Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Education

Aussie Uni Dumps Dual-Boot In Favor of Linux 505

kNIGits writes "News.com.au is reporting that the University of Wollongong have dumped their previously dual-boot installations in favour of booting Linux only. Among other reasons, staff enjoy the ease with which they can 'lock down' first year students, stopping them messing with the systems prior to learning anything about them."
This discussion has been archived. No new comments can be posted.

Aussie Uni Dumps Dual-Boot In Favor of Linux

Comments Filter:
  • Hehehehe... (Score:5, Interesting)

    by Pig Hogger ( 10379 ) <pig DOT hogger AT gmail DOT com> on Tuesday December 17, 2002 @01:28AM (#4905093) Journal
    Linux to lock down... Who'd have thought...

    I've met a tech who was working for a high-school, and 90% of his time was used in fixing Windoze computers after students messed-up with them. That changed when they installed some cards (don't remember the name of the cards) with RAM on them that effectively made the hard disks read-only, and stored in RAM whatever was written on the hard-disks.

    So, whenever a PC was screwed-up, all you did was power-cycle it once!

    • Re:Hehehehe... (Score:5, Informative)

      by Jester998 ( 156179 ) on Tuesday December 17, 2002 @01:31AM (#4905116) Homepage
      The cards you're thinking of are often called "Sheriff Cards".

      Apparently they have them in my old high school now. Poor kids... hacking the network was one of the more fun things about high school. :)
    • Re:Hehehehe... (Score:5, Informative)

      by ChrisBennett ( 18205 ) on Tuesday December 17, 2002 @01:34AM (#4905140)
      There is a software solution for Windows called DeepFreeze [deepfreezeusa.com]. It works very well. I love seeing the look on faces when they delete random .dlls or change wallpaper only to find that they magically re-appear when the system reboots.
      • Re:Hehehehe... (Score:5, Informative)

        by Feztaa ( 633745 ) on Tuesday December 17, 2002 @04:09AM (#4905689) Homepage
        Older versions of DeepFreeze were pretty funny. Set the system clock sufficiently far into the future, and it magically crashed. The first thing you do after that is delete DeepFreeze, and you have no more DeepFreeze problem ;)
        • Re:Hehehehe... (Score:3, Insightful)

          by Jeffrey Baker ( 6191 )
          If the program was any good in the first place, it wouldn't let you set the clock. There is no legitimate multiuser system where a normal user can diddle the clock.
    • I've met a tech, who works at a university called University of Toronto. They have public internet access stations at their library. And they have dozens if not hundreds of PCs running 'windoze' that students use to do their projects. They're all running 'windoze'.

      What's your point? An improperly administered box is an improperly administered box.

    • Re:Hehehehe... (Score:3, Interesting)

      by Anonymous Coward
      A undergrad lab at my alma mater (Stony Brook) had an ingenious solution: a pile of network-booting machines that automatically mirrored the "official" disk image upon detecting changes. This way, students could come in, install some other operating system for a while (other than the default FreeBSD install), and then just reboot the machine to return it to its original state. No reliance on any special software like that Windows deepfreeze thing, or assumptions about not having physical access to machines. Very elegant.
    • Re:Hehehehe... (Score:2, Interesting)

      by MechCow ( 561875 )
      At my highschool we used Novell computers, and they were as locked down as the poor computer studies teacher could make them. You couldn't use the floppy drive. You could only execute the 8 or so programs assigned to you. The internet was so protected that I was unable to look stuff about Homer's Odyssey (luckily I was protected from the word virgin I presume).

      Now at uni things are so much more free yet the systems so much more secure. We can use the floppy drives, have our own email addresses and websites, and even the /sbin/ is a+x (I don't know how bright this is on there part). All is well...

      Unless you go into one of the windows labs in which case you are assaulted with kazaa, icq, msn straight after logging on. You will find the harddrive to be full of crap. Also many people do 'confirm' their password after logging on thus I assume there are password files on those computers with hundreds of students passwords, all with measily encryption.

      At least until XP, or the next windows after that makes into the labs it seems windows will always be a hassle for maintainers.

  • UNSW (Score:5, Interesting)

    by Slurpee ( 4012 ) on Tuesday December 17, 2002 @01:30AM (#4905109) Homepage Journal
    The Uni of New South Wales Computer Science and Engineering department has been running unix/linux for years, no duel boot.

    8 years ago it was Sun Solaris.

    5 Years ago they moved to Intel Solaris

    Now they have (or are) moving to Intel Linux.

    anyway, good stuff at Uni of Wollongong.
    • duel boot (Score:5, Funny)

      by Joakim A ( 313708 ) on Tuesday December 17, 2002 @03:35AM (#4905598)
      >The Uni of New South Wales Computer Science and
      >Engineering department has been running
      >unix/linux for years, no duel boot.

      Well, duel boot, that is something I would like to run. Just install windows and a few linux/BSD dists, turn on the machine and leave it over night. Then we finally could settle this thing.

      /J

      Ps My bet is on that spiky fish eventhough that little red bastard with the fork might be nasty. I mean, how hard can it be to beat a geek from redmond or a penguin? Hmm, could be a whole army of penguins of course, well that might get tricky.
      • by NoOneInParticular ( 221808 ) on Tuesday December 17, 2002 @08:29AM (#4906334)
        I'm not sure about the geek from redmond, but before you belittle penguins, consider these words from Linus Torvalds:

        "Some people have told me they don't think a fat penguin really embodies the grace of Linux. Which just tells me they have never seen a angry penguin charging at them in excess of 100 mph. They'd be a lot more careful about what they say if they had."
  • The article. (Score:3, Informative)

    by Anonymous Coward on Tuesday December 17, 2002 @01:30AM (#4905110)
    Linux taking over at uni
    Chris Jenkins
    17Dec02

    LINUX is making inroads into the nation's universities, pushing Windows, Unix and Apple operating systems off the desktops of first-year IT students.

    It is making ground in IT courses because Linux is both easy to lock-down, easy to pull apart and offers simple licensing for distribution to students.

    At the University of Wollongong, which has about 1700 computer science students, machines in first-year labs that used to boot from either Windows or Linux have been changed to Linux only.

    "We get large number of inexperienced people in first-year and we are really trying to keep down our overheads and concentrate our professional support more in the later years," said Les Ohlbach, operations manager for the university's Department of Informatics."

    "The best way to control the first-years was to put them in a Linux-only environment where you can lock it down pretty well."

    Students moved to Unix and Windows in second- and third- year, he said, with Macs used for multimedia training.

    At the University of Western Australia, which has around 1650 students in its computer science courses, Linux has totally supplanted more traditional Unix distributions, such as Sun's Solaris in the school of computer science and software engineering.

    UWA's senior lecturer in computer science and software engineering Chris McDonald said Unix was dropped from teaching around 1995, and was no longer specifically required for any research projects.

    UWA recently dropped Apple from its IT education programs in the school, for the same reason that Unix was abandoned -- expensive proprietary hardware.

    "It wasn't so much the [Unix] operating system costs, because it usually came with the machine or we could get pretty good prices as an educational institution," he said.

    Linux was easier to give to students for home use, Dr McDonald said.

    "If we were using Solaris or HP-UX or something like that, I'm sure there would be very different and costly licensing issues involved," he said.

    "We are trying to move to an environment where what we provide in the laboratories can be mirrored in the students' home."

    Mr Ohlbach said the University of Wollongong favours Linux for first-years for a similar reason.

    "We are teaching programming, so they [students] need to run all sorts of IDEs and development environments. On Linux they can quite easily do most of their code at home at fairly low cost," he said.

    Dr McDonald said in teaching open-source platforms to students it is important not to "just ram open-source issues down their throats. It's important to explain why there is a difference in philosophy, why it's reasonable to not to totally tread the path of one particular vendor, one particular monopoly."

    However, Dr McDonald said UWA's school of computer science and software engineering was part of Microsoft's academic alliance program, which allowed the free distribution of Microsoft operating systems to enrolled students.

    The school used Linux and Windows to teach operating systems.

    "It's good to show not just the similarities, but more importantly the differences."

    Linux allowed better teaching of the principles behind software development, he said.

    "We'd rather explain how things work. We do that by taking things apart and putting them back together again, rather than just showing people how to use particular GUIs that other people have designed. It's our belief that open-source software better explains those concepts," he said.

    "Personally, I think that just showing students how to use operating systems tools and networking tools, is more training than education.

    "From 2003 UWA's school of computer science and software engineering will be using Linux, in preference to Windows, for our first-year Foundations of IT unit."

    Mr Ohlbach said it was important for students to have exposure to multiple operating systems and development environments.

    "Anybody wanting to be a professional computer science person, or an IT person, generally doesn't want to be seen as just a Mac or a PC party, " he said.

    This report appears on news.com.au.
    • Re:The article. (Score:5, Interesting)

      by WaKall ( 461142 ) on Tuesday December 17, 2002 @03:00AM (#4905556) Homepage
      "Dr McDonald said in teaching open-source platforms to students it is important not to "just ram open-source issues down their throats. It's important to explain why there is a difference in philosophy, why it's reasonable to not to totally tread the path of one particular vendor, one particular monopoly."

      I wonder WHICH monopoly he refers to?

      I think it's important to teach skills and not languages. The platform shouldn't really matter. But what I read there is "we're gonna teach non-proprietary solutions". I don't think the OS matters for the undergrads.

      I learned programming on Solaris and later Linux, and honestly there's no real difference between them for 95% of what you do in school, since you are NOT administering the box, and the interesting tools are opensource, portable, and provided by the school - you just have to USE them. This probably holds true for BSD as well.

      I do believe that we shouldn't be teaching kids to develop in MSVC++ and MFC. I think that's god-awful - we should learn to use makefiles and know the dependencies in our code, and not waste time on things that aren't portable to our jobs, on a yet-to-be-determined platform.
      • Re:The article. (Score:3, Interesting)

        by Lumpy ( 12016 )
        I do believe that we shouldn't be teaching kids to develop in MSVC++ and MFC.

        we shouldn't teach ANYONE to program in any of the Microsoft visual environments. it promotes sloppy coding, bloat and tons of other things that make just plain old BAD programmers.

        you want to teach windows programming? then use the free solutions out there teaching the API interfacing and other parts of fighting with a windows environment is so much more important than the drivel the MS visual dev.

        Give the studen MORE understanding and a tool they can freely take home legally. you get a better programmer.

        and as a side note. every teacher should at the end of every semester force all the student to program in an embedded environment or put tight size cap's on the compiled program.

        Anyone can make gigantic bloatware, a good programmer makes fast tight code.
  • by Anonymous Coward on Tuesday December 17, 2002 @01:30AM (#4905113)
    So if I understand correctly, admins who couldn't properly admin a windows box to prevent users from doing dumb things, are going to try their hand at linux instead? ... and hilarity ensues.
  • Locked down... (Score:3, Interesting)

    by davidstrauss ( 544062 ) <david@davidFORTR ... t minus language> on Tuesday December 17, 2002 @01:31AM (#4905115)
    How do you learn about computers without having access? I've had "educational" experiences with Windows guest accounts, but locking the user into word processing, e-mail, and web browsing on a Linux box would teach users as much about Linux as using a Palm handheld would. I think ghosting would serve as a better option (with docs on the server) or (gasp!) Windows XP-style system restore. I would always want local admin to my own computer.
    • Re:Locked down... (Score:3, Informative)

      by dacarr ( 562277 )
      Before you teach a child to fire a gun, you teach him to not point it at others - or (equally important) himself.

      I like your idea, having a ghost style system restoration setup - drop the image and be done, and of course mount all user dirs to a drive off in some serverhaus. But from an admin's standpoint, I would first consider that the most dangerous people in the world are those who overenthusiastically announce "I KNOW FOO!!!" (where "foo" may be, say, first aid) seconds before they clumsily (and dangerously) attempt to practice the art they boasted of so vociferously. It is this type of person who is unwittingly capable of committing irreversable damage.

      Perhaps then the optimal solution is to put first year lusers in iron boxen of sorts - they can't do any real damage, except to their own ~. Of course, this can also be done with careful administration using chmod and chown. =) It may not teach them patience, but it has all potential of working the overenthusiastic energy out of them without killing your machinery.

    • Re:Locked down... (Score:5, Insightful)

      by danny ( 2658 ) on Tuesday December 17, 2002 @01:55AM (#4905281) Homepage
      When I did comp sci we had accounts on a Vax 11/780 running hacked System 7 Unix. This was totally locked down, like any decent multi-user system, but I learnt way more about computing from using it than I did on the early PC (some 286) I had at home.

      I couldn't install kernels or do system administration, but I could still learn about processes and privileges (and how to get around them :-) and file tools and scripting and compilers and ...

      Danny.

    • Re:Locked down... (Score:5, Informative)

      by yeOldeSkeptic ( 547343 ) on Tuesday December 17, 2002 @02:25AM (#4905420)

      How do you learn about computers without having access? I've had
      "educational" experiences with Windows guest accounts, but locking the user
      into word processing, e-mail, and web browsing on a Linux box would teach
      users as much about Linux as using a Palm handheld would.


      I think your understanding of what locking down a computer
      means is inadequate. It is possible to learn a lot
      more things with a locked down Linux terminal than it
      is with a personal windows computer.


      For example, you can program a Linux computer with
      C/C++, Java or what have you even without a root account.
      You can, in fact, execute most of the utilities in
      the /bin, /usr/bin, /usr/local/bin directory without much trouble.
      And those directories contain hundreds and hundreds of goodies
      that you can have a lot of fun learning.
      Thus, your premise
      that locking down a Linux computer would be unelightening
      to a user is horribly inaccurate.


      The university mentioned in the article needs to
      lock down their computers because they are
      publicly accessible: a lot of people can use then.
      And of those individuals who have access to a public
      computer, two kinds are especially dangerous:
      the novice user and the malicious expert. The novice
      user must be protected from mistakes made
      on account of his ignorance. The malicious user must
      be prevented from subverting the system in order to
      satisfy his evil ego.


      As an example of the first
      case you can imagine a secretary innocently
      deleting the \windows directory of her computer.
      It can and has happened. As an example of the second
      case, you can imagine someone replacing internet explorer
      with a trojaned version. Any student who has learned
      a little of DOS in his or her first day of class knows that
      replacing explorer.exe with an ascii file explorer.bat containing
      just the single line: echo y | deltree c:\ would lead
      to hilarious and ego-gratifying events. This exploit
      is certainly not bad for someone who has just one hour
      of DOS.

    • Re:Locked down... (Score:5, Interesting)

      by An Onerous Coward ( 222037 ) on Tuesday December 17, 2002 @02:54AM (#4905532) Homepage
      You may be right. Of course, it depends completely on what you mean by "locked down." Allow me to cite two examples, both from my school.

      First, give me a moment to whine about the general usage computer lab. At its worst, a handful of applications were delivered via ZenWorks. You had Explorer, Word/Excel/PowerPoint, and Netscape 4.0 (this was at a time when 4.7x was considered obsolete). That was it. Ninety percent of my computing needs could not be filled in that environment. They've since loosened it up a great deal, but I still don't feel that they're providing me a usable service.

      My other example is my school's UNIX box. It's locked down in the way that such boxes generally are. I am the Lord and Master of /home/$USER, but outside that domain I am powerless. It's safe, easy to maintain, and I don't feel like I'm in a constant war with the confines of the system.

      In short, there's a right way and a wrong way to lock down a network. Linux makes it easy to do either.
  • by RaboKrabekian ( 461040 ) on Tuesday December 17, 2002 @01:32AM (#4905132) Journal
    I'm not fully versed in all its wonders, but the Windows Policy Editor (or whatever its called now) can completely lock down a machine. It's a vastly underutilized tool for environments where you don't want users messing with the machines. I remember getting annoyed the first time I sat down at a box which wouldn't let me even look at the start menu. Any and all Windows admins should look in to its proper use in their environment.

    • t's a vastly underutilized tool for environments where you don't want users messing with the machines. I remember getting annoyed the first time I sat down at a box which wouldn't let me even look at the start menu.

      In our undergrad labs at cs.usyd.edu.au, there was a low-end pentium for the sole purposes of ftping files from your floppy to your 3meg quota'd ugrad account on the nix machines. It was win3.1 (even though this was in 1998-2000), and all it _appeared_ to have was a crappy ftp client and 2 other semi-useless programs. You were given a 3 minute time-limit to use this machine. But one day, I recursively transferred the wrong files, and the ftp client was crap, and couldn't recursively remove directories, so I went to the c:\windows directory (or whatever), in the ftp client, selected command.com, and clicked the "run" button. I then was in a dos shell where I could deltree.

      Moral of the story: There is no security in removing the start button :)
    • by mferrare ( 65039 ) on Tuesday December 17, 2002 @01:57AM (#4905295)
      But consider how much you have to piss-fart aoround with WPE to get a good config - partially because no-one uses it - and compare that with 'locking down' a linux box ie:
      • secure it - and most linuxes are reasonably secure out-the-box these days
      • set a strong root password. Give the students limited sudo access if necessary
      • Probably a little bit of hardware stuff (disable floppy booting etc)
      • Maybe setting up a restricted shell or GUI environment
      But basically, students would be pretty safe on a linux box without root access. And it's simple and well-known to set up. Compare that with Windows Policy Editor. Does anyone really use it? Maybe a few but I'm sure it's not as well documented or as well tested and probably not as robust as simply locking out root access to a linux box.
    • by dan_barrett ( 259964 ) on Tuesday December 17, 2002 @02:02AM (#4905319)
      Yes, you *could* use windows policy editor, but there are some major issues with it (having just locked down a standalone windows box for kiosk use I'm well versed in the pain of poledit for Win 2000..)

      Note that policy editor is now primarily designed for a computer in a Active directory tree - without active directory you have to edit a "local" policy, ie edit the registry directly.

      A disclaimer: maybe an active directory policy is nicer to play with, I don't know - local policies were enought of a pain for me as it was..

      here's the fun with local policies..
      firstly - the policies affect ALL users, INCLUDING the administrator. (WTF?!?!? you say?) so.. lock out all registry tools, disable "command prompt" and run on the start menu - and you're screwed - no more windows administration. time to reformat the box. (or at least attempt to "rescue disk" it..

      second - policies quite often are applied in REAL TIME. hmm.. disable registry editing.. (screen flashes) - oh bugger, policy editor has stopped working..

      The way to get around this is to remove access to the %winnt%/system32/GroupPolicy dir for the administrator (that's right, you remove access to the root user to prevent the policy applying to that user.) of course, this dir has to be accessible to make any changes. And the changes apply immediately. Forget to reapply the restictions to the admin user and it's reformat time, again.

      if you want to use policy editor I suggest having a recovery cd lying around, as I guarantee you *will* be locked out of your system, unless you're extremely careful.

      I love windows security, it rocks.

    • we use it, and like linux, it requires a lot of compatibility testing with your apps. You can easily break something bad enough irreversibly, so it's not a toy that one uses on their users.

      follow the guides and the people (beta) before you
    • by foo fighter ( 151863 ) on Tuesday December 17, 2002 @02:10AM (#4905354) Homepage
      Windows Policy Editor was used for the 9x/Me series.

      Starting with Windows 2000, admins have access to "Group Policy". Essentially, any user interface setting -- and most system settings -- can be controlled via this either on the local machine or remotely.

      Group Policy kicks ass. You can completely lock down a machine so that cmd.exe doesn't work no matter what and the only .exe's that do work are the ones you specify. You can let the user specify their Display preferences, but nothing else. Or everything except the Display preferences. The point is, Linux has nothing to compare with this.

      The fact is, under Windows 2000 (and XP), administrators have never had an easier time setting up, controlling, troubleshooting, and fixing a user's desktop. If Linux had anything to easier to compare to this I'd be using it (admins being essentially lazy).

      At length, I've evaluated Redhat, Suse, Caldera, Debian, FreeBSD, OpenBSD, and Mac OS X. (At length means ~40 hours on each setting up desktops and administrative consoles and testing things out.)

      I have many Redhat machines running on servers at work. I have a Yellow Dog machine running my web site and email and OpenBSD running my router at home.

      The FACT is no one has a better way to administrate and trouble-shoot end-user desktops than Microsoft right now.
      • by Anonymous Coward
        Just because you personally don't know how to do something doesn't mean it can't be done.

        Its quite possible to lock down user's desktops in linux if your familiar with linux. It doesn't sound like you are. It also sounds like your looking for a single point-n-click program to do it with. Well that just doens't exist, but it doesn't mean you can't severely limit what a linux user can do.

        Its also trivial to ssh or vnc in and take over a session of kill the appropriate process if needed. I laugh in your general direction for even joking that its somehow easier to remotely troubleshoot desktops on windows.

        Your also comparing apples and oranges a bit since the linux and microsoft desktop are two very different beasts.

        So not its not a FACT afterall.

        Also and don't take this the wrong way. Spending 40 hrs each on some distros hardly qualifies you to proclaim MS king of all administration.
      • Agreed, but when the administrator password is not in the hands of the user, which so often is the case..
      • by mystran ( 545374 ) <mystran@gmail.com> on Tuesday December 17, 2002 @04:13AM (#4905699) Homepage
        There also another view. In windows you have to options: either you allow people to do everything or you allow them to do nothing. The policy editor just stops working once you allow someone to run an .exe from his desktop since he can break the system (with one of the numerous exploit that for example the GUI gives you).

        In Linux (and unix in general) you can allow people to do almost anything with their own account. If they mess their homedir (and it's quite unlikely to get your personal stuff to the point you can't login at all by accident), just clean it by resetting the configfile that breaks the thing.

        You can have people run custom window managers, code their own software (even that damn window manager), whatever, if they happen to know how, while at the same time making sure they don't mess the system up if they don't.

        Now, imagine that user has to do some task, and they have messed up their configs. Now on Windows you either repair their profile (which can take quite a time if you can't login as them, if possible at all) or take backup of files, create new profile and copy the files over, on linux you just throw the default configs to their homedir and all you lose are few hacks in some files (say .bash_profile/.bashrc or may .Xsession)

        About the config thing.. if you setup linux in ~40 hours (for shared use) you are pretty fast. If you can do the same (in ~40 hours) for Windows you are superman. Start counting from when you get few hundred PCs with blank harddrives, with no images ready, etc..

        And once you get new systems with different hardware you have to do it again :) With linux you dump the same image and switch either kernel or module config.

        Windows has it's strong points, but administration isn't one of them. At least if you are trying to do it well. In a Uni even "we are not mission critical, we don't need the best security" isn't argument, since what would better target for a hacker than a Uni with a lots of computers and students doing all kind of things with irregular patterns.

        Btw, the Windows 9x/ME policy system is a joke :) If you can't get past it whily you can still do something with the system, you probably shouldn't be securing anything ;-)

      • Have you looked at KDE's kiosk mode? I understand Waldo Bastian has done a lot of work locking down KDE to be suitable for use in a public environment. And with Unix, you can have reasonable security without doing silly things like disabling shell access. Unix was made for secure multi-user environments and remote administration.
      • Why don't you write up what you like as a proposal to the KDE and/or GNOME teams - the situation isn't going to change if people sit on their hands.
      • Listen that's not true at all. You can run anything you want when you rename the EXE to a runnable like 'notepad.exe'. Add to this Word VBA scripting and you'll have admin on the box in seconds. In our lab we have people still installing porn and crap b/c it's so easy to do this.

        On a floppy copy an alternative shell for windows and name it say winword.exe. You most likely can run anything you want off the floppy, so then you just run say the kernel debugger or the MS hole of the week ( ie is weak to loading HTML scripting attacks off disk also. ) -- and then you can use policy editor to start mounting all those hidden windows shares and hijacking other user's computers.

        This is why windows is a joke - suid programs and permissions controls by name of a file.

    • It's nearly trivial for a knowledgable person to circumvent the policy editor, even if the settings are considered "tight". A little time, an unsecured PC to work with to prepare your attack, and some audicity are all that's needed. And if the policy settings aren't very tight, even the so-called "lusers" can figure out how to bypass it. Here's a hint to one method: policy mostly just puts hooks into the APIs and registry entries that Explore.exe uses (My Computer, File dialogs, the taskbar)...

      I agree with the parent, that more Windows shops _should_ use Windows policy to reduce tampering. But it's only _shell_-based security, not OS-level security. Bypass the shell, and...? A better solution, if you need/want to stick with Windows is to use NT/2000. Then you could supplement policy with ACLs, auditing, user rights, registry permissions, etc. NT with sane security settings AND policy enabled is not so trivial to circumvent. Maybe this is true of XP as well. I lost interest in Windows when they came out with "Windows ME". More like, Windows yourself!

    • by Anonymous Coward
      I absolutely abhor locked windows machines. Why? Well stupid/near-sighted windows sys-admins tend to think that if you want to use the computer in some way that they didn't anticipate, you must be doing something evil. When everything is locked and the admin must 'enable' certain things is really stupid. It means the computer can only have as much functionality as the admin wants. It's better to have a UNIX system that is secure while still being 100% functional. You're locked out of what's private to the system (and even then you can see system settings.. just not modify them). Things are only locked down when they need to be. Windows is such a messy operating system it will never be able to have such a level of usability and security at the same time.
    • We tried a nifty boot disk on our corporate w2k environment that let's us reset (recover?) the Admin password. Linux is even easier, boot from a floppy into single user mode and do whatever you want. Without something at the hardware level (say like Palladium) you can't really secure the box if it's in an insecure area.

      Of course, you could just set up XTerms in the labs and safely lock the computers away. As a bonus, you could prevent people from saving their assignments to floppy only to lose them the day before submission.

      Xix.
      • On second thoughts, just boot from the network and compare local filesystems with secured copies. Send updates at boot and any "edits" are fixed before the filesystem is used. Maybe even include something that denys DHCP if the request does not match known parameters (say /proc/kernel/md5).

        I shall also gratuitously recount my housemate's experience with a student who dealt with the University prohibition on Doom by fdisking the machine and installing DOS (this was a while ago). Dozens of machines were nuked before they LARTed the guy. :o)

        Xix.
    • While a lot of the comments in this thread hassle Microsoft's security policy for only working on the shell or affecting even the administrator, remember that Microsoft know more about security than you might think.

      Go read The Ten Immutable Laws of Security [microsoft.com].

      The first three laws are particularly relevant:

      Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.
      Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
      Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.

      Anyone with a boot disc can get around your policy. Or even worse, just take the HDD and read off it at his/her own leisure.
  • I feel this would have been news maybe six years ago but not now. Not when I get emails at work asking if I know DB2 on LINUX on 390!

    LINUX is simply mainstream now. The news is what you do with it and not simply that you've tried it out.
  • by stonebeat.org ( 562495 ) on Tuesday December 17, 2002 @01:34AM (#4905144) Homepage
    that is the beauty of a *nix OS. You can lock it down for use even in High Schools. I don't think you can get that kind of granularity with MS Windows. I have worked at a Uni, and I know locking down a Solaris box was much easier than locking down a windows box.
  • But, why was this their only soloution to locking down machines?

    You have been able to lock down windows desktops since 3.11, YES YOU HAVE!

    I am in favor of running linux, but it seems to me that may not have been the real reason why. It just couldn't have been. Altough.....It does seem like a good reason to give those funding it if they were heavily in favor of linux.

    Infact, IMHO it seems that malicious students will still be able to "screw" with linux box all the same. Without much extra effort.
    • What I meant was.... I am in favor of running linux, but it seems to me that may not have been the real reason why. It just couldn't have been. Altough.....It does seem like a good reason to give those funding it if they were heavily in favor of Windows. Sorry for the confusion. I think people got the point though.
    • by Anonymous Coward
      "I am in favor of running linux, but it seems to me that may not have been the real reason why. It just couldn't have been."

      My university CS department uses Linux for all of its classes except assembly language programming (the text comes with MASM on CDROM).

      The reason my school no longer allows programming in Windows is that instructors discovered that they were giving passing grades to students who had no idea what was going on behind the scenes in the Visual C development environment. Their reliance on an IDE was adversely affecting their education.
    • You have been able to lock down windows desktops since 3.11, YES YOU HAVE!
      You, my friend, are crazy. If that machine is connected to a network, it is open to all sorts of nasty attacks. In addition, it's open to unstoppable user attacks.
    • You have been able to lock down windows desktops since 3.11, YES YOU HAVE!

      Yes, in some sense, you have been able to. Windows-based kiosks do it, for example.

      However, you can "lock down" UNIX/Linux and still use it as a development machine, which is crucially important for a CS department. Actually, there is nothing to "lock down"--UNIX/Linux has been designed so that ordinary users can get all their work done in the default user environment and still be protected from one another.

      Infact, IMHO it seems that malicious students will still be able to "screw" with linux box all the same. Without much extra effort.

      UNIX is quite good--20 years of use in multiuser environments with malicious students has seen to that. We are talking UNIX machines with hundreds of simultaneous (!) users, not a bunch of Windows PCs into which people log in sequentially. Linux has inherited much of that UNIX design.

      Is it impossible to break into UNIX/Linux systems? No--there are always some bugs. But if you set up a regular UNIX/Linux system with a reasonable set of well-known programs, there will be only very few people able to break into it (and you hire those as sysadmins :-). With Windows PCs, you have to go through a lot of trouble to "lock them down", you end up with machines that have a lot of unpleasant restrictions, and it's still not going to be very secure.

      Note, incidentally, UNIX/Linux provides security while many users are logged into the same machine, a much harder problem than what Windows even attempts to provide.

  • by evilviper ( 135110 ) on Tuesday December 17, 2002 @01:36AM (#4905160) Journal
    Oooo. Someone is using Linux. STOP THE PRESSES!

    How often are we going to see stories like this? I got my grandmother to switch... better put it on the front page.
  • by chunkwhite86 ( 593696 ) on Tuesday December 17, 2002 @01:39AM (#4905187)
    Linux more secure than Windows? No Way!

    The Microsoft sales rep told me that Linux doesn't have a "Trustworthly Computing" thing, so I bought Windows!

    This Microsoft "Trustworthy Computing" thing means I'm safe from viruses and hackers, right? Right???
  • Nice! (Score:3, Funny)

    by houseofmore ( 313324 ) on Tuesday December 17, 2002 @01:40AM (#4905195) Homepage
    All we had in highschool was McWindows 3.11. Two years of learning how to reboot.

    I was so disappointed when Dr. Watson didn't make it into the year book.
  • by thatguywhoiam ( 524290 ) on Tuesday December 17, 2002 @01:42AM (#4905211)
    Huh. I was gonna mod, but I can't set (-1 Missing The Point).

    A lot of posts are somewhat blinded by the use of the phrase 'locked down'. Look, it's a school lab. They're trying to teach specific things. Linux is great for setting up a system for specific usage, with permissions and all the other UNIX goodies. This is good. I imagine they waste a lot of time re-ghosting machines or doing the usual IT troubleshooting... especially with a bunch of hotshot students trying to show off their l33t 5k1llz.

    Really, do you think even one of these students doesn't have access to their own computer at home/in the dorm? Most Comp Sci courses require the students to have a computer for themselves. They can screw around with their home distros all they want. In fact, they should, you learn a lot, in the exploratory manner. A lab, for teaching specific lessons, that's a different thing.

    Come on, guys. It's not a big deal. The news is that the Univ has gone all Linux. No one is even discussing this.

    • by Plug ( 14127 ) on Tuesday December 17, 2002 @05:43AM (#4905937) Homepage
      Most computer science students at the university I attended in New Zealand (very similar socio-economically to Australia) don't have computers at home.

      Sure, the top 10% (lets call them The Slashdot Readers) do. But not everyone does. Most don't. Hundreds of people are in the labs in the night before assignments are due, even those with computers who want to work with other people.

      At uni, labs aren't for teaching sessions. They are for taking what you learnt in lectures and doing your assignments. A lot of the time, unsupervised.
  • Talk about giving them incentive to learn. Yeah, lock it down and let the cracking games begin. I have a feeling students and instructors are both going to learn a lot.
  • by Tsali ( 594389 ) on Tuesday December 17, 2002 @01:44AM (#4905222)
    One colony of penguins at a time.

    Now if I could convince my employers to give up dual-boot!
  • My supervisor..... (Score:4, Interesting)

    by tconnors ( 91126 ) on Tuesday December 17, 2002 @01:48AM (#4905244) Homepage Journal
    One of my supervisors is at UOW. We are in the field of astrophysics. I was doing some googling recently, and came across a whole slew of postings by him in comp.* and sci.physics.* in the 1990's. It turns out he was actively using and contributing good bug reports to Linux.....in 1992. I was pretty impressed with this - I only started using it in 1999!

    Before that, he was using BSD386, and other Free non MS OS's. He has been at UOW all this time - I do have to say, I like the sound of that place. Of course, being a scientist (a real one - read - not one of those crappy biologists :), one never conciders using a toy OS such as MS's.
    • We are in the field of astrophysics....Of course, being a scientist (a real one - read - not one of those crappy biologists :),

      On behalf of all us with Bio degrees in the house (come on, I'm talking to you three Population Ecologists in the corner), I'd just like to say:

      LOOK AT THE FALLING STAR!

      /me pulls down tconnors's pants and runs like hell.
      sucka.

  • READ the article! (Score:2, Interesting)

    by cpaluc ( 559921 )
    There's more to it than the 'lock down' issue:

    - "easy to pull apart"
    - "offers simple licensing for distribution to students"
    - "dropped Apple ... expensive proprietary hardware"
    - "easier to give to students for home use"
    - "what we provide in the laboratories can be mirrored in the students' home"
    - "easily do most of their code at home at fairly low cost"

  • by Mustang Matt ( 133426 ) on Tuesday December 17, 2002 @01:57AM (#4905296)
    By locking down, I think they mean students can go in and randomly format the drive like they could in a stock Win9x setup.

    They also mention that they like linux because it's easy to give to students. They don't have to worry about costs or licensing, they just hand the students a CD and they're on their way.

    "We'd rather explain how things work. We do that by taking things apart and putting them back together again, rather than just showing people how to use particular GUIs that other people have designed. It's our belief that open-source software better explains those concepts," he said.

    That seems pretty logical to me. The article really wasn't about taking away freedom at all.
  • This will be an experience for all parties involved, students, teachers, and admins. The admins learn how to properly lock down a system, the teachers learn more of the nuances of the system as..., the students learn how to overcome the limits set by the admins. Good show, I say... I just wish more schools, specifically my old high school, would look into locking down there systems, even if they keep windows. Windows 2000/XP has a nifty policy editor that helps on preventive maintenance.

    Speaking of switching, and maybe OT, I've been contemplating more and more about switching back to a *nix based system as all the games that I want to play will not run on my system and I am not too keen on building another one that will just be outdated in a year...(Am I growing out of my geekness, or just tiring of spending so much money?)...Its almost as big of waste of money as my car is...No, I think I will just optimize the one that I have and probably load OpenBSD on it.

    Amigori

  • That's the difference between a secured Unix system and a 'Windows policy editor lockdowned' system.

    In windows you just have to close down all ways to do nasty things. End result : undestroyable but also completely useless pc. Nobody can do anything on it.

    With a Unix system, students can't mess around anything BUT they can do whatever they want in their personal enviroment and a Unix box is still a usefull tool without root access.
  • by Omega ( 1602 ) on Tuesday December 17, 2002 @02:17AM (#4905376) Homepage
    When you think about it, Linux really is the best operating system for comp. sci students. It offers open source access to the kernel, so you can see the actual code for the operating system and how it interacts with many different types of hardware. Also you have low level access to many devices through the dev. tree so you can teach device programming methods. Not to mention the fact that the primary unix networking protocol (TCP/IP) is the same protocol that runs the internet. What better way to gain an understanding of packet based protocols than by experimenting with BSD sockets? "The Unix Time Sharing System" by Dennis Richie is one of the most elegant descriptions of an operating system that I have ever read. And by working with the text and the operating system together, students can gain a fundamental understanding of many basic low level concepts in modern computers.

    If all you want is to be an MCSE, then why waste you time with college? You can take a weekend course for a few hundred bucks (instead of 4+ years for several thousand dollars). This quote from the article by Dr. Chris McDonald of UWA pretty much sums it up:

    "Personally, I think that just showing students how to use operating systems tools and networking tools, is more training than education.
    Exactly. Showing someone how to point and click isn't teaching them anything. It's only training them how to use someone else's tools (and there are books that can teach you that in 24 hours). Real computer science education, where you gain a fundamental understanding of both high and low level concepts of the computer requires more than just clicking a start button.
  • by kNIGits ( 65006 ) on Tuesday December 17, 2002 @02:25AM (#4905416) Homepage
    People have been saying for years that Slashdotters don't read the article, so I thought that I'd test the theory. I'd submitted the story and highlighted something insignificant about the article in the submission. Browsing through this page, I see lots of people discussing merely what I wrote at the top - 'locking down' students. If people actually read the article, they'd see that it was more about teaching software development in an open source environment, and also the fact that they can give free Linux cds to the students to replicate their training systems at home.

    What I'd like to know is - how can the Slashdot Effect exist when no-one clicks through to read the article?

    This karma-reducing social experiment was proudly brought to you by kNIGits in Australia.
    • Answer: They only click through to look at pictures of Lego, Linux handhelds and case mods. ;)

    • The people who karma-whore try to get their posts in as quickly as possible because, as the FAQ says, if you get in sooner more people will read it and it's more likely to be higher ranked.

      Because of the karma system, you're only seeing people who employ karma-whoring strategies rather than intelligent commentary. That means making politically correct comments about whatever the submitter said. That means mouthing the standard, "freedom-reducing lock down is bad!" kind of remarks.
  • by BiOFH ( 267622 ) on Tuesday December 17, 2002 @02:26AM (#4905425)
    It is making ground in IT courses because Linux is both easy to lock-down, easy to pull apart and offers simple licensing for distribution to students.

    Please stop fixating on the whole locking down bit!
    Timothy craftily negelected to list anything but the potentially inflammatory and sensational 'lock down' phrase. It's EASIER for them to use Linux (and makes more sense and it's CHEAPER), not "they can't lock down Windows". These are newbies who DO know how to fuck up a Window machine pronto. They'll have to do some learning before they can pull a good cock up of their Linux box. And since this is a Uni, students learning is kind of high on their list of 'things we want to happen'.

    And please take note this is not the whole Uni. My girlfriend works there and she (and her whole department) uses Macs. But it is a step, IMHO, in the right direction for UOW.
  • by CaptainPotato ( 191411 ) on Tuesday December 17, 2002 @02:38AM (#4905483) Homepage
    ...who wishes to do convince the IT powers that be to do the same, I am very happy to hear about other institutions that are doing the same. Whilst there remains a need for Windows-based machines, Macs, and whatever else is used, there are many compelling reasons for switching to Linux - these are just a few I have (whilst on University time...).

    1. Control. Whilst I would normally shudder at the thought of restricting IT access, I do appreciate UOW's desire to better manage their machines. We recently had some new machines running Win2k installed in my area, and within a day, one was in poor shape thanks to a particular idiot installing the latest Windows Media Player version on it and somehow stuffing up the OSA installation. He was able to so do thanks to the IT stroke of genius of giving everyone admin access. Whilst this may be an human issue rather than an OS one, every bit helps :)

    2. Cost. We are all aware of the studies that compare the cost of Linux to other OSes. In any case, regardless of the outcome, I do know that my insitution will be spending multiple millions per year (as of next year) for desktop software licences for MS products because of the new licence arrangements. In a country that has mounting financial challenges in university funding, alternatives to MS software need to be found.

    3. Ethics. Maybe this is too strong, but IMO it is not. Why should tapayer money be spent on making a single corporation (even) richer? A centre of teaching and research ought to have academic independence of multinational corporations.

    These are just a few, IMO, valid thoughts about the issue. Regardless, UOW deserves to be applauded for the initiative.

  • Just be careful (Score:2, Interesting)

    My University's PC lab ran linux (dual boot with Win 2k), but it also ran telnetd which anyone with a computer science login could telnet to. This led to some interesting fork bomb wars between 'friends', and didn't really help us get on with our (probably late) work. Ironically, although Linux is chosen (amongst other things) its security, it was Windows that was the most secure in this case, simply due to poor administration.

    They've actually removed Linux at the moment, as they attempt to change their linux policies.
  • uow labs (Score:4, Interesting)

    by Tristessa ( 255192 ) on Tuesday December 17, 2002 @02:46AM (#4905508)
    Being at UoW and knowing the people who did this I can't say it's a surprise. The only things that windows were really used for in those labs were software engineering type programs and Word/Excel for the first years and non-compsci people who used the lab.

    There are other compsci labs around that haven't been dual boot for longer than this. The article also doesn't mention anything about the proportion of CompSci(linux) machines compared the number of mac/wintel machines around the uni which I'd estimate at around 85-90%

    At least the compsci department support staff are always trying new things, actually being taking initiative about things. kudos guys. see you for a drink soon.
  • either result in mundane Linux users, or HARDCORE linux hackers :D Both of which, I guess, are better than mundane Windoze clickers.
    Unfortunately,unless we have an industry standard office suit to compete with Microsoft Office, lots of companies are going to hold back. Comments,merging and other aspects of Word which make professional and academic documents exchanging and analyzing easier are still missing in Open/Staroffice. The publishing industry: they would love to shift to linux, but the fonts/word processor aren't up to the mark. But Linux will get there -> soon.
  • Just a Thought... (Score:5, Insightful)

    by Hasie ( 316698 ) on Tuesday December 17, 2002 @03:40AM (#4905612)
    I see their point, and I agree that Linux has a place in any computer-related university curriculum as an introduction to UNIX (even ignoring the other advantagess it has), and I am a major Linux fan (to the point that I actually find Windows difficult to use).


    (You all know what comes next:) BUT, I don't think that Windows should be completely eliminated. Windows is still the de-facto standard in industry and universities owe it to their students to give them skills they can use. It is also essential that universities maintain neutrality in the sense that they do not give the impression that they are promoting one system over another - a university's role is to eductate and do research, not dictate what the world will do or follow current fads.


    Before everyone gets the wrong idea; I use the same argument to motivate the use of Linux at the university where I work (it is a very good way to teach students UNIX rather than only teaching them Windows). So what is needed is a balance.

  • Dual-boot? (Score:3, Insightful)

    by Z0mb1eman ( 629653 ) on Tuesday December 17, 2002 @03:42AM (#4905617) Homepage
    >machines in first-year labs that used to boot from either Windows or Linux have been changed to Linux only.

    That sounds like a LOT of hassle for the admins in the first place... University of Toronto has separate Linux Redhat, Win2000 with Netware, and (still a few) Solaris labs. Separate rooms, separate operating systems, just go where you need based on what you need to do. The Windows machines are even more "locked down" than the Linux ones - you can't even change the wallpaper, for example. Can't move/remove icons, can't change the start menu, can't (really) install programs. I've never seen a trashed Windows machine, whereas I've seen Linux machines that have gone belly-up with a rather pissed off admin trying to fix it. Then again, I spend more time in the Linux labs.

    The dual-boot idea for a public lab makes very little sense to me in the first place - if the university's THAT desperate to save money, maybe it's not the best place to go. More likely though, the admins realized the way they were doing things wasn't really the best way, and changed to something more logical and easier to manage (and not all that new or innovative at that) - how does that constitute news??
  • just like USyd (Score:2, Informative)

    by djshiawase ( 570864 )
    The University of Sydney's got a huge unix tradition - not as much as UNSW but i think Aust has always been unix-inclined, out of the 'pressure spotlight' I suppose, or something. The admins love the linux computers here, they never have do anything to them. Especially the Tektronix dumb terminals, they just sit there and accept input. Slow as hell though, I use them only when I need to get an assignment done and there's no computers left. I think they're retiring them over the Christmas break, that whole lab area is being rebuilt.

    The whole backend runs on linux clusters (went to a little after-lecture talk about it). File servers, CPU servers, connection servers. They have a few sun servers but one of them explode every year and they haven't bothered replacing them. Clusters are so much cheaper!

    The last batch of new systems we got at the beginning of last year for 5 labs, P4s with TFTs, bucks this trend though, as 4 of these labs got Win98 and the other Linux. They don't even bother locking these Windows down either, they just wipe and upload drive images from the server every night.

    Though that kind of sucks, means we have to reinstall Warcraft 3 every day.
  • by imevil ( 260579 ) on Tuesday December 17, 2002 @04:27AM (#4905731)
    At my school the math section has linux-only PCs for the students. The CS section has Solaris (SUN) and Windows-only machines, and they justified the no-linux by saying that the companies use Windows so no point in teaching Linux to the students. I think they got it all wrong: more and more companies are migrating to Linux, and in a couple of years there will be a need for Linux experts.

    GNUWin [gnuwin.epfl.ch]: open your Windows!
    • by Peyna ( 14792 ) on Tuesday December 17, 2002 @06:38AM (#4906095) Homepage
      A CS degress means you know how it all works, but you don't have be an expert in any particular langauge, operating system, or application. Instead you should be able to easily adapt to a quickly changing field.

      For all we know, there may be some new radical ideas in the next few years that void the need to be an expert in Linux or Windows. What a horrible waste of time to work at perfecting a restricted set of skills for a proprietary system.
  • by heffrey ( 229704 ) on Tuesday December 17, 2002 @08:30AM (#4906336)
    If the prestigious and world famous Department of Informatics at Wollongong University have taken this decision then I'm pretty sure the rest of the world will follow suit in short order.

    This story is typical Slashdot. Small university department moves to Linux (= big story); Multinational Company switches from Sun to Microsoft (=no news).

    Small earthquake in Chile, not many dead.

    Yawn.
  • by little_fluffy_clouds ( 441841 ) on Tuesday December 17, 2002 @08:47AM (#4906379)

    ... dumped all of their UNIX machines in computer science and bought new Windows labs about 3 years ago. I know, because I was there starting the undergrad. As of March, they claimed the course was not going to change at all - by November they had dropped such "obselete" subjects like Algorithms and Data Structures and picked up crap to do with web applications nobody will even remember in 2 years (it's been three and I have no clue). I was disgusted by their sellout, and moved to another, UNIX oriented University (University of New England), where each undergrad (I was external) is *required* to install Linux or another UNIX/UNIX like OS in first year, and all assignments from the very first are submitted on a Linux machine, where they must compile properly (I develop on NetBSD, but never had any issues at that level compiling and submitting on the Linux machine).

    Fuck UQ and their sellout for the almighty buck. If that is not what is was, I apologise, but it sure looked just like that from where I was at the time. I feel for the academics caught in the middle of it all.

Our business is run on trust. We trust you will pay in advance.

Working...