Setting up secure public computers

PUBLIC COMPUTERS IN ACTIVIST SPACES SHOULD USE LIVE DISKS, NOT HARD DRIVES!

A public computer running Microsoft Windows is a dangerous trap. Even a machine with Linux on a hard drive is vulnerable to recovery of “deleted’ history, cookies(as in EMAIL PASSWORDS?), and cache.

We all remember the infamous police raid on the Long haul Infoshop on the West Coast. One of the things the pigs did there was to steal hard drives from public access computers. THIS MEANS THEY CAN RUN DATA RECOVERY FOR EMAILS, PASSWORDS, ANYTHING!

You can’t use encryption to stop this because all users would have to be given the password, meaning an undercover could get it with ease.

Even if you use home-on-ram or firefox-on-ram scripts, an attacker could crack the root passwords remotely, then enter the activist space and replace the scripts or stop them from running at boot time. Therefore, hard drives of any kind are an unacceptable security hazard for activist public access computers.

As a result, the Long Haul Infoshop chose not to replace those hard drives. Instead, Linux live disks(I don’t know which distro) were dropped into the CD drives, guaranteeing that the computers could not save ANYTHING. Next raid gets nothing, reducing the chance of any more raids.

HOWTO:

While Ubuntu and many other linux distros install from a live disk, these live disks are painfully slow to boot and use, as they are not designs for speed. Knoppix, however, and especially the DSL(Damned Small Linux) varient of it, are another story.

http://www.knoppix.com

http://www.damnsmalllinux.org/

Knoppix is MUCH fuller features than DSL, though it will

If you have late model computers with plenty of ram, just drop in knoppix discs, pull the hard drives, and post a “how to use” note next to each machine.

USING OLD MACHINES FOR A CHEAP PUBLIC ACCESS COMPUTER CENTER

You can use computers as old as Pentium II’s or even original Pentiums with DSL, though you will need more ram than most of these came with to avoid crashed when using Firefox. When I tested DSL on a 233 MHZ Pentium II laptop with 64MB ram, it was not slow in any way, but Firefox, necessary for a lot of websites, kept locking up due to inadequate memory.

For setting up a safe “live disk” public computer center, get a bunch of old “junk” computers. You can get Pentium 3′s for next to nothing, and Pentium 4′s and their clones are becoming more and more common dumpster finds as dual cores take over and Windoze gets ever fatter.

Sort the machines, and use the ones with the fastest processors. Pull out the hard drives-you won’t be using them. Sell them on Ebay, taken them home and use them, whatever-just don’t use hard drives for public computing. If any “good” computers lack CD drives, pull them from clunkers and install them. Next you need to stuff the good ones with ram(memory) from the clunkers.

While DSL will boot with just 16MB of ram(!), Firefox will crash and lock the machine up frequently with 64MB of ram, so expect that 128 or better, 256MB should be used for these public computers. This ram is all the “disk” space you get, and firefox defaults to 50MB of cache. You can change that, but would have to do so every time you boot.

Pull the ram sticks out of the machines you won’t be using, and sort them. Most pentium II, pentium III, AMD K6′s and some early AMD athlons and K6′s will use “PC-100″ or “PC-133.” You can use PC-133 in a PC-100 machine, but not the other way around. Pentium 4′s might use PC-800(rare and $$$), DDR(in a variety of speeds like “DDR-266, DDR-400, etc) or DDR2, again in a variety of speeds. Later amd Athlons and AMD 64 Athlo9ns prior to the dual-core era all use DDR.

In each “good” machine, fill up the memory slots with the largest ram sticks you have that match the type and have at least as high a speed (number).

I recommend configuring the BIOS to boot from CD first unless you have machines that will boot from USB sticks(most newer ones, few older ones). These should be set to boot from USB first, then CD.

Mark machines that can boot form USB so people with things like encryption-supporting operating systems on USB can use them.

Unsecured wireless networks give maximum public access but are somewhat easier to spy on. Of course, as easy as it is to get ISP’s to cooperate with cops, I don’t suppose that matters much.

Drop in Knoppix or DSL disks, test boot, make sure the computers see the network, and start promoting free semi-secure public access. Remind users to REBOOT if they need to immediately destroy temporary files and old emails when they are done! You will no doubt need to include a simple “how to use” printout next to each machine so people not familiar with Linux can find the Firefox or Konqueror browser and get to the internet.