CIPA done (was: OLPC Project suggestions.)
Joshua N Pritikin
jpritikin at pobox.com
Wed May 7 10:04:44 EDT 2008
On Wed, May 07, 2008 at 02:35:07AM -0400, Albert Cahalan wrote:
> > Child-safe web filtering on XO
> > Regardless of its merits, CIPA requires it for XO deployments
> > in US schools:
> Here are the requirements: http://ifea.net/cipa.pdf
> The easy way out is child ownership. The requirements only
> apply to computers which are owned by schools and libraries.
> Probably not every potential buyer is aware of this.
> The other thing to note is that there is no required level of
> performance, configurability, reliability, or anything else.
> People keep assuming that perfection is necessary; it is not.
> Not that schools should own the computers though; OLPC should
> continue to push for child ownership. (of course the schools
> may wish to filter upstream, and they will certainly wish to get
> parental permission before distributing hardware)
> Anyway, this isn't much of a project. Meeting the requirements
> for school-owned and library-owned hardware is very simple.
> iptables -A INPUT -i eth0 -p tcp -j CIPA
> iptables -N CIPA
> while read i ; do iptables -A CIPA -s $i -j DROP ; done < /etc/cipa.conf
That is totally half-assed. As a parent, I would be pissed off when I
became aware of the quality of such an OLPC web filtering solution.
How about if we place a DansGuardian transparent proxy on a public IP
address (e.g. proxy.laptop.org). The laptop can use iptables to route
everything through the proxy. Then we don't have to waste precious RAM
filtering on the laptop.
More information about the Devel