[6178] in Release_7.7_team
Re: Apropos Kiosk Mode for Athena 10.
daemon@ATHENA.MIT.EDU (Jonathan Reed)
Thu Jan 22 13:27:45 2009
Cc: Evan Broder <broder@mit.edu>, William Cattey <wdc@mit.edu>,
release-team@mit.edu
Message-Id: <0B042700-E62B-4911-8D5C-268034515C52@mit.edu>
From: Jonathan Reed <jdreed@MIT.EDU>
To: Mitchell E Berger <mitchb@mit.edu>
In-Reply-To: <200901221743.n0MHhsIa009917@byte-me.mit.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Thu, 22 Jan 2009 13:27:02 -0500
X-Spam-Flag: NO
X-Spam-Score: 0.00
> Once this feature becomes available, I
> think we're going to accumulate more and more people who find out
> that they can use the machines to check their mail. I think we'll
> start having non-MIT people tailgate into clusters and/or ask for
> and receive the combo (this creates an unsafe environment for MIT
> community members).
This is a separate problem. People can currently do this anyway, and
while there's no free web browsing, if someone wanted to harass an MIT
community member, they could easily tailgate into a cluster now. They
can also get into the libraries without being challenged, unless they
look like they really don't belong.
> And I think the quickstations will become
> increasingly unavailable to Athena account holders during the day
> as the public is using them.
Point. I'm going to attempt to contact the IT folks at other local
schools which have publicly accessible web-browsing-enabled machines
in public areas and see what their experiences have been. On my list
is Harvard, Lesley, and Tufts. Other suggestions are welcome.
> One possible compromise is to make it configurable whether a machine
> allows unrestricted web access, and maybe except during special
> times of
> year like CPW, disallow it on the quickstations.
Actually, this is kind of a neat idea, assuming it's feasible (a flag
file in AFS?) The downside, I think, is that we'd get requests from
every DLC having a quasi-public event to turn it on, and that would be
annoying. But if we could pull it off and have it clearly stated that
anonymous browsing is only enabled during CPW, R/O, Commencement, and
Parents Weekend, that would be neat.
> It also may address what you do about personal workstations - if I
> had a private machine with Athena 10 installed, I certainly wouldn't
> want the world to be able to walk up to it and use it as an internet
> cafe. Maybe the answer is simply "private workstations shouldn't
> run Athena 10; they should run Debathena which won't do this"?
Whatever route we take will be part of the debathena-cluster
metapackage, which we don't expect end-users to install. debathena-
workstation is what traditional "private workstations" will use.
Now, if, say, some group wants to have their machine have the same
behavior, they can go install debathena-internet-cafe or whatever we
end up calling the package.
-Jon