In Depth: How your Mac can help you through school, college and university
There are a number of reasons to use a Mac as an educational companion, not least for the attributes you're already aware of, namely performance, stability and security. But there are hundreds of other benefits to using a Mac over a PC, one of which is the educational discount offered by Apple.
Macs make up a giant chunk of the computers on American university campuses and they're starting to gain a foothold in UK schools too. This is largely down to Apple's subsidies and promotions for students and teachers that, in some cases, offer a free iPod touch when you buy a new Mac.
Just browsing the education arm of the Apple Store, you'll notice some significant discounts to be had as a student – a £270 discount on a MacBook Pro or £195 off an iMac, for example. Of course, you need to prove your credentials as a student in order to access these savings, but once you do, you'll be saving yourself a decent slice of cash to put towards that master's degree.
And it's not just senior-level education that a Mac can help out with either. Primary, GCSE and A-Level students can make use of the built-in features of Mac OS X to stay organised, informed and in touch with their peers and teachers, and there are some great resources and apps for parents introducing pre-schoolers to basic maths and spelling too.
We'll take you through all of the education levels we've mentioned, point out the software you should be using and techniques you need to know in order to get the best from your Mac as a learning tool and, hopefully, better grades as well.
Tots, toddlers, pre-school and primary school
Parenting guru Gina Ford would be appalled, but our iPhones stuffed with Peppa Pig episodes and funny apps such as MouthOff! and Talking Carl have headed off many a tantrum.
Apple kit isn't just good at keeping younger children quiet, though. The same devices that entertain and amuse can educate and inform, and the latest generation of Apple hardware, software and apps is the most intuitive yet.
Desktop delights
There's plenty of Mac software designed for younger children. Take the award-winning and free paint program Tux Paint, or AlphaBaby, which generates letters and colours whenever the keyboard is pressed or the mouse clicked.
There are also interactive storybooks such as Dr Seuss' Green Eggs and Ham (£20 from Apple), educational applications from the likes of Little Fingers and teacher-developed learning systems such as Dorling Kindersley's Learning Ladder (£13 from the Apple Store). Apple also provides a good list of children's software at www.apple.com/downloads/macosx/games/kids_learning.
If you're on a tight budget a wander around the web uncovers lots of kid-friendly content that won't cost you a penny. Sites such as CBeebies, NickJR and Five's Milkshake offer lots of creative activities based around children's favourite characters. Many icons, such as Mr Men and Dr Seuss, have their own dedicated sites.
For iOS users we have bad news and good news. The bad news is that most of the sites we've just mentioned aren't iPod, iPhone or iPad friendly, as they rely heavily on Steve Jobs' favourite format, Flash. The good news is, who cares? You've got apps!
Apps amazing
As with websites, cartoon characters and puppets tend to dominate children's apps – so, for example, there's Elmo's Monster Maker, the Gigglebies Garden Party and various apps based around SpongeBob SquarePants, Shrek and the Disney Fairies.
It's not all spin-off stuff, though: apps such as Ocarina and SoundTouch are good if noisy fun, while the App Store's Education category is home to interesting apps such as the enchanting Tiny Garden, which helps children learn new words and has the option for you to record your own voice for each picture.
Some of the most interesting apps we've seen are for the iPad. The interactive Alice and the eye-popping The Elements show what kinds of things are possible on the platform, and publishing giant Penguin recently showed off a range of interactive children's books that are coming to iPad soon.
Apple's own iBooks and Amazon's Kindle apps are both starting to offer a good selection of children's material, and Disney Publishing's Read-Along titles bring storybooks to life by including colouring in, games, video clips and voiceover recording.
Proper precautions
When your Mac is the family Mac, there are a few issues you need to consider. Could your pride and joy accidentally damage your data, run up an enormous iTunes Store bill or see material you'd rather he or she didn't? Not if you use Parental Controls.
These enable you to block access to particular apps or kinds of content, and you can also make your Mac off-limits at particular times of the day or night. It's just a matter of creating an account for each family member and choosing the things you'd like to restrict.
One of the options you'll find in here is Simple Finder, which is particularly good for younger children. In Simple Finder users can't create new folders or add Dock icons, and the Dock itself is simplified to show three folders: My Applications, Documents and Shared files.
The contents of the My Applications folder are the applications you've approved in Parental Controls, and applications launch with a single click. You can also apply parental controls to your iPod Touch, iPhone or iPad. On these devices the controls are called Restrictions, and you'll find them in Settings > General > Restrictions.
From here you can disable entire applications such as Safari or YouTube, and you can also prevent in-app purchases or enforce age ratings on music, movies and apps.
You can also enforce age ratings in iTunes: go to Preferences > Parental and you can be confident that the kids won't be listening to your Wu-Tang Clan collection.
If you've ever lost a MacBook keyboard to carbonara or thwarted an attempt to fill the DVD player with biscuits, you'll know that children can do enormous amounts of damage very quickly – so make sure your kit is protected from your kids.
Although Apple's MagSafe power connectors reduce the risk of a MacBook being thrown to the floor by a cable tug or trip, a typical Mac tends to have plenty of other cables to grab or fall over; it may be sensible to invest in a wireless keyboard and to disconnect any peripherals that aren't currently needed.
You can make your keyboard or laptop keyboard immune to spilt food and drinks with a protective keyboard cover – iSkin even makes a protective cover for the Mighty Mouse – and there's an enormous range of protective covers available for iPod touches, iPhones and iPads.
Touching tomorrow
We're excited about what our Apple kit can do, but we're even more excited about the future. The iOS platform is exceptionally good for children, who no longer need to wrestle with fiddly mice or waste time with Windows before they can do anything interesting.
When Steve Jobs described the iPad as "revolutionary", he wasn't kidding. By removing the barriers that sit between children and computers, Apple has redefined the relationship between tots and technology.
Take drawing – on a PC there's a lot to learn before your child can start doodling. On an iPad, he or she simply points and paints.
Recommended resources
Here are our suggestions for Mac, iPhone and iPad educational apps & sites
OS X AlphaBaby
Free
http://alphababy.sourceforge.net
Toddlers can be mesmerised by this application for months: it replaces your Mac desktop with a white screen and responds to every key press and mouse click with letters or shapes.
If you like, you can enable sounds so each letter is spoken and each shape named, and you can record your own sounds or just limit the sounds to the Mac system sounds.
Running it as a screensaver amuses the kids and protects your stuff simultaneously, although the developer recommends an external keyboard if you're using it on a laptop.
OS X Tux Paint
Free
www.tuxpaint.org
Although it's showing its age somewhat – the user interface is very dated – Tux Paint is still a great drawing program for younger children that's both fun and free.
In addition to the drawing tools, you can expand it with a range of stamps, photos and cartoons that can be stamped onto an image, and there are plenty of special effects for your child to experiment with.
There's a full-screen mode to prevent fiddling with other applications, files or data, and you can easily disable the print and quit options for peace of mind.
OS X Kidwidget 2
$26 (about £17)
www.astoundit.com
Kidwidget is a walled garden for your Mac that stops the kids exploring your hard disk or the internet while giving them fun things to do. There's a drawing module, a very simple word processor, an on-screen piano and a childfriendly dictionary.
One particularly fun feature is the ability to take an image from your iSight camera and scribble on it, although the camera is switched off unless you enable it. It's not perfect – there's the odd bug, so for example Kidwidget often ignored our quit requests – but it's good fun and good value.
Website cBeebies
Free
www.bbc.co.uk/cbeebies
The ad-free, tot-friendly world of CBeebies is an oasis in the otherwise raucous world of kids' TV, and the channel benefits from an excellently designed companion website. It's packed with sing-alongs, games, templates for colouring in and links to CBeebies programmes on iPlayer.
It's easy to navigate, makes good use of characters such as Mr Tumble, and there's a dedicated section with Switchaccessible media and games for children with special educational needs. Superb.
Website RSPB Kids
Free
www.rspb.org.uk/youth
Covering kids from pre-school to teenage years, the wildlife charity's site has educational games, bird guides, climate change awards and lots of educational materials, and kids from four upwards can become official RSPB Wildlife Explorers if mum or dad is willing to stump up the membership fees.
The site is designed for accessibility rather than eyepopping excitement, but there's lots of fun to be had, and in a nice touch there's a dedicated section for parents of children under six.
Website Britannica Kids
£6.99 per month (30 day free trial)
www.britannicakids.co.uk
It's not the prettiest, but this online encyclopaedia's material is ideal for primary school children and young teenagers, offering articles, multimedia and the odd interactive game to support Key Stage 1, 2 and 3 in English, Geography, History, Maths and Science.
You can of course find lots of similar content online for free, but Britannica essentially offers peace of mind that your kids won't be reading the ravings of madmen.
iPhone Brushes
£2.99
www.brushesapp.com
If it's good enough for making New Yorker covers, it's good enough for our kids.
Available in both iPhone and iPad flavours – the iPad app is more expensive but still absurdly reasonable at £4.99 – Brushes is that rare thing, a program that's fun to use whether you're fingerpainting or making fine art.
It's the sort of thing that will keep older children engrossed for hours, but even young kids should get a kick out of its fast, finger-based drawing tools or playback of the parents' painting efforts.
iPhone Shape Builder
£0.59
www.touchscreenpreschoolgames.com
Designed by Darren Murtha to amuse his fouryear- old, Shape Builder now boasts 146 different toddler-friendly puzzles with between five and 10 movable pieces each.
It's simple and fun: when your child puts the pieces in the right places there's a big hurrah and speech therapist Jill Dews reads the word aloud.
The puzzles include fruit and veg, letters, numbers, jobs and so on, and you also get sound effects with the musical instrument and animals puzzles. A free version is available.
iPhone ABC Animals
£1.19
www.criticalmatter.com/abc_animals
Flashcard-style educational apps are a common sight in the iTunes Store, and ABC Animals is one of the better ones. Aimed at pre-school children, the app uses animals to teach the alphabet and basic character printing, with pre-recorded voices pronouncing each letter.
Double-tapping any card flips it over to show how to write the letter in both upper and lower case. The current version now includes a native UK English option as well as the US English default.
iPad Mathboard
£1.79
www.palasoftware.com
Mathboard is a simple idea, superbly executed: it makes your iPad look like a traditional, chalky blackboard and presents you with maths problems.
Quizzes can be timed, you can set difficulty levels from the simplest addition and subtraction to more complex functions including squares, cubes and square roots, and there's a Noteboard area for scribbling as you work out the answer. At £1.79, it's a steal.
iPad Toy Story Read-Along
Free
www.disneydigitalbooks.com
Disney's won us over with the obvious care its developers have put into its Read-Along books for the iPad. Toy Story uses a pristine digital version of the illustrated book as a starting point, adding sound effects, video clips and even on-screen colouring books.
If you don't like the American voices you can record your own soundtrack, although sadly you can't change the US spellings in the on-screen text.
iPad Drawing Pad
£1.19
http://drawingpadapp.com
Drawing Pad comes from the same studio as Shape Builder, and it's a fantastic drawing app: while it's simplified to make it kid-friendly, the drawing tools are photorealistic – so for example its crayons are just like the real thing, without the risk that they'll be used to draw on the living room walls.
High-resolution stickers can be used on drawings, and the results can be saved, sent to Twitter or emailed.
As your kids get older, the amount of work they do outside of the classroom will increase. Homework, exam revision and project research all become important parts of their education and with a computer or laptop to use, the process can be made far easier.
While a computer can still be a distraction to educational pursuits, its ability to help with presentation and research is worth its weight in gold. With a web connection and tools like Apple's iWork available to collect and present the information learned, kids can benefit from using a Mac for their school work in a number of different ways and, importantly, in a fun way.
Built into the operating system, iCal makes it easy for students to plan their deadlines and even set alerts when a particular project is due and the Safari browser offers a speedy gateway to the world's biggest information source, the internet.
Work is always safe with Time Machine backup running as well, so there will never be any excuses along the lines of "the dog ate my homework" when a copy of said document can be recovered at any time.
As you would expect, for the more creative courses and subjects like art and design, a Mac is a natural tool that will complement the work being done. A copy of Adobe's Creative Suite is a must for the upcoming designer or digital artist, but you shouldn't shell out quite that much money unless it's a requirement.
iWork's Pages does a pretty decent job when it comes to artistic work and there are also a good collection of free Mac applications that are more focused on specific tasks. We'll take a look at some of the best education resources over the page, but Google's free version of SketchUp is an ideal starter for designers and GIMP for Mac OS X is an excellent free Photoshop equivalent.
Of course, there's one key contender that could help with a wide variety of subjects and also comes free on every new Mac – the iLife suite.
Music lessons are the obvious winner here with GarageBand suited for pianists, guitarists, vocalists and more, but there's also a lot of mileage to be gained from the slideshow facilities in iPhoto and the filmmaking skills of iMovie.
As teaching becomes increasingly more multimedia-based, the idea of delivering a project in video format or as a presentation with a corresponding slideshow is a very real possibility and will show great ingenuity on your child's part as well as a greater degree of focus on the subject matter.
For those looking to move into the world of broadcasting, iMovie and GarageBand are also the perfect first steps for young minds looking to understand documentary, film and radio production.
The ultimate work space
For more traditional subjects, iWork is a great package for both collating and presenting information. At its most basic, Pages will provide all the word processing and page layout your kids could need and present documents in a far more attractive way than Microsoft's Word.
With a bunch of preset templates available for school reports and projects, it's an ideal way to make homework, coursework and other assignments look professional and well planned, even if the content is a little more haphazard!
When it comes to the sciences and maths, delivering research and findings using Numbers' chart and spreadsheet capabilities will always look impressive, and the easy-to-use interface will make their creation far simpler.
Likewise, Keynote provides some excellent presentation options for more advanced projects and will enable children to share photos and video as well as key information points, using its simple interface to create dynamic slideshows.
And now, with iWork for iPad, students can take their projects wherever they are, editing and presenting them as required, right from their device.
Of course, all of iWork's features can also be found in Microsoft Office, but the package is more expensive and doesn't have quite the pro-style or ease of use offered by the Apple-made iWork. Compatibility shouldn't be a worry when using iWork either, with almost all Office files accessible in the iWork apps and their native files exportable to Office-friendly formats.
Raising the learning game
For more advanced work like A-Levels and university courses, the Mac truly comes into its own. Not only does it provide all of the tools we've mentioned for presentational tasks, but at this more advanced level there are numerous benefits for young adults in full or part-time education.
One particular benefit is the iTunes U section on the iTunes Store. iTunes U offers a variety of podcasts from major universities and educational institutions that feature the full series of lectures from a wide range of courses. As well as those already at university, students planning to take a particular course can get a head start by subscribing to one of the college introduction podcasts available.
The iPhone, iPod touch and iPad can also play a role when it comes to text books, with many resources on university reading lists available through iBooks and other digital book stores such as Amazon's Kindle, which has its own app. This new media makes an iPad an essential piece of kit for the modern student, enabling them to study, write, take notes and listen back to their course lectures all on one device.
There's also a wealth of educational apps to be found for all of Apple's portable devices, with a selection of the best listed over the page.
Recommended resources
OS X Pages
£60 (as part of iWork)
www.apple.com/iwork
Apple's Pages comes as part of the iWork suite and combines word processing and page layout in one easy-to-use application.
Professionally designed templates are included, so students can quickly build great-looking documents, from flyers to their entire coursework project.
Pages is compatible with the major word processing file formats such as Microsoft Office, and can export to them as well. Most new Macs come with a free iWork trial or it can be downloaded from the URL above. This app offers more than just somewhere to type notes.
OS X Bento 3
£17
www.filemaker.com
For students who have a lot on their plate, Bento provides a stylish way to stay on top of things and plan events better. The app is designed for the Mac and therefore provides a number of handy features, including iPhoto integration and multiple users, plus direct linking to your Address Book and iCal data.
Bento comes with pre-designed templates for a number of projects and is a useful companion for those with multiple deadlines to manage. An iPhone and iPod touch application is also available, so you can keep track of your projects wherever you are.
OS X MacSpeech Dictate
£145
www.macspeech.com
Nobody likes writing huge great essays, but it's par for the course when you're studying. To take some of the hassle out of writing large documents, MacSpeech Dictate offers a different way to get your words on the page – by using your voice.
Provided with a USB headset, the software first learns your voice through a number of exercises and from then on can note down your each and every word in the word processing app of your choice.
MacSpeech won't write your dissertation for you but it can take some of the strain away from your fingers.
Website YouTube EDU
Free
www.youtube.com/education
If you find it difficult to keep your kids off sites like YouTube, you may not have to try anymore with the introduction of YouTube EDU.
Working on the same principle as iTunes U, YouTube EDU offers lecture videos from over a hundred universities for free. Educational material offered via YouTube is a bonus to younger generations who are already familiar with the site.
The lectures will not only help students with their courses but also serve as a good introduction to those deciding on their course.
Website Academic Earth
Free
www.academicearth.org
Along the lines of YouTube EDU but organised in a more coherent manner, Academic Earth gathers lectures sorted by university and topic and links them to other relevant sources.
Some videos and resources can help count toward online bachelor's and master's degrees from universities such as Stanford, which cost far less than a full degree course and don't require you to attend the university full time.
Not as vast as iTunes U or YouTube EDU, but a valuable site nonetheless.
Website GCSE Bitesize
Free
www.bbc.co.uk/schools/gcsebitesize
Produced by the BBC, GCSE Bitesize includes multimedia learning tools, tests and games to help GCSE students study for their exams.
Covering everything from Shakespearian plot lines to French language tests, the most popular GCSE subjects are covered in detail. Message boards are available so students can communicate with one another, and advice on revision and coping with stress is also provided.
Presentation and delivery is strong and will be of great benefit to younger students.
iPhone Shakespeare Pro
£5.99
www.readdle.com
Take the complete works of Shakespeare with you wherever you go. The Pro version of the app includes a number of useful, educationrelated features including scene breakdowns and short re-workings of Shakespeare's plays aimed at younger learners.
An impressive glossary feature also enables you to locate the definition of a specific word while you read. For students of English at GCSE level and beyond, this app is an invaluable resource.
iPhone Math Cards
£0.59
www.dollarapp.com
For beginners to mathematical study, Math Cards works in the same way as old-fashioned flash cards but in a far more engaging way.
Covering addition, subtraction, multiplication and division, the app grades kids as they progress using a colourful interface to keep young minds entertained and interested.
Simple touchscreen controls keep the focus on the tests and additional feedback is provided when the screen is touched and held.
iPhone AllTheCountries Pro
£2.99
www.evolens.com
It's easy enough to ace a quiz on basic geography, but do you or your kids know what the flag of Gambia looks like? Do they know who's in charge in Bulgaria?
AllTheCountries Pro is more than just an app about geography, it's a giant resource with every conceivable fact you would ever need to know about a particular country. For those revising for exams, AllTheCountries Pro is an excellent source of facts wherever you happen to be.
iPad Wolfram Alpha
£1.19
www.wolframalpha.com
It sounds ludicrous that an app could answer any question you ask it, but Wolfram Alpha practically does.
While it's not infallible, any form of question from maths problems to crossword clues can be entered and Wolfram Alpha analyses it and provides the most relevant answer.
Pulling data from a number of sources, answers are surprisingly accurate, even when complex questions are asked.
iPad The Elements
£7.99
http://periodictable.com/ipad
It's fair to say that chemistry was never as exciting until this app came along. Beautifully designed to show off every element in the periodic table, Elements is up there with the best education apps on the iPad.
Spin an element to view it from any angle, learn about its origins and impact in the world and more. As a hands-on learning tool, this will make a huge difference to the way children learn.
iPad Alphabet Fun
£1.79
www.johncotant.com
If you're looking for a way to justify the cost of your iPad, use it to teach your offspring the alphabet.
This attractive yet simple learning tool is aimed at preschool children and introduces letters, colours and numbers within a child-friendly interface. Kids can practise writing on the screen, listen to pronunciation and enjoy the colourful images that coincide with the words on screen.
Grab free lectures and teach yourself or your kids by creating a lesson plan
Do you ever think you would like to study a particular topic in your free time but never get around to it? Do you want to find a way to make your kids' learning a little more fun than just bashing away at books?
Your Mac offers up a wealth of options when it comes to making learning not only easier but fun too. Whether you're using a laptop, an iPad or a 27-inch iMac, there are exercises and tools to make use of your kit in an educational way.
In this tutorial we're going to show you how to make the most of the lectures available on iTunes U (most of which are free) and how you can use pre-existing applications on your Mac, as well as the iWork suite, to harness this potential and create a structured learning environment.
There are so many different topics available to study for free on iTunes U, from history to healthcare and, in this example, we'll be getting to grips with UC Berkley's English 117S Shakespeare course. This is an audio-only course, although there are plenty of video lectures available too.
Video podcasts do take up a lot more room by comparison to their audio equivalents, so if you're short on space it might be an idea to clear out your hard drive of unwanted fluff before you begin downloading your lectures. (Let's not forget though that audio podcasts offer the added benefit of being listenable in pretty much any situation, both at home when you're doing chores or even when you're out and about town.)
Of course, there's nothing to stop you from substituting the lectures we use in this tutorial with any you fancy, or something that plays an important part in your children's curriculum.
Lectures don't have to be downloaded from iTunes U either: you're free to use any source you wish, such as YouTube EDU, however with the ability to download and sync podcasts to any device, iTunes U lectures offer a little more flexibility than the alternatives do up front. So get your thinking caps on, it's time to learn something new using the power of your Mac and iWork. hoW to / Plan your learning
01. Find your course
There are thousands of lectures available on iTunes U so head to iTunes, access the iTunes Store and click on iTunes U to find a course you're interested in. Once you've found one, click its title to be taken to its page, where you can download the audio or video lectures.
02. Download lectures
In most cases, you'll want to click on the Subscribe button in order to download all of the lectures in a course and any that may become available in future. Once done, click on iTunes U on the left-hand pane in iTunes to see your downloaded lectures and access more.
03. Plan your study
Depending on how many lectures you plan to listen to or watch and the duration of your course, you'll need to allocate some time to your study. Do this by creating an iCal event and alert to remind you it's study time. You can even set an alarm if need be.
04. Study time!
Lock out the rest of the world to listen to your lectures at your chosen time. While you listen, make notes you think are important in a text editor like Text Edit or you could even use Pages' Outline mode to structure your notetaking first and fill it in as you listen.
05. Extract the facts
After you listen to each episode you'll no doubt have a large collection of notes. Tidy them up and highlight key facts in bold. To help you do this, check the website for your chosen course to see if course notes or curriculum information is available for you to reference.
06. Create a Keynote quiz
Open up Keynote and choose a default slideshow theme. Now enter a question on the first slide based around a key fact you highlighted in your notes. Now duplicate this slide by selecting it and pressing Command+D or choosing Duplicate from the Edit menu.
07. Add your answers
Delete the text from your duplicate slide and add the answer in its place. In order to differentiate the two, change the text colour of your answer as we have here. Continue this process for all of your questions and include extra slides to divide sections of questions.
08. Test yourself
When you've finished your questions and answers (which will also have helped you learn), click the Play button to run the slideshow and note how many questions you answer correctly. Save the presentation to add new questions and for testing at a later stage.
 |  |
Read More ...
In Depth: The future of web standards
Contrary to popular opinion, the phrase 'Web 2.0' was not coined by Tim O'Reilly and did not, originally, refer to web applications like Facebook and Twitter that enable Muggles, er, non-web-professionals, to share information online. More than a decade ago, Darcy DiNucci predicted that:
"The Web we know now, which loads into a browser window in essentially static screenfulls, is only an embryo of the Web to come. The first glimmerings of Web 2.0 are beginning to appear, and we are just starting to see how that embryo might develop. The Web will be understood not as screenfulls of text and graphics but as a transport mechanism, the ether through which interactivity happens. It will [...] appear on your computer screen, [...] on your TV set [...] your car dashboard [...] your cell phone [...] hand-held game machines [...] maybe even your microwave oven." – DiNucci, D. (1999) "Fragmented Future," Print 53
This first use of the phrase 'Web 2.0' was a vision of what we now call ubiquitous computing and what marketers call convergence. As with all futurist visions considered in the cold light of hindsight, some of DiNucci's language sounds naïve and a few of her predictions fall short.
Certainly "your TV set" hasn't become the hippest place for hot Web 2.0 action in most countries, unless you consider downloading episodes of The Real Housewives of New Jersey the height of web-based interactivity.
But DiNucci looks a positive oracle where her "cell phone" prediction is concerned, because the ubiquity of high-resolution CSS3- and HTML5- capable smartphones powered by WebKit is bringing real, empowering change to our medium.
Convergence
Cheap, complex devices such as the iPhone and the Droid have come along at precisely the moment when HTML5, CSS3 and web fonts are ready for action; when standards-based web development is no longer relegated to the fringe; and when web designers, no longer content to merely decorate screens, are crafting provocative, multi-platform experiences. Is this the dawn of a newer, more mature, more ubiquitous web?
In a word, yes. After the hype of the dot com boom and bust, the hard sell around blogging, the endless flogging of social media and other widely heralded game-changers, we who practice web design find ourselves at a genuine inflection point.
With browsers and devices of great reliability supporting mature standards, with a seemingly bottomless demand for apps powered by these standards, and with consumers queueing in the rain to possess the newest complex device before their neighbour gets hold of it, the era of mature standards-based design is upon us. The web we grew up with is as obsolete as the concept album. (Kids, ask your parents.)
In yesterday's web, each corporate site stood alone, a self-contained object like The Beatles' Sgt. Pepper's Lonely Hearts Club Band album. Today, a corporate site is only as good as the third-party APIs and links it facilitates. Yesterday's websites were optimised for Internet Explorer Version X or Netscape Navigator Version Y; today, site owners live and die on the addictiveness and ease of use of their mobile site and apps.
Time was, the adjectives 'well-designed' or 'rich' were code for 'created in Flash', but after more than a decade of standards-based design and advocacy, and with the advent of web fonts, we know that (X)HTML, CSS and JavaScript can power web experiences of extraordinary beauty – and are even more likely than Flash to be the driving force behind the richest web applications and experiences.
Wildly successful sites such as Flickr, Twitter and Facebook offer genuinely portable social experiences, on and off the desktop. You don't even have to go to Facebook or Twitter to experience Facebook and Twitter content, or to share third-party web content with your Twitter and Facebook friends.
Training wheels off
As our knowledge of standards-based design has matured (ironically helped, in large part, by the five years between IE6 and IE7, which gave us time to figure out bugs and workarounds and teach them to even our most standards-averse colleagues), most of us have also become more and more interested in user experience and content strategy – a discipline that's been around for ages but is only now gaining the attention it deserves, thanks in part to the evangelism of Kristina Halvorson.
We've become user-focused and best practices-aware at the very moment that emerging standards offer us tremendous new power, our new browsers (including IE9) give us the chance to explore that power, and our best browsers power our most popular and powerful phones. Talk about convergence!
And with consumers buying two smartphones for every desktop computer they purchase, the demands, challenges and opportunities of the mobile space are reshaping our assumptions about design and user behaviour.
So let's consider this moment of change and sweep away the misconceptions and half-truths that keep some of us from embracing the opportunity before us. For openers, let's check out CSS3. CSS3 for you and me CSS3 is the W3C's latest, ablest and most complex version of the web's standard language for visual design.
CSS3 media queries are an empowering technology behind 'Responsive Web Design', an emerging best practice and key component of the mature, multi-platform web. Just as important is what CSS3 isn't.
CSS3 isn't a monolithic specification (like CSS 2.1) that must be implemented in its entirety before people from nice homes consider it safe to use. Learning from browser implementation struggles of years past, the W3C wisely opted to design CSS3 as a series of modules, which can be worked out in browsers piece by piece.
PURE CSS3: An iPhone made with no images (just pure CSS3)
If prior W3C specs are like a full-blown website redesign that has to be perfect on the day of the launch, CSS3 is more like a series of gentle site updates, rolled out over months and years to give users time to get used to them – and designer/developers time to get them right.
This means you don't have to read and memorise the entire CSS3 spec at once, and browser makers don't have to try to implement every bit of it immediately – which is how browser makers have got into trouble in the past, and how we used to get stuck with half-baked CSS implementations for years at a time. Think back to the old IE box model that was more intuitive than the actual CSS1 box model, but wrong.
Designers had to hack around it for nearly a decade, using Tantek Çelik's famous Box Model Hack and various other workarounds. Those who refused to use hacks on principle often beat IE's box model into shape by bloating their markup with otherwise needless containing divs.
Fortunately, we won't be stuck with similar problems as browser engineers tackle the new CSS specs, because the modularity of CSS3 enables browser geeks to sweat the details, one feature at a time. Thus we get well thought-out, reasonably consistent feature implementations in the latest Safari, Firefox and Opera.
And since more than a vanguard of web designers is experimenting with CSS3, the browser makers get instant feedback about what works and doesn't. In some cases this feedback can be rolled back into the W3C spec before it's finalised, creating the kind of feedback loop we never had before. It's a whole new web of shared understandings, out in the open, where anyone with a good idea can see and contribute.
Vendor prefixes
How do browser makers implement a CSS3 module that isn't technically finished, without locking designers into a methodology (and thus code) that might later become obsolete? By means of vendor prefixes.
Safari's (and now Chrome's) experimental border-radius implementation is prefixed -webkit-borderradius; Firefox uses -moz-border-radius.
The best practice is to list the vendor-prefixed declarations first, and then the non-prefixed standard W3C declaration, like so:
.comment {
-webkit-border-radius: 6px;
-moz-border-radius: 6px;
border-radius: 6px;
}
By listing the standard, non-prefixed version last, if border-radius should change between the present experimental version and the final released spec, the actual spec will 'win' in browsers that support it – and the older rules will still work for older versions of Firefox and Safari that support the experimental version.
Like vector art in the browser CSS3 excites the mind because of its ability to stimulate the eye. Where prior versions of CSS required extensive use of background images to create gradients, shadows and other graphic effects, CSS3 has the power to create visuals using nothing more than code.
Impressive demos of this capability include Louis Harboe's iOS icons and Jeff Batterton's iPhone, both designed entirely in CSS and both only viewable in the latest WebKit browsers, Safari 5 and Google Chrome 5.
DEMOS WITH DE'MOST: iOS icons made in pure CSS
Now, unless you're trying to demonstrate the power of CSS3 to create artwork, nobody recommends writing tortuous CSS and markup of such demos. But there are plenty of practical, real-world uses for CSS3's amazing artistic capabilities.
Its ability to create gradients, shadows and other effects without requiring background images makes it an invaluable bandwidth-saving performance partner for faster websites – important on any site, and particularly vital for sites viewed on smartphones, where bandwidth speed is as unpredictable as the weather.
Likewise, CSS3's visual panache makes it a most valuable tool for creating resolution-dependent layouts. It's like vector art in the browser. Add HTML5 canvas and stand back!
Core CSS3 properties you can use today include border-radius, text-shadow, box-shadow, RGBA, opacity and even multiple background images (at last!), which are handled thusly:
body {
background: url(top.png) repeat-x top left;
background: url(middle.png) repeat-y bottom right;
background: url(bottom.png) no-repeat bottom right;
}
Generally, selected CSS3 properties work in the latest versions of Safari, Chrome, Firefox and Opera, although some also work in IE9, and some work in browsers as old as Safari 1.3 and Firefox 2! Not every CSS3 property named here works in every browser listed.
Complicating the picture, your site's visitors use a hodge-podge of browsers, from IE6, IE7 and IE8 to Chrome to Camino. So does this mean, as some people argue, that you should kiss CSS3 goodbye until everyone in the world uses IE10 and Safari 5? Of course not!
What use are visual flourishes that don't show up in IE? Ask an iPhone user. Apple sold more than 40million before the end of 2009 – at least half to people who use Windows PCs at home and may be stuck using an outdated version of IE in the office. But they're now as familiar with the WebKit-enabled CSS3 experience as they are with the Internet Explorer desktop, and they experience no cognitive dissonance switching between the two.
This consumer comfort with multiple browsing environments is also helping to stifle those client voices that insist sites must look and act exactly the same in every browser. And with mobile overtaking the desktop as the preferred interactive experience, people now enjoy and expect a certain calibre of visual and typographic glitz. Now more than ever, the delights of CSS3 are yours to enjoy and bestow.
HTML5: it's alive!
Spreading like pot at a Phish concert and matching CSS3 blow for blow, ready or not, here comes HTML5. If you're afraid of HTML5, think of it as a more forgiving (easier validating) version of XHTML 1.0 – one where EMBED is finally valid, and nobody cares if you forget to self-close an IMG.
Of course, HTML5 is more than that. It's the first serious update to the web's markup language, and the only version of HTML designed for a web of applications, not just documents.
Moreover, the sausage making is different. In the typical web standards scenario, a committee at the W3C dreams stuff up, leaving it to browser makers to implement it or not. Eventually, web developers adopt it, or they don't. But HTML5 inverts this paradigm.
Browser manufacturers (not the W3C) invented HTML5, basing much of it on what web designers and developers do already, and one man (editor Ian Hickson) rather than a committee decides what stays and goes. HTML5 is in the news not just because Apple uses it as a trident in its gladiatorial combat with Adobe, but because its canvas, video and audio elements provide a standard means of offering rich media without plug-ins.
These new capabilities with their potential to disrupt established web monopolies excite suits. But HTML5 is of interest to you and me for other reasons, including its addition of structural semantics to the HTML vocabulary via a limited set of new elements, including article, section and nav. (The names are taken from an analysis by Google of millions of web pages, to see what kinds of class names web designers were already using. HTML5 doesn't want to reinvent the wheel; it wants to give us better tyres.)
So what can you do with these new elements besides use them to structure modular, reusable content? Can you also style them? Safari, Chrome, Firefox, Opera and IE9 will indeed recognise and allow you to style these new HTML5 elements as long as you include a rule in your CSS that marks their display: block. Older versions of IE won't style these elements unless you first 'create' them in JavaScript using a technique jQuery lead John Resig calls the 'HTML5 shiv'.
SHIV SCRIPT: There's a handy script to automate shiv-building on Remy Sharp's blog
To automate shiv-building, Remy Sharp has created a simple enabling script that 'creates' all the new HTML5 elements, allowing versions of IE pre-9.0 to style the new HTML5 elements. If you're uncomfortable using JavaScript for this, you can continue to use standard HTML 4.01/XHTML 1.0 divs styled with appropriate HTML5 class names, eg div class="section". Then, when your audience is using WebKit, Firefox, Opera or IE9+, you can easily replace div class="section" with
No time like the present
Half of standards making is minutia; the other half is politics. Rightly or wrongly, I reckoned HTML5 was at least partly Hixie's revenge against XHTML served as text/html.
Then a funny thing happened. Some friends and I gathered to hash out the pros and cons of HTML5 from the perspective of semantic markup-oriented web designers (as opposed to the equally valid perspectives of browser engineers and web app developers, the two perspectives that have primarily driven the creation of HTML5).
In studying the thinking behind some of the framers' more controversial design decisions, we discovered a markup designed to work the way developers think, and to support them as they craft a new generation of web apps on and off the desktop. HTML5's new semantics are tuned to the reality of publishing, which takes place more and more on or through the web. (Even ePubs often begin life as HTML, which means that soon, more and more printed books will, too.)
Meanwhile, its new bright-and-shiny bits compel entrepreneurs and programmers to forsake proprietary platforms for the web – at the very moment when CSS3 is smashing the old restrictions on web layouts and facilitating design that uses flexible grids and CSS3 media queries to hop gracefully from desktop to mobile and from widescreen to small.
Some people fret that the success of the iPhone and iPad will usher in a new age of corporate control, with Apple playing the Big Brother role that Microsoft has just abandoned. Apple's tight control over its store and its restrictions on which tools may be used to create iPhone apps certainly bear watching.
But when I see all those iGizmos flying off the shelves, I see WebKit in people's pockets. I see CSS3 and HTML5 on their laps. I see the web I used to just dream about. And I see you and me having a lot of fun over the next decade.
| |
Read More ...
In Depth: Linux networking made easy
Ten years ago, most of us thought we would be able to live a full and happy life without worrying about whether we were getting maximum throughput across our networks, or whether the point-to-point latency on our machines would preclude us from popular gaming. But things have changed. Televisions, games consoles and Linux machines all vie for IP addresses and bandwidth, usually on the same network, with poor wiring, poor layout and do-it-yourself support. Which is where we come in.
The Linux platform is the direct result of this network connectivity. It's an operating system that was designed from the first line of the kernel to talk to another kernel, and as a result, it's the perfect network troubleshooting platform.
You won't find settings hidden, parameters unprobed, or hardware unhinged under the surface, which is why Linux makes both a fantastic training ground for future system administrators, and a powerful ally in the hunt to track down intermittent problems and poor performance.
This is why we've pooled as many of the most common networking questions we could find. The answers should help you better understand how Linux handles the network, what kind of troubles are likely, how to get the best performance and how to create the most stable network in your neighbourhood.
How can I change my hostname?
On the surface, this might sound like a rather technical question to start our networking article with. But your computer's hostname is really just the name you give your machine when you install most distributions.
Ubuntu will ask you for a descriptive name, for example, and this is displayed when you use a login screen or open a command prompt. But it's also the name used for your computer on the local network, and this is why, historically, it's called your system's hostname – the machine that's hosting your current session.
It's also a perfect illustration of how difficult Linux can sometimes be to manage, because with most distributions, there's no longer a GUI for changing something as simple as the hostname.
The old Gnome network manager used to have a field you could change, but this has now gone, leaving users facing either the command line or a tool such as Ubuntu Tweak. Fortunately, making the change on the command-line isn't that difficult, but you do have a couple of choices.
The hostname command should be up to the task, taking the new name as a single argument. But we found that this only seemed to make a temporary change on our system, which left us resorting to the old-school method: editing the /etc/hosts and the /etc/ hostname files, and simply replacing the single occurrence in each of the old hostname with your new new one.
Either way, after you've changed your hostname, you'll need to logout and back in again to see the effect, and for seeing the changes across a network, it's easier just to restart your machine.
How can I share my internet?
Now that most of us use a wireless router to access the internet, sharing an internet connection isn't as much of an issue as it used to be. New machines can either connect wirelessly, or use a spare Ethernet port on the back of the router. But if you do find yourself wanting to share a connection from your machine, there are several different ways you can do so.
If you have two Ethernet ports on your machine, one of which is connected to the internet, you can use the other port with a crossover cable to connect a spare machine. You then need to use your desktop's network manager to enable sharing on the working connection.
Gnome's default network manager includes this option, as does the version shipped with the latest versions of Ubuntu. You also need to use the network manager if you've got two Ethernet cards and only want to enable one. If they're both connected to valid DHCP servers (or are configured manually), and both use the same subdomain, they could conflict with one another.
Fortunately, enabling and disabling connections through the network manager is as easy as either deleting it completely or selecting it from the drop down list of connections from the menu.
How can I set my time using NTP?
Computers are really just big time pieces, yet despite their number crunching accuracy, they're not the best devices for keeping time, especially when it comes to switching between daylight saving modes. And if you travel with a laptop, very few distributions detect a change in location and update the time accordingly.
Of course, if you've got the patience and a decent chronometer, you can easily update the time on your system yourself, using anything from the system BIOS to the little clock that sits in your task bar.
But there's a better way, and it's a way that doesn't require caffeine-enraged reflexes. You can use something called NTP, the Network Time Protocol. This will synchronise your clock with a couple of local servers, and in the process, turn your machine into a local atomic clock. Almost.
If you're a GUI fiend, most system clock applications already include this feature. With the KDE desktop, for instance, you can right-click on the clock within the panel and select Adjust Date And Time. In the window that appears, you now just need to click on Set Date And Time Automatically. This will enable the Time Server field just below, and from there you should select an NTP server closest to your physical location.
If you prefer to use the terminal, the command you need to use is called ntpdate. It's usually installed by default, but you'll also need the internet addresses of two time servers. The easiest way to find them is to point a browser at www.pool.ntp.org and choose a couple of servers from the list on the right.
Two are needed, because ntpdate triangulates the latency between you and the remote servers to generate a more accurate local reading. For this reason, it also helps if the two servers you choose are geographically close to your current location. It's then just a matter of typing ntpdate -b 0.uk.pool.ntp.org 1. uk.pool.ntp.org, preceded by su or sudo if you don't have the correct permissions to change the time.
You'll see the time update and the output from the command will tell you by how much the clock has needed to be adjusted, which can be a useful indicator of when you should next schedule a time update.
Why do websites sometimes fail to load?
If your network appears to be running properly, but typing a URL into a browser results in nothing but a timeout message, then there's a good chance your problem is within a DNS server. It's the job of the DNS to translate the text-based addresses we use for most servers and websites on the internet to the numeric IP address used by the hardware.
If your DNS is working, for example, you can type ping linuxformat.com into a command line, and the first line of output should show something like the following: PING linuxformat.com (80.244.178.150) 56(84) bytes of data.
If you've not used ping before, it one of the simplest network diagnostic commands you can run. It sends a 'ping' message to a remote server. If the message is received, the remote server sends a 'ping' message back. Believe it or not, the name comes from the sound a submarine's sonar makes as it maps a surface.
You can see in the output of the command that the DNS has transformed our request for the Linux Format server into an IP address (80.244.178.150), and this is the first test you should try if you suspect you've got problems. It's also worth knowing the IP address of a server, as this can be used instead of the URL.
If ping requests are returned from an IP address and not from a URL, you've almost certainly got a DNS problem, and the best solution is to change your DNS. These days, your DNS server is mostly configured through the DHCP server that provides your computer with an IP address.
For most home systems this means your router, and it's also likely that the DNS server itself becomes the address of your router, which means that the first place to look if you want to change it is your router's configuration web page.
After you've found the location of the DNS configuration, use ping to check whether the IP address is still working. If not, check with your ISP to see whether this address has changed. If it has, just replace the old address with the new one. If not, you could always replace the old DNS address with a public server, such as those run by OpenDNS and Google.
OpenDNS addresses are 208.67.222.222 and 208.67.220.220. Google's are easier to remember – 8.8.8.8 and 8.8.4.4 – but both promise to speed up the time it takes for your computer to get the IP address from a URL.
You can also change the DNS on a per-machine basis, and the graphical network configuration tool for your desktop should include the ability to modify the DNS server you're using. If not, the file you need to edit is called /etc/resolv.conf.
Newer distributions that rely on DHCP may not create this by default, so you'll need to create the file yourself. It should just contain something similar to the following:
nameserver 8.8.8.8
nameserver 8.8.4.4
As you should be able to see, we've used the IP addresses of Google's DNS service, but you could easily replace these numbers with the ones for OpenDNS, or even your own router or gateway if that gives you the results you need. Either way, before you'll feel the effect of any changes, you'll need to either restart your machine, or the network (try service networking restart).
Why isn't my USB modem working?
USB modems, of the old dial-up kind and the newer ADSL kind, are mostly dumb. All their functionality is loaded at boot time into the general-purpose processor running inside the box, and without a driver, these boxes can't function.
This is why so many USB modems don't work with Linux, because it's not a simple case of needing to reverse engineer the driver – it's a case of developing all of the modem's functionality from the ground up.
The exceptions are when the firmware for the modem (that's the code that runs on the processor) is made available. A Linux driver can then upload the code to the modem, which should then function perfectly. The only problem is that manufacturers are often reluctant to allow their firmware's to be redistributed, and the binary redistribution of firmware irks many free software advocates.
If your modem isn't working, this is likely to be the problem, and the best solution is something called NdisWrapper. This enables you to use Windows XP drivers for your device within your Linux environment. But before it will work, you have to first locate the .inf and .sys files hidden within the Windows driver package.
The best way to tackle this formidable task is to head over to the NdisWrapper wiki and search for your hardware. If your particular device is listed, you should find instructions on how to locate the files you require. It's then just a case of using either the command line or the GTK front-end to locate the files and install the driver.
After which, your system should detect and configure the hardware in exactly the same way as it would have had it installed a native driver.
Is my ISP blocking or shaping my data?
Despite many ISPs advertising 'unlimited' broadband packages, very few offer what we'd call a genuinely unlimited service.
The two main targets for compromise are port blocking and traffic shaping. The former may stop you from running your own mail or web server, for example, or from using VoIP for internet phone calls. The latter will selectively reduce the amount of bandwidth for specific services, such as peer-to-peer networks, video streaming sites and FTP.
The best way of checking to see if your ISP is blocking access to ports on your network is to perform a scan on your network from somewhere else. From a remote Linux machine, for example, you could type nmap followed by the IP address of your network.
GUI lovers should take a look at Zenmap, and if you can't get access to a machine outside of your domain, try one of the many websites that will scan an IP address for you, reporting on any open ports it finds.
If you find that common ports are blocked (such as 80 for HTTP, or 25 for sending mail with SMTP), but are open when you run the same scan from within the network, then your ISP is blocking access.
You could try changing the port for those services: SSH and SFTP can easily be shifted using their configuration files. HTTP/Apache can do the same trick, but your users would then need to access your website by specifying the port manually rather than just typing the web address. If all else fails, you'll need to ask your ISP to remove the restrictions, or move to another ISP.
Detecting whether your ISP is shaping traffic is harder than finding out whether ports are being blocked. This is because your internet speed will normally fluctuate at certain times of the day, or during periods of high demand, regardless of whether your ISP is throttling your network or not.
The best indication is usually a bump in speed at the same time every night, which you can watch for if you're sharing your favourite distribution through Vuze, for example. But this change may not always be obvious or at the same time or day, or it may affect a service, such as video streaming, where a visible difference isn't so easy to detect. In these cases it's best to check with your ISP's quality of service statements, or ask them directly.
Side-stepping traffic shaping is like avoiding blocked ports. You need to make the problematic service look like something else, which invariably means changing the range of ports being used by the server.
ISPs will also look at the kind of traffic being transferred, rather than just the ports, and you can scupper this tactic by encrypting the data between your network and the remote site. But this is still an avoidance tactic, and you're still better off finding a better ISP.
Why can't I share my files?
If you've got more than one computer running on the same network, sooner or later you're going to want to get a file from one to the other. Unfortunately, as you might have already noticed, this seemingly simple request can quickly become a nightmare. But it is possible to set up file sharing without having to resort to sending it to yourself as an email attachment.
The key to this is something called Samba. This is the protocol used to negotiate the file moving from one machine to another, as well as convenient tasks like the remote browsing of files and folders, and even sharing a remote printer.
Samba can be installed and configured independently, but for ease of use and flexibility, we'd recommend trying to install it through your desktop environment first. And if you don't have a preference, we've had better luck with Gnome than KDE, which seems to have a few problems enabling file sharing.
With Ubuntu's Gnome, for instance, you just need to right-click on the folder and select Sharing Options from the menu that appears. If these options aren't there, install the nautilus-share package. You then need to enable Share This Folder, after which the system will install a few packages to enable the service then ask to restart the session.
When you're able to edit the folder options again, decide whether to enable others to view the folder and click on Create Share. You should now see two small arrow emblems above the folder icon, denoting that file sharing is enabled. Remote users should now see your folder, and be able to access it, when the browse the local network.
KDE users will need to make sure they've got both the kdenetwork-filesharing and main Samba package, neither of which are installed by Kubuntu. You now need to right-click on any folder you want to share, such as Public in your Home folder, and click on the Properties option.
From the window that appears, click on the Share tab, followed by the Configure File Sharing button. After entering your administrator password, you should see the File Sharing control module window. Now click on the Allowed Users button and select Allow All Users To Share Folders from the window that appears, and click on Apply. You should now be able to set per-folder sharing for the folder back in the Dolphin main window.
Why can't I access remote files?
Setting Samba so that other people can see your files is one thing, accessing other people's files through Samba is quite another. Fortunately, it's a much easier process, and doesn't normally require you to install any further packages.
From Gnome, for example, just select Network from the Places menu. In the file manager window that appears, you should see an icon for every Samba-running machine on your local network, and clicking on any of these will let you see specific files and folders that are being shared.
If the machine you want doesn't appear, and you know its IP address, you can select Connect To Server from the Places menu and then select Windows Share as the service type. Just enter the IP address into the server field and click on Connect.A file manager will then appear, hopefully showing the files and folder you're after.
KDE users need to open the Dolphin file manager, and can then browser the local network by clicking on the Network icon in the left-hand panel of the display. But you can also connect to a server directly by using a Samba URL in the form smb://username@server. If you omit the username, Dolphin will ask for both this and the password before opening the location within the current file browsing session.
You can also use the same SMB URL within Gnome, if you enter the location manually, and within other applications such as Firefox, which will enable you to browse a Samba share and download files through the same browser window.
How can I securely run SSH?
Most of us use SSH to connect to remote servers, using anything from a workstation to a games console. You may think that a tool whose acronym means 'secure shell', is already secure, and it is – for the most part. But there are some well-known vulnerabilities in SSH, which means that there's a lot you can do to make it safer.
The easiest, and probably the most effective of these fixes, is to make sure only certain users can log in through SSH and that their passwords are secure. This is the weakest link in the chain, and if you have an account called 'test' with a password of 'test', it's highly probable that before long someone will discover the weakness and gain access to your machine.
Another crucial step is to disable support for the older version, version 1, which has been successfully hacked in the past. This, and all the other configuration options for SSH, are hidden within its configuration file, which you can usually find within the /etc/ssh directory.
Newer versions are called ssh_ config, and you'll need to open this with your favourite text editor with root privileges (we recommend Nano). To disable support for the older version, look for the line 'Protocol 2,1'. This is telling the server to support both versions 2 and 1 of the SSH protocol, and we need to remove the '1' to disable support for the older. If this line starts with a # symbol, meaning it's commented out, remove this too.
While you're playing with the configuration file, there's lots more you can do to make your connections more secure. We'd recommend adding a line reading 'PemitRootLogin no', for instance, as this will disable anyone connecting directly to your system's administrator account. If you need root access, you can always su to switch from an ordinary user, or execute commands with sudo.
Another security tip for people connecting to your SSH server is to add 'MaxAuthTries 3' to the configuration file. This will only let people attempt three connections to your server before being kicked.
But perhaps the best change you can make if you're worried about unauthorised access is to move the SSH server from the default port of 22 to something else. This is because port 22 is very well known, and there are thousands of scripts running across the internet looking for SSH on port 22. Simply switching this to something else immediately solves the problem, and removes your server from the probing eyes of an unscrupulous script.
To change ports, look for 'Port 22' in the configuration file, and change this to something else. Alternatively, if you're running a firewall on a router before your Linux machine, just get some random remote port to point at port 22 on your SSH server. After you make any changes to the SSH configuration, you need to restart the server for them to have an effect.
Debian/ Ubuntu users can do this by typing service ssh restart from the command line, or by simply restarting your system.
What can I do about attacks by IP addresses on the internet?
Even if you open a single port from your local network to the internet, such as port 22 for SSH, it becomes immediately visible to millions of other computers. And it only takes a minuscule proportion of those millions to run nmap within a few automatic scripts and your machine becomes inundated with what can look like hundreds of malicious attacks.
This is why log files can be so important, because they'll contain the first signs of anything going wrong, and the one that you need to check is called /var/log/auth. This will list all attempts to log in to your system, either through the normal login manager, or through a service like SSH. It lists successful and unsuccessful attempts, and if you're getting dozens of the latter, you might want to take a few precautions.
You'll probably see plenty more attempts from the same IP address, usually as a routine tries all the well known user account names and default passwords. If your usernames are less obvious, and your passwords of a decent strength, you'll have nothing to worry about.
Another solution is to block these overzealous attempts to access your machine. You could do this manually, adding the offending IP addresses to the /etc/hosts.deny config file. But there's an easier way, and this uses a tool called DenyHosts, which you'll probably need to install from your system's package manager.
This is a great utility that tracks changes to your log files, automatically detects spurious connections, and blocks the offender's IP address from further attempts if they pass various thresholds. After it's installed, these thresholds can be modified by opening /etc/ denyhosts.conf in your favourite text editor.
We'd recommend reducing the DENY_THRESHOLD_INVALID value from 5 to 2. This is the number of failed attempts allowed when the remote server tries a username that doesn't exist on your system. We'd reduce DENY_THRESHOLD_VALID, the parameters for attempts that do correspond to a valid username, to 3, which should give legitimate users a chance to access your system if they suffer brief password amnesia.
After editing the file, the daemon can be started by typing service denyhosts start as system administrator. The only danger now is that you lock yourself out of your own system. You'll then either have to get physical access to your machine, or wait for the period specified by the AGE_RESET_VALID parameter, which defaults to five days.
If you want to see how well DenyHosts is doing, check /var/log/denythosts. Each address that has been blocked will be listed, along with the results of a domain name search that might include contact details if you fancy dropping the offender's ISP an email.
Why isn't Wi-Fi working?
It wasn't so long ago that Wi-Fi was a configuration nightmare on Linux. Even if you had working drivers for your Wi-Fi device, it was still an effort to get it installed, configured and running. But things have changed so much over the last couple of years that most Wi-Fi devices will configure themselves automatically and run without problems.
You should be able to see the wireless signal strength indicator in your task bar, and switch between networks, enter passwords and stop the service with a couple of mouse clicks. But there can still be problems.
If your card isn't recognised in the first instance, the tool you need is iwconfig. This is the wireless equivalent to ifconfig, performing the same diagnostic and configuration functions on wireless, rather than wired, networks. And the best place to start is by typing iwconfig on the command line.
If your wireless device has been detected by the system, and the driver correctly installed, you should see a wireless device listed in the output. If not, you need to start looking at your system logs.
If you're using a USB device, try plugging it in and typing dmesg. You should see your system trying to detect the hardware used by the device, and hopefully, loading the driver. If not, you will need to check for driver support for your specific hardware on your chosen distribution.
But the hardware used by your device isn't always obvious. It's rarely the specification printed on the packaging or the device itself, for example. You need to know the exact chipset used by the hardware, and the best way to do this is by either typing lspci or lsusb on the command line when the device is connected, although you may also see the detected hardware listed in the output from dmesg.
The output from our USB Wi-Fi receiver included the following:
0cf3:9170 Atheros Communications, Inc. AR9170 802.11n
A quick Google for AR9170 revealed that the driver for this device was part of the 2.6.31 kernel, and as a result, would require a distro using at least that version. As soon as we switched to a distribution using that kernel (Ubuntu 10.04), the device worked without any further configuration.
| |
Read More ...
1 comment:
Nice post. I learn something new and challenging
on sites I stumbleupon every day. It will always be exciting to
read through articles from other authors and practice
something from other websites.
My blog post additional hints
Post a Comment