Why does FRC techs recommend for teams to disable Firewall instead of allowing an access rule through? This doesn’t seem secure if you’re using the laptop for anything besides only running the robot.
-
You shouldn’t be using the laptop for other purposes, especially during an event.
-
Much, much quicker and easier to disable a firewall vs ensuring it is properly configured for all FRC relevant ports.
You can always enable it when you’re not at an event and just disable it at events if you want.
Well, it isn’t recommended to use your Driver Station PC for anything other than controlling the robot during a competition, so turning off the Firewall and Disabling the Wifi go together well.
The problem at the field comes when you keep changing the settings of your computer between matches. That makes it much harder for the field techs to get a match ready to run.
We see that all the time, team ran fine last match, but in-between matches they went web surfing, then can’t connect to the field, because they messed up all their PC settings.
Yes, it’s possible to set firewall permissions properly, but many teams don’t understand how to fully do that. So at the field getting setup for a match quickly means bypassing all those obvious problems and just disabling the problem services.
With Win 10, I recommend going further than that. Disable all automatic updates especially window updates. Avoid any unnecessary software. Especially Adobe products. Don’t connect to the internet except when absolutely necessary. Unless you are running more than the DS and smart dashboard, you don’t need a powerful (expensive) drive station computer.
You don’t want you computer running updates or looking for updates when you plug into the FMS.
It’s not a statement of security. It’s a statement of time.
The FTAs have to run matches quickly and the quickest/easiest method to ensure you get connected properly is to disable the firewall (among other settings). They don’t have the luxury of time to sit and adjust individual firewall settings until you get connected properly.
As for security, disable the firewall on the field and re-enable it when you are off the field if you feel like you need it. The driver station should not be connected to any other networks when it is on the field anyway.
I don’t recommend not installing updates. Last year the National Instruments code would not run without important updates from Microsoft that were released in August. NI also only tests with the latest updates installed. If you have a problem with NI software and don’t have the latest updates installed, I suspect there won’t be any help from FIRST/NI when things don’t work.
PCs should have all updates applied before coming to competition.
At competition, turn automatic updates off, so that they don’t happen to occur when you are starting a match. Teams have had to be bypassed when their driver station PC started to update or got locked into finishing an update when it’s time for the match to start.
I’ve seen PCs stop to do a Windows update in the middle of a match.
Then turn updates back on after competition.
This switch (Settings -> Windows Update -> Advanced Options) is particularly useful.
You’re spending $5000 to register for an event, $x000 for travel, $y000 to build your robot. Why not spend $150 for a used Thinkpad T430 with SSD for a dedicated driver station machine?
Thanks everyone for your comments! As a FRC Competition Driver and Programmer, it made me wonder. We haven’t had issues due to Firewall settings we made at the competition. We have a static IP setup with the Firewall disabled and I always wondered why they disable the Firewall. As a programmer, we make a ton of on-the-fly programming changes and the laptop that it’s deployed on is the driver station laptop, and a lot of the time it does require connecting to the internet to search common things such as needed methods.
This, right here. Programming and doing other tasks on your DS can and will fill it up with crap that negatively impacts your performance on the field. With everything mentioned above on the line, you can’t afford not to buy a dedicated laptop.
My 2 cents. Set aside a single laptop as the drive station is the way to go. If you can afford it, get a backup drive station would be a good idea too (because a drop laptop never happen). For us, our backup drive station is also the MAIN programming station. [We lock down the MAIN programming station heavily and not every programmer can access this box].
MS Windows standard security update always come out on Tuesday. So, a good practice is to make sure that an update check is done every Thursday (as in weekly, absolute min should be a monthly check). Try to lock down the drive station to eliminate any unnecessary software installed on there (i.e. PDF viewer should not be on the drive station, but it is on our backup drive station).
To help with IP related issues, if possible, you can always keep the Wifi for the robot use (static IP) and use the Ethernet jack for the regular machine update/other usage if needed.
Correct. Manually install updates during the competition season, on your own schedule. Make that part of your routine–two or three days before each event, apply Windows, NI, and any other relevant updates.
WSUS Offline is an excellent tool for installing Windows updates. Run it on a separate machine, copy the directory it populates to a flash drive, then plug that drive into your DS and run it. The best feature is it can be set to automatically reboot the system as necessary, and continue installing updates. Start it, walk away, and half an hour (or a couple of hours, if it’s been a while since you updated) later you have an updated Windows system. (Copy the NI & FRC updates to it too… if you can keep your DS from touching anything but a private robot network, or the competition field, that’s good!)
I will second the suggestion that your DS computer be a single-purpose machine. It is a critical tool for your robot operation. If you make it a laptop that is used for no other purpose, you minimize the risk that it fails when you need it most. Unless you are offloading vision processing to your DS, it does not need to be particularly powerful. Models you can find on sale for under $150 at Fry’s on Woot or Amazon will do just fine. A used laptop in good physical shape will do well, too, though I recommend wiping it clean and reinstalling Windows from scratch.
Why do you recommend installing NI updates? IIRC there was a NI update one year that broke some FRC content and I have been shy about letting LabVIEW update since then. Did you instead mean updates to the FRC Driver Station that would be announced (hopefully) in the team updates?
Just to reinforce Alex’s point, applying NI Updates is not recommended.
The FRC specific software has been tested against the NI updates current through the end of the previous year, but not against any subsequent updates and conflicts have arising in prior seasons.
The following warning is included at the end of the screensteps: Installing the FRC Update Suite (All Languages).
I’m sorry, I could have been clearer about that. Apply the FRC and NI updates that are advised by FIRST. (Checking for such advisories should be part of the routine.) Mark is correct: