on Wed, Apr 20, 2005 at 09:02:03PM -0700, Karsten M. Self (kmself@xxxxxxxxxxxxx) wrote:
> It's that time of the month again -- Schoolforge's April IRC meeting.
> Meetings are on the 22nd of each month at 4:30 UTC and 16:30 UTC. That's
> 2 days from today.
>
> Where: irc.freenode.net #schoolforge
> When: April 22, 04:30 and 16:30 UTC (local times below)
> What: topic is whatever strikes your fancy.
> Who: You!
> How: If you haven't used IRC before, clients include:
> Chatzilla (Mozilla), XChat (Linux, Windows), irssi
> (Linux), MIRC (Windows). There's more general
> information at
> http://www.infoanarchy.org/wiki/index.php/Using_IRC
For the 0430 UTC meeting (the 1630 is in about an hour), short summary
(lightly edited):
- Present were myself (CA, USA), euclid (OH, USA), wen2 (CN), and
LesRichardson (SK, CA).
- Basic introductions.
< wen2> i am a teacher of geography
< wen2> i have used GNU/Linux for several years
< karsten> OK. What distro(s)?
< wen2> begin with Redhat now change to Debian
< LesRichardson> I'm a teacher 9-12, but in a K-12 school.
< LesRichardson> This is a public school in Canada, where teachers
get paid.
< karsten> Heh.
< karsten> As opposed to public / unpaid?
< LesRichardson> As opposed to public schools in other countries
where teaching is not really a profession, but just a job on
the way to something else.
< karsten> Hrm...
< LesRichardson> Well, maybe I've said it too strongly. ... Too
much coffee. (grin)
< karsten> I'm currently volunteering at a high school.
< karsten> The teacher of the class I'm helping in runs a local
paper's [mostly Microsoft] computer column.
< karsten> ...then he starts with a series of columns praising
Firefox to the heavens, and mentions getting started with Linux.
< karsten> I dropped him a line at that point, he mentioned getting
a lab set up at school, I offered to help.
< karsten> He's acting like a kid realizing all the stuff he can do
with Linux. I'm having to rein him in a bit, mostly on security
and district relations type stuff.
< euclid-ibook> this far I've just lurked on the list. I'm a
SysAdmin at Ohio University and have been leading the Open
Source movement there. Planning on starting a PhD in
Instructional Technology/Design in the fall
< LesRichardson> I'm a high school teacher. I've written Open Admin
for Schools and Online Gradebook. I''ve used Linux and other
tools for a LONG time. (grin). Started on C64 in '85, and
something on keycards in '73
- Some discussion of distros, particularly what's being used in China:
< karsten> I've used several other major distros: TurboLinux,
Mandrake, SuSE. Debian (or Debian-based) wins for me.
< wen2> Ubuntu is better in Desktop but when i use Linux as the
school server i would like select Debian
< karsten> Sure. You're planning to stick with stable?
< wen2> To Chinese , the chinese display and chinese input is most
important
< karsten> I would imagine that's the case ;-)
< karsten> Are you familiar with Red Flag Linux?
< wen2> since security is not very important to me , i use Sarge
< karsten> The advantage of testing/unstable is you get newer
stuff. The downside is it breaks sometimes. If you go with
stable, you've got a _really_ stable system, not much state
change. Which can be nice.
< wen2> i used RedFlag Linux 3 years ago ,but it's server
version is still very expensive to most schools
< wen2> RedFlag is a private corporation but is supported
greatly by our goverment
< wen2> Thiz GNU/Linux is the production of HongKong, few
people in China mainland know it
< LesRichardson> Well, I'm a slackware man, but Linux is Linux in
my opinion. I normally install from source.
< LesRichardson> But my servers are simple: build hardened kernel,
install important apps (database, web server, etc.)
< LesRichardson> In education area: I use it for firewalls (Leaf distro),
proxy caching (Squid), email (qmail, vpopmail, imap,
< LesRichardson> I've done this since about 1995. Then of course there
are the languages, and all the other 'educationally rich'
things in Linux. Much better than the 'pedagogically
challenged' box containing Windows XP/MS Office stuff divisions
like to install and think that they have something.
- School adoption of GNU/Linux... and factors thereunto pertaining:
< wen2> Few Chinese schools adopt Linux now, how about your country?
< karsten> It's limited, but the market seems to be opening up.
< wen2> limited? who limit the school adopt Linux?
< karsten> I've been working with a local high school that's
got a Linux lab set up. Discovered thay had a linux box running
as a proxy server (sort of -- packaged solution, somewhat
broken), for a few years.
< karsten> It's mostly a lack of familiarity and trust.
< karsten> The schools have been using Windows and Macs for years,
but little Unix-type stuff. Some exceptions.
< karsten> They're starting to open up to it, though this really varies
by specific district, according to local talent and how much
pain Windows has caused (viruses, security, spyware/adware,
general maintenance).
- Kids intervene ...
< wen2> sorry my son is crying
< karsten> No problem, tend to the children ;-)
- Tools we use ...
< LesRichardson> What other tools do we have: Gimp, (very
important), Open Office, and then lots of little stuff. Then
I write admin software for fun.
- Interesting discussion of 'unattended', a GNU/Linux-based
unattended install utility -- for installing/restoring legacy MS
Windows systems ;-)
< euclid-ibook> I'm really interested in the Community of Practice
concept
< euclid-ibook> LesRichardson: I'm basing the windows install on
the project at unattended.sourceforge.net
< euclid-ibook> I've been using that for all of my windows
machines for the last year or two
< LesRichardson> Thanks. I'll take a look. Our management tools
are Ghost/DeepFreeze currently.
< euclid-ibook> I was just going to graft that into a PXE boot
environment such that computers could be configured through
a webpage, rebooted, and they'll reinstall the OS and Apps
without interaction
< LesRichardson> How does one resolve the SID issues?
< euclid-ibook> the test is to see if the teachers will still wait
for tech support to arrive, or if they'd be willing to click
"reinstall" and reboot on their way home for the evening
< euclid-ibook> unattended doesn't create images, it uses the
unattend.txt method of installing windows answer files, if
you will < LesRichardson> We already do that. Kids have no
problem with this...
< euclid-ibook> so no SysPrep is necessary
< LesRichardson> Ahhh.... how long does it take? Also, what about
multiple partitions... I want linux, XP, and Win98 for example.
< euclid-ibook> it can take a while...about 2 hours for a full
OS/Office/other apps to load
< euclid-ibook> it uses a linux bootdisk, and gives you good
control via parted for partitioning
< LesRichardson> Can we customize for different hardware configs
and also differnt 'use specific' boxes? (ie. 4 video editing
stations, etc.)
< euclid-ibook> yeah, I store the configuration in a mysql
database keyed off of MAC address
< euclid-ibook> I do quite a bit of customizing on a per-machine basis
< LesRichardson> Eu: Now that is very cool. Elegant.
< LesRichardson> Is this all on the sourceforge site?
< euclid-ibook> mostly, yeah
< euclid-ibook> hardest part is getting all the applications to
install silently
< LesRichardson> What do you do to lock down against numbskulls?
< euclid-ibook> you mean the OS itself?
< LesRichardson> We used to use regdump before Deepfreeze to lock
certain aspects by following policyt editor registry key
changes. < LesRichardson> Eu: Yes, the O/S.
< euclid-ibook> I don't bother. I consider them throw-away machines
< LesRichardson> Just reinstall.
< euclid-ibook> someone screws it up, it takes 5 seconds for me to
start a reinstall
< euclid-ibook> I just have to say yes twice that I want to
partition and format the drive, then I walk away
< karsten> euclid-ibook: My read is that this is installing
Windows _under_ a Linux session, correct
< karsten> euclid-ibook: s/correct/&?/
< euclid-ibook> close...it boots into linux, prepares the disk,
then fires off dosemu to launch the 16-bit windows installer
< karsten> OMFG. That's rich.
- Security issues
< karsten> So ... do you deal with 'Doze security issues at all?
< karsten> Or are you more on the theory side of things at this point?
< euclid-ibook> just the day to day stuff I run about 200
lab/faculty/student machines keep it patched and that's
about all I do if it gets infected, it gets reinstalled
< karsten> Context: I'm helping introduce Linux to a school &
district. I've got ~8 years' experience, am pretty good
with my stuff.
< karsten> The campus LAN admin's open to our doing stuff, but
doesn't want anything to break. Understandably. Her
question being "Does putting Linux on the network increase
risk to my systems in any way?".
< euclid-ibook> yep, I can understand that
< karsten> Part of my response is based on understanding what the
_current_ security model & environment are.
< euclid-ibook> as long as you don't hand out root, I'd say the
answer is no
< karsten> root _is_ currently handed out on some systems, as they
are meant to be teaching boxes. Though there are a couple
of servers which are more restricted.
< karsten> My feeling is this: there are tools on Linux, there
are scripting capabilities, there are schedulers, which allow a
richer, more varied, and more persistant class of attacks.
However, a secured system _still_ shouldn't be bothered by
these.
< karsten> The student environment in the Windows world is domain
logins, very little write access to the local drive
(exceptions for software which requires same, so specific
directories _are_ writeable). No "installing" software.
But users can copy EXEs to shares, and run them. There's AV
on the desktops, but no spyware/malware detection/removal
AFAIU. Seems to me that if an exploit is coded to run on
'Doze, they're just as vulnerable now, absent ability to
script things at off hours.
< euclid-ibook> exactly
< karsten> Oh yeah, that's the other new security twist: there's
a Cygwin LiveCD out now. Run from CD, no install required.
XLiveCD: Cygwin and X For Windows On A Live CD
http://xlivecd.indiana.edu/
< euclid-ibook> interesting
< karsten> All of a sudden, all the 'Nix utils are available
without even requiring a reboot.
< karsten> Again looking at the security perspective.
< karsten> The _real_ answer I'd like to give is: any network
security model which is dependent on not having hostile or
capable systems on the network is inherently flawed.
< euclid-ibook> yep. security is almost moot if they have physical
access to the machine
< karsten> I'd like to shoot for something more politic than that.
< karsten> Not even to "the machine", but to "the network".
< euclid-ibook> agreed
< karsten> I _would_ argue for seperating admin and student nets,
to the extent possible. Difficult when teachers have to
interface with grading systems, etc.
< euclid-ibook> yeah, that's understandable
< karsten> The neat bit is that you get the X server. For that
alone it's worth the price.
Catch y'all next time.
Peace.
--
Karsten M. Self <kmself@xxxxxxxxxxxxx> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
You mean you were meant to hijack my truck, make me crash it, and
have every security man in town looking for me?
- "Brazil"
Attachment:
signature.asc
Description: Digital signature