Can this be done?

bcavender

New Member
Joined
Feb 24, 2021
Messages
9
Reaction score
2
Credits
108
Windows Expat/Linux Convert in Training here.

I want to buy/build a real simple, entry level Midori/Opera web surfing Linux laptop that boots from a write protected SD card and runs 100% in ram without a solid state or regular hard drive. GUI based would help my command line ignorance/time constraint issues ... preferably open sourced entirely or as much as feasible.

My searching must be in all the wrong places as I can only find teases of this as a possibility.

Can someone point me in the right direction of how to learn to do this or a vendor that sells a platform in that direction?

All comments greatly appreciated!!! :):):)

Best regards,

B
 


If you aren't too hung up on Midori/Opera it might be a bit easier. Slax may achieve your goals. It normally boots on CD/DVD/USB, but SD should work. It has very low resource requirements and has a TORAM function to load wholly in RAM. It has a GUI and uses Chromium browser by default, but you may can add something else... not sure. Also not sure about write protection on the SD, but I don't know why that wouldn't work.

It sounds kind of like you want a "kiosk" operating system. If so, there are a number of options for those, but I'm only (barely) familiar with Porteus Kiosk.

Both of these are not-your-typical Linux, so they might need more research and investigating on your part to make them suit your needs. Take a look at the links and see if either might help.
 
Stan,

MOST EXCELLENT!!! The "TORAM" function is exactly what I need. Been surfing and trying to learn a way for a couple days and came up with nada.

I had not run across Slax yet. That looks like it would do this fine and not need a big buck machine. The Porteus idea might work too, but I think your first suggestion might be a closer match.

Hey man you are tops!!! Thank you for your kind assistance. I am going to give that a go.

Best regards,

B
 
Glad I gave your some focus. Still lots for you to learn. Good luck! :)

[EDIT] Other distros can use TORAM also. A couple of popular ones are Puppy Linux and EasyOS. So you do have more options than just Slax. Hard for me to pick... I like 'em all.
 
Good info. I will check them out as well!

One last question you might know.

Do you have any experience with vendors that cater to the Linux notebook market?

Most of my old vendors are force feeding Win10 and more hardware than I need.

Thank you!

B
 
System76 is a popular vendor, but not cheap. Dell used to provide Linux if requested, but I don't know if they still do. Googling "linux laptop vendors" will give you a lot of reading material, but be sure to just look at recent articles, unless you might consider a used system.

A problem (sometimes) with NEW computers is that Linux may not yet have drivers to support them. This is especially true with WiFi, but can be true with sound, touchpads, and other things. As an example, I bought a cheap Lenovo laptop in November (only $130 USD)... nice little computer, but many distros would not install, and the ones that did would not make WiFi work. The simple solution for me was to plug in a USB dongle that was Linux compatible, but that now adds to the overall cost (though not much). More important, if you're paying attention: some distros would not even install. That's a pretty big compatibility problem right now, but I expect that it will be resolved better over time as new distro releases provide better support for BIOS and hardware on this laptop.

There is no master list to guide you on potential problems like mine. These issues don't bother me because I'm pretty adept and finding and fixing issues or workarounds, but it could be more trouble for a new Linux user. Sometimes, a good solution is to buy something used... older systems are quite more likely to have support from Linux. But since you want a laptop, batteries can be a concern if you need this to be portable. A very popular used laptop for Linux are IBM Thinkpads, and probably extending to Lenovo Thinkpads after they bought the product line from IBM.

You might even consider a cheap yard sale laptop, or have a friend that might give you an old laptop. I have had many computers given to me, and I've given many away as well. Nothing wrong with starting your project for little or no cost, if you can.

You really want at least 2 GB of RAM whatever you choose, and 4 GB or more is better. Yet, it sounds like you are designing a simple-use computer, so 2 GB may be enough for now.

With each system you are looking at, Google it with "Linux" attached to the search... so Google "IBM Thinkpad Linux" or "Dell XPS Linux," etc. Include the exact model number with the search too for even better results. These will help tip you off to what is good, better, best... or not worth the trouble.

Don't let this scare you too much. Most computers will run Linux just fine. But there can be some exceptions, and you might be pretty turned off if you run into one. Remember that practically all computers are built for Windows with little thought for Linux. There's not much we can do about that.
 
Last edited:
A 17" like this AMD system would be easy on my poor eyesight and in my price range, but I have read a rumor that ASUS has a way to lock Win10 in as the OS ... I have an AMD system with Radeon graphics and it performs well. Not sure if there are Linux drivers though. Have to start digging:

 
I have read a rumor that ASUS has a way to lock Win10 in as the OS
I haven't heard that. When Windows 8 was released, all OEM's providing Windows were required by Microsoft to supply UEFI firmware with Secure Boot, but they were also required to provide the means to disable Secure Boot. With Windows 10, OEM's can make Secure Boot permanent... but none have done so to my knowledge. This article gives more details. Some Linux distros can use Secure Boot, but many can't, and you may need to make these changes in the UEFI Setup. UEFI is often still called "BIOS"... but it is actually a replacement firmware.

That looks like a nice laptop! It's a LOT of horsepower just to run Slax! ;) But you may move on to more advanced distros as your learn more, and that extra horsepower will be welcome. You might Google "AMD Ryzen Linux" to discover any possible pros and cons to that CPU.

Google is your best friend on your Linux journey. Almost any question you might have has already been asked by someone, somewhere.
 
Every OEM has the ability to lock the OS to one OS only. They control the BIOS and can simply limit it to an OS that matches a signature or simply lock out the option to boot to anything but internal hardware. They could even write the BIOS to the chip and then send the appropriate voltage to snap a fuse in it making it so that it can never be updated.

Any OEM could easily do these things. Writing the software to the non-volatile areas of hardware and then snapping the fuse behind them is fairly common, seen in everything from cell phones to electronic devices like video games.

Just because they can, doesn't mean they intend to. I can't see a major computing OEMs deciding to do that on a large scale - it they did it at all. They have no incentive to do so and if Microsoft did provide such an incentive they'd sure as heck find themselves back in court for monopolistic practices. Believe it or not, neither ASUS or Microsoft are run by morons.
 
KG: Based on your comments, you are saying ASUS laptops do not routinely block customers from disabling UEFI. Risk of buying a locked out machine is near zero. Is that a reasonable statement then?

STAN: The idea of creating a private certificate is interesting from the perspective of blocking rootkits, but from my first look, it might be beyond my current tech skill and opportunity cost of learning it.
I certainly would be up for paying someone to create that cert to get me going.


In the process of trying to determine the BIOS/UEFI situation with this Asus laptop, I tried to contact the eBay vendor (re_tech_deals) to ask the version/situation, but the contact was blocked as they were too busy to speak to customers. That was unique marketing approach to building sales. Glad I found that out before I needed actual sales/tech support or a DOA unit.

I really do appreciate all your guys great expertise and insights!!!
B
 
KG: Based on your comments, you are saying ASUS laptops do not routinely block customers from disabling UEFI. Risk of buying a locked out machine is near zero. Is that a reasonable statement then?

Not that I've ever seen, no. If you see claims of such, I'd search harder for PBKAC.
 
STAN: The idea of creating a private certificate is interesting from the perspective of blocking rootkits, but from my first look, it might be beyond my current tech skill and opportunity cost of learning it.
I certainly would be up for paying someone to create that cert to get me going.
Wow, that goes WAY beyond your needs! o_O;) The normal story is much simpler. If you choose a distro that can use Secure Boot, try it out. But if you want a distro that does not use it, you can still disable Secure Boot in the UEFI (BIOS) Setup. Many people disable Secure Boot regardless. Sorry if I steered you into the wrong Google rabbit hole! :oops::)
 
No worries Stan. The learning curve is worth it.

I need to get up to speed on secure boot and find the distros that support it.

Great! Thanks for the help!!! :cool:
 
I need to get up to speed on secure boot and find the distros that support it.
I don't know of a list for Secure Boot capable distros, but here are a few that have worked for me:

Ubuntu
Linux Mint
Zorin OS
Linux Lite
Fedora

I think the latest Debian is finally able to use Secure Boot also, but I'm not 100% sure.

Slax is based on Debian now (used to be based on Slackware, thus the name)... but I don't think that Slax is ready for Secure Boot. It may not be ready for UEFI even. You can usually change UEFI to "Legacy" in your UEFI/BIOS Setup for any distros that need it.
 
I have a RaspPi Debian (Raspian) that I experimented with for a bit. Ran quite well for a disk-less SD nano-surfer system, but I failed miserably over about 4 sessions simply trying to get a Brother laser net printer driver loaded. There have been very few times I have been whipped by computer problems, but every which way I turned I sure was missing the boat w Raspbian.

How is printer support under Ubuntu and Mint?
 
Raspberry Pi's are nice little computers... for what they are (and depending on which model, how much RAM, etc). I've got one too, but I seldom play with it. There are other Linux distros that can be installed on them besides Raspbian if you want to try some, but there aren't as many options as for a PC. Oh, I keep forgetting... they don't call it Raspbian anymore, it's Raspberry Pi OS. Whatever... I liked Raspbian better.

HP printer support is the best with Linux. Almost every HP model will work (but not all). Other brands can be hit or miss, but Brother is pretty good to offer drivers for many of their products. I guess that you started on this page and found your printer already. Sometimes you may need to connect your printer with a cable first to install the drivers and get it configured... and then you can go wireless with it afterwards. I've found that to be true with Windows too sometimes.

On the Brother support page, you will need to know which type of "package" your Linux uses, and maybe that was the trouble you had. RPM packages are for RedHat based distros, including Fedora and others. DEB packages are for Debian based distros, including Ubuntu, Mint, and others. So, you would have needed the DEB package for Raspbian. And then you needed to follow their instructions carefully, so maybe that was the problem. When you have a new computer and Linux running, you can open a new thread here to get help with the printer if you have trouble.

You might explain more fully what it is that you want your new Linux computer to do. From your post #1, the simple setup you described probably wouldn't need a printer. You didn't even need/want a hard drive! It sounds like a Raspberry Pi would have fulfilled your goals... no? The conversation seems to have drifted more toward traditional Linux systems, and that is probably my fault. I tend to ramble a bit. :oops:o_O:)
 
OK, here's the backstory. I had fought with Win Malware for decades it seems. Most were just headaches getting things cleaned up and never got a ransomware or disk destroyer problem, but one day I get this call from my bank an they asked "is this wire transfer for sending the balance of your savings account overseas valid?" (Bulgaria)

Yeah, you can imagine the pucker factor there.

I took some extra precautions with the bank and heartily thanked them for being on top of things. I'm pushing 70 and dealing with health issues that make going back to a 9-5 job impossible even if there was one for me. If the corrupt perps had got our cash, our safety margin would have become real tight (to say it politely). It's a sad state of affairs what people have become and I think we are headed for even worse scenarios over the next five years when the dung finally hits the turbine.

I mentioned this to a friend that is a special agent with the FBI. He said they had a case years back that they used in their public education work where a biz owner came in on a Monday and his cash was gone because the Friday payroll doubled (he had like 280 employees). He calls the accounting firm he outsourced the work to and asked them why they ran payroll twice. They said, "We only ran it once. You doubled the number of employees." Evidently, his cheapie outsourcer just downloaded a pay file off the business' computer and ran it ... not checking for basic validity. A hack added double the employees with accounts in almost 40 different countries. FBI was impotent beyond finding out all the accounts were cashed out and closed. Nearly half a mil lost. The payroll firm's contract specifically disclaimed any responsibility and the language stood. Never got a dime back. In our case, our family didn't take a nasty hit simply because we were just dumb lucky ... not up front smart. (Face-palm) I'm trying to change that after dodging the first bullet.

After I finish the skinny surfer, my next project is to build a hardware firewall that I can simply block all traffic to entire regions of the world. I experimented with Capsa Free from ColaSoft (sniffer sw at my ISP interface) The only continent that we DIDN'T have in/outbound traffic was Antarctica! I could hardly believe my eyes. I took a number of addresses to WhoIs and most just came down to ISPs for home addresses, but a bunch went to international Microsoft/tech sector companies I recognized and one actually resolved to a US military base. I don't know if everything I found was real, but I sure didn't want that going on. Spooky. We have a three regular PCs and a typical potload of handhelds, phones, TVs, etc hooked to the net. I don't have anybody in Africa, South America, Europe or Asia I really need to have the pipe open for 24/7. If I ever do, I just might take my skinny surfer down to the local fast food restaurant and have a looksee there.

Clown Car World and I can't get off ... but I am looking. :^)
 
Wowza! That is indeed a helluva backstory! And well told, I might add. You've given me a wide opening to ramble some more, so here goes! ;)

I have often expressed (here, and elsewhere) that "security and convenience are a tradeoff." The more convenient your computer usage, the less secure. The more secure your computer usage, the less convenient. It's just a generalization, of course, but your experiences and future plans show the practical truths to my generalizations.

While a lot of your anger is directed at foreign entities, I would remind you that some of the best hackers and criminals are here in the US. Also, nothing is perfect. People in China are able to go around The Great Firewall. I'd guess that Equifax used firewalls when they were hacked. My VPN can show my location almost anywhere... which allows me to watch Australian TV when I am otherwise restricted. But foreign entities can use VPN's too and look like they are in the US. Firewalls are good, but don't let it give you a false sense of security.

VPN's are simple and prevalent. Skilled criminals likely have many tools to use. While many people choose convenience and are easier targets, even those of us who try to be more secure will always be vulnerable. I can tell that you will be even more security-minded than I am, and I am always questioning whether I am doing enough. The tradeoff is tough sometimes.

I'll mention these below, though you are probably already on top of this. But maybe some others will benefit from the comments.

You can "freeze" your credit with all three major credit bureaus (Equifax, Experian, and TransUnion). There used to be a fee in many cases to do this, but after the Equifax hack, the government forced them all to offer this for free. Sometimes they will try to offer "something else" (something "more convenient") but I think the freeze is a primary defense for average folks like us. The freeze is permanent and you have to manually unfreeze it yourself in order to open new credit (less convenient). But another thing you can do with the bureaus is put a "Fraud alert" on your account. This is only good for a year but can be renewed. With a Fraud Alert, the bureaus are supposed to call you before opening any new credit, so you need to keep your phone number with them current. Regularly get an annual free credit report (here) from the bureaus. Staggering between the bureaus will give you a free report every 4 months. If you're married, staggering between bureaus and between your wife and yourself can give you a report every 2 months, because usually your spouse's credit is very closely tied to your own credit, although that is by no means true for everyone. It is true for my wife and I though.

Identity theft more often targets your credit than your savings account. Your story is rather exceptional in that respect. But good computer security should try to see the big picture of your financial vulnerabilities.

Some recent threads on this forum were about password managers, and you might look those up or start a new thread if you have questions about them. There are pros and cons to using a password manager. It took me a long time to finally accept using one myself. They are a good tool, but you definitely want to know their vulnerabilities too.

NoScript: This may interest you. NoScript is a Firefox browser add-on that stops Java scripts from running on web pages you visit, but it lets you pick and choose which scripts can run. This is NOT a convenient tool. In fact, it can be annoying. You absolutely need scripts to run sometimes, like to do online banking. But you don't need ALL of the scripts on your bank's page to run. You can give permanent permission to sites like your bank, and you can give temporary permission to others as you figure out what is needed, and what is not. It will let you export your settings to use on other computers or to store as a backup. You would definitely want to back this up for all the difficulty there is in getting it set up over time. But it is a very powerful tool to defend yourself, so it's worth some effort.

Biometric data: Do you use your fingerprint to unlock your phone? This is just a personal view of mine, but I don't want any biometric information exposed without some seriously good reason. If your email password is ever hacked, you can change it. If your fingerprint or iris scan is ever hacked... how can that be fixed? A whole lot of people like the convenience of touching their phone to unlock it... because it is so inconvenient to enter a passcode or swipe pattern. Oh well.

Alright, back on topic... I like your "skinny surfer" idea. I've had similar thoughts in the past with the plan of using a "Live DVD" to load Linux instead of a write-protected SD card. Once the DVD is burned and the session is closed, it cannot have anything further written to it. Same concept for sure, but the SD card would boot quicker than a DVD. Once loaded into RAM, there may not be any difference. The Raspberry Pi would be great for this, I think, but you can probably boot the SD on other computers too. And you could use USB as well. Often a Linux Live USB is setup with "persistence" which allows you to write to it... you can install programs, and it will remember your wireless password. But you can use a USB without persistence too so that nothing "should be" written to it. The USB is probably a little more universally bootable since many computers don't have a DVD drive or an SD slot.

Again, nothing is perfect. I'll be interested to follow your progress and see the choices you make, if you share them. It's understandable if you keep things private too. You may give me some new ideas as well. In fact, in writing this I have discovered that I need to go renew my Fraud Alert... thanks! :)

[EDIT #1] I made a mistake earlier about the phone number with a Fraud Alert. The bureau will provide your number to a lender so they can call you to verify your identity when opening a new credit account. But giving the phone number was OPTIONAL, so I left it blank this time. That could cause even more trouble, but I don't apply for new credit often, so it was worth taking the chance for me. I used TransUnion to place the Fraud Alert, and they will notify the other bureaus for me. They also removed me from pre-screened credit offers for another year.

[EDIT #2] With credit frozen, the free annual credit reports were difficult to initiate. I'll have to mail a request to 2 of the 3... only TransUnion was successful in giving the report right away, after answering various identity questions.
 
Last edited:

Members online


Top