Ask Slashdot: Dealing With University Firewalls? 582
An anonymous reader writes "My university only provides access to the web, via a restrictive content filter and proxy service. There is no access to the wider internet. I was wondering if this is common, and if anyone has any suggestions on how to go about protesting the issue. I've spoken to the lecturers and they have the same frustrations I do. I've also spoken to the head of the IT department who spouted lines about 'protecting the network.' This is very frustrating, I've seen a number of students making use of 3G/4G dongles to get access to the net and this just seems crazy. The restrictions applied to the web are draconian, with sites such as hackaday, hypberbole and a half, somethingawful, etc being blocked." What would you do to get better access?
It's their bandwidth ... (Score:2, Insightful)
Get over it.
Re:It's their bandwidth ... (Score:5, Insightful)
Re:It's their bandwidth ... (Score:5, Interesting)
I have been in the position of having to block internet to a college in a previous job. There were constant battles between the marketing and academic departments about blocking and unblocking social media sites. In the end the marketing department won and they were unblocked. The tutors didn't like it because they relied so much on computers for their lessons rather than using good old fashioned methods like lecturing and demonstrating.
Re:It's their bandwidth ... (Score:5, Interesting)
There were constant battles between the marketing and academic departments about blocking and unblocking social media sites. In the end the marketing department won and they were unblocked. The tutors didn't like it because they relied so much on computers for their lessons rather than using good old fashioned methods like lecturing and demonstrating.
Why was that a problem? - That people might use (gasp!) their computers for more that just the lessons?
Sounds like narrow-minded tutors with a feeble grasp on reality.
Besides, why should the tutors care? - If people waste the lessons updating Facebook instead of getting smart, they'll simply fail and thus have wasted their tuition. I hope Facebook was worth it, but the tutors shouldn't care less if the students are that stupid.
Re:It's their bandwidth ... (Score:5, Insightful)
Besides, why should the tutors care? - If people waste the lessons updating Facebook instead of getting smart, they'll simply fail and thus have wasted their tuition. I hope Facebook was worth it, but the tutors shouldn't care less if the students are that stupid.
Because most teachers go into teaching to get students to learn? Because a lot of institutions tie student performance into their evaluations? Because students that aren't paying attention are more likely to distract their neighbors? etc etc...
More to it than that... (Score:4)
Besides, why should the tutors care? - If people waste the lessons updating Facebook instead of getting smart, they'll simply fail and thus have wasted their tuition. I hope Facebook was worth it, but the tutors shouldn't care less if the students are that stupid.
Because most teachers go into teaching to get students to learn? Because a lot of institutions tie student performance into their evaluations? Because students that aren't paying attention are more likely to distract their neighbors? etc etc...
Because teachers with no classroom management skills can't handle potential distractions? Because intro classes are too big for anyone to manage? Because a lot of institutions incorrectly apply industrial metrics to human dynamics?
There are other concerns about unfettered Internet access in the classroom that go beyond the ideals you mention. My wife has had unfettered internet access in her classrooms for seven years now, in three different schools, and has had very few problems and none recurring. Granted, she's at the middle-school / high-school level instead of university, but plenty of her students have had laptops and smartphones in class. The keys are 1) having small enough class sizes that you can manage them effectively, and 2) having the classroom management skills to get in front of any potential issues and making sure the kids are paying attention to you instead of Lady Gaga. She's found that classes upwards of about 28 students really start to spiral downwards.
As such, the many intro uni courses with 100+ students can't possibly work, unless the students themselves are invested in their own learning. That said, cutting off internet access is no guarantee that otherwise distracted students will suddenly find themselves raptly attending the teacher's words.
University IT usually gets run by morons (Score:5, Interesting)
Rutgers University bans ssh public keys. Ergo, all the students employ expect scripts that contain their passwords. These expect scripts aren't from students writing em' themselves, but just copied from friends. In particular, there are students who barley know what ls and rm do, but certainly won't know to change their password if their laptop gets stolen. And students commonly hack one another's accounts by copying said script.
Re:University IT usually gets run by morons (Score:5, Funny)
Students always know about barley. After all, their favorite drink is made using it.
Re: (Score:2)
And t
Students Union. (Score:5, Informative)
Comment removed (Score:4, Informative)
Re:It's their bandwidth ... (Score:4, Funny)
The purpose of an IT department is to provide a service to the organization, not to make the organization bend over to the IT dept.
Thousands of corporate ITers just spit coffee onto their monitors.
Re:It's their bandwidth ... (Score:5, Interesting)
Education is typically a very open environment, and IT will happily provide (within reason) anything that doesn't interfere with something else.
For example, we have several "hacking labs" on campus, where students are free to do basically whatever they want, regardless of how malicious. Granted, those networks are firewalled off from the rest of campus (and the Internet). We also have PlanetLab, TOR (which I run myself), and a few other projects.
As for Internet access, we don't have "wide open" like your home DSL (email, for example, must go through our servers for obvious reasons)
Last year we actually had students bring their PS3/Xbox units into a conference room in the IT department, hooked up to our projectors, and had then all plug into a switch where we were running a sniffer
In short
Re:It's their bandwidth ... (Score:5, Insightful)
If I pay to live in your house...
and you have me locked in to that arrangement for four (or more) years...
and you agree to provide internet access, and you forbid me from having Verizon drop a DSL line right to my bedroom...
in favor of charging some insane "Internet access" line item to my bill for 4x as much...
Then yes, I damned well expect you to provide me with real internet access, and you can fully expect me to actively work around whatever attempts you may make to enforce your morality on my net feed.
This doesn't involve either the FP's parents or his employer - He pays a boatload of money every year for housing AND internet access, and his uni has decided they can selectively skip out on the second half of that deal simply because they have a captive audience. If they tried to pull this crap on any userbase that actually had the money to fight it, you can bet this would end up in the courts.
Re: (Score:3)
It is not a real contract but it is effectively one. Most colleges are dicks when it comes to transferring credits. They often won't accept credit from other colleges, and when they do, they often count the credit as "humanities elective" or "free elective" or some other BS. The result is that when you change schools, you are usually throwing away all the work you did before. The "escape clause" is pretty unfavorable to the student, as it were.
I tr
Re:It's their bandwidth ... (Score:4, Insightful)
Which completely ignores the reality of college as the entirety of students' lives for four years. When you live on campus, the "university life" equals your life. You eat cafeteria food (and thank Zeus for the rare occasions when you get to experience "real" food), you attend uni sporting events (even if you don't like sports - Just something to do), you listen to local garage bands, and, you absolutely depend on what utilities and services the university provides for your living arrangements. Including internet access.
they are keeping costs down for the university.
BS. Telling someone they can't look at porn at 10pm on a Saturday evening amounts to nothing but blatant moralizing; telling someone they can't visit music download sites treats everyone as an a priori criminal.
Or, more functionally, if internet access costs the university so much to provide, why don't they allow students to arrange for their own DSL or cable (and lets not insult each other by trying to pass off $100/mo 2GB/mo 3g as "broadband", a point the FP directly brought up)? Oh, right - Because unis make a fortune charging students an arm and a leg for subpar basic services. Back in my day, basic phone service counted as the big "gotcha" - Cell phones have largely killed that revenue stream, but back when you could get $14.99/mo local-only land lines, the universities charged around $60/mo.
as a means for students to get an education.
Can we all drop the "only there for an education" attitude? No one - And I feel comfortable phrasing that as an unqualified absolute - dedicates themselves to their studies 24/7. Aside from missing out on half (arguably, the more important half) of the "university life", ie the social part, few people need to dedicate that much time to their studies (and those that do won't last long before burning - or flunking - out).
Re:It's their bandwidth ... (Score:5, Insightful)
Unless the author has a full ride scholarship including room and board... I'd say there is at least a partially legitimate claim to some rights here.
Anyway, yeah, campus networks can be like that. It's bull. It's also, in my experience, rarely something the IT people are terribly fond of; most of them are at least passingly familiar with how the internet works, and ultimately it requires far more work to maintain a ridiculously locked-down network than one with minimal restrictions. Usually, that comes from higher up in the organization, from some old administrator or trustee or something... IT takes order in academia just like they do in business.
The best bet for getting a change on this is actually o complain to higher administration, and perhaps as well to school and/or local publications. Putting things in writing usually works well. Bring up issues of censorship and academic freedom, and be sure to mention how this new-fangled internet thing is a really important part of the future. Keep in mind that the details of what is or is not filtered is, largely, irrelevant... it's easy to lose a non-techie audience by getting into the weeds. The point here is to engage them on the emotional level: these decisions are not made because there are clear-cut rational arguments for them, they are made because somebody doesn't like ______ which they believe to be on the internet. Again, getting too logical or specific will just make eyes glaze over, so keep it rhetorical and abstract.
Re: (Score:3)
Re: (Score:2)
Which doesn't mean that their actions are immune from criticism.
Re: (Score:2)
Depends on what university (Score:5, Informative)
If it is a private university, then yes, they can do whatever they like, no matter how stupid it is. If they are a public university, then no it isn't "their bandwidth" it is "the public's bandwidth" and they have certain responsibilities.
So that's the first question to answer: Public or private? If it is private, well then suck it up. Private schools can, and often are, stupid with some of their rules. My recommendation is don't go to them, go to a public university.
If it is public then the thing to find out is where this is coming from. If it is from on high, the board of regents, there may be little you can do, though you can investigate state law, maybe talk to FIRE. However if it is coming from an overzealous IT department, then maybe it is time for them to get smacked around and learn that they are there to provide a service, not to act like despots.
In that case maybe talk to the faculty senate. The faculty and administration can ultimately tell the IT department to sit down and shut up, they perhaps just need to be made aware of that fact. Get information from other universities, see how they do it. You'll have no trouble finding places that provide essentially unrestricted Internet access (the university I work at does). Present the faculty with ammunition that it can and should be done a different way and they may choose to affect a change.
As something of an example of the second scenario in the private sector, my dad worked as a VP for a company;s American branch for many years. They decided to bring him over to the British branch for a bit to clean shit up. So he is over there, meets the guy who is the director in everything but title of that place (that was forthcoming). Guy says "Hi, welcome, I've got to go to this meeting, here's my office make yourself comfortable, I'll be back in an hour." My dad decides he'll check his e-mail and such things on the guys computer. No luck, can't get on the Internet.
He has someone call IT for him. IT comes down and says "Oh ya he doesn't have Internet access, he doesn't need it." Umm what? The guy in charge doesn't have Internet access? And who the fuck decided he didn't need it? There was no company policy to this effect. Dad snarls at them, 5 minutes later computer has Internet access. The IT department there was very tyrannical. They made rules all of their own and it just never really occurred anyone to yank on their chain.
Remember, and I say this as someone who works in IT: IT is a service industry. You are there to help people get their jobs done. That means not putting up artificial blocks to shit. That doesn't mean no blocks at all, you have to do things for security, compliance, and so on. However it does mean not being asshats and doing things like offering nothing but extremely locked down web access.
Also any time you say no to something, you need to have an alternative. So you say "No, you can't have an FTP server. The passwords are clear text and that is insecure. However we will happily help you setup an SFTP (SSH) server instead which is fully secure."
At any rate step one is to find out from where this policy comes, then you can see if anything can be done about it.
ssh is permitted? (Score:5, Insightful)
In that case buy a ssh shell minimal hosting account for 2-3$/month.
Create a tunnel.
And browse.
If paid public VPN services are allowed, you can also subscribe to such services. Of course, your browsing will be slower.
Re: (Score:2)
I do this exactly. I have static IP at home, and a personal server elsewhere, so "ssh -D", and "tsocks" are an EXCELENT combo.
Re: (Score:2)
I would expect that SSH is forbidden and that everything has to go through the university's web proxy.
That is the situation I was facing a few years ago when I lived on a college campus. The solution I found was called desproxy and apparently it still exists [sourceforge.net]. Worked wonders with me.
Re:ssh is permitted? (Score:5, Informative)
The solution then is to use port 443 to run SSH. I have a free trial of Amazon EC2 I use for that kind of thing. The speeds are good, you can even watch YouTube with relatively little buffering. If anyone is interested I have it set up:
Browser
v
SSH Socks Proxy
v
corkscrew (software to send ssh through an http proxy, you can also use PUTTY on windows for this)
v
CNTLM (you may not need this but I do because the proxy I go through uses NTLM authentication)
v
SSH server running on port 443.
Re:ssh is permitted? (Score:5, Informative)
sslh for the win!
Just 'apt-get install sslh', have it run on port 443. It will forward HTTPS traffic to your apache server running on whatever port you run it on, while forwarding ssh traffic to sshd.
It's just.... beautiful.
Re:ssh is permitted? (Score:5, Informative)
Yeah, I've used iodine [code.kryo.se] successfully in the past. You need to get your own domain, though.
You know the nice part? It uses their DNS servers to tunnel your data ;)
Re: (Score:2)
As for getting around the firewall, what I've done in the past when I needed that was to tether to my phone (through wifi if possible, for discretion).
Re:ssh is permitted? (Score:4, Informative)
How can they forbid ssh and still call themselves a university?
SSH'ing offsite is a basic prerequisite for all sorts of research in the physical sciences. It's an operation so basic that folks in physics don't even admit the possibility that someone would want to block it.
At my old university the public (no logon required) wifi was heavily port-filtered. They blocked port 110, for instance -- no POP mail. But they left open SSH, knowing that people relied on it to get work done.
Tributes (Score:5, Informative)
Become friends with a member of the IT department. Alcohol can go a long way in beginning an IT related friendship.
Re: (Score:3, Interesting)
This. Or, if your university has a Networking section/sub-section, start there.
I work in IT at a university and although we do have some restrictions on websites (pornography and cheating websites), we also have an appeals process that is open to anyone. I find it silly that they would block off a huge host of seemingly random websites for "safety" reasons, except maybe on university-owned computers open to the public (even then, we just put DeepFreeze on ours).
Another solution would be to get someone with
You have web? So you have DNS. (Score:2)
Which means you can setup a dns proxy for IP traffic and use it. It's not fast but is very handy to have ready when you're for example on a wifi that wants you to pay for using it via some kind of web page.
Not an issue here (Score:2, Insightful)
My university doesn't restrict internet access - they, however, ask you to not do anything illegal and log your activities. They give me 1GBit internet connection by cable or 450 MBit/s over WLAN (which I don't know how it is possible) so I can download stuff as quick as my slow laptop harddisk can save it.
However, if they'd restrict access, I'd probably use TOR or some proxies to get full access or I'd set up a VPN connection to my server and access the internet in that way.
Is it important enough .. (Score:2)
To choose a school based on it? Not going to a University with these restrictions is one way to vote with your dollar.
If you don't plan on leaving, warn incoming students about these policies. Perhaps encourage them to ask about internet restrictions in their interviews. If it's a deciding factor in student enrollment numbers, they'd think hard about it.
Further, you can petition and urge students to speak out against it. Taking action is an option.
Practicality (Score:2, Insightful)
If they're dumb enough to lock down internet access to the point that it becomes unusable for work purposes whilst still allowing their network to be trivially bridged by 3G dongles then you're already fighting a losing battle. Chances are that the people writing the policy don't have the slighest clue what they're doing but have read some stuff about how the internet is bad and so should be blocked; be glad they don't do things like blocking all Javascript from running, which I've seen in some companies, t
Re: (Score:3)
If they're dumb enough to lock down internet access to the point that it becomes unusable for work purposes whilst still allowing their network to be trivially bridged by 3G dongles then you're already fighting a losing battle.
Uh, who said anything about bridged? My impression was that they'd use 3G/4G dongles on their laptops instead of plugging into the university network at all, I don't see how you could block that short of jamming the signal. And presumably they don't care, if it doesn't happen over their network it's not their problem.
Re: (Score:2)
And presumably they don't care, if it doesn't happen over their network it's not their problem.
Until those computers come back on their network with infections from the wild, defeating the entire point of their draconian restrictions. Of course, 3G dongles weren't needed for that, just a starbucks in walking distance of campus.
VPN? (Score:5, Informative)
Why not just setup a VPN real fast with someones DD-WRT router. I did this at a job that had a really obnoxious content filtering thing that actually prevented me from doing my job. I just vpn'd to home, but you probably have at least one friend in town that has something good enough for you to work with. Even a shitty VPN will do, since your not trying to protect anything so much as evade things.
Get into the net as a volunteer (Score:5, Insightful)
In all Universities there is an "Inner Circle" formed by network admins, who are impervious to proxy filtering.
The incantation to enter that select group is:
"Hey, I'd like to help with the university network maintenance. Can I do it as a practice? I'll do it for free."
This psalm recited to the right university demon will get you access to the University's network system. With luck, in 1 or 2 months you will have the relevant network keys/info. Probably you will have the rights to whitelist the pages you want.
Then move out of there.
Re: (Score:2)
My university appears to filter everyone, even the IT department.
Re: (Score:2)
My university appears to filter everyone, even the IT department.
That's because only the desktop machines of the "Inner Circle" will be whitelisted, and that certainly won't be the whole of IT. There will be explicit exceptions in the firewall rules for specific source IP addresses. (One of the exceptions will have to be for the proxy itself, though that could be DMZed. That would be genuinely competent, but unexpected.)
3G/4G? (Score:4, Informative)
Back when I was at university, I bought a cable for my phone and got myself some sweet, sweet 9k6 access over GSM. It was faster and more reliable than the connection in the uni's computer labs ever was, not to mention no BS filtering. Paying by the minute made me focus on getting the job done and hanging up, too...
As far as filtering goes, the conventional way around that was to log in as someone else. After all, their username was their matriculation number and the default password was their date of birth... If you couldn't read a classmate's ID and social-engineer his birthday out of him, no matter - the uni helpfully had an easily-accessible printout of the entire student body's personal information (in fact, you had to sign to get your grant, so they left it on the public side of the window), and those last few pages were awfully loose...
Not sure who's confused... (Score:2)
....everyone else, or me. However, to me "restrictive access to the web only" and "no access to the wider internet" means to me that he's not going to be running an SSH or VPN proxy to anywhere (except the VPN access that runs over the web ports, and I guess SSH on an alternate port if it's a simple port filter).
4G dongle (Score:2)
Which University? (Score:5, Interesting)
I'd say the university isn't fulfilling its role, and you should definitely rally to change things. The purpose of the university network (besides supporting research communications) is to allow you to learn.
During my undergrad the university I attended provided full firewall-free internet with a *public* IP from their block for everyone who plugged in (and no-questions asked CNAMEs). The wireless was of course NAT'd but I had no problems.
This all worked because of the genius way they solved problems was genius. If IT detected any funny business, a tech would physically show up at your lab/office and ask you what was going on and make you fix the problem right then and there.
Cultural/Media Studies? (Score:2)
Make friends with someone in your Cultural/Media Studies faculty. Preferably someone doing research into social media, emerging cultural phenomena, self-organising cliques, something like that. Then get them to repeatedly hassle IT to give them access to blocked sites, claiming its for their research. I reckon after the fifth time IT will give up and just open up the whole network (their router access control lists will get unmanageable for their competence level).
VPN outwards (Score:2)
My former university used a VPN-service, where every student had to set up a VPN on their computers, and connect to the VPN-server before being able to browse the web. One of the guys even admitted that they're raping the VPN standard in every way possible by using it to connect outwards, rather than inwards, but still they stuck with it.
The downside was that until the VPN service connected, there was absolutely no traffic to the wider web, which includes Google DNS. So every time I wanted to connect, I had
Didn't you know this going in? (Score:5, Insightful)
As a /. reader, I can only assume you're rather technical. Isn't this something you discovered before going there?
Frankly, I wouldn't go to a school that did this. And I didn't. Thankfully, my first choice doesn't do anything like this. Traffic is unmonitored, but for legal reasons you have to register your MAC address to your university credentials to get out of the VLAN. This happens automatically with authentication to the wireless network, or manually through a captive portal for Ethernet.
As required by law of all ISPs, they will use this to forward DMCA notices, which happens pretty frequently. I can't exactly fault them for that. They'll also notice if you're really hammering the network with worm traffic or something, in which case they'll kick you off until you get the system cleaned up, which I can't fault them for either.
But other than that, they're pretty much out-of-the-way. They definitely view themselves as more of an ISP than anything academically-relevant, which is good. The university structure also places them at the same level as the individual schools (liberal arts, engineering, business, etc), and each school has its own school-specific IT that runs their own email and webhosting and so on, all of which helps keep them pretty much service-oriented. They pretty much provide internet access and server space to any university department that wants it (and pays for it, in one of those interdepartmental money-shuffling schemes), and otherwise back off from content management. Individual schools are free to filter whatever they want, but only in the school-managed network. In practice, none do. Even if they did, the dorms are separated out from that.
Not to mention the university is almost as liberal as they come in terms of information freedom.
But in any case, the university is your home for the time you're there. I wouldn't live somewhere that did this, and I wouldn't go to a school that did this. Not even because of the inconvenience - think about what that suggests about how they view academic and intellectual freedom.
Two solutions: (Score:2)
1, technical. VPN. There are plenty of cheap providers out there who exist to fix this problem, or just find a friend who's willing to let you bounce off their home network.
2, administrative. Go over the head of the technical guy who's blocking the net. You will need to do your homework first: have a good business case for why the current policies are a) inhibiting your (and many others') legitimate needs and b) aren't reasonable, necessary or effective measures to achieve security. If you have a hundr
I Would Also Like To Know Who It Is (Score:5, Insightful)
I agree that it is likely and administrator, rather than the IT department, who is responsible, but don't count on it. That's just worthless guesswork. You can find out.
Whoever is responsible, don't listen to all these wimps who just tell you to cave and pay for ANOTHER internet source when you're already paying for this one. Get hold of EFF, EPIC, the ACLU, and anybody else you can, and tell them your academic freedom is being repressed. Because it is true. But get some help. There are organizations out there who can not only help you find who is responsible, but put pressure on them to change the status quo.
Don't cave and just buy an expensive cell phone data connection (especially with prices going up). Fight the BS. Because that's what it is: BS.
Re:I Would Also Like To Know Who It Is (Score:4, Funny)
But it's their connection! Therefore, they are exempt from all criticism and he should do nothing if he disagrees with their policies.
Re: (Score:2)
But it's their connection! Therefore, they are exempt from all criticism and he should do nothing if he disagrees with their policies.
It's the university's connection, not the particular administrator of the IT department of the university's connection. That said, if it's an order that's come down from On High (it could be) then it's going to be hard to change since admins don't usually like to directly challenge nonsense from formal superiors.
Another thing to check is whether the restriction is the same for all connections. We (speaking as someone who works in university IT) have a whitelisted wired network with very few restrictions (SM
A Brief on Drilling corporate firewall (Score:3)
(1) SSH client (inside) ---SSH Tunnel--> SSH server (outside, with webproxy)
This may be the simplest setup, and the client could be linux or putty on Windows; and the server could be linux or CYGWIN on Windows
(2) OpenVPN client (inside) ---OpenVPN handshake--> OpenVPN server (outside, with internet routing)
You need to setup an OpenVPN server outside. For example, I reflash a CISCO router with OpenWRT at home so that I can connect from anywhere with OpenVPN client and use home's internet. This method could drill through most firewall/proxy, because it can be configured on any port, and any protocol (TCP or UDP).
Above methods requires setting up Internet connection outside. You might want to circumvene University's security policies directly, say by malform URL request. However, I do not recommend you to do so, as it would be considered a direct attack on their firewall.
Honestly I think you might have this all wrong.... (Score:4, Informative)
If you can go to your course lecturers and justify why you need access to Hackaday to complete your course, I am sure your lecturers have a process to unblock the sites.
In the meantime there are 1000s of other students trying to use campus PCs without needing to find them screwed over by the previous user. What you *might* be able to persuade the University to do is to provide an unrestricted wi-fi point on campus for personal use.
Use their obligations as a landlord (Score:3, Interesting)
Speaking from the other perspective.. (Score:5, Insightful)
As a member of an IT systems admin team for a faculty we've often got specific mandates which services we must restrict, and to what end. What you may also be up against, other than 'unprivileged' access - is politics. Students do Naughty Stuff (tm) - that's just a fact that keeps on proving itself true time and time again. Even if you can speak for you, your friends, or your entire course - I can bet dollars to donuts that there's someone out there trying to do something shifty. Case in point: I was seriously asked to relax the restrictions on banning Steam so a student could "download 10 or 15 gig so i didn't have to do it over dial-up". On-campus living - sure, i can see where restrictions like that may diminish any sort of sanity saving software platform ( Valve fan \o/ ), but I'm not going to open up a faculty network just so you can play games. It's an education facility, not your personal high speed connection to the 'net. If you were a postgraduate student researching something that required access - then by all means get your supervisor to approve your request and I'll be more than happy to make it happen.
That being said - outline a clear case of why you need certain things re-classified and you may have a better case to work with. I am not suggesting that this tactic will work - as there's probably more to the story ( see - plug and play filter lists/software/appliances which remove the need to dedicate an entire FTE to putting classifications on traffic going out ) than you really know, but it will certainly stop you from seeming like a whinging student and more like an intellectual who is using sound reasoning. Hell - if you are able to find clear, repeated examples of wrongful clasification of websites, you may be able to enact a reconsideration of what's being used to deny you access or relax the level in which things are blocked.
Of course, they might not care. Who knows?
Student computer club? (Score:2)
See if there's an on campus computer club, that will almost certainly lead you to people, servers and networks that will help with outside access.
A few things I've seen used on campus:
-SSH proxy tunneling
-VPNs
-IPV6 related workarounds
-'partner' universities and organisation that can be accessed/tunelled through without going through the firewall
-wifi router/repeater with long distance wifi link (eg with a 'cantenna') to an off-campus house/building
-friends that work for campus IT, local ISPs and the univers
Specifically for torrents, an easy solution (Score:2)
For all other normal web traffic, yes your school is being very Draconian if they're blocking the likes of Hackaday. I mean hell, that's pretty much "Great Firewall Of China" levels of censorship there. I frankly
Re: (Score:2)
Are you studying Computer Science or Programming? (Score:5, Funny)
If so ...
This is the basic test to see if you are worth letting back for the second semester. /. I suggest your consider a different career path.
As you have posted this question on
As you obviously want other technical people to get you out of trouble and solve all of your problems for you, I suggest you look at Sales and or Marketing.
Something tells me you have a natural aptitude for either of these.
I have a better answer. (Score:3)
Get friends to start buying old linksys routers and create your own rouge wireless internet campus wide. Get people to donate to pay for hardware and a few cable modems at the perimiter so your mesh network can have multiple internet gateways to balance the load.
Old routers and openWRT will do this, then start putting them up.
you are in college, it's time to be subversive and community building. a non uni owned student run wireless internet setup is the best way to do this.
Occupy (Score:3)
From an IT Admin (Score:3, Insightful)
Re: (Score:3, Insightful)
You imagine he's going to school for free, do you? I work in university IT and understand the pros and cons and plusses and minuses, and while we don't do this, we do some of our own foolish things. However, I don't think for a second that the students aren't already paying for this connection.
Re: (Score:3, Insightful)
I am also in university IT. The students are NOT paying for a free unlimited Internet connection. They are paying for their degree, and can expect Internet access relevant to their degree, nothing more. Since a large amount of University funding comes from tax payers, why should they/we foot the bill for students to waste terabytes of data on Youtube and torrents?
Re: (Score:2)
No, but I'd hardly call his university's situation the same thing as what you're talking about. Maybe what he's really out to do is what you're saying, but I could see that content filtering annoying me (as the filtering at my university commonly does if I try to look for anything related to security which is supposed to be part of my job function) and that's not what I'm up to.
Re:get over it (Score:5, Insightful)
Because youtube and torrents are part of using the internet.
What part of education do you not understand?
Apparently things have changed (Score:3)
In two ways:
1) JFGI is the go to strategy for most things IT related. It is one of the first things I teach our students. Have a problem you don't know the solution to? See if someone else already solved it. Don't waste time reinventing the wheel, the solution may be out there. Even if not, someone may have done something related that will set you down the right path.
2) Youtube is where we are now posting instructional videos. When there's something that students need to see over and over that doesn't chang
Re: (Score:3)
Re: (Score:3)
You are wasting your time and the time of the students for a motivation that smells a bit like Nazism.
The single excuse I give you is that it teaches student how to bypass censorship.
Re: (Score:2)
Re: (Score:3)
And how much does it cost to setup and maintain those filters vs. give unlimited access?
Re: (Score:3)
And how much does it cost to setup and maintain those filters vs. give unlimited access?
If you begin factoring in:
Then you find that "unlimited access" is everything but free.
What the university needs is a process / form so the student can argue why he needs to access the pag
Re:get over it (Score:5, Insightful)
Because, funnily enough, important education content like Stanford's machine learning lectures are available exactly via Youtube and torrents: http://see.stanford.edu/see/lecturelist.aspx?coll=348ca38a-3a6d-4052-937d-cb017338d7b1 [stanford.edu]
Re:get over it (Score:5, Insightful)
Re:get over it (Score:4, Insightful)
Would you advocate or approve of similar restrictions on the university library?
What's the difference?
Re: (Score:3)
I am also in university IT. The students are NOT paying for a free unlimited Internet connection. They are paying for their degree, and can expect Internet access relevant to their degree, nothing more. Since a large amount of University funding comes from tax payers, why should they/we foot the bill for students to waste terabytes of data on Youtube and torrents?
Umm, not sure what state or country you are in but most universities I know get no more than about 33% of their money from the state (most of that is used for salaries). The rest comes from tuition ( more than 50%) and donations/gifts to the university. So, OP not only could be paying for his/her connection, they are most likely supporting the entire university connection to the Internet. The university has a right to protect its systems and data, but not the right to restrict what people do with their own
Re: (Score:2, Informative)
Re: (Score:3)
Yes. But there also is research on porn.
It is a long time that I have been to university, but I have similar trouble with customers. Our Engineers waste a lot of time trying to get software we developed for a customer to the customers engineers because any of the following occur frequently:
* dropbox is blocked .exe and .dll are not allowed in e-mail
*
* our hoster is in a class A net blacklisted by customers spam-filter
* we chose a file name that matches some regular expression deemed dangerous by their IT st
Re:get over it (Score:5, Insightful)
"draconian" restrictions are there because someone in IT/management is lazy or has twisted viewes about what moral powers they should have over students. In other words because they are bastards.
Re: (Score:2)
Most corporates and government agencies all apply these so called "draconian" restrictions on thier staff and it isn't because they are all bastards.
This isn't a corporation, it is a facility for education. There are no profits to protect, here, nor is it their job to protect the students from their own habits. It's a waste of time and resources for IT to even be worrying about this.
The word 'draconian' didn't come about just because people's eyebrows are furrowed.
Universities are not for-profit corporations (Score:3)
Re: (Score:3)
Because Slashdot is a joke now. It used to be a place where IT people hung out.
Re:Google (Score:4, Interesting)
I've read the comments from stories from 2002 [slashdot.org]. I don't see how are they much better. Are you sure you haven't forgot to take off the rose-colored glasses?
Re: (Score:2)
Re: (Score:3)
No it isn't, OpenVPN is a protocol in its own right, the security comes from SSL. Usually it runs on UDP/1194, though you could run it on TCP/443.
It wouldn't be over HTTPS, but even so it may well be able to get through the firewall this way - assuming the firewall isn't doing some clever DPI work to fingerprint traffic type. (Possible, but IME rare).
I think you may have got the HTTP/S idea from the full version of OpenVPN that also installs a web-based GUI. But when users log in, the first thing they're pr
Re:Just use 3G (Score:5, Insightful)
Unfortunately, 90% of the headache of running a network is the userbase. Even in a small secondary school it can be difficult to keep people from abusing the connection (hell, I know I abused my uni's connection when I was there, not to mention their storage, FTP, CPU time, etc.) without policies like this.
They are providing you the service for things related to your work. Those sites you mention are not related to your work. Even if they were, the abuse of people using for things NOT related to their work is a burden that the IT department will be able to statistically measure. Otherwise they wouldn't bother with the hassle from students, staff, and technical problems associated with limiting your access.
It's not a question of "experts vs students", it's a question of different priorities. Even if you escalated it to the Dean themselves with the aid of staff, you would all end up sitting in a room with the IT guys who would explain exactly how much traffic that system cuts out, how many lost hours, how fewer abuse complaints they receive, how many more PC's they'd need to cope with the extra demand because of people hogging the computers for personal use, etc. and all for something that - if a site is genuinely vital to your work - they would gladly adjust to make sure it didn't interfere with your studies.
And then either you or the Dean would end up basically agreeing that what's in place isn't actually that draconian after all, and standard practice for most places for SEVERAL, very good, measurable, verifiable reasons. And every year you'd have the students/staff make the same argument and every year since the 90's it's been less of an issue because - as you point out - if you want unfiltered Internet for personal use, you can get it for next to nothing. And hell, in any university town I've ever been in, every cafe has free Internet to draw students in.
You have paid the uni, indirectly, to support your studies. If they are not supporting your studies, you can complain. But you can't complain that they aren't other personal Internet services to all X thousand students on their campus without paying the difference it would cost.
In my experience, working in schools rather than universities, I wouldn't be surprised if traffic (and therefore costs) quadrupled the second they relax their policy, even if they DON'T announce that they've done so. And those sorts of places usually run HUGE dedicated lines that are the backbone of the Internet - X thousand students accessing junk sites is NOT more important than the chemistry lab pushing a few Gigabytes around the world to their research partner. I assure you.
You have a workaround in the form of your own Internet connection, use it. If you want the uni to provide it, they will charge you MORE for the same thing because they are NOT an end-user ISP.
Re: (Score:2)
Maybe the slashbots have been unfairly filtered from being able to do their work before, (I have, on multiple occasions.) Or maybe in this case they'ce seen the damage this sort of resrtiction can cause in the context of education and they do not approve.
I, personaly have issues with the groupthink, Ive even been m
Re: (Score:2)
Sorry, accidently hit submit instead of preview... ...moddez down for saying it even exists. However, you cannot blame this as a groupthink invention. The maintenance of these restrictions is a waste of resources. If a student pay tuituion and fails, it is not the fault of the IT dept for failing to bl
Re: (Score:2)
Oh, for f's sake. Im sorry, this is my fault for missing the preview button. No hard feelings for making fun of my incompetence.
In short, let the student fail if he wants to waste time. Policiing the internet is not the job of a University iT dept and the groupthink agreeing with that doesn't make it wrong.
Personnaly I'd rather my tuition and/or tax money not have a bloody thing to do with censoring the internet. Afterall, there are no guarantees anybody will graduate. This is not an issue of fairnes
Re: (Score:2)
Re: (Score:2)
They don't have enough resources to support their students, so blocking somethingawful is the solution?
students are technically paying customers (Score:3)
University isn't normally free.
Also they Uni is wasting additional money on licenses for software and products to block everything, when it would be cheaper for them to provide a wide open internet to paying students.
Re: (Score:2)
Unlimited access to internet is much cheaper than university administrative fees for such things as, you know, internet connection.Your concept of "free" is quite distorted.
Re: (Score:2)
Unlimited access to internet is much cheaper than university administrative fees for such things as, you know, internet connection.Your concept of "free" is quite distorted.
The fees won't just be paying for the connection. There's a whole bunch of services too, including not just email but also things like having people around to help when things go wrong. That really costs and the value is invisible until you really need it.
Re: (Score:2)
It's quite possible that they only allow outbound 80/443 from their proxy server and block *all* outbound ports from client machines.
Re: (Score:2)
I have this at work. get your sshd to listen on 443. if they manage to block that, start a petition. DPI is evil.
You underestimate how tricky things could be. They might just block 443 anyway, which wouldn't be DPI but would be vastly annoying. Yes, it breaks sites thoroughly. Some might be white-listed (though the whitelist is likely to be out of date).
Just for comparison: I've had meetings in places where the only external internet at all was via a crusty old proxy that couldn't even cope with the CONNECT verb and which would only allow you to reach port 80 in the first place. Not that it was worth trying to route a
Re: (Score:2)
Re:Grow Up (Score:4, Interesting)
That's all fun and games to think that way. Until other people who are paying for that access bitch. Before we filtered content, we would get almost daily complaints from students about people watching porn in the library, or at a kiosk, or the guy who sat in our public area running a business (not a student, but he did pay for a gym membership so he is a paying customer....).
We would never have enough information to find and catch these people, so we would have to run around with our little "acceptable use policy" trying to find them and get them to sign it. Then hope that if they did it again, we would get enough notice to find them again and get them to sign it... again(you know the administration isn't going to expel a student over it...).
Then one day a big shot had his kid with him and she saw a student watching some really bad porn. Now we have content filters. (At least that's the story I'm told when I was told to implement the filters). The best part was that big shot thought we always had the filters. They were really mad that IT didn't take it on ourselves to filter content.
Re:Well... (Score:4, Insightful)
Or, possibly, treat the students like students. You know, intelligent inquisitive drunks that want to explore new things, test boundaries, flirt with the law and read somethingawful.com
I really struggle to see why any university student network should be censored. Sure, firewall and lock down the staff network, where student data is held. Provide strong security on shared servers. But locking down all 'net access to filtered HTTP? That's a surefire way to damage innovation and discourage learning.
I went to a university that had no firewalls - you could telnet to the main servers from external servers, and we used that capability to build and maintain internet services. Many people at my uni went on to build companies in the dotcom boom, take on programming jobs, otherwise put their acquired skills and knowledge to use. I would heavily discourage anybody from attending a university that didn't want the same for its students.