Tuesday, June 07, 2005

orkut discussion about the darfur situation

I stumbled across a discussion, in one of the orkut communities i'm in. It's about the genocide in darfur and how the united states isn't doing anything to stop it. it was followed up with a general round or US-bashing, and the mandatory condemnation of the US war in iraq (consistency is apparently not something bleeding-hearts value), oil, etc etc. here's a sample (forgive the guy's english):

A poor soul like me is still struggling to find one unhippocratic foreign policy that US is having!!!! May be there are one or two that I missed!!

Did US’ intervention brought down the misery in iraq? How many people died in war? Did sadam kill that many? Did he cause that much damage as the war did? What about the daily explosions occurring in Iraq even now? What could US do?

Well, why I call US policy Hippocratic on Iraq is because of the way they manipulated media and made the Americans (a large majority of them) believe that saddam was really posing a threat to the US security and we need to attack them when he really didn’t have any WMD with him (remember bush administration later came up with a sorry after the inevitable damage was done). And you would understand the folly of US if only you realize that it was US who created this Saddam.


here's what i posted.

if you look in a dictionary (you need one) you'll find that "purpose" and "justification" have entirely different meanings. if there is justification for an action, the purpose of the actor doesn't change that; conversely, no amount of justification can create a purpose if it doesn't exist.

for the us in iraq, there was a purpose and a justification; the purpose was control over oil, and the justification, that saddam was a tyrant.

in darfur, there is clearly justification; but the us has very little purpose in intervening. the cost is too great and it cannot be justified.

i dont know why you are calling for just the us to intervene there. the sudanese militia are lightly armed and travel on camels; an indian army division could clean them up too. but as an indian first, i dont want my country's soldiers to die there, and i dont want my money to be used that way. there is nothing to gain for india.

and lastly, it is interesting to note that you posted a link about arab militia abuses in sudan and followed it with a condemnation of the us. you condemn the united states, but you haven't said anything against the arab dominated genocide sponsoring government of sudan yet.

on the other hand, i think you would have been all bleeding-heart and supportive of sudan's tyrannical government... back in august '98 when the us bombed bin laden's ex-hideout there. in the absence of any other statement from all you bleeding-hearts, i shall assume that your emotional endorsement of the sudanese regime stands.

i'm sure that people who think with their guts and not their brains won't follow me on this - but you dont have any concern for the victims human rights abuses or anger at the perpetrators, just envy for the successful. face it, you hate america for being the most successful nation on earth, and there's nothing america can do, sort of self destruction, that'll change your mind. or gut.

Monday, June 06, 2005

State of the LAN

This is the article i wrote for the inaugural issue of "The Scholars' Avenue", IIT Kharagpur's student newspaper.

We love the LAN; we hate the LAN.

KGP’s love affair with the hostel network has now hit a rough patch. The semester began on a bad foot, with the network being held responsible for events that meant bad press for the institute. Curbs on the LAN were expected. Many measures were rumored imminent, and some steps the CIC took reinforced these rumors. In this report on the state of the LAN, ScholsAv tries to make sense of the institute’s unwritten network policy.

Connecting…

The speed of the net connection has fallen perceptibly this semester. Here’s our assessment of the events that led to this decline.

The total bandwidth of IIT’s external links has not decreased. Earlier there were four proxy servers, 10.3.100.211/212 for the Singtel link and 213/214 for the VSNL link. Most people used direct connection, so these proxy servers did not carry much traffic.

This semester the institute decided to install URL blocking – direct connection was discontinued in order to force all traffic through the filtering proxy servers. Moreover, the VSNL link was made unavailable from the hostels. To handle the expected increase in the Singtel traffic, three new proxy servers were set up – 144.16.192.217/218/148. The CIC did not buy new servers, so these are reportedly not the best hardware. The CIC denies this, but admits that the setup of proxies may not be “optimal”, and they’re working on it.

The bandwidth of the proxy servers are further choked by the filtering system. It searches within the URL for each request, comparing with a list of nearly 3000 blocked words and URL’s. The bandwidth capacity of the proxy servers must have been reduced considerably due to this.

The main task of the administrators now is to filter and block, not to optimize and improve. As long as this remains the case, the net is only likely to get slower.

any working pr0xy?

We used to laugh when newspaper articles said IIT Kharagpur had a “24 hour” LAN facility. “It’s not like someone has to sit there and push buttons all day…” Guess who had the last laugh.

In 2003, CIC blocked net access during the day (8 am to 5:30 pm), after some professors complained that internet access was luring students away from classes. This may have seemed such an obvious solution, that the actual effects of this measure were never seriously noted. However, it is not as straightforward as it seems.

For most of us, local student-run "servers" provide most of the entertainment – movies and songs from DC++, Mutter, Tourneys, Radios, etc. Other than keeping in touch with friends outside, the internet is only used for real learning purposes. This may not have been so when the ban was installed, as there were fewer student servers then, but this is the case now. If someone wants to spend time at his computer instead of attending class, blocking net access alone is not gonna change his mind.

On the other hand, forcing people to research at night stretches the KGPian’s already long day. According to the CIC website, bandwidth usage peaks around midnight and stays there till 4-5 am. If at 4 am KGP is downloading at 5 Mbps, it’s quite likely that people don’t turn up for that 7:30 class.

Instead of increasing attendance, the daytime block may actually be decreasing attendance in morning classes and delaying assignment submissions.

Welcome To .:: Hit Hi Fit Hai ::.

Filesharing is a big grey area. There were rumors at the beginning of the semester that there were going to be regulations on filesharing – an “official” hub, and a ban on other hubs. Those weren’t true – most of the CIC administrators are unaware of the DC network, and are definitely not responsible for the hub regulations.

To the question about whether filesharing was allowed at all, we were told, “Even if the institute decided that Shareaza should not be used, we cannot enforce such a rule.” We can assume that means filesharing is safe for now.

On the other hand there is a very good reason for the institute to encourage filesharing – economy. The bandwidth of the external links is only a few Mbps, while bandwidth within the LAN is several Gbps. If someone has already downloaded a particular file from the slower internet connection, others can get it over filesharing. This means that the file had to be downloaded from the internet only once – and not once for each user. This translates into huge savings of the external link’s bandwidth.
For similar performance gains by using a caching proxy, the proxy server has to have a 10,000 Gb hard disk!

The connection was refused…

The web (as in web pages) is not the only service on the internet. The normal proxies we have are only for web access, and allow connections only to port 80 and 81. The CIC provides another proxy server for accessing FTP and telnet (see box). We were told that other ports could be unblocked on request, if some academically useful software required this; such exemptions are usually granted on a per-ip basis.

So right now there is no official way to connect to internet services like email (POP, IMAP and SMTP), newsgroups (NNTP), etc. This had stopped Richard Stallman from checking his email while he was here… you’ll remember what he had to say about this, if you’d attended his lecture. It is difficult to see what this accomplishes, other than preventing P2P software from connecting. It does block a lot of useful communication tools, as well as a good number of software installers that check for updates.

Here’s a bizarre side story about this. The springfest web site was hosted on a server outside, and had to be updated through FTP. Back then the FTP proxy server wasn’t working. Guess how the web team made those changes – each time they’d write the website to a CD, take it to Goyal, and pay to use their internet connection. You’d think it were Goyal that had 10MBps international connectivity!

Access control configuration prevents…
Content filtering would be, if implemented properly, an acceptable policy for the institute to follow. It should not slow down the net significantly, and it should not block content that isn’t objectionable.

However, there is no such thing as a perfect filtering system – they would let some objectionable sites through, or block permissible sites too, or both. Moreover, filtering systems drastically reduce speed, and for this reason IIT officially follows a no-filtering policy. CIC denies they have had a filtering system installed on any proxy this semester. The truth, as we all know, is very different.

First some history – IIT used to have a filtering system initially, when the total external bandwidth was in kb’s and considered too precious. Now this has grown to 10 Mbps – any filtering system will only decrease speed, not conserve bandwidth.
The current* filtering system, hastily implemented after all the negative media attention, seems to be lifted from someone’s high school project. Much of the filtering is done by matching substrings – for example, if three x’s occur next to each other anywhere in the site’s address, it will be blocked. This causes a large number of perfectly permissible sites to be blocked.

What’s even more pathetic is that the system isn’t effective. It does not block several very well known pornographic sites because the URL’s are more subtle. Moreover it is not yet installed in all the official proxies, so if some site is getting blocked you could just try changing the proxy. On top of that, matching is case sensitive – if you do a google search for “teen” it will be blocked, but not if you typed “TEEN” or “Teen”…

And here’s what takes the cake. In their frenzy to filter sites that have “shit” in the URL, the admins have blocked the official Kshitij 2005 website. The Kshitij team sent countless emails to the “cache administrator” mentioned in the error page, but there were no replies and no action.

Stop, Refresh

The LAN and net access constitute one of the most important facilities the institute has for its students. Yet, no definite policy exists for its administration, and the regulations that exist today are mere knee-jerk reactions to events in the LAN’s short history. Many of these rules have no benefits, and yet seriously impede legitimate use of the network.

Things may be looking up, though. The institute has created a committee on IT policy, which is tasked with creating a comprehensive set of network policies. However nobody, not even members of the committee, expects this undertaking to be completed in the near future – the recommendations of the committee have a long journey up the IIT hierarchy before they can be implemented. The best course for IIT Kharagpur to take is to immediately adopt an established network policy of some other university. This policy can later be evolved by the IT policy committee.

The campus network is one of the biggest investments our institute has ever made. However, its benefits are being eroded away by the absence of focused policy-making. The system requires considerable improvements before it can justify being called “internet access in hostels” – today, these improvements can be made with no investment at all.

Except some time, and thought, from the authorities.

The information we have about the filtering block lists is as of January 31st. Things seem to have changed since then, but it’s not clear what the overall direction of those changes is.
We would like to acknowledge the information we received from the CIC, as well as “Tikli” and “Cyanide_Angel” without which this article wouldn’t have been possible.
Let’s take this occasion to thank the CIC, IIT Foundation, and everyone else who has made the LAN happen. Despite the gaalis we give it, we love the LAN.
Comments: scholarsavenue@yahoogroups.com
Corrections, Arguments, Abuse, Threats: aravindet@gmail.com