Greetings all: I debated long before deciding to go ahead and post this to the list. I believe that all VSNL subscribers among you know by now that VSNL Calcutta has withdrawn shell access to TCP/IP accounts on giascl01, cal and cal2 servers w.e.f 29-12-1999. As a heavy and long time VSNL user I feel rather strongly about this decision taken by VSNL to achieve their stated objective of "enhancing security to our valued users". I don't know how many among you share these concern with me, or would even be interested in reading on (if you are not, then please stop here and delete this mail). As a fellow computer/net user I felt could share my thoughts on this issue with you, so here goes..... I am a TCP/IP user on cal.vsnl.net.in server. My account is for personal use by myself alone. Since opening the account on 07-07-1998, I have used about 2000 hours online from this account. I heartily welcome VSNL's decision to tighten up security, but the step they took to do this IMHO, both myopic and retrograde. Points against the present policy to shutdown shell access: ========================================== 1. The website to change passwd/check account usage employs the HTTP protocol to do its job. Our username and passwords are transmitted as PLAIN TEXT! A site like this should be a secure web-site using HTTPS (HTTP over SSL). 2. The webmail option presented to the users after withdrawing shell access suffers from similar problems as mentioned above. Besides, other issues against the webmail.vsnl.com are: 2. a> accessing mails using the web-interface is slower than using PINE via telnet, this directly results in *much higher* total-connectivity costs to the user. 2. b> the interface, apart from its very poor visual design, is severly functionally restricted: 2. b. i> no option to see the complete headers. Most web-based mail services (eg. yahoo, hotmail etc.) offer this as part of user settings. Headers contain tell-tale signatures of suspected spammers, or whether a mail was spoofed (willful forging of the "From:" address). 2. b. ii> no option present to forward a mail. 2. b. iii> no option present to customise user settings (we could do this using the setup option of pine) 2. b. iv> there is no "Sent-mail", "Draft", "Deleted" mail folder options, nor are the user presented with options to create their own custom folders or setup mail-filter rules for the webmail interface. 2. b. v> timing-out a webmail login session in the absence of explicit termination by the user seems to be absent. This has serious security ramifications. 2. b. vi> the web-interface uses the shorter email-id, because of this replying to/manipulating mails from mailing lists subscribed to using the longer, full format address is made impossible. As a subscriber of more than a dozen mailing lists and a listadmin for about 5 others, this leaves me with my hands tied. 3. This decision didn't give a thought about the users like me who often prefer a CLI (command-line interface) for mailing, and TCP/IP for other things. 4. That VSNL simply notified the users about the withdrawal of shell access without explicitly specifying that users who had mail & addressbook & other data stored on the server should retrieve/download these, is *serious service lapse* on the part of VSNL. For example, in my case, withdrawing the shell access has restricted my access to important mails and other documents (about 1 MB) left in "Sent-mail" and "Saved Mail" & AddressBook folders in my home directory on the cal server. Under the present situation I am can't access (ie. without VSNL's mediation) what rightfully belongs to me. 5. While using Windows-based email software, it is a common experience that the mail client sometimes fail while trying to download a mail with a particularly heavy attachment. In past, the easiest solution was to login via telnet and forward (to another account) & delete the mail in question, exit from the shell and carry on from after that. Under present condition the user is dependent on Helpdesk's assistence to do his own house-keeping. In my mind, this comes uncomfortably close to unnecessary intrusion of the user's privacy. Coming from the Winner of 1999 PC Quest Users' Choice Award in the ISP category and people who take pride in being India's premier ISP, this move is completely surprising and highly disturbing. Thanks for letting me share my thoughts with you. Best regards, Indranil Das Gupta ([EMAIL PROTECTED]) -- To unsubscribe, send mail to [EMAIL PROTECTED] with the body "unsubscribe ilug-cal" and an empty subject line. FAQ: http://www.ilug-cal.org/help/faq_list.html
