Ubuntu Developer Summit : Mountain View 2006 : Edubuntu Interests

1. Features Recorded in LaunchPad

On a first pass, these feature specifications were seen as relevant to Edubuntu or Ubuntu in Education

Proposed specs pending approval

Notable Networking Specs

Relevant spec collections, grouped by developers

• ogra's specs

• rodarvus' specs

• sbalneav's specs

• Ubuntu Directory Team's specs

• highvoltage's specs

• laserjock's specs

• cbx33's specs

2. Features Requested : Summary

Feature Requests : Existing

1. Dynamic Menus
   • see above: edubuntu-menus-completion
2. Edubuntu "bundle / package"
   • for Seconday Schools
   • for Universities
   • different desktop configurations for different groups

Feature Requests : Extracted from Comments Extracted from Mailing Lists

1. User / Group Management
   • adding/deleting users
   • group management
   • creating 50 or more students at a time
   • putting them into groups-classes
   • managing passwords
   • creating common folders

   • sending a file to an entire group <- {uds mv: included in SCP spec}

2. Workstation / Environment Management

   • remote workstation takeover <- {uds mv: included in SCP spec}

   • monitoring usage

3. Authentication & Integration

   • Flawless, easy support for:

     • Linux servers supporting Mac and Windows clients <- {uds mv: included in LDAP Directory Server spec}

     • Linux clients/servers in Mac and/or Windows centric environments <- {uds mv: included in LDAP Directory Server spec}

   • Edubuntu should be able to administrate users in a ldap or to connect with an external ldap.
     • It should be possible to:

       • connect edubuntu from windows clients <- {uds mv: included in LDAP Directory Server spec}

       • work as a domain server <- {uds mv: included in LDAP Directory Server spec}

   • I'd really like to see an "Active Directory Compatibility" package that can be simply installed through Synaptic that depends on all the necessary packages and configures them correctly <- {uds mv: AD will be next generation. LDAP Directory Server for Edubuntu for Feisty and then generalised to Ubuntu, then AD}

4. Sound
   • A more standardized approached to sound and video in Edubuntu might be possible.
5. SSH : DedicatedLTSPSSH
   • Packages affected:
     • ltsp-server (possibly openssh-server)
   • --Summary--

     • In order to improve securability of ssh, Edubuntu by default should set up two sshd instances, one dedicated to LTSP and one standard instance for other access. These instances might either bind to different tcp ports (eg 22 & 10022) or different IPs

     • -- the latter requiring the server to have two ip addresses. The standard sshd could be disabled by default or have restricted access.
   • --Rationale--
     • Random ssh dictionary attacks are very common on the net. If the existing ssh setup is exposed to the net (eg for remote admin), all of the accounts are exposed to this. Accounts with weak passwords are at risk of being compromised. The risk of directed attacks (eg a student compromising a teacher's account) is also heightened.

       Currently the only protection is use of TCP wrappers. All users must be accepted with simple password authentication for ltsp logins to work. With a second sshd instance, ssh facilities like AllowUsers, AllowGroups and unsetting PasswordAuthentication can be used (even by default) to restrict remote ssh access.

   • --Use Cases--
     • A school with a consultant, parent, etc. administering their server remotely. A school who does not have their net access firewalled.
   • --Design--
     • -Server-
       • The server runs a second sshd instance off the existing ssh binary.
       • This is bound either to a different IP or a different TCP port.
     • Client-
       • The client needs to connect to the server on port XXX instead of port
   • Implementation--
     • A second ssh service must be created with its own init script,
       • sshd_config and pid file.
     • These files would be included in the ltsp-server package.
       • /etc/ltsp/ltsp-sshd_config
       • /etc/default/ltsp-ssh
       • /etc/init.d/ltsp-ssh
       • /var/run/ltsp-ssh

       • ltsp-sshd_config is a copy of the usual sshd_config except that either the "Port 22" line must changed or a ListenAddress must be added.

       • In the latter case a ListenAddress must also be added to the standard sshd_config.

       • Also a line the following line is added.

         • PidFile /var/run/ltsp-sshd.pid

         • /etc/default/ltsp-ssh contains the line:
           • SSHD_OPTS="-f /etc/ltsp/ltsp-sshd_config"
         • /opt/ltsp/i386/usr/sbin/ldm is changed to add the port number to ssh_opts
         • If possible, the standard sshd is either
           • disabled by default
           • restricted to the admin group by default
         • If possible, ltsp-sshd should be restricted to local network access only using

           • AllowUsers *@192.168.0.0/24 (or whatever the local net is)

           • tcpwrappers?
           • iptables?
     • --Ideas--
       • Can tcp wrappers control the two instances separately, eg
         • sshd: ALL
         • ltsp-sshd: 192.168.0.0/24
         does this need a recompile or rename of the sshd binary?

Application Requests : Extracted from Comments Extracted from Mailing Lists

1. Skolelinux/Debian-Edu is working on Cipux users management
   • consider w.r.t.
     • remote workstation takeover
     • student control panel

     • see http://wiki.debian.org/DebianEdu/CipUX

2. Pysycache
3. General
   • Educational software for all areas, especially what we call "Academic" subjects:
     • Social Studies (Geography, History, Government, Economics, etc.)
     • Math (We teach from Pre-Algebra through Calculus and Trigonometry here)
     • And the Sciences
       • Chemistry
       • Biology
       • Earth and Space Sciences
   • The arts are fairly well represented in Ubuntu with the GIMP and Blender
     • How about Music ?
       • Programs that can be used for Music Theory classes, for example
       • not just Audacity for recording music
     • Will commented:

     • Have you had a look at http://ubuntustudio.com/

4. For researchers and graduate students and researchers who are NOT in the field of mathematics or computer science
   • TeX, LaTeX, LyX, etc aren't quite friendly enough when customizing to very specific dissertation requirements, or journal requirements.
   • More statistical packages
     • dunno what progress is being made on PSPP (the GNU answer to SPSS) but that would be welcome around here.
5. Tiddlywiki
6. bibtex
7. I've heard a lot of good things about Pulse Audio.

Tool Requests : Extracted from Comments Extracted from Mailing Lists

1. SchoolTool

   • bundle or integrate
   • closer relationship

Content Requests : Extracted from Comments Extracted from Mailing Lists

1. Moodle
   • bundle or integrate
   • closer relationship
2. LAMs
   • ensure easy integration
   • closer relationship

Collaboration Requests : Extracted from Comments Extracted from Mailing Lists

1. Edubuntu and Debian-edu
   • Further than this, I think that active collaboration between Edubuntu and Debian-edu could only be useful to all.

   • http://wiki.debian.org/DebianEdu/CipUX

3. Features Requested : Comments Extracted from Mailing Lists

These comments have been processed and summarised above:

Eric Harrison : K12LTSP

Here are the topics that regularly come up with the schools that I support:

• Management issues i.e.
  • adding/deleting users
  • group management
  • different desktop configurations for different groups
  • monitoring usage
  • etc

Basically all of the management features in Windows and MacOSX, but more robust and easier to use ;-)

{comment: included in 2.}

• Remote access.
  • Ubiquitous access to computers in schools is a great thing.
  • Ubiquitous access to those computing resources from the kids' homes is even better.

{comment: remote desktop included in 2.}

{comment: remote facilities from home deemed to be next generation}

• Wireless/mobile devices.
  • We are seeing more and more "non-desktop" computing devices.

{comment: will respond as approached. will not initiate.}

• Web-based applications.
  • Applications such as Moodle are in high demand.

{comment: included in 2.}

• Integration.
  • Flawless, easy support for Linux servers supporting Mac and Windows clients.
  • Flawless, easy support for Linux clients/servers in Mac and/or Windows centric environments.

<- {uds mv: included in LDAP Directory Server spec}

• Scalability.
  • Not really difficult, but it comes up often as schools expand beyond their initial evaluation implementations. Something we should always keep in mind.

My personal items of interest align with the LTSP developer goals:

• Complete the LTSP work we started in Detroit.
• Help Ogra with his LTSP management utility
• Local application support
• Improved sound support

{comment: already in LP specs above}

edubuntu-users

François BARILLON

• The first lack is the users-groups management
  • creating 50 or more students at a time
  • putting them into groups-classes
  • managing passwords
  • creating common folders
  • sending a file to an entire group
• Schooltool doesn't have this sort of management, but could have.

{comment: included in 2.}

• The German-french team of Skolelinux/Debian-Edu is working on Cipux users management and a customised version of moodle. I've tried it on Edubuntu but I've got problems connecting with the ldap (but I'm not a programmer).

{comment: included in 2.}

• Edubuntu should be able to administrate users in a ldap or to connect with an external ldap.
  • It should be possible to connect edubuntu from windows clients
  • it should work as a domain server.

{comment: included in 2.}

Niko Lewman

• I would love to have Pysycache in edubuntu. With it on edubuntu would be a complete setup for preprimary education.

{comment: included in 2.}

Simon Ruiz

• I'd really like to see an "Active Directory Compatibility" package that can be simply installed through Synaptic that depends on all the necessary packages and configures them correctly, and I'd be willing to work on that (though I've never worked on such a thing before, I'd need guidance). The sad truth is, in any large organization that is previous Microsoft homogenous--like ours--Ubuntu will only be a viable option when it plays nice with the locals without much effort on the sysadmin's part.

{comment: included in 2.}

• That said, and with an eye towards the future, I'd like to see educational software for all areas, especially what we call "Academic" subjects:
  • Social Studies (Geography, History, Government, Economics, etc.)
  • Math (We teach from Pre-Algebra through Calculus and Trigonometry here)
  • And the Sciences (Very broad topics, these, Chemistry, Biology, Earth and Space Sciences, etc. - our Physics labs has sensors that plug into the computer via USB and communicate with a proprietary program that runs on Windows, very spiffy stuff, though I don't know if Wine would run that or not...).

{comment: included in 2.}

• The arts are fairly well represented in Ubuntu with the GIMP and Blender, but how about Music? (Programs that can be used for Music Theory classes, for example, not just Audacity for recording music).

{comment: included in 2.}

Will commented: Have you had a look at http://ubuntustudio.com/? Some interesting stuff. {comment: included in 2.}

Kevin Cole

• For researchers and graduate students and researchers who are NOT in the field of mathematics or computer science, TeX, LaTeX, LyX, etc aren't quite friendly enough when customizing to very specific dissertation requirements, or journal requirements.

{comment: included in 2.}

• More statistical packages, please sir! I dunno what progress is being made on PSPP (the GNU answer to SPSS) but that would be welcome around here.

what do you already have running that is proving useful to the educators and learners ?

• Tiddlywiki
• bibtex
• and I know people who are taking advantage of some of the audio/video apps as research tools. I forget the specifics, but will try to get them to you.

{comment: included in 2.}

David Trask

• One thing I'd like to see ... and this is a broad issue and encompasses LTSP as well ... and that is to get a better handle on sound and video. It's a bit difficult to get all the pieces working for a decent classroom multi-media experience ... especially for newbies. ALSA, OSS, ESD, NASD, ARTS ... etc. Much of that means little to the average IT guy just

learning about Linux and Edubuntu ... it'd be nice if maybe a more standardized approached to sound and video in Edubuntu might be possible.

• I've heard a lot of good things about Pulse Audio.

{comment: included in 2.}

• As schools begin to adopt things like Edubuntu, K12LTSP ... etc on a large scale....being able to set up multiple servers and centralized authentication is a big point. I already do this using Samba/LDAP. I have multiple K12LTSP servers and a Samba/LDAP server for all users and their home directories. This makes adding servers to the mix ... a cinch...as I don't have to worry about users and their data ... I simply point the new server to the Samba/LDAP box. Matt Oquist and I (more Matt than me) have come up with smbldap-installer which makes setting up a Samba/LDAP server very easy (http://www.majen.net/smbldap) and thus gives the average school IT person(s) another option for centralized authentication of student accounts. The scripts do a lot with user creation and passwords as well. You can also easily set up BDC's as well. We have it working very well in Ubuntu as well as K12LTSP and Fedora

Core. In fact, I find Ubuntu server to be one of the better ways to set up a Samba/LDAP server. Anway ...my point...

{comment: included in 2.}

• This may be beyond the scope of Ubuntu/Edubuntu, but one thing school folks need is the ability to easily set up centralized authentication for their Edubuntu network....especially for growing or large networks with multiple servers. Maybe this is something that could be offered. It could also use a pretty face ... right now everything is done in the

CLI ... although it's still quite easy ... but to make it more attractive to the masses ... putting a "pretty clicky" interface with it ... will speed adoption. Just a thought.

{comment: included in 2.}

Oliver Comments:

• I think with edgy even its not perfect yet we accomplish a) for b) we surely need a centralized user management that works out of the box and integration on a workstation level as well as integration on the ltsp level. so lets build the base for that in mountainview to have feisty fawn entering the school and not only the classroom

Stuart Ellis Comments:

• I was just going back through mail, and I thought that I'd pass this on, in case you weren't already aware of it:

https://launchpad.net/distros/ubuntu/+spec/easy-ldap-server

{comment: included in 2.}

• The "Ubuntu Directory Services Team" is a group that has just formed to develop single sign-on for Ubuntu systems (with point and click ). LDAP, Kerberos, and Samba components all need to be worked on. Membership is open to anyone with an interest, and I'm sure that you would be very welcome:

https://launchpad.net/people/ubuntu-directory

• This team was only recently announced, but we have about forty people signed up so far.

{comment: included in 2.}

Nicolas Pettiaux comments:

• Much work has already been done by the skolelinux/debian-edu team with respect to LDAP usage in classroom servers, and it could be interesting to consider collaboration on this point.
• A new software to manage the administration of the users and the servers is being developed that could well be integrated in Edubuntu. It is CIPUX.

see http://wiki.debian.org/DebianEdu/CipUX

{comment: included in 2.}

• The active developpers of CIPUX are in cc., as well as the debian-edu mailing list where much of the discussion is taking place.
• Further than this, I think that active collaboration between Edubuntu and Debian-edu could only be useful to all.

{comment: included in 2.}

Oliver Comments back:

• having a web interface as optional add-on is nice but i'd really prefer something like

https://features.launchpad.net/distros/ubuntu/+spec/edubuntu-network-auth-server

• we'll take webmin and cipux into consideration during the discussion at mountainview though ...

And more:

• you might also look at https://features.launchpad.net/distros/ubuntu/+spec/edubuntu-network-auth-server

• we'll likely go with a similar solution for edubuntu since its well established (and indeed tested) in the educational realm ...
• implementing the network auth spec was promised by several people over three releases now, if i dont see an 100% implemented solution for feisty i'll hevaily opt for using whats already there and proven to work (smbldap) since we promise it since quite some time to the edubuntu users and its a majorly needed feature in the educational area ...
• (also note that edubuntu has to go a bit further than ubuntu since we'll have to integrate this network auth setup in the default install in a sane manner through the installer (i.e. having options for a PDC master, wortkstations and ltsp servers need to be integrated, smbldap is used and proven to work for all of these already in k12ltsp)
• i know that enough people from the ubuntu-directory team as well as the smbladp upstream developers will be attending in mountainview, so thats a good base for further discussion ...

• in *any* case edubuntu feisty will release with an integrated network authentication mechanism be it one or the other implementation ... but if the planned ubuntu network auth still doesnt come to speed we'll have to go our own way ... lets see how the discussions turn out at UDS

Gavin McCalugh

• I made a suggestion a week or two ago on this list that there should be two ssh instances by default, (email subject "secure ssh set up on edubuntu") one for general access on tcp port 22 and another on a different port (or ip, I suppose). This is not so much a user-level feature as a way to tighten up the security of the ssh daemon which is installed by default. I can resend if you like but it's in the archive.

{comment: dug out from archive and included in 2.}

3. Remote Participation

Please add comments / suggestions here ...

Paul Flint Examining or sourcing data via the user XML in the Schools Interoperability Framework (SIF) could yield profitable result.

• Who would like to participate in UDS discussions ?

  • JonathanCarter - jonathan@ubuntu.com

  • StuartEllis - stuart at elsn dot org

• What facilities are requested / suggested ?
  • irc channel #edubuntu-uds
    • for UDS discussions only
    • not for bugging delegates !
    • may or may not be populated at any time