andybalholm
commented
2 months ago Redwood natively supports time-of-day restrictions. But limiting the amount of time spent online per day is another story…
Open mrbluecoat opened 2 months ago
andybalholm
commented
2 months ago Redwood natively supports time-of-day restrictions. But limiting the amount of time spent online per day is another story…
mrbluecoat
commented
2 months ago Yes, I was hoping for time duration (e.g. max 2 hours screen time limit per day). Any plans to support that in the future?
thinkwelltwd
commented
2 months ago Any plans to support that in the future?
To "support that", questions like this would need to be answered:
In summary, a "max screentime per day" policy is better suited to enforcement on the device, where specific app run time duration can be monitored.
hiranchaudhuri1
commented
2 months ago Yes, I was hoping for time duration (e.g. max 2 hours screen time limit per day). Any plans to support that in the future?
Screentime per day - I am controlling this on Ubuntu using https://mjasnik.gitlab.io/timekpr-next/ However I also thought about a 'network time' quota.
For a network quota it might be sufficient to measure the first request and allow subsequent requests until the time is up. Since redwood is capable of intercepting and categorizing traffic it is even possible to have different quotas depending on "sports", "school", ...
I acknowledge this would require being able to remember the first quota-triggering request. But I also believe this does not require any modification to redwood since it could be built as classification service. Would that be feasible?
thinkwelltwd
commented
2 months ago I acknowledge this would require being able to remember the first quota-triggering request.
Are you thinking that timekpr-next would remember the first request, or Redwood? If Redwood, defining "the first quota-triggering request" more difficult than it sounds, since the term "screen time" implies a human operator and any modern device that's powered and connected to the network will make network requests.
If that human operator wakes up every morning and finds their screen time for the day has already expired, dissatisfaction is likely to result.
But I also believe this does not require any modification to redwood since it could be built as classification service.
A classification service would be moving the responsibility outside Redwood, yes.
But then that classification service would labor under the same limitations that Redwood has, namely that classification service could not identify the software client making with certainty based on properties of the network request.
hiranchaudhuri1
commented
2 months ago Let's put this into play. When I turn on my computer - even before I logged on it ran a number of network requests. Let's say there are those that check for updates against the OS repositories. Later, when I log in I want to check my emails (maybe with, maybe without the browser as mail client), and after that I decide to watch some movies. As a parent I would not like to stop 'creative' or 'meaningful' work but limit the 'consumption'.
Now with redwood's classification features it is easy to distinguish those. I can even allow Youtube to be accessed as long as it is not cat videos ;-). But as soon as the 'cat' category is hit, time starts counting so any subsequent request matching that category is allowed as long as the quota is valid. After that it goes back to a 'sorry dude, come back tomorrow' page.
I can imagine creating such an addon. Thinking clearly about it I would not rate it as classification service as I would prefer not to duplicate the code already present in redwood. But having a similar addon service that receives the URL, user, client IP and the categories could then compare this to a quota database and return approved/denied.
You say identifying the client/person is crucial: This could be done by client IP as my kids have dedicated network devices. I could as well put user authentication into their proxy setup so redwood would definitely hold a username. That plus the request classification are a powerful combination to check the quotas. Is it necessary to identify the exact client? I don't think so as I can filter on the content. As an advantage the response would not pass through if it has inappropriate content - regardless whether it was requested through Firefox, Chrome or curl.
BTW, monitoring app runtime as suggested above is useless on apps like web browsers that can be anything from required/useful/nicetohave/forbidden applications. That's where the URL needs to be looked at. Oh, Youtube has educational videos as well as spam? That's where the network traffic needs to be looked at -> Kudos to Redwood!
thinkwelltwd
commented
2 months ago Thinking clearly about it I would not rate it as classification service as I would prefer not to duplicate the code already present in redwood.
When you referred to "classification service" earlier, I assumed you meant writing an external classification service that Redwood would call. I hadn't taken you to mean a Redwood Classification Service. So I think we're on the same page there.
I can even allow Youtube to be accessed as long as it is not cat videos ;-). But as soon as the 'cat' category is hit, time starts counting so any subsequent request matching that category is allowed as long as the quota is valid. After that it goes back to a 'sorry dude, come back tomorrow' page.
So if I'm understanding your hypothetical, you're saying "cat videos can be viewed until 2 hours elapse after first one was accessed", and not "an accumulated total of two hours of cat video watching in a 24-hour period".
+1 to an external service being the place to put this sort of thing, since time-based definitions will vary.
I can imagine creating such an addon.
FWIW, Starlark Scripting and the Starlark Cache would be enough to almost implement what you describe.
You'd write a starlark function to check for the cat-video-category, user-ip, and any other desired attributes. Then generate a cache key for those values, and save the current time to the cache if not already present in the cache. But if it's in the cache and the value is more than 2 hours old, you'd block the request.
The only problem is that the cache is cleared at Redwood's restart, so if tracking the 2 hours of cat videos is absolutely critical, you'd need a cache that persists across restarts. In that situation, you could write a simple http api endpoint to redis, and call that API to check quota time.
hiranchaudhuri1
commented
2 months ago Thinking clearly about it I would not rate it as classification service as I would prefer not to duplicate the code already present in redwood.
When you referred to "classification service" earlier, I assumed you meant writing an external classification service that Redwood would call. I hadn't taken you to mean a Redwood Classification Service. So I think we're on the same page there.
Oh, rats. I understood it the wrong way. Somehow my memory was that Redwood was able to call something external that provides classification. Looking again it is redwood acting as that. Means: Yes, you understood me correctly. :-)
So if I'm understanding your hypothetical, you're saying "cat videos can be viewed until 2 hours elapse after first one was accessed", and not "an accumulated total of two hours of cat video watching in a 24-hour period".
+1 to an external service being the place to put this sort of thing, since time-based definitions will vary.
As soon as that external service keeps track on when such a period starts and by when it should be reset (let's say next day, or next week, or ...) Redwood would not have to care. But you are adding a nice aspect: What if the quota is 15 minutes per day, and the first request is approved since it is the start of the quota. But the video stream lasts for 3 hours? The quota system therefore should not only respond with 'yes' or 'no' but maybe with a duration how long the request is approved. And Redwood would then cut the connection after this duration.
I can imagine creating such an addon.
FWIW, Starlark Scripting and the Starlark Cache would be enough to almost implement what you describe.
You'd write a starlark function to check for the cat-video-category, user-ip, and any other desired attributes. Then generate a cache key for those values, and save the current time to the cache if not already present in the cache. But if it's in the cache and the value is more than 2 hours old, you'd block the request.
Currently I have no clue about starlark. Maybe it works. But with an external system called by Redwood someone (myself) could create a system backed by a database plus add a UI for seeing status and managing it.
The only problem is that the cache is cleared at Redwood's restart, so if tracking the 2 hours of cat videos is absolutely critical, you'd need a cache that persists across restarts. In that situation, you could write a simple http api endpoint to redis, and call that API to check quota time.
Yes, this sounds more like it. Does it have to be Redis? Oh wait, maybe Starlark could do exactly the call I was visioning about and the rest is in this external service. Remains the question whether we could cut the connection after a given duration. (and be aware I do not intend to cut all connections but those in specific categories, like cat videos. ;-) )
thinkwelltwd
commented
2 months ago Currently I have no clue about starlark.
It's Redwood's scripting engine which is probably the best way to manage the external calls, based on other request attributes.
Oh wait, maybe Starlark could do exactly the call I was visioning about and the rest is in this external service.
Yes, that's the right way to think about it! Here's a toy example, (non-functional and untested) that you can take as inspiration. It's loosely based on some YT classifying we do in a project I'm involved in.
You'd need to find or create external APIs for extra caching and any extra video classifying you might want to do, but it'll at least serve as a good starting point. You'd activate it in Redwood like so:
starlark-script /path/to/yt.starAnd set a log directory for logging starlark print statements and errors.
starlark-log /var/log/redwood/starlark.log
Ref: https://github.com/andybalholm/redwood/issues/80#issuecomment-1301159114
Does Redwood support time limits or would I need to pair it with something like https://github.com/Allow2/c-icap-allow2