Seriously? Permission Fail.

Nick Jackson / / Stuff Which Doesn't Live Anywhere Else

I’ve just been flicking through the Daily Alerts for my staff account (It’s almost as mind numbing as the one for Students, but sometimes contains information which has a use outside of the land of marketing).

Today I decided to make use of the link telling me to find out what was going to be on the menu in the Atrium this week. I duly clicked the link and was whisked off to Portal and prompted to log in. At this point my devious mind went “hold up a second, will this work if I’m a student?”. Being the investigative sort, I plugged in my student account details to see what would happen and was promptly refused access. My staff account works fine, and will happily tell me what I can enjoy for dessert this week.

From this I can only guess that the information on the menu is so highly secretive that students aren’t permitted to see it lest they go wild with desire for the honey glazed pork steak (Wednesday), the lemon Bakewell (Tuesday) or the Thai fishcake with sweet chilli sauce (Thursday). Or they could stand outside the servery and just read the entire menu for the week on the board. Go look, it’s on a bit of orange paper.

As a side note, the link which actually came through the email included some elements specifying that I should be in edit mode. Thankfully Portal has the sense to ignore this if I don’t have permission to edit, but can people please remember to sanitise links before sharing them?

Update: Thanks to Dave, all students can now enjoy reading about the full range of meals on offer.

Wave at me!

Nick Jackson / / Web 2.0

I’m taking a short break from printing (at the moment I’m sat at home ripping apart the IPP specification and some logs from CUPS to work out why it almost but not quite works) to relay a brief message on Google Wave, and what it is.

Is it just me who thinks that this would be amazing in an academic environment, specifically with regards to planning and collaboration for projects? Hopefully when it’s out of preview and into beta it’ll join Google Apps, providing yet another reason (along with Kirsty’s work on Google Docs) for the University to make Apps available for us all. We’ll get rid of that infernal Outlook Web Access and bizzarely low inbox quota yet!

The SU are Getting Satisfied!

Nick Jackson / / Get Satisfaction, Service 2.0

The SU plugged Get Satisfaction today at the Student Reps training session!

My student side declares a victory (“Hooray! Advocacy as a Student Rep worked!”) but my staff side now goes “umm… now what?”. See, at the moment it’s impossible to moderate discussions, or to change the state of a topic without posting a reply. This means that if someone answers a question who isn’t a staff member there’s no way to say “this has been answered” without also weighing in and adding unnecessary crud to the thread.

$99 a month for moderation tools… which it’s impossible to justify without a detailed survey and explanation of how it works. Which is impossible to generate without users. Which are difficult (but not impossible) to get without promotion. Which the University won’t approve without some form of moderation tools and staff training in place.

Hmm. Anybody got experience with this kind of ‘just trust me on this one’ promotion? Get Satisfaction is so unique that there’s nothing in the market to compare to, and so new that there aren’t any big case studies. Nor does it help that there are only a scant handful of educational institutions who only half use the service.

Either way I’ve switched the default login method from Get Satisfaction’s own user database to Facebook (although the former is still available) to make it more immediately accessible. We really could do with getting SSO working; but that’s another story and more money.

SMB vs HTTP vs HTTPS

Nick Jackson / / Print From My PC

So… more on printing. Alongside documenting the service (and cobbling a nice new stylesheet together to replace the old, somewhat kludgy one) I’ve been doing some work with a stopwatch on the relative speeds of SMB vs IPP/HTTP and IPP/HTTPS. The results are slightly unusual.

  • SMB – Printing from Ubuntu and OS X is under 10 seconds for most jobs.
  • IPP/HTTP – Very fast from Windows, but Ubuntu and OS X normally around the region of 30-40 seconds.
  • IPP/HTTPS – Very fast from Windows, but Ubuntu and OS X normally in the region of 15 minutes. Yes, minutes.

I really need to convince people that SMB is a viable solution and isn’t the massive security risk they seem to think it is. It’s faster, easier and more efficient, at least until I can work out how to make a *nix CUPS server talk to SafeCom.

IPP over HTTPS, the acronyms continue!

Nick Jackson / / Print From My PC

Following our massive success of printing using SMB, and being told it was a security hole we then evaluated IPP. IPP works fine, as long as we clobber it so that it works over HTTP.

Trouble is, of course, that HTTP isn’t secure. So we need to use HTTPS, which brings with it a whole new and exciting swathe of problems to deal with. Put simply – it doesn’t work at the moment.

I’m currently trying to break in to the server at the other end so that I can see what’s going on other than the cryptic messages which get dumped to the client. I strongly suspect that somebody has forgotten to tick a box, or that HTTP authentication is disabled or using the wrong realm.

It will work, I really mean it! Even if I have to rip apart CUPS and Kerberos and slam them together in a Frankenstein’s Monster of a print system with authentication to the AD (although I’d really rather not – CUPS is a mess internally and Kerberos would involve Yet Another Server).

Update: I managed to break into the server, admittedly by getting myself set as an admin. Once inside I discovered that as I suspected HTTP authentication was disabled entirely. A quick click to turn it on, set the default domain and realm, and force clients to use HTTPS. Job done.

Next up, documentation and implementation.

It’s coming…

Nick Jackson / / Print From My PC

Yes, it’s true. Printing from your own PCs – the #2 item on student surveys about IT for quite a while now – is just around the corner and should be open for use by Week 6 (just in time for all those lovely assignments), with a few caveats.

The University's SafeCom printers, working from my laptop.
The University's SafeCom printers, on my laptop.

Firstly, the initial offering will be ‘Windows only’. As in, Windows (XP, Vista and 7) will work properly and everything else will work after a fashion but be unsupported. This is because of a curious implementation of the protocol at Microsoft’s end which means that clients using CUPS (OS X and Linux, this is you) will print fine, but not know when printing has been done. Some systems such as Ubuntu will then helpfully try to print again, so if you don’t remember to manually clear your print queue then you’ll end up with 100 copies of those lecture slides and no credit. This is very much a work in progress, and I’m actively working on some alternatives to solve this problem. In the meantime, when this is released all OS X and Linux users make sure you follow the guides very, very carefully.

Continue reading “It’s coming…”

More on iCal

Nick Jackson / / Open Data, Web 2.0

It has been brought to my attention that I need to point out some extra information regarding my post about iCal timetables, specifically this bit:

Which is why I’m happy to announce that a Level 2 Computing student has undertaken the monumentally complex task of taking your University timetable and turning it into an iCal format. The monumentally complex task which people assured me was technically very difficult due to the way timetabling was organised.

As Tim has rightly pointed out, the “monumentally complex task” of extracting the data has already been done in order to view your timetables at all, given that the data comes out of the timetabling system in somewhat of a mess.

So, kudos to Alex for hacking the data into iCal format, but equally kudos to those who managed to get it into HTML in the first place.

In future though, I would like to see more data being available in the open format (JSON, XML, REST and those other data exchange acronyms… just preferably not SOAP) and then being re-interpreted according to how it’s meant to be viewed. Ideally the data should flow from timetabling to the data repository, and then be extracted and reformatted into the HTML view. One definitive, authoritative source for the data.

Why Sharing Data is a Good Thing™

Nick Jackson / / Open Data, Web 2.0

One of the things I’m very big on is open data. Not necessarily just broadcasting everything to the universe for all to see (which would be stupid), but instead offering data in a format which is machine readable by design, and which can be easily taken, manipulated, shared, mashed and displayed as the user wants to see it and not as the company decides it should be consumed (although providing a ‘default’ view for users not savvy with open data is acceptable and indeed encouraged).

Which is why I’m happy to announce that a Level 2 Computing student has undertaken the monumentally complex task of taking your University timetable and turning it into an iCal format. The monumentally complex task which people assured me was technically very difficult due to the way timetabling was organised. The nigh on impossible challenge of extracting data and presenting it in a new format. The arduous task which took Alex an hour of tinkering in PHP, without so much as access to the raw data.

If you’re interested in getting your timetable in a format you can use on many devices, head off to Friendly Student Timetables (beta) at Learning Lab. Source code available.

Magic Print Gateway

Nick Jackson / / Print From My PC

We’ve finally come up with a working print solution for use on-campus, with support for off-campus users not far behind! Yes, coming soon (as soon as we’ve gone through a meeting, approved it and built some nice tidy servers without all our development detritus on them) you’ll be able to use your own Windows, OS X or Linux laptop from anywhere within the Campus WiFi to print using the University printers!

“But how?” I hear you cry. “We thought it was impossible because Windows Server 2003 has such a ridiculous implementation of the IPP standard!”.

Continue reading “Magic Print Gateway”

Windows Doesn’t Do It Right

Nick Jackson / / Stuff Which Doesn't Live Anywhere Else

It turns out that the Windows implementation of IPP lacks a crucial component in relaying its status to the client – it doesn’t tell it when printing has been done. Instead it replies with the technical equivalent of “I don’t understand what you just said”.

This is all well and good, except that the clever client will then go “Oh, OK” and file the print job away to be tried again later. In the case of Ubuntu this is an automatic retrying, sending the page to the printer every so often. The printer receives and prints the page, but once again cannot tell the client it’s done. Into the queue once more, to be retried yet again.

If you don’t manually remove the print job from the queue this will go on forever. Clearly not good when you print your file from home and forget about it, foolishly logging into SafeCom and hitting “Print All Documents” then wondering why it’s producing 500 copies of that witty sign for your room door and using all your credit.

Evidently, this is not the correct way to be going about printing. I’ll get to work on a solution, probably involving a weird hybrid of CUPS, IPP, SMB and LPR authenticating against an LDAP/AD mashup.