~misterio/IC

d64520f7aa61abe03514fa6417212128d183d790 — Gabriel Fontes 1 year, 9 months ago ac5acca
progresso com revisão
1 files changed, 17 insertions(+), 34 deletions(-)

M project.md
M project.md => project.md +17 -34
@@ 1,4 1,4 @@
# Building a reproducible and user-driven computer lab with NixOS
# Building zero-trust computer science learning laboratories

Student: Gabriel Silva Fontes



@@ 15,45 15,30 @@ learning environments
Computer laboratories are an essential (yet expensive) piece of public
infrastructure, even more so when speaking about high education institutes
focused on computing fields. Having access to working computers in a social
environment, during their classes or extracurricular activities, plays an
important role in computer sciences students' learning[1], particularly those
students who can't afford to bring a personal laptop.

Building, managing, and updating these labs are not simple tasks, however.
Computer lab administrators usually have to strike a balance between security
and flexibility.

Specially on these institutions we mentioned, the need for flexibility is even
bigger: each subject might require a completely different software stack, each
student may prefer to work with a different code editor or tooling. Most
computer operating systems do not support unprivileged software installation,
forcing IT administrators to install a select subset of packages, unfortunately
environment, during classes or extracurricular activities, plays an important
role in computer sciences learning[1], particularly for students who can't
afford to purchase a personal laptop.

Securing these environments are not simple tasks, however. Laboratories, like
most public-ish IT systems, should be treated as _zero-trust_ environments.
Administrators are usually forced to strike a balance between security and
flexibility.

Specially in the institutions we mentioned, the need for user flexibility is
even bigger: each subject might require a completely different software stack,
each student may prefer a different tooling.

Security usually involves not allowing for any kind of superuser privilege.
Most computer operating systems do not support unprivileged software
installation, forcing IT administrators to install a subset of packages,
culling the amount of tooling choices the users might have.

There are a few options for (limited) unprivileged yet safe installations,
amongst them containerization and virtualization. While these might help
mitigate the problem, they suffer providing software development workflows: the
container ecosystem is hugely more focused on server software deployment rather
than development environments, while virtual machines are hard to reproduce
from scratch on different computers, take up a lot of storage, and suffer
performance penalties (specially for graphical applications).

**TODO**: Existing solutions (together with last paragraph)

**TODO**: Real world problems

## 2. Objective

This project's main objective is building a fully reproducible, completely free
software backed, NixOS-based computer laboratory environment, as well as
measuring how productive and satisfied different users can be with the current
Nix tooling and ecosystem, thus evaluating how viable this kind of deployment
could be on other laboratories.

This environment will have most features users have come to expect of a
computer laboratory: centralized authentication and user data storage (based on
LDAP), graphical desktop environments (GNOME and/or KDE Plasma), as well as
documentation to help with learning the basics of all the available tools.

## 3. Methodology



@@ 80,5 65,3 @@ physical space.

## References
1. Newby, M & Fisher, D. _A Model of the Relationship between University Computer Laboratory Environment and Student Outcomes_. Learning Environments Research, 2000.
2. Dolstra, E. _The Purely Functional Software Deployment Model_. Utrecht University, 2006.
3. Repology, _Repository size/freshness map_, accessed 10 May 2022, <https://repology.org/repositories/graphs>.