Sunday, November 06, 2005

The Death of Student-Run Websites

This recent Scholars' Avenue chaos has resulted in a new rule that students are not allowed to run websites on institute servers. The Kshitij, Springfest and Gymkhana sites (as well as hall and dep websites) have either been taken down or has been passed into the control of faculty members. To make any changes, for example in the Kshitij site, we have to go through a lengthy process involving writing stuff to a CD which the rector nominee (technology) or the SCom chairman (Kshitij), as well as the president gymkhana, will approve, put in a sealed envelope, and then forward to the faculty in charge of the institute website (now also in control of gymkhana webserver). He will then upload those new files if he gets time in between lectures, and the entire process would take 2 weeks by which time a new sponsor would be crying "contract violation", for not putting their logo on the site.

Although this has come in the wake of the Sholars' Avenue deal, I think it was coming for a long time now. The institute seems to believe, perhaps correctly, that Indian "cyber laws" hold the administrator of a server is responsible for all the content on it. Even if he is hosting a public, unmoderated, forum under a disclaimer saying these aren't necessarily his views. Even, it seems, if a cracker defaced the website and put some rhetoric on it - Indian laws seems to require that admins will have to take responsibility for the cracker's rants. Which, by the way, would probably fall foul of laws against sedition which I never new existed in "liberal democratic" India.

In the context of IIT Kharagpur, it seems the gist of the new "IT policy" is this: the diro will be responsible for whatever is hosted on an insti server; they can't take the risk of allowing students, or even faculty, to set up any publicly accessible pages. All content will be vetted by institute bigshots. In one stroke it kills any chance of introducing the so-called "Web 2.0" technologies - collaborative content creation, open discussion boards, the like.

Needless to say, none of the ancient professors that drafted the "IT policy" can tell you what a web browser does, if their lives depended on it.

What takes the cake is this: the institute wants us to believe that this decision was taken because of a couple of defacements of student run sites. They cannot be convinced that security and censorship are different things - every time i meet a professor about this, the conversation alternates randomly between "hackers writing anti-national things" and "what if u people also start abusing the institute, like that newspaper of yours?" Even if they think that CIC can secure webservers better than students (which is a laughable idea), why not get the CIC to administer the servers, and perform security audits on the sites we host on it? Geocities allows millions of people to host sites on their servers, and their server never gets hacked! Neither does David Filo or Jerry Yang get arrested for any of the hundreds of geocities sites openly supportive of Al-Qaeda.

For every student-run site that gets defaced (happened twice as far as i know, both low-profile for-kgp-only sites) ten CIC-run servers get defaced. The much touted

More on those defacements: apparently the intelligence bureau (the world's oldest independent intelligence agency, i hear) is done catching all the militants in kashmir so they are now spending taxpayers' money on sending letters to IIT's diro, every time a website hosted in the institute is defaced. a couple of those letters concerned student-run sites: the alankar website was defaced by a pakistani group in april, although the alankar team got it restored within a day; the V.S. hall website was defaced later. They (profs) did not tell us how many websites run by the "trained professionals" in CIC were also defaced. Having had the opportunity to work on several of the servers they have set up, each running archaic software and terribly misconfigured security settings, I can make a guess that the number would be quite a lot higher. In fact, for a week last month, coinciding almost exactly with the mid sems, the video lectures website was one page of bold chinese text (which i am sure read something like "fuck you, indian imbeciles who don't know what SQL injections are!"). And they took over 7 days to find and fix it!

Quite possibly, when the institute got all those letters from IB, it was left to CIC engineers to assign blame for all the misconfigured servers lying around - and they found a quick way out by blaming voiceless students.

There is one thing that continued to puzzle us - both the instances of defacement happened several months ago. Why the sudden burst of activity after all those moths of foot-dragging on this "IT policy"? We had assumed that it was the Scholars' Avenue chaos - however there seems to be something else as well, although i got only hints. Some site admin somewhere complained that IIT kgp proxy servers were being used to attack his site/server; Law enforcement people and/or institute authorities assumed it was a student here who was responsible. I don't deny that this is a possibility; but it is not the only one and this is why: a friend of mine found out, while he was home, that the new proxy servers - apparently configured by MORONS - accept anonymous connections from the internet! Their ip's are apparently on every hackers' list of such servers; it was waiting to be taken advantage of by malicious hackers, from anywhere in the world, out to cover their tracks. Since there are more hackers in the rest of the world than in IIT Kharagpur, whoever was responsible for the attack is more likely to be from St. Petersburg than from Kharagpur.

The CIC is meticulous in blocking proxy servers from the hostels during daytime... but apparently they forgot about the rest of the whole wide world!

And guess what takes the cake? This friend of mine, the guy who found this out, went and told an engineer in CIC about it - and guess what? He was told very rudely to stop trying to hack the institute proxies, or he will get into a lot of trouble!

BTW... I won't be listing those ip's here.

8 Comments:

Blogger >|' ; '| said...

stunning...to hear that the highest centres of educational excellence in india are run by archaic dinosaurs.keep trying to convince them of the justness of your cause.

06 November, 2005 05:12  
Blogger duttan said...

hmm. sad.

And I thought our high school teachers were the ones who didn't know anything computers and internet.

Can't believe this is happening in an IIT, of all places.

06 November, 2005 05:13  
Anonymous rocksea | റോക്സി said...

This is a very devastative decisions by IIT authorities. Is it for IIT Kharagpur only or for other IITs too?
Don't you students have some role in making such laws? May be the students should discuss it with the authorities and show the demerits of such a rule.
Now, it is through communicating networks that the society is growing, developing. If the networks are blocked like this, it will only take IITs to the netherworld. Mostly it is the students that bring discoveries and developments in terms of communication networks or others online.
True that networks are vurnerable but one can always secure it effeciently thru proper administrative methods.

06 November, 2005 06:34  
Blogger Nukem said...

hail bureaucracy

06 November, 2005 07:26  
Blogger arvin said...

@roxi: no, students don't have any role in making such decisions. true, there is a student representative (vp gymkhana) who sits in some meetings, including the one in which this policy decision was taken... but he really doesnt have any real power. there are lots of profs at the meeting and decisions are taken by the diro, not by voting.

there are student reps in the senate as well, but they are only a miniscule fraction, and there are only 3 senate meetings so there arent many decisions taken there. also, 2 of these 3 meetings happen in the holidays so the student reps who are from other states (most of em) are usually absent anyway.

06 November, 2005 09:56  
Blogger Anirudh said...

Pity to hear the kshitij website was down due to control passover. I liked them forums. Why won't the students try to run them on independent servers? Contreversy a good break from the drudgery of end-sems though, keep posting.

15 November, 2005 23:16  
Anonymous uma said...

Hi, I am daily user of http://www.ktj.in/woodstock/ run by IIT Kgp guys. This site is mostly used for amateur traders for mock trading. This site gives us excellent opportunity to learn trading in BSE.I appreciate the efforts of owner of this site and want to thank him to provide us such a great opportunity to learn trading.
For the last one week, I am not able to access this site. I don't know, why?? Could you please help me to find the current status of this website? Shall I wait for some more days or switch to other sites for mock trading?? Please provide alternative sites for mock trading in Indian market.
Thanks in Advance
Uma(Plz reply me on uk134@rediffmail.com)

30 November, 2006 03:38  
Anonymous Anonymous said...

If I'd hack, I would not write a blog about it. If you are better than me, catch me without blogging about it.

16 September, 2008 11:14  

Post a Comment

<< Home