Slashdot Mirror
Ask Slashdot: Remote Support For Disconnected, Computer-Illiterate Relatives
An anonymous reader writes I use email to communicate with my folks overseas. Their ISP only allows dial-up access to their email account (there is no option of changing ISP), that can receive messages no larger than 1MB nor hold more than 15MB (no hope of changing that either). They are computer-illiterate, click on everything they receive, and take delight on sending their information to any Nigerian prince that contacts them, "just in case this one is true". Needless to say, their PC is always full of viruses and spyware. In my next yearly visit, instead of just cleaning it up, I'd like to gift them with some "hardened" PC to use for email only that would hopefully last the year before someone has to fix it. So far, these are the things I have in mind:
- Some kind of linux distro, or maybe even mac. Most viruses over there are windows only and propagate via Autorun.inf or by email attachments, not having Windows could prevent both.
- Some desktop environment that hides anything unrelated to connecting to the net and accessing their account (dial-up software, email client, web browser, exchanging files between their hard disk/email attachments and USB drives). By "hide", I just want the rest to be out of the way, but not entirely removed, so that if necessary, I can guide them over the phone. For this, Ubuntu's Unity seems like a particularly bad solution, but a Gnome desktop with non-removable desktop shortcuts (is this possible?) for the file manager, browser, email client and dial-up program could work. An android system is unlikely to work (they have no wifi, and they were utterly confused with Android's UI).
- This could be a life saver: some kind of extension to the email client that executes commands on specially formatted emails (e.g., signed with my private key), so that I can do some basic diagnostics or install extra software if I have to. This las point is important: they currently rely on acquaintances who may not be competent (they can't evaluate that) if something happens between my visits. They, most likely, wont know how to deal with anything non-windows, so all tech support would fall on me. (This is the reason I haven't moved them from windows yet.)
- Another very useful extension would be something to automatically re-assemble attachments split into several emails, to overcome the 1MB message limit.
Does any of that exist? If I have to build that system myself (or parts of it), do you have other suggestions? For the inevitable and completely reasonable suggestion of getting someone competent for tech support: I've tried that too. The competent ones don't last beyond the third visit.
Actually, an iPad sounds like exactly what he's looking for: Locked-down, with specific functions accessible. There's even some provisions for remote maintenance by authorized personnel. (He'd have to get OS X server and configure things first, I think, but it should be possible.) Main problem is dealing with connecting it to a dial-up link.
'Sensible' is a curse word.
Though even an out-of-date Linux distro is going to be safer against malware than Windows, keep in mind that it's almost impossible to keep one of the major distros updated with security patches via dialup. I tried that with my father in law's computer for a couple of years, setting up a cron job to dial up automatically late at night, every night, and chip away at the downloads. It fell further and further behind.
Other than the fact that I don't know if any of them even support dialup, a Chromebook seems ideal for this application. Updates are smaller and less frequent, and ChromeOS is strongly hardened as compared to a standard distro, so it's less worrisome if they miss some. Chrome Remote Desktop would enable you to take control of the machine when needed (that actually works on any platform) and while it's painful at dialup speeds I have used it successfully.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Use fetchmail to pull from their account, drop it in their "inbox" managed by dovecot and create a whitelist via sieve (mail filter). You might even be able to get sieve to do that whole 'exec by email' thing if you want.
The real key here is that what they see in their 'inbox' is only what you allow them to see since you're dropping everything except your approved From addresses (or similar criteria).
Option 2: switch to snail mail and cancel their ISP account.
I support a Windows 7 PC in our community center (retirement community). I simply installed Drive Vaccine (http://www.drivevaccine.com/), which is cheap and allows you to either lock the PC down entirely (no virus infection possible :)), or keep say a "documents" folder writable, but locks the rest of the PC down. This PC has run for several years, and is restored to a "baseline" after each restart. Never an infection, as it can't survive the reboot. Users can surf the Internet all they want, and write and receive emails etc, etc. Occasionally, I unlock it to do updates of various sorts, but then I lock it down again. Sounds perfect for your parents.
You must be new here - I'm young in internet years, but even I remember the number of viruses flying around in the days of floppy disks and dial-up modems, long before constant high speed connections...
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
Thats about the easiest solution to your problems. Pretty much every other solution you see in this thread is going to require more maintenance than a windows machine. You can't expect a bunch of armchair admins to provide you sensible answers, 90% of the response you get here are going to be custom solutions that aren't completely thought out and require 100 times more effort than the person giving them to you realizes. You're just getting spew from a bunch of guys who think they are super clever.
The solution is to make it so you don't need to support them, and if all they do is browse the web, a Chrome Book is the answer. The down side is that they become Google's bitch, but its probably worth it for your needs.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Unfortunately, SSH or VNC require a direct TCP connection. They are firewalled (I should have called them "ESP: email service provider" rather than ISP), except for that mail server. We can't even jabber/irc/anything.
My first instinct is to recommend iPad -- I got my parents one and they haven't booted the Windows machine in years, the dial-up aspect of that could be tricky (you would need a router that dials out via modem -- it's doable, but might be more complex and assumes the presence of a mail client on the iPad that talks to the ISP ... hopefully it's POP or IMAP, but without specifics it's hard to know. But if you must use Windows, it's not an impossible situation. You just need to know where the knobs and switches are, and enable them.
A lot of other modern stuff is going to not work well with the dialup option.
For the purposes of the discussion, I'm assuming they are on Windows 7. If they aren't on Windows 7, they need to get there, at least. If they are still on XP that just sucks because a lot of the below stuff isn't there.
Parental controls:
I have children and have done a fair bit with the parental controls. In this case, instead of the parental controls being used for kids you would be using them for your parents, which also works. To enable the parental controls, you create a username for your parents as a regular (limited) user. This will prevent them from doing a lot of stuff right off the bat, like installing software. You also should make sure that UAC is enabled. You can create a Admin user for yourself. Once you have set that up, you can download the remainder of the controls from https://familysafety.microsoft... , and then control the user account for your parents. You can control what is accessed on the Internet, if they can download stuff, programs they can run, etc.
You can also do a LOT with Group Policy. Type gpedit.msc at the Run Window and lock down everything you don't want them to change. You can lock down the Desktop, among other things.
Windows also has the ability to send a Remote Assistance request via email or as a file attachment, which uses Remote Desktop to allow screen access and control. Given that you are going to be doing this over dialup to some other part of the world, you can set your client appropriately to minimize bandwidth utilization by dropping the amount of colors being shipped back, not showing the desktop, etc -- it's all under the "Experience" tab of the Remote Desktop client, and I've successfully used it over some pretty slow connections with decent results -- it will outperform VNC in many areas, especially screen refresh time since you can cut out a lot of the unnecessary stuff.
If you are going to do the above, get it sorted out on the beginning of your next visit since when you lock stuff down it's not hard to be too tight and stop stuff from working that should actually be working.
I didn't mod it, but did you read the part about they are on dial-up and not allowed to do email by browser?
It little behooves the best of us to comment on the rest of us.
Apparently there are Wireless routers that are designed to connect via dialup (for instance This Router.) With that, I would go with a Chromebook / Chromebox or an iPad.
Given the constraints, that is probably the best you can get. However, you could probably experiment with an old Win CE Thin Client or an old WebTV and try to get either to work, but neither are particularly great solutions.
Slow Down Cowboy! It's been 1 hour, 47 minutes since you last successfully posted a comment
Oh, good point. I wish I could edit the original post. They use POP3 + SMTP. The ISP runs a Horde+IMP webmail server, but it is a used only as a last resort (too complicated/slow/expensive over dialup). They do need persistent storage, those 15 Mb fill up very quickly. CDs/CD drives last long enough, I'll look into that live-cd solution. I hadn't thought of it. And unfortunately... yes, I'm serious.
Set the computer up with all the software they'll need, disable any admin access by them, install something akin to Deep Freeze. Every time they reboot things will revert automagically. You can create a small partition for the email app's data folders to serve as a persistant store, or you could just migrate them to simple webmail. GMail can check pop3/imap accounts for you.
I think you're going to run into a general problem here, in that modern computers are generally not built to work off of such slow Internet connections. They're constantly getting big updates and patches.
Some people have pointed you in the direction of Chromebooks, which to my knowledge doesn't have a POP3 client available because Google assumes you'll have web access. There may be other reasons why it won't work.
I think your first instinct might be best. Install Linux. Figure out exactly what applications they need, and install only those apps. You can probably hack something together to run a script when they receive an email from you, but I think you'll be better off just having them run a script manually (tell them 'click on this button') that will collect diagnostic information and email it to you, if you want to do that.
Pick a relatively stable distro (Debian?), strip it down to the bare necessities and use a lightweight desktop environment. Set it to only download security patches. For any updates more than that, bring a disk when you visit.
I'm afraid none of this will keep them from responding to Nigerian scammers. Maybe set up their email to only accept messages from whitelisted addresses? Or maybe your parents just can't have the Internet.
I'd make this one really simple. Use an auto-updating Linux (like Mint), then setup a menu with few choices. Nothing Windows, and if you send a Mac, be sure it can be supported in their locale.
Updates, IMO, will be one of the biggest issues. I ran into this with a local (almost/soon-to-be) relative who was stuck on dial up. I just didn't do anything about their VERY slow computer until I got them onto something with some more speed (they were on dial up aol!!!). How in the world do you update/fix windows XP if someone is on dialup? I'm sure it's possible - I downloaded CD's back when I was on 33.6 - but I don't have weeks to spend doing that. I'm not sure exactly what the answer to that should be.
With that in mind, and with the stories of many virus infections and poor support from their friends, I'd probably try some sort of VM arrangement. Maybe something like:
* boot to something minimal and hardened (vmware ESX, linux + kvm, whatever you're most comfortable with really)
* set it up to automatically boot the VM, so that's really (almost) all they see
* VM install should have multiple disks
* disk1: OS, fully updated before you send it there, and take a snapshot
* disk2: data, copy there stuff here or plug in an external drive of theirs or whatever
If something goes really wrong, just go back to the snapshot.
Consider putting another VM on there that can do offline virus scan of those other disks (maybe clamav), and possibly integrity checks.
Could also put another on there that does a call home to you (dialup, wait for connection, ssh somewhere and setup a tunnel - go over 443 or 80 for a better chance of it working, and maybe use dyndns for the hostname).
Others above recommended gmail. Some other provider should be chosen if at all possible. I like gmail, and am also a fan of fastmail.fm, but pick whatever you want. Pick one that can pull mail from other providers, offers OK amounts of storage, imap (and/or pop3, but imap would be preferable so the data stays on the server and you can wipe their machine easier), and virus and spam protection should be decent too. Having webmail available would also be good, because then you can jump into their mail and clean it up if needed :-)
For remote access, forget about proxying commands through email. That's a bit crazy.
Just setup ssh on it and have it run on a variety of ports (22, 80, 443, 65000, whatever), and bookmark something like "whatismyip.com" for them to go to and tell you their IP.
If you MUST have some other proxied command method, there are some for various IM clients, and there's stuff like logmein. It's trivial to have pidgin run stuff in the shell via a plugin, for example. At least this could be part of something they don't use every day.
Does Chrome OS even support dial-up?
It could, with an ethernet dial-up modem.
Having said that, I think the best solution would be Debian with Eldy installed, and a few scripts for parent-specific needs (like a revert-to-default/familiar setting) linked to big, clear buttons.
"I've got more toys than Teruhisa Kitahara."
The original Apple Airport base station had a built in modem which would dial on demand, NAT the dialup connection, and share it with both wifi and ethernet.
Pairing that with an iPad means that all the effort Apple put into banishing jailbreakers from the platform would do wonders for the trojan problem.
First, take a big step back... and literally, FUCK YOUR OWN FACE!
The answer to every technical problem is not a chromebook an ipad or a fucking wristwatch or whatever doohickey that you can get android on. Every device youre thinking of is a failure for the given situation. Mostly because none of them have dial up hardware. Secondly, those are all disposable first world toys that are as reliable as the length of their warranty.
And lastly, they are all based on having broadband connections to push ads at the user which is the last thing these luddites need.
There are probably about 100 devices designed for " linux you can give to grandma to check her email and she'll never know" that are specifically targeted at this purpose and youre babbling like some best buy employee who just got done watching his first training video.
Go back to engadget, please.