Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!vax5!fqoj
From: fqoj@vax5.CIT.CORNELL.EDU
Newsgroups: comp.sys.next
Subject: Re: Diskless NeXT's??
Message-ID: <19387@vax5.CIT.CORNELL.EDU>
Date: 16 Aug 89 23:50:32 GMT
References: <192101@<1989Aug8> <245300019@uxe.cso.uiuc.edu>
Sender: news@vax5.CIT.CORNELL.EDU
Reply-To: fqoj@vax5.cit.cornell.edu (Roger B. Jagoda)
Organization: Cornell Information Technologies, Ithaca NY
Lines: 69
In article J Greely writes:
>In article <245300019@uxe.cso.uiuc.edu> mcdonald@uxe.cso.uiuc.edu writes:
>>I don't understand this. I get my NeXt in a box. I take it out and
>>plug it in. I install the operating system, making myself root. What
>>do you want to prohibit me from doing?
>
>Nothing. The current discussion has absolutely nothing to do with
>personal machines. We're talking about university lab environments.
>I don't much care what you do with your NeXT, but when you use *mine*
>(translation: department facility), you will not be permitted to boot
>the machine from your own disk. Period. If you have a carefully
>customized environment on your OD, that's too bad. $10 says you're
>not using my sendmail.cf, uid assignment scheme, subnet mask, YP
>domain, NFS mounts, network routing, /bin/mail, /etc/rc, etc.
>
>-=-
I guess I don't understand all the furor here. J. Greely is
right on the mark when he says your machine is your own. On
"our" network, as long as that little black wire is attached,
you belong to us and are bound by our rules. But I think we
can make things as "secure" as they're going to be with the following:
The cubes boot diskless of a server (I think that's a given here).
The student buys a BLANK OD from the Campus Store for REAL cheap.
Say $10 (not too bad for 256 MB, we want them to buy it, remember?)
Now SUPPOSE the hacker supreme figures out all the stuff he needs
to get from the server, and, BTW, I hide all the juicy stuff like
rc, rc.boot, hostconfig, etc. Now suppose he figures out the REAL
root password to enable him to use netinfo over its security. Now
suppose he (I use "he" here because he/she is tougher to type, no
implications necessarily infered or implied) suppose he can also
get to the proper gateway IPs and nameserver hosts (yep, you guessed
it, I hide the full host-table elsewhere, users see a REAL limited
local listing, and the gateway IPs are no where to be seen). Well
fellow administrators, if they can do this, then, really, is there
anything you can do without living in the facility and installing
cameras everywhere. The kiddies will have 256 MB of portable data!
That should take the average CS student through four years PLUS some!
If they want to offload Apps, fine. If they want to caoy 'em to
/u/, fine...1.0 should (it better!) have quotas supported, they'll
learn the hard way.
The other concept is to say, to heck with it. No NET! You only really
need it for printing, and the kids can walk a disk over if they need
to (I think I spent too many years running PC/MAC facilities!). Now
what about faculty/student mail. Well, folkes, that's why we have
departmental mailboxes. I know, sounds like a return to the old days.
Look, all I'm saying (the VERBOSE BIT is ON!!!) is that Steve RAISED
the lowest common denominator a ton with portable 256 MB media. Most
have praised this (me too!) some have problems with it. Security will
ALWAYS be a #@$% pain if the machine is sitting in front of the user.
The ROMs will help a little, but as someone mentioned already,
most University kids are fairly normal and well socialized. I have a
facility with 32 NeXTen (like Vaxen?...just a thought) all networked
to our Engineering Quad Ethernet and I sleep well! And this campus
spawned Morris!
Thanks for listening:
Roger Jagoda
FQOJ@CORNELLA
FQOJ@CORNELLA.CIT.CORNELL.EDU
RULES OF MEDICAL SCHOOL:
Air goes in and out...
Blood goes round and round...
Oxygen is good!