Moving Forward - The Grant And Networking

Well, we finally have gotten word about the Grant; we're still confused by what it means. However, we are going to purchase the new computers before the end of the year.

Another project is moving some of the network equipment from the library side into a locked cabinet in the Headquarters side of the same building.

When the building was wired for networking, for whatever reason, the contractor put the patch panel, switch, router and its diagnostic modem on a shelf, up high on a wall, inside the library. This makes for a down-right ugly, insecure and inaccessible setup. Inaccessible to us because we don't have 24hr access to the library; the City of East Tawas is in charge of the library. They own the building and are responsible for the library staff.

The same is true for the other branch libraries; the cities hire and pay the staff and take care care of the building while we provide the materials and support. The only real problem with the East Tawas Library and District Headquarters is that we reside in the same building, share the same utilities and computer network, yet we're physically separated from each other. So, if there was a problem with the router or switch, we couldn't just go and physically check tings over, we'd have to notify the library staff first.

The first step was looking for a contractor. We had a site visit today from one potential contractor who will give us a written estimate. It won't be a quick and easy job; it's an older building with no real crawlspaces, let alone access. The only concerns we have at this time are: 1) how much it'll cost and 2) how long a service interruption we'll have.

More WifiDog

With Monday well into full-swing, I've started focusing on securing WifiDog.

One thing that I want is to shutdown the wireless access point from 6:30 P.M. to 6:30 A.M. every day. This way, we can prevent some unauthorized person trying to break into our systems and to prevent any abuse while no one is here to stop it.

This won't be meant as a 24-hour service (at first). It will be meant to supplement our public computers by allowing anyone with a laptop to use our Internet Connection during business hours. So, if there's a problem, there's a better chance of getting help than being stuck at a time when everyone's in bed.

Wiki Updated, WifiDog, and Other News

Last night, after work, I added some more content to the Wiki and revised the navigation panel.

For right now, the Wiki is going to be somewhat of a supplement to the FAQ page on our web site. Eventually, it will replace the FAQ page and cover certain questions in more detail.

WifiDog continues to work fine. However, a mistake I made with iptables caused the link between gateway and server to fail until early this morning. A few additional software packages were installed today. Mainly, it's to provide graphical representations of certain statistics for the administrator. With things running smooth and stable, I put the system back into the locked network cabinet; freeing up the worktable.

Our renewal license for our anti-virus software arrived today. By next week, almost all the computers in the district will have their licenses renewed. This is due to AVGAdmin, which allows central monitoring and control of the anti-virus software without intruding on the end user.

Let me be clear: AVGAdmin monitors and controls only the anti-virus software. It does not allow for remote control and viewing like VNC. Like VNC, it is meant as a diagnostic tool that saves time and money. Without it, I'd have to go to every computer and manually enter the new license code. In regard to security, it's already helped me catch a few things that didn't belong and correct a few small problems; all from my office.

Instead, the computers communicate with a server that has all the data needed to manage the software. Any changes are automatically sent the next time a computer connects to the server. I says almost all computers because there are a few that either aren't networked (like a laptop locked away somewhere) or a few older Win95/98 PCs that haven't been phased-out yet.

WifiDog Finally Working

After a small problem with PostgreSQL, an open-source database program, I finally finished the basic authentication server. Compared to the linux-based Content filtering and caching server we use, the basic authentication server runs only:

Apache - web server
PHP5 - scripting langauge
PostgreSQL - database server
Postfix - e-mail server
Iptables - firewall

The filtering and caching server has DansGuardian (content filtering) and Squid (web caching), but neither Postfix or PostgreSQL. I should note that DansGuardian is not open-source software. It is proprietary software that is free for non-commercial use.

Postfix is setup for one-way use only; it only sends authentication e-mails out and Iptables blocks all incoming e-mail traffic. Otherwise, you could end up unwittingly hosting a spam relay. This actually happened to me when I initially started testing our own in-house filtering solution back in the Fall of '05; it was installed by default and set to run on boot. Since it's not needed on the filtering and caching server, it's not even installed.

So, with the server out of the way, I turned my attention to the gateway.

As I mentioned in my last post, the gateway is software that runs on a modified Linksys WRT-54G V.4 wireless router. These are still available, but are currently known as the WRT-54GL (L for Linux).

The WifiDog development group is still as active as ever, and recently released a WifiDog package for the latest version of OpenWRT. This is a significant development because you couldn't just install firmware, install WifiDog and run it. This is due to the fact that there's a "link" between the package and the operating system. For it to work, you either have to compile the operating system and package from the same buildroot, or get what you need already complied as such.

After a few more minor tweaks and customization, the setup worked. I could create accounts, authenticate them via e-mail, and surf the Internet as was intended.

So, what's next? Nothing right now. There's still no plans for testing or deployment, and there's still a lot more work to do. Such as:

1. Limiting the bandwidth so no one ends up hogging up too much and slowing everyone else down.
2. Making sure that access to certain parts of our network are inaccessible from the gateway.
3. Customizing the appearance of the WifiDog web interface (it's set at default, which is nice)
4. Implementing other features that add to its functionality.

If you want to try this for yourselves, I recommend you start by going to these sites for information:

www.wifidog.org
www.openwrt.org

Plainfield Ticket Closing and WifiDog

Since Plainfield reported smooth sailing for Monday and Tuesday on the new circuit, I called Merit Networks and closed the trouble ticket. For all intents and purposes, Plainfield's troubles are solved.

Meanwhile, I decided to go and do a fresh installation of all the software on the development server; an old Gateway E-4400 Pentium 3. I was running into issues with the WifiDog's database, and since this is a test setup that sees little use, I may as well start from scratch. This time around, I plan to better document the installation process since there are others interested in implementing a similar solution.

WifiDog is captive portal suite, meant to prevent hotspot misuse. It works in two parts; a gateway running at a hotspot, and an authentication server at a central point. A user who wanted to use a hotspot would be redirected to the gateway's login page. The user registers via e-mail, or simply logs in if they're already registered. The authentication server gathers statistical data from each hotspot, as well as tracks hotspot status. This is important to us since we can't just setup wireless hotspots; we have to protect and manage our resources or else everything slows down or fails from misuse and abuse.

The most enticing aspect of WifiDog is that it can be made to run on a multitude of hardware. The software is free and the hotspot hardware is cheap. For our purposes, I have a Linksys WRT-54G V. 4 wireless router that I bought earlier this year for testing purposes. It's been a learning experience loading and creating my own firmware, then going back and redoing things again and again. But it's paying off in that it has become easier for me to get things up and running and troubleshoot any problems that come up.

In fact, I was able to get the software working except for an issue with the authentication e-mails. This time, I hope to get a fully functioning setup and actually test it.

But, there is still no timeline on completion, testing, or deployment, so don't hold your breath.

New Printers up for Sealed Bid

As of last week, the Board approved the bidding process for eight new Ricoh CL3500N color laser printers, and a set of toner for each printer (regular black toner, and low-yield color toner)

Starting this morning, I already faxed at least one vendor. Our announcement is published in the local paper as well.

The requirements of the process allow me to give everyone a clear deadline for when the new printers will be deployed.

The deadline for the submission of sealed bids is October 13, 2006, at 4:00 P.M. EST.
(the 1st of October is incorrect)

Faxed or e-mailed bids will not be accepted.

All received bids will be opened at the October 16, 2006 Regular Meeting of the Iosco-Arenac District Library Board of Trustees.

Printers must be delivered prior to 4:00 P.M. EST, November 3, 2006.

If there are any vendors who are interested in participating, please call 989-362-2651 to inquire. We will fax you the required information.

Plainfield Back Up

As a last resort (one that was planned), Merit had us switch from the old data circuit to a new one that the phone company installed last month. We were going to switch over to it anyway, and they felt that the problem may have been due to routing issues with AT&T.

So far, it seems that the issues they've been having are solved. But we're keeping the ticket open for now. By Monday evening, we should know whether they're going to stay up or not.

Update week finished without any other snags. There were a few other problems, but nothing major.

Changed Comments Settings

Today, I've changed the settings in the comments section of the blog. Now anyone can post comments. Your feedback is important, and I welcome both positive and negative comments about our equipment and services.

Please understand that I will not tolerate flame wars, trolls, or irrelevant postings (including those stupid first posts). If the comments section is abused, I will reset it to allow comments by registered users only.

Plainfield Update

Since this morning, it seems that Plainfield's troubles are behind them. I'm keeping my fingers crossed that Merit has solved the problem. We'll know definitively by the end of this week.

Update Week

This week is update week, which is the week when software at each branch library is updated. It primarily covers security patches, however this week also includes the addition of Grisoft's remote libraries.

With our current license on the cusp of renewal, and with no set date in sight for the new computers, I decided that it would be best to simplify the renewal process. Which means that, after this week, when I receive the license code, I simply enter it on my workstation and every other networked PC is updated automatically.

That doesn't mean that DeepFreeze Enterprise will be fully deployed yet. The official roll-out will be with the new computers; there's no reason to do so at this time.

Plainfield is still experiencing problems with its Internet connection. Merit is working the problem. I've spoken with their NOC (Network Operations Center) Technicians and Engineers this morning. But, at this point, there's nothing that can done now but be patient and let them do their job.

We started the paperwork on the new Color Laser Printers last week. Because we're purchasing eight printers, and extra toners for each printer, the total cost requires that we shop by sealed bid. The specifics of the bid will be published in the local paper and e-mailed to vendors.

FYI, we're going with Ricoh Aficio CL3500N color laser printers with network connectivity. We've been using the same make and model at our headquarters (replacing five ink jet printers) with excellent results. No paper jams, great print quality, fast, quiet, easy setup out of the box, and easy to swap toner cartridges. We're hoping to have these deployed by the end of October.

Finally, I do understand that the largest request we get from our patrons is the ability to bring in and use their own computer equipment. At this time, for security reasons, we're not allowing this yet. My goal is to allow wireless access via WifiDog, which you can read about at http://www.wifidog.org/. Access will be free but statistics on each branch will be monitored so that we can make improvements. There is still no date for deployment at this time.

However, a rough timeline is this:

September 2006 - Renew AntiVirus licenses / start bidding on new printers
October 2006 - Purchase new computers, prep and deploy (including new software)
October-December 2006 - Test, purchase, and deploy time and print management solution
September-December 2006 - Work on side projects, which include: Wiki Documentation, and WifiDog.

Into Friday

Today, we're still having the same problem at Plainfield. Another lead came to light that it's possible the problem is with the circuits themselves, and not the router. So, this annoying problem is going to have to continue into next week.

To help pass the time, I decided to clear out a lot of accumulated junk and reorganize my shelves and boxes of parts and supplies. I spent a few hours earlier in the week clearing out boxes that I kept in the event of an RMA.

An Eventful Day

Who says that Thursdays have to be dull? Yesterday, Thursday, was pretty eventful for me.

At one of the branch libraries, they've been having problems that began on the 1st. The client software we use for checking items in and out was crashing every few hours; which prompted either logging back in, or rebooting and then logging back in. At first, it was suspected to be a problem with the software or malware. However, the system turned out to be clean. One vital clue was that when the client crashed, other users experienced outages.

During Thursday, I narrowed down the cause to the Internet connection. After several phone calls to Merit, some swapped cables, and more troubleshooting later, we finally tracked down the specific cause. A router, between the library and the world, was dropping too many packets.

Hopefully, Friday morning should open with a trouble-free connection once again.

Why did it take so long to figure this out? First, the problem showed up on Labor Day weekend; so the library was only open on Friday. Plus, on Labor Day, all the libraries and branches were closed. So, it wasn't until Tuesday that I learned of the problem and got busy solving it.

The Internet Connection being the cause wasn't high on the list of possibilities because we've had problems with the client before. Only once more questions were asked, and equipment checked, could things get narrowed down.

It's all in the details

I've been spending much time refining and testing the software that will be on all the public access computers. At this point, I'm down to two things: bookmarks and small details.

For instance, at the Login Screen (the systems will automatically boot to a certain profile, but that will change later), the screen saver is the standard Windows XP screen saver. I had no idea how to change the screensaver until I looked it up at Microsoft's support site. You have to use the registry editor to make the changes, but it's relatively simple to do.

The article can be found here: http://support.microsoft.com/kb/314493/

For the record, I can definitively say that the Administrator profile does not determine the default settings for the Login Screen.

At this time, I'm up to revision 10 on both OEM (for computers pre-loaded with XP Pro) and eOpen (those not pre-loaded). I use Symantec Ghost 2003 for all my major backup and imaging needs. It works with virtually any file system (including those used by Linux) and saves a lot of time prepping multiple computers.

http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=br&pvid=ghost10

Please note that Ghost Version 10 works only with Windows platforms. The 2003 version is recommended if you're using other operating systems or have multiple computers to work on.

Make sure that you keep track of your software licenses!

Successful deployment of DeepFreeze Enterprise

Well, later today I went to the Standish Branch since they've expanded their business hours from 5 to 7:30 P.M. So, I decided that they'd be the first to get the newest version of Faronics DeepFreeze Enterprise 6.

This software is what keeps our public computers running smoothly. We've been running the Professional version 5 for over a year with success. This year, I decided that it would be worthwhile to upgrade to the Enterprise version because it allows remote administration and (with version 6) on-the-fly changes to the installation. The latter is a significant milestone for me because if I wanted to change even the time a system shuts down, I'd have to create a new installation program, uninstall the old one, and install the new one. That meant two reboots, as well as traveling to the site. Now, I can do it with a few clicks of the mouse from my office.

This branch is also the first branch to receive the Remote Libraries for its AVG Antivirus. This allows me to centralize chores such as license renewal and updates. Which, in turn, saves considerable time and money traveling computer to computer.

Those who are interested in learning more about DeepFreeze, check out:
http://www.faronics.com/

Our antivirus software is Grisoft AVG Antivirus for Networks.
http://www.grisoft.com/

I should also add that I've published an opinion about the Deleting Online Predators Act of 2006 on our technology Wiki. This is poorly worded and ill-conceived legislation that will do nothing to hinder sexual predators.

My First Entry

Good morning. This blog is a companion to our wiki located at http://ioscoarenaclibrarytechnology.wikispaces.com/

The purpose of the Wiki and this Blog is to provide the public information about our public access computers that is more up-to-date and in greater detail.

Today, I have just published the first three pages on our Wiki: Home/Introduction, About and "The Software Overhaul." This week, I'll be in contact with each branch library for this month's round of software updates. This is a monthly process that addresses bug and security fixes for all our staff and patron computers.