Tux

...making Linux just a little more fun!

Talkback:128/adam1.html

Thai Duong [thaidn at yahoo.com]
Mon, 16 Oct 2006 12:04:56 -0700 (PDT)

Hi there,

I'm Thai from Vietnam. I just want to introduce you Kiosk Appliance (http://kiosk.rpath.org) which is a distro focusing on user's security and privacy inspired by your article "Creating a Rudimentary Kiosk System using FVWM". Using rPath technology, I provide 3 versions of Kiosk Appliance: a VMWare image, a LiveCD and an installable CD. Included is just enough rPath Linux and FVWM to run a locked down version of Firefox. Firefox is also pre-configured to automatically reset after each used so that personal information is never stored permanently. The current stable version is 0.2 which features:

1) Clear all personal data on exit;

2) Reset after a period of inactivity;

3) Disable form history;

4) Disable page caching;

...and much more, you can view more details at http://www.rpath.org/rbuilder/project/kiosk/release?id=5096

I've been working on Kiosk Appliance 0.3 which has many more features such as the ability to disable access to Firefox's internal URLs or dialogs, i.e about:* URL, the Firefox Preferences dialog...I hope K.A 0.3 to be released on the next few days. Many thanks to Thomas Adam for helping me to configure fvwm.

Any thought or suggestion? I'm really anxious to hear from you.

Best regards,

Thai Duong.


Top    Back


Thomas Adam [thomas.adam22 at gmail.com]
Mon, 16 Oct 2006 20:39:56 +0100

On Mon, Oct 16, 2006 at 12:04:56PM -0700, Thai Duong wrote:

> Hi there,
> 
> I'm Thai from Vietnam. I just want to introduce you
> Kiosk Appliance (http://kiosk.rpath.org) which is a
> distro focusing on user's security and privacy
> inspired by your article "Creating a Rudimentary Kiosk
> System using FVWM". Using rPath technology, I provide
> 3 versions of Kiosk Appliance: a VMWare image, a
> LiveCD and an installable CD.  Included is just enough
> rPath Linux and FVWM to run a locked down version of
> Firefox. Firefox is also pre-configured to
> automatically reset after each used so that personal
> information is never stored permanently. The current
> stable version is 0.2 which features:

Heh. I must say that this is a first for me:

1. Someone actually reads the crap I publish. :P, and: 2. Someone has actually taken something I've written and turned it into something useful. What an excellent idea. I am pleased it has inspired a rather interesting project, and the fact it works. The original intention idea was more as a proof-of concept; a vehicle upon which to try and demonstrate some of FVWM's features. I'm glad it worked.

> 1) Clear all personal data on exit;
> 
> 2) Reset after a period of inactivity;
> 
> 3) Disable form history;
> 
> 4) Disable page caching;

These things are of course a form of Firefox configuration. Are you using any of the kiosk browser plugins that Firefox can use? One of the reasons why I perhaps didn't advocate them is that they only do half the job -- and and best interfere with window management. It could be argued that window management isn't necessary, but I'd argue that it is, if you want the finer control of peripheral aspects.

> ...and much more, you can view more details at
> http://www.rpath.org/rbuilder/project/kiosk/release?id=5096

Looks good.

> I've been working on Kiosk Appliance 0.3 which has
> many more features such as the ability to disable
> access to Firefox's internal URLs or dialogs, i.e
> about:* URL, the Firefox Preferences dialog...I hope
> K.A 0.3 to be released on the next few days. Many
> thanks to Thomas Adam for helping me to configure
> fvwm.

You're welcome.

> Any thought or suggestion? I'm really anxious to hear
> from you.

I ran the liveCD ISO in QMU and it worked fine. There are one or two things in the FVWM configuration though you might want to address:

Style Firefox-bin  NoButton 1, NoButton 2, NoButton 4, Layer 8
The use of "NoFoo" to negate or turn-off a style is now for the most part considered deprecated in FVWM 2.5.18 (the unstable release of FVWM at the time of writing you should ideally be using). Instead, negation works how most other languages define negation, via the bang (!) symbol, hence:

Style Firefox-bin  !Button 1, !Button 2, !Button 4, Layer 8
Also, the line:

Key Escape A A -
Should be changed to:

Key Escape A M -
So that it works for the meta key. If there's anything else you'd like to know, just shout.

-- Thomas Adam

-- 
"If I were a witch's hat, sitting on her head like a paraffin stove, I'd
fly away and be a bat." -- Incredible String Band.


Top    Back


Thai Duong [thaidn at yahoo.com]
Mon, 16 Oct 2006 13:55:45 -0700 (PDT)

--- Thomas Adam <thomas.adam22 at gmail.com> wrote:

> On Mon, Oct 16, 2006 at 12:04:56PM -0700, Thai Duong
> wrote:
> > Hi there,
> > 
> > I'm Thai from Vietnam. I just want to introduce
> you
> > Kiosk Appliance (http://kiosk.rpath.org) which is
> a
> > distro focusing on user's security and privacy
> > inspired by your article "Creating a Rudimentary
> Kiosk
> > System using FVWM". Using rPath technology, I
> provide
> > 3 versions of Kiosk Appliance: a VMWare image, a
> > LiveCD and an installable CD.  Included is just
> enough
> > rPath Linux and FVWM to run a locked down version
> of
> > Firefox. Firefox is also pre-configured to
> > automatically reset after each used so that
> personal
> > information is never stored permanently. The
> current
> > stable version is 0.2 which features:
> 
> Heh.  I must say that this is a first for me:
> 
> 1.  Someone actually reads the crap I publish. 
> :P, and:
> 2.  Someone has actually taken something I've
> written and turned it into
>     something useful.  
>  
> What an excellent idea.  I am pleased it has
> inspired a rather
> interesting project, and the fact it works.  The
> original intention idea
> was more as a proof-of concept; a vehicle upon which
> to try and
> demonstrate some of FVWM's features.  I'm glad it
> worked.

Hey what you (and LG) have published is not crap :p, I've always found them interesting and very straight forward to stuff that works. Another article I'm reading ATM is http://linuxgazette.net/124/smith.html. I plan to integrate this idea into Kiosk Appliance.

> 
> > 1) Clear all personal data on exit;
> > 
> > 2) Reset after a period of inactivity;
> > 
> > 3) Disable form history;
> > 
> > 4) Disable page caching;
> 
> These things are of course a form of Firefox
> configuration.  Are you
> using any of the kiosk browser plugins that Firefox
> can use?  One of the
> reasons why I perhaps didn't advocate them is that
> they only do half the
> job -- and and best interfere with window
> management.  It could be
> argued that window management isn't necessary, but
> I'd argue that
> it is, if you want the finer control of peripheral
> aspects.
> 
> > ...and much more, you can view more details at
> >
>
http://www.rpath.org/rbuilder/project/kiosk/release?idP96

> 
> Looks good.

Yes I use two Firefox extensions: rKiosk and autoreset. rKiosk helps me to simplify Firefox's chrome and autoreset helps me to reset Firefox after an inactivity period. I wonder whether fvwm can do this. If it can, I'll be happy to use it instead of Firefox extensions. I also ship a custom Firefox's preference which is auto re-installed after each use.

Beside kiosk extension, I also intend to install some general extensions such as AdBlock Plus, FasterFox or some of Web 2.0 extensions...to extend and improve the functionality of K.A. Do you have any suggestion about which extension should I use in K.A?

> 
> > I've been working on Kiosk Appliance 0.3 which has
> > many more features such as the ability to disable
> > access to Firefox's internal URLs or dialogs, i.e
> > about:* URL, the Firefox Preferences dialog...I
> hope
> > K.A 0.3 to be released on the next few days. Many
> > thanks to Thomas Adam for helping me to configure
> > fvwm.
> 
> You're welcome.
> 
> > Any thought or suggestion? I'm really anxious to
> hear
> > from you.
> 
> I ran the liveCD ISO in QMU and it worked fine. 
> There are one or two
> things in the FVWM configuration though you might
> want to address:
> 
> ``
> Style Firefox-bin  NoButton 1, NoButton 2, NoButton
> 4, Layer 8
> ''
> 
> The use of "NoFoo" to negate or turn-off a style is
> now for the most
> part considered deprecated in FVWM 2.5.18 (the
> unstable release of FVWM
> at the time of writing you should ideally be using).
>  Instead, negation
> works how most other languages define negation, via
> the bang (!) symbol,
> hence:
> 
> ``
> Style Firefox-bin  !Button 1, !Button 2, !Button 4,
> Layer 8
> ''
> 
> Also, the line:
> 
> ``
> Key Escape A A -
> ''
> 
> Should be changed to:
> 
> ``
> Key Escape A M -
> ''
> 
> So that it works for the meta key.  If there's
> anything else you'd like
> to know, just shout.

Attachment is my new fvwm's configuration. Please take a look at it and tell me if anything goes wrong.

TIA,

-Thai Duong.


Top    Back


Thomas Adam [thomas.adam22 at gmail.com]
Mon, 16 Oct 2006 22:35:09 +0100

On Mon, Oct 16, 2006 at 01:55:45PM -0700, Thai Duong wrote:

> Yes I use two Firefox extensions: rKiosk and
> autoreset. rKiosk helps me to simplify Firefox's
> chrome and autoreset helps me to reset Firefox after
> an inactivity period. I wonder whether fvwm can do
> this. If it can, I'll be happy to use it instead of
> Firefox extensions. I also ship a custom Firefox's
> preference which is auto re-installed after each use.

It depends what you mean by "inactive". Whilst FVWM can keep track of things like focus, what it can't do is reliably detect other things. So this is best left to a plugin.

> Beside kiosk extension, I also intend to install some
> general extensions such as AdBlock Plus, FasterFox or
> some of Web 2.0 extensions...to extend and improve the
> functionality of K.A. Do you have any suggestion about
> which extension should I use in K.A?

I know nothing about Firefox, to be honest. I use ELinks as my browser of choice, although having a quick look at those plugins suggest they all do Cool Things (tm).

> Attachment is my new fvwm's configuration. Please take
> a look at it and tell me if anything goes wrong.

It looks fine to me.

-- Thomas Adam

-- 
"If I were a witch's hat, sitting on her head like a paraffin stove, I'd
fly away and be a bat." -- Incredible String Band.


Top    Back


Neil Youngman [neil.youngman at youngman.org.uk]
Tue, 17 Oct 2006 06:17:52 +0100

On or around Monday 16 October 2006 21:55, Thai Duong reorganised a bunch of electrons to form the message:

> Beside kiosk extension, I also intend to install some
> general extensions such as AdBlock Plus, FasterFox or
> some of Web 2.0 extensions...to extend and improve the
> functionality of K.A. Do you have any suggestion about
> which extension should I use in K.A?

AdBlock plus is a cool toy, if you can spend time tuning it to your own preferences. For a kiosk I probably wouldn't choose it, as any settings wouldn't be saved, plus it would take a pretty savvy user to figure out how to override it if it blocked something he wanted to see.

For blocking ads in a kiosk, privoxy might be better. It comes with a substantial list of advertising sites to block and offers a "go there anyway" link.

Neil Youngman


Top    Back


Thomas Adam [thomas.adam22 at gmail.com]
Tue, 17 Oct 2006 21:39:49 +0100

On Mon, Oct 16, 2006 at 01:55:45PM -0700, Thai Duong wrote:

> Hey what you (and LG) have published is not crap :p,
> I've always found them interesting and very straight
> forward to stuff that works. Another article I'm
> reading ATM is http://linuxgazette.net/124/smith.html.
> I plan to integrate this idea into Kiosk Appliance.

I am sure that Ben would welcome an article from you if you're willing about your kiosk implementation. Indeed, I would be very interested to know not so much about the implementation, but moreso the kinds of people that are using it. I find those sorts of things fascinating.

-- Thomas Adam

-- 
"If I were a witch's hat, sitting on her head like a paraffin stove, I'd
fly away and be a bat." -- Incredible String Band.


Top    Back


Samuel Bisbee-vonKaufmann [sbisbee at bu.edu]
Tue, 17 Oct 2006 18:18:06 -0400 (EDT)

On Tue, 17 Oct 2006, Thomas Adam wrote:

> On Mon, Oct 16, 2006 at 01:55:45PM -0700, Thai Duong wrote:
>> Hey what you (and LG) have published is not crap :p,
>> I've always found them interesting and very straight
>> forward to stuff that works. Another article I'm
>> reading ATM is http://linuxgazette.net/124/smith.html.
>> I plan to integrate this idea into Kiosk Appliance.
>
> I am sure that Ben would welcome an article from you if you're willing
> about your kiosk implementation.  Indeed, I would be very interested to
> know not so much about the implementation, but moreso the kinds of
> people that are using it.  I find those sorts of things fascinating.
>
> -- Thomas Adam
>

Yes, agreed. However, instead of just focusing on locking down web browsers, it would be interesting to hear about securing other commonly used programs. For example, I did some contract work for a company that wanted kiosks that only ran their database program (filepro) with specific permissions; the purpose was to allow clients to look at potential properties without the need for an agent to stand over them.

-----
Samuel Kotel Bisbee-vonKaufmann | "A computer once beat me at chess, but
  Boston University, Undergrad.  | it was no match for me at kick boxing."
  OFTC.net, Network Operator     | -Emo Philips


Top    Back


Thomas Adam [thomas.adam22 at gmail.com]
Wed, 18 Oct 2006 06:49:39 +0100

On Tue, Oct 17, 2006 at 06:18:06PM -0400, Samuel Bisbee-vonKaufmann wrote:

> Yes, agreed. However, instead of just focusing on locking down web 
> browsers, it would be interesting to hear about securing other commonly 
> used programs. For example, I did some contract work for a company that 
> wanted kiosks that only ran their database program (filepro) with specific 
> permissions; the purpose was to allow clients to look at potential 
> properties without the need for an agent to stand over them.

It's really only a variation upon a theme. There is only a certain number of ways one can describe how to block transient windows, for instance. :P

-- Thomas Adam

-- 
"If I were a witch's hat, sitting on her head like a paraffin stove, I'd
fly away and be a bat." -- Incredible String Band.


Top    Back


Thai Duong [thaidn at yahoo.com]
Tue, 17 Oct 2006 19:32:32 -0700 (PDT)

--- Thomas Adam <thomas.adam22 at gmail.com> wrote:

> 
> I am sure that Ben would welcome an article from you
> if you're willing
> about your kiosk implementation.  Indeed, I would be
> very interested to
> know not so much about the implementation, but
> moreso the kinds of
> people that are using it.  I find those sorts of
> things fascinating.
> 
> -- Thomas Adam
I'm going to release K.A 0.3 today and after that I'll try to write an article about K.A. In fact, the bank I'm working for has backed me to work on this since they wanna have something to replace Windows on their teller's computer. The tellers only need a browser to connect to our core banking web application to do their business and you know Linux + Firefox is probably a better choice than the current Windows + Internet Explorer solution. Another use of K.A at our bank is to make Internet Banking kiosk aka self-service kiosk. I'll probably write more about this in my article.

-Thai Duong


Top    Back


Thai Duong [thaidn at yahoo.com]
Tue, 17 Oct 2006 19:32:32 -0700 (PDT)

--- Thomas Adam <thomas.adam22 at gmail.com> wrote:

> 
> I am sure that Ben would welcome an article from you
> if you're willing
> about your kiosk implementation.  Indeed, I would be
> very interested to
> know not so much about the implementation, but
> moreso the kinds of
> people that are using it.  I find those sorts of
> things fascinating.
> 
> -- Thomas Adam
I'm going to release K.A 0.3 today and after that I'll try to write an article about K.A. In fact, the bank I'm working for has backed me to work on this since they wanna have something to replace Windows on their teller's computer. The tellers only need a browser to connect to our core banking web application to do their business and you know Linux + Firefox is probably a better choice than the current Windows + Internet Explorer solution. Another use of K.A at our bank is to make Internet Banking kiosk aka self-service kiosk. I'll probably write more about this in my article.

-Thai Duong


Top    Back


Benjamin A. Okopnik [ben at linuxgazette.net]
Thu, 19 Oct 2006 09:47:52 -0600

[ CCd to Thai under separate cover, with the New Author Guide appended.]

On Tue, Oct 17, 2006 at 07:32:32PM -0700, Thai Duong wrote:

> 
> --- Thomas Adam <thomas.adam22 at gmail.com> wrote:
> 
> > 
> > I am sure that Ben would welcome an article from you
> > if you're willing
> > about your kiosk implementation.

I would indeed. I like the idea of a "turn-key" kiosk - and the fact that it was inspired by Thomas doesn't hurt either. :)

> I'm going to release K.A 0.3 today and after that I'll
> try to write an article about K.A. In fact, the bank
> I'm working for has backed me to work on this since
> they wanna have something to replace Windows on their
> teller's computer. The tellers only need a browser to
> connect to our core banking web application to do
> their business and you know Linux + Firefox is
> probably a better choice than the current Windows +
> Internet Explorer solution.

That's interesting; from what I've seen, banks here in the US mostly appear to use some sort of a *nix-based GUI on the front end and a mainframe in the back. In many cases, "serious" transactions (e.g., opening an account) are done in a virtual terminal that looks like a 1960s green-screen - and Wind0ws is only ever seen on the customers' side of the partition, perhaps as a kiosk connected to the bank's site. Oh, and some ATMs, of course.

http://www.windowsfordevices.com/news/NS6438545389.html

(Manufactured by Diebold, unsurprisingly.)

> Another use of K.A at our
> bank is to make Internet Banking kiosk aka
> self-service kiosk. I'll probably write more about
> this in my article.

I'm definitely looking forward to seeing it.

* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *


Top    Back


Martin Hooper [martinjh at blueyonder.co.uk]
Thu, 19 Oct 2006 17:09:16 +0100

On 19/10/2006 Benjamin A. Okopnik wrote:

> (Manufactured by Diebold, unsurprisingly.)

I'm still surprised that no one has stopped using their voting machines seeing there are more bugs in one of those...

AFAIK here in the UK its paper voting and its not likely to change.


Top    Back


Benjamin A. Okopnik [ben at linuxgazette.net]
Thu, 19 Oct 2006 12:01:48 -0600

On Thu, Oct 19, 2006 at 05:09:16PM +0100, Martin Hooper wrote:

> On 19/10/2006 Benjamin A. Okopnik wrote:
> > (Manufactured by Diebold, unsurprisingly.)
> 
> I'm still surprised that no one has stopped using their voting 
> machines seeing there are more bugs in one of those...

If it was a decision based on minor, unimportant factors - such as, say, justice, voting fairness, technical expertise, the basic rights of citizenship - then it would have been stopped long ago, or never even started without overwhelming evidence of benefits without detrimental effects. However, since it's a political decision, all of that detritus goes into the wastebasket.

  "I am committed to helping Ohio deliver its electoral votes to the
  president."
   -- Walden "Wally" O'Dell, board chairman/CEO of Diebold, in a
	Bush fund-raiser invitation (8/2003)
> AFAIK here in the UK its paper voting and its not likely to change.

What, you don't want the undisputed benefits of having your Great Leader selected for you? Barbarians. :)

* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *


Top    Back


Kapil Hari Paranjape [kapil at imsc.res.in]
Fri, 20 Oct 2006 07:24:28 +0530

On Thu, 19 Oct 2006, Benjamin A. Okopnik wrote:

> On Thu, Oct 19, 2006 at 05:09:16PM +0100, Martin Hooper wrote:
> > I'm still surprised that no one has stopped using their voting 
> > machines seeing there are more bugs in one of those...
>
> > AFAIK here in the UK its paper voting and its not likely to change.
> 
> What, you don't want the undisputed benefits of having your Great Leader
> selected for you? Barbarians. :)

Our Great Leader is elected using voting machines. This has actually led to a decrease in electoral malpractice but at a significant cost that may be exploited later---the design, manufacture and maintenance of the voting machines is closed source.

Regards,

Kapil. --


Top    Back


Suramya Tomar [security at suramya.com]
Thu, 19 Oct 2006 22:53:38 -0400

> Our Great Leader is elected using voting machines. This has actually
> led to a decrease in electoral malpractice but at a significant cost
> that may be exploited later---the design, manufacture and maintenance
> of the voting machines is closed source.
> 

An interesting site on how to win an election:
http://www.fixavote.com/

- Suramya

Name : Suramya Tomar
Homepage URL: http://www.suramya.com
**********************************************************
Disclaimer:
Any errors in spelling, tact, or fact are transmission errors.
**********************************************************


Top    Back


Benjamin A. Okopnik [ben at linuxgazette.net]
Thu, 19 Oct 2006 22:12:34 -0600

On Fri, Oct 20, 2006 at 07:24:28AM +0530, Kapil Hari Paranjape wrote:

> On Thu, 19 Oct 2006, Benjamin A. Okopnik wrote:
> > On Thu, Oct 19, 2006 at 05:09:16PM +0100, Martin Hooper wrote:
> > > I'm still surprised that no one has stopped using their voting 
> > > machines seeing there are more bugs in one of those...
> >
> > > AFAIK here in the UK its paper voting and its not likely to change.
> > 
> > What, you don't want the undisputed benefits of having your Great Leader
> > selected for you? Barbarians. :)
> 
> Our Great Leader is elected using voting machines. This has actually
> led to a decrease in electoral malpractice but at a significant cost
> that may be exploited later---the design, manufacture and maintenance
> of the voting machines is closed source.

There's nothing wrong with voting machines /per se/; there are right ways to do it, including full tracking and accountability. Here's an example of some excellent thinking on the subject by Ron Rivest:

http://theory.csail.mit.edu/~rivest/Rivest-TheThreeBallotVotingSystem.pdf

The problem is a system in which there's neither tracking, nor accountability, nor security - and the people who benefit have hidden this behind the screen of "it's all electronical and compooters and stuff". If they tried it with paper ballots, the voters would have hung them on the nearest tree; since it's them dang mysterious compooters, well, nobody understands what they do anyway...

It just really winds up my crank to see people using technology to shove us all back into the Dark Ages.

* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *


Top    Back