Cornell University Events RSS Feed
As is my custom, I’ve produced a scraper to generate valid RSS feeds from the Cornell University official events calender. You can find the RSS feed at the following URL:
If you’re worried about hitting Cornell servers too often, I cache the file every half hour. If you’re worried about changing content, I update the feed every half hour from the Cornell website. My feed is fresh and scalable. And gzipped, if you’re into that.
If you have the Google Desktop Search beta 2, with integrated sidebar and Web Clips, you can add my RSS url to get daily updates of what’s happening at Cornell:
Update:
Cornell changed how their URLs worked, so I’ve updated this events notifier so it works again. Here’s the feedburner feed for it, too, if you’re interested:
Happy Cornell University RSS/XML feed reading!
Cornell violates mass student privacy
Let’s see what happens when we try to finger various users at various other universities:
[stanford.edu]
> Finger: connect::Connection timed out[arizona.edu]
“University of Arizona – see ns.arizona.edu/ for online phonebook & email listings”[asu.edu]
> Finger: connect::Connection refused[princeton.edu]
> Finger: connect::Connection timed out[brown.edu]
> Finger: connect::Connection refused[swarthmore.edu]
> Finger: connect::Connection timed out[yale.edu]
> Finger: connect::Connection refused[columbia.edu]
> Finger: connect::Connection refused[umich.edu]
OpenLDAP Finger Service…
1 exact match found for “ecb”:
“ecb, People”
E-Mail Address:
None registered in this service.
Uniqname:
ecb
Last Modified:
Tue Jul 19 16:15:30 2005
Modified By:
batch update, security[washington.edu]
> Finger: connect::Connection refused[duke.edu]
^C[bu.edu]
There was 1 match to your request.—————————————-
name: Bouressa, Elizabeth, Christine
index_id: X62965
email to: ecb@bu.edu
—————————————-[indiana.edu]
> Finger: connect::Connection refused[purdue.edu]
> Finger: connect::Connection timed out[georgetown.edu]
> Finger: connect::Connection refused
As a survey, the University of Michegan and Boston University are the only two offenders: the other 13 institutions of higher learning obeyed better computer security protocols and turned off the finger service or blocked it at their edge firewalls. You might be wondering what the finger command is. If you are, finger is a linux/unix command you invoke to retrieve information about the users of a computer system. The format is finger user@system, after which a directory listing for that user is printed.
So, how does a finger command against Cornell University look? Surprisingly different:
[cornell.edu]
Information from Cornell’s Electronic Directory…
————————————————–Your query returned 18 matches:
Name: Elliott Conrad Back Nickname: elliott
Send Email To: ecb29@cornell.edu
Campus Phone: 607-229-0623
Campus Address: Cascadilla Hall
Local Phone: 607-253-7940
Local Address: 1108 Cascadilla, ITHACA, NY, 14853-2301
Project:[...]
Name: Emily Christine Berg Nickname:
Send Email To: ecb39@cornell.edu
Campus Phone:
Campus Address:
Local Phone: 607-253-6644
Local Address: 6164 Low Rise #6, ITHACA, NY, 14853-6004
Project:Your query returned 18 matches.
“Oh wow!”, you think. “Cornell University is so great! I ask it for a directory listing, and it shows me all the possible matches!” Does this make you wonder if it will match e@cornell.edu to all names with the letter “e” in them? It should, because it does. Results are truncated after 2000 entries, but for a computer hacker type like myself, that’s no problem. Just run some commands like:
java CombinationGenerator 1 | gawk “{print $0\”@cornell.edu\”}” | xargs finger > cornell-dir-one-comb.txt
java CombinationGenerator 2 | gawk “{print $0\”@cornell.edu\”}” | xargs finger > cornell-dir-two-comb.txt
java CombinationGenerator 3 | gawk “{print $0\”@cornell.edu\”}” | xargs finger > cornell-dir-three-comb.txt
And you will soon find yourself with the directory listings for every student, organization, and entity at Cornell University. Taken one-by-one, this kind of directory information is completely useless and publicly available. But when taken in aggregate form, the contact information in Cornell’s directory *is* a secret, and should not be available this way.
Update: Interestingly, Cornell was aware of this attack about a year before I made my post. Yet, they did nothing to mitigate it…
Open Hearts, Minds, Doors ?
This strange sculpture was sitting in symbolic defiance in front of Uris Hall today:
Does “open minds” mean we understand that it’s ok if you are an extremist and have a “closed mind”? Then why even make the distinction! It’s a paradox, I tell you…
Update:
Andy documents student civil disobediance: guessir.blogspot.com/2005/09/big-red-hypocrisy.html
