Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Ubuntu Lockdown Options?

samzenpus posted more than 2 years ago | from the no-internet-for-you dept.

Java 387

First time accepted submitter clava writes "We have a desktop Java testing application that is going to be administering tests to students on lab computers running Ubuntu 10.x. These computers are used by the students for other purposes and we're not allowed to create special users or change the OS configuration. When the testing app is launched, we need to restrict users from exiting the app so they can't do things like search the internet for answers or use other applications. Is there a good way to put an Ubuntu machine in kiosk mode or something via our application and have exiting kiosk mode be password protected? Any ideas are appreciated."

Sorry! There are no comments related to the filter you selected.

Depends how locked-down (5, Informative)

Anonymous Coward | more than 2 years ago | (#38297014)

I'm afraid if you want it actually locked-down, you're pretty screwed. You can't really disable things like switching to a tty with ctrl-alt-f1 without "changing the OS configuration."

Just use Unity. (5, Funny)

Anonymous Coward | more than 2 years ago | (#38297134)

Just use the default Unity desktop bundled with recent Ubuntu releases. It's so fucking unusable in every respect that malicious and benign users alike will want nothing to do with it. They'll use only the Java testing application solely to avoid having to deal with Unity.

You'll never have to worry about them using Facebook, or adding additional users, or installing their own software. Even long-time Unity users have a whole fuck of a lot of trouble doing those things. Many just learn to accept that they never be able to.

Re:Just use Unity. (0)

Anonymous Coward | more than 2 years ago | (#38297200)

It's so fucking unusable in every respect that malicious and benign users alike will want nothing to do with it.

I wish I had mod points right now...

Re:Depends how locked-down (5, Insightful)

adamdoyle (1665063) | more than 2 years ago | (#38297514)

If you ask me, you don't really need to prevent users from doing those things. You just need to tell they're not allowed to, and then have your java app detect if those things have occurred and then take action from there. By "take action," I mean that you could either (a) make some kind of notation in the database so that you can penalize them, or (b) send an SMS message or email or something to the test administrator to alert them of the situation so that they can walk over and determine if the student is attempting to cheat.

Re:Depends how locked-down (1)

adamdoyle (1665063) | more than 2 years ago | (#38297534)

oops, left out a word:

*You just need to tell them they're not allowed to.

Re:Depends how locked-down (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38297550)

This can be done.

1. Insert a Windows 7 CD, format the drive, install the Windows 7 operating system. Via group policies and TweakUI, disable all settings and applications that you don't want users to access.

2. Take the Ubuntu CD and place it on the desk next the computer.

3. Place hot beverage of choice on Ubuntu CD, which will now be reffered to as the "coaster".

4. Proceed with Java tests.

It won't matter. (0)

Anonymous Coward | more than 2 years ago | (#38297030)

Just make them easy to re-image.

Re:It won't matter. (2)

hedwards (940851) | more than 2 years ago | (#38297362)

More or less, probably the easiest way of doing it would be to boot a CDROM and load the home directory over the network if need be. I haven't gotten it figured out, but you can load ISOs directly from disk using GRUB2 if need be.
http://www.panticz.de/MultiBootUSB [panticz.de]

Why? (4, Insightful)

Anonymous Coward | more than 2 years ago | (#38297032)

Why not let them use resources? Similar to what they will have available to them in the workforce.

Re:Why? (4, Insightful)

bonch (38532) | more than 2 years ago | (#38297046)

Because they're supposed to learn and internalize the concepts, not learn how to type search terms into Google or trade answers via IM.

Re:Why? (1)

Anonymous Coward | more than 2 years ago | (#38297158)

Don't people Google and trade answers in the workforce?

Re:Why? (2)

jackhererUK (992339) | more than 2 years ago | (#38297188)

Yes but why are they supposed to do that, what value does that give. Knowing how to get the information you need to accurately understand and answer the question is a very important skill to learn. If you use it regularly then you will remember it, if you don't use it regularly then you can't being able to quickly research and understand things is a very important skill.

Re:Why? (1)

Anonymous Coward | more than 2 years ago | (#38297236)

If you're allowed to use a calculator everytime you had to do a simple addition problem like 5 + 5 in grade school then I doubt you'd be very good at doing simple calculations in the future. Some things are good to internalize, it forces you to understand it instead of just being able to look it up without thought.

Re:Why? (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38297820)

Because somebody needs to provide those answers you find via Google. They don't just appear out of nowhere.

so people who cram (1)

Joe_Dragon (2206452) | more than 2 years ago | (#38297208)

can pass the test and have no idea on how to use the concepts?

Re:so people who cram (2)

Ethanol-fueled (1125189) | more than 2 years ago | (#38297438)

Yep, that's the idea. That's how you get so many idiot grads of top-tier schools who cram (or cheat) through ultra-hard tests but still can't use apostrophes correctly while experienced tech-level (Associate's or Military/trade school) employees are cadding complex drawings, using layout software to design and build boards, breadboarding, running Matlab simulations, writing software, and otherwise finding all of the problems that engineering should have found in the design phase.

And from what I've seen, the ability of an engineer is directly proportional to how many books are in the bookshelf in their office or cubicle. Work and life are both open-book, why shouldn't school be? As others have said here, an open book means nothing when the person doesn't know how to apply their knowledge to make sense of it.

Take somebody who only develops Windows applications in C#, give them a book on embedded Linux, and tell them to get to work on the new hardware widget. If they can't "get it" in a reasonable time frame, then it becomes apparent that they don't have the fitness to apply their knowledge.

Re:Why? (5, Insightful)

pmgarvey (2497652) | more than 2 years ago | (#38297140)

Firstly the submitter didn't say if this was a programming exam, or what it was. It could be a test on memorising the capitals of African countries.

But more importantly is that allowing access to the internet doesn't just allow things like documentation, and other resources I might have in the workplace, but might allow me to ask my friend to email the entire solution, or even send the question to a guy in India and get the solution back for a fee. It's a comprimise between testing some memorisation and in the cases of some students, testing nothing at all.

Re:Why? (4, Insightful)

LurkerXXX (667952) | more than 2 years ago | (#38297560)

I guess you want that EMT to show up at your car crash to just google how to patch you up if he didn't pay attention in class. Better hope he doesn't lose signal to his cell phone.

Boot from USB or CD-ROM? (5, Informative)

hawguy (1600213) | more than 2 years ago | (#38297034)

Create your own custom locked down kiosk boot image and require users to boot from that? Keep in mind that users might take the boot media home with them so they'll have a copy of the test app if you store it locally (as opposed to retrieving it from a website)

Here's an example:

http://jacob.steelsmith.org/content/ubuntu-kiosk-based-910 [steelsmith.org]

(I'm not vouching for this particular implementation, I just found it through a quick google search).

Re:Boot from USB or CD-ROM? (5, Informative)

phoenix_rizzen (256998) | more than 2 years ago | (#38297692)

That's what we do. All our Linux stations boot off the network and use NFS mounts for everything. For government exams, teachers reboot the stations into "Exam Mode" which disables everything possible, launches a bare-bones X11 session with Firefox as the "WM", with all settings locked in, including an add-on that let's you specify a list of sites that are accessible, blocking access to everything else.

Took a few iterations to get the configuration locked down completely, but there's really no better way to find the holes than watch a class of students try to break it. :)

It's not bullet-proof, but we've made it hard enough that it's very obvious when a student is trying to break out of the box that anyone watching the lab will notice. :)

If you can't change the OS config, you can't lock it down.

Re:Boot from USB or CD-ROM? (2)

qeraser (587974) | more than 2 years ago | (#38297898)

I have this installed on 20 laptops which are locked down to only my companies web sites for credit card payments. Jacob did a great job on this.

LiveCD? (1)

Anonymous Coward | more than 2 years ago | (#38297042)

you could always use a livecd, restrict it any way you want....

LiveCD? (5, Informative)

grahamsaa (1287732) | more than 2 years ago | (#38297050)

Not sure how hard this would be to do, but it seems like it would be fairly easy to boot from a livecd/usb key. If you remove packages you don't want the end user to have access to (it's hard to browse the web for test answers if there's no browser installed) that should address at least some of your concerns. An added bonus is that if you need to repurpose the machine, or if it doesn't need to be in test mode all the time, a simple reboot could restore it to a vanilla version of the OS.

Not really. (0)

Anonymous Coward | more than 2 years ago | (#38297054)

Simply put: no.

Long answer: No, not without trapping the keyboard driver.

You are fucked. (0)

Anonymous Coward | more than 2 years ago | (#38297060)

If you cannot change the OS configuration, there is absolutely nothing you can do, beyond securing it against idiots, unless the OS configuration happens to be what you need it to be.

not if they know Ctrl+Alt+F1 (0)

Anonymous Coward | more than 2 years ago | (#38297062)

If you can physically restrict the keyboard function keys, you can prevent people from getting to the shell.

Homework (0, Troll)

Dunbal (464142) | more than 2 years ago | (#38297066)

If you aren't prepared to do it and try to "cheat" by asking slashdot, why should you expect any different from your students?

Design tests that challenge understanding of the subject and reasoning, not memory. But I guess mediocre teachers are good enough for mediocre students. Or was it the other way around?

Re:Homework (1)

M0j0_j0j0 (1250800) | more than 2 years ago | (#38297178)

You are mean!

Re:Homework (0)

Anonymous Coward | more than 2 years ago | (#38297678)

mean, yes, but funny.

Re:Homework (5, Insightful)

elsurexiste (1758620) | more than 2 years ago | (#38297234)

Hey, asshole. Ever occurred to you that, given clava's high UID, he/she isn't a geek and don't know enough of Linux/technology to do this? Look at how this question was redacted: it's obvious that he/she is not in control of the system, and is looking for some info here, where people with knowledge gather. Just answer the question if you can help and don't be pompous.

Re:Homework (3, Insightful)

Anonymous Coward | more than 2 years ago | (#38297242)

WTF Man. Maybe they are a math/english/whatever teacher using some sort automated grading system. Maybe they're a good teacher but bad with computers? But NO! Unless you crafted it yourself bit by bit then its tantamount to "cheating".

Re:Homework (1)

cheekyjohnson (1873388) | more than 2 years ago | (#38297280)

Design tests that challenge understanding of the subject and reasoning, not memory.

But that's such a pain! "Test and forget" is so much more simple!

Re:Homework (1)

Anonymous Coward | more than 2 years ago | (#38297424)

And they say Slashdot is full of unhelpful elitists. Pshaw!

Re:Homework (2)

obarthelemy (160321) | more than 2 years ago | (#38297532)

you forgot: "and design a new test every year, for each class, and different from all tests ever put out by the tens of thousands of universities over the years, coz those will end up on the interwebz".

since you're obviously not mediocre, i guess you're volunteering, genius ?

 

Chortle! (5, Insightful)

MrBandersnatch (544818) | more than 2 years ago | (#38297068)

Pull out the Ethernet connection. TADA!

Re:Chortle! (0)

Anonymous Coward | more than 2 years ago | (#38297100)

Wish I had mod points. Would bump this reply.

Re:Chortle! (1)

HideyoshiJP (1392619) | more than 2 years ago | (#38297138)

That was exactly my thinking.

Re:Chortle! (1)

Anonymous Coward | more than 2 years ago | (#38297166)

Exactly! Just unplug the router from the outside ethernet. Or snoop the packets and start pulling kids in for academic dishonesty.
Captcha: Students

Re:Chortle! (0)

Anonymous Coward | more than 2 years ago | (#38297650)

Another idea might be having the testing program stream the screen. That way you could have a realtime grid of all the screens showing in another room.
Wouldn't do anything if the user switched to a tty though, would just look like they were doing nothing/stuck. In which case, you'd want to check it out anyway to make sure they weren't cheating some other way.

Re:Chortle! (2)

viperidaenz (2515578) | more than 2 years ago | (#38297226)

or turn the power off to the switch. turn it back on when the test is over to upload the results. or lock down the users accounts via the internet proxy for the time the test is running. You'll then be able to see who tried to cheat by looking at the proxy logs

Re:Chortle! (1)

jordanjay29 (1298951) | more than 2 years ago | (#38297922)

I know a school that does something like this for regular class times, and students HATE it. It locks down their college-owned Windows swivel-screen laptops (I'm trying not to say tablet and get it confused with the iPad, etc) during class, and they can't access any applications besides what the teacher wants. So that means students can't use any alternative note-taking software (besides OneNote) and can't look something up on the internet (such as a reference made in lecture) during class.

Oh, sure it prevents Facebook and solitaire, but honestly, who cares? Students are the ones paying thousands of dollars to attend college, if they're wasting their own class time, it's their money.

Re:Chortle! (4, Informative)

wierd_w (1375923) | more than 2 years ago | (#38297248)

Or simply don't expose it to the internet.

Or, if it really needs to talk to the internet for some very special reason, put it behind a very configurable gateway.

Block all traffic types except port 80 http, and then restrict which ip addresses inbound packets can come from. Tada. Can't use google. Instant 404 error.

This won't stop them from playing uhrkan masters using the .deb they smuggled in, assuming they have the user rights to install. (Failing that they could smuggle in a binary blob version) but it would help prevent cheating.

What I had always considered to be ideal for a kiosk system where you don't want users pwning your workstations is to use a minimalist boot kernel on a usb stick, have the workstation tftp a system image to ram, then boot that.

This would make maintenance as easy as turning the system off, and on again, and would centralize maintenance of the system image.

Initial bootup network activity would spike with all the clients pulling the ramdisk volumes, but you could make the actual kiosk as naked as you wanted that way. No internal hdd to hide stuff on, no optical drive, and only 1 usb port that needs the key inserted because it is the boot volume.

If you go a bit further, and make sure the ctrl alt f1 seq can't be pressed at the hardware level from the kiosk, even better.

Re:Chortle! (2)

syousef (465911) | more than 2 years ago | (#38297492)

Pull out the Ethernet connection. TADA!

Yep first thing I thought of was disconnect the Internet connection. Pulling each ethernet cable won't do it especially if you have LAN logins, but making the Internet unreachable should be trivial.

Google??? (5, Informative)

muphin (842524) | more than 2 years ago | (#38297080)

Re:Google??? (1)

Synerg1y (2169962) | more than 2 years ago | (#38297174)

I've noticed most people who post help questions on slashdot aren't very informed on the subject of their question.

I think the first link would work in this scenario, the other two involve OS modification, but I wouldn't blame you for saying "that's not how it works" and they need to deploy an image for this scenario, I would hate to be the admin to apply #1 to 30 machines, but for digital tests, this is one of the FIRST things that needs to be solved, possibly before the instructor actually starts considering giving the test digitally... there's always paper if IT is understaffed / skilled :)

Re:Google??? (1)

muphin (842524) | more than 2 years ago | (#38297480)

i actually had to look into this a while ago for 50 students, and looked at deploying pxe boot images using clonezilla
those links i provided were from my bookmark list, you would only configure 1 image and roll it out, and need to only update 1 image to rollout.

Re:Google??? (2)

obarthelemy (160321) | more than 2 years ago | (#38297608)

1st result is for Ubuntu 7.4, might be irrelevant by now.
2nd rseults starts with "modify the BIOS? then install from scratch", which he/she cleary rules out
3rd results is about tweaking menus in gnome, which is not even Ubuntu's desktop anymore.

Unluckily, the exams in question will probably not all be about Linux, so Google might actually be able to find relevant info ^^

no (0)

Anonymous Coward | more than 2 years ago | (#38297086)

no, not without changing the OS configuration.
What you want is fundamentally incompatible with the restriction not to change the OS configuration.

Go for a solution in which you control the machine the software runs on. ie. a remote desktop like solution or a web based solution.

Why is this even being asked ?

I hope you need to modify the environment. (1)

Anonymous Coward | more than 2 years ago | (#38297090)

If any app can take over a machine without being having a specific configuration / account to do so, then that app behaves like a blackhat app. I sincerely hope there is no way to do what you want. You should be required to modify the environment / create an account to stop window managers / desktop tools, etc. It is easy to do it that way.

And I mean that for any OS. Not just Ubuntu.

Re: (1)

Anonymous Coward | more than 2 years ago | (#38297092)

The way they did a test at our University was to run a script which didn't so much lock everything down, but recorded whether a students had used Firefox / Chrome and copied their history to a remote folder. If students know that's going to happen, it's not much help, but if they don't, it could catch the cheaters.

School system (1)

Anonymous Coward | more than 2 years ago | (#38297096)

The school system: memorize shit for a test and then forget it afterwards (unless you have an outstanding memory, of course)! Brilliant!

Nice try, "fake av" malware producer... (0)

Anonymous Coward | more than 2 years ago | (#38297102)

.. or at least you are doing their homework here.

Good enough to disable internet access? (1)

Littleman_TAMU (589126) | more than 2 years ago | (#38297112)

Would disabling internet access be enough? You could have your app unload the Ethernet driver when it runs and then reload the driver when it exits. Of course your app would have to have system level permissions to futz with Ethernet and you'd have to deny those permissions to the user.

I'm not sure how you could disable running other applications if you're not allowed to change the OS configuration.

Protect the hardware, the rest is easy (0)

Anonymous Coward | more than 2 years ago | (#38297130)

Put the hardware far away from the user (or near to him but securely locked down).
Then use SDL or the X11 dev libs in your software to capture all keystrokes and prevent the users from doing anything other than using the app. Look at the code of xtrlock for a X11 example.
They'll still be able to do Ctrl+Alt+Backspace though, and access ttys too (F1 => F6), so disable those in Xorg's conf. Nevertheless, also make sure none of the user have accounts on the machine - *you* log on beforehand with a known password.

Of course, that'd work except you're using Java. You might be able to do what you want anyway but I suspect it'll be a real pain (I doubt java will allow you to capture all keystrokes this way). Frankly, java sucks.

Re:Protect the hardware, the rest is easy (0)

Anonymous Coward | more than 2 years ago | (#38297204)

Also: why the hell shouldn't your students be able to search on the internet ?
Making them learn CS stuff like robots is retarded. Searching on the internet *will* be part of their jobs later (of course, almost all CS uni I've seen is doing it wrong too).
Of course, they'll also be able to communicate between them. That's an advantage, not a problem - later on, they'll also need to work with other people.
That leaves the *real* problem: figuring out how to rate them despite the fact they're communicating together. Logging what they do all the way would work - it'll increase the workload of rating them, though.

Re:Protect the hardware, the rest is easy (1)

hawguy (1600213) | more than 2 years ago | (#38297606)

Also: why the hell shouldn't your students be able to search on the internet ?
Making them learn CS stuff like robots is retarded. Searching on the internet *will* be part of their jobs later (of course, almost all CS uni I've seen is doing it wrong too).
Of course, they'll also be able to communicate between them. That's an advantage, not a problem - later on, they'll also need to work with other people.
That leaves the *real* problem: figuring out how to rate them despite the fact they're communicating together. Logging what they do all the way would work - it'll increase the workload of rating them, though.

Why assume it's a CS test? Just because the test is running on computers doesn't mean it's a Computer Science test - I've heard that other departments have started using computers now.

Maybe it's an English Lit test where the test taker is expected to have read the book before the test, not google for answers.

And searching on the internet isn't always an option even in the real world. When I interview a developer, he better be able to write out code to solve a simple problem (I don't care if it's syntactically valid). I won't hire a developer that needs use Google to come up with an algorithm to reverse the order of characters in a string.

Easiest way... proxy (0)

Anonymous Coward | more than 2 years ago | (#38297164)

IMHO, you should do Xwindows in server and client mode... then use transperant proxy on the gateway of the device and force the user through the proxy except for internal addresses then have 2 proxy modes while the app is running it sends a call to the proxy which runs a script to disable external access and allows only internal access period. Done deal.

Don't work too hard (0)

Anonymous Coward | more than 2 years ago | (#38297176)

With some of the games I play under wine, attempting to background the window will crash it, but I doubt that's intended to be a feature...

Realistically your best bet is probably just to temporarily disable networking. This is really easy to do, and if you can add a script/syscall that just says:

killall nm-applet
sleep(3)

  then I doubt anyone will be looking up answers anywhere or communicating with other students via the internet. That's probably as locked down as you need, they'll still have their phones et al. most likely, so I wouldn't put more effort into it than that.

Webserver in the classroom (0)

Anonymous Coward | more than 2 years ago | (#38297180)

In my linux class the instructor had a openBSD class server in the room that hosted the labs and the homework as well as the testing system.

Among the many things that the system did for us, the testing taking system was all scripted server side and displayed to you through your browser. OpenSSL was installed and forced for the test taking system.

When he didnt want anybody to have internet access he simply unplugged the classroom from the outside world.

Now this is assuming that each workstation connects to a switch in the same classroom that can easily be "unplugged" from the outside.

The server did a lot of things. He even had a really neat system setup with CVS and TeX for note taking as he gave the lecture.
He had most of fthe important stuff all in the note file and as he got to each subject, he would un-comment the relevant text in the latex file.
On the client side there was a makefile for updating the cvs, compiling the changes and displaying them too you.
You could also add notes to your personal copy of the file and it would still update like normal.
Pretty cool if you ask me.

Make the test application enforce Kiosk mode (3, Insightful)

alsuren (947167) | more than 2 years ago | (#38297184)

I'd suggest having a whitelist of allowed process names that are allowed to be running during the test as that user. If any other programs are running when the program starts, it should not allow the test to be started until those programs are shut down (add a "kill all" button for newbie users). It should also have a watchdog that polls to make sure that the system is still clean. If it finds any unwanted programs, it should give the user 10 seconds to kill them or fail the test (or require a password to ignore this process). If you can do this in the same thread as the testing program, and in such a way that you can't just attach gdb and pause execution while you google the answers, you're onto a winner.

lll (0)

mrmeval (662166) | more than 2 years ago | (#38297186)

Can't change users
Can't change OS config

What douche nozzle thought this up?

In the bios turn off the internal drive. Configure a custom live CD, remove browser, ability to kill X, ability to go to a shell, etc. Have the application run under most minimal X, no window manager, nada and have it run the java application. Whomever writes the application shouldn't even have to stifle the window decorations as there should be none.

iptables apparmor (1)

drolli (522659) | more than 2 years ago | (#38297196)

Dont try to stay in one application and prevent access by this . Use iptables and apparmor to prevent everything you dont want the pupils to do. If they find a way to crash the app they are using, it will be no problem.

Don't block UI elements, block low-level access (1)

The MAZZTer (911996) | more than 2 years ago | (#38297240)

Don't try to block internet access at the local level, they'll work around it. At the firewall level whitelist specific sites and block everything else. Then even if they fire up a web browser it'll be useless.

And simply uninstall or use user permissions to block access to unwanted applications.

Re:Don't block UI elements, block low-level access (1)

The MAZZTer (911996) | more than 2 years ago | (#38297252)

Whoops, never mind.

Best to inform whoever gave you the restrictions that with those restrictions you would fully expect students to work around any solutions you put in place. The restrictions themselves will give the students loopholes.

Re:Don't block UI elements, block low-level access (1)

muphin (842524) | more than 2 years ago | (#38297522)

you need a tiered security structure.
disable UI elements
restrict permissions
internet through proxy
logging

Social Solution (5, Interesting)

RedLeg (22564) | more than 2 years ago | (#38297264)

No Technology required:

1. Announce anyone caught cheating WILL fail the course.

2. Post exactly ONE proctor at the rear of the room. His job is to catch the FIRST cheat.

3. The first cheat should be escorted from the room, and given the following choice: become the proctor and catch another cheat, or fail. If you catch a cheat, you may retake the test and the cheat becomes the proctor with the same choice.

Lather, Rinse, Repeat.

I recommend you film for future entertainment value.

Red

Re:Social Solution (1)

geekoid (135745) | more than 2 years ago | (#38297412)

that cost more money and time. It also relies on a person being able to detect any cheat.

Re:Social Solution (0)

Anonymous Coward | more than 2 years ago | (#38297566)

Actually it doesn't really rely on a person being able to detect any cheat, that is more of a orthogonal concern. The bigger issue is I don't see the lack of incentive for a proctor (except the first one) to find a cheater... This is problematic since it may be simple enough to frame or set up someone else for cheating. Furthermore, given that the proctor will fail if they don't find a cheater, she has NO incentive not to "find" another cheater.

Re:Social Solution (1)

elsurexiste (1758620) | more than 2 years ago | (#38297466)

This post is full of WIN!

Finally - PROFIT. (3, Insightful)

tomhudson (43916) | more than 2 years ago | (#38297590)

1. Take bribes from other students to be the first one to cheat.
2. Blatantly cheat and get caught.
3. Become the proctor, and ignore everyone now cheating.

Re:Finally - PROFIT. (1)

Ethanol-fueled (1125189) | more than 2 years ago | (#38297702)

Redleg implied that you have to catch somebody else or fail the course.

That had better be one big bribe to make it worth it.

Re:Finally - PROFIT. (1)

tomhudson (43916) | more than 2 years ago | (#38297784)

If it's more than the cost of re-taking the course, it's a win for sure ... :-)

Terrible idea (1)

syousef (465911) | more than 2 years ago | (#38297542)

Each person caught cheating would have incentive to dob someone else in whether or not they cheat. You would HAVE to tape it just to prove the person actually cheated. It would also be a huge distraction to have people pulled out of the test. If the lab is designed correctly, it should be trivial to make the Internet unreachable. If not, fix it and you're good to go for all future exams.

However all this is a waste of time - all you're testing here is memorisation skills. If that's what you need to test, fine. But otherwise design the test so the student only passes if they can actually apply the material. Then allow external references including the Internet.

Re:Social Solution (0)

Anonymous Coward | more than 2 years ago | (#38297548)

While an observer with the threat of failing the class and possibly expulsion (many colleges don't take kindly to cheating during testing), for those who are stupid enough to do it, alt tab can be really fast combine with the limited view sight of a proctor. Of course, since someone has to administor the instructions/exam, a proctor is an obvious thing, No need for students to take part in your scheme which can have issues...

That said, there are already better solutions posted ranging from live cds or the even simpler disconnect from internet (either physically or through their router settings).

Re:Social Solution (0)

Anonymous Coward | more than 2 years ago | (#38297700)

3. The first cheat should be escorted from the room, and given the following choice: become the proctor and catch another cheat, or fail. If you catch a cheat, you may retake the test and the cheat becomes the proctor with the same choice.

This is an awful idea. It amounts to blackmail. And it turns the students against each other.

KDE's Kiosk mode (2)

Krishnoid (984597) | more than 2 years ago | (#38297270)

KDE has had a kiosk mode [kde.org] for quite a while, leading me to believe it's quite mature by now. It even has a GUI setup tool.

LTSP (2)

drinkypoo (153816) | more than 2 years ago | (#38297288)

LTSP has support for some lockdown options, and Ubuntu has support for LTSP. It's meant for running classrooms. You can netboot the clients into LTSP when you want to do an exam, and they can run their own install the rest of the time.

Requirements... (0)

Anonymous Coward | more than 2 years ago | (#38297290)

are to restrictive. you cant achieve what you want so either change the requirements or accept the risk.

Re:Requirements... (1)

0123456 (636235) | more than 2 years ago | (#38297384)

Indeed. On my HTPC I have Xbmc running without a window manager, which doesn't allow you to run anything else and logs out if the program exits. But that requires some reconfiguration, and you'll still need to disable the virtual console features so they can't log in and start another X session.

You really can't expect to lock down a system that you can't reconfigure.

Fundamentally incompatible... (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#38297298)

"Lockdown" or "Kiosk" or any of the other terms are simply shorthand ways of referring to sets of system modifications. If you can't modify the OS configuration, or even create new limited users, about the worst you can do is have your application do something annoying like constantly re-grabbing focus if it detects that it has lost focus, or other horrid little WM-nuisance tricks...

You pretty much have two options:

1. Lean on/buy beer for/be real nice to/go over the heads of/whatever it takes the IT staff and get authorization to run your own OS image(liveCD, PXE boot). The desire to not have you breaking their image is fair; but if you need a kiosk, and can boot a kiosk without touching the disk(indeed, any good kiosk mode image wouldn't touch r/w storage) they can suck it up.

2. Assuming the Ubuntu is reasonably stock, it has a provision for the user to allow a VNC session to shadow their desktop. Tell the kiddies that this test is going to be proctored. Have each open a server with the password you give on the whiteboard or whatever before the test starts. Point vncrec [sodan.org] or vnc2flv at each VNC server. If the resultant footage shows cheating, garrote the offender with a mouse cord.

remove (1)

geekoid (135745) | more than 2 years ago | (#38297376)

the network drivers.
disable the network in the bios.
log everything moving through the network.

I mean, really.

Simpler (1)

marcosdumay (620877) | more than 2 years ago | (#38297626)

Remove the network cables, or remove access at the firewall.

That is the ONLY way to remove their internet access without changing the OS configuration that will work. By the way, have I said that it is a stupid requirement to change the way the OS works without changing the OS configuration?

Supervise them? (1)

hawguy (1600213) | more than 2 years ago | (#38297398)

If you're not going to supervise them, then it doesn't matter how tightly you lock down their computers since they'll just use google/IM from their phones instead.

If you're supervising them closely enough to know that they aren't typing on a phone on their lap, then you should be able to see if they are running a web browser.

Even if you lock it down... (0)

Anonymous Coward | more than 2 years ago | (#38297456)

With a smart phone, they can access the internet quite easily.

If you pull the ethernet cable and watch for phone use, you'll have effectively cut off the internet without having to change the machine config. Assuming these aren't on a wireless network.

Don't look at just the computer... (2)

Red Storm (4772) | more than 2 years ago | (#38297518)

If you're worried about a user jumping out of your app and then searching the Internet, and you're in a a testing setting, you should be looking at a wholistic approach.

Your students will break your application, it's only a matter of time. Use other approaches to make this a useless option.

1) Don't allow any Internet access from the network layer, at all, this includes DNS servers. Ideally your systems should be on a completely disconnected network, meaning there are absolutely no external network connections.

2) Use SELinux to lock down your system. SELinux uses a mandatory permissions model, meaning you *must* be granted permission to be able to do anything.

3) Lock down alternative means of cheating. Cell phones, paper notes and so forth.

4) Follow through with punishing cheating in an appropriate manner.

5) Listen to the feedback of your users (Instructors and Students). This may seem counter intuitive, but it can help you build a better system.

Setup A VM? (1)

casings (257363) | more than 2 years ago | (#38297574)

Why don't you setup a VM on each machine that is locked down?

Re:Setup A VM? (1)

hawguy (1600213) | more than 2 years ago | (#38297630)

Why don't you setup a VM on each machine that is locked down?

Even if the VM itself is perfectly locked down, what's to stop the test taker from escaping back to the host operating system and running a browser there?

Damn newbies and your window managers (0)

Anonymous Coward | more than 2 years ago | (#38297602)

You don't need a window manager to run X applications. Start your app from the command line and their will be no messy GUI to lock down.

Just run the app as the window manager. (0)

Anonymous Coward | more than 2 years ago | (#38297656)

If this is the only app you need to run on the machine, just create a user that is defaulting to the testing app as window manager.

Just don't allow the user to start a new graphic session by hitting ctrl-shift-f* keys.

Remove the keyboard (1)

Richard_J_N (631241) | more than 2 years ago | (#38297676)

Fundamentally, you're trying for the impossible: you are trying to use the app to control the window manager.
This is a bit like google trying to stop you closing a browser window!

BUT: If your test happens to be multiple-choice, you could consider making the app run full-screen maximised (windowless), and then unplugging the keyboard. That would work.

[My dept has some computer systems designed for tracking who is present in the buidling; they solve the lockdown problem with a special keyboard that has only alphanumeric keys - if you physically remove the Ctrl, Alt, Esc, Fx, etc keys you can reasonably make this work!]

An alternative would be to temporarily make the system run just a single X application. If you were to change the first line of the file "/etc/X11/Xsession" to be "exec your-java-app", then you'd get a single-window desktop that runs without a window manager.

Re:Remove the keyboard (2)

Richard_J_N (631241) | more than 2 years ago | (#38297814)

Actually, an easier way to fix this (that will go away on reboot) is:
1. Student logs in as normal, opens the test app.
2. You SSH in and kill -9 the window-manager.
3. Result: your test app is running full-screen, and there is no way to exit.

To restart the WM, you would need a shell, or Alt-F2 [and the latter is usually a feature of the WM]. There is a neater way to make this all happen if you write a shell-script. Create a desktop startup script that does something like:
    #!/bin/bash
    killall -9 gnome-panel
    killall -9 metacity
    while : ; do java-test-app; done

Then shut down the machine afterwards using Alt-SysRQ-{R,S,E,I,U,B}

idea? (0)

Anonymous Coward | more than 2 years ago | (#38297694)

This would work on windows, dissable all systemkeys and make the program start in fullscreen mode.
http://www.codeproject.com/KB/winsdk/AntonioWinLock.aspx

I did'nt find anything similar for ubuntu, but there should be I guess.

Good luck!

ohh and: java to nativ calls are easy with JNA

turn the problem upside down (3, Insightful)

Cobble (1116971) | more than 2 years ago | (#38297706)

You're looking for a technological solution to a pedagogical problem. Redesign the questions and let them have all the Internet access they want.

Drivers Ed... (1)

SuperCharlie (1068072) | more than 2 years ago | (#38297714)

I had to take a drivers ed course a while back.. I decided to do it online.. what they did that worked pretty well.. they allowed 3 warnings..warnings went off when the window lost focus and between that and random questions like what was the color of the car in the last section(another warning) they pretty much locked down the test.

You could maximize the window and tell them if they lose focus on the window (do anything else, open any other programs, surf the web, etc..) they fail the test. Have the app close the window when it loses focus or lock the app with a big message which has to be test-admin reset.

keep track of window size(full screen) and foregnd (1)

Locutus (9039) | more than 2 years ago | (#38297746)

keep track of the window and the time and tell the students it's being tracked. If they switch tasks or change the windows size during the test at any time, it will be logged and they'll lose 10% for each minute of the infraction.

Another option is to disable the network(ipdown?) for the duration of the test and test for it during the exam. if it comes up at any time, shut it down and log it and the processes running to see if a browser or some user action caused it.

LoB

WTF? Isn't this super easy in Linux? (0)

Qbertino (265505) | more than 2 years ago | (#38297830)

I don't get it. Isn't this super easy in linux? Or am I missing something?

Aside from Kiosk solutions in various FOSS Desktop and Windowing systems, why don't you just set up a runlevel that has some super-simple Xorg setup that launches with a minimalist window manager (all options disabled, hideously reconfigured or - if all else fails - overridden in the sourcecode and recompiled) and your desired app.

Switch to that runlevel, log off, and your set. It's that simple. ... Disable eth devices in said runlevel and such if you're super paranoid and want to be extra sure.
This all works in Ubuntu just as in any other distro.

Am I - 13 year long Linux user - missing something here, or isn't it that simple? ... I'm kinda weary, since no one else yet offered that sort of answer.
Please enlighten me if I'm mistaken.

My 2 cents.

Re:WTF? Isn't this super easy in Linux? (2)

hawguy (1600213) | more than 2 years ago | (#38297928)

Am I - 13 year long Linux user - missing something here, or isn't it that simple? ... I'm kinda weary, since no one else yet offered that sort of answer.
Please enlighten me if I'm mistaken.

The only thing you're missing is the submitter's requirements:

These computers are used by the students for other purposes and we're not allowed to create special users or change the OS configuration.

It's also likely that the submitter is not technically savvy enough to configure or alter the source code of his Window Manager enough to lock it down securely.

Put them in a Faraday Cage (0)

Anonymous Coward | more than 2 years ago | (#38297834)

Put them in a Faraday Cage !

Good option: Fluxbox + browser 'lock-down' (2)

B5_geek (638928) | more than 2 years ago | (#38297932)

0) install Fluxbox
1) edit the keys file and remove the right-click option (disable the other hotkeys too)
2) have firefox set to launch at startup
3) use the firefox addon 'Kiosk mode' and edit settings

That should protect you against most undesired activity.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?