[Server-devel] DansGuardian (was What's cooking in the XS pot this week, (2008-10--01))

David Van Assche dvanassche at gmail.com
Mon Oct 6 05:33:10 EDT 2008


You may want to look into SquidGuard... it may be an alternative to
Dansguardian as it seems much lighterweight and more customizable in
the way you've been doing the bash side of things on the XS to date:
http://www.squidguard.org/

Kind Regards,
David Van Assche

On Sun, Oct 5, 2008 at 1:01 PM, Martin Langhoff
<martin.langhoff at gmail.com> wrote:
> On Sun, Oct 5, 2008 at 3:02 PM, Martin Langhoff
> <martin.langhoff at gmail.com> wrote:
>> I'm still a bit ambivalent with regards to DG and how much of a good
>> fit it is, so let's be clear - long term, what we want is a good
>> quality content filter.
>
> Been ruminating on this a bit. The more I think about it, the more
> clear it is that DG on the XS is not a good long term solution.
>
>  - from reports, it seems to be fairly cpu and memory heavy
>  - and its content scanning is fairly primitive - not bayesian
>
> For DG to be effective, I'd like to do Bayesian filtering, with the
> ability to train it. Or something in thesame family of strategies but
> smarter. The problem is that the XS will not have enough cpu/mem to
> handle this task.
>
> So it's a task better pushed to a proxy/filter "upstream" at the ISP
> network -- for any large deployment, we should start advising the
> local team to arrange with the ISP(s?) involved the co-location of 1
> server. This server gives us an opportunity to perform
>
>  - filtering at one central place
>   = better scale up / scale out economies (making bayesian costs more
> reasonable)
>   = larger "scoring" pool, so good/bad content gets flagged faster
> and for everyone
>   = white/blacklisting is immediate and for everyone
>   = better bandwidth/traffic efficiency - unwanted content never
> clogs the slow/limited school pipe
>   = unsure if DG is the tool of choice here
>
>  - smart upstream proxing
>   = run an rproxy upstream or similar
>   = provide "seed" content for downstream proxies to pull
>
>  - With this setup, laptops can be configured to attempt to use the
> upstream proxy even when connected via a non-school AP. This way, the
> protections extend to kids accessing internet outside of school. This
> is somewhat hard to enforce - we are protecting kids that want to be
> kids. Once a kid is at a cybercafe and has the intention to sidestep
> the filter, the genie is out of the bottle: he/she could just use one
> of the other machines anyway.
>
> On every XS I want to include blacklisting facilities so that teachers
> can exert local control in a hurry, but that is simple, blunt, and
> hardly needs DG :-)
>
> In any case, we can still think of DG as a "pilot deployment" filter.
>
> cheers,
>
>
>
> m
> --
>  martin.langhoff at gmail.com
>  martin at laptop.org -- School Server Architect
>  - ask interesting questions
>  - don't get distracted with shiny stuff  - working code first
>  - http://wiki.laptop.org/go/User:Martinlanghoff
> _______________________________________________
> Server-devel mailing list
> Server-devel at lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel
>


More information about the Server-devel mailing list