Harvard Computer Science course (EdX) Security concerns?

Hi folks, I was idly browising about and came across this offering, from Harvard, of all places. https://www.edx.org/course/introduction-computer-science-harvardx-cs50x#! I thought perhaps I would look in to it…
Now the course runs on a home-brewed 'Buntu derivative, students are advised to install it in a VM, with tools provided free to students by VMWare …“evaluation licenses for VMware Workstation 11 at no cost to students” Which is all well and good. But reading a little further, it seems that students set up this system… and then they ALL use the same user name and password (!!!) Now I am sure that the distinguished faculty at Harvard would not recommend anything which is an immediate security risk, but surely asking students on a beginner course to go against one of the LINUX 101 rules is a bit odd? They also make available an .iso Imagine a beginner decided to go ahead and install it on “bare-metal” and then used the default username and password?
https://manual.cs50.net/appliance/2014/#cheatsheet
https://manual.cs50.net/appliance/2014/#instructions

What do you think?

Nice subject! But I think it should be in General Chit-chat.

Will be moved there and is CLOSED for the moment.

Moved from Looking for Something … and open again.

Thank you Henk, I agree with the move, I was not sure where to place it as it is obvs OT…

Classrooms (computer networks) are set up a number of different ways, and depending on the infrastructure may have different requirements.

So,
For instance if the course content was only about what might run on a local machine, you can install VMs in NAT or Host-Only virtual networks which would keep every machine isolated from each other. Even if installed “on bare metal” if the machine isn’t connected to a network, there’s “no harm, no foul” regarding any vulnerabilities and requirements for machines on a connected network.

And, from the link you gave, there doesn’t appear to be any network requirements. Everything that is described can be taught on an isolated, non-networked machine.

But, let’s take it a bit further… and say that course content would require connecting to the classroom network.
In that case, each machine <should> have a unique User, and every machine <must> have a unique name. Plus, every machine must have a unique network identifier (eg MAC address or equivalent, IP address, etc).
Any machine installed on bare metal <may> be set up with all the required unique settings, it depends on the installer.
Any VM can be installed in a NAT virtual network as I neted earlier. Then, the HostOS only has to be unique on the network.

And, this is also why there can be many ways to set up a classroom, I’ve seen student machines set up using PXE, manually set up (instructions displayed on a projector) and scripted. Every one of those options satisfy the same list of requirements for a working classroom.

TSU

On Mon, 16 Jan 2017 12:36:01 +0000, hcvv wrote:

> wakou;2808717 Wrote:
>> Hi folks, I was idly browising about and came across this offering,
>> from Harvard, of all places. http://tinyurl.com/nokdsga I thought
>> perhaps I would look in to it…
>>
> Moved from Looking for Something … and open again.

So having built classroom setups, here’s the thing - when designing labs,
you want to have the environment as simple as possible, which means each
pod (ie, student configuration) has to have the same setup. That makes
it easier for the instructor to troubleshoot problems as well.

This is a case where the balance between security and ease of use leans
towards ease of use - it’s a sandboxed environment, used for learning
concepts, rather than a system that needs to meet high security standards.

Naturally, a class that focuses on security should teach best
practices, and should have exercises that reinforce them - but in a
learning environment, the ideal is a setup that’s easy to teach to, demo,
and have the student work in. Highly securing that environment gets in
the way of the learning experience, generally speaking.

Jim


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Thank you. But as a secondary Q. Is a system which is within a VM. As secure as its host? Less secure? Equally vulnerable as its host? Or is it as vulnerable as if it was “open”.

On Mon, 16 Jan 2017 19:16:01 +0000, wakou wrote:

> Thank you. But as a secondary Q. Is a system which is within a VM. As
> secure as its host? Less secure? Equally vulnerable as its host? Or is
> it as vulnerable as if it was “open”.

Depends on a lot of things, but at the end of the day, it’s a learning
environment, so security isn’t as important as it is for production
systems.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

But! Step 2, once you have set up the VM, is to set up and configure “DropBox”, so some network connectivity is assumed, and is certainly not discouraged…And if this were for a purely “bricks and mortar” classroom, then yes. But this is for a distance learning “class”.