All computers can be compromised by hostile attacks. These security breaches, however, can often be avoided by taking a number of preventive steps and one of the simplest of these is to create an effective password.
Each year, thousands of computers around the world are illegally accessed by unscrupulous individuals, known as hackers, who look for vulnerable systems that they can infiltrate. The results of these attacks can range widely from mildly inconvenient to debilitating for the hacker's victims. According to a report recently issued by the White House (http://www.whitehouse.gov/pcipb/), computer users in higher education are especially vulnerable to security attacks, because many hackers search for computer networks that provide access to sensitive research or to government-related information. Hackers also target the high speed connectivity available in university systems to conduct illegal trading of copyrighted materials and to launch Denial of Service (DOS) and other similar attacks that can impact large numbers of Internet users. According to the report, all computers, including those used in the largest organizations in the world, can be compromised by hostile attacks. These security breaches, however, can often be avoided by taking a number of preventive steps. One of the simplest of these is to create an effective password. An effective password is one that is difficult for an intruder to guess; it should be as long as possible and should contain at least one alphabetic, one numeric, and some non-alphanumeric characters like @, #, and %.
"Guessing weak passwords is one of the ways hackers are able to gain access to a system," says Kathleen Kimball, director of ITS Security Operations and Services (SOS). "Password security should be taken as seriously as a PIN number for your ATM card. If you don't protect your password, you could be making it very easy for an unscrupulous person to gain illegal access, not only to your system, but to other Penn State networks, including high-profile University departments conducting sensitive research. By protecting your password, you are protecting the University."
Avoid the obvious! Here are some simple rules to follow when creating passwords:
When accessing a computer, use common sense:
Safe computing is an ongoing task, and a strong password is only one element of a variety of procedures students, staff, and faculty should employ to ensure that their systems are protected and secure. Passwords need to be used along with other means of security that include updated anti-virus software and a personal firewall such as ZoneAlarm or Symantec's Norton Personal Firewall (see http://www.zonelabs.com and http://www.symantec.com/sabu/nis/npf/ to find out more about personal firewall protection).
Additional computer security information can be found on the Security Operations and Services web site at http://sos.its.psu.edu.
By Mary Janzen Aziz
In November 2002, Penn State was awarded the Sloan-C Award for Excellence in Online Cost Effectiveness for the curricular redesign of the Statistics 200: Elementary Statistics course. The project, funded by a grant from the Pew Learning and Technology Program at the Center for Academic Transformation, was a team effort of the Statistics Department, the Schreyer Institute, and Education Technology Services (ETS).
William Harkness, professor emeritus of statistics, accepted the award November 8 at the Sloan-C International Conference on Asynchronous Learning Networks in Orlando, Florida. The Sloan Consortium, or Sloan-C, is an association of accredited educational institutions offering degree programs through high-quality online education, as its Web site at http://www.sloan-c.org/ explains.
In selecting recipients of the award, a panel of experienced online educators looks for practices that best exemplify reliability, impact, and contribution to a particular field. The citation reads, "For implementing and sharing the cost effective practice of course design that reduces lecture time and adds interactive learning."
According to the Statistics 200 Web site at http://stat200.stat.psu.edu/, the course redesign was intended to make the material more relevant to students by shifting the role of the instructor from strictly a lecturer to facilitator of self-directed learning. The redesigned course stresses hands-on practice activities using technology.
Because students are now grouped in labs of about sixty students, rather than lecture sections of about thirty students, fewer sections are needed, reducing the number of teaching assistants required and the administrative overhead costs. Assessments of student readiness help instructors focus instruction on gaps in knowledge, rather than sequencing material based on a predetermined notion of what students need to know.
These course improvements reduce the cost per student by approximately thirty percent. In a course with an enrollment of over 2,800, this adds up to significant savings. John Harwood, senior director of Teaching and Learning with Technology, of which ETS is a part, says, "Statistics 200 has shown that careful redesign of large courses can yield both improvements in learning and reduction in costs."
The course redesign project began when the Pew Grant Program in Course Redesign gave a grant to the Statistics Department. According to their Web site at http://www.center.rpi.edu/PewGrant.html , the Pew program encourages universities to redesign instructional approaches using technology to achieve cost savings as well as quality enhancements, particularly in large-enrollment, introductory courses. The Pew program is currently supporting three rounds of ten projects each, for a total of thirty redesigns. Penn State's project is one of those in round I.
With the help of the grant money, the Schreyer Institute assisted the Statistics Department in redesigning the curriculum. Once the curricular redesign was complete, ETS created a small-scale Web-based course management system.
"The system allows an instructor to post a syllabus in one place for all sections of a course, and when a student logs in, he or she automatically enters the right section," explains Elizabeth Pyatt, ETS instructional designer. There, the student finds pre-assessments, reading assignments, and exercises, listed by date. "Our programmers did an incredible job developing such a usable system on a very quick time line," adds Pyatt.
Harkness says of the course redesign, "It's a fantastic success." He explains that the Statistics Department is now using the same curricular model in biostatistics and engineering statistics. Students enrolled in courses using the new model have performed progressively better on each quiz, he says. On the final exam, there is a "big difference" compared to scores from students enrolled in traditional lecture classes. He observes, "There's no other way to fly." He says he prefers the new curriculum emphasizing self-directed learning and would not go back to the old model of three lectures a week. Now the students get hands-on, involved learning. Although it may be more work for the students, he says, "They get so much more out of it."
In summer 2002, twelve undergraduate students, located in four different states, discuss their research on global environmental change. They are part of the Human-Environmental Research Observatory's Research Experience for Undergraduates (HERO REU) program, and their conversation isn't taking place in one single classroom. Instead, these students are videoconferencing with each other, discussing the vulnerability of their individual sites to global climate change.
The Human-Environmental Research Observatory (HERO) network is a research collaboratory of four universities sponsoring HERO sites. The university observatories involved are Penn State University (Susquehanna River Basin Observatory), Clark University (Central Massachusetts Observatory), Kansas State University (High Plains-Ogallala Region Observatory), and University of Arizona (Southwest and Mexican Border Region Observatory) and are funded through the National Science Foundation.
Students in the summer REU program, three undergraduate geography students at each of the four sites, used field and secondary research to work on HERO's vulnerability protocol. The protocol asks the question, "How does land use change affect the vulnerability of people to climate variation and change?" Each student on a HERO site team was assigned a different piece of the vulnerability assessment: natural hazards (like sinkholes), technological hazards (like superfund sites), and land use (the people element, including socioeconomic factors).
Part of the REU student's task was not only to complete but also to evaluate the protocol they were following as they worked on completing their research. Students also evaluated the geo-collaboratory-a set of tools for collaborating between sites synchronously and asynchronously. The geo-collaboratory consists of video-conferencing, the eDelphi technique, and the e-notebook.
"In the beginning," says Brent Yarnal, principal investigator for HERO and Penn State professor of geography, "we organized weekly videoconferences. Students were so engaged that they were videoconferencing almost daily by the end of the project." They stopped using the phone completely, since it was more cost effective to use a local network to set up a videoconference, and the REU students also preferred the synchronous nature of videoconferencing to e-mail, where dialogue doesn't flow in real time.
"The videoconferencing was invaluable. In a lot of ways, the protocol now is very different than it was, and it wouldn't have gotten that way without videoconferencing. We couldn't have done this over e-mail," says Steve Weaver, a Penn State senior who participated in the REU program and is continuing to work with the Penn State HERO site this semester.
REU students also used HERO's eDelphi technique, an online version of the Delphi technique in which collaborators all brainstorm on a concept anonymously and submit their ideas on that concept to a central moderator. The moderator then sorts through the ideas and brings them to the table for discussion. Completing this process using the online eDelphi tool is not only easier and less expensive than bringing together all collaborators in one place, but also has the additional benefit of removing hierarchy and politics from the conversation because ideas are submitted anonymously. The eDelphi tool "is a rich, Web-based instrument that can tabulate and track the discussion, yet keep identities from all but the moderator," says Dr. Yarnal.
A final method of online collaboration, the e-notebook, was less successful than eDelphi or videoconferencing. In theory, the e-notebook allowed REU students and researchers to post their research data online so that it would be accessible to the other collaborators. In practice, the e-notebook became muddled through lack of a file management system and naming conventions, and researchers couldn't always be sure which data was where.
Mark Gahegan, HERO co-principal investigator and Penn State professor of geography, is working on redeveloping the e-notebook. He is moving away from the notebook as a central repository for data and toward a metaphor of the notebook as a knowledge discovery tool. The distinction is that in addition to sharing data, researchers will also be able to visually explain and track the evolution of their individual and collaborative ideas.
The new e-notebook model, tentatively dubbed Codex, uses conceptual diagrams that map how the researcher conceives of a problem. A conceptual diagram shows the web-like relationships between the elements surrounding a concept, and the Codex diagrams allow more specific information regarding an element to be viewed via a rollover button. "It allows people the flexibility to organize information according to how they view it, and they can attach a file to each node in the conceptual diagram to explain the context of the analysis-why they did what they did, not just what they did," says Dr. Gahegan.
Another feature of Codex is the ability to track the evolution of concepts by viewing older models and looking at the changes from one model to another. The new e-notebook also allows researchers to pinpoint the differences between one conceptual diagram and another and to search the notebook by concepts.
"We're trying to strike a balance between obtrusiveness and usefulness (with Codex)," explains Bill Pike, a graduate research assistant with the HERO project. "This summer's REU students will serve as a test for the new notebook version. We'll get usability feedback from them and work on fine-tuning it. The tool has to capture the deeper thinking behind the analysis without being too time consuming or burdensome to use."
The versatile uses of the geo-collaboratory tools have exciting implications for other disciplines engaging in distance collaboration and communication about a multitude of ideas. As it continues to develop this suite of tools, the HERO network hopes to use the geo-collaboratory tools to attract other groups who are undertaking local environmental investigation to set up their own HERO sites and to grow the HERO network.
Computing interest groups are a great way to supplement interest in specific areas of technology. The most familiar technology learning resources at Penn State are seminars and courses, available either as credited University courses or as ITS training or Web-Based training seminars. While courses and seminars reach an endpoint, members of computing interest groups have the benefit of an ongoing learning dialogue that keeps them up to date in their area of interest.
The following computing interest groups meet at Penn State's University Park campus and present a variety of activities that enrich their member's knowledge and abilities:
The Pennsylvania Macintosh Users Group (PAMUG)
(http://www.pamug.org/)
The Pennsylvania Macintosh Users Group brings together students, individuals, and families interested in hardware and software for Apple / Macintosh personal computers. Meetings generally include member or guest speaker presentations on new software and technologies, and end with a raffle for prizes like software, t-shirts, or other giveaways. Members also participate in fundraising events and recently donated a new iMac to Schlow Library in State College.
PAMUG members learn about new technology in a hands-on, personal environment and network with other people with similar interests. They also receive discounts from some local and national vendors, have the opportunity to shop at the Apple MUG store, and are included on a listserv that features PAMUG news and updates from the group along with other press releases.
The PAMUG will be holding its annual swap meet in March, when members and non-members are invited to bring their used Mac equipment to sell or swap. To find out more about PAMUG, join them at their meetings the second Tuesday of every month at 7:30 pm in 189 Materials Research Lab on Hastings Road. Upcoming events and presentations are posted on their Web site, http://www.pamug.org/
The Information Technology Club (ITC)
(http://www.clubs.psu.edu/itc/)
The Information Technology Club (ITC) is a student organization within the Smeal College of Business. The club is focusing on Web page design this semester. Members split up into groups that meet either Monday or Tuesday each week and create Web pages for other Penn State clubs and organizations. Organizations using ITC-created Web pages include Women in Business, PA Logistics Association, and the Business Roundtable. The ITC provides training in Flash, Dreamweaver, and Photoshop and also helps members build their personal Web pages. Ongoing projects include making a computer from scratch and an ITC member resume book that is distributed to corporate contacts.
To learn more about the Information Technology Club, visit their Web site (http://www.clubs.psu.edu/itc/) or join them Mondays or Tuesdays in 11 Sparks during their Web design sessions. Brian Eschbacher, ITC president, invites interested students to come observe the Web meetings and to approach him with questions or for more information.
The SAP Student Interest Group (SAP SIG)
(https://intranet.smeal.psu.edu/studorgs/sapsig/)
SAP is a database driven enterprise integration software that incorporates all aspects of a working business. Students in business and engineering areas who recognize the importance of gaining experience with SAP and other enterprise integration software like SAP created the SAP Student Interest Group (SAP SIG). The SAP SIG meets two to four times a semester and sponsors meetings with industry professionals who have implemented SAP software in their businesses. For example, the SAP SIG anticipates having a speaker from Hershey foods discuss the way Hershey configured and implemented SAP.
The SAP SIG is also working on a series of SAP tutorials for its members that would allow them to run sample business interactions. Because SAP is a database driven software with a user-friendly interface, the greater learning interest is in the business interactions that can be run after data is entered.
To learn more about the SAP Student Interest Group, visit their Web site at https://intranet.smeal.psu.edu/studorgs/sapsig/ for information and listings of upcoming meetings and activities.]
The Penn State Student Chapter of the Association
for Computing Machinery
Penn State Student Chapter of the IEEE Computer
Society (PSU ACM / IEEE CS)
(http://www.cse.psu.edu/~psuacm/)
The ACM / IEEE CS sponsors meetings and activities for students in computer science related fields. Meetings often include informal discussion on career related topics like creating resumes, interviewing for jobs and internships, experiences at jobs and internships, applying to graduate schools, and current undergraduate study. The ACM / IEEE CS functions as a networking and information resource and also sponsors events that intersect between computer science and another field. For example, they recently sponsored a speaker on the legal future of the Internet.
Ongoing projects include improving ANGEL content for members, including information like digitized versions of lectures and talks and a database of results from a recent survey on job interviews. Members are also working on a new computer science-oriented magazine, which they hope to publish in late February. Another of the perks for ACM / IEEE CS members is free pizza at meetings.
To learn more about the PSU ACM / IEEE CS, visit their Web site at http://www.cse.psu.edu/~psuacm/ for information and listings of upcoming activities.
The Linux Users Group (LUG)
(http://www.lug.psu.edu/about.cgi)
The Linux Users Group (LUG) promotes the use of Linux, Unix, and open source software. Members share information and increase their exposure to Linux through presentations and other activities, including helping each other with Linux tech support. Presentation topics include subjects like Zero Configuration Networking (Zeroconf), LaTeX, Hydra, and Kerberos. A recent, ongoing LUG project is an open source spam filter.
The LUG meets weekly alternating Tuesday and Monday nights at 7:00 pm in 306 Hammond, and more information about their meetings and upcoming presentation topics and activities is available on their Website, http://www.lug.psu.edu/about.cgi
By Stephanie Anderson
It's hard to do anything these days without a computer-even save the environment. When a group of Penn State engineering students were given the task of creating a more fuel-efficient sport-utility vehicle, they looked no further than Information Technology Services (ITS) for help.
The students will compete with fourteen other universities in the FutureTruck 2003 Competition, a national project that seeks innovative ways to reduce fuel consumption. ITS recycled five 390E IBM Thinkpads from computing labs, then donated them to the FutureTruck project. The laptops will be used for everything from diagnostic testing to writing technical progress reports during the competition in Romeo, Michigan, June 2-12.
FutureTruck is a four-year project that combines the resources of industry, government, and academia to address growing environmental concerns about sport-utility vehicles. This year, FutureTruck sponsors include the U.S. Department of Energy, Ford Motor Company, and the National Science Foundation. Ford donated Ford Explorers to the participating universities, and students are working to redesign the trucks into more energy-efficient hybrid-electric vehicles.
The computers donated by ITS will be used for a variety of purposes, says FutureTruck participant Eric Reischer, a Penn State mechanical engineering student. "The intention for the use of the laptops is to use them as 'pit crew' machines, which will allow them to monitor the health of the vehicle at all times across a wireless link," Reischer says. "In other words, the engineers back in the pit areas can constantly monitor telemetry coming from the vehicle and look for anomalies which could indicate that a specific system is failing."
One or two of the computers will be added to the interior of the vehicle as well, and will be programmed to cull data from different sources and act as a central collection point. The laptops will also be used to develop control algorithms and simulation software, write technical reports, and perform real-time data acquisition and diagnostic testing.
Dr. Daniel Haworth, professor of mechanical engineering at University Park, has acted as the faculty advisor to the Penn State FutureTruck project since 2001. He oversees approximately seventy students involved in the project. Dr. Haworth explains that the development team formulates a plan and a budget for the project, and then implements the plan by replacing original parts of the vehicle with newly engineered, more fuel-efficient parts. The reengineered Explorers must yield a 25 percent higher fuel economy. The teams are judged on a variety of other factors, as well.
"The focus is very much on reducing fuel consumption," Dr. Haworth says, "but also on not giving up anything in fuel emissions, performance, creature comforts, all of it. We get graded on all of it."
In June, Penn State's FutureTruck Development Team, primarily composed of undergraduate engineering students, will travel to Ford's Michigan Proving Ground outside Detroit to showcase their retooled, more environmentally friendly Explorer in the competition. Penn State has been competing in the FutureTruck initiative since 1999, and each year, the team has shown marked improvements. Last year, Penn State was awarded the Cisco Telematics Award, as well as the award for Most Improved Team at the 2002 competition in Yucca, Arizona.
For more information about the FutureTruck competition, visit http://www2.mne.psu.edu/futuretruck/ or http://www.futuretruck.org/.
For information about ITS computer donations, e-mail Kent Becker at kxb9@psu.edu.
Penn State has long taken the issue of copyright infringement seriously, and has encouraged its faculty, students and staff to become familiar with both national laws and University policies on the subject. Recently these efforts have intensified under a new campaign sponsored by Information Technology Services (ITS). The campaign, which targets a variety of groups at Penn State, has one basic message: educate yourself concerning copyright laws and software piracy. One of the ways that ITS has been distributing this message is through a unique and entertaining student contest taking place on the Web this semester.
"While the contest has been designed to be fun and to pique student interest" there is nothing funny about copyright crime," says Kathleen Kimball, senior director of ITS Security Operations and Services (SOS). "Penn State has an obligation to respond expeditiously when its networks and computers are reported to be in violation of law or University policy-and using software to download music, videos, and other copyrighted material without the owner's permission is a violation of both of these."
"Many people just don't realize how serious this issue is," adds Russell Vaught, associate vice provost for information technology. "An individual who participates in copyright infringement is subject to civil-and in some cases criminal-penalties. It's really not much different than walking out of a store with a CD in your pocket that you haven't paid for-and can, in extreme cases, have far more severe penalties than simple theft."
Events involving students at other universities have heightened Penn State's commitment to educate the University community about copyright violation. At the University of Oregon, a student was sentenced by a federal judge to two years' probation and limited access to the Internet for illegally distributing copyrighted materials using the campus computer network. The student, charged under the 1997 "No Electronic Theft Act," faced a penalty from three to five years in prison and up to $250,000 in fines. In a similar case, campus police at Oklahoma State University seized a computer from a student who was accused of distributing copyrighted music after the Recording Industry Association of America (RIAA) faxed a complaint to the University network security officer about the large volume of music and movies that were being disseminated via the institution's network.
According to Kimball, the RIAA and the Motion Picture Association (MPA) are becoming much more aggressive in their pursuit of copyright infringers. Last semester, SOS received several notices from the RIAA regarding the use of the University's network for illegal downloading. "When the University receives these notices, we act quickly," says Kimball. "Our first step is to turn off the alleged offender's ethernet connection. Then the individual is notified and appropriate contacts are made for further investigation and adjudication. When a complaint is received, these actions are required by federal law."
In addition to these efforts, Penn State has been working to raise community awareness about common misconceptions related to infringement-plus shed light on how the associated heavy downloads can overload the University network, making it more difficult for legitimate users to access e-mail and use the Web for educational purposes.
"Knowing the difference between fact and fiction in this issue is essential for our community," observes Vaught. "For example, there are individuals who still believe that videos, music and other Web materials that do not display copyright notices are not protected, but that simply is not true. Most materials on the Web are copyrighted and current law does not require formal notice in order to ensure protection."
In the future, Congress may play a leading role in reshaping the nation's attitudes toward infringement, according to a number of media sources. California Congressman Howard Berman (D-Los Angeles) has been preparing legislation that would allow entertainment companies to obstruct peer-to-peer networks that distribute unauthorized copyrighted works with a variety of invasive electronic techniques. These techniques include software that can block file transfers, redirect users to other sites, and confuse users with fake files. While this law did not pass in the last session, Berman's staff believes it has a good chance of doing so in the next. Go to http://www.house.gov/berman/ to read more about Congressman Berman's proposed legislation.
In the meantime, Penn State offers students, faculty and staff many resources to learn about copyright infringement and software piracy, "but it remains the individual's responsibility to use these sources to gain a full understanding of the specifics," stresses Vaught.
For more information on this subject, go to the University Libraries' MediaTech Copyright and Information site at http://www.libraries.psu.edu/mtss/copyright.html and the Copyright Information site at http://www.psu.edu/copyright.html.
Penn State educators and librarians will also find useful information about the "Technology, Education and Copyright Harmonization Act" (TEACH Act) at http://sos.its.psu.edu/copyright.html. Students and others can also access information on bandwidth and copyright issues on the ResCom site that can be found at http://www.rescom.psu.edu.
By Mary Janzen Aziz
Students enrolled in the Penn State courses AE297H/AE497H: Sustainable American Indian Housing conduct ongoing research to improve housing on the Northern Cheyenne Indian Reservation in Montana. Their goal is to design sustainable, energy-efficient structures in tune with the culture and climate of the area using straw bale construction. In fall 2001, David Riley, associate professor of architectural engineering, engaged the services of Teaching and Learning with Technology (TLT) to boost student efforts in these courses.
TLT accepted the Department of Architectural Engineering proposal entitled "Collaboration on American Indian Housing among Three Institutions" through the Faculty Technology Initiative program. The project involves collaboration among students at Penn State, the University of Washington, and the Chief Dull Knife College in Lame Deer, Montana. TLT will shortly complete its contribution to the project.
TLT staff designed a Web-based database, produced a video, and set up a videoconference for the benefit of students enrolled in the courses taught by Riley in conjunction with Scott Wing, associate professor of architecture.
The database, anticipated to be completed in February, will allow Riley's students to search for resources to use on team projects. It is searchable by subject, such as culture or climate; by title; by reference type, such as book or article; or by keyword. In time, it is anticipated that students will in turn contribute their own material for the benefit of future classes. Riley says, "the Web database will help students track down the wide array of references, videos, and student research that is collected each year."
TLT produced a video that depicts the great human need for sturdy, easy-to-heat housing on the reservations of the northern plains. It includes footage of straw bale construction in progress, as well as finished structures. The video captures the beauty of the landscape and how well the new housing seems to blend in with it. Throughout the video are interviews of tribal members and leaders, and faculty and students from Penn State and the University of Washington. The video will not only be used in David Riley's classes, but also to pique the interest of people considering going to Montana to assist with construction, as well as potential financial contributors.
Most of the footage was shot by University of Washington personnel. The video also incorporates interviews of tribal leaders filmed by the Red Feather Development Group, a national nonprofit housing and community development organization who collaborates on the Montana project. Kim Winck, manager of TLT's Faculty Multimedia Center, edited the video, produced DVDs for distribution, then streamed it for use on the Web. Completed in December 2002, it will soon be linked to the project Web site at http://www.engr.psu.edu/greenbuild/.
Riley calls the video "invaluable," and says, "The streaming video and DVD versions will really help us get the word out about our programs." Jo Nutter, TLT instructional designer, adds, "The video gives the students a really good taste not only of what they are doing, but why it's important." She envisions that in class, Riley can use it to gauge student interest in aspects of the project, and their assumptions coming in to the class. Then he can ask them where they would like to take the project in the future and what they would like to learn more about.
TLT arranged a videoconference April 10, 2002 between students at Penn State and the University of Washington, so they could collaborate on their individual research projects. Riley comments, "The videoconference let us meet our collaborators at the University of Washington 'face-to-face' and really speed up the communicating process."
In Riley's classes, some of the students focus on the Cheyenne culture, some on the architecture of the straw bale housing, and some on the climate of the construction site. Students combine the knowledge gained through research with hands-on learning, many traveling to the actual building site to assist with construction.
Says Nutter, "my favorite part about this is that he (Riley) shows the entire process. It's not just putting up a building." She explains that he stresses to his students the importance of matching the construction to the people and the place. He has the students look into how it will fit in with the community, and some of the tribal members work with the students. "They get a sense of history," she says.
Each year the Association for Computing Machinery, ACM/SIGUCCS, Special Interest Group on University and College Computing Services, sponsors competitions to recognize outstanding publications developed at college and university computing centers.
The competitions recognize excellence in developing useful and attractive publications and provide SIGUCCS conference participants with an opportunity to review model publications that may help them develop or enhance their own work.
Awards for the competitions were presented at the ACM SIGUCCS Fall User Services Conference, Providence, Rhode Island, November 20-23, 2002.
Margaret Smith, Editor, Consulting and Support Services, a unit of ITS, captured Second Place for the electronic version of the "Academic Computing Newsletter" at http://css.its.psu.edu/news. Cristol Gregory, Teaching and Learning with Technology, a unit of ITS, won an Honorable Mention for her publication, "Using Penn State's Course Management System, ANGEL".
For further information, please see http://www.acm.org/siguccs.
Computer and Network Security 2003 is a one-day conference designed to help make Penn State a more secure computing environment. The conference is scheduled for Friday, April 18, 2003, from 8:00 a.m. to 5:00 p.m. at the Nittany Lion Inn, University Park.
Although this conference is intended for all skill levels, most presentations will assume a basic knowledge of related topics. Please visit the Computer and Network Security 2003 conference Web site at http://sos.its.psu.edu/conference.html for conference details and updates.
The day will include presentations by David Millar from The University of Pennsylvania, Tracy Mitrano from Cornell University, and technology staff from Penn State.
Registration for this conference is required. Due to limited seating, registration is on a first-come, first-served basis. The cost for the conference is $75 per person. A buffet lunch for all attendees will be provided. For more information, please send an e-mail inquiry to SecurityConcerns@psu.edu.
The event is sponsored by Security Operations and Services, a unit of Information Technology Services.
A new edition of the former PsuThesi thesis package has been released for public use. The new edition, version 1.1, is a Penn State thesis package for Microsoft Word users. It includes Word templates, styles and programmed functions which help produce a dissertation, masters thesis or Schreyer honors thesis according to guidelines set forth by Penn State. PsuThesi currently works with either the 2000 or 2002 versions of Microsoft Word for Windows. It is hoped that soon there will be an equivalent version for the Macintosh environment.
The New Edition is a complete rewrite with significant changes making the package easier to use and transport as well as conforming to the current software standards for Microsoft Word.
Some of the current features include the following:
Users of the older edition of PsuThesi (version 2.2 for Word 2002) should install and create files with the new edition and then import the text from the older files into the new ones (see the FAQ at the website).
Users of the more recent thesis package known as PsuLight can transparently upgrade to PsuThesi by downloading the program template into the existing PsuLight thesis folder (see the FAQ at the website).
Information, documentation and software download links, as well as other thesis resources can be found at the website: http://css.its.psu.edu/theses
The Account Information Management System (AIMS) is a Web-based system designed to allow faculty members access to the financial status of their sponsored project accounts. It provides summary fiscal information regarding principal investigators' grants and contracts.
What is AIMS Used For?
It is intended to provide a snapshot of the account in familiar agency budget formats rather than serve as a comprehensive account-reporting tool. This gives project personnel a sense of where the project is financially. AIMS reports are intended only for internal use, to assist Penn State faculty with personal account management. AIMS reports should not be sent to agencies or any other external entity, including auditors.
What is the Report Format Based on?
The budget categories that can display on the Generated Report window are based on the NIH budget form. To view a detailed description of the report used by AIMS please visit the following Web site: http://ais.its.psu.edu/ibiswork/AIMS/aimsreporting.html.
Where Does AIMS Data Come From? AIMS gets its data from the University's Data Warehouse. Each night, the Data Warehouse is refreshed with the current IBIS data. These data are also preprocessed so Fringe and Overhead (F&A) charges are applied. In this way AIMS can report on the actual account balance.
How Do I Gain Access?
All AIMS users need the following in order to access AIMS:
How Do I Learn More?
Check out our Web site at: http://ais.its.psu.edu/IBISWORK/aims.html to learn more about this new tool.
In the recent popular movie Spider-Man, the lead character quickly faces the overriding moral of his story: With great power comes great responsibility.
The same moral applies to the current generation of personal computer. True to Moore's Law, the power of personal computers has been steadily growing while their price has been dropping. As a result, many home computers today have the processing power and bandwidth to host their own servers. Realizing the promise of the Internet, any user with a current personal computer and cable modem or DSL line can download free (or inexpensive) server software and publish Web-based services to their hearts content.
However-this power comes with a major risk! All servers must utilize some kind of networking protocol in order to work. Although VPN services do exist to provide encrypted security, most Internet servers rely on standard TCP/IP and related (HTTP, FTP, etc.) protocols for their communication. Savvy hackers can exploit security flaws and gain control of your system-often without your knowledge.
The recent SQL Slammer worm shows the potential of such an attack. In this case a simple worm (known as SQL Slammer, w32.SQLexp, or Helkern) exploited a known hole in Microsoft SQL 2000 servers. In fact, a patch closing this hole was issued by Microsoft in June, 2002-but some server administrators (including, apparently, some at Microsoft) neglected to apply the patch and the worm managed to hit enough unpatched servers to flood the Internet and cause the problems experienced the weekend of January 25, 2003.
The problem demonstrated by SQL Slammer is especially important for the university computing community. As educators, we want to encourage our students to explore, play and learn. I often recommend that my students wanting to learn dynamic Web service development download and install the Apache server, MySql and PHP. Then they can use their own computers to begin to develop powerful database-driven Web sites. (The same could be done with other combinations of server such as Microsoft IIS, Microsoft Access (Jet), and VB Script.)
However, I also stress the importance of applying OS and server security patches to ensure that their servers are not hijacked. This is best accomplished by registering your software and then regularly checking vendor and/or support Web sites for new patches and information. Some vendors (such as Microsoft) also apply 'push' technology so users can be sure the latest patches are applied.
It can be tempting to try to cut corners and let some patches slide, especially when the application process is not automated-but the risk is too great. In addition to an infected system potentially requiring a time-intensive re-loading of all systems and application software, an infected system might also be used as a staging area for a DNS attack or routing and/or storage of illegal files. All of this results, at least, in headaches for the system owner. At worse, it could support a terrorist attack on the Internet.
The moral? Proceed to enjoy the fruits of Internet technology and learn with these wonderful tools. But please be responsible in your administration of the tools. Just as you would be sure to employ current Anti-Virus and firewall protection- you must be sure to keep all of your servers and Operating Systems patched to the current security level.
Then, as Spider-Man might say: "Excelsior!"
Resources:
http://www.versiontracker.com/windows/
Updates and patches info for many OS's and applications.
http://windowsupdate.microsoft.com/
Microsoft updates.
http://www.jumbo.com/linux/
Linux upgrades and downloads.
http://www.mysql.com/
MySQL updates.
http://www.apache.org/
Apache Software Foundation.
http://zdnet.com.com/2100-1105-982226.html
Information on SQL Slammer worm..
Introduction
The use of strong encryption to exchange private messages is now commonplace. One of the most popular working tools to enable private exchange of messages is PGP (Pretty Good Privacy). The following may be helpful to people wanting or needing to exchange private email messages. (PGP implementations also enable computer files to be encrypted/decrypted.
How PGP Works
Learning to use PGP encryption is easier than learning to use a word processor. There are two encryption keys: public and private (secret). If you use the email plugins under Windows encrypting and "signing" a message may be done simply by clicking an Icon and choosing a public or private key respectively. A typical scenario follows:
1) You give your public key to correspondents. You can email it to them for example or post your public key on a remote keyserver, then anyone who visits that keyserver can be your secure correspondent; that's the purpose of a keyserver. Two remote keyservers are made available during the installation of PGP.
The Windows PGP install process automatically offers to put your public key on a keyserver. Also this install process will allow you to easily install PGP email plugin(s) for Eudora, Netscape, and/or Outlook Express.
2) A correspondent writes a message with their email client and then uses your public key to encrypt that message before sending it to you. Or you use their public key to encrypt a message to them.
3) You then use your private (secret) key maintained on your local computer system to decrypt a message sent to you. Email plugins do this automatically, prompting you for your private key pass-phrase. Since the message was encrypted with your public key, only your private key, and no one else's keys, can decrypt this message. So only you can decrypt such messages.
4) A sender's private key may also be used to "sign" messages. You then use the sender's public key to decrypt the signature. No one else's public or private key can decrypt this signature. Thus the signature is unique and if it decrypts using the sender's public key, this is proof that electronic signature is the sender's and no one else's. Also as stated in the PGP manual, "a signed message verifies that the information within it has not been tampered with in any way." Such secure electronic signing assumes of course, that private keys are in fact known only to their owners.
How Safe is PGP
Private keys and companion private key pass-phrase are assumed to be known only by their owner. The number theory behind PGP creates keys that are in effect a product of very large prime numbers. To date there is no known algorithm for factoring such a product in a practical amount of time. That is, Cryptographers, mathematicians and computer experts have tried unsuccessfully for years to break PGP.
There is an integrity exposure when using PGP. That is, it is crucial to back up in a secure place your private and public keys - in such a way that only you have access to them. Since these "key rings" are created in a unique fashion, even you cannot recreate them. Thus your encrypted messages or files would be useless if you lost these keys. Or privacy would be compromised if anyone but you had access to them. For more information on this, please see: Integrity of PGP Encrypted Files: http://ftp.aset.psu.edu/pub/ger/documents/DataIntegrity.htm#7)%20Encrypted
Where to Get PGP
We recommend two versions of PGP here; 1) Free version PGP 6.58 and commercial version ($39): http://www.pgpi.org/products/pgp/versions/freeware/win32
PGP Versions 6.58 and 7.03 do support email plug-ins. PGP Version 7.03 requires that two hot fixes be installed also. Both of these are available for free download at: http://www.pgpi.org/products/pgp/versions/freeware/win32
Commercial Version 8.0:
http://www.pgpi.org/products/pgp/versions/freeware/win32/
(Note that email plug-ins are installed but not functional with PGP 8.0 unless it is licensed ($39).
PGP Commercial Versions are also available via: http://www.pgpi.org/products/pgp/versions/commercial/
Email Plug-ins for platforms other than Windows:
http://www.pgpi.org/products/tools/search/
(Note: set the "Category" for search to "Email Plugin ..." )
PGP for Linux (free command line only) is available at:
http://www.pgpi.org/products/gnupg/
This free command line version is also available for Macintosh OS X and Windows DOS Prompt.
PGP Personal, Commercial Version 8 for the Macintosh OS X is available at: http://www.pgpi.org/products/pgp/versions/freeware/mac/8.0/
PGP Lists of Keyservers: http://www.keyserver.net/en/
http://www.hal-pc.org/~bunbytes/karlsson/pgp/keyservers.html#kserv
http://www.wowarea.com/english/help/keyserv.htm
References
An AIS/ASET Security Page (See the PGP section):
http://ftp.aset.psu.edu/pub/ger/documents/security.html
Basic description of PGP and brief supporting mathematics:
http://www.momentus.com.br/PGP/doc/howpgp.html
A few good short PGP tutorials that BRIEFLY tell HOW it works are:
PGP FAQ: http://www.cam.ac.uk.pgp.net/pgpnet/pgp-faq/
Yale PGP Introduction: http://www.yale.edu/its/security/pgp/pgp_intro.html
CREN PGP Tutorial: http://www.cren.net/crenca/onepagers/pgp2.html
Latest News about PGP: http://www.pgpi.org/news/#20021001.
Acknowledgment
Thanks to Pete Weiss, Penn State Administrative Information Services, for reviewing this document and for useful suggestions for improving it.
In fall 2002, the Graduate Education and Research Services (GEaRS) group&-a part of Academic Services and Emerging Technologies (ASET)-deployed its third-generation Linux cluster, Lion-XL, to provide computational resources for research projects in a variety of departments and disciplines across the University.
Clusters (many computers networked together) are rapidly gaining momentum as a cost-competitive approach to scientific and engineering computing. A cluster of computers, or "compute servers" combined with scheduling software to distribute the computing tasks, allows standard and readily available equipment to offer computational speed comparable to far more expensive proprietary computer systems.
Lion-XL, the fastest and most powerful cluster Penn State has built to date, has now been expanded from 80 to 176 nodes. The theoretical peak capacity of this cluster is nearly 1 TeraFlop (one trillion floating point operations per second). It is enabling research computations in the areas of materials simulation, computational biology and chemistry, mathematics, meteorology, physics, and other disciplines. 128 nodes of Lion-XL will have a high-speed network from Quadrics, a company based in the United Kingdom. All 176 nodes are also connected together with Fast Ethernet. GEaRS is also deploying fileserver technology from BlueArc, in order to provide a unified file space across all of its high performance computing clusters.
The University's clusters, Lion-XE and Lion-XL, are a collaborative partnership among several faculty members spanning three colleges and ASET, a unit of Information Technology Services (ITS). The partnership is aimed at consolidating and therefore increasing the resources available to each participant, as well as decreasing the duplication of efforts inherent in smaller systems. "Instead of researchers deploying small clusters in their offices.it's far more productive to build larger machines," says Vijay Agarwala, Director of GEaRS. "Larger machines, when properly run, significantly lower the cost of ownership." This collaborative partnership is open to all faculty members.
For more information on using these new resources, or to learn how to become a partner, check the Web site at http://gears.aset.psu.edu/.
Topics for spring are the following:
Friday, March 28
Using ANGEL in the Spanish Basic Language Program
Nuria Sagarra, Director, Spanish Basic Language Program; Elizabeth
J. Pyatt, Instructional Designer, Teaching and Learning with
Technology, ITS.
Friday, April 25
Immersive Environments in Design Education
Katsu Muramoto, Associate Professor of Architecture; George Otto,
Manager, ASET/GEaRS/Visualization Group, ITS, and Affiliate
Assistant Professor of Architecture; Loukas Kalisperis, Professor of Architecture.
Space is limited, so please reserve a seat by registering on the Web at http://its.psu.edu/training/.
For more information on the Technologies for Learning Forum series, please visit http://tlt.its.psu.edu/fmc/teach/.
Take advantage of these free seminars by registering online at http://its.psu.edu/training.
Graduate teaching assistants and academic departments are invited to participate in the Teaching with Technology certificate program, detailed at http://tlt.its.psu.edu/support/twt/. Through the free program, graduate students apply existing technology skills, acquire new skills, and develop a philosophy about teaching with technology. They assemble a portfolio showcasing their knowledge, skills, and achievements using technology for teaching, under the guidance of a departmental representative. Upon approval of the portfolio, students receive a certificate from The Graduate School, enhancing their marketability when seeking teaching positions. Some departments in which graduate students have expressed interest in the program currently have no faculty member appointed to review student portfolios. Such departments are encouraged to appoint a representative. Graduate teaching assistants or faculty members interested in participating may contact twtc@psu.edu.
The Teaching with Technology certificate program is jointly sponsored by The Graduate School and Education Technology Services.
You are invited to attend the Penn State Web 2003 Conference on June 18 at the Penn Stater Conference Center, University Park. Pre-conference activities will be held on Tuesday, June 17, 2003.
Do you run a Web server, publish information, write programs, create graphics, design pages-or perhaps do it all-for an official Penn State Web site? If so, this conference is for you. This conference brings Penn State Web professionals together to share information and learn about innovative uses of the Web, applications for Web development, works in progress, security issues, and more.
Managers, writers, editors, designers, programmers, and server administrators for Web sites at University offices, departments, colleges, and campuses are invited to attend.
We encourage qualified persons with disabilities to participate. If you anticipate needing any type of accommodation or have questions about the physical access provided, please call (814) 865-4757 or write to webconf@psu.edu in advance.
For more information about the conference, visit us at http://www.psu.edu/webconference.
Penn State faculty, staff, and students interested in digital media will find valuable information and resources through the Digital Media Resources (DMR) group. The DMR group coordinates the communication and promotional efforts of service units, colleges, and others who provide videoconferencing, audio and video streaming, digital video production, and digital asset management services.
The DMR Web site at http://its.psu.edu/dmr/ contains links to resources and service providers at Penn State, software and hardware vendors, news, information on DMR group projects, and more.
The DMR group collaborates through the Web site as well as a listserv and a monthly face-to-face meeting.
According to Mike Halm, manager of Special Projects for Teaching and Learning with Technology and chair of the DMR group, the objective is to "get everybody talking to each other" and to present innovative ideas "to stimulate thinking."
Halm explains that when the group formed in 2001, "We were looking at the (Web) pages as being both informational and directional," answering the questions: What services and technologies exist? and Where do I go for the service I need? However, they also visualized the DMR Web site not as one-way communication, just handing down information, but rather two-way. "We're trying to make it a lot more interactive," noted Halm.
In the near future, the group hopes to add a form to the Web site allowing Penn State faculty, staff, and students interested in digital media to post information, share news, or pose questions to the DMR community.
So far, most contributors to the Web site are service providers, such as Penn State Public Broadcasting and units of Information Technology Services. The DMR group would now like to reach out to more development units residing within colleges or academic departments, as well as individuals, to participate.
Current areas of particular interest for the DMR group are digital asset management and Web conferencing. Digital asset management is the organization of collections of digital photos, video files, or audio files into a coherent storage scheme using indexing strategies so that they will be easily retrievable. Web conferencing allows people to communicate across distances and, for example, to simultaneously view a document and discuss and view changes to it. Web conferencing reduces the need for travel between campuses.
"We invite people to contribute," says Halm, who noted that they can participate in the DMR group in several different ways:
Mark your calendars for April 22, for the Graduate Education and Research Services (GEaRS) Visualization and Virtual Reality Open House. The event will showcase three large-format, projection-based facilities that have been designed for visualization, virtual reality and telecollaborative applications within a variety of teaching and research contexts in science, engineering and the arts.
The ITS/SALA Immersive Environments Lab (IEL), in 306 Engineering Unit C, is a partnership project of
ITS/GEaRS Visualization Group and the School of Architecture and Landscape Architecture. The lab recently has been
upgraded from a two-screen facility to a three-screen surround-screen virtual reality theater. The IEL provides access
to navigable large-format 3D stereo displays within a familiar desktop computing and applications environment. See
http://gears.aset.psu.edu/viz/projects/vr/iel for more information on the lab.
The GEaRS ACCESS Grid Node, located in 140 Computer Building, allows group to group telecollaborative meetings using multicast internetworking, voice and video teleconferencing, and desktop applications sharing among multiple remotely located participants. See http://gears.aset.psu.edu/viz/projects/gridnode/ for further information on Penn State's ACCESS Grid node and links to further information on the ACCESS Grid.
The GEaRS tiled display wall project, located in 139 Computer Building, employs parallel graphics computing on a linux cluster to efficiently display high-resolution (4096 x 2304 pixels) images on a large format (six by eleven feet) projection screen. The tiled display allows the viewing of significant detail within local areas of complex visualizations, while simultaneously displaying the larger context within which such local events occur. Parallel graphics techniques employed on the display wall are adaptable to a number of application areas and display configurations. See http://gears.aset.psu.edu/viz/projects/displaywall/ for further information on the display wall project.
More information on the Visualization and Virtual Reality Open House, including schedules for each location, will be available online at http://gears.aset.psu.edu/events/. The event will be free and open to the public. All facilities are available for scheduled use by researchers and educators from any academic department of the University.
This newsletter is published by The Pennsylvania State University, Consulting and Support Services, a unit of Information Technology Services, 214 Computer Building, University Park, PA 16802. The newsletter is also produced as a set of Web pages and Acrobat PDF files at http://cac.psu.edu/news/ on the World Wide Web. A printed version is mailed to full-time faculty and staff at all locations. Copies are available at the Computer Building at University Park. To obtain copies by campus mail, contact Danette Yakymac at (814) 865-4757 or send e-mail to dxs8@psu.edu.
Information Technology Services encourages persons with disabilities to participate in its programs and activities. If you anticipate needing any type of accommodation or have questions about the physical access provided, please contact us in advance of your participation or visit.
This publication is available in alternative media upon request.
Your comments and suggestions are welcome. Please contact the editor, Margaret Smith, 214 Computer Building, University Park; (814) 865-4757; e-mail mes8@psu.edu.
Editor in Chief
Kathy Mayberry, Director, User Services
Editor
Margaret Smith
Editorial Assistant
Kate Strauss
Production Assistant
Danette Yakymac
Spring 2003