.
Subject: Re: Have you walked the proverbial mile?
I think what it boils down to is that the people on the machine are
divided. Some hold power over the others. When the (effectively)
powerless are affected by the decisions of those in power, they want
to know that those in power are not acting arbitrarily.
Systems administrators are responsible for ensuring the utility of the
system. Users are responsible for the tasks to which they have been
assigned.
Neither should be allowed to adversely affect others arbitrarily.
That's why we need rules and rights for both administrators and users.
Not all users are reasonable and fair, and neither are all
administrators.
----------
Here's one of my experiences with piss-poor administration:
In a low level class at the University of Kentucky, to make the job of
compiling and editing my Pascal program easier, I had spent some time
learning the shell language for PRIMOS. I developed a few shell
scripts, and in doing so, I had used about double the connect time
that other people had used. My account automatically shut down because
it was out of resources.
When I asked my TA for more time so I could complete my project, he
said no, I'd have to speak to the person in charge of accounts. I saw
professor Dave Brown. He said "Let's take a look at your account." and
proceeded to use his privileges to look through all my files while I
stood there watching him.
He raked me over the coals, told me not to do any more hacking, to
stick to Pascal, and that if I used any more excessive connect time
that I wouldn't be given any more. I was too afraid to say anything,
and I walked out feeling like I had been raped.
Have you ever read any EFF "Friend of the Court" briefs? They
sometimes talk about the "chilling effect" of overbroad laws. Well
that's what I was, "chilled." I was afraid to be curious, to explore
and learn. My education, at least temporarily, was stunted by this
man's threats, for I could have learned significantly more than the
precise curriculum of the class. Nor was I using large amounts of
resources; I was tying up a terminal, yes, but I never saw them all in
use except the night before projects were due.
That was several years ago. If it happened today, I'd have told him
off and good, talked to the Dean of the Computer Science department,
the Dean of Students, and the Academic Ombudsman. I'd explain how this
administrator was acting contrary to the goals of the University. I'd
also have contacted my professor, and most likely the President of the
University (boy if David Roselle were President then, he'd have been
steamed at Brown's actions).
There was no due process then, just Brown's attitude. A little bit of
rules and rights then (and my awareness of it) would have gone a long
way.
I know Wes, and we've both worked under the weight of a chilling
administration. Now we're both administrators ourselves, and he's as
fair as they get. Unfortunately, all administrators are not as
reasonable and fair. When that happens we need a sensible system to
determine what may and may not be done.
Sean
--
** Sean Casey
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Wed, 19 Jun 1991 14:59:57 GMT
Message-Id: <1991Jun19.145957.15305@magnus.acs.ohio-state.edu>
Organization: The Ohio State University
From: zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!dysart@uunet.uu.net
Subject: Baselines
With regards to the discussion on users and system administrators, let's
get things in perspective.
1. The computer is owned by the university. It is the university's
property. Therefore, the university has the authority to set
whatever limits it so chooses on the use of the computer.
2. The university hires a systems administrator to run the computer
system. If the university has a formalized policy for use of
the computer, then the system administrator's job is (among many
other things) to enforce this policy. If the university does not
have a formalized policy, then the system administrator is generally
expected to be a benevolent dictator.
3. When a student registers for a class (s)he and the university actually
enter into a contractual obligation, where, in the case of computer
related coursework, the University agrees to provide the computer
service to the student.
4. If a policy exists that says every student is allowed an account on
the system, and specifies certain limitations such as not reading
other people's files, etc., and the system administrator's job is to
enforce this formal policy; then what is (s)he supposed to do if a
user finds a way to abuse (in the honest opinion of the system
administrator) the system in a manner not prohibited by the policy?
NOTE: In real life, individuals and corporations ALWAYS look for
loopholes in the law and gleefully take advantage of them, even
though such behavior may (and probably is) detrimental to society
or the environment. However, because the actions are not prohibited,
the police (or executive branch) HAVE NO AUTHORITY to intervene
unless and until the legislature decides to make such activities
illegal.
I can understand that a system administrator might have to take action to
protect the system, but such action ought to be separate from user punishment.
For example, if a user hogs temporary disk space, the sys admin could just
delete the offending file, if the policy stated that files in temporary areas
are subject to automatic or manual removal without notice for system performance
reasons. If a users exploits a previously unknown security hole, that is
pretty clear because he is invading other users accounts or the operating
system itself. On the other hand, if the policy states that the computer
system is for general use, and a user produces massive printer output, then
the user has not violated any rule and must not be subject to punishment.
A proper policy alternative would be to charge real money for printing in
excess of a certain amount.
In Ohio, at least, denying access to a computer (without proper authority)
is a felony THE SAME AS theft of service. One could argue that if a systems
administrator denies a legitimate user access to his account, preventing him
from fullfilling course requirements, when the user has committed no rules
violation or otherwise committed no computer crime, but has merely somehow
annoyed the system administrator, that the sys admin has gone beyond the
scope of authority conferred upon him by the University and is thereby actually
committing a felony.
--
Mitch Dysart
dysart@magnus.acs.ohio-state.edu
-------------------
Date: Wed, 19 Jun 1991 11:52 EDT
From: Sanjay Kapur
Subject: Re: Baselines
Message-Id:
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>
>In Ohio, at least, denying access to a computer (without proper authority)
>is a felony THE SAME AS theft of service. One could argue that if a systems
>administrator denies a legitimate user access to his account, preventing him
>from fullfilling course requirements, when the user has committed no rules
>violation or otherwise committed no computer crime, but has merely somehow
>annoyed the system administrator, that the sys admin has gone beyond the
>scope of authority conferred upon him by the University and is thereby actually
>committing a felony.
>--
As you said, one could argue and make a pretty good argument that a system
administrator denying a legitimate user access for no good reason may
constitute a felony. Fortunately, a systems administrator would be
covered by "executive immunity", the same that the police have when they arrest
the wrong person or charge a person with a crime the person has not committed.
>
>Mitch Dysart
>dysart@magnus.acs.ohio-state.edu
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
From: William W. Arnold
Message-Id: <9106191634.AA21763@cabell.vcu.edu>
Subject: Re: Baselines
Date: Wed, 19 Jun 91 12:34:49 EDT
X-Mailer: ELM [version 2.3 PL11]
Sanjay.Kapur@sunysb.edu writes ---
>constitute a felony. Fortunately, a systems administrator would be
>covered by "executive immunity", the same that the police have when they arrest
>the wrong person or charge a person with a crime the person has not committed.
> Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
>
Won't work. "Executive immunity" (that's the wrong term, but I can't
remember the correct one) is a specific law that applies only to police,
and other law enforcement bodies, and also specifies that they are held to
a higher standard of behavior. This is part of the basis for the
exclusinary rule. (ie. If you make a citizens arrest, you are liable if
you have the wrong person, but if you don't have probable cause, and in
the act of arresting the person you find evidence that proves the crime,
It is usually not possible for the defending attorney to throw out the
evidence on the grounds that you didn't have probably cause.) A similar
law holds for "common carriers" in regards to their liabilities.
/------------------------------\ /----------------------------------\
| William W. Arnold | Is the universe an accident, |
| has8wwa@cabell.vcu.edu | a mistake, or did someone |
| warnold@gnu.ai.mit.edu | do it to us on purpose? |
| someone.else@someplace.else | --ME-- |
\------------------------------/ \----------------------------------/
-------------------
id AA07072; Wed, 19 Jun 91 11:34:42 CDT
Message-Id: <9106191634.AA07072@hsvaic.boeing.com>
Date: Wed, 19 Jun 1991 10:42:05 -0600
From: Scott Hinckley
Subject: Misplaced/Nonexistant Subject lines
I have recently been getting scores of messages from this list with no
subject line, or a misplaced subject line.
It seems that someone's mailer(s) are putting a blank line between the
message header and the subject line. A blank line is the signal for
end-of-header. Therefore most mailers won't pick up the subject.
Is this a problem with the forwarding system or individual mailers?
Please put descriptive subject lines in your postings!
Thank you,
<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>
VOICENET:Scott Hinckley |USnail:110 Pine Ridge Road #608 Huntsville Al35801
ATTNET : (205)461-2073 ^^^^^ as in as slow as a
Internet:scott@hsvaic.boeing.com
UUCP:..!uw-beaver!bcsaic!hsvaic!scott
DISCLAIMER: All contained herein are my opinions, they do not represent the
opinions or feelings of Boeing or its management.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 14:31:51 GMT
Message-Id: <1991Jun19.143151.10268@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <8D0F131700213F97@ccmail.sunysb.edu>, <1991Jun18.182100.15547@ux1.cso.uiuc.edu>ssotto
Subject: Re: User theft of service
In article <1991Jun18.182100.15547@ux1.cso.uiuc.edu> Paul-Pomes@uiuc.edu writes:
>
>Carl, you're beginning to take this a tad too seriously. Why don't
>you get yourself a beeper and have CRL put you in charge of m.cs for
>a while? It might broaden your perspective.
Have someone accuse you of theft of services provided by the university to its
students for free, and you might start taking things fairly seriously
yourself.
"Theft of Services" seems to be the computer system administrators equivalent
of "conduct reflecting poorly on the university"-- the catch-all when you
can't find anything specific to accuse the user of.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 15:15:43 GMT
Message-Id: <1991Jun19.151543.11010@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <1991Jun18.180021.28193@eff.org>, cnc
Subject: Re: How to back a user into a corner
In article J Greely writes:
>worth my time (it could take time away from the most *important* task
>of a sysadmin: persecuting *helpless*, *innocent* users who only want
>to do their own thing in their own way with someone else's resources).
Which they pay a substantial amount to use...
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 15:29:16 GMT
Message-Id: <0094A5B1.52726440@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References: , <8D0F131700213F97@ccmail.sunysb.edu>, <1991Jun18.182100.15547@ux1.cso.uiuc.edu>,<1991Jun19.143151.10268@eng.umd.edu>ims
Subject: Re: User theft of service
In article <1991Jun19.143151.10268@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>In article <1991Jun18.182100.15547@ux1.cso.uiuc.edu> Paul-Pomes@uiuc.edu writes:
>>
>>Carl, you're beginning to take this a tad too seriously. Why don't
>>you get yourself a beeper and have CRL put you in charge of m.cs for
>>a while? It might broaden your perspective.
>
>Have someone accuse you of theft of services provided by the university to its
>students for free, and you might start taking things fairly seriously
>yourself.
Oh? I thought you freely admitted you had acquired multiple accounts under
false pretenses (ie: other names). If being provided with an account is a
service, and you take more than one account (accounts provided and paid for by
every student with their computing fee), you are stealing from someone.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 14:47:36 GMT
Message-Id: <0094A5AB.801927E0@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References: , <9106181752.AA01458@tillicum.frame.com>du
Subject: Re: Computers and Academic Freedom mailing list (batch edition)
In article <9106181752.AA01458@tillicum.frame.com>, cgh@frame.COM (Grant Hogarth) writes:
>Sanjay Kapur says:
>
>Sanjay also says (in a subsequent post):
>
>>Using an account in illegitimate ways is theft of service, pure and simple.
>>It is extremely irresponsible for a system administrator to not stop theft.
>
>Sorry, wrong (by degree) again!
>2) Sysadmins are not officers of the law. (in most cases). Theft is a crime.
> Sysadmins are responsible for controlling inappropriate use of resources
> (A fuzzy area, indeed), but "theft" should be used cautiously, and referred
> to appropriate authorities.
You can also steal phone calls if you are so creative. This too is defined
as "theft of services." Now, in a large corporation, such as a University, you
can choose to take care of the matter internally. If it is a very expensive
matter, then you can take care of it externally.
>Two questions:
>
>1) To (Doug Mohney): What is/are "Diamondback" ?
> (other than a common name for a type of poisonous snake common to North America.)
The "Diamondback" refers to the campus newspaper. Mr. Russatto has stated that
his life has been threatened, he has been harassed without cause, and been
given the runaround. Sounds like a great news story to me.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 15:09:32 GMT
Message-Id: <1991Jun19.150932.10836@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <1991Jun18.214726.15504@ms.uky.edu>te.
Subject: Re: Have you walked the proverbial mile?
In article <1991Jun18.214726.15504@ms.uky.edu> morgan@ms.uky.edu (Wes Morgan) writes:
>
>If you spent some time with a system administrator, you'd learn that
>we're usually too busy to waste time persecuting individual users.
I know that sysadmins DO persecute individual users, based upon a perception
(real or imagined) that if that individual user is gotten rid of, the sysadmins
work load will go way down. For instance, after I had gotten my account back
at one point (it was soon to be taken away again-- later at the judicial
hearing they claimed that they had never restored it, and that someone has
hacked the system and restored ALL disabled accounts), I kept finding the
sysadmin logged into the workstation I was using (these are vaxstations, and
that action is rather unusual). I got a bit sick of the eyes on the back of
my neck, so I created a directory called private, priviliges 700, with a file
called 'xspy.c', containing a few printf's telling the system administrator
to stop poking around in my files. The admin came running up, angry,
about 10 minutes later, and asked me what 'xspy' did. I told him that he
obviously knew what it did, he had been poking around in my files. He said
that I was a troublemaker and had to be watched constantly.
> It
>takes a certain skill to juggle the needs of thousands of users. While
>you may have had problems with one or two of us, don't start issuing
>blanket condemnations until you've walked that mile in our shoes.
Nobody has ever offered me the job. And I'm certainly not the type for it,
if the sysadmins described by users in this group, and even some of the
sysadmins in the group, are typical. Having been treated summarily by
sysadmins, I don't think I could suspend an account indefinitely just to
cover my rear end.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 15:21:41 GMT
Message-Id: <0094A5B0.430F9960@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References <1991Jun18.134736.24486@eng.umd.edu>, <0094A4ED.A3823140@KING.ENG.UMD.EDU>,<1991Jun18.180830.27171@eng.umd.edu>, <0094A50B.71F6CC80@KING.ENG.UMD.EDU>,<1991Jun18.235620.1859@yenta.alb.nm.us>
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: Punishment
In article <1991Jun18.235620.1859@yenta.alb.nm.us>, lazlo@yenta.alb.nm.us (Lazlo Nibble) writes:
>sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>
>>> If using 'talk' was grounds for account suspension, a whole lot of
>>> people would have their account suspended.
>>
>> Oh? If the other party didn't want to be bothered and was not as
>> computer literate as you, then talk is an abuse.
>
>Remind me never to use a system you run, Doug. Your definition of "abuse"
>is ridiculous -- if someone doesn't know how to use "mesg" to shut off
>unwanted chat pages, and they come to you to complain, you're going to
>accuse the person issuing the chat pages of "abuse" instead of just
>telling the "victim" how to use mesg to turn them off? Please.
I guess other individuals on the system have no rights, other than what other
users allow them by your stance. That's amusing.
> That's
>like accusing me of harrassment if I keep trying to reach someone on the
>phone and they don't know what that annoying ringing sound is.
If you keep ringing the phone for 40 minutes, I'd call that harassment. There
are laws for harassing phone calls. Or obscene phone calls.
>> "Daddy should have not left the keys to the car out, so I wouldn't take
>> it, so isn't it some of his fault I wrecked the car?" Nope. If you
>> chose to do this, and it annoyed people, then you take the consequences,
>> eh?
>
>At one time or another, Daddy probably made it pretty clear that Junior
>wasn't supposed to take the car without permission.
> In situations like
>the above, if there isn't a specific policy against sending crap to
>peoples' displays then you as a sysadmin have no right to get bent out of
>shape when people start doing it. Change the rules, let everybody know
>about them, and *lock the doors behind you when you leave*.
Ah. The typical "the doors are unlocked, so I have the right to do whatever I
want to your house" arguement. Sure. Try it. Now if I call the police and they
arrest you for tresspassing you can go before the judge and scream and whine
all you want but you're still going to jail.
There are certain norms of behavior which are not tolerated. There's probably
not a specific law about you shining a laser into the windows of my office,
but it's obnoxious as hell and you should know better.
> Leaving xhost+
>on a system where people are likely to be annoyed by noise on their
>displays is very sloppy security -- if you're really interested in keeping
>things running smooth for the majority of the users, then you'll have
>permissions set to disallow it in the first place.
Poor locks on a house do not give you the right to take your credit card to
jimmy the doors and crash for the night there. Sure. "Your honor, the locks
were so cheap I just had to break into the complex to make everyone
understand..."
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 14:51:02 GMT
Message-Id: <1991Jun19.145102.10575@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References , <1991Jun17.143127.7897@eng.umd.edu>, <1991Jun18.205420.4643@ms.uky.edu>md.
Subject: Re: Punishment
In article <1991Jun18.205420.4643@ms.uky.edu> morgan@ms.uky.edu (Wes Morgan) writes:
>Oh, I see. If the user dodges my office, ignores his electronic mail, and
>doesn't return my phone messages, I should just automatically undo my sus-
>pension of his account? Right. Sure. Uh-huh.
Don't like the shoe on the other foot? I've had system administrators who
ignore phone calls, refuse to schedule a meeting (except when I'm in class),
and naturally, I couldn't send email legitimately. Leaving an account
suspended is a lot more damaging to a user than unsuspending it is to a
system administrator-- or are you saying that your system is so insecure that
anyone with an account could damage it at will, whereas someone without an
account could do nothing?
>You've spoken of getting "the runaround" when trying to deal with the
>administration of your site. Have you ever tried to contact a student
>during the day? It can be next to impossible. I, on the other hand,
>am in the same office each and every day.
Behind locked doors, in the case of the sysadmin I speak of.
>Having said that, let's move on to the crux of the discussion.
>
>If I ever had to suspend a user, I'd probably follow a procedure like this:
> - Lock the account; all the user sees on login is a message
> to get in touch with me.
And then make yourself unavailable to that student. That's the way sysadmins
work around here.
> - If, after one or two days, the student does not contact me, I will try
> to contact him via telephone. If the student has an address
> listed in the student directory, I'd send a memo to him, asking him
> to get in touch with me. The login remains suspended.
Naa, why bother-- the problem is solved, the student is suspended.
> - If, after another few days, the user doesn't contact me, I would
> send a copy of the memo to the Chairman of the student's department,
> explaining why the user was suspended and that the student has not
> been in touch with me after repeated attempts at contact. I would
> request that the Department forward my memo to the student. I would
> inform the Chairman that the login would remain suspended until I met
> with the student.
Why bother-- this might provoke a hostile reaction from the chairman, and
you might have to actually explain your actions.
> - The login remains suspended until I have a meeting with the student.
Who you make yourself unavailable to, and should he happen upon you, you claim
that you don't have the authority to restore the account and refer the student
to someone else who isn't available.
>If computing resources are an important asset to the user, he will make
>the effort to contact me. The user's willful inaction is not sufficient
>cause for me to remove my suspension of his access. If he wants his login
>restored, he has to talk to me. If I am to successfully manage the system,
>it cannot work any other way.
You must wield absolute power? Sorry, I certainly can't accept that.
>If you have an option that does not include automatic release of suspension,
>I'd like to hear it.
Sure-- no suspension at all without a formal hearing.
>ps> As far as hearings go, I think that it is a disservice to the other
> users of the system to take up large chunks of my time with default
> hearings.
I'm sure cops think it is a disservice to the public to waste their time in
court too.
> If the user has made the effort to contact me and discuss
> his problem without satisfaction, I am perfectly willing to defend my
> actions in a hearing. Forcing an initial hearing is timeconsuming and,
> in most cases, overkill.
Only if the sysadmin is a reasonable person and not a mindless burecrat who
simply wants to make his job easier. Reasonable sysadmins cannot be assumed.
> The "right of appeal" is fine, but at least
> give me a chance to talk to the person face-to-face first.
If you avoiding that talk means the student has no recourse, no way.
> As I've
> said several times, I have yet to run into a user problem that wasn't
> settled over a soda in 10 minutes. Of course, users are always able
> to discuss the matter with my boss.
If they can find out who he is-- standard tactics around here is that if
someone asks for a staff members supervisor, they send them horizontally or
to a subordinate-- that's all part of the runaround.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 15:28:17 GMT
Message-Id: <1991Jun19.152817.11174@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <22910619005022.0003158580NB4EM@mcimail.com>in
Subject: Re: (none)
In article <22910619005022.0003158580NB4EM@mcimail.com> 0003158580@mcimail.COM (William Hugh Murray) writes:
>Subject: Punishment
>
>>Resolved: Users should not be suspended or expelled from computer
>>systems as punishment for computer-policy infractions.
>
>Well, perhaps. However, users are rarely suspended as punishment. Rather,
>they are suspended to restore order. In many cases there is no alternative
>way to restore order. If this were the policy, it might always be the only
>way.
Sieg Heil!
>>Disciplinary action should respond to the indent (sic) of
>>the student and the damage caused by the student, not outside pressures
>
>Absolutely not. Disciplinary action should be based upon the
>behavior of the student. It should be based upon the behavior without
>regard to intent or consequences. It should be based upon the degree of
>variance from the policy.
Behavior without regard to intent or consequences? So it was OK when a
sysadmin suspended a users (not mine) account because he put X-things
up on display 'vs06csc' when he meant to put them up on his display,
'vs06wor', due to a mistake? After all, intent does not matter.
>otherwise outrageous student behavior? The objection to suspension is
>precisely because it is effective. Suspension can be measured and
>responsive to the extent of the disruptive behavior.
The objection to suspension is because it is harsh summary punishment by
someone who doesn't have to answer to the users. Effective? Maybe.
Depends on how badly the student involved will escalate the situation. If he
is a good student and slinks off with his tail between his legs, and changes
departments or transfers to another university or does something to get out
of the admin's hair, it is extemely effective. There are other options open
to the student.
>>Resolved: The punishment that a computer administrator can impose on a
>>student should be not exceed (sic) that which an instructor can impose.
>
>Why do I have the feeling that this resolution is proposed by a student?
>Why is the issue punishment? While I can visualize vindictive
>administrators imposing punishment, the administrative remedies of which
>students complain are mostly remedial, not punitive. It is true that
>student's accounts are suspended, but the intent is not aimed at the
>student. Rather, it is aimed at restoring and preserving order.
WHOA! I thought you said INTENT didn't matter?????????
>Administrators of commercial systems are not having this problem; it is
>primarily a university problem. It results from student hubris and it
>must be curbed.
>
>William Hugh Murray
>Executive Consultant, Information System Security
>to Deloitte & Touche
>WMURRAY@MCIMAIL.COM
Damn right. Gotta slap them students DOWN. We'll show them who the Gods
are around here.. (you do realize that it is GODS who punish hubris...)
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Message-Id: <9106191713.AA22389@zerkalo.harvard.edu>
Subject: Re: Baselines
Date: Wed, 19 Jun 91 13:13:40 EDT
From: "Manavendra K. Thakur"
>>>>> On Wed, 19 Jun 1991 11:52 EDT, Sanjay Kapur said:
> As you said, one could argue and make a pretty good argument that a
> system administrator denying a legitimate user access for no good
> reason may constitute a felony. Fortunately, a systems
> administrator would be covered by "executive immunity", the same
> that the police have when they arrest the wrong person or charge a
> person with a crime the person has not committed.
Excuse me? Haven't you ever heard of lawsuits for "wrongful arrest"?
In the aftermath of the Rodney King case, for example, it was made
known that Los Angeles routinely pays about $8 million per year in
damages to people wrongfully arrested, beaten, or otherwise abused by
police.
It would be an Orwellian world indeed if those wielding police
authority were not accountable for abuses of that authority.
Now, you might claim that lawsuits for "wrongful arrest" and the like
are *civil* penalties and not criminal ones. Then I would agree with
you.
But it's not at all clear that sysadmins could claim similar
protection from criminal penalties. I, for one, would liken the job
of a sysadmin to a glorified custodian rather than a police officer.
Manavendra K. Thakur Internet: thakur@zerkalo.harvard.edu
Systems Programmer, High Energy Division BITNET: thakur@cfa.BITNET
Harvard-Smithsonian Center for DECNET: CFA::thakur
Astrophysics UUCP: ...!uunet!mit-eddie!thakur
-------------------
Date: Wed, 19 Jun 91 13:36:10 -0400
From: kadie (Carl M. Kadie)
Message-Id: <9106191736.AA15892@eff.org>
Cc: comp-academic-freedom-talk
Subject: Misplaced/Nonexistant Subject lines
I think the problem is with the mailing list <-> newsgroup gateway.
I will look into it.
- Carl
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 17:02:41 GMT
Message-Id: <1991Jun19.170241.12261@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References <1991Jun18.182100.15547@ux1.cso.uiuc.edu>, <1991Jun19.143151.10268@eng.umd.edu>, <0094A5B1.52726440@KING.ENG.UMD.EDU>
Subject: Re: User theft of service
In article <0094A5B1.52726440@KING.ENG.UMD.EDU> sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>
>Oh? I thought you freely admitted you had acquired multiple accounts under
>false pretenses (ie: other names). If being provided with an account is a
>service, and you take more than one account (accounts provided and paid for by
>every student with their computing fee), you are stealing from someone.
I did this after the sysadmin suspended my account-- I used a false account for
quite a while, to do my work, and the sysadmin knew about it. When he decided
to suspend that one (perfectly within his rights, right.. after all, the
account wasn't being used by a real student), I applied for several more, as
insurance. I'm sure you will say something like 'two wrongs don't make a
right', but the alternative was suffering the sysadmins suspension-- and I
don't find that acceptable, unless I can accuse the sysadmin of theft of
services for taking away they account I was entitled to as a student.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 18:04:49 GMT
Message-Id: <0094A5C7.0D7C4520@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References <1991Jun18.182100.15547@ux1.cso.uiuc.edu>, <1991Jun19.143151.10268@eng.umd.edu>, <0094A5B1.52726440@KING.ENG.UMD.EDU>,<1991Jun19.170241.12261@eng.umd.edu>=D
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: User theft of service
In article <1991Jun19.170241.12261@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>In article <0094A5B1.52726440@KING.ENG.UMD.EDU> sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>>
>>Oh? I thought you freely admitted you had acquired multiple accounts under
>>false pretenses (ie: other names). If being provided with an account is a
>>service, and you take more than one account (accounts provided and paid for by
>>every student with their computing fee), you are stealing from someone.
>
>I did this after the sysadmin suspended my account-- I used a false account for
>quite a while, to do my work, and the sysadmin knew about it.
Oh? How did he know? Which one? You've already cited multiple names. He's going
to pick you up out of a crowd of hundreds of people immediately? Gosh, wish I
had that power.
> When he decided
>to suspend that one (perfectly within his rights, right.. after all, the
>account wasn't being used by a real student), I applied for several more, as
>insurance.
I don't suppose the word "lie" is in your vocabulary, is it? The basic ethics
of giving false information don't bother you? And please, spare me "The ends
justify the means."
> I'm sure you will say something like 'two wrongs don't make a
>right', but the alternative was suffering the sysadmins suspension-- and I
>don't find that acceptable, unless I can accuse the sysadmin of theft of
>services for taking away they account I was entitled to as a student.
Let's see. You could have appealed to your professor and/or TA to get your
account restored. You could have talked to a faculty advisor and explained the
situtation, or someone in your College's office. You could have gone to the
Diamondback (definately not a part of The Establishment) and protested that
your rights were being violated.
Instead, you chose to further pursue perpetrating falsehoods (I'm real
surprised they didn't bring that in as well).
You are perfectly entitled to an account, Mr. R. You, you, you.
Are you entitled to disrupt the work of other users? No. What about THEIR
RIGHTS? They also paid their student activity fees and are trying to get an
education. Don't they have rights in your worldview? Or is it their tough luck?
Do you have the right to disrupt the normal operations of a system outside of
the normal bounds of doing class assignments (the purpose to which you pay
your geld to the University, and the INHERITANT reason why these accounts are
supplied)? No, I don't think so. If the security sucks, it is not your right to
break security and roam around freely and do your own thing which disrupts the
operations of other users.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Wed, 19 Jun 1991 20:13:48 GMT
Message-Id: <1991Jun19.201348.21683@ms.uky.edu>
Organization: The Leaning Tower of Patterson Office @ The Univ. of KY
From: elroy.jpl.nasa.gov!sdd.hp.com!news.cs.indiana.edu!widener!ukma!sean@uunet.uu.net
References: , <1991Jun18.214726.15504@ms.uky.edu>, <1991Jun19.150932.10836@eng.umd.edu>r
Subject: Re: Have you walked the proverbial mile?
russotto@eng.umd.edu (Matthew T. Russotto) writes:
|I got a bit sick of the eyes on the back of
|my neck, so I created a directory called private, priviliges 700, with a file
|called 'xspy.c', containing a few printf's telling the system administrator
|to stop poking around in my files. The admin came running up, angry,
|about 10 minutes later, and asked me what 'xspy' did. I told him that he
|obviously knew what it did, he had been poking around in my files. He said
|that I was a troublemaker and had to be watched constantly.
:) An administrator like that deserves the nice hefty doctor bill for
the ulcer operation he's going to need. Really, it's one thing to stop
illegal activity, it's another to tap into another's account without
specific cause. "He's probably doing something wrong."
I'd recommend going above his head, and getting the monitoring to
stop. If all else fails, you can send him on wild goose chases until
he realizes all the time he's wasted chasing you down. But that would
be a waste of your time too--I'd probably pursue the former vigorously.
Sean
--
** Sean Casey
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 20:10:09 GMT
Message-Id: <1991Jun19.201009.18284@magnus.acs.ohio-state.edu>
Organization: The Ohio State University
From: snorkelwacker.mit.edu!usc!zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!dysart@world.std.com
References: , za
Subject: Re: Baselines
In article Sanjay Kapur writes:
>
> [...]. Fortunately, a systems administrator would be
>covered by "executive immunity", the same that the police have when they arrest
>the wrong person or charge a person with a crime the person has not committed.
>
> Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Actually this is not true; in the case of police arresting the wrong person,
the wronged individual has the right to sue based upon the longstanding tort
of false imprisonment.
In fact, if a police officer illegally arrested somebody for no good reason,
he could be subject to dismissal and prosecution.
System administrators are not, in the eyes of the law, the same as peace
officers. Federal and state computer laws do not deputize systems
administrators as peace officers. They do have whatever authority the
owner of the system bestows upon them. However, if they overstep that
authority and a user is wrongly aggrieved, then I see three things that
could happen:
1) The University will not back them up
2) The systems administrator could be PERSONALLY
sued, as well as named professionally as a
co-defendent of the University (and the President,
Provost, Dean, Department Chair, ad nauseum)
3) If the systems administrator made his decision in
an arbitrary and purposeful manner, with knowledge
that the user was not really in violation of any
formal policy, but rather just because the user had
upset the sys admin in some way (and perhaps the
user had been a past trouble-maker), and such
decision adversely affects said user, then I would
think that this is a case of DENIAL OF SERVICE if
there ever was one! Remember, that the University
in accepting such student's registration implicity
agrees to provide the computer resources required
by the student to complete the course. If a sys
admin arbitrarily decides to lock a student out of
an account, then the sys admin has interfered with
the contractual agreement between the student and
the University.
DISCLAIMER: I AM NOT A LAWYER! NONE OF THIS SHOULD BE
INTERPRETED AS GENUINE LEGAL ADVICE, BUT ONLY
AS MY PERSONAL OPINIONS. I AM NOT PRACTICING LAW!
PLEASE CONSULT A LICENSED ATTORNEY BEFORE PROCEEDING!
--
Mitch Dysart
dysart@magnus.acs.ohio-state.edu
-------------------
Date: Wed, 19 Jun 91 20:34 GMT
From: William Hugh Murray <0003158580@mcimail.com>
Subject:
Message-Id: <60910619203406/0003158580NB2EM@mcimail.com>
Subject: Punishment
A number of requirements seem to be emerging from this heated discussion:
1. Users require a clear statement of policy and intent. This statement
should include the remedies that the managers of the system reserve to
themselves for the purpose of preserving order. It should also describe
timely procedures for appeal from such remedies.
2. The policy should be stated in broad but unambiguous terms (e.g.,
users have a right to the peaceful enjoyment of the system; they have a
right to be free from outside interference with that enjoyment, whether
by their peers or system management; they should not have to go to
extraordinary means to protect themselves from the deviant behavior of
others; the system should be available as scheduled; behavior calculated
or likely to interfere with the free enjoyment of the system by others
will not be tolerated). Examples of intended and proscribed use should
be used where necessary for clarity.
3. The users' right to free enjoyment includes the right to employ the
system in the manner expected and intended by the authorities. Users
with special requirements, or contemplating using the system in a manner
likely to cause alarm have a positive duty to warn the authorities.
Experimentation will be restricted to those systems, methods, and
protocols sanctioned by the authorities in advance.
4. System administrators should be protected from penalties for failure
to act on a timely basis; failure to provide such protection may incite
them to precipitous action, or place them in an adversarial relationship
to users.
5. System administrators shall be responsible for preserving order
within the system. They shall have broad powers for doing so. These
powers shall explicitly include the duty and privilege of suspending
user privileges when, in their judgement, that is required to preserve
order. Actions taken by administrators in the preservation of order
shall be as conservative, measured, and considered as timeliness and
other circumstances permit.
6. Suspension of privileges by administrators should only be for the
purpose of preserving order. It should not be used to punish. It
should not be used to "get the user's attention."
7. Users are entitled to timely notice of administrative action which
affects them. Such notice should include a statement of the authority,
purpose, scope, and duration of such action, along with a description of
the appeals procedure. Given the sensitivity of systems to deviant or
unexpected user behavior, "timely" may be after the fact.
8. All administrative action should be subject to appeal.
9. The right, duty, and responsibility to punish should be reserved to
the appropriate authorities (e.g. provost, marshall, dean, department
head.) Official disciplinary actions of the authorities of the
institution shall be subject only to those appeals provided by contract
or law.
William Hugh Murray
Executive Consultant, Information System Security
to Deloitte & Touche
WMURRAY@MCIMAIL.COM
-------------------
Date: Wed, 19 Jun 91 20:56 GMT
From: William Hugh Murray <0003158580@mcimail.com>
Subject:
Message-Id: <90910619205609/0003158580NB1EM@mcimail.com>
Subject: Re: User Theft of Services
>...., but the alternative was suffering the sysadmins suspension-- and I
>don't find that acceptable,....
Those who recognize no authority but themselves may be saints. However,
in every social order they are marked as asocial deviants. They bait
ever more powerful authorities until they find themselves in a futile
and irreconcilable conflict with the state.
They are only slightly more to be pitied than the damned fools who argue
with them.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 19:31:34 GMT
Message-Id: <1991Jun19.193134.13848@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References <0094A5B1.52726440@KING.ENG.UMD.EDU>, <1991Jun19.170241.12261@eng.umd.edu>, <0094A5C7.0D7C4520@KING.ENG.UMD.EDU>
Subject: Re: User theft of service
In article <0094A5C7.0D7C4520@KING.ENG.UMD.EDU> sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>In article <1991Jun19.170241.12261@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>> When he decided
>>to suspend that one (perfectly within his rights, right.. after all, the
>>account wasn't being used by a real student), I applied for several more, as
>>insurance.
>
>I don't suppose the word "lie" is in your vocabulary, is it? The basic ethics
>of giving false information don't bother you? And please, spare me "The ends
>justify the means."
How about 'tit for tat'? I feel no compunction to act ethically when the other
side is acting unethically.
>> I'm sure you will say something like 'two wrongs don't make a
>>right', but the alternative was suffering the sysadmins suspension-- and I
>>don't find that acceptable, unless I can accuse the sysadmin of theft of
>>services for taking away they account I was entitled to as a student.
>
>Let's see. You could have appealed to your professor and/or TA to get your
>account restored.
Uh huh. Yeah, I can see that discussion:
Me: The CSC system administrator suspended my account and won't give it back
Prof: Why did he do this?
Me: He says I was messing with other users displays
Prof: Well, were you
Me: I did a few times a couple of weeks ago
Prof: Well, you got what you deserved
Me: But now I can't do my classwork
Prof: Tough luck, should have thought of that before you messed with other
people's displays. I heard about you-- for weeks other students have ben
complaining that their displays are being messed with.
>Instead, you chose to further pursue perpetrating falsehoods (I'm real
>surprised they didn't bring that in as well).
They did-- that was one of the charges I was convicted of by the judicial
board. (I was not CHARGED with misrepresentation, but I was charged with theft
of physical items. Thus, they could not convict me of misrepresenation,
so they invented good old 'theft of services' to cover the offense. The theft
of physical items charge was bogus).
>You are perfectly entitled to an account, Mr. R. You, you, you.
>Are you entitled to disrupt the work of other users? No. What about THEIR
>RIGHTS? They also paid their student activity fees and are trying to get an
>education. Don't they have rights in your worldview? Or is it their tough luck?
>Do you have the right to disrupt the normal operations of a system outside of
>the normal bounds of doing class assignments (the purpose to which you pay
>your geld to the University, and the INHERITANT reason why these accounts are
>supplied)?
Really? The purpose of the WAM accounts is not for doing class assignments
only, no matter what you and any other system administrators might think.
>No, I don't think so. If the security sucks, it is not your right to
>break security and roam around freely and do your own thing which disrupts the
>operations of other users.
Agreed. But-- the punishment must fit the crime. Messing with a few people's
X-displays does not warrant indefinite suspension of account-- especially not
when the account suspension was done weeks after the 'crime'.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 18:36:00 GMT
Message-Id: <1991Jun19.183600.6627@yenta.alb.nm.us>
Organization: yenta unix pc, rio rancho, nm
From: zaphod.mps.ohio-state.edu!hobbes.physics.uiowa.edu!maverick.ksu.ksu.edu!unmvax!bbx!yenta!lazlo@uunet.uu.net
References: , <1991Jun19.145957.15305@magnus.acs.ohio-state.edu>hysi
Subject: Re: Baselines
dysart@magnus.acs.ohio-state.edu (Mitchell D Dysart) writes:
> If a policy exists that says every student is allowed an account on the
> system, and specifies certain limitations such as not reading other
> people's files, etc., and the system administrator's job is to enforce
> this formal policy; then what is (s)he supposed to do if a user finds a
> way to abuse (in the honest opinion of the system administrator) the
> system in a manner not prohibited by the policy?
Clean up the mess, fix the hole and update the policy to cover the problem.
If some arbitrary way of using the system is actually abuse, it should be
covered by the policy.
And let's not get ridiculous and nitpicky here -- "using a terminal as a
trampoline" is already covered by rules against damaging school property.
--
Lazlo (lazlo@triton.unm.edu, lazlo@yenta.alb.nm.us)
STUDIO NIBBLE -- "America's Favorite Lunchtime Snack"
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 19 Jun 91 20:36:44 GMT
Message-Id: <0094A5DC.464FCC40@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References <0094A5B1.52726440@KING.ENG.UMD.EDU>, <1991Jun19.170241.12261@eng.umd.edu>, <0094A5C7.0D7C4520@KING.ENG.UMD.EDU>,<1991Jun19.193134.13848@eng.umd.edu>
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: User theft of service
In article <1991Jun19.193134.13848@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>In article <0094A5C7.0D7C4520@KING.ENG.UMD.EDU> sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>>In article <1991Jun19.170241.12261@eng.umd.edu>, russotto@eng.umd.edu (Matthew T. Russotto) writes:
>
>>> When he decided
>>>to suspend that one (perfectly within his rights, right.. after all, the
>>>account wasn't being used by a real student), I applied for several more, as
>>>insurance.
>>
>>I don't suppose the word "lie" is in your vocabulary, is it? The basic ethics
>>of giving false information don't bother you? And please, spare me "The ends
>>justify the means."
>
>How about 'tit for tat'? I feel no compunction to act ethically when the other
>side is acting unethically.
Perhaps you could study the works of, oh, Gandhi and Martin Luther King. You
have no remorse about lying. Where do you stop? The destruction of physical
property? Assault? Battery? ...naw. The erasure of system files? Plagerism of
work copied from another account?
>>>right', but the alternative was suffering the sysadmins suspension-- and I
>>>don't find that acceptable, unless I can accuse the sysadmin of theft of
>>>services for taking away they account I was entitled to as a student.
>>
>>Let's see. You could have appealed to your professor and/or TA to get your
>>account restored.
You did not try that avenue. You could have pursued an appeal all the way
through the college. Alternatively, if the professor was not sympathetic, you
could have dropped the course, and raised hell about it through the
Diamondback.
>Uh huh. Yeah, I can see that discussion:
>Me: The CSC system administrator suspended my account and won't give it back
>Prof: Why did he do this?
>Me: He says I was messing with other users displays
>Prof: Well, were you
>Me: I did a few times a couple of weeks ago
>Prof: Well, you got what you deserved
>Me: But now I can't do my classwork
>Prof: Tough luck, should have thought of that before you messed with other
>people's displays. I heard about you-- for weeks other students have ben
>complaining that their displays are being messed with.
You did not attempt this discussion. If you wish to generate fiction, feel free
to do so on another newsgroup.
>>Instead, you chose to further pursue perpetrating falsehoods (I'm real
>>surprised they didn't bring that in as well).
>
>They did-- that was one of the charges I was convicted of by the judicial
>board. (I was not CHARGED with misrepresentation, but I was charged with theft
>of physical items. Thus, they could not convict me of misrepresenation,
>so they invented good old 'theft of services' to cover the offense. The theft
>of physical items charge was bogus).
Theft of services is what you did. There's probably something in the judical
codes about intentionally falisifying information.
>>Are you entitled to disrupt the work of other users? No. What about THEIR
>>RIGHTS? They also paid their student activity fees and are trying to get an
>>education. Don't they have rights in your worldview? Or is it their tough luck?
>
>>Do you have the right to disrupt the normal operations of a system outside of
>>the normal bounds of doing class assignments (the purpose to which you pay
>>your geld to the University, and the INHERITANT reason why these accounts are
>>supplied)?
>
>Really? The purpose of the WAM accounts is not for doing class assignments
>only, no matter what you and any other system administrators might think.
I'm glad you make policy for the University. Could you please quote me
something which defines those Other Uses? I'm curious as to your ideal of Your
Greater Good fits into your alleged rights to disrupt the work of other users
who have also paid their money and are trying to get their work done on time.
You keep ignoring that issue. Maybe you don't care about other students.
>>No, I don't think so. If the security sucks, it is not your right to
>>break security and roam around freely and do your own thing which disrupts the
>>operations of other users.
>
>Agreed. But-- the punishment must fit the crime. Messing with a few people's
>X-displays does not warrant indefinite suspension of account-- especially not
>when the account suspension was done weeks after the 'crime'.
Ah. But lying in order to obtain other accounts doesn't fit into that list of
charges? Contributing to the disruption of other people's work doesn't?
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
From: "Roland Zito-wolf"
Message-Id: <9106200015.AA03184@chaos.cs.brandeis.edu>
Subject: add me to the list (if different from EFF list)
Roland J. Zito-Wolf (aka Roy)
Computer Science Department, Ford Hall Room 130
Brandeis University
Waltham, Mass 02254-9110
Phone: 617-736-2718
EMail: RJZ@CS.BRANDEIS.EDU
FAX: 617-736-2741
-thanks, rjz
-------------------
Date: Wed, 19 Jun 91 16:11:13 EDT
From: Joe Brennan
Subject: Matthew Russotto's Human Rights
Message-Id:
Can we move this discussion to a special russotto group? I don't
imagine too many of us want to hear any more about this particular
case, or who gets the last word in about it.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Thu, 20 Jun 1991 02:16:39 GMT
Message-Id:
Organization: Ohio State University Computer and Information Science
From: cis.ohio-state.edu!morganucodon.cis.ohio-state.edu!jgreely@uunet.uu.net
References: , <1991Jun18.180021.28193@eff.org>du
Subject: Re: How to back a user into a corner
In article <1991Jun19.151543.11010@eng.umd.edu> russotto@eng.umd.edu
(Matthew T. Russotto) writes:
>Which they pay a substantial amount to use...
Are there two of you? The argumentative-but-rational Russotto of
talk.politics.guns and the repetitive-but-clueless Russotto here? I
can't reconcile the two.
--
J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely)
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 02:23:10 GMT
Message-Id: <1991Jun19.222310.490@miavx2.ham.muohio.edu>
Organization: Miami University, Hamilton campus
From: zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!ohstpy!miavx1!miavx2.ham.muohio.edu!maoursler@uunet.uu.net
Subject: Slime and Punishment
Hey folks,
What the hell, I might as well put my two cents in. I have
just read through the last 80 messages or so and I must say I
find the thread of conversation interesting. By the way,
I am currently the Manager of Networks and Systems for
Kenyon College. I feel convicted already. ;-)
There have been lots of interesting comments to respond to,
but I'll just pick and choose. I don't have everything
at hand so if I misquote you, well that's just too damn bad. ;-)
First off... Mr. R. (much simpler to type)
Geeezz...Somebody sure pissed in you wheaties. You've
managed to change an interesting and worthy point of
discussion into an all out holy war. Congratulations.
Both sides are so fired up at this point, that is has descended
to THEM and US. A shame.
Now let me soapbox for a while...To be fair (haha), it does sound
like Mr. R. got a bum steer. Yeah, well it happens. And it
most certainly is not limited to computer usage issues. As you've
no doubt heard before, life is not fair. But.....
We have an obligation to try to be fair. Dictatorial Sysadmins
are certainly not on my favorite person list. I don't run a
system that way, and I don't like people who do. As a matter
of fact, I've gone to a great deal of trouble to lobby for the
rights of students to get them more things. When I arrived
at Kenyon, students were not allowed access to the Internet for
no reason other than "They might do something bad." That
sort "Don't let them do anything" mentality really rubs me
the wrong way. That policy was changed shortly after my arrival.
I have never suspended a student's account. That's not to
say that I wouldn't. I just haven't. I find that most people
aren't out to cause trouble. The people that are out to
cause trouble get noticed very quickly. Sure, people make
mistakes. Recently, I was contacted by a company who has
Internet access. They told me that a student of mine had
been trying to log onto one of their systems multiple times.
I was suspicious because this student had previously been
caught trying to log onto our administrative systems.
However, I didn't suspend his account, limit his access or
anything else. After talking to the guy, he explained that
he was told that the node was a gateway to an archive server.
He seemed honest and apologized. No harm done. I haven't
heard anything from him since then.
I'm sure MOST sysadmins trust the users. If Mr. R. has
hit upon a patch of those old-world "The computer is a
sacred cow" sysadmins, well then he should do whatever
he can WITHIN THE BOUNDS OF THE LAW, POLICIES, AND COMMON
SENSE to convince the University it needs a change in
it's sysadmins. (If the salary is right, give me a call)
However, Mr. R.'s ALL SYSADMINS ARE VILLINOUS NEO-NAZI SCUM
attitude doesn't help much. Breaking more rules because you
feel you have been unjustly penalized is no better than
jumping bail because you feel you were unjustly accused.
BAck me up here sysadmins...;-) I am willing to
bet that like me, most college sysadmins are bogged down,
underpaid individuals who because they choose to work in
an academic environment constantly have too many irons
in the fire. Hey, if the sysadmin has to take time out
to deal with a problem caused by a student, don't expect
to be treated nicely if you really screwed up.
Ok sure you say, "But what about suspending an account
BEFORE the truth will out???" Well, sorry folks, but it's
a judgement call. In ANY situation where I am forced to
make the decision between possibly inconveniencing ONE
student and most definately inconveniencing the other
1700 users I have, well guess what I choose. Harsh as
it may sound, I am employed to maintain the system.
Someone asked for a written list of a typical system manager's
duties. Extracted from my job description:
A) Manage clustered and distributed VAX systems to ENSURE (my emphasis)
efficient use of system resources, including queues, disk drives,
memory management, etc.
B) Configure components of campus network to ensure efficient use,
stability and security of network resources.
These and other tasks are what the college pays me for. The college
thinks of things in terms of ALL students. And so do I.
To sum up my thoughts:
1) Evil nasty sysadmins should be done away with. Whether your
sysadmin is evil is admittedly subject to personal interpretation.
I trust my students and users. I EXPECT them to apply
reasonable standards of comparison in judging the way they
are treated.
2) Tyrannical, chip-on-my shoulder users cut no ice with me or any
other sysadmin worth his/her salt. If you blew it, you pay
the price. Note here: I beleive Mr. R. said something
to the effect of "reasonable sysadmins cannot be assumed."
Don't mistake the exception for the rule. I assume reasonable
students and expect them to assume I'm reasonable. Actually
the odds are really against me considering their numbers.
- Miles -
----------------------------
Miles Oursler
Manager Networks and Systems
Kenyon College
oursler@vax001.kenyon.edu
----------------------------
"Comments welcome, flames ignored."
Me
-------------------
Date: Wed, 19 Jun 1991 23:18 EDT
From: Sanjay Kapur
Subject: Re: Baselines
Message-Id: <145ED99CCC216497@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Actually this is not true; in the case of police arresting the wrong person,
>the wronged individual has the right to sue based upon the longstanding tort
>of false imprisonment.
>
You may want to talk to a lawyer about that. I am under the impression that
false imprisonment tort law applies to mailicious arrests.
>In fact, if a police officer illegally arrested somebody for no good reason,
>he could be subject to dismissal and prosecution.
>
What if the police officer had a good and documented reason to suspect ?
A "capricious" and "malicious" systems administrator should be fired because
the power of being a system administrator has corrupted him or her.
(Power corrupts and absolute power corrupts absolutely)
I do not want to defend and would in fact encourage the civil/criminal/
University prosecution of Systems Administrators who act maliciously.
They are a disgrace to the profession.
>--
>
>Mitch Dysart
>dysart@magnus.acs.ohio-state.edu
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 02:05:17 GMT
Message-Id: <10944@emanon.cs.jhu.edu>
Organization: Johns Hopkins University CS Dept.
From: emanon.cs.jhu.edu!arromdee@umd5.umd.edu
References: , <60910619203406.0003158580NB2EM@mcimail.com>ra
Subject: Re: Punishment
In article <60910619203406.0003158580NB2EM@mcimail.com> 0003158580@mcimail.COM (William Hugh Murray) writes:
>4. System administrators should be protected from penalties for failure
>to act on a timely basis; failure to provide such protection may incite
>them to precipitous action, or place them in an adversarial relationship
>to users.
What is the point of the rest of your rules recommending timely action by
system administrators if this rule specifically says they are not
required to provide it?
--
"Okay Deus Ex Machina Man--let's see your powers save you now!"
[safe falls on villain]
"Not bad...."
-- Phil Foglio's "What's New", Dragon #75 (correction thanks to Pat Berry)
Kenneth Arromdee (UUCP: ....!jhunix!arromdee; BITNET: arromdee@jhuvm;
INTERNET: arromdee@cs.jhu.edu)
From kadie Fri Jun 21 11:27:13 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Fri Jun 21 11:24:37 EDT 1991
In this issue:
"Dean Gottehrer" < : Re: Matthew Russotto's Human Rights
Sanjay Kapur
From: "Dean Gottehrer"
Subject: Re: Matthew Russotto's Human Rights
Here's another voice who seconds Joe Brennan's desire to move Mr. R and
all those who would like to discuss his case to somewhere other than
this forum. I'd like to see us get off of this and back on to computers
and academic freedom. If we get much more of this I'll be sorry I
argued for an unmoderated forum.
In case I haven't made myself clear, Mr. R and those who would debate him,
the messages have become repetitive and no more light is being shed by
this flame war. Pour a little water on it, guys. Put the flames out or
take them somewhere else.
Dean Gottehrer
Anchorage, Alaska
-------------------
Date: Thu, 20 Jun 1991 02:25 EDT
From: Sanjay Kapur
Subject: Users and Systems staff interaction
Message-Id: <2E8DFD2EDC217F86@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
I have been a Systems Administrator now for about seven years.
I consider users to be the reason I have a job. I do my best to avoid any
action that might constitute even a minor annoyance to even one user. I also
do not want a user to annoy/harrass another user.
On the other hand, I do not mind being "harrassed" by users. In fact, I do
not consider it harrassment at all and I believe helping users in using the
system properly is a major portion of my job. I have yet to meet a user who
has continued to abuse the system after being instructed in how to use the
computer system properly, and after being advised of the reasons for certain
restrictions. I find that these restrictions can be at times frustrating to
a user and understanding the reasons behind these restrictions eases the
frustration. At times users actually support the restrictions.
My experience has taught me that ALL problems of abuse etc. come about due to
lack of communications between the Systems staff and the users. Direct access
to the systems staff who actually manage the system in addition to access to a
front office (e.g. an accounts offoce, a user support office, Student
assistants) has to be a central element of any policy.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 20 Jun 1991 02:26 EDT
From: Sanjay Kapur
Subject: Account suspensions and other denial of services in practice.
Message-Id: <2EAE2FFB1C217F86@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
I would like to make the following statements just in case someone assumes
I am out to make life miserable for users:
I have been a system administrator now for seven years.
The main reason I suspend an account is when the account runs out of
allocated funds. I do not have any role in allocating new funds. For all
practical purposes the supension is automatic.
The only other time I have suspended accounts was when the Internet and
DECnet worms were around. I suspended those accounts who had Username the
same as the Password. Those account were reactivated as soon as the user
changed the password. Notices of this action were posted in quite a few
places. This was the only time accounts were suspended to get the user's
attention. New security software on VMS does not allow simple passwords
anymore and so this is no longer an issue.
The only reasons I have deleted an account are 1) because the person was no
longer associated with the University or 2) account owner sent a request
verified by phone by me to have their account deleted or 3) the person
paying for the account (not the user) requested its deletion. The third type
of deletion is done after the user is notified and asked to find a new source
of funds to which the account can be charged and the user is unable to do so
within a reasonable period of time. In all cases, if the user wants, the
files are archived for the user.
The only method I have used to delete users' file is by automatic purge of old
log and listing files and previous versions of files after they get old (end of
semester), automatic purge of old mail that has not been refiled and automatic
purge of scratch areas. We also do weekly backup of the whole system and
daily incremental backups that we keep for more than three months in case
someone needs a purged file.
I would like to know if any of the above are "wrongful" denials of service.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 20 Jun 1991 02:27 EDT
From: Sanjay Kapur
Subject: Accessing a user's files without permission.
Message-Id: <2EC65C55DC217F86@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
We sometimes get requests by a user's department chair or the user's colleague
to give them access to a user's files without the user's permission. As a
matter of policy, these requests are denied except under exceptional
circumstances.
Except for the unexpected death of a user, these exceptional circumstances
have not occured yet, so I do not know what they are. I suspect a formal
investigation by a University judicial body or outside subpeona would be
considered an exceptional circumstance.
Is the above policy within reason or does it pose any problems?
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 05:18:37 GMT
Message-Id: <1991Jun20.051837.11672@dartvax.dartmouth.edu>
Organization: Dartmouth College, Hanover, NH
From: hsdndev!dartvax!eleazar.dartmouth.edu!llama@rice.edu
References: , <9106181635.AA08611@cs.widener.edu>hsd
Subject: Re: Jolnet
brendan@cs.widener.EDU (Brendan Kehoe) writes:
>llama@eleazar.dartmouth.edu wrote:
>>"System Administrators" have even been "held liable" for LEGAL activities
>>done on their system. Ever hear of the Phrack case?
>Sorry, that's not a very good example...Rich Andrews was in no way
>"held liable" for what Neidorf may have done on Jolnet---rather,
>Andrews was in full cooperation with the authorities. His equipment
>was confiscated as part of the investigation. (I don't know if it's
>since been returned to him, although I'd hope so.) No charges were
>ever brought against him.
Sorry, that is a good example. "Held liable" is in quotes precisely
because I was not stating that Andrews was arrested. However, when
they come to take your (hypothetical) equipment away because of
(hypothetical) legal but disapproved activities on your (hypothetical)
system, you will not say:
"Oh, you're just confiscating my equipment instead of arresting me?
Well, I guess that's OK, then. Cheerio."
----------------------------------------------------------------------------
"Read My Lips: No Nude Texans!" - George Bush clearing up a misunderstanding
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 05:38:48 GMT
Message-Id: <1991Jun20.053848.17863@eng.umd.edu>
Organization: Project GLUE, Merriversity of Uniland, College Purgatory
From: mojo!lidl@mimsy.umd.edu
References: , <1991Jun19.222310.490@miavx2.ham.muohio.edu>ra
Subject: Re: Slime and Punishment
In article <1991Jun19.222310.490@miavx2.ham.muohio.edu>
maoursler@miavx2.ham.muohio.edu writes:
> What the hell, I might as well put my two cents in. I have
> just read through the last 80 messages or so and I must say I
> find the thread of conversation interesting. By the way,
> I am currently the Manager of Networks and Systems for
> Kenyon College. I feel convicted already. ;-)
Oddly enough, I don't feel so convicted. Someone clued me into the
"discussion" that has been raging here for a while, so I just cruised
through the last 200 messages in the news spool... By the by, I
happen to the be the sys-admin for the unix systems the College of
Engineering runs here at the U of MD. Doug Mohney, Matt's verbal
adversary, is the System Manager of the CAD lab -- a VMS cluster also
in the College of Engineering. All incidents previously mentioned in
this newsgroup/mail-list (unless I am mistaken, and I am *sure* that
Matt will correct me if I am wrong here) involve the Computer Science
Center (aka CSC) here at the U of MD. That being said, let me
further add that these thoughts are my own, and do not necessarily
represent those of the administration of the College of Engineering,
CSC, or the U of MD as a whole.
>[...]
> Now let me soapbox for a while...To be fair (haha), it does sound
> like Mr. R. got a bum steer. Yeah, well it happens. And it
> most certainly is not limited to computer usage issues. As you've
> no doubt heard before, life is not fair. But.....
Well, seeing how I was here at the old U of MD while this transpired,
and friends of one of Matt's also black-listed computer explorers,
I might have a better gripe on this whole thing than others. Then
again, I just might be full of crap.
I firmly believe that Matt did get a bum rap from certain admins here
at the U of MD. However, I also think that Matt was a bit more
irratating that he needed to be in bringing problems to the attention
of the system staff.
> We have an obligation to try to be fair. Dictatorial Sysadmins
> are certainly not on my favorite person list. I don't run a
> system that way, and I don't like people who do. As a matter
> of fact, I've gone to a great deal of trouble to lobby for the
> rights of students to get them more things.
I think that this could also be said for the role I have played here
in the College of Engineering. Things I've brought include increased
disk quotas for the student accounts, free access to read and post news,
and a more comfortable work environment for people to learn and
research in.
> When I arrived
> at Kenyon, students were not allowed access to the Internet for
> no reason other than "They might do something bad." That
> sort "Don't let them do anything" mentality really rubs me
> the wrong way. That policy was changed shortly after my arrival.
When I started off here in the College of Engineering, there were two
kinds of people on the systems. Professors in the EE dept, and grad
students in the EE dept. Since then, we have expanded to provide free
computer accounts (accessible dialin to sun3/sun4 computers, and via
Xterminals and the consoles in the labs) to any student who can prove
they have current registration in the University of MD. (You need a
photo ID and the semester registration card to get an account.)
> I have never suspended a student's account. That's not to
> say that I wouldn't. I just haven't.
You are lucky. I have been forced to do this. Most the time, a nasty-gram
in the form of a E-Mail message will cause the person so affected to
amend their actions. Sometimes it doesn't.
> I find that most people
> aren't out to cause trouble. The people that are out to
> cause trouble get noticed very quickly. Sure, people make
> mistakes.
And it is important to let them make those mistakes. And not to crucify
them for those mistakes. I like to save the "crucifixion" for those
people who are boorish, rude, and don't respond to multiple warnings...
>[...]
> I'm sure MOST sysadmins trust the users. If Mr. R. has
> hit upon a patch of those old-world "The computer is a
> sacred cow" sysadmins, well then he should do whatever
> he can WITHIN THE BOUNDS OF THE LAW, POLICIES, AND COMMON
> SENSE to convince the University it needs a change in
> it's sysadmins. (If the salary is right, give me a call)
It galls me that every sys-admin here at the Univ of MD are painted
in such a light. CSC isn't the largest player of Unix computer systems
here -- the College of Engineering is.
> However, Mr. R.'s ALL SYSADMINS ARE VILLINOUS NEO-NAZI SCUM
> attitude doesn't help much. [...]
> Hey, if the sysadmin has to take time out
> to deal with a problem caused by a student, don't expect
> to be treated nicely if you really screwed up.
Amen.
> To sum up my thoughts:
>
> 1) Evil nasty sysadmins should be done away with. Whether your
> sysadmin is evil is admittedly subject to personal interpretation.
> I trust my students and users. I EXPECT them to apply
> reasonable standards of comparison in judging the way they
> are treated.
Here, here!
> 2) Tyrannical, chip-on-my shoulder users cut no ice with me or any
> other sysadmin worth his/her salt. If you blew it, you pay
> the price. Note here: I believe Mr. R. said something
> to the effect of "reasonable sysadmins cannot be assumed."
> Don't mistake the exception for the rule. I assume reasonable
> students and expect them to assume I'm reasonable. Actually
> the odds are really against me considering their numbers.
Bingo.
> Miles Oursler
> Manager Networks and Systems
> Kenyon College
> oursler@vax001.kenyon.edu
> "Comments welcome, flames ignored."
-Kurt
--
/* Kurt J. Lidl (lidl@eng.umd.edu) | Unix is the answer, but only if you */
/* UUCP: uunet!eng.umd.edu!lidl | phrase the question very carefully. */
/* "It's 5:50 a.m., Do you know where your stack pointer is?" */
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 06:17:55 GMT
Message-Id: <1991Jun20.061755.2697@yenta.alb.nm.us>
Organization: yenta unix pc, rio rancho, nm
From: zaphod.mps.ohio-state.edu!maverick.ksu.ksu.edu!unmvax!bbx!yenta!lazlo@uunet.uu.net
References <0094A4ED.A3823140@KING.ENG.UMD.EDU>,<1991Jun18.180830.27171@eng.umd.edu>, <0094A50B.71F6CC80@KING.ENG.UMD.EDU>,<1991Jun18.235620.1859@yenta.alb.nm.us>, <0094A5B0.430F9960@KING.ENG.UM
Subject: Re: Punishment
sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
> I guess other individuals on the system have no rights, other than what
> other users allow them by your stance. That's amusing.
Answer the question. Who do you think is more at fault: the person who's
initiating a chat page or the person who doesn't bother to learn enough
about the system to hit the seven keys it takes to turn them off?
If you want to run a system that caters to the willfully ignorant --
people who'd rather run and cry to the sysadmin than fix a problem they
can fix on their own in a second or two -- that's your business. I just
hope I'm never stuck there with you.
>> In situations like the above, if there isn't a specific policy against
>> sending crap to peoples' displays then you as a sysadmin have no right
>> to get bent out of shape when people start doing it. Change the rules,
>> let everybody know about them, and *lock the doors behind you when you
>> leave*.
> Ah. The typical "the doors are unlocked, so I have the right to do
> whatever I want to your house" arguement. Sure. Try it.
One more time for the brain-dead, Doug. Read it carefully. You may want
to use a dictionary:
If there is no law against trespassing, the police have no
business arresting me for it. If there is no policy against
sending things to other peoples' displays, you have no business
yanking my account for it.
--
Lazlo (lazlo@triton.unm.edu, lazlo@yenta.alb.nm.us)
STUDIO NIBBLE -- "America's Favorite Lunchtime Snack"
-------------------
Date: Thu, 20 Jun 1991 07:51 EDT
From: Sanjay Kapur
Message-Id: <5C05F3333C212928@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
> If there is no law against trespassing, the police have no
> business arresting me for it. If there is no policy against
> sending things to other peoples' displays, you have no business
> yanking my account for it.
>--
>Lazlo (lazlo@triton.unm.edu, lazlo@yenta.alb.nm.us)
I would be extremely surprised if any university did NOT have a policy on
general harrassment of one student by another. Putting up things on other
peoples's displays is harrassment. Everything does not have to spelled out in
the computer policy if it is already covered by general University Policy.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Thu, 20 Jun 91 11:48 GMT
From: William Hugh Murray <0003158580@mcimail.com>
Subject:
Message-Id: <11910620114811/0003158580NB4EM@mcimail.com>
>What is the point of the rest of your rules recommending timely action by
>system administrators if this rule specifically says they are not
>required to provide it?
It was not my intent to suggest that they were not expected to do so;
rather, that "failure" would not be penalized. I admit that it is a fine
point.
My experience is that most people want to do their jobs. They do not
do them from fear. Fearful people, however, often act in irrational
ways. If I want to encourage productive behavior, I have to communicate
a clear expectation without causing counter-productive fear.
Much of the counter-productive behavior attributed here to administrators
may have been caused by fear. Some administrators have suggested that
they acted in fear for the network, if not for their jobs.
The longer an adminsitrator waits to act, the more likely that his action
will be well informed. On the other hand, the longer he waits, the more
the consequences are to be catastrophic. This is the leader's dilemma.
Most people understand it, viscerally if not intellectually. This require-
ment is suggested not to aggravate the dilemma.
Thanks for your question.
William Hugh Murray
Executive Consultant, Information System Security
to Deloitte & Touche
WMURRAY@MCIMAIL.COM
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 15:20:20 GMT
Message-Id: <1991Jun20.152020.20368@ms.uky.edu>
Organization: The Puzzle Palace, UKentucky
From: snorkelwacker.mit.edu!usc!wuarchive!ukma!morgan@world.std.com
References <1991Jun17.143127.7897@eng.umd.edu>, <1991Jun18.205420.4643@ms.uky.edu>, <1991Jun19.145102.10575@eng.umd.edu>
Subject: Re: Punishment
It appears that Mr. Russotto cannot contribute to a discussion without
making broad, sweeping generalizations. Let's try this again, shall we?
russotto@eng.umd.edu (Matthew T. Russotto) writes:
>morgan@ms.uky.edu (that's me) writes:
>
>Don't like the shoe on the other foot? I've had system administrators who
>ignore phone calls, refuse to schedule a meeting (except when I'm in class),
>and naturally, I couldn't send email legitimately.
Oh? You couldn't ask another student (or staff member or faculty member)
to make an inquiry on your behalf? I regularly receive mail from users
who are "forwarding" a question or request for another user. I don't look
on that as a "security problem"; that's friends helping each other.
>Leaving an account
>suspended is a lot more damaging to a user than unsuspending it is to a
>system administrator-- or are you saying that your system is so insecure that
>anyone with an account could damage it at will, whereas someone without an
>account could do nothing?
Please, let's stay within the realm of logic here. If an INDIVIDUAL user
has committed some violation/infraction/mayhem, I suspend that INDIVIDUAL.
I don't suspect everyone; I only "mop up" after those who cause problems.
When your account was suspended, did you immediately start teaching other
users how to do the various things that put you in hot water? I don't
think so.
No system is secure; that's a "law of computing". However, not all users
can "damage it at will". That's a sweeping generalization.
>>If I ever had to suspend a user, I'd probably follow a procedure like this:
>> - Lock the account; all the user sees on login is a message
>> to get in touch with me.
>And then make yourself unavailable to that student. That's the way sysadmins
>work around here.
As I said in an earlier posting, I'm sorry that you have to deal with that
type of person. However, do you honestly think that such behavior is the
norm? Haven't you been reading the discussion here?
To reinforce a previous point, I'll bet that the sysadmin in this case
wouldn't have been unavailable to a professor, Chairman, or Dean. Why
didn't you follow that route?
>Naa, why bother-- the problem is solved, the student is suspended.
No, it isn't solved. My job is to provide computing services to students,
faculty, and staff. If I suspend a login, that can have dire consequences
for the student (as I'm sure you are aware). My problem isn't solved un-
til I speak with that student and we understand each other. Case in point:
my sulog showed a particular user attempting to su to root 10 times on a
particular evening at about 2 AM. I sent some electronic mail, asking him
to drop by my office. As it turned out, he was a former VMS user. In the
VMS operating system, "su" means "show user", the VMS equivalent of who(1).
See? No problem here, just misinformation. I explained what su(1) did in
Unix, and he assured me that he'd be more careful in the future. I've never
had another problem with that user; in fact, he is more conscious of system
issues (CPU, disk space, user load) than most of the other users. *That*,
my friend, is solving a problem.
> [ explaining the suspension to the student's Department Chairman ]
>
>Why bother-- this might provoke a hostile reaction from the chairman, and
>you might have to actually explain your actions.
Sure, no problem. I've had to explain disk quotas, printer quotas, and
email limitations many times. I've also explained how I handle "problem
users". Why should this provoke a hostile reaction? The faculty and I
are partners in the education of the students. We approach it from that
perspective, and we have very few problems.
>> - The login remains suspended until I have a meeting with the student.
>
>Who you make yourself unavailable to, and should he happen upon you, you claim
>that you don't have the authority to restore the account and refer the student
>to someone else who isn't available.
No, that's what happened to *you*. That has nothing to do with me or my
computing operation.
>>If computing resources are an important asset to the user, he will make
>>the effort to contact me. The user's willful inaction is not sufficient
>>cause for me to remove my suspension of his access. If he wants his login
>>restored, he has to talk to me. If I am to successfully manage the system,
>>it cannot work any other way.
>
>You must wield absolute power? Sorry, I certainly can't accept that.
Hey, that's nice. You latch on to the last sentence in the paragraph, and
completely ignore the remainder. How about responding to the first three
sentences, eh?
I will, however, agree that I stated that last opinion poorly. Let's try
it again. In day-to-day administration, I do wield "absolute power",
if for no other reason than the ability to shut the system down or disable
the network bridge. That power is checked by my boss, faculty and staff
members, and the user population as a whole. My decisions can certainly
be vetoed by several people. For instance, we recently received a mass
mailing from the University Administration. Although the letter was
addressed to "Faculty and Staff", it was sent to all 1800 students as
well. This caused a definite problem for the system, since the message
was over 10K in size. I wrote a quick shell script to delete that mess-
age from student mailboxes (WITHOUT looking at the rest of their mail)
and solved the problem. After the mail flood was over, my boss and I
discussed it, and we found a solution that did not involve user mailboxes
in any way. My solution was, in my opinion, a proper use of my "power"
to solve a problem "on the fly"; we then found a formal solution to pre-
vent further occurances. Do you think that it was an abuse?
>>If you have an option that does not include automatic release of suspension,
>>I'd like to hear it.
>
>Sure-- no suspension at all without a formal hearing.
>
>>ps> As far as hearings go, I think that it is a disservice to the other
>> users of the system to take up large chunks of my time with default
>> hearings.
>
>I'm sure cops think it is a disservice to the public to waste their time in
>court too.
I'm going to respond to this, despite the fact that the analogy is, in
my opinion, a gross simplification.
Here's a scenario:
A man uses a tool (a gun) to rob someone's residence (a house).
The police get permission from their boss (judge) to apprehend the man.
He is prevented from moving freely around the city (arrested),
and the tool is impounded as evidence. He may
(or may not) be restricted in his movements prior to the hear-
ing (jail, restraining order). If the hearing is resolved in
his favor, his tool (the gun) is returned to him, and the restric-
tions (jail or restraining order) are lifted.
Compare this with:
A student uses a tool (programs/files) to rob someone's residence
(their disk space or system resources). The system administrator
gets permission from his boss to (digitally) apprehend the student.
The student is prevented from moving freely around the computer
(login is suspended), and the tool (programs/files) is impounded
as evidence. He may (or may not) be restricted in his movements
prior to any hearing (the suspension may or may not be lifted, he
may receive a restricted shell or new, empty disk space). If the
hearing is resolved in his favor, his tool (programs/files) is
returned to him, and the restrictions (suspended login or restricted
shell) are lifted.
If you want to make analogies between systems administrators and cops,
follow the analogy *completely*; don't just snip out the parts that
support your view.
>Only if the sysadmin is a reasonable person and not a mindless burecrat who
>simply wants to make his job easier. Reasonable sysadmins cannot be assumed.
Would you say that, at umd.edu, "reasonable users cannot be assumed"?
I certainly don't make that generalization for the 1800 users on my
systems. Let's get away from our personal situations and look at the
broad picture, shall we?
>> The "right of appeal" is fine, but at least
>> give me a chance to talk to the person face-to-face first.
>If you avoiding that talk means the student has no recourse, no way.
There's always my boss, faculty members, Chairmen, Deans, and Ombudsmen.
I know it's futile but I'll ask the question again: WHY DIDN'T YOU GO
TO *ANY* OF THESE PEOPLE FOR ASSISTANCE? If you don't want to discuss
the *whole* story, I don't have any choice but to assume that you were
caught with your hand in the proverbial cookie jar, and that you don't
like paying the price.
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 04:20:53 GMT
Message-Id: <677391652@macbeth.cs.duke.edu>
Organization: Duke University Computer Science Dept.; Durham, N.C.
From: duke!crm@mcnc.org
References: , <1991Jun19.222310.490@miavx2.ham.muohio.edu>
Subject: War story and some thoughts....
Years ago, I was working on a project on a nice new Vax 780, first year
it was available. (I *said* "years ago....") Since we were working on
a VAX, we had this great new innovation -- email. We started working
on the specification, exchanging all our fragments of specification via
email.
One day the whole system ran out of disk space. The system supported
our project and several administrative types. I logged on,
unsuspecting, and found that my mail archive had been deleted.
I notified the system staff, and at first they wouldn't admit that
anything had happened. Then they said they had lost the file and
coudn't recover it. Then they finally admitted they had deleted the
file because they thought it was too big; they didn't want me taking up
space with archived mail.
Notice what happened here:
1. System administrator wants to preserve services for others
2. System administrator takes drastic action on own authority
3. System administrator buggers someone who was using the system
according to what few published policies there were at the time, and
doing useful work in a way the administrator didn't consider.
4. System administrator trys to cover own ass.
As it happened, this was in industry, not in The Academy. The project
was paying for something like 75 percent of the VAX. Result:
5. System administrator lost appeal for unemployment insurance:
termination was for cause.
Unfortunately, in a University, if a student gets buggered by the
staff, there is rarely any effective recourse; this is all the more
reason that an honorable man would attempt to bend over backwards in
order not to cause unnecessary injury.
What appears to *me* is that the real issue for system administrators,
especially at universities, is this:
1. You are there to help the users do work on the system; they are the
reason for your existence. (If you don't believe this, cancel a *faculty
member's* account to "get their attention.") It is easy to forget while
administering things to beat the band, that the objective is for
*everyone* to have access needed. Not everyone but the trouble makers,
*everyone*. It behooves us doing system admin to try to remember this.
(Try to recall Fred (?) Cohen, who found it difficult to do the original
technical work on viruses because once people learned he *could* build
them, they refused to let him onto their systems.)
2. Students, especially undergraduates, sometimes do foolish things,
sometimes do stupid things, sometimes even screw things up. (I
discovered the fact that running out the file space can completely lock
up 2.xBSD systems by writing a too-big file from a background process,
many years ago. Up to then, I'd always dealt with systems that didn't
think crashing was an error message. It was hardly malicious.) If they
knew what they were doing they wouldn't *be* students. You as system
administrator will sometimes need to remonstrate with them.
The force you use *must* be measured. If someone is giving someone
else's terminal the crabs, then mention to them that this is antisocial
behavior, as much fun as it might be. THEN see if THEY do it again.
Don't assume that if anyone's terminal gets the crabs, it must have been
the same person. If it happens several times, wonder if your security
set up is at fault. Or set some kind of instrumentation to make certain
who is doing it. Remember one of the great advances of human thought:
"Innocent until proven guilty beyond a reasonable doubt."
3. Using the admin power to lock someone's account is about as forceful
as it is possible to be; this power *must* be reserved for problems that
appear to really seriously affect the security of the system. Even
then, you ought to make sure that someone has the authority to release
the lock, and that this person is accessible, and that *part of their
job description* is to deliver remonstrance and mercy at the same time.
(If I'd have gotten my account locked on Friday night after my screwup,
with problem sets due Monday morning, and the staff member who could
release it was out of town over the weekend, *I* would be sore wroth.
But would the Dean intervene for me with a professor? How about the
system administrator? Likely as not, from Sanjay's responses and
others, they'd say "you deserved it.")
In many academic situations, losing the use of the computer for a full
week is tantamount to expulsion; both out of a desire to behave
honorably, and out of a sense for your own -- financial, because the U
will drop you like a hot rock if a lawsuit looks like it will succede,
and physical, because a distraught young college student who is going to
have to face Dad may take *any* foolish step -- safety, you must be
very certain that you aren't using that power maliciously.
4. In general, *good* system administration is as close to invisible as
possible; if you find your self dealing with irate users very often, the
problem is more likely yours than theirs.
--
Charlie Martin (...!mcnc!duke!crm, crm@cs.duke.edu)
13 Gorham Place/Durham, NC 27705/919-383-2256
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 15:28:42 GMT
Message-Id: <1991Jun20.152842.26785@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <90910619205609.0003158580NB1EM@mcimail.com>ra
Subject: Re: (none)
In article <90910619205609.0003158580NB1EM@mcimail.com> 0003158580@mcimail.COM (William Hugh Murray) writes:
>Subject: Re: User Theft of Services
>
>>...., but the alternative was suffering the sysadmins suspension-- and I
>>don't find that acceptable,....
>
>Those who recognize no authority but themselves may be saints. However,
>in every social order they are marked as asocial deviants. They bait
>ever more powerful authorities until they find themselves in a futile
>and irreconcilable conflict with the state.
>
>They are only slightly more to be pitied than the damned fools who argue
>with them.
So, you going to write me in prison? Probably MD State Pen, unless there is
a draft, in which case you can find me at Levenworth.
> 3. The users' right to free enjoyment includes the right to employ the
> system in the manner expected and intended by the authorities. Users
> with special requirements, or contemplating using the system in a manner
> likely to cause alarm have a positive duty to warn the authorities.
> Experimentation will be restricted to those systems, methods, and
> protocols sanctioned by the authorities in advance.
Anything not specifically permitted is forbidden. I suppose you won't be
surprised that I strongly disagree with such an attitude. Though it is an
attitude shared by the sysadmins at CSC-- they once tried to convince a friend
of mine he was doing something wrong by using a mail-to-news gateway
(probably because it was me who modified the PNews script to use it), just
because of the standard 'rn' warning: "This machine does not have permission
to post news."
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 14:46:04 GMT
Message-Id: <0094A674.73FF37A0@KING.ENG.UMD.EDU>
Organization: The U. of MD, CP, CAD lab
From: mojo!SYSMGR%KING.ENG.UMD.EDU@mimsy.umd.edu
References <0094A4ED.A3823140@KING.ENG.UMD.EDU>,<1991Jun18.180830.27171@eng.umd.edu>, <0094A50B.71F6CC80@KING.ENG.UMD.EDU>,<1991Jun18.235620.1859@yenta.alb.nm.us>, <0094A5B0.430F9960@KING.ENG.UM
Reply-To : sysmgr@KING.ENG.UMD.EDU (Doug Mohney)
Subject: Re: Punishment
In article <1991Jun20.061755.2697@yenta.alb.nm.us>, lazlo@yenta.alb.nm.us (Lazlo Nibble) writes:
>sysmgr@KING.ENG.UMD.EDU (Doug Mohney) writes:
>
>> I guess other individuals on the system have no rights, other than what
>> other users allow them by your stance. That's amusing.
>
>Answer the question. Who do you think is more at fault: the person who's
>initiating a chat page or the person who doesn't bother to learn enough
>about the system to hit the seven keys it takes to turn them off?
I did fully answer the question: If the person who initiates the chat pages
continues to do so to the same user for other 20 minutes, he's being a pain in
the rear, regardless of the experience level of the user on the other end.
>If you want to run a system that caters to the willfully ignorant --
>people who'd rather run and cry to the sysadmin than fix a problem they
>can fix on their own in a second or two -- that's your business. I just
>hope I'm never stuck there with you.
I don't cater to the willfully ignorant. At the same time, I don't expect
everyone to have the same knowledge and skill levels as comp. sci. students.
Not everyone is going to be as brilliant as you are, Mr. Lazlo.
>> Ah. The typical "the doors are unlocked, so I have the right to do
>> whatever I want to your house" arguement. Sure. Try it.
>
>One more time for the brain-dead, Doug. Read it carefully. You may want
>to use a dictionary:
>
> If there is no law against trespassing, the police have no
> business arresting me for it. If there is no policy against
> sending things to other peoples' displays, you have no business
> yanking my account for it.
There's no policy on the books for obnoxious behavior, but you can get arrested
for disturbing the peace. Annoying other users is disturbing the peace. Do
something stupid in public that annoys people and disrupts their work, and I
will pull your account. If you want to play X-window games, fine. Play them
with cooperative friends, not with some poor undergraduate who wants to get
project finished without distractions.
Signature envy: quality of some people to put 24+ lines in their .sigs
-- > SYSMGR@CADLAB.ENG.UMD.EDU < --
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 19:03:53 GMT
Message-Id: <1991Jun20.190353.28236@magnus.acs.ohio-state.edu>
Organization: The Ohio State University
From: snorkelwacker.mit.edu!usc!zaphod.mps.ohio-state.edu!magnus.acs.ohio-state.edu!dysart@world.std.com
References <1991Jun18.235620.1859@yenta.alb.nm.us>, <0094A5B0.430F9960@KING.ENG.UM, <0094A674.73FF37A0@KING.ENG.UMD.EDU>
Subject: Re: Punishment
>
>There's no policy on the books for obnoxious behavior, but you can get arrested
>for disturbing the peace. Annoying other users is disturbing the peace. Do
>something stupid in public that annoys people and disrupts their work, and I
>will pull your account. If you want to play X-window games, fine. Play them
>with cooperative friends, not with some poor undergraduate who wants to get
>project finished without distractions.
>
Actually, initiating uninvited connections to unprotected terminals is alot
like calling somebody on the phone when they don't want to be disturbed. In
the case of the public telephone system, this is not a crime except for
obscene, harrassing, or [repeatedly] annoying calls. That's why there is
such a discussion going on about regulating automated telemarketing and the
proposed implementation of caller id (check out alt.privacy for a long
discussion of these topics).
--
Mitch Dysart
dysart@magnus.acs.ohio-state.edu
-------------------
Message-Id: <9106202044.AA16840@eff.org>
From: TK0JUT1%MVS.CSO.NIU.EDU@UICVM.uic.edu
Subject: Academic Freedom, the FBI and HR-1400
I've been told that the "Bush's" crime bill, HR-1400 (introduced by Rep.
Michels of Illinois), contains a provision that (according to the source):
...the FBI may request telephone or credit records in "authorized
foreign counterintelligence investigations" and that it is a misdemeanor
for the service provider to disclose, ever, to anyone, that such a
request was made."
Given the FBI's rather sordid history in political surveillance, this raises
some issues of academic freedom for this group. It's not clear whether
"telephone" (or other) records that include computer info in a university
account (especially if placed there via dial-up) would fall under this Bill.
In the past, broad definitions--often defying normal logic--were used to
justify law enforcement intrusion. If this means that the FBI is permitted to
scrounge about in somebody's account, even if that person him/herself were
*not* involved in or suspected of wrongdoing, sysops and sysads would not only
be compelled to comply, but would be subject to criminal penalities if they
*ever* revealed to the target that they were a target.
Thinking back on the McCarthy era and the consequences of political
surveillance in the 60s and 70s, this, if passed, seems a potential threat to
academic freedom and another potential area of abuse.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 17:04:47 GMT
Message-Id: <1991Jun20.170447.13473@ux1.cts.eiu.edu>
Organization: Eastern Illinois University
From: zaphod.mps.ohio-state.edu!uwm.edu!ux1.cso.uiuc.edu!ux1.cts.eiu.edu!csfed@uunet.uu.net
References <1991Jun18.235620.1859@yenta.alb.nm.us>, <0094A5B0.430F9960@KING.ENG.UM, <1991Jun20.061755.2697@yenta.alb.nm.us>
Subject: Re: Punishment
In article <1991Jun20.061755.2697@yenta.alb.nm.us> lazlo@yenta.alb.nm.us (Lazlo Nibble) writes:
>
>Answer the question. Who do you think is more at fault: the person who's
>initiating a chat page or the person who doesn't bother to learn enough
>about the system to hit the seven keys it takes to turn them off?
>
I'm not taking any sides in this issue, but my curiosity has been aroused.
Pardon me if I sound a tad nieve.
This is not the first time this arguement has been made. I have one little
question, though . . . What about the users who want to get msgs from
certain users, without being pestered by more obnoxious users.
Frank Doss
-------------------
Message-Id: <199106202054.AA01444@mp.cs.niu.edu>
Subject: Re: War story and some thoughts....
Newsgroups: info.academic-freedom
References: <1991Jun19.222310.490@miavx2.ham.muohio.edu>
Organization: Northern Illinois University
Date: Thu, 20 Jun 91 15:54:34 -0500
From: Neil Rickert
In article <677391652@macbeth.cs.duke.edu> duke!crm@mcmc.org writes:
>1. System administrator wants to preserve services for others
>2. System administrator takes drastic action on own authority
>3. System administrator buggers someone who was using the system
> according to what few published policies there were at the time, and
> doing useful work in a way the administrator didn't consider.
>4. System administrator trys to cover own ass.
>5. System administrator lost appeal for unemployment insurance:
> termination was for cause.
>
>Unfortunately, in a University, if a student gets buggered by the
>staff, there is rarely any effective recourse; this is all the more
>reason that an honorable man would attempt to bend over backwards in
>order not to cause unnecessary injury.
Please tell us which University you went to, so we can avoid it.
I strongly suspect that in most universities this administator would not
last long either.
>(If I'd have gotten my account locked on Friday night after my screwup,
>with problem sets due Monday morning, and the staff member who could
>release it was out of town over the weekend, *I* would be sore wroth.
>But would the Dean intervene for me with a professor? How about the
>system administrator? Likely as not, from Sanjay's responses and
>others, they'd say "you deserved it.")
Right everything is always the sysadmin's fault. If the sysadmin lock's
the student out over the weekend, and the student thereby flunks, it is the
sysadmin's fault. If the sysadmin doesn't lock the student out, and the
student's action locks the rest of the class out causing them to flunk, it is
still the sysadmin's fault. If the professor is totally unforgiving to the
student who lost access, it is the sysadmin's fault. If the student was
given three weeks to do his assignment, but chose to leave it all to the last
minute to give him more time to screw up the system, it is the sysadmin's fault.
Can we be more reasonable that that in this discussion. Most system
administrators are pretty reasonable people. They generally understand that
student's screw up from time to time, and ignore it, or send friendly email
warnings. Only when the problem caused is particularly serious, or the
student has ignored repeated warnings, do they take more drastic action.
Sure a sysadmin will occasionally screw up. Can you be perhaps 1% as
forgiving to him as you want him to be to the student who screws up? Sure
there is an occasional bad sysadmin. I hear tell there is an occasional
bad student, and occasional bad professor, an occasional bad politician,
etc. Don't put system administrators in a special category whereby they
have to be 100% perfect 100% of the time just so that the imperfections of
others need never be considered.
>In many academic situations, losing the use of the computer for a full
>week is tantamount to expulsion; both out of a desire to behave
If this is really the case, I think you should be looking for ways to fire
the professor, not the system administrator. Most faculty will bend over
backwards to make allowances for the student with genuine problems having
access to a computer. A faculty member who won't doesn't give a damn about
his students so should not be on the faculty. Most sysadmins, when they
suspend a student account, are quite willing to discuss this with the faculty
member concerned, and to consider reasonable alternative arrangements.
--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Neil W. Rickert, Computer Science
Northern Illinois Univ.
DeKalb, IL 60115 +1-815-753-6940
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 20 Jun 91 18:27:56 GMT
Message-Id: <1991Jun20.182756.11183@news.cs.brandeis.edu>
Organization: Brandeis University Computer Science
From: olivea!bbn.com!nic!news.cs.brandeis.edu!chaos.cs.brandeis.edu!richard@uunet.uu.net
References: , <1991Jun14.192722.339@eff.org>
Subject: Re: Punisher
In article <1991Jun14.192722.339@eff.org>, kadie@eff.org (Carl M. Kadie) writes:
|> Resolved: The punishment that a computer administrator can impose on a
|> student should be not exceed that which an instructor can impose.
|>
|> This policy is wise; it is a check against overly harsh punishment. (A
|> suspension from the classroom, computer, or campus is serious because
|> it may prevent a student from completing a required homework or
|> test.)
|>
Hear, hear! For many disciplines it no longer a priviledge (as it once was),
but a necessity to have access to computers; denying such access is tantamount
to kicking a student out of school. That a sysadmin anywhere can get away with
seriously/fatally impede one's studies is appalling. IMHO, the sysadmin (or
their boss that knows, and lets them get away with such behavior) should be
seriously repremanded.
--
Richard Congdon
Brandeis University Computer Science
617/736-2717
-------------------
Posted-Date: Thu, 20 Jun 91 20:14:07 CDT
Message-Id: <9106210114.AA12222@gobi.cs.utexas.edu>
From: wires@cs.utexas.edu (Michael Ray Neuliep)
Date: Thu, 20 Jun 91 20:14:07 CDT
X-Mailer: Mail User's Shell (6.5.6 6/30/89)
Subject: mail test
does it work?
-------------------
Date: Thu, 20 Jun 91 22:08:46 -0400
From: kadie (Carl M. Kadie)
Message-Id: <9106210208.AA21725@eff.org>
Subject: Re: mail test
Your second note got sent out to the mailing list.
- Carl
p.s. There is also a newsgroup version of the mailing list
called alt.comp.acad-freedom.talk and alt.comp.acad-freedom.news.
- Carl
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Fri, 21 Jun 1991 02:39:04 GMT
Message-Id: <1991Jun21.023904.316@netcom.COM>
Organization: DAFCO - An OS/2 Oasis
From: netcomsv!feustel@decwrl.dec.com
References: , <9106202044.AA16840@eff.org>us
Subject: Re: Academic Freedom, the FBI and HR-1400
I voted for Bush because of his experience. Now I think I will vote
for ANY Democratic presidential candidate on the grounds that Bush has
a passion for secrecy in government that we just can't afford, not to
mention the damage his appointments to the Supreme Court are doing (and
will do in spades) if he gets to make any more.
--
David Feustel, 1930 Curdes Ave, Fort Wayne, IN 46805, (219) 482-9631
EMAIL: feustel@netcom.com or feustel@cvax.ipfw.indiana.edu
-------------------
Message-Id: <9106210343.AA22848@eff.org>
From: TK0JUT1%MVS.CSO.NIU.EDU@UICVM.uic.edu
Subject: Re: War story and some thoughts....
Neil Rickert writes:
> If this is really the case, I think you should be looking for ways to fire
>the professor, not the system administrator. Most faculty will bend over
>backwards to make allowances for the student with genuine problems having
>access to a computer. A faculty member who won't doesn't give a damn about
>his students so should not be on the faculty. Most sysadmins, when they
>suspend a student account, are quite willing to discuss this with the
>faculty member concerned, and to consider reasonable alternative
>arrangements.
There's another issue buried in Neil's post that we haven't yet addressed.
Classroom and other university "rights" have evolved through trial and error,
conflicts, experiment, and accomodation/resistance over the years. Computer
technology is fairly recent, and except in the most flagrant behaviorial
screwups, definitions of improper behavior (ranging from those that are merely
administrative nuisances to those that are highly destructive), jurisdiction
for responding to them, and appropriate responses to them (ranging from policy
changes by sysads to sanctions imposed on the screwup) are still evolving.
Most of the recent discussion here has reflected attack/defense posturing, and
little has been done to try to identify and sort out issues of definition,
jurisdiction, and appropriate response that includes due process safeguards in
incidents when sanctions may follow.
If a student is caught cheating on a test, the test grade may be withheld,
down-graded, or deferred (among the many options available). This, as does
sysad response to perceived computer abuse, falls within the discretion of the
instructor. But, most public universities follow due process guidelines that
protect both the student and instructor in cases of alleged misbehavior.
Although these policies also extend to alleged computer abuse, there are
numerous grey areas in which ambiguity creates risks for both sides. Rather
than grouse about individual incidents, these indicents could be used as icons
to illustrate the procedural gaps that need filling in so that they can become
policy.
NIU, Neil's homebase, seems to have few problems on either the mainframe or
the Unix system (Neil's domain). Perhaps laying out some of these polices
would be a way of establishing some minimal ideal standards.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 21 Jun 91 03:34:17 GMT
Message-Id:
Organization: /home/cg108w/cg108w3/.organization
From: zaphod.mps.ohio-state.edu!sdd.hp.com!ucsd!sdcc6!sdcc6.ucsd.edu!cg108w3@uunet.uu.net
References: , <5C05F3333C212928@ccmail.sunysb.edu>e.
Subject: Re: (none)
--=}>> On 20 Jun 91 11:51:00 GMT, SKAPUR@ccmail.SUnysb.EDU (Sanjay Kapur) said:
> If there is no law against trespassing, the police have no
> business arresting me for it. If there is no policy against
> sending things to other peoples' displays, you have no business
> yanking my account for it.
>--
>Lazlo (lazlo@triton.unm.edu, lazlo@yenta.alb.nm.us)
SK> I would be extremely surprised if any university did NOT have a policy on
SK> general harrassment of one student by another. Putting up things on other
SK> peoples's displays is harrassment. Everything does not have to spelled out in
SK> the computer policy if it is already covered by general University Policy.
SK> Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Am I the only one reading all this in shock, wondering where it will
stop?? I mean, am I the only one who pops things up on X displays as
a (well received) joke, favor, or demonstration?
I mean, next thing you know, xset'ing their keyclick on, xmeltdown,
shooting rubber bands, making funny faces, and footsie will be cause
for suspension!
Why does it always seem like the people who "administer" computers
are the most lacking in understanding of what life in the computer lab
is all about!
-Steve, ftp'ing to /dev/audio across the room, and proud of it! :)
--
}>> Steve Haehnichen <<{
shaehnichen@ucsd.edu Disclaimer: UCSD and I do not share any opinions.
-------------------
Date: Fri, 21 Jun 1991 01:42 EDT
From: Sanjay Kapur
Subject: Re: (none)
Message-Id:
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Am I the only one reading all this in shock, wondering where it will
>stop?? I mean, am I the only one who pops things up on X displays as
>a (well received) joke, favor, or demonstration?
>
I have nothing against a well received joke, favor or demonstration. I am
very much against a joke that crosses a line and becomes harrassment. The
person who the joke is played on decides if it was a joke or harrassment.
>I mean, next thing you know, xset'ing their keyclick on, xmeltdown,
>shooting rubber bands, making funny faces, and footsie will be cause
>for suspension!
>
Shooting rubber bands is something I have always hated and I will most probably
sue the next person who shoots them at me.
Footsie is under certain circumstances sexual harrassment and will most
definitely lead to suspension from the University if the person footsied
objects and files a complaint.
xmeltdown is not funny at all if you are a new user who has to complete a
project in time and are not in the least interested in the inner workings of
x windows.
As the above indicates, what may be fun and games to you may not be fun and
games to everyone.
Have you ever considered the feelings of someone who does not want to join in
the fun and games?
>Why does it always seem like the people who "administer" computers
>are the most lacking in understanding of what life in the computer lab
>is all about!
All systems administrators have been users and have gone through the computer
lab. They also hear complaints from users who do not want to appear to oppose
"fun and games" but do not want to have any part in them but also fear
being ostracized by other students if they actively oppose "rubber bands" being
thrown at them.
Before playing a prank on someone, get that person's permission. Get a user's
permission BEFORE you display a picture at a display they are working on. Do
NOT assume you have implicit permission to play jokes just because both of you
have accounts on the same system.
>--
>}>> Steve Haehnichen <<{
> shaehnichen@ucsd.edu Disclaimer: UCSD and I do not share any opinions.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Fri, 21 Jun 1991 18:48:24 GMT
From: MCNAB_PD@DARWIN.NTU.EDU.AU (XCACORP)
Message-Id: <910621184824.20200456@DARWIN.NTU.EDU.AU>
Subject: Re: Academic Freedom, the FBI and HR-1400
Just a (cynical) note re:Bush's secrecy in government. What did you honestly
expect from a politician who headed the CIA? (or was it the FBI - the memory
is clouded).
__________________
Mark Neely
-------------------
Date: Fri, 21 Jun 91 8:48:29 EDT
From: Joe Brennan
Subject: Re: Academic Freedom, the FBI and HR-1400
Message-Id:
TK0JUT1%MVS.CSO.NIU.EDU@UICVM.uic.edu writes:
> I've been told that the "Bush's" crime bill, HR-1400 (introduced by Rep.
> Michels of Illinois), contains a provision that (according to the source):
> ...the FBI may request telephone or credit records in "authorized
> foreign counterintelligence investigations" and that it is a misdemeanor
> for the service provider to disclose, ever, to anyone, that such a
> request was made."
But
1st Amendment
Congress shall make no law respecting an establishment of
religion, or prohibiting the free exercise thereof; or abridging
the freedom of speech, or of the press; or the right of the
people peaceably to assemble, and to petition the government for
a redress of grievances.
So this can't be true.
--Joe Brennan
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Fri, 21 Jun 1991 14:48:29 GMT
Message-Id:
Organization: Recreational Creationists, Inc.
From: stanford.edu!msi.umn.edu!umeecs!zip!bagchi@uunet.uu.net
References: , .e
Subject: Re: (none)
In article SKAPUR@ccmail.SUnysb.EDU (Sanjay Kapur) writes:
...
>xmeltdown is not funny at all if you are a new user who has to complete a
>project in time and are not in the least interested in the inner workings of
>x windows.
Christ...it goes away doesn't it? It's not like it affects
your work in the long term...
>
>As the above indicates, what may be fun and games to you may not be fun and
>games to everyone.
>
>Have you ever considered the feelings of someone who does not want to join in
>the fun and games?
>
>>Why does it always seem like the people who "administer" computers
>>are the most lacking in understanding of what life in the computer lab
>>is all about!
>
>All systems administrators have been users and have gone through the computer
>lab. They also hear complaints from users who do not want to appear to oppose
>"fun and games" but do not want to have any part in them but also fear
>being ostracized by other students if they actively oppose "rubber bands" being
>thrown at them.
First, why didn't adjust the xhost in the startup files to
prevent this?
When they complain about "rubber bands", why not tell them
about unxhosting displays? Half the time, tracing down whoever's
running the xstuff isn`t terribly easy, anyway. It's definitely not
worth the time to play "cop".
>Before playing a prank on someone, get that person's permission. Get a user's
>permission BEFORE you display a picture at a display they are working on. Do
>NOT assume you have implicit permission to play jokes just because both of you
>have accounts on the same system.
Kinda ruins the "oomph" factor, doesn't it? Besides...if
xhost were set correctly, you'd have to say "xhost me" to the victim,
as it is.
A word about pranks... How often do you get a prank pulled on
you, and it's not by someone you know sitting next to you? More to
the point, pranksters, why would you pull something on someone you
didn't know who wouldn't get a giggle out of it.
Am I the only one completely unsympathetic to people who
consider a workstation to be only a "C++" machine for running database
apps? When you get a car, you learn to understand it, and at least get
some kind of understanding of what it does. When I use a new computer
system, I try and learn what it can do. Most of user-level X an be
learned in an afternoon. Same with Unix. Maybe sysadmins should make
something available to start people on their way...
-rj
--
--------------------------------------------------------------------------------
Ranjan Bagchi - asleep...... | v,i,j,k,l,s,a[99];
bagchi@eecs.umich.edu | main() {
------------------------------- for(scanf("%d",&s);*a-s;v=a[j*=v]-a[i],k=i=s*k&&++a[--i]) ;
} /* Osovlanski and Nissenbaum */
--------------------------------------------------------------------------------
-------------------
Message-Id: <199106211448.AA16771@mp.cs.niu.edu>
Subject: Re: War story and some thoughts....
Newsgroups: info.academic-freedom
Organization: Northern Illinois University
Cc: TK0JUT1@MVS.CSO.NIU.EDU
Date: Fri, 21 Jun 91 09:48:05 -0500
From: Neil Rickert
In article <9106210343.AA22848@eff.org> Jim Thomas writes:
>NIU, Neil's homebase, seems to have few problems on either the mainframe or
>the Unix system (Neil's domain). Perhaps laying out some of these polices
>would be a way of establishing some minimal ideal standards.
I thought a little about this. I am not too sure you can lay out the
policies. They are probably no better defined or descibed here, than
anywhere else.
If there are few problems here, it is largely because there is good
communication between the Computer Science department (with probably the
heaviest student usage of computing) and the Computer Center.
Most of the time when there is a problem, such as overly severe treatment
of a student offense, then regardless of what the facts may be there is
probably an underlying hostility between the computer administration and the
academic department. Most people, including computer administrators, faculty
and students, are reasonable most of the time. If reasonable people
communicate, problems can usually be resolved. But when a lack of
communication exists, the academic department is likely to be mainly familiar
with the student's side of the problem while the computing administration is
mostly familiar with the impact on the system and other users. Because they
see the same situation in quite different lights, the hostility and
misunderstanding is only exacerbated.
The idea of a strict set of policies, rules of due process, rights of
appeal, etc, may sound nice on paper. But in reality they are the method of
last resort that you must go to when communication has failed and there is no
mutual trust between the various parties. Good communication and an honest
attempt to clear up confusion and misunderstanding in an informal manner are
almost always better approaches where available.
--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Neil W. Rickert, Computer Science
Northern Illinois Univ.
DeKalb, IL 60115 +1-815-753-6940
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 21 Jun 91 14:21:09 GMT
Message-Id: <91Jun21.102054edt.6237@neat.cs.toronto.edu>
Organization: Department of Computer Science, University of Toronto
From: zaphod.mps.ohio-state.edu!rpi!news-server.csri.toronto.edu!neat.cs.toronto.edu!mgreen@uunet.uu.net
Subject: How Do You Use the Freedom of Information Act?
I'd appreciate help in finding out how you can request university
records under the freedom of information act.
Marc Green
Trent University
-------------------
Date: Fri, 21 Jun 1991 11:10 EDT
From: Sanjay Kapur
Subject: Re: (none)
Message-Id: <40F72C139C217C69@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>>xmeltdown is not funny at all if you are a new user who has to complete a
>>project in time and are not in the least interested in the inner workings of
>>x windows.
>
> Christ...it goes away doesn't it? It's not like it affects
>your work in the long term...
>
If you have a deadline, it is the short term that matters.
> First, why didn't adjust the xhost in the startup files to
>prevent this?
>
For the same reason I do not keep my phone off the hook all the time. So that
people can reach me, not for them to annoy me.
> When they complain about "rubber bands", why not tell them
>about unxhosting displays? Half the time, tracing down whoever's
>running the xstuff isn`t terribly easy, anyway. It's definitely not
>worth the time to play "cop".
see my response above. Tracing a phone call is also not easy.
>
>>Before playing a prank on someone, get that person's permission. Get a user's
>>permission BEFORE you display a picture at a display they are working on. Do
>>NOT assume you have implicit permission to play jokes just because both of you
>>have accounts on the same system.
>
> Kinda ruins the "oomph" factor, doesn't it? Besides...if
>xhost were set correctly, you'd have to say "xhost me" to the victim,
>as it is.
>
I see you like to think of persons you play pranks on as "victims".
I do not like to see people "victimized".
> A word about pranks... How often do you get a prank pulled on
>you, and it's not by someone you know sitting next to you? More to
>the point, pranksters, why would you pull something on someone you
>didn't know who wouldn't get a giggle out of it.
>
Maybe they want to show off or annoy someone they do not like. In a computer
lab, I have no control over who is sitting next to me. For all I know, the
person sitting next to me may be an obnoxious redneck boor who likes hurting
people.
> Am I the only one completely unsympathetic to people who
>consider a workstation to be only a "C++" machine for running database
>apps? When you get a car, you learn to understand it, and at least get
>some kind of understanding of what it does. When I use a new computer
>system, I try and learn what it can do. Most of user-level X an be
>learned in an afternoon. Same with Unix. Maybe sysadmins should make
>something available to start people on their way...
>
You have every right to be unsympathetic, but just because you are
unsympathetic does NOT give you a right to be a prankster or impose your views
on everyone.
I agree that a reasonably interested and smart person can learn most of the
user level X stuff and Unix stuff in a few afternoons. But there are a lot
of people who are not in the least interested and consider it a total waste
of time learning that stuff.
I agree that System administrators should make something available to start
people on their way. If you susbscribe to HDESK-L or ADVISE-L you will see a
lot of people complaining about how difficult it is to get users to actually
read any documentation.
>Ranjan Bagchi - asleep...... | v,i,j,k,l,s,a[99];
>bagchi@eecs.umich.edu | main() {
>------------------------------- for(scanf("%d",&s);*a-s;v=a[j*=v]-a[i],k=i=s*k&&++a[--i]) ;
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
From kadie Sat Jun 22 00:37:06 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Sat Jun 22 00:35:43 EDT 1991
In this issue:
kadie : My Punishment
kadie : Re: War story and some thoughts....
mojo!russotto@mims : Re: (none)
mojo!russotto@mims : Re: Academic Freedom, the FBI and HR-1400
mojo!russotto@mims : Re: (none)
Joe Brennan
Organization: The Electronic Frontier Foundation
From: kadie
Subject: My Punishment
[I'm posting this for - Carl]
I'm not sure if this is relevant and as I've been following this group
I've been compelled to respond and share an incident that occured when
I was a student at the University of Illinois at Champaign-Urbana.
The Story: I was a relatively new user to the idea of UNIX and usenet
and I love the challenge of learning something new and seeing what I can
do with the new knowledge. I had the misfortune of being caught up in a
flame war in a local newsgroup with a student employee of the university
CSO (computing services offices) which are the people responsible for
the maintaince of the universities student computer, uxa. In retrospect
this wasnt too bright what I did but I did a BIFF flame-post against this
employee. Here's how things were handled by CSO: the employee filed a
formal complaint (what a weenie) against me and all accounts on all
university machines that I had were suspended pending the outcome of a
hearing to be held by the Student Disciplinary Committee. No problem I
screwed up and had to face this committee and a judgement would be handed
down. Now here is where things get interesting...
What happened: I waited two weeks waiting for the committee to contact me
to set up a date for a hearing. The sysadm for uxa who took away my account
said things were "out of his hands at this point" and that I would have to wait.
So I waited a little longer and still nothing. I went to talk about this
with the Student Legal Services on campus to see what kind of advice they
could give me in this matter. A representative from there said most cases
were handled in 10-14 days and she was surprised that something like this
would have even gone to the disciplinary committee since most cases handled
by the committee involved real crimes like theft, assault, sexual battery,
vandalism etc... She told me to contact the committee I did. A rep from
the committee had told me that CSO had never filed anything against me.
CSO people said they had filed it and were awaiting the committee's outcome.
I kept in touch with both cso and the student committee for a month and cso
insisted that the case was given to the committee and the committee said
they never got it from them. It was suggested by cso that I be real polite
and try not to force and expidiate the hearing because it "would be bad"
for my best interest, so I took their advice. A month later the semester
ended and I transferred to another university. The issue was never resolved.
What it means: The heads of the CSO and the CS dept thought it in their
best interest to keep me off of university machines because I was a maverick
user who dared venture into (before this incident) the gray areas of what
acceptable use of a machine was. As a result of some of my actions UIUC
rules governing legitimate computer usage was rewritten :-) I felt that
CSO intentionally never submitted the complaint to the student disciplinary
committee because in effect it would keep all my accounts suspended pending
outcome of the case, however if the case never reached there there would be
no outcome thus the accounts would be suspended indefinately...
The bottom line: Doing a BIFF posting like I did was wrong, I admit that
but I feel it was more wrong the policy the university people took up to
handle my case. Embarrassing a CSO employee was a bad move on my part
because it makes him look like he isnt doing his job to the best of his
ability and since politics and beaurocracy is what makes things run at
the U of Illinois revenge was taken by throwing me into that beaurocratic
wheel and blacklisting me from potential employment opportunities working
with computers of ANY sort (even pc's). Being a CS major I felt shafted
since I'd never be able to get any kind of practical experience here.
The moral of the story: Don't mess with people in power here. It doesnt
matter what rules there are and aren't because in the end you get slammed
more than you might ever imagine. The punishment never fits the crime: it
will be four times as worse. If a rule prevents someone in power from
doing something, they'll nail you for something else somewhere down the line.
The little guy always is the one that gets squashed and it could happen
like this anywhere.
-Mike Neuliep
-----------------------------------------------------------------------------
Dumb Disclaimer: my views and opinions in no way reflect the dept of cs
at the university of texas. they are all MINE! :-)
internet: wires@cs.utexas.edu |||| ProlineNET: wires@pro-harvest.cts.com
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Fri, 21 Jun 1991 16:13:33 GMT
Message-Id: <1991Jun21.161333.6645@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: , <9106210343.AA22848@eff.org>, <199106211448.AA16771@mp.cs.niu.edu>
Subject: Re: War story and some thoughts....
rickert@cs.NIu.EDU (Neil Rickert) writes:
>In article <9106210343.AA22848@eff.org> Jim Thomas writes:
[...]
> I thought a little about this. I am not too sure you can lay out the
>policies. They are probably no better defined or descibed here, than
>anywhere else.
[...]
> Most of the time when there is a problem, such as overly severe treatment
>of a student offense, then regardless of what the facts may be there is
>probably an underlying hostility between the computer administration and the
>academic department. Most people, including computer administrators, faculty
>and students, are reasonable most of the time.
[...]
You describe a balance of power. Because everyone knows that their
actions might be challenged, they are more fair and reasonable.
Because they are more fair and reasonable, their actions seldom need
to be challenged. I think a good due-process procedure works the same
way, encouraging people to be fair and reasonable even though it is
seldom used.
The best example of what happens when there is no balance of power of
due-process procedure comes from the first PC-based BBS systems. As a
user, I remember feeling like a flea compared to the godlike owner
(sys op) of the system. The sys op could, and did, do anything he or
she wanted. (The situation is better now that there is competition
among sys ops.)
I don't think the problem was with the personality of the sys ops.
Rather the problem was systemic (absolute power corrupting absolutely).
Our goal should be to outline which systems encourage people to be
fair and reasonable.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 21 Jun 91 15:37:41 GMT
Message-Id: <1991Jun21.153741.11626@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , <5C05F3333C212928@ccmail.sunysb.edu>, .cwru.ed
Subject: Re: (none)
In article cg108w3@ucsd.edu (Steve - Happy Hacker) writes:
>
>I mean, next thing you know, xset'ing their keyclick on, xmeltdown,
>shooting rubber bands, making funny faces, and footsie will be cause
>for suspension!
I think footsie falls under the sexual harassment policy. Shooting rubber
bands is probably assault and battery.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 21 Jun 91 15:43:47 GMT
Message-Id: <1991Jun21.154347.11817@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References <(Joe>, , net.ins
Subject: Re: Academic Freedom, the FBI and HR-1400
In article brennan@cunixf.cc.columbia.EDU (Joe Brennan) writes:
>TK0JUT1%MVS.CSO.NIU.EDU@UICVM.uic.edu writes:
>
>> I've been told that the "Bush's" crime bill, HR-1400 (introduced by Rep.
>> Michels of Illinois), contains a provision that (according to the source):
>> ...the FBI may request telephone or credit records in "authorized
>> foreign counterintelligence investigations" and that it is a misdemeanor
>> for the service provider to disclose, ever, to anyone, that such a
>> request was made."
>
>But
>
> 1st Amendment
> Congress shall make no law respecting an establishment of
> religion, or prohibiting the free exercise thereof; or abridging
> the freedom of speech, or of the press; or the right of the
> people peaceably to assemble, and to petition the government for
> a redress of grievances.
>
>So this can't be true.
Ahh, naivete....
Supreme Court: 'compelling states interest' overrides specific language of
constitution.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 21 Jun 91 15:41:16 GMT
Message-Id: <1991Jun21.154116.11758@eng.umd.edu>
Organization: College of Engineering, Maryversity of Uniland, College Park
From: mojo!russotto@mimsy.umd.edu
References: , e.
Subject: Re: (none)
In article Sanjay Kapur writes:
>
>Shooting rubber bands is something I have always hated and I will most probably
>sue the next person who shoots them at me.
>
>Footsie is under certain circumstances sexual harrassment and will most
>definitely lead to suspension from the University if the person footsied
>objects and files a complaint.
Isn't this something. I make a cynical, what I consider outrageous description
of the crimes involved, and Sanjay Kapur, an administrator, follows up with an
entirely serious description-- but one essentially the same.
--
Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
.sig under construction, like the rest of this campus.
-------------------
Date: Fri, 21 Jun 91 13:22:34 EDT
From: Joe Brennan
Message-Id:
Mr Russotto writes of my first amendment quotation:
> Ahh, naivete....
Or maybe I thought smileys weren't necessary?
> Supreme Court: 'compelling states interest' overrides specific language of
> constitution.
Oh, someone else will apply this one to the endless story of his
computer account; I won't have to.
Joe Brennan
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Fri, 21 Jun 1991 17:19:41 GMT
Message-Id:
Organization: The Electronic Frontier Foundation
From: ckd
Subject: Good admins, bad admins, etc.
There seem to be two completely (well, not completely) different types
of system administrators. From the curious user's point of view, these
are the "good" kind and the "bad" kind.
Discussions here and on other groups (like comp.admin.policy) have
resulted in something like the following exchange:
User: "I got hosed for doing something that wasn't really wrong, like
sending 'talk' requests. System administrators are all bad."
Good SA: "But I wouldn't do things that way here."
Bad SA: "Yeah, you were harrassing people."
Now, I know it's not really that clear-cut, and it *is* a continuum, but
I think there are some important points to make about the whole thing:
(1) Not all users are "bad." Not all curious and exploring users are
"bad," even if they break things now and then. Many of them just
want to learn more about the system. If the system administrators
seem to be friendly and cooperative with things, they will usually
get that cooperative attitude returned.
[An Example: I asked some folks "Can you give me a quick pointer to
documentation on XEDIT macros." One of the User Services folks
printed out some of the documentation which was, at that point, not
publicly readable. I was then able to do some work on publicly
available documentation reader stuff, which people liked and used.]
(2) Not all system administrators are bad. [The person above was a
documentation specialist, so he "doesn't count."] I like to think
I'm a good sysadmin, but I'm biased. Some examples, though:
A system administrator who keeps "reasonable" quotas for usage on
the machine, but added another meg to mine for some research I was
doing via ftp (since my other accounts couldn't reach the Internet
back then).
A system administrator (well, systems programmer anyway) who acted
as a "go-between" for reporting security problems to less
enlightened sysadmins.
From his postings here, Sanjay Kapur, and all the others like him
who will send email saying "can we talk" to a user, and try to
figure out what's going on instead of "closing an account to get
their attention." I've had sysadmins like that, and they were
great. Then there was the guy who closed *ALL* of a user's accounts
because they "logged in too much" from "weird places" on *one*
account. (Like a bunch of connections from an MIT dialup over a
period of two weeks, followed by one night with a few from Rutgers
while visiting down there.)
I'd ask both sides to have a little understanding (I've been a user, and
now I'm both a user and a system administrator).
Users: not all sysadmins are like the ones who screwed you over. Some
are, sure, but the "good" sysadmins don't like them either, and don't
appreciate being lumped in with them.
Sysadmins: some users are bitter because they got treated like dirt by
someone else. They will sometimes "tar us all with the same brush."
Patiently reminding them that "that was someone else, and I don't agree
with what they did" might help.
--Chris
--
Christopher Davis | ELECTRONIC MAIL WORDS OF WISDOM #5:
System Manager & Postmaster | "Internet mail headers are
Electronic Frontier Foundation | not unlike giblets."
+1 617 864 0665 | -- Paul Vixie
-------------------
Date: Fri, 21 Jun 91 13:56:06 -0400
From: kadie (Carl M. Kadie)
Message-Id: <9106211756.AA09172@eff.org>
Subject: How Do You Use the Freedom of Information Act?
I'm sorry, I thought I had saved some information from the net,
but an extensive computer search can't find it.
I think the Federal FOIA applies only to the federal`government. If
you want to apply it to a state school, you may to to use that state's
FOIA (if it even has one).
- Carl
-------------------
Message-Id: <9106211810.AA24548@zerkalo.harvard.edu>
Subject: Re: How Do You Use the Freedom of Information Act?
<9106211756.AA09172@eff.org>
Date: Fri, 21 Jun 91 14:10:25 EDT
From: "Manavendra K. Thakur"
>>>>> On Fri, 21 Jun 91 13:56:06 -0400, comp-academic-freedom-talk-request@eff.org said:
> I'm sorry, I thought I had saved some information from the net, but
> an extensive computer search can't find it.
> I think the Federal FOIA applies only to the federal`government. If
> you want to apply it to a state school, you may to to use that
> state's FOIA (if it even has one).
That's correct. However, educational instutions are covered by the
Family Education Rights Protection Act of 1974 (FERPA). This gives,
for example, students currently enrolled in a university the right to
access their own disciplinary records, course transcripts, etc.
Depending on the nature of the information you're looking for, you may
be able to invoke FERPA to get access to that information.
Note that FERPA doesn't give you the right to access *other* people's
records! Also, I do believe the FERPA applies primarily to students
currently enrolled at an educational institution. I am less certain
about former students or alumni.
Bottom line: check with your local bar association to find an attorney
with FOIA and/or FERPA experience.
Good luck.
Manavendra K. Thakur Internet: thakur@zerkalo.harvard.edu
Systems Programmer, High Energy Division BITNET: thakur@cfa.BITNET
Harvard-Smithsonian Center for DECNET: CFA::thakur
Astrophysics UUCP: ...!uunet!mit-eddie!thakur
-------------------
Date: Fri, 21 Jun 1991 14:46 EDT
From: Sanjay Kapur
Subject: Re: My Punishment
Message-Id: <5F402AEC1C2156A4@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>The moral of the story: Don't mess with people in power here. It doesnt
>matter what rules there are and aren't because in the end you get slammed
>more than you might ever imagine. The punishment never fits the crime: it
>will be four times as worse. If a rule prevents someone in power from
>doing something, they'll nail you for something else somewhere down the line.
>The little guy always is the one that gets squashed and it could happen
>like this anywhere.
> -Mike Neuliep
>internet: wires@cs.utexas.edu |||| ProlineNET: wires@pro-harvest.cts.com
You have very succinctly defined the meaning of "power" above and also its
corrupting influence.
Justice delayed is justice denied. There was no due process for Mike.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Date: Fri, 21 Jun 1991 14:55 EDT
From: Sanjay Kapur
Subject: Re: (none)
Message-Id: <607F8ADEFC2156A4@ccmail.sunysb.edu>
X-Organization: State University of New York, Stony Brook
X-Vms-Cc: SKAPUR
>Isn't this something. I make a cynical, what I consider outrageous description
>of the crimes involved, and Sanjay Kapur, an administrator, follows up with an
>entirely serious description-- but one essentially the same.
>--
>Matthew T. Russotto russotto@eng.umd.edu russotto@wam.umd.edu
> .sig under construction, like the rest of this campus.
In case you have not learnt it by now, satire is totally wasted on System
administrators and Accountants.
What people like Mathew T. Russotto fail to realize is that what may be a joke
to someone can be very serious to someone else.
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 21 Jun 91 18:54:57 GMT
Message-Id: <6599@ns-mx.uiowa.edu>
From: zaphod.mps.ohio-state.edu!hobbes.physics.uiowa.edu!ns-mx!pyrite.cs.uiowa.edu@uunet.uu.net
References: , <1991Jun21.162541.6816@eff.org>-state.
Subject: Re: My Punishment
wires@cs.utexas.edu said:
>
> ... I felt that CSO intentionally never submitted the complaint to
> the student disciplinary committee because in effect it would keep all
> my accounts ... suspended indefinately...
If this was indeed the case, you should have complained loudly to the dean
of student affairs (or analogous person). Locking you out pending
resolution of charges which are then never filed is not due process!
Speaking as someone with 10 years experience on the faculty of a big
university, I suspect that the university administration at Illinois would
not take kindly to the discovery that such a violation of due process had
taken place. If you have any documentation that CSO repeatedly told you
that they had filed a complaint and that the disciplinary committee
repeatedly told you that they had yet to receive a complaint, you might
even have grounds for action against the University in the courts.
(Appropriate documentation includes not only letters but witnesses to
conversations.)
I'm not a lawyer, so take anything I say about courts and law with a grain
of salt.
Doug Jones
jones@cs.uiowa.edu
-------------------
Newsgroups: info.academic-freedom
Path: jjones
From: jjones@cs.uiuc.edu (Joel Jones)
Subject: Re: My Punishment
Message-Id: <1991Jun21.211511.29776@m.cs.uiuc.edu>
Nntp-Posting-Host: cassius.cs.uiuc.edu
Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL
References: <1991Jun21.162541.6816@eff.org>
Date: Fri, 21 Jun 1991 21:15:11 GMT
comp-academic-freedom-talk-request@eff.ORG writes:
>[I'm posting this for - Carl]
>I'm not sure if this is relevant and as I've been following this group
>I've been compelled to respond and share an incident that occured when
>I was a student at the University of Illinois at Champaign-Urbana.
>... In retrospect
>this wasnt too bright what I did but I did a BIFF flame-post against this
>employee. Here's how things were handled by CSO: the employee filed a
>formal complaint (what a weenie) against me and all accounts on all
>university machines that I had were suspended pending the outcome of a
>hearing to be held by the Student Disciplinary Committee.
I am unfamilier with the terminology "BIFF flame-post" but unless I am mistaken
this would indicate a anonymous posting. It was my understanding that you
forged a posting or email message from one of the managers at CSO. This is a
slightly different story from what you mentioned here. However, I do agree
that they handled your case a bit more heavy-handedly than necessary.
Joel Jones
jjones@uiuc.edu
--
Joel Jones As the advertisment for an exhibition on Leonardo da Vinci said,
jjones@uiuc.edu "They called him a genius, a botanist, a demon, a philosopher, a
practical joker, an eccentric, and a visionary. No wonder he
was such a great engineer."
-------------------
Newsgroups: info.academic-freedom
Path: uxc.cso.uiuc.edu!paul
From: paul@uxc.cso.uiuc.edu (Paul Pomes - UofIllinois CSO)
Subject: Re: My Punishment
Message-Id: <1991Jun21.221847.2599@ux1.cso.uiuc.edu>
Organization: University of Illinois at Urbana
References: <1991Jun21.162541.6816@eff.org>
Date: Fri, 21 Jun 1991 22:18:47 GMT
Lines: 22
Again broken mailing list software writes:
>[I'm posting this for - Carl]
>
>I'm not sure if this is relevant and as I've been following this group
>I've been compelled to respond and share an incident that occured when
>I was a student at the University of Illinois at Champaign-Urbana.
Actually one of several incidents. If you "were" a student, why are you
signed up for 7 hours of summer school here? The CS dept would not have
suspended your accounts on the say-so of CSO. It took dedicated work to
offend them as well.
I do like the use of the anonymous phrasing that makes details of his story
hard to pin down. Who said what, Mike, and when did they say it? Please be
a bit more specific.
/pbp
--
Paul Pomes, Computing Services Office
University of Illinois - Urbana
Email to Paul-Pomes@uiuc.edu
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Sat, 22 Jun 1991 00:40:59 GMT
Message-Id: <1991Jun22.004059.14658@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
Subject: Acting as an officer
[I'm posting this anonymously for a student at a university outside
the US. - Carl]
Hello,
I'm an officer of a group in a university. A friend of mine is also an
officer. This friend was suspended from his computer account for using
'obscene' language on a local talk newsgroup.
Now, there are two organisations in college who run computers, the latter being
(mainly) supervised by undergrads or postgrad appointed by a department.
So the first organization found out he was using the group account, and while
two of the second organization's systems managers were away, and a lecturer
was in charge, brought up the accusation that my friend had been 'forging mail
from the group account' and that said account was suspended until an officer
of the group contacted him. (This summons and information were all posted to
'msgs' for everyone to see, rather than the group being contacted directly)
It seems my friend has changed some of the headers to indicate the news
postings were from him, and not the group account. His postings were to do
with group business in the local newsgroup or postings to newsgroups relevant
to the group.
So the terms of agreement for the return of the account are that;
1) The password be changed. (fair enough)
2) It not be given to anyone suspended from the system.
Small problem. So far 4 people out of 13 in the group have been suspended
(mainly for 'obscene' use of language in news; there is no actual rule as to
what is obscene; one lecturer was heard to say he regards the use of the word
'condom' as obscene), including the Auditor, the Treasurer, me (Librarian at
the time) and a general officer or two.
Now the point *breath sigh of relief*: Should (could?) I argue that as
the person is using it in their _professional_ capacity as an officer of
the group, and not personally, that the rule that anyone suspended
may not use another account shouldn't apply here?
Thanks for listening, reading (whatever)...
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
From kadie Sun Jun 23 02:22:07 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Sun Jun 23 02:21:49 EDT 1991
In this issue:
apple!well!nagle@d : Re: Academic Freedom, the FBI and HR-1400
zaphod.mps.ohio-st : Re: Acting as an officer
kadie : Re: Acting as an officer
ukma!sean@rutgers. : Re: My Punishment
lll-winken!iggy.GW : Re: Acting as an officer
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 22 Jun 91 01:40:10 GMT
Message-Id: <25582@well.sf.ca.us>
From: apple!well!nagle@decwrl.dec.com
References: , <910621184824.20200456@DARWIN.NTU.EDU.AU>(
Subject: Re: Academic Freedom, the FBI and HR-1400
HR 1400 is pretty grim. Call up your Congressperson and order a
copy. Judge for yourself.
John Nagle
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 22 Jun 91 17:01:50 GMT
Message-Id: <1991Jun22.170150.12310@ms.uky.edu>
Organization: The Puzzle Palace, UKentucky
From: zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!lll-winken!iggy.GW.Vitalink.COM!widener!ukma!morgan@uunet.uu.net
References: , <1991Jun22.004059.14658@eff.org>state.
Subject: Re: Acting as an officer
>It seems my friend has changed some of the headers to indicate the news
>postings were from him, and not the group account. His postings were to do
>with group business in the local newsgroup or postings to newsgroups relevant
>to the group.
>
>Now the point *breath sigh of relief*: Should (could?) I argue that as
>the person is using it in their _professional_ capacity as an officer of
>the group, and not personally, that the rule that anyone suspended
>may not use another account shouldn't apply here?
Hmmmm.....this is, as seems to be the case around here, a "razor's edge"
issue.
It's often difficult to separate one's professional identity from one's
personal identity. You may have noticed that many people explicitly
mention in their electronic mail or Usenet postings that they are NOT
speaking for their employer. For instance, I use two signature files;
one (see the end of this letter) specifically states that I am not
speaking for the UK Engineering Computing Center, and the other specifically
identifies me as the System Administrator. Obviously, I use the second
signature when sending mail in my professional capacity.
I don't think that you'll be able to make the distinction hold water in
your current situation. You might want to do something like this:
- Appoint a "Public Relations Officer" for your group.
- Make it clear (to both your members and the administration) that
this is the ONLY person who will distribute "official" messages
from your group.
- The other officers/members would send their announcements to the
PR Officer for review/editing/cleansing (!) before he posts them.
- Any public posting from the other members of the group would be,
by default, assumed to be "personal".
I admit that this is not a perfect solution, but it may be the only one
that is mutually acceptable to both your group and the administration.
This might even make your group more effective; having a central point
for all collected "professional information/postings" is not a bad thing.
--
morgan@ms.uky.edu |Wes Morgan, not speaking for| ....!ukma!ukecc!morgan
morgan@engr.uky.edu |the University of Kentucky's| morgan%engr.uky.edu@UKCC
morgan@ie.pa.uky.edu |Engineering Computing Center| morgan@wuarchive.wustl.edu
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Sat, 22 Jun 1991 18:06:57 GMT
Message-Id: <1991Jun22.180657.12368@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: , <1991Jun22.004059.14658@eff.org>, <1991Jun22.170150.12310@ms.uky.edu>
Subject: Re: Acting as an officer
morgan@ms.uky.edu (Wes Morgan) writes:
[...]
> You might want to do something like this:
> - Appoint a "Public Relations Officer" for your group.
[...]
> - The other officers/members would send their announcements to the
> PR Officer for review/editing/cleansing (!) before he posts them.
[...]
This may indeed be the best compromise. I suggest, however, that this
person's title be " Newsgroup Censor".
If several your officers have been expelled (forever and without
appeal) from the computer because a sys admin found their notes
offensive; and if now you are going to appoint someone to make sure
that the notes posted from the group account are not found to be
offensive, then that someone is a censor (working under duress), not a
public relations officer.
Maybe you could add this .signature to the end of club-posted notes:
------
I, , acting under duress as newsgroup censor for the club,
believe that this note will not be offensive to . If I am wrong, I
understand that I will be expelled from the computer forever without
the right of appeal. I can not guarantee that will not be offended
because criteria is secret.
-----
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 23 Jun 91 02:24:09 GMT
Message-Id: <1991Jun23.022409.27407@ms.uky.edu>
Organization: The Leaning Tower of Patterson Office @ The Univ. of KY
From: ukma!sean@rutgers.rutgers.edu
References: , <1991Jun21.162541.6816@eff.org>edu
Subject: Re: My Punishment
It takes two people to have a flame war. The employee should have been
discliplined too.
Sean
--
** Sean Casey
** Recent subject line in comp.sys.handhelds: Printing BIG GROBS
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: 23 Jun 91 02:27:48 GMT
Message-Id: <1991Jun23.022748.28117@ms.uky.edu>
Organization: The Leaning Tower of Patterson Office @ The Univ. of KY
From: lll-winken!iggy.GW.Vitalink.COM!widener!ukma!sean@uunet.uu.net
References: , <1991Jun22.004059.14658@eff.org>GW.Vit
Subject: Re: Acting as an officer
kadie@eff.org (Carl M. Kadie) writes:
|Small problem. So far 4 people out of 13 in the group have been suspended
|(mainly for 'obscene' use of language in news; there is no actual rule as to
|what is obscene; one lecturer was heard to say he regards the use of the word
|'condom' as obscene), including the Auditor, the Treasurer, me (Librarian at
|the time) and a general officer or two.
Are people suspended for using obscene language in campus newspaper
articles? Are the librarians suspended for ordering books with obscene
language?
I'm serious.
Sean
--
** Sean Casey
** Recent subject line in comp.sys.handhelds: Printing BIG GROBS
From kadie Sun Jun 23 21:58:29 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Sun Jun 23 21:58:15 EDT 1991
In this issue:
kadie : Re: Punishment
kadie : Re: Punishment
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Sun, 23 Jun 1991 22:54:00 GMT
Message-Id: <1991Jun23.225400.28274@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: , <1991Jun14.185503.29844@eff.org>
Subject: Re: Punishment
[At the request of the author, I'm posting this response anonymously.
It is an edited version of e-mail correspondence between the author
and me. -Carl]
In article <1991Jun14.193333.452@eff.org> you write:
>[I'm assuming a university setting. - Carl]
>
>Resolved: Users should not be suspended or expelled from computer
>systems as punishment for computer-policy infractions.
Is it not a standard procedure that drivers who are irresponsible on
the road can have their licenses taken away? Would you change this
policy, or am I using a poor analogy?
>[My mind is still open on this question, but for the sake of debate,
>I'll try to make the case.]
>
>The most common punishment for a computer-policy infraction seems to
>suspension or expulsion from the computer. I think think is often
>inappropriate and harsh.
What other form of punishment would you suggest?
>It is inappropriatate because the computer system, like the library, is
>not a treat for rewarding good students; rather it is an indispensable
>educational resource.
If a student checks out a library book and damages it or fails to
return it, would it not be possible for the library to deny service
to that student?
Also, universities are not the sole source of libraries, nor computer
accounts. Were a student to abuse his privileges at a university library,
s/he could always go to a public library. While public access computer
facilities are somewhat more difficult to find, such things exist.
However, even without them, many a student successfully completes college
without an account. Some universities do not even have the resources
to provide accounts to students.
>When punishment is motivated by a desire to set an example for others
>or as response to an hysterical fear of so-called hackers, it is often
>overly harsh. Disciplinary action should respond to the indent of
>the student and the damage caused by the student, not outside pressures
>In developing responsible student conduct, disciplinary proceedings
>play a role substantially secondary to example, counseling, guidance,
>and admonition. For example, a written warning with a copy to the
>student's file may suffice.
Not all cases in which hacker lose account are to set examples or are
out of fear.
Recently there was an incident that involved a student breaking into my
account from a class account. The student was called in for an
investigation, and after having attempted to obstruct the administrators
through blatant lies and omissions, he lost his account and was barred
from ever having a university instructional account. The reasoning of
the instructor involved was not that he should be punished in this way
for breaking into another account (though this most certainly was a
punishable offense) but rather that through his deliberate lies and
attempts to otherwise obscure the truth, that he could not be trusted
by the university with an instructional account.
It has been pointed out to me that this could be construed as punishing
someone for what they might do rather than for what they have done.
On the other hand, if you don't trust someone, would you let them use
your personal computer? What about if it is a large computer that
not only serves other people, but is also connected to a network where
trust is much more prevalent than security?
While I don't believe that taking away an account is the single way to
deal with people who misuse them, I think that it should certainly be an
alternative. There are other options, but I see it as the choice of the
university to explore them or not.
>- Carl
>
>--
>Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
-------------------
Received: from USENET by eff with netnews
for caft-mail@eff.org (comp-academic-freedom-talk@eff.org);
contact usenet@eff if you have questions.
Date: Sun, 23 Jun 1991 23:09:01 GMT
Message-Id: <1991Jun23.230901.28621@eff.org>
Organization: The Electronic Frontier Foundation
From: kadie
References: , <1991Jun14.185503.29844@eff.org>, <1991Jun23.225400.28274@eff.org>
Subject: Re: Punishment
Anonymous (c/o kadie@eff.org) writes:
[...]
>Recently there was an incident that involved a student breaking into my
>account from a class account. The student was called in for an
>investigation, and after having attempted to obstruct the administrators
>through blatant lies and omissions, he lost his account and was barred
>from ever having a university instructional account. The reasoning of
>the instructor involved was not that he should be punished in this way
>for breaking into another account (though this most certainly was a
>punishable offense) but rather that through his deliberate lies and
>attempts to otherwise obscure the truth, that he could not be trusted
>by the university with an instructional account.
[...]
In this case you relate, I think the student should be punished for
breaking into accounts (maybe with a suspension from the computer
(?)). I don't think that a refusal to confess should be grounds for
any punishment. Perjury should be punished, but as a general
University offense, not as a computer offense. It sounds like the
student is being punished more for what he might do than for what he
actually did. I don't think such a punishment is just.
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu -- But I speak for myself.
