You can disable the ability to boot from a CD with Open Firmware Password.

No, I don't. Sorry you couldn't understand what I really meant with that sentence.

No debating here, I feel great respect for the father and son problems, just wanted to help from another point of view, that's all.

And for answering his question, I think he already got several good suggestions on how to do it in the posts at MacNN and here on this thread, including quite a good suggestion by yourself.

Oh no I did understand. My point was that most people don't know any theives, or inmates for that matter, so it's not a very solid argument to say "do you know many thieves who got reformed because they went to jail." The answer is almost invariably "no" but *not* because jail didn't work, but because they just don't know any thieves!

Uh oh..... I just realized I'm arguing with the moderator! Forget everything I just said... and pleaaaaseeee don't ban me!! :)

Looks like I missed a good debate last night - maybe we should add a Family Counselling section. If the son comes here next month and asks for help removing spyware I wonder If there will be the same amount of discussion about wether that's a good idea or not.
<end of sarcasm>
Mr. Rjc came to us for help of a computational nature - he's already been through the moralizing and doesn't need his family's issues publically flogged again.

The last post by Mr. Rjc requested help with the cron command. You don't say how unix-fluent you are, so let's start with the basics.

Cron by itself will run a single command, or a script, at the specified time. You will have a problem with the internet connection here, unless you set cron to run frequently. (say, top of every hour). To move a file from a local machine to a known remote machine with ftp my personal favourite is curl.
So: create the cron entry to run a command every hour
-------------code----------------------
]$ su
]# crontab -e
i
0 /1 * * * /path/to/script
<esc>:wq
--------------/code---------------------

next, save this script somewhere in protected space, and make it executable with chmod +x filename)

-------------code----------------------
#!/bin/sh
curl -s -T /path/to/logs -u username -ppassword --url www.website.com/folder/file
--------------/code---------------------


Cron requires that you have an ftp server in a known location. Sign up for some free webhosting somewhere. If the computer is not connected when the script runs curl will fail silently until the next time.

Using sendmail will be a bit more complicated, as you will have to configure sendmail properly and activate it in the startup configuration. Write back if you prefer this route.


Since the issue of local monitoring seems to be well answered both here and elsewhere I will add one suggestion that seems to have been largely ignored. As it has been well-established that a non-secret logging system is easy to bypass, and your issue seems to be one of honesty-checking rather than true monitoring, perhaps you should ask the ISP in the school's area to send you copies of the connection logs. Since I presume you are paying this should not be a problem if you explain the reasons to the company's security manager. The ISP's logs can be compared to the machine's local records to see if everything is in order (or not). If they give you grief you could go back to the judge for an order. The ISP is also able to record every packet in and out to a connection, but they will probably need an official boot in to rear to do this.

If the school ever gets broadband access consider using OSXVnc, available from www.redstonesoftware.com/osxvnc
It's started from a ssh session and runs entirely in the background. Gives you a complete view of the desktop in real time. I use it to remote administer a friends' Mac in Canada from my home in Japan. But it's too bandwidth-intensive to use on a dial-up.

Of course point taken, I stand corrected, perhaps I should have expressed myself better, maybe by saying something like... "I believe that jail, most of the time, doesn't reform criminals".

EatingPie, for me, we are just having a conversation, no arguing here. Everybody is allowed to share their point of view in these forums as long as it is done in a respectful and civilized manner. :)

I like acme.mail.order's suggestion of Persuing the ISP for logs
 

RE: I like acme.mail.order's suggestion of Persuing the ISP for logs

There seems to be a certain elegance to it.
Now of course anything can be circumvented.... e.g. A different ISP, Internet Cafe, etc. However, this is no worse then reinstalling the OS cracking a Logger etc.
The only down side is that "rjc3/Evil Dad" might be uncomfortable Approaching the ISP.
---------------------------------------------------------

I have a silly ? Did the judge really intend for you to make this specefic HUGE effort, rather then just having HEART TO HEART conversations on a regular basis? You need not answer. Just think about what I and others wrote e.g., below.

It seems that those that are misguided can be guided, and those that are so troubled that they are self destructive will find a way to do so in spite of and or because of the measures we are discussing.

Finally, counceling is probably somthing worth considering perhaps for one or both parties.
There may also be suggested courses of Action by the court or professionals (in situations like these). I would not dismiss them.

Good Luck.

I think the ISP logs are a good way to go. But do you pay the ISP or is it your son's name on the account? In the first case the logs are yours. The latter case could be more difficult. However, if i understand correctly, should the court order you to do something it is also obligated to be sure the is some way for you to accomplish that order. The logs are arguably necessary. Ergo, a court order should be a foregone conclusion.

ISPs have to Comply with this stuff all the time for Police and court cases
 

ISPs have to Comply with this stuff all the time for Police and Court cases...

Not sure how it works proactively. Certainly a court order works 100%. Court could advice on methodology or form that had to be filled out.

I would approach the ISP first anyway. Probably easier to get on the Phone...

commercial apps for this
 

I have TypeRecorder on my computer (Jaguar) and the company sent notice that it is working on a version for Panther but also mentioned products (see below) that might do exactly what you want since they are designed for remote viewing of the type you require. I use TypeRecorder in case I ever trash a letter or an email and then realize the next day that I want to send a portion of it to someone else.

Spector 3.0 for OS X, and ViewRemote 2.16 for OS X.
Spector (see www.spectorsoft.com) record everything that happens on your computer---in addition to keystrokes it also records screenshots,
so you can watch your computer like a movie.
ViewRemote has all the features of TypeRecorder but allows you to view logs from ANYWHERE in the world---it records everything that happens on your
computer, like TypeRecorder, and securely sends it to a server. See www.viewremote.com.

Interesting and Spooky software IMHO
 

Spectre Requires: Approximately 80MB of disk space for a typical day of recording

I suppose there are options to turn off the screen shots to save space for Dial Up?

logging space and fraud security
 

a way to get it all done quite smooth is to have the cronjob running which additionally will compress (unix compress should be fine) the file and also run via the script a file encrypter. if you need more help on this let me know.

Hello,

Well here's how I would go about it. First get a keylogging software:

<http://www.macupdate.com/search.php?...x=0&button.y=0>

This one has the best reviews:

<http://www.macupdate.com/info.php/id/12000>

I'd configure that one to only take pictures of the screen if certain important keywords came up or the files could end up being too large.

Anyway, I'd first install anacron with fink, that way the cron would get run even if the computer is asleep at the time, then I'd write up a daily.local and put it in /etc.

The other thing I'm doing in the script is talking smtp manually, the reason for this is that to run the mail command I think you need to have sendmail or postfix running, which I think complicates things a bit. Anyway, the script uses telnet.

/etc/daily.local

And that should work well. Unfortunately when testing it doesn't work as advertised, yet I'm not sure why. If I telnet to port 25 or my mailserver and paste in the ${mail} file generated it works perfectly, but if I use:

telnet mail.example.com 25 < ${mail}

It doesn't work and my mailserver complains that: "did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA"

Can someone clear up why?


v

why telnet 25
 

if you are already yusing telnet why not do a rcp ? this way you can use the standard ports and no playing with a mail server ?!

Because then he needs to set up either a static IP, or get dyndns.org set up. Additionally he has to enable telnet on his box, which is (I think) a security risk as telnet transmits passwords in clear text. If we were to do that, then I guess we'd have to set it up with ssh and a key, use scp.

By emulating a mailserver I thought it'd be the easiest way. And again, the message generated actually works when copied and pasted, it doesn't work when using redirects. I think maybe redirects aren't doing what I think they should be doing.

Reading through the telnet manual I can't find anything that would work, thought of trying .telnetrc: "Lines that begin without white space are the start of a machine entry" but that didn't work.

Maybe it'd be better if instead of using telnet I use netcat.