Tonight I was trying to install an application in Wine that required Gecko in order to complete the setup process.  I received a popup asking me if I wanted to install Gecko, and clicked Yes.  After a moment, the dialog simply disappeared, not having completed the Gecko installation.  Okay, fine.  I’ll install it using winetricks.

# jeff@js3:~> winetricks gecko
Executing wget -nd -c --read-timeout=300 --retry-connrefused --header Accept-Encoding: gzip,deflate http://source.winehq.org/winegecko.php?v=0.9.1
--2009-06-21 02:12:33--  http://source.winehq.org/winegecko.php?v=0.9.1
Resolving source.winehq.org... 209.46.25.134
Connecting to source.winehq.org|209.46.25.134|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://heanet.dl.sourceforge.net/sourceforge/wine/wine_gecko-0.9.1.cab [following]
--2009-06-21 02:12:34--  http://heanet.dl.sourceforge.net/sourceforge/wine/wine_gecko-0.9.1.cab
Resolving heanet.dl.sourceforge.net... 193.1.193.66, 2001:770:18:aa40::c101:c142
Connecting to heanet.dl.sourceforge.net|193.1.193.66|:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.
 
--2009-06-21 02:12:35--  (try: 2)  http://heanet.dl.sourceforge.net/sourceforge/wine/wine_gecko-0.9.1.cab
Connecting to heanet.dl.sourceforge.net|193.1.193.66|:80... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

You get the idea. On and on it went, trying each mirror and failing on each one. Alright, that’s weird. But fine, I’ll download it from SourceForge. Unfortunately, no matter which mirror I selected, Firefox kept returning “Connection interrupted.”

After a bit of Googling, it was suggested that it may be a router problem. I run dd-wrt on my router, so I logged in and checked my security settings. Sure enough, I saw that ActiveX was being filtered as shown below:

dd-wrt - Filter ActiveX

I unchecked Filter ActiveX, clicked Apply Settings, and voilà — suddenly I could download cab files again.

Just a note for anyone who might also be running dd-wrt and might experience the same problems installing Gecko for Wine.

Well, I officially have a degree.  I lost a few days of productivity last week due to graduation and associated celebrations, but things are progressing with the YaST Education module.

First, the Access Time Restrictions and Firewall screens are now complete.  See the screenshots below:

YaST Education Module - Edit Access Time Restrictions

YaST Education Module - Firewall Configuration

The module configuration is now fully persisted to disk and reads back in nicely. At the end of this weekend, I will have the module actually creating users and groups on the system. Next week, I’ll be working solely on getting the module to fully configure Dansguardian to enable web filtering on the system. Thus, it’s all about the back end of things right now.

I should mention that one individual on the Education mailing list questioned why the module creates users/groups when we already have a YaST module to do that (namely, the Users module). There are several reasons for that.

First, this module works only with system groups that are defined (in its configuration file) to be education groups. The same goes for education users. Remember: this module is all about simplicity and ease of use. The target audience consists of parents and teachers who may not necessarily have even a moderate level of technical knowledge. Thus, for them to see system groups such as bin, daemon, or dialout could be confusing. The intent here is to allow them to quickly create groups for their students/children. For instance, a teacher might want to create a grade6 education group for his class, and create accounts for the students in the class.

Another motivation for creating groups/users in the module is that there were a number of requirements for the module that are simply not covered in the YaST Users module. For instance, one individual on the Education mailing list suggested that, as a school administrator, the ability to batch import groups and users from comma-separated value (CSV) files was important to him. The YaST Education module facilitates this. Similarly, it was requested that the module allow Sabayon and KDE Kiosk Tool profiles to be associated with groups to allow appropriate per-group lock-down of the system. Once again, the YaST Users module does not allow this.

Of course, editing users and groups is just one small part of this module, and I should mention that its editing capability for users and groups is much more limited than the Users module — just the bare minimum to ensure simplicity. More advanced needs, such as editing GID’s and UID’s, requires use of the Users module. In any event, the real power of the Education module comes after education groups and users have been created. Once this is done, the parent/teacher can filter web content at a per-group level, specifying sites to whitelist and blacklist, and keywords and file extensions to block. Furthermore, access time restrictions for the system can once again be specified at a per-group level, allowing parents the ability to enforce bed times. Basic firewall settings can also be tailored to each group, ensuring that students/children can only make use of protocols that the parent/teacher wants them to be using.

So, is there a bit of redundancy in the Education module? Of course. But the idea is to bring together a number of features — some of which exist in other modules, and some for which no module currently exists — into one place to allow for easy, intuitive configuration of the system by users whose technical knowledge is limited.

More updates to come soon.

The YaST Education module is coming along nicely. I had to fight the YaST Python bindings a bit at first (thus the reason for no update in week 1), but now that I have things figured out, everything seems to be going relatively smoothly. On a side note, based on my experiences from the past two weeks of development, I plan to vastly improve the documentation on the Python bindings once this project is over.  Somebody hold me to that.

Okay — less chatter, more screenshots. The following are a few highlights from the module. In the first screenshot, we see web filtering settings being edited for a specific education group. Filtering will be done at a per-group level using Dansguardian / Squidguard and administrators can customize the filtering as they desire, or can select from filter presets.

YaST Education Module - Web Filtering

School administrators will appreciate the ability to import education groups and users from comma-separated value (CSV) files. Have 1000 student accounts to create? No problem. Pop them in a CSV file, and let the Education module take it from there.

Import Users

View all initial screenshots of the module on Flickr

The following is a run down of the current screens in the module. It’s probably better just to go through the Flickr photo stream to get a feel for the module, but feel free to skim if you like.

Intended Usage [screenshot]

In the first screen, the user selects whether the system will be a desktop system or school server. I am reserving the addition of school server functionality until after all desktop functionality is done, so the rest of the screens in the photo stream assume that the user has selected a desktop system.

Target Age Groups [screenshot]

The two options specified here correspond to software patterns that currently exist on the Education CD for children and teenagers, respectively. Checking one or both of the boxes here controls what software patterns are installed by the module, ensuring that the appropriate software gets installed for the age group to be using the system.

Education Groups [screenshot]

Just as regular system users are assigned to groups, so too are education users assigned to education groups. For instance, we might create a grade6 group for our Grade 6 class. We can then assign web filtering, access time restrictions, and firewall restrictions on a per-group basis to ensure that each user of a system can view only age-appropriate material and use the system as intended. One nice feature is that both education groups and users can be imported from CSV files to allow fast and easy batch creation of groups/users.

Education Users [screenshot]

Once one or more education groups have been created, one can create user accounts for the students/children that will be using the system. As noted in the last section, users can be batch imported from CSV files.

Web Filtering [screenshot]

Web content filtering can be configured at a per-group level. The module will install and configure Dansguardian / Squidguard to keep children safe.  Administrators can choose from filter presets to save time, or can customize banned content to their needs.  URL’s, IP addresses, and entire domains can be whitelisted or blacklisted, and bans can be placed on specific keywords/phrases as well as file extensions.

Access Time Restrictions [screenshot]   * Work In Progress

Administrators will be able to specify login/logoff times at a per-group level.  This will help parents enforce bedtimes and keep kids from overusing the computer.  If a restricted user runs GNOME or KDE (or a console session), the user will receive an on-screen warning a few minutes before being logged off.

Firewall [screenshot]   * Work In Progress

Administrators will also be able to specify basic firewall configuration at a per-group level.  This will be done in the form of choosing protocols to block from a pre-defined list.  As the module is not designed to replace the YaST firewall module, no further advanced configuration will be done by the Education module.  I am still looking into how to implement firewall settings at a per-group level without directly using iptables.

Tomorrow is May 23, marking the official start of coding for Google Summer of Code students.

For the past month, I have been poring over documentation, refreshing my YaST development skills, talking with community members, and making plans for the YaST Education module that I am developing this summer for the openSUSE Education CD.

As a refresher to those who might not be familiar with it, the Education module is designed to allow parents and teachers to easily configure and lock down their openSUSE systems. Parents/teachers will be able to create groups of students and specify restrictions at a per-group level such as:

• Applications that can be executed
• Level of web filtering applied
• Protocols to block
• Hours during which the system can be used

Additionally, parents/teachers will be able to choose the age groups that will be using the system, and the module will automatically install the Education CD software patterns that correspond with the groups selected. The idea here is to maximize user-friendliness and intuitiveness, while maintaining a sufficient balance of flexibility and power. Users of the module may not necessarily be technically advanced, so it has to be kept usable and simple. As I have learned from my research and from talking to members of the community, teachers are increasingly being left to administer their own classroom systems due to cutbacks in our failing economy. As such, this module aims to address the challenges that they may face by providing a solution that allows them to keep their students protected while minimizing their learning curve and potential confusion.

Should time allow at the end of the summer, I will expand the module to allow the setup of both desktop systems (for students/children) as well as school servers, where selecting the latter option would allow one to easily install and configure packages such as openSIS, openBiblio, and so on.

The requirements I have come up with can be seen on the wiki. Please feel free to send me any suggestions or concerns you might have (preferably to the education mailing list, so that all can join in on the discussion).

Happy coding to all fellow students.

Yesterday, I emailed two members of the openSUSE community (J. Daniel Schmidt and Jan Weber) who initially started the YaST Education Module that I am implementing/finishing as part of my Summer of Code project. I wanted to ask them about their original vision for the project so that I can take that into account while I am planning my work for the summer.

I was expecting to be met with grumpy replies from programmers annoyed at having to bother with a “newbie” in the openSUSE community. Instead, I received back two emails that were both enthusiastic that I was taking on the project. Both offered very helpful, detailed information about their original plans for the project, and both offered to answer any questions I had.

That made me reflect for a moment on my experiences in the (closed source) workforce versus those in the open source community. In most settings, when you “take over” a project, you meet resistance from those who have worked on it previously. People get their backs up, feeling as though you are stepping on their toes. Of course, I am not under the illusion that the open source community is one big utopia where everyone happily hands over their projects to whomever wants to continue them. However, it certainly struck me that these replies that I received were illustrative of a working, functional open source community — the end goal is to improve the product, and if one person doesn’t have time to continue working on a particular piece, then maybe someone else can. No territorial markings or egotism. Just one common goal to get it done.

So thanks to both Daniel and Jan (and my mentor, Marek Stopka, of course!) for a good initial experience in the openSUSE community! I look forward to making many future contributions.

We’ve been asked to start blogging as participants in the Google Summer of Code 2009, so this marks my first GSoC post. As you may have guessed, my name is Jeff Shantz and I recently finished my Honor’s Bachelor of Science in Computer Science at The University of Western Ontario in London, Ontario, Canada.  Not content to leave school just yet, I will be starting my Master’s in Computer Science at Western soon.

Naturally, I’m honoured to have been selected as a participant in the Summer of Code 2009, and I am particularly elated that I get a chance to give back to the openSUSE project.  I’ve been an openSUSE user for several years now, so it’s nice to be able to make a contribution to a project that I care about.

My project involves the development of a YaST module to help parents and teachers to lock down systems and assign different sets of permissions to different groups of children/students.   My Summer of Code mentor is Marek Stopka, a veteran openSUSE contributor.  The project was initially conceived by J. Daniel Schmidt who designed an initial GUI for the module several years ago, as detailed here. The idea is to have the module allow a teacher, for instance, to setup various groups such as grade6, grade7, and so on. The teacher can then associate users on the system (corresponding to his/her students) with the groups created, and assign different sets of rights to each group. For example, we might want to forbid the grade6 group from visiting any web sites that have objectionable content. However, perhaps the grade7 students are taking a health class that has a sexual education component, and they need to be able to access certain web sites pertinent to their class for a research project they are doing.  This is just one scenario that the module I am developing will help to allow.  One side benefit of this project is that a second YaST module will likely also be developed to help configure a filter such as Dansguardian or Squidguard.

In addition to web content filtering, the module will allow firewall settings to be specified for each group.  This would allow applications such as chat prorams to be blocked for most students, but perhaps allowed for a group of students participating in a “pen pal” program with students abroad.   If time allows, I could get really fancy and add in support for time-constrained rules, so that a parent could firewall a child’s chat program after, say, 9 PM to ensure the child is not spending all of his time chatting.

Of course, parents/teachers will also be able to lock systems down in a kiosk mode, with differing sets of icons appearing depending on the group to which the user belongs.  The kiosk mode will be implemented using templates from the Kiosk Admin Tool for KDE, and Sabayon for GNOME.

In the end, it’s all about the children. In essence, the module aims to protect the child through filtering and firewalling, and protect the system through controlled access. The major goal here is to provide an intuitive and user-friendly way to control access to a system, so that parents and teachers — who may not necessarily have advanced technical skills — will be able to lock their systems down according to their needs without intervention from an outside party.

What I like about this particular project is that it combines development with system administration and integration. I’ll be developing the YaST module itself, along with the agents that perform all the configuration to lock down the system.  I’ll be working with the SUSE firewall, with Squid or Dansguardian, with the Kiosk Tool and Sabayon.  It will scratch the development and administration itches simultaneously, and I expect to have a lot of fun with this project.  And in the end, we’ll have a module that will allow us to quickly and easily lock down a system.  This can only make openSUSE more attractive in the educational setting, as well as to parents seeking a good solution to controlling access to their systems.  Businesses can make use of the kiosk features provided by the module, and I can envision it being used on public systems at libraries, technical conferences, and so on.

Good luck to all participants this summer, and stay tuned for updates on my progress.