[opensource] New Web Browser

Paul Betts paul at paulbetts.org
Thu Oct 25 13:38:34 EDT 2007


> but how does it "lock down" students' *entire*
> interaction with the OS (e.g., prevent them from closing or minimizing
> the browser)?

If they're running their own ActiveX control, they can do *anything they 
want*. They are running arbitrary C++ code in the context of your username.

-- 
Paul Betts <paul at paulbetts.orG>

On Thu, 25 Oct 2007 00:32:37 -0400, "Adam C. Champion" <champion at cse.ohio-state.edu> wrote:
> Great writeup, Brian! I wondered what this "Lockdown Browser" I saw on
> Carmen was. Since my research interests are computer and network
> security, I find the "'secure' testing" problem domain and this
> "lockdown" behavior intriguing. How do you provide students with Web
> access and form submission for an online test yet deny them most of the
> user-interface requirements of a Web browser (let alone "normal" use of
> Windows)? It seems Respondus is using IE components due to its ActiveX
> script requirement---but how does it "lock down" students' *entire*
> interaction with the OS (e.g., prevent them from closing or minimizing
> the browser)?
> 
> I share your concerns about DRM. Last year, I wrote an honors thesis on
> the proliferation of trusted computing, DRM, and the associated legal
> and social ramifications; it's online at my website
> (http://www.cse.ohio-state.edu/~champion). From what I read on your
> writeup, however, I don't think the browser uses DRM; it "merely"
> controls the user's interaction with the (proprietary) WebCT application
> and the Windows OS. I would normally associate DRM with copyright owners
> enforcing usage policies with legally-purchased digital works, like
> songs and movies. The only copyright issues I see are those associated
> with "who owns" the test and any images included therein (like the
> copyrighted Wikipedia image), as well as Blackboard, Inc., which holds
> the copyright to WebCT and its trade secrets. Certainly, OSU's
> contract/site license with WebCT and Respondus is another
> intellectual-property issue. But, of course, I am not a lawyer :).
> 
> I strongly believe that paper-and-pencil tests are one of *the* best
> ways to check that students have learned course material. Vigilant
> proctors/instructors should deter students from cheating; if students
> perceive they will be "caught in the act," they will be less likely to
> cheat than if they notice the TA engrossed in a paper and think they can
> get away with cheating. Besides, if you're taking an computer-based test
> that requires you to answer a set of questions before going on to the
> next set, you may not be able to go back and check/correct your previous
> answers within the test's time limit. (If you've taken the
> computer-based GRE, you know *exactly* what I'm talking about!)
> 
> Just my two cents.
> 
> Regards,
> Adam
> 
> P.S. When I tried to read your "Carmen response" links, my firewall
> logged attempted connections from the CSE department website on ports
> 39728-9 and 50697-8. Any idea what's going on? Is it the spam filter?
> 
> 
> 
> Brian Swaney wrote:
>> Ok, I tried sending this directly to the list, but it seems to trip all
>> of the spam alarms. I'll try linking to a web page this time. The same
>> general message is there. Basically, DRM meets OSU, and out pops this
>> new program.
>>
>> http://www.cse.ohio-state.edu/~swaneybr/lockdown-analysis.html
>>
>> Any comments are welcome.
>>
>> -Brian Swaney
> _______________________________________________
> Opensource mailing list
> Opensource at cse.ohio-state.edu
> http://mail.cse.ohio-state.edu/mailman/listinfo/opensource



More information about the Opensource mailing list