|
jim@xxxxxxxx, > i'd like to know the names at least a few of the > mischief causing apps as well as what makes > them mischief causing ('specially the "what > makes" part so's to understand the criteria). One of the "what makes" mischief definitions could be any application that violates an institution's acceptable use policy (AUP). Since many AUPs forbid the use of sniffers, any distribution with Ethereal/Wireshark could be considered in violation. I further suspect that many AUPs would also forbid pen testing tools such as Metasploit. And our "no support" group is pretty down on password policy auditing/hacking tools such as John the Ripper, Cain and Abel, and similar tools... And I wouldn't even want to talk to them about ARP poisoning tools such as Ettercap. Many security tools can be considered dual purpose tools. That is, in the hands of a skilled user, they can be used to minimize vulnerabilities. In the hands of an unethical/unsophisticated user they can be used to discover and exploit vulnerabilities. They could also produce an intended, or unintended, DoS attack. So, another way to define "what makes" mischief could be the intention of the user. Best of luck, Uno > From: jim@xxxxxxxx > Subject: Re: [school-discuss] Philosophy: Teachers with Admin Privileges or Not > Date: Mon, 22 Oct 2007 08:38:03 -0700 > To: schoolforge-discuss@xxxxxxxxxxxxxxx > > > i'd like to know the names at least a few of the > mischief causing apps as well as what makes > them mischief causing ('specially the "what > makes" part so's to understand the criteria). > > On Oct 21, 2007, at 9:43 PM, "" <marilyn@xxxxxxxxxxxxxxxxxx> wrote: > > > Hi there! > > > > Have I reinstalled an OS after trying out new software? Not recently, > > but sure > > . . . lots of times. (I started using Linux in 1998.) However, I > > have never > > had to reinstall on the classroom computers because I tested it > > elsewhere > > first. Actually my teacher computer has usually been my testing > > station. > > > > In my lab, the kids have their own accounts on their assigned > > computers. They > > can modify their desktops all they want (Ubuntu-Studio), but cannot > > install > > anything. Since they cannot modify desktops in other classrooms, they > > really > > seem happy with that. > > > > Since I have your attention, I am going to make a suggestion. This is > > the > > system that I think would make both teachers and system administrators > > the > > happiest. :) > > > > I think all student stations should be run with live CD/DVDs or other > > bootable > > media. Data should be saved on flash drives or whatever (network > > storage would > > be OK too). I think that student stations should not have OSs > > installed on > > them at all. > > > > There should be numerous choices of live CDS. They should be topical > > according > > to subject area. They should include every possible relevant > > available Open > > Source Software Package. They should already be setup to see the > > available > > printers or network account directories. They should not include any > > system > > administration type software that could cause mischief anywhere. > > > > So . . . a writing teacher comes into the computer lab. Her students > > pop in > > the > > writing CD that includes the OpenOffice Suite, KOffice, AbiWord, LyX, > > Gnumeric, > > Scribus, the Gimp, Firefox . . . etc. . . . whatever software could be > > relevant. > > > > The science teacher comes in the lab and the students use a CD/DVD > > with all of > > the science packages, LyX, Firefox, OpenOffice . . . > > > > Elementary teachers use . . . . whatever . . . > > > > If teachers would have access to all of the OSS available in this > > manner - they > > would be yippy skippy happy. Teachers love choice!! Students could > > modify > > their desktops and save those settings plus their browser preferences > > on their > > flash drives. How easy would it be on the tech people if they only > > needed to > > maintain hardware?? > > > > Teacher computers would probably need to have an OS on the hard drive > > I think. > > > > One of the main reasons I did not go with live CDs this year is that > > they all > > have too many mischief causing applications on them and I do not have > > the time > > and/or expertise to make my own. > > > > Could there be some sort of signature that the educational live media > > would > > have > > on them so they would be allowed and other bootables would not be > > allowed? > > > > It is almost midnight and I still have to finish my lesson plans. > > Gotta go. > > > > The thin client thing is cool . . . but I would like this system > > better. > > > > Enjoy your week!! > > > > Marilyn > > > > > > > > Quoting "James P. Kinney III" <jkinney@xxxxxxxxxxxxxxxxxxxxx>: > > > >> > >> OK. Now that I'm back at my email I see Daniel has been busy :) > >> > >> I am the architect of the Atlanta Public Schools 7 school Linux Thin > >> client Pilot project. Daniel and I bounce ideas back and forth off > >> each > >> other always looking for new ways to make things better. > >> > >> On Sun, 2007-10-21 at 20:09 -0400, Daniel Howard wrote: > >>> marilyn@xxxxxxxxxxxxxxxxxx wrote: > >>>> Daniel, > >>>> > >>>> I am maybe not quite your intended audience, but I am a teacher so > >>>> . . . > >> . > >>>> I would have to get a new job if I could not have admin privileges. > >> However, I > >>>> do not need anything other than privileges for my own classroom. > >>>> I have to be able to install whatever I want. I am always trying > >>>> new > >> things. > >>>> The perfect world would let you give the appropriate privileges to > >> individual > >>>> teachers. > >>>> > >>> > >>> Actually Marilyn you're exactly the intended audience, I was hoping > >>> to > >>> hear from both teachers and admin folk. > >> > >> Actually, Marilyn is a very atypical teacher. She is very hand-on with > >> the computer systems and constantly stretching her sysadmin skills to > >> augment her teaching. She is in maybe a 1% grouping. Probably an even > >> smaller subset of teachers than 1%. > >> > >>> A priori, I figured admin types > >>> would be loathe to allow teachers to install their own FOSS titles, > >>> whereas I know that our teachers feel completely insulted that the > >>> district won't even allow them to install their own printers, the > >>> result > >>> of which is that about 1/3 of our teachers cannot print from their > >>> teacher's PCs to new printers they purchased with their own classroom > >>> funds. > >> > >> As an admin, I am partially loathe to allow non-admin types to install > >> software that has not been tested and found suitable for the specific > >> systems in use. There is a delineation that does NOT happen in > >> schools: > >> the concept of test systems and production systems is well understood > >> in > >> corporate circles and a mostly foreign concept in edu. I suspect this > >> is > >> due to funding issues (can't have a test server where there is no > >> money > >> to buy one). > >> > >> As it is entirely possible to install an application in a users > >> personal > >> account space and run it from there with no admin privileges required, > >> it requires a bit more skills that "insert disk, wave a product key at > >> the screen, press new buttons on new application". > >> > >> There is a disconnect between admin and teachers and in my > >> professional, > >> sysadmin viewpoint (and also as someone who comes from a 9 year > >> teaching > >> background) there should continue to be a separation between teachers > >> and admins. > >> > >> Here's why: It all boils down to authority and responsibility. It is > >> the > >> responsibility of the admins to provide an computing environment to > >> the > >> teachers. As such, only the admin should have the authority to make > >> system-wide changes to the environment. I'm sure any teacher would be > >> loathe to have an admin walk into class and begin teaching students a > >> topic not scheduled for that day (or grade, or whatever). > >> > >> As for the situation Daniel refers to about lack of print drivers, > >> this > >> is a special case scenario. The printers are not provided by the > >> school > >> but by the parents/PTA. Since the teacher are currently still stuck > >> using legacy operating systems, and every system security protocol > >> says > >> don't allow normal users to run with administrator privileges in > >> windows, the teachers can't add a printer because the permissions > >> prevent them from doing for their own good and for the overall health > >> of > >> the school network. > >> > >> It is also peculiar to this school system that communications are > >> stymied such that the group with the responsibility and authority to > >> add > >> the printers has not been given the approval to do so. This is mostly > >> because of politics, I'm sure - why should the school fund this effort > >> since it wasn't their idea (I'm extrapolating based on other > >> experiences > >> here). > >> > >>> Further, several of my teachers that have classroom K12LTSP > >>> servers are already asking about how they can install new software, > >>> but > >>> want training on how to do it. > >> > >> As long as the software is not something they just went out and bought > >> from the store - which means is likely not compatible in the Linux > >> environment they use - they should be able, if they know how, to test > >> the software within their own account. Further, if there was an actual > >> Linux sysadmin within the school system, it would be a simple task to > >> install a new application for every one to use. > >> > >> But there is no sysadmin with the proper credentials thus it can't > >> happen. > >> > >>> I agree completely that a teacher should > >>> only have privileges on her own classroom computers, should not be > >>> able > >>> to affect the network, and perhaps even modify the privileges > >>> depending > >>> on the skill of the teacher. Or have a backup system in place that > >>> any > >>> teacher can use on her classroom PCs. Marilyn, have you ever had to > >>> reinstall the operating system after trying to install a FOSS title? > >>> I'm thinking if we can backup the disk drive prior to turning them > >>> loose, it will make it much easier to recover from any errors that > >>> occur. > >> > >> Careful! Re-installation is the windows way! Linux sysadmins can > >> uninstall applications gracefully. A few may require some finesse but > >> most are simple to remove if they are a problem. > >> > >>> > >>> BTW, I applaud your efforts to constantly try new software without > >>> concern for cost or licensing. To me, this is the true power of > >>> FOSS. > >> > >> Hear, hear!! This is really a place where FOSS has much the upper > >> hand. > >> Sure you can try out a legacy-licensed application but most often not > >> without some cash outlay or a crippled version. With FOSS, it's the > >> full-blown package in a full environment under live use. > >> > >> But use a test box first :) This is also where FOSS shines. In most > >> cases nearly any old machine can be used as a test box so the heavy > >> lifting production machines only get tinkered with by the people who > >> are > >> _supposed_ to know how to clean their mess :) > >>> > >>> Daniel > >>> > >> -- > >> James P. Kinney III > >> CEO & Director of Engineering > >> Local Net Solutions,LLC > >> 770-493-8244 > >> http://www.localnetsolutions.com > >> > >> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics) > >> <jkinney@xxxxxxxxxxxxxxxxxxxxx> > >> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 > >> > > > > > > > Boo! Scare away worms, viruses and so much more! Try Windows Live OneCare! Try now! |