on Wed, Apr 20, 2005 at 09:02:03PM -0700, Karsten M. Self (kmself@xxxxxxxxxxxxx) wrote: > It's that time of the month again -- Schoolforge's April IRC meeting. > Meetings are on the 22nd of each month at 4:30 UTC and 16:30 UTC. That's > 2 days from today. > > Where: irc.freenode.net #schoolforge > When: April 22, 04:30 and 16:30 UTC (local times below) > What: topic is whatever strikes your fancy. > Who: You! > How: If you haven't used IRC before, clients include: > Chatzilla (Mozilla), XChat (Linux, Windows), irssi > (Linux), MIRC (Windows). There's more general > information at > http://www.infoanarchy.org/wiki/index.php/Using_IRC For the 0430 UTC meeting (the 1630 is in about an hour), short summary (lightly edited): - Present were myself (CA, USA), euclid (OH, USA), wen2 (CN), and LesRichardson (SK, CA). - Basic introductions. < wen2> i am a teacher of geography < wen2> i have used GNU/Linux for several years < karsten> OK. What distro(s)? < wen2> begin with Redhat now change to Debian < LesRichardson> I'm a teacher 9-12, but in a K-12 school. < LesRichardson> This is a public school in Canada, where teachers get paid. < karsten> Heh. < karsten> As opposed to public / unpaid? < LesRichardson> As opposed to public schools in other countries where teaching is not really a profession, but just a job on the way to something else. < karsten> Hrm... < LesRichardson> Well, maybe I've said it too strongly. ... Too much coffee. (grin) < karsten> I'm currently volunteering at a high school. < karsten> The teacher of the class I'm helping in runs a local paper's [mostly Microsoft] computer column. < karsten> ...then he starts with a series of columns praising Firefox to the heavens, and mentions getting started with Linux. < karsten> I dropped him a line at that point, he mentioned getting a lab set up at school, I offered to help. < karsten> He's acting like a kid realizing all the stuff he can do with Linux. I'm having to rein him in a bit, mostly on security and district relations type stuff. < euclid-ibook> this far I've just lurked on the list. I'm a SysAdmin at Ohio University and have been leading the Open Source movement there. Planning on starting a PhD in Instructional Technology/Design in the fall < LesRichardson> I'm a high school teacher. I've written Open Admin for Schools and Online Gradebook. I''ve used Linux and other tools for a LONG time. (grin). Started on C64 in '85, and something on keycards in '73 - Some discussion of distros, particularly what's being used in China: < karsten> I've used several other major distros: TurboLinux, Mandrake, SuSE. Debian (or Debian-based) wins for me. < wen2> Ubuntu is better in Desktop but when i use Linux as the school server i would like select Debian < karsten> Sure. You're planning to stick with stable? < wen2> To Chinese , the chinese display and chinese input is most important < karsten> I would imagine that's the case ;-) < karsten> Are you familiar with Red Flag Linux? < wen2> since security is not very important to me , i use Sarge < karsten> The advantage of testing/unstable is you get newer stuff. The downside is it breaks sometimes. If you go with stable, you've got a _really_ stable system, not much state change. Which can be nice. < wen2> i used RedFlag Linux 3 years ago ,but it's server version is still very expensive to most schools < wen2> RedFlag is a private corporation but is supported greatly by our goverment < wen2> Thiz GNU/Linux is the production of HongKong, few people in China mainland know it < LesRichardson> Well, I'm a slackware man, but Linux is Linux in my opinion. I normally install from source. < LesRichardson> But my servers are simple: build hardened kernel, install important apps (database, web server, etc.) < LesRichardson> In education area: I use it for firewalls (Leaf distro), proxy caching (Squid), email (qmail, vpopmail, imap, < LesRichardson> I've done this since about 1995. Then of course there are the languages, and all the other 'educationally rich' things in Linux. Much better than the 'pedagogically challenged' box containing Windows XP/MS Office stuff divisions like to install and think that they have something. - School adoption of GNU/Linux... and factors thereunto pertaining: < wen2> Few Chinese schools adopt Linux now, how about your country? < karsten> It's limited, but the market seems to be opening up. < wen2> limited? who limit the school adopt Linux? < karsten> I've been working with a local high school that's got a Linux lab set up. Discovered thay had a linux box running as a proxy server (sort of -- packaged solution, somewhat broken), for a few years. < karsten> It's mostly a lack of familiarity and trust. < karsten> The schools have been using Windows and Macs for years, but little Unix-type stuff. Some exceptions. < karsten> They're starting to open up to it, though this really varies by specific district, according to local talent and how much pain Windows has caused (viruses, security, spyware/adware, general maintenance). - Kids intervene ... < wen2> sorry my son is crying < karsten> No problem, tend to the children ;-) - Tools we use ... < LesRichardson> What other tools do we have: Gimp, (very important), Open Office, and then lots of little stuff. Then I write admin software for fun. - Interesting discussion of 'unattended', a GNU/Linux-based unattended install utility -- for installing/restoring legacy MS Windows systems ;-) < euclid-ibook> I'm really interested in the Community of Practice concept < euclid-ibook> LesRichardson: I'm basing the windows install on the project at unattended.sourceforge.net < euclid-ibook> I've been using that for all of my windows machines for the last year or two < LesRichardson> Thanks. I'll take a look. Our management tools are Ghost/DeepFreeze currently. < euclid-ibook> I was just going to graft that into a PXE boot environment such that computers could be configured through a webpage, rebooted, and they'll reinstall the OS and Apps without interaction < LesRichardson> How does one resolve the SID issues? < euclid-ibook> the test is to see if the teachers will still wait for tech support to arrive, or if they'd be willing to click "reinstall" and reboot on their way home for the evening < euclid-ibook> unattended doesn't create images, it uses the unattend.txt method of installing windows answer files, if you will < LesRichardson> We already do that. Kids have no problem with this... < euclid-ibook> so no SysPrep is necessary < LesRichardson> Ahhh.... how long does it take? Also, what about multiple partitions... I want linux, XP, and Win98 for example. < euclid-ibook> it can take a while...about 2 hours for a full OS/Office/other apps to load < euclid-ibook> it uses a linux bootdisk, and gives you good control via parted for partitioning < LesRichardson> Can we customize for different hardware configs and also differnt 'use specific' boxes? (ie. 4 video editing stations, etc.) < euclid-ibook> yeah, I store the configuration in a mysql database keyed off of MAC address < euclid-ibook> I do quite a bit of customizing on a per-machine basis < LesRichardson> Eu: Now that is very cool. Elegant. < LesRichardson> Is this all on the sourceforge site? < euclid-ibook> mostly, yeah < euclid-ibook> hardest part is getting all the applications to install silently < LesRichardson> What do you do to lock down against numbskulls? < euclid-ibook> you mean the OS itself? < LesRichardson> We used to use regdump before Deepfreeze to lock certain aspects by following policyt editor registry key changes. < LesRichardson> Eu: Yes, the O/S. < euclid-ibook> I don't bother. I consider them throw-away machines < LesRichardson> Just reinstall. < euclid-ibook> someone screws it up, it takes 5 seconds for me to start a reinstall < euclid-ibook> I just have to say yes twice that I want to partition and format the drive, then I walk away < karsten> euclid-ibook: My read is that this is installing Windows _under_ a Linux session, correct < karsten> euclid-ibook: s/correct/&?/ < euclid-ibook> close...it boots into linux, prepares the disk, then fires off dosemu to launch the 16-bit windows installer < karsten> OMFG. That's rich. - Security issues < karsten> So ... do you deal with 'Doze security issues at all? < karsten> Or are you more on the theory side of things at this point? < euclid-ibook> just the day to day stuff I run about 200 lab/faculty/student machines keep it patched and that's about all I do if it gets infected, it gets reinstalled < karsten> Context: I'm helping introduce Linux to a school & district. I've got ~8 years' experience, am pretty good with my stuff. < karsten> The campus LAN admin's open to our doing stuff, but doesn't want anything to break. Understandably. Her question being "Does putting Linux on the network increase risk to my systems in any way?". < euclid-ibook> yep, I can understand that < karsten> Part of my response is based on understanding what the _current_ security model & environment are. < euclid-ibook> as long as you don't hand out root, I'd say the answer is no < karsten> root _is_ currently handed out on some systems, as they are meant to be teaching boxes. Though there are a couple of servers which are more restricted. < karsten> My feeling is this: there are tools on Linux, there are scripting capabilities, there are schedulers, which allow a richer, more varied, and more persistant class of attacks. However, a secured system _still_ shouldn't be bothered by these. < karsten> The student environment in the Windows world is domain logins, very little write access to the local drive (exceptions for software which requires same, so specific directories _are_ writeable). No "installing" software. But users can copy EXEs to shares, and run them. There's AV on the desktops, but no spyware/malware detection/removal AFAIU. Seems to me that if an exploit is coded to run on 'Doze, they're just as vulnerable now, absent ability to script things at off hours. < euclid-ibook> exactly < karsten> Oh yeah, that's the other new security twist: there's a Cygwin LiveCD out now. Run from CD, no install required. XLiveCD: Cygwin and X For Windows On A Live CD http://xlivecd.indiana.edu/ < euclid-ibook> interesting < karsten> All of a sudden, all the 'Nix utils are available without even requiring a reboot. < karsten> Again looking at the security perspective. < karsten> The _real_ answer I'd like to give is: any network security model which is dependent on not having hostile or capable systems on the network is inherently flawed. < euclid-ibook> yep. security is almost moot if they have physical access to the machine < karsten> I'd like to shoot for something more politic than that. < karsten> Not even to "the machine", but to "the network". < euclid-ibook> agreed < karsten> I _would_ argue for seperating admin and student nets, to the extent possible. Difficult when teachers have to interface with grading systems, etc. < euclid-ibook> yeah, that's understandable < karsten> The neat bit is that you get the X server. For that alone it's worth the price. Catch y'all next time. Peace. -- Karsten M. Self <kmself@xxxxxxxxxxxxx> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? You mean you were meant to hijack my truck, make me crash it, and have every security man in town looking for me? - "Brazil"
Description: Digital signature