Hi, On Wed, 29 Nov 2006, Knut Yrvin wrote:
> So to sum it up Mattias: > - You are recommending tools that is not maintained. Is that wise on > solutions with 5-10 years life span? > - You are recommending technical complex solution that could be to hard > to implement for an average computer operator at municipality level. > Does this help when convincing municipalities to switch from > Windows to GNU/Linux? I would broadly agree with this. To be fair, I think Matthias was making suggestions for what might be possible, rather than suggesting what Edubuntu should do by default. That said, the systems I'm looking at must be runnable in my (extended) absense so I can't really use such complex systems, even if they turn out to be very beneficial. > Half thick clients (diskless) are also an important strategy. Today it's > difficult to get reused machines with less than 800 MHz processor. Then it's > possible to connect 150 half thick clients to the schools server. Diskless > PC's is better in handling movies, heavy flash animations etc. I've always liked the idea of diskless clients. I suggested it recently to a colleague who runs a thin client network at a University. They are required to buy all machines from Dell (due to University tendering arrangements) so have quite powerful thin clients. He explained that they couldn't use diskless clients for security reasons. The problem had not occurred to me before, so I wonder has anyone else thought about it. In order to use diskless clients you traditionally share out the home dirs (as well as system stuff) using nfs. This is basically unauthenticated and it's left up to the client machine to enforce permissions on users. The home dirs must be shared writable. This means that a malicious person could potentially plug in a laptop and mount the nfs share with full access to everyone's home dirs. This is a bit of a worry. I believe it is possible to authenticate nfs requests but does anyone actually do this? It's probably possible to restrict access based on ip addresses or some such, but this is not very effective. Another solution to this might be to use samba instead of nfs for the sharing as CIFS stuff uses such authentication straight away -- but that sounds like quite a substantial change. If distros are planning on recommending diskless clients, I think the above should probably be addressed first or at least flagged as an issue to admins. Perhaps it already has been? Gavin -- edubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
