[TCLUG] Content filtering software.

Fri Jan 19 00:04:35 CST 2001

If you promise to read my opinions I promise to share what I'm doing!
(Actually I will go either way on this argument depending on the situation,
so just bear with me going to the other end of the spectrum you're on. :)

> It sounds like they just want to get ride of filtering software, instead of improve it.
This issue at hand is how do you mark something as objectional when weather
it is objectional or not is objectional. Why, you end up in an inifinite
loop my friend. 

> I was asked to install filtering software, and that is what I am going to do.
Sounds like a good idea on paper doesn't it?

> Question. Can you get "Adult" books, magazines, or videos from the Library? No.
Yes, you can get book with adult themes that are more provocitave than any
porn you can find on the internet. But but, you might have to use your
imagination! The horror of it all. But no, you won't find simple minded
porn, which is enjoyable in it's own way I suppose. 

> So why do people think they should be able to get simular content from the
> Library's Internet connection. Now when it comes to the Internet connection I
> pay for, No I would not want it filtered, and I belive that is my right. But at
> work, the Library, and School I would expect it to filtered.

Well, isn't that what the internet is for? Getting access to information
that isn't available at the libiary? If I was doing research and the libiary
didn't have a resource I needed, I'd hope I'd be able to find something on
the net without getting an access denied type message.

> 
> bla bla bla... I realy do not want this to turn into a big debate
Too late! 

> but I am really interested in what Content
> filtering solution I am sure some of you have had to setup.
Allright Allright. I know the other side of the argument and it is just as
valid. After all, business owners are paying for internet access for
business, not so they're employees can look up info on the latest games,
porn, or what have you. So here is what I do:

We use squid as a proxy, a content controlling proxy, and a cache server.
Our firewall rules limit web requests so that they can only come from the
cache server, thus forcing everyone to use the squid box to get out to the
net. (There are better ways I'm sure, but that is how it was set up when I
started at this place, which is by far a better place than I left, as you
probally know. :) 

For content control we use squid block, which is something of a user
maintained list of bad sites. It is far from complete, as say, planetquake
is blocked yet planetunreal and planethalflife are not. You get the picture
I'm sure. Cron jobs update the list from the main sight. ( You should be
able to find this off of http://www.squid-cache.org )

"Privliged" users are given a DHCP reservation (excuse the MS term there...)
which basically means that the Linux DHCP server always gives the same IP
address to the MAC address of a computer. Since most of our computers are in
individual offices it isn't too big of a concern, the NT logon log has been
able to clear up the few issues we've had. "Unprivliged" users get a dynamic
ip. 

Squid knows what range of IPs are privliged and unprivliged, and those are
the only two access levels we have. Privliged level still filters for port
and the like (and does a semi-decent job of it, but if sex is part of a
legit domains name it will screw up...)

Unprivliged IPs are restricted to a list of sites that managment (and
myself) decide are necissary for business. Generally this includes shippers
sites (UPS, FedEx, etc.), suppliers, sites like windows update and other
support related sites, and a few other misc sites that don't fit in to any
other catagory. Durring lunch time and after hours, they get the same access
as unprivliged sites. 

For the most part, it works. 

I think something similar could work in the a libiary situation if some
level of web based administration was set up. If squid blocks a site, it
should present the user with a page that explans why and a web form to fill
out to submit a request for review to the assistants on duty. On this page
should also be displayed a list of recently reviewed sites with some easy to
understand indicatior of the reviewers opinion (red, yellow, green for
simplicity. Red for stay blocked, yellow for certin machines [ie, those not
in the children's area] and green for all machines.) 

The attendents make a immideate judgement call that stands until the next
review by some sort of community board. The sites reviewed are reviewed by
this body, and changes go into effect and are subbmitted the national
database. After another review, the changes are in the national database.

The database priority would be something like this:

national
state
county
city?
libiary/school

The more regional levels can override all levels above it. 

Well, it still isn't a perfect idea, but I feel it's a step in the right
direction, espically for the public libiary system where OSS should shine.

I'm going to forgo any proofreading, grammer, or spell checks on this e-mail
as I am somewhat sick, quite tired, and very cold. My bed with the electric
blanket is over riding the filters that would otherwise make me take these
actions. (Well, that was a really lame attempt at an example of my system at
work wasn't it?)

-- 
| Andrew S. Zbikowski       | Home: 763.591.0977 |
| http://www.ringworld.org  | Work: 763.428.9119 |
| http://www.itouthouse.com | PCS:  612.306.6055 |
|   This message is protected by double ROT13    | 
|   encryption. Any attempt to circumvent the    |
|   digital protection is banned by the DMCA.    |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: andyzib.vcf
Type: text/x-vcard
Size: 2267 bytes
Desc: Card for Andy Zbikowski (Zibby)
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20010119/46757a2f/andyzib.vcf