[Server-devel] DansGuardian (was What's cooking in the XS pot this week, (2008-10--01))

Martin Langhoff martin.langhoff at gmail.com
Sun Oct 5 07:01:15 EDT 2008


On Sun, Oct 5, 2008 at 3:02 PM, Martin Langhoff
<martin.langhoff at gmail.com> wrote:
> I'm still a bit ambivalent with regards to DG and how much of a good
> fit it is, so let's be clear - long term, what we want is a good
> quality content filter.

Been ruminating on this a bit. The more I think about it, the more
clear it is that DG on the XS is not a good long term solution.

 - from reports, it seems to be fairly cpu and memory heavy
 - and its content scanning is fairly primitive - not bayesian

For DG to be effective, I'd like to do Bayesian filtering, with the
ability to train it. Or something in thesame family of strategies but
smarter. The problem is that the XS will not have enough cpu/mem to
handle this task.

So it's a task better pushed to a proxy/filter "upstream" at the ISP
network -- for any large deployment, we should start advising the
local team to arrange with the ISP(s?) involved the co-location of 1
server. This server gives us an opportunity to perform

 - filtering at one central place
   = better scale up / scale out economies (making bayesian costs more
reasonable)
   = larger "scoring" pool, so good/bad content gets flagged faster
and for everyone
   = white/blacklisting is immediate and for everyone
   = better bandwidth/traffic efficiency - unwanted content never
clogs the slow/limited school pipe
   = unsure if DG is the tool of choice here

 - smart upstream proxing
   = run an rproxy upstream or similar
   = provide "seed" content for downstream proxies to pull

 - With this setup, laptops can be configured to attempt to use the
upstream proxy even when connected via a non-school AP. This way, the
protections extend to kids accessing internet outside of school. This
is somewhat hard to enforce - we are protecting kids that want to be
kids. Once a kid is at a cybercafe and has the intention to sidestep
the filter, the genie is out of the bottle: he/she could just use one
of the other machines anyway.

On every XS I want to include blacklisting facilities so that teachers
can exert local control in a hurry, but that is simple, blunt, and
hardly needs DG :-)

In any case, we can still think of DG as a "pilot deployment" filter.

cheers,



m
-- 
 martin.langhoff at gmail.com
 martin at laptop.org -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 - http://wiki.laptop.org/go/User:Martinlanghoff


More information about the Server-devel mailing list