Webcams Activated by School on Student Macs

[Hal Itosis]

Quote: Originally Posted by tlarkin However, the XML file in question you are talking about is huge and XML to a computer novice is quite overwhelming and seems very convoluted.

Huge? No softballs please.
Mine is 697 bytes. If theirs is over 1K, i owe you a beer.
[i mean file size, not disk usage (which is likely 4Kb).]

Quote: Originally Posted by tlarkin So every time you need to replace a stick of RAM, you gotta replace a whole logic board?

"Every time", yes. Or, whip out the solder sucker. [i used to be a repair techie three score back.] But - - - replacing RAM shouldn't be needed very often. It used to be that Apple supplied the base RAM soldered in anyway... and the slots provided were just for expansion. (if need be, those sockets could be removed or their power pin pulled out... or one millimeter of the printed circuit path to that power pin etched out with an x-acto... tons of possibilities).

Okay, i'm done with this tangent. Peace out.

[tlarkin]

Sorry, I mean huge with needless lines of code. How many <divs> do you need in one xml file? I mean I get the point of dividing it out that way but trying to edit one from the command line has always given me a bit of a head ache.

[acme.mail.order]

admin.plist is small on personal-use machines, I imagine in an enterprise setting it will be... larger.

You won't be happy using solder sucker on SOIP ram chips, and it's nearly impossible to get a ball-grid package on or off the board without a reflow machine, at least not in reasonable repair shop time.

[Hal Itosis]

Quote: Originally Posted by acme.mail.order admin.plist is small on personal-use machines, I imagine in an enterprise setting it will be... larger.

I agree, it will be... larger.

My beer still says it's less than 1K.

Quote: Originally Posted by tlarkin Sorry, I mean huge with needless lines of code. How many <divs> do you need in one xml file?

Sorry, i have not a single "<divs>" in mine. Are we talking about the same thing here? Perhaps Snow Leopard has added stuff. Your students get Snow Leopard? Cool.

Let's go by lines then...
1 admin user = 35 lines (human + root)
2 admin users = 36 lines
3 admin users = 37 lines

With 15 admin users we're talking maybe 50 lines of code arrays, keys and strings in a text file.

[ArcticStones]

.
Uhm, methinks we have wandered off on a rather specialised tangent here.

May I humbly suggest that we put the soldering iron, replacement RAM and admittedly beautiful luminous keyboard aside and retreat from the bits and bytes and plists and xml files?
.

[acme.mail.order]

Ok, no more soldering iron - there's been enough "heated discussion" already.

[Jasen]

Quote: Originally Posted by tlarkin Jasen, we also do not allow any non district computers on our network.

There is a bit of difference between simply not allowing rogue computers on the network vs. physically confiscating them.

[NovaScotian]

Quote: Originally Posted by acme.mail.order So your school network is basically open and you restrict what the students can access on the machine itself? The University here allows access by ethernet address only - you take your device to the IT department and fill out some paperwork. This, interestingly, produced the following conversation: "Bring in your laptop and show us you have the latest anti-virus software." "It's a Mac." "Oh. No problem then."

In the university from which I retired, admission to the network was by MAC Address.

[Jasen]

I'm back at college for a second degree now, and they've done it pretty smart I think. There's two wireless networks, one that's firewalled to the point of allowing nothing but web or smtp traffic that anyone can access (still requires a valid domain login), and the other allows full access to any port after you let it scan your computer to ensure you have A/V installed and updated.

[Jay Carr]

Quote: Originally Posted by Jasen I'm back at college for a second degree now, and they've done it pretty smart I think. There's two wireless networks, one that's firewalled to the point of allowing nothing but web or smtp traffic that anyone can access (still requires a valid domain login), and the other allows full access to any port after you let it scan your computer to ensure you have A/V installed and updated.

How does that work for Macs?

[NovaScotian]

Quote: Originally Posted by Jay Carr How does that work for Macs?

My guess is that it doesn't check Macs, it just passes them.

[Jasen]

Quote: Originally Posted by Jay Carr How does that work for Macs?

It works for OS X and Linux as well as Windows. I forget the name of the software now, but it determines what OS you have and loads the appropriate client-side applet to check your system.

[tlarkin]

Quote: Originally Posted by Jasen It works for OS X and Linux as well as Windows. I forget the name of the software now, but it determines what OS you have and loads the appropriate client-side applet to check your system.

It is most likely a java applet since java runs on every platform.

Now, I got a chance to read their their AUP and student EULA found here:

http://www.lmsd.org/sections/laptops...p=laptops_docs

From the student access form:

Quote: 4. Network security is designed to allow access to certain areas only by designated users; however, the network administrator may review files and communications to maintain system integrity and ensure that students are using the system responsibly. and 5. Users should not expect that files stored on District resources will be private.

From their AUP:

Quote: 4. Email: Currently district email accounts are not provided to students. If accounts are provided in the future, students should know that email is not guaranteed to be private. The Technology Coordinator has access to all mail. Messages relating to or in support of illegal activities will be reported to authorities.

This only specifically mentions email and privacy. So, it seems that they never did come out and clearly state intentions of using theft tracking software or issue any statements about privacy, with the exception that all users should assume that any data on school owned computers is not private.

This is worded very poorly.

[NovaScotian]

So they were taking the wildly over-broad view that what the camera saw was "data on school owned computers". That still leaves the act of turning on the camera remotely, of course.

[tlarkin]

Quote: Originally Posted by NovaScotian So they were taking the wildly over-broad view that what the camera saw was "data on school owned computers". That still leaves the act of turning on the camera remotely, of course.

It is worded very poorly. They should fire the lawyer that wrote that, since most schools hire a lawyer to write up such "legal binding" documents. Since minors cannot sign or agree to any contract their parents actually have to sign and agree to it.

There is a problem though with people, as they inherently do not read the contracts they sign. I read every word of every sentence of every piece of paper I sign.

[NovaScotian]

When I ran my own consulting business years ago, I used a lawyer whose job was really simple and she was great at it: 1) Translate the document into English, and 2) warn me of pitfalls. Worked for years. Given that lawyers tend to write mind-numbing contracts, you can see why parents don't read them; there's a trust factor believing that the school system won't screw their kids, and there's the greed factor -- he/she'll get a "free" computer. Sign here....

[acme.mail.order]

This surfaced in the general internet flotsam:

[tlarkin]

Someone who writes for a Philly newspaper found this site and contacted me and wants to interview me about my job and the ins and outs of school IT. However, I think I am going to decline as I don't think I should be making any statements to the press period. I think with this whole thing blowing up and the media possibly blowing it up and out of proportion, I am not sure if I want my name tied to it anywhere.

There are articles that say the kids over at that school system were trying to 'jail-break' their macbooks. I don't think Jail-break is the proper term. If they used built in OS tools to reset passwords, how is that jail-breaking? That is using built in tools to reset a machine to defaults. If they boot into single user mode and use a few different methods to create a local account, or say even wipe out the Mac and load their own clean retail version of the OS on there, they are still using built in tools that Apple provides to accomplish this.

I also want to point out that no laptop, no matter who makes it, really has anything bullet proof if someone has physical access to your computer, short of encrypting your whole hard drive.

[aehurst]

Quote: Originally Posted by tlarkin Someone who writes for a Philly newspaper found this site and contacted me and wants to interview me about my job and the ins and outs of school IT. However, I think I am going to decline as I don't think I should be making any statements to the press period. I think with this whole thing blowing up and the media possibly blowing it up and out of proportion, I am not sure if I want my name tied to it anywhere.

Good call. No way you want your employer's name mentioned within 100 feet of a student privacy issue too technical for the general public to understand.... even in the unlikely event that the reporter got it right.

Quote: There are articles that say the kids over at that school system were trying to 'jail-break' their macbooks. I don't think Jail-break is the proper term. If they used built in OS tools to reset passwords, how is that jail-breaking? That is using built in tools to reset a machine to defaults. If they boot into single user mode and use a few different methods to create a local account, or say even wipe out the Mac and load their own clean retail version of the OS on there, they are still using built in tools that Apple provides to accomplish this.

Again, a distinction that would be lost to the general public scanning an article over morning coffee and in a hurry to get to work. No matter how the reporter spins it, the message that gets through will be that "laptops (all computers) just aren"t secure and are frequently used for spying in your bedroom."

[tlarkin]

What is funny, is I don't think security experts can even agree on what happened and what is considered good and bad practices with security. Stryde's blog calls LANrev a Trojan, and while I am probably not as smart as Stryde when it comes to security, but I would hardly call the LANrev agent a Trojan. It is an enterprise power tool, designed to do many tasks, which one of the tasks is, asset tracking and theft recovery.