I have been too busy to write blog posts… I will be writing a couple of quick ones during my trip West…
We are being inundated by cleverer phishing attempts. Though our attempts to educate our users are helping, the new phishing attempts are essentially bypassing the safeguards that we have put forth and rely on social engineering.
Imagine getting a very short email from the President of the College or the Provost. Mind you, the hacker is careful to choose who to send it to. If it is coming from the President, the person has researched who are likely to be communicating with her – senior leaders, support staff etc., all of which is publicly available. (more…)
Amherst College, a premiere residential liberal arts college, lost network connectivity for almost a week. The college supported almost all of the technology services locally, which meant that pretty much everything was inaccessible for that period – Email, Learning Management System, Web site, administrative systems etc. And the faculty could not connect to the web from classrooms and students needed to use their cell phones to connect to the outside world. As one of them tweeted, students who could not afford to have unlimited data plans were limited from doing even this. You can read about the details here.
The IT staff did a remarkable job given the circumstances and had the community support all through, based on what I have heard. And I am so thankful for them coming out and sharing their experiences openly with their colleagues. This is so important for the rest of us to learn from, not just the technology piece, but how to best manage such a crisis.
What really happened? It is a complicated story on a lot of fronts, but the core issue that caused this outage is due to lack of investments in network hardware. Because they are still running on hardware that is pretty old, their network is configured as a “flat” network (Layer 2). Most modern networks are Layer 3 networks where we can segment networks based on a variety of criteria, such as a separate segments based on particular buildings, or connections from classrooms etc.
Amherst suffered what is called a Mac Flap Storm. Each network device has a unique address, called the MAC address and the networks operate under this uniqueness assumption to forward the network data to the appropriate device. Any compromise to that can “flood” the network and it is especially worst in Layer 2 networks. It will basically cripple the entire network. This can happen either because network wires create a short circuit or a misconfiguration either of which can advertise the same Mac address on two or more ports. This is most probably what happened in Amherst case. The worst thing about the MAC flap storm is there is no easy way to detect them!
(more…)
Congratulations to the Patriots on an incredible feat! It was one of the most boring and uninspiring games, but in the end, what matters is the score.
For me, this is Superbowl XL. The first superbowl I saw was in January of 1979, barely 5 months after I arrived in this country. As a young man thousands of miles away from home, deeply homesick, I needed distractions and sports provided that. Just like the millions of young Indian men, I was a devoted fan of cricket at that time (and continue to be). Only issue was that cricket was not as abundant as it is today. And it was played all around the world in odd timezones. We used to be glued to short wave radios for commentary and read the newspapers for additional details and photographs. I come to the US where cricket was only known as an insect at that time and not as a sport!
I used to go every day to Indian Embassy, some 6 blocks away from Hunter College with the hope that they had “The Hindu” newspaper. This is a regional newspaper that covered Tamil Naddu, where I am from, and I enjoyed their Sports coverage. The Embassy typically had newspapers from approximately a week prior and The Hindu was not their priority because it is a regional newspaper. Imagine getting scores a week later and sometime missing a key day! It was depressing.
So, i gave in to learning about American sports. My apartment mate tried to teach me football by having me watch both College Football and Pro football on the tiny 13 inch black & white TV. It is enough to say that he was much better at teaching me theoretical chemistry than football. I became friends with another Indian family in the neighborhood and that is where I learned the intricacies of the game.
(more…)
A temple in South India built between 1003 and 1010 AD https://en.wikipedia.org/wiki/Brihadisvara_Temple,_Thanjavur%5B/caption%5D
My wife and I traveled to India recently, a trip that I always look forward to. We spent time visiting friends and family, but we also had planned a trip to visit five Shive temples in the south referred to as “Pancha Boota Stalams“. They are manifestations of the five prime elements of nature: land, water, air, sky, and fire. In addition, we visited Manipal University in Karnataka. Though they are now Manipal Academy of Higher Education or MAHE, I prefer to refer to them this way for a couple of reasons. This is how we knew the institution when I was going to College in the 70’s. Secondly, MAHE reminds me something that sends chills up my spine 🙂
As I have mentioned before, we always sign on for the $10 a day International Pass from AT&T, which is very convenient because you are using your phone exactly like the way you do in the US. However, because our stay was a little long, we opted to get local SIM card (which is not trivial for foreigners, but because we are overseas citizens of India, we can do so somewhat easily) with the help of a relative. This got us off to a very smooth start in terms of communication.
(more…)
It is true that when you are enjoying what you do, the time goes by fast! We are engaged in several major initiatives in Library and Technology Services and several of us are also involved in many other campus initiatives and projects.
Some of our colleagues have played a very important part in assisting with the Science Center Renovation as well as in supporting the reaccreditation activities. This includes participation in multiple meetings regarding technology in the renovated spaces, be it faculty and staff offices or classrooms as well as provide data and narratives to those who are leading the reaccreditation preparations.
Not everyone is on the same page about wires in new spaces. Frankly, in our minds, we should take advantage of renovation to run conduits and run fiber even if there no immediate use because, in the end, that will be cheaper than scrambling to do this later. We have no idea what the needs of the scientists are in terms of computing and data access and network plays a very important part in all of this. For certain class of problems, wireless doesn’t simply cut it! However, budget and cost considerations are constant point of discussion during such a major project and our staff are doing a great job given how difficult things can be.
Several of the staff also played a major role in assisting with the move of the Science Library collections. They are distributed to other campus locations and remote sites. So far so good because almost 7 months later, we have not heard many complaints.
(more…)
I read the piece in New Yorker titled “Why Doctors Hate Their Computers?” and enjoyed it very much. It is by Atul Gawande who is a surgeon and an author. It describes the issues we all face every day – technology is changing fast and we want our respective communities to adopt them, but it is a monumental challenge. I am of course simplifying it, but thats the crux of it. There is one thing in the article that stuck with me – “Mutation and Selection”.
Basically the author compares how the medical profession operated under a very different paradigm early on, where, every physician basically operated independently that suited their particular modes of operation. This is mutation part. Electronic medical record (EMR) systems tried to bring standardization, better sharing of information amongst the physicians and most importantly, gave access to information to the patients readily. This is the selection part. Obviously this is not a trivial adjustment for those who operated independently and the fact the EMR systems, which are in their infancy, are not optimal. At least not yet.
Higher Ed institutions face exactly the same issues. The whole issue of centralization of systems is the “selection” part and the proliferation of multiple systems (Best of Breed) is the mutation part. What is the right balance between the two is so complex and dependent on the institution. But, the article describes how a neurosurgeon and his team is trying to “mutate” the “selection” system (EMR) so that their needs can be accommodated. This is what we would call customization in the old ERP systems, which turned out to be a terrible idea for a variety of reasons. However, in the more modern systems, such as Workday or Salesforce, accommodations to mutations are much simpler to manage through “configurations” and “business processes”. This would be a “controlled mutation” of sorts.
But, whats the problem with supporting best of breed?
(more…)
I was at the EDUCAUSE Annual Conference that was held from Oct 30-Nov 2 in Denver. I have accepted to be a member of the Nominations Committee of EDUCAUSE. There was an early meeting on Tuesday, that I needed to attend, so I arrived on Monday, Oct 29. It was a beautiful day with temperatures in mid to high 70’s. But then, it was all downhill, cold and a day of rain.
EDUCAUSE’s commitment to diversity and inclusion was evident everywhere this year. It all started with the Nominations Committee where we discussed the importance of creating a diverse pool of candidates for the Board. You could see it in messaging, programming and social media posts. I have been going to EDUCAUSE for quite a while and the lack of diversity was striking at the beginning, but it has continued to improve, but we have a long way to go.
I was active in twitter during the conference and you can see my tweets here.
(more…)
It is National Cybersecurity Awareness Month (NCSAM) and I thought I will share some of the ways I protect my information. Spoiler alert: you may not find anything that you already don’t know and I may have written about these earlier. And if you came to the event at Wellesley last Friday, you already heard about these from me. But I hope this serves as a good reminder about some of the best practices for keeping your information safe.
Passwords & Passphrases
I use fairly long and complex passwords. I prefer passphrases wherever they are supported. It is so sad that so many systems still do not support passphrases and are restrictive in terms of the length of the passwords. As a rule, I use different passwords for different systems. I will be very happy to privately share with anyone who is interested in knowing more about how I maintain/remember all of these passwords. I also avoid saving passwords for some of the critical systems and financial institutions in my browser’s password manager. They are safe and continue to be safer, but, if ever someone steals my Google Password AND bypasses two factor authentication, they will have access to all my passwords (paranoia!).
To change the passwords often or not is an age old question and I believe that having a long and hard to guess password is much better than changing passwords often. One of the reasons for mandating the password change was that if hackers had access to your password, changing it prevents them from accessing your data and that it is hard for them to guess your new password. With the exponential increase in computing power, the moment your password has been hacked, a lot of your information has already been accessed before you can change the password. Secondly, it has been shown that mandatory password changes result in predictable password patterns that are easier to guess than one can imagine. I encourage you to read this article “Time to rethink mandatory password changes” on this subject. So, my advice – make passwords long and hard to guess. (more…)
There is continuing controversy as to whether the claims that certain motherboards manufactured in China were fitted with tiny microchips that are capable of compromising data. Details as to what exactly this means is less important than the answers to “what if” questions. The chip could potentially install malware or open up a port silently for the hackers to invade any of the systems using such a motherboard. It could also potentially inflict other major damages such as erasing all data or corrupt the data slowly (in some intelligent ways) so that even backups over a period of time makes it impossible to retrieve the data. And it may be programmed to be dormant and wake up in some future date. Who knows?
Planting such “easter eggs” is a common practice in software, but not necessarily with the intent of causing damage, but more as a joke or for fun. Programmers of video games or computer software planted these for fun. For example, TECO editor from TOPS-10 operating system (in the late 70s and early 80’s) used the command make to create a file. If you typed “make love” to create a file called love, it had an easter egg which would respond by saying “not war?“. Most recently, Google engineers have been creating a fair amount of easter eggs.
I want to tell you a story about my question on this subject some 8 years ago…
(more…)
I landed in this country on September 10th, 1978 and completed my 40th anniversary a couple of days ago. I am forever thankful for being able to come here and like several millions of others, no one ever would have predicted this would be my future. After losing my parents very early, I grew up with my uncle and aunt in Colombo, Sri Lanka. Thirteen of us in all (11 cousins, my sister and I), cramped up in a house roughly the size of a two bedroom apartment. I had no specific plans academically except I was very interested and curious. I was the only one of the 13 to pass the high school finals (which was a national exam) and since the admission to one of the then 4 Universities in Sri Lanka was next to impossible, my relatives funded my education in India.
I loved the undergraduate school I went to and then was fortunate to get into one of the best universities in India, Indian Institute of Technology, (IIT) Madras, where I did my Masters. My family wanted to me to work so I can support them financially. By that time, I was fascinated by quantum chemistry and really wanted to study further. To satisfy the family, I went for an interview at Bhaba Atomic Research Center (BARC). I was acing the interview and the interviewer asked me whether I thought of first doing a PhD and then applying to BARC. I told him that that was what I would really like to do. We then chatted for a half an hour about cricket and I left and he wished me well in seeking admission to a PhD program. I never heard from BARC!
Since almost everyone from IIT came to the US for Masters or PhD, that is what I also did. I applied to some four schools and got into one, CUNY. Thanks to students from IIT coming before me doing well, Professor David Beveridge was glad to have me in his flourishing group in Hunter College at CUNY.
(more…)
