[University of Waterloo]


Past days


About the Bulletin

Friday, August 15, 2003

  • UW closed following the blackout
  • Worm raises firewall questions for UW
  • Two women seeking pageant title
Chris Redmond

The Garlic Is Great Festival

A couple of other notes

There should be no problem with holding the English Language Proficiency Exam at the scheduled time tomorrow -- 1 p.m., in Davis Centre room 1350. New first-year students, as well as upper-year students who haven't yet met the English requirement, are welcome to write the exam and get it out of the way before September, says Ann Barrett, manager of the English proficiency program.

The library is planning -- depending on hydro, computer networks and stuff like that -- to do an upgrade of its Trellis computer system over the weekend. Some services and up-to-date databases may be unavailable from this evening through to noon on Monday.

UW closed following the blackout

The university is closed today in the wake of the hydro blackout that hit most of Ontario and the northeastern United States last night.

Many systems on campus are not working properly this morning, and the provincial government has asked "non-essential" workplaces to stay closed today as the electrical net is gradually brought back into operation -- on what's expected to be one of the hottest days of the summer.

UW's storm closing procedure also covers arrangements "if the university must be closed for reasons unrelated to weather, such as utilities failure", and that's the rule that has been applied today.

Officials made the decision early this morning, and it was announced on local radio stations and, about 7 a.m., on the telephone switchboard. It means staff get a paid day off, offices will be closed, and services -- except a few deemed "essential" -- won't be operating. But some information systems and technology staff, among others, are on campus getting networks restarted so that everything will be back to normal by Monday. And I hear that Tim Horton's in the Davis Centre is operating as an "essential" service.

Exams that were to be written last night, and were cancelled after the power went off, will be written tonight in the same locations. Those would be the last exams for the spring term.

The power went off about 4:15 yesterday, when afternoon exams had ended, and most office staff simply went home. At first people guessed that the problem was local, but the news spread over car radios: it's everywhere. Parts of Waterloo Region got their power back before nightfall, and most other areas during the night, although there are still pockets without electricity this morning, and officials have said the supplies are less than stable.

I'd appreciate hearing blackout anecdotes, as well as announcements of reschedulings and new arrangements. There will be notices on the university's web home page during the day today if necessary, and Monday's Daily Bulletin should make interesting reading.

  • Waterloo is a finalist for "liveable communities" award
  • Culture.ca: Canada's Cultural Gateway
  • Star columnist describes planning professor's book
  • Federation businesses lose money ('uwstudent.org')
  • Not frosh week, but Fresh Week
  • Dalhousie University smoking ban
  • US college and university rankings web site
  • Why Open Source Software?
  • RIM 'pushes on with new BlackBerry' (Wired)
  • Worm raises firewall questions for UW

    Computing support staff were having a rough week even before the blackout hit. The latest Internet virus, or worm, has hit hundreds of desktop computers across campus, is taking massive time to deal with, and may prompt a rethinking of UW's laissez-faire approach to network traffic on and off campus.

    "We've been dealing with this non-stop for a week," Reg Quinton, security specialist with information systems and technology, said yesterday morning. "This is occupying a lot of university resources right now."

    From grad students' computers to workstations in the libraries, most machines running current versions of the Microsoft Windows operating system have been vulnerable to the so-called MSBlast worm (it also has other names).

    Unless, that is, somebody had taken the trouble to apply an easily available software "patch" that removes the particular vulnerability MSBlast uses. "The vulnerability was posted in the middle of July," says Quinton, and system administrators had plenty of time to deal with it. And many of them have done so -- "we have about 9,000 Windows machines," says Quinton, "and most are very well managed." But some are not: "they're managed by end users," not by computing professionals who can stay in touch with the latest information about risks and patches, and quickly understand what to do.

    Even professionals can make mistakes, though. Quinton notes that his own desktop computer got hit by MSBlast the other day. He thought a particular patch had been applied, but somehow it hadn't. "I immediately unplugged the machine and took it down to hardware services," he notes. "It would take a competent, experienced person on the order of 15 minutes sitting at your machine to clean it up from the MSBlast worm." Multiply that by even 100 computers, and, well, "it's an incredible amount of money that we're spending."

    The worm makes the individual computer unstable, it starts exploring the network to find nearby computers that are also vulnerable, and -- if it's not removed -- it's apparently lining them up to launch a denial-of-service attack on Microsoft's own web site tonight.

    MSBlast takes advantage of an open "port", a protocol for network connections, that can also be used by other villains. Over the past few weeks, says Quinton, that particular port, number 135, has been popular with hackers who "break into machines to install what I would call rogue FTP servers, so that they can use them to share code with each other, share pornography, and so on." And cleaning up a machine that's been occupied by an unauthorized FTP server is a more complicated business than the quick MSBlast cleanup. It can waste hours of a technician's time as well as keeping the affected professor, staff member or graduate student from getting any work done.

    Early this week, as MSBlast was responsible for more than a million "probes" of UW's external connection in less than 24 hours, IST improved the university's "firewall" to block port 135 and another port that can be used for similar abuses. Word went out to computer administrators: if the change is causing any unexpected problems, please notify IST. Quinton says there haven't been any complaints.

    But he's thinking that what UW needs in future is a whole new attitude to its firewall -- the software that blocks certain kinds of Internet messages. "Our firewall is very minimal," he says. "We block very little." In part that's because a university's needs are so complex, and in part because of a general feeling that academic freedom calls for as few restrictions on anything as possible.

    While MSBlast is still bouncing around within the campus network, infecting one machine after another, this week's changes mean it can no longer get into UW from outside. But another virus or hacker will come along, and then another. "This open, promiscuous environment is just too dangerous," Quinton said yesterday. "We need to do a better firewall -- it's the only way to solve this problem."

    Two women seeking pageant title

    Two UW students are among the 30 candidates in the pageant this Saturday night that will choose Miss Canada International 2004.

    The annual Miss Canada International program "offers the largest scholarship in pageant history within Canada used exclusively to benefit a young lady's future education", its web site explains. "Our organization thrives to be the stepping stone to young women's futures giving them an opportunity to make a difference in today's society by voicing their own statement, taking a stand on what they believe in and what is important to them. Miss Canada International is the role model and mentor for young people across this great country."

    In past years it was also a stepping-stone to the Miss World competition, but that arrangement ended this year. The MCI organization is currently being sued by some former contestants and ran into further controversy when Miss Canada International 2003 was dethroned in mid-year and replaced by the runner-up.

    [Williams] One of the Waterloo women competing in Saturday night's event (at the Living Arts Centre in Mississauga) is arts student Meghan Williams (right), chosen as Miss Vancouver International last month.

    [Stuart] The other is Heather Stuart (left), a graduate student in geography, who holds the title of Miss Kitchener. She's featured in a newsletter from the faculty of environmental studies this month,

    The competition takes place over 10 days, culminating in Saturday night's pageant. Candidates from across the country are evaluated throughout the week as they participate in interviews, write essays, and do media tours at attractions such as Niagara Falls and the CN Tower. On the basis of these evaluations, the top ten participants will be selected before the pageant. Through interviews during the show, three finalists will be selected. These three will each be given a series of questions while the other two are in isolation booths. A winner will be selected based on the responses.

    "People have to get beyond the notion of a beauty pageant," says Stuart. "It's a competition to find an ambassador for Canada. Personality, intellect, poise, communication abilities, moral ethics, sense of humour, and sincerity are some of the qualities contestants will be evaluated on. The classic swim suit and 'talent' portions of the pageant are voluntary for delegates who wish to participate, and not part of the judging. It really is about finding a spokeswoman for our country."


    Communications and Public Affairs, University of Waterloo
    200 University Avenue West, Waterloo, Ontario N2L 3G1
    (519) 888-4567 ext. 3004
    bulletin.uwaterloo.ca | Yesterday's Bulletin
    Copyright © 2003 University of Waterloo