ISServices have full root access to students' hard disks!

Cantab.

I couldn't believe the ISS terms and conditions of using the College network.

Orwell would be proud.

I don't know why the SU/GSU are so silent about this. It's an absolute disgrace and a monumental invasion of privacy.

It's bad enough them making us use gmail software that's hosted externally and used for boosting google's statistical know-how on the habits and wants of Trinity students.

What's wrong with round-cube or squirrelmail or horde? Hell, what's wrong with a command line interface? -- let the students decide rather than be dictated to. Soon we'll have corporate companies advertising their wares on lecterns.

PurpleFistMixer

That's why I never use computers. People are tracking me, I know it. Luckily in the blast-shelter I dug under my garden, nothing can get me. I also have layers of aluminium, sheltering me from harmful gamma radiation.

But I mean, in seriousness, what? I know there's some program you've to run before they let you on the network, is that what you're talking about?

Cantab.

PurpleFistMixer wrote: »

That's why I never use computers. People are tracking me, I know it. Luckily in the blast-shelter I dug under my garden, nothing can get me. I also have layers of aluminium, sheltering me from harmful gamma radiation.

But I mean, in seriousness, what? I know there's some program you've to run before they let you on the network, is that what you're talking about?

Why don't you walk around naked then seeing as you've nothing to hide?

Crash

One of the old steps in the network clinics involved setting up ISS with admin rights - i'm pretty sure that that doesn't happen now with the current setup. Unless you can expand on this Cantab.?

PurpleFistMixer

Cantab. wrote: »

Why don't you walk around naked then seeing as you've nothing to hide?

I do sometimes, what is your point?

Cantab.

Cantab. wrote: »

I couldn't believe the ISS terms and conditions of using the College network.

Orwell would be proud.

I don't know why the SU/GSU are so silent about this. It's an absolute disgrace and a monumental invasion of privacy.

It's bad enough them making us use gmail software that's hosted externally and used for boosting google's statistical know-how on the habits and wants of Trinity students.

What's wrong with round-cube or squirrelmail or horde? Hell, what's wrong with a command line interface? -- let the students decide rather than be dictated to. Soon we'll have corporate companies advertising their wares on lecterns.

So what?? You want to use their system and their software with no way for them to see what your up to?

You think it gets any different when you start working?

Another tip: your ISP can see what sites you visit on the net.. better burn your phone line.

ntlbell

Mark200

You mean on our laptops when we connect to the wireless....?


And anyway, I don't see what's wrong with Google...

snappieT

Going Waterforward wrote: »

One of the old steps in the network clinics involved setting up ISS with admin rights - i'm pretty sure that that doesn't happen now with the current setup. Unless you can expand on this Cantab.?

You're absolutely right. The old way of getting onto the network involved attaching to the domain, which effectively granted them admin access. They don't do that anymore.

Of course, the storage space they provide (S: drive) is saved on servers they admin, and therefore have full access to. Their servers, their rules.

goingnowhere

Firstly the only way they have of accessing your hard disk is to physically be in front of your machine and either have the admin password or boot into linux of some such

• If your data is that sensitive stick it on a USB stick and keep it with you at all time
• Use a secure delete app or function to delete anything 'iinteresting'
• Encrypt it

ISS already know every web page you visit and to be honest with the exception of a few torrent trackers they block nothing

The new student network allows a machine to be removed from the network with the push of a button, in fact the 'box' will pull naughty machines automagically, old days its was a case of physically remove cable, but they didn't know what cable to pull

goingnowhere

goingnowhere wrote: »

Firstly the only way they have of accessing your hard disk is to physically be in front of your machine and either have the admin password or boot into linux of some such

• If your data is that sensitive stick it on a USB stick and keep it with you at all time
• Use a secure delete app or function to delete anything 'iinteresting'
• Encrypt it

ISS already know every web page you visit and to be honest with the exception of a few torrent trackers they block nothing

The new student network allows a machine to be removed from the network with the push of a button, in fact the 'box' will pull naughty machines automagically, old days its was a case of physically remove cable, but they didn't know what cable to pull

I presume the OP means the ISS machines and the S drive.

goingnowhere

Deleted User wrote: »

I presume the OP means the ISS machines and the S drive.

Nope

ISS wrote:

nformation Systems Services reserves the right to render any network point inactive at any time.
Users must grant Information Systems Service the right to examine the contents of the hard disk(s) of any machine connected to the College network.

Cantab.

Deleted User wrote: »

So what?? You want to use their system and their software with no way for them to see what your up to?

You think it gets any different when you start working?

Another tip: your ISP can see what sites you visit on the net.. better burn your phone line.

Not necessarily.

What if you use the TOR network?

What if you've your own dedicated server with a secure connection between you and your machine (via your ISP, with the only thing the ISP knows is the IP of two machines and a page loads of 2048-bit encrypted rubbish).

The onus is on the student not to abuse the computer facilities/do anything illegal, not a nanny ISS.

Cantab.

Cantab. wrote: »

Why don't you walk around naked then seeing as you've nothing to hide?

You weren't a gum ball participant were you?

Incidentally, I've been in every library butt naked! (except the Ussher -- wasn't built back then... Oh, and early printed books -- too hard to get to when you're naked...)

GerardKeating

Cantab. wrote: »

The onus is on the student not to abuse the computer facilities/do anything illegal, not a nanny ISS.

Nope, the college could be liable for for something done via it's network.

As another poster mention, their equipment, thier rules, if you do not like the rules, don't use ISS.

Cantab.

Mark200 wrote: »

And anyway, I don't see what's wrong with Google...

Funny how Google's good enough for students, but not good enough for academics and staff.

Cantab.

GerardKeating wrote: »

Nope, the college could be liable for for something done via it's network.

As another poster mention, their equipment, thier rules, if you do not like the rules, don't use ISS.

The whole philosophy of ISS is fundamentally flawed AFAIC.

This is a university, not a US multi-national (although you'd sometimes wonder...)

Jonathan

Would any self respecting sysadmin block themselves access to parts of the network that they are meant to be administrating?

mathew

IS Serivices dont have full root access to my hard disk. Noone does, except me..
Unless they know my user name and my password (not my college one, my personal one on my computer) they cant access my computer. All thats shared is a public drop folder anyway, so if they do happed to have the password, all they can access is that shared public folder.

Jonathan

mathew wrote: »

IS Serivices dont have full root access to my hard disk. Noone does, except me..
Unless they know my user name and my password (not my college one, my personal one on my computer) they cant access my computer. All thats shared is a public drop folder anyway, so if they do happed to have the password, all they can access is that shared public folder.

I think he is talking about your s drive.. the useless 100mb file storage..

I just use mine to host portable apps..


That said, i havent logged onto an iss computer in 4 months. :pac:

mathew

well thats pretty understandable.. They own the space, and let you use it...
Its only 100MB anyway, cant really store much there....

Cantab.

mathew wrote: »

IS Serivices dont have full root access to my hard disk. Noone does, except me..
Unless they know my user name and my password (not my college one, my personal one on my computer) they cant access my computer. All thats shared is a public drop folder anyway, so if they do happed to have the password, all they can access is that shared public folder.

If you install that CSA.exe stuff they do.

mathew

no they dont... my sharing permissions stayed exactly the same after running that.
CSA doesnt install anything, its just an exe that runs, checks the status of their antivirus (if it exists/is up to date) then directs you to the NAC webpage to either install antivirus or updates or tell you you are successfully online.
The only thing you install is the antivirus software, which is independent of college, its McAfee...

Jonathan

Cantab. wrote: »

If you install that CSA.exe stuff they do.

No they dont..

It's optional if you know how

PurpleFistMixer

mathew wrote: »

no they dont... my sharing permissions stayed exactly the same after running that.
CSA doesnt install anything, its just an exe that runs, checks the status of their antivirus (if it exists/is up to date) then directs you to the NAC webpage to either install antivirus or updates or tell you you are successfully online.
The only thing you install is the antivirus software, which is independent of college, its McAfee...

I have to say the whole "your anti-virus isn't the one we like" was fairly annoying at the time, had to upgrade a perfectly working copy of AVG.

Mark200

Cantab. wrote: »

Funny how Google's good enough for students, but not good enough for academics and staff.

So what exactly IS wrong with Google Besides, you know, how they clearly need our precious e-mails to achieve their ultimate plan of taking over the world

Jonathan

Cantab. wrote: »

Funny how Google's good enough for students, but not good enough for academics and staff.

Exactly what souper sekkrit information are you trying to hide?

Cantab.

I'd prefer not to take the risk of some disgruntled employee snooping around and/or some nosy-parking by junior IT admins boozing it up in the office late at night.

Next time I'm taking a dump in the Ussher, I'll just leave the door open. Actually, I think I'll use the ladies. After all, I've nothing to hide.

The social conditioning seems to be working: hard disk inspections by college computing, facebook, twitter, mobile phone logging, CCTV everywhere, ID cards.

What's next? Fingerprinting and RFID chips?

Crash

But you do realise numerous people have pointed out that while they may have that in their T&C's, unless you're on a college machine or using college storage, which will ALWAYS be accessible by a sys admin, then you don't have a problem, right?

godtabh

Cantab. wrote: »

I'd prefer not to take the risk of some disgruntled employee snooping around and/or some nosy-parking by junior IT admins boozing it up in the office late at night.

There is an easy way to avoid that.

Unregistered.

Cantab. wrote: »

What's wrong with round-cube or squirrelmail or horde?

CS use squirrelmail... And have a separate, larger filestorage for students!

snappieT

mathew wrote: »

IS Serivices dont have full root access to my hard disk. Noone does, except me..
Unless they know my user name and my password (not my college one, my personal one on my computer) they cant access my computer.

Under the old system (where you had to join the domain), they actually did have access. They could remotely login to your PC with admin permissions, and do whatever they liked.
Which is precisely why I dual booted two copies of Windows: one for college, one for personal use.

As has already been said, this is no longer the case.

Brian

I saved a 270mb file to the ~/Downloads folder on an iMac I was using today. Where does that go? Is it stored remotely or does it stay on that computer only?

Either way, I will so be using those iMacs for HD video editing.

mathew

it stays on the local machine.. which I believe gets restored everytime the computer is restarted...
On the macs the desktop is stored in your file storage tho, so anything you save to your desktop will appear on the desktop of any ISServices mac you log on to...
does mean you can only save 100MB to the desktop tho..
A local desktop folder exits to, anything in that will also show up on the desktop, but will only be on the local machine.. in order to write to that folder you have to browse to it in finder... Pasting/saving to the actual desktop writes to your file storage...

Brian

Hmm. I guess I'll have to import the footage to the iMac, do some editing, then save my project progress to my Firewire drive.. teh woez of netbooks.

godtabh

Speaking of notebooks how do you connect them to wireless networks? I cant see it on the ISS website. I just want net access

Jonathan

kearnsr wrote: »

Speaking of notebooks how do you connect them to wireless networks? I cant see it on the ISS website. I just want net access

Netbooks are no different to laptops..

leninbenjamin

Cantab. wrote: »

What's wrong with round-cube or squirrelmail or horde? Hell, what's wrong with a command line interface? -- let the students decide rather than be dictated to. Soon we'll have corporate companies advertising their wares on lecterns.

they ground to a halt under load on the scale of this university. believe me, it's nice to be able to access one's email everyday.

Crash

snappieT wrote: »

Under the old system (where you had to join the domain), they actually did have access. They could remotely login to your PC with admin permissions, and do whatever they liked.
Which is precisely why I dual booted two copies of Windows: one for college, one for personal use.

As has already been said, this is no longer the case.

Well, they could access it if you didn't go and undo some of the stuff you did during set up.

godtabh

jmccrohan wrote: »

Netbooks are no different to laptops..

I'm not that slow!

I just cant find where on the ISS wesite now to connect. Can only seem to find the remote access to the library

Jonathan

kearnsr wrote: »

I'm not that slow!

I just cant find where on the ISS wesite now to connect. Can only seem to find the remote access to the library

You never know with those civil engineers :P

http://isservices.tcd.ie/network/index.php

snappieT

Going Waterforward wrote: »

Well, they could access it if you didn't go and undo some of the stuff you did during set up.

Oh I realise that, I just didn't like the antivirus muck they enforced on me, and absolutely refused to uninstall.

Jonathan

snappieT wrote: »

Oh I realise that, I just didn't like the antivirus muck they enforced on me, and absolutely refused to uninstall.

There are ways around everything

AV checks included.

mathew

http://isservices.tcd.ie/network/docs/NAC_booklet_2008.pdf

from here:
http://isservices.tcd.ie/network/snac.php

Cantab.

Anyone else find ISS's site ridiculously confusing?

It's like an over-engineered frankenstein.

When are they going to get with the times?

They should dump all the PAC machines and give students laptops -- they're only €400 these days and it must cost a fortune to maintain all those boxes.

And -- can we please dump the lazer huts and install a nice croquet lawn or tennis court or something? The pre-fabs have been there years -- it's a farce.

And PDAs, iPhones, netbooks, etc. are more and more prevalent. Hell, it's only a matter of time before clothes and hair cuts are connected to the internet!

ISS are gone beyond a joke and if there's one department that should be cut back on, it's them.

Jonathan

Cantab. wrote: »

They should dump all the PAC machines and give students laptops -- they're only €400 these days and it must cost a fortune to maintain all those boxes.

Are you serious? :rolleyes:

Cantab. wrote: »

And PDAs, iPhones, netbooks

Already possible to get those on the network.

Cantab.

jmccrohan wrote: »

Already possible to get those on the network.

Right -- windows mobile 6. Please explain how (without breaking the rules)? I don't want a trip to Dr Stokes.

And I am not letting ISS run any of their spy-ware on my phone.

Jonathan

Cantab. wrote: »

Right -- windows mobile 6. Please explain how (without breaking the rules)? I don't want a trip to Dr Stokes.

And I am not letting ISS run any of their spy-ware on my phone.

*face palm*

Go figure it out yourself.

PurpleFistMixer

Having to lug a laptop in and out every day would not be ideal for everyone, and so using PCs that are already in college makes much more sense.

andrew

Just use a pen and paper OP.

Podge_irl

Cantab. wrote: »

I couldn't believe the ISS terms and conditions of using the College network.

Orwell would be proud.

I don't know why the SU/GSU are so silent about this. It's an absolute disgrace and a monumental invasion of privacy.

It's bad enough them making us use gmail software that's hosted externally and used for boosting google's statistical know-how on the habits and wants of Trinity students.

What's wrong with round-cube or squirrelmail or horde? Hell, what's wrong with a command line interface? -- let the students decide rather than be dictated to. Soon we'll have corporate companies advertising their wares on lecterns.

OH MY GOD.

I bet they would never do something like that in Cambridge. The esteemed scholars and fellows would never allow it.*





*wait, yes they would.