Slashdot Mirror
Ask Slashdot: Making a Tablet Run Only One Application?
An anonymous reader asks "I'm working for a medical centre who want to make a tablet with various videos and webpages about smoking cessation available in their waiting room. The tablet can't access the Internet because of security policies. I'm planning to use a local server with copies of the (Creative Commons) videos and pages accessed through local webpages using the tablet's browser. How can I make only the browser be available to the tablet users? Ideas? Suggestions?"
Easy if the tablet runs Windows or Linux. Much harder on other platforms. Maybe you should narrow the problem domain.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Put it on a VLAN, and Make HTTP(S) Go straight to the web server and only the web server. There are portal WAPs that do just that. Securing the tablet from running anything else would be as easy as installing a custom version of CyanogenMod or similar. Heck even Apple might be able to make an iPad that did just that.
I'd also tether the thing to the room, or it will walk away.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I do not have a solution to your problem. I am curious about the situation though. Is there a reason your organization wants this to be easy-to-steal-and-expensive tablets? Especially when there's the security policy. And you'll have to keep them charged too. Why not just a cheap laptop. Or a pamphlet and TV?
I realize it's difficult to get people to stop smoking, but fancy technology isn't always the solution.
If using Android: create a replacement launcher app, set your new app as the default launcher, and... profit?
Just roll your own AOSP build that only has /system/app/Browser.apk along with essential system UI apks and include none of the networking drivers that the device needs.
You have a bigger problem there, how do you keep them from being stolen, add to that topic some phone home theft software too, want to inspire people to stop smoking? get a terminal lung cancer patient in the waiting room. wont fail.
I mean seriously - the first time someone thinks they can walk out the door with the tablet, it's gone. Don't think it wouldn't happen.
Why not instead just make a dvd with those videos and print out the text of the websites? You could have a small tv hooked up to a dvd player, have the dvd available to those interested, etc....
It wouldn't be as convenient to steal, and it is a technically easier way to set something like this up. Why are you going to such great lengths to make something more complicated than necessary?
You need digital signage, not a tablet. Only one person at a time can use a tablet. A couple of flat screens off a cheap PC hidden up in the ceiling or a closet, and use Xibo.
If you are using iPad, there is an app called MediaKiosk. This is used with metal kiosk housings that prevent the 'home' button from being pushed and will allow the charge cable to always be connected. Not really helpful for portable.
Without knowing what Tablet OS you are targeting it is difficult to give you advice. You can just search on google for the terms "kiosk mode" + whatever OS and that should give you what you are looking for.
A couple of options. One, you could probably bundle the files up into an app like one created using PhoneGap, which would make everything local. Two, you could set the proxy setting to point to a server that you control, that will direct you only to an internal web server that you control. Regardless of how you do it, you will need to physically block the power and home buttons, and for non-iPad tablets, any other button that might take you home like the back button with something like a lockable case. Seems silly to block the internet, though, considering how many people in that waiting room are going to be browsing with their iPhones anyways.
This seems like a terrible idea! People in a hospital are going to be smearing their fingers all over this device, and passing it around. It seems to be a very convenient disease vector. I would not touch it with a 20 foot pole.
Android Tutorial: http://www.basic4ppc.com/forum/basic4android-getting-started-tutorials/10839-android-kiosk-mode-tutorial.html
iPad: http://itunes.apple.com/us/app/kiosk-pro/id409918026?mt=8
Without DNSSec though, it's fairly easy to redirect any DNS traffic. Allow ports 80 and 53, redirect them to a local server, and block anything else.
http://www.chromium.org/chromium-os
The only app that runs is the browser, it is based on gentoo so you can install pam modules to meet your site requirements needs (ldap, kerberos, etc),
And it is designed so you can easily force an enterprise wide os refresh whenever you need/want.
Work bio at MMWD
Using linux on a omap3230 with a zendframework php app that gets a db loaded with data, mysql..., serving over lighttp to a local browser firefox. The syncing can be done either through a usb stick or local network through a sync server... We served thousands of patients at their home through their platforms. Hope it helps
The solution that you want may fully well exist without having to reinvent the wheel.
Is there any reason you can not use a LCD picture frame?
I don't know how well they deal with video but I suspect that you can put a good a presentation using stills on one of those.
Just paint a black frame around some rectangular mirrors and put a big reversed brochure printout on the ceiling. Nobody will know the diff and you can keep the real tablets for yourself. (My experience at AOL is paying off.)
Table-ized A.I.
iOS has parental restrictions. Enable restrictions, enable Safari, leave everything else disabled. No step 3.
Delete the other applications? Was that the answer?
Help stamp out iliturcy.
Easier: Buy a portable DVD player. Dirt cheap and does what you want. Less likely to get stolen. No software to break.
If using a Linux tablet, just run X with no window manager and start a fullscreen browser. Google keywords: "Maximus", "Devilspie", "Firefox kiosk mode".
If you're using Android or iOS, it looks like HockeyPuck has you covered above.
Leave a bunch of tablets laying around, even cheap ones, they will disappear pretty quickly. Who's going to round them up and charge them everynight ? BTW: I dont think getting the message out to stop smoking on tablets out will do anything. They know they have a problem, they wont sit their and watch ads and videos telling what they already know. You will just get 50 people a day asking how they can get into their facebook on this thing.
Tablets are generally designed to be resilient, and usable by the unskilled. For that reason, they can't usually be locked down like this, because the feature, in and of itself, is more technical than tablets are meant to be.
I don't know much about Androids, but an iPad makes a good example. Can you hijack DNS on the your wifi network? Yes... but it's incredibly easy to join another wifi network that isn't redirected, and there are no User and Administrator type accounts to keep people from doing so.
If you jailbreak an iPad, there is an extension you can install that locks it into a particular app (the browser, in this case). But getting around it involves, I think, nothing fancier than rebooting the device. You could modify the Hosts file on it to redirect no matter which network the user is on, as well... but a dedicated goof-off could always resort to direct DNS entry to cause mischief.
I would try to find out if anyone sells a wireless display with touchscreen capabilities. That could be linked to a computer that's locked down at an arbitrary level, and would prevent users from engaging in the kinds of shennigans they get up to when they have access to function keys and Reset buttons. If users can use the ctrl key or reboot the machine, you -will- end up with porn on your browser.
As a bonus, the device would be borderline useless to anyone who walks off with it and isn't fairly gadget-oriented, and you might be able to run several of them off of one host machine.
If this exists, someone should let me know, because I've made made want one.
If it doesn't you cold even use one of these:
http://www.thinkgeek.com/computing/usb-gadgets/c609/
Wireless is great, but the real goal is just something hand-held that each person in the waiting room can have one of. Run some USB cables out to each end-table in the waiting room, and attach them to these. They're cheap, so have them stolen is less of an issue... unplugging them makes the, stop working, which makes them less immediately temping... they have no keyboard and no buttons that affect the actual computer behind the scenes... They're a perfect solution if you don't mind a few cables.
iPad in Kiosk mode:
http://itunes.apple.com/us/app/mediakiosk/id352741530?mt=8
Android in Kiosk mode:
http://www.42gears.com/blog/2011/10/kiosk-mode-on-android/
I'm out of my mind right now, but feel free to leave a message.....
If you are using iPads, besides enabling parental controls, you might also want to prevent access to the home button. I've seen this done at a few well put together installations. A few pieces of plexi-glass and some silicone adhesive will do the trick. If you use some other opaque framing material, you can even make it look like you paid many more thousands of dollars for custom technology.
Wrong approach. People will walk off your tablets. Instead, have the users bring their own. Set up an open wireless connection that supplies the users with a captive DNS directing everything to your internal service that only serves up your content.
Don't provide any other open connection. Then your crap shows up on everybody's ipad and android phone. Be prepared to fend off angry customers.
But at least you save the cost and headache of managing all those tablets and don't have to.replace.them every week.
Go grab a copy of this - http://funambol.com/solutions/devicemanagement.php Setup the DM server and make it do your bidding! :o)
"My immediate reaction is "WTF? What kind of moron doesn't make things 64-bit safe to begin with?" Linus
Go take a look at the app "kid mode" for android. While not 100% security, if you make the "write here" zone small and out of the way enough, and make the patter harder than "Z", it aught to work well enough. Also you could modify ADW.Launcher or similar to only allow your app.
All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
Don't you think rerouting DNS, configuring your DNS server specifically for a handful of clients, and running a web server to stream video data over your local wireless network (noting that the OP had network security concerns already) that could easily be stored locally might be overkill if the device itself can be left running only the video app?
I don't want to deprive you of geek points, but sometimes there might be a simpler solution.
Not if you are a germ.
THL phish sticks
Why not use one of the cheap ass video players that sell for 80 bucks and can hold video and PDF documents and pretty much nothing else?
My kids have these Coby knockoffs that they love and have no trouble using. They play video (in way more formats than most tablets) and PDF and picturse, and that's about it, no pesky browser or wireless networking to bother with. Best of all it isn't a 500 dollar item people will want to walk off with, and even if they do walk off with it, you are out 80 bucks instead of 500.
Of course if what you are trying to do is show that you can throw thousands of dollars into the waiting room, that won't really accomplish what you are trying to do.
...he wants a digital photo frame with Wifi
and for security... unplug the dam server from the internet! if it's only serving local file then no bloooooody net access is required. ^_^
Simples!!!
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
Ou mean like copying the video to an SD card and set up a user with only execute permissions to one file on the system
.... Nah that would never work.
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
We don't see the world as it is, we see it as we are.
-- Anais Nin
Auto-run an SSH session with credentials supplied and X forwarding to the machine serving the videos running a simple webpage in a webkit window. Have the script auto reload same window if closed.
Naturally limit the user privileges and limit network abuse with MAC filtering.
I'm kidding, but it could work:)
That said, how to theft-safe the device? Glue it to the wall.
Defining Statistics and Social Research
That's what I did with a restaurants self-ordering system recently - two iPads, a pinned web app and a secure fixed case which covered all buttons. Not yet had an issue.