The Merion School Spy-On-Kids-With-Webcam Case

Wow.

Every once in awhile I get hit with a story that leaves me scratching my head and saying to myself, "What the hell were they thinking?"

This particular scratching came from the story pertaining to the Lower Merion School District. The best summary thus far of the events comes from Philly.com. The gist of the story; kid had a school-issued laptop at home, gets called into the office, and the assistant principal confronts the kid with a picture taken by the laptop's built-in web camera showing him with "pills" and accuses the kid of drug activity.

Um...

The school had software called LANRev installed on the laptops for theft control. If a laptop is stolen, then it's "tagged" on a server and the laptop tries to "call home" to record the IP address as well as record snapshots from the web camera and screen activity.

The student's family apparently turned around and filed a lawsuit for invasion of privacy, and from there poo was hitting all sorts of ceiling fans. Students had noticed the webcam light randomly blinking on and off at various times and were told this was a "glitch," that they could ignore it.

Now it's time for all sorts of indignant cries to rise up from the choir...

For example, one parent saying that the computer could have taken pictures of his daughter when she took the computer into the bathroom as she showered. Huh? Isn't that like cooking bacon in the nude? Why would you take a thousand-dollar laptop into a humid, wet room while you were showering? You do know that electronics don't like water, right? (this link gives the example in the transcript of the podcast) My daughter is nearly 18 years old and I wouldn't hesitate to whack her on the back of the head if we spent a thousand dollars on a computer for her and she took it into the bathroom while she showered.

But this does bring up a legitimate concern, namely the ability for someone to get pictures of kids in their rooms in various states of undress. This would then bring the school (or system administrators) into the nasty territory of child pornography.

Hmm...

I'm personally torn on the issue. I've read the excellent writeup by Stryde Hax on his blog here, and I think I understand his viewpoint. Unfortunately it's not really a balanced view on the situation (as is his right to present on his own blog, of course; he I think he has been very understanding of dissenting viewpoints in my opinion and am glad for what he has contributed to the story since most involved seem to prefer throwing out non-constructive or vindictive opinions without any actual content to justify the viewpoint, while Stryde has been very good at articulating his view.)

Here's my take.

People have a right to their property, and to protect said property from theft. If I'm robbed, I am damn well justified in being angry at the violation of my privacy and have a right to be angry at having someone steal my sense of security.

I think I should be allowed to set my computer to do whatever I want. It's mine. If I want it to take pictures and upload them to a server, I should be allowed to do so, as long as there's no intent to violate someone's rights (having my computer take pictures of me during the day or pictures when it's stolen is legit in my book, but having it programmed to take pictures because I'm planting it in a locker room is clearly wrong.)

The school laptop program is giving students school property. This cannot be emphasised enough because people like to conveniently forget that part of the story. The schools is lending property to students. My feeling is that because the laptop isn't mine, and isn't under my control, I'd trust it about as far as I absolutely must and after that it's shut down. The laptop was supposed to be used for schoolwork, not texting friends, browsing the web for porn, or anything else the personal computers are used for, even email that isn't school-related. Anything you do can be recorded and used against you later. I have yet to understand why people can't get that through their heads; just as employers own the computer on your desk at work and can browse your mail and monitor your Internet use, schools have the same rights on their network, and unless it's spelled out otherwise you should reasonably assume those Big Brother rights extend to a laptop you don't own.

I think that a school should be able to do whatever they can for gathering evidence to bust people for stealing expensive property, and taxpayers should support it since this ultimately is funded by the taxpayers. Losing laptops and breaking them and treating them like crap doesn't get them fixed for free. Someone foots the bill, even if the path for the money is convoluted to the point where kids don't understand that Mommy and Daddy may end up having to pay more in taxes because they can't be more responsible with school property.

BUT...

There are caveats to the case. The computers were meant to bridge the digital divide; every kid has a computer with which to do schoolwork under the laptop program, and that meant as they implemented the program that every kid was basically required to use the school laptop to get through their classes. In other words, there wasn't a choice in the matter. They had the laptop, and it was apparently spying on them at times. Again I wouldn't have trusted them for anything not school related; I'd use the laptop for school, and use my own computer for my own personal use. This isn't necessarily an option for kids that don't have computers of their own, and I understand that. But I'm still torn on that as another issue because it seemed that many of the kids that can't afford even a $300 computer manage to afford a cell phone. Priorities. But that's not the topic at hand.

Also, the school denied that the laptops had the ability to take pictures of the kids and spy on them. It's one thing to have the ability, it's another to hide the fact that it can be done. According to the Philly.com story, representatives from the student council asked administrators about this and were basically ignored when they voiced privacy concerns; from the sounds of it the administrators stuck to the story that it was a "glitch" causing the webcam light to come on. Totally unethical.

The Philly story also points out what was possibly the biggest bonehead move on the school's part. The user agreement that the kids and parents had to sign was just the old boilerplate used in past years for using the Internet in the school, nothing new or updated related to using school computers at home. Dude, liability 101...were you all asleep at the wheel here? Where was the tech with half a whit of common sense who stopped to say that maybe you should have special rules in place for kids carrying thousand-dollar equipment around, especially knowing that kids treat school equipment like crap since, "Hey, I didn't pay for it! It's FREE!"

Most parents don't seem to know just how much liability schools have to cover their arses for. When a teacher sees or overhears anything, anything, they have to report it to higher ups or they can be responsible should something happen to said kid. Kid has a bruise around the neck resembling fingers? Kid have unusual cuts on the arms, or marks that look like something was injected with something? Or maybe they heard some passing talk about a kid being coerced into oral sex? These things have to be reported to administrators or authorities.

So if I were there when discussing issues in rolling out these laptops, one of my concerns would be that these things are virtual black boxes for collecting data on kids and that would put technicians into a potentially dangerous situation with knowing "too much." Troubleshooting a computer and running across browsing history involving abortion, drug use, parents raping sons or daughters...sure, chances are slim, but in a litigious society there is little room for "we'll deal with it if it ever comes up" and hope for the best. With the addition of taking pictures of the computers in homes, you can be sure to bet that I'd worry about collateral damage; pot plant in the background? Parent or sibling walking in the background half-nude from the shower? It's a can of worms I'd not want to deal with.

More than that, where are the checks and balances? The article states that the system was only used if requested by administrators at the high school or higher-levels. That isn't good enough. There should have been an iron-clad method for controlling who gets to use this and view the collected evidence, not just within the school but by a third party, such as the local police department. Better yet have the police involved each and every time the system is used.

Side note-the school apparently is saying that the police department did know about it, because the pictures are uploaded to a website where they can view the collected evidence. The retired police chief was quoted as saying he knew nothing about it. Another case of police being...surprise...technology-tarded, nodding their heads when told about what they can do when in fact they had no clue what they were agreeing to? Or is the school lying? Or are the police covering their own behinds?

These seem like common sense cover-your-behind issues that should have been dealt with at the outset of the program.

Of course there are little details that are squeezing out as the story develops. Worse, the details that do leak out are mostly one-sided, as the school plays the stoic "lawyer advises us to say nothing so we're not commenting" game while the kids and parents are shooting off whatever details they want, true or not. For example, there's no full explanation for why the theft-tracking was activated on a laptop that the school knew the particular student had in his possession. There is also a rumor that the kid wasn't using drugs, he was actually eating Mike and Ike's candies, which if it's true is going to be a definite story for the hall of embarrassingly stupid mistakes.

The Philly.com story also has some more background on the details of the kid and his history with (mis)using the equipment. According the news story, his family never paid a required $55 insurance fee before taking the laptop off campus, and the laptop in the question was a loaner unit because he had broken at least two laptops. It then went on to say that the theft tracking features were turned on because the school suspected the student had taken the computer home when he wasn't supposed to, in which case it would be considered "stolen."

...of course, it was just laziness and/or lack of procedure that would lead them to turn on the picture taking features, as the only thing needed to prove the laptop was removed from campus was that it "phoned home" to the school's server after hours from an IP that belonged to a home network.

No doubt the case is going to continue to contort and twist as more details leak out. The federal authorities are now involved to see if there are civil rights that were violated, and congressional representatives are trying to score points by calling for an investigation (really, with all the waste in government, is it necessary to waste time grandstanding on this when there's already a court system being involved?) Everyone is now in spin control mode, doing what they can to cover their own arses and justify missteps.

What is clear is that the school was engaged in unethical behavior. Had I had a hand in the program, I would have encouraged openly telling students that yes, there are systems in place to keep them from being stolen. Students are issued laptops with ID numbers that are registered, and they are responsible if said laptop is broken or disappears while in their care. It has been my experience that kids treat technology as if it's disposable if there's no consequence for destroying it; they need to have encouragement from parents and school alike to take care of the equipment.

I also would have made it perfectly clear with an updated technology policy what is expected from students and parents charged with the care of the laptops. That would include notifying them of the possibility of photos being uploaded remotely as well as what the laptops could be used for. How they could have been so negligent in this is truly mystifying.

But life is 20/20 hindsight and this district will have a black eye for a long, long time. They will be known for many years as a district that deviously spied on kids and because of that they will have a long and hard road to travel in rebuilding what trust they had among students, parents, and probably teachers. They'll also have an interesting time if they are found guilty in the courts and end up paying a large settlement to this kid's family and as a consequence raise taxes on residents in the district...

EEE PC: More Conclusions

I've been using the EEE as my primary system for over a month now. So what's it like?

First the upsides.

My data is always with me. That's the primary reason we use computers; to have access to our data and services. I always had my computer on at home with secure shell open and waiting for my connections in the first place; I could access it from a laptop or other computer when away. Now I have that data whenever my netbook is with me, meaning accessing it is a bit faster (since I'm not editing a manuscript over a network connection, for example). It also means that I can access the data when I don't have a network connection available.

This thing is a tough little computer. The hard drive in the 701/4G Surf is not a standard drive, meaning no spinning platters with a little read/write head floating a hairs' breadth from the surface of the metal, further meaning that if it were dropped or there are extremes in temperature it would scrape the platter and possibly damage the head or media. It also means it runs quieter and requires less cooling.

It's small. This thing takes portability to heart; it's so lightweight that I think the Vaultz case I use to carry it actually weighs more than the netbook.

It runs Linux. I know Linux. It's usable, it's relatively small, and commands that work on my desktop at work also work on my netbook. I now have it running the Ubuntu Netbook Remix, so it stays up to date with security fixes and again...the commands are familiar. I can use handy tricks like redirecting Secure Shell tunnels and mounting other Linux computer filesystems with sshfs, and there's no vendor-exclusivity.

This unit happens to be one of the ones that has an underside panel that unscrews to add memory. I have a 512 meg DDR2 DIMM card running at 400 Mhz. I can probably upgrade it relatively inexpensively and without needing to solder or screw around with modifications to the unit.

Once you get the hang of it, using encryption on the laptop isn't so bad. I have encrypted my home directory so that if it is stolen, someone would have to crack the password in order to gain access to my files. If I'm not logged in or didn't leave my account logged in, my files appear as gobbledygook to anyone that tries looking at my home directory contents from a boot disk.

The unit has a built-in SD Card slot. I like it because I'm frequently transferring images from my camera and video camera to my external drives. The EEE was initially using the SD slot as additional swappable storage to make up for the small 4 gig built-in drive, but I've found that it was ahead of its time with giving access to SD cards now that so many accessories store data on them and using the USB cable can entail special drivers or instructions or software to interface with the toys. Lowest common denominator tends to be more reliable. Just insert the data card and use it like a disk volume instead of farting around with your high tech sony insta-digital-camera's settings.

Then there are downsides.

My data is always with me. If my netbook dies before I make a backup or if it's stolen, I lose my primary working set of data.

The drive in it tends to be on the slow side. I'm pretty sure this thing is using something more akin to an internal flash drive than an SSD drive because I've read information and seen video of SSD-equipped systems and they are fast compared to standard drives. this thing has a tiny amount of storage space and tends to crawl. It could very well be the sub-par specs compared to today's machines; it wouldn't be the first time I've hit bottlenecks that I didn't think were caused by a particular technology (i.e., a server that was slow and I thought it was the network getting bogged down, only to discover that indeed we've hit a point where the RAID controller and slower drives couldn't keep up with data requests!)

The battery life is sub-par. I bought a new battery thinking the old one was dying; nope, I still get around two hours of usable time on it. Very annoying, given the small screen and lack of spinning drive. The time on comparable netbooks today is closer to six hours or more. Either the battery technology on this is really crap or there's somthing quirky in the early generation 4G's.

It's small. The portability comes at a price. I wish there were some easy way of getting a virtual keyboard or a keyboard that expanded; the keys on this unit are small, and my fingers are big. I know I've brought this up before. My take is that I can almost type on it well. My error rate is definitely higher, and I am glad when I use it at home that I have a USB keyboard to plug into it so the "native" keyboard is more of a fallback while on the road. It's annoying but not a dealbreaker.

Linux was created for geeks, by geeks. It scratches personal itches, meaning that usability "papercuts", as they're called by Canonical's CEO, aren't bandaged unless a particular programmer is irritated by it enough to fix it. More often than not that means that Linux afficionados find workarounds and make excuses, saying that it's not hard to get around the issue, just do XYZ. That works well for them, but makes the Linux system look piss poor when comparing a simple, everyday task on a Mac running OS X (which is running a derivative of UNIX under the hood) and a Linux system side by side and it just works on the OS X system. I shouldn't have to use workarounds after two decades of development under Linux.

What kind of tasks? This is another papercut. I use a desktop monitor at home, an LCD panel. I plug it into the Mac, the Mac recognizes it and sets the display and refresh rates correctly. I have the monitor in front of me and the notebook on my right; on the Mac I tell it to arrange the monitor on the notebook's left and then dragged the strip on the virtual monitors to the LCD panel, turning it into my primary display. Works great. I was pleasantly surprised when I connected it up again the other day and the display came up as my primary display again, complete with doc and menu bar, with the notebook acting as a secondary display. It must have filed away some information about my LCD panel to remember my settings. Nice!

The netbook, however, loses this configuration. I connect the monitor up and boot the netbook. Inevitably, the first time it discovers the monitor, it mis-sets the refresh rate so that things are readable, but vibrating so fast that graphics look like they're being buzzed visually. Highly annoying. Oddly enough, I reboot the computer, and it will display things more sharply, like the second time around it discovers the proper refresh rate. Two boots. Every time.

Furthermore, if I try rearranging the displays, it won't set the graphics properly. I lose the menu bars and task bars, I can't use the netbook with the monitor attached anymore because I've basically lost all the control elements. I need to disconnect the monitor and re-set my settings to fix it. No matter how I try to set it or arrange it, the netbook screws it up. So I'm left with my primary display being on the netbook on my right side, and dragging my windows to the right hand side of the netbook's display to have it "wrap" to the primary monitor I want to use, then re-maximize programs. It appears that the primary display on the netbook/Ubuntu system is the monitor that is set to be on the "left" side of the virtual displays. Since I can't rearrange the displays and have it properly arrange graphical elements like menus, I can't move the Samsung LCD monitor to the left; the netbook always thinks it's on the right. That sucks.

I think the USB controllers on the netbook are slow, or the combination of memory/CPU/controller makes it slow. The netbook has a tremendous system load appear if I copy a lot of data over the USB bus to external Western Digital drives. Given that the netbook has a low amount of storage to begin with, this really means that things I occasionally do on computers...audio or video editing, for example...are out of this system's reach. It can barely watch YouTube videos, let alone edit them. Using external drives to store large data files would be painful to even contemplate.

Power is screwy on this thing. I keep getting this "your battery may be bad" error. I looked into it after I replaced the battery and it still had the error message; turns out that the unit is apparently known for it. The circuitry reports the power level to the operating system as a percentage, so the operating system interprets it as being at 1.9% power since it's converting the percent to another percent; it's suppose to report the power output in mAh. 100 mAh on a battery reporting itself as having a capacity of 5200 mAh is indeed going to screw up the math, and it appears that no one is going to fix this issue with a patch specific to the ASUS battery model in question within Linux.

Related to power, when this gets low on power it just shuts off. Blip. All work not saved is gone. No warning. The MacBook I use from work will try to go to sleep or hibernate to save your work, and give ample warning. The most warning this gives is a red battery display in the upper corner of the menu (which I configured to show that information) and if I don't keep an eye on it, blip it shuts down straight dead. It's a nasty surprise.

There is no disc drive. I know this cuts down on power use and size, but still it's a little bit of a pain not to be able to burn discs or access burned discs, especially when Ubuntu's built-in support of disc burning trumps OS X's way of handling it in my opinion (in OS X it looks like I'm burning aliases instead of files. I was sure when I first did it that I actually burned a disc of shortcuts instead of the content I actually wanted. Not user friendly in that aspect. Ubuntu uses Brasero to open a window in which it looks like I'm dragging copies of my files to that window, then click the big "burn" button to finalize it.)

Conclusions...

I've been using it exclusively for my desktop work at home. I am able to use it for most things I need; but I am limited, and those limitations chafe me. I can't watch many Youtube videos because it stutters on some of them horribly; I'm better off using my iPod. I can't use my computer to sync my iPod; but I already have a Windows computer to which I connect it with iTunes (and use my netbook to VNC into the headless Windows computer to do updates and maintenance.) I can't run Virtualbox...I suppose I could, but man it would be horribly slow, and there's no way I could create a hard disk bigger than a couple hundred meg at most without an external drive, and that would make access even slower.

The tasks I primarly focus on...remote control of the Windows system for my iPod, editing my manuscript of a novel, composing email in Thunderbird and reading mostly static web content...it works okay for those tasks. It does get bogged down with flash content to the point where it'll stutter the interface (the web browser will "pause" as it loads content, making the menus and tabs unusable for up to thirty seconds at a time.)

It's portable and it boots relatively quickly. Actually running of tasks seems to slow it down, but booting isn't that bad, despite running with encryption on the home directory.

I am able to get my primary work done, just with a little more care and a few more...papercuts.

In the end there are systems today available for under $500 that are refined versions of this 701. Unfortunately most of them are Windows 7-based so support for Linux is limited to what you can find from other netbook pioneers and experimenters online before buying, and since netbooks often have specialized design considerations there is an increased chance that something won't work properly due to driver issues if you try installing Linux on a new netbook. Would I consider getting a new netbook to use as my primary system? I'd consider it. I'd like to find something that addresses limitations in storage and speed, but again that influences some of the things I like about this unit...size, quiet running, and the flash memory instead of regular hard disk drive. Most of the cheaper units out there use micro drives so there's plenty of storage (if it has Windows, it needs that extra storage). On the other hand the battery life has increased to 6+ hours despite the slightly larger displays and traditional hard disks.

So the unit is usable, but I'm on the lookout for something better down the road. If I had a ten star rating system I'd give it an overall six for my purposes; satisfied enough to keep using it, but I definitely look around at Sam's Club and Amazon and NewEgg at the current crop of systems and wonder if I have enough money to buy something that might possibly fit my needs better.

Encrypting your Laptop: Summary Thoughts

The issue of encrypting your data is far more complicated that I'd like it to be. After doing this on my work laptop running OS X and my personal netbook that I'm using as a "portable computing experiment," I can say there is significant difference in the experience.

I used the "default" methods for encrypting these systems. There are many options if you research online; Truecrypt is popular and cross-platform, EncFS can be used on Linux and OS X but takes some Terminal Fu to accomplish, dm_crypt on Linux,...options abound.

But here's why I chose the "Default" methods; they work. They're supported (in this case by Apple and Canonical). When you upgrade the operating system, there's a far better chance that the encryption isn't going to break the new installation.

The problem is that these encryption techniques are still with trade-offs, partially because of the way these encryption techniques are implemented.

Both FileVault and EcryptFS as implemented here encrypt just the home directory. This means that anything in the temporary directory or in the log files are accessible, as is the swap partition, which can hold data that was in memory and could have sensitive information tucked among the crud. The good news is that odds are very good, since Linux and OS X are "UNIX-based" in design, that your personal data is contained within the home directory.

When you log in, the encrypted volumes are mounted so you can access the data. This means that when you're logged in malicious software can access your unencrypted data. In other words, encryption isn't a cure-all for security.

EcryptFS on Ubuntu stores your files as files on top of the filesystem. This means that if I were to look at my username's files when that username is logged off, say, by logging in as root, the files look like gobbledeygook. Each "real" file appears as a string of nonsense. There's a one to one correspondence...the encrypted file will still allow a nosebag to see when I created the file or last accessed the file, the approximate size of the file, basically they can get a lot of metadata without seeing the actual content or name of the file. This means that it's a lot easier to back up the files to another media.

FileVault is implemented using a "filesystem within a file". If I log in as my secondary user (more on that shortly) I see a huge number of files that comprise a sparse disk image. When I log in as my normal user, OS X takes the image files and combines them into one big container, and my files are contained within that container file. (To be more accurate, the many files are contained in a bundle, so within Finder you only see the top level bundle).

The reason the FileVault image was broken into many smaller files was because of an issue with Time Machine. Originally the encrypted volume was one giant file. If the user was logged in and then a backup was run, the backup will see that giant file has changed whenever even a tiny change was made in your home directory (since your home directory was actually contained in that giant container file). Apparently users got irritated at backups that took hours to complete when only a couple of documents changed.

Later versions of OS X changed the single giant volume into a number of smaller files. That way one small change doesn't trigger a backup of an entire multi-gigabyte file repeatedly but rather a single chunk of the volume.

In contrast, the EcryptFS method of using a one-to-one file encryption means that backups are simpler and faster. You alter one document, that file is the only one that changed and thus the nonsense-i-tized file will be backed up to your storage media.

It's also because of the OS X "container" approach that when using a utility like Carbon Copy Cloner for making images and backups of your computer that Bombich Software recommends you make sure you're logged out of any FileVaulted accounts. On the OS X system I had to create a second administrative user to do backups from.

Neither solution gives full-drive encryption, arguably the most secure. It is possible to configure a new Ubuntu system to encrypt an entire volume at installation time, but to do so means installing from the alternate installation CD. Not exactly user-friendly. So you balance security and convenience, accepting that anything in the temporary caches outside the home directory or anything in swap area could be recovered. On the other hand this means less of a performance penalty for accessing routine system files, since any encryption means having the CPU jump through more hurdles to decrypt information before you can access it.

Encryption adds a layer of security in case your notebook is stolen. The price is that it also adds a layer of complexity. Recovering your data in the event of drive corruption is far more difficult, and in the case of FileVault, if part of that container file is damaged you will most likely lose everything in your home directory. This makes having a backup even more important. Encryption adds processor overhead, so it slows the computer.

One last point I have is that these only encrypt the home directory. Since I'm using a netbook, my expansion storage area on the SD Card or USB drive is not encrypted. If I have that with my netbook case and they're both stolen, anything on those secondary drives is open to theft. I'm sure I could find a way to encrypt the data on those drives, but then if I needed to share data with another computer or use the drives with another computer, they couldn't use it since that system probably doesn't have the same encryption scheme installed. I also make heavy use of external drives at home for expanded space and backups, and they are not encrypted.

I do think that while FileVault has detractors...there are many on the Internet claiming that it will eventually destroy your data, and they decry the shortcomings of only encrypting the home directory...Apple has made the process braindead simple. When it comes to something like encryption, options are definitely a bad thing for end users. People want to accomplish a task. They don't want to have to weigh options and choose the "correct" answer among a sea of possibilities. With the Snow Leopard version, they get protection for the home directory, the protection is implemented in-place so they don't need to move their files around to a special encrypted directory or temporary holding area, the slack space can be securely wiped after the change is made, and they don't need to play with configuration files or the command line to set up details like automatically mounting the home directory, and since it's a standard OS X feature, chances are that new versions of OS X aren't going to render your home directory inaccessible.

The EcryptFS doesn't necessarily have detractors, but for a reason that is itself a criticism...it's not widely used. Linux has a small base of users compared to Windows (or Mac OS X), and an even smaller percent of those users are even aware of the existence of encrypted home directories. It's a feature that's probably not widely implemented in the wild.

I didn't talk about Windows encryption because I don't use it. Windows has had encryption support for some time now and third-party support is, predictably, even more mature (for example, TrueCrypt supports full-disk encryption for Windows, but not for Linux or OS X). But Windows is what I work with in my day job. And it drives me nuts. And one thing encryption will not protect you from is spying when you're already logged in with access to your encrypted volume, and the market for malware on Windows is more mature than the malware market for Linux and OS X as well.

What does that mean? It means that if spyware gets installed while you're logged in, the disk encryption can't prevent that spyware from uploading your documents or opening the machine to remote access to an attacker. The encryption only guards you from having your data stolen if your laptop is stolen; the attacker looks at your hard drive and finds nonsense instead of your banking information if they don't have your password.

It's all a balancing act. The two operating systems I am implementing encryption on stay true to their roots. OS X made it simple and painless. Linux makes it a hidden feature for people who dig under the surface to find the Easter eggs. Neither one is a panacea but are instead an added layer of security.

Encrypting Your Laptop: EEE PC (Ubuntu Netbook Remix) Edition

Continuing from my previous post regarding encrypting my employer-issued Mac, here I describe the experience of encrypting my netbook running, as the title says, Ubuntu Netbook Remix.

OS X includes FileVault for encrypting your home directory and is braindead simple to implement. It allows for live home directory encryption; that is, if you have the space available on your laptop and turn on FileVault, you don't have to do anything to your directory that involves copying or manipulating your files in order to get protection. Most of the time was spent just sitting and waiting while the laptop went ahead and started altering my home directory for me.

Ubuntu...not quite so much.

It's not fair to say that Linux makes it completely difficult to implement encrypted home directories. The latest versions of Ubuntu supports eCryptfs, the encrypted filesystem. This is built on the FUSE filesystem which allows users to mount "plugin"-supported filesystems (FUSE is a topic all of its own; I can use FUSE to do neat things like mount a SSHFS filesystem, a mount over secure shell. I used to do this to gain access to my home computer's files as if they were mounted locally on my work computer's directory tree.)

The main problem I ran into was that Ubuntu's supported home directory encryption was meant for implementation when users are newly created or when the system is being set up. There is no "live migration" as of Ubuntu 9.10.

There were instructions that were supposed to support a manual move to an encrypted home directory. I had a second computer, so I logged off of my netbook and secure shelled into the system from another system (you can't have files being accessed while you're trying to move them from your home directory, and part of the instructions tells you to log off the graphical interface to minimize the risk of corruption.) I tried those directions twice, and both times failed miserably.

What I ended up doing was first disabling the automatic login to my administrative user by going to system->login screen and telling it to "show the screen for choosing who will log in".

Next I set about the task of creating a new user using the "adduser --encrypt-home tempusername" command, giving that user full sudo privileges by adding him to the admin group, then logging in as the new user. Next I synced my original user's files with the new user's directory (from secure shell, not the graphical login) using the command "sudo rsync -aP --exlude=.Private --exclude=Private --exclude=.ecryptfs /home/username/ /home/tempusername". This copied all the files from the original unencrypted directory to the encrypted new user's subdirectory.

Next I changed ownership to the new user. Probably unnecessary, but I did it for testing purposes; "sudo chown -R tempusername:tempusername *" from the new user's home directory. Then to copy the hidden files, "sudo chown -R tempusername:tempusername .*"

A quick "ls -al" told me that I had caught all the files in the new user's home directory in the net of ownership to the temporary user. I then logged in as the new user on the netbook and lo and behold, my customized color scheme, icons, configuration...all of it...popped up. I checked that my files were intact and happily found that they were.

Next I deleted the old home directory by changing to /home and running "sudo rm -fr username" as well as removing the user from the user management GUI (which just disables the user; home directory is left intact.)


Then I went back to the command line and ran "adduser --encrypt-home username" to create that username again. I verified that /home/.encryptfs now had a home directory for that user then reversed my sync of directories; "sudo rsync -aP --exclude=.Private --exclude=Private --exclude=.ecryptfs /home/tempusername/ /home/username", followed by a "sudo chown -R username:username *" and "sudo chown -R username:username .*" from within username's home directory.
 
Once the sync was complete I logged in on the netbook again and my desktop once again popped up to greet me! Yay!

I then deleted the tempusername from the Users and Groups utility and deleted the subdirectory for TempUsername from /home and /home/.encryptfs; the last one is the actual home directory, where the encrypted files are kept. The "home" directory directly under /home is a mountpoint.

To sum it up, what I ended up doing was creating a new user with an encrypted home directory, copying my data there, then deleting my username and username's home directory and rebuilding it by creating a new user with my old username's name and copying my home directory contents *back* over to the newer username that I just created.

Now when I log in it's using eCryptFS to protect my home directory. Is it particularly user friendly? Not in my opinion. No end user is going to want to sit down and create a "temporary user" to hold data, delete then recreate their username so it will be encrypted.

There was also no built-in way to scrub slack space; my files were deleted, but they're still recoverable to disk utilities. In order to truly delete that old data you need to overwrite the "cleared" space a few times with nonsense data. Over time those files will be naturally erased as I use the computer and other data is added and removed, and without a special utility I'll have to rely on that.

A second problem is that the EEE PC uses a form of flash for storage, like an internal USB thumb drive. From what I understand the cells used to hold the information have a limited "write" lifecycle. The more you write to them, the sooner they'll fail, so controllers use algorithms to write to random spots on the drive to minimise wear on the cells. Running a scrub operation to overwrite the disk spots (and thus make my old data irretrievable) can wear more on the drive and there's no guarantee it's going to actually write where it needs to write to hide old data. Then again, I'm not a storage technology expert, so I don't know if there's a different mechanism at work here or not.

Overall the netbook encryption was more manual and difficult a process than it was on the Mac. If it weren't for my own experience in using Linux, I'd not have been able to easily do it. Even the encrypted home directory feature is not fully advertised in the Ubuntu installer; it's more of a stealth feature being tested internally and by advanced users worried about privacy. This is evident in the fact that to even create the encrypted home directory you have to add the user via the command line since the GUI user manager doesn't have the option. No doubt the feature will appear in a later version of Ubuntu. It'll be interesting to see what the next netbook remix version will bring in options for data protection should my netbook get stolen...

Encrypting Your Laptop: Mac Edition

Here's another chapter in my ongoing experiment with the mobile lifestyle.

Periodically a story crops up about some poor sap having his or her laptop pilfered. The news I get has all sorts of cringe-worthy details...doctors losing their laptops with patient information, accountants, business people...even my own employer has departments with sensitive information going between work and home.

Every time I see the story and the concern of personal data being ripped from the drive and used for identity theft, I laugh and think, "You dolt! Why would  you carry sensitive information on a portable computer without encrypting it?!"

Then I stopped and remembered that I never got around to securing my own work laptop (or the EEE PC). It was always one of those things I "meant" to do but just hadn't bothered, and every time I thought of it I knew it was a bad thing because not only would my equipment be missing but they could get passwords, cached emails, etc. on the system. I'd make yet another mental note to take care of it and promptly procrastinate again.

Well, no longer.

My employer lets me use a MacBook. Here I'll outline how I used the default form of protection, called FileVault.

How do you use it? Open the security preference pane. Go to FileVault. Set the "master password" and turn on FileVault for your account. I strongly advise setting the "Secure delete" to wipe the drive of your unencrypted data after your directory is moved to the encrypted volume.

And that's about it.

FileVault creates an invisible encrypted disk file that is mounted as your home directory; it's a sparse image file that grows as you add more files. When you log in with your password, OS X mounts the image file to your home directory. Everything you save or alter goes into that file. When you log out, it's unmounted.

You can see this if you create another user and try viewing the home directory of your filevaulted user. It's just a bundle of encrypted files.

The secure delete takes care of another issue with deletion and security; when you delete a file, it's just removing a reference to the file. The disk still has the data on it so data recovery utilities will be able to retrieve the data you're trying to encrypt (well, the remnants of your previously unencrypted home directory would be recoverable until it is overwritten with other files in the course of just using the computer.)

The process of secure deleting the slack space of the drive and the moving of your data to the FileVault volume can take quite a bit of time; in my case, a couple hours. On the plus side, I put the computer to sleep when I had to leave the office, and as soon as I woke the computer back up it continued with the secure delete task.

There are some issues with encryption (why must everything be a pain in some way?) Apple has tried to address some of the issues, but it's never simple.

Time machine apparently doesn't like the FileVault. See, attempts to back up the system sees the volume files plus your mounted volume as separate files, confusing the backup system. Plus, since you have those files mounted, they show up as being constantly altered, so time machine will keep trying to copy the sparseimage files, which as soon as your home directory changes triggers a change on the image files which triggers confusion for the backup system again...meaning a simple differential backup can easily be corrupted or take hours when it should have taken minutes.

Apple tried to address this by turning the FileVault image into many smaller images. From what I found online, this helps, but still leaves room for complaints. Fortunately I don't use Time Machine so this didn't affect me.

What does affect me, though, is the use of Carbon Copy Cloner. This is one of the best (free!) utilities I've found for creating backup images of your Mac. The problem is that you confuse the @#$% out of it if you're FileVaulted and logged in. It's trying to copy your drive while you're altering the image files.

The solution is to have an administrative user that isn't FileVaulted, made just for administrative work, then image the drive. That way the FileVault image files are unmounted and untouched and you won't need to worry about corrupting your home directory.

I also need to remember to log off or turn off the laptop if I want data secured. When you're logged in, the volumes are mounted, and so anyone else logged into the computer can read your files. Only when you are logged off and the images are disconnected from the home directory mount point are the files "secured."

The only other complaint I've really run into is that logging off takes longer. Because FileVault uses a disk image, the image can't "shrink" just because you delete files. When you log off OS X will try to shrink slack space in the image and thus recover some space on the drive. If you deleted a lot of data, like gigs of photos, then log off it can take quite a while for the shrinking process to complete.

Overall Apple made it extremely simple to encrypt your home directory. It's all graphical, it's simple, and Apple takes the burden off the end user to figure out the technical workings of encryption. A few clicks, a few passwords, and the rest is largely invisible and "just works". The process took an hour and a half...but an hour and 25 minutes of it was just waiting for it to finish the background copy and scrub of data. OS X let me continue working as if nothing was happening (well, it slowed a little since the drive was given a workout, but I could keep working without issue.)

I can say that barring issues like having the image files become corrupt due to disk or power problems, encrypting your home directory on the Mac has been painless. I've been using it for a week or so without issues with any of my software, including virtualizing Windows in a Virtualbox session.

Next, I tackle encrypting my EEE PC with Ubuntu...

EEE PC: The Experiment Continues

I've been continuing to use the hardy little EEE PC with Ubuntu Netbook Remix on the 701 (4G) model netbook, and so far it's not been too bad.

Yes, the keyboard is still cramped.

But...it's the most portable little thing I've ever used, and the keyboard isn't an issue for extended use when I have it "docked" to a USB hub (with a USB keyboard attached).

Right now I'm waiting for a $65 battery to come in the mail. The current battery is giving me roughly 2-1/2 hours of charge at a time, which is probably average for an older laptop, but a netbook should give at least 4 (if not closer to 6) hours on a full charge. The production date on this unit looks to be around 2007, so I'm not too surprised at the reduced performance if the laptop is physically around 3 years old, even if it didn't get a lot of use before. I'll probably know more once the new battery comes in.

That means that my netbook is going to end up costing me roughly $80 with the keyboard and battery replaced.

I was hesitant to use this as a primary system because there would be limitations. Now that I've used it more, how does it stack up?

Fairly well, I was surprised to learn.

Fairly well in that I have aggravations, but nothing that makes me (so far) throw my hands up and give up. The limitations are a combination of technical and operating system issues.

The aggravations seem to be usability limitations of Linux at times. I'm saying that because most of the limitations I hit with Windows (and I'm a Windows XP fan out of the Windows family; I hate the arbitrary security and DRM limitations that are layered into each subsequent release of Windows with a passion) seem to be architecture and design issues. For example, when Windows gets infected with malware, the easiest, most thorough solution is to wipe the drive and start over. Most malware manages to get its hooks so deeply embedded into the Windows system (or mucking up your profile) that really anything else is a half solution.

Linux, not so much. It either works, or it doesn't. That's its major limitation. It was designed by geeks for use by geeks and damn anyone else...you're just not computer-friendly so it's your own fault.

What limitations am I running into?

I already mentioned flash movies bogging the system down. What do you expect? This tiny miracle has 512 meg of RAM and a fly's sneeze of storage space. I can play one video at a time, and I don't mind being patient when looking at things online most of the time.

Video. I hooked up my external 22" LCD panel to the laptop, and it sees it automatically. Yay! I have it arranged with the LCD in front of me and the laptop on the right. Now, ordinarily, you go into the display properties and tell it to put the big monitor on the left and the built-in display on the right and you're good to go...you can span the mouse across the desktops as if you have one big, wide display. Well, in theory this works. In practice, it throws my EEE into a tizzy.

It will detect the LCD and put it on the right hand side of the netbook, reversing my layout. If I try to put it the other way around, it seems to get confused with where to put the primary display (like the menu bar), and really throws the resolution into a tiz as well. Just totally confuses it. So I end up leaving it reversed and remembering to move the pointer the "wrong" way to get to the correct screen.

Second, there seems to be a slight discrepency in refresh rate. Sometimes it uses 60 hz, sometimes 75 hz. The effect? Anything on the LCD panel gets these tiny, fast moving "wiggles", like goose bumps on meth. It's the visual equivalent to a buzzing. Sometimes restarting the netbook seems to fix this. Doesn't seem to hurt the LCD, but it's annoying if you're looking at the display for long periods of time.

Mounted volumes. I have a 2 gig SD Card in the system to store my files along with 2 external 250 gig drives for backup (well, now semi-permanent storage) connected via the USB hub. The netbooks boots and sees them but doesn't always mount them automatically. I go to the files and folders panel and have to click them each once to get them to mount so I can use them. Why? I have no idea. I discovered it while running my backup script and having it throw an error at me saying that the external drives weren't hooked up even though they had powered up and were showing up in my drive display. The netbook saw them, but wouldn't mount them until I clicked on them. Worked like a charm after that.

These are the kinds of usability problems that annoy me with Linux on the Netbook. I'm reminded of them because I recently had a little project that I was working on; I'm trying to create a relatively simple Visual Basic program for someone where I work, and that means I needed to use a Windows system.

I decided to use the virtualized version I have on a MacBook (1 gig RAM, 2 Ghz processor dual-core, the MacBook black notebook) running on Virtualbox to use Visual Studio Express 2008.

I connected it up to the hub and monitor so I'd have a little more comfort while puzzling out the programming problem. The Mac detected the display and used the proper resolution without issue. It let me place it to the left side of the notebook without a problem.

The computer saw the two external drives but because they are Linux-formatted with the EXT3 filesystem, it couldn't read them, so it offered to erase them. Um...eject...eject...that's not a problem with the Mac, I expected this to happen. Didn't hurt them.

The Mac asked about my keyboard; I had to press two specified keys to identify it, and it was happy after that.

From there...things seem to just work. Display settings, keyboard, mouse...happy. The Mac isn't without warts, but it has more of the end-user experience ironed out, while Linux has more burps and hiccups along the way. It's sad because the Linux system is fantastically secure and capable, but when you run into issues with something that should be simple for the end user like arranging your desktops between two displays, it's extremely frustrating. Especially when I hook up a Mac and am able to alter resolutions and arrangement of displays without losing my desktop, my control programs (which I did on the netbook and had to restart it to have it redetect the proper display resolutions without the 22" display connected), or guessing where my programs went when it decided to place the programs off the display area somewhere.

I should not be afraid to change my display settings! With the Mac I'm not. With the netbook, there's always a little crossing of fingers.

On the other hand, the Mac is heavier, bigger, and not as portable (I guess the heavier and bigger parts sum up as being a little less portable, huh?). It has a spinning disk drive that makes it a little more susceptible to damage if there's a fall or bump, and the larger display increases the chances of having the LCD get damaged as well. Not cheap to fix!

Is it the ideal desktop? The jury is still out. I'll have more as I solidify my judgment more. Right now I'm using the Mac as a web browsing and Windows-virtualizing machine for the project, while my EEE is doing the day-to-day email and web browsing and editing of documents, so I'm comparing the two. But to this point so far the EEE has worked fairly well for the "average" use scenarios. I'd never try virtualizing anything on it, but I rarely have had actual call to do that...

EEE PC: The Great Experiment

I've decided to try something more...interesting...with my technology lifestyle.

I used to keep my primary workstation online 24/7. It's a big monster for a desktop...dual core 2.13 Ghz processor, 2 gig of memory, 3Ware raid card mirroring 2 250 gig hard drives, CD/DVD burner and separate DVD drive (so I could easily copy disks to another blank without hogging the data bus), a slot card reader for reading SD cards and other media cards, nice fast video card driving a 22 inch samsung monitor...overkill for the vast vast majority of home users, but I did occasionally use the system for other things that average home users didn't (virtualization, for one, took a toll on the processor and memory...). It has Ubuntu installed on it, so it was virtually crash proof and was wonderful for most tasks I threw at it. Even three years old it's still above and beyond what most people use in their home, so it's aged quite nicely. I can't recommend the staff at Puget Systems enough for their help and guidance in assembling an affordable Linux machine.

I would connect to the system using secure shell, so I could easily access things like my journal application or files remotely. I could use the remote camera on the system to check on the house when I was away (did the daughter remember to let the dog in? Let's see...).

The thing is that keeping that thing running 24/7 sucks electricity. It also went largely unused most of the time. Sure, handy when I needed it, but otherwise, was it worth having it sit there, sucking up dust and pennies in power?

I've been experimenting with Ubuntu Netbook Remix on a very old EEE PC (the 701/4G unit). It's tiny. It's lightweight. And for specs, just about the only thing it has going for it is that it's really portable and probably takes weather changes and rough handling a lot better than most notebooks (how my daughter managed to still break it...twice...is !@#$ beyond me...).

I sat and thought about this for awhile. Here's what I've been doing lately...
1) edit my novel.
2) email
3) web browsing
4) diving into learning a programming language
5) blogging/filling in my nearly daily journal
6) transfer images from my camera to my hard disk and backing up my digital memories I have hundreds and hundreds of pictures of my 4 year old.

That kind of sums up what I've done with the computer lately.

So I've decided to go for a "grand experiment." I wanted to simplify my life and see if I could turn my computing life into a more mobile life. It wasn't easy. I had a lot of conversations with myself.

What if I needed to use virtualization to use Windows or a clean Ubuntu install? Guess I'll have to use the work-issued Mac.

What if I needed to burn an ISO disc, or create a CD??
Again...use the work-issued Mac. Dude, how often have you been doing that lately anyway?

No much, I guess. But what about editing pictures and movies?
You forgot that you've been doing that with iMovie? That was on the Mac too. And picture editing can be done on the netbook. It's just slower.

What about the keyboard? I can use it, but for everyday work? It'll get frustrating!
That's what you'll use the USB hub for, dummy.

Oh, yeah. I guess so.
Look, most of your utilities...OpenOffice, Adobe Reader, Firefox, Almanah Diary...the stuff on your desktop are also on the netbook. Don't worry.

What about...well, the display?
Plug in your monitor when the netbook is on the desk. We'll see how it works.

And remotely accessing files? If I need something while at Barnes and Noble, or at work?
Um...put the files you normally need on your netbook's SD card. You have a spare 2 gig card sitting in your drawer. You won't need to copy the data if it's with you.

It won't fit all the data, though. My files on the external drives are nearly 100 gig. The netbook has 4 gig of storage, plus 2 from an SD card? That won't be enough.
Calm down. You don't need that stuff. You keep it for reference or access later. The stuff you regularly use is tiny. It'll fit. And when you "dock" it with the USB hub, you have access to that data. I think we can do it.

I sighed, synced my data from the desktop machine to the 2 external hard disks I use for backups, then disconnected my computer completely, moving the mouse and keyboard to the USB hub on the desk. Then I took the CPU to another room where it'll sit undisturbed for awhile, and I'll not have the temptation of taking the easy way out of my experiment.

And now I am using my netbook as my primary machine.

It's not easy...I'm nervous to see how it works. The machine is really tight on space, around 300 meg free on the primary storage drive (and 2 gig on the SD card). The problem is that the system drive is filled from basic applications installed, so it's not easy to try trimming things out.

For my personal data, though, things should work out. I think.

I have a script I run that copies data from my computer to the backup drives; should anything fail, I can take my Western Digital "books" to another Linux computer and access my data (or restore to another machine if I need to replace a computer). I modified that script for its new home on my netbook, adding a metric ton of actual checks so that if a drive isn't mounted it won't run that backup routine (like the media computer; I mount it over the network and copy my podcasts and iTunes purchases to the drives in case the media computer dies (again)). Since my netbook may be out and about or not have the drives plugged in...hey, I forget things a lot, after all...I needed to add checks to the script so it won't delete an entire tree of data just because I forgot to mount something. It was long overdue anyway.

And now I am using the netbook. I'm taking my primary computer with me. I took it to Barnes and Noble last night. I brought it downstairs with me now for exercising while blogging. I dusted most of my desk for the first time in years, which I'm sure the desk appreciated.

So that's my great experiment. I'm approaching it with great trepidation, but I'm taking the plunge...can I, a computer geek, survive using a sub-par computer, placing emphasis on portability over power?

More later...stay tuned!

More on the EEE PC

I had previously posted that I was confiscating my teenage daughter's EEE PC (the 4G model, also known as the 701) because:
A) she abuses technology in ways I didn't think was possible
B) she never uses it
C) she broke the keyboard, after having it sent back for a factory repair on a power/motherboard issue
D) she consistently had it falling on the floor and it was never her fault, it was always her little brother's fault that the power cable was strung across the room and the hyperactive 4 year old would stumble over said power cable.

So I thought I'd take it and try using it. The new keyboard came in (remarkably affordable off an Amazon third-party reseller, only $15). I also had said that I erased the Asus-supplied Linux version in favor of the Ubuntu Netbook Remix from Canonical; essentially Ubuntu with a graphical shell better suited to netbook desktop real estate. That means it's actually kept up to date (boo Asus!) and it was in parity with my desktop Ubuntu system in regards to updates and fixes and applications that can be installed.

I've been using it on and off for a few days and thought I'd do a quick revisit.

First, the keyboard install wasn't that bad. There are three tiny meal clips that you have to push back, located along the top of the keyboard (near the pause, f6, and ~ keys). They kind of felt chincy in the quality, and I think I managed to scratch them, is they don't look like they're holding the keyboard very securely but the keyboard hasn't fallen off yet so...I'm going with it.

Once the clips are pushed back you lift the keyboard and slide it out of the tray slightly. There's a ribbon that is held in with two slider clips; you push the clips back towards the display (parallel to the motherboard) to release the plastic ribbon and the keyboard comes right off. Slide the new ribbon in, lock it, slide the keyboard in place, and pry the clips back over the keyboard and it's done.

Now the bigger challenge. I haven't used it to edit my novel yet, but I have done some web browsing and watching movie clips (avi, mpg, flv...) to see what it can do. The 701 has only 512 meg of RAM and a ~900 Mhz processor, and storage is a premium, so how did it handle things?

Web browsing; it's running Ubuntu, so it has the latest Firefox available (with the flash blocker to stop ads; helps with processor power too). Because of the slower processor, you shouldn't try watching more than one video at a time. You shouldn't even scroll while a flash-based player is playing or the video stutters and starts caching a bit. It's not like I'm doing high-end HD video crunching and the performance was something I found to be acceptable. There is a bit of juggling to get multiple tabs to work well and some videos don't scale properly to the oddly proportioned display resolution. Overall, web browsing is acceptable, but I'd not be beyond trying an iPad as a web browsing tool primarily due to screen real estate.

The video watching was a test in seeing what it could handle with codecs. I stuck some movies of different formats on a 2 gig SD card and tried playing them. The built-in movie player application threw up a huge number of "plugin needed" errors, then would try to download new plugins to handle various codecs. I then opened a terminal and ran "sudo apt-get install vlc" to install the VLC movie player, which handled a larger array of formats and handled them well. I had one case where the plugin installer hung on the display (movie player, not VLC related). I couldn't move it and even though the interface was responding in the background I didn't know how to get a process list up to kill the offending application or how to bring up a terminal to kill the process or how to bring up another desktop to get to a process manager from there, so my options were limited to logging in from another computer using SSH or use Control-Alt-Delete to restart the EEE. I restarted it. Not that it takes that long, but it was annoying. I need to figure out how to use a shortcut to get to another desktop or bring up a terminal session.

Other than that movies played half-decently. Surprising.

And the most obvious: keyboard evaluation. The keyboard is indeed something to get used to. Especially when you're built like a fridge, like I am. I had quite a bit of trouble not hitting the right-arrow key instead of shift, which was a pain when I tried using a spreadsheet I created in OpenOffice. But I knew this would take some work to get used to, and I'm trying to give it time (like editing my novel on it...can I get used to the annoyance?)

Any other surprises? I'm continually surprised at the software this little thing can run. I may have already mentioned that I installed SSH and SSHD, so I can use secure shell to log into it from another Unix machine (or Windows using PuTTY). It's weird to think I'm remotely logging into this thing the size of a paperback book and then install software or alter files from a remote system. I can also use the FUSE filesystem with the SSHFS module to mount other filesystems (or the EEE's filesystem) using secure shell, so I can edit and manipulate remote files as if they were local.

I also installed Synergy. If you're not familiar with it, it's a GREAT application for people with multiple computers in the same area. I wrote about it before but here's a quick overview: it's a software KVM without the V.

Scenario: as I type this I'm using my desktop computer to enter text on the blog. Sitting next to my keyboard is the EEE. I'm bouncing between the blog and the EEE to do updates as well as configure a few things on the EEE. Rather than stopping what I'm doing and task switching to the tiny keyboard and touchpad of the EEE, I am using Synergy on the netbook and the Synergy Server on my desktop to link the two computers. I just slide the mouse off the left side off my desktop computer and the mouse "appears" on the EEE display, meaning now my keyboard and mouse are focused on the EEE. I type and the characters are on the EEE. I move the mouse, the pointer moves on the EEE. I slide the mouse off the right hand side of the EEE's display, and my mouse reappears on my desktop computer's display.

Neat, huh? Neater still is I can have four computers do this off the "Synergy Server" computer: top, bottom, left and right. And thanks to secure shell, I can encrypt the connection so the connection links are cryptographically secure.

It's a neat way to do work on the desktop and laptops at the same time, and the software (ssh, synergy, etc.) are all in the Ubuntu repos (and synergy itself is cross platform, so you can mix and match Linux, Windows and OS X clients and servers).

The keyboard is definitely annoying at times; I'm working to adapt to it, so I'm going to reserve judgment for the moment. In the meantime I'll note that the EEE has managed to recognize and use a USB keyboard without problem, just as it has recognized a USB CD burner (how I installed Ubuntu NR in the first place) and the SD card and a USB memory stick without issues.

The thing that is simultaneously neat and a bullet in the foot is that this is, for all practical purposes, Ubuntu Linux on a miniature PC. It can do a huge number of things, but it sometimes takes some stretching and bending to accomplish them.

For example, installing Synergy, VLC, and SSH were straight from the repos, no real work necessary (if you're used to Ubuntu, anyway). Just select and install. Or from the terminal, issue the apropos apt-get command. But the new interface tries to hide the ability to access multiple desktop workspaces (kind of like virtual desktops). Hitting control-alt- will select a new desktop so I can organize my applications, or in the case of the one app getting "stuck" I might have been able to switch to another desktop to pull up the terminal and regain practical control of my EEE. When I tried it, it wouldn't let me. Just kept telling me I had one workspace.

But...it could do it. It does support multiple workspaces. It just wouldn't let me because it was configured for one, which is a sensible default when the screen is this tiny, I suppose. I couldn't use the workspace manager to configure a new desktop the way I do on my desktop because that "useless" interface was removed for the streamlined Netbook Remix interface.

So the fix is to open a terminal and enter the command "gconftool-2 -s /apps/metacity/
general/num_workspaces 4 --type int" where the 4 is the number of workspaces I want. Intuitive? Heck no. It was a total Google job to find this solution.

And now I have 4 workspaces. But here's the thing; I'm mixed on this feature. The fact is that a tiny device like this is kind of stretching the computer metaphor. Now small can you make a computer before the desktop paradigms become stretched too thin? I'm multitasking desktop applications on something I can barely type on because the keyboard's too small, with a processor that is being pushed to it's limits if I have OpenOffice open and a web browser playing YouTube videos at the same time, with RAM that is furiously juggled because it's only 512 meg. The graphics subsystem can barely handle itself let alone adding the 3-D candy of Compiz (which is turned off, but seems to be available as an option).

In short there are a number of features on the EEE that are probably inappropriate for the platform but are available, taking up memory space or storage space (which is a premium on this little thing), just as they are available on my desktop. Is it really necessary to have the same features on a 512 meg 900Mhz system with 4 gig of storage and a all-in-one design the size of a paperback book as my dual-core 2.13 Ghz desktop with 2 gig of RAM and 200+ gig of storage?

Probably not, at least not for the average user. Still, I can connect a USB hub to the EEE, and from that have a printer, keyboard and mouse, and I can hook up an external monitor, even if the resolution isn't all that great due to limitations of the graphics processor. In other words, the EEE can be a really portable computer for going between work and home with emergency access to my data stored on it when I'm in between "docks".

That's the only reason I could see for using netbooks like this with features that don't really scale down this small; portable desktops where you can dock it for convenient access, while still having access to your data while out at the coffee shop.

I'm still using it and adapting to it. I find myself leaning on the Mac laptop still for things because while it's not as small or light, it does just work, and I'm not fighting frustration with the keyboard.

But I did swear I was going to give the mini-keyboard a shot...so look forward to another installment of triple-EEE info in the near future!

Playing With an Asus EEE PC

Way back when we first started getting the house situated, we worked on a way to get everyone online.

My wife got a Mac laptop, a white MacBook, now about three years old or so.

I bought a desktop, a really killer Linux system with RAID and the whole shebang. I also have a belongs-to-the-day-job black MacBook.

My toddler son got a destined-to-be-scrapped Mac G5, which was top of the line before Apple moved to Intel processors but today was adequate for playing DVD's and playing online flash games, which are the two things he pretty much limits himself to doing.

My daughter, a teenager, klutzy and at times rather irresponsible (she's destroyed somewhere between three and five phones in a year and a half and she's responsible for replacing them herself...and she still doesn't take better care of them) got an EEE PC. A netbook. I thought it would be perfect as a starter laptop for her; it has USB ports so she could use a USB keyboard and mouse to work on papers, it's tiny so she could curl up in a corner somewhere to work on whatever she's working on, works on the wireless network, runs Linux so it's nearly immune to most of the crud out there targeting Windows, and it has a solid state disk, making storage a premium but for what she does it shouldn't matter. The tradeoff was no moving parts so it could take a little more rough handling without the heads of the drive crashing since an SSD drive doesn't have heads or platters to crash.

I was wrong. She managed to damage it once, killing the power supply, necessitating a trip back to the factory. Then months later we notice that she's using her brother's computer more and more; what's wrong with your triple-E?

"The keyboard doesn't work right..."

sigh

I look at the thing. She's dropped it so many times that I feel bad for it. Of course, it's her brother's fault, the four year old tripped over the power cable that she would string across a room; I can see it happening once, maybe twice, but there comes a point where you learn to not string things at ankle level lest electronics go flying, wouldn't you think?

True enough, some of the keys are dead. IThe function keys for the fake number pad function isn't causing it. A reinstall of the software (she hardly did anything to customize the thing) didn't affect it, so it wasn't a software setting. I disassembled the keyboard to reseat the ribbon connecting it to the motherboard. Nothing. I also found that a USB keyboard works fine, so the keys on the keyboard itself aren't sticking.

She just managed to kill certain keys on the keyboard. "It just stopped working," she said.

I've been considering attempting to find something more portable for my computing needs. Mainly for things like going to Barnes and Noble for editing my first draft of a novel in OpenOffice, or doing light web browsing. I'm not sure about the size of the keyboard, but something with the form factor of the EEE PC might fit the bill otherwise, so I take it.

"But I'm using it!"

Keep in mind we've not seen her use it for months, and the power cable was upstairs not even plugged in. When I got it from her the battery was dead. Stone dead.

First things first. After failing to revive the keyboard, I scrounge around a bit and find a possible replacement keyboard on Amazon (of all things) for $15. I put in the order for 3-5 day shipping (overnight was $20!), seeing as the USB keyboard will suffice for a little while as a makeshift replacement.

Second, I do updates, seeing as she's not touched the software updates. I get a bad taste in my mouth when I realize that Asus looks to have pretty much abandoned the plucky little 4G Surf (no webcam, 512 meg of RAM, 4 gig storage). OpenOffice is stuck at version 2. Ugh.

I again scrape the webbertubes for some advice and find that Ubuntu, the Linux distro I run on my desktop now, has a Netbook Remix available. It's a modern distro meant specifically for netbooks (big surprise from the name, I know). Download, burn the CD, boot and install, run the updates, and now the netbook is running essentially Ubuntu 9.10 with the latest kernel and security updates (and OpenOffice 3!).

I even get Skype installed. I plugged in a USB Quickcam, and found that it worked with Cheese, the camera booth app. Skype, unfortunately, refuses to work with it. Why? No clue. But it does appear that it will receive video, and I can do audio (and text) chat. So that much works.

I get SSH installed, and the SSH Server. If you know what secure shell is, then you know how cool this can be. After getting that installed, I logged into the EEE from my desktop computer with X forwarded and ran the rest of my updates and changes from my desktop console while the EEE sat on a stand charging up with the LCD sleeping.

Can it play online movies like YouTube? Barely. The thing has 512 meg of RAM and is a Celeron 900 Mhz processor. It strains and grunts and groans, but if you're not taxing the little dude it'll play them.

It can also record in MP3 format now that I installed Audacity.

Storage? It won't store movies well. At the moment it is running with about 300 meg free on storage. I could stick in an SD card to add a couple gig, though.

What are my initial impressions? It's impressive what it can do. I can't take it out as a road warrior device yet because of the lack of a functioning onboard keyboard; that'll have to wait until the new one comes in, and then I have to hope it's the right kind and will fit. I also don't know what shape the battery is in. My daughter swore it won't hold a charge; I haven't tested it yet, really.

I also don't like the way the trackpad buttons work. It's like a rocker bar to left and right click. Seems...weird. And of course the keys are tiny and take some getting used to in order to use (a task that's pretty impossible when 1/4 of the keys don't work).

For its size, it's impressive, and when I'm in my home network range it can get a boost from the fact that I can secure shell into my home computer and tap into some of the applications and files from there. Out on the road I could probably secure shell into a remote system, but speed would be an issue. Could it function on it's own?

It would probably be better if I had dainty feminine hands, but again, the jury will have to hold out on that until I get a better chance to test it when and if it gets a functional keyboard. I have enough trouble typing properly with a full size keyboard (although the tiny keys may force me to take my time and not make as many mistakes in the first place...)

So that's my new project. The daughter is computerless and at the mercy of her four year old brother; it's been made clear to her that that computer was made for him and she had one free computer and she broke it and stopped using it, so it's been appropriated. She's free to save her money from her job to get a cheap laptop, and instead she opts to play Pogo and Facebook games on her brother's Mac. If he tells her to get off it, she does. Which gives a four year old much joy to have power over someone, it seems (to be fair he rarely kicks her off his computer though).

I'll have to see how things play out. Maybe I'll update this more after the keyboard comes in, supposedly this upcoming week!

Building a "Media PC"

I decided to undertake a new mini-project. The goal was to eliminate our satellite television service, and thus save a decent but not huge amount of money each year.

I had taken a half-day from work because of crap weather; I figured that was a good time to try working on this back-burner project. I pieced together a system from old spare parts and installed Windows XP on it (I had a number of systems that I had removed Windows from and installed Linux, so licensing shouldn't be a problem).

We have a Vizio LCD television that had an RGB PC connector and an audio input jack...plugged in all the cables, and it actually worked fairly well as a computer with a giant monitor. I was fairly surprised at this!

Now...TV. The name that came to my mind for streaming television shows was Hulu.com. My son is absolutely in love with the cartoon Voltron now thanks to streaming Hulu to the TV.

The results weren't fantastic, but they weren't totally horrible. We have a 1 megabit download speed over DSL, which is the bottom rung of what Hulu said is needed for streaming their content. What this means in practical terms is that any sustained download...that is, anything that takes more than a minute or two...causes the Hulu stream to pause. Ouch!

Because of the way Hulu has licensed their content from studios they can't allow people to cache more than a few minutes' worth of the shows. They are using some wonderful Adobe Flash feature to prevent you from downloading the entire show for viewing all at once so it doesn't hiccup and burp in mid-viewing.

Because I have a computer, my wife has a computer, my son and daughter have a computer...if any of them are downloading updates, updating iTunes podcasts, or transferring a Pogo.com applet, the Hulu program pauses on us.

Annoying? Yes. I don't mind this inconvenience much because any shows we really liked we bought on DVD as a whole season, but for my family this could be a deal breaker.

I downloaded an alpha version of Boxee, an open source cross-platform video viewer program that apparently has a lot of features (including a free iPod/iPhone application to act as a remote!). It was so very promising...but I can't yet know if it is decent or not because it doesn't work on the media computer I cobbled together. The system has a Rage 128 Pro video card in it; okay enough to use as a basic workstation graphics card, but on launching Boxee all I got was a white screen from which I could only exit using the Windows task key, then telling Boxee to quit from task manager.

I looked around online and it seems that Boxee requires OpenGL 1.4 or higher. The Rage Pro supports, I believe, 1.3 or lower. Since it's a legacy card no longer supported that means no OpenGL updates. That leaves me with having to find a cheap video card to replace this one before I can test Boxee.

I installed iTunes on the old media system as well. I opened sharing on my personal iTunes system and enabled it on the media computer, and it played my music library without any problems and played an open source movie my son loves watching called Big Buck Bunny without any issues as well. So if I buy any TV shows, buy any movies, or download video podcasts then I should be able to see them just fine on the media computer.

I also connected an old webcam and inexpensive omnidirectional microphone to the media system and installed Skype. Our TV is now turned into a giant videophone. Pretty neat when the grandparents call in to talk to their grandson!

So where does that leave me? At the moment, I have to purchase a newer video card, and the streaming of TV programs only works "so so". Anything with iTunes, streamed from another system or on the computer itself, works well. We already have a DVD player so there's no incentive to rip my DVD's to the hard disk.

The computer itself is rather weak on the horsepower scale with a 1.7 GHz P4 and 1 gig of memory and a 40 gig hard disk, but as I mentioned the only problem I've had has been the fault of Hulu's crazy caching issues coupled with our "measly" 1 megabit download speed.

I'll have to see if Boxee improves things with cached downloads, otherwise I might only have a neat gadget for web browsing with a giant monitor. If anyone has suggestions for viewing ad-supported television content from the web I'm open to it!