"It can only be attributable to human error…."Posts RSS Comments RSS
There is a lingering mythology about Macs being expensive and Windows PCs being more affordable – which is easily debunked if you look at the specs of a new Mac vs. a Dell & compare all the software included with OS X. This extends into the realm of servers as well. Have a look at this great chart from AppleInsider comparing the cost of a Windows Server with an OS X Server.
Usually when we hear about BitTorrent or peer-to-peer file sharing, it’s in the context of ‘pirated’ software or ‘illegal’ music sharing. They’re not the same, they shouldn’t be confused and I’ll explain why.
(A series of men’s restrooms? Nope, Peer-to-Peer.)
What is BitTorrent used for? BitTorrent is used to share large files. Researchers at universities use it to share data. Media make programming available through BitTorrent ( for example, the Canadian Broadcasting Corporation and the Norwegian Broadcasting Corporation), Amazon offers users BitTorrent capabilities in their online file storage service, the content for World of Warcraft is distributed through BitTorrent. It’s being used everywhere for ‘legitimate’ purposes.
Let’s talk about what constitutes a ‘legitimate’ use of the network on computers in a university environment. What’s obviously ‘legitimate’? – email, blogging, building web sites? But spam is email and it’s not considered an acceptable activity. A blog full of stolen credit card numbers is blogging, but it would be considered a crime. And what about a web site that incites violence?
It’s easy to see that activity on the internet is not identical to the technology used to perform the activity. The technology is a tool. Email is a tool. BitTorrent is also a tool. In reality, I think it’s more complex than that – but for now, let’s think of them as simply tools and without any moral value attached.
(How will you use your tool?)
Research by ipoque has shown that BitTorrent is the dominant protocol on the internet. That means it’s used more than http, the protocol used to serve and access web pages. To put it another way, BitTorrent is used more widely than web sites. That’s a popular tool!
Yes, BitTorrent can also be used to share a copyrighted music or video file without the permission of the copyright owner, but so can email, ftp and http and CDs and DVDs and hard drives. With Gmail’s allowed attachment sizes, for example, you can send entire albums of music in one email. But where is the effort to ban or stop email?
(This is not a crime.)
The RIAA has mounted a massive campaign against BitTorrent users – prosecuting them for sharing music. But this isn’t a new activity. When I was a kid we would copy albums onto cassette tapes and give them to our friends – this was never called ‘a crime.’ But now that the recording industry’s mode of operating is no longer profitable, they’re trying to criminalizing sharing. They ought be spending that time re-evaluating their mode of operating, but that’s another post.
Even if they succeed and even if it is ‘illegal’ to ’share music’ – BitTorrent (and other peer-to-peer sharing protocols) is and should remain a legal, usable, and useful protocol for sharing large files. As Manuel Castells said in the M. Nathan W. Levin Lecture at the New School in 2007 “The hackers built the network and they built it open.”
So, if you’re told that you can’t run file sharing software or BitTorrent isn’t allowed – ask why. Ask why they don’t want you to engage in a legal file sharing practice.
(Well, not these hackers…)
Want to give it a try and download something?
First, you need an application, you can read about some options here:
http://torrentfreak.com/mac-bt-clients/
And here are some free sites for legal torrents:
http://www.publicdomaintorrents.com/
Snow Leopard
We’ve begun upgrading the Macs at the Graduate Center to OS X 10.6.
Along with this upgrade, we’re implementing some other changes. We are no longer asking users to authenticate with Active Directory credentials in order to use the Macs in public areas. Users will not have to log in with their name and password in order to use all the applications on Macs in the Library, student computing areas and departmental lounges.
We’re implementing this change because our Mac users have had chronic problems saving files to their network drives and using applications that rely on saving to network drives. My first concern is making certain that users can actually use the technology, without anything standing in the way, and this change is the best way to make that happen.
Password Liberation
There is an additional benefit that comes with this change. All students, faculty and staff can now use our Macs without worrying about passwords. And once the user is done and they log out, all trace of their presence and activity is deleted from that computer. This is a dramatic increase in privacy for our users and frees them from having to worry about their password or account being up to date. As it is, most students I talk to use a non-CUNY email account as their primary email, so they often have problems when they are asked to use the CUNY account because the password has expired.
But what about printing and other network services that require an account? If the user wants to access any network services that require authenticating against Active Directory, they can do so à la carte - they choose to connect to the service (printing, network drives, etc.) and authenticate for each service.
This à la carte model flies in the face of current trends. Everyone says they want ’single sign on’ – which means, you log in once and everything else uses that authentication to give you services. But, I wonder, what if you want to use a computer without telling the computer who you are? And why should you have to confirm your identity at the door of the building and then again when you sit down at a computer? After all if security let them in the building they’re entitled to use other public services of the building. Just as they have access to the public restrooms, shouldn’t they have access to the public computers? Now they do. And more relevant to most users, what if their password expired, they don’t have time to deal with the bureaucracy of having it reset, and they just need to look at an email quickly or email a document from a flash drive? Now they can. And there are other benefits to privacy:
As much as I despise G**gle and everything they are doing (from data mining, to privacy invasion, to bowing to China’s every demand) they make the best free email service available. So I use Gmail. I use it for everything. Every CUNY email account is pulled into Gmail, all my personal domain names are pulled into Gmail. Why? Because you can search and it works. I’ll say it again, the search actually works.
How do you know if your search works? When you’re trying to find an old email and you just remember a word or two and the senders name, if you can’t type that into a search box and get your email in 2 minutes or less, your search doesn’t work. If you use Outlook, or Outlook web access, you know what I’m talking about. You can’t find anything, ever.
So, how do you get all of your email accounts collected together in your Gmail account? Use G**gle’s instructions here. And now, Gmail is offering the ability to use your own SMTP servers to send email. What does this mean? When you send, it won’t say “on behalf of” because it will actually be sending through your own email servers. This makes Gmail more like a desktop email client, such as Apple Mail, Thunderbird, etc.
So far I haven’t been able to get my CUNY email addresses to work with this feature (not surprising, is it!) – but it’s still useful for your other domain accounts.
If you’re managing Macs in an environment where Active Directory is used you might be considering how you can integrate the two, or you might be asked what the options are. I’ve been doing research and testing on this for a few years so I thought I would share what I’ve learned. I’m breaking this down into four options – but really there are countless combinations that you could deploy. Please ask questions (or post corrections!) in the comments.
If you’re currently building and deploying images that incorporate all of your settings without using any directory services your computer management looks something like this:
What’s the downside here? When you want to make a change in settings, you have to re-image your Macs. This is probably the most common but least efficient way to support your Mac users. If you decide you want to start using domain accounts on your Macs and you bind one of the Macs above to Active Directory and log in, you’ll get a generic user account and have very little control over how that account is configured. Why would you want control over that account? Not to control the users behavior or how they use the technology, but to provide them with the best environment for their work; to give them more access. What kind of access? – network resources like printers, network drives and other services. So how do you control the settings and preferences for the user accounts once your Mac is bound to Active Directory? You use MCX:
(The line “the only way to do some things” is borrowed from Greg Neagle’s (Senior Systems Engineer at Disney) presentation on MCX. He said it so well!)
This brings us to the first option for managing Macs in an Active Directory environment. In this configuration (Option 1) your Macs are authenticating to Active Directory and when the user logs in, the settings are determined by MCX on the local image. To configure those settings you use Workgroup Manager which is available in Apple’s free download “Server Admin Tools.” Once you’ve set up the MCX settings for a group of domain users, you can update these MCX settings by deploying changes with Apple Remote Desktop.
Alternatively, you can centralize those MCX settings by moving them off of the local hard drive (out of the local directory) and onto an OS X Server that is bound to Active Directory. That means when you use Workgroup Manager to make a change on the server it is applied to every client bound to that server. The clients are bound to both Active Directory and to Open Directory (on the OS X Server). They authenticate with Active Directory and get their settings from the OS X Server. That brings us to what is commonly called “The Golden Triangle.”
You don’t have to host these MCX settings on an OS X Server, they can be kept inside attributes and objects in Active Directory. But to do that, you have to extend the Active Directory Schema. That brings us to the third option.
Click for streaming video from Apple on extending the AD Schema to support MCX.
You can purchase third-party software that will do some of this work for you and provide some ability to control Macs from Active Directory. The software available includes Centriy DirectControl, Thursby AdmitMac and Likewise Enterprise – but here’s why I don’t suggest going that route:
“Security” is a buzzword we hear every day in IT. For some it has become the foundation of IT policy and a litmus test for every decision. But it’s not a closed case. What “security” actually means is still up for debate. There are researchers doing incredible work on these questions of “security” uncovering the ways it’s used to disempower people, spy on them and prevent them from regaining power. Big Brother in the Black Box and the boardroom.
”Electronic media…have become the privileged space of politics…without it there is no chance of winning or exercising power.” (Castells, M. The Power of Identity. 1997)
During my 15 years in academic technology I’ve frequently witnessed the idea of “security” used as justification for closing down previously open services and limiting user choice. Not as a response to problems that have arisen, but as a “Best Practice.” Whenever I encounter this, it always clashes with my experiences of technology opening up previously closed systems and empowering users to remake the world. When I.T. uses “security” in this way they’re really saying: ”There is some kind of threat, some potential danger, and we have to protect you from it even though nothing has happened so far – to do so, we’re going to to take away civil liberties and restrict your civil rights.” Sounds eerily familiar doesn’t it.
The application of this notion of “security” does not make us more secure, it does not increase our security. It limits our freedoms. If an IT department considers “security” above all else, pay careful attention because they’re likely limiting your freedoms in significant ways. By prohibiting certain protocols, software and behavior and not allowing you to choose what is installed or have control over your computer or software they’re policing your behavior, hoping to stop you from doing something either “illegal” or “harmful.” But it seems pretty clear from both historical and modern attempts that policing and criminalization don’t achieve the desired result; the behavior inevitably continues in a different form and through different means. The most troubling part about this implementation of “security” is that it’s not just happening in the corporate sphere, but in higher education, in research universities, in places where these kinds of restrictions not only limit users rights, but actually hinder the goals of the institution.
“A powerful counterhegemonic use of the Internet is the ability to communicate intersubjective knowledge – as much an attribute of hypertext as innate in the Internet. People from different places, with radically variant experiences, are able to convey a notion of what it is like to be them, to live their lives, via the Net. For example, the production side of the commodity chain no longer is shielded when one reads an essay, written by a shoe-factory worker, that describes conditions where Nike shoes are made. In an ideal situation these texts are written by the individuals who are involved, not by experts or elites, and are unfiltered.” (Warf, B. and J. Grimes, Counterhegemonic Discourses and the Internet. Geographical Review, 1997.)
Why would higher education choose a model of “security” that threatens open inquiry? Some of it is coming from corporations. If you work for MegaCorporation X and your job is filling in a spreadsheet with numbers, they might squeeze more profit out of your labor (in the short term) by only giving you access to a spreadsheet application, restricting your access to anything else and spying on you while you work. Of course, they’re missing out on innovations you could discover if you were free to use the full potential of your digital device on the open network – but they don’t want innovation, they want a factory worker who sits at a computer instead of an assembly line. OK, so the corporations always do this – but they’re also informing much of what is done behind the scenes in the broader world of IT. Higher education is always in danger of inheriting the corporate discourse from hardware and software vendors, through hiring policies and because of traditions of institutional organization that regard IT as a building service and not a department with a responsibility to education and research. You can see how insidious this danger is if you listen carefully to the language used in academic IT departments. They talk about “enterprise” services, “clients,” “customer satisfaction,” “customer service” and “training.” Again, buzzwords that sound great to MBAs, but not policy, practice or discourse that encourage participation, learning and democracy in education.
If you haven’t worked in IT, you might even think that IT staff are well suited to making decisions about issues like “security.” That’s not usually the case. It’s not malicious, they’ve just learned to respond to technology in certain ways. For example, they have a gut reaction that “peer-to-peer file sharing is bad” without considering that organizations like the Democratic Voice of Burma use P2P technology to collect digital reportage of human rights violations from citizen journalists. And the IT staff have been constructed by a corporate IT discourse with little regard for pedagogy because corporate IT doesn’t care about pedagogy. But IT policy doesn’t have to be a monolithic dogma accepted only because the people who repair hardware, write code and build networks “know more about technology” than the users. To allow that is no different than trusting government officials who won’t show the evidence, but say “We don’t want the smoking gun to be a mushroom cloud.”
So, when someone in IT says “we can’t do that because it’s a security issue” I encourage users to borrow from a classic film and respond:
“You keep using that word. I do not think it means what you think it means….”
With that in mind, here are some closing thoughts on specific Users Rights, a working draft on a Users Bill of Rights if you will.
Because digital device hardware, software and network systems exist only to meet the needs of the user AND because the user is not a powerless subject of arbitrary policy AND because liberty and the exercise of freedom are always under threat, users have the right, including but not limited to:
Mozilla’s Thunderbird email client is a great alternative to M$ Entourage and Apple Mail. Thunderbird is Free Software and it offers user friendly support for OpenPGP, so you can easily send and receive encrypted emails with it. It doesn’t support “Exchange” as such but it does support IMAP, so you can set up your GC email account very easily.
Until today, I hadn’t tried setting up directory services. It took a little playing around – but it worked:
- Name: GC LDAP
- Hostname: r1.gc.cuny.edu
- Base DN: dc=gc, dc=cuny, dc=edu
- Port number: 389
- Bind DN: gc\YourUserName
To finish, click “OK” and then click “OK” again and then select the entry you created “GC LDAP” from the drop down menu and click “OK” to close the “Account Settings” window.
Now when you create a new message, Thunderbird will autocomplete the names (GC addresses) as you type. You can also look up users in the “Contacts” tab of your new message window.
If you’ve set up Entourage on your Mac to get your GC email, you might not have access to the Contacts that are also offered by our Exchange servers. If you notice that Entourage doesn’t autocomplete names when you type them, this is why.
To get these services working, you’ll need to add our LDAP server to your Entourage account configuration. Here’s how:
1. In Entourage go to the “Tools” menu and choose “Accounts”
2. Double-click to open your Exchange account settings
3. Click on the “Advanced” tab
4. In the “LDAP Server” field, type: r1.gc.cuny.edu
5. Check the box “This server requires me to log on”
6. Click “OK” and you should have access to directory contacts in Entourage!
We took a look a the iPhone app for Blackboard today – but it seems to require version 9. As CUNY has only just updated to version 8, it may be a while before that app is of any use here.
In the meantime, check it out here: iPhone app for Bb
After testing, we’ve discovered that the newest Citrix client works with Mac OS X version 10.4 and 10.5. You can download the newest client here:
Citrix Client for Mac OS X (Version 10.00.603 – Universal Binary)
There are older clients available from the Citrix web site. You can download them here.
Michael
Elizabeth Housley