Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Linux Business

Distributions/Configurations For Specific Uses? 192

Page writes "My college (UMPI) is currently reviewing a proposal to collect old hardware from small businesses and assemble machines for those who do not have a PC. The issue came up as to what linux distro to use that will allow us ease of both setup and ability to lock down the machine so once they are out in the field, they cant be tinkered with by accident (thus preventing problems later). These will be used solely for the purpose of web activities (surfing/mail), and word processing and *THATS IT*. Does anyone have suggestions and an idea about how to go about a standardized (or a sort of embedded) configuration across variable hardware?"
This discussion has been archived. No new comments can be posted.

Distributions/Configurations For Specific Uses?

Comments Filter:
  • Client/Server (Score:3, Insightful)

    by qurob ( 543434 ) on Tuesday October 08, 2002 @10:06AM (#4409462) Homepage
    If it's possible, why not just set up terminals?

    Whether a machine is a P166 or AMD 2000+ it'll be pretty much the same. Most colleges have networked dorms and such anyhow.

    You might as well go with RedHat or your favorite distro, but when you're piecing computers together you can't do much about standards. Just hope for the best!
    • Two problems with graphical terminals: One, they'll need extra bandwidth, and a lot of colleges (like mine until this year) are only 10 mbit. Also, the whole idea here is to turn out a solution that the techs will never, ever have to touch again. Terminal/server systems would be the responsibility of the techs.

    • If you layer the network it should work fine.

      first off 100mbit switches are not expensive, and 100mb suposedly can support upto 30 machines (the terminals them selves can have 10mb NICs). So use one Server per 30 terminals, and the Servers have two network cards w/o hard drives allowing them access to a central Boot Server. Maintenance should ammount to replacing dumb terminals, rebooting "servers". All administration can be done on the central boot server.

      Pentium one class PCs with monitors are running less than $60 now. And they do pretty well at drawing pretty pictures on the screen. You can buy them up my the dozens and replace them just as easily. Especialy good when your dealing with college kids that tend to be rough on public equipment. (Imagine the faces of some moron who tries to steal one!!)

  • We did this once... (Score:5, Informative)

    by ites ( 600337 ) on Tuesday October 08, 2002 @10:07AM (#4409469) Journal
    (But for a standardized hardware platform)
    (and for an industrial application...)
    Using DHCP and BOOTP, we loaded the OS and the applications across the network.
    The PC had no hard disk, no drives.
    The boot server was itself booted from a CDROM.
    So there was nothing to break or mess with.
    For word processing you'd have to use a network drive but that makes sense for backups anyhow.
    Modern Linuxes are pretty good at detecting existing and especially legacy hardware.
    So this approach would work for your problem.
    • I did this before with a Redhat Linux machine, and then diskless SGI Indy workstations. They made fairly nice remote X terminals. It worked out much better than buying some of the off-the-shelf terminals.
    • Pee Wee Linux!!! (Score:1, Informative)

      by Anonymous Coward

      I can't believe no one has mentioned Pee Wee Linux.

      It rocks!

      Everything is run in a ramdisk, so you can really tell the hardware "hands off" of the permanent storage. With the addition of a simple watchdog timer you can have a system that resets itself in the event of any mucking.

      Here's the link:

      • http://www.peeweelinux.org/
  • the perfect OS... (Score:1, Flamebait)

    by Anonymous Coward
    Windows NT

    *ducks*
  • No, no no. (Score:1, Funny)

    by Anonymous Coward
    THAT'S IT? No way!

    I don't want to help you, because I think everyone should be able to play Xkobo.
  • by Hobart ( 32767 ) on Tuesday October 08, 2002 @10:08AM (#4409483) Homepage Journal

    You might want to take a look at how Gentoo Linux [gentoo.org] puts together their "LiveCD" for installation purposes...

    Since you don't want these people to be able to change any configurations, just have a web browser and word processor, getting them to where their setup boots off of a read-only CD that has the tools they need may be the solution.

    Of course, this is a large amount of work, but perhaps the time you save putting it together will outweigh the time you might loose if they mess with and break their configurations. ;)

    • I am using Gentoo right now, and I think that it is great, but I doubt that it is going to be what they are looking for. I could be mistaken, but I do not think that gentoo meets the ease of setup requirement.

      You have to configure your partitions and the soundcard and any pretty much any other hardware yourself....and I doubt that the IT department is going to want to do that. They would have to develop a different CD for each system. It seems to me that the way things are going these days is to standardize software for both maintainability and security reasons.

      To contradict myself, I could be wrong about all of this though :). I am not sure how it works, and have not used it, but Gentoo has produced a self-booting UT2003 demo disk that supposedly takes care of everything. If you could figure out how they managed to whip this up, maybe this would be the solution to your problem.

      • Gentoo has produced a self-booting UT2003 demo disk that supposedly takes care of everything. If you could figure out how they managed to whip this up, maybe this would be the solution to your problem.

        To clarify, yes, this is what I am suggesting, that the poster look at producing a LiveCD.

  • by billmaly ( 212308 ) <bill.malyNO@SPAMmcleodusa.net> on Tuesday October 08, 2002 @10:10AM (#4409489)
    I'll guarantee you, once you get these machines out into the world, people will want to print with them. Printers fail and are changed, how will the plans for locked down systems affect the users ability to actually create something? Otherwise, I like the concept.
    • have generic queue's that arent specific to a piece of hardware? I know at least one university I attended did this with one queue per floor and then had one to four printers doing the work. This may not work well without something like a study lounge with a printer on each floor of a dorm if these are to go to students in the dorm though.
  • Norton Ghost is a viable option. After you get the configuration set on one computer and then use ghost to make an image of it. I think the new verion of ghost plays nice with linux as long as you're using ext2 as your filesystem.
    • Re:Ghost (Score:2, Informative)

      by i0chondriac ( 310892 )
      or you could check out systemimager

      http://systemimager.org/

      We've successfully cloned hundreds of linux boxes with it, and it supports reiserfs and ext3

      the guys on the mailing list are extrememly helpful as well.
    • Re:Ghost - HELL NO! (Score:1, Informative)

      by Anonymous Coward
      Norton Ghost is the equivelent of 2 commands in linux: (Aside from mkfs)
      First, make your image(s):
      dd if=/dev/hda bs=512 of=/somepath/bootsector
      dd if=/dev/hda1 of=/somepath/diskimage

      Then copy it to a machine:
      (format you fiel system using mkfs)
      dd of=/dev/hda bs=512 if=/somepath/bootsector
      dd of=/dev/hda1 if=/somepath/diskimage

    • Re:Ghost (Score:1, Informative)

      by Anonymous Coward
      The problem with Ghost is their licensing scheme..Norton expects you to pay them per computer that the image is transferred to. No joke. Transfer the image to 2000 computers? Pay for them too. I have yet to see any company or educational institution making heavy use of Norton Ghost even own a copy of the program..one of them even had a cracked .EXE and accompanying .NFO file in the same shared network directory that Ghost was installed in.
  • Some of the network appliance software can be modified to use in closed systems.
    If you can download the software for the ThinkNic computers. This is basically a scaled back machine for internet browsing. You can use this as a model for scaling back services. Or you can get a distro like Gentoo, install the base system and include the services you want. Set up a user account and don't give the root password. This should lock the system enough that you can fix problems as root if needed but limits the users ability to install.

    I would take the Gentoo option so that you compile optimised for the refurb machines you are using. This will help in performance over a generic installation. Then I would add the x servers and desktop, web browser, email, news client, and maybe open office, depending on your aims. Set up the user accounts. Give them access to those programs and space to save their documents in. Create xinit scripts to log them directly into x windows and they should be happy. If you focus on the process to do that you can make it an install procedure instead of a distribution and your machines will be optimised and the setup time in the end will be about the same.
  • Can you really guarantee that no one using these machines will ever want to run a non-standard application?

    I know administrators love locked-down machines, but sooner or later (most probably sooner) it will become an unnecessary limitation on some of the users.
    • If your going to deploy a lot of systems this way, you're going to have to provide for some sort of local support. Depending on the goals, and logistics, it might be fun to do this with volunteer admins from the user community or other support staffs that are already available for other reasons (don't know enough details to say). You could even roll your own distribution to make the installation easier on the range of hardware you will see, and to lock things down somewhat, at least for the base installation.

      Even if a machine gets blown out by inadvised tinkering, how hard is it to swap in another, or re-image, etc. I'm sure you'd end up with a range of skill and ability levels, but the smart ones can do all the hard stuff and make cookbook proceedures for everyone else to start from.

    • Yep, I just about can.

      These are people who have never used a PC before, or if they have, never learned how to use windows. These aren't college students, but people who live in poor areas and dont have access to a machine currently. Thats why its just for web surfing and email (the word processing bit was thrown in in case we need to give some to students here, but I think the term idea up at the top which I replied to may fit that, but anyway).

      These arent people who will develop, or need the terminal (or ever install anything). People like someone's grandmother, or an aunt who has never used a PC. 10;1 says that if I did a background that had a fake startbar at the bottom, it would never register that they werent using Windows9x. Not stupid people, just technically illiterate.
  • FireCast Linux (Score:4, Informative)

    by wirespring ( 605560 ) on Tuesday October 08, 2002 @10:13AM (#4409507)
    My company WireSpring Technologies [wirespring.com] makes a custom version of Linux called FireCast that's designed specifically for remotely managed terminals like kiosks, public terminals, and the like. We've got some customers in the education industry who are doing exactly what you mention, on hardware that they were set to abandon before they found us. Even if you don't go with our software, you might get some ideas from the interactive demo [wirespring.com]. Good luck!
  • by Chuck Messenger ( 320443 ) on Tuesday October 08, 2002 @10:14AM (#4409515)
    Knoppix sounds like it would be perfect. It's a bootable Linux CD, which includes lots of useful software, including Moz and Open Office. So, users couldn't accidentally screw it up. It did a nice job with the 2 computers I tried it on. It can access an attached hard drive or floppy, for storing files. Not sure how it deals with Moz profiles, for setting up email. But you could always set them up with web mail.
    • I second Knoppix (Score:2, Interesting)

      by timothy ( 36799 )
      It's slick, has tons of included applications, can access a hard drive but will not be bothered by anything actually *done* to the hard drive, can print to most normal linux-compatable printers. I find it hard to believe when using it that it's all from one CD.
    • by Unholy_Kingfish ( 614606 ) on Tuesday October 08, 2002 @10:35AM (#4409647) Homepage
      I think that Knoppix would be a good stating point. Set up accounts for all the users(which most universities already do), and give them XXmb of storage for saving documents. You can ad some scripts that would make their default that space. (moding the Knoppix CD) That CD would be used to boot form on all the systems, you _could_ even skip using a hard drive in the system, but it would be slow without the swap file. Now all systems would have the SAME setup, same menus, everything. Each user would have his/her own name and pw to get into the network and their storage. When it is time to update the software you just send out new CD's to each user and they replace the old one. So lets say as the project continues you can make a more specific install with more or less programs, custom programs whatever. Do a test release to one floor in a dorm and see how it goes... tweak and tweak and tweak.... ________________________________ Michael Alexander
    • Knoppix is a great idea, but it requires a lot of memory or else a hard drive with a swap partition, and the article mentioned older PC's. As long as there is swap, it will detect it automatically and start using it. FYI, Distrowatch is now tracking this distro: knoppix [distrowatch.com]
  • by Anonymous Coward
    For a handful of low end pcs or more in a Tbase100 with a nice fast and redundant server is one I do alot of. Linux Terminal Server Project is good for info on this. But for homes perhaps not? Wasn't the question more about os config to make the box rugged when used by "users" for a finite set of tasks? A hardening script or set of...? Personally I prefer a bare metal recovery option off cds using tar rather than restricting users too much. As for hardware support, I consider that one of linux strengths especially with slightly older lower specced stuff... IMHO
  • May not be "locked down" tomorrow. Keeping the machines secure, whether or not they are a server or desktop, requires maintenance.

    It is for this very reason I recommend SuSE on the desktop, as they offer free and easy updates via YaST, and SuSE boxen are extrememely easy to set up. The SuSE personal firewall is fairly nice and intuitive for the average user as well. Additionally, it comes bundled with Open Office and a slew of browsers and email apps.
  • by halftrack ( 454203 ) <jonkje AT gmail DOT com> on Tuesday October 08, 2002 @10:20AM (#4409550) Homepage
    Any distro should work (choose Debian.) Most distro feature some form of automated installation.

    PCI hardware is rarely a problem with newer kernels/distros, but if you're talking P100s and 486s with isa cards you may run into problems requiring custom setups (might be fun.)

    Linux distros are by default (I'm going to regret saying this) locked down, but (I'm regretting) should be tweaked with boot passwords, firewalls (and updates.)

    If possible running the machines as thin clients is a option to considere. (Although you would need to add a few strong servers which will add to your sofar 0$ budget.)
  • LTSP / K12LTSP (Score:4, Insightful)

    by Anonymous Coward on Tuesday October 08, 2002 @10:21AM (#4409559)
    I agree with the previous posts about netbooting. Take a gool look at the LTSP / K12LTSP projects. The boot images that are assigned can be modified for specific machines based on MAC address, allowing you to configure lesser hardware to use the processing power of the server, and newer hardware to use its own processing power, with network storage of all ./home directories and apps. You can even use a modified version of DHCPd and an appropreate MacOS image to boot most Mac computers this way.

    Word of warning, do not try and place the LTSP servers in a "server farm", spread them out over the network.

    By having the computers as diskless workstations you can greatly simplify the long-term IT overhead of these systems, while at the same time accomplishing your goals.

    For LTSP See:
    k12ltsp.org
    ltsp.org

    For the modified DHCPd to do Mac NetBooting:
    staff.harrisonburg.k12.va.us/~rlinewe aver/macnb/
    • We had something like this when I did my comp sci. Our workstations booted off the network, and all of our storage space was there as well. The internal disks on the workstations were used for swapfiles.
  • kiosk mode (Score:3, Informative)

    by jd142 ( 129673 ) on Tuesday October 08, 2002 @10:23AM (#4409570) Homepage
    Do a search on google for Kiosk mode linux. There are a couple of projects out there. The idea with a kiosk is that it is a public machine dedicated to web surfing only, which would include using web based e-mail. It should be locked down really tightly, because people love to play with public machines.

    I would suggest using icewm as a window manager. It runs fast on slower machines and the configuration files are easy to read and understand even before your read the fine manuals. I would also suggest mozilla as your web browser. You can really restrict it by changing lines in the .js and .rdf files.
  • Since it is setup to work as 'root' at all times. Maybe if you tinker with it to run as a user? Because otherwise it is a very nice and easy distribution for end-users.
    • Yes, just tried another LindowsOS install on a random box here. Insert CDROM, boot, click 'Ok', 'Next', 'Ok', 'Next', enter root password, confirm root password, click 'Ok', and wait for 4 minutes as it formats the disk and installs at the same time.
      And that's it. Every device correctly detected, network and a firewall correctly installed, and the OS updated via Debian's apt and the network.
      It is almost as fast to install from scratch as to boot a normal PC.
      So, you can 'lock down' the PC simply by reinstalling at will. Say every Monday morning, at 6am. I'm sure this could be automated. :)
  • Depends (Score:3, Informative)

    by dr.Flake ( 601029 ) on Tuesday October 08, 2002 @10:24AM (#4409574)
    Depends on how "closed"do you want you're machine to be.

    What kind of people will be using them? the guy who wrote the slapper worm while he is in jail, college students, or members of staff who you can slap on the wrist???

    the point is:

    any machine you can fysically access can be tampered with. period. If you make it a thin client you'll still be able to remove the bootP, put in a harddisk and make it your own.

    So de level of security and effort you put into this depends more on the public thats going to use them than on the distribution you use.

    thin clients are very easy to maintain, have few rotating parts, are not very attractive for theft and can be replaced pretty quick.
  • Solution 1: Requires a network.
    1. Establish a BOOTP and DHCP server.
    2. Set your computer's BIOS configuration to boot off the network.
    3. Install the applications you need onto the server.
    4. When the workstation is turned on, it will load the operating system from the server, and work off the server.

    Any system would work for this, but if you're looking for cost efficiency, this configuration should work nicely:
    - Any old Socket 7 motherboard.
    - A Pentium 200, maybe 233.
    - 64mb ram, maybe 128.
    - Standard network card (it would be best if this was onboard)
    - 15" Monitor

    Option 2:
    Install a base distribution of Linux, something that would be simple and easy to understand (i.e. Redhat, mandrake or suse). Base config would be the same for this, except you would need a 1.6gb hard drive.
  • http://www.dnalounge.com/backstage/src/kiosk/
  • I am in the process of setting up a old pc for a bud to use as a home pc with just dialup, web, email, (MOZILLA!), Open Office, and a couple of games on it and I am setting up a Kickstart file to save for future use. You can tinker with the setting and save it to a floppy and use it to clone systems with a similar configuration.

    I am assuming these PC's will be off-site, and so remote X sessions would be out of the question as posters above have sugested... Bummer.

    Redhat 8 is real nice for me so far, looks good, works good, is less filling, and AFAIK, you can make it fairly idiot-proof.

    Good Luck.

    • RedHat 8.0 doesn't have a 386/486 kernel so if you are using old hardware it's probably out of the question. It's also way too bloated and slow for old hardware.
  • There are several (Score:3, Informative)

    by vadim_t ( 324782 ) on Tuesday October 08, 2002 @10:28AM (#4409591) Homepage
    I'm not completely sure about Knoppix because I never used it, but I've heard it's very good. Debian looks like another good choice. Some things that are great about it is that stable is *stable* and security fixes are easy to automate, for example apt-get upgrade in cron using your own source to install only tested patches, and in general its configuration is very simple. Unlike Mandrake and other fancy distributions, Debian has very simple boot scripts and configuration, which makes it much easier to adapt it to your needs. It also has some great tools like make-kpkg that make it much easier to compile a kernel that will be installed on several computers.
  • by teamhasnoi ( 554944 ) <teamhasnoi@@@yahoo...com> on Tuesday October 08, 2002 @10:29AM (#4409601) Journal
    That would be fast as hell, secure (no hard drive) and (free, free and free). You can type all you want in the notepad on Yahoo.
  • by Anonymous Coward on Tuesday October 08, 2002 @10:31AM (#4409614)
    I've thought of starting something similar to this at my university in Orlando. Me and my friends alone have enough less-than-beefy parts left over from upgrades to make machines. And one computer, even if it's only 400 MHz, could make a real difference to some kid whose family can't afford to expose him to computing.

    Not having tech skills can be a real blow to class mobility. There's reasons why geeks are frequently thought of as elitist. We're not known as the most socially or financially generous group. We don't tend to help others up, just people within our own community. The hardware races we engage in seem like a flagrant waste to people that can't pay their power bills as we whine for more RAM. Contributing refurbished machines to needy families could go a long ways towards improving our social stigmas. It could also help to ensure that struggling families can add some valuable skills to their resumes without investing money they don't have; giving them skills gives them better earning potential, and a way to improve their situation.

    Even aside from that, it's just cool to watch a 6-year-old learn how to work a computer. It's undeniably cute.

    Is there a counrty-wide group that does this that we could hook into? It'd be nice if we could get requests and need lists from more than just the university community.
    • If you find a group like this, please let me know via email, krism (at) mailsnare (dot) net.
      I would love to help with something like this. I have a couple of old boxes sitting around, ...
      :)
    • "There's reasons why geeks are frequently thought of as elitist. We're not known as the most socially or financially generous group. We don't tend to help others up"

      Speak for yourself, I personaly built and gave away 14 computers to deserving families last year.

      How do I decide who is deserving?
      1 or more children, no computer. Note: a 486 or less counts as no computer.

      How do I get parts?
      1. I am a geek, this stuff is attracted to me.
      2. My customers give me old hardware, that I have replaced for them.
      3. My own preloved parts.
      4. Once in a while I even kick in a few bucks of my own.

      Why do I do it?
      1. It feels good.
      2. I am greedy, and want to have that feeling all the time.
  • by Anonymous Coward
    Use any distro.
    Mount your /, /usr, /etc paritions read-only.
    Mount /var, /tmp, /home patitions read-write.

    Don't give out the root password.

    Done!
  • Maybe a live CD.. (Score:1, Insightful)

    by xchino ( 591175 )
    would be beneficial.. the user would have a difficult time of screwing up his OS if he can't write to it. A small HDD or a network fileserver would be needed to store data on, though.

    Several Live CD distro's exist, such as demolinux, which has a version that comes with OpenOffice..
  • by j_kenpo ( 571930 )
    There are actually plenty of ways of doing this... the two best ways are a Linux based terminal running as a X-Terminal, or a Windows based Terminal Server setup. Both have their pros and cons of course. The Windows setup has the more familiar user interface and setup. The Linux setup would be free, secure and have plenty of alternatives for applications to choose from. Both are pretty slow as Terminals however. You could go with a easier local installation of either Linux or Windows, both can be locked down pretty tightly. With Windows you can manage the policies, get a setup you like, and image or use Nortons Ghost to copy to different machines. If I had to choose however, I would go with a Linux setup that would boot off an image on a server, so that no matter what changes were made it would always go back to the original setup. Keep it light and have NFSed directories with the applications, having the permissions set so that users could not modify. If you were really crafty, you could even set it up so that if there were compiles to be done, it could distribute the process acorss multiple machines...
  • Kawaii Linux (Score:3, Informative)

    by MsGeek ( 162936 ) on Tuesday October 08, 2002 @10:40AM (#4409673) Homepage Journal
    This is what the Kawaii Linux project is all about. The idea is to create a graphical Linux distribution that will run on everything from 486DX on up. Right now we're looking at doing this with Debian and an installer currently being developed by an Australian developer which will smooth out the usually cryptic Debian install process to a better extent than even the Progeny installer.

    The target for Kawaii Linux is people who are refurbishing old computers for distribution to charities and underprivileged kids. A secondary target is those who want to play with Debian but are intimidated by the usual install process, although Xandros and the Progeny Installer address those issues too.

    This will be a K.I.S.S. distro in the tradition of Lycoris. The goal is a fast install with the best of breed amongst lightweight applications. If you are interested in the project, email me.
    • How about a link for kawaii? I can't find it in google :)
  • by InodoroPereyra ( 514794 ) on Tuesday October 08, 2002 @10:43AM (#4409683)
    There were a couple similar requests in Slashdot recently, please do a search for more. The simplest idea I read at the time was the following. Do a basic install, configure a simple desktop for a typical user, save the corresponding "/home/user" somewhere as root so nobody can mess it up. Set the PC up only for one user. Then let people login, but make sure that when they log out the only home directory in the machine gets wiped out and the original setup is copied back from the place where it is backed up.

    You will need to probably run a very lightweight desktop such as Xfce, if your hardware is very old. If you use Mandrake, you can play around choosing a minimal set of packages in the install, and then save the packages list on a floppy so that you only need to do the selection once. Installing in the rest of the machines will be much faster. Probably half an hour or so per machine if you do a light install.

    Good luck, and thank you for choosing GNU/Linux :-)

  • ... directly from previous news [slashdot.org].

  • It made it to Ask Slashdot a few weeks ago when I was asking what to do about an older machine I was buidling up to give to my aunt and uncle. It just seemed that nobody really had any -good- answers, and I wasn't even trying to get anyone on the Internet. Older machines really tend to be hugely problematic with newer Linux distributions, so the best I could reccommend based on my experience with Old Crap at Washington County Tech and with my aunt and uncle's machine, would be QNX if capable, and Windows 98 otherwise.

    But, if you're working in the 200-300Mhz range instead of the 1-200 range, or have decent hardware... Bah. It's a very hard call to make. I tried three different distributions and two OS options before settling on handing over my old Windows 98.
  • I understand that you're doing this with the best of intentions and all, but do you really want to totally lock them down?

    Basically you'll just be giving these people glorified word processors instead of real computers. While I applaud this effort, it's really a very short sighted (imho) goal. It reminds me of the parable about giving a man a fish and teaching a man to fish. You are very much just giving away fish and locking out the possibility of learning to fish.

    I understand that if you give them out with root passwords you'd probably just end up with mostly unworking boxes in a short time. You'd probably also have a support nightmare, with people expecting help with their free computer. I'm just wondering if there isn't some middle road where you can leave things semi-open to change and configuration without leaving it completely vulnerable.

    As for advice, I dunno, I've always been better with questions than answers. :-)

  • How about OEone's HomeBase DESKTOP [oeone.com]

    Screenshots [oeone.com]
  • You might want to consider takign a look at the HomeBase Desktop from OEone [oeone.com]. It is a slimmed down, easy to use desktop for just the features you are looking for. Web browsing, Mail, and Wordprocessing are just one click away through icons on the bottom of the screen. It comes with other software such as media player. But these can most likely be removed if you don't need them.
  • I know that people here tend to knock the larger distros (RedHat, et al), but in my experience, they've done a pretty good job at booting and installing OK on some pretty old and varied hardware.
    I'd say that using a recent redhat version with a properly configured kickstart floppy disk (NFS-mount the installation media, lock down the GRUB password, only install a certain package set, etc), you should be in good shape.
    I've done kickstarts before, and they are really slick...
  • ...back when I was in high school. The only problem I ran into was this:
    If you donate a linux box to someone who doesn't own a computer, what are the chances that they will be able to operate it? How will they keep up on all of the patches? What will they do if they have problems operating linux? Generally they can't get just anyone to help them out because linux users are a minority (granted, this isn't so much of a problem in a university setting). Typically someone who doesn't own a computer isn't exactly computer literate. How can we expect someone who doesn't even know how to use windows correctly navigate linux? Let's face it, they aren't going to spend their time pouring over technical books. Overall though, I guess it's better to have a computer and not know how to really use it than to have nothing at all. Just my 2 cents..
  • You might want to have a look at oeone [oeone.com]. It's not a distro, but a user environment specifically designed to be simple and foolproof, with a limited set of functionality. Couple it with some kind of LiveCD such as Gentoo's [gentoo.org] and you're set.
  • by Raleel ( 30913 ) on Tuesday October 08, 2002 @10:55AM (#4409765)
    Only our LUG got approached by a nonprofit.

    Several of the people here have made itneresting suggestions, but I doubt they really read the question. There are several things that can be inferred from your statement.

    1) These machines are going out into "the field", meaning network will be, at best, occasionally dial up.

    2) You are getting hardware dicarded by businesses. My guess is that this is pentium 2 hardware at best, and probably mostly pentiums. and probably less than 128 megs of ram...likely 32 and 64.

    We have this exact problem. We have a mess of older hardware and want to get as many machines as we can out to the people.

    So what's our solution? We are still exploring, Currently, though, the front runner is gentoo compiled on another faster box (but with optimizations for the target platform, a pentium) and then image the discs with mondo-rescue. mandrake is also in there, as well as (of all things) corel.

    What are we currently running for software?
    1) abiword
    2) opera (static, free download version)
    3) gnumeric
    4) gnucash
    5) icewm (with the Pure95/Windows 95 theme)
    6) rox (with the pinboard enabled for desktop control)
    7) sylpheed
    8) tuxtype (need for a typing tutor)
    9) gaim (I am a firm believer in instant messaging)

    And there are several "support" programs as well.
    Currently, it's taking up nearly 1.5 gigs, but I compiled it rather fat...with all the library support. We lefted 1/2 a gig for home and 128 meg for swap.

    And so I tested it out on my athlon, but I turned myself down to 32 megs of ram, and it's still pretty damn fast on my desktop. Probably be just fine when i get it imaged out there. My intention will be to configure it with standard svga drivers in some lower resolution that almost any card will support (800x600, 16 bit color) and try to be as standard as I can with the sound. I compiled the kernel fat as hell (1.4M, 90% of everything actually compiled in, not as modules :-O ) but everything works, which is a bonus.

    email me (musashi@owt.com) or contact our lug (3clug@3clug.org) and we'll swap notes.
  • done this - chroot (Score:5, Informative)

    by Permission Denied ( 551645 ) on Tuesday October 08, 2002 @10:57AM (#4409771) Journal
    I've done this. Basically, set up public email/web kiosks.
    1. Password-protect the BIOS. People will mess with this.
    2. Be careful with the boot manager. Make sure people can't pass kernel arguments (eg "linux init=/bin/sh"). Grub allows you more options than lilo in this direction.
    3. Modify all boot scripts to ensure there is no way to get an interactive shell at boot.
    4. Use some filesystem that's resilient to reboots. People will reboot the machines (unplug them) all the time, so use ReiserFS or ext3.
    5. You'll probably have more than one person managing these machines. Try looking into pam_ldap, or pam_krb5 (whatever is appropriate for your organization) along with pam_listfile, so that only two or three people know the root password.
    6. Browsers aren't meant to do this. For instance, you can type in a URL like "file:///" and use the browser as a file manager. Prevent this by running the web browser in a chrooted environment.
    7. Disk space may be low on older machines, so don't copy files to the chrooted environment - hard link them instead (hard links work across chrooted environments). Basically, what you do is "ldd browser" and hard link all those libraries into the chrooted environment. Then run the browser, see what files it requires (eg, /etc/resolv.conf, any shared libraries it loads itself using dlopen(3), and so on), hard link those files and continue until you have a working environment.
    8. Also on the browser end, you may have difficulties finding a browser that will run quickly enough on older hardware. Mozilla and Konqueror are sluggish on my Athlon XP 1800+, so they are quite out of the question. I also had little success with Opera, and I'll tell you now that Netscape 4.x may be your only viable choice.
    9. I wrote my own window manager custom to the task. I would recommend that you run a window manager that you KNOW won't launch any other programs unless you specifically make it do so. Look into wm2, and then modify it (it's very clean code) so that it will never start up xterm and so the root menu shows a list of allowed programs (browser, ssh to read mail, etc).
    10. You may also want to allow people to read mail using SSH. Remember to disable the "escape" character for ssh so people can't drop into a shell. I wrote a small front-end to ssh that pops up a GUI asking for username and password (and I modified SSH to take the username and password from the GUI using unix domain sockets). People really appreciated the little GUI, but there are some issues involved in this and you need to be experienced in Unix/C (openssh nowadays comes with its own program that pops a GUI asking for password, but it behaves in such an unfamiliar way (eg, not like Windows or MacOS where you two text boxes asking for username and password at once and the password field shows you how many characters you've typed) that it's completely useless for this situation).
    11. I used tar to image the machines. I couldn't use a dedicated IDE drive duplicator since the drives were different sizes and I NEEDED all the space I could get on the drives. It basically goes like this: put src and target drives in machine, boot off src, fdisk/format target, mount target on /mnt, and then do cd /; tar -cf - bin usr var lib etc | (cd /mnt ; tar -xvf -). Make sure you don't specify proc or any other directories you don't need and then remember to create /mnt, /tmp, and so on the target drive. This doesn't take long and you can train a plentiful non-unix person to help you do it.
    12. Don't expect great success. Most of your users (especially those that don't have computers) will have never seen anything that's not MacOS or Windows and they won't like the systems simply because they look unfamiliar.

    Anyway, I'm a coder, not admin, at heart, so I ended up doing a lot of custom code (custom window manager, SSH front-end, stuff to get netscape to start up chrooted, etc) and it was a big time sink for the little benefit that it provided (people didn't like using the kiosks). Have fun.

  • A live CD like Knoppix or DemoLinux [demolinux.org] will work well, but you are stuck with the cd and have limitations like slow cdrom access. LTSP or Kiosk Linux work well, though they necisitate(sp?) a good network connection.

    You could also load a full distro on the HD. With utils like kudzu, Linux handles multiple hardware from one image alot more gracefully then other OS's. Choose a smaller distro like Vector Linux [ibiblio.org]. It was designed to be used on older hardware and has version even for 486 machines. Others have suggested IceWM. That is a good choice as it is liteweight and has similiar interface to Windows. For Browsers, I suggest Galeon (GTK+) if you have room for the GNOME libraries and Mozilla to be installed, another decent choice is Pheonix, though that is kinda new. For email, something lite like Sylpheed (GTK+ again) or Kmail (QT) is good. For Office, Abiword adn Gnumeric (GTK+) is excellent for the Lite stuff. If table support is necessary, then use OpenOffice (and maybe still use gnumeric). A normal install for Vector runs about 300mb, so most any machine should have the space for it.
  • Paper, pen, and a good pr0n magazine would satisfy most of everybody's word processing / web activities ;)
  • Vservers (here) [solucorp.qc.ca]
    may be helpful as restricted usage environments.
  • I think OEone's HomeBase Desktop [oeone.com] could do the job.
  • For those suggesting OEone, you might take a look at the hardware required to run it. It's beyond many older systems (think 3-5 years old). Yes ram is cheap, but not that cheap when you are looking at people volunteering and free machines. $30 of ram is a significant investment.

    Really, I'd love OEone on this type of system, but it's just a little much I think.
  • As a few posters already mentioned, any distribution would probably work. From your rather short question it's hard to give an example of a definite solution. Some questions which come to mind are:
    - how will these people access the net once they have the machines at their final destination? ethernet? modem? how will
    they get network information? static? dhcp?
    - how do you want to assure that the machines are not 'tinkered with'? no root? no sudo?
    - how do you want to arrange for security / functionality updates / upgrades? will the people need to come in with their equipment to you? will the updates take place after the user is done surfing (a la AOL)? will they be automatic (you run 'current' on a central server with updates, they run a cron job as root to check for updates once a day, say)? will a pop-up ask them if they want to download updates now? schedule for later?

    Questions abound. I can say for certain that most of the questions just posed are solvable with RedHat, because I've done it here (albeit for a more less unified platform hardware-wise). You can set up a kickstart server, auto-partition drives, throw in a set of custom packages + dependencies, configure various subsystems etc etc. You should try to determine the ranges of hardware configurations you're likely to expect (e.g. IDE harddrives between 500 and 4000MB; video cards with no more than 4MB RAM) and set up your kickstarts accordingly. You could also set up a central file server (with quota) so that any document the end users wants preserved in case of a hardware failure on their end, will be. A central server with software updates, available to a pre-determined ranges of IP addresses, would provide your users with an easy way of keeping their machines up-to-date on all the latest ssl/ssh patches.

    How many machines total are you talking about here? 100? 1,000? 10,000?

    If you'd like to think about the RedHat path, I can point you to some pretty decent documentation which will take you through more details.

    Sherloqq
  • Check out Knoppix [knopper.net]. Put in at least 128MB of memory (it runs on a ramdisk, ditch the hard drives, and boot them up on CDs. It comes with amazing auto-hardware-detection, and has Mozilla, OpenOffice, and many other programs. I use this currently on a discless machine to play MP3s through my stereo. It really is a nice distro. I think you can even mod the distro, but I haven't tried it yet.
  • These will be used solely for the purpose of web activities (surfing/mail), and word processing and *THATS IT*.

    (emphasis mine)

    It seems like your reason for locking these machines down is to prevent calls for technical assistance, but another possibility occurred to me. Some schools have policies saying that school computers and internet access are to be used for educational purposes only, and I thought yours might be trying to extend this to these school-manufactured computers. If this is the case, be aware (if you're not already, which you probably are) that there is no way to lock down a PC when someone else has unrestriced physical access no it (i.e. it is in their dorm room). You can't prevent someone from unplugging it, taking out the cmos battery for a few minutes, putting it back together, and installing their own linux distro (or windows 95) so they can play quake [II] with their buddies on the lan.

    Other than that, just try out any of the excellent distros/configurations posted above, and make sure they have enough ram ;).
  • Check out freegeek.org. They recycle old computers into useable ones with a variety of hardware... They have a distro called freekbox.

  • Create a prototype system with all the software packages necessary installed and configured. Then, dd the partition into an image file and burn it onto a CD.

    Make sure that the user's home drive is network mounted via NFS.

    If the user inadvertently breaks something, tell him to pop the restore CD in and reboot. Have a script dd the image back onto his hard disk partition. Ta-da!

    This may be your path of least resistance.

  • I work with Computer Angels [ca.asn.au], a non-profit in Western Australia that do just that.

    Take a look at our website for more info.

  • Pro Bono (Score:2, Interesting)

    by murcon ( 192204 )
    What a marvelous idea. I hope your college will solicit students to do some of the work as a "giving back" to the community. They should also get in touch with local computer clubs, the Radio Shack/Best Buy/computer stores for spare parts contributions. Publicize the heck out of this as an effort to bring the entire community up to speed on computer skills. Think about what this does to the skill level of the local workforce!


    Three cheers for your enlightened college. May I ask where you go to school?

  • These will be used solely for the purpose of web activities (surfing/mail), and word processing and *THATS IT*.

    Liar.

    I don't know how many times I've heard someone say that a computer will only used for a particular purpose and then see it eventually be used for all sorts of things. When deciding which configuration you are going to use, I would keep this in mind.

  • If there is lot of hardware change like display cards, network cards (as you are collecting and building) it will be difficult for setups. In suse you can create one selection disk and then replicate others over network. The network unattended installation can be done using various utilities. Look at replicator. For debain it's here http://packages.debian.org/unstable/admin/replicat or.html
  • If I understand the initial requirements right, these older PC's will be "supplied" (my quotes) to those unable to afford them. If so, I think you will find that having the university retain rights and/or ownership to the PC's introduces a couple of long-term pain-in-the-tail factors. The First pain factor would be the checking-in/ maintenance/ repair/ upkeep/logging in/out/checking-out process and warehousing of parts and machines. As one experienced in such a process, if you can just donate to needy users the machine donated to you (with some sort of checkout of the PC and briefing of the user), you will avoid *major* headaches, unless, of course, your goal is to learn and emulate the world of Help Desk Engineering. You would then have more time (and money!) to devote to the donees on the required/requested training on how to use (and, if asked, maybe, the configuration of) the machines and the applications. Just my 2 bits. Your school's idea is great and could even include non-technical departments in the training of the donees. (I am sure there is a better word than donee, but my brain is stuck.) I am sure the program will be greatly appreciated. Enjoy.

    ps. This'll also let 'em tinker, which is how we all got where we are today. Ok, don't tell them that...it could be discouraging. :)
  • My suggestion is... take off the rose-colored glasses.

    If you put the hardware in the physical posession of the students, it's going to have all sorts of things done to it, no matter what you try to do to stop it.

    I understand that the reason for this is to limit the support overhead, but you are not going to win, and if you go in with the assumption you are, you are going to get hurt much worse than if you don't.

    -- Terry
  • As others have noted, making the only disk drive be a CD or booting over the net is a good way to dissuade tinkering/tampering.

    But the problem becomes your wide range of hardware. Making a single custom distribution CD or a single network boot image that will work on all donated computers will be extremely difficult and time-consuming. At some point you'd probably decide to buy all-the-same $199 Wal-Mart PC's [slashdot.org].

  • Spreadsheet? (Score:2, Informative)

    I'd consider adding a spreadsheet program to the list of accessible software. I honestly can't imagine not having a spreadsheet to put ideas where I can look at them (monotonous calculations magically solved on the fly).
    Old hardware rules out OpenOffice, but maybe something a little slimmer. Anybody know of a good "lightweight" spreadsheet? I guess it depends on what "old hardware" means too. PII's are probably "old" to some companies, and gnumeric or kspread would work fine.
  • by foo fighter ( 151863 ) on Tuesday October 08, 2002 @01:17PM (#4410842) Homepage
    Given your new used computers are running at least a Pentium 133, have 64 MB RAM and a 2GB hard disk:
    1. Pirate a copy of Windows 2000.
    2. Install it on the first computer using the NTFS file system. Install your pirated copy of Office 2000.
    3. Change the permissions on C:\, making sure permissions are inherited by child objects:

      • SYSTEM: Full Control
      • CREATOR OWNER: Full Control
      • Administrators: Full Control
      • Authenticated Users: Read & Execute, Read, List


    4. Use Computer Management administration tool to create a new user who is a member of Users group. Use Users and Passwords control panel to automatically log that user into the system.
    5. Use sysprep to image this disk to the rest of the computers.
    6. Bonus points if you pirate Windows 2000 Server, set up a simple Active Directory, and control group policy for the systems from there.

    Linux is horrible for centralized administration and locking down the desktop. My way you don't have to network anything which saves time and money. You don't have to worry about someone stealing the CD you are booting from. And since you are pirating the software Microsoft doesn't get any money.

    Despite the naysayers, Windows 2000 runs great on a P133 with 64 megs o' ram, especially when all you are doing is word processing or surfing the Internet.

    NIST has a great guide for securely configuring a Windows 2000 workstation. It takes you step by step through each of the items you will need to configure. If you want to get a bit more jiggy than my 6 point solution above, check this out: http://csrc.nist.gov/itsec/download_W2Kpro.html [nist.gov]

A bug in the code is worth two in the documentation.

Working...