You may want to look into SquidGuard... it may be an alternative to
Dansguardian as it seems much lighterweight and more customizable in
the way you've been doing the bash side of things on the XS to date:
http://www.squidguard.org/
Kind Regards,
David Van Assche
On Sun, Oct 5, 2008 at 1:01 PM, Martin Langhoff
[EMAIL PROTECTED] wrote:
On Sun, Oct 5, 2008 at 3:02 PM, Martin Langhoff
[EMAIL PROTECTED] wrote:
I'm still a bit ambivalent with regards to DG and how much of a good
fit it is, so let's be clear - long term, what we want is a good
quality content filter.
Been ruminating on this a bit. The more I think about it, the more
clear it is that DG on the XS is not a good long term solution.
- from reports, it seems to be fairly cpu and memory heavy
- and its content scanning is fairly primitive - not bayesian
For DG to be effective, I'd like to do Bayesian filtering, with the
ability to train it. Or something in thesame family of strategies but
smarter. The problem is that the XS will not have enough cpu/mem to
handle this task.
So it's a task better pushed to a proxy/filter upstream at the ISP
network -- for any large deployment, we should start advising the
local team to arrange with the ISP(s?) involved the co-location of 1
server. This server gives us an opportunity to perform
- filtering at one central place
= better scale up / scale out economies (making bayesian costs more
reasonable)
= larger scoring pool, so good/bad content gets flagged faster
and for everyone
= white/blacklisting is immediate and for everyone
= better bandwidth/traffic efficiency - unwanted content never
clogs the slow/limited school pipe
= unsure if DG is the tool of choice here
- smart upstream proxing
= run an rproxy upstream or similar
= provide seed content for downstream proxies to pull
- With this setup, laptops can be configured to attempt to use the
upstream proxy even when connected via a non-school AP. This way, the
protections extend to kids accessing internet outside of school. This
is somewhat hard to enforce - we are protecting kids that want to be
kids. Once a kid is at a cybercafe and has the intention to sidestep
the filter, the genie is out of the bottle: he/she could just use one
of the other machines anyway.
On every XS I want to include blacklisting facilities so that teachers
can exert local control in a hurry, but that is simple, blunt, and
hardly needs DG :-)
In any case, we can still think of DG as a pilot deployment filter.
cheers,
m
--
[EMAIL PROTECTED]
[EMAIL PROTECTED] -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel