Pragmattica

October 21, 2009

Caffeine 1.0 Released!

Filed under: Uncategorized — bnsmith @ 8:04 am

It’s official. The “Caffeine for Linux” project has reached 1.0! Only a few short months ago, I was hacking away in secret on the initial 0.1 release of a clone of the original Caffeine for Mac. I had no idea if anyone would be interested in contributing to it, or even using it. I’m very pleased to say that the response has been terrific, and far beyond even my most optimistic predictions. I’m very glad that I took this project on, in part because I now have a version of Caffeine for my Linux box. But the best thing about this project has been having the opportunity to work with such incredibly talented and knowledgeable developers. I have learned so much, and I owe it all to you. Tommy and Isaiah, you’re the best!

But I think that I’ve spent quite long enough waxing nostalgic about the events of the last six months. Moving along…

What is “Caffeine for Linux”?

Caffeine keeps your computer awake! It’s a little coffee-cup applet that sits in the notification area:

pic1

When you click on it, the coffee-cup fills up and keeps your computer from going to sleep:

pic2

It also inhibits the screensaver.

Why is this Important?

Imagine that you’re giving a presentation. The room is illuminated only by the blue glow of the projector, displaying your slides on the screen behind you. You linger on a particularly crucial slide, carefully explaining the subtleties to your mesmerized audience. Several minutes pass, and just as you are about deliver the stunning conclusion, the projector goes dark, displaying only a tiny “No Signal” message in the bottom corner.

I expect that everyone reading this has seen some presentation or other where the display powered off or the screensaver came on halfway through. Don’t let this happen to you!

But That’s Not All!

There are a depressingly large number of fullscreen games available on Linux that don’t properly inhibit the screensaver. With Caffeine, you can fix this problem quite easily; no scripting required. It’s also handy for watching long flash videos without having to tap the Shift key every few minutes. In fact, the new 1.0 auto-activation features make these two things even easier than before.

There are three types of auto-activation that can be configured in the preferences:

pic3

You can configure Caffeine to automatically start preventing the screensaver and powersaving whenever a particular program is running. To set this up, just run the program that should inhibit the screensaver, right-click on the Caffeine applet, select “Preferences”, and then click “Add”. You should see a list of all running processes in the pop-up window. Click the name of the program that you started earlier and click “Add”. Close the preferences window. In about 30 seconds, you should see the coffee-cup applet spontaneously fill up.

If you want to set this up for a fullscreen application, just run the application, wait a minute or so and then quit. When you go into the Caffeine preferences to add a new auto-activation program, your fullscreen application should be listed under the “Recent Processes” tab.

Caffeine can also automatically prevent the screensaver and sleep mode when a flash video is playing in Firefox. This works for many popular flash video websites, most notably youtube.com. Unfortunately, there are also some websites for which this won’t work, like hulu.com (a workaround for this issue is available; see Isaiah’s post for details).

Finally, Caffeine can be configured to auto-activate whenever you play Quake Live, a version of Quake III that you can play for free right in your web browser.

Hopefully, these features will allow you to deal with any powersaving inhibition issues that you encounter on your Linux box. Once you get Caffeine configured, you should never have to think about it again.

Caffeine is also available in several new languages. In some cases, the translations are not totally complete, but are enough for typical day-to-day use.

Installation Instructions

At the moment, the easiest way to install Caffeine is through the project’s PPA. Just copy and paste the following three commands into a terminal:

sudo bash -c "echo 'deb http://ppa.launchpad.net/caffeine-developers/ppa/ubuntu jaunty main' >> /etc/apt/sources.list"
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 569113AE
sudo apt-get update && sudo apt-get install caffeine

However, we do hope to get Caffeine 1.0 into the official repositories in the near future.

Where Do We Go From Here?

Caffeine 1.0 now has all of the features that I originally envisioned, and plenty more features on top of that. Still, now that 1.0 is here, I can see now that there is still room for improvement. The major task for the 2.0 release of Caffeine will be to make it easier to configure. We hope to do this through an online database of programs that have difficulty inhibiting powersaving on Linux. Our goal is to implement the capability for Caffeine to regularly download the online database of problematic programs, if the user explicitly enables it. There are some details that still need to be worked out, such as how to prevent a hostile individual from adding well-behaved programs to the database and thus draining people’s batteries unnecessarily. However, if we do manage to figure these things out, then it could become possible to fix all “powersaving-challenged” programs by simply installing Caffeine and enabling the database download feature.

Conclusion

I guess that’s it. If you have any ideas for new features, please post a comment or write a blueprint the project page. If you discover a bug, you can report it here. Finally, I’d like to say thanks to all the people who have contributed to Caffeine for Linux. Your hard work is helping to eliminate a major source of headaches for Linux users, and thus helping to push the whole Linux desktop experience forward.

July 20, 2009

Caffeine for Linux 0.2 Released

Filed under: Linux — bnsmith @ 9:46 pm

Update: Caffeine 1.0 has been released. Read more about it here.

The pace of development has been frantic since the first release of Caffeine last month. Caffeine is an application that allows you to quickly and easily disable the screensaver and powersaving features of your computer, so that you can watch a long flash video or give a presentation without your display switching off. I feel some temptation to hold back the next release of Caffeine until the program is perfect, but that way madness lies. And so, with that in mind, I am pleased to announce the release of the 0.2 version of Caffeine for Linux!

What’s NewCaffeine_icon

This new version is a massive step forward, with loads of new features and improvements. In fact, so much has changed, it’s practically a new program. Specifically:

  • Incredible new icons (my own amateurish attempts have been thankfully retired)
  • Ability to select from a list of time intervals, and have Caffeine prevent powersaving for that amount of time
  • Ability to specify a custom time interval, and have Caffeine activate for that period
  • Official support for Kubuntu 9.04 and Xubuntu 9.04 (the previous release supported Ubuntu 9.04 only)
  • A new Launchpad project page
  • Fixed the bug that would cause Caffeine to quit if activated immediately after login

I’d like to thank all of the people who helped with developing or testing Caffeine. I’d also like to give a special “thank-you” to Tommy, who provided Caffeine with the new artwork, the new timed activation features and many other improvements too numerous to list here.

Installation Instructions

Caffeine is now available through a Personal Package Archive (PPA) provided by Launchpad. This means that once you install it, any subsequent updates will show up in your regular “Update Manager ” window.

To install Caffeine on Ubuntu 9.04:

  • Open a Terminal by clicking Applications -> Accessories -> Terminal
  • In the Terminal, execute the following commands, one at a time:
sudo bash -c "echo 'deb http://ppa.launchpad.net/bnsmith/ppa/ubuntu jaunty main' >> /etc/apt/sources.list"
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B7DEAC3C
sudo apt-get update && sudo apt-get install caffeine
  • Go to System -> Preferences -> Startup Applications
  • Click Add
  • Set the “Name” field to Caffeine and the “Command” field to caffeine
  • Click Add and then Close
  • Log out and log back in; the Caffeine applet should appear in the top-right

June 27, 2009

Caffeine: Not Just for Beverages Anymore

Filed under: Linux — bnsmith @ 10:27 pm

Update: The new 1.0 version of Caffeine has been released.

The information in this post is now obsolete.

Please see this post for more information.

A few months ago, I attended a little get-together for software developers to share their projects and passions. One of the presenters that night faced the unfortunate situation of having his laptop repeatedly enter sleep mode as he discussed one of his slides. This caused the projector to blank out, interrupting his flow and forcing him to run over to his laptop to press a key.

After the presentation was over, one of the attendees demonstrated a handy utility that could have saved the presenter some embarrassment: Caffeine.

Another Example of Superbly-Designed Software for Mac OS

The idea is simple enough. The program consists of a little coffee-cup applet that sits on the right-hand side of the menu bar. The coffee-cup starts out empty, meaning that the applet is inactive.

01_mac_empty

When you click the empty cup, it fills up with coffee and begins preventing your computer from either activating the screensaver or entering sleep mode. Caffeine keeps your computer awake!

02_mac_full

And slideshow presentations is just the beginning. With Caffeine, you can watch long YouTube or Hulu videos without having to remember to lick the Cheeto-dust off your fingers and then hit a key every few minutes.

If you use a Mac, I suggest that you head over to Lighthead Software and download Caffeine right now. As soon as I saw it, I knew that I would have to track down whatever the Linux equivalent was and install it on my machine.

A Surprising Discovery

It took several hours of careful searching before I was finally forced to accept the shocking truth: there was no Linux equivalent. This is a highly unusual circumstance these days. There are some cases where the Linux equivalent of some piece of software is not as good as what’s available on the other platform, but there’s almost always… something.

My annoyance at the lack of an equivalent for this handy utility was quickly replaced by excitement, because I realized that this was an opportunity for me to make an important contribution. Which brings me to my next point. I am pleased to announce the immediate availability of the first public release of…

Caffeine for Linux

Following the philosophy of “Release Early, Release Often”, the 0.1 release of Caffeine for Linux is very rudimentary and could well contain major bugs. The largest problem that I know of is its incomplete support for KDE. The applet will run under KDE, but activating it will only prevent the screensaver from starting; the activation of sleep mode is not prevented.

Instead of spending all sorts of time thinking about which new features I should implement, I’d like to put you in charge of determining the priorities for future development. If there are any features that you would like to see implemented, just leave a comment and I’ll get to work. Just to get things started, here are a couple of ideas that popped into my head:

  • proper KDE support
  • a DEB package for easier installation
  • uploading the source-code to a proper project-hosting web-site, like Launchpad, Sourceforge or Google Code (which would you prefer?)
  • keyboard shortcuts to control the program without using the mouse
  • ability to activate for a fixed amount of time before allowing regular powersaving to resume (a useful feature of the Mac OS version)
  • ability to activate automatically when a certain program runs (there are some full-screen games for Linux that unfortunately allow the screen-saver to activate while you play)

Of course, these are just ideas that sound good to me. You’re the ones that are running this operation.

Installation Instructions

The following step-by-step instructions are meant for Ubuntu 9.04; users of other distributions will likely need to adjust for small differences. Also, be sure to substitute your username whenever you see <<yourusername>>.

  • Download this file to your home directory
  • Open a Terminal by clicking Applications -> Accessories -> Terminal
  • In the Terminal, execute the following commands, one at a time:
mkdir -p opt/caffeine
tar -xvf caffeine-0.1.tar.gz -C opt/caffeine
rm caffeine-0.1.tar.gz
  • Go to System -> Preferences -> Startup Applications
  • Click Add
  • Set the “Name” field to Caffeine and the “Command” field to /home/<<yourusername>>/opt/caffeine/caffeine.py
  • Click Add and then Close
  • Log out and log back in; the Caffeine applet should appear in the top-right

03_linux_empty

  • Click the icon to activate it

04_linux_full

That’s it. You should now be able to sit back and take in a mind-blowing video like this one without power-saving getting in the way. As always, leave a comment if you have any problems.

May 10, 2009

Encrypting Your Dropbox Seamlessly and Automatically

Filed under: Linux,Security — bnsmith @ 8:37 pm

A Tutorial for Ubuntu 9.04

About a month ago, I wrote an introduction to using the Dropbox service to backup your important data. Any data that you backup with Dropbox is encrypted and uploaded to Amazon’s S3 service. Unfortunately, it is the people who run Dropbox that hold the keys used to perform this encryption. Regardless of how great the service is, storing your files with Dropbox involves placing your trust in the people who currently run the Dropbox service, as well as all of the people who will ever run Dropbox in the future. This is an unacceptable risk for many people and many kinds of data.

Thankfully, there is a strategy that can greatly reduce the risk. It is possible to automatically encrypt your files, and then use Dropbox to backup the encrypted versions. This means that you can have your cake and eat it too! Dropbox provides a convenient backup strategy so that your files can’t be lost due to the theft or destruction of your laptop. The encryption software ensures that your files can’t be accessed by anyone who works for Dropbox, or any hackers that might have infiltrated the servers that Dropbox uses.

If you’re using Ubuntu, the software that you need is free, and it isn’t especially difficult to set up. Please note that this tutorial will require you to use the command-line and edit some configuration files. Don’t be afraid! I will try to explain the process in a step-by-step fashion. If you’re just getting started with Linux, this project might help you get used to the command-line a little bit.

(Note: this has been tested on Ubuntu 9.04 only; I am not confident that these exact instructions will work on older versions of Ubuntu.)

Part 1: Set Up Dropbox

The rest of this tutorial will assume that you have the Dropbox client software installed on your computer. Detailed instructions can be found in the “Installing Dropbox” section of my previous post on the Dropbox service. When you have finished following those instructions, proceed with Part 2.

Part 2: Removing Unencrypted Data

This section only applies if you have already used Dropbox to store some data that you would now like to encrypt. If you have never stored any files in your Dropbox, skip ahead to Part 3.

The first step is to take all of the contents of your Dropbox folder and back them up somewhere else. The following command will copy everything in your Dropbox into a folder named “DropboxBackup” (open a Terminal by clicking Applications -> Accessories -> Terminal):

cp -r ~/Dropbox ~/DropboxBackup

Once everything has finished copying, it might even be a good idea to burn this folder to a CD, just to be safe. Now we can proceed to delete all of the files in the Dropbox folder. Open your Dropbox folder in the file manager by left-clicking on the Dropbox applet in the top-right. Click the “View” menu and ensure that “Show Hidden Files” is checked. Next, select all the files and hit the Delete key. Dropbox should begin synchronizing the changes. Unfortunately, once the synchronization completes, nothing will have been actually deleted yet; the files will simply be marked as deleted, but it will still be possible to recover them.

In order to actually get rid of the files, open your web browser, go to www.getdropbox.com and log in. Click the “Show deleted files” button.

01_show_deleted

For each deleted file, select the “Purge” option.

03_purge

Part 3: Reconfiguring the Dropbox Client

The encryption software that will allow you to secure your Dropbox is called “EncFS“. It works by creating a folder in which to store an encrypted version of each of your files and folders, and then making the unencrypted names and content available in a different folder. When we are finished with this tutorial, the folder containing the encrypted files will be stored within the Dropbox folder, and will therefore be automatically backed-up. Since we don’t want to accidentally store any non-encrypted files in the Dropbox folder, we will move the real Dropbox folder to a hidden location.

Right-click on the Dropbox applet and choose “Preferences…”; under the “Main” tab, click “Move…”:

05_move

Move to your Home Folder and click the “Create Folder” button. Give the new folder the name “.dropbox_encrypted” and click “Open”. Close the preferences window. On to Part 4!

Part 4: Configure an Encrypted Filesystem with EncFS
Now we’re ready to actually do some encrypting. In the commands that follow, you will need to substitute your username in place of <<yourusername>>. Open a terminal and enter these commands:

sudo apt-get install encfs libpam-mount
sudo adduser <<yourusername>> fuse

(As an example, if your username is “pragmattica”, then the command just above should be sudo adduser pragmattica fuse)

Now you need to log out and log back in again before continuing. Next, run this command:

encfs ~/.dropbox_encrypted/Dropbox/encrypted ~/Dropbox

06_terminal

The encryption software will ask you a series of questions. Enter the following responses:

  • Enter ‘y’ to create the encrypted directory
  • Enter ‘y’ to create the unencrypted directory
  • Enter ‘x’ to choose expert Mode (I experimented with the pre-configured paranoia mode, but encountered performance issues)
  • Enter ‘1’ to use the AES cipher algorithm
  • Enter ‘256’ for the key size
  • Enter ‘1024’ for the block size
  • Enter ‘1’ for block filename encoding
  • Enter ‘y’ for filename initialization vector chaining
  • Enter ‘n’ for per-file initialization vectors
  • Enter ‘n’ for block authentication code headers
  • Enter ‘y’ for file-hole pass-through
  • Enter and repeat the password for the new encrypted filesystem; in order for the next part of the tutorial to work, the password must be the exact same password that you use to log in to your computer after turning it on

I’m probably not telling you anything that you don’t already know, so I’ll be brief. A good password should consist of upper and lower-case letters, numbers and punctuation characters. It should be fairly random looking, and pretty long; more than 20 characters, preferably.

You can now begin copying files into your /home/<<yourusername>>/Dropbox directory. The files that you copy in should be encrypted and backed-up by Dropbox. If you log in to the Dropbox website, all of the saved files should have meaningless gibberish names and encrypted contents.

08_gibberish

Part 5: Use pam_mount to Automatically Mount Your Encrypted Filesystem

At this point, it would be possible to use the command-line to manually mount your encrypted filesystem every time you turn your computer on, but we can do better. A program named “pam_mount” can automatically mount the filesystem as soon as you log in. Open a terminal and enter this command:

sudo gedit /etc/security/pam_mount.conf.xml

Look for the line:

<!-- Volume definitions -->

Right beneath that line, add this new line:

<volume user="<<yourusername>>" fstype="fuse" path="encfs#/home/<<yourusername>>/.dropbox_encrypted/Dropbox/encrypted" mountpoint="/home/<<yourusername>>/Dropbox" />

To eliminate a harmless but annoying error message, use “sudo gedit” as above to edit the /etc/pam.d/common-pammount and /etc/pam.d/common-auth files and eliminate all occurrances of the word use_first_pass.

The next time you turn your computer on and log in, you should be able to go to your new /home/<<yourusername>>/Dropbox folder and see the unencrypted versions of your important files. Unfortunately, this new folder won’t display the little status icons on each file, so you’ll have to keep an eye on the Dropbox applet to know when the synchronization of your files is in progress or complete. I think that this is a very reasonable sacrifice for the additional security.

One last tip: the icon for your secure Dropbox folder is now the same as for every other folder. To give that folder some visual distinction, it’s possible to change its icon. Right-click on the folder and select “Properties”. Click on the little Folder icon in the top-left of the properties dialog box and set the icon to /usr/share/icons/hicolor/64×64/apps/dropbox.png.

07_new_icon

Security Considerations

As an added benefit, this strategy will also provide a little protection against your information being compromised by someone who steals your laptop. The reason this only provides a little protection is due to the tendency of modern operating systems and software to scatter bits of information about while working. The actual files themselves are encrypted, but unencrypted bits of the files might still end up lying around in temporary files or the swap partition. An attacker with enough skill and determination would be able to find those. Still, it’s better than nothing.

This is probably going to be my last security-related post for a while. I’ve been going through a security phase lately, but I’m feeling pretty good about the precautions that I now have in place. Next post, I will be back to my regularly scheduled programming topics. As always, if you have any problems with anything in the tutorial, just leave a comment. I’m always happy to help.

April 30, 2009

Password Hashing: A Neat Idea That Can Help to Protect Your Online Accounts

Filed under: Security — bnsmith @ 8:41 pm

I’ve been re-evaluating my information security precautions lately, and while doing so, I discovered something interesting that I’d like to share. These days, most people have accounts at several different websites. For convenience, most people use the same password for some or all of their accounts, which opens up a potential security vulnerability. If a computer criminal manages to steal a list of usernames and passwords from a poorly-secured website, then they could try using each of these username/password pairs to log in to Paypal, for example. As you can imagine, compromising a few thousand Paypal accounts could be quite profitable.

There are other, less-obvious ways that your passwords could be compromised as well. As I learned from reading the EFF’s Surveillance Self Defence guide, the New York Times website doesn’t encrypt the username and password that you send them to access their articles. If you log into the NYTimes.com website from the open WiFi provided at an airport, for example, then your username and password would be transmitted completely in the clear and could be stolen by anyone in range of the radio signal.

The recommended solution is to use a different password for each website that you use, so that the theft of one password will only give the computer criminal access to one online account and not all of them. If you commit every one of your passwords to memory, then this strategy is very secure; unfortunately, it also requires tremendous effort and discipline to memorize random strings of letters, numbers and punctuation.

One Option: Password Vaults

It is possible to store your passwords in an encrypted file on your hard drive, and then choose one “master password” that will allow you to fetch the password for a specific website out of the vault. The master password is the only one that you need to remember. Using this system, it will seem as though you’re using the same password for each website. Behind the scenes, however, each website will receive its own unique password.

This is a reasonable option, but it has some disadvantages. First, you must have a good backup strategy in place, because losing your vault file would mean losing access to all of your accounts. If you follow the advice of some security experts and set your password recovery questions to gibberish, the loss of your vault would be that much more difficult to recover from. Second, this system is a bit inconvenient for accessing your accounts when you are away from your main computer. If you go to an Internet cafe in some other country, perhaps you could bring your password vault on a USB thumb drive, but what if the cafe doesn’t allow users to plug in their own USB drives? Or perhaps the cafe’s computers run Mac OS X and you don’t have compatible decryption software on the thumb drive. I believe that it should be possible to develop a partially web-based password vault program that overcomes these problems, but no such program currently exists, as far as I know.

The Solution: Password Hashing

The basic idea behind password hashing is to take a master password of your choice and combine it with a value specific to the website that you wish to access. This combined value is then run through a “hash function” that creates a random-looking string of letters, numbers and punctuation. This random-looking string will be the password for that specific website. It’s pretty simple once you get the idea; perhaps an example would help. Suppose that you choose “123456” to be your master password, and you wish to access your Facebook account. The password hashing software will combine “123456” with a value representing the website; in this case, that would likely be “facebook”. The resulting password is “9bMxDooTmtwh7AX$”.
01_face1
Nothing is stored on your hard-drive, so there’s nothing to backup. When you’re away from your main computer, it is possible to browse to a web-based version of the password hashing software. This online version shouldn’t need to transmit anything over the Internet in order to generate the password for any of your websites.

If an attacker manages to acquire one, or even all of your site-specific passwords, they will still be no closer to figuring out what your master password is, thanks to the special properties of the hash functions used for this purpose.

This system has one more great security benefit: protection against phishing attacks. Suppose that an attacker tricks you into visiting a fraudulent copy of eBay with the address “www.eboy.com”. The website would look legitimate, but have a slightly different address than the real thing. If you then try to log in to this fraudulent web-site, the password hashing software would combine “123456” with “eboy” to create the hashed password “2dsOpJdTv$q9Aook”. This is completely different than your real eBay password, “c+qw5XtUrJyLF2wM”, created by combining “123456” with “ebay”. The password stolen by the computer criminals is useless!

Password Hashing Software

One of the most popular password hashing programs is Stanford PwdHash, and with good reason. It is simple, elegant and it just works. When you visit a website that you wish to log in to, you simply type “@@” followed by your master password into the website’s password field. PwdHash automatically substitutes the hashed password before transmitting the login information. Anyone watching over your shoulder wouldn’t even know you were doing anything special.

It is definitely my favorite password hashing program, and it pains me that I can’t use it. Sometimes a program can be too simple. PwdHash has no options or customizability of any kind. Any hashed password that is generated by PwdHash is always exactly two characters longer than the master password. As I was half-way through converting all of my accounts to PwdHash, I discovered that some of the websites that I use had restrictions on the length and composition of the passwords that they would accept. Specifically, it always seemed to be the websites for banks and financial institutions that would only accept weak passwords.

I know this isn’t really relevant here, but I have to ask: what is wrong with the banks? They make billions of dollars in profits but can’t spare enough hard drive space to store more than 8 characters for a password? Or maybe they just decided that 8 characters is good enough security for what they’re protecting, because of course my life savings is so much less valuable than my list of favorite movies on Facebook.

Ahem. Sorry about that. Anyway, when it comes to password hashing in the real world, the best option that I’ve found is the unimaginatively named “Password Hasher“. It’s basically the same as PwdHash, except that you can specify the length and characteristics of the passwords that are generated. There are a few small usability problems that prevent me from endorsing it wholeheartedly. Here’s how the program works. First, you visit the website, enter your username and tab down to the password field.

02_mail

Then you activate the plugin through a keyboard shortcut, and a pop-up window appears into which you type your master password.

03_ph

When you press “Enter”, the pop-up closes and the password field on the web page is populated with the generated password.

04_passin

All well and good, but you must then press “Enter” again to actually submit the username and password and enter the website. Pressing “Enter” twice to log in is a bit annoying, but you get used to it.

Another problem is the bizarre default keyboard shortcut for activating the pop-up: CTRL-F6. I recommend immediately changing it to something a little more convenient. I use CTRL-semicolon (see the FAQ for directions on changing the shortcut).

Overall, despite these niggling issues, the program performs admirably. If you’re seriously thinking about implementing this security strategy, I recommend making a list of all of your online accounts (not an easy task, I assure you) and then figuring out which websites, if any, have annoying password restrictions that rule out the use of PwdHash. In all honesty, if you’re a serious Internet user, Password Hasher is probably your best option. Since you’ve read this far, I can assume that you’re pretty serious about securing your information, so why not give it a try? If you have any other questions, leave a comment and I’ll do my best to help.

March 29, 2009

Protect Your Important Data with Dropbox

Filed under: Linux — bnsmith @ 9:47 am

An Easy Backup Solution for Ubuntu
I bet you think that you already know how to easily backup your files: just pop in a blank CD-R, pick the files to backup, burn it and you’re done. But suppose that I actually suggested that you try this backup method, would you do it? Maybe you would get around to it next week, or next month, or next year; just as soon as you got a bit of free time.

Sorry, folks, but that’s not good enough. In order to protect your important data, you need a strategy that’s automated. One that works no matter how busy you get–because the times when you’re busiest are the times that you need those backups the most.

I’ve given this problem some thought over the years, and the best solution that I know of is an online service called Dropbox. The basic idea is that the Dropbox program creates a folder on your hard drive, and anything that you copy into that folder is backed up online.

Why Dropbox?
The following five points were the main factors in my decision to select Dropbox as my primary backup solution.

  1. Dropbox is free. A Dropbox account won’t cost you a cent, and the founders have promised to keep the lowest tier of service free forever. Someday they may be bought out by a larger company and things could change, but for the foreseeable future, their service is totally free of cost, and even free of ads.
  2. Dropbox is fully automated. It runs in the background and constantly watches your Dropbox folder. Any time you copy a new file into that folder or modify an existing file, Dropbox will detect the change and upload the parts of the file that have changed. With text documents, it usually completes the backup operation within seconds of clicking the “Save” button.
  3. All your files are available through a convenient web-based interface. If you’re away from your main computer, you can still log in to the Dropbox web-site and download any of the files that you keep in your Dropbox folder.
  4. When you make changes to your files, Dropbox actually keeps the older versions. I imagine that most users probably won’t use this feature often, if at all. However, under the right circumstances, it could save you from a potentially costly mistake.
  5. Have Dropbox installed on multiple machines, and it will keep a fully synchronized copy on both! Given this fact, the right setup would reduce the amount that you would need to trust the people who run Dropbox. Suppose that you have a work computer and a home computer. If you have Dropbox installed on both computers, and save a file in your Dropbox folder on your work computer, it should be copied up to the Dropbox servers and then back down to your home computer in a few seconds. This means that you would always have a copy of your important files saved on a computer that you own and control.

It Sounds Too Good to be True!
Dropbox is not without its faults, so I suggest that you read the following carefully before making a decision.

  1. The free service only allows you to keep 2 GB of data backed up on the Dropbox servers. If you are willing to spend US$99 per year, then you can increase this limit to 50 GB. Still, if your passion is making movies, for example, even this might not be enough.
  2. Using this service requires trusting the employees of Dropbox. When you copy a file into your Dropbox, you are trusting that they will keep the file safe, secure and private, not just now, but forever after. Who knows what might change in 50 years? Perhaps the future owners of Dropbox will change to a blackmail-oriented business model and threaten to publicly release your files unless you pay them an exorbitant yearly fee. For this reason, I don’t recommend using Dropbox to backup anything that is so sensitive that its release would be life-destroying (at least, not without additional protection). This means that Dropbox is absolutely not the right place to keep the passwords for your bank accounts. I’m not trying to say that you can never keep anything even remotely private in your Dropbox, just that you need to consider the risks. Imagine, for a moment, that you’re writing a novel. If you manually backup your novel once per week, then a hard-drive crash could lead to the loss of several days worth of work. This would then necessitate the motivation-destroying process of rewriting thousands of words over again, which might easily doom the entire novel. On the other hand, if you keep automatic backups of the novel with Dropbox, you face the slight possibility of your novel’s incomplete draft being published on the Internet, likely through some undetected security flaw being exploited by a hacker. As you can see, both options have risks associated with them. For each file that you consider putting into your Dropbox, you must weigh the risk of losing that file due to the lack of an adequate backup solution verses the risk of that file being exposed. Unfortunately, this is a difficult choice to make, and there is nothing more that I can say to help you choose. It’s possible to decrease the likelihood of your data being exposed by encrypting it before placing it in your Dropbox, but this is less convenient.
  3. The Dropbox service is entirely Internet-based. Files are only backed-up when you are connected to the Internet. If you are planning on travelling to a country where Internet access will be sporadic or unavailable, you will need to come up with an alternate backup strategy.
  4. Dropbox includes a feature that allows files to be shared publicly and made accessible to anyone on the Internet via a special web-site address. To share a file, simply place it into the “public” folder within your Dropbox. A feature like this could indeed be helpful, but I recommend staying away from it. The Dropbox “Terms and Conditions” describe the licensing implications of placing any file into the “public” folder, and their chosen licensing conditions may not meet your needs. If you wish to share your photographs, for example, it is probably better to do it through some other venue where you are in control of the exact license that your photographs are shared under.
  5. Dropbox doesn’t currently include a feature allowing the synchronization of any files or folders outside of the main Dropbox folder. Actually, there is a way to do this, but it requires some technical knowledge. I will explore this topic in a later post.

Installing Dropbox
Now that you know the pros and cons of this backup strategy, if you still wish to try it, just follow these instructions:

01_website2

  • Click the big “Download Dropbox” button

02_download1

  • It should take you to the download page for Linux; click the link for your version of Ubuntu and your processor architecture (either regular x86 or 64-bit x86)
  • Save the file to your Desktop
  • Double-click the file on your Desktop; the “Package Installer” program should open
  • Click the “Install Package” button; enter your password
  • Log out and then log back in
  • You should now see the Dropbox icon in the top-right

03_desktop1

  • Left-click the Dropbox icon to start the setup wizard

04_setup1

  • Go through the wizard to set up a new Dropbox account
  • Once the wizard is complete, you should be able to go to Places -> Home Folder and see your new Dropbox folder

05_folder1

Now, just keep the files that you want to backup in your Dropbox folder. You can edit them and move them around as much as you want. Dropbox won’t miss a beat. If you have any questions about Dropbox or suggestions for a better backup solution, please leave a comment.

March 19, 2009

What the Designers of Bank Vaults Should Learn from the Field of Computer Security

Filed under: Uncategorized — bnsmith @ 3:51 pm

I recently read this Wired article about a diamond heist that took place a few years ago. It’s a good read; I suggest you check it out.

Anyway, the article gives an excellent description of each of the security measures that the vault’s owners put in place, as well as the methods that the crooks used to circumvent the each measure. While reading, I continually marvelled at the ingenuity with which the thieves circumvented each system, which is, I suppose, the point of the article, and why it makes such great reading for geeks like myself. At the same time, I couldn’t help but feel a little uneasy about the approach taken by the owners of the building to secure their vault. It seemed like a shotgun approach: take one of every kind of sensor and locking mechanism available and stick it in their somewhere, and then keep the final resulting system secret, to make it more difficult for thieves to figure out which circumvention methods would be necessary to breach the vault.

In the realm of computers, there is a name for this strategy: security through obscurity. That got me thinking, is there a better way to secure physical property? I think that at this point, most knowledgeable computer people have given up on security through obscurity, and now recognize the importance of proper security. But physical security is a very different beast than computer security, isn’t it? I mean, if the current state of the art in vault-making is just security through obscurity, then what would proper security look like?

One of the primary principles of computer security is that it is open. Nothing is hidden or secret about encryption algorithms. The only secret is the secret key that a particular person uses to encrypt their data. As long as an attacker doesn’t know that secret key, their knowledge about the rest of the encryption algorithm doesn’t help them a bit. Would it be possible to do the same thing with a vault? Could you make a vault whose blueprints were completely open and available to anyone, but that was still secure, as long as the combination was unknown?

I thought about this question for a while, and it seemed to me that it should be possible, but no answer was forthcoming. The central problem is this: you can keep the control system for opening and closing the vault inside the vault itself, to protect it from tampering, but you still need some way to communicate with the control system in order to cause it to open the vault’s door. For example, if the control system inside the vault will only open the door for a particular numeric code, then you would need some kind of keypad on the outside of the vault, so that the vault’s owner could enter the code when they wished to enter. Then you would need some kind of connection between the keypad and the control system. The most obvious communication channel would be a simple wire, but then you would need to drill a hole through the vault’s outer wall for the wire to pass through. This hole then becomes a vulnerability. The attackers could rip off the keypad, pull out the wire and then snake a little endoscope-like robot through the hole to monkey with the control system directly. There are little additions that could be made to this system, but none that fully remove the vulnerability. If you make the hole through the vault wavy rather than straight, for example, then the little robot would have more difficulty snaking through, but a more flexible version of the robot could be built. Measures could be adopted to prevent the keypad from being ripped off, but they could all be circumvented by opening and hacking the keypad itself, which the attackers would have relatively easy access to.

If the vault’s walls were constructed of metal thick enough to withstand many hours of drilling, then it probably wouldn’t be possible to use any kind of wireless radio signal to communicate with the control system either. This was the thought that finally led me to the answer that I was looking for. If the vault’s walls were made of metal, then perhaps the walls themselves could conduct electricity well enough to allow a signal to be transmitted through.

Imagine this: a vault cast as a single piece of hardened metal, with walls several feet thick, able to withstand three days of non-stop drilling. The vault’s single opening would be protected by a door of the same thickness as the rest of the vault. The hinges for the door would attach on the inside of the vault. From the outside, the vault might appear as though it is just a solid block of metal, with only the thinnest seam visible where the door joins the rest of the structure. Also inside the vault would be the computer control system, perhaps powered by radioisotope battery. The computer would have paddles touching the outer wall that would be able to detect if the wall was conducting and electrical charge. If the computer detected the right pattern of on-off charges (communicating the secret key in binary), then it would open the door. To open the vault, the owner would roll some device up to the side of the vault, pressing paddles up against the vault’s walls. They would then enter their code, by a keypad or some other means, and it would be transmitted through the vault’s walls to the control system.

All that would remain would be the “brute-force” attack: drilling through the wall. Of course, there could still be some subtle vulnerability, but if the plans were published for review by the security community, that would definitely decrease the likelihood of such a thing. If nobody in the security community publishes an exploit for the vault over the course of, say, 50 years, then I think it would be safe to say that the chances of discovering a vulnerability in the next 50 years would be vanishingly small.

There are some possible problems with this. For instance, I don’t know how much electricity would be needed to generate a signal that could reach into the vault. Perhaps the owner would be risking electrocution every time they tried to open the door. Perhaps the vault would need to sit on insulated pillars, because of the electrical charges involved. I am not a vault designer (IANAVD), but it seems to me that something like this could be built.

Perhaps what I’m describing has already been invented, though a quick Google search didn’t turn up anything. If there’s anyone out there who knows anything about bank vaults and physical security, I’d love to hear what you think.

May 10, 2008

Why I Chose VI

Filed under: Uncategorized — bnsmith @ 8:21 am

Today, I finally made a decision. I will learn to use the vi text editor. Actually, that’s not quite correct; I plan to learn Vim, but you get the idea. Anyway, I have also decided to explain my reasons for this choice, in the hopes that it may be useful to other people who haven’t yet made a decision, just as I hadn’t, before today. I believe that I have made my decision on a rational basis, but that is for you to judge. Remember that I am new to both vi and Emacs. I haven’t invested several years of my life in mastering either one. On one hand, this means that I do not know enough about either to really judge based on their features. On the other hand, I believe this also leaves me largely unbiased. Until today, I would have been perfectly happy to select either one, had I encountered some incisive, knock-down argument in favor of one or the other. In the end, it was just a grab-bag of little things that finally pushed me over the edge. But first, perhaps it would be instructive to answer another, related question.

Why I Chose Nothing

A lot of you are probably wondering why it has taken me so long to pick one or the other. After all, vi and Emacs have been around for decades, and I’ve been a programming professionally for several years now. Well, it’s not as though I haven’t thought about it. Every time I encountered a co-worker who used one or the other, a little niggling doubt would pop into my head. What do they know that I don’t? What am I missing?

I gave the subject a great deal of thought, and decided that I should instead spend my time on languages rather than tools. Instead of learning a tool that makes it easy to add a lot of getters and setters to a Java class, for example, wouldn’t it be better to learn a language that doesn’t require getters and setters? I still feel this way, to some degree, and I certainly don’t regret my decision to learn about Python, Haskell and Scheme. Nonetheless, I now think that a little investment in vi will pay off in the long run.

Reason #1

I’m placing this reason first because it is the most immediate reason for me to learn vi. This is the reason why I am learning vi today rather than yesterday or tomorrow. Although I am still believe that learning more expressive languages is the better solution to repetitive editing tasks, I live in the real world. I am a working programmer, and it isn’t always reasonable to choose the exciting and obscure languages that I read about in my spare time. Beyond that, I have come to accept that there is more text out there than just raw code.

Today, I ran into a situation where I needed to edit a 20 MB data file. I tried to pop open gedit, but it wouldn’t open because of some null-bytes that appeared half-way through. Needless to say, this was not a problem in a real editor. I needed to cut this file down to isolate a bit of data that was causing problems. I wanted to search for a bit of text, and then delete everything above it to the start of the file. With vi, it is possible to hook an operation that you wish to perform to a selection command. To move to the start of a file, you can type ‘gg’. Therefore, to delete everything up to the start of a file, type ‘dgg’. Three characters is all that is required. If it had been a shorter file, I would have just held down the ‘Shift’ key and pressed ‘Page Up’ until I was at the top, then tapped ‘Delete’, and I wouldn’t be writing this post.

Reason #2

People often half-seriously suggest that Emacs isn’t an editor, it’s an operating system. The Emacs environment allows you to write programs, debug the programs you’ve written, check your mail, browse the web, play music, and a hundred other things, all without leaving the editor. The problem is, I already have an environment in which I can do those things: GNOME. I don’t feel the need to have another environment that runs entirely within a window on my GNOME desktop. Remember the Unix philosophy: write programs that do one thing and do it well.

Reason #3

This is probably going to be one of the more controversial reasons, given that I have so little to back it up, but I’ll mention it anyway, simply because I believe it and it has been a major factor in my decision. I believe that vi is currently more popular than Emacs. Linux Journal’s Readers’ Choice Awards for 2008 put vi in the top spot for text editors. Debian Administration also conducted a poll on the subject, though I admit that their numbers are probably unfairly skewed towards vi, given the site’s audience. There are a few bits and pieces of anecdotal evidence floating around, but the real clincher for me is the activity level. There just seems to be more going on with the vi community. There are multiple projects to bring vi-like features into Eclipse, as well as multiple GUI wrappers, including the intriguing Cream project.

Popularity isn’t everything, but it does matter, as I’ve described before in relation to programming languages.

Reason #4

I don’t want to get Emacs pinky. I do realize that it is possible to change the useless “Caps Lock” into a Ctrl key, and I have, in fact, done this previously. Still, based on what I have read, this improves the situation, but doesn’t eliminate it. I’d rather just avoid Emacs pinky entirely.

Conclusion

I’m not going to guarantee that I will spend the rest of my life becoming a master of Vim. I’m just going to make a point of learning some of the keys and using it regularly for a while. If it doesn’t stick, I’ll just move on to something else.

March 31, 2008

Convert iTunes M4A Files to MP3, With an Easy-To-Use GUI

Filed under: Linux — bnsmith @ 9:29 pm

A few months ago, I described the steps needed to convert DRM-free iTunes M4A files into MP3 files using Ubuntu Linux. The procedure worked, but was more difficult than it should be, so now I’ve built a GUI front-end. No command-line typing is required!

How to Convert M4A Files to MP3 Files

Step 1: Enable Additional Software Repositories

  • Click on System -> Administration -> Software Sources (You may need to enter your administration password)

post9_1.jpg

  • Check the “Community-maintained Open Source software (universe)” and “Software restricted by copyright or legal issues (multiverse)” repositories

post9_2.jpg

  • Click Close
  • Click Reload on the pop-up window

Step 2: Download and Install the Conversion Program

post9_3.jpg

  • Ensure that the Open with option is selected; click OK (You may need to enter your administration password)
  • Click the Install Package button
  • When the install process is complete, close the pop-up and the installer program

Step 3: Convert Some Music Files

  • Click on Applications -> Sound & Video -> Convert To MP3
  • Click the Browse… button in the Directory to Convert box
  • Find the directory containing your M4A files and click Open; the program should now look something like this:

post9_4.jpg

  • Click on the Begin Converting button

It will likely take about thirty seconds to convert each file. If you find a bug, please either post a comment here or report it on the Google Code Project page. I’m also happy to implement new features, if you have any ideas.

Technical Details

It seems to me that making the GUI took just as long as making the actual conversion script, if not longer. I spent a lot of time experimenting with different GUI systems. I tried out Dabo, and was leaning heavily towards using it for this project. Unfortunately, as I worked with the IDE, I encountered a few frustrating usability issues that kept me from embracing it fully. Notice that I said “usability issues” instead of “bugs”. The software wasn’t buggy at all, and I think that the Dabo people should really be proud of what they’ve accomplished. It just needs to be a bit… simpler. Simple is better than complex.

I discarded QT for the same reason. Perhaps if I need a more powerful GUI system in the future, I’ll consider looking at it again.

In the end, I decided to go for wxPython with wxGlade to graphically design the layout. I really appreciate both the simplicity of this system, as well as the attractiveness of the result. It isn’t perfect, of course. I wish that the wxWidgets toolkit had an available control that was like a tabbed notebook, but without any tabs and controlled programatically. I know that there are several workarounds, but I would still like to see one of the workarounds integrated into the toolkit.

This is also the first time that I’ve created a Debian package. The process was more difficult than I’d hoped but easier than I’d feared. It was very time-consuming to boot my computer with the Ubuntu 7.10 live CD, try to install the package, find that I’d missed a dependency or something, go back and fix it and then repeat the whole process again. Still, it could have been a lot worse. I probably would have given up my packaging effort if not for this video.

Anyway, if you have any questions about creating GUIs or Debian packages for Ubuntu, leave a comment and I’ll help if I can.

January 17, 2008

Convert iTunes M4A files to MP3 on Linux

Filed under: Linux — bnsmith @ 3:00 am

And Keep Some of the Tags!

Update: I have just finished creating a GUI front-end for the conversion program described below. This new program can be installed easily through a package and should be easier to use, so I suggest you follow this link and try the directions there first.

I love iTunes. It was the first web retailer to sell music from the major labels with no DRM. On the night that iTunes Plus first became available, I stayed up late, trying to find some albums that I wanted, just because I wanted to see the folks at iTunes and EMI rewarded monetarily, and wanted to do my bit. Of course, iTunes Plus music comes in non-DRM-encumbered M4A format, which doesn’t play on many portable MP3 players, and doesn’t play very well on others.

There are plenty of posts describing how to convert M4A files to MP3, but most of them completely ignore the information about the artist, album, and so on embedded in the file as tags. I don’t know about you, but I think tags are important. I don’t want to sift through 500 tracks named “unknown” on my MP3 player.

The program that I’ve created will convert a directory full of M4A files to MP3, preserving the artist, album, song name and track number tags. Hopefully this should be enough to play a whole album, in its proper order, with no confusion.

These instructions are specifically for Ubuntu 7.10, but should work on other distros with some modifications.

The first step is to install some required libraries. Open a terminal and type:

 sudo apt-get install id3v2 mplayer lame python-mutagen

Next download my program here, and extract it. Suppose that your iTunes music is in “/home/youruser/itunes”. In your terminal, go to the directory where you extracted the program and enter this command:

./ConvertToMP3.py /home/youruser/itunes

The original files will be left untouched, and new MP3s should be put into a new directory called “/home/youruser/itunes_mp3″. If you have any problems, don’t feel bad about leaving a comment asking for help. In fact, even if you don’t need help, maybe you could just leave a comment anyway. It would be the first comment I’ve ever gotten. ;)

Next Page »

The Rubric Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.