Re: [Server-devel] Filtering and authentication
On Mon, Apr 27, 2009 at 5:03 PM, Henry Edward Hardy hhard...@gmail.com wrote: Does it allow access to The Catcher in the Rye (Use of fuck, blasphemy, drinking, smoking, lying, promiscuity, implied pederasty) Hi Henry. we are talking about 6 to 12 year olds in a wide range of cultures. Most cultures wisely protect their young until their teens, and from an anthropological/sociological PoV that makes perfect sense. Each culture has its own time where it loosens up on young adults. But it is safe to say that it is past our target window (6 to 12 or perhaps 5 to 13). And... they'll have a lifetime to read surf naughty websites, read erotic novels and discover life. At the current trend, they'll get enough viagra spam to last them a lifetime. There is _no_ need to mistreat them serving them such stuff when they are 7. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Filtering and authentication
Anna wrote: On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron reu...@laptop.org wrote: As far as limiting the internet connection to authorized XOs, that's an issue we're probably going to run into at some point once we broaden the XS deployment. So far at the pilot school, the staff members connect to the internet with their personal laptops and iPhones, but I haven't really heard any complaints of abuse yet. If your deployment is relatively small, it should be easy enough to add the hardware addresses of the trusted XOs to dhcpd.conf and disallow unknown machines (or play pranks on them as suggested at http://www.ex-parrot.com/~pete/upside-down-ternet.html). Anna Schoolfield Birmingham While not all encompassing you could also attempt to drop dhcp requests that do not come from 00:17:c4 using something similar to: http://ubuntuforums.org/showthread.php?p=4191756 Reuben ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Filtering and authentication
On Apr 27, 2009, at 11:18 AM, Reuben K. Caron wrote: Anna wrote: On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron reu...@laptop.org wrote: As far as limiting the internet connection to authorized XOs, that's an issue we're probably going to run into at some point once we broaden the XS deployment. So far at the pilot school, the staff members connect to the internet with their personal laptops and iPhones, but I haven't really heard any complaints of abuse yet. If your deployment is relatively small, it should be easy enough to add the hardware addresses of the trusted XOs to dhcpd.conf and disallow unknown machines (or play pranks on them as suggested at http://www.ex-parrot.com/~pete/upside-down-ternet.html). Anna Schoolfield Birmingham While not all encompassing you could also attempt to drop dhcp requests that do not come from 00:17:c4 using something similar to: http://ubuntuforums.org/showthread.php?p=4191756 Please do not take this approach. It sounds quick, easy, and foolproof, but will lead to problems in the future.(I almost suggested it, but decided the cons outweighted the pros.) For example, what if you get an XO-1.5 in the mix ? It won't work, and will be difficult to debug. You also disallow other laptops (teachers, etc.) from being in the network... wad ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Filtering and authentication
John Watlington wrote: On Apr 27, 2009, at 11:18 AM, Reuben K. Caron wrote: Anna wrote: On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron reu...@laptop.org wrote: As far as limiting the internet connection to authorized XOs, that's an issue we're probably going to run into at some point once we broaden the XS deployment. So far at the pilot school, the staff members connect to the internet with their personal laptops and iPhones, but I haven't really heard any complaints of abuse yet. If your deployment is relatively small, it should be easy enough to add the hardware addresses of the trusted XOs to dhcpd.conf and disallow unknown machines (or play pranks on them as suggested at http://www.ex-parrot.com/~pete/upside-down-ternet.html). Anna Schoolfield Birmingham While not all encompassing you could also attempt to drop dhcp requests that do not come from 00:17:c4 using something similar to: http://ubuntuforums.org/showthread.php?p=4191756 Please do not take this approach. It sounds quick, easy, and foolproof, but will lead to problems in the future.(I almost suggested it, but decided the cons outweighted the pros.) I agree it is fraught with peril; however, do we have a better solution until: Tie internet access to registration, is implemented: http://wiki.laptop.org/go/User:Martinlanghoff/XS_0.6_plan#Not_in_the_plan For example, what if you get an XO-1.5 in the mix ? I would assume XO 1.5 will have a similar unique identifier that could be added to the list. While more complex to implement, perhaps something like NetReg would be viable: http://netreg.sourceforge.net/ Regards, Reuben ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] backup : problem opening /library/users/XXXX/datastore-xxxxx/store
On Mon, Apr 27, 2009 at 3:59 PM, Hamilton Chua hamilton.c...@gmail.com wrote: Thanks so much for replying. I don't have an XO laptop so I'm unable to verify how backup/restore should really work but from your reply below I'm guessing that there really should be a store directory Ah, thought you had one. Sorry. Here's a sample from an XS dev box I have here [r...@schoolserver1 web]# ls -lah /library/users/ total 28K drwxr-xr-x 6 rootroot4.0K 2009-04-03 06:51 . drwxr-xr-x 9 rootroot4.0K 2009-02-27 17:48 .. drwxr-x---+ 24 CSN7470319B CSN7470319B 4.0K 2009-04-27 10:11 CSN7470319B drwxr-x---+ 10 SHC84601226 SHC84601226 4.0K 2009-04-02 20:02 SHC84601226 drwxr-x---+ 6 SHF80801EE8 SHF80801EE8 4.0K 2009-01-21 12:17 SHF80801EE8 drwx-- 5 SHF8080271C SHF8080271C 4.0K 2009-04-03 06:51 SHF8080271C This is the directory for a specific user - showing the hard-linked snapshots. Names of the dirs are teh UTC time in which the snapshot was completed. The little '+' sign means that they have ACLs (the only ACL is so that apache can read them). [r...@schoolserver1 web]# ls -lah /library/users/CSN7470319B/ total 112K drwxr-x---+ 24 CSN7470319B CSN7470319B 4.0K 2009-04-27 10:11 . drwxr-xr-x 6 rootroot4.0K 2009-04-03 06:51 .. -rw-r--r-- 1 CSN7470319B CSN7470319B 18 2008-02-29 09:27 .bash_logout -rw-r--r-- 1 CSN7470319B CSN7470319B 176 2008-02-29 09:27 .bash_profile -rw-r--r-- 1 CSN7470319B CSN7470319B 124 2008-02-29 09:27 .bashrc drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-01-21_15:43 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-03-25_15:06 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-03-26_00:08 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-03-27_00:11 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-03-28_00:02 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-03-29_00:13 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-03-30_09:12 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-03-31_00:06 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-01_00:04 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-02_16:02 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-03_00:02 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-10_20:32 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-13_10:42 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-14_06:14 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-15_20:19 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-17_12:08 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-23_14:42 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-24_00:10 drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-2009-04-27_14:11 drwxr-xr-x 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 datastore-current lrwxrwxrwx 1 CSN7470319B CSN7470319B 53 2009-04-27 10:11 datastore-latest - /library/users/CSN7470319B/datastore-2009-04-27_14:11 -rw-r--r-- 1 CSN7470319B CSN7470319B 500 2008-05-23 13:35 .emacs drwxr-xr-x 2 CSN7470319B CSN7470319B 4.0K 2008-04-06 16:43 .gnome2 drwx-- 2 CSN7470319B root4.0K 2009-01-21 10:14 .ssh [r...@schoolserver1 web]# ls -lah /library/users/CSN7470319B/datastore-2009-04-27_14:11 total 124K drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 . drwxr-x---+ 24 CSN7470319B CSN7470319B 4.0K 2009-04-27 10:11 .. drwxr-xr-x+ 4 CSN7470319B CSN7470319B 112K 2009-04-24 07:32 store This is a particular datastore -- fairly large so I've skipped the records inthe middle - [r...@schoolserver1 web]# ls -lah /library/users/CSN7470319B/datastore-2009-04-27_14:11/store/ | head total 243M drwxr-xr-x+ 4 CSN7470319B CSN7470319B 112K 2009-04-24 07:32 . drwxr-xr-x+ 3 CSN7470319B CSN7470319B 4.0K 2008-05-13 09:43 .. -rw-r--r--+ 20 CSN7470319B CSN7470319B 348 2008-10-07 19:26 005714d1-f432-4d85-acdc-7d2a8a261395.metadata -rw-r--r--+ 20 CSN7470319B CSN7470319B 721 2008-10-21 12:15 007610f6-62ec-4a74-af49-2d1f8cafe0fc -rw-r--r--+ 20 CSN7470319B CSN7470319B 378 2008-10-21 12:15 007610f6-62ec-4a74-af49-2d1f8cafe0fc.metadata -rw-r--r--+ 20 CSN7470319B CSN7470319B 36K 2008-11-25 14:42 01032138-bb02-4132-a33e-51bb464f34dd -rw-r--r--+ 20 CSN7470319B CSN7470319B 275 2008-11-25 14:42 01032138-bb02-4132-a33e-51bb464f34dd.metadata -rw-r--r--+ 20 CSN7470319B CSN7470319B 308 2008-11-25 09:34 015e6039-26b6-4424-bbe2-934564ae0f20.metadata -rw-r--r--+ 20 CSN7470319B CSN7470319B 304 2008-10-23 11:17 0174d375-d574-49b2-aa7b-5dca4e22c52e [r...@schoolserver1 web]# ls -lah
[Server-devel] Fixing bash script bogosity - help?
Hi all, I have a simple shell scripting problem :-) you'll find attached a shell script that ships with ejabberd. It is a fairly straightforward bit of code, and allows us to control bits of the ejabberd internals with a nice cli interface. (Feel free to skip the start / stop bits of the code, I'm fighting with the ctrl function.) The problem it has is that the parameters are passed to a bash or runas invocation -- at which point the quoting is a mess. Currently I am working around it in the caller by doing some stupid nested-quoting. But this should be easy to cure -- if anyone knows a bit more bash (or portable shell!) than me :-) A minimal exposition of the problem is as follows: $ cat sample.sh #!/bin/bash -x # in the script, the CMD is built up as a string CMD=touch $@ # in practice we somtimes use /sbin/runuser -c # and other times plain bash -c bash -c $CMD # this invokation does the wrong thing - $ ./sample.sh ./sample.sh this is file one this is file two # the ugly workaround is ./sample.sh 'this is file one' 'this is file two' Any hints that don't involve a rewrite? cheers, martin-who's-easily-stumped-with-shell-backwardnesss -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ejabberdctl Description: Binary data ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Filtering and authentication
On Mon, 2009-04-27 at 18:00 +0200, Martin Langhoff wrote: On Mon, Apr 27, 2009 at 5:54 PM, Reuben K. Caron reu...@laptop.org wrote: While more complex to implement, perhaps something like NetReg would be viable: http://netreg.sourceforge.net/ Exactly. What we've been discussing w Reuben is to whitelist MAC addresses upon registration or Moodle access. Have a look at the method used with NoCatAuth from http://nocat.net/ Might make a good starting point. Given that I am making it possible for the admin accounts in Moodle to grant Moodle access to non-XO users, that opens the controlled window to non-XO hw we want. How and when I'll be able to implement it... that's a different topic :-) Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Fixing bash script bogosity - help?
hi martin -- I have a simple shell scripting problem :-) you'll find attached a shell script that ships with ejabberd. It is a fairly straightforward bit of code, and allows us to control bits of the ejabberd internals with a nice cli interface. (Feel free to skip the start / stop bits of the code, I'm fighting with the ctrl function.) The problem it has is that the parameters are passed to a bash or runas invocation -- at which point the quoting is a mess. Currently I am working around it in the caller by doing some stupid nested-quoting. But this should be easy to cure -- if anyone knows a bit more bash (or portable shell!) than me :-) A minimal exposition of the problem is as follows: $ cat sample.sh #!/bin/bash -x # in the script, the CMD is built up as a string CMD=touch $@ # in practice we somtimes use /sbin/runuser -c # and other times plain bash -c bash -c $CMD first, you want to preserve the original quoting of the args by using $@. it must look just like that. second, you don't need the bash -c there. just run $CMD directly. so, the invocation you want is: CMD=touch $CMD $@ in your original script looks like this ERL_COMMAND=$ERL \ $NAME ejabberdctl \ -noinput \ -pa $EJABBERD_EBIN \ -s ejabberd_ctl -extra $ERLANG_NODE $@ \ W=`whoami` if [ $W != ejabberd ]; then /sbin/runuser -s /bin/bash - ejabberd -c $ERL_COMMAND result=$? else bash -c $ERL_COMMAND result=$? fi a) remove $@ from the ERL_COMMAND definition b) change the bash -c line to be: $ERL_COMMAND $@ c) to fix the runuser invocation (assuming it's broken, and i guess it probably is), i think will be trickier. i'm sure we can fix it though. how's this so far? paul =- paul fox, p...@laptop.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Fixing bash script bogosity - help?
I'm no maven, but the last time I was dealing with quoting issues with $* expansion I had found this article helpful: http://www.ibm.com/developerworks/library/l-bash-parameters.html?ca=drs- Sean On Mon, Apr 27, 2009 at 10:37 PM, Martin Langhoff martin.langh...@gmail.com wrote: Hi all, I have a simple shell scripting problem :-) you'll find attached a shell script that ships with ejabberd. It is a fairly straightforward bit of code, and allows us to control bits of the ejabberd internals with a nice cli interface. (Feel free to skip the start / stop bits of the code, I'm fighting with the ctrl function.) The problem it has is that the parameters are passed to a bash or runas invocation -- at which point the quoting is a mess. Currently I am working around it in the caller by doing some stupid nested-quoting. But this should be easy to cure -- if anyone knows a bit more bash (or portable shell!) than me :-) A minimal exposition of the problem is as follows: $ cat sample.sh #!/bin/bash -x # in the script, the CMD is built up as a string CMD=touch $@ # in practice we somtimes use /sbin/runuser -c # and other times plain bash -c bash -c $CMD # this invokation does the wrong thing - $ ./sample.sh ./sample.sh this is file one this is file two # the ugly workaround is ./sample.sh 'this is file one' 'this is file two' Any hints that don't involve a rewrite? cheers, martin-who's-easily-stumped-with-shell-backwardnesss -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
