<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Ok, I'm at a desk and not on a phone.</div><div><br></div><div><br></div><div>Let's sort of set the stage, if you will, to clarify a few things.</div><div><br></div><div>First, I've raised two boys into their 20's and done this all before.</div><div>Second, I've got a metric crapload of snort processing scripts I've written that watch for all manner of icky URL matches on "requested sites" and also on Squid's logs to do the same. I took the stance with the boys of "trust but verify" which is a very "apple-storeish" thing to do. I had transgressions once by each boy that got addressed personally and quietly and have managed (aside from the occasional pop-up storm) to keep them "porn free" if you will as long as they've been under my roof. Anything they've managed outside of the house is beyond the scope of my purview, of course, but they pay for their own phones now… I can't "control" their intake forever.</div><div><br></div><div>Now I'm on "kids 2.0" with my second wife, and they're all girls and at ages 3, 6, and 10. The 10 year old has an internet-capable device, so, I'm putting the same system back in place with the same scripts and logging and automated emails and such. However, their mother wants the added protection of content filtering for a couple of years until "aunt flo" arrives and she can halve "talk 1.0" with her, but also wanting to know <i>what </i>was requested and by what mechanism. Ipcop to the rescue again…you can say "no" via automated system, but it's considerably more important to know what is being asked for and how. Was it typed in? Why is the child interested in that particular topic? (etc. etc.)</div><div><br></div><div>Also, having all these folks on the network at home while "mom & dad" work from home a lot requires packet-shaping of the Xbox and Rou down and web traffic/SSH up. Also, when on the road, I need to be able to VPN into my private network from anywhere to do something even so small as printing a doc for my wife all the way to rooting around my internal net for various reasons. (i.e., you can't hit the time machine from the outside)</div><div><br></div><div>So, a smallish box with modest means to run a couple hundred meg distro for firewalling seemed to be the way to go for us… that's why I asked.</div><div><br></div><div><br></div><div>TL;DR. (I've done this before.. I just need hardware)</div><div><br></div><div>Something else on the topic…. I re-read and it appeared I was *only* asking for "free" stuff… I'm not. If you've got something hogging space and you're under a "nag order" to get rid of it, please do think of me first. And if it requires a few bucks, that's good too. I just wanted to work with you guys who may need a few bucks first before giving that cash to $company making cheap crap in China. I'd rather buy the cheap crap from you instead. XD</div><div><br></div><div><br></div><div>--j</div><div><br></div><br><div><div>On Jul 15, 2013, at 8:52 AM, Tom Freeman <<a href="mailto:tfreeman@intel.digichem.net">tfreeman@intel.digichem.net</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Please forgive the chime in - but...<br><br>+1 with an observation of sorts<br><br>A parent still needs to monitor sufficiently to catch a usuable per centage (what ever that value is) to ensure that the conversation takes place. (I caught a daughter sneaking a viewing of "Flesh Gordon" from a copy her late mother gave me. _That_ was an awkward conversation!)<br><br><br>On Mon, 15 Jul 2013, Jim Kinney wrote:<br><br><blockquote type="cite">In short: don't rely on technology as a role model stand-in for children.<br>I have exactly 0 filters on the feed at my house. none. waste of time. Kids<br>will find what interests them. If it's porn, you're overdue for "the talk"<br>and that one will go on for the next several years. If the adult is not<br>capable of sitting down and watching what they are and rationally explaining<br>what is problematic about it, the child will begin to disregard the adult as<br>an authority figure and view them as just another knee-jerker wearing<br>blinders.<br>Most kids are wanting to find stuff that's not porn and other "bad stuff".<br>Most kids get embarrassed or grossed out when it accidentally crosses the<br>screen on an errant mouse click. It's far more important to have them<br>understanding that they will not be punished the occasional mistake but will<br>be expected to learn from them. Teach them the "back" button in both mouse<br>and keystrokes :-)<br>Ron brought up a bigger issue that can't be filtered with current tools:<br>what the kids actually say online to each other. Between 12-13 and about<br>19-20, girls are vile, horrid creatures to other girls and boys are<br>brain-damaged monsters with illusions of invincibility. A useful tool would<br>be a screen mirror with recording so the nasty things they say to each other<br>can be replayed, discussed, and used as reasons why privilege A is being<br>withheld. I'm thinking of a chat mirroring tool or email copy process. It<br>will only get to be used once then they will change methods (if they are<br>smart). But that level of guidance, no matter what _they_ think, would<br>benefit them greatly learning how to relate with others.<br>Besides, once the hormones kick in, they will find a way to find out about<br>it. If the default view at home is "NO! BAD!", they will look elsewhere for<br>answers unless they are totally dominated by helicopter parents. Most<br>commercial porn is crap with subtle and not so subtle overtone of violence<br>against women as themes. It's a challenge to find something that can serve<br>as guidance for humans really relate in bed. And intelligent bed banging is<br>far better than stupid gun banging in the street.<br>On Sun, Jul 14, 2013 at 9:46 PM, Ron Frazier (ALE)<br><<a href="mailto:atllinuxenthinfo@techstarship.com">atllinuxenthinfo@techstarship.com</a>> wrote:<br> Hi all,<br><br> Since I brought up OpenDNS, even though I'm a user and a fan, I<br> should point out some limitations. About 10%, as a rough<br> guestimate, of the ugly stuff will sneak through the filter. <br> The purveyers of junk bring up new sites too fast for everything<br> to be in the database. Do not assume your kids will be totally<br> prevented from getting to any and all "insert bad category"<br> stuff.<br><br> Also, if your kid knows how to do any of the following, he / she<br> can bypass the filter: choose an alternate dns server on the pc,<br> use a proxy / anonymizer (although you can filter that<br> category), browse by ip alone without dns, start up a vpn, take<br> their laptop / smartphone to a friend's house or hotspot or step<br> parent's house. Anything that bypasses the use of the OpenDNS<br> servers or changes their public ip bypasses the filter. I have<br> wished in the past that I could tie the filter to a specific pc,<br> but OpenDNS does not provide that as far as I know.<br><br> Internet Explorer provides some built in content filtering<br> options, which can tie into things like NetNanny (I think), but<br> I've never used it. Firefox doesn't provide any of that<br> natively that I'm aware of, but there may be plugins for it.<br><br> I have links to a couple of Christian sites related these topics<br> I could try to dig up if anyone wants.<br><br> Note that, even if they cannot easily access "<a href="http://uglyjunk.com">uglyjunk.com</a>"<br> because of OpenDNS, they can see links to it in google and bing,<br> and in the latter case, with live video coming though bing. The<br> child's pc need not ever visit "<a href="http://uglyjunk.com">uglyjunk.com</a>" to see some of its<br> content, albeit with smaller pictures.<br><br> You can make things harder to bypass by putting the OpenDNS<br> servers in your router settings. Then, any pc which just uses<br> basic dhcp to get it's ip and dns will pick that up from the<br> router. But, that does not prevent the pc from querying another<br> dns server directly if it wants to. If the pc can get an ip for<br> "<a href="http://uglyjunk.com">uglyjunk.com</a>", it can still visit the site.<br><br> I have heard that you can get hosts files of preconfigured<br> blacklist sites, then the computer is just directed to nowhere<br> when they try to get those sites, before even querying the dns. <br> I've never used that though.<br><br> The service also depends on linking your public ip to your<br> account. That's why going to a hotspot bypasses the filter. <br> They'll have a different public ip which is not linked to your<br> account. Even if the pc was set to use the OpenDNS servers,<br> your personal filter settings would not be in affect. You would<br> still get phishing protection though.<br><br> Since your public ip is subject to change periodically when your<br> cable / dsl modem resets, you need to run a small utility, which<br> I run in Windows, to link your current public ip with your<br> account and filter settings. You'll have to check on whether<br> they have a linux utility, but they probably do. When your ip<br> changes, if the utility runs, the OpenDNS servers get set to<br> respond to the new ip. If your ip setting utility doesn't run<br> for a few days, then your filters won't be in affect for a few<br> days if your ip has changed.<br><br> I do NOT recommend running the ip setting utility on the child's<br> computer. Here's why. Let's say you did that. They go to<br> starbucks. They login, then the ip utility links STARBUCKS<br> public ip to YOUR filter account. Your child would then be<br> subject to your filters, but so would EVERYONE ELSE in<br> starbucks. That might cause some problems. This would remain<br> in effect until your child logged into another network and got<br> another public ip.<br><br> Because ip's change, the system occasionally gets confused as to<br> which account owns which ip. This is rare, but, for example,<br> let's say there is a disruption at the isp and all the cable<br> modems get reset. You may end up with what was someone else's<br> public ip and they may end up with yours. It may take a little<br> while for the ip setting utilities to set everything straight. <br> So, the possibility does exist that they could see stuff in<br> their account logs on OpenDNS that came from you and you could<br> see theirs.<br><br> One other slight disadvantage of the OpenDNS system is that all<br> pc's in the house with the same public ip will have the same<br> filters. You could always active a vpn or proxy on your own pc<br> though and bypass your own filter.<br><br> Despite these limitations, I found the service extremely useful<br> and wouldn't want to be without it with a child in the house. <br> You could gang other technologies on top of this, if you wish. <br> I still have it active, even though my child has moved out, to<br> filter out rubbish that I might hit accidentally.<br><br> This is slightly off topic to the original question, but I'd<br> consider a certain amount of monitoring of my kid's<br> communications online. Chat, email, facebook, whatever. How<br> much is up to you. I'd also set rules on who it was appropriate<br> to communicate with. Again, up to personal discretion. You can<br> get books about how to deal with these issues.<br><br> Sincerely,<br><br> Ron<br><br> On 7/14/2013 8:09 PM, Doug Hall wrote:<br> 27" iMac is sweet. But I agree with Ron. There's no<br> reason to buy ANYTHING if you use OpenDNS to filter<br> content. I'm very satisfied with the free service.<br> Okay, maybe paranoia is a reason. I wouldn't be<br> surprised to know that OpenDNS is releasing records<br> to the NSA. But then again, so could your current<br> ISP.<br>On Sun, Jul 14, 2013 at 5:03 PM, Jerald Sheets<br><<a href="mailto:questy@gmail.com">questy@gmail.com</a>> wrote:<br> I do. It's a slamming 27" iMac. :)<br><br> Jerald Sheets<br>Sent from my iPhone5<br>On Jul 13, 2013, at 10:20 PM, Jim Kinney<br><<a href="mailto:jim.kinney@gmail.com">jim.kinney@gmail.com</a>> wrote:<br><br> Jerald, you're missing the entire point:<br> Upgrade _your_ machine and give the old one to<br> the young-uns. Put squid-guard on it and<br> provide a pile of bookmarks they are<br> interested in.<br>:-)<br>House Rule: Dad ALWAYS has the best hardware unless<br>someone else is paying for it.<br>On Sat, Jul 13, 2013 at 10:00 PM, Neal Rhodes<br><<a href="mailto:neal@mnopltd.com">neal@mnopltd.com</a>> wrote:<br> I would think you could look for<br> off-lease "no-os" refurb units on<br> TigerDirect for maybe $100.<br><br> On Sat, 2013-07-13 at 21:22 -0400,<br> Jerald Sheets wrote:<br>Hi all.<br>I've come to the point where my next generation o little ones will be going online, and I'm going to build me a content filtering firewall. (Ipcop)<br>Thing is, I don't have any old hardware and need to get something, but anyth<br>ing I would buy in a store would be overkill.<br>I'm looking for something P3 or later, mid tower with one drive bay is fine and 4-8G of memory. Anyone have anything like that you'd like to unload? Jerald Sheets<br>Sent from my iPhone5<br>_______________________________________________<br>Ale mailing list<br><a href="mailto:Ale@ale.org">Ale@ale.org</a><br>http://mail.ale.org/mailman/listinfo/ale<br>See JOBS, ANNOUNCE and SCHOOLS lists at<br>http://mail.ale.org/mailman/listinfo<br>_______________________________________________<br>Ale mailing list<br>Ale@ale.org<br>http://mail.ale.org/mailman/listinfo/ale<br>See JOBS, ANNOUNCE and SCHOOLS lists at<br>http://mail.ale.org/mailman/listinfo<br>--<br>--<br>James P. Kinney III<br>Every time you stop a school, you will have to build<br>a jail. What you gain at one end you lose at the<br>other. It's like feeding a dog on his own tail. It<br>won't fatten the dog.<br>- Speech 11/23/1900 Mark Twain<br>http://electjimkinney.org<br>http://heretothereideas.blogspot.com/<br></blockquote>_______________________________________________<br>Ale mailing list<br><a href="mailto:Ale@ale.org">Ale@ale.org</a><br>http://mail.ale.org/mailman/listinfo/ale<br>See JOBS, ANNOUNCE and SCHOOLS lists at<br>http://mail.ale.org/mailman/listinfo<br></blockquote></div><br></body></html>