Slashdot Mirror
Feasibility of Linux for Public-Access Labs?
Benanov asks: "I'm doing a literature review on the Feasibility of Linux for a public-access lab (i.e. not Computer Science students at a university but instead the entire student body would have a login), and I haven't found any detailed studies about any places where this is actually done. If you know of any citeable sources about studies / reviews, I'd really appreciate it."
I have setup a general access lab using linux and LTSP, but it was only for 16 highschool students, so I am not sure how relevant to your quest. I would recommend looking for studies regarding LTSP.
Carnegie Mellon University has labs of Linux, NT, Apple, and Sun machines - all using the same login / password, and accessible to everyone.
Seems like the K-12 Linux project might be a place to start looking at they have been plugged on /. before. Seems that they looked at what a student in a classroom would need and there are some articles on their site about schools implementing Unix in a educational enviroment.
JK
I'd highly reccomend you look over at the linux k12 project @ http://www.riverdale.k12.or.us/linux/
Jamie Zawinski has produced a nice document describing how he did it, problems he faced, etc.
[LINK]
The Athena system here at MIT runs both on Sun and Linux boxes. Extensive use of certificates and kerberos here. Supposedly very secure...
The SEUL is an organization for using Linux for education. There's even a case study section.
While its true that we have 36,000 students using AIX for e-mail and the like here at the UW, we don't actually have any labs setup with machines running *nix (there is one RedHat lab for the CS students). I've been trying to convince my boss in the UW polisci lab to run linux for a year-plus, but he won't even let me setup a linux server to run mySQL. So, even though UW is home to such greats as Pine and IMAP, I'm sad to report almost all of our labs are Mac/Windows.
Only 120 characters... who can summarize their entire world understanding in 120 characters?!
The Carleton University EngSoc Project is a wholly student-owned and student-run UNIX network at Carleton University in Ottawa, Ontario, Canada. Once the largest Linux userbase in the world, they've provided Linux shell accounts to every undergraduate Engineering student for at least 7 years.
Since 1996, they've offered a Public Access Lab using donated hardware and space provided by the University. They started off using 486 machines that booted RedHat 3 and NFS mounted from a blazing P90. Then they moved on to using NCD X-Terms. In 1998, Corel Computer donated Netwinder systems for use as the PAL workstations. In 2000, the lab sustained water damage from construction on the roof, and the Netwinders were replaced with ThinkNIC thin clients.
But we don't have any useful literature to provide.
The University of Cambridge have a system called the public workstation facility. This is comprised of machines in many departments and colleges which can authenticate against a single database, and which provide homespace and so on. I understand that some of these machines are now dual boot between NT/win2k and a home grown linux. More infomation is here.
"The new wave is not value-added; it's garbage-subtracted" - Esther Dyson, Dec 1994
Our college computer room has mainly Windows boxes, a couple of Linux ones, and also a couple of clapped-out Suns running a tty on the console.
The geek students - generally those reading computing science, or sometimes physics, will try the Linux ones for browsing, ssh-ing to another account for email, or opening X-clients (often Matlab) from other machines, and the Suns if they only need to ssh to one other account. If all are taken, they'll open PuTTY on a Windows box.
The majority of students want to do one of three things:
(i) Read email, (ii) Browse the web, (iii) Print out reports/essays
Up till a few years ago, anyone wanting email had to get a shell account and use pine/mutt. Now there is a web-based interface (WING - yuck), and so as far as these students are concerned, (i) falls under (ii).
These students will gravitate towards the windows boxes in order to use IE (for purposes i and ii), or Word (iii). If all the windows ones are taken, they will take a look at the Linux ones - Debian running wdm. Some will not be able to operate the wdm login widget (especially if some joker has left the Action pull-down menu set to something other than Login). Those that do will be confronted by WindowMaker, and click around a bit until they find the root menu.
Those wanting to write/print essays will see the absence of Word, and so more are put off at this point. Some find WordPerfect, and discover that their files can sometimes be read, and may even be able to operate the ``Print'' button, and click ``OK'' in the resulting dialog box without trying to fiddle with the printer settings. Most are put off by the differences with Word, and never use it again.
Those wanting to browse the web/check their email will have a similarly fruitless search for IE, and go for Netscape. (The root menu has an entry labelled ``Mozilla - better Netscape'', which is ignored by all). Again, they are confused that Netscape doesn't look the same as it does under Windows, but normally manage to find their way around.
They will attempt Ctrl-Alt-Del to log out, and notice it does nothing. Some will notice the Exit option on the root menu, and successfully log out. Others will happily leave the machine logged in. (The sysadmin had to remove the wiring behind the power-switch on the front of the box to prevent idiots from rebooting when they couldn't log out, or when Netscape crashed.)
Where was I going with this? Ermm... Oh yes. People will stick to what they know, and the less the new machine is like what they know, the more likely they are to be scared off using it. Those with no computing experience (the ones that haven't been exposed to Windows - yes, there are some) would be quite happy to learn shell-commands, like they did five years ago. Those that have been brought up using Windows will not be able to cope with the slightest difference they might encounter when confronted with a Unix box, and will soon reach the decision that the box is fucked-up. Several times I have been in and used a Linux machine while people were waiting for a Windows one to become free.
The University of Notre Dame and University of Michigan both use an AFS/Kerberos set-up for large volumes of accounts.
Notre Dame offers accounts on their Solaris/SPARC machines to every student at the university. Michigan's CAEN is also an AFS/Kerberos system for the whole College of Engineering.
MIT's Athena project is pretty interesting (and also partially uses an AFS/Kerberos scheme), but it probably won't help you set up a quick public network of Linux machines since it focuses more on the research side of things (not to mention the fact that it's been actively worked on since 1983!).
In general, you will probably want to decide between an AFS/Kerberos set-up or an NFS set-up.
With AFS/Kerberos, you as the administrator would directly control a pool of servers ("Vice") which physically contain the data in every user's account. The client machines ("Venus") would get temporary "tickets" from the central Kerberos server (which you also control) to access their accounts which are stored on Vice.
In the NFS scenario, the physical location of accounts is totally decentralized and distributed across all the machines that users actually work on. This means less work for you as an administrator, but it also means less security since random users' data is actually stored on the disks of the computers in the user pool (in AFS, Vice machines are considered to be "locked in closets" to which only the administrators have physical access). It's good to remember a golden rule, "physical access to a computer always implies root access." Using a tomsrtbt disk for example, you can change the root password on just about any Linux machine with a floppy drive.
Since Vice (in the AFS scheme) computers are presumably kept behind locked doors, you avoid this type of problem. However, AFS is harder to maintain, and you probably have to pay Transarc for a commercial version.
For more info on AFS/Kerberos and NFS, I recommend surfing the ACM Digital Library, in which you can find the seminal papers on these various technologies (if you're an ACM member and have access). You may also be able to find case studies there (which I found to be surprisingly hard to find on the web).
The DNA Lounge, a night club in San Francisco, uses public terminals running linux. He has his source code on the website for the club.
http://www.dnalounge.com/backstage/src/kiosk/
the university of tuebingen (germany) uses linux for their computer pools and some of their servers. They are using linux clients, with kerberos authentification and a home on an afs-server.
if you have a question i guess you could send an
email to beratungatzdv.uni-tuebingen.de.
cheers TheSegfault
it's interesting.
We moved our 15 year old son to a SuSE distribution last year. He had issues because he wasn't sure how to get to his network drives and couldn't get Starcraft running, but after a couple months he was able to install Wine and get Warcraft going (didn't get Starcraft going, much to his dismay).
Four months ago we moved our 8 year old daughter to the same SuSE distro - took away her Windows 98 and made her quit cold turkey. We configured KMail and let her go. She's had NO help and she can create documents, print web pages, browse, and runs some of the KDE games. No complaints from her at all.
So can people get used to it? Even non-geeks? Sure. If an 8-year old child can do it, I would think a college student, regardless of their general computer competency, should be able to do it as well.
I don't have a solution, but I certainly admire the problem.
Here in Brazil, our best Computer Science University uses Linux Red Hat (6.2,7.0 and 7.2) and Windows NT4 in labs. The servers are SunOS with NFS, YPserver, Samba, SSH and others. It runs well and almost 50% use Linux for non-programming things like surf the web, etc...
They've recently changed the libraries machines OS from Windows to Linux (Autologin and Netscape). Most of people don't care (I think that was because the browser was always Netscape).
Aside of that, If you want it to work fine and people use it, use something that will NOT SHOCK THEM, like KDE3, Gnome or IceWM(if you don't have a good computer) and pre-configure it in a cool way: a menu with things that matter first, desktop icons and some explanation of the basic programs(like mozilla, kmail, evolution, konqueror, galeon).
If you have some processing power, get some cool theme, like Liquid for KDE3(the best), Acqua or Luna (looks like WinXP).
I recommend you to introduce Evolution, Nautilus, Galeon, Kmail, Konqueror and Mozilla first, they're all easy to use.
The server could handle it using NFS and ypserver.
Those terminals at Columbia are actually remote boot Linux workstions, configured as public access kiosks called ColumbiaNet stations. Locked down, limited purpose, for quick access to web and email, we're running over 150 of them in high traffic locations for years with great success, high uptime, and minimal maintenane.
c at ions/251mudd/
More info at:
http://www.columbia.edu/acis/facilities/cnet/
At Columbia, we've been running Unix lab machines for 16 years, mainly for Engineering/Science community. Similar to other postings, they are tied to campus id system, NFS mounting central file servers, etc. More info at:
http://www.columbia.edu/acis/facilities/labs/lo
Currently built on Solaris, but prior versions were built on HP/UX, AIX, NeXTStep, BSD 2.9. Linux could be built to perform in a lab environment as long as the appropriate applications are installed to meet student needs and expectations...
Rob Cartolano
Manager, Academic Technologies
Academic Information Systems
Columbia University
rtc@columbia.edu
So set up Gnome or KDE on the workstations, no admin privileges to any user accounts of course, with the home directories Coda-mounted and with things locked down per standard for an ISP's shell machines (ie. tighter than a nervous virgin clam). Minimal services running, don't install dangerous things like nmap, and give them a desktop skin that resembles Windows and an xdm/gdm/kdm login box. You only have to assemble the workstation image once, then just clone it over onto workstations as needed. Kernel modules and DHCP are your friend here.
For extra evilness points, lock down their dot-files by making them owned by a special user and not writable by the account itself. This requires a bit of a balancing act, since some dot-files do need to be writable for storing state.
This is the same process needed to secure the workstations used by the CS classes, you're just talking about several thousand workstations instead of several hundred. There's more administrative overhead, but the actual things needed for each workstation are roughly the same. Just be sure to have a beefy enough fileserver (or spread the load over several) to handle the network-mounted home directories.