1.1 What is different about the new kiosk environment?
1.2 Why did we have to change from the old ŒKiosk Mode¹ of the Launch Pad?
1.3 How are the kiosks being kept secure?
1.4 What if a user drags the Launch Pad folder and/or Bear Access folder to the trash and empties it?
1.5 What if a user tries to throw away the System Folder or its contents.
1.6 What is that Broken Key on the Launch Pad for and what do those letters spell?
2.1. RevR what?
2.2 Oh. What does it do?
2.3 When does it run?
2.4 What if I need to use an item in the System Folder or want to look at a hidden item?
2.5 Is there any other way to make a hidden item visible?
2.6 Sometimes in the morning there is a dialog box from Comet asking if I want to close a session. When I click the close button, Comet quits and then RevRdist runs and the computer restarts. Why does this happen?
2.7 Why does RevRdist sometimes sit idle with an empty status box and then suddenly reboot the computer?
2.8 I really want to learn more about RevRdist . What else can you tell me?
3.1 Can users make changes to Comet configuration files?
3.2 Can users add Bookmarks to Netscape or change the preferences?
3.3 Can users save files to the hard drive from Netscape or its helper applications?
3.4 What prevents a user from downloading games or other applications from an FTP site?
3.5 Can users browse Usenet newsgroups or send mail from Netscape?
3.6 Wow! I can have multiple sessions open at once and switch between them!
3.7 Sometimes Netscape just freezes in the middle of a session or it freezes the computer when I try to quit. How do I fix this annoying habit?
3.8 What about sound on the kiosks and the WWW?
This document is to help reference staff, net-administrators and technical support staff understand the new kiosk environment and effectively deal with some of the new problems it poses.
1.1 What is different about the new kiosk environment?
The old Kiosks used (and the LCs still use) the ŒKiosk Mode¹ of the Launch Pad application. This environment eliminated menu bars from applications, quit the Finder, and included time limits on Comet sessions so that after a set amount of time all Comet sessions except the ŒLibrary Catalog¹ would be closed and the Launch Pad window would be brought to the foreground. The WWW Kiosks (all the PowerPC Macs) use a more open environment where the menu bars are active and their options available. The user also has access to the Finder and all of its function. The Comet session automatic timeouts are still there, but there are no automatic timeouts for Netscape sessions so if someone opens a Netscape session and leaves the kiosk the next user will find exactly what the previous one left.
1.2 Why did we have to change from the old ŒKiosk Mode¹ of the Launch Pad?
One of the features of a WWW browser such as Mosaic or Netscape is that it can call on Œhelper applications¹ to perform certain tasks such as looking at an image or initiating a TN3270 session. The browser does this by communicating with the Finder. If we recall the answer to 1.1 the Finder is not present in ŒKiosk Mode¹ of the Launch Pad. The solution to this problem was to use the Launch Pad in ŒPersonal Mode¹ and implement some other means of kiosk security.
1.3 How are the kiosks being kept secure?
The Kiosks use the same physical security as before: locked in cabinets with security cables around the exposed parts. The hard drives and data are protected from tampering by:
System 7.5.1 System Folder Protection: In the General Control Panel there is an option to turn on System Folder Protection. This feature prevents the user from removing any System Folder item from its directory and prevents any new file from being stored in the System Folder.
LockBootVolNameINIT: This System Extension prevents the name of the hard drive from being changed.
Invisible Folders and Files: All non-essential folders and files have been made invisible to the user using a utility called RevRdist.. Files and folders may also be made visible/invisible with the ResEdit Utility.
Modified Applications: Comet has been modified so that no changes can be made or saved. The Launch Pad had been modified so that no menu items are available to the user.
Locked Preferences: All preference files have been locked so no changes can be made.
If the Launch Pad is erased just restart the computer by choosing ŒRestart¹ from the Special menu. RevRdist will run on startup and replace the missing Launch Pad folder folder and items. Any missing item from the Bear Access folder folder will be replaced as needed by the Version Control Server.
1.5 What if a user tries to throw away the System Folder or its contents?
1.6 What is that Broken Key on the Launch Pad for and what do those letters spell?
The Broken Key icon on the Launch Pad indicates that there is an active Kerberos Ticket for that client. In other words a user has entered their password and it is still active for all password protected activities. Clicking the Broken Key will run the Network Logout program and clear the Kerberos Ticket (password). Those letters spell ŒClear Password¹. This matters because if a user accesses Just the Facts to say, look at his grades and leaves the kiosk without clearing his password the next user can use that active ticket to look at the previous user¹s grades, bursar bill, change their address, etc.
RevRdist.. It¹s a ³ Œdemand-pull¹ Macintosh equivalent of the Berkeley UNIX program rdist. ³ (RevRdist Administrator¹s Guide)
RevRdist is comprised of a number of pieces. There is the application and a preference file which live on the local hard drive (client). There is also a server which contains a Master folder and a distribution file. The Master folder contains every file which should be on the kiosk hard drive (client). When RevRdist is run on the client, the preference file tells it where to look for the master folder and what distribution file to use. It then proceeds to compare the contents of the client to the contents of the Master Folder. Depending on what the distribution file says RevRdist will variously throw files away, copy others from the server, lock or unlock files and make them visible or invisible. In our case, RevRdist deletes any file that does not belong on the client (temporary files from Netscape, cache files, etc.); restores certain files if missing from the client (Launch Pad, etc.); and makes sure most every file is invisible.
In short it cleans up the daily accumulation of gunk on the hard drive.
It runs every time you start or restart the computer and it then restarts the computer when it is done. It will not run for 15 minutes after its previous run. This is to prevent an endless loop of restarts.
For those libraries that do not power down their computers at night RevRdist will run automatically at a random time between 3:00am and 4:00am.
2.4 What if I need to use an item in the System Folder or want to look at a hidden item?
We will distribute a disk image that you can put on floppy that contains a copy of RevRdist and a preference file that points to a different distribution file. This distribution file tells RevRdist to not copy or delete anything but to make all files and folders visible. Insert this disk into the floppy drive, drag the RevRdist Prefs file onto the RevRdist1.5 application and let it run. It should take about 10 seconds and then quit. Eject the disk and do what you need to do. When you restart the computer the regular RevRdist will run and hide the files again.
2.5 Is there any other way to make a hidden item visible?
Yes. You can use a utility called ResEdit to make files and folders invisible. This program will be included on a utility disk that is available to the NetAdmins for the kiosks. This technique is required when you need to change some setting, but the network cannot be accessed (RevRdist needs the network so it can see the Master Folder on the server). To use ResEdit to make a file or folder visible do the following:
Be very careful when using ResEdit. It is a very powerful program and can damage your files if used improperly. Don¹t do anything or save anything in ResEdit that you are not completely sure is the right thing to do.
When RevRdist is finished running in the early morning it tries to restart the computer. In order to restart, though, all the applications have to quit. Comet won¹t quit until it closes its active sessions and gets confirmation from the user to do so. Since (we hope) there are no users at 3:26am that confirmation waits until morning when someone clicks ŒClose¹ and the Mac restarts and runs RevRdist again (since 15 minutes have passed since the last run) and restarts the machine again. This can be avoided by checking to see that all Comet sessions are closed prior to closing the library.
We don¹t know. If it eventually restarts that¹s great. That means it¹s working. If it hasn¹t done anything for 5 minutes or so, reboot the computer yourself using ŒCmd-Cntrl-Power¹. This really may take up to five minutes so give it a chance to finish up before you do a forced reboot. Sometimes these programs just act funny.
2.8 I really want to learn more about RevRdist . What else can you tell me?
RevRdist runs (for the libraries) on a Macintosh LCII running AppleShare server software 3.2 (I think). This server lives in the server farm in the basement of the CCC building. It is on an AppleTalk zone called LIB.Public. This zone includes all of the library kiosk subnets as defined by their IP addresses. The communication protocol is AppleTalk over TCP. This is different from Version Control which uses a different communication protocol. Another important difference is how the two update services and files. RevRdist updates items on a file by file or folder by folder basis and determines whether a file should be updated based on the distribution file entry for the file, its location, and its name. Version control updates items on a service (set of files) basis and determines updates by file name, location and version number.
You can find more information on RevRdist by anonymous FTP to ftp.cc.purdue.edu
3.1 Can users make changes to Comet configuration files?
No. All of the menu items that have configurable settings have been modified so that the user cannot save the changes. After making changes the only option available is ŒCancel¹. It is also not possible to create new sessions and configuration files for the same reasons.
3.2 Can users add bookmarks to Netscape or change the preferences?
Users can add bookmarks and change preferences during a Netscape session. However, when Netscape is quit all of these changes are forgotten and the default settings reappear the next time Netscape is started.
3.3 Can users save files to the hard drive from Netscape or its helper applications?
Yes. It is possible for users to save files from Netscape or JPEGView or Sparkle. Some files are saved to the hard drive automatically by Netscape. For instance any time a Telnet or TN3270 session is launched from the Mann Gateway WWW page a configuration file is created on the hard drive. These files are deleted when RevRdist runs.
3.4 What prevents a user from downloading games or other applications from an FTP site?
The casual user who attempts to download binary files will find that most all of them are compacted and encoded using BinHex and either Stuffit or Compactor. Since there are no decompression or decoding tools on the kiosks these files will not be in a usable format. Some decompression tools are available in their original format but cannot be downloaded because the kiosks lack the MacBinary translation necessary to transfer these files.
3.5 Can users browse Usenet newsgroups or send mail from Netscape?
Yes. This a built in function of Netscape and cannot be changed. As currently configured, users can send mail but in order to read news they would have to go to the ŒPreferences¹ menu item and enter the name of a news host. We trust that most library users are not going to know the name of the Cornell newshost off the top of their heads and will not bother trying to get news to work.
Some concern has been expressed throughout the development that allowing users to send mail from a kiosk is a bad idea because it is essentially anonymous and allows the user to send prank messages. The simple response to this is that this is absolutely no different than using Eudora. I could configure my Eudora to say I was ŒFrank H.T. Rhodes¹ with NetID Œfr1¹ and send mail like that. The reason for this is that the Simple Mail Transfer Protocol (SMTP) that Cornell uses does not support authentication for sending messages.
3.6 Wow! I can have multiple sessions open at once and switch between them
That wasn¹t phrased in the form of a question, but this isn¹t Jeopardy so... yes, you can. This is very handy because you can have the Cornell University Catalog open, ABI Inform open, Biosys Open, and a WWW session open in Netscape. You (or a user) can add items of interest to the edit windows in each open Comet session and then, instead of printing them out: select all; copy; go to Netscape; select ŒMail Document...¹ from the ŒFile¹ menu; paste; do that for each edit window; enter your own NetID; mail yourself search results. Neat huh?
If a session has frozen the computer simply reboot it. If the problem persists you can throw Netscape in the Trash (see 2.2), restart the computer and download a new copy from version control by clicking any WWW button.
3.8 What about sound on the kiosks and the WWW?
In the early stages of development it was decided that having a helper application for sounds would be of little benefit to the users. There is very little information available as sound files that is not available in some other form and any sounds being played from a kiosk would likely disturb other patrons. The volume for all sounds remains at the same level as previously set. You may change the volume levels by unhiding the invisible items and using the Sound control panel. (See 2.4)
If you have a question that is not answered in this document, or something is unclear please let us know by sending mail to LTD-L@cornell.edu.