What Advice For a Single Parent As Server Admin?

Dragon_Eater, with "lots of experience setting up PCs and a passable knowledge of Linux but severely lacking in the server/client department," writes with a situation that probably faces a lot of parents: I want to set up three kids, 12, 14, and 15, with newer computers so they will stop fighting for time on the one ten-year-old Dell they share now. I can get the individual computers and a server put together without any problems, but the computer-handicapped single parent needs to be able to do the following via an simple application/web page: View client computer status, On/off, sleeping etc.; Deny Internet access, not LAN, just the web; Schedule time usage of computer, ex. 7 am to 10 pm on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes; and Apply some kind of firewall filter for blocking undesired web content. And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task; Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms. Given the lists above I am thinking about a Linux-based router/server machine and running Windows on the clients for game compatibility. I also know that a server and network boot client is possible but not sure where to start on that one."

Holy shit

[unity100]

you got a whole deal of connectivity/administration project there. quit your day job.

Re:Holy shit

[houstonbofh]

Not really... Basic Desktop support, and a more sophisticated gateway. Something like m0n0wall http://m0n0.ch/wall/ has very good access control with a voucher system, you user based control built in. It also has a very good traffic shaper so one kid downloading won't cause a fight with the other kid gaming. However, no web filtering.

Untangle http://www.untangle.com/ has some very good filtering on content and viruses, as well as some ads. The captive portal is not as strong, but getting there. No real traffic shaping last time I checked.

Both are open source projects. Monowall will run on any old P3 with 128 meg of ram. Untangle will need a bit more power behind it.

Re:Holy shit

[AndGodSed]

Not really... Basic Desktop support, and a more sophisticated gateway. Something like m0n0wall http://m0n0.ch/wall/ has very good access control with a voucher system, you user based control built in. It also has a very good traffic shaper so one kid downloading won't cause a fight with the other kid gaming. However, no web filtering.

Untangle http://www.untangle.com/ has some very good filtering on content and viruses, as well as some ads. The captive portal is not as strong, but getting there. No real traffic shaping last time I checked.

Both are open source projects. Monowall will run on any old P3 with 128 meg of ram. Untangle will need a bit more power behind it.

Good options. He could also try ClearOS. After it is set up it should be rather low maintenance. The download link is on the page. I have one at home and it is a win.

Re:Holy shit

[StrategicIrony]

Agreed.

This single parent is going to spend 10 hours per week troubleshooting administrative tools, when the computers he's trying to administer are like 10 feet away from him.

WTF?

Re:Holy shit

[jim_v2000]

Agreed. The whole project could be tackled this way: content filtering firewall of some sort + take away the power cords when the kids are in trouble.

Re:Holy shit

[xaxa]

Extra-agreed.

the computer-handicapped single parent needs to be able to do the following

OK...

via an simple application/webpage:

Why must it be a webpage?

View client computer status, On/off, sleeping etc.;

Walk into room (quietly, if necessary). See if there's a big, square light. If it's daytime this is a window, if it's night it's a computer screen.

I moved my PC when I was about 15 so it couldn't be seen from my bedroom door. My dad moved it back, so he could see it before I knew he was there.

Deny internet access, not LAN, just the web;

Unplug it (I doubt LAN access is necessary). Or say, "if I see you using the web tonight you're banned from the computer for the rest of the week".

I'm not going to bother going further.

Re:Holy shit

[lorenlal]

Actually, if you're looking at laptops, make sure they have compatible power cords.

If the kid gets grounded, they have up to about 90-120 minutes of time to do what they want (at best), and then they have to bargain with their siblings...

Now that's what I call punishment.

Re:Holy shit

[commodore64_love]

I like to follow the KISS principle (keep it simple), because I don't like major projects or headaches. The MAIN issue here is that you've got 3 kids and 1 computer, so my solution would be to get 1 computer per kid. Ebay sells used XP laptops for about $100 plus shipping. Buy 3.

I'd put all 3 computers in a "computer room" that opens at 6am and closes at 10pm, plus allows me to monitor what my kids are doing. Not that I mind them looking at nudie pics or whatever, but I'd still want to be AWARE of what's going on inside my own house (i.e. not in their bedroom stripping for their boyfriend via webcam, and I don't know about it). When they go off to college then they'll have a private room to privately surf the net.

Since I only have one DSL modem, I'd have to get a new hub which allows 3 connections: 1 per computer. Or maybe a wireless router, although I still prefer wired connections, for security reasons.

So to summarize: I'd buy 1 laptop per kid, at a total cost of about $300, and limited to usage in a public computer room so they'll stop fighting over the single Dell desktop.

IMHO.

Please don't mod me down just cause you disagree.

Re:Holy shit

[uglyduckling]

Yup. You unplug the router when you go to bed. It's really easy and 100% reliable. If necessary, have the router in the parent's bedroom.

Re:Holy shit

[poetmatt]

hahahaha. you ask people not to mod you down when you made a shit comment? your solution here has absolutely nothing to do with the problems of the situation.

There's still issues of access control, timing, etc.

99% of which will all still be circumvented anyways. It's better to try to teach the kids how to be smart about what they're doing rather than try to restrict usage hours.

Re:Holy shit

[elsJake]

I used to have quite a lot of power cords , keyboards and mice just laying around , and power cords are basically free. I'm sure the kids will bypass your grounding measures in no time.

Re:Holy shit

[icebraining]

Ebay sells used XP laptops for about $100 plus shipping.

I bought one of those (Compaq n400c). First it was the trackpad, then the keyboard lost some keys, then the HD started failing. In less than 6 months it was useless as a PC. I still use it as a server, though (doesn't need the trackpad or the keyboard, and I use a flash drive for the OS/software and an external drive for storage).

Re:Holy shit

[icebraining]

take away the power cords when the kids are in trouble.

A power cord is only a couple of bucks. If I was them, I'd buy one from a local PC shop and hide it 'till it was needed.

Content filtering would be pretty useless too; at 15, if he can't figure out how to bypass it he's not very bright. Blocking all web access is easy, blocking specific pages based on content is almost impossible, unless you prevent him from installing apps.

Re:Holy shit

[Zixaphir]

There is no -1, disagree. I think it's a fair point to say, "Don't mod me down cause you disagree." That's not the point of moderation. Moderation is to raise up the good posts and filter out the flames/trolls/spam/you.

Re:Holy shit

[RichardJenkins]

Or...focus on logging instead of actual restriction. Make sure they know what they can and can't do, and if the logs show they're frequently abusing the machines, do some parenting.

Re:Holy shit

[HeronBlademaster]

I'd buy 1 laptop per kid, at a total cost of about $300

You'd buy three laptops for a total cost of $300? I pity your (real/eventual/hypothetical) kids. I wouldn't want to check my email on a $100 laptop, let alone do homework or play games. (If you misspoke and meant $300 per laptop, that's still not much better... I wouldn't want to use it myself, so I wouldn't subject my kids to using it either.)

Re:Holy shit

[HeronBlademaster]

remote shutoff is a ridiculously simple thing to do with a ssh script (make a button for it somewhere).

It's ridiculously simple to shut off a Windows machine remotely via ssh? Do tell.

(Remember: OP wanted the kids' computers to run Windows for game compatibility.)

Re:Holy shit

[HeronBlademaster]

My parents used to do this, it was a quick and simple solution. They'd just grab the cable modem when they went to bed; that way the LAN stayed up so we could still print our homework if we needed to, but we had no internet access.

Re:Holy shit

[Golddess]

Exactly, far more effective to disconnect the monitor and remove that.

Re:Holy shit

[twidarkling]

Except in an "Ask Slashdot," not only should good answers be promoted, but bad answers *should* be modded down, so that someone checking for advice knows that it IS bad. In every other section, though, I agree.

Re:Holy shit

[htdrifter]

Ask the two oldest kids for technical support? You can put up any barrier you want but they will find a way around it.

Seriously: At that age you can guide them but you can't control them. Keep the machine(s) in a public area of the house. Observe what they are doing. Talk to them. The most important thing is to be honest with them. At that point in life you are preparing them to leave the nest. In 3 or 4 years they will ready to leave and face a world without parental controls or filters. Prepare them the best you can and have some confidence in them. Letting go is very difficult.

Re:Holy shit

[bearsinthesea]

My neighbors leave their wifi open. Any suggestions on limiting access to this? Aside from tinfoil wall paper. I have an extra WAP, is there a wifi jamming utility?

Re:Holy shit

[pjt33]

Nonsense. The kids will hack their computers (either install Windows or change the root password - they have access to the hardware) and the parent will remain blissfully unaware.

Re:Holy shit

[nicolas.kassis]

actually it is, heard of cygwin?

Re:Holy shit

[nicolas.kassis]

And the net command is a pretty good way to have fun with administrator access.

Re:Holy shit

[HeronBlademaster]

"Ridiculously simple", in my opinion, is a phrase that automatically excludes Cygwin.

Don't get me wrong, Cygwin is useful in a pinch, but... simple? I don't think so.

Furthermore you don't have to be admin to run the setup tool, so while you may figure out a way to run sshd such that the kid can't kill the process, all they really need to do is open Cygwin setup, uninstall sshd, and reboot. If you don't think kids are smart enough to figure that out, then you're not qualified to answer the OP's questions :P

Re:Holy shit

[Aczlan]

Not SSH, but from a remote windows machine authenticated with admin rights on the target machine run

shutdown -s -f -m \\KidsComputer -t 60 -c "Time for bed kids"

That will shut the computer down in 60 seconds with the message of "Time for bed kids" with the forced shutdown of unresponsive programs.
See: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/shutdown.mspx?mfr=true for documentation.
Aaron Z

Re:Holy shit

[HeronBlademaster]

I don't suppose there's a way to run that from a Linux machine? Maybe an OSS program that knows Windows' "shutdown" program's communication protocol? (Just curious.)

Re:Holy shit

[Aczlan]

Try http://www.linuxforums.org/forum/redhat-fedora-linux-help/60324-remote-shutdown-windows-linux-box.html for some ideas... Looks like they figured something out.

Aaron Z

Re:Holy shit

[HeronBlademaster]

Cool, thanks :)

Re:Holy shit

[anarche]

I think singleparent should be commended for coming here and asking this question.

If at-home content-filtering were more prevelant, Australia would not be bringing in its bloody filtering./aside

I haven't much experience singleparent, but start off maybe by looking at what options your modem and router offer. Any halfway decent combo will let you filter by IP (you'll need to track down the IP addresses) and disable VPN.

Re:Holy shit

[anarche]

Go and speak to your neighbours?

Re:Holy shit

[Dun+Malg]

Walk into room (quietly, if necessary).

Hey genius, how's a single parent going to walk into the room quietly at (say) 3pm after school when he/she is TWENTY MILES AWAY BECAUSE SINGLE PARENTS HAVE FUCKING JOBS?

Re:Holy shit

[mirix]

I've gotten several old T series Thinkpads (T23, T40, etc) for peanuts, and none of them have broke down yet. They seem pretty robust. Of course, you'll probably need new batteries, but that's a given.

They aren't exactly stylish, but I'm a utilitarian sort anyways. They use them in space FFS.

Re:Holy shit

[vivian]

If you really want to be able to monitor what your kids are up to just install VNC, with the options set to allow remote connections without confirmation. Then make the rule in your house be "if I cant connect via VNC at any particular time, you are off the computer for a week". Then you can easily remotely see what your kids are up to at any time, with no warning whatsoever - if you really think you need that kind of control. Jusk knowing they may be monitored at any time (even when you are at work) should instill a healthy level of paranoia that will keep them using their computers for how you see fit.

Re:Holy shit

[ajlisows]

I totally understand where you are coming from, but I think restriction might be the better option. Logs will allow you to see if your child is visiting sites you do not approve of, but it won't make the 12 year old unsee that video of "Hot Asian slut taking it in all three holes at once". (I'd assume this is one of the things that he is trying to filter out). Also, it may not be the child's intent to go look at said video. It might be a bait and switch link that takes them there, some malware infestation, the 15 year old jumping on the 12 year old's machine to do his porn surfing, or some other scenario where it really isn't the 12 year old's fault.

Plus, depending on how much surfing the kids are doing, there could be a pretty big list of logs to go through every day.

And of course the biggest issue.....do you think the parent has the time for the hours of talk/psychological help that would be required if one of the kids ran into goatse.cx? One bad click and the kid would be damaged for life. The parent could only hold the child as they rocked back and forth trying to sleep but unable to remove the image that has burned itself into the retinas.

Re:Holy shit

[Zixaphir]

I thought it was a rather fair post. Tons of complicated options were presented, along with funny, though unhelpful, prods. I did not find the aforementioned post to be offtopic, as it's KISS principle provided an alternative solution to the CORE problem that the OP had, that he devised a complex solution to that created a new problem, in that he didn't know how to implement such a system to create his solution. The OPs problem isn't that he needs a system, it's that he has kids and is trying to solve the problem in an inefficient way. Nor was it flamebait, nor redundant, nor trolling, nor overrated. So for what reason would someone mod it down? Plain disagreement, bias.

Re:Holy shit

[ls671]

I haven't searched for one, I just cooked-up one, you need to enable telnet access from LAN on the Windows machine. This might be only available on server editions:

(cat windowsshutdown-login.txt ; sleep 5 ; cat windowsshutdown-command.txt ) | /usr/bin/nc -t ${1} 23

$ cat windowsshutdown-login.txt
Administrator
password

$ cat windowsshutdown-command.txt
\shutdown\shutdown.exe
exit

Note that I do not use that script to shutdown kid machines but to shutdown Windows hosts on power fail. For kids, education and teaching them how to take responsibilities might constitute a better approach.

Re:Holy shit

[Sir_Dill]

or you can do what I did and buy a turnkey untangle system on a nice little Atom system.

The guys at logic supply make a great system at a reasonable price. For around 350 bucks you can get a small formfactor case and 180 gig drive and a system that does everything you could want it to.

I can vouch for untangle as well. The access control is top notch, you can limit internet access by time and machine and the web based configuration is second to none.

I replaced an aging celeron based ipcop system and I was initially a little leery about switching but I have been on untangle now for the last two months and its great

I can tell you this, DON'T try to roll your own distro, even using one of the many existing products can be an exercise in patience, trying to do it all from scratch is masochistic unless you do this for a living....and even then....I am not sure you would want to do it on your off time.

Re:Holy shit

[youngone]

I would agree with ClearOS. Super easy to set up, then you get everything required and more.

Re:Holy shit

[CrashandDie]

I want to set up three kids, 12, 14 and 15

Not only that, but those are seriously crappy names for kids.

Re:Holy shit

[poetmatt]

Again, there are other ways to deal with it.

He just said "buy them all some cheap computers and lock them in a room". But there are issues other than that. LOTS of issues that such an idea wont' take care of.

At some level, the guy's going to need to do a bit better than that if he plans to control usage. All locking them in a room encourages is for the kids to find the key to the room. Take it from a devious and enterprising kid who knows what happens when you do a power play on your children: your kids have more power than you by the time you consider such an idea. All it does is fuck up the relationship you have with your kids.

Re:Holy shit

[jim_v2000]

Ok, whatever. The point is to take something critical. Take the monitor then. Or give them laptops and take the laptop.

Re:Holy shit

[ultranova]

The kids will hack their computers (either install Windows or change the root password - they have access to the hardware) and the parent will remain blissfully unaware.

And that's the best possible outcome, really: the kids get unbiased information (or rather get to view all the possible biases and compare them), making it far harder for the parent to indoctrinate them to whatever bullshit religious, economical, philosophical, political or whatever theories s/he believes in, and the parent gets to be blissfully unaware that s/he's failing to create the next generation of democrats/republicans/libertarians/communists/christians/muslims/atheists/whatever. Everyone wins.

Pity the fool who agrees to set up this system, and thus gets to be the scapegoat when the truth comes out, thought.

Re:Holy shit

[ultranova]

Then make the rule in your house be "if I cant connect via VNC at any particular time, you are off the computer for a week".

So if the computer's off, or the Net's down, they'll get punished?

Re:Holy shit

[omglolbah]

Heh, I had a computer in my room with internet when I was 14... As did my two younger brothers at a similar age.

Luckily my parents are fairly open about anything would not block me from accessing anything. I knew that if there was anything I was curious about I could look it up.. If I did not understand it I would just ask either my mom or dad depending on what the subject was.

Being a 14 year old boy of course I started collecting various pieces of 'art' and had an extensive collection by the time I was 16 :-p
Now.... Did this damage me or turn me into a serial killer or rapist? Nope. Neither of my brothers are nutters either *chuckles*

Having two teachers as parents can be quite nice. Of course it did mean that logic was king. If I could reasonably argue why I should be allowed to do something I was allowed to do something. Whining did not work -at all-. Presenting a reasonable set of arguments for my position always did (asssuming they agreed, which they usually did).

Learning these things is essential to any kid/youth. I personally think many of the problems in the world now are based on people not learning basic skills regarding how to communicate.. Especially regarding disagreements.

Meh, I'm getting ranty now and should be at work... :-p

Re:Holy shit

[Jedi+Alec]

Not only that, but those are seriously crappy names for kids.

Really, that's what you worry about? I want to know what the fuck happened to 1 to 11 and 13...trial runs? Beta versions?

Re:Holy shit

[xaxa]

Hey genius, how's a single parent going to walk into the room quietly at (say) 3pm after school when he/she is TWENTY MILES AWAY BECAUSE SINGLE PARENTS HAVE FUCKING JOBS?

If mum can't be at home she's got more to worry about than what her kids are looking at on PCs in her house. They can go to a friend's house, or skip school entirely, etc, or work around the blocks from 3pm until she gets home. I don't see the point of blocking stuff to this extent.

(Incidentally, in this country only 57% of single parents have jobs.)

Re:Holy shit

[SausageOfDoom]

The point is that technical solutions aren't always the answer.

He didn't say a locked room, just a common area designated as a "computer room". Putting the computers in a common area (be it a locked computer room or the corner of a living room) so you can keep a general eye on what they're doing, and you solve all of the content issues.

Tell your children that they can use the computer from 6am to 10pm. You don't need to lock them away in a room - if they obey, that's their sleep cycles protected. Punish them if you catch them sneaking off to use chat rooms at 2am. Hell, unplug the router and hide it in your bedroom if you don't think you can trust them.

Installing a complicated access and content filter costs more money and time to set up, and more to keep running. Just sit down with the children, explain the rules, and use your usual parenting skills to impose them.

Re:Holy shit

[davaguco]

Also, you might not want to be there when the door has to be unlocked (you might be at work). If you set up some automatic software to open it up for you at the desired time of the day, you won't run into trouble when you have to attend some unexpected late evening meeting and your kids can't access their computers due to this.

Re:Holy shit

[HopefulIntern]

And of course the biggest issue.....do you think the parent has the time for the hours of talk/psychological help that would be required if one of the kids ran into goatse.cx? One bad click and the kid would be damaged for life. The parent could only hold the child as they rocked back and forth trying to sleep but unable to remove the image that has burned itself into the retinas.

They're not little tots, the youngest is 12. I had my first PC when I was about 13, and got sent all those links "on the first day" so to speak. Some of which I had already seen when we shared a computer (my dad was not relly PC savvy, or he was more laissez-faire). I turned out fine...

Theyre gonna see that stuff at some point anyway, if not at home then at a friend's house, library, etc. as already mentioned. I would be more interested in logging, maybe, although I think even that infringes on their privacy (what parent wants to know what fetishes their 15 year old has...?). As long as they don't infect the whole network, let them have at it on the net. Educate them on safe use of the internet, but give them free reins to explore.

Re:Holy shit

[Xest]

Plus it'll prepare them for the real world thanks to an ever increasing trend towards the surveillance state.

Re:Holy shit

[poetmatt]

okay, what do you think a laptop is? It's portable. So let's look at what happens when you give a kid laptops. a: they will take it with them and get access elsewhere as necessary
b: they will get into the "locked" room as necessary. Remember "locked" and "children" are oxymorons. This should be a given.

I'm not saying it has to be a complicated access filter, people have provided good software solutions that do 97% of the work for you. However, the general concept of "I have the computers in a room and you can't get in when I say so" only works until a kid is about 3 years old. These kids are 12-15 years old. A locked room means absolutely nothing.

mono.ch/wall and untangle are absolutely a better solution (and not that complicated) in comparison to what you get with a simple locked room which won't work. Also, openDNS on the router is a significantly more simple and easy to control method. Checkbox for "hours of usage" etc.

To think that trying to keep the physical devices away from kids will *never* work at the age of the poster's kids.

Re:Holy shit

[Publikwerks]

A $100 laptop will check email/surf the web fine. You can pick up a P4 laptop on ebay for around $100, and if your looking to set up a computer room on the cheap, they would work.

Re:Holy shit

[mdwh2]

Not really - it's still better off to reply, and explain why they are wrong. Otherwise, how do we know whether it was bad advice they gave, or just the opinion of the minority who get mod points?

Re:Holy shit

[theaveng]

You'd buy three laptops for a total cost of $300? I pity your (real/eventual/hypothetical) kids

He's treating them no differently than how I treat myself. My laptop is also one of those "XP ebay specials" and cost $110 plus shipping. It works just fine for typing Word documents and surfing the net.

Plus they ARE just kids. When they graduate college, then they can get something better for themselves. Besides I consider getting a kid everything he/she wants as poor parenting. If I went-out and spent $3000 on three laptops ($1000 per piece), I'd be spoiling them. That's what contributes to the "entitlement" mentality so prevalent today.

And frankly, it sounds like you might be spoiled yourself ("If you meant $300 per laptop, that's still not much better").

Re:Holy shit

[jimberg51]

the real key is to PUT THE COMPUTERS IN A PUBLIC PLACE IN THE HOUSE! sorry to be so emphatic, but if your child can sit in their bedroom and play on the computer, then you have less control. They could even have an extra power cable and network cable in their closet. Putting the computer in a public location will help them self-regulate their use and allow you to interact with them while you are in the room, all without having to sneak into their bedroom. All wins. Signed, the voice of experience

Re:Holy shit

[Coren22]

From your windows machine, shutdown /i

This brings up a gui tool that allows you to shut down the computers remotely, as long as you have administrator access to the computers, they shut down. It can even be automated, shutdown /?

Re:Holy shit

[Raghead]

Don't give them computers with wireless capability. Next ridiculous question?

Re:Holy shit

[JeffSpudrinski]

If you're wanting Windows OS, Microsoft's Small Business Server will do most of that out of box. The local OSes would need to be the "Pro" flavors of Windows, though.

The anti-virus would need to be added, but Avast has it for SBS for under $200, which offers the remote scanning, management, etc...

You can also use group policies to lock things down, and you can manage Windows updates (it includes WSUS on the server).

It requires a semi-beefy system to act as the main server (depending on if you want RAID drives, etc...), but it should run okay on a system with 4 GB of RAM and a large hard drive. It also has the added advantage is that you can purchase your own domain for under $20, add an MX record pointing to your external IP address (if it's static), and have your own locally hosted email server, which you can also manage/monitor with the admin account. You can strip all email attachments into a quarantine where they will need to contact you to release it from quarantine.

You can limit logon hours, deny access to proxy servers, prevent local accounts from installing new programs, etc...

Like everything else, there's definite ways around the securities if they try hard enough, but you can use the domain admin account to check every system out periodically and see if there's any shenanigans going on.

Good luck.

-JJS

Re:Holy shit

[HeronBlademaster]

Growing up, my computers were always four-year-old hand-me-down laptops that were often damaged (e.g. one had a broken screen, and most had batteries that no longer held a charge). I didn't own a *new* computer until after I was married, and even then I only bought it because it sucks being tethered to the wall in class.

At any rate, I didn't mean kids need high end machines, but buying low-end, cheap, used laptops will not help them any if they want to go into a computer-related field, and it will only make maintenance harder on the parent when the hard drive dies again.

At my previous place of employment I built several $600 desktops that were perfectly capable of handling software development, and that is probably the sort of thing I'd build my kids when they're old enough.

Re:Holy shit

[HeronBlademaster]

I think your missed the part where my parent post said "via SSH" and I questioned that. But no matter, others have replied with links to ways to shut down Windows machines from remote Linux machines.

Re:Holy shit

[QuesarVII]

If it's wide open, it's still probably admin/admin. Log in and blacklist your kid's macs ;)

Re:Holy shit

[Chelloveck]

I don't bother with content filters. Too many false positives, and too easy to get around. I figure the kids (12yo and 17yo) can handle seeing goatse.cx by accident, and if they actually go looking it's its own punishment. I do have their browsers set up to go through a squid proxy, and I periodically review the logs. I have it set up so that they have to ask me to allow them access; a cron job shuts it down again at bedtime.

That's it, really. The threat of their mom finding porno sites in the logs is pretty effective.

Yeah, they could trivially get around the proxy just by changing their settings. I'm really kind of disappointed that neither one has figured it out yet. I'd actually like them to try; they'd at least be learning something about computers.

Re:Holy shit

[Andy+Dodd]

Neither will most firewalling solutions, since they'll have physical access to the firewalls.

Doesn't HAVE to be a locked room, as an earlier poster said, corner of the living room would work. You don't need to prevent access outside of those hours, you just have to have a way to know about access outside of those hours. (Such as the classic "lights out" enforcement...)

Preventing access to the machines isn't nearly as important as preventing UNSUPERVISED access. Placing the machines in a place you spend a decent amount of time prevents the latter but not the former.

Re:Holy shit

[Captain+Centropyge]

Kid sees porno != the end of the world.

That's also where you sit down and do some parenting. Birds, bees, etc.

Re:Holy shit

[Knara]

I'd hate to tell you what I was looking at when I was 12 on the internet in the late 1980's.

But keep on thinkin' they're fragile little snowflakes.

Re:Holy shit

[huckamania]

Those $600 desktops that you built a few years ago are now worth $100 each. If they were capable of handling software development a few years ago, they should still be able to handle software development.

Re:Holy shit

[Un+pobre+guey]

Don't underestimate other parents' enforcement requirements. Some kids are wilder or at least more headstrong than others.

Re:Holy shit

[HeronBlademaster]

Sure, if you're developing the exact same software now that you were "a few years ago". If your runtime requirements have not increased. If you don't want to add graphics features to your software which were not available back then. If you don't want to upgrade to a newer, better version of your development environment. (Get the point yet?)

I learned C++ using Visual C++ 6 on an old hand-me-down IBM Thinkpad with 64MB RAM and a 133MHz Pentium running Windows 2000. It worked pretty well at the time. By your logic, it should still work pretty well, a decade later... but any programmer who is satisfied developing on that sort of machine is not a programmer I want to be working with.

I worked for a guy like you once. We were doing data processing work - huge CSV files full of customer data and do processing on them to clean them up - and some programming work to automate said processing. He had us doing that work on ancient Pentium III machines with 128MB RAM that tended to bluescreen with too much hard drive activity. Sure, the machines could "handle" the work we were doing, but when I brought in my own personal laptop - a then-four-year-old Pentium 4m with 512MB RAM - my productivity literally tripled. He eventually banned personal laptops from the office for reasons beyond anyone's comprehension, and didn't seem to care that our productivity suffered.

Oh, but the Pentium III machines "worked", right? *eye roll*

I'm not saying I'd give my kids a brand new $600 computer twice a year. I'm saying I'd give them a $600 computer to start with, and common sense should tell you that this whole topic is only relevant if they actually show interest in things that would require a mid-range computer, like gaming or programming; if all they want is to waste time on Facebook, I'd probably just get them an iPad (or whatever the equivalent is ten years from now, assuming prices on that sort of gadget have gone down by then) and call it good.

Not every kid needs their own computer, but if I'm going to get my kid a computer, then I see no reason to take on the maintenance headaches and risks associated with buying low-end, used computers from eBay (or wherever). I'd rather buy new parts to build a computer that I know I can fix if something goes wrong.

Re:Holy shit

[theaveng]

Sorry I don't see any reason to give my kid a better laptop (or desktop) than I've got. Windows XP. 1 gig of RAM. It works for me and will work for them too.

Re:Holy shit

[perspectoff]

This is a basic Internet Cafe type of problem -- you merely want to run an Internet Cafe for your kids.

There are several solutions (in addition to those listed in this thread) in the UbuntuGuide.org ThinClient/Internet Cafe section at:

http://ubuntuguide.org/wiki/Ubuntu:All#LTSP_.28Thin_client_support.29

or the KubuntuGuide.org ThinClient/Internet Cafe section at:

http://kubuntuguide.org/All#LTSP_.28Thin_client_support.29

Re:Holy shit

[Nesman64]

Not ssh, but the windows "shutdown" command allows you to specify the hostname of a remote machine to shut down. After that, your only problem is making authentication work.

Re:Holy shit

[LanMan04]

My Dad tried this when I was a kid (took away my modem cable).

I just bought one at a computer store and kept it with my stash of other contraband, busted out when needed. :)

Re:Holy shit

[Monkeedude1212]

He can't help it, the first 11 didn't go over so well, it made him superstitious

Re:Holy shit

[muckracer]

> $ cat windowsshutdown-login.txt
> Administrator
> password

Man, how'd you do that? Now I have to change my, umm, password! :-/

Re:Holy shit

[Interoperable]

...as they rocked back and forth trying to sleep but unable to remove the image that has burned itself into the retinas.

Someone's been tricked into visiting goatse a couple of times.

IMHO a 12 year old shouldn't have an internet-capable computer that isn't in a common area of the house. Arguably, that should extend to the other kids as well (I'd say 16 would be an appropriate age to gain a private machine). I think that a white-list block filter for private computers would be a good method to protect the kids; give them access to a common-area unblocked machine (the server). A white-list filter would be easy enough to implement on the server which would provide access for the clients.

That pertains to the internet safety side of the issue. The other side is parenting. I don't see that technological solutions like system state monitoring and remote control is a good tool. Kids should know the rules and occasionally get caught breaking them. Kids need to be able to try to stretch the rules and learn from that. I think that remote monitoring takes away too much freedom. Bed times should be enforced by a parent, not a cron daemon.

Re:Holy shit

[Knara]

Late 80s internet? Humm... must be referring to BBS. So, how'd that internet porn addiction you got turn out?

http://en.wikipedia.org/wiki/Usenet

Re:Holy shit

[SausageOfDoom]

No, you're an oxymoron! Haha that one never gets old.

But seriously, you're still going on about the locked room. I specifically said it didn't need to be a locked room. The parent post didn't say it needed to be locked - just a "computer room". A corner of a living room.

Ultimately you just have to trust your children to use the computer under your rules, and thereby use your parenting powers to enforce using the computers in communal areas.

After all, if - as you suggest - a child is determined enough to get onto facebook after hours that they'll learn how to pick a lock and then stay awake until everyone has gone to bed and fallen asleep, before creeping down and breaking into the computer room, I'm pretty sure they'll be determined enough to figure out a way around your DNS settings.

Ultimately you can't keep control over your children forever, and at some point you just have to trust that you have trained them well and let go of the bike and see if they fall over. Take sensible precautions; while they get used to the internet on their own computers, make sure they're somewhere you can keep an eye on them - not spy on their every move, just make sure they're not stripping off on their webcam for a 54 year old man in his underwear.

Technology is not a replacement for parenting.

One issue

One issue will be the specific games that they will be playing. If they require administrator access, you're going to have a big headache.

Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes

If they don't get admin access, then you can do some of that with windows scheduler.

Re:One issue

[slashdot_commentator]

Only XP era games "need" administrator access.

Learn to configure/administer virtualization. You control what gets on the box, and "never" have to worry about permanently hosing the machine, even if they have administrator privileges.

Sounds like he needs a firewall machine to regulate internet access (But I can't think of any prepackaged firewall software that will not require work to configure/administer). He could order up win7 ultimate as a central server, doling out usage rights to the clients, managing access to the OS disk images.

Re:One issue

[mysidia]

You can setup compatibility mode and run only the game as Administrator, without letting the user login as more than a Power User.

Or use Filemon/Regmon. Figure out what files/registry keys the game needs Administrative control over and grant it only the permissions it needs.

Also, run Windows 7, not XP. It has some backwards-compatibility features such as registry/file redirection which makes some things that required admin on XP not require admin on 7.

Re:One issue

[elsJake]

Just pray the kids don't know anything about privilege escalation.

Re:One issue

[mysidia]

If they do, it will be incredibly easy for you to figure out that they have bypassed your restrictions, assuming you also install some monitoring software on their PCs, and you actually review their activities.

I guess 3AMI software probably isn't in your home computing budget, but there is still software you can run, such as IDS software.

Probably if you lock them out you should actually check the firewall logs afterwards to make sure they didn't get around the block somehow.

If they did, it will only make their punishment more severe

Re:One issue

[Vectormatic]

Only XP era games "need" administrator access.

Learn to configure/administer virtualization.

And just what do you think the kids are playing on the 10 year old dell they have? XP era games are probably a huge step up.. a 10 year old dell box would be lucky to run any game newer then itself reasonably.

Also, in this case three new client systems will be built, do you honestly think they will be anywhere near serious gaming builds?

Anyway, with three kids 12/14/15, and one comp-ilieterate parent, keeping control of the clients is probably a lost battle, having a common gateway which restricts web-acces is probably the best, and even then you'll need to come to terms with the fact that proxies/vpn will pretty much defeat any content-level restrictions.

I know this is a single parent house-hold, and probably american, but how about actually doing some old school talking to your kids, and accepting that teenage boys look at porn?

Re:One issue

[Knara]

Nope. American parents are routinely of the mind that porn wavelengths intersecting with their kids' retinas will turn them into communists. Or, at the very least, gay drug-abusing cross-dressers.

Sorry

If you're severely lacking in the client/server department you don't have a passable knowledge of Linux, which is primarily a server operating system. Perhaps you may have a "passing acquaintance with Linux as used on the Desktop".

Re:Sorry

[TheLink]

I think he's lacking in some other department too. From the POV he's talking about, he's just going to make bypassing the technical restrictions a game to his kids.

It's like a boss spending megabucks on technical solution, when he should instead make control of employees mainly a management thing that's aided by cheaper and less elaborate technical solutions.

If Boss just puts up expensive technical controls, and is not known for enforcing policy, he's not going to get compliance.

If the boss is known for enforcing a policy, he's going to get compliance with that policy, even if the boss is not in all the time, and the technical stuff isn't that elaborate.

Sure have some blocking and monitoring, but strict restrictions are counterproductive, maybe the kid/employee really does need to use the computer to do homework/work.

e.g. "Force log-out and/or shutdown of clients for grounding purposes". "Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.;"

If they can't use the computer at home, they could go out if you're not around. If you're around to stop them from going out, you're around to stop them from using the computers[1] or using them in ways you don't want to use them.

Once they make it a habit of going elsewhere to use the computer, your technical stuff becomes useless.

You just need to know what's going on, and to block certain sites as part of showing you _really_ care what they are up to (you have to prove it in other ways too).

[1] You're the unelected Benevolent (hopefully ;) ) Dictator at home.

A good router

[spire3661]

Most of what you described can be done with a decent modern router. The hardware monitoring is a bit overboard, logs will tell you what you need to know in the event of a disaster. The force log out could be done via router too, just deny internet. Alot of this can be done with very little technical effort and more parenting skill. Most of this is going to take a dedicated person to monitor it over the course of the installation.

Re:A good router

Buy a second hand intel mac. For most o what is described above the parental controls for access time and simplified interface and locked down doc are the best I have seen out of the box.
Configure it for openDNS For filtering out the worst of the net content and just use a console system for games.

Re:A good router

[tepples]

The force log out could be done via router too, just deny internet.

Denying Internet access won't block use of single-player video games and other non-networked applications unless they have that one company's DRM on them.

Re:A good router

[spire3661]

I realize that, but I find that when i dont have internet access, my computer is pretty useless. There is no reason to get all crazy with technical answers, if they are playing games after you kill internet, administrate parenting skills.

Re:A good router

[tepples]

I find that when i dont have internet access, my computer is pretty useless.

Then what did you do before 2000, when always-on home Internet connections started to become common? And what did you do with a laptop before 3G data plans became common? When my laptop loses Internet access, such as when I get on the city bus, I can still edit, build, and run programs on it. And so can my 14-year-old programmer cousin.

But I agree with the gist of your comment: a parent can enforce restrictions on computer time without using specific computer software.

Re:A good router

[peterofoz]

We use this approach in our house with teens using a Linksys router. I set up access permissions by MAC address for the kids computers. Our other computers use for work and my wife are all password protected. I disallow internet access between 11 pm and 6 am generally, and occasionally block some sites if they prove to be problematic. The computers run Vista and we use the basic internet filter provided to restrict content to porn sites (though this is inadequate). Parents have the right to inspect the computers at any time (plus we keep an eye on social sites and the router logs). The kids have a 6 page "Acceptable Use Contract" with us (their eyes went wide when they saw this) and we've had only 2 violations in several years where access was 100% denied for a week. In one case, I just shut off internet access without saying anything and left a new copy of the AUP on their bed. It took two weeks for that child to come to me to apologize and renew the contract. Earned trust is a powerful thing and they realize its cost when it is lost.

Re:A good router

[spire3661]

I didnt get my first computer until 1999, simply couldnt afford one. (Cyrix '200') In the more modern sense, a computer without internet connection is going to be pretty daunting to an 8-14 year old. Yes you can still do local things, but honestly have you thought about how much modern computing relies on an internet connection? And to your sig. The PS3 does allow modding. Unreal Tournament 3 off the top of my head. Also see this http://pcsplitscreen.freehostia.com/games.htm

Re:A good router

[spire3661]

Parenting > technology

Re:A good router

If the single player game doesn't require connectivity, remote lockout and monitoring can be bypassed by unplugging the network cable.

Re:A good router

[icebraining]

their eyes went wide when they saw this

The sight of insanity can have that effect.

Parents have the right to inspect the computers at any time (plus we keep an eye on social sites and the router logs).

That doesn't seem like trust to me. If you have logs of every site they visit, how is that "trusting" them?

we've had only 2 violations in several years where access was 100% denied for a week

That you know of. If they were my kids (and if they were 14 or 15 like OP's), I'd be worried if they couldn't bypass that "security".

Re:A good router

[mrclisdue]

100% agree with the point of this post.

Trust shouldn't have to be "earned"; it should be granted. From what I've just read, I would certainly "trust' my children over OP's, hands down....

cheers,

Re:A good router

[peterofoz]

The motto here is Trust but Monitor. Trust in that there there is some, but not much software that blocks prohibited sites so we need to trust the kids to make good choices. We've been doing this since they were about 4 or 5 - this doesn't happen over night. They're not likely at this point to bypass the security I've set up, but I'll leave that open to the possibility in the future.

Re:A good router

[markov_chain]

Grounding is easy too, just make sure to use quality 3-prong power cables, and test the outlets to make sure the ground is not disconnected.

Re:A good router

[icebraining]

Trust is believing the person who you trust to do what you expect. If you're monitoring them, you don't trust them, and they know it. What you're doing is preventing them from accessing the websites due to fear of getting caught, and not because they understand and value the reasons you have not to visit those sites.

Prohibition won't prevent them from accessing what they want to access (in fact, it may encourage them), it'll just prevent them from reaching out to you if they need help, with fear of being punished.

The lack of trust can also reduce their self-confidence.

Of course, if your kids are 6 or 7 years-old, it's a different matter, but at 14 or 15, they're old enough to be trusted to use the Internet to access whatever they want.

Re:A good router

[mirix]

I'm not sure if you're serious or joking. (I'm thinking the latter).

I thought my folks were fascist for complaining about me drinking and smoking. Thank god they weren't net admins.

You do realize that if you're too hard-ass on your kids, they (about half of them IME), will go absolutely bat-shit berserk when they do get a bit of freedom. I guess you'll be a young grandparent.

Re:A good router

[icebraining]

Not only I believe they should be allowed, but you can't prevent them. At that age, if they want to see porn, they'll see it. The only thing you get from prohibiting it is ensuring they won't come to you if they need advice.

Re:A good router

[RandomFactor]

Thanks Dr. Spock.

Re:A good router

[mdwh2]

The kids have a 6 page "Acceptable Use Contract" with us (their eyes went wide when they saw this)

I don't think the word "contract" means what you think it means.

Re:A good router

[peterofoz]

`When I use a word,' Humpty Dumpty said in rather a scornful tone, `it means just what I choose it to mean -- neither more nor less.'

`The question is,' said Alice, `whether you can make words mean so many different things.'

`The question is,' said Humpty Dumpty, `which is to be master - - that's all.'

--Alice in Wonderland

Re:A good router

[Knara]

Of course, if your kids are 6 or 7 years-old, it's a different matter, but at 14 or 15, they're old enough to be trusted to use the Internet to access whatever they want.

Whatever they want? Does that include porn sites or not?

By 14 or 15, the chances of them having not already seen porn is pretty low these days. They prolly get more "shocking" content from their daily interactions with friends than the majority of vanilla, mainstream porn out there.

Re:A good router

[pnutjam]

mind posting a copy of the AUP, or email a fellow parent?

Do this, ground your kids, make them Engineers

[dmomo]

It's amazing what kids can figure out when it comes to getting by the restrictions their parents set forth.

They're going to learn about networking, proxies, virtual machines, ip spoofing etc. All because they want to get on Facebook. Which they will.

Re:Do this, ground your kids, make them Engineers

[cyberworm]

Amen. I'd know nothing about computers if it hadn't been for porn and video games!

Re:Do this, ground your kids, make them Engineers

That, or they'll just start using the neighbours' WiFi

Re:Do this, ground your kids, make them Engineers

[Kell+Bengal]

It strikes me that making a child work to learn what they need to know in order to get what they want could be used for a variety of educational purposes. Want Facebook? Learn to hack the router. Want the car for the weekend? Learn to break the encryption on this cypher-locked safe. Want to avoid a grounding? Learn to blame it convincingly on your sister. Want to eat tonight? Learn to pick the lock on the refridgerator.

Sure, they may not pass standardised tests requiring them to know the average rainfall of the amazon rainforest (what a useless fact!) but it does give them valuable real-world skills.

Re:Do this, ground your kids, make them Engineers

[whizzleteats]

Either that or they'll tether their notebooks to their cellphones and cost the parent an ass-ton of data overages. Revenge is a dish best served by your wireless telco.

Re:Do this, ground your kids, make them Engineers

[slashdot_commentator]

Prepaid. End of problem.

Re:Do this, ground your kids, make them Engineers

[bd_]

And what happens when they clone the MAC address of an unblocked computer (such as the parent's computer)? Bypassing filters that only block some machines on a network doesn't exactly require a genius.

Re:Do this, ground your kids, make them Engineers

[dmomo]

>> but it does give them valuable real-world skills.

Indeed! If we don't give them the nudge, they're never going to take it upon themselves to learn the fine art of refrigerator hacking.

Re:Do this, ground your kids, make them Engineers

[dmomo]

Not only that, but another requirement posted here is that they still have access to the internal network (i..e. to computers with external access).

Re:Do this, ground your kids, make them Engineers

[HungryHobo]

Absolutely!
I learned more after my highschool outsourced it's computer network to some braindead company which had a preference for locking everything down than I did when it was an open network.

I learned how to use the command line, I learned about proxies, I learned a hell of a lot of basic networking crap etc etc.

Restrict the children but only such that they must learn to break their bonds!

Re:Do this, ground your kids, make them Engineers

[girlintraining]

It's amazing what kids can figure out when it comes to getting by the restrictions their parents set forth.

Setup a PS3, and put molly guards over the emergency stop. Show them how to make hot chocolate using the HVAC exhaust in the server room. And don't worry about them playing in there. Those places are f*cking loud -- they'll get sick of running between the racks after an hour and never go back. :) Setup webcams and borrow a spare box to keep an eye on your kids while you work.

Re:Do this, ground your kids, make them Engineers

[kgo]

When my kids are grounded, they go in the cage...

The faraday cage...

Re:Do this, ground your kids, make them Engineers

[fm6]

It's amazing what kids can do with computers, period. I think it's safe to say that these kids will soon be way more computer-savvy than their mom, if they aren't already. No reflection on her intelligence, kids just learn this stuff fast.

If I were her, I'd forget about software barriers to their computer (mis)use and just make sure I knew what they're doing.

Re:Do this, ground your kids, make them Engineers

[luder]

Agreed. Once upon a time, my father forbid me to use our 486SX. At that time, it was common for computers to have a key switch (like this), which would prevent booting when locked. I got so pissed off I made a key out of the cap of a bic pen :-).

Re:Do this, ground your kids, make them Engineers

[Bert64]

Create 2 networks - one that doesn't extend outside of a locked rack, and one that goes around the house... The former is the only one with direct internet access and accessing it from the latter requires using a vpn client...

Re:Do this, ground your kids, make them Engineers

[Russianspi]

FWIW, I live in the Amazon rainforest, and I have no earthly idea how much rain we get in the average year. I don't much care either, as much as there are no massive floods or droughts.

Re:Do this, ground your kids, make them Engineers

This method encourages them to find ways around it and learn, which isn't a bad thing ;)

Re:Do this, ground your kids, make them Engineers

[uglyduckling]

None of those will help when the router is switched off.

Re:Do this, ground your kids, make them Engineers

[cynyr]

nothing because the router/switch is in a locked room, in a locked rack and that port is dead at the moment, Better get that phone i took away out. No need to do it on Mac address, when it's on a wire.

Re:Do this, ground your kids, make them Engineers

[Achromatic1978]

Kell Bengal's list of "valuable real-world skills":

• hacking routers
• break encryption on safe
• blame other people for your mistakes
• lockpicking

Interesting... which world is this?

Re:Do this, ground your kids, make them Engineers

[Dun+Malg]

Want to eat tonight? Learn to pick the lock on the refridgerator.

I'd also make them pass a spelling test, and starve them if they couldn't spell refrigerator.

(the shortened bastardization "fridge" only contains a 'd' only because the pronunciation of "frige" doesn't match the root word it comes from)

Re:Do this, ground your kids, make them Engineers

[Dun+Malg]

Sounds like what I do at work. I wish I was joking. I work for a large school district in maintenance as a locksmith. Fiddling with safes and locks is part of my job (and its fucking awesome being a locksmith). Additionally, all our computers are behind the same ridiculous firewall that "protects the children", so I'm constantly finding proxy servers for my coworkers, presumably to use to watch youtube videos and check their facebook mafia war bullshit. And last but not least, the bureaucracy where I work is so horrifyingly bad, a non-trivial amount of time and effort is spent "shifting blame" for things that look like they're our fault, but aren't. I'd say that's pretty close to blaming others for my mistakes.

Re:Do this, ground your kids, make them Engineers

Right on. And when they do, keep your cool. Ask them to explain how they did it. Let them know what an accomplishment this was. Ask them what was fun, or interesting, about it. Then support them as they try to do more, and in the process work out a deal where they buy in to your restrictions in exchange for supporting them instead of shutting them down.

Re:Do this, ground your kids, make them Engineers

[StuartHankins]

You say this as if it were a bad thing. Both those topics are +10 interesting to kids and the skills they learn certainly come in handy later. I fear the newer generations lack that sort of interest and, coupled with the increased complexity of modern systems, could be responsible for a shortage of talent. Already too much of what I see is old stuff tweaked a little.

Re:Do this, ground your kids, make them Engineers

[LordLimecat]

Depends what kind of switch you have, if the port is locked down...

Re:Do this, ground your kids, make them Engineers

[pinkushun]

Hehe, good one. I bypassed the keyboard lock by switching the override jumper on the main board.

Re:Do this, ground your kids, make them Engineers

[ockegheim]

On macs at least, you can require an administrator password to be able to change access points.

Re:Do this, ground your kids, make them Engineers

[Vectormatic]

alternatively, you could have opened the case and simple removed the cable from the lock from the mobo (and perhaps short it with a jumper, not sure if it was open-locked or close-locked)

Re:Do this, ground your kids, make them Engineers

[Jedi+Alec]

I just yanked the plug out of the motherboard so it didn't recognize the lock anymore. Ofcourse this was on a 286...ah, the good old days...when 256kB of memory on the videocard was something to brag about.

Re:Do this, ground your kids, make them Engineers

[Rhaban]

When I was a kid, I used tweezers to unlock such a switch on the parental 386DX.

Re:Do this, ground your kids, make them Engineers

[LanMan04]

Agreed. My Dad used to keep track of all the Christmas presents he bought for various people in a database (probably FileMaker or some other circa 1990 Mac program). I put a keylogger on his machine, got the password, and saw all my Christmas presents.

Told my Dad about it because I felt guilty/proud. Christmas morning I had 0 presents under the tree. They waited for me to freak out, then brought the presents up out of the basement.

And I wore an onion on my belt, as was the fashion at the time....

Re:Do this, ground your kids, make them Engineers

[Monkeedude1212]

You laugh now, but if System Shock 2 is any indication of what the future will be like, you could not be more right.

OpenDNS

[AnonGCB]

OpenDNS will work well for filtering sites, just set the DNS server on the computers you wish to filter to the OpenDNS servers and set up an account to filter stuff.

Re:OpenDNS

[AnonGCB]

I'm not familiar with what regular users can do, I assumed that non admins couldn't change network settings, I may be wrong.

Re:OpenDNS

[jim_v2000]

This is fixed by either not allowing outbound traffic to alternate DNS servers OR using a transparent proxy like squid as an intermediary.

Re:OpenDNS

[Bert64]

If you have physical access to the machine, elevating your privilege level is pretty trivial... If you don't have admin on a windows machine, some games won't play properly...

Re:OpenDNS

[icebraining]

You don't even need to reset it. I got my the admin's pass for all my school's computers by downloading a simple program to a floppy, booting a PC with it (that simply downloaded the encrypted keys to the floppy and rebooted) and then cracking them online.

The nice thing is that the key remains the same, so it doesn't raise suspicions on the admin.

Re:OpenDNS

[icebraining]

Then I'd use Tor and route everything (web and DNS) through it. Or just one of the countless HTTPS web proxies (can't filter HTTPS websites).

I got the answer, it's simple...

this is really easily done! 1) talk to your kids, be a real parent!!! i don't think you'll ever have a case where little billy gets in trouble at 1pm and you need to disconnect his computer rights from work. 2) if they need to be punished unplug the computer and take it away. 3) have admin rights to their computers so you can keep tabs on what they're doing and can't hide anything from you.

problem solved.
next.

Re:I got the answer, it's simple...

[scsirob]

You have a good point, parents need to talk to their kids.

Unfortunately, kids around the age of 14 develop their own natural firewall which filters anything parents say to them. In fact, their firewall has a built-in inverter system which makes them do everything that you specifically tell them not to.

Denying them access to their computer and thinking that that will make them study harder is silly. All you can do is sit down with them at least once and explain what they can encounter on the Internet and try to make them aware that not all of that is intended for them. With a bit of luck they will remember.

OpenDNS works well as a technical hurdle to stop them from casual missteps. By the time they get smart enough to circumvent OpenDNS, they are hopefully smart enough to deal with the darker side of Internet as well

Break this list down into multiple functions

[Dr_Harm]

Sounds like this list needs to be broken down into multiple sub-functions.

Web filtering, site access control, and total Internet denial are functions for a web proxy or other content filter. You should be able to find a linux-based web proxy that will do what you want in that department.

Scheduling usage hours, forcing logout, etc. is the sort of thing you can do with "policy" objects if you had a Windows Domain Controller. That's probably outside of your budget. But, generally, you need to be looking for client/workstation policy tools.

The computer health monitoring stuff might be part of the policy tools, but might not.

Re:Break this list down into multiple functions

[silanea]

[...] if you had a Windows Domain Controller. That's probably outside of your budget. [...]

Some linux-friendly routers will allow you to run a Samba DC on them. Samba 4 supports Group Policies. It is marked as not being production-ready, but it should be safe enough for a home network. While you're at it, the same Samba could provide printer sharing for all the machines.

(Not that I believe that Group Policies can replace proper parenting, though. Using technology to solve social problems seldom is a smart idea.)

Re:Break this list down into multiple functions

[Bert64]

Windows group policy is very easy to circumvent... Consider that most kids know a lot more than their parents about this kind of thing, and if they don't yet they will soon learn if they need to.

Re:Break this list down into multiple functions

[h4rr4r]

You can do most of that stuff with psexec. Free too!

physical access

[Khashishi]

the simplest and most effective block is to go over and shut the computer off. Take away the computer if you have to (or just the cords if that's too much trouble).

Re:physical access

[jim_v2000]

That worked for my dad. Flipping the circuit breaker for the room was also effective. No power = no computer, no video games, no tv...just reading.

Re:physical access

[ijakings]

Id probably make sure that if you take the power cord, that they dont have spares. Having spare Kettle leads was highly useful as a child.

Re:physical access

[Mithyx]

My dad used to love taking the power cord from the computer during summer vacation to try and keep me off of it. What he didn't know was the TV used the same kind of cord, so it was pretty easy to swap them out while he was at work.

When he figured out what I was doing, he took that power cord away as well. I guess he really expected me to play outside all day.

Poor guy never found the spare power cord that I kept in my room.

Re:physical access

[aj50]

My Dad once took my mouse away. At the time I was enjoying learning to use Linux so I happily sat at a terminal and learned to use links, screen, moc, irssi and a few other things.

Next time he took the keyboard :(

Re:physical access

[houghi]

Yeah, because cords are so hard to get by. It would take me about 10 minutes to get some from my friends. No PC in the bedroom is the best way anyway.

Re:physical access

[ben_kelley]

I take it you don't have kids that do homework? It's not quite as simple as taking the computer away.

Re:physical access

[TimboJones]

just reading

Sure, during the day. At night only sleeping.

Re:physical access

[omglolbah]

My father had an excellent way to block internet if I misbehaved.

Unplug the coax cable to my room and replace it with a terminator. (yes, I feel old saying coax cable)

No need for software solutions .

Re:physical access

[A+famous+reader]

Been through all of this. First thing I showed my kids was that I can see what they're doing and have done on my network, even while I'm at work. Have pretty much left them to it since then with the knowledge that there would be consequences (Son's PC spent 20 minutes on the nature strip for collection one night). I've always said "If you're doing something on the net that you would be too embarassed to show me, think about not doing it". Pretty happy with the outcome, although I still have to bitch about bandwidth near the end of the month - youtube is banned - by family concensus - otherwise ISP turns it down to a dribble.

Jeez

[davester666]

Sounds like your kids are working for a corporation, not living at home...

Re:The human factor

[SerpentMage]

The person does not know how to do security...

Here is the problem. Kid A.... "Parent parent parent I need to get a project done and you shut down my computer at 10PM. And if I don't get this project done I will get an F!"

At this point the parent's security is blown to bits because they need to make an exception. And how often will this kid say, "parent parent I have a "project""

The easiest way to answer this is as follows:

1) Own the route to the Internet. That means you give or deny access to the Internet. Kids loose interest REAL quick if they can play with the Internet.

2) Let the kids have access to the computer anytime they want. WITH the exception that you can remotely log in at any time. Install VNC server and periodically log onto the machine and see what your kids are doing. Yes it is big brother, but it also keeps people honest when they know you can log in at any time.

3) NEVER give out the password. And that means you as the parent need remote access to the home network. Because imagine being out for the day, kid comes home and needs access to the Internet. They phone you, and unless you give them access you are going to have one angry kid. Thus make sure that you can remotely access your network, make the changes and move on...

Otherwise the rest is silly and life should be fine...

Tell her not to do so

[Deaddy]

The children are old enough.

Re:Tell her not to do so

Boy are you naive. Children learn by curiosity and expanding their boundaries. It's a parent's job to put limits on such until the child PROVES they have consistently been trustworthy and you expand the boundaries a little at a time. Let me pose this question to you. Your boss tells you not to surf slashdot during work hours. Do you honor that, or do you figure you know better than your boss and are mature enough to do what you want and sneak peeks now and then anyways? If you cannot be 100 percent reliable to not surf slashdot during works hours, how can you expect children to honor a parents wishes based on the fact that they are "old enough".

Re:Tell her not to do so

[Vectormatic]

perhaps the goal isnt to make the kids grow up into perfect worker drones, but try to get them to think for themselves, make their own decisions, and if need be, break a rule or two

Re:Tell her not to do so

[Knara]

Part of growing up is learning to handle your freedom to make mistakes.

Parents who spend all their time trying to prevent their kids from making any mistakes at all end up with children who are unable to operate as self-actualized humans in the real world.

Really?

You could save yourself a lot of time and do the job better by building character rather than trying to restrict them with technology. Ultimately teaching them how to use the internet responsibly and how to live responsibly is going to be the better way to go than trying to control what they can do and when. Both you and your children will be happier for it.

heh

China allready has this

You need to ask "should I?" and not "how can I?"

[BigDish]

Where to start: Scrap all your ideas and start over.
Yes, everything you asked for can be done. The reality is though is that, with the amount of complexity you are asking for, you will be a full time sysadmin for them - you might as well quit your day job now.

Your setup is simply too complex for a non-techie (and to be honest, as a techie, I don't want to have to admin something that complex at home). You need to stop asking "can I" and ask "should I?"

Windows PCs joined to active directory can let you manage them, set logon hours, etc.

Why do you care to know if the PCs are sleeping/on/off/whatever?

A router running DD-WRT will let you deny internet access based on hours and/or PCs in a simple manner. To be perfectly honest, I hate the concept of internet filtering (by parents or otherwise) as I believe it is another step toward turning people into drones, rather than teaching them to think for themselves, so I'm not even going to offer any suggestions on that subject.

I agree with the other posters, the system you have suggested will end as follows:
1. The kids will learn how to hack around it. This can be a good thing or bad thing, depending on your point of view
2. The system is so complex it will never work and the parent will never use it as they have no clue
3. You will grow to hate it as it will take too much of your time.

you can also use Linux like Mandriva with Dos Box

Mandriva has very easy to use admin functions that can allow you to shut off a fair amount of what you are trying to do. With Dos Box installed it will play older games well and can have WINE added for newer ones. I have used SUSE, Fedora and ubuntu and believe that mandriva has the best root/admin control functions for setting up and keeping a computer running while disallowing changes by a user. Just be sure to create a STRONG password since your kids will be trying every possible way to defeat your settings. Oh, don't let a LIVE disk lay around for them to find. They will defeat all of your efforts with that after a while of practicing....

Maybe a real solution is to place the computer in the living room where you can see them while they use it and shut it off all other times.

I work for a public school

[waspleg]

We use a program called SynchronEyes which does most of these things, allows you to see essentially thumbnails of what each machine is doing, see its status remote on/off etc. It's Windows only. I see they've changed their product. It's called SMART Sync now. I don't see pricing which is probably not good. Here's a link
It's a pretty front end for VNC like functionality which would be free/oss but nowhere near as easily set up (but I'd wager largely what people will say since you specifically mention Linux and Windows and it works on both). I'm not really an expert on this part, but SychronEyes has worked well, after I added it to a custom Ghost image for that lab and set the clients to use hostnames instead of usernames for identification. It might be overkill for what you need though.

Re:I work for a public school

[Stephenmg]

We use something called Visions. It works, but I suggest putting the computers in a public area and actually watching them. Nothing you can do will completely restrict use. Even with our filtering, we walk into some rooms and every kid is on either facebook or youtube (both of which are blocked).

Re:I work for a public school

[xous]

My teacher thought he was pretty funny when he showed me he was watching my screen. Within 30 seconds I had found the process, killed it, and started writing a log-in script to do it automatically at log in. After he realized my screen was no longer on his screen he tried to reboot my computer. Somehow he accidentally selected all the computers in the lab and rebooted all the machines except mine. Needless to say all the other students were quite upset that they lost their work because he was fooling around. Moral of the story: These things only cause trouble for people that a) don't know what they are doing and b) are actually working.

Re:I work for a public school

[skudenfaugen]

I use iTALC in most of my labs at my district. And, here is a bonus, it is free. http://italc.sourceforge.net/

STOP!

Seriously! Just stop!

1. You either come up with a "normal" computer usage policy, you know, talking to your kids about stuff like porn, sex, appropriate computer policy in your house (better not be too strict on this one :P), purpose of getting them the computers, internet privacy, etc, or,

2. don't and the kids will get to all the "inappropriate" places anyway and may get you into more trouble than you ever imagined.

Frankly, you can't "filter" porn. If someone wants to get it, they will. Maybe this is one of the good sides of internet porn - parents forced to deal with sex-ed of their kids. Although most go the "easy way" and pretend it doesn't exist - "but I installed a filter!!"

Second, I would be much more nervous about insisting that your kids DO NOT use any of the file sharing software without prior permission, on case-by-case basis. Explain about the MAFIA, I mean, MPAA and the like on their lawsuit campaigns.

Regardless, your solutions are *parenting* human solutions, not technical ones.

The age group is a problem here....

[King_TJ]

I'm doing something similar but in our family, we've got a 7 and an 8 year old and a 3 year old, so it's a different "ball game".

In our situation, I don't bother trying to put Linux on any of their machines. I've found that for the younger kids, the vast majority of their time spent playing anything Internet/web-based involves Shockwave Flash based sites (or sites using other proprietary 3D player plug-ins). Unfortunately, nothing runs this stuff quite as well as either a Windows XP (or later) OS, or a newer Mac running a recent version of OS X.

I found a free add-on for Firefox called Kidzui that was pretty nice. It basically turns the browser into a "kids' browser" that has a "home page" with good suggested sites for them to visit, and lets them click and explore around in a big collection of known "kid safe" web sites. Basically, it doesn't allow going anyplace except sites they pre-approved, but they make the whole experience feel like the kid is just getting around the net without restrictions. Additionally, it can email the parent weekly stats on the sites they spent the most time using, etc.

If you're using a Mac, OS X has pretty nice parental controls built into the OS for things like not allowing use of the machine after certain hours. I didn't find Windows had nearly as nice of capabilities for that, out of the box (though Windows 7 was closer than any previous version of Windows to offering it).

Honestly, I'm not that "sold" on putting forth the effort of setting up a lot of centralized administration and maintenance for the machines on a small home network (like for 3 kids). You may as well put free anti-virus/spyware software on each computer and let them auto update themselves independently. The products that support centralized management of the AV software tend to be expensive and/or buggy. (You get weirdness like one box that gets out of sync with the server console, so you have to mess with things to get them to both be on the "same page" about the workstation's status again.)

If anything, I think it'd be worthwhile to image the drives of all the machines, once they're freshly set up with the OS and applications and configuration defaults you like. Then, if one gets screwed up, you can just wipe its drive and re-image at will from your network server. Typically, on a kids' PC, they don't have that much important data to worry about losing anyway. If they're doing most things on the net, the sites they use are saving their high scores, user profiles, and such.

Re:The age group is a problem here....

[the_womble]

I've found that for the younger kids, the vast majority of their time spent playing anything Internet/web-based involves Shockwave Flash based sites Typically, on a kids' PC, they don't have that much important data to worry about losing anyway.

You need Windows because they use cross-platofrm software.

If they're doing most things on the net, the sites they use are saving their high scores, user profiles, and such.

There are lots of fun,useful and beneficial things that are not on the net. My six year old spends only a minority of her time of the net, and her (Linux) PC has lots of educational software on it - but we restrict time spent on games. Your argument assumes that alll kids will use their computers for is playing flash games - they are missing a lot..

My daughter uses:

1) Gcompris
2) Tuxpaint
3) Battle for Wesnoth (the only game she really plays much)
4) Abiword
5) Clestia
6) Kstars

and I am teaching her to program using Python,

and I have a load of other stuff installed I want to encourage her to try.

Re:The age group is a problem here....

[pnutjam]

I believe shockwave works under wine, use the firefox version, maybe the one for Opera would work too? My kids don't even know what IE is.

Re:The age group is a problem here....

[Nethemas+the+Great]

Flash has worked for some time now with no trouble on both 32 and 64 bit installations of Linux. I think you should reevaluate... The only real reason for using Windows (and there's still the possibility of dual-boot) is for computer gaming or if there are requirements of running certain heavy weight/OS intrusive Windows application (such as Office) for school. For kids that are not yet savvy about avoiding malware infested web sites Linux is probably the first choice for reliability/safety.

From a geek perspective the notion of "total control" via a web app is appealing but not necessarily the optimal choice for parenting. There's a fine balancing act that needs to take place between protecting your kids and developing within them a sense of responsibility and self-control/discipline. It's an unenviable task with parameters unique to the individual child. Done properly the parent should be able to continue to extend additional rope from which the child may hang themselves yet they will continue to do the responsible thing and not do so. I've seen plenty of well meaning parents do quite the opposite--they're often called helicopter parents--that control and shelter all aspects of the kid's life until they're out on their own as adults. These kids have no idea how to function on their own and often make and persist in making catastrophic choices for themselves. Few things are as heart wrenching as watching these people destroy the first decade or more of their adult life for lack of skills that should have been developed in childhood.

Replacing good parenting with tech solutions ...

[PolygamousRanchKid+]

... forget the techie crap, and try spending more time communicating with your children.

I'd rather have a kid who I know I can trust to turn off his PC for the night, than have to rely on tech control and surveillance.

Re:Ask the intelligence community

[houstonbofh]

As a parent, you are supposed to exert some control over your children. That is why they are called children... That are not yet adults, and are not yet expected to show adult responsibility.

Re:Ask the intelligence community

[Mindcontrolled]

Yes - and you exert that control by talking to them, occasionally looking over their shoulder and showing them some amount of trust, not by installing a totalitarian regime in your home. Technology does not substitute for parenting.

Re:Ask the intelligence community

[HungryHobo]

It's a little over the top but parents are supposed to keep an eye on what their own kids do.
At least that's the reply whenever parents try to foist that particular burden on society rather than do it themselves.

You need at most N-1 computers

[Coward+Anonymous]

Where N is the number of computer users and you want them in a shared space, not in each child's room. Providing each child a personal computer, especially in his room, is a guarantee that any kind of interaction between you and your kids and between themselves will end. Ensuring computer "scarcity" will force you and, more importantly, your kids to interact with each other. It may even force you and your kids, gasp, to share a computer.
This also has a couple side benefits:
1. There are no "secrets" on the computers so you have no need for the tight monitoring and/or policing you seem to think you want.
2. Virus infections become a shared painful experience with obvious lessons being learned on how to avoid it the next time.

HW monitoring is kind of pointless as it won't tell you anything.

This only leaves you with a couple problems to deal with:
1. backup - there are plenty of backup solutions out there. Generally, you'll want some kind of external drive setup with automated user data backups.
2. virus recovery - If you like anti-virus software, use it. However, you should probably also keep a fresh install method handy so you can simply re-install without having to deal with the mess (this is where a good backup becomes very important). Taken a step further and to save lots of time you could have all your machines running VM hosted Windows images. Then when one of the images gets infected or otherwise "goes bad" you simply revert to the latest and greatest clean VM image (user data backup is still very important).

Re:You need at most N-1 computers

[RavenousBlack]

Whenever I was younger we had one computer in the living room that everyone used. My family was N = 4 where only half the users used the computer the majority of the time. My dad used it for playing freecell, my mom hardly ever used it, and my brother and I would then fight over who would use it. This didn't really force interaction, or at least positive interaction, and what I was doing when I wasn't on the computer was watching tv while waiting next to the computer to use it. This set time restrictions on when we could use the computer because my parents would just come out of their room and say "Get off the computer, go to bed." There were still "secrets" on the computer because we knew that it would take a little more than deleting the history to hide what we had done on the computer, so we figured out how to do that first, then we did whatever we wanted. We got in trouble if there was a virus, so that was something we learned how to deal with too before our dad found out and we had to sit there watching him bumble around menus trying to figure out what to do while cursing at us.

Re:You need at most N-1 computers

[Voyager529]

Actually, this is among the best responses I've read yet. I agree with some degree of filtration - my grandmother used to say "locks are for honest people", so I agree that filtering to prevent accidental run-ins is a good idea, but it's no way to sidestep responsibility.

To directly answer your question, I think that OpenDNS+SteadyState+Linksys Router would be the best technological solution, but the parent poster here does make sense. There's a social aspect to the problem that will be exacerbated rather than alleviated by giving each child their own computer, so keep that in mind no matter what you choose.

Joey

DD-WRT and OpenDNS

[konadelux]

Well, this all sounds a bit overkill for childrearing, but as a 26 year old university student who knows exactly nothing about raising children as a single parent, I'm going to give you the benefit of the doubt.

At any rate, all of the internet scheduling/cutting off can quite happily be done by any router running DD-WRT. Pick up an old Linksys WRT54G somewhere and you'll be fine. Set it up to use OpenDNS to filter any bad sites.

Scheduling of Virus Scanning is obviously a no-brainer as any virus scanner worth its salt will quite happily do that automatically. It's probably blaspheme around here, but for those friends with windows machines that I've had to help fix, I've actually had good luck with Microsoft's own free scanner.

As far as the hardware monitoring/log emailing, maybe just drink a beer on the porch and relax instead. Too much worry is bad for your health.

I for one...

[EnsilZah]

...commend your commitment to teaching your kids how to avoid and circumvent computer restrictions.

Parental controls

[pvera]

Both Windows 7 and OSX have parental controls that enforce usage times in a per-account basis, which apps can be run from these accounts, which sites can be accessed, etc. I have been using these with OSX (a good write up at http://theappleblog.com/2009/01/13/kid-proofing-a-mac-with-parental-controls/) with my 11-year old autistic boy and they couldn't be any simpler. He can only log into the machine at certain times, and I have the option to set a maximum session time per day. He can only run apps that I approve, and can go to sites only if I explicitly allow them. The bad news is that, at least in OSX, Firefox doesn't respect the parental control settings (Safari does it fine).

I checked with Windows 7 and the parental controls seem to be pretty similar. More at http://www.microsoft.com/windows/windows-vista/features/parental-controls.aspx

My only real annoyance is that Youtube doesn't have real content rating, which makes it a pain to filter properly. My son loves to make balloon sculptures and is always checking for new video tutorials, the problems is that while looking for these, he runs into the videos of the balloon popping fetishists. One second I am hearing a video explaining how to twist balloons into a roadrunner, next I hear a 300-pound woman in a bathing suit giggling and sitting on balloons to pop them. Gross.

Re:Parental controls

[terraformer]

I was wondering when someone was going to post this. Granted, I probably would have posted "Ummm, get a mac..." but yours is clearly more informative. :-)

Re:Parental controls

[thasmudyan]

I remember when I was 11, I had the only computer in the house and was the only person who actually knew what a computer was. In hindsight, I had been toiling along aimlessly for years until I got my first Commodore for my 9th birthday. That thing literally transformed me, and woke me up in countless ways. I hate to think about how miserable my childhood might have been if my parents hadn't allowed me to live my hobby like they did. There were no usage restrictions of any kind, they just trusted me. Granted, there was no internet, but there was lots of pirated software and other stuff going around, including porn which I assume parents today are most afraid of. On that note, we also had several freely accessable TVs in the house, allowing among other things unrestricted access to egregious German porn channels. And you know what? I didn't even watch TV, except maybe for an occasional episode of TNG.

The point is, my parents used a trust system and it worked out great, because trust then goes both ways. They believed in talking to their children. They believed that children, while still immature, are capable of insight and reason. Because they always explained the reasoning behind their rules, there needed to be very few rules in the first place. These methods also have the added benefit of children that adhere to the spirit of the rules rather than merely to the letter. However hard parents try, they will never be able to "protect" their children from exposure to gross, unsuitable material - especially online. Filtering and censorships do not work. And what's worse, when filtering does break down, a child will be exposed to bad content wholly unprepared.

Of course it sucks that children come across, say, waterballoon fetishists on youtube every day by accident. The problem is probably a lot more severe if a child has an illness such as autism. Being admittedly largely ignorant when it comes to the education of autistic children, I'd still be interested to learn if it isn't possible to convey the nature of fetish porn to an 11-year old child and teach him how to avoid this stuff by himself?

Re:Parental controls

[symbolic]

Balloon popping fetish? I'm SO there.

Re:Parental controls

[Tromad]

In addition windows live has a Family Safety addon where you can see and limit the websites kids visit (among other things):
http://download.live.com/FamilySafety

While it can be done much better in linux, if you are a linux noob I suggest getting something like Windows Home Server, this way when shit hits the fan (as it inevitably will) everything is already automatically backed up:
http://www.microsoft.com/windows/products/winfamily/windowshomeserver/default.mspx

Re:Parental controls

[muridae]

Of course it sucks that children come across, say, waterballoon fetishists on youtube every day by accident. The problem is probably a lot more severe if a child has an illness such as autism. Being admittedly largely ignorant when it comes to the education of autistic children, I'd still be interested to learn if it isn't possible to convey the nature of fetish porn to an 11-year old child and teach him how to avoid this stuff by himself?

It would really depend on the degree of autism that the child suffers from. Some children, even by age 11, are not able to communicate effectively, and others would not understand, or be frightened by, the concept of a fetish for destroying something they like. Explaining the jump from just a fetish for popping balloon to balloon popping fetish porn would be another huge step. But the spectrum for autism is so wide that there really is not way to make a generalization.

Re:Parental controls

[stephanruby]

One second I am hearing a video explaining how to twist balloons into a roadrunner, next I hear a 300-pound woman in a bathing suit giggling and sitting on balloons to pop them. Gross.

Either your son didn't know what was going on, and then no harm done, or he did, and he found it gross also. I don't see what the problem is either way.

Re:Parental controls

[pvera]

You are correct, the problem is not my son, he either switched the video, or watched it more interested in the balloons themselves than in the 300-pound woman.

The problem is my wife, she'll scream at both of us whenever it happens.

Re:Parental controls

[pvera]

He actually enjoys the popping (but not a twisted balloon sculpture, he keeps these around until they deflate on their own). There are other popping videos that are hilarious, like for example a Jack Russell terrier popping what seems to be a full living room crammed with balloons in just a few seconds.

This could be easily solved if Youtube embraces a standard content tag and allow the content generators to rate their videos. I am sure that balloon popping lady wouldn't have trouble rating her videos higher than the PG level that I try to keep as the max for my son.

Re:Parental controls

[stimpleton]

I hear you. My little one likes ponies. A search for Pony yields either what we might expect. Or.....this: Pony Girls. This being NSFW.

Re:Parental controls

[OgGreeb]

I agree with the parent poster, OS X's parental controls work really well. Unfortunately we have two iMacs with the parental controls enabled, and my boys have learned to swap machines when the time runs out, or switch to the BootCamp Windows partitions to get around the controls. What I really need is an outside (from the iMacs) arbiter running on my house Linux network server to provide those controls so it is cumulative across all the login options. I've tried to set up LDAP on the linux server, but it's still not setup correctly.

Control is an illusion.

[praxis22]

There are products you can buy that are normally used in businesses, that allow you to do key stroke logging, remote snooping the screen, etc. If you're as paranoid as the business that use these tactics on their workers then I'm you can find them with the Google. I don't expect they will be cheap, and they will require a lot of setup, you'd also have to do this away from home for obvious reasons. But if you mistrust your kids that much already I'm sure you're prepared for that.

This sort of thing sounds like it's right up your alley: http://www.softactivity.com/

Of course as pointed out above they can be circumvented with the Google too, often by the simple expedient of going to a library, or a friends house. You could of course spy on them there to, by bugging their phone, though of course if you follow down this route you'll work out that locking in their room, and home schooling them under armed guard is the only rational choice. What you're going to do in a few years once they leave home and become adults, (so called) is a different matter.

You could of course just lock them in the basement.

You need Mac Minis or used MacBooks

[copponex]

http://theappleblog.com/2009/01/13/kid-proofing-a-mac-with-parental-controls/

Buying a Mac is going to be way cheaper than dealing with viruses on Windows or trying to learn being a Sysadmin on Linux. Buy Mac Minis and cheap monitors/keyboards/mice or pick up a used MacBook or iMac. Look for something that has the extended warranty - hardware failures will be repaired for free. You could even consider getting them an iPad with a keyboard, and only installing the applications you want them to use.

Just keep a local account on each system with a password that they REALLY don't know, create their accounts with the instructions provided above, and you're done. For extra protection, have someone write a script for you that sends an e-mail every time the Administrator account logs in, so you can know if they have figured it out.

Also, don't bother with virus protection. Weekly backups and nightly syncing their documents is a much more realistic and effective option. Pick up a Time Capsule and their computers will backup automatically. Just make sure you restrict their hard drive quota so all of their information will fit.

Re:You need Mac Minis or used MacBooks

[mjwx]

Buying a Mac is going to be way cheaper than dealing with viruses on Windows or trying to learn being a Sysadmin on Linux. Buy Mac Minis and cheap monitors/keyboards/mice or pick up a used MacBook or iMac. Look for something that has the extended warranty - hardware failures will be repaired for free. You could even consider getting them an iPad with a keyboard, and only installing the applications you want them to use.

You also get around the problem of children learning to circumvent your restrictions. After they become Mac fanboys they'll become dependent on the OS doing their thinking for them and recognise that the restrictions placed on them by their own computers is for their own good.

You may also have to give up on the idea of ever seeing grand children.

Or you could just be a parent. Have one or two computers in a shared location, no reasons for kids to be on them all the time. Now rather then trying to block out all the evil of the internet (enumerating the bad is an unending and futile task) you should teach your children how to react properly when they encounter evil so when they are fully functioning adults they have all the wisdom necessary to deal with a world that has evil in it.

There is a saying, nothing can get between a 14 yr old and a bucket of porn, what you need to do is ensure that when said 14 yr old gets to said bucket is that he understands what it is and can react appropriately. Not that you should make it easy but you should try using parental road blocks, not technical ones as the technical ones are far easier to bypass.

But don't go Mac, give them Linux, let them learn how to hack and think about problems. They'll be better off later in life if given the freedom to tinker.

Re:You need Mac Minis or used MacBooks

[copponex]

After they become Mac fanboys they'll become dependent on the OS doing their thinking for them and recognise that the restrictions placed on them by their own computers is for their own good.

You can talk shit when GNU/Hurd is finished. Until then, leave the adults alone while they get work done.

See you in twenty years or so!

Re:You need Mac Minis or used MacBooks

[pnutjam]

I think he just called you gay...

I agree

Re:Ask the intelligence community

[houstonbofh]

Never said it did. But occasionally you have to clean the house, cook dinner, go to the bathroom. Not all of us have the leisure to hover over children all day. Especially a single parent, as referred to in the post. This is just a gateway, not a solution. It will never be perfect, and it will require an attentive parent. I would also say keep ALL of the computers in the living room. With less privacy, they are less likely to "cheat" the filters. The old "Daylight is the best disinfectant" sort of thing.

dd-wrt

[bcn17]

dd-wrt will do it. A trusting relationship will too. Although, it may be a good way to catalyze production of tech savy kids. They will figure out how to get around it. :D

Re:The human factor

[HungryHobo]

I remember when I was a teenager.
My dad added a power on password on the basis that he utterly detested games.
The problem was he didn't even give it to my mother.

Of course one day I actually needed to print something in a fucking hurry and he couldn't be contacted so I solved the problem with a screwdriver and the motherboard manual.

Which brings up the problem of physical access.
All the software in the world is pointless if the teenager can simply swap some network cables.

virtualization will kill any game need video card

[Joe+The+Dragon]

virtualization will kill any game need a video card better then a basic 2d one.

Just get them all macbooks

[afed125]

Your kids don't want censorship or locked down obsolete computers. That shit will just hinder their education.

Re:Just get them all macbooks

[Kryptonian+Jor-El]

Exactly. My parents had a local computer company install a monitoring software on my computer when I was 12. They claimed that I "wouldn't even know it was there". Needless to say, there was a taskbar icon that I had never seen before... Anyway, my point is that kids don't like having their shit restricted. It might have taken me a few hours, but I taught myself how to reinstall windows and how to find and install computer drivers that night. Presto, I fixed my computer. The OP's kids will either find a way around all of these restrictions, or will give up, and steal the neighbor's wifi

Re:Ask the intelligence community

[Mindcontrolled]

I am not asking to outsource parent responsibility to society, on the contrary. If the kids are to learn responsible behaviour, you can't just exert total control over their actions. You don't learn without the possibility to make mistakes. That's why you give them the rules, let them do their thing and occasionally check up on compliance - if they don't keep to the rules, you find out why, talk to them about that and give em a proper ass-chewing if necessary. You don't need total computer access control to teach them to use the things responsibly.

Re:Ask the intelligence community

[Mindcontrolled]

Why would you need to hover over them all the time when they use the computer? It is a damn computer, not a table saw - think that 13 year old will be scarred for life if he finds a porn site? If he won't find it on the net due to the great firewall of the parents, he'll get it on a USB stick on the schoolyard anyway.

Linksys WRTG54L

[Splab]

This does most of what you want out of the box.

There is a nice admin interface where you can create profiles based on day of week, per MAC etc. Block certain keywords.

Re:Linksys WRTG54L

[VIPERsssss]

I'd rather stab myself in the face than buy another Linksys product. I've seen waaay too many of them just stop working.

Re:Linksys WRTG54L

[Splab]

Ahh the lovely annecdotal argument. Well played sir.

Possible alternative to ex-Stasi agent

[Lacrocivious+Acropho]

While I cannot imagine any one product will do all the things you mentioned as requirements, you might find most of the functions available in ClearOS (formerly known as ClarkConnect). You manage it primarily from a web-based interface which has pretty good granularity in terms of specific functions for specific users, and of course you can use the linux command line as well. These things are great for parking between the Intertubes and WinOS boxen, and I've been using them since 2003 for home and small business clients. Also, it will run on whatever ancient relic you have stashed in the basement computer graveyard. I have no connection with ClearOS other than as a user.

Get a NAT router, going beyond that is silly.

[Toasterboy]

A decent NAT router will do all the internet control stuff you are looking for, with an interface that isn't too terrible to grok. The rest of what you're asking for starts to crank up the cost and complexity extremely fast, especially for a single parent with three teenage kids...

Really, you don't want to try to set up draconian enterprisy stuff, it's not designed for consumers, will take time to administrate, and will break on you anyway. Network control via NAT router should be sufficient. If the parent wants to be able to physically control computer use too, then set up the clients up with the hard disk in a removable bay carrier. Yank it when you want to deny access to the machine totally. Much cheaper than setting up a domain and controlling access with accounts, and more reliable.

Seriously though, today's popular computing tasks pretty much require network. The NAT router gets you enough control. All other security measures are pointless because the kids have physical access to the machines; it doesn't take much to get Ubuntu running from a USB key with a spoofed MAC address...which negates almost anything you might set up on the clients anyway (and can bypass some NAT restriction configurations anyway).

A decent NAT router will have web access logs, so if the parent is paranoid, they can check up on what websites the clients have been going to, and also block specific sites. If necessary, the NAT router can block communications by port, too, to deny specific applications from working on the network, such as msn messenger, XBOX, bittorrent, or specific game protocols. In practice though, it's a pain to change that stuff all the time.

Technology isn't going to solve the parenting problem of the parent teaching the kids what is and is not appropriate. That requires the parent doing *parenting*. You've already failed if you have to resort to logging, blocking, and physical denial to reinforce consequences for going outside what is acceptable, more than once or twice.

Re:Get a NAT router, going beyond that is silly.

[bhima]

actually I'm sort of surprised at all the complicated suggestions everyone has come up with. Home routers are cheap and do everything the guy wanted.

Re:Ask the intelligence community

[HungryHobo]

But if you don't put any barriers in how shall they ever learn about proxies, address spoofing, packet sniffers and all the other wonderful things involved in defeating technical parental controls?

Don't forbid, educate!

First of all may I remind you (parent) that your kid's education is your frickin' job?! Technology is still NOT able to replace good parenting and probably/hopefully that won't be the case anytime soon. Your teenagers will find a way to break your rules sooner or later anyway so why even waste time TRYING to create such a virtual soap-bubble-castle for them? They'll only feel more controlled and repressed and that will eventually lead to more rebellious behaviour from their part - none of you would like it. They're teenagers so just DON'T FORBID them a thing in "their own" home. They're not your slaves, they're still your kids! You (and your kids) won't succeed by using technology as a replacement for a real parent!

TALK and CONNECT to your kids, teach them meaningful ways of using modern technology (or even better let them teach themselves, they probably even know already much more about technology than you do). At this age they won't listen to you anyways but maybe with a little teasing ("You'll get a new computer, if and only if ...") will make them behave for some time. Apart from all of that: Three kids fighting over one 10-year-old computer, in the year 2010, sorry, but that's just plain ridiculous! If you can't afford a life worth living for your kids maybe you just shouldn't have produced them yet.

Re:Don't forbid, educate!

[muridae]

Right, because judging the person based on a question they asked is so obviously the correct way to respond to it. Why does everyone bashing this person assume that they have not tried talking to their kids. Maybe they have tried setting rules, and enforcing them. Maybe the kids are not as well behaved or rational as all the /. posters seem to remember themselves being. Or, in your case, Mr. Anon. "10 year old computer is proof of bad parenting" Coward, maybe the kids are exactly as asinine and obnoxious as you are, and NEED to have their computer usage restricted.

Re:virtualization will kill any game need video ca

[slashdot_commentator]

I'm not talking VirtualBox, I'm talking something with a real hypervisor like Xen. You configure Xen for the client to get all the "juice", and maybe localize the game software. Then again, I've never tried running something like FEAR2 on a virtual client...

pf

[roman_mir]

OpenBSD with packet filter + djbdns for dns caching and resolution.

packet filter allows rules to control local NAT and redirection of connections to/from external addresses. But this does not control clients for all of the other functions you are asking, that probably can be done with PCAnywhere or some other VNC.

However it is not a simple task, from 0 to everything works it may take many many days if you have never done it before.

Re:Ask the intelligence community

[Mindcontrolled]

Hehe, well, true - that might actually the best use for a setup like the one asked for. They might be more motivated in learning proper hacking techniques if they can use it to circumvent your controls.

No they don't.

[tomhudson]

What they NEED to do is supervise what their kids are doing - not leave it up to the server - the kids will get around that SO quick.

All you're doing is giving a false sense of security.

Put the computers where the single parent can SEE the kids using them. And they can see each other. If you start hearing lots of giggling, check to see if they're looking at porn. Also, the kids will snitch on each other if they can see what they're doing.

Re:No they don't.

[karnal]

I agree with this statement; however if the machines in a specific area must go through one specific device to access all, it is safe to assume that you could use that device as a point to gather statistics about use.

This doesn't mean that someone won't figure out (as stated in other posts) how to tether their cell phone to their laptop, or crack the neighbor's WEP key....

Re:No they don't.

[tomhudson]

Because, as I an others have pointed out:

1. the kids will work around it anyway - they have more skills (and time) than a parent who admits that they're clueless
2. giving each kid their own computer? Let them learn to share, and to do things cooperatively
3. "with a proper setup, he can actually log in to this monitoring web page from work and keep an eye on the kids and stop bad behavior from work." Good way to get fired really quick - and that solves the problem of "how do I keep an eye on the kids while I'm at work". Think of nanny-cams from a decade ago, and how workplaces came down hard on them - "You're here to work, not watch your kids."

It's dumb. If technology is the problem, more technology - in the hands of and managed by dummies - is not the solution.

I'd love to hear a better way of doing this as a single parent short of making a robot wife or integrating your house with HAL9000.

If you're a single dad, hang around with your kids. You'll find a lot more single moms that way. Do I have to explain *everything* to you?

(and don't whine "but I don't want someone else's kids" - hey, it's a package deal, and you're no prize yourself - or maybe you are, in which case ASK YOUR KIDS TO HOOK YOU UP!!!!)

Re:Ask the intelligence community

[DNS-and-BIND]

I am having a laugh riot at the idea of a household consisting of a single parent, a 12 year old, a 14 year old, and a 15 year old being run as a democracy.

These aren't little children

[Brianwa]

I'm losing some mod points by posting this, but I didn't notice the ages here -- 12, 14, and 15? Let them have some old/spare computers if they want. Show them where to download a virus scanner and tell them that if they break anything, they have to fix it. I don't see what the issue is here. They are going to have homework the requires the Internet anyway, so shutting down access after 10pm and in the early morning is just going to hurt them. By the way, my middle and high schools implemented strict filtering schemes on their networks. We had to put a fair amount of effort into getting around them *not* because we wanted to browse facebook/myspace/b/ at school, but because we often did research for our essays on school computers, and we wanted actual, balanced evidence, rather than the limited and biased crap that the filters let through.

X10 and Router iptables scripts

[mache]

I do four things for my kid.

1. Install X10 controlled electrical outlets that you can control from either a secured (locked up) X10 keypad or from a secured computer interface. Nothing says do your home work like a dead electrical outlet.

2. Using third party firmware on the router, such as DD-WRT, set up iptables scripts that can either block all network traffic to the specific machine, block all Internet, block selected Internet sites, ... using a secured plink call to an on router script (see documentation on ssh and putty).

3. Set up separate non-admin accounts on each machine, one for fun and games and one for home work only. Share document storage area among the two accounts. Never give up admin tot he kids

4. Up to date antivirus software. .

Needless to say, I get lots of push back from my kid and I have not been completely successful in all four. But I have implemented enough so that he is not totally off the deep end (or so I am led to believe).

Being a parent has given me a new appreciation for functioning in a non-deterministic universe.

Good luck

-- Mache

Re:X10 and Router iptables scripts

[Kryptonian+Jor-El]

You must really hate your kids

The need for a Linux Home Domain Controller

[Zombie+Ryushu]

This is one area where Linux amazingly has been lacking. Home Domain Controllers. You can create a home domain controller with features Windows has never dreamed. Its just really really, really too hard. There needs to be a Home Domain controller Application added to most Linux Distributions.

Mandriva comes close to this with the ability to setup fully functional Samba Domains stand-alone only. But if you try and configure OpenLDAP, Kerberos, Squid, FreeRadius or anything else, it becomes a time vampire to get it all working right. And its not that the software is buggy. Its that often, the software is configured badly, and not at all.

https://qa.mandriva.com/show_bug.cgi?id=58653 Take a look at this bug I filed.

Re:The need for a Linux Home Domain Controller

[cynyr]

i agree, i just wish getting LDAP+nfs homes was easy.

Re:The need for a Linux Home Domain Controller

[VIPERsssss]

Mandriva used to have a product called MNF that did everything he's asking for. Unfortunately the free version is discontinued. I've built one from scratch using the packages, but it's not easy. That was a long time ago, so I don't know if it's even possible to do anymore. (ie. I don't know if the httpd-naat package is still available)

That being said, I wish they'd bring it back. That product was awesome.

Re:Ask the intelligence community

[Mindcontrolled]

I am not implying that the kids should vote on the mode of their internet use. But if you do not give them any freedom, including the freedom to violate the agreed upon rules, you do not give them any trust. How should they ever learn responsible behaviour without experiencing trust and freedom?

Windows Home Server from HP

[VTBlue]

//Microsoft Employee Here//

The new versions of Windows Home Server is perfect for what you want to do plus there is a great community of users who develop custom plugins for new functionality. Check out http://www.wegotserved.com/

Newegg.com has some great prices.

Netbooks

[leromarinvit]

I'd say get them netbooks and set up a wireless router. It's more useful than a desktop PC and cheaper too. Regarding your desire for control, don't bother. If you want your kids to trust you, you need to trust them. It will work a lot better than exerting draconian control.

And if you really feel the need to punish your children for something by taking their computer away, you can just lock the netbook up somewhere for a day or two.

Show the kids some trust

[1s44c]

How about getting a cheap broadband router and letting the kids chose their own computers?

You are not doing your kids any favors by monitoring everything they do, trust them to use the computers responsibly.

Re:Show the kids some trust

[funwithBSD]

Doveryai, no proveryai

Re:Show the kids some trust

[muridae]

Some people seem to think their parents never did this. Whether as blatantly as calling other parents to ensure that stories match, or just talking to the other parents at the grocery store about the party both kids went to, this isn't something new. Parents now can not just ask the internet, while shopping for groceries, about what the kids were doing.

Re:Show the kids some trust

[1s44c]

Doveryai, no proveryai

Trust, but verify. What You mean is put on a show of trust but act with distrust.

You can monitor, audit, and control your children if you like. What you won't get are well balanced and responsible adults.

Re:Show the kids some trust

[funwithBSD]

No, you don't trust kids.

That is why they are kids.

You do *show* them trust by giving them the opportunity and verifying the results. If they fail, you dust them off and help them understand where they went wrong and help them take the consequences like an adult.

If you could trust them, they would be adults.

And, as history as shown, you can't really trust adults either.

Re:Ask the intelligence community

[raddan]

Keeping an eye on your kids is not the same thing as having a totalitarian regime. I think that logging what your kids do and when is completely acceptable. Whether you reveal this information to them or not is a different story.

When I was a teenager, I got in all kinds of mischief. It turns out that my parents knew about pretty much all of it, but I did not know about this at the time. They didn't interfere unless they thought that I was getting into something over my head... like when I became very depressed, for a long period of time, and I bought myself a bottle of sleeping pills. That was an important intervention.

Children have no right to privacy. Teenagers chafe at the idea, of course, but the fact is that they are children, and good parenting means making decisions that are in their best interests, not their greatest desires. When they're able to weigh their actions with the consequences of those actions (i.e., becoming an adult), then they get privacy.

When your daughter starts googling birth control, it's time to have a chat.

Re:virtualization will kill any game need video ca

[slashdot_commentator]

Doesn't matter anyway. I thought the querent was a system administrator. There's no way they could implement anything I'm suggesting without previous sysadmin experience.

They have to use a firewall regulating network traffic in order to manage what their kids do online. There's no other way. Kids will get around any client machine kludges. And whatever firewall implementation they use, they're going to have to go geek to be able to interpret/manage the network traffic.

I still think its possible for them to implement a windows server and make the clients boot off an OS image, but the administrator will have to go through geek hell to manage his users.

OpenDNS

[splatnet]

Hi, I'd agree with the idea of computers in a shared space as solving lots of issues. Monitoring them for hardware failures and uptime is all very weel but you're not running mission critical webservers on these units, if they crash once in a while that will also be a good life lesson to learn. I've setup openDNS on various friends systems for their kids and the free version is reasonably useful, it will give you full offsite internet logging without letting you know the individual machine thus giving you an overview without violating your users/kids privacy, at the end of the day they should be able to explore some of the web, just not the extreme stuff. Charlie

Re:Ask the intelligence community

All that's being asked is to put limits on when they can use the computer and unspecified filtering for objectionable content. These are completely normal requests, no different than the parental controls built into televisions and other devices. You're jumping to conclusions as to the level of filtering that the parent is going to use. Since we all know that filtering isn't foolproof, it's more reasonable to assume that the filter will only be getting the most obvious and egregiously objectionable content. There's still plenty of room for mistakes and teaching moments.

You seem to be misunderstanding the difference between the autonomy of adulthood and the semi-autonomy of adolescence.

The last thing a single parent asking for help needs is to be put in the same camp as the Stasi. I don't think forced shutdowns at bedtime or when they're grounded rises to the level of one of the most effective secret police ever devised.

3 Macs, not antique Windows, they are not grandpa

[gig]

Get 3 Macs, not 3 Windows machines. There are parental controls built-in, and with Steam they run most of the same games. They also have digital media tools built-in, as well as many special subsystems related to that kind of work, which for kids that age is like the 3 R's. In college they will be using Macs, and people of their generation overwhelmingly use Macs, the skills will be more beneficial than learning Windows. There are no viruses, no scanners are needed, and they're Unix, so they are more Linux-compatible than Windows. They backup automatically to an external volume, and the kids have the Apple Store to do free seminars on whatever they're interested in.

For yourself, use Linux if that's what you're into. But your idea of computing is likely very different from your kids and their generation. They want the computer to disappear and make movies and play social games. It's a car for them, not a hot rod. And most of all, the Mac is part of this century, while Windows is literally their father's 1995 computer.

Macs are all-in-one, complete systems, and there are no low-end models, but with AppleCare you are guaranteed 3 full years of 100% operation of both hardware and software, and then when AppleCare expires, you can sell each Mac for half of what you paid for it, which you out towards the second generation of Macs and they will be cheaper than low-end Dells. So only the first generation is more expensive than low-end PC. You pay full price for your first Mac, but only half price for every subsequent Mac. Over time, not only will the resale value save money, but it comes with $1000 of software you don't have to buy later, and the reliability and lack of need for utility software and I-T time will save you money and time.

Clear rules

[Max+Romantschuk]

Here's the approach I will likely take once my kids are old enough to use the net:

- Negotiate proper rules with them.
- Have something log what sites they go to, when etc.
- Let them know about the logging, and make it clear that you will review the logs if there is a need to do so.
- Also, I don't believe that someone who is 12 needs unsupervised net access. Have a machine in the family room and let them browse when you're around.

Ultimately, the only common denominator for success is parenting.

Re:Clear rules

[tomhudson]

Let them know about the logging, and make it clear that you will review the logs if there is a need to do so.

Horse, meet Barn Door. Barn Door, meet ... oops, gone already!

If they're clueless to begin with, they won't know what to look for in server logs.

"ExpertSexChange?"
"No, it's ExpertsExchange - a computer information site"
(parent looks, scratches head in amazement - the kid's telling the truth!)

"Two Girls, 1 Cup?"
"Oh, that's a tennis match, mom!"

"Hot Coffee?"
"An add-in for Java."

"Tubgirl?"
"The fattest girl in the world, mom."

"reddit?"
"On-line book reviews - like 'I read it', get it?" Think 'Cliff Notes'"

"autopr0n?"
"on-line drivers ed course, -p for park, r for reverse, n for neutral, 0 for overdrive, duh!"

"4chan?"
"Kids TV listings - teacher gives us an assignment once a week."

"slashdot?"
"okay, you caught me - its a site that posts slasher snuff videos."
(parent goes to look at slashdot)
"Very funny!"

Single parents have a job

[tepples]

the computers he's trying to administer are like 10 feet away from him.

Not necessarily. Single parents tend to have a job.

Go as low-tech as possible

[Ritchie70]

If these are desktops, for "grounding" take the keyboard, mouse and power cord and lock them in your car trunk. If laptops, just lock the whole thing up.

My parents used to take away the stereo speakers as a punishment. Same concept.

For "hours of access" don't put the computers in the little darling's bedrooms, and send them to bed. That will mostly take care of filtering, too; nobody wants to be looking at porn in the family room.

When my stepson was 9 he had a computer in his bedroom. I put in a router rule to keep it off the internet but still let him print to the network printer. I don't know if he figured out how to get past it or not. The computer he could use with internet access was next to the TV in the living room.

Re:Go as low-tech as possible

[tomhudson]

If these are desktops, for "grounding" take the keyboard, mouse and power cord and lock them in your car trunk.

1. spare power cord - $1. (free if you rummage around)
2. spare mouse and keyboard - $15 (free if you rummage around)
3. downloading pr0n when your parents think you're reading a book - PRICELESS
4. lawyer for when the FBI comes calling - might as well be priceless, it's gonna hurt so bad ...

Re:Go as low-tech as possible

[Ritchie70]

And I had headphones when the parents took the stereo speakers.

Stop by now and then and 1) see if there's a keyboard, and 2) see if the case is warm. If so, punish further, rinse, and repeat.

If the parent has the tech savvy to manage it, fine, do firewall stuff.

If they're low tech/no tech, work the physical layer.

Shocking as it may sound, taking a computer off the network isn't the same as disabling it. ITunes and (some) games will still work.

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

So you are ok with your kids being on AIM all day looking for older guys who make them feel special? Or surfing porn all day? Or, even doing what you want and accidentally running across goatse guy? He's not looking to be the gestapo. He's looking to have some basic protections in place to protect his children from the unsavory parts of the Internet, and to make sure that they don't abuse the priviledge of having a computer in their rooms.

Sure, he could fix this by doing what he does now, having one computer for all three in a public place. But he's trying to improve their access, not limit it. And he just wants to make sure that improvement isn't abused.

Re:Ask the intelligence community

[kikito]

I could not have said it better. The proposed setup is plainly horrendous. I guess the first thing the 15 year-old will try to do is overcome the network limitations (and rightly so).

Re:Ask the intelligence community

[K.+S.+Kyosuke]

"Children have no right to privacy."

You forgot to prefix that with "In the US"...

Re:Ask the intelligence community

[slimjim8094]

I hate to sound like an ass, but if you're so scared of what your kids are going to do when you leave for 5 minutes, you're not doing your job as a parent. If they're 2, sure, hover over them - my brother got into our fireplace and covered with ash, as well as took every big sharp steak knife out of a childproofed door in about 30 seconds of 'not there'.

But if your kids are old enough to use the internet, and you're seriously worried they'll burn the house down while you're in the can - you and your kids have a problem that a firewall won't fix.

My parents raised me with the assumption that I wouldn't pull any stupid shit, made sure I knew what was stupid, and made me dislike coming off as stupid. That's really all it took.

Idea

[DaMattster]

I would Google for information on setting up Linux and Squid on a PC that you designate as a router. I've found the following tutorial to be helpful: Linux Home Networking

An answer, of sorts.

[unkiereamus]

I'm going to go ahead and join the folks saying you can't do all this from one app, but, for what it's worth, here are my suggestions for how to achieve your goal for free/cheap:

Hardware Monitoring: First, I'd tend to say that you don't really need this, but if you want it: http://www.almico.com/sfdownload.php Speedfan's probably your best bet, yo can configure it to send you an e-mail for events, and it also does pretty good logging and, as an added bonus, it has decent hardware compatibility. The other player is MotherBoardMonitor, but it's basically abandonware now, afaik.

For internet filtering: There's peer guardian (http://phoenixlabs.org/pg2/) or, as someone else suggested just use openDNS, the advantage of openDNS is it's very easy, the advantage to PeerGuardian is you can create exceptions.

For internet access: For this, go with almost any modern router, I personally use a WRT54g loaded with DD-WRT, I know I can force it to allow/disallow any given MAC.

For anti-virus: Pretty much any AV out there will let you schedule runs.

For setting hours the computer can be used: easiest way would be to find a computer who's BIOS lets you do that, disadvantage is that you'd need to be physically present to make an exception, or give the child the BIOS password and then change it when you got home. Other disadvantage is that it'd be some finicky research, since not all BIOSes will let you, and you'll have to find out before you buy the machines.

As far as monitoring computer status goes, I'd just install a VNC server on them (http://www.realvnc.com/) if you can't log in, the computer is asleep or off (does it really matter which?) if you can, then the computer is on, and you can see what the kid is doing.

I know this isn't really what you asked for, but afaik there's no one app to do all you want.

better advice

Have you ever tried just turning off your TV and your computers, sitting down with your kids, and hitting them? - bender

Good parenting is the best start

[hoyty]

I work at a school as a network admin where all the students have tablets in 7-12 grade. I get a few similar questions from parents every year, some even implying that the school caused the problems they are having at home and should fix them. The best course of action as others have mentioned is interacting with the kids. Over the shoulder parenting / net-admin works the best, if that fails taking away the computer works well too. However there are some technical solutions that I have helped some parents implement that are fairly non-techie friendly. I will say up front this will sound like a Microsoft commercial which is because it is what I have experience implementing. I am sure there are other solutions I just know this one can work. In Windows 7 it has some pretty good parental controls (http://www.microsoft.com/windows/windows-7/features/parental-controls.aspx) and then you can further supplement it with the Windows Live Family Safety (http://download.live.com/familysafety). These two together do a really good job of time based controls and logging, there content based controls aren't as good but are functional. As far as backup you can use a Windows Home Server (http://www.microsoft.com/windows/products/winfamily/windowshomeserver/default.mspx) to handle that and it will also do some nice shared storage. The cost of this setup is really just the hardware / os and potentially the WHS box. The features are just built in and are intended to be non-techie friendly. I know they are since I have had parents implement them on their own and tell me they work.

Exit plan

[vlm]

Number one priority is figure out the exit plan.

In "about three years" by yer own figures, the oldest is going to be utterly and completely totally free, at college or whatever. In less than a year, total freedom for limited time periods behind the wheel, visiting stores and other peoples houses, etc.

Building a better cage is not going to help the kids relate, when they're finally released/paroled into society.

Which kids have the biggest problems at 14? The kids of "anything goes" parents. Which kids have the biggest problems at 19? The kids of overprotective parents. On average, 14 year olds can get into less trouble than 19 year olds. So, teach them responsibilities of freedom at 14 with your guidance, not 19 and alone.

Re:Exit plan

[inKubus]

Humans learn through mistakes; OP parent must not be very involved with their kids if they don't know that after 15 years of parenthood..

Re:Exit plan

[omglolbah]

So very true.

If only more people grasped this simple concept!

Re:Exit plan

[Odinlake]

Number one priority is figure out the exit plan.

Indeed, if I understood it correctly he is essentially suggesting that technically challenged parents challenge their 12, 14, 16 yo children to a cyberwar. Good luck with that.

What's with all of the criticism?

[Riplakish]

Parents should be the ones making these decisions instead of the government (Australia anyone?). This goes to the heart of the argument regarding censuring content and who's responsibility it is to decide. Adults should be able to decide for themselves and parents should decide for their kids. It is up to each parent to decide what is and is not appropriate for their kids and to determine the best way to do it. Saying that the poster is enforcing fascist policies on his/her kids is the same argument that a government uses when trying to implement censorship laws on its citizens: you know what is better for them more than they do.

As for the technical question: Most of what you want to implement can be done through an off-the-shelf router that has had the firmware flashed with DD-WRT. You can set up individual profiles for the MAC address of the kids laptops that limits the times that they can access the internet, and when you ground them you can disable access completely via their individual profile. It also has some VERY basic web filtering. You have to have/buy a router that is supported by DD-WRT, but you can get one pretty cheap. The ASUS 520GU is supported and it usually can be had at NewEgg for around $40. If want more robust web filtering you can set up a linux server and run Dan's Guardian & install Nagios for hardware monitoring.

Re:What's with all of the criticism?

[queBurro]

I was going to say DD-WRT and the ASUS 520GU too, you can buy them pre-flashed off of ebay. They've got a USB slot too so you can use it as network storage or a central print server if yeee be wanting that? (other ROMs are available to flash with: Openwrt and Tomato spring to mind)

Re:Ask the intelligence community

[kgo]

The thing is, the requirements are extra-detailed and a little anal, which make them seem over-the-top, but they basically boil down to:

(1) Restrict internet usage to normal times so the kids don't stay up until three am on a school night. Reasonable.

(2) Revoke access as a punishment. Kids have been getting grounded for how long?

(3) Block access to some sites. Entirely reasonable if you're talking really bad sites or malware infected stuff. It doesn't necessarily equate to some active proxy reading their facebook posts. Besides, I'm sure the kids don't want to see goatse any more than you.

I'm sure plenty of good parents keep guns in a safe and liquor in a locked liquor cabinet. Obviously a gun or booze is more dangerous than the internet, I'm not trying to equate them, but there are advantages to a layered system of trust. Technology and good parenting aren't mutually exclusive.

Re:Ask the intelligence community

[Hatta]

With less privacy, they are less likely to "cheat" the filters.

So what if they do? Part of parenting is letting kids figure things out themselves, and part of growing up is pushing the limits. Children need well defined limits, but it's not the end of the world if they step over them once in a while. I'd be more worried if they didn't.

+200 informative

[linzeal]

Jesus Christ, yes. Don't bother trying to roll your own for this sort of setup unless you want to transition to IT as a career. The migraines you will get trying to setup a proxy and a content filter alone will take a good weekend, if you are lucky. I've used ClearOS and before that Clark Connect for years without problems.

Re:+200 informative

[AndGodSed]

AND, to continue singing the praises of ClearOS as the perfect solution to the server/gateway side of OP's requirement, it includes among other thigs:

- an email gateway/server
- proxy server with content filtering
- protocol filtering (mommy/daddy can limit those pesky torrents or set up time based filters to gaming servers) He could even give some protocols bandwidth priority at certain times of day - more gaming over weekends, more http at other times.
- shared folders for users

Heck there are tons of features, some not really needed but others perfect.

and lots more. ClearOS would be the best to use, also there is an active forum where OP can ask for assistance, and $singleparent can sign on for help.

Heck OP can log into the server remotely and assist with any issues requests that might show up.

Re:+200 informative

[rtb61]

One point, don't filter web sites that is really a waste of time if you really want safe access. Create a permission list of sites that they can access, so basically block everything and then only allow web sites that you have personally reviewed. To be honest it would be handy if a age suitable list of web sites was created by an independent body and reviewed by the government to simplify that task for parents. On your own as an admin, of course it means your children don't ask for permission to use the internet (billions of pages to monitor, good luck with that), they ask for permission to visit particular web sites and to make use of a selected range of interactive internet activities.

Re:+200 informative

[snero3]

This is all awesome stuff, but really when confronted with all of this I would just go next door or go to the library to look up what I wanted on the net and email whoever I pleased (facebook etc..) and so will these kids.

limiting Kids is not going to teach them anything you have to educate to do the right thing.

Re:+200 informative

[tehcyder]

That's a bit like saying "well kids can buy drugs at school so there's no point in stopping them shooting up at home."

Re:+200 informative

[History's+Coming+To]

Social engineering is probably the most common successful way that hackers (right-wind-media definition) do their thing, and there's a reason for that....it's very effective. That should be your first "firewall" when it comes to your kids internet habits. Talk to them, make sure they're aware there's some very iffy stuff out there and that they've got a reasonably sensible attitude towards it. By all means set up a LAN with all sorts of filters, but it should be very much the second line of defence. And remember the kids will almost certainly find a way around it.

Re:+200 informative

[snero3]

No it's not.

It is more like; take a active interest in your kids lives, talk to them even about the hard subjects. Let them learn from your experiences and mistakes. Don't rely on technology, other people and laws to do your job for you.

Bring up kids _IS_ the hardest/most rewarding thing you (or anyone) will ever do.

Re:+200 informative

[tsm_sf]

A whitelist for children would be ideal, but "unfortunately" it would have to be one that both the parent and the child worked on together. I just can't see how you could trust some third party to compile a list that would match your ideals as a parent. There isn't a point of view in the world that encompasses both the "HPV vaccine leads to hell my daughter deserves cancer" and "that sound you hear is daddy and Scott doing a very special thing" camps.

I'm afraid he's going to have to raise his kids manually.

Re:+200 informative

[Captain+Centropyge]

Some basic traffic shaping, filtering, or time-based access isn't always a bad thing. When I was a kid, I snuck onto our computer after I was supposed to. That doesn't mean I was a bad kid, and it doesn't mean my parents didn't educate me properly. I just didn't listen because I was young and stupid.

Traffic shaping is good, in some cases. As was mentioned, it prevents someone from running torrents all day and bringing all other traffic to a crawl. With multiple computers in the house and limited bandwidth, this is practically necessary.

Filtering and time-based access (or denial) can be enforced on an as-needed basis. Not necessarily all of the time. Kid starts looking at porno? Did something stupid and got grounded? Deny access as punishment. Makes sense to me. (But then again, I'd say "no computer time at all". Get on that PC and an ass-whoopin' comes their way.) This all deals with proper parenting and education. At some time you need to let them have a little more freedom.

Re:+200 informative

[pnutjam]

I use opendns for filtering, then I just point my own computers DNS elsewhere.

Re:+200 informative

[pnutjam]

some level of filtering is appropriate, if someone would have filtered out that first goatsex image (the one burned into my brain), or tubgirl. I would be eternally grateful.

There is a lot of nasty stuff it's easy for kids to stumble into.

Re:+200 informative

[fwarren]

Not possible to make such a list.

The big whitelist registry works for stuff like www.pbs.org (good) and www.playboy.com (bad). But the Internet is a big place.

http://myisp.com/Jim is a personal home page about Millard Filmore because Jim finds him cool. (good)

http://myisp.com/Bob is a personal home page about the local Raceway...and where Bob writes snuff erotica. (bad)

And even if we could split it down to portions of a website. What if Jim decides to add a page to his site about women Millard Filmore would want to have sexual relations with, including photos. How would this registry keep up with this?

Currently it is to big of a problem. with no real answer short of monitoring what your kids look at yourself, or lock it all down and make them ask for every resource they need.

Re:+200 informative

[plague3106]

Don't see anything wrong with that...

At the point they're WANTING to shoot up at home, you've failed as a parent.

Re:+200 informative

[rtb61]

Keep in mind that you do not need to provide every possible safe and useful web site, you only need to provide sufficient safe and useful web sites. Realistically that only needs to be few hundred. Web site publishers that want to provide internet services for children, whether they be government or privately funded, will be required to fulfil all required fit for use provisions to ensure safer access for children, ideally as an extension of the education system.

It will happen it is just a matter of how long it takes to get there, sooner is obviously better than latter but at this stage it seems it will take decades due to resistant by marketing companies who want to continue to target and manipulate the choices of ch8ldren. Advertising is content and it's affects should be subject to critical evaluation for the damage it can cause to the psychological stability of children.

OS X will do exactly what you want

[techmuse]

OS X will do pretty much everything you've asked for, with very little work. You can use parental controls to create a whitelist for which programs and websites are allowed. You can restrict account access to specific times and days. You can use ssh or vnc to connect to each machine to remotely administer it. (OS X has a very nice, fast, VNC client and server built in.) You don't need a virus scanner, since there are no viruses in the wild for OS X. You can prevent installation of additional programs. Automatically limit access to adult websites. Restrict who they can mail and IM with. Limit computer use to a certain number of hours per day. Log what they have been doing. Receive e-mail requests to add additional websites, IM users, etc. so that you can confirm additions without having to use their computer. And if you install the istat pro widget, you can monitor all of the computer's hardware sensors, which will give you all of the rest of the info you asked for. VERY easy to set all of this up.

Re:OS X will do exactly what you want

[danerthomas]

In our house we have two parents, two kids (ages 15 and 12) and 7 internet-capable devices (3 computers (2 Macs and 1 PC), 2 smart phones, a Wii and a DS, all served by a wireless network) so we have the following rules: - The parents are responsible for the computers and phones as well as internet access for all devices. - Computer-wise the kids only have access to the Macs, and only when the parents do not need them. (The PC is a work-only laptop.) - The following Parental Controls are activated for the Macs: Time available, total time per day. Kids can't log in as admin, so if they need to install or update something they talk to us about it. - The iMac G5 has Virtual PC running XP SP3 on it for access to certain homework-related stuff, but Windows runs so slowly on it that there is no temptation to spend any more time with it than strictly necessary. It maybe gets used once a month. - Network access is unencumbered, but everything is logged. - Most importantly, the desktop mac is in my office (next to the master bedroom, on a different floor from the kids' rooms) and the laptop and game consoles are only used in areas with direct parental access. The kids know that we trust them, but they also know that we can check on what they are doing as well as what they have done at any time. They also can have their computer and/or internet access limited as necessary for disciplinary reasons. We spend time with them, we have them show us what they are interested in on the net, where they chat, what they are looking up and so on. If we see something that we don't like, we talk to them about it. Works well so far.

Re:Ask the intelligence community

[kikito]

Logging everything they do isn't "keeping an eye on them". It is totalitarian, even if you don't like the word.

Your children are not you. The fact that you had trouble when you were a child doesn't mean that your children will. The fact that you needed that extra surveillance doesn't mean that they will. And the fact that privacy nearly got you killed doesn't mean that it will get them killed.

I believe that children, in general, do have the right to privacy. It is just that this right is "overridable" by circumstances, like a very depressed child. This is similar to declaring a state of emergency when there's a natural catastrophe; the army just takes control of the country until the emergency finishes.

Then there's the scalability: when do they get the right to privacy, according to you? When they are 18? When they leave the house?

And chat should happen *much before* you learn that your daughter starts googling birth control. I hope you just phrased it the wrong way.

Your desires are probably incompatible

[drinkypoo]

View client computer status, On/off, sleeping etc.; Deny internet access, not LAN, just the web; Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes; and Apply some kind of firewall filter for blocking undesired web content. And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task; Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms. Given the lists above I am thinking about a Linux based router/server machine and running Windows on the clients for game compatibility. I also know that a server and network boot client is possible but not sure where to start on that one."

If you used an Edubuntu Server with

I think you should be able to handle this stuff manually, but if you are not, then these are the technical controls I see as being most useful in terms of being able to administer them easily. Building the LTSP client environment was the last thing I found difficult; There is help out there. Hell, I'd help you. I hope that it's easier than the last time I did it by now, anyway. After that you get a cute and easy to use GUI for administration of client machines. The latest LTSP is supposed to make it easy to designate programs to be run on the client machines so that the server doesn't have to do heavy lifting.

OpenDNS and Router

[stlava]

A lot of people on here are trying to give you parental advice.

That being said, here is my take on the situation and your request. Like many others I think that what you want is over the top for many reasons. The amount of time your going to spend monitoring and up keeping the network is going to be become more time than your going to want to spend, very quickly. It would be far easier for you to lay down the law with your kids and explain what they can and can not do.

I would then go with the basics.

1. A scheduled virus scan on each computer for when they are at school.
2. Router with DD-WRT so you can set Internet access permissions when you are away.
3. OpenDNS so you can restrict many sites including proxies, adult content, etcetera.
4. Rewrite dns queries to opendns.

You have to remember that your kids are going to find ways around any setup. It just depends on how much time you are willing to spend setting it up and keeping it up.

I will say that, and I'm sure many will attest to this, having your own computer at the age of 15 opens up a Pandora's Box. You are taking a huge step in giving them their own computers, let them know this.

My advice: Forget it!

[urdak]

The parent is described as "computer-handicapped", so let's put it in terms he or she will understand: Consider, instead those old-fashed toys of yesteryear. Or consider the TV which many kids of my generation had in their rooms.

Could you imagine a parent asking that his children's toys will automatically stop working on 10pm? Or that his TV cannot be turned on when the child is grounded, or perhaps show only certain channels at certain times? Or the toys checking themselves and letting the parent know when one of them gets broken?

This is all ridiculous, of course. With toys and TV you simply couldn't even imagine doing this. With a computer you can *imagine* doing it, but it doesn't mean it makes sense to do it. A child will always find ways to break such technological rules, especially if the parent is so-called "computer-handicapped".

Re:The human factor

[kikito]

Even if the physical access problem was solved, you would still have the problem of a very inquisitive teenager wanting to overcome rules. Try fixing *that*.

Solutions

[mysidia]

to be able to do the following via an simple application/webpage: View client computer status, On/off, sleeping etc.

Sounds like a job for a custom PHP script. You can determine On/Off by using PING tests.

Detecting sleeping status may be harder... consider using wired network connections and a managed switch with a CLI. Setup the PHP script to poll the switch for up/down status on each child's switch port.

Enable wake on LAN in BIOS resume from suspend. If port is up, but you are not seeing any packets, then it is probably asleep.

Deny internet access, not LAN, just the web

Any firewall can do this.

Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.

You can do this with Windows group policy. "Force logout when login hours expire". However, this may hurt them if Junior is up working on a report at 10pm due tomorrow.

Doing this has consequences. You may be better off TRACKING when the computer is on, enable Windows messenger, and write a script to automatically warn kids they should log off the computer now.

Use Sysinternal tools in your script such as PKILL, PSEXEC to kill know game processes on the machine, internet explorer, etc.

Force log-out and/or shutdown of clients, for grounding purposes;

Setup a Windows 2008 server, use Windows 7 business clients. Setup a Windows domain. Give kids accounts on the domain. Join all client machines to the domain.

If a kid needs to be grounded, lock their account. And use the "shutdown -i" program to send their machine a forced shutdown.

Use group policy to configure all lockdown, including firewall settings and mandatory Windows firewall exceptions (such as your management access).

Apply some kind of firewall filter for blocking undesired web content.

Get a Beefy enough Windows server to run Untangle for Windows.

And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task

Just about any Enterprise virus scanner will do. You configure an administration server, and install clients on each client machine. Some popular ones are Eset, Trend, Kaspersky, Symantec.

Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms

Uh, these are desktop machines right? You are going to have to be very choosy about your desktop hardware there, many devices will not even support IPMI or remote monitoring.

If it does, you can probably setup monitoring using standard free tools such as Zabbix or Nagios, though configuration can be a pain. You may need a Linux machine or virtual machine somewhere to provide this.

There are some commercial monitoring products that are free for a small number of managed nodes, e.g. free versions with limit of 10 hosts. But the most important thing is your desktops and other equipment actually support collection of that info, provide it over IPMI or CIM, and that Windows WMI providers are able to access the performance/health data.

Given the lists above I am thinking about a Linux based router/server machine and running Windows on the clients for game compatibility.

Hang on... you just said you want detailed management over Windows machines? You will either have a Windows server and domain first and foremost, or you are going to have a hard time maintaining this. Almost all the software required to manage Windows clients is Windows based.

A Linux server is great, as long as it has sufficient resources to run some type of Windows server as a virtual machine.

I also know that a server and network boot client is possible but not sure where to start on that one."

That doesn't make any sense... you said you want to run Windows on the clients.

Net booting Windows is complicated; the only thing that

Re:virtualization will kill any game need video ca

[lorenlal]

I can tell you from experience that although there's not much of a Disk/CPU/Memory hit, the graphics performance is seriously business only. The real work of rendering still has to be done on the host, and then it has to be RDPd to the client. It's not going to fly at all, even with LAN connectivity.

If running Windows, make sure the kids don't have admin access and you can use policies to deliver the outage times. Load dd-wrt on the home router, and that can cut off internet access.

Re:The human factor

[xaxa]

2) Let the kids have access to the computer anytime they want. WITH the exception that you can remotely log in at any time. Install VNC server and periodically log onto the machine and see what your kids are doing. Yes it is big brother, but it also keeps people honest when they know you can log in at any time.

At most that "keeps them honest" at your house, while you are at home.

The first time I looked at a proper porn site was at a friend's house. His parents were both vicars, so they were out of the house most Sundays -- excellent! Only that time he came back unexpectedly, and treated us to a lecture on the degradation of women. I think that had more of an effect than stopping us from using the web -- after all, we had access to other Internet connections at other houses, and he couldn't be there all the time.

Re:virtualization will kill any game need video ca

[nicolas.kassis]

If only windows had something as simple as chroot.

Re:3 Macs, not antique Windows, they are not grand

[hoyty]

In college they will be using Macs, and people of their generation overwhelmingly use Macs, the skills will be more beneficial than learning Windows.

I would love to see something to support this. I was on a university campus this weekend and I was curious about this myself. I actually counted PC vs Mac as I walked around and at best Mac was 20%? While I won't argue that Mac is gaining ground I would say a blanket statement like this is not quite correct. I think learning and being comfortable with technology is more important than learning either the Windows / Mac / Linux way to do things.

Also many of the implied exclusive features are built into windows as well? Lastly, um Steam I shall quote from https://support.steampowered.com/kb_article.php?p_faqid=98
"The Mac version of the Steam client will be released in April, until that time we will be unable to provide support for Mac issues.
For more information, please read the following news post:
Valve to Deliver Steam & Source on the Mac
Please note that not all Steam games will be available on the Mac client. Availability will be determined on a game-togame basis."
Right now Steam runs 0 of the games and who knows what the future holds there.

+1 Funny

[rockNme2349]

Oh for a mod point...

Re:Replacing good parenting with tech solutions ..

[njhunter]

I agree but one should still be able to review logs of places the kids (or their friends) have been. I'm their parent, not just their friend.

Give them computers and tell them to learn.

[arcade]

Seriously - you're over the board.

I learned computers by having my own, and learning on my own. Without a parent trying to tell me what was right or wrong. If you don't know enough about computers to do this on your own - why not let the 15 year old admin the network until the second kid turns 15 - then leave the duties to him, until the third kid turns 15 ?

Why do you want to limit what information the kids have access to? Isn't it better that they can browse the web and learn - without being limited? Give them general parental guidance, of course.

Teach them to build character, but don't limit their exploration options.

Sure they'll get hold of things you think are unsuitable. They'll do that no matter what. What do you do if you encounter them with the Anarchists Cookbook? You _talk_ to them. You tell them how unsafe it would be for them to try those things out, and you refer them to the wikipedia article that'll tell them quite simply that most of that stuff will blow up in their faces if they ever try to cook any of it.

Let them discover the web for themselves, and discover the world around them on their own. Without artificial limits.

Re:Ask the intelligence community

[choongiri]

I'd suggest that if you're only having the chat after your daughter starts googling birth control, you've probably left it a little late.

Re:Ask the intelligence community

[Totenglocke]

But occasionally you have to clean the house, cook dinner, go to the bathroom. Not all of us have the leisure to hover over children all day.

You SHOULDN'T be hovering over them all day, not even electronically. You teach your kids what they should and shouldn't do, then you let them live and if you had reasonable rules, they'll follow them. That's responsible parenting - teaching your kids and as they get older and older, you back the fuck off and let them start making their own decisions and you trust that they'll follow the rules while you occasionally check up to see if they're doing anything they shouldn't.

The people like you who think parenting is about having 100% absolute control over every thought and action of your children is downright psychotic and only serves your own lust for power, not the needs of your children. You're not raising children that way, you're raising slaves who are incapable of making their own decisions and being independent.

cheap ass soho vendor

[dougsk]

If I were to read between the lines, I would think this is a SOHO vendor trying to figure out to get enterprise features on an ephemeral budget. Maybe wave the magic "linux" wand and it will all get better. If your time has value, then I'd suggest picking up a fortigate 60b and a copy of Windows Small Business Server. Add the free Windows deployment services and that takes care of PXE booting across the network and setup some logmein accounts and you're done in an afternoon. On the other hand, if your time has no value, maybe you'd consider running vyatta or pfsense and ClearOS. Or if your time has negative value, you'd could piece things together yourself. Let me introduce you to OpenLdap. Meh. Or maybe it's not that negative, rather you want to learn the cutting edge and this is a learning experience, how about Fedora and the FreeIPA project, which with 2.0 will likely become the defacto standard for identity management on linux. Course doing it all in one box can get a little tough at times, but whatever. Good luck. Thanks, Doug

Re:Ask the intelligence community

[StrategicIrony]

Implementing the "take away your ethernet cable" punishment seems more effective than kludging together some hybrid Active Directory OpenWRT API-based webpage that's may or may not be easy to circumvent and requires specialized knowledge and lots of time to administer and check up on.

I can see it now... Parent hits "shut down now" but then runs into the bedroom to see if it's working...

At which point, the power button is only inches away.... :-P

Re:You need to ask "should I?" and not "how can I?

[Sepultura]

I agree that what the poster's thinking of doing is not going to work from a practical POV, with the parent not likely being capable of administering the network they want to set up. But at the same time it's irritating to hear everyone give the same generic response of "I don't agree with filtering because blah blah blah therefore I won't dignify your stupid question with an answer". I'm not a parent, and while I don't think I would necessarily filter my child's internet access, I don't agree with people intervening in how a parent/parents want to bring up their child. I don't appreciate it when the gov't sanctimoniously decides what me/my children should see/think/do, so why is it better when an individual (or group of individuals, such as here on /.) impose their moral beliefs on someone?

This smacks of the same groupthink that hates MS/Google/Apple/Company-of-the-day without any thought behind it, just because it's the opinion-du-jour on /. It's actually funny how many +5 posts on Apple topics recently have berated Apple for trying to force their way of thinking on everybody, all the while the mods/posters missing the irony in their attempts at coercing others to agree with their anti-Apple opinions, a la Fox News' tactics. Yes, there are legitimate posts with legitimate concerns, and yet they are drowned out by hate-mongering.

Anyway, with that in mind, I agree with the DD-WRT/openWRT/whatever firmware on a decent router as part of the solution. Couple that with OpenDNS, enabling it as outlined here and elsewhere, will allow monitoring of internet activity, as well as filtering based on specific address as well as generic categories of websites if that's desired. This takes much of the work out of the hands of the parent/admin.

Keep the login/passwords private/secure, as well as the password for the DSL/Cable/Fios/satellite/whatever service you use to avoid bypassing. And if there are other open wireless networks nearby you might want to either eliminate wireless adapters from the computers, or lock it down to a single network (a la the dreaded Apple's network setting in Leopard/Snow Leopard to require admin creds to change networks)

Re:Ask the intelligence community

[pcraven]

Electronic bullying can result in teen suicide. Young kids seeing terrorists cut the heads people can be disturbing. I can think of lots of things on the internet that can be as dangerous as a table saw.

K12Linux

[MrLinuxHead]

K12Linux is Linux Terminal Server Project (LTSP.org) integrated with Fedora 10 and higher, in a convenient LiveUSB or DVD media installer. Since 1999 LTSP has empowered many schools and businesses with Linux-based terminal servers and thin clients, allowing low-cost clients or recycled computers to become powerful Linux desktop machines. K12Linux allows easy deployment of a Linux terminal server, capable of serving entire networks of netboot diskless clients. Clients login to the central terminal server, where they can use any Linux desktop environment (GNOME, KDE, XFCE, etc.) and most desktop applications. Significant long-term cost savings are made possible by central management of software and accounts.

Re:Ask the intelligence community

[RavenousBlack]

If you don't allow your children adult responsibility then when they're thrust into being expected to show it they're going to be completely lost.

Re:Ask the intelligence community

[Mindcontrolled]

Real life bullying can result in teen suicide - and you can't monitor your child 24/7. Do you want to put surveillance gear on them, too? A kid doesn't kill itself after bullied one single time. If you as a parent don't realize something is disturbing your child, you have to be goddamn disconnected from the kid. At this point, it is the parents fault. On the second point, yeah, young kids seeing a beheading can be disturbing, but hardly as dangerous as using a table saw unsupervised. Besides, have you ever seen a beheading on the net without explicitly searching for it? I haven't, so gimme a break here.

Re:Ask the intelligence community

[markfinn]

Falling down the stairs can kill!!! Outlaw stairs now! Won't someone think of the children?

Letting your kids take calculated risks is scary as hell. Not letting them eventually creates a 30 year old child. We have enough of those already.

Re:The human factor

[Ranzear]

Similar to this, my dad thought he was being smart by buying an $85 power cable with a keyed 'on-off' switch in it. The failing, however, was that we were very much a computer operating household and had dozens of regular power cables lying about. I switched a regular one in, left it there when I was done for my brother to use. Sometimes the keyed power cable would be back in place, and we'd just swap it out again. It was rather insultingly naive, and eventually it was thrown over the fence out back.

From someone who was that age not too long ago

[RavenousBlack]

If I were to become a parent now, then I would only put these restrictions up on my teenagers to tell them: "You're restricted until you can figure out how to get around it." Because that's how I learned as much as I know now about computers.

Seriously though, forcing all of these restrictions will only cause them to resent you. If they want to look at porn then they'll find a way to get to it, if they can't find that then they have active enough imaginations and attractive enough girls at school. Sure, you can say that could happen, but at least you're not enabling it. However, talking to your children about it instead of just restricting them from it and saying that's that will help them from developing some sort of complex.

And how about this: Maybe your children are more night people than day people, as is the case with myself. This is a completely alright thing, but is for some reason frowned upon by parents who do things like restrict what hours they can be on the computer. Let them stay up as late as they want, let them sleep during the day. Soon they'll learn what they prefer. Either they'll dread feeling so tired at school because they didn't get enough sleep, or they'll miss spending time with their friends who don't keep the same hours as them, or they'll be completely fine with it.

You need to help them develop these things while under your supervision, because once they're set free in the world and not under your supervision anymore then all of these things that were taboo and inaccessible before are right there and they'll be poorly adjusted to them.

My recent "home networking" observations

[drchance]

Dragon Eater, I think I noticed two specific areas you were addressing in your initial post ... the first was around setting limits around the Internet for your children and the second seemed to be more virus protection / system maintenance focused. I can share my observations with the first challenge but I haven't done much with our home network around automated maintenance. For the record, my wife and I have 3 boys in the house right now (6, 11 and 23). Our home has 3 desktops, 2 laptops and 3 netbooks ... along with about 5 ipod/touch, a Wii and WiFi enabled Nintendo DS systems. I approached the challenge of tightening down our home network with a focus on trying to put controls on centralized hardware as opposed to managing something on every device. I settled on the Cisco/Linksys WRT610N router ($175.00) which allows me to block certain Internet sites. The Home Network Defender (HND) software, an add-on to the router, allows me to block sites from the Wii and any other wireless device without loading client software. HND ($50.00) also allows me to also schedule times for allowing Internet access. My understanding from books and other resources is that most kids tend to get in to questionable activities between 3:00pm and 6:00pm ... I've got Internet access setup so that they can only get online while we're home. We also do not allow any computers outside of the family rooms downstairs (i.e., no isolated internet, computer usage). The 23 year-old is only filtered by the router and manages his own devices. We only ask they he keep his PC and laptop locked with an account when not in use. For virus scanning I use BitDefender (3 PC's - $50.00) . This product includes a decent amount of parental control. I'm working on setting up BitDefender in "network mode" which allows me to configure all the PC's from one location but you do have to install the software on each PC. Network Magic Pro (8 users - $40.00) is another optional add-on for the Cisco router which creates online reports and let's you schedule Internet access times. As you can see there's not a single magic-bullet solution and some products have some overlap with others. I'm running Windows 7 so I've installed Microsoft Family Safe Filter (free) which gives me the ability to allow and/or block specific sites. This solution is actually pretty neat since it allows the kids to easily send a message to my "MS Live" account requesting a specific site to be "opened". Along with Network Magic Pro the Microsoft Family Safe Filter provides some great online reporting. It's not as daunting as it seems but I certainly had to spend a little bit of upfront time sorting out the overlap and getting a consistent installation on the PC's, netbooks and laptops. And of course I help them with their homework, take bike rides, teach them the fine art of open-field tackles and maintain a healthy activity level with our local church. In the end, there is no guarantee but it's good to see other parents taking seriously the responsibility of protecting their children while they establish a character with solid morals and ethics. I pray every night that my kids will make good choices when no one else is around ... this world is going to throw them some pretty bizarre options soon enough.

Re:Ask the intelligence community

[elsJake]

I could make my own Ethernet cable (with a screwdriver as the only tool no less) when i was 12.That said , stupid filtering software does more harm than good.

Direct Parenting

[nurb432]

Put the computer in the same room you are, and watch what your kids are doing. Oh, and interact with them too...

If you have to have some 'system' turn machines off due to grounding you have a bigger parenting issue going on.

don't overthink it

[DaveGod]

Get a decent router and you can setup the firewall and outright block internet access easily. It is the norm that the above would be controlled via a web interface. My last 3 (cheap and basic) routers also had an option for emailing logs and alarms. It will also have site filters but this is somewhat pointless as they'll either find a way around them, or find an alternative source that in all probability would be even less desirable than the ones you knew about in order to block.

The router should also show who is connected so this can effectively monitor who is on, though they could fake it. However, every single time I've read an article about children using computers the golden rule has been to keep the computer in a public area, not in bedrooms. On the other hand the non-hardcore gamers will very probably prefer a laptop, and to be honest an internet connection and some privacy is likely to result in some hormones being saited and more relaxed teenage boy. If they're girls, do not let them have webcams...

I'm yet to try any AV software that does not come with a scheduler, they usually pester you to set this upon installation.

Whilst you can find free software through google for high temp / fan speed low etc monitoring, IMHO this specification emphasises that you've overthought this project and practical common sense has got left behind somewhere. I don't think you can buy a computer now that doesn't protect itself from overheating, the rest will sort itself out.

Scheduling the time usage of computer is a job to do in person. Don't try to abdicate that responsibility onto a computer. Regardless, such reliance is an unwise strategy since they are very likely to figure out how to completely override all your automated controls.

In short, just get a router, puts the computers in a public place and do the rest with a little trust and parenting. Kids gradually turn into adults as the increasingly gain experience with how to deal with trust, responsibility and risk. The more you coddle them the more vulnerable they will be when they inevitably find themselves in a risky situation.

Re:Ask the intelligence community

[hibiki_r]

You'd be surprised at how many 2 year olds can navigate themselves to youtube to look for Dora and Diego videos.

The network is the computer

[Marrow]

The computer will be almost useless to the kids if the networking is disabled at the firewall. Most
consumer firewall routers have network scheduling. Just turn that on and you are done. Remember
to set a password on the router.

If you want to see what your kids are doing at any point, then use a free vnc server on each of
the machines. You can control their machines with vnc too.

Just buy some simple antivirus licenses for the machines to control the viruses and find a way
to re-image the machines frequently to keep them clean if you want. You can have them keep
their documents on a share you control to lessen data-loss during re-imaging.

If they are really just working on an essay, then the cutoff on the internet will not affect that.

The hw monitoring is a feature the hardware vendor should provide.

Re:Ask the intelligence community

[johncandale]

I'd suggest that if you're only having the chat after your daughter starts googling birth control, you've probably left it a little late.

This. Would you also read her diary? Both of those is extremely intrusive and will take them about 1 minute to get around. I suggest a simple firewall to block certain sites and you unplug the internet cable to the router locked in your closed after hours. For grounding you take their flat screen monitor away. There I just saved you $600+ and hours of administering

Re:The human factor

[westlake]

Of course one day I actually needed to print something in a fucking hurry and he couldn't be contacted so I solved the problem with a screwdriver and the motherboard manual.

One word: Padlock.

Re:Replacing good parenting with tech solutions ..

[johncandale]

Why don't you put a hidden gps tracker in the 15 year old's back pack? Or issue them laptops you payed a guru to pop open and inset a always on independent mic and recording part from The spy shop? It's not just about kids should have privacy, kids need privacy and they need more every year as they get older to develop and be self reliant and also to become interesting adults. You ever meet that young teenager who only thing he can talk about is what he has over heard his parents say because he's had no time to form his own thoughts? those kids are so sad.

Re:virtualization will kill any game need video ca

[pantherace]

If one wants to go this route, it can be done, but ONLY with some of the newer CPUs/Chipsets. I think they are now named Intel VT-d and AMD-Vi respectively. So far, you have to hunt for which cpu/chipsets support this. The only place it's clear that have support is via AMD's NEW Opterons, and chipsets. Consumer stuff is (especially for some reason with the Intel CPU/boards) subject to vendor whim.

If going Linux host-Linux guest via X11 you'll take a hit, but you'll still have hardware acceleration. There are a few Linux-Linux 3D solutions that don't use X, but I have not tried to mess with them.

Re:You need to ask "should I?" and not "how can I?

The simple solution to the parents problem is to tell the kids what not to do, and log the computer's network activity. If they're visiting bad web sites, it'd be easy enough to find out.
When the kids know what they do is being watched, and they can get grounded, that's usually enough.

As for limiting the time they can use the computer. Why? I've spent almost every waking moment of my life in front of a computer, from age 7 to present (27). Kids are less destructive around the house when they have something to do with their time.

I once lit a patio table on fire with gelled gasoline, lit the end of a modeling cement tube on fire (very neat), sled down the steps of the deck in winter, climbed all over the roof, got buried up to my neck in sand by neighbour kids and left for half an hour, poured acid into a harddrive (it boils out as poison gas, yay), sat on a tree branch for hours reading books two feet away from a power line, etc. Guess what? Had nothing better to do at the time. My list would be a lot longer, and more imaginative, if it hadn't been for constant access to a computer.

Yeah, I still live in my parents basement. And I'm a virgin. But, isn't that exactly the protection parents want for their kids?

Re:Replacing good parenting with tech solutions ..

[misexistentialist]

There will still be the older boyfriends met IRL who will make them feel special (or rather abusive boyfriends similar to their controlling dad), constant thoughts of sex, and government-recommended colonoscopies. After infancy sheltering your kids is not protecting them and is just as likely to damage them.

Don't forget neighbour's wifi

[SlothDead]

Don't forget to tell the neighbours that they need to encrypt their wifi or the kids will simply use that. :)

Re:Ask the intelligence community

[itsdapead]

I could make my own Ethernet cable (with a screwdriver as the only tool no less) when i was 12.

...but to make up for that, your parents could sleep comfortably in the knowledge that you were unlikely to become a teenage parent :-)

Try actually being a parent.

[Ant+P.]

If you run your home network like a police state, its users will come to treat you as head of a police state. If your kids are already so screwed up that this is the only remaining option, then you need to be restrained yourself.

Solution...

You're a nub. No wonder she was screwing around behind your back.

Re:Replacing good parenting with tech solutions ..

[someyob]

Point taken, but Reagan had it right: "Trust, but verify"

Re:The human factor

[icebraining]

Personally, I've always found those lectures a fucking hypocrisy. By saying how "degraded" those women are, they're being nothing but a bunch of condescending misogynist, by trying to control what women are "supposed" to do with their body. It's exactly the same arguments some Muslims use to defend the obligation of the use of the burqa.

timeoutd

[swillden]

If you give them Linux boxes, Ubuntu has a package called 'timeoutd' which allows you to enforce pretty flexible time-based limitations. I limit my kids to 90 minutes per day each on the computer (if they're doing schoolwork I can give them some more) and lock them out during hours they should be sleeping, etc. It's all configurable per-account, so you can easily lock one or more of them out of the computer completely for a period of time (grounding).

I've found that by putting per-user time limits on each of the kids, I actually don't have too much trouble with them fighting over the one shared machine, either. No one can hog the computer all day because timeoutd will kick them off when they hit their time limit. As a side-benefit, they've all learned the value of creating a good password and keeping it secret ;-)

Other precautions I take are putting their computer in a public area of the house and installing the DansGuardian filter. I also pay attention to what they're doing, though I obviously can't supervise them all the time.

Re:timeoutd

[pnutjam]

As a side-benefit, they've all learned the value of creating a good password and keeping it secret ;-)

priceless...

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

So, because sheltering them is bad, you should encourage bad behavior?

Parental Control software

[Nitewing98]

What is wrong with just using parental control software that already exists? I know it's part of the OS on a Mac, and I'm sure there are some analogs available for Windows. You're overthinking it and trying to build the "ideal system." Anyone who has owned a computer for more than a few days realizes quickly that the "perfect system" is a myth, albeit a pretty one. You're a single parent. You have more to do than administrate 4 computers (yours and the 3 they will have). In fact, try just adding 1 or 2, it's likely they don't all need one. Just one that isn't yours. You know your kids best, but I doubt all three need to use the computer at the same time. Just my thoughts. Really, though. You're making this harder than it needs to be.

Re:The human factor

[nikomo]

Our school has padlocks on the computers. Problem: The point where the locks are attached aren't as strong as the lock itself.

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

False choice. He said he'd rather raise a kid he can trust not to do all those things than to blindly enforce it through software. That trust is lacking in your scenario.

Trust but verify, and the verification is missing in his scenario.

Appeal to emotion, slippery slope. Give the kids even a little leeway and they'll kind themselves talking to Chester the Molester or browsing for :gasp: teh PR0NS!

For someone that whines about rhetorical tricks, you moved to the strawman pretty quickly. For one, I never addressed the issue of them looking for porn. I only addressed accidental running across it, like with mistyped domain names being redirected to unwanted sites. You made up the part about assuming they'll be looking for porn or even if they were that it should be blocked.

And there are a number of people out there that look for youngsters to take advantage of. Whether it's a good thing or bad thing to shelter them from those is not in question (unless you are saying that talking to Chester is a good thing). But what's in question is whether restrictions to prevent it are more harmful than the chance of running into Chester. And you don't address that, and pretend that question isn't even there.

Backpedaling after all the hyperbole. Yep... I just wasted my time even replying to this one.

Yes, you think that showing barnyard porn to your children is a good thing because sheltering them from it is bad. You are the one launching into hyperbole about what I said, demonizing any filtering or protection at all, then pretending that "good parenting" can prevent typos that lead to typosquatting porn sites. And then have the gall to assert that I'm the one engaging in hyperbole.

Don't create work for yourself

[PhunkySchtuff]

Don't create work for yourself and reinvent the wheel... Most of what you want to do is already built in to Mac OS X.
Check out the Parental Controls - there is a good quick movie on Parental Controls that shows what can easily be done.

If you need centralised administration and monitoring of these controls, then you can use a Mac OS X Server - which can now be had in the Mac mini Server which has dual 500GB hard drives so you can mirror them and costs under a grand.

Re:Ask the intelligence community

[Golddess]

While not a beheading, I see goatse all the time without explicitly searching for it.

Well, I would if I didn't recognize a bad link for what it is. But sometimes the trolls are just a little more clever than you expected that day, or you hadn't had your caffeine fix yet.

Re:Linux with Wine should work...

[grikdog]

Bunk. Wine is not ready for prime time.

Why not use WebMin?

[Roarkk]

WebMin is a web based GUI system admin tool great for people who are at your level; specifically, you have some build experience, a smattering of Linux knowledge, and a clear understanding of your goals.

Hope the following helps with your issues: Client / Server: Each of the workstations can be set up to "phone home". Select the "Webmin Servers Index" option

- View client computer status: "System and Server Status"

- On/off, sleeping etc.

- Deny internet access, not LAN, just the web: "Webmin Users", can schedule time

- Block access w/Squid

- Remote virus scanning of client machines, or scheduled task;

Unnecessary if you'll put a basic Linux distro on the clients

- Some kind of hardware monitor, high temp / fan speed low etc "Hardware"

- Email alerts for various log files / alarms. "Monitoring"

Hope that helps. It's not even a steep learning curve, and you get to ignore the viruses and adware they were going to pick up anyway.

Use Windows7

[Billly+Gates]

I know I might be modded down for this, but it has parental access controls that do most of what you need.

Linux has the abilities but lacks many of the tools found in Netware and NT/Windows. One of them is using time usage tools. I could be wrong and maybe there are some free tools for unix that are out there that have a nice gui to set things up which generate the appropriate shells scripts. Maybe someone replying can mention this.

Do not be cheap and just get 3 $450 netbooks for your kids and the problem will be solved.

If you have no script extensions and link firefox you can get rid of most of the security problems. Just make sure you have access to sites like coolmathgames addictingames or where ever kids go to on the net these days.

Cut the power...

[Dogbertius]

All these access restrictions seem a bit over the top, considering the end goal seems to be a simple time-based limit as to when people can use machines. Install $30 worth of surge protected powerbars in their rooms, and buy those cheap timers for the circuit breaker box they sell at home depot to cut the power to their rooms at certain times of day. Install a couple cheap nightlights with batteries installed in case they need to get up at night, etc.

On a separate note, check out the details (as I don't want to retype them) here:
http://slashdot.org/comments.pl?sid=1487038&cid=30537220
Works like a charm. It's truly a beautiful sight to behold when the TV is off 15 minutes BEFORE the deadline, knowing that:
a) no exceptions
b) the next save spot is likely at least 20 minutes away
c) the power shutoff could "damage" the wii (until they realize the surge protector is in place for a reason, lol)

Re:The human factor

[Golddess]

Two words: metal shears.

Either way, the father is going to know that the access protection has been compromised. So either way, the kid is going to have to explain himself, and if bypassing the access protection was not justified, the kid will likely be in a world of hurt. So I really don't see the benefit of upping the protection like that.

Actually... the padlock is probably less secure than the power on password, as it's probably much more easily picked and put back on without the father ever realizing it (as long as the father does not pick an easily guessed password).

Re:Replacing good parenting with tech solutions ..

[ThrowAwaySociety]

So you are ok with your kids being on AIM all day looking for older guys who make them feel special?

If a teen is looking for older guys to make them feel special, she is already emotionally vulnerable and needs some help. Cutting off the computer/internet without providing some support will just make her look for someone in real life.

Or surfing porn all day?

Pretty much the same deal. Your job as a parent is not to pretend that porn does not exist, but to explain that the behaviors depicted in it are unrealistic and often unhealthy.

Or, even doing what you want and accidentally running across goatse guy?

Look, sooner or later your precious little angel will see that pic. He or she will also see many other disgusting things, both in real life, on television, and on the web. You can't prevent that, but hopefully you can give enough context to allow little Junior or Princess to assimilate it and get on with his or her life.

He's not looking to be the gestapo. He's looking to have some basic protections in place to protect his children from the unsavory parts of the Internet, and to make sure that they don't abuse the priviledge of having a computer in their rooms.

Look at the age ranges again. They're not going to accept those kinds of top-down restrictions blindly. They'll get that you don't trust them, aren't telling them what they can't see, and become naturally curious about it. And since you've given them no background or explanation at all, they'll have no frame of reference for assimilating it in a healthy way.

Can anyone tell me how to...

Can anyone help me make my own music video? I am too lazy to do it. Can anyone with common sense plan this out so I do not have to use the gray matter that god gave me? I was thinking about titling it "Boats and Loose women." Does any one have a sailboat I could borrow?

Re:Ask the intelligence community

[Phroggy]

I'd suggest that if you're only having the chat after your daughter starts googling birth control, you've probably left it a little late.

On the other hand, if she's responsible enough to be thinking about using birth control, you've probably done something right.

Re:The human factor

[hipp5]

Sounds to me like this was a good teaching moment. Heck, I'd be proud if my kids took it upon themselves to outsmart my security methods.

Re:Ask the intelligence community

[Phroggy]

I would be severely disappointed in any kid who couldn't come up with some sort of replacement for a confiscated ethernet cable. Not saying I'd encourage them to do so, just that I'd expect it.

You have limited time to lock this down

[White+Flame]

Your children have virtually unlimited time to break it.

You will not win.

Re:Ask the intelligence community

[nicolas.kassis]

All smart kids will have a spare network cable, power cable, and if possible a extra monitor well hidden. My parents gave up that stuff after discovering the uselessness.

Net filters and lockouts

[calmofthestorm]

Net filters and lockouts only stop honest or stupid kids. In the honest case, you should just trust them to better prepare them for the real world where no one looks over their shoulder.

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

If a teen is looking for older guys to make them feel special, she is already emotionally vulnerable and needs some help. Cutting off the computer/internet without providing some support will just make her look for someone in real life.

So, just to be clear, you are arguing that it's safer for them to talk to strangers online in that mental state than to not talk to strangers online?

Pretty much the same deal. Your job as a parent is not to pretend that porn does not exist, but to explain that the behaviors depicted in it are unrealistic and often unhealthy.

So that's a yes, it's ok, as long as you talked to them first about it?

Look at the age ranges again. They're not going to accept those kinds of top-down restrictions blindly. They'll get that you don't trust them, aren't telling them what they can't see, and become naturally curious about it. And since you've given them no background or explanation at all, they'll have no frame of reference for assimilating it in a healthy way.

So you are assuming that there will be no explanation. I'd agree, if you never actually speak to your children and lock them away in their room with a computer, whether there are or aren't filters won't have much effect on their mental state. I didn't think that was the choice, but when you break it down to that, then you are 100% correct. Filters are irrelevant if you never speak to your children.

Re:Replacing good parenting with tech solutions ..

[moonbender]

For one, I never addressed the issue of them looking for porn. I only addressed accidental running across it, like with mistyped domain names being redirected to unwanted sites.

You said "surfing porn". Sounds like a whole lot of mistyping going on.

Welcome to the 21st century

[Burz]

I suggest you get acquainted with what a current mobo can do for security. The workarounds we are all familiar with would more likely put the machine into a brick-like state, at least until the correct password is entered.

Re:Ask the intelligence community

[Urkki]

Implementing the "take away your ethernet cable" punishment seems more effective than kludging together some hybrid Active Directory OpenWRT API-based webpage that's may or may not be easy to circumvent and requires specialized knowledge and lots of time to administer and check up on.

I can see it now... Parent hits "shut down now" but then runs into the bedroom to see if it's working...

At which point, the power button is only inches away.... :-P

Slashdot. News for nerds. Stuff that matters.

You can keep your archaic "manually remove something" and "use the power button". Let us keep our geek stuff. Some people never fully grow up into serious non-nonsense drones, and we're proud of it too.

Re:Replacing good parenting with tech solutions ..

[houghi]

Well, I am sure they will look for pr0n when they are old enough, no matter what. I know I did and the Internet did not exist. And those older guys looking for younger kids existed also before the Internet.

So the best thing a parent can do is prepare them for the moment that man arrives. If that means you need to spend several hours per day with your kid, though luck. It is called parenting. And don't put the PC in their room. Putting the PCs in the family room is not limiting access. Putting down firewalls and time limits is limiting.

Be there if they are. Might be that you or your wife needs to give up their job, but what do you want? Educate your kids or a new TV? Oh and don't be afraid that your kids hate you, because they will anyway (and won't). You do not need to be a friend. They have plenty of friends. What they need is a parent and Cisco is a lousy one.

Bottom line

[treeves]

...when looking for parenting advice (or parenting-related technical advice, since people want to turn it into a parenting question), don't turn to Slashdot!

Re:The human factor

[MobileTatsu-NJG]

All the software in the world is pointless if the teenager can simply swap some network cables.

I'm not sure why you think that. What teenager is going to want to be caught bypassing the punishment? Better to serve the punishment than to convince your parents a computer is too much work to parent with. (Notice you waited until you had a defensible need to defeat the password than just doing it the moment you got bored and wanted to play with it.)

My dad used to lock the keyboard when I was in trouble. I had a mechanical pencil that came with just the right sized bit to safely unlock it. Despite having this, I'd say at minimum the computer was still not in use 90% of the time the lock was engaged. Dad was home, simple as that.

Pointless? Hah. No.

Your first wish is granted

[Mathinker]

Google is your friend:

http://www.linuxforums.org/forum/redhat-fedora-linux-help/60324-remote-shutdown-windows-linux-box.html

This is info from 2006, things may have advanced a bit more since then.

Re:Replacing good parenting with tech solutions ..

[Kittenman]

Totally agree. Otherwise you have problems everywhere, not just in PC-world. The poster who's brother go into the fireplace, steak knives etc ...

Either you trust your kids or you don't. If you don't, work on it.

Re:Ask the intelligence community

[zoloto]

technology can help enforce it. what are you, 16?

Windows 7...

[akcpe]

Does nearly all, if not all, this out of the box.

Re:Windows 7...

[brix]

Why you aren't getting modded up, I have no idea, except maybe it's Windows ...

But seriously, you're almost spot on. Why push this OP, admittedly computer handicapped, to a more complex solution? Windows Vista and 7 alone provide:

• Parental Controls on/off per user
• Allowed usage times, including forced log-off
• Block/allow specific programs

Add Microsoft's Windows Live Family Safety (free) to get:

• Web content filtering at the IP level (works with any browser), per user
• Activity Reports for both website visits and application use, per user

and Microsoft Security Essentials (also free) for virus and malware scanning.

There's probably an easy and free solution for most of the other items on the list as well, but they seem more "wish-list" than essential.

Re:dd-wrt

[itsthebin]

or Tomato firmware

I use Tomato firmware on a 54GL for this ( + my openVPN server ) with IP/MAC bandwidth limiting , Access Control and QoS.

very simple to implement

Re:Ask the intelligence community

[Dun+Malg]

I can see it now... Parent hits "shut down now" but then runs into the bedroom to see if it's working... At which point, the power button is only inches away.... :-P

Years ago I had a girlfriend who INSISTED upon keeping the TV remote on top of the TV. INSANITY!

A small suggestion

[DontLickJesus]

If you have Verizon FIOS available to you, the routers included with this service cover everything you've listed and it's a fairly simple interface.

Re:Ask the intelligence community

[syousef]

Children have no right to privacy. Teenagers chafe at the idea, of course, but the fact is that they are children, and good parenting means making decisions that are in their best interests, not their greatest desires. When they're able to weigh their actions with the consequences of those actions (i.e., becoming an adult), then they get privacy.

...and parents wonder why kids go wild as soon as parental supervision is removed. How well do you think your child will cope when suddenly given privacy? You should be teaching your child how to be responsible for their own actions, gradually letting go, and stepping in less and less and only when required. That does require knowledge but your children should trust you enough to know that you're not going to use information against them. In other words you need to be their confidant, and advisor. THAT is the role of a parent. If they're too scared or think you're so out of touch that they can't come to you with a problem, you have failed.

When your daughter starts googling birth control, it's time to have a chat.

It could be (probably is!) WAY too late by then. When she starts taking an interest in boys, you should have that chat, not when she's in a flustered panic googling birth control AFTER she's gone further than she intended to with some guy.

Re:The human factor

[Dun+Malg]

One word: Padlock.

I had my first lockpick set when I was 14. Padlocks, particularly the kind typical tightwad single parents used, were no barrier to me. For $10 a week I'd pick the lock to a guy's mom's bedroom, then pick the lock to her weed storage box so he and his friends could get high. It was easy money.

Pfsense would help

[dawning]

Pfsense would be helpful. It's a handy router distribution that can be used for various relevant things, including seeing what DHCP leases are active and also be scheduling when the router will route traffic.. http://www.pfsense.org/ - I expect others have referenced it thus far??

"I don't trust you"

[syousef]

you got a whole deal of connectivity/administration project there. quit your day job.

At home or in the work place, nothing says "I don't trust you" quite like Nazi parental controls.

Re:"I don't trust you"

[Lemmy+Caution]

Why do I suspect you are much closer to being a kid than to having one?

Restrictions can tell a kid "I give a fuck about you," not just "I don't trust you." A lack of restrictions can mean "I either don't give a shit about you or have given up." If a kid already has a dogged determination to see porn and shock sites, then yes, it's probably shutting the barn doors after the cows have gotten out. But that's seldom the issue.

Re:"I don't trust you"

[ultranova]

Why do I suspect you are much closer to being a kid than to having one?

Because it's when you get one when you start rationalizing irrational behaviour regarding them?

Restrictions can tell a kid "I give a fuck about you," not just "I don't trust you."

If you suspect that he's a kid since he says it's the second message he got, implying that that's what a kid would get, why do you then turn around and assert that a kid will actually get the first one?

The purpose of restrictions is to ensure that someone with limited abilities of judgement will survive into adulthood. Choose them accordingly. If you want to send a message, try using your vocal chords; it's more efficient, less painful for all involved, and the message received is less likely to be the opposite of what you sent.

If a kid already has a dogged determination to see porn and shock sites, then yes, it's probably shutting the barn doors after the cows have gotten out. But that's seldom the issue.

It's seldom so that a 15-year old wants to see porn? Really?

Re:"I don't trust you"

[syousef]

Why do I suspect you are much closer to being a kid than to having one?

Because you're a moron. I'm a father with number 2 on the way.

Restrictions can tell a kid "I give a fuck about you," not just "I don't trust you."

Yeah fantastic, you can say both at the same time. Trouble is you shouldn't be saying "I don't trust you" and you should be preparing your child to take some responsibility for their actions.

A lack of restrictions can mean "I either don't give a shit about you or have given up."

Who said anything about a lack of restrictions? You enforce them in person, not via some fucking software.

If a kid already has a dogged determination to see porn and shock sites, then yes, it's probably shutting the barn doors after the cows have gotten out. But that's seldom the issue.

An interest in porn won't kill a kid. Interest in sex is natural. Interest in forbidden stuff and rebellion is natural. Not being able to come to mum and dad when in real trouble is not so natural. Not learning from your mistakes and keeping to your own boundaries can be fatal.

Re:"I don't trust you"

[Lemmy+Caution]

There's a difference between wanting to see a few naked bodies and being determined enough to do it that they'll start downloading porn (and, likely, malware) onto your computer. What good web controls do is make it harder to do so on impulse: it's the old saw about locks being important to keep honest people honest.

When my kid wants to see naked bodies and people having sex, I'll take him to see French paintings from the rococo through the 19th century. Some paintings from Ingres and Courbet's L'Origine du monde should do.

Trust

[cob666]

As the OP can tell by the number of responses that actually answer the questions asked, there are numerous ways to accomplish what was asked. They are all different and all will provide most of what was asked.

What your asking for is no different than how most computer systems are configured in the corporate world. The primary difference is that most businesses have full time people to deal with issues. IMHO, if you're interested in having the computers run some flavor of windows is to use group policies to control restrictions. The downside to using any solution is that given enough time, one of your kids will either figure out how to bypass the security or one of their friends will show them how. All the windows restrictions in the world won't matter once your kid gets a copy of ERD Commander or it's newer incarnation; Microsoft Diagnostics and Recovery Toolkit.

The correct thing to do, and this was mentioned quite a few times, is to monitor what's being done on the computers. Set some guide lines and make sure that your children AGREE to the guide lines before they are allowed to use the computer. If they cross a line then you punish them. What's the sense in locking down all your desktop and laptops when the kids can use their iPod touch to hop on the neighbors open WiFi connection?

Re:Ask the intelligence community

[n0m]

No, when your daughter starts having to Google birth control you have already failed.

How about...

....you be a parent and idk.. talk to your kids about when and what they can do online instead of doing secret things behind thier backs so they resent it because they dont know why they arent allowed. You cant automate parenting.

Re:Ask the intelligence community

[Iron+Condor]

Obviously a gun or booze is more dangerous than the internet,

I doubt that.

I can know and understand all the ways in which a gun or alcohol can be dangerous and I can educate my children about these modes of danger and the appropriate measures to be taken to protect oneself against them.

The internet, on the other hand, breeds new forms of danger on a daily basis - no matter what I teach my children, they may still fall for the scam that starts going around tomorrow. Heck, I might fall for it myself. And if we're all lucky it'll only cost us some money (as opposed to stolen identities, wrecked public records, lost jobs, expulsions from schools etc).

A gun is a single thing, that behaves in a deterministic manner. "The Internet" is a billion people with all kinds of intents, backgrounds, motivations. Just mentioning that you're home alone to the wrong person can cost you dearly - and on the net you can never be entirely sure who you're talking to in the first place.

Re:The human factor

[bearsinthesea]

If you haven't seen people doing degrading things (presumably for money) on the Internet, you haven't surfed far, or your definition of 'degraded' is an outlier. I don't think anyone in this discussion would feel differently if it was gay porn, so I'm not sure how hypocrisy or misogyny come in to it.

Ignoring the morals; here's an easy/cheap guide

[duguk]

Ok, I completely disagree with what you're planning morally, but if you're really into doing this; here's my views.

Internet: Use Squid on a Linux machine. Set it up with a transparent proxy and use that as the gateway. Set the linux box as a router, and have your Internet Gateway on a private network. You can easily use Squid to block at specific times, for blocking websites (including webproxies), and disabling internet per machine. It also logs everything done. If you need help with the config, Webmin is excellent.

If you're using Windows, just use the RPC calls to find out if the machine is on, you can easily get access to what's being used with various applications, or even just VNC, depending how involved you want to get. I don't know of any applications off-hand that log application usage, but shutdown/restart can be done with proper RPC; and that needent mean having a Windows Server; it can purely be done with remote user/pass set up.

There are many many apps to do remote security stuff, especially for XP; even down to spotting keypressing and scanning for text and taking screenshots automatically.

Most Linux distros make Squid easy to set up, and setting up as a router should be easy too. Transparent proxying might need some investgation; but saves doing configuration on every machine later. Locking down Windows is fairly well documented. Obviously with Windows Server, stuff like Antivirus is more expensive but easier; but most of this is possible without resorting to having a Windows machine at all, and just having a small Linux box with enough power for Squid and log files.

Obviously secure the machines down to stop proxies being used, and to stop VPNs; and it should be easy.

Dug

Hmmmm.

[louiech21]

If you really want to run an active directory server you can but that seems a bit too ambitous for 3 clients. You can set user accounts for your children on these machines and log in remotely via "mstsc" You should be able to control internet access from your router. In windows you can also set times that users can use the internet. As for your linux server, I'm not sure what you plan on doing with that but check out FreeNAS. I think it may be a server solution that you will like, if you plan on having a machine for use only as a server. If not I would run Ubuntu and just install the SAMBA server package to make shares. But if that's all you plan on doing your Windows machines can all make files shares. Sounds like you just need to setup a workgroup with additional storage like a NAS. I wouldn't go off and spend tons of money investing in a server for 3 or 4 clients to use. That 10 year old desktop could make a good fileshare/printer share maybe add a large hard drive to it and remove all the crap except the anti-virus, then create your workgroup and your shares with file permissions. (I know it's not as cool as active directory on a domain controller but this is a home network with less than 10 clients.)

Re:Ask the intelligence community

[StuartHankins]

When I was 12 you needed a coax crimper and terminators. I don't miss coax at all : )

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

What they need is a parent and Cisco is a lousy one.

Nice quip, but completely wrong. You just made the argument that you should never put a lock on the cabinet under the sink with all the nasty chemicals because if you use a lock, then you are having that lock be the parent and that lock is a lousy parent. You don't abandon locks on dangerous chemicals because using a lock means you are a bad parent. I've taught my kids to not go under the sink. And they don't. And there's a lock on it anyway. I guess by your reasoning I'm a bad parent using a lock for a parent, but I'd rather have the lock than to find my 3 year old drank drain-o.

It's possible to use technology (like a lock on a cabinet) to assist you in being a parent.

And don't put the PC in their room. Putting the PCs in the family room is not limiting access. Putting down firewalls and time limits is limiting.

Great, so you are telling the person asking the question that they are doing wrong. "How do I fix my Toyota?" and your answer is "Screw Toyota, get a bicycle." It might be the better solution, but isn't an answer to the question asked. They want to get the PC out of the shared space. They want to get it in the rooms. So how do they do that best? Your answer? "Don't do it." I understand your answer, but it isn't an answer to the question asked, and I've been confining my comments to the question asked. If you have fundamental issues with the question itself, then everything you say is off topic.

Re:Replacing good parenting with tech solutions ..

[flimflammer]

How is not filtering their internet access and instead actively communicating with them about what should and shouldn't be done online encouraging bad behavior?

I'm interested too.

[KesslerB]

If you get any useful information out of this thread, I'd be interested in it as well. My 6 and 8 year old boys have been directed to some inappropriate Web sites by one of the older boys' friends. I've switched our home network to OpenDNS, but that's not the same thing as true content filtering. The computers are already in a public place, and we've spoken about the sites to avoid. Heck, it was my 8 year old who first brought up the word "inappropriate" in context. But having said all of that, an extra layer of content filtering would make me happier.

Try the old fashion Method.....

[snero3]

and turn the things off when you don't want them to use it.

That project you stated looks fare to complex for a single home user to manage. Yes you could get OS X/Windows 7/Linux to have schedules to shut things down, block sites etc... but really it is easier and cheaper to have a lockable cupboard and lock the computer/s up when you don't want them to be use and just make rules for your kids to follow about usage hours/grounding etc...

Don't rely on technology to parent for you (from a family of 4) you need to do it yourself. If you don't trust your kids with what they look up when you are not there then only bring out the computers when you are there.

One thing to note; children will _ALWAYS_ find a way around any security/punishment you give them (even the physical one I am talking about). The best solution to this is active parenting and trying to be an unobtrusive part of their lives

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

Non sequitur. For one, the person I responded to said nothing about "communicating" with the children. For another, what do you do if you *know* they are doing something wrong? Let them do it anyway and live with the consequences? Or work to protect them if they refuse to protect themselves?

And it's encouraging bad behavior by setting no limits for them and giving them the access to act out on the bad behavior with no restraint, monitoring, or controls at all.

when you have a hammer

[wintermute000]

everything looks like a nail.

The complexity and ongoing maintenance (nevermind teaching how to actually use these things) of setting up a full group policy domain.... for 3 PCs.... to be administered by a non tech savvy, time-limited single parent...

Seriously you're so much better off teaching them a few PC basics and installing a few filters etc. on their PCs. And meatspace solutions (e.g. physically locking away PCs or kb/mice). I'm not going to get into the censorship/freedom thing, its not my (or your) kids....

Worked fine for me growing up, parents would say 'no more nintendo' and enforce it with a stick lol.

Re:OS X Server will do exactly what you want

[Blowfishie]

I've got to agree, especially now that you can get OSX Server in a Mac Mini relatively cheaply. I tried Windows and Linux, but (as a parent) OSX was the easiest to set up and just get on with life. The caveat is that it's only easy if everything in your house is a Mac - you may or may not want to go down that route.

Re:Replacing good parenting with tech solutions ..

[muridae]

You must be one of those kids who never knew that their parent's called your friend's parents and checked if you were actually there. Before the advent of the telephone, parents just talked to each other, "Hey, little Timmy said he was with you and your kid playing baseball last week, how did the game go?" Kids might not get caught misbehaving as quickly, but they still would get caught.

New technology, new times, new ways of keeping an eye on your kids. By your animosity, either your parents were quite over the line of reasonable, or you feel you were raised fine with no parental involvement so someone else's kids should be too. Both are very weak arguments.

Re:Replacing good parenting with tech solutions ..

My family fixed this by keeping all the computers in the Living room. This meant that we never had to worry about late night computer us and it would just be a quick glance over a shoulder to see what they are up to.

As an admin and a parent

[ancientt]

As a parent and as also an admin who has to worry that co-workers will act like kids, I have both some experience and some tips in this area. The most important tip is to know your kids and care about them. Train them to be safe and teach them morals. With my kids, I use the motto: Trust but verify.

1. Basic Security: The kids shouldn't have Administrator access, the bios needs a password you don't type in front of them and the boot sequence should be set to boot from hard drive first. They might still get around that security by moving drives around, so you may want tamper evident tape.
2. Command line tools: go ahead and install an ssh server on the windows clients, but do it the easy way with something like sshwindows*. You don't really need it if you enable RPC, but it does come in handy, particularly in combination with unixutils* and Sysinternals*.
3. Remote commands: I use winexe* and enable remote access services on the client machines. You can then run the shutdown command or pretty much any other command remotely. If you have set the boot password as required for startup, shutting the PC down is the same as locking it. I don't really recommend requiring a password for boot if you can avoid it since it is a pain, but if the situation calls for it, it is useful to know that you can. In most cases the bios will let you set a password for modification without requiring one for booting and this is usually much easier to work with, particularly when it comes to automatic updates that reboot.
4. IP tables with static IPs: Since you have admin and they don't, you can set static IPs on the workstations pretty reliably which also allows you to use IP tables effectively to limit or control access.
5. Logs and web control: If you use OpenDNS* and intercept DNS*, then you have pretty decent logs. If you use a transparent squid proxy in combination with strict IP tables rules, you can get really good logs. Beware of SSL proxies and VPNs.

All this comes with a cost of your time and effort. The tools built into the typical router can do a lot of the work for you, but you give up some control. Also, consider your target audience, if your kids are bright teenagers, then they will look at ways around the system. They will almost certainly try to browse by IP or through proxies. If this is a potential issue, then you should also look at setting up a transparent squid proxy and blocking 443 and other ports for addresses not explicitly allowed.

VNC: I didn't list VNC because I don't personally use it at the moment, but I have in the past and it can be a very useful tool. If you use it, I recommend you don't set it to run automatically, but rather start the service when you want to use it with remote commands. In a few cases I've done this so that I could monitor activity without any obvious indication.

• sshwindows*: http://sshwindows.sourceforge.net/ - relatively easy ssh server for windows
• unixutils*: http://unxutils.sourceforge.net/ common linux/unix tools for windows, things like grep and wget
• Sysinternals*: http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx handy things like pslist and pskill
• winexe*: from http://eol.ovh.org/winexe/
• OpenDNS* and intercept DNS*: see http://www.opendns.com/ and consider something like:
  /sbin/iptables -t nat -I PREROUTING -i ${LAN} -p udp --dport 53 -j DNAT --to ${ROUTERinternal}
  /sbin/iptables -t nat -I PREROUTING -i ${LAN} -p tcp --dport 53 -j DNAT --to ${ROUTERinternal}

Sounds like the need for proxy/firewall/router

[Fallen+Kell]

The majority of what you want to do can be done with little more powerful linux based home router/firewall/proxy running a third-party OS like OpenWRT, DD-WRT, or others. If you get a router with a powerful enough CPU and enough RAM, you should be able to have no problems running squid (a proxy service) to restrict access to the internet during your specified time-frames, or to revoke internet access completely (as in your example as a punishment/grounding): http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch32_:_Controlling_Web_Access_with_Squid

I would first setup each of your three systems to use MAC Address based DHCP connections to force the specific computer to get a specific IP address. This is easily done using the web-gui on most of the third party linux router OS's out there, or simply by command line using dnsmasq and editing the dnsmasq.conf file (add the following line for each host, "dhcp-host=00:00:00:00:00:00,192.168.1.10,infinite", replacing the "00:00:00:00:00:00" with the MAC address of the specific system, and replace the "192.168.1.10" with the IP address you wish the machine to use). You can also associate a hostname to that IP address, typically by editing a "hosts.dnsmasq" file and putting the IP address followed by a space or tab, and then the name you wish to use, like computer1, or server, or whatever you want to call it so you don't have to remember what the IP address to the host is, just the hostname that you gave it.

For antivirus, that gets a little more complicated when run at the router level, since you need pretty good router hardware for it to work (since it has to inspect each packet, not just read the header and pass it on to the correct system). PacketProtector is an addon/custom version of OpenWRT which does have antivirus integrated into it. However, you would be better doing this at the client level, not the network or server (well run it on the server as well, but just not as remove scans).

Your final question as to remote shutdowns, monitoring, well, you can do that pretty simply yourself just using "ping" to see if it has an IP address and if it responds, well you know it is up and running. And since you have already setup hostnames instead of just using IP addresses, it is a lot easier to just do a "ping kid1" than "ping 192.168.1.10" and know which computer that really is so that you yell at the correct offender...

Re:Replacing good parenting with tech solutions ..

Gee, with an intelligent, rational, calm, and compassionate response like that, I'm sure you must be an amazing parent! Not only does your adolescent insult show how in-touch you are with today's youth, you've managed to come up a solution to an eons-old problem with one word. Talk! Yes, it's so simple! You just... Talk!

We won't bother worrying about trivial details like "what to talk about" or "when" or unnecessary, complicated details like "what does this child's psyche respond to best". As long as you just talk, it's aaaaall going to be ooookay.

You could market a book on this. Of course, it would only be one word on a single page, so you might have trouble getting a copyright, but hey, as long as you're helping to mold today's youth into tomorrow's perfect leaders, who cares, right?

Technology is not the solution...

[Monty_Lovering]

... sorry, but kids circumvented parents attempts to control reading material. Kids can and will circumvent any techy attempts by a parent to control things unless they are dolts and their parents are geeks. And lets face it geeks breed true. The OP says they are not computer savvy so the idea they can win this arms race is silly.

To think parenting via proxy (ho ho) works is just kidding yourself.

Build responsiblity and trust, and take their computer away for a while if they break this by failing in reasonable responsibilities you set them... like getting bad grades.

Micromanagement just means they have to develop responsibility later. They will run a system off a CD, hack the server, hack a local WLAN, take photos of themselves on their phones and MMS them, etc. etc. etc..

Re:Replacing good parenting with tech solutions ..

[Idiomatick]

"So you are ok with your kids being on AIM all day looking for older guys who make them feel special? Or surfing porn all day?"

I'll go out on a limb and assume that OP would want to communicate that these are bad things.

Re:Ask the intelligence community

[timpaton]

But if you don't put any barriers in how shall they ever learn about proxies, address spoofing, packet sniffers and all the other wonderful things involved in defeating technical parental controls?

I'm in Australia, you insensitive clod!

My kids won't be defeating parental controls [1] - we'll all be defeating overbearing paternalistic government controls. [1] although she's only 2.5, this thread has given some food for thought on how to deal with my daughter's computer useage when the time comes. Monitored freedom sounds like a sensible approach.

WOOOSH

[mjwx]

Wow, way to miss the joke douche. How's the sense of humour bypass working out for you.

But your douchebaggery aside, children will get a better understanding of how things work if they get to mess around with it. It is actually a good idea to give a child a semi-working machine and let them solve the problems. It depends on whether you want to raise a drone who does what everyone else does or a person who can actually use their head to get around problems.

Re:WOOOSH

[copponex]

Hey mikey, why weren't you on IM earlier? Oh, you wanted to watch a flash video but the new ATI driver totally hosed your xorg.conf and you spent the whole afternoon trying to rollback the driver, even though the open one totally sucks, huh? Well, I learned some more python and watched some more TED talks. Chat ya tomorrow! I mean, if you can get a GUI working again!

The commodore 64 wasn't open source. It did come with dev tools. All of the nonsense about freedom is empty rhetoric, which fails to disguise the immature state of GUI development on Linux. It's really close, but close isn't good enough. It's not going to matter what platform you choose, really - the next generation of great programmers will make do with whatever platform they're given. But I have some good guesses on who will get more chances to get some programming done instead of fussing with incomplete and immature standards.

And I'm sorry, "good parenting" cannot change the fact that you can get any information at all on the internet. I don't care what sort of talk you give your 14 year old, if he stumbles upon simulated rape porn. He's being damaged emotionally, and exposed to subjects he should never encounter in his entire life. If a parent wants to give their kids WikiPedia and not HentaiRapeFestival, that's their business.

PS: A hint on the jokes: for people to get'em, they have to be funny. It's an important prerequisite.

Re:WOOOSH

[mjwx]

PS: A hint on the jokes: for people to get'em, they have to be funny.

PROTIP: they also require the reader to have a sense of humour.

I can tell by your long winded and completely nonsensical post that you lack both sense of humour and a brain. You also don't seem to be to have the mental faculties of a person above the age of 13.

Hey mikey, why weren't you on IM earlier?

My name is Ian, increase your medication.

And I'm sorry, "good parenting" cannot change the fact that you can get any information at all on the internet.

What does this have to do with good parenting. Good parenting is ensuring a child knows how to handle anything they find on the internet.

I don't care what sort of talk you give your 14 year old, if he stumbles upon simulated rape porn. He's being damaged emotionally,

Umm.. first off how often does this happen? I've been on the internet since 1994 and I've never seen it. I've seen some freaky stuff but I've never accidentally stumbled across this, it's hard enough to stumble across regular porn if you're not looking for it.

Secondly, your using the same "think of the children" logical fallacy, viewing rape makes rapists (I find it ironic that those who advertise the virtues of humanity (religious people) think rape is something all people are suppressing and cannot control if we see it). Good parenting is about teaching your child how to handle situations like these, a well raised child will be repulsed at such images (they should also, by mid teens be attracted the opposite sex, this is quite normal and should not be suppressed). Good parenting creates an environment where a child can discuss the things that disturb them with their parent(s) and seeing a rape video would disturb the crap out of me at the age of 30.

A parent sets boundaries, this should be enforced with punishment not technology (I.E. caught looking at something you're not meant to, no computer for a month, the way good parents have been dealing with this since oh... 1994). The child will test the boundaries, the punishment must stick, it's how we've learned "right from wrong" for centuries on the other hand if you censor your child's world and you limit the child. As another poster used to have in their sig "child proof the world and you neglect your responability to world proof the child".

and exposed to subjects he should never encounter in his entire life.

Yes, because you prepare your child for the harshness of reality by hiding it from them completely. That way when they get out into the real world they will be completely unable to handle daily events that they weren't prepared for. Please don't breed, I'd hate to see the adult you'd bring into this world.

Now a child would absolutely hate having to assemble their own computer from scratch, learn how to install an OS, drivers and what not. I mean there was this Danish plastics manufacture who went bankrupt, they only made little plastic bricks that "fit together", a child could make almost anything out of them and I guess that's why they failed. If I could only remember their name, I think it was Lego. Kids hate using their imaginations, even the big ones.

Re:WOOOSH

[copponex]

My name is Ian, increase your medication.

Ad hominems are a poor rebuttal to a good argument: it's better for a kid to learn something advanced and intellectually stimulating instead of the rudiments of an immature operating system. Giving a kid a half-broken chemistry set may have the opposite effect you intend.

There is a saying, nothing can get between a 14 yr old and a bucket of porn...

it's hard enough to stumble across regular porn if you're not looking for it.

Cue the backpedalling...

Secondly, your using the same "think of the children" logical fallacy, viewing rape makes rapists

Viewing any amount of violence can lead to desensitization, emulation, and regular exposure can lead to PTSD and other unfortunate effects. That's why you said

seeing a rape video would disturb the crap out of me at the age of 30.

Teaching your children about the dangers of consuming graphic violence and blocking access to it are certainly the best ways of taking care of them. It's like having a gun safe and a gun safety class. I know, it's a nuanced position completely outside of your comprehension, but that's one of the reasons you don't have children. (Lack of attempted procreation aside.)

Please don't breed, I'd hate to see the adult you'd bring into this world.

I helped raise my two sisters. One is studying to be a nurse, the other is a special needs teacher. But I'll let them know some random thoughtless cunt from the internet had something to say about their upbringing. It'll give them a chuckle.

Now a child would absolutely hate having to assemble their own computer from scratch, learn how to install an OS, drivers and what not. I mean there was this Danish plastics manufacture who went bankrupt, they only made little plastic bricks

The interest maintained in spatial reasoning by small children has little to do with being unable to use a computer because it has piss poor fundamentals. I guess twenty years ago you'd be teaching your kids on an Altair and telling them the blinking lights were for their own good; never mind KidPix or those stupid GUI operating systems.

It's just like getting them interested in painting. Take them out to pasture, harvest the horse hair, cut down a tree, whittle a paintbrush, traverse the countryside in horse and buggy (just like the good old days!) and then a few months later, when you've finally procured all of the necessary pigments, properly mixed them, fashioned your own paper with your home-built mill and pulp processor, you child will truly understand the creativity of painting. And anyone else who picked up a water color set at the shop; why, they're just ill equipping their kids for the real world! Stunting their creative potential with short cuts and technology!

be a parent

[alan_nsb]

As has been mentioned many times by at least unity100 and BigDish in terms of effort but in the vein of houstonbofh: a system can be made to do this in a variety of ways. And maybe for younger kids some of the censorship is ok and off-the-shelf routers provide this easily. But the reality is, be a parent. If they are grounded and that is part of the grounding then take the power cords if they've proven they will use it when grounded. It is your roof they are living under, if they don't like it then suggest they find more amenable living conditions. Sorry, but I have 3 daughters the youngest 18 now and they will respect you more when you do that. I understand we want to use technology to ease our lives but raising children is not an area to do this in. At least not in this manner. If they circumvented anything I did I'd have to smile at that because could respect that. Would you rather have them discover something unseemly on the internet under your roof or would you rather have that first discovery be when they are on their own. Seems like a good learning experience with you present.

Re:The human factor

[inKubus]

Yep, or use a USB wireless adapter to connect to the neighbors.

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

I'll go out on a limb and assume that OP would want to communicate that these are bad things.

You'd think. But they he said he wouldn't stop them from doing anything bad with things like filters, so he'd say "that's bad" and let them do it. But he didn't address what to do if he communicated with them and they didn't listen. We either assume that they'll always listen to their parents. It's never happened, but he could be the first. Or, we could assume that he's an idiot that doesn't know how to be a good parent, but has some quips that he thinks will make him look smart on the Internet. Apparently, if you talk to your kids occasionally, you can trust them 100% and any attempt to verify that trust means you are a bad parent.

The reason why only talking to your kids works

[jonaskoelker]

Disclaimer: I don't have kids, and I grew up as the computer expert in my house (I paid for internet access out of my allowance). Take my opinion with whatever amount of salt you find appropriate.

I learned growing up that I could always get access to the internet at a place where my parents couldn't reach me (friend, public library, internet cafe). I assume this hasn't changed today.

Or, even doing what you want and accidentally running across goatse guy?

Well, you know who goatse is and what he looks like. Look at the horrible damages that knowledge caused you! Wait, it didn't? Oh well; I learned about him in my secondary education ("High School", except Danish), so at an age between sixteen and eighteen. Didn't do me much harm.

So you are ok with your kids being on AIM all day looking for older guys who make them feel special? Or surfing porn all day?

Wait, does your firewall come with a "drop conversations from older guys" filter? Does it come with a "allow a little porn but don't feed porn addiction" filter?

I think the way to have youngsters avoid the bad sides of the internet is to talk clearly (no-bullshit) about what they are, why they are bad, how they work, and then about how they can be avoided.

Don't just impose a rule on them---show them the goal the rule is meant to accomplish, get them to agree with the goal, then suggest the rule to them. Especially don't have a robot (router) impose the rule on them.

He's not looking to be the gestapo.

No, he's looking for the router to be the gestapo---a faceless machinery enforcing the rules of a dictatorship.

Talk to kids. Get them to understand what the dangers are and how to protect against them. Get them to agree, first of all. Because if they don't they'll break the rule, and if they do you didn't need a rule in the first place.

Windows Live Family Safety (yeah i know...)

[fluor2]

I would, even if you might not like it, recommend Windows Live Family Safety. It offers great parental control options like blocking websites, reporting, time limits, gaming restrictions etc. It needs Windows Live installed, but heck I don't care as long as I don't spend too much time setting this up.

Really? Really?

[ptudor]

Why bother? Get three corded computers, put them in a common area, if it breaks they have to deal with.
If you're awesome, set up a Windows box, Mac, and Linux machine to expose them to all three big worlds with multiuser accounts on each.

Accept the younger generation is smarter than you and will easily circumvent any idle attempts at restriction.

Unless your genuine intent is to spur the next generation of defcon attendees, just let them learn how to compute while they still live in your house.

Re:Replacing good parenting with tech solutions ..

[gknoy]

So you are ok with your kids... accidentally running across goatse guy?

Before a certain age? No. I couldn't even explain it to them adequately. Once they're teens? I think it's OK for them to learn that not every unknown link should be trusted. (To be fair, Rickrolling serves the same purpose in a milder manner. I sure wish I'd learned about strange links via Rickrolls, rather than the eyefuls of various "Dear god, why??" sorts of pictures.

On the other hand, I don't plan to let them on the internet without supervision. :)

Re:Replacing good parenting with tech solutions ..

[omglolbah]

Teaching the kids how to spot a pedo on AIM is a valuable thing...

That being said:

How will the kid be damaged by the goatse guy? Having stumbled upon such things around the age of 14 I remember a mix of "what the -fuck- is that....." to "why would anyone...." to "kill it, kill it with fiiiire!" responses.
Surfing porn all day? So what... There is a time and place for everything. A good fap wont kill the kid :-p
Now, I'm neither an axe murderer or a rapist and have a healthy attitude towards most things...

When it comes to the simple act of cutting off access the simplest and most effective thing to do is just unplugging the cable at the distribution point. Very simple, no complexity.
Should the kid disobey and just replug it then deal with that. For example just take the computer for a week. Teach them the need to obey simple rules.

My parents are both teachers and personally I think that makes them more in touch with reality than most parents.
The parent who lets their 14 year old have access to unfiltered internet is not the problem. The parent that doesnt care or doesnt treat their kids right is.
Teachers get to see all the messed up kids... Some are messed up before they even get to kindergarden and the number of cases with child services involved is quite large.
None of these problems are because of the kid having a fap every now and then... or having seen the goatse man...

From how the original poster presented his issue I doubt he has anything to worry about regarding the kids. They seem to be in a fairly 'safe' home situation and giving them
access to internet wont change that. Being open about what is out there is a good thing, blocking it so that they wont know what -is- out there is stupid and dangerous.
Kids will get access to unfiltered internet and having it in their own home is a hell of a lot better than finding out your 14-year old has been hanging out with that 16-year old
smoking misfit that has unfiltered internet at home :-p

I'm getting ranty... time for work :-p

Re:Replacing good parenting with tech solutions ..

[JonJ]

But they he said he wouldn't stop them from doing anything bad with things like filters, so he'd say "that's bad" and let them do it.

Methinks you are underestimating how the conversation would go. This looks an awfully lot like a strawman to me.

add one mac mini + squid

[smash]

... schedule computer usage hours and maximum time with the built in user account controls on the mini. schedule internet access with SQUID on the 10 year old dell you already have.

Lock the kids out of admin/root access on the mini.

Job done.

Re:Replacing good parenting with tech solutions ..

[Vectormatic]

So, just to be clear, you are arguing that it's safer for them to talk to strangers online in that mental state than to not talk to strangers online?
 

He is arguing that it is better for the kid to get some support from her parents, since just cutting the internet doesnt deminish the need for someone to talk too, cut off the internet and dont step in, and he/she will just find someone else in real life (which might end up good, i.e. a teacher/coach, or might end up bad, a pervy teacher/coach)

Technology is no substitute for actual parenting

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

Methinks you are underestimating how the conversation would go.

He said he'd have a conversation but wouldn't do anything to actually protect them. How else do you think it will go?

This looks an awfully lot like a strawman to me.

Yes it does, I don't know why I got suckered in by it. He claims he'll talk to his children and that will make it so he'll never have to restrict them. What point did I get wrong?

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

Technology is no substitute for actual parenting

Ah, I got it. He was using the false dichotomy to invent a strawman to attack. No one has ever claimed that turning on a firewall means you never have to talk to your children again. But for your statement to be true, that would have to be a premise. Since it's obviously not, then I don't see what the problem is.

Why is a firewall plus talking worse than talking alone, assuming the talk is as effective in both circumstances?

m0n0wall

[XCondE]

From the website:

m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP

Remind me how this was mistaken for an advantage.

Re:Replacing good parenting with tech solutions ..

[HopefulIntern]

You're missing the point. If you want to restrict your kids 100% then yes filtering etc. is the way to go. I don't believe in this, as I was not raised this way. Internet use, just like other things like drinking, drugs etc. were taught by my parents through conversation. They told me, don't do those things they are bad. Some of them I tried anyway. I got drunk one night aged 14, came home, and went to bed. They scolded me, but said my incredible hangover was probably punishment enough, and left it alone. I didn't drink again until I was of age (except for the odd beer my dad would give me on special occasions at home).

I never did much in the form of drugs or smoking. My parents are proud of me for growing up and succeeding, according to their guidelines, which proves they were right. They never believed in censoring my internet. I was allowed to listen to any music I wanted even if it contained obscene words. The only thing they banned me from was war games, and violent games. Which at the time I thought was incredibly unfair, but now I see how sick the American culture is (violence is ok, bad words/tits is a big no).

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

You're missing the point. If you want to restrict your kids 100% then yes filtering etc. is the way to go. I don't believe in this, as I was not raised this way.

So, your point in response to the question of "I would like to set up rules and filters for my children, what's the best way?" is "That makes you a bad parent."

I don't think I'm missing the point. Why is it that when I ever disagree with someone, they assume I'm stupid. I get it. I disagree. I think that there's nothing wrong with putting a lock on the cabinet leading to the drain-o when I have small children living in the house. The technology of a lock isn't being the parent. And yes, it's restrictive. If you are really arguing that you think it's child abuse to keep your child out of the drain-o, go for it.

But whining about other people that want to prevent their children from learning that the stove is hot with a 3-week trip to the emergency room (yes, I know one that ended up that way) seems absurd. Sure, most children just get a little burn on their hand, but some manage to pull boiling liquid on themselves. Why not teach them it's hot *and* keep them away from the stove while cooking?

Re:Ask the intelligence community

[OutOfMyTree]

Yes. I dropped in quickly to say the same thing. Children's computers should always be located where adults will walk behind them as they go about their daily living. Occasionally discuss what is on their screen.

Re:Replacing good parenting with tech solutions ..

[HopefulIntern]

Your stove example works, but is not an apt simile. What TFA suggests in this case is putting up a barrier between the child and the stove, so that the child never sees or has access to the stove until he is old enough to cook on it; and then he has no idea about the nature of stoves.

Re:You need to ask "should I?" and not "how can I?

[Marble1972]

I hate the concept of internet filtering (by parents or otherwise) as I believe it is another step toward turning people into drones.

I had an undroneful life even before the internet... you insensitive clod!

Re:Replacing good parenting with tech solutions ..

[HopefulIntern]

Locking the drain-o away is, indeed, necessary. I don't think anyone would argue that, unless the kid is 15...again it is down to age, whether they are old enough to judge. Also, drinking drain cleaner is almost always harmful, and very dangerous. Seeing goatse isn't. You do not die from seeing an anus stretched open.

The kids machines

[RandomFactor]

Similar situation, but younger kids.

Online is a big part of what they do at school these days.

I can trust my kids, however I have no desire for them to wind up on the seamy side of the internet by happenstance, or their system to get malwared to death either.

For the windows (XP) PCs (you'll get lots of Server/Linux advice here...) we are setup as follows (note - these are all free options):

1 - DNS set to OpenDNS, and set to do some basic filtering
2 - loaded K9 (by Bluecoat) on the kids machines for granular filtering
3 - Firefox, NoScript, ABP
4 - Avast, AdAware
5 - logmein for remote access if needed
6 - systems in a public room (not in their bedrooms) so access times, overgaming, and withdrawel from family are less problematic

I find the above pretty hands-off. Once in a while (once a month...) they need to get somewhere that is blocked, but it isn't common and they just come ask one of us to open it up. I tried running them in user, and then power user, mode but that was a constant pain and I gave up on it (meh..)

as always with such advice, ymmv.

Re:Replacing good parenting with tech solutions ..

[Marble1972]

Look, sooner or later your precious little angel will see that pic. He or she will also see many other disgusting things, both in real life, on television, and on the web. You can't prevent that, but hopefully you can give enough context to allow little Junior or Princess to assimilate it and get on with his or her life.

However, giving 'context' to a developing brain takes time. Just because a toddler can play on the Thomas the Tank Engine website - doesn't mean their ready to see footage of dismembered bodies

Little minds should not be subjected to the emotional trauma of visual images of crimes being perpetrated / people coming to grief etc.

Re:Ask the intelligence community

[Nyder]

This. Would you also read her diary? Both of those is extremely intrusive and will take them about 1 minute to get around. ...

Yes, she would need to learn that writing down stuff you don't want other people to read is really stupid.

Wow, dude...

[fudgefactor7]

...you really have trust issues with your kidlets. However, Here's something I would try.

Set up a NIS server master which also has the router/firewall/ACL/etc on it. All the kids' computers are Linux NIS clients reporting to the master server. The master server can lock accounts so they can't log in anywhere when being punished for being a kid. The server will control access times (and who can access what), plus it can act as a central storage location (in addition to the NIS profiles) for files or what have you. And since each profile is roaming, anyone can log on anywhere and still access their accounts/data/stuff. With a good and secure root password on each workstation, the kids can't install anything you don't want them to have (like torrent programs), and there are several antivirus/antimalware solutions (free) for Linux use that will serve your purpose nicely.

Re:ClearOS

[bpechter]

ClearOS (I used the earlier ClarkConnect 3.x and 4.x) was ok but a bit more than I needed (web shares and pages were more than I
needed).

I've added most of what I need on top of IPCOP. Filtering, time based controls are available.

I put in my own dhcp and dns to allow me to redirect the gateway to a non-existant IP so I can have a time period when my kid can use the network based printer and computer for homework -- but not get to the outside world to screw around with Social Networking or games... I ssh in and run a script to restart dhcp to allow access to the outside when the work's done.

Having openvpn so I can get to the home network securely was a plus.

Re:The human factor

[Joce640k]

Didn't he notice the password was gone when he came home?

INstead why dont you...

[hesaigo999ca]

Instead I would place the computer in one room (not their bedrooms) so you can control it, secondly I would only buy one computer, as it is not cheap these days, and I would buy one of these thin client units...from tigerdirect...
http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=15398&sku=N316-1014
which allows you to set up as many people (up to 4 per unit) per one computer.

Thirdly, I would hire a geek squad dude (or put an add in the paper saying you need an admin to help quickly set up accounts on a machine for 40$) to come to my house and configure the 3 kid accounts and do all the AV install etc...
for usually about 30 or 40$ per hour, as this is child's play for a learned admin, he will set up limited accounts, and tell you how to use your system....also keep his number handy. What he will do in 15 minutes will take you all day to figure out....also
he may even be able to set up the rest of the kids consoles (if you have a wireless router) such as playstation xbox etc...
to allow your kids to access internet from their other consoles....keeping the pc time to a minimum....unless they have no consoles.

Make sure to also ask for a backup of the router configs, in case he has to come in afterwards to reset it, as it is very easy to do from a backup when someone fiddled by accident or on purpose with your router. Also backup of the pc would be nice too, into
a separate drive or partition that way if you ever get a virus and need to reinstall, you dont lose personal files because everyone KNOWS to keep their personal stuff in their personal folders on tat separate driver or partition.

Re:The human factor

[tehcyder]

Of course one day I actually needed to print something in a fucking hurry and he couldn't be contacted so I solved the problem with a screwdriver and the motherboard manual.

I assume he banned you from ever touching any computer in his house again?

Re:The human factor

[tehcyder]

I had my first lockpick set when I was 14. Padlocks, particularly the kind typical tightwad single parents used, were no barrier to me. For $10 a week I'd pick the lock to a guy's mom's bedroom, then pick the lock to her weed storage box so he and his friends could get high. It was easy money.

If I had criminal children like you I certainly wouldn't be worrying about giving them access to my computers, they could fuck off until they were living on their own.

Re:Cheap DLink router.

[wmelnick]

In any area where there is a neighborhood that will not work. We have some very good friends who are not particularly computer literate. I am very close with them and with their kids. They secured their router and put time restrictions and everythign else on them./ About a week later at 11pm I saw their middle daughter online and IM'd her "On the neighbor's router?" "Of course." I had a talk with the parents, took the kids' laptops for an afternoon. Explained to them that I now had logs of everything that was going on, just as I had done for my kids. I showed them quick excerpts from the logs. They have been good every since now that I am packet sniffing everything that goes on from within their own machines. I occasionally take a quick (and I do mean quick) look through all of the logs just to make sure that nothing particularly nasty has been happening. Aside from catching my son on porn sites, nothing really has. Ronald Reagan said it best: "Trust but verify". Kids get that. W

Trust

[fixmedaily]

Lay down the rules and trust your kids to do the right thing then spy on them and cut them off for infractions.

Re:The human factor

[HungryHobo]

yes, and I was vocally open about how bloody stupid the whole setup was that it had forced me to circumvent it.

Re:The human factor

[HungryHobo]

why?
I didn't damage the computer in any way.
I simply fixed a time sensitive problem.

Keep in mind that my mother was also kind of pissed with him that she hadn't been given the password when he'd gone away for the weekend.

Or perhaps he isn't as egotistical as you if that's how you'd react to someone fixing a problem you've created by lack of forethought.

Re:Replacing good parenting with tech solutions ..

[Idiomatick]

The kids from tfs are a little old to be worrying about drinking drain-o. I think you make sense if you change the age to like 6. Also, no access to drain-o isn't a big deal. In many places no access to internet is becoming almost a human rights issue.

Re:Replacing good parenting with tech solutions ..

[yuna49]

>>I agree but one should still be able to review logs of places the kids (or their friends) have been. I'm their parent, not just their friend.

>So I'm assuming you're one of the power obsessed parents who uses Verizon's "family stalker" app to make sure you know when your kid is peeing and if they stopped to get ice cream or not?

No, I don't think I was a Nazi for wanting to review what sites my then eleven-year-old daughter visited on the Internet over her unfiltered connection from a computer in her bedroom.

You know what the first thing I learned by this practice? That a whole lot of people wanted to sell things to my daughter over this shiny new Internet thingy. And they were capable of doing it with unblockable pop-ups of cute animated kittens. They also wanted to infiltrate my daughter's computer with all sorts of software so they could pop up little reminders with cute animated kittens or track her browsing patterns whenever they needed to. In the end their little plans came to a halt in this household because I'm a geeky parent who uses Linux and knew how to set up a transparent web proxy. Some of these early attempts at surveillance by marketers were poorly written and caused problems with her (then XP) computer. When this happened I was able to consult the logs, see where this crap came from, and block it. Reviewing these logs really helped me understand how to begin dealing with the enormous amount of exploitative junk on the Internet that's targeted at our children.

You'll notice none of my concerns have to do with porn or predation or any of the usual subjects that come up whenever we discuss parental filtering on Slashdot. I had no qualms trusting my daughter to make the right choices for herself on the Internet because I had trusted her to do many other responsible things in her young life. I had no choice in this matter; I was a single father with a young child. That didn't mean I was going to abandon all parental responsibility for her use of the Internet. I logged her traffic for a while, reviewed the logs a few times over the first year or so, then stopped logging. She knew I was logging and knew I could block her access if I wished. She watched me review the log to help diagnose what was wrong with her computer and was happy I could use it to block some of the places that were giving her trouble.

I'm as disgusted as you are by the exploitation of fear represented by products like "family tracking" services. Unfortunately, in the current climate, fear sells. I gave my daughter a cell phone when she entered middle school to help her become more liberated not to be tracked like a lab rat. But I chose to buy her a prepaid phone from Virgin so I could control how much time she spent on the phone. Like my decision to allow unrestricted, but monitored, access to the Internet, I tried to find the right solution that maximized her freedom while not abandoning my responsibilities as her parent to help her make the right decisions.

That's called being a parent, not a storm trooper. "Trust, but verify" as Ronnie said.

As to the OP, I think you're creating a monster for yourself to manage. Parenting is hard, but you've got a lot more experience managing your kids than you have managing a complex network configuration. From what you wrote, I'd suggest the following:

1) See if you can control time-of-day access using the administrative interface of your router. That's probably the easiest method to solve that problem. My Linksys router includes this feature.

2) Take a look at Dan's Guardian as a filtering mechanism if you must have one. It'll run fine on that ten-year-old computer the kids are using now.

3) Use Firefox with AdBlock Plus and perhaps Flashblock as well.

4) Use Linux on the client computers. Yes, yes, I know, gaming, blah, blah, blah. You'll save yourselves a lot of hassle if you don't run Windows, and your kids will get acc

Here's Some Advice....

[RobDude]

Forgot the computer crap and be a parent.

You don't need fancy high-tech solutions to simple low-tech problems. You want to know if your kid's computer is turned on or off? Walk into the family room and see if the kid is sitting on the computer. You want to make sure your kid isn't on the PC after 11pm? Turn off the computer.

Having a fancy software based solution for the generic single Mom isn't going to work.

Beyond that, kids aren't stupid. If you give the kid a PC that some central server monitors to see if it's turned on, particularly if it's being administered by a n0ob Mom; they are going to realize they can disable the software that provides that info to the server. Or, that by disconnecting the network cable/wireless adapter, the server views the machine as off.

Same deal with the internet. Odds are, there are unsecured wireless connections your kid can use to get on your neighbors connection and they can surf anything they want without your detection. Aside from that, unless you are going to completely cripple the usefulness of the internet; they'll always be able to connect to some proxy and get content that way.

And, whatever material you don't want them seeing on the internet - their buddy Tom, he's got a portable hard-drive filled with 400 gigs of that stuff. And he'll gladly let your kid copy it to his PC.

When I was in junior high, my and my loser friends would install Linux partitions on my family computers. With a boot disk, we could load up into Linux and access the content we didn't want our family to know about (IE - porn).

Bottom line is - this won't work. The amount of effort that would go into setting up and monitoring this system would be huge for a non-techie AND it wouldn't be effective. The better solution is to be a good parent, spend time with your kids, and realize you can't stop them from ever doing or seeing anything bad or scary on the internet.

If the parent is too lazy to do that; you are better off just installing spyware on the kid's PCs. Then Mom can get weekly e-mail of what nasty stuff her snowflakes were doing on the internet. But in either case, the kids will get around the security measures.

Re:Here's Some Advice....

[RobDude]

And, even if you are going to try and put the lockdown on the kids - you'll also need to physically secure the incoming connection and the server.

It's pretty easy to plug your PC directly into the router and bypass the server. And, again, since the admin doesn't really know jack about PCs, the kids have an awfully good chance of being able to screw around with the server directly, if they have physical access to it.

Re:Here's Some Advice....

[geekoid]

You're really ignorant, aren't you?

Hers is some advice, don't give stupid advice. Maybe in your world you want to micro manage your kids every move, but for those of us who live in the real world need solutions to help us run home networks.
Which, btw, the tools for Linux suck at.

Becasue no child will sneak back on after you turn the computer off, and certainly no household will have kids with different bed times~ Moron.

The fact that you parents were idiots that didn't care enough about you to manage a PC, doesn't mean other parents are irresponsible with their child.

ONly an idiot would think using a tool to manage a home network for kids is the only thing a parent is doing, or that they are nieve at what their kids are looking at. What it DOES MEAN is that they are looking for another tool to help them be a better parent.

I am so fucking sick of people on Slashdot thinking using a computer management tool equates to ignoring your children. Don't push you're parents bad parenting skills on to others.

Also: You''re momma's so fat, she's 12 bit.

Eiither you are the worst parent on the planet, or you don't raise kids of your own.

Re:Here's Some Advice....

[RobDude]

U mad, Bro?

There is no point in providing a complex network/security infrastructure to hand over to a computer illiterate parent.

There is no benefit.

The parent will not be able to manage it in any meaningful way and the kids will do whatever they would have done anyway.

"CAN SOMEONE HELP ME? My baby sitter cancelled and I need to keep an eye on my 6 month old. Can someone tell me how to stream a live webcam feed of my babies crib to my android phone so that I can still go out and know that my baby is safe"

Ask a stupid question, get a stupid answer.

Re:Ask the intelligence community

[Homr+Zodyssey]

Shutting off internet access as a punishment is what you think of as a "totalitarian regime"? Give me a break! That's smart parenting. Perhaps in your Utopian family punishment is never needed, but in most families, it is. When kids are able to use technology to break the rules, parents should use technology to enforce the rules. That's not substituting technology for parenting, its using the tools at your disposal.

And yes, some parents feel that it's not appropriate for a 12-year-old boy to see videos of chicks being smacked around and called names while taking it up the butt. Simply telling three boys not to look at porn is not going to cut it. As a matter of fact, that's most likely going to tantalize them. Perhaps you feel differently in raising your kids, but the OP is not asking for parenting advice -- he's asking for Network Admin advice.

OP is also worried about malware, sexual predators, and phishing scams. I can't keep my parents from getting their computers infected -- much less my kids.

Re:Ask the intelligence community

[Knara]

I'm on the Internet about 16 hours out of every 24. I can't even remember the last time I saw goatse.

Re:Ask the intelligence community

[Knara]

If only I could mod you insightful.

Re:The human factor

[Knara]

I'm not sure exactly why its bad if people are willingly doing things that you consider to be degrading in exchange for some compensation.

You get a lot of that from some feminist and morality folks. They want the freedom for women to make their own choices, but as soon as they make a choice those aforementioned folks disapprove of, it's suddenly bad.

In other words, it is, indeed, hypocrisy the majority of the time.

Re:Just the answer please

[RobDude]

That's not true.

The question was asking for the best course of action in a given situation. It would be silly to ignore given information because we know that some people will be offended by the appropriate response to it.

Here's what we know from the question....

* Three kids: 12, 14, 15 - The oldest is probably a sophomore in high school. Many high schools offer computer classes, including computer programming. Even if the eldest child is not a computer geek, he or she certainly has friends that are.

* Parent is not computer savvy. Needs a simple web interface to do everything. Needs everything to be setup correctly in advance and will be unable to make significant changes/updates.

* Parent wants the ability to forcefully shut down computers remotely, restrict content, etc....

Given the situation; a technology based solution is not optimal. The kids will out-geek Mom in no time flat. The only way to ensure that Mom stays in control of the PCs is to lock them down the point that they are no longer useful in any meaningful way.

Will the computers allow USB devices to be connected? If No - that's a gimped computer. If Yes - nothing will stop the 15 year old kid from brining a portable HD with 500gb of all the content the parent would want blocked. Plenty of his friends will be glad to supply the content.

If yes - nothing will stop the kids from getting a wireless network adapter and connecting to the neighbors unsecured wireless router and getting on the internet whenever they want.

Will the computers allow CD/DVDs/Floppy disks? If No - that's a gimped computer. If yes - same as above, but the size of the medium is limited.

And if the kid can plug in any of those things; he or she will be able to boot off of one of those devices. And that means they'll be able to partition the hard-drive and have their own sandbox environment that is free from the rules and restrictions imposed otherwise.

If you setup a bios password, nothing will stop the kids from opening the case and resetting the bios. Most consumer-type PCs don't have physical locks on the case.

Any web filtering you do is either going to be a strict whitelist which will gimp the usability of the web, or a blacklist. If it's a blacklist they'll have no trouble finding a proxy they can use to surf all the sites you would want blacklisted. They'll even have a friend who can show them how to do it - who will run a proxy on their home PC so your kid can connect. I did that for my buddy back in high school.

And, any local filtering you do will fail to stop anything once they kid hits an open wireless router at your neighbors house.

Beyond that, nothing stops the kid from running a cat-5 cable his computer straight to the modem - bypassing the router and the server you've got setup.

You'd need to physically secure the modem/router/server machine in a locked room that the children cannot possibly enter. Then you'd need to physically secure the insides of the computers you give them so that they cannot open the case (you'll also need to inspect the case regularly - because it's fairly trivial to cut them open anyway). You'd also need to prevent them from connection any USB device; possibly there is a bios setting for this, I've never tried. You'd need to remove any floppy/cd/dvd reading devices that are on the machine. You'd also have to prevent the installation of any software you don't approve. You'd have to prevent them from using any chat programs, because you can't moderate it and they can receive files. You'd have to block the vast, vast majority of the web because it would give them content you don't want them to have (but many of the sites you block would also have other really useful applications, aside from the content you don't like). You'd also have to either block or monitor all of you child's e-mail; otherwise his or her friends would provide the content.

Then you've got a computer that is mostly worthless, but a fighting chance of kee

Re:Ask the intelligence community

[K.+S.+Kyosuke]

Sorry, Czech Republic here. We have it in our constitution.

Re:The human factor

[pnutjam]

Yeah, kids will get around things, but if they are using the pc when they shouldn't be, I'm going to know if the case is cut up or the password has been bypassed. That's half the battle.

Re:You need to ask "should I?" and not "how can I?

[pnutjam]

Filter ads and to protect from accidents, trust kids, but verify by logging or checking PC's occasionally. Don't make a big deal about it until you see something objectionable.
Limiting night time access is probably good if your kids have a bedtime, if they are free rangers who pass out in the hallway like my neighbors 3 year old, let them have all night access since you obviously can't invest the time to parent.

Talk to your kids, teach your kids, but parenting also requires setting rules and dishing out consequences.

Nobody has mentioned thin client yet, for shame. I use NoMachine on my home server. You could limit external browsing to that machine only. Give them a published firefox session. Their PC's won't get malware and they can save file to their network drive and transfer them to their pc if need be. Teach them to save on the network, please god, teach them to save on the network...

Re:Replacing good parenting with tech solutions ..

[pnutjam]

but how we wish we did...

Re:3 Macs, not antique Windows, they are not grand

[pnutjam]

Buying your kids a mac is like forcing them to be left handed. It's borderline child abuse, IMHO.

I faced this a few months ago... and...

[gwn]

I found I already owned a router that allowed me to control we access hours I just set static IP's on the target machines and gave them restricted access to the web...

I use OPENDNS.com for the parental controls... I direct the router to OpenDNS for its dns lookups...

and I have installed a opensource program called iTalc to monitor the users on the machines... iTalc requires a small client on the users machine and an admin install on the teachers machine... you can then view what is going on, take control of a user or shut them down...

Remember to have the kids login as users not admins... take away those admin rights!

Easy to install, very inexpensive and remarkably effective... Especially with the users knowing I can monitor what they are doing at any time, even from work... Remember you don't always have to go so far as to cut access off, often all the user needs is to know and see you have all the tools to do it.

Re:Ask the intelligence community

[nobodylocalhost]

People think respect should automatically given. I disagree. If you are not worthy of respect, your kids will not respect you. After all, in reality it is something earned. If a kid is disrespecting you, do you honestly believe being "grounded" have any positive effect? No, you would be the authority that they fight against. They wont appreciate you feed cloth and shelter them, they just think you take away what's rightfully theirs. So obviously two easy way to approach that issue. Either they are smart enough to get around your punishment, or they destroy your property and have you live through the punishment with them. Even when they hunger for approval and live through the punishment without much struggle, you still wont get the respect you want. I think disobedience and disrespect are symptoms of deeper issues when it comes to failure in parenting. A previous post made a very good point when it talked about the soviet union. The policy of the Russian government was to punish those who do not follow rules and do what they were told. Obviously it didn't work for adults, I cannot seriously consider it to be a viable option for children. Reasoning, bargaining, and positive reinforcing would make a better overall strategy when dealing with children since it worked well with adults.

Re:Replacing good parenting with tech solutions ..

[AK+Marc]

So enforcing a bedtime of 11 p.m. by turning off the router is a human rights issue?

eBox

[WhiteWiz]

check out eBox.com
i'm using it as a proxy server. took me 20min to set up.

Re:Ask the intelligence community

[johncandale]

you're a bad person and should feel bad if you think it's ok to read anyone's personal papers and effects. There's a difference in knowing someone can read it and someone will read it.