[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[school-discuss] 0430 meeting recap (was Re: Reminder: Monthly IRC meeting on the 22nd]



on Wed, Apr 20, 2005 at 09:02:03PM -0700, Karsten M. Self (kmself@xxxxxxxxxxxxx) wrote:
> It's that time of the month again -- Schoolforge's April IRC meeting.
> Meetings are on the 22nd of each month at 4:30 UTC and 16:30 UTC.  That's
> 2 days from today.
> 
>    Where:  irc.freenode.net #schoolforge
>    When:   April 22, 04:30 and 16:30 UTC (local times below)
>    What:   topic is whatever strikes your fancy.
>    Who:    You!
>    How:    If you haven't used IRC before, clients include:
>            Chatzilla (Mozilla), XChat (Linux, Windows), irssi
>            (Linux), MIRC (Windows).  There's more general
>            information at
>            http://www.infoanarchy.org/wiki/index.php/Using_IRC

For the 0430 UTC meeting (the 1630 is in about an hour), short summary
(lightly edited):

  - Present were myself (CA, USA), euclid (OH, USA), wen2 (CN), and
    LesRichardson (SK, CA).

  - Basic introductions.

     < wen2> i am a teacher of geography 
     < wen2> i have used GNU/Linux for several years
     < karsten> OK.  What distro(s)?
     < wen2> begin with Redhat now change to Debian 
     < LesRichardson> I'm a teacher 9-12, but in a K-12 school.
     < LesRichardson> This is a public school in Canada, where teachers
         get paid.
     < karsten> Heh.
     < karsten> As opposed to public / unpaid?
     < LesRichardson> As opposed to public schools in other countries
         where teaching is not really a profession, but just a job on
         the way to something else.
     < karsten> Hrm...
     < LesRichardson> Well, maybe I've said it too strongly. ... Too
         much coffee. (grin)
     < karsten> I'm currently volunteering at a high school.
     < karsten> The teacher of the class I'm helping in runs a local
         paper's [mostly Microsoft] computer column.  
     < karsten> ...then he starts with a series of columns praising
         Firefox to the heavens, and mentions getting started with Linux.
     < karsten> I dropped him a line at that point, he mentioned getting
         a lab set up at school, I offered to help.
     < karsten> He's acting like a kid realizing all the stuff he can do
         with Linux.  I'm having to rein him in a bit, mostly on security
         and district relations type stuff.
     < euclid-ibook> this far I've just lurked on the list. I'm a
         SysAdmin at Ohio University and have been leading the Open
         Source movement there. Planning on starting a PhD in
         Instructional Technology/Design in the fall
     < LesRichardson> I'm a high school teacher. I've written Open Admin
         for Schools and Online Gradebook. I''ve used Linux and other
         tools for a LONG time. (grin). Started on C64 in '85, and
         something on keycards in '73


  - Some discussion of distros, particularly what's being used in China:

     < karsten> I've used several other major distros:  TurboLinux,
         Mandrake, SuSE.  Debian (or Debian-based) wins for me.
     < wen2> Ubuntu is better in Desktop but when i use Linux as the
         school server i would like select Debian
     < karsten> Sure.  You're planning to stick with stable?
     < wen2> To Chinese , the chinese display and chinese input is most
         important
     < karsten> I would imagine that's the case ;-)
     < karsten> Are you familiar with Red Flag Linux?
     < wen2> since security is not very important to me , i use Sarge
     < karsten> The advantage of testing/unstable is you get newer
         stuff.  The downside is it breaks sometimes.  If you go with
         stable, you've got a _really_ stable system, not much state
         change.  Which can be nice.
     < wen2> i used RedFlag Linux 3 years ago ,but it's server
         version is still very expensive to most schools  
     < wen2> RedFlag is a private corporation but is supported
         greatly by our goverment
     < wen2> Thiz GNU/Linux is the production of HongKong, few
         people in China mainland know it
     < LesRichardson> Well, I'm a slackware man, but Linux is Linux in
         my opinion. I normally install from source.
     < LesRichardson> But my servers are simple: build hardened kernel, 
         install important apps (database, web server, etc.)
     < LesRichardson> In education area: I use it for firewalls (Leaf distro), 
         proxy caching (Squid), email (qmail, vpopmail, imap, 
     < LesRichardson> I've done this since about 1995. Then of course there 
         are the languages, and all the other 'educationally rich'
         things in Linux. Much better than the 'pedagogically
         challenged' box containing Windows XP/MS Office stuff divisions
         like to install and think that they have something.


  - School adoption of GNU/Linux... and factors thereunto pertaining:

     < wen2> Few Chinese schools adopt Linux now, how about your country?
     < karsten> It's limited, but the market seems to be opening up.
     < wen2> limited? who limit the school adopt Linux?
     < karsten> I've been working with a local high school that's
        got a Linux lab set up.  Discovered thay had a linux box running
        as a proxy server (sort of -- packaged solution, somewhat
        broken), for a few years.
     < karsten> It's mostly a lack of familiarity and trust.
     < karsten> The schools have been using Windows and Macs for years,
        but little Unix-type stuff.  Some exceptions.
     < karsten> They're starting to open up to it, though this really varies 
        by specific district, according to local talent and how much
        pain Windows has caused (viruses, security, spyware/adware,
        general maintenance).

   - Kids intervene ...

     < wen2> sorry my son is crying
     < karsten> No problem, tend to the children ;-)

   - Tools we use ...

     < LesRichardson> What other tools do we have:  Gimp, (very
         important), Open Office,  and then lots of little stuff. Then
         I write admin software for fun.

   - Interesting discussion of 'unattended', a GNU/Linux-based
     unattended install utility -- for installing/restoring legacy MS
     Windows systems ;-)

      < euclid-ibook> I'm really interested in the Community of Practice
            concept
      < euclid-ibook> LesRichardson: I'm basing the windows install on
            the project at unattended.sourceforge.net
      < euclid-ibook> I've been using that for all of my windows
            machines for the last year or two
      < LesRichardson> Thanks. I'll take a look. Our management tools
            are Ghost/DeepFreeze currently.
      < euclid-ibook> I was just going to graft that into a PXE boot
            environment such that computers could be configured through
            a webpage, rebooted, and they'll reinstall the OS and Apps
            without interaction
      < LesRichardson> How does one resolve the SID issues?
      < euclid-ibook> the test is to see if the teachers will still wait
            for tech support to arrive, or if they'd be willing to click
            "reinstall" and reboot on their way home for the evening
      < euclid-ibook> unattended doesn't create images, it uses the
            unattend.txt method of installing windows answer files, if
            you will < LesRichardson> We already do that. Kids have no
            problem with this...
      < euclid-ibook> so no SysPrep is necessary
      < LesRichardson> Ahhh.... how long does it take?  Also, what about
            multiple partitions... I want linux, XP, and Win98 for example.
      < euclid-ibook> it can take a while...about 2 hours for a full
            OS/Office/other apps to load
      < euclid-ibook> it uses a linux bootdisk, and gives you good
            control via parted for partitioning
      < LesRichardson> Can we customize for different hardware configs
            and also differnt 'use specific' boxes? (ie. 4 video editing
            stations, etc.)
      < euclid-ibook> yeah, I store the configuration in a mysql
            database keyed off of MAC address
      < euclid-ibook> I do quite a bit of customizing on a per-machine basis
      < LesRichardson> Eu: Now that is very cool. Elegant.
      < LesRichardson> Is this all on the sourceforge site?
      < euclid-ibook> mostly, yeah
      < euclid-ibook> hardest part is getting all the applications to
            install silently 
      < LesRichardson> What do you do to lock down against numbskulls?
      < euclid-ibook> you mean the OS itself?
      < LesRichardson> We used to use regdump  before Deepfreeze to lock
            certain aspects by following policyt editor registry key
            changes.  < LesRichardson> Eu: Yes, the O/S.
      < euclid-ibook> I don't bother.  I consider them throw-away machines
      < LesRichardson> Just reinstall.
      < euclid-ibook> someone screws it up, it takes 5 seconds for me to
            start a reinstall
      < euclid-ibook> I just have to say yes twice that I want to
            partition and format the drive, then I walk away
      < karsten> euclid-ibook: My read is that this is installing
            Windows _under_ a Linux session, correct
      < karsten> euclid-ibook: s/correct/&?/
      < euclid-ibook> close...it boots into linux, prepares the disk,
            then fires off dosemu to launch the 16-bit windows installer 
      < karsten> OMFG.  That's rich.


  - Security issues

      < karsten> So ...  do you deal with 'Doze security issues at all?
      < karsten> Or are you more on the theory side of things at this point?
      < euclid-ibook> just the day to day stuff I run about 200
            lab/faculty/student machines keep it patched and that's
            about all I do if it gets infected, it gets reinstalled
      < karsten> Context:  I'm helping introduce Linux to a school &
            district.  I've got ~8 years' experience, am pretty good
            with my stuff.
      < karsten> The campus LAN admin's open to our doing stuff, but
            doesn't want anything to break.  Understandably.  Her
            question being "Does putting Linux on the network increase
            risk to my systems in any way?".
      < euclid-ibook> yep, I can understand that
      < karsten> Part of my response is based on understanding what the
            _current_ security model & environment are.
      < euclid-ibook> as long as you don't hand out root, I'd say the
            answer is no
      < karsten> root _is_ currently handed out on some systems, as they
            are meant to be teaching boxes.  Though there are a couple
            of servers which are more restricted.
      < karsten> My feeling is this:  there are tools on Linux, there
            are scripting capabilities, there are schedulers, which allow a
            richer, more varied, and more persistant class of attacks.
            However, a secured system _still_ shouldn't be bothered by
            these.
      < karsten> The student environment in the Windows world is domain
            logins, very little write access to the local drive
            (exceptions for software which requires same, so specific
            directories _are_ writeable).  No "installing" software.
            But users can copy EXEs to shares, and run them.  There's AV
            on the desktops, but no spyware/malware detection/removal
            AFAIU.  Seems to me that if an exploit is coded to run on
            'Doze, they're just as vulnerable now, absent ability to
            script things at off hours.
      < euclid-ibook> exactly
      < karsten> Oh yeah, that's the other new security twist:  there's
            a Cygwin LiveCD out now.  Run from CD, no install required.
            XLiveCD: Cygwin and X For Windows On A Live CD
            http://xlivecd.indiana.edu/
      < euclid-ibook> interesting
      < karsten> All of a sudden, all the 'Nix utils are available
            without even requiring a reboot.
      < karsten> Again looking at the security perspective.
      < karsten> The _real_ answer I'd like to give is:  any network
            security model which is dependent on not having hostile or
            capable systems on the network is inherently flawed.
      < euclid-ibook> yep. security is almost moot if they have physical
            access to the machine
      < karsten> I'd like to shoot for something more politic than that.
      < karsten> Not even to "the machine", but to "the network".
      < euclid-ibook> agreed
      < karsten> I _would_ argue for seperating admin and student nets,
            to the extent possible.  Difficult when teachers have to
            interface with grading systems, etc.
      < euclid-ibook> yeah, that's understandable
      < karsten> The neat bit is that you get the X server.  For that
            alone it's worth the price.


Catch y'all next time.


Peace.

-- 
Karsten M. Self <kmself@xxxxxxxxxxxxx>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    You mean you were meant to hijack my truck, make me crash it, and
    have every security man in town looking for me?
    - "Brazil"

Attachment: signature.asc
Description: Digital signature