Elliott C. Back: Internet & Technology

I came across PeopleSoft Hinders Review of Aid Applications, an article describing how my Alma Mater’s implementation of Peoplesoft is causing delays in processing financial aid applications, which contains an amazing quote:

12 days after classes started, about 750 students’ financial aid applications are still being processed due to complications from the implementation of PeopleSoft. PeopleSoft replaced JustTheFacts software and now manages students’ personal, academic, bursar and financial aid information.

“The PeopleSoft system is much more labor-intensive than our previous financial system,” stated Davis. “We estimate that it takes three to four times longer to review and process a financial aid application in PeopleSoft than it did in our former financial aid system.”

Well, “This can’t be that bad,” I thought and headed over to the student management system to check it out for myself. Then, I got hit by an ancient-looking ugly, non-functional GUI:

Clicking on any of the links that might interest me (grades, transcripts, etc) led me to the following “nice pages”:

The back/forward buttons don’t work

Whoah, where did this come from?

Another random error

Yep, Peoplesoft definitely sucks. And, I don’t blame Cornell for it–except for making the original bad decision to migrate from a working, if not archaic, system. Nay, I blame Peoplesoft (recently rebranded as Oracle Peoplesoft. Here’s some juicy quotes from other IT professionals:

• “It’s a horribly designed piece of crap. They don’t use referential integrity *and* they duplicate data all over the place in the database. Their UI is like something out of Windows 1.0 days.” – Joel on Software
• “It is the single worst example of web-based software I have ever seen. Ever.” – Jason
• “It’s web browsing in the 19th century. Lots of backing up and clunky navigation menus laden with far too much non-intuitive information.” – Dee-Rob
• “the syntax, which seemed arcane at best and totally unusable at worst” – John

A cute Facebook group, Cornell must be held accountable for Peoplesoft issues, and another Cornell story, New CoursEnroll Software Causes Distress, Difficulties, explains how the initial rollout was also fraught with difficulties:

Yeh said that although the system was marked by a number of problems, nearly 3,200 students out of the approximately 3,700 who needed to enroll were able to do so successfully. Course requests that were not approved before the system went down were entered into the system automatically.

[T]he preparation for the replacement began back in 1995 when Cornell administrators began watching how other schools used PeopleSoft. Cornell and company began to develop the new program together. Yeh did not know how expensive the program was to develop.

The moral of the story? Sometimes rolling your own software is better than buying and adapting. Especially for giant applications.

If you’re an American, or otherwise living in the USA, stories like That Money Is GUILTY! should make you extremely angry:

Deputy Chris Engel, 25, had been on the job just two weeks when a routine traffic stop Dec. 20 turned into the biggest cash seizure the Nebraska county has ever seen. The driver’s story didn’t add up, Engel said, so he did a little more investigating. The driver was not arrested — or even ticketed for going 10 mph over the 75 mph speed limit. (He was warned.) But the investigation is ongoing, Engel said. The Nebraska State Patrol and the Drug Enforcement Agency are assisting in the investigation.

“Chris is a very aggressive young deputy,” Hanson said. Investigators don’t know if they will be able to connect the money to a drug operation, Hanson said, but the important work already has been done. “The big thing is he grabbed 69 (thousand dollars) and took it away from them,” Hanson said of the money seized. “That’s going right straight to the heart of the matter.”

Thanks to America’s asset forfeiture laws, Police can and will take your property from you if they want to, or suspect they can. Usually this occurs when carrying large amounts of cash under the assumption that anyone carrying a large amount of cash must be guilty of a crime. The legal proceedings are dubious, as the Federal government brings a civil case against your seized cash:

The US Government sues the item of property, not the person; the owner is effectively a third party claimant. Once the government establishes probable cause that the property is subject to forfeiture, the owner must prove on a “preponderance of the evidence” that it is not.

On a practical level, the law enforcement agents making the seizures are either (a) funding their departments or (b) acquiring equity that will personally benefit them, a clear conflict of interest between revenue generating activities and lawfulness. This came from the Racketeer Influenced and Corrupt Organizations Act (RICO), passed by Congress in 1970, which sought to reduce crime by eliminating its financial motivations. For example, in the case of a drug dealer, RICO would let police take his pimped out car, stacks of cash, and other such business accessories, making it unprofitable and embarrassing to be in that profession.

The Mesa Tribune did an analysis of the RICO cases filed in Arizona between January 1990 to November 1993. The nine local agencies it analyzed were the Arizona Attorney General’s Office, the D.P.S. (Department of Public Safety), the Maricopa County Attorney’s Office, and the Chandler, Gilbert, Mesa, Phoenix, Scottsdale, and Tempe police departments:

• Nearly three-fourths of the people who lose property in forfeiture cases are never charged with a crime.
• About two-thirds of the people who had property seized had no criminal records in Maricopa County.
• One of every six people whose property was seized was an uninvolved third party who was not even present when the property was taken. Typically these were parents, siblings, boyfriends, or girlfriends who entrusted their cars or other property to someone who was arrested on a narcotics-related charge.
• More than $4 million in cash – 54.8% of that taken – was seized from people who were never charged with a crime.
• Of the more than 2,400 people whose property was seized, only one in five was ultimately convicted.
• Only one in 20 went to prison.
• One in 40 went to prison for five years or more, even though those are the people most likely to be the kingpins at which the law is aimed.
• Despite the law’s stated aim of breaking wealthy crime organizations, the average cash seizure is $3,063.
• According to the Mesa Tribune study, the nine agencies raised $26.5 million in that time period. Typically, forfeiture profits are divided among the agencies that contributed to the case.

Once your equity has been taken from you, it’s your own responsibility to sue to get it back. Probably, you won’t even be charged with a crime, just presumed to be guilty of criminal activity before being proved so. To show “innocent ownership” in court, according to Practical Freedom, you must demonstrate all of the following:

1. The person acquired an interest in the property before or during the criminal act.
2. The property was acquired legally.
3. The owner did not or could not have known of the illegal activity.
4. The owner was not married to the person committing the illegal act.

When is someone going to sue the government and get this turned around? Asset forfeiture makes sense when it is applied after the judgment of guilt, not before, and inside the usual limitation and restrictions of law.

Today I had the pleasure of a random guy in Mexico recursively downloading as much of my site as he could, which sent my CPU load to 2.0, a level that Dreamhost would find acceptable but which I personally freak out about. The r-dns and IP of this guy are:

dsl-189-171-15-59.prod-infinitum.com.mx
189.171.15.59

He started at 04/Nov/2007:12:04:36 and ended (by iptables ban) at 04/Nov/2007:20:17:03. In those 8 hours and thirteen minutes, he made over 250,000 requests. That’s an extra 8.5 requests per second from a single IP, which is clearly unacceptable behavior:

[root@fc624389 ~]# cat access_log | grep 189.171.15.59 | wc -l
251923

If you don’t believe me, the next biggest offender over the last 24 hours made only 4,400 requests:

[root@fc624389 ~]# cat access_log | cut -d’ ‘ -f1 | sort -n | uniq -c | sort -nr | more
251923 189.171.15.59
4403 66.249.73.116
2012 76.88.78.239
1646 70.141.105.233

The user agent of this guy doesn’t tell *me* anything about him, but maybe one of you readers has an idea?

189.171.15.59 – - [04/Nov/2007:12:04:38 -0500] “GET /wp-content/themes/greenmarinee/images/links_bullet.gif HTTP/1.1″ 200 467 “http://celebrity-photos.elliottback.com/” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)”

Another thing that bugs me is he requested each URL about 7 times. WTF? Do you really need to spider my site as fast as you can seven times?

[root@fc624389 ~]# cat access_log | grep 189.171.15.59 | cut -d’ ‘ -f11 | sort | uniq | wc -l
35414

I am either thinking of writing a very evil script to confuse non-google/msn/live/ask/yahoo bots by writing in an infinite number of invisible links into my websites, or installing some kind of mod_throttle into my apache. It looks like mod_limitipconn might help here, too.