<br><br><div class="gmail_quote">On Thu, Jun 18, 2009 at 10:19 AM, Martin Langhoff <span dir="ltr"><<a href="mailto:martin.langhoff@gmail.com">martin.langhoff@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">On Thu, Jun 18, 2009 at 3:59 PM, Dave Bauer<<a href="mailto:dave.bauer@gmail.com">dave.bauer@gmail.com</a>> wrote:<br>
> Most Moodle installs are available to the internet. Does it really make<br>
> sense to rely only on Moodle being on the internal network to provide<br>
> security?<br>
<br>
</div>You are right, and a lot of my pre-OLPC work has been in making the<br>
largest of those installations work smoothly in scale, security,<br>
performance, customisations... In those cases, Moodle is a webapp.<br>
<br>
In this case, however. Moodle is the central UI for most things XS.<br>
Some things XS change how the XS behave.<br>
<br>
For example, I am drafting a bit of code that will let you configue<br>
eth0 and 'domain_config' from a Moodle-based UI. So on first boot, the<br>
XS comes up in a special mode that lets you set those 2 things.<br>
<br>
Once this work is done, you no longer need to login as root. Ever.<br>
</blockquote><div><br>Cool, maybe a switch to turn this off would be useful for those who are running a different configuration.<br><br>Dave <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
On the other hand, it'd be serious trouble if Moodle started listening<br>
on the public address. Right now Moodle seems to be reasonably meek...<br>
but I haven't thought that through actually, it may have risks too.<br>
<br>
The bottom line is:<br>
<br>
Services that are on the LAN address have not been<br>
designed to be on the WAN address -- many (most?)<br>
of them are a security risk if exposed to the WAN<br>
today. As the XS evolves, _more_ services will pose<br>
a risk if exposed to the WAN.<br>
<br>
So -- put your test/dev machines on the LAN to play with things. The<br>
XS will hand out DHCP leases to non-XOs, you can create "normal" user<br>
accounts in Moodle (from the 'course creator'-blessed XO) so that<br>
things work. Using non-Sugar XMPP clients (mostly) works too if you're<br>
on the LAN.<br>
<br>
hth,<br>
<div><div></div><div class="h5"><br>
<br>
<br>
m<br>
--<br>
<a href="mailto:martin.langhoff@gmail.com">martin.langhoff@gmail.com</a><br>
<a href="mailto:martin@laptop.org">martin@laptop.org</a> -- School Server Architect<br>
- ask interesting questions<br>
- don't get distracted with shiny stuff - working code first<br>
- <a href="http://wiki.laptop.org/go/User:Martinlanghoff" target="_blank">http://wiki.laptop.org/go/User:Martinlanghoff</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Dave Bauer<br><a href="mailto:dave@solutiongrove.com">dave@solutiongrove.com</a><br><a href="http://www.solutiongrove.com">http://www.solutiongrove.com</a><br>