[efh] Demonstrating code in the ACTLab?

Drake Wilson drake at begriffli.ch
Mon Mar 12 18:57:06 CDT 2007 

Quoth Allucquére Rosanne Stone <sandy at sandystone.com>, on 2007-03-12 18:31:51 -0600:
> Absolutely not.  Are you sitting down?  Each time you log off, they 
> RELOAD the ENTIRE OPERATING SYSTEM.  This is true for all UT lab 
> machines, Mac or PC.

Uh, hmm.

Well, for random campus computer labs where they're expecting a huge
proportion of lusers who will complain about everything, that might be
sane.  However, the ACTLab isn't exactly a random campus computer lab.

On the third hand, I suppose they have to protect themselves from
lusers wandering in, seeing unfamiliar computers, instantly losing all
brain function, and then calling up IT and giving them headaches about
it.

I suppose you can't really win.  :-\

> It is an insurance-driven thing, meant to 
> protect the university from lawsuits arising from identity theft. 
> Hence we encourage people to work from their own laptops.  These are 
> strange times, my friend...
> 
> (p.s. I'd assume it's not quite so draconian...they probably reload 
> only the user-accessible stuff: binaries, apps, config directories, 
> and desktop.  They probably do a checksum on the kernel and reload it 
> if the checksum has changed.  But what else is there, really?)

So combine the SSH thing with a script that wipes the contents of the
temporary local home directory /home/whatever and also /tmp whenever
someone logs out.  Use a read-only image for / and union-mount
everything that needs to be writable from a ramdisk or separate
writable image, just like live CDs do---they're designed precisely for
that sort of behavior.

You could even _use_ a live distribution as the base---several of them
support installing to the hard drive and creating custom images with
only the packages you want.

If you want to be fancier---I don't remember whether Xen actually
supports this or not, but if it has discard-writes-at-end-of-session
ability or similar (something like -snapshot in QEMU), then run the
box inside such a Xen domain and destroy the entire domain when you're
done.

   ---> Drake Wilson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://home.actlab.utexas.edu/pipermail/efh/attachments/20070312/451c77d3/attachment.pgp

More information about the efh mailing list