The Working Draft Compute Build

Just as a ‘working draft’ and with a lot of potential variations “going forward”, here’s what I’m planning to build for my general compute environment.

I’ll be using Raspberry Pi SBC (Single Board Computer) products as the exemplar, but in fact any of Orange Pi, Banana Pi, Cubieboard, Beagleboard, etc. hardware will work fine too. I’m just looking at the $/compute (and to a small extent the interfaces and hardware on the board) and choosing the one that is the best bang for the buck. As that changes rapidly over time, on any given day the exact answer will be different.

As I’m fairly lousy with artwork, I’m going to use “text pictures” for the list of hardware servers. It’s “good enough” and doesn’t take a lot of bits.

^                                ^
|-Boundary Router === WiFi router| === Server Stack
    |                    |_ semi-public host - browser station
    DMZ Hosts (eventually VPN, private cloud, private Email server, bittorrent)

The Boundary Router is, at present, an old one from the parts box that was used to replace the AT&T prefered model after a power surge killed it. The line with a ‘hat’ at the start is the connection to the ISP. “Someday” it might become a better one. For now, all it needs to do is connect from The Internet to The Private Side network and provide NAT Network Address Translation. (That lets me use non-routing numbers like internally. There are three non-routing blocks including 172.16-31.x.x and 10.x.x.x and you can use any of them).

In production shops we’d have two routers to two different ISPs via two different communications links out two ends of the building (POP or Point Of Presence) and a load balancer between them. For my ‘backup’, I have a WiFi hotspot that I can bridge in if ever needed (like, oh, post quake or hurricane…)

“Someday” it would also be expected to provide a DMZ or Demilarized Zone service where a VPN target for personal VPNs from anywhere can land, a “private cloud” where you can have all the cloud features you like, but without the spying by Google and PRISM program members, and a private Email server. These typically come from a filtered subnet with limited connections “internally” to keep your private side private.

At present, I’m not using any VPN, but intend to get a service in a foreign land just so that my traffic can, if desired, originate / land outside US jurisdiction. Why? Just to add yet more encrypted VPN traffic to the world and suck up more resources just to find out I’m reading the Wiki… a “nose tweak”… Yeah, I’m like that…

I presently use relatively crappy, but free, AOL mail. HOWEVER, they managed to dump my decade of accumulated mail archives and lose a years worth of recent mail and I’m just pissed at them. So eventually I’ll go back to running my own Email server. I’d done it prior to AOL and can easily do it again. (I’ve already changed to them just being a ‘pass through’ to a private mail handler).

To the extent I want those services prior to building out the whole magilla, I’l put them on a semi-public host right off of the WiFi internal router and use it to filter. Likely put them on one Raspberry Pi all together.

The WiFi router gives access via WiFi to me and any guests. The Netgear I just put in supports having a Guest network (like a DMZ) that can be prevented from seeing the private side, and that’s where the Guest WiFi and any DMZ-in-process hosts would go. All my stuff will be on the private side. The fully private side.

When doing “general browsing”, it is done from a dedicated tablet, or from a machine that can be booted “fresh” each time from a CD-ROM. Something like Tails for really paranoid things, or just MacPuppy for general browsing of low risk. Doing this, nothing from a “risky” web site can crawl into the fully private side. Also, things like bill paying are done from a ‘fresh boot from CD-ROM’ each time, so there is very little chance of being hacked or having a trojan or “whatever” stealing your information. So one tablet (or the Chromebox), plus one Old White Box PC with a CD-Drive dedicated here.

Finally, there’s the fully Private Side with the Server Stack. That’s the “back room”. General web browsing not done from there. (At MOST, download of software from known sources or similar, though better is for those to be downloaded on the semi-public platform and moved over via secure means like DVD, CD, or USB.) Eventually I might put an isolation router between that “server stack” and the “WiFi router” just to make it that much more filtered, but frankly I’m not that interesting a target and would be doing it only for fun, really.

That Server Stack includes a private storage farm (RAID like disks, with eventual encryption at the disk layer) along with backup systems (tape, DVD, whatever is du jour… I’ve got an old 8mm drive somewhere and might get it going again). It also includes a DHCP / PXE boot server for any machines in the “back room” along with NFS / SAMBA disk services; that way any “node” can come up bare metal, with OS and Files provided from the “farm”. Only one place to maintain, and one place to defend. Much of the OS mounted “read only” to the target machines.

For now, that will also include all hosts in the DMZ and on the WiFi network as there is no filtering between “back room” and WiFi at present, and DMZ hosts are not ‘outside’ yet. (Or even really built yet). When those network segments become actual subnets, a dedicated Raspberry Pi gets the job of DNS, DHCP, and PXE Boot server for each of those subnets. OS images served via an SD card with a locked status and mounted RO on the clients. (Good luck finding a way to hack that remotely…) and only the “live” NFS mounted files can be written. Likely that those NFS (Network File System) files will be coming from a USB on that Raspberry Pi too (just so ‘leakage’ further inside is even less likely).

DNS, DHCP, PXE Boot, NFS / Samba is the core set on infrastructure servers, and can run from one R.Pi.

Email, VPN, Private Cloud, Bittorrent are the DMZ set and can also be run from one R.Pi
(or from a zoo of old junk like I have now), though I’d likely make the WiFi router dedicated.

Boundary Router and any internal routers locked down and dedicated. Harder to crack into them that way. Likely minimal R.Pi configs or gentoo based, though commercial gear with OpenWRT or DD-WRT ought to be fine too.

Yes, all that is way overkill for a home system. It is very similar to what I’ve built for clients for a few decades. For them, though, the routers are usually Cisco gear or similar and the servers were often higher end PCs in racks or things like Sun boxes and Network Appliance file servers. Also, there was typically a matching “inside” Email server and the inside and outside could only talk to each other over a single protocol of the email exchange program and port. Even if a box outside was compromised, all it could do was squirt email at the inside box. For “pro” scale we would also add intrusion detection systems / servers and do “penetration testing” with an attack server / platform. That can come later for the home toy stack.

Also a ‘pro” site would have an FTP server and a Web Server in the DMZ (and potentially inside as well if needed).

That’s the basic layout. I’ll use what I have for now, and add Raspberry Pi bits of kit as time, money, and interest (or broken dead old junk) warrants.

Order of Build

I already have the tablet / Chromebox as browser stations using the WiFi.
I already have the WiFi router (as a new purchase, someday to get OpenWRT).
I already have the boundary router – a low end box, but adequate. Someday to be upscaled. Maybe.

I’ve been working on the private side “personal compute stations”. This has been less productive than desired, as some old gear has had parts die. At this point I’ve got a couple of working Windows Boxes for ‘legacy’ crap. I’ll not be buying any new MicroSoft stuff. Eventually some of the legacy stuff may be repurposed to dedicated Linux use (but for now I’ve just made them dual boot as that’s ‘good enough’).

I’ve got a nicely working CentOS 64 bit station with GIStemp compiled and installed, along with an archive of old copies of the temperature data. (It is also way too full of old crap as I try to sort out the couple of Terabytes of accumulated trash of a few decades…)

Not working as desired is the personal private side Linux Station. It had Debian on it, but X-windows caused hangs. I moved to Devuan (without systemd) and it stabilized the video some, but still has hung once in a few boots / hours of use; and crashed twice for unknown reasons. It “needs work” to make it what I’d accept as a stable reliable box. Then the CD reader died, so the hardware has ongoing issues. I’ve decided to ‘depricate it’ to being just a legacy XP box and Flavor Of The Day linux boot. With those Flavors coming from a PXE Boot server To Be Built.

On order is a Raspberry Pi Model 2 B kit. That’s a quad core 900 MHz 1 GB memory $42 card, in a kit with power supply, SD card, case, etc. etc. $70 from Amazon.

R.Pi Kit

That’s going to become my Daily Driver Linux Box for all things Linux / Unix / Tech and non-GIStemp non-models. The 64 Bit Asus / Antek will be essentially dedicated to being a temperature and models research station (for now…)

Initially I’m going to add a TB or two of USB Disks to the Daily Driver Linux and it will do double duty as NFS Server for a while.

An old R.Pi B model (one core 700 MHz) is presently doing lite NFS service (an SD card) and will perhaps get the NFS TB Disk. It is also being the Bittorrent Server and DNS server and with a full load on it the DNS can be slow. Eventually the Bittorrent part goes to the DMZ and the DNS gets split between one for the DMZ, one for the private site. Also the PXE Boot server needs a dedicated system on the same subnet as the clients… so…

After that desktop Daily Driver is running, a second R.Pi gets bought to become the PXE Boot / DHCP / DNS server for semi-private side (and eventually one for the fully private side… one feels much more secure doing fully private things when the network to the internet is shut down… but you need some services in place for that. The “air gap” is your friend.) Why my own DNS servers? Since some TLAs have begun to play with DNS servers and feeding you bogus IPs, It’s nice to be able to hard code those that you depend upon for security, like your remote VPN company and Email server feed. Yes, you get to do ongoing maintenance and may suffer an outage if they suddenly change numbers, but you will know…

That second R.Pi M2 along with the old B model will likely be in a ‘dogbone case’ like this one:

Dogbone Case


I’m also looking at the Cubieboard with built in SATA as the disk sever farm. A lot faster than USB. On the “someday” list. I need to learn more about the Cubieboard product line to make a smart choice here. The Banana Pi is also a possible. Some of the boards have built in WiFi, and some have SATA, and some have more and different cores than the others. It takes a while to sort out. In a test on media center use, the Cubieboard was something like twice as fast as the Model B R.Pi, and 1.4 x the Banana Pi IIRC. No data on the R.Pi. M2 with 4 cores (or any newer boards with 4 cores from other vendors).

Unfortunately, the ARM chip cores have one of the most confusing naming conventions possible where larger numbers often mean slower performance and where all sorts of arcane difference exist in the chipsets. Sigh. Add that the ARM chips can be built into several SOC System On Chip products by different vendors (that brings their own variations in performance / features / reliability) and those go on various boards with different goezintas and goesoutas for connectivity and it can take a weekend and a couple of bottles of wine to sort them all out by speed / performance / gotchas… Only THEN do you get to start matching feature sets vs price to desired server performance requirements. Sigh.

So I just “bit the bullet” on the Quad Core Pi to get started. I know, at $40-$50 for a board, it isn’t exactly a huge cost and failure to “optimize” is worth about 1/2 hour of time wasted, but I’d rather avoid the “order them all and trial / error” process.

At present, I’m going to have 2 Raspberry Pi boards from two very different eras. When the File Server farm is added, likely a SATA capable addition. As the PXE Bootservers build out, 2 more of something fairly cheap. Darned near anything can feed a fixed copy of data to an ethernet once or twice an hour, so any old thing ought to work fine. Heck, even old B boards at maybe $20 each? With an old SD card of which I have several already to hold the system images. Again, not exactly a big cost needing a lot of optimizing.

Eventually, as time and interest allows, I’ll slowly replace the “commercial bits” like the new Netgear and my boundary router with dedicated SBCs in a Dogbone stack. (Or put OpenWRT on the Netgear). Why? Better control. I don’t need something where a vendor in the PRISM System can send new flash downloads into my routers without my permission. I’d rather have a locked SD card or ROM that can’t be rewritten. I also want to be able to assure I know just which encryption code is running and that someone didn’t just decide to swap out my preferred version for something more “Key Escrow Friendly”…

At this point I’m into it about $200 for the new WiFi router, Antek/ASUS 64 bit box with XP, and the new Raspberry Pi kit. Not bad. You could add $180 for the Chromebox and $400 ish for the Samsung tablet, but those were bought in prior years and for prior reasons and really need to be seen as ‘legacy’ stuff at this point (as, too, the two LCD screens I’m using of very old vintage and the keyboards and mice from the “junk pile” and legacy kit.)

New buys likely to run about $160 for the Dogbone with boards and added bits. Then it will just be “how much SATA disk to I want” and how many working parts do I want to replace to play with or prove something…

At the end of it all, about $400 for a rather fully over the top system with mostly Open Source, loads of security, more performance than I can use, and a load of disk too big to keep well organized ;-)

Oh, and I expect to make the ChromeBox the TV driving media server for Netflix, Youtube, et. al. once I buy a new wide screen TV with HDMI. I can’t really see needing it for a ‘Daily Driver’ once the R.Pi. Linux box is running and I can PXE boot the System Du Jour onto the Evo (or old Vectra where the DVD / CD drive died too, or the old…). It does fine with Netflix, and the other things are better for browsing and word processing / office work without “sharing” your goods with Google. So one really needs a line from the Boundary Router or WiFi to the Chromebox as Media Server in the final design. But that’s a few months away.

Hopefully this shows just how much you can build with a couple of hundred dollars of Pi Boards and some time. Frankly, the time spent configuring things will be more of a ‘cost’ than the bucks. OTOH, it will look pretty cool in the Dogbone stack ;-)

After that? Well, after that I’ll likely (slowly) move on to finally building that Beowulf Cluster I’ve been wanting. I’d made a 7 node one out of old White Box PCs some 20 years ago. It’s slowly “gone away” as boxes died. As of now I think there’s just one or 2 nodes left in running condition in the garage (and they are way slow nodes now). For another $40 case and $200 of R.PiM2 boards, I could have a very nice cluster setup. I’ve already got a 100 Mb switch in the junk pile. IFF I ever ran it faster than that, adding a Gb Switch would be cheap. It would be a nice setup for running some of the climate models… 5 boards at 4 cores each is 20 total cores. Then there are 5 GPUs that can be made to do non-graphics duty. (Display is done on a workstation – so that Daily Driver Linux…) That’s the “dream box” to build in the very back end, after everything else is built and proven. Essentially a replacement for the Antek / ASUS as the Temperature Compute Engine.

Lots of work? Well, yes. But I’ve done all of it before on a variety of different equipment with a variety of different vendors and software. “It’s what I do” in many ways. Finally doing it for myself is kind of fun, in a ‘cobler gets new shoes’ kind of way ;-)

Besides, thanks to Moore’s Law it no longer costs $1/2 Million to build, but just “one night on the town” money ;-)

Subscribe to feed


About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits and tagged , , , , , . Bookmark the permalink.

13 Responses to The Working Draft Compute Build

  1. LG says:

    Promise that you’ll document and post as you build. :D…

  2. E.M.Smith says:

    I promise to document and post as I build.


    (Good enough? ;-)

  3. John Silver says:

    I thought I was weird having a double router setup like that, but if the chief does it, I must be smart. I did out of convenience, it works very well.

  4. beng135 says:

    Chief, to add to your paranoia, someone told me that the “Google Earth” vehicles that ply the roads taking pictures also have wifi “detectors” pinning wifi spots along the roads……

  5. Paul Hanlon says:

    That Raspberry Pi 2 looks amazing. With having four cores, I’m thinking it is probably a lot faster than the Cubieboard or BananaPi (which I think has the equivalent ARM chip, but only two cores). The only thing that’s lacking (from the point of view of a home server) is the SATA connection. If it had that I’d switch over in a heartbeat.

    I’d be especially interested in the “ClusterPi”. In terms of the watts per compute, I can’t imagine anything, except maybe FPGAs, coming close. Okay, it doesn’t have Open CL, but the shaders on the GPU can be programmed in OpenGL, and I think most of the firmware on the GPU is now open source.

  6. LG says:

    Will you make available your R.Pi Builds?

  7. Petrossa says:

    i only use the pi 2 for watching Netflix on my tv. This seems remarkably like (hard) work to me btw … ;)

  8. Kent Gatewood says:

    In your spare time, could you and this setup fix the Office of Personnel Management?

    Wait that TLA actually had the wrong people inside the security.

  9. E.M.Smith says:

    @John Silver:

    In a typical “pro” set up, there are usually 2 routers, but in somewhat different layout…

    The Boundary Router typically has 3 spigots ( conceptually… you might have redundant versions of each function). There is an outside, and inside, and the DMZ. Each has different numbering groups and different permissions. The router has access control lists and various mappings of inside stuff to outside stuff to DMZ stuff (and usually does any “NAT” network address translation involved). So, for example, a web server and email server would be in the DMZ. These are exposed to “the outside” more than most things, so you lock them down really tight. The boundary router ONLY lets traffic go to them on specific “ports” (such as port 80 in TCP/IP) and the servers ONLY have limited things running on them (like a web server that listens on port 80 and sends out traffic).

    Here’s a list of port numbers and what the are typically used for:

    So someone can pound on that router all day for the IP number of that web server and EVERYTHING but port 80 traffic gets dumped on the ground. That stops a load of attacks right there as they can’t attack things that they can’t get to. On the server, you shut off things you don’t need (like SSH or FTP) so even if they got to the server (i.e. router had a problem) nothing is there to answer. ALL they can do is squirt HTTP requests at the HTTP port that is listened to by the HTTP server ( web server). As long as it is smart enough to toss anything it doesn’t understand (i.e. isn’t full of security holes itself), nothing can get into that server. There is exactly ONE “attack surface” and it has exactly ONE program running that ought to be “well characterized” as to it’s behaviour with respect to security bugs and attacks. (One can also put in various kinds of packet inspection so badly formed packets never get to that software as the router pitches them, or things that are suspicious get slowed down or stopped, but that’s not configuration so much as intrusion detection / response..)

    Repeat for each service that you desire to offer that talks directly to the internet. ( Email, FTP, whatever).

    Then, on the inside, I like to have another router that has many spigots. One points to the boundary router. The others connect to all the various parts of the company. An internal Email server here can handle all internal email, while not being exposed to the outside world. It also can have exactly ONE connection via ONE port to ONE ip address in the DMZ for forwarding mail outbound, picking up inbound. Again, highly limited “attack surfaces” and with routers providing very specific traffic limiting / isolation. That “Server Network” on the inside is typically not called a DMZ, though it is structured similarly, but is a “server network”… and the other spigots are not named things like “living room” and “office” and “house WiFi”, but more like “Marketing” and “Engineering” and “remote office leased line”…

    But the structure is the same. Traffic localization. Protocol limitation. Access control. etc.

    And yes, you are smart. ;-)

    That layout cures a LOT of your problems right up front. Note that most home boundary routers have only 2 spigots (logically speaking). An inside and an outside. They will sometimes talk about a “DMZ” and have some “ports” routed to particular IP addresses inside, but it isn’t as strong as a real three port layout. For example, if the DMZ is numbered 172.16.22.x and the inside is numbered 10.3.5.x, you can have routing tables and access lists that only let specific machines talk from 10.3.5.x to 172.16.22.x and block everything else. On typical home routers, the two sets of machines are all on 192.168.1.x together and, by definition, can route to each other. So hack one, see them all… For this reason, on my “someday” list is to build a real 3 port exterior router (or maybe buy one). Yeah, the odds I’d ever need it are nearly nil. But it just bugs me to have the “DMZ” servers on the same number group / hub as the “private side”. By having 2 routers, I can get some of that “3 spigots” effect…


    It’s worse than that… Google (and, I presume, others) like to interrogate your Android device to find out what hotspot you are using and what is near (seen) but not used. That, then, builds up a location map (as some folks say where they are at via GPS). Eventually the map is complete enough that they know you are in the Starbucks on Hwy 192 across from Celebration Fl. (and maybe even what side of the room…) based on the WiFi stuff around you that your device detected.

    Guess why on my “to do” list is “make my own phone”… and why the one I use now does not have web services on it… There’s a group of folks working on making a privacy enabled phone, so I’ve not put much effort into it. Easier to just wait for their product and test it…

    And people wonder why I leave my phone off, or at home, a lot…

    IFF you say “sure, send my location”, then the GPS fingers you to about 10 feet for “customized” advertising. IF you say “turn off GPS”, it swaps over to “what WiFi is nearby” and can only localize you to about 30 feet…

    Oh, and it’s not paranoia. “I’m a Systems Admin, they ARE out to get me!”

    (It’s an old SysAdmin joke… as we are always under constant attack since we have root… keys to the city… You get used to it. And it really isn’t paranoia when you have been under constant attack by hacks for a few decades… it’s just prudent good habits… So there’s a little round band-aid over the camera on the laptop since it is known that a hack can be done to turn it on remotely and I don’t need someone watching me as I type the root password at a client site… and there’s a bit of tape over the microphone so they can’t hear conversations… and I don’t take my cell phone into meetings where secret stuff gets discussed.. and… Sigh. Life of the Security Guy… At hacker conventions the number of “dumb phones” is large and “smart phones” often small in number. For a reason.)

    @Paul Hanlon:

    I’ve got a “posting in progress” chart of R.Pi vs Banana Pi vs Cubieboards. (Yes, I did the mapping…) showing what they have, do, and are good for.

    Key point is that Cubieboard is coming out (has come out with?) a dual quad core. Yup, 8 cores. But wait, there’s more… it is really a ‘dual speed box’ as it has an A15 quad core set AND a quad core A7 chip. This is the “big LITTLE” design. It runs that A7 cores most of the time and powers down what isn’t needed. Only when the demand is there, do the other 4 A15 cores kick in… Nice, very nice. From the wiki:

    Cubieboard 4

    On May 4, 2014 CubieTech announced the Cubieboard 4, the board is also known as CC-A80. It is based on an Allwinner A80 SoC (quad Cortex-A15, quad Cortex-A7 big.LITTLE), thereby replacing the Mali GPU with a PowerVR GPU. The board was officially released on 10 March 2015.

    SoC: Allwinner A80
    CPU: 4x Cortex-A15 and 4x Cortex-A7 implementing ARM big.LITTLE
    GPU: PowerVR G6230 (Rogue)
    video acceleration: A new generation of display engine that supports H.265, 4K resolution codec and 3-screen simultaneous output
    display controller: unknown, supports:
    microUSB 3.0 OTG

    In theory it has been out for 4 months. No idea on actual availability status.

    Though Amazon claims “in stock”

    but at $139 I was not ‘up for that’ at this time… But with USB 3.0, simultaneous 3 screens, 8 total cores, 4 of them relatively hot A15, and with power management…

    It’s on my “someday” list…

    So no R.Pi envy needed ;-)

    And yes, my NFS server will almost certainly end up on a Cubieboard for the SATA support.

    (Though likely the Cubieboard 3 aka Cubietruck with “only” 2 A7 cores, but ought to be plenty to drive a disk and network…

    Cubietruck (Cubieboard3)

    The third version has a new and larger PCB layout and features the following hardware:[13]
    SoC: Allwinner A20
    CPU: ARM Cortex-A7 @ 1 GHz dual-core
    GPU: Mali-400 MP2
    display controller: unknown, supports HDMI 1080p, no LVDS support
    2 GiB DDR3 @ 480 MHz
    8 GB NAND flash built-in, 1x microSD slot, 1x SATA 2.0 port (Hard Disk of 2,5″).
    10/100/1000 RTL8211E Gigabit Ethernet

    2x USB Host, 1x USB OTG, 1x CIR.
    S/PDIF, headphone, VGA and HDMI audio out, mic and line-in via extended pins
    Wi-Fi and Bluetooth on board with PCB antenna (Broadcom BCM4329/BCM40181)
    54 extended pins including I²C, SPI
    Dimensions: 11 cm × 8 cm

    There is no LVDS support any longer. The RTL8211E NIC allows transfer rates up to 630–638 Mbit/s (sending while 5–10% idle) and 850–860 Mbit/s (receiving while 0–2% idle) when simultaneous TCP connections are established (testing was done utilising iperf with three clients against Cubietruck running Lubuntu)

    To connect a 3.5″ HDD the necessary 12 V power can be delivered by a 3.5 inch HDD addon package which can be used to power the Cubietruck itself as well. Also new is the option to power the Cubietruck from LiPo batteries.

    Looks just about ideal for a file server… but $90 at Amazon… so I’m likely to see if I can live with my existing USB disks on a R.Pi for $40 first…

    Or 75 pounds in the UK:

    Also on the “someday” list…


    I’ll likely not “make available the builds” so much as “post the recipe”. Each thing, as built, over months I expect, will have a “how to” posting. Maybe an “unboxing” picture, and a recipe to make the system go. Not really much reason to put a 2 GB system image up when you can say “Install Raspian per directions here and do “apt-get install-nfs-kernel-server” …

    But it ought to be everything needed to “make it go” plus I’m here to ‘splain things if unclear.


    For me, it’s a much “play” as “hard work”. I’ve done management stuff for the last dozen or two years and it also helps me keep my hand in at the tech side. There’s a moment when you are the new manager and, as I do, tend to talk jargon-free so other managers can understand you… the “folks” on the team start to think maybe you are a Suit with no Chops… Nice to be able to whip out some tasty trick you did (even if at home) and ‘splain that you still have clue… I’ve also been known to “pitch in” on the teams I lead. It gets some creds pretty quick when you do that, but best not to be too rusty when you do…

    So yeah, it’s work. (For example, I’ve had data moving most of the day as I prep the USB disk for the PXE boot server… slow USB on the box I’m using). I could have done something else with the time. But now I’ve got recent Debian experience, NFS set up and running, PXE boot script 3/5 done, etc. etc. And when I have it done, I can boot the “system of the day” on the Evo without dealing with CDs…

    That it also lets me be more secure and have an environment I like for general use is also nice.

    Oh, and I refuse to spend $400 to buy a EUFI afflicted Micro$oft infected desktop box when I can “roll my own” for $70 and have unlimited software available for free. The Chromebox is a nice “appliance”, but there are times I resent needing to change boxes just so Google doesn’t see anything of interest…

    @Kent Gatewood:

    I could fix the OPM security problems, but not with this set-up. It would be a very different set of needs, as that personnel data will have “hooks” into it from all over the government. One would start with locking down the computer it is on, and putting in place ACLs Access Control Lists for just which machines, when and who can access the data. Also having intrusion detection gear in place so when suddenly 20 MB of data start moving alarms go off. After that, I’d need more specifics on the setup to make better suggestions.

    But it can be done.

    FWIW, I’ve usually found that weak security comes from management that doesn’t care not willing to spend money on it. Also political pressure to open connectivity is usually large, and you simply must have management that listens when you say “That would be a very bad idea“, and will back you up. I’m not sure that can be obtained inside The Federal Government…

  10. Larry Ledwick says:

    it’s just prudent good habits… So there’s a little round band-aid over the camera on the laptop since it is known that a hack can be done to turn it on remotely and I don’t need someone watching me as I type the root password at a client site…

    Here I thought I was the only one I knew that taped over user facing cameras and microphones on laptops. Until recently I used the dumbest phone I could buy. I wanted a phone that did 2 things, make voice calls and send text messages. I don’t need or use other phone services. I don’t need it to tell me the weather I have a window for that. I don’t need it to tell me where I am, or interrogate every hot spot it sees. To save the battery I routinely go in and shut down all the crap that gets started automatically (battery lasts a lot longer).

    Unfortunately I lost that dumb phone a while back and ended up getting a web enabled phone. I have never used the web capability. Screen is too small to do anything useful even if I could. I have enough trouble reading the display on a small Samsung Galaxy 3.

    I am currently looking for a 3g/4g air card for my laptop that uses the usb connection and does not do wifi for when I go on vacation. I don’t want a portable hot spot, I just want the computer to talk to the internet via the digital phone network.

    I also am just stunned by how many people actually want to connect everything from their coffee maker to their refrigerator to the web. There have already been news stories of web connected devices being used as vectors to get inside an otherwise well secured company network (things like copiers). I am expecially wary of remote online diagnostic abilities for devices, as by definition that implies some ability to do low level access to devices.

  11. E.M.Smith says:

    Well, the R.Pi M2 got here today. I’ve unboxed it, and have a couple of photos.

    I’m typing this comment on it now (it’s set up and running!)

    There does seem to be a keyboard mapping issue, as quotes are coming out @ signs and the @ sign gives a “… I’ll need to work on that…

    Compared to an original R.Pi, this one cooks. High res video, no wait typing even in a GUI. Nice. It’s running about 16% CPU with browser and typing. Less when not typing.

    All in all, I’m a happy camper.

  12. p.g.sharrow says:

    @EMSmith; Glad to hear you are a”happy camper” :-)

    I hope my grandson will be a “happy camper” in a week or so as the R.Pi dogbone stacks get here with the other parts. We had been working on other mountings for our Pi’s but this should be better. We presently have 1- R.Pi A set up and 4- R.Pi B+ to go into the 1st stack. Looking forward to your updates. We will be setting this up in the shop backroom communications area. We have 4- 250gig SATA HDDs to play with as well as well as a lot of other “junk” and misc computers. Lots of expendable toys to play with. As If I need MORE games to play. ;-) pg

  13. E.M.Smith says:

    I’m working on a posting about the ‘unboxing’ now. The very short form is “This is the Raspberry Pi I’ve always wanted”. From a small first use, it has about the perceived speed and quality of experience as the Chrombox, but with a LOT more software choices available and without the built in Google Snoop Facilities.

    Right now I’m using the Chromebox for this comment (as I’m used to it and don’t have the R.Pi all the way set up yet – i.e. the keyboard still maps UK not USA and I’ve not installed things like graphics edit tools…) and will likely use the chromebox for the “unboxing” posting. Then later tonight I’ll “settle in” to the R.PiM2 and at that point, the Chromebox is highly likely going to be set aside. It’s done it’s job of being an interim “postings and browsing” box while on the road (after the HP laptop died), and will most likely be repurposed into a “media center” driver for Netflix and “emergency computer for browsing” and not much more.

    Basically, the Chrome experience is a nice one, for a prison… but I’m ready for the “Jail Break” experience with the R.Pi and Linux. ( I’ve always preferred the Linux world, but now I can get it in a small package about the size of a pack of cigarettes and without the fan noise…) My original R.Pi Model B was “OK” but just a bit sluggish on graphical / browser use and not really suited for being a “Daily Driver” desktop. This one is quite fast enough for that. So the Evo is likely to become a ‘secondary server’ of some sort, leaving behind the Debian Hang issues, old worn hardware failures (CD drive) and all. The R.PiM2 is quite suited to being my “terminal server interface” to the back room boxes, so “things with fans” can find a nice closet somewhere to live in :-) FWIW, one of the features of the Chromebox is the ‘nearly no fan’. It has a very quiet one that isn’t always on. The R.PiM2 has no fan at all. Very nice.

    IMHO, the R.PiM2 has the potential to be a Chromebox Killer, and now I’m thinking maybe I’ll look into R.Pi based laptop kits… I’d be quite happy with one of these (or the CubieBoard 4 ;-) in a case with LCD screen, battery, and keyboard.

    But I need to stop here, or that posting in process will become scattered comments …

Comments are closed.