INTERNET ACCESS FOR UNDERGRADUATES IN UNIVERSITY COLLEGE DUBLIN: A PROPOSAL (LONG VERSION/1) by Niall Murphy Stephen Fegan Peter Cox The short-term objectives of this project are: To provide internet access in the form of electronic mail programs world wide web browsers network news readers for up to 500 UCD undergraduates by the next academic year. We furthermore feel that this access should be administered and provided, where possible, by the students themselves in full cooperation with the relevant authorities. The long-term objectives of this project are: To found a society within the college, called "The Internet Society", dedicated to the promotion and promulgation of everything to do with the Internet, including the running of such machine(s) as the society owns on the behalf of the members; To establish a precedent for UCD students being technologically aware and comfortable, if not competent, with the implications and applications of computers in general and networking in particular; Why the short term aims are necessary: Let us first examine why each of these network facilities are essential in turn, and finally look at the overall benefits of UCD students being connected to the global database that is the Internet. Electronic Mail Explanation On the surface electronic mail may appear to be just a faster way of delivering letters. One composes a message, it is delivered within seconds (or, rarely, within hours) and it sits in an computer-based "mailbox" waiting for delivery. But in reality it's a far more versatile method of communication than that, and will even handle certain types of binary files, allowing one to get sound and visual information from the net. Reasons E-mail is necessary because it allows students to pursue academic interests both related and unrelated to their course. For the benefit of the un-initiated, many many "mailing lists" on topics ranging from the mathematics of encryption to sardine recipes to discussions of medieval french poetry to megabytes of educational material on the sciences are available to anyone who uses e-mail. Subscribers to these mailing lists are able to ask and answer questions on such topics with an accessibility that is rarely available with lecturer-student, or even tutor-student relationships. E-mail is necessary because it allows a very easy method of communication with members of a class, members of a family, or even a specific interest group within the college. It allows for easy (re)distribution of course material, without wasting precious paper-based resources. And it can be recopied essentially without cost. E-mail is necessary because it allows for an easier and faster method of communication, which is always a good thing. World Wide Web Explanation The World Wide Web is the fastest growing method of information interchange on the Internet. It's based on a technology called hypertext, whereby any given document is first described and annotated in a language known as HTML, and then made publicly accessible to anyone with a web browser. The advantages of encoding something in HTML are the ease with which multimedia content can be incorporated within documents - for example, a www page with the book of kells as it's subject can incorporate photo stills of the pages, along with audio captures of a guide talking about that same page. the ability to link different documents together transparently - so that document on the book of kells can have certain words highlighted, which when selected will activate other documents - for example, the book is housed in Trinity College, selecting those words will cause the www browser to load in the page for TCD. The user never needs to know where these pages are coming from. Reasons Having web access for UCD undergrads is necessary because the world is moving towards storing all information on the web in easy to access form. Currently the web supports several possible search engines, and will, in the future, be supporting digital money, or e-cash. Not only that, but several projects are currently underway in UCD itself whereby students can access course notes with supplemental diagrams, Quicktime movies, etc. Unitel itself is being moved to a web based system. Many societies already have home pages, and can only benefit by having increased numbers of people who are able to read them. A system like the one we are proposing to provide would prove an excellent testing ground for Computing Services, for example, to test levels of demand, et cetera, for this service. Network News Explanation Network News is a long established form of group discussion. It is worldwide and generates an amazing amount of network traffic per day. Currently a typical server subscribes to approximately 3000 newsgroups and receives about 200 megabytes per day. Network News is a way to take part in more organised and more tightly run discussions than electronic mail will allow. It's also quite suitable for those who like to "dip in" to the world of networking occasionally, and who don't want the committment of subscribing to a mailing list. Reasons It is necessary to have Network News access for UCD students because of the huge potential this medium has for information communication and discussion. This sort of thing can't really be shown without demonstration, but one can learn so much through listening and taking part in informed debate, it's ridiculous that we have been denied it for so long. How to implement the short term goals Implementation Support There are various other groups dotted throughout Ireland that have volunteered their support, both technical and moral, in this endeavour. The SkyNet group in UL are helping us with the software setup side. Trinity's Student Computing Research Group have also volunteered their help. Administrators from Trinity Maths Department and some UCD Postgrads have also said they will support us in any way they can. This shows not only how much knowledge we have access to within the college, but also the significant number who have achieved things like this before and who are willing to help others. Software There is very little choice if one wants to run a multiuser system with this kind of network support. UNIX is the best option - and what's more, an option without cost, if one uses some of the currently available free UNIX implementations, like Linux or FreeBSD. Don't let free frighten you. UNIX is widely supported, and Linux is, when set up correctly, at least as secure as most other commericially available UNIX implementations. It's more secure, of course, when other machines are set up badly. We went for Linux because it has better hardware device driver support more amenable to alteration than FreeBSD other FreeNet sites tend to run it Hardware To support the number of users we hope to support, we have to go for something with plenty of processing power, which is also capable of running Linux. The IBM PC platform is well known for offering lots of processing "oomph" for a small amount of money - accordingly, we have decided on the following specifications as offering realistic performance for the least cost: Pentium P/90 processor 16 Megs RAM 2 gigabyte SCSI hard disk SCSI controller 16 bit BNC Ethernet card 14" SVGA Monitor w/1 meg SVGA card Keyboard Mouse Floppy Disk Drive This machine is similar in specification to what the SkyNet people in UL and to what Internet Eireann, a commercial internet access provider are using. John Quinn, system administrator of SkyNet, has said that he has seen 30 people online "without signficant system slowdown". We should be aiming to take 30-50 at maximum. Costings We have four options for sourcing this hardware within college Prohibitively expensive. within Ireland We had a look at some pricings from Irish firms, and decided against them, since the cheapest by far was a company called Gateway 2000, and their pricing was over 3000 pounds by a large amount. within the UK This is traditionally the best option - purchase by mail order ("direct") from a number of competitive manufacturers selling in the UK. Since computers rarely actually go wrong with regard to the hardware, most manufacturers concentrate these days on support and after-sales service - neither of which we need. Here are some pricings we collected from the latest Personal Computer World magazine: Item Price Motherboard 769 RAM 399 Hard Disk 675 SCSI controller 214 Ethernet Card 65 Monitor 189 Gfx card SVGA PCI 103 FDD 36 Tower case 80 Keyboard 25 Mouse 10 Including VAT this all comes to a total of 3013 IR pounds - without doubt the prices will have slipped down again when we come around to ordering. within the US We have had an offer of a machine with better specifications than above for IR2800 - but we are not sure whether we consider sourcing this reliable. There are, of course, concomitant relibility/delivery problems with buying from so far away. Overall costing We have settled on a final figure of 3000 pounds as being the figure that will allow us to complete our aims. A lesser figure will force us to give a reduced service. The extent of the reduction depends on the extent of the figure. Probably the first thing to be "downsized" would be the size of the hard disk, adversely affecting both the total number of users we can support and network news facilities. How we envisage members using the system Members, having obtained a LAN account from Computing Services (we believe all students of the college are entitled to one of these) will then be able to use the network utility TELNET to connect to our UNIX based system. From there, most users will be presented with a user-friendly menu based system allowing them to use the electronic mail programs, et cetera. Administration We feel the best way to effectively administer such a large body of students is (briefly) as follows: Divide people up into four possible user levels with priviliges according to rank: D These users will only be permitted to log in to the computer through a menu based restricted shell. The menu will be constructed by us and will only allow access to certain programs. Only a small fee, say 1 to 2 pounds will be charged for this type of account. C This class of user pays more than the above, and is entitled to use a non-restricted shell with which to execute programs. This would be a fairly typical UNIX type account, if you have ever used one. All of the above have access to Mail, News and the Web. B A user in training for administration has this type of access; no privileged access, but no other limits, so they can explore the system fully. A System administrator. Potential problems Problem Some would maintain that people who wished primarily to check their e-mail would be interfering with other people doing projects or more directly related course work to the detriment of the more academically orientated side. Solutions There are several solutions to this. Firstly we can implement time restrictions on user logins to avoid clashes with peak network load times, for example before 10am and after 17:30 pm. This is easily implemented with either a crontab with a .nologin file, or by tweaking initd. We could also implement time restrictions for each individual user. Problem The number of available terminals is so limited, adding an extra 500 users would bring the system under intolerable strain. The LG's, for example, are crowded during every day use - do we have enough PC's for this? Solutions Consider the fact that the above time restrictions will limit the available login hours, so that the vast majority of users will have left when the system comes fully online. Also consider the fact that it is effectively large numbers of simultaneous users that we might have problems with - not how many users we actually support. If only ten extra people log on at any given time, that's hardly a strain. If fifty do, that might be a problem - but at least it will only be affecting the response time of our server, and not any scheduled lessons. Problem How are Computing Services going to provide training and support for all this extra software that is not strictly under their control? Solutions Simple - Computing Services doesn't have to provide support for us. Not only can we do it ourselves at public meetings, but we can also stress in our initial brochures/advertising campaign that only those who are prepared to go through a little hassle when it comes to learning about e-mail, etc., should apply. Do consider that it is not actually completely necessary to provide the students with training in this regard. Firstly there are plenty of books in the library on these subjects, available to all. Secondly training can be spread by word of mouth, or by documents accessible by the students and written by the volunteer council. The wonderful thing about systems like this is that once you have attained a certain level of knowledge, you can "bootstrap" yourself to higher levels by mailing the system administrators for help and advice. Problem How can we be sure that you won't just take the money and run after a year? Solutions This is why we are going to set up a society to moderate and control the machine(s) we will obtain. This ensures some accountability towards the students forum in particular and the college in general. All future potential sysops will be vetted by a reasonably strict process of knowledge and interview based techniques, working closely with Computing Services. Problem What about security, both physical and electronic? Solutions Physical Thanks to the very kind offer of Dr. David Fegan of the Physics Department in UCD, we have quite a secure physical location in the Physics building to house the machine in. We shall also implement our own precautions in this ares - setting a BIOS password, unwiring the reset switch, turning off the CTRL-ALT-DEL reaction in initd, etc. However, after a year has expired, we will have to look for a new location for the machine. We have a few ideas: The fourth year computer room (Science) The demonstrators room (Science) A secure room in the library (Library) A secure room in the computer centre (CC) But we hope to discuss this matter with the Computer Centre when we have a detailed meeting with Computing Services. Network The essential point to remember here is that since this is a student machine, no-one except students will suffer if it is crashed. The thing to really worry about is hackers gaining root access and using that to jump to other computers. Since our machine will not be a "trusted" machine with respect to any of Computing Services' computers, it seems unlikely that anyone will find a way to penetrate to their machines from ours. However, we are of course doing all we can to protect both ordinary user files and root access. Some of our security precautions are: Running npasswd, which forces users to choose more secure passwords than normal Running a password cracker every weekend, which mails people with successfully attacked passwords and asks them to change the weak passwords Restricting ping, traceroute and su to a special user group Not using any r*d daemons Enabling the IPACCOUNT option in the Linux kernel so that we can keep careful track of user usage statistics and possible IP port infiltration Overall An ancient Egyptian proverb runs: "A lock only ever stopped an honest man." With that in mind, we can only be justifiably paranoid a given amount before our users privacy and convenience begins to suffer. We will not step over that line. Problem So what about this net thing anyway - isn't there really dodgy stuff out there? Solutions We face the responsibilty for selecting between information of different types and plausibilities every day of our lives. Just because information may come with a stamp of authority in college does not imply that it is TRUE in all cases. Information can actually be censored, should the college wish it so, although we would not find this palatable. Problem Won't people use E-mail to get lots of binary files and clog your system up that way? Even if you can tolerate it on your system, can the campus net stand the strain? Solutions The primary thing to remember here is that mail is delivered at the convenience of the systems involved. In other words, the things that really hog network traffic are FTP transfers, where a pseudo-direct connection is involved. Electronic mail, whatever size it is, tends to be more separated in terms of time than FTP, and as such will cause no problems with the network. In so far as swamping our system, we have administration tools that will effectively cater for finding out which users are abusing our system, and we can take action from there. (We scan our user mailboxes and home directories, and discover which ones are bloated.)