User:Rpeters: Difference between revisions
| Line 394: | Line 394: | ||
| == Firewalls == | == Firewalls == | ||
| Virtually no commercial router is capable of handling all four common types of Internet connection: | |||
| *Broadband via Cable or NBN | |||
| **technically HFC, FTTN, FTTH/P (NBN) | |||
| *Broadband via ADSL | |||
| **also called "ULL" by some suppliers | |||
| *Broadband via USB modem (2G/3G/4G) | |||
| *Dial-up via phone line | |||
| ADSL Modem/Routers | |||
| *always applicable to ADSL connections | |||
| *some provide for alternate connection via USB modem | |||
| *few, if any, can be used with Cable/NBN | |||
| Broadband Routers | |||
| *might be described simply as "Router" | |||
| *primarily for use with HFC, FTTN, NBN | |||
| Virtually no commercial router is capable of handling all four common types of Internet connection: | Virtually no commercial router is capable of handling all four common types of Internet connection: | ||
| Line 429: | Line 414: | ||
| **were popular ~ 10 years ago | **were popular ~ 10 years ago | ||
| **supported only''' one''' computer, in absence of additional router | **supported only''' one''' computer, in absence of additional router | ||
| *WiFi LAN included in many models | |||
| Broadband Routers | Broadband Routers | ||
| *might be described simply as "Router" | *might be described simply as "Router" | ||
| *primarily for use with HFC, FTTN, NBN | **primarily for use with HFC, FTTN, NBN | ||
| *many have USB port | *many have USB port | ||
| **need to check whether supports USB moblie broadband modem | **need to check whether supports USB moblie broadband modem | ||
| **might support only USB printer | **might support only USB printer | ||
| *technically could be used in conjunction with ADSL modem or ADSL modem/router | *technically could be used in conjunction with ADSL modem or ADSL modem/router | ||
| **new, ADSL modem/router generally a better solution | |||
| **suitable choice only when ADSL device already owned | **suitable choice only when ADSL device already owned in order to: | ||
| **extend ADSL modem service to multiple computers | ***extend ADSL modem service to multiple computers | ||
| ** | ***enhance security of older ADSL devices | ||
| *WiFi LAN included in many models | |||
| Mobile Broadband Routers | Mobile Broadband Routers | ||
| *usually physically small devices for moblie use with laptop/netbook/tablet | *usually physically small devices intended for moblie use with laptop/netbook/tablet | ||
| **require mobile phone plan of some type | |||
| **those having slot for SIM card should have inbuilt 2/3/4G wireless broadband modem | **those having slot for SIM card should have inbuilt 2/3/4G wireless broadband modem | ||
| **others require separate, plug-in USB wireless broadband modem | **others require separate, plug-in USB wireless broadband modem | ||
| ***'''essential''' to check router manufacturer's web-site for compatible modem models | ***'''essential''' to check router manufacturer's web-site for compatible modem models | ||
| *might not be a good choice for use only at fixed location (home/office) | |||
| *almost invariably include WiFi LAN capabliity | |||
| *may include "wired" LAN via Ethernet or USB connection | |||
| *some powered by internal, rechargable battery | *some powered by internal, rechargable battery | ||
| **these models tend to have limited transmission range | **these models tend to have limited transmission range | ||
| **usable only in medium/strong signal areas for moble  | **usable only in medium/strong signal areas for moble phone reception | ||
| **WiFi LAN may have limited range and/or ability to penetrate walls etc | |||
| *need to stand '''vertically''' for best signal strength | |||
| Selection | |||
| A wide range of devices are commercially available in each of the above categories.  Suggested guidelines: | |||
| *an ISP is likely to be better able to provide techical support for a device they sell | |||
| *if relying on friends/relatives/acquaintances for technical assistance then choose a model with which they are familiar | |||
| *if also relying on the router as primary firewall for a LAN, compare firewalling features | |||
| **see [[Commercial]] | |||
| Configuration | |||
| *Routers are generally configured via a Web Browser | |||
| **other, more technical routers are generally unsuited to home users | |||
| *Reputable manufacturers have their User Guides available for download from their web-site | |||
| **peruse manual '''prior''' to purchasing device | |||
| *user interface via web browser varies widely | |||
| **impractical to provide generic configuration guidelines | |||
| **good quality manuals cover the physical connections and setup procedures well | |||
| == Packet-Filtering v Router == | == Packet-Filtering v Router == | ||
Revision as of 01:07, 1 September 2013
Distributions 64-bit or 32-bit
For General Users
64-bit Linux is generally recommended for computers that support it - see below for simple tests
- it has been in general use for over a decade and is now quite mature
- it supports an overwhelming majority of hardware
- usually includes the NX feature, that is likely to provide additional protection against malware
Note that Linux Distributions may variously refer to 64-bit Linux as "x86_64" or "AMD64". The two are equivalent and the latter works on computers that are trade-marked "Intel Inside" as well as AMD-based computers.
Test for CPU Model
64-bit CPU
A simple and reliable way to check whether a CPU supports 64-bit code is to boot a 64-bit distribution
- Parted Magic is a suitable distribution for this purpose, because a 64-bit only ISO is available and it is only ~ 200 MB.
- alternatively, any 64-bit Distribution media could be used, if already to hand.
- a 64-bit kernel will quickly present an error message along the lines of "unsupported CPU/architecture" if a 64-bit capable CPU is not detected
32-bit CPU
If the above test indicates that 64-bit Linux is not supported then most 32-bit Linux should be suitable.
- the latter might variously be labelled "x86", "i586", "i686" or frequently no differentiator at all
Exceptions where a Distribution is unsuitable include:
- a small minority are compiled for CPU later than "i686" (Pentium II or equivalent)
- these would begin to boot on earlier CPU, but quickly halt and display and error message
- beginners are faced with using a different Distribution (or obtaining a later computer)
 
- some Distributions are collated for specific hardware platforms eg eeePC netbooks
- these are likely to work incompletely on Desktops as well as other laptops
- the purpose of the Distribution would be clearly identified by the provider
 
Getting Technical
NX Option
NX (non-execute) is a security feature. A common technique used by malware is to hide code in data-only areas of memory. NX makes that technique ineffective by preventing any such code from running. Consequently it is desirable to utilise NX, where available.
Advantages of 64-bit distributions include
- NX features are provided in hardware, thereby supported and usually included in the kernel
- 64-bit CPU include many additional instructions which can improve performance somewhat
- 64-bit CPU and most applicable mainboards support >> 4 GB RAM
- 8 (or more) GB of RAM is now affordable
- 2 or 3 RAM modules improve performance if populating dual or triple-channel mainboards and the "sweet-spot" pricing would result in 8 or 12 GB RAM
 
- 64-bit Linux code is mature and fairly complete
- core hardware drivers for peripherals tend to be manufacturer-agnostic and provided with 64-bit kernels - eg for printers, scanners, usb-storage
- manufacturer-specific code for peripherals tends to be provided via programs rather than "drivers" and 32-bit variants can be used where 64-bit are not available
 
PAE Kernels
Many kernel options must be included at compile time ie those cannot be loaded later "on-demand". Included in this category are:
- NX feature
- PAE option for 32-bit CPU, via which NX is implemented on such CPU
- CPU instruction set - typically identified via CPU model eg Pentium, Pentium III etc
In general, it is desirable to use a PAE kernel, with 32-bit CPU, simply to obtain the NX feature. Such kernels occupy approximately 200 MB and might not be included on installation media. Typical mechanisms for obtaining them include:
- if the option is provided via the installation routine and a broad-band Internet connection is accessible eg via Router
- as a post-installation update either from DVD media or via direct download from the Internet
== Distributions 64-bit or 32-bit Advantages of 64-bit distributions include
- NX features are included in hardware and thereby supported
- 64-bit CPU and most mainboards support >> 4 GB RAM
- 8 (or more) GB of RAM is now affordable
- 2 or 3 RAM modules are preferable if populating dual or triple channel mainboards and the "sweet-spot" pricing would result in 8 or 13 GB RAM
 
- 64-bit Linux code is mature and fairly complete
- core hardware drivers tend to be manufacturer-agnostic and provided with 64-bit kernels - eg printers,  scanners, usb-storage
- manufacturer-specific code for peripherals tends to be programs rather than "drivers" and 32-bit can be used where 64-bit are not available
 
==
Work in Progress
eWaste
| Device | Issue | Task/Test | Result | Reserved | Sitrep | Action | Volunteer | 
|---|---|---|---|---|---|---|---|
| qty 5 AOpen midATX chassis (from circa 2000 Train PC) | 1.erase HDD | - | - | - | any | ||
| 1.erase HDD | no change | - | unresolved | - | |||
| qty 2 short ATX chassis (from previous gen Gateway) | no change | - | unresolved | ||||
| r | style="color:#ee3900;" | - | - | ||||
| - | unresolved | - | |||||
| style="color:green;"y | - | - | |||||
| r | - | - | 
Equipment Issues
- || #005900 - || || - || - || - || ||| Device | Issue | Task/Test | Result | Reserved | Sitrep | Action | Volunteer | |
|---|---|---|---|---|---|---|---|---|
| Huawei 16 port Gb switch (main office) | reposition away from Helper's desk | longer, 10 m Cat 5e required | - | - | - | requisitioned | Rod | |
| - | - | - | unresolved | |||||
| - | runs normally | - | - | - | ||||
| - | - | - | - | - | ||||
| Additional Member Use PC (main office) redeployed Old Train 01 | "freezing" | - | - | - | hardware testing required- | required | Rod | |
| - | - | - | unresolved | |||||
| - | runs normally | - | - | - | ||||
| - | - | - | - | - | ||||
| Additional Member Use PC (main office) redeployed Old Train 05 | unreliable boot from SATA HDD | - | - | - | hardware testing required- | required | Rod | |
| - | - | - | unresolved | |||||
| - | runs normally | - | - | - | ||||
| - | - | - | - | - | ||||
| Train 01 | - | - | - | - | unresolved | |||
| - | - | - | unresolved | |||||
| - | runs normally | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | |||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | - | |||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | - | |||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| - | - | - | - | - | ||||
| Old Train 11 | powers up for only a few seconds | 1 power supply tester | OK only intermittently | - | unresolved | Rod | ||
| 2 alternate power supply | fails to start | - | unresolved | - | Rod | |||
| 3 revert to original power supply | runs normally | - | intermittent & unreliable | set asside as spares | Rod | |||
| - | - | - | - | - | ||||
| Old Train 13 | persistent, annoying, random video flicker | 1 set CMOS to "failsafe defaults" | no change | - | unresolved | - | Rod | |
| 2.flash upgrade BIOS to F6 level | no change | - | unresolved | - | Rod | |||
| 3 run memtest | one faulty cell at 991 MB in one only of 6 passes | - | unresolved | - | Rod | |||
| 1 set CMOS to "failsafe defaults" | no change | - | unresolved | - | ||||
| - | - | - | - | - | 
Table
| Device | Problem | Tests | Results | Prognosis | 
|---|
| Old Train 11 | power supply tester | erratic | Rod align="bottom" style="color:#e76700;"| 
 
 Templatesthis is it -Rpeters13:25, 24 August 2012 (EST) -- 
 
 AF DrivesFor General UsersOverviewAdvanced Format (AF) Hard Disk Drives are used in many pre-built computers and USB drives from about 2011 onwards.. By way of explanation 
 Advantages
 Disadvantages
 No action is required by the typical purchaser, because the manufacturer will have taken care of the special formatting required with AF drives. Getting Technical below, provides guidelines for those needing to: 
 Getting TechnicalAdvanced Format DrivesNew HDD from about 2011 onwards are likely to be Advance Formatted 
 Avoid reformatting drives to MBR 
 . A new type of partition table called Globally Unique Identifier(GUID) Partition Table (GPT) is required to optimise the performance of AF disks. The partition table previously in common use has no univerwsally agreed name but is given the nomenclature Master Boot Record (MBR), because that was a unique feature of it. Legacy partitioning tools do not handle GPT. A suitable tool for intermediate users is "parted" or its GUI front-end "gparted". The simplest way to use these is from a bootable utility CD http://www.sysresccd.org/Download http://partedmagic.com/doku.php?id=downloads Altering PartitionsIt is not advisable to delete or alter patitions of type ef01 or ef02, because these have a special purpose in GPT. Other partitions may be re-sized or added, as required. Note that: 
 A compleat description of GPT is available at: http://www.rodsbooks.com/gdisk New DrivesThe full capacity of Drives over 2.1 TB can be utilised only via recent mainboards or add-on SATA controllers 
 The boot flag in GPT does *not* make a disk bootable from a BIOS mainboard. See the procedures at: http://www.sysresccd.org/Sysresccd-Partitioning-EN-The-new-GPT-disk-layout 
 
 Strictly for GeeksCapacityThe international standard for data capacity uses multipliers of 2 ^ 10 in lieu of SI decimal multipliers of 10 ^ 3 eg 
 through 
 Why does this matter ? 
 ToolsA more capable partitioning tool is required to set up the advanced features of GPT. The partitioning tool gdisk is downloadable from http://www.rodsbooks.com/gdisk/download.html Partition ConversionMBR drives can be converted to GPT partition table, without erasing data, subject to some limitations and risks 
 Advanced Patitioning Layouts
 
 Re-formattingDrives up to 2.1 TB,manufactured during the transitional period, logically divide each 4kB sector into eight 512 B sectors 
 AF drives that are re-formatted to MBR might behave unreliably unless expert options in gdisk are used 
 File MigrationThe simplest approach is to install additional HDD before any systems are installed or data created. If that is not feasible then any existing files/folders at the intended mount point need to be migrated 
 
 FirewallsPacket-Filtering v Routera perenniel question is whether it is preferable to run a packet-filtering style firewall on each workstation/laptop/pocket-PC or to use a single "hardware" router to protect the whole LAN Packet-Filtering v RouterAdvantages
 Disadvantages
 LinuxMost Linux include a packet-filtering style firewall 
 Mac OSXcitation needed Windowscitation needed Gateway/Router
 FirewallsVirtually no commercial router is capable of handling all four common types of Internet connection: 
 If an ISP offers a "router" for their service then it is probably of the applicable type. Otherwise a user would need to choose carefully from the following types of "routers" ADSL Modem/Routers 
 Broadband Routers 
 Mobile Broadband Routers 
 Selection A wide range of devices are commercially available in each of the above categories. Suggested guidelines: 
 Configuration 
 Packet-Filtering v Routera perenniel question is whether it is preferable to run a packet-filtering style firewall on each workstation/laptop/pocket-PC or to use a single "hardware" router to protect the whole LAN Packet-FilteringAdvantages
 Disadvantages
 LinuxMost Linux include a packet-filtering style firewall 
 Packet-Filtering v Routera perenniel question is whether it is preferable to run a packet-filtering style firewall on each workstation/laptop/pocket-PC or to use a single "hardware" router to protect the whole LAN Packet-FilteringAdvantages
 Disadvantages
 LinuxMost Linux include a packet-filtering style firewall 
 Mac OSXcitation needed Windowscitation needed Gateway/RouterAlthough these are typically a separate hardware item they are not necessarily an additional hardware item, often being combined with an ethernet switch and/or DSL modem Advantages
 
 Disadvantages
 zero acreage LinuxMost Linux include a packet-filtering style firewall 
 Gateway/RouterFor General UsersThe relative advantages of a separate gateway/router are discussed at A packaged commercial uint is the most suitable option 
 Disadvantages
 RecommendationsA commerical uint that overcomes the above disadvantages at a price is the FritzBox 
 A much lower pirced unit is the DLink DIR-615 
 Getting TechnicalDIY routers overcome the support limitations of commercial units, although until recently this has been at a cost of: 
 Most DIY units have been based on superceded PC. Additional hardware will be required: 
 HardwareMinimum suggested specs are approximately 
 Wattage for DIY has been somewhat higher than for commerical routers. A suitable objective, using 2010 or later componentry is 25 W. Lower wattage units are addressed under "Strictly for Geeks" below. CPU wattage is a poor indicator because other chips and peripherals consume somewhat more. Suggested basis for low wattage router: 
 SoftwareMany Linux and BSD can be configured a gateway-router, but it is generally simpler and more watt efficient to use a specialised firewall/gateway distribution. Better known ones are listed in Linux_Distribution_Recommendations Although BSD based distributions such as Monowall are quite functional, their use would involve an additional learning curve for most people ZoningSoftware for DIY routers implements similar network zoning to that in commercial routers. An aspect that is different is the colour coding of zones: 
 Strictly for GeeksDIY routers based on ARM CPU have become viable during 2012. 
 
 Rescue CDFor General UsersBoot Only Rescue CDA computer which fails to start as far as the login screen (or "Safe Mode" in the case of Windows) might have a mal-configured bootloader. Such condition can result following routine software updates. The following CD can sometimes succeed in booting a system which is failing to start from hard disk drive. Success rate varies between the rescue CD, as described below. Some can deal with greater mal-configuration of the installed system(s) than others. 
 All can boot most operating systems, including Linux, MacOSX and Windows Try rEFInd for systems manufactured from early 2011 onwards. If it does not start on your computer then try Supergrub 1.98 One of the Grub rescue CD would be required for older computers 
 Systems that don't boot via the above procedures can often still be recovered, but it gets more technical. As described below. Some prior preparation can increase the success rate of rEFInd on newer computers Getting TechnicalUEFI MainboardsComputers manufactured from 2011 onwards are likely to use UEFI firmware in lieu of BIOS firmware on the mainboard 
 Quick Fix
 Create Bootable EntitiesIn order for this rescue mechanism to work Linux must 
 
 
 
 BIOS MainboardsDisk OrderBooting Linux from a separate HDD will be much more reliable if it is put on the first HDD that is identified by the BIOS 
 Quick Fix
 Grub Rescue CDGRUB-legacy and GRUB2 have provisions for making bootable GRUB CD (actually ISO images, from which a CD may be burnt) 
 It is diffcult to create a generic boot CD because GRUB looks for particular hard disk drives, partition numbers, kernal images and initrd images that are specified in its configuration file 
 
 
 Distribution specific notes
 ProjectorOverviewThe projector in PCUG Training Room is set up for optimal use with the Trainer's PC, that is also provided. Anyone planning to give a course or presentation using their own laptop computer is strongly advised to work through these guidelines well in advance and ensure that their laptop is working with external displays. Up to three settings might might neeed to be changed to have a notebook computer display output via its external video connector. The following description is, of necessity, generic because of variations between different hardware and operating systems. Refer to the User's Guide for the notebook, if necessary, for specific guidance regarding the following settings : Manuals for many models may be downloaded from he following site ProceduresConnect Video Cable
 Enable External Video Output in the BIOS
 Configure the Second Display/Monitor/Video card
 Use External Power Supply
 Activate Output to External Display/Projector
 Repeat Display Configuration for other Operating Systems
 Additional Issues with Training Room ProjectorSome further notes regarding the projector in the Training Room. 
 ISO HybridsUsing/Creating ISOhybrid FilesThis task is for intermediate/advanced users OverviewSome dotISO files are now being provided as "ISOhybrids" 
 ISOhybrids may also be burnt to conventional CD/DVD/Bluray optical media, or written to USB/SD media, as in general/intermediate procedures above 
 Hybridisation
 Writing ISOhybrids
 http://en.opensuse.org/SDB:Live_USB_stick#Bootable_USB_from_DVD_or_Net-install 
 
 PrintingFor General UsersNew users of Linux may find that their printer (and scanner) is neither supported nor supportable. Simplest option is to (wisely) purchase a new printer. 
 Selection Guideance
 All of the following pre-purchase research is strongly recommended 
 
 TroubleshootingThe direct interface to the Linux printing sub-system (CUPS) on your computer is via the URL http://localhost:631 
 Failure to print, although the driver is installed, can result from unsuitable settings. 
 
 Printer Recommendations
 
 ScanningRaspberry PiCasesHeat LoadQuick Start Guide from distributor RS Components recommends: 
 It's debatable whether or hot the majority of cases being sold meet the above criteria. Alternatives to CasesA DIY cover can be made usiing discarded CD media. The original concept was at That "case" does not anchor the RPi down and dimensions for accuately positioning the plastic supports are not provided. A variation, including critical dimensions is at Some construction factors to note, In either variant 
 The two (only) chips on RPi can get quite hot in operation. Small, self-adhesive heatsinks are now available from: 
 ArduinoFor General UsersThe Arduino is an interface between a controlling PC and stuff you want to control. A set of links that should get inexperienced users started is below. Power arduino from battery http://www.jaycar.com.au/productView.asp?ID=XC4258 Great hardware selection http://www.pololu.com http://www.freetronics.com/ oz hardware site http://www.robotgear.com.au arduino home http://www.arduino.cc/ arduino software http://arduino.cc/en/Main/Software Language Reference http://arduino.cc/en/Reference/HomePage Lots of different boards such as https://shop.ruggedcircuits.com/index.php?main_page=product_info&cPath=1&products_id=23 Simon Monk as written everal books toget you started. The code from his books can be downloaded from here http://www.arduinobook.com/downloads 
 
 --[[--Rpeters 18:15, 18 August 2012 (EST)]] -- | ||||||||||||||||||||||


