Re: [Server-devel] DansGuardian (was What's cooking in the XS pot this week, (2008-10--01))
You may want to look into SquidGuard... it may be an alternative to Dansguardian as it seems much lighterweight and more customizable in the way you've been doing the bash side of things on the XS to date: http://www.squidguard.org/ Kind Regards, David Van Assche On Sun, Oct 5, 2008 at 1:01 PM, Martin Langhoff [EMAIL PROTECTED] wrote: On Sun, Oct 5, 2008 at 3:02 PM, Martin Langhoff [EMAIL PROTECTED] wrote: I'm still a bit ambivalent with regards to DG and how much of a good fit it is, so let's be clear - long term, what we want is a good quality content filter. Been ruminating on this a bit. The more I think about it, the more clear it is that DG on the XS is not a good long term solution. - from reports, it seems to be fairly cpu and memory heavy - and its content scanning is fairly primitive - not bayesian For DG to be effective, I'd like to do Bayesian filtering, with the ability to train it. Or something in thesame family of strategies but smarter. The problem is that the XS will not have enough cpu/mem to handle this task. So it's a task better pushed to a proxy/filter upstream at the ISP network -- for any large deployment, we should start advising the local team to arrange with the ISP(s?) involved the co-location of 1 server. This server gives us an opportunity to perform - filtering at one central place = better scale up / scale out economies (making bayesian costs more reasonable) = larger scoring pool, so good/bad content gets flagged faster and for everyone = white/blacklisting is immediate and for everyone = better bandwidth/traffic efficiency - unwanted content never clogs the slow/limited school pipe = unsure if DG is the tool of choice here - smart upstream proxing = run an rproxy upstream or similar = provide seed content for downstream proxies to pull - With this setup, laptops can be configured to attempt to use the upstream proxy even when connected via a non-school AP. This way, the protections extend to kids accessing internet outside of school. This is somewhat hard to enforce - we are protecting kids that want to be kids. Once a kid is at a cybercafe and has the intention to sidestep the filter, the genie is out of the bottle: he/she could just use one of the other machines anyway. On every XS I want to include blacklisting facilities so that teachers can exert local control in a hurry, but that is simple, blunt, and hardly needs DG :-) In any case, we can still think of DG as a pilot deployment filter. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] DansGuardian (was What's cooking in the XS pot this week, (2008-10--01))
On Sat, Oct 4, 2008 at 4:42 AM, Greg Smith [EMAIL PROTECTED] wrote: If Bryan needs Dansguardian built in that's good enough for me. I take back what I said about it not being critical. Good enough for me too. It's not like we cannot imagine why this is needed :-) I'm still a bit ambivalent with regards to DG and how much of a good fit it is, so let's be clear - long term, what we want is a good quality content filter. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] DansGuardian (was What's cooking in the XS pot this week, (2008-10--01))
Hi Guys, Sorry I sent that last e-mail before reading the full list. If Bryan needs Dansguardian built in that's good enough for me. I take back what I said about it not being critical. Let's put it on the roadmap for 0.6 and see if we can make it happen in time for Nepal to deploy it. Bryan, What is the delivery date of a tested and working version which will meet your time frame? I want to make sure we give it you with enough lead time so you can test it before you put it in production. Thanks, Greg S From: Martin Langhoff [EMAIL PROTECTED] Subject: Re: [Server-devel] What's cooking in the XS pot this week (2008-10--01) To: Bryan Berry [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 On Fri, Oct 3, 2008 at 6:22 PM, Bryan Berry [EMAIL PROTECTED] wrote: How happy are you with DanGuardian? Is it a useful filter? We use it internally w/in our office and we are happy w/ it. We use it locally to eat our own dog food. By default it blocks a lot if not most content on the Internet, including stuff that doesn't seem objectionable at all. Yeah, that's one of my concerns. I looked a little bit at DG documentation a few days ago, as I was fighting with Squid's memory usage, to understand how resource intensive it is, and how it works. And in the back of my mind the question was - is this the right tool? When you mention it blocks most content, I'm less than thrilled. A filter that is too blunt will actually backfire -- will be too easy to false-match and also easy to workaround. Users will learn something but perhaps not what we want. A smarter filter, one that does not give all/most users an incentive to find workarounds, is a much healthier solution. But I'll get deep into it later, more likely in the 0.6 cycle. Now that you mention you're using it in a real life setup, what does top tell you about its memory usage? I think dans is essential because it will keep the adults from using up all the bandwidth to look at porn. the secondary reason, to protect kids is also important ;) Noble causes indeed! cheers,, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
