Public wifi from church premises
When it comes to Safeguarding one area of protection and care that
the church should not overlook is if it offers wifi facilities for the
public from church premises.
There are good reasons why such provision can be positive and
helpful. Increasingly the Church seeks to engage with the community
around it by offering the church premises for a wider variety of uses.
Using the premises for things such as conferences and training, are
more attractive if providing an online facility, especially if your
church premises have little or no 3G mobile phone broadband signal.
Offering public wifi at a church raises two particular challenges:
controlling who has access and controlling the content public users
might use.
Controlling who has access - Providing wifi in a public arena, such as church premises, must be
understood as fundamentally different from a domestic wifi scenario. One
reason for this is that offering wifi safely to occasional/infrequent
unknown users requires security approaches that are not needed in the
domestic situation. A fixed wifi password which must be revealed to the
wifi user, if distributed widely, leaves the wifi facility totally open
to misuse and abuse. However systems which can give some level of
control to the free wifi access must not be so complex that they become
unattractive to either use, or administrate.
Controlling the content - Public wifi access is attractive to rogue internet users who might like
to either download, or upload, illegal, illicit and pornogrpahic
content. Assuming such a user makes an internet connection with their
own wifi device, once they have disconnected and removed themselves from
the physical location of the wifi hotspot, their is no way to trace who
that person was.
Solutions
For every problem there are solutions and there are software and
hardware tools which can, and I suggest should, be deployed by churches
to ensure that the abuse and misuse of their wifi facilities is
minimised as much as possible, this is not least for their own
protection; there are serious legal and criminal ramifications of
certain types of internet traffic being passed through a church
broadband connection.
Controlling access - To control who can use the wifi a system
which uses timed vouchers is a reasonable solution. Firstly such systems
require users to present themselves to someone inhouse to obtain the
voucher, which can be limited to only work for (eg) 4 hours. Each user
voucher uses a code or password which is unique, not generic.
Controlling content - To ensure that inappropriate material is
not passed through the Church broadband connection a content filtering
system should be deployed. Although such systems require some
management, they are essential to try and block and filter inappropriate
internet traffic of guest users.
Deploying such a solution?
Such systems typically work by replacing the broadband router provided
by the ISP with something more sophisticated. Such approaches need not
be prohibitively expensive, especially if there are local people who can
help with the setup and administration of the systems.
Some very worthwhile solutions which are free are available using
opensource software-based routers. pfSense is an excellent example of an
opensource solution which can provide all of the above; it provides
many professional features. Although such software is free to download
and use it will need to be run on a dedicated PC. Ideally special PC hardware which has a very low power requirement is used. Such hardware
can cost less than £200; if that breaks the budget pfsense can be run on a redundant PC which might cost next to nothing.
Other considerations?
Do you
have extensive premises? If so one wifi access point (AP) might not
cover all the premises, additional APs will be required. pfSense and solutions like it use a 'firewall' which provides robust security between different parts of the Church network, eg the church office. pfSense also has the ability to setup two (or more) wifi networks,
one for trusted 'in house' connections and one for 'public' users. Separating
these networks helps maintain network security; it does though add
to the complexity of the setup. Carefully chosen AP hardware can
broadcast both networks simultaneously, saving on hardware and power
costs.
If you'd like to know more about deploying such systems post a comment or you contact me at: mark.pengelly AT methodist.org.uk
Wednesday, May 14, 2014
Tuesday, April 22, 2014
mythtv upgrade April 2014
Current issues:
grub problem, require hot reboot to make grub load?
channels not quite right.
Current setup:
mythtv .2
mythbackend doesn't autostart at present
1Tb drive has 200Gb / and 800 Gb /var partitions
(recordings are at /var/lib/mythtv/recordings)
<code>
markp@mythserver:~$ apt-cache policy mythtv
mythtv:
Installed: 2:0.26.1+fixes.20131223.e41b710-0ubuntu0mythbuntu1
Candidate: 2:0.26.1+fixes.20140322.1a4cebf-0ubuntu0mythbuntu1
Version table:
2:0.26.1+fixes.20140322.1a4cebf-0ubuntu0mythbuntu1 0
500 http://ppa.launchpad.net/mythbuntu/0.26/ubuntu/ precise/main amd64 Packages
*** 2:0.26.1+fixes.20131223.e41b710-0ubuntu0mythbuntu1 0
100 /var/lib/dpkg/status
2:0.25.3+fixes.20130813.b5adf03-0ubuntu0mythbuntu2 0
500 http://ppa.launchpad.net/mythbuntu/0.25/ubuntu/ precise/main amd64 Packages
2:0.25.0+fixes.20120410.1f5962a-0ubuntu1 0
500 http://gb.archive.ubuntu.com/ubuntu/ precise/multiverse amd64 Packages
</code>
Aim:
replicate current .26 install so that it starts properly and has recording on separate drive.
recordings
grub problem, require hot reboot to make grub load?
channels not quite right.
Current setup:
mythtv .2
mythbackend doesn't autostart at present
1Tb drive has 200Gb / and 800 Gb /var partitions
(recordings are at /var/lib/mythtv/recordings)
<code>
markp@mythserver:~$ apt-cache policy mythtv
mythtv:
Installed: 2:0.26.1+fixes.20131223.e41b710-0ubuntu0mythbuntu1
Candidate: 2:0.26.1+fixes.20140322.1a4cebf-0ubuntu0mythbuntu1
Version table:
2:0.26.1+fixes.20140322.1a4cebf-0ubuntu0mythbuntu1 0
500 http://ppa.launchpad.net/mythbuntu/0.26/ubuntu/ precise/main amd64 Packages
*** 2:0.26.1+fixes.20131223.e41b710-0ubuntu0mythbuntu1 0
100 /var/lib/dpkg/status
2:0.25.3+fixes.20130813.b5adf03-0ubuntu0mythbuntu2 0
500 http://ppa.launchpad.net/mythbuntu/0.25/ubuntu/ precise/main amd64 Packages
2:0.25.0+fixes.20120410.1f5962a-0ubuntu1 0
500 http://gb.archive.ubuntu.com/ubuntu/ precise/multiverse amd64 Packages
</code>
Aim:
replicate current .26 install so that it starts properly and has recording on separate drive.
recordings
Saturday, March 22, 2014
The Visual in Worship - openlp info
When the OpenLP program installs it creates a folder called 'Data'. To replace the list of songs on the inital install with my song database do the following.
1. Firstly download the new 'Data' folder from here,
http://www.pengelly.info/downloads-and-resources/
Click on the link to the data folder and 'save file'. This will ask if you want to download the 'zip' folder. Say yes and note where on your system it gets placed (probably your users 'downloads' folder)
You will need to 'unzip' that folder before you can use it. Ask me if you need help with this.
2. Open the Openlp program and on the menu at the top choose: Tools --> Open Data Folder.
This will open up a file browser window and it will show you where on your file system openlp is placing the 'data' folder. You will be looking at the contents of the data folder (which usually contains a list of 6 or 7 other folders called things like 'songs' 'themes' etc). NOW CLOSE THE OPENLP PROGRAM DOWN!
3. In the file browser, which shows the current openlp data folder, move up one directory level. This should mean that you then view the folder called 'data'. Using a right mouse click, rename that data folder to 'dataold'
4. Now copy the new downloaded 'data' folder into the same place as the renamed old data folder.
5. Restart openlp and if you've got it right (!) you should now have a longer list of songs (and more themes).
If you have problems don't feel bad, just post a comment/question on the blog below!
Note this song database can only legally be used when Churches have the appropriate CCLI licenses!! Please be legal as far as copyright is concerned!!
1. Firstly download the new 'Data' folder from here,
http://www.pengelly.info/downloads-and-resources/
Click on the link to the data folder and 'save file'. This will ask if you want to download the 'zip' folder. Say yes and note where on your system it gets placed (probably your users 'downloads' folder)
You will need to 'unzip' that folder before you can use it. Ask me if you need help with this.
2. Open the Openlp program and on the menu at the top choose: Tools --> Open Data Folder.
This will open up a file browser window and it will show you where on your file system openlp is placing the 'data' folder. You will be looking at the contents of the data folder (which usually contains a list of 6 or 7 other folders called things like 'songs' 'themes' etc). NOW CLOSE THE OPENLP PROGRAM DOWN!
3. In the file browser, which shows the current openlp data folder, move up one directory level. This should mean that you then view the folder called 'data'. Using a right mouse click, rename that data folder to 'dataold'
4. Now copy the new downloaded 'data' folder into the same place as the renamed old data folder.
5. Restart openlp and if you've got it right (!) you should now have a longer list of songs (and more themes).
If you have problems don't feel bad, just post a comment/question on the blog below!
Note this song database can only legally be used when Churches have the appropriate CCLI licenses!! Please be legal as far as copyright is concerned!!
Wednesday, March 19, 2014
The Visual in Worship - Session 2
The second session is going to introduce you to 'worship presentation software'. There are many commercial and opensource alternative that work on windows, mac and linux.
We're going to look at an opensource (free) one that I've been experimenting with since Autumn 2013:
http://openlp.org/
It works with all three of those OS's mentioned - Go ahead and download/install it if you like.
OpenLP has nice 'remote control' capabilities using either an iphone/ipad/ipod-touch:
https://itunes.apple.com/us/app/openlp-remote/id730847052?ls=1&mt=8
(as often in the mac world the above is not free - $3.99!)
but the Android phone/tablet equivalent is, and I've used this sucessfully:
http://manual.openlp.org/android.html
Note you're going to need a wifi network to allow the remote control device to communicate with your laptop; not a facility in most of our churches - yet!
We're going to look at an opensource (free) one that I've been experimenting with since Autumn 2013:
http://openlp.org/
It works with all three of those OS's mentioned - Go ahead and download/install it if you like.
OpenLP has nice 'remote control' capabilities using either an iphone/ipad/ipod-touch:
https://itunes.apple.com/us/app/openlp-remote/id730847052?ls=1&mt=8
(as often in the mac world the above is not free - $3.99!)
but the Android phone/tablet equivalent is, and I've used this sucessfully:
http://manual.openlp.org/android.html
Note you're going to need a wifi network to allow the remote control device to communicate with your laptop; not a facility in most of our churches - yet!
Saturday, March 15, 2014
The Visual in Worship - Session 1
Here's some links to help those at the 'Visual in Worship' training:
The slides I'm using: (in both MS powerPoint and OpenOffice impress format)
http://www.pengelly.info/uploads/mp_downloads/visualinworship.odp
http://www.pengelly.info/uploads/mp_downloads/visualinworship.ppt
A link to my booklet the Methodist Church published:
http://www.methodist.org.uk/downloads/ca_technology_0504.pdf
Link to an Epworth Review paper about Opensource software:
http://www.pengelly.info/uploads/mp_downloads/Epworth%20Review%20article%20pengelly%20pub1.pdf
Link to the openlp worship projection software:
http://openlp.org/
The slides I'm using: (in both MS powerPoint and OpenOffice impress format)
http://www.pengelly.info/uploads/mp_downloads/visualinworship.odp
http://www.pengelly.info/uploads/mp_downloads/visualinworship.ppt
A link to my booklet the Methodist Church published:
http://www.methodist.org.uk/downloads/ca_technology_0504.pdf
Link to an Epworth Review paper about Opensource software:
http://www.pengelly.info/uploads/mp_downloads/Epworth%20Review%20article%20pengelly%20pub1.pdf
Link to the openlp worship projection software:
http://openlp.org/
Sunday, February 02, 2014
Open LP database location
the Open LP db is located:
On Windows 7:
C:\Users\UserName\AppData\Roaming\openlp\data
On Ubuntu:
On Windows 7:
C:\Users\UserName\AppData\Roaming\openlp\data
On Ubuntu:
Friday, November 08, 2013
Dlink DGS-1224t switch vlans
OK I think I got the vlans basically doing what I wanted. NEXT, how to tag the vlans so I can trunk two subnets from the cisco AP back to the switch. I wonder if having the DHCP 'feeds' to these two subnets from my router (pfsense) on two physical NICs is going to be possible/sensible. Maybe I need to trunk those two subnets on vlans right from the pfsense router, as well as from the switch to the AP??
I've set port 18 as trunking and made the two vlans overlap on it. hmmm. What's the tagging number?
Part 2.
OK A little progress! With these settings I'm getting IP addresses DHCP'd to a client as I would expect, with the respective DHCP servers plugged into the first port of each vlan group (from the router).
What's the purpose of the management vlan in my case though - if vlan one subnet = the IP address of the device should I dispense with it? Otherwise it just seems to be wasting a port and means I can't get to the device unless I plug into port1??
192.168.11.254 = IP of device
vlan1 = management-lan - cannot be deleted. at least one portVID must be in VID1, i've elft that as port1
vlan11 = dhcp server for 192.168.11.x
vlan21 = dhcp server for 192.168.21.x
vlan31 = dhcp server for 192.168.31.x
Part 1.
What am I doing wrong with this thing?
I assumed that ports 1-12 would give a 192.168.11.x IP, 13-18 a 192.168.21.x address and the last 6 a 192.168.31.x IP, but that isn't happening, bizarly i occasionally get a 192.168.31.x address for a laptop on port 2!
Subscribe to:
Posts (Atom)