Moin Bill! Am Sonntag, den 11.11.2007, 07:38 -0800 schrieb Bill Moseley:
> You commented in a separate reply that you don't want to run a > separate server. I don't know your network topology, but using a > separate gateway machine would be my first choice -- specifically to > make administration easier. For one thing, if we run more than one > LTSP server then I have to duplicate the configuration on each server. > Another is you don't have to worry about users bypassing local > configurations on the LTSP server. Our topology of network is like this: http://www.edubuntu.org/images/ltsp_inet.png There will only be 20 thin clients in several rooms. No fat clients. No windows I don't worry about users bypassing local configurations. No one in our school will be able to understand configuration of linux. Me too.:-) > I'm also considering white-listing instead of using a blacklist. Any > good ten-year-old hacker should be able to defeat a site blacklist, > I'd hope. I'm also not thrilled about content filtering, either. > Not too hard to setup a tunnel or use a remote proxy. How would you manage whitelists? The kids should search information with search engines like bunte-kuh.de or google. Should they ask the teacher on every result "Please, enter this site into the list of allowed sites.". Do you really think the average primary teacher in Germany is able to identify a sites url and edit the whitelist even if there were an easy to use program. We don't have any teachers education for using computers. We don't have any good hackers at our school. They also don't know what linux is. > I suspect content filtering is the easier route than trying to > manage a whitelist effectively (should sub-domains get whitelisted? > What ports get opened up?) And in the end it might be more work for > the teachers to deal with opening up sites than the few that get > through the blacklist. > > OS X / Safari "parental controls" use the whitelist approach. When > the kid goes to a new site there's a popup and then the admin can > enter their own password on that screen and allow access. That would > sure make things easier in the classroom for the teachers. That seems to be nice. > Like you, I also want to have fine-grain control over the filtering. > Obviously, this should be on a per-user basis not machine or location > basis. A student should not be restricted to a location or machine to > get the access they need. That's what I want. > Also, in a school the users naturally belong to groups. A teacher > should be able to say their entire class can access some list of sites > and have it just work when their students log in. This would be the best way, but I think for our school it's enough to give the kid the Internet access controlled by a blacklist. The teacher normally is in the classroom. To manage a list would be to complicate during the lessons. > > I'm not sure how to meet those goals. > > Probably more work than I have time for, but what I've been > dreaming of is a gateway machine using Netfilter and a database/web > application to manage users and machines. That interface would update > dns and dhcpd as needed, and use Netfilter for user-level filtering. > The web application would make it easy for teachers to add new sites > >from the student's machine. Now in our school we have gateway/file/user administration server which the teachers control with an old really easy to use interface called webtools2. It was build for schools in Hamburg in the last century. The only thing it is not able to control is user level Internet access. > We know all the MAC addresses of the teachers machines, so those can be > opened up. We only have one machine in a the classrooms, so the teacher must have a web or sudo based configuration program. Thanks Kai Wüstermann -- edubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
