Applying the principle of it being easier to get forgiveness than permission I bought some new toys now that I have a new phone (Samsung SIII Mini).
For 7 years we have had a nice safe internet environment at home.
The whole family have been using SunRay thin terminals that were protected by multiple layers.
- First the SunRay terminals are wired into a dedicated network that is not directly connected to the internet and which only supports SunRay clients. So foor example you couldn't bring a laptop into their room and connect it to the internet via the network cable there.
- The SunRays were connected to a Sun server running Ubuntu linux. I didn't support Windows in their rooms at all. So no Windows virus problems plus centralised management, configuration and logging meant I was in control of all the applications.
- The Sun server was then connected via a second network to a dedicated firewall machine running IPCOP (a special version of Linux locked down for use as a firewall). This was set in a fairly restrictive mode in terms of what internet protocols were supported. This kept the already fairly secure Ubuntu further protected from attackks. Plus it also allowed me to restrict in lots of ways what was available to us all on the Internet. For example it included DansGuardian which is a content filter that looks at every web page to check the address is not known to be porn etc and looks at the content of every page to score it and decide if it is ok based on the words used in the page (and it's url).
- The IPCOP firewall was then connected to a standard broadband router (via CAT5 rather than USB) and I locked that down as much as is possible with these fairly basic devices.
Beyond the SunRays we have supported a variety of other devices
- I added WiFi using a 3rd network adaptor in the IPCOP firewall connected to a separate WiFi Hub. This was setup with very tight restrictions. If you turned up with a laptop then before you could use it I had to add it's MAC address (unique address that every network adaptor has) to both the WiFi Hub and the IPCOP firewall. That would give you access to the internet through the IPCOP firewall but no access at all to the SUN Server.
- For very privileged people (basically me only) I allowed laptop to connect to the network printer via special routes from WiFi through the IPCOP machine.
- The WiFi has in recent years also supported Android phones and Kindles.
Over the years this has kept all our data safe and it has resisted attempts by teenagers to get at content, that I didn't want them to get to.
It has meant some inconveniences.
- Many times I have to specifically allow websites or parts of them that the firewall is blocking so that the boys can do homework or play games. It was a simple enough task.
- Sharing files between laptops and the main system was designed to be inconvenient, because that was the easiest way to keep the boys from getting lots of virus ridden fiiles from friends. For our own sharing beyond the Sun server we simply used the internet whether using email or dropbox or similar. For many years I simply used software version control with the "code" hosted on the internet and synced to whichever machine I needed it.
- Video and sound support on the SunRays has been poor to non existant. But we have always had a laptop or 2 around that can be used for this.
- Flash has often not worked properly on the SunRays, again if important then use a laptop.
- It meant we were using OpenOffice rather than Microsoft Office, but II have always seen that as an advantage (the only application where this has occasionally been a nuisance is ppowerpoint where OpenOffice Impress is not 100% compatible with annimations and transitions.
- In more recent years some internet things just haven't worked properly through the firewall as it was getting a bit old. That included iTunes.
Since the original purchase 7 years ago we have been able to use entirely legal software on the Sun server and all the SunRays, have it updated many times and all for zero cost.
Let me repeat that. Since buying the Sun server 7 years ago we have spent £0 on software despite many updates and a full set of applications. We have also had zero problems with viruses. Our downtime has been minimal with the server frequently running for months at a time between reboots.
Not only that but the SunRays had other advantages too.
- They had no fans and so were silent. Handy when everyone had one in their bedroom.
- Installation of a new application and making it available to everyone takes seconds (find it in the Ubuntu software centre and click install).
- If they get turned off, knocked over or have cola poured over them you don't lose anything at all. Just take out your smartcard, put it in another machine and carry on from where you were (it helped that it was cheaper to buy a bundle of them rather than 5 individually).
- If you want a change of scene then remove your smartcard and put it in any other machine to carry on exactly where you were.
- Want some help with your homework then just take your smartcard to someone else and pop it in their SunRay to show them what you are doing.
- When I wanted to run training courses I could setup a room with 15 workstations in a tiny fraction of the time it would take with individual PC's (I know I have done it). My only restriction was due to the number of monitors I could borrow.
But now without our Sun server I am entering a Brave New World with all these levels of security lost More thoughts on that later.
However, this week the server failed in a major way (power on but nothing at all on the screen and no hard disk activity).
At a recent meeting of people on twitter one of the things we discussed was how connected we have our various pieces of social media.
For me there are currently five main elements to my use of social media:
- This blog 42.blogs.warnock.me.uk, this has now being going 7.5 years. Nowadays the content is mostly faith related with some general life, politics etc thrown in.
- My cycling blog 42bikes.warnock.me.uk this is about cycling A mix of experiences, campaigning, comment etc. I am writing more here in recent months having taken up the challenge to post something everyday for 2011.
- Twitter @dave42w
- Facebook dave.warnock
- Flickr for photos davew42
Until a few minutes ago I had these pretty much automatically connected. Now I have some separation. So here is how I plan to connect them/cross post.
- I will update twitter and facebook whenever I post to either blog. I need to check whether they will appear on facebook as full posts or just links (as quite a lot of people comment on the facebook full posts I thiuk that is worth continuing).
- I have stopped automatically updating facebook from twitter. So facebook users won't see all the twitter oddities with # @ etc in them.
- I will sometimes update both twitter and facebook with a status message if I think both groups of people will be interested (for the technically minded I can do this by adding a #fb to the end of the tweet or from within the Hootsuite twitter client)
- Conversations on twitter (replies and retweets in particular) will not appear on facebook.
- My latest photos on flickr appear in the sidebar of 42bikes.warnock.me.uk
If I ever have time to bother I might use the features of twitter and facebook to breakdown my followers/friends into groups (family, work, cycling, …). But I don't expect to make this a very high priority.
I guess that over time I will fine tune this.
The new house is showing more advantages of having thin-clients. We have installed proper Cat5 network cabling with two wall ports in each bedroom plus lounge and dining room. They all connect to a patch panel in the utility room by the server.
This makes life so easy. For example providing wired connections for Xboxes or Wii's to the boys bedrooms.
However, the SunRay thin terminals are so easy to setup that everyone in the house is able to do their own. Jane had managed to clear a desk in our bedroom and so took a SunRay up, connected all the cables including from the patch panel herself. When she took her smartcard from a machine she had been using and put it in the one in the bedroom her screen was exactly as she had left it downstairs (mouse in the same place, same window with focus, same keyboard state).
Imagine how long it would have taken to add an extra PC and put all the applications and documents on it.
Plus of course who wants a noisy big PC in your bedroom when you can have a silent (no fan even) SunRay.
Sadly since Oracle bought Sun it looks to me as if any developments of these fabulous thin clients for homes are unlikely. That is a real pity as with modern broadband performance it is perfectly practical to have a server somewhere out on the internet supporting thin clients in hundreds of homes.
Anyway now that Ubuntu 10.10 (The Maverick Meerkat release) looking stable I'll be upgrading the SunRays soon, sadly it does look as if sound may be impossible on these when using Ubuntu for a while. Seems that the Sun Ray Software Server is not keeping pace with Linux standards for sound.
However, we will get newer versions of OpenOffice as well as all the other packages we use and it will still all be free
The person who used this search why patriarchy in christian church is wonderful – AOL Search Results to find my post 42: Patriarchy Leads to Abuse. Period was probably a bit surprised to find my post on the first page of results