Slashdot Mirror
On the Problems with Laptops in School?
resistor2004 asks: "My school has recently implemented a program of issuing laptops to all students from 7th grade through highschool seniors, and providing a massive 802.11b network across the campus. As you can imagine, it's a serious nightmare for the IT department. Apart from the usual run of broken laptops we have had a major problem with students usign email during class. Is there any effective way to allow the teacher to monitor the student's activity from his/her own laptop? Some of our teachers have come up with creative methods like installing mirrors in the back of the classroom so that they can see the students' screens, but a method that could be performed on the laptop would be even better." Might VNC be a potential solution to this problem. I would think that with a few creative scripts, and a working VNC client, a teacher can pop up a window to see what students are doing on their school-provided computers. Can you think of other ways teachers may be able to monitor students laptop use in-class to insure that they are at least not horsing around when they should be learning?
VNC is a good one, as mentioned, but it's not exactly an automated solution. Since these are school-provided computers, you could also have a client/service/component/whaddeva on the machine that, when prodded remotely, enumerates the running processes/windows and matches them against a list of what's being looked for (eg, email, webbrowsing, solitaire, etc.) and returns any offenders.
Of course, anything that's done this way can be gotten around with enough time and effort (a reformat is simple, but the lack of the client/service/component/whaddeva would be suspicious), but that's the risk you take when you give laptops to people who might use 'em.
Server-centric, but why not block access to the e-mail server for the student accounts during class hours?
I'm sure you could knock together a script that reads the timetable and determines where each student is meant to be.
~~~~~ BigLig2? You mean there's another one of me?
My old college, which my sister now attends has just started using an online registration system. Every classroom in the college has atleast one networked PC, and the tutors use an inhouse system to register the students in lessons. They also distribute messages through this system and can access a student's past records so that they can tell if the student is skipping one particular lesson deliberately.
;) ) that if the teachers had this kind of resource specifying where the students should be at any time, could that not be interfaced with the authentication system to deny students access to SMTP/web/whatever during times they should not be using those services? The teacher would be able to change the policies for their teaching groups on the fly, too, if the lesson requires web access etc...
The relevance of this is (finally
Obviously, with peer to peer networking these restraints could be avoided, but if you put reasonable restraints in place to stop most people, the ones who have the enthusiasm to learn to beat the system maybe deserve some extra freedom?
--
Andy
It seems to me, in a classroom, the last thing these kids need is another distraction. Yeah, technology is great and all, but come on. With the direction that the educational system in the US has been going, it seems like having kids staring at the blackboard is a better method. If you need a laptop for school, limit it to being used in study hall and interactive classes.
If it ain't a Model M, it's a piece of crap.
What's wrong with the non-technical solution (mirrors)? It doesn't have that "21st century appeal" but is there really anything wrong with it? Your IT department is already burdened with the chore of keeping all of this new crap working, so if teachers can solve this problem with mirrors, I say let them.
I like to play children's songs in minor keys.
"We're all sons of bitches now." --J. Robert Oppenheimer
I assume for ease of use for the common student, that these machines are running an M$ OS...easy solution, in that case. Microsoft SMS Server. It has a software inventory, and metering component, which can be setup to tell machines what they are and are not allowed to run. Simplely set that up tell the Machines they are not allowed to run various Email clients, such as outlook.exe ect...if the students try to get around it by renaming that will not work either because the system looks at internal names, not physical names. You could also use windows policy files to accomplish the same effect.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Not to belittle your problem, but you have the resources to issue laptops to all students 7-12 and a 802.11 network and you're complaining about it? Either you have a very small school, or a huge budget. I'd have given my right arm for something like this when I was in junior high!
THIS SPACE FOR RENT
Apple has a system called "Apple Network Administrators Toolkit". Amongst other things, it lets you remote control a Mac just like VNC. If you are the teacher you could have the admin tool on your computer and monitor up to nine (I think) screens as minitures on your own screen. It is up to the admin to decide wether those being monitored will see a pair of eyeballs in the menubar when they're being monitored.
Very typical for Apple, it is extremely difficult to find any information on their website. The closest is probably http://www.apple.com/networking/ana
Last I checked the client came free with every copy of Mac OS and the serverpart was included in AppleShare IP.
Say what you will about Microsoft, all the tools to create a managed environment have been there for years. Use system policies, group policies, anything you like, and you can enforce compliance. You won't even need VNC - besides, VNC is a troubleshooting/support tool par excellence, not a great surveillance device. Just read up on ZAK, or any other Microsoft white paper on managing the environment, and then spend a day or so implementing it. This is not rocket science, people just get used to not trying hard when faced with Windows boxes.
Can't remember what it was called, but a local junior college used a classroom management package for its Novell network. It actually served a much broader purpose than just monitoring. It allowed the teacher to take control of the mouse, or the entire desktop, or to share a specific window with the student. As a result the teacher could help students anywhere in the classroom without leaving their own desk.
My school has recently implemented a program of issuing pencils and paper to all students from 7th grade through high school seniors. As you can imagine, it's a serious nightmare. Apart from the usual run of broken pencils, we have a major problem with students writing notes to each other during class. Is there any effective way to allow the teacher to monitor what students are writing from his/her desk at the front of the class? Some of our teachers have come up with creative solutions like hanging video cameras above each student's desk, but a method which could be performed on the paper itself would be even better.
Tarsnap: Online backups for the truly paranoid
Why go through all this just to stop kids from fooling around in class? If they are not going to pay attention in class then it is their loss. I not saying that no measures whatsoever should be taken in classrooms to make students pay attention, but there is a limit to it. If it was technologically possible would you really want to prevent students' _minds_ from wandering? I should hope not. I definately think high school students are capable of deciding if they want to pay attention or not, and just locking computers is not going to change their decisions. You might have a valid request for the 7th/8th grade students, but I still think most of them are old enough too.
$ tail -f /var/log/maillog | grep rotten_bastard@fascist.edu
VncMonitor John Wilson writes:
VncMonitor is intended for those people who need to monitor several remote systems. A single window is used to present all the displays. The tab or backtab key allows the user to switch between systems. The return key causes the currently viewed system display to be transferred to its own window and the user can interact with the system using the mouse and keyboard. Closing the new window returns the monitored system display back to the initial window.
The configuration of VncMonitor is controlled by a file which contains all the information about what systems are to be monitored.
A version can be downloaded from:
VncMonitor
Before I part with'em: two pennies weigh ~4.996+/-0.014g, have a zinc core, and the face of Lincoln. You can keep 'em.
Now, not only are laptops a distraction for students so they aren't learning, but the teacher has to monitor the students preventing them from teaching. I struggle to see how any learning can take place in schools these days.
"If IE is 'just a web browser' then emacs is 'just a text editor'."
"Put the laptop under your chair during class, or take an F."
.).
A laptop is a tool (and a toy). It is a tool that has NOTHING to do with learning from someone who is standing in front of you.
The only possible use would be taking notes. Is it condusive to a lecture to have 20-30 students all typing at the same time? Is there anything more than a marginal benefit over the students using a paper notebook?
I think you have made yourself a problem, and that the best solution is to STOP making that problem for yourself (doctor, it hurts when I move my arm like this . .
-Peter
Schools over here in the UK a still struggling to get even 1 computer, let alone a network of computers within them.
There is absolutely NO need for each kid to have a laptop - it teaches them nothing, infact, the opposite - it teaches them to want for nothing.
If they need computers make them schedule time in a computer lab. Those that REALLY need to use a computer will then do so, those that simply want to play won't bother.
There *is* something to be said for sometimes NOT taking the most technical approach
There are actually versions of the VNC client which will also allow you to poll several machines at once. Just head over to the vnc site and check out the contributed software.
Altiris makes a program called altiris vision. It runs with little overhead and allows you to see all of the machines and manage them remotely. We use this at our High School facility in the library where we have more than 50 machines. Sorry that I assume this is needed for windows since most schools still get better breaks from Microsoft. http://www.altiris.com/products/solutions/index.as p?intCatID=4
I work for LA Porte ISD in Texas MIS Dept.
It's "lose". Unless you though the laptops were too tight or something.
There is no way to stop students from goofing off in class with their computers. I'm in a Network Administration class at my highschool and believe me, we've gotten around everything the teachers have thrown at us. Despite some of the computers being almost unusable except for starting Word, we still listen to music, play games, instant message, and all the other things besides schoolwork.
For the majority of students, they don't have the experience to figure out ways around things but in my Networking class, which is all geeks, when you start putting up barriers it's almost a challenge to see if you can get around it. I'm sure there are a few of these kids in your school too.
If kids don't want to pay attention they're not, computers or no. Just accept that just like some kids will daydream or sleep through all their classes, some kids will be emailing each other.
They're prisoners already. At least let them try to complete their drudgerous busywork in the time completed and be graded on that.
End rant.
TO BUY A NEW CAR WOULD MAKE YOU SEXUALLY ATTRACTIVE.
Disable access to the campus wide email server and proxy to accounts in the group 'Student' during class time. Each classroom, building or department could have a local proxy that allows students in a given class access to certain URLs on the internet, added in by the teacher, automatically purged after they expire or by you. School schedules are mind-numbingly regular, and variations from the norm (half-days) can be handled by a script to set the stop/start times for periods. When period starts, turn unregulated access off. Period ends, access resumes. You can do the same things for lunch, as long as you have valid data which students are scheduled for which lunch. This also prevents most problems with browsing inappropriate pages during class, unless one of your teachers has a porn archive that can be found on the WLAN.
... what did you expect they would do with them. Doodle? Write embarrassing poems? Reverse engineer the entire MacOS with MacsBug? Turn off access using an automated system and you won't have to police so much. Not to mention your server load will drop, letting you go a few more years between server upgrades.
Other than that, your school has given the students laptops
The problem with VNC is that you'd have to lock down the local security settings of the laptops to prevent the students from disabling it. It also wouldn't take long before one of them learns how to setup rfbproxy to send a prerecorded VNC sequence to clients, like an idle desktop with a hot key to pause/resume the fake sequence.
If your laptops run MacOS prior to X or Windows that is non-NT, then good luck securing them. The products vendors sell to secure these like Foolproof and Fortress do everthing they promise, but at the hands of a determined kid with nothing better to do but crack it, their "security" is a joke. Think "scriptkiddy".
Best of luck.
Democracy. Whiskey. Sexy. Pick any two.
You could give them to my school,
But seriously,
you could run linux, then create a cron job that would Chmod 000 all of the apps that aren't supposed to be being used, than Chmod 777 them back after hours. No one will know how to get around it, unless they can hack, and then they deserve to use it.
Why is outside internet access necessary during class hours in the first place? Give each classroom a fixed IP address gateway (10.A.B.1), and allow students access to that gateway to route to the internet as required for a particular class at a particular time. Sure, adjacent classrooms might get that access, if they happen to know the right IP address, but you could even have a quick little one-time password you give the class at the beginning of the period, if you want to add one more layer of "security".
I'm sure it wouldn't be very hard to write a few scripts to automate the whole process. How hard depends on the OS, of course.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
Just say their name and if they don't respond throw an eraser at them. That's what my high school teachers always used to do to me.
I'm not quite sure where to get a copy of it, but they were installed on the Macs in the music theory lab in my old school when I took the class a couple years back.
Besides being able to see the other computers, the teacher could send messages to one or all computers, take control of the mouse to demonstrate how to do something, show one person's screen on everyone's and etc. It was actually a really good tool for teaching, besides just making sure we were all doing work.
Anything that runs like that would be a great solution. I'm not too up on my VNC, so.. you figure it out.
Back when I was in high school, i had 3 classes that had at least one desktop per student. The way that teacher taught is by giving a lecture the first day, before any pc got booted. Her lecture explained what she expected of the students, and what kind of freedoms were alotted to them as their responsibilitys as well. She personally bought site liscences for several microsoft game packs that she allowed us to play when we completed our assignments. Our assignments would be usually 2 or 3 lessons each taking merely 5 to 15 min depending on the structure of the lesson. After work was complete we would print and turn in our assignments, then play games.
The way the place was set up.. there were 4 desks/computers/chairs to a group.. each faced in a rotated star facing clockwise of the group. Everyone can see everyone else's screens, if they wanted to. Plagerism was not tolorated. The setup was good for group moderation. (why are you playing tetris, she's giving a lesson)
Sure there were some of us that could get away with hacking each other's machines. (I did it) It did help all of the classes are advanced classes, so the goof off creeps that dont want to be anywhere near a place that you have to actually think were filtered out before schedules were made. Four of us in the class had advanced knowledge of computers, three of them being in my group, including myself... We usually finished our assignments the quickest, printed the code out and handed it in and then proceeded to cause each other trouble if they werent finished or play the teacher's games. (We would junk up the other's hard drives while they were compiling to make it take longer or make the loose print jobs.) It's fun playing god with someone else's computer.
All in all, we did ok. The teacher was able to keep a lot of control over the class with the freedoms and responsiblity phrase. She would just have to mention that and the person in the wrong thing would see and understand their fault and adjust to classroom activity.
DRACO-
Consider yourself blessed if you are sneezed on by a dragon and only get wet, it could have been a fireball.
If the students are anything like me, when you pull the plug on the Internet; they will just play solatre or minesweeper. Or they could even load quake3. So telling the students to turn off the laptops during lecturs is the only solution that will work.
I agree with various comments already made about how you can't really count on the laptop's configuration itself to keep the students from using email, etc. It's too easy to reinstall an OS without the locked-down configuration, for one thing. If you can't do it at the host level, the network level is an obvious next step.
Just a wild idea, but what about a modified intrusion detection system? Rather than detecting people coming into the network, it could look for anomalous behavior, such as ICQ traffic during class periods. You might not be able to stop it, but you could probably detect it. I think you could write rules for pretty much anything you'd need to detect in Snort, for example.
Check out my eclectic infosec blog at InfoSecPotpou
I carried a laptop throughout high school, it sucked!
First of all, 802.11b, if you get a collision, you loose communications for a little while (a noticable period). Also, I have friends that worked in university labs, they have told me in the past that there are a few software packages out there that are designed for situations like that. Check with a college it/mis department, or maybe somebody who works for the school system may know about such software.
see the subject.. there's no better way to keep people from using email on a laptop than to close the lid..
If they are activily using the laptop for some learning exercise, they will be busy with what they are doing so their won't be a problem with them checking email..
Besides computers are made to multitask.. if the children realize that before the teachers, thats too bad.. but in the real world of college (that hs love to tell lies about) you can check email or whatever else you want to do while using computers as long as at the end of the class period you have the required work done too..
One of the problems, with using VNC and laptops is that kids are smart. They'll figure out how to disable it, or otherwise mess with it. Especially if they can take the laptops home and spend hours "customizing" them.
Maybe a tool that's more stealthy, like sub7 would be more appropriate?
The other option is to implement a proxy server as the only way to access the net and then block the webmail sites and the mail protocols.
Any NetAdmin worth his/her weight in silicon will tell you never to deploy a completely unsecured machine if you want to limit the user's capabilities with it... Micro$oft offers group policies both with and without $M$, Novell offers ZENWorks, Apple offers something or another that I can't think of right now... Heck, if you don't want to do that, use something more cheezy (like M$'s policies isn't already?) like Fortress 101 or the likes. Limit what the user can and cannot execute -- define a list of allowed apps (and, for pete's sake, keep em out of the registry and control panel!!!)
Both $M$ and ZEN offer remote control agents, though I must admit that I do like VNC. The big draw-back to VNC though is name resolution -- how do you figure out who is who? Esp when the user has the ability to modify the computer name...
Besides, if they're stupid enough to give out all that hardware to kids (and I thought I was all the rave for getting extra time on the lone trash-80!!!), they've got to assume some responsibility and proactively address such issues....
And, while on the subject, what gain in productivity do these kids see by having yet another distraction everywhere they go??? I don't have a problem with technology in the classroom, but ONLY when it's utilized appropriately....
There was a software company that was located in Milwaukee, I beleive it may have been sold to HP and moved to the east coast, but it was called Discourse Technologies and it was specifically used to monitor classroom activity so that each child was linked with the teacher and could answer questions etc. This gave the teacher the ability to know what the student was doing. I assume this may work with existing hardware although I believe they marketed their product to include the hardware, probably worth checking into, I remember good write-ups about the company in the local papers.