From: adam@address.invalid   
      
   Moe Trin wrote:   
   > On Wed, 19 Dec 2012, in the Usenet newsgroup alt.os.linux.mandriva, in   
   article   
   > , Adam wrote:   
      
   [Thinkpad T60]   
      
   Configuration continues slowly.  So far WinXP has Wi-Fi working at home   
   and several books on laptops have been picked up from interlibrary loan.   
      
   > I don't know what your "normal day" consists of   
      
   Could be anything, but most of the time I'm home and using "stolid".   
   What I /expect/ to do when I'm away (usually for only a few hours) is to   
   use the laptop to check and reply to (or finish replies to) email and   
   newsgroups, continue working on some writing, and browse the web, maybe   
   modifying bookmarks and posting to forums (but no online shopping until   
   I get back home!).  The email/NG part of that would mean either still   
   being user 'adam', or copying stuff between users 'adam' and "away"   
   (actual name TBD) but connecting to mail and news servers with adam's   
   credentials.  And what about the cookies and saved passwords for   
   automatic sign-in -- if I'm at a public hotspot, will just auto-logging   
   into NewEgg's site reveal enough info for someone else to order stuff at   
   my expense?   
      
   >> I don't see a need to back up the laptop, except  maybe for copying   
   >> whatever I'm working on to a flash drive periodically while I'm out.   
   >   
   > In other words, you have no backups.   
      
   I don't think I'll need them, except for /home, /mnt/accounts, and /etc.   
      
   >> Sounds like I need to "man rsync".   
   >   
   > Perhaps - but we don't mirror the entire thing from workstation to   
   > laptop or vice-versa   
      
   No, but /home/adam and /mnt/accounts/adam between the two systems, or   
   those between 'adam' and "away" if I'm going to use a different account   
   at public hotspots, which sounds like it would be complicated because of   
   my need to use mail/news servers and log into web sites as 'adam'.   
      
   >> Can I use DHCP for the laptop when my desktops have static   
   >> configurations?  Should I?   
   >   
   > Sure - our laptops have static IPs for the Ethernet interface, and if   
   > that's up, it has the default route. [...] We did a little hacking of   
   > the "let me help you" tool scripts, and if the wireless comes up and   
   > the Ethernet isn't, that runs a DHCP configuration, and it also brings   
   > up the more stringent firewall.   
      
   I'd like to have something like that.  If any wired connection, use it   
   with "ordinary" security; else if my home Wi-Fi, use that with   
   "ordinary" security; else if any other available Wi-Fi, use it with   
   higher security.   
      
   >> I need to learn more about software firewalls.   
   >   
   > Ours are pretty simple:   
   >   
   >     accept anywhere state RELATED,ESTABLISHED   
   >     accept $LAN_RANGE state NEW tcp dpt:ssh   
   >     accept all 127.0.0.0/8   
   >     reject all anywhere reject-with icmp-host-prohibited   
      
   Except for that one substitution, can I just use that as is?   
      
   >> What about some sort of clear plastic covering to go over the display   
   >> to protect it?   
   >   
   > The problem appears to be a "sturdiness vs. viewability" tradeoff.   
      
   What about that clear plastic that seems to be on every LED and LCD   
   display when it's shipped?  It's clear but damage resistant.   
      
   [choosing a case]   
      
   >> I'll also depend on user comments and reviews a lot   
   >   
   > I tend to rely on my own judgment here - does the product look like   
   > it was properly built. Main thing I'm looking for are construction,   
   > material, and does the stupid zipper[s] look as if they'll last.   
      
   Well, you've had experience there; I haven't.  I have a carton that can   
   be cut down to the exact size of my laptop, which I think would be worth   
   bringing with me.  However, I'm postponing all possible shopping until   
   after New Year's because of the crowds.   
      
   >> I've also started making a list of things to carry inside it --   
   >> charger, headphones, live CD, blank CDs, etc.   
   >   
   > Charger, yes - I also carry a small LED night-light to test that an   
   > outlet is alive, and carry an extension cord (light weight, but with   
   > the NEDA 5-15 grounded plugs).   Earphones?  No, I carry ear-buds, but   
   > tend not to expect hi-fi from the laptop.   
      
   I don't expect hi-fi either, but I might want to watch a video in a   
   public place.  Right now my (hypothetical) list of stuff to include in   
   the laptop's case is: charger, headphones, flash drive, small CD wallet   
   including live CD and unused CD-R(W)s, LED flashlight, paper and pens,   
   SD card reader (I have one the size of a flash drive), multipurpose   
   "Swiss army"-type knife, RJ-45 cable, RJ-11 cable, compressed air, USB   
   mouse (and now also neon nightlight and extension cord with   
   flush-against-the-wall plug).  Some of this would be mainly useful if   
   I'm called to fix someone else's computer.  I know the list is overkill,   
   but it'll take me a while to figure out which items won't be needed.   
   Oh, plus textbooks, library books, notebooks, and whatever else I'm   
   working on.  Maybe I need a cart instead. :-)   
      
   ["LoJack for Laptops"]   
      
   >>> The loss rate was substantially reduced when the laptops   
   >>> were placed in bright (day-glo) orange/yellow/pink sleeves   
   [...]   
   >> Think a day-glo sleeve would help me?  Sounds like it.   
   >   
   > Problem is, I haven't seen them offered in a while.   
      
   Hmmm... what about attaching bright plastic sheeting to the top?  If   
   necessary, even that yellow "police line - do not cross" type of strip.   
     Rubber cement?   
      
   >> Sounds like I'll also need to change the boot order to use the   
   >> internal HD first, and password protect the BIOS so that can't be   
   >> changed by others.   
   >   
   > That can still be defeated   
      
   Oh, /anything/ can be defeated, but that should make things more   
   difficult.  A HD password too, if supported.  Any suggestions on   
   configuring the hardware for security?   
      
   >> I spent more time naming it than I did on planning the partitioning.   
   [...]   
   >> I finally decided on "helot" (rhymes with "zealot").  I'd never heard   
   >> the word before either, but its meaning is similar to "serf".   
   >   
   > Helots?   Greek (Sparta?) slaves, I think   
      
   Yep, Sparta, although I'd never heard of the word until I looked through   
   my thesaurus.  I don't have any scheme for naming computers, but then I   
   don't get new ones often.   
      
   > The firewall code is part of the kernel, and   
   > the firewall rules are setup by the iptables tool. The place to start   
   > is http://www.netfilter.org/documentation/HOWTO/   
   > (packet-filtering-HOWTO.txt, NAT-HOWTO.txt and maybe   
   > netfilter-extensions-HOWTO.txt) and the "Security-Quickstart-HOWTO"   
   > from the LDP.   
      
   And maybe my old books "Linux System Security" and "Linux System   
   Administration" will explain some of the concepts.   
      
   [public Wi-Fi hotspots]   
      
   > Once you've minimized the unneeded services,   
      
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)