I’m serious. You don’t need to know anything at all about Linux to use one of these. Just download the image, install, and you suddenly have a full featured NAS file server, or you might have a database or a source code repository.

Last year I wrote an article on how to set up a NAS device using Ubuntu Linux. I have been a fan of Ubuntu since the start because it is a very easy distribution to install and configure. The down-side of using Linux has always been the fairly steep learning curve. Before you can get around to using the server, you need to get down in the weeds with configuration files and other stuff.

TurnKey Linux changes all of that.

Painless Installation

A few weeks back, I was setting up an aging PC as a standalone wiki server for a small office—this machine was going to provide a place for the office staff to document their procedures, how-tos, and other things.

I was about to set up an Ubuntu server, as I have done before many times, and install MoinMoin, like I did some months back. I remembered that it was a bit of a pain to get everything tweaked just right, so I did a quick check to see what kind of standalone wiki options were available online.

This is how I found TurnKey Linux. This project is all about single-purpose preconfigured Ubuntu server images.

One of those preconfigured images happens to be a MediaWiki appliance—the wiki engine behind Wikipedia—and I was in business.

The installation took about fifteen minutes, with very little user interaction. I answered a few basic questions and the installer took over from there. As soon as the install was done, the machine rebooted and displayed a message on the monitor with the IP addresses where you can browse to from any other machine.

Full Featured

The work that has gone in to these appliances is amazing. In fifteen minutes I had installed a complex configuration that has the Apache, PHP, MySQL, MediaWiki core, as well as maintenance utilities such as a neat tool that provides a Flash-based pure-AJAX-based SSH command line in a remote browser (i.e. your browser becomes a terminal). Even someone with Linux experience would have to spend quite a bit of time fiddling around with different packages and configuration options in other to provide the same functionality that TurnKey gives you out of the box.

As with most open source projects, the documentation is about 80% complete, with deep detail in some areas, but leaving others fairly sparsely documented. But don’t let this deter you: in most cases users know how to use the product they are installing (e.g. MediaWiki) but don’t want the hassle of configuring it on Linux. That’s where TurnKey shines.

Some Examples

In minutes, you can set up a NAS device. If you want to try advanced content management in your office, try Joomla or Drupal.

If you are working on a small project team and want to protect your source code, try Redmine or Trac and do your bug tracking using Bugzilla.

And while you are at it, you can document your organization’s working practices using a wiki such as MoinMoin or MediaWiki.

Don’t forget to back it up!

As with any computer, you should include your new TurnKey appliance in your backup strategy. The nice thing is that you don’t really need to care at all about backing up Linux or the other software; just back up the data. I don’t need to back up my entire MediaWiki machine; I just need to back up the database and image files. If anything goes wrong, you can rebuild the TurnKey appliance from scratch in minutes and then restore your data.

To save yourself some pain, keep notes on any small tweaks you made to the configuration.

One Machine, One Purpose

These disk images share common Ubuntu underpinnings, but they are referred to as Appliances because they turn your PC into a purpose-built appliance.

This means that if you want a content management system and you also want a ticket management system, you will need two old computers—not a rare commodity these days.

Take a look at what they have to offer and give TurnKey a shot—specialized software used in corporate environments is now within reach of small offices at the right price.

Over the past couple of years I have considered several different approaches for keeping a grip on which computers had which service patch, which router is getting flaky, and which cable connects the library to the classroom at the end of the hall.

I have tried Excel spreadsheets, an Access database, even a spiral-bound notebook—none of them made the job any easier. A few weeks ago I thought about trying a Wiki and this has turned out to be a perfect fit!

If you are looking to keep a loose scrapbook of notes with lots of arbitrary categories and relationships between them, a wiki might do the trick. In this article I’ll cover two simple freeware wikis you can carry around on a thumb drive.

What’s in a Wiki?

All of us have used Wikipedia at one time or another, and though it may be regarded with disdain by high school teachers, when you consider how it works, Wikipedia is an amazing achievement. But what is the nature of a wiki?

One of the key features is that any page can be easily edited at any time (of course this can be limited by permissions). Another attribute is the ability to breathe life into a new page just by calling its name.

Between these two features, you get the essence of wiki-ness.

For example, if I have a page that discusses North American bears, I can type in a list of bears in a special format, often in jammed-together Wiki Words, like this:

• GrizzleyBear
• BlackBear
• BrownBear

As soon as I save the page, those bear names become hyperlinks. Even though I haven’t written any pages about the individual bears, whenever it finally suits me, I can click on BlackBear and accept the invitation to “Create a new page called BlackBear”

Better still, a friend who knows about black bears might click on BlackBear and write a beautiful page about the animals.

That’s what wikis are all about.

Back to the School Computers

In a matter of minutes I was able to make a page that described the building and listed the various rooms in the building. I was able to then click on each room and “auto-vivify” a page for the room.

From that point, it was easy to create custom pages for each computer in the building, with each page listing the machine’s stats. I also created pages for each network switch or router.

In a matter of two or three evenings I had the skeleton of a solid knowledge base populated—it’s a pretty fancy looking web site with dozens of pages that took little effort to put together.

Last night I noticed that one of the machines wasn’t connecting to the Internet, though it connects fine to internal servers. I popped open its page on the wiki and added a simple note at the bottom of the page:

2009-10-11 - This machine isn't able to connect to the Internet. Not sure why. It connects fine to internal servers.

A few weeks ago I replaced a fan in a network switch. An easy annotation on the wiki page for that device.

Personal Wikis

There are many uses for personal wikis, mostly centered around personal knowledge management and personal information management. People use wikis as a replacement for time and task management tools, as a place for gathering thoughts, as a sort of amorphous database, and many other things.

There are many different personal wikis available—here’s a short list of free ones. One nice simple wiki to try is TiddlyWiki. If you are looking for something with a bit more substance, you can try a portable version of MediaWiki—the engine behind Wikipedia—that runs off your thumb drive.

TiddlyWiki

This afternoon I downloaded the flyweight portable wiki called TiddlyWiki. This is an amazingly tight little application—it comes in the form of a single fat web page that you copy to your thumb drive. As you make edits to your TiddlyWiki, the single html page is saved with your changes. Since it’s a single fancy file, backups are dead easy.

Here’s what it looks like when you first launch the “empty.html” file:

After a half hour of twiddling around, I had thrown together this basic set of “Tiddlers”

In this screen shot you can see that there are now links that bring up custom “Tiddlers” for each computer and for each room. I have opened one of the little pages for Computer21.

They describe these pages as being comparable to note cards. All in all, it is tight and easy to use.

Want to give it a try? Download it from the TiddlyWiki site. You really need to play with it to get a feel for what it can do!

MediaWiki

If you are looking for something with a little more meat on it, you can run the Wikipedia engine on your USB drive.

The easiest way to set this up is to let MoWeS do everything for you. MoWeS stands for Modular Webserver System. It’s a free product that you can configure as a self-contained Apache web server with a variety of cool apps like MediaWiki, running off a thumb drive.

Here’s how to set up MediaWiki in five minutes:

• Go to the MoWeS Mixer
• The first time around choose “I do not have a MoWeS Portable II Package and want to obtain a new package” when prompted and click Go.
• On the software lists, check Apache2, MySQL5, PHP5, and MediaWiki
• Click Download Now
• At this point they ask you some kind of question in German, to filter spambots, but it seems to be a simple math problem. Fill in the answer and click Submit Query
  (“Zum Schutz vor Downloadrobotern geben Sie bitte das Ergebnis dieser Aufgabe ein: 5 + 8 = ?“)
• Unzip the downloaded zip file, mowes_portable.zip, and copy the files to your USB drive
• Open your thumb drive and double-click mowes.exe
• Select your language and accept the license
• Click install, and confirm when prompted

The installation process may take several minutes, but rest assured that it isn’t installing anything on your computer.

Note: I received two or three firewall warnings for the Apache web server and the MySQL database. I had to click the “Unblock” button for all of them before my new MediaWiki-on-a-stick would work correctly.

After all of the dust settled, I have this little window on my screen:

In order to shut down and close out, just click the End button.

Once your MediaWiki USB key is running, you can go to this web page:

http://127.0.0.1/mediawiki/index.php/Main_Page

It looks just like Wikipedia, doesn’t it?

What a truly amazing thing: you can carry around your own Wikipedia server on a USB key and plug it in any random machine and start it up.

Different Wiki Features

As you try out different wiki software, you will notice that there are plenty of differences in the features they support:

• Each wiki has a different kind of editor. Some are visual; others are simple text editors.
• The markup syntax you use for pages is different from wiki to wiki.
• Most wikis support features such as “category pages” that find all pages tagged with a category.
• Some support adding images and other content; others don’t. I imagine that TiddlyWiki probably has some means of embedding images, but I couldn’t find it.
• A quick glance at the MediaWiki screenshot above shows extended features such as the Discussion tab and the History tab.
• Some use the filesystem for their pages; others use a database.

Since I wanted a central wiki for the whole school, I chose a different product from the portable wikis I discussed here—I decided to run MoinMoin on a Ubuntu installation on an aging Gateway desktop machine. Nevertheless, the basic idea is still the same.

Once that arrangement becomes a little more stable I’ll write up a howto document, like the Linux NAS one from a few months back.

Other Sources

There are loads of different personal wiki options out there and many people have written how-to documents and tutorials. Here’s a few:

• Run Your Personal Wikipedia from a USB Stick (Lifehacker.com)
• Geek to Live: Set up your personal Wikipedia (Lifehacker.com)
• Wiki On A Stick (PmWiki.org)
• Getting Started with Wiki on a Stick (About.com)
• TiddlyWiki for the rest of us (giffmex)

Their network security department very kindly (and politely) informed me that they had received a “cease and desist” order from a particular game publisher. They had included the game publisher’s email, complete with the incriminating evidence.

There it was: logs showing the MAC address of my cable modem being involved in suspicious BitTorrent activities.

Considering that at any time during the week there can be from two to six or seven different teenagers hanging out in my humble abode, carrying virus-ridden machines, the message was clear: I had to get serious about locking down network access

The Problem

I would have liked to have bought some net filtering software to slap on the offending machine and been done with it, however I knew that this was insufficient.

Even if this one event could be traced to a youthful source, a more ominous danger comes from the inevitable malware and viruses that teenagers collect on their machines as they swap cool stuff with their friends.

Complicating things, there are many devices on our home network: Besides their school laptops, the kids have video game consoles and one has an iPod touch, all with wifi access. Think about how many different gadgets are on your home network.

And shutting off access altogether was not an option—there is still schoolwork to be done!

The answer: A Private Network for the Kids

My solution was to put together an unusual network configuration using a second wireless router; I wanted the ability to manage every single kid-owned device at the flip of a switch, while leaving the grownups untouched.

I hooked the cable modem (red) to the main router, shown in green. I then plugged a second wireless router, shown in blue, into the first.

By doing this, you can see that there is one single wire connecting the entire blue network (the kids) to the green network. It was trivial to then configure the green router with appropriate access control and filtering for that one single device: the blue router.

Some quirky details

Home routers like these are, by default, configured with a NAT firewall. They work sort of like one-way mirrors: someone on the network can see out, but nobody can see in. As a result of this, the kids (blue devices) can see any device on the main router (green devices), such as our print server and the NAS device, but no one can see into the kids’ network.

As paradoxical as it seems, this is exactly what I wanted. By making the kids’ network a private network, it appears to the green router as a single device. When I am configuring access restrictions, I only need to control access for the blue router’s IP address or MAC address.

Many consumer-grade routers have flakey firmware that just doesn’t really behave well when you start doing things like turning on filtering for multiple machines. I simplified things by bringing down the number of controlled devices to one. In addition, if one were to try filtering on the IP addresses or MAC addresses of individual machines, this can be easily defeated by manually changing the IP address or MAC address. With my configuration, the MAC address being filtered is the blue router, locked away safely.

The Finer Points

If you want to set up a network like this, do the following:

• (Recommended) Reset the kids’ router. Hold the hard reset button on the router in while you turn on power; hold the button for 15 seconds or so.
• Hook the kids’ router up to a spare laptop using an Ethernet cable. (Turn off the wireless of the laptop for the time being).
• Use the laptop to navigate to the configuration web page (usually 192.168.1.1).
• Set the router’s own address to a different network from the main network, such as 192.168.2.1. This is critical.
• Configure the router’s gateway and DHCP server entries to all point to the main router (192.168.1.1). This tells the kids’ router to use the main router as a source for its DHCP lookups and such, rather than going to cable modem.
• Navigate to the configuration web page at the new address (192.168.2.1). You may need to close the browser and replug the Ethernet cable.
• Set up your wireless security for the kids however you like. Make sure to choose a different channel and SSID from your main router.
• Remove the laptop and plug the WAN port of the kids’ router into one of the LAN ports of the main router. Restart everything.
• Test both networks to make sure things work the way you think they should.
• (Optional) You might want to connect to the kids’ router and set it’s external IP address statically. Make sure that this is set to a number on the home network (e.g. 192.168.1.2).

Some notes:

• You can only maintain the kids’ router from a machine connected to the kids’ network; the home network cannot see the management screens. If you wish, you could enable remote management for the kids’ network only, since the main home router is still protecting the whole network from intruders.
• Computers on the kids’ network can see all devices, but they aren’t on the same network. This means that network printers and NAS devices are accessible, but you will have to attach to them using IP addresses. I was able to easily set up the machines on the 192.168.2.1 network to use a print server on 192.168.1.100.
• For machines that should have full access (a.k.a. yours), make sure that you either set the green network to be a higher priority or remove the blue network SSID entry altogether. I found out the hard way that my iMac would randomly pick the green or the blue depending on which one it saw first when it woke up.
• This does not wall off your main network; it simply provides a single point of control to the entire kids’ network. In other words, don’t depend on this setup to prevent malware on the kids machines from seeing your machine. You can, however, set up your PC to not trust the kids’ network.

Wireless Network Security

Regardless of how you set up your network, make sure you use at least WPA encryption (Never use WEP!). Make sure your passwords are solid.

Using DD-WRT on my new wireless router

In addition to the new network configuration, I went one step further and chose a main router that lends itself well to installation of open-source firmware. I ordered a Linksys WRT54GL from Amazon for a little over fifty bucks. I chose this one because, as a direct descendent of the venerable WRT54G, this router is very well suited for running alternative firmware such as DD-WRT, giving substantial control over things like, say, access control…

Within a half hour after my new router arrived, I had gone to the Supported Hardware page, obtained the latest build of DD-WRT, and replaced the Linksys firmware with the far-better open source code.

I won’t go into the specifics of installation here, but it isn’t very challenging. Check out the DD-WRT site for details.

Closing Thoughts

Make no mistake: we are responsible for whatever goes on our home networks. Just like your home telephone; if someone dials up some 900 number and rings up a thousand-dollar phone bill, the phone company won’t care a whit who did it, you will still pay. Likewise, regardless of who did the BitTorrent download, there is a certain degree of responsibility of the homeowner to lock down the network.

Another point: Without some degree of personal responsibility on the part of the kids in the house, this sort of activity would simply be an arms race of filtering and blocking versus hacking. My goal is to help keep the honest people honest and to make life more difficult for the viruses and malware.