+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 24
Network and Classroom Management Thread, Python and the school network in Technical; I've been asked to add Python to the school network which is easy enough as an msi is provided however ...
  1. #1
    randle's Avatar
    Join Date
    Dec 2006
    Location
    Chelmsford, Essex
    Posts
    603
    Thank Post
    68
    Thanked 17 Times in 16 Posts
    Rep Power
    19

    Python and the school network

    I've been asked to add Python to the school network which is easy enough as an msi is provided however am unsure as to whether installing this on the native system is a good idea. Should I be implementing a Virtual PC image with this? With GPO restrictions in place, is this neccessary?

    The school's never needed anything like this on the network before so haven't had to worry about this before however due to recent public comments, it's been decided that we need this.

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,631
    Thank Post
    734
    Thanked 1,693 Times in 1,507 Posts
    Rep Power
    435
    Decided by who? in consultation with who? for what purpose?

    Ben

  3. #3
    randle's Avatar
    Join Date
    Dec 2006
    Location
    Chelmsford, Essex
    Posts
    603
    Thank Post
    68
    Thanked 17 Times in 16 Posts
    Rep Power
    19
    This is a request by the ICT department as they want to teach students Python. Ideally I want to know what the risks are and in what way this could be done if it's a good idea then once I know either way, I can go back to them and the SMT and let them know whether this is possible rather than just saying no from the get go.

  4. #4
    randle's Avatar
    Join Date
    Dec 2006
    Location
    Chelmsford, Essex
    Posts
    603
    Thank Post
    68
    Thanked 17 Times in 16 Posts
    Rep Power
    19
    Are there schools out there who have been asked to implement something similar?

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Giving kids a python interpreter means they can use the computer to do what they like with - access the C:\ drive, call system commands, run network commands.

    Is Python the security risk or is windows the security risk?

    I personally don't think it's an issue. If you think it is then run it on *nix or in a virtual machine.

  6. #6

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,688
    Thank Post
    1,271
    Thanked 791 Times in 688 Posts
    Rep Power
    238
    Quote Originally Posted by randle View Post
    With GPO restrictions in place, is this neccessary?
    If you're worried about running Python locally on each workstation you could install an SSH client and a text editor on each workstation and have the pupils save and execute code on a central server. Also, this kind of worry is exactly the kind of the kind of thing the Raspberry Pi is designed to take care of - give each pupil a £22 computer and leave them to it.

  7. Thanks to dhicks from:

    randle (3rd February 2012)

  8. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 855 Times in 675 Posts
    Rep Power
    197
    What @dhicks said. You could even set up an ubuntu box joined to AD, one decent desktop should allow for a full class of students (probably more) all doing "commandline" based python. Use an easy text editor like "joe" and you're away. You may have problems with students trying to be clever and DOS the box by running compute-intensive stuff, but it is easy enough to spot these and apply a LART.

    You could position this as a "first step" into the python world - also one box means you have a LOT of control over the runtime environment, a (competent) IT teacher can easily distribute sample scripts to students, it might even be possible for students to log in from home to do work.

  9. Thanks to tom_newton from:

    randle (3rd February 2012)

  10. #8

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,221
    Thank Post
    287
    Thanked 781 Times in 590 Posts
    Rep Power
    345
    Looking at the same thing here, tbh my preferred option is the raspberry Pi if they can get it out of the doors in enough quantity for September, which is looking increasingly unlikely.
    I think we'll be going down the route of having VM's set up with a dev image:

    Python
    Eclipse with PyDev
    Android Dev Environment
    Windows 7 Mobile Dev Environment
    Visual Studio
    Microsoft Robotics Developer Kit
    Small Basic
    Scratch

  11. #9

    Join Date
    Sep 2008
    Location
    England
    Posts
    276
    Thank Post
    6
    Thanked 70 Times in 62 Posts
    Rep Power
    53
    Running python programs on windows will give program the same security restrictions that the user would have if the had access to the command line, windows explorer or the save/open dialogs in most windows applications. They could run any program on the system that they have read and execute permissions on.

    If you have denied students access to a file/folder/network drive, then they still can't get it, because they will be running python under their own account. However, one thing that does occur to me is if the students hand in a program (in any language, not just python) to a teacher and the teacher runs it, then it would run as the member of staff. If a student were crafty, they could get the program to access a confidential file and send it via email or network share to themselves when the teacher runs it. Staff marking the work would need to be very strict about reading the code before running it. I would also give the staff a restricted environment of some kind to run it in, Maybe a vm or linux server, or another un-privileged username.

    Unless they can find a privilege escalation type bug, then they shouldn't be able to do any admin level stuff. That is assuming you have the PCs locked down properly. I think the worst they are likely to be able to do is crash the pc, or maybe corrupt the python install. Neither of those should take long to fix (either reboot. or reinstall python).

    You probably want to make sure the rest of the network is secured properly, with firewalls, backups, system images, etc, but any vulnerabilities there are present if the students can bring in their own equipment, or use VMs/ssh/raspberry pi or Java or Visual Basic. Its possible that they could create programs to do denial of service or other attacks against hosts on your network. This applies to any network however, with or with out development tools installed.

    This is based on my personal experience with python, I don't use it in a teaching environment.

  12. Thanks to Chris_Cook from:

    randle (3rd February 2012)

  13. #10


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I really think school sysadmins need to relax a little and give kids chance to explore.

    The worst that's going to happen is they'll create a mass email spam program, temporarily knock out a server or exploit some privilege escalation bug and gain some confidential information. They'll do that if it's on a (networked) raspberry pi or (networked) Virtual machine. There are not going to many kids that could do it, and even fewer that would do it. You or the teachers will be able to identify those bright but misaligned students in a flash.

    Real learning doesn't happen in a sterile environment. I've had kids that have written their own proxy servers in their bedrooms, to be able to get to games sites and others that have attempted to DoS our internal email system. The only thing that has come from it is good, the kids learned important lessons.
    We aren't working in a military environment. Sometimes it is good to say YES to things that will be good for teaching and learning, and learning Python certainly will be. Even of it means 'letting go' a little.

  14. Thanks to CyberNerd from:

    garethedmondson (4th February 2012)

  15. #11

    Join Date
    Aug 2009
    Posts
    280
    Thank Post
    20
    Thanked 22 Times in 19 Posts
    Rep Power
    14
    Quote Originally Posted by CyberNerd View Post
    I really think school sysadmins need to relax a little and give kids chance to explore.

    The worst that's going to happen is they'll create a mass email spam program, temporarily knock out a server or exploit some privilege escalation bug and gain some confidential information. They'll do that if it's on a (networked) raspberry pi or (networked) Virtual machine. There are not going to many kids that could do it, and even fewer that would do it. You or the teachers will be able to identify those bright but misaligned students in a flash.

    Real learning doesn't happen in a sterile environment. I've had kids that have written their own proxy servers in their bedrooms, to be able to get to games sites and others that have attempted to DoS our internal email system. The only thing that has come from it is good, the kids learned important lessons.
    We aren't working in a military environment. Sometimes it is good to say YES to things that will be good for teaching and learning, and learning Python certainly will be. Even of it means 'letting go' a little.
    I'd have to agree with this.

    What I would suggest is dropping a couple of Universty IT departments an e-mail, a lot of them have Python and other interpreters installed for CompSci students, in a domain environment. In fact, I learnt Python in a Windows 7 domain environment towards the end of last year.

  16. #12
    skunk's Avatar
    Join Date
    Mar 2006
    Location
    North West
    Posts
    311
    Thank Post
    88
    Thanked 40 Times in 33 Posts
    Rep Power
    30
    Quote Originally Posted by CyberNerd View Post
    I really think school sysadmins need to relax a little and give kids chance to explore.
    They did at the start, then liberties were taken, so it go bolted down a bit, more liberties were taken, more bolts, etc.

    Quote Originally Posted by CyberNerd View Post
    The worst that's going to happen is they'll create a mass email spam program, temporarily knock out a server or exploit some privilege escalation bug and gain some confidential information. They'll do that if it's on a (networked) raspberry pi or (networked) Virtual machine. There are not going to many kids that could do it, and even fewer that would do it. You or the teachers will be able to identify those bright but misaligned students in a flash.
    ...is that a bunch of laws get broken and the school has vicarious liability to any victims, ICO on its back and a P45 with the sysadmin's name on it. Not a career path I intend to follow or would recommend anyone else doing so.

    Quote Originally Posted by CyberNerd View Post
    Real learning doesn't happen in a sterile environment. I've had kids that have written their own proxy servers in their bedrooms, to be able to get to games sites and others that have attempted to DoS our internal email system. The only thing that has come from it is good, the kids learned important lessons.
    We aren't working in a military environment. Sometimes it is good to say YES to things that will be good for teaching and learning, and learning Python certainly will be. Even of it means 'letting go' a little.
    Yes and no. Why does a controlled, safe environment have to be sterile? Why does students letting rip with their coding prowess mean that the school network be at risk.

    I would recommend a bunch of (virtual) servers in a DMZ with only SSH inbound open. The kids can play, the servers can be reset once they have royally stuffed them up and the rest of the school can keep running as normal with a reasonable level of risk.

  17. Thanks to skunk from:

    randle (3rd February 2012)

  18. #13


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by skunk View Post
    ...is that a bunch of laws get broken and the school has vicarious liability to any victims, ICO on its back and a P45 with the sysadmin's name on it. Not a career path I intend to follow or would recommend anyone else doing so.
    If you give someone a programming language and they decide to bruteforce your SQL or LDAP then provided you've taken reasonable measures to secure said servers then I don't think you would have too much to worry about from an ICO or p45 perspective. If you are really that paranoid then it might be best to unplug the network cards altogether.

    Quote Originally Posted by skunk View Post
    Yes and no. Why does a controlled, safe environment have to be sterile? Why does students letting rip with their coding prowess mean that the school network be at risk.
    I would recommend a bunch of (virtual) servers in a DMZ with only SSH inbound open. The kids can play, the servers can be reset once they have royally stuffed them up and the rest of the school can keep running as normal with a reasonable level of risk.
    That would be a pretty sterile environment, albeit secure.

    I think we shouldn't all overreact to what 'could' happen, or we'll end up banning a whole load of useful educational tools like raspberry pi and running student machines a DMZ; back to the separate staff/student networks of eons ago. Relax, it will be fine

  19. #14
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,487
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    As long as it runs under a standard user account I really don't see what the problem is.

  20. #15


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by DMcCoy View Post
    As long as it runs under a standard user account I really don't see what the problem is.
    stuff like this:
    http://www.hsc.fr/ressources/outils/...atator_v0.2.py


    BAN programming!!!!



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Access schools internet but not the school network??
    By burgemaster in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 6th February 2012, 12:09 PM
  2. [Hardware/Misc Related] MP3's on the school Network
    By Millsy79 in forum Licensing Questions
    Replies: 15
    Last Post: 8th December 2009, 01:31 PM
  3. Replies: 1
    Last Post: 1st May 2008, 10:04 AM
  4. School networks and aid to Africa. A comparison.
    By Dos_Box in forum General Chat
    Replies: 14
    Last Post: 5th July 2005, 12:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •