Suggestions for Setup of the Computer Lab

Robert Pogson 4/15/03

The lab is a useful facility but it has a number of problems:


We have users of all shapes and sizes but only one or two types of chair. It would be advisable to obtain chairs adjustable in positioning and with cushioning. The room is often warm and the plastic chairs become clammy.

The adjustable keyboard trays are an attempt to make the keyboard position more suitable. The mouse, however, is now too far away and the user must reach for it. The trays have flimsey structures and are failing. The ones without working clamps allow the keyboards to collide with the counter top and to be damaged. I recommend extending the counters with a ledge of similar material, or even a plank or sheet of plywood to make a large enough platform for work, keyboard, mouse, and computer.

The Apple computers, that come in a single unit, often do not allow the screen to be positioned to give a normal view to the user. This is important for comfort, stress relief and elimination of glare in the view. I recommend placing blocks under the current computers to raise the screens. In the future, I recommend obtaining separate, larger monitors and computers so that the position of the screen is less compromised.

The machines release kilowatts of heat energy into the room. When it is warm, users open the vent in the window, causing a cold draft which is uncomfortable. The Tektronix Phaser 850 color printer is near the window and is too cold in cold weather for normal operation due to drafts from the window. This printer should be relocated to a location with a more constant temperature. The printer goes into “warm-up” every few minutes and is not available for printing at that time. Some more responsive ventilation system would be desirable and may save energy. Could not cool air from other parts of the building be brought in?


The older machines have barely enough RAM to run the modern software with graphical user interface (GUI). The old powermacs have 180 MHz processors, and 1.2 gB hard drives. The old iMacs have 400 MHz processors and 64 mB RAM. These have larger drives. Memory and hard drives are quite reasonable priced these days. We could add 256 mB of RAM and 40 gB of hard drive for about $150 for each machine. This would reduce crashing with the present software and permit a more modern operating system like Linux to thrive. This would be a short term solution. In the long run, these machines should be replaced with IBM compatible PCs with ATX motherboard, DDR memory and a good, fast processor such as the AMD Athlon. New systems, close to state of the art, with 256mB RAM, 17 inch monitors and a 2000 MHz processor can be had for less than $1000. These could be maintained in-house with a Philips screwdriver and a few spare parts.

I recommend the older machines be refurbished with larger hard drives and additional memory. They would then be able to serve well enough in the lab or classroom. As they are, there are some uses for which no changes would be needed:

I have already mentioned the advantages of using the Linux operating system in the lab. It is more reliable and faster once it is installed and configured than MacOS or Windows. Apple has recognized the deficiencies of MacOS when it came out with MacOSX. That latest MacOS comes from a completely different code base derived from the UNIX operating system. UNIX was developed over several decades by ATT and until recently formed the software of most computers serving web content on the WWW. UNIX is a true multi-user system that can have hundreds of people running hundreds of programmes all at the same time on the same machine with no problem except enough computing power and resources. Resources are plentiful now. The only reason everyone does not use UNIX is that it is a proprietary system with a restrictive licensing scheme. You can usually run only one system in one place with the licence that may cost hundreds of dollars. In the presence of this, Apple and Microsoft began developing their own operating systems from scratch. Apple and Microsoft both followed a similar restrictive licencing scheme using the business model that the software was owned by the companies and a lot of money could be made because they were the only game in town for the ordinary user. So millions of users paid $150 dollars for a licence for an OS and a similar amount for software like WORD or APPLEWORKS. Both company's business grew into monopolies for the Intel based IBM-compatible PC and the Apple computers with various processors starting with the Motorola68000 and later partnerships between Apple and IBM.

At first, the amazing capability of the PC hid a great flaw in this software: it did not work. Businesses wanted to sue for damages caused by restrictive trade practices and faulty software. The licences said there were no guarantees and both companies did things to pressure manufacturers to use only their software. Eventually, Apple built in facility to use other software on their machines and Microsoft was convicted of monopolistic trade practices. In any case, if people were forced to buy cars with only one kind of engine, another kind would eventually be developed and it was. Linus Torvalds recognized that he could write an operating system programme that would operate more or less the reliable way Unix did and he could distribute it under an open licence. His operating system was called Linux and thousands of people were so overjoyed to participate in this project that the software which is visible to everyone, rapidly improved in quality and every bug was addressed and every useful feature was included. The licence is free and the terms are that the software may be copied, given, used on any number of machines and modified as long as the coding remained open, visible and included with distribution of the software. Today there are a hundred distributions of Linux and many excellent programmes available. This Linux software is ideal for our school because it is inexpensive and reliable. The Linux stations I have installed do not crash or freeze. A few programmes have, but that is because most programmes are in rapid development and this is expected. Most programmes on Linux are as much or more reliable than those that come with other operating systems. My Linux boxes have only failed to print once when I had left the default printer set to a non-working machine. Compare that with the others that fail daily. We do not have a large investment in software to hold us in servitude to the commercial companies, and it is of benefit to our students to be knowledgable about a growing movement in computing.

While the software may be free, there is some retraining needed. Fortunately most documentation for Linux is also free:

The best way to learn about Linux is to use it, not to read about it. My students have found it takes an hour or so to be comfortable with it, and then they do not notice any difference except the reliability. To adminster and set up the system requires much more knowledge. I am leaving in a little over a month which is plenty of time to install the new machines and to teach whoever wants to learn how to do that and to maintain the sytem.

The major difference between Linux and the other OS is that Linux has the networking features built-in. Unix was invented to run on something to network. The artificial layers placed on MacOS which is not a true multiuser system just makes the unreliability of MacOS worse. Linux shines in the role. The beauty of Linux, is that one can imagine dozens of configurations of the software to suit our purposes. Whatever we want Linux to do, it can.

The major role of our software is to allow anyone to login anywhere and to access files owned by that one. Teachers may want to group students and to share files with students in the group either read-only or read-write. We absolutely do not want others to be able to access files to which they are not authorized. This is the default behaviour of Linux and requires little effort to do.

  1. Create directories for users and groups on the server (and a backup).

  2. Share the encrypted passwords with each computer in the system. This can be done by periodic copying or continuous network access.

  3. When a user logs in anywhere, he supplies a clear password which is encrypted and compared with the already encrypted password. A match gives him access to his files on the server. These files are usually small typed documents and of no consequence to the network. They can be shared transparently by Network File System (NFS), or we can use Secure Shell (SSH) to login to the server. SSH is like using a debit machine in reliability (everything passed along the network is encrypted) but it means more work for the server as all programmes would run on it unless users login on their machines, do a Secure Copy (SCP), work locally and write back to the server to save. We can set an icon to point to a save or logout script that would take care of this. This would be the easiest secure method to set up as it would give easy access to the GUI. Running the GUI over the network would slow it down. Running programmes on the server is no problem with fast processors and Linux... and you can always add additional servers to expand. Did you notice there are three methods we can use with Linux, right out of the box? It would take less than an hour to set up a server to work this setup and the clients could be copies of a similar installation with no effort after the first one. Maintaining the passwords would take more time unless we used a single password per group as now.

The simplest method to configure would be to use NFS to mount the users' directories on each client computer. That is a single line of text in a configuration file in each computer. It would rely on strong passwords to protect files from improper use. We can give each user their own password initially and change it periodically or as needed. I have written a simple computer programme which reads a list of names and generates passwords and encrypts the passwords in the form reqired by Linux. People could change their passwords to whatever they like except we would reqire them to be at least six characters in “a-z”, “A-Z”, “0-9” and “./”. Linux can enforce rules against using “password” or other simple words as passwords.

A simple programme that enters users automatically into the system (instead of doing so manually) follows. All it requires is a list of groups and users. It generates random passwords to be issued.

program mkusers;

(*This is a programme written in PASCAL (because I do not know C) to prepare a script of commands

to install a list of users on a Linux system. The programme reads a file of usernames, generates

random passwords and outputs the script that can create those accounts and sends a list of names

and passwords to stdout where they may be redirected. Suggested usage: given a file A having group A users, and a file B having group B users, the following commands will enter all users on the Linux

system and create their home directories:

mkusers A A > text

mkusers B B >> text


lp text

This programme is similar to the newusers batch user creation programme.*)

{$LINKLIB crypt}

function crypt(s1:pchar;s2:pchar):pchar;cdecl;external;

var user,group,a,b:string;


function escape(s:pchar):pchar;

(*places \ in front of $ so that bash will not interpret them *)

var j,k:integer;st:string;





while s[j] <> chr(0) do


if s[j]='$' then begin result[k]:='\';inc(k) end;







function random_string(length:integer):string;

(*generates a random string of length length, suitable for use in passwords *)

var s:string;



while length>0 do begin s[length]:=chr(random(72)+ord('0'));dec(length);inc(s[0]) end;





if paramcount<3 then writeln('usage: mkusers group file_of_users script_out')



writeln('attempting to open ',paramstr(2));


if ioresult <> 0 then begin writeln(paramstr(2),' does not exist. aborting');exit end;





if ioresult=0 then

(*append or create output file if it does not exist*)

begin writeln(paramstr(3),' exists. appending');close(g);append(g) end

else begin writeln(paramstr(3), ' not found. creating ',paramstr(3));rewrite(g);writeln(g,'#!/bin/bash') end;

(*position of output file at end of data*)

while not eof(f) do

(*Read users from the file_of_users *)



(*write the command for Linux to add one user*)




(*generate commands like useradd -g group -n -p password user *)

writeln(g,'useradd -g ',group,' -n ',user,' -p ',escape(crypt(@b[1],@a[1])))





The advice given to users of Linux by RedHat is

Remember the following two principles

Protect your password

Don't write down your password - memorize it. In particular, don't write it down and leave it anywhere, and don't place it in an unencrypted file! Use unrelated passwords for systems controlled by different organizations. Don't give or share your password, in particular to someone claiming to be from computer support or a vendor. Don't let anyone watch you enter your password. Don't enter your password to a computer you don't trust. Use the password for a limited time and change it periodically.

Choose a hard-to-guess passord

passwd (the password changing routine) will try to prevent you from choosing a really bad password, but it isn't foolproof; create your password wisely. Don't use something you'd find in a dictionary (in any language or jargon). Don't use a name (including that of a spouse, parent, child, pet, fantasy character, famous person, and location) or any variation of your personal or account name. Don't use accessible information about you (such as your phone number, license plate, or social security number) or your environment. Don't use a birthday or a simple pattern (such as backwards, followed by a digit, or preceded by a digit. Instead, use a mixture of upper and lower case letters, as well as digits or punctuation. When choosing a new password, make sure it's unrelated to any previous password. Use long passwords (say 8 characters long). You might use a word pair with punctuation inserted, a passphrase (an understandable sequence of words), or the first letter of each word in a passphrase.

We can allow or prohibit individual users changing their passwords. If we allow users to change their passwords, they must login to the server and change the password there:


#An icon on the desktop can be clicked to run this script

#user will be asked for present password twice. Once to connect with server #and again to change password.

ssh server



To prevent accidental use of passwd on the client we can remove execute permission for all. The old login will remain valid as long as the user is logged in. The next time they login, the new password will be required. We may have to run rsync or some other programme to synchronize files.

We can use SCP or SSH to keep copies of the encrypted passwords on clients' computers up to date.

On the Server On the Clients

  1. Run nfsd at boot run nfs at booting

  2. In /etc/exports In /etc/fstab

/home /home nfs auto,_netdev,rsize=8192,wsize= . 8192,nouser

/etc/passwd /etc/shadow /etc/group secure copies of these files

This simple setup will do exactly what the present system is supposed to do but does not. Because we cannot get the server working properly with MacOS, we are suffering. Linux, being open source and well documented will be entirely under our control. We are not limited by a contract or license in the operation of this software.

There is still another solution in Linux, NIS, Network Information System. NIS runs as a server keeping a database of users, passwords and much other information about the network and as programmes on each client to permit login at each client computer. A single file, /etc/nsswitch informs the client computer to check NIS for the network user names and a local file /etc/shadow for local user names. NIS is designed to be distributed over several computers so that failure of one permits the job of keeping the database to continue. One NIS server is a master and can periodically or as changes happen, update the slave NIS servers.

The software to install on all Macs and IBM compatibles has already been downloaded from the www. We have on hand:

  1. A set of 3 image files of Mandrake 9.1 for IBM compatible PC, and

  2. A set of 3 image files of Mandrake 9.1 for Powermacs

It will take an hour to burn these six files to six CDs to start installation. After the server is set up, the rest can be installed over the network. This would be slow in our present configuration as we have only 10 mb/s, so it may be better to burn a larger number of CDs. The whole process could be done in a day. This software was released this month and is receiving rave reviews from all who try it. It is very easy to install and can be maintinaed via GUI, from the console keyboard or remotely by SSH or https. It is twice the software we have now. It is many times more reliable because it is Open Source.

It is possible to have dual booting of the present OS and Linux but it is difficult to have part of the system running one OS and part the other because of the networking. We could use fixed IP addresses and have both a Linux server and a MacOS server running, but that would be complicated in that people would switch back and forth. With Linux there is no need to reboot except for repartitioning the harddrive or adding internal hardware. With the other OS, it is necessary to reboot frequently. Linux is fast to run but slow to reboot. Rebooting is a waste of time. A way to avoid this struggle on the network is to use a different subnet for Linux and for the other OS. We now use 192.168.0.x. If we use 195.195.195.x for Linux, neither system would be aware of the other. Only the print server needs to reach the printers which are and and the gateway which is

We use a proxy server setup on each browser on each account in the lab. This causes problems because students can tinker with it. We could have the proxy setup centrally located with the Linux server by doing transparent proxying so that all requests to the Linux server would be proxied so we do not have to set proxy addresses on every machine in the lab. Every request for an address not on the network would go to the Linux server and would be converted to a proxy request to

There is no reason that we cannot have two servers running for printing. The printers have built-in servers that can sort out connections. The Linux server can deal with IBM compatibles running XP by using samba. I would have to look into how the user authorization of XP would be handled. Linux can be an NT domain server if needed but that is an unnecessary complication.

It would be very important that machines be properly shut down with open files on the server and machines being rebooted in two operating systems. Linux has a journalling filesystem which usually handles such problems well, but we should not trust our luck.


With some work the network can be improved greatly in its capability and reliability. All the necessary changes could be done in a week with school in operation by making changes on evenings and weekends. A sequence like:

  1. Install a server on one of the new iMacs or, preferably on one of the newer PCs. Include students' and teachers' IDs. Include a user group for each class which would allow sharing files within a group. Install NFS, NIS, BIND, APACHE, DHCP, NTP, transparent proxy, OpenOffice, opera, and serve installation files for Mandrake 9.1 for ppc and i586, OpenOffice, and opera. Start httpd, dhcpd and nfsd exporting /home. Configure networking on one or more subnets. This should take a few hours including creation of users and groups.

  2. Using the server and an installation CD, start the installation of the client computers. One or many can be done at a time. Since we are prepared and have already installed the server, this should take only a few hours. The iMacs are reluctant to release the CD so we may need one copy for each iMac installed at one time. The major effort will be to specify a disc partitioning strategy and to select software to install. On the PCs, the selections can be done from a floppy recorded at the end of the first installation on a client PC so we could do one first and seven or eight others all at the same time if the machines are identical. Printing configuration can be done at installation time. Each machine will be given a name and domain like “”. Bind can be informed of this scheme if ever we want students to work on a bunch of servers for courses. The lab will be a small model of the www.

  3. By NIS provide user and group authentication on each client computer from the server and edit /etc/fstab to mount the /home directory at boot. Mount /home as root and test the system. This could be done by downloading from the server a script and executing it or even more easily by including an executable file in /home on the server and mounting /home and executing it on each machine at boot time.