A sad story in today’s Times: A widowed mother of seven resisted masked men who demanded she leave her home by calling American and Kurdish soldiers at a base less than a mile away. They apprehended the men as they were trying to escape, but the woman was shot and killed while doing errands the next day.

Stephen Cox, a Columbia College sophomore, wrote an opinion piece for the Columbia Spectator entitled, “Fines Violate Students’ Rights“.

It seems that students here at Columbia have a penchant for thinking that Columbia University is improperly acting on behalf of th RIAA in forwarding settlement notices to students who have been served with a DMCA copyright infringment takedown notice. While I dislike defending the practices of the RIAA, being of sound mind and in favor of a fair and equal judicial system, I believe that Columbia and its rival educational institutions are neither in violation of the law nor of any educational or moral standard.

Cox’s argument hinges on the 20 U.S.C. § 1232g.b.2.b clause of the Family Educational Rights and Privacy Act (FERPA) which reads:

No funds shall be made available under any applicable program to any educational agency or institution which has a policy or practice of releasing, or providing access to, any personally identifiable information in education records other than directory information, or as is permitted under paragraph (1) of this subsection, unless—… except as provided in paragraph (1)(J), such information is furnished in compliance with judicial order, or pursuant to any lawfully issued subpoena, upon condition that parents and the students are notified of all such orders or subpoenas in advance of the compliance therewith by the educational institution or agency.

1. No information was actually transferred from Columbia to the RIAA (as far as I know, and I know more than most). Columbia simply forwarded the letter to the students indicated by IP address. Columbia will only hand over personally identifiable information in the event that they receive a proper subpoena under the DMCA.
2. From what I’ve read, even if they disclosed the directory information of the students in question to the RIAA, they would not be in violation of FERPA. An educational record is all information that a school holds about a student except for directory information. (They may be punishable by other legislation, however).

Admittedly, Columbia is doing a favor for the RIAA in forwarding these letters. The sum of money being demanded is large, and as Stephen Cox points out in his article, far larger than the damages actually incurred by the RIAA and its members (which are on the order of tens of cents). As Six pointed out to me, if I were a target of one of these letters, I’d want to receive it only in order to have the most information about the situation available to me.

Cox writes, “The seriousness and scope of [Columbia's] obligations, in turn, are determined entirely by the RIAA, not by a court.” This is incorrect. Even with this new tactic of sending pre-subpoena letters to students, students have the right to pass on the settlement offer and bring it to court. This is, admittedly, financially prohibitive and complicated, but it has been done successfully.

He continues, “Without subpoenas, the RIAA demanded that schools pass “settlement letters” on to individuals identified only by IP address.” Demanded is a very strong word for this, especially when the first line of such a settlement letter is “We have asked your Internet Service Provider to forward this letter…” Both the university and the RIAA understand that there is no legal obligation to pass this on to the allegedly infringing student. Both entities are fully aware that the RIAA could simple serve Columbia with a proper subpoena, issued by a court officer, to obtain contact information and send the letter to the students themselves. RIAA prefers this approach because it means less legal fees for them.

“In short, the RIAA has asked universities to help it blackmail students and their parents (who the RIAA neglects to mention are not generally culpable for the actions of their children) by forwarding letters with questionable legal claims in them and demanding large cash payments,” he writes. There is a popular misconception that these settlement letters constitute blackmail or extortion. I believe this is a result of the large sum demanded. However, it has never been illegal for the tortfeasor and the claimant to exchange written communication to attempt an out-of-court settlement before a formal claim is filed. For example, if you kill my dog, you had better expect a letter from me asking for compensatory damages.

Cox writes, “The RIAA has decided that it has the right-normally reserved to government agencies-to fine students and the right-reserved to no entity-to do so without due process.” Incorrect. The RIAA is not taking away the right to due process. That avenue is still available to each alleged IP address-masked caper. The RIAA is just presenting a way to make the case go away that is in their favor. Further, fining is not just reserved to government agencies. For example, the major sports leagues uses fines as a means of punishment in egregious cases of misconduct. This is contractual; if a player were not to comply, they could be sued for breach of contract. In the RIAA’s case, the student could be sued if they felt the student does not agree or comply with their settlement terms.

The rest of that paragraph is just disgusting and charged. To counter, I charge that Stephen Cox engaged in sensationalism if only because he accuses Columbia of breaking privacy law three times before backing it up after the fold. Statements like, “Students should be furious about this violation of their legal and privacy rights” will only embolden the unknowing reader into taking up Cox’s anti-institution stance. Further, it’s not even clear to me through his article that Cox read FERPA in its entirety.

Several of my peers recently asked how I’ve become knowledgeable about technology. I remember the first time I was asked: I was taken aback and didn’t know how to respond. Even dispensing with modesty, I never thought that I was ahead of any of my peers in this area, given how pervasive technology, and technologists, have become.

I continue to assert strongly that my domain specific knowledge isn’t nearly atypical but in fact is often below par. This is especially true in comparison to the people with whom I surround myself. Though, I have noticed that there are a lot of people here at Columbia who want to know more about technology but don’t really know how to do it. Most people think that an education in computer science will get you there, but learning how to learn aside (which itself is infinitely important), most of the stuff I’ve learned that is practical came from outside of the classroom.

I’ve since been reflecting on what I’ve done to further myself toward becoming a “master of the universe” (a technical term that means to be a domain expert). I’m definitely not there yet and I still have a lot to learn, but the fact is that I am continuing to learn. I force myself to learn. Taking into consideration peers of mine who are even better than I am as well as present and past mentors, here are some suggestions for becoming more aware and knowledgeable about technology. By no means is this authoritative or even deeply experienced advice. I’d be interested to look back at this list in a few years and see what I’d change myself.

• Ask questions. Lots of them. The point here is: Don’t be scared to ask a question. But don’t ask questions just to ask a question, unless everyone else is afraid to ask a question. The good questions will come naturally if you’re genuinely interested in something. The adage that there are no dumb questions is wrong, dumb questions abound and are annoying, but there are certainly no dumb legitimate questions. I personally have rolled my eyes at every question that was posed simply for gaining attention. On the other hand, I’ve actively encouraged questions that are in search of knowledge, even if I already knew the answer.

  Personal anecdote #1. I first interacted with my future uber-boss, Joe, at a panel discussion where I asked him a question. I followed up with him in an email after the talk with a few more questions, asking for references to learn more about his domain of expertise. He saw an opportunity and asked me to lunch to talk about my interests. We seemed to click well and have similar goals, and the rest is history.

  Personal anecdote #2. I was walking around near the South Street Seaport one day when I saw this tractor trailer that had the APC logo on it and a satellite on top. I walked around it and noticed the telecomm hookups it had. This was not your average bigrig. Even knowing what the company does, I didn’t really get why it had a truck parked in the Financial District. I told an executive-looking guy who shortly emerged from the truck who I am and asked what it was. He said, “You’re interested in this,” brought me inside, and introduced me to the chief engineer of this mobile datacenter project (a precursor even to Project Blackbox) whom I chatted with for a quite a while. It was a fun afternoon being able to geek out in a random location.

• Read a lot, including books and periodicals. Reading is the key to gaining knowledge and knowledge is power. It may be hard to take the time out of your day to read, what with being surrounded by more dynamic forms of entertainment, but if you’re serious in learning, you should be a serious reader.

  Read lots of dead-tree (meaning with physical pages) books. The first time though, just skim for overarching ideas and skip the details. Gain understanding on what a Linux bottom-half is, but don’t worry about knowing the source file they should be in. Figure out how a right outer join differs from an inner join, but don’t worry about knowing the implementation-level details of a B*-tree. Once you do this type of skimming, you should be conversational in a technology, you should be able to have a decent conversation with an expert in the field and show him that you know a thing or two. Then, if the book or subject interests you, read for the details. Master the book, read every word, and experiment with what you’ve learned between chapters. Don’t read dozens of chapters at a time or it won’t sink in.

  I often visualize the domains of knowledge I’ve come into contact with; this visualization takes the form of a long one-sided corridor with lots of doors. The topics I know most about are rooms that are brightly illuminated whose doors are removed and the topics that I know only exist are doors with labels. Whenever I start I new project, I think about this. I think about which doors I’ll have to open to explore in order to finish the project.

  Read lots of periodicals. Once you have a foundation in a particular domain or technology, periodicals are the best way of keeping on top of the goings on of that topic. This is how professionals stay professionals. Start with an accessible magazine, like Linux Journal, which doesn’t focus too much on any one thing. Once you get an understanding of the area, you can select something more specific like scientific or technology-specific journals and conferences. Included in periodicals should be electronic sources like Slashdot (for a 10,000ft view; please don’t read the comments and definitely don’t post any), wikis, and blogs.

  Get a good RSS reader. Once you amass all of these sources of information, it’s far too cumbersome to visit each of these websites. Let the RSS reader do the heavy lifting for you by retrieving articles and presenting them in one place. Set it to poll only every few hours, or else you’ll spend all day reading the news.

  Read a few papers. Scientific papers are how information is transferred from the guy who first thought of it to guys who can think about it more. They represent fresh knowledge, available to use to your advantage. Some of the ideas presented in papers are absolutely infeasible, but others are gold. Papers can be boring and hard to read, but give it enough practice and you’ll be read for what matters. Papers are great topics for discussion groups (see below).

  (For the record, I regularly read Usenix’s :login, Linux Journal, ACM Queue, IBM’s Journal of Research and Development, Intel’s Technology Journal. There are lots of blogs I normally read. I also frequent the proceedings of various conferences, like VLDB, SIGIR, and LISA; I really like reading these papers on the subway.)

  So read a lot. But, amidst reading, don’t forget to practice and investigate what you’ve read first hand. Look at code from professionals. Write some code, either toy code or a patch (see next two points). Run some queries. Do something.

• Join projects you’re not quite qualified for. Quickly learn the technologies that you need to in order to contribute. This is a fantastic motivator to discover new technologies and new aspects of technologies you’re already familiar with. You’ll get it wrong sometimes, but with a little exploring, you should be able to find a group that can foster your growth. Be sure to bring the areas of expertise you already do have to the team and use them effectively. Do not constantly join projects where you’re fully qualified to do, just to show off.
• Hack on bugs in a smallish open source project. Look over what open-source software you use and read over the project proposals of the groups participating in Google’s Summer of Code. Look at the bug lists of the projects that interest you. Checkout the anonymous code repository and look over some code. Join the project’s IRC channel and talk to the developers. (Praise them and say you’re interested in helping out). Subscribe to the developers’ mailing lists. Then start writing some code. The ideal project will be one where you’ll submit patches to the experienced developers and give you valuable feedback on how to make your code better. Less-than-ideal projects will be where you’re flamed for being a n00b.
• Get a good mentor. There are a lot of people out there who are friendly and were once a n00b. But now they’re friendly and experienced, which is a powerful combination for anyone starting to get interested in this arena. Ask someone if they’d be okay with looking over your code once in a while or talk about the industry and emerging technologies. Go out to lunch and talk about the journal you read last week. Discuss the patch you submitted on IRC.
• Form/Join a discussion group. I really like this idea of peers teaching a peer group. Each week, say, one member takes a turn presenting a paper or concept from a book (that they’ve already meticulously read) to the rest of the group. Each person presents something that interests them. There’s a lot of opportunity to learn about a diverse number of topics. About a year ago, a student here set up the Mainframe Interest Group, a weekly meeting of geeks to learn about an aged and often overlooked major technology. I didn’t appreciate it as much as I should have and consequently wasn’t as active in it as I should have been. Today, I sit in on the Database Research Group where some really cool, really smart graduate students and professors talk about current research in their field.
• Learn how to speak and write well in order to interact with people. A technologist is not some isolated coder sitting in the basement. A technologist grasps the role of technology and its interaction with its environment. He needs to convince others of its promise. This persuasion requires great communication skills, skills where surprising many people fail, and skills that are not listed on resumes (but should be if only there were a metric for it). Read Dale Carnegie’s books. For real practice, go participate in a discussion, join Toastmaster, or give a presentation to your peers. At university, don’t shy away from humanities classes that are reading- and writing-based. Take some non-required classes in a humanities subject in which you’re interested (mine is art history) and take the assignments seriously. Take some seminars that are discussion-based, participate often, and don’t sit in the back row.
• Meet as many people as possible. The more people you meet the more interesting people you talk to, the more interesting you get. N.B.: Interesting does not necessarily equal famous.
• Finally, Stand out. Disagree sometimes. Do stuff. No one ever got to be important by agreeing with everyone. Don’t be scared of confrontation when it’s called for. Actually go out and be productive.

(Jeff Atwood just published an extremely similar article to this one. He links to another similarly good piece by Rob Walling. If this pertained to you, read those too.)

This is a graph of the share size of a small direct connect hub on a recent evening. Nice example of Bradford’s law.

Total amount of shared data at this time was 3.1 TiB, with the average being 78 GiB.

Amazing when the kids of today (very probably, the Road Runner residential customer at cpe-66-67-116-12.rochester.res.rr.com) think creating a page on a publicly-modifiable wiki is “hacking.”

Message: 2
Date: Sat, 24 Mar 2007 18:03:23 -0700
From: Wiki Guest
Subject: [cvs] [Wiki] created: Hacked
To: cvs@lists.horde.org
Message-ID: <20070324180323.dwoylco4oow0o4w4@wiki.horde.org>
Content-Type: text/plain; charset=UTF-8

guest [66.67.116.12] Sat, 24 Mar 2007 18:03:23 -0700

Created page: http://wiki.horde.org/Hacked

HACKED BITCH!

Totally unacceptable:

NYTimes - City Police Spied Broadly Before G.O.P. Convention

This was from/featured in the Fifth HOPE the month before the convention:

Other digests noted a planned campaign of “electronic civil disobedience” to jam fax machines and hack into Web sites. Participants at a conference were said to have discussed getting inside delegates’ hotels by making hair salon appointments or dinner reservations. At the same conference, people were reported to have discussed disabling charter buses and trying to confuse delegates by switching subway directional signs, or by sealing off stations with crime-scene tape.

The East Campus Residential Staff, both the SEAS and CC Senior Funds, and the Senior Series have teamed up to bring you a joint event featuring food from DINOSAUR BAR-B-QUE and ROAR-EE next Sunday night! Come by, have some food, contribute to the funds, and learn about what keeps Columbia strong for the next generations!

Hmm, yes. Dinosaur vs. lion vs. dead cow. That would be an interesting matchup. I put $5 on the dinosaur, but I’ll pay $5 to get the dead cow.

I’ve posted spring break pictures. Me and my beautiful girlfriend (giraffe?) traveled to Cozumel and stayed at the Park Royal resort.

Some notes:

• I was impressed by the resort. I thought the service was fantastic. There were so many people working at the resort, cleaning, serving, servicing, and generally attending to guests.
• The resort grounds were pristine and just great.
• Our room was one of the better rooms I’ve ever stayed in. The beach was disappointing, being small and rocky, but the rest of the amenities were good.
• The food was acceptable, but Emmi correctly points out that it would get monotonous for any more than the five nights we spent there. The two of the three a-la-carte restaurants (included in the all-inclusive package) we went to were slightly strange, the Italian being the better of the two.
• There was often strong competition for lounge chairs.
• I found it to be the perfect, relaxing, non-binge-drinking vacation.

One of my favorite poems:

Self-Pity

I never saw a wild thing
sorry for itself
A small bird will drop frozen dead from a bough
without ever having felt sorry for itself

-D.H. Lawrence, 1929

I’ve compiled what seems to be a working Intel version of Matthew Rothenberg’s NmapFE for OS X out of the CVS tree. See my previous post as to why this is necessary. It can be downloaded here. The md5sum is: 37c6f6269608fdb3d62efbfa58cec123 36cc7e74f2e17b6c47148bfaa51dce91

UPDATE: I made some modifications to the DMG, thanks to Udi’s feedback. Download location is the same, the new md5sum is 36cc7e74f2e17b6c47148bfaa51dce91.

I’ve added this to the README.rtf:

Addendum: This version was compiled by Eric Garrido. If anyone reading this knows how to contact Matthew Rothenberg, please let me know.

** According to Matthew Rothenberg’s website for this project (http://faktory.org/m/software/nmap/), this software is released under the GPL. I’ve included a copy of the GPLv2 (the GPL license available at the time of Matthew’s last release) in the disk image.