Security for the Sake of Marketing December 9, 2008Posted by Tim in : Technology , 1 comment so far
Wow. I just got my latest eWeek today and read about something I actually hadn’t heard about yet. Apparently there is a new technology that Lenovo is putting into their laptops that allows a user to disable a stolen laptop by sending a text message. Now don’t get me wrong…I’m all about new technology and text messaging and everything else. But are you freaking kidding me? That is the dumbest damn idea I’ve heard in awhile.
You know why this upsets me? Because people are going to buy the laptops that include this feature and think, “Well, if anything happens, I can just send a text message…I don’t need to worry about security anymore.” Ugh. I want a show of hands…how many of you have ever gotten a text message days after the person sent it to you? And even if that hasn’t happened…how many times have you wondered if the person you sent a message to actually got the message?
This technology is reliant on the fact that the stolen laptop is actually in an area that can receive the SMS message. It’s also reliant on the fact that there are absolutely no glitches in the SMS system in general. No, that’s normally not a problem, but I don’t know about you, I think I’ll not trust my laptop to it. Not to mention the who-knows-how-many-hours between when the laptop is stolen and when you realize it and send the kill command.
Now, if this is used as a belt and suspenders kind of thing, fine. Go right ahead and send your text message. Like I said, though, I have a feeling people will use it as just the belt or just the suspenders and ignore the other. Is it better than nothing at all? Sure, I suppose it is. But I still don’t think it’s a substitution for good old-fashioned hard drive encryption.
Awhile back, I talked about how I use TrueCrypt to encrypt the entire contents of my hard drive. If I lose my laptop, I could certainly send a text message and wonder if it was received. Or…I could do nothing and still know that no person on Earth is going to get my data because it’s encrypted with a password that has more possible combinations than there are atoms in the known universe. But I guess that doesn’t sound as sexy in a newspaper ad.Technology , 1 comment so far
Awhile back, my cousin sent me an email asking what I recommend for backing up computer hard drives. I was reminded that I’d been meaning to write a post about that very topic. I was also reminded that I’d been meaning to write any sort of post at all. I apologize for the hiatus; it’s been a busy couple of months.
Okay, on to the topic at hand. I was happy to report to my cousin that I do, in fact, have a few recommendations for backing up hard drives. Each option has pros and cons, but if you want to choose one, there is definitely one option that is, in my opinion, the hands down winner. That’s not to say that you need to pick one and only one. You could use any or all of these options together to give you the most flexibility. At some point, though, you may end up spending more time making sure your data is safe than actually creating data to keep safe.
The first option, copying files to an external USB or FireWire drive, is the quickest and easiest. It is certainly better than nothing. However, it’s of absolutely no use if your house burns down, gets pounded by a hurricane, or blown away by a tornado. Unless it’s one of those freaky stories where you end up on the news after the tornado saying, “The twister blew away everything I own except for this one backup drive!” Personally, I wouldn’t want to bank on that one. Remember, though, that natural disasters aren’t the only things you need to worry about. Often, those external drives are kept right by the computer that they are being used to back up. If somebody breaks into your house and goes to steal your computer, guess what. My money says your backup drive is going for a ride, too. The problem with this option is that it keeps the second copy of your data right with the first copy. That’s great until something happens to take out both copies.
Another option is to periodically burn your data to CDs or DVDs and mail them to somebody else (family member, attorney, etc.) for safe keeping. I’ve heard Steve Gibson of GRC talk about using this method. If you don’t have a lot of data, this option is still pretty easy in terms of getting the data copied. However, it becomes a bit more of a hassle when you have to put the disc in the mail. But, with the extra hassle comes some extra peace of mind. Even if something happens to your computer’s location, you’ve got off-site backups that you can use to restore your data.
Wouldn’t it be great if we could essentially combine those two options? Give me the ease of backing up to a huge hard drive, but make sure it’s off-site. That’s where my third option comes in. It is something that is relatively new, at least in terms of being cost-effective. I’m referring to internet-based backup. The idea is that you use somebody else’s hard drives to keep your data off-site. There are various places on the web where you can go for online backup but I am going to focus on Amazon’s S3 service used in conjunction with a program called Jungle Disk. I started using the service about 3 months ago and I really can’t say enough good things about it. It is as seamless as having an external hard drive connected to your computer, but it’s off-site. Best of all, it’s very inexpensive. The only downside is the transfer speed. If you don’t have broadband internet access, forget it. But if you’ve got a good connection, then you should check this out.
If you go to www.jungledisk.com, you can find all you need to get started. Jungle Disk is the program that will run on your computer. They have versions for Windows, Mac OSX, and Linux. It’s free to try for a month and then 20 USD for a lifetime license. I could go on for a long time about all of the features, but I bet you don’t want me to do that. I’ll just hit some of the main points. When you start your computer, Jungle Disk will mount your S3 drive so you can copy data to and from it just like a hard drive. It allows you to encrypt the data you save to it. You can also set up a scheduled backup. And as I said before, it’s cheap. You can look at the details on the website, but I can tell you that I’m backing up around 20 – 25 GB of data and I’m paying around 4 USD a month. Plus, I’ve heard that Jungle Disk and Amazon S3 will also open your beer and put extra hot sauce on your buffalo wings. Okay, I made that last part up because I’m on the verge of annoying even myself with how many compliments I can give this service.
I’m done now. Just try it. You’ll be amazed at the warm, fuzzy feeling you get when you know that you could pound a railroad spike through your computer’s hard drive and still have all your data.
Steal My Laptop, I Dare You March 18, 2008Posted by Tim in : Technology , 2comments
Okay, well don’t really steal my laptop. I’d rather not have to deal with the hassle of either buying a new laptop or tracking you down and kicking the crap out of you for stealing my laptop. You think I’m joking, but I really would do that. Buy a new laptop, I mean.
But aside from the hassle, let me tell you why I don’t care if you steal my laptop: you can’t get my data. I am so confident of that fact that I would be fine with popping the drive out of the computer, handing it to the NSA, and daring them to try and get my bank account numbers from my Microsoft Money file. In case you’ve never heard of it, the National Security Agency is the U.S. government agency that deals with cryptography. What does that mean? It means they’re in the business of coming up with secret codes that even a Little Orphan Annie decoder ring couldn’t crack. It also means that they’re in the business of cracking those same kinds of codes so that they can obtain the information they need to defend against bad guys.
So now you’re thinking I’m pretty pompous for saying that not even the NSA could get my data. Well I assure you, I don’t say that because of anything I’ve come up with. I give all the credit for me being able to make that statement to a program called TrueCrypt. TrueCrypt is software designed for the protection of data. It does this by encrypting the data. Without going into a lot of painful geek-speak, encryption is essentially the process of taking files on your computer and then shifting, mixing, and jumbling them around until you’re left with nothing more than an unrecognizable mess. Of course, if you know the password, then you can reconstruct that unrecognizable mess without issue and the files work just as they normally would.
I could go on and on about the many benefits of TrueCrypt, but I want to focus on one specific feature that was added to the latest version. Plus, there are people far more qualified than myself to give you the real nitty-gritty of how it all works. For a good in-depth review of TrueCrypt, you should listen to Leo Laporte and Steve Gibson in Episode 41 and Episode 133 of their “Security Now!” podcast. That should be enough geek for all but the geekiest of you. Also, since this is a fairly complex topic to cram into one blog post, please feel free to email me if you would like to find out more.
The new feature that I want to point out is System Encryption, which allows you to encrypt the entire hard drive partition on which you have Windows installed (basically, your C: drive). To encrypt your system partition, TrueCrypt employs something called pre-boot authentication. That means that you have to provide a password before your system will even attempt to boot into Windows. That password is required whether you have shut the computer down, or if you have put it into hibernation. If you don’t provide that password then the entire drive contains nothing but garbage. So even if somebody connected the drive to another computer and tried to get the data without booting into Windows, they would see only random bits.
Now when I say random bits, I really mean random bits. TrueCrypt employs the most sophisticated encryption that is currently available. To give you an idea of what that means, if you use an appropriately strong password and you assume our current level of hardware, then in order to brute force the password (try every possible combination of upper and lower case letters, numbers, and symbols), it would likely take a bad guy more years than the age of the universe to stumble upon your password. I’m going to go ahead and assume that after another 13 to 14 billion years, I won’t really care who suddenly gains access to everything they need in order to steal my identity.
Now I know you’re thinking to yourself, “Well that’s just great, Tim. I’m sure with all the countless millions you rake in by posting your thoughts to a web page that you can afford to have the best encryption available. What about the rest of us?” First of all, if you happen to run across those countless millions, please pass them this way because I certainly don’t have them. Secondly, you don’t need countless millions. In fact, you don’t need counted pennies. TrueCrypt is absolutely free. It is open source software which means you can download, install, and use it all you want without paying a thing unless you’d like to make a donation. It’s also worth pointing out that while I can only attest to the Windows version; there are also versions available for Mac and Linux.
Another benefit of the software being open source is that anybody who wants can download and examine the code that was used to create the software. That’s important in this situation because it means that other security experts could determine if there were secret backdoors programmed in to allow somebody to get around the encryption if they know a “master” password or something along those lines. I’ve looked through the source, but that was more for amusement. It’s not my area of expertise, so I trust the developer community to have vetted all the code to the point that I can be confident in the finished product.
Bottom line, if you have a laptop, I highly recommend using the System Encryption offered by the latest version of TrueCrypt. It is far too easy for those types of computers to get lost or stolen; a fact that has been learned the hard way by more than one government agency in more than one country. As I said in the beginning, nobody wants the hassle of a missing computer, but wouldn’t it be nice to know that none of your personal data would be compromised if it did happen?
What’s up with “What’s up with Tech?”? March 7, 2008Posted by Tim in : Podcasting, Technology , add a comment
Some of you have been asking about what is going on with the “What’s up with Tech?” podcast that I produce with Jake Kerber. If you are not familiar with the podcast, it is something that Jake and I started doing last year. It’s a technology news and information podcast that we try to gear toward the normal person who has an interest in technology, but doesn’t obsess about it the way we do. In other words, it’s geeks explaining geeky things to non-geeks. We managed to put together 5 episodes that are available from the website or from iTunes.
We were starting to get more of a consistent process down and were attempting to get on a more regular schedule when we hit a bit of a wall. It was a combination of things, really. I think the two biggest factors were that the holidays hit and that Jake has been incredibly busy with the launch of his new site, Film Triangle. And I’m quite certain that a show consisting of only me blathering on to myself about gadgets, computers, and science-fiction is something that the world is better off without. Just ask my wife.
So, the point of this post is that I wanted to take a quick moment to let our listeners know that we really do plan on getting back to the show as soon as it is possible. Jake’s in and out of town right now attending some film festivals, and I’ve been working on a redesign of this website. But hopefully, just in time for the weather to finally turn warm again here in Iowa, we will be able to retreat back inside to record some more episodes!
Here’s why Amazon MP3 Downloads are the way to go… February 12, 2008Posted by Tim in : Music, Technology , 1 comment so far
The other day, I decided to try out MP3 downloads from Amazon.com for the first time. From this point forward, I don’t think I’ll be able to stress enough to the people I know that this is the way to purchase music online. Now, before I get flamed from all of the iTunes zealots, try to read calmly and imagine a world where music might be purchased from somebody other than Steve Jobs.
Maybe I should give a little background before I delve into why I instantly became such a fan of the Amazon method. First of all, I am actually a Zune owner. I know, I know…I should make it a point to hang out with the 7 or 8 other Zune owners in the world. Maybe I’ll post some other time about why the Zune is underrated as a media device, but for now, I just want that to be a level-set for where I’m coming from. Second, I’ve never owned an iPod, but my wife is on her second one and I have used iTunes enough to know that I can’t stand it. To be fair, though, I can’t really stand the Zune software either. Finally, as much as I may dislike iTunes or the Zune software, my unadulterated hatred is reserved for DRM. Some readers may not be familiar enough with DRM to hate it as much as I do so let me discuss it briefly.
DRM, or Digital Rights Management, is the practice of copy-protecting digital media. This is something else that deserves an entire posting of its own, so to make it short and sweet, DRM makes it so that if you buy music from iTunes, you can’t play it on a Zune. Likewise, music purchased from Zune couldn’t be played on an iPod. Those of you who are familiar enough with the system will maybe point out that you can burn the music to CD to strip out the DRM and then rip it back to your computer so that it can then be played on any device. But if you’ve ever had more than a handful of songs you need to do that to, you know that it’s much more painful and time-consuming than it sounds. So unless you’ve been diligent about doing that as you purchased music, or you want to spend a couple days de-DRM’ing everything, you’d better hope you really like whatever player you picked and got locked into. It is true that iTunes offers some DRM-free music (from the EMI label, I believe), but at this point, most songs are still protected.
Okay, so how does Amazon fit into the equation? The thing I like most about it and the reason that I even decided to try it in the first place is that the songs you download from Amazon are completely DRM-free. You can download and play them on any player that I’m aware of. On top of that, they are higher quality tracks (256 kbps) and quite possibly cheaper than on iTunes. For example, the album I decided to try for my first experience was James Blunt, All the Lost Souls. I paid $8.99 for it. If I would have used iTunes, I would have paid $9.99. Likewise, in the Zune Marketplace, the same album is $10.00 (actually 800 points with the convoluted scheme Microsoft uses where 100 points is equivalent to $1.25).
So the music is higher quality, possibly cheaper, and the real kicker…it has no DRM. Even with those benefits, I was concerned about what the “experience” would be like. While I pointed out that I really dislike the iTunes interface in general, it would be hard to argue the point that it makes purchasing music online, getting it into your library, and subsequently onto your device about as painless as it could be. The Zune experience is basically the same once you bone up on your currency conversion skills. I really had the feeling that despite the benefits of buying from Amazon, the experience would end up being not quite seamless enough for the average user to step outside iTunes. To say that I was pleasantly surprised is certainly understating things. As it turns out, aside from hiring an assistant to do it all for you, I don’t see how it could really get much simpler.
The first thing I did after finding the music I wanted was to install a very small downloader client on my PC. It looked like they offered versions for Windows XP and Vista, as well as Mac OS X. I am using Vista, but I’m assuming the XP and OS X versions would essentially be the same. It was an extremely quick install and now that it’s done, I won’t have to worry about it the next time I purchase music. With that downloader app, you are able to specify where you want downloaded songs to get saved on your computer. The default on Vista is an Amazon subdirectory under the user’s default music directory. I changed mine to go straight to the music folder instead of to the Amazon subdirectory. Within the browser, I had the option of using Amazon’s 1-Click technology to purchase the album. Since I’ve ordered from Amazon before and they already have my data, the tracks immediately appeared in the download client and went straight into my music folder. Now for me, using the Zune software, all I had to do was open up Zune and it automatically added the new album to my collection. I also noticed that the default behavior of the client app is to automatically add downloaded songs to the user’s iTunes library. Since I don’t use iTunes for my music collection, however, I went ahead and turned that off. That’s it. So aside from the one difference of using the browser instead of iTunes or Zune to find the music, the “experience” was essentially no different.
All in all, I can say without hesitation that I will now always check Amazon first when I am ready to purchase music online. I will also tell anybody I know who gets music online to try it, too. If I’m looking for something that Amazon doesn’t have, then I guess I’ll have to revert to Zune or iTunes followed by burning to a CD and ripping back to the computer to get rid of the DRM. Or I’ll just wait and buy the CD in the store. But here’s to hoping that most of what I end up wanting is included in the more than 2,000,000 songs that Amazon has!