Microsoft Licensing: The Pain It Keeps On Rolling

I continued to set up the Dell machine from the other day. I started out my day at the office where I updated my supervisor on the installation, saying that the laptop couldn't be joined to the Active Directory domain because it was running Windows 7 Home, and apparently that ability is disabled in the home edition. I wasn't sure if he'd care because I thought the user was going to be using it primarily at home anyway.

"Nah," he said. "We have Windows 7 Professional and the licenses, just install that on it."

I sighed, packed up my shiny Windows 7 DVD (64 bit, since for some reason the home version of Windows 7 was 64 bit on that laptop with less than 4 gig of usable RAM...) and headed out to the office where I could work on that system.

I vaguely recall that Windows since Vista has been coming in a form where every version, and there are lots of them, of Windows is included on the install DVD. The different versions that cost you hundreds and hundreds of dollars between the lowliest, crappiest version to the least crippled version are all one in the same; they simply have functionality that is disabled or enabled depending on the license key you feed it.

Neat, eh?

Don't get me wrong with what I'm about to say. I personally hate using software that is crippled artificially. It was one of the reasons I initially moved to Linux; my desktop computer could act as a capable server, while Windows, despite being able to handle a modest workload, was throttled back in what it could handle simply because of a registry setting. Even though I never to my recollection was even maxing out the throttled limits I hated the idea that my system was crippled simply because of me not having more money.

At the same time, I understand and support that it is Microsoft's right to impose limits on their users, as we have to agree to the license in the first place and that license places these (irritatingly arbitrary) limits on the end user. That's why I moved to Linux instead of pirating Windows. It's their product. They dictate what can and can't be done with it.

That said, why is it that Microsoft seems to go out of their way to make a task as simple as installing our volume-licensed, legal copy of Windows 7 Professional over the default Windows 7 Home preinstalled on a Dell laptop?

Here's the thing; for the most part, choice is bad for ease of use. You give users choices, you make them think, you give them the opportunity to screw up. That counts against you in the ease of use department. Weird, isn't it?

Microsoft has outdone itself, going out of their way to make something as simple as licensing into a pain in the arse.

The DVD we have actually has two licenses printed on it. One is KMS and the other is MAK. KMS is their Key Management Service key, and MAK is their Multiple Activation Key. Two really long string of numbers and letters that belong to our business. The difference? The KMS key allows us to have an "in-house" server to handle activations more or less automatically, while the MAK key allows us to input the MAK key individually into systems that then call Microsoft over the Internet to activate. Both the MAK and KMS keys are types of Volume Keys.

Making sense so far?

The Dell laptop with Windows 7 Home apparently has a self-activated key already installed. I popped in the DVD with Windows 7 and told it to run Setup. Setup started chugging along, asking a couple questions, then  it got to the point where it asked if I wanted to upgrade or clean install. I said, upgrade! I already installed an antivirus and our full version of Office (after deleting some crappy trial version of Office that was on the system when we received it for configuration. Setup started looking at the drive and said, "Nope! We can't do that with this version of Windows! You have to run the Windows Anytime Upgrade from the start menu!"

Ah-ha! It does have all the versions of Windows, I just need to plug my key there!

I do a search, since the menu system in today's incarnations of Windows makes it damn near impossible to actually find anything now, for the Windows Anytime Upgrade utility. Run it, it asks for the key. I put in our MAK. It rejects it.

Apparently you need a special Windows Anytime Upgrade key in order to activate that function.

So now I have a licensed, pre-activated Home key, a MAK key, and a KMS key, and none of them do me a damn bit of good because I need a WAU key.

I swear, several times actually, and re-run the setup utility, this time telling it to nuke the C: drive and start over.

This time it worked. I had to spend most of the day reinstalling Windows (Professional, this time), reinstalling Office, reinstalling antivirus, and all the miscellaneous utilities that I had installed but wiped out in the full reinstall.

This wouldn't piss me off so much if I hadn't seen the alternative way to handle licensing. In Linux, there are no real restrictions. You may get a flash of the GPL license, but no key to enter, no restrictions on how you use the operating system (other than what the GPL enforces, which for most users is of no consequence).

On OS X, there are licensing restrictions, but Apple largely takes you at the honor system. Their attitude seems to be, if you put the operating system on hardware that's not ours and it doesn't work, you're screwed, buddy. Apple is largely a hardware company. They make money from their hardware and services. While they have restrictions on what you can and can't do with their software they don't go out of their way to make customers bend backwards while gargling Yankee Doodle Dandy on a unicycle in order to install their software on their hardware.

In the end it feels as if you buy their operating system just by having purchased the Mac. It doesn't bug you for software keys or activation. It just installs. The closest I've had to being locked out from an installer was trying to use a MacBook installer CD to reinstall OS X on an older system whose hard disk had failed. The install CD was keyed to work only with MacBooks, even though it was the version I had on the PowerMac before it died. I think I was still able to reinstall on the new hard disk by booting the Mac to Target Disk Mode and installing from there, as I recall.

No pestering. No nagging. Definitely no typing thirty-digit codes by hand. Maybe Apple just thinks it's not worth pissing off or frustrating customers for the possibility that someone will pirate their software. I had to take my mother-in-law's old G4 notebook in to an Apple store after the operating system became corrupt, and in the end they did a restore from a clean image. The guy at the Genius bar asked what version of OS X was on it.

How would I remember? I haven't looked at that system in probably two years. I can't remember what I wore two days ago, let alone what my mother in law had on her notebook. I guessed 10.4 judging from what I probably had on it when it became her system.

The Genius didn't ask for proof. Didn't hassle us at all. I think he was prepared to install whatever version I said (except Snow Leopard, since that didn't work on G4 Macs). Oh dear, they might lose $30 if I stole a newer version of their operating system! Instead, they made happy customers a priority over losing a drop in the bucket in change.

On the other hand I ended up losing most of a day of work because I needed to install from scratch Windows because I didn't have a particular type of key. Because the keys we paid lots of money for, legitimate keys, wouldn't work to do an in-place upgrade that would have taken ten minutes.

Thanks, Microsoft. One of the largest companies on the planet and you manage to make something as simple as installing your operating system a major hassle for a legitimate customer. Let me wave my "you're number one" sign at you without using my pointer finger. With both hands.

The Unpacking Experience: PC vs. Mac

I wrote that I recently purchased two 13-inch (mid-2010) MacBook Pros as gifts for myself and my wife. Late last week I also had to unbox and configure a Dell Inspiron 1750 (reviewed by PC Mag here and on Amazon here).

There is a significant difference in pricing between the two laptops and it wouldn't be fair to bitch about things that are primarily pricing differences. On the surface, there are several similarities that would make little difference to the end user; four gig of RAM on both, they both have webcams built in, they both have ports for external video (although the Mac isn't standard and requires a $30 adapter purchased separately), disc burners, etc. Most people, the vast majority, won't care about the manufacturer of the RAM, the brand of burner, or for the most part (unless it's really really bad) the resolution of the built-in camera.

The differences that really slapped me in the face were due to the differences between operating systems. This is something that is very much in the control of the manufacturers, regardless of the pricing of the laptops and the included hardware for the most part. Every time I cursed because I hit another roadblock to overcome was another "papercut" that makes me hate the hardware and software just a little more.

The Mac started up with a nice little flying welcome and music score before asking me some questions for basic setup. It took a few minutes before I was at the Finder desktop. Then I proceeded to run system updates; despite the system being introduced, literally, a week ago, it had two somewhat large updates (a little north of a hundred meg of downloads as I recall). Two reboots, done. My system had iWork already installed and I then proceeded to download some software that I planned to use (OpenOffice, FireFox, etc.) and all was well. I literally had a system ready for my personal use in about an hour or so, not counting the long process of copying my personal data from my old drives to the new laptop.

Not everything was gummy bears and rainbows. For my personal use, I wanted the laptop to run with encryption. The Mac uses FileVault for built-in encryption protection of your files, which is fine (aside from scary stories of the disk image now used for your home directory becoming corrupt; if it gets corrupted, you lose your whole home directory, not just a few files).

I also wanted backup protection. For the longest time I was very much a manual-protection person; I ran a script that synced my hand-created directory structure for personal data to external drives. I kept my photos in a folder structure I made to my own specifications, I kept my documents neatly organized, and if something happened I would just rebuild the computer from a clean install and copy the "files" folder from my external drive to the new computer. Fairly simple.

The Mac encourages...strongly...using a feature called Time Machine. It is really snazzy in that it creates hourly snapshots of your data to an external drive and has a neat almost Dr. Who-like flying-through-space interface for browsing your data as it changed over time. Just plug in an external drive and the Mac pops up asking if you'd like to use it as a Time Machine volume and from there handles the backup details in the background.

The problem? Use FileVault, and it will only back up your data at logoff for FileVaulted users. And you can't restore individual files from the Time Machine interface if you use FileVault, only the whole home directory. Ouch...

The process of enabling FileVault and Time Machine together on the Mac wasn't one hundred percent smooth either; the first time I enabled Time Machine, it said I was backing up about 150 gig of data (everything I read said this wasn't possible, as about 140 gig of it was my home directory and that wouldn't work until I logged off). Hmm...I think I'll log off to help it.

When you log off of a FileVaulted system the Mac will go through a process of recovering space on the disk; it's shrinking the disk image used in the background for storing your home directory data. Usually it doesn't take too long (unless you created and deleted a huge file during your session, I suppose.) Here, it did. It was going on ten or fifteen minutes before I made the decision to kill the machine from the power switch.

Reboot, came up, logged in without error (disk check revealed no problems). I did a reformat of the drive I was using for backup so I could start from scratch. Then I let Time Machine do its thing, this time staying logged in while it ran the first time. It told me it was backing up around 150 gig. Chugged along, and all of a sudden said it was done. Apparently it backed up the system and quit once it found the FileVault home directory image.

Logged out, and this time it recovered disk space in just a few seconds and the prompt changed to "backing up..." with a progress bar. Hours later (hey, it's USB...) it completed without issue. Definite user friendliness issues with how that was implemented, despite the somewhat scary warning that comes up when you turn on Time Machine with FileVault enabled.

Thinking back over the past week or two that's the only thing that really stood out as an operating system issue in migrating a brand new out-of-box system to my primary workhorse so far.

The work laptop running Windows 7 was in my experience far more frustrating.

Turned it on and the system asked me a few standard questions for configuration. Nod nod, yeah yeah, click click.

Next I was going to install our licensed copy of Microsoft Office. Usually it's pretty standard, but I had the slight irritation at having to remove the "trial copy" that was on the Windows 7 system first. I hate it when makers license "trials" of crap. It's a trap for users; they think they own the software or it came with the system, only to have it pop up errors a month down the road asking them to purchase it if they want to keep using it.

Then McAfee popped up with notices for updates and advertising. Another big peeve of mine related to what I just noted, because the user thinks they have antivirus protection when really it's a limited trial that will bug them to purchase further protection down the road. Users really don't think about these things and remain largely ignorant of the topic, right up until it stops protecting them. Errors pop up but the user just typically clicks through them until something goes really wrong, takes it to their resident geek, and he finds that the computer hasn't had updated virus definitions in six months and the user assumed it worked because they had McAfee (or another vendor's software) installed.

Uninstall uninstall uninstall.

Next I tried to put it on the domain. Guess what? Whoever purchased the laptop bought it with Windows 7 Home. Windows 7 Home won't connect to a domain. Another peeve of mine; artificially crippled software. I know it's a licensing issue and Microsoft has every right to do this with their software. It explained that this version of Windows is unable to join a domain. It's still a pain in the arse that I threw into my curse-pile after having to uninstall trialware crap.

I next had to uninstall a Dell wireless utility. On our network for reasons never fully explained the Dell utility for wireless interferes with the ability to connect to our Cisco wireless access points. Delete the utility, let Windows manage the connection, generally there's no problem after that (although now that it can't connect to the domain, I suppose the point is somewhat moot). I deleted the utility as we've done with countless Windows XP systems. Suddenly the system conveniently forgot it had a wireless card, period.

A big sigh and a dig through the box yielded a Dell Resource Disc with the drivers (ALREADY INSTALLED, it proclaimed). I inserted the disk and it prompted me to run a setup program first. Huh?

Okay...run install. Then it prompted me to remove the disc and reinsert it. Okay.

Then it popped up an error that I had the wrong volume in the drive.

Told it to continue twice and it suddenly decided it was okay. It ran a program that detected my hardware. Okay, I think, this is a turn for the better because now I don't need to guess the hardware!

It popped up with the Inspiron 1750 page and gave me an option of installing one of four or so drivers for the wireless card. Um...aren't you supposed to have detected it?!

I ran the first one. It told me that hardware wasn't installed.

Started running the installer to the second one. Suddenly Windows detected the wireless card, installed driver support (while the second installer hadn't run yet, it was just finished extracting files). So Windows now had the driver rediscovered and working, apparently, as it now had it in the device manager again.

That resource CD was a waste of time, and who knows what the installer littered on the drive?

The Mac doesn't have this issue because Apple hardware is tightly integrated with the operating system. If you buy OS X as an upgrade, it will have drivers to update all the hardware that it is known to support built right into the operating system.

What I don't understand is why Dell goes through the trouble of creating a separate utility that rides on top of or supersedes the Windows wireless utility. If it works fine for the purpose I'd far prefer having the built-in system over a third party utility. When I sit at the Mac, I know what to expect when I want to change settings, whether it's my system or a friend's system. On Windows, there's the Windows utility and there's a vendor utility or there's a manufacturer's utility (do I use the Dell configuration program? Windows? Intel?), and sometimes they work or they goof each other up.

Confusing, and definitely not user-friendly.

Not to mention that adding additional layers of software for redundant functions adds complexity, and with complexity comes more possibility for failure or bugs.

In the end I'd prefer that manufacturers stop adding trialware crap to entrap clueless users and stop adding software with redundant functionality. Unless you can genuinely add functionality to the system, I don't need a utility to join wireless networks when Windows has that function already built into Windows, and it's a real boon for the neighborhood geek when he doesn't need to know the ins and outs of each manufacturers crap utility just to join a laptop to a home router. Worse, I don't need to have two or more utilities that fight each other for access to the hardware and in the process can disable settings that were put into one program and now won't work when switching to the other program they ran intuitively (what do you mean I wasn't supposed to run the Windows network settings to join the network? Windows told me too, dammit!)

Overall these little papercuts in the process of configuring the system started having even minor things like the wallpaper, a series of upside-down boomboxes for reasons I haven't yet figured out, really grate on my nerves after the fourth reboot for updates and configuration settings.

I'm sure there are apologists that will point out that the circumstances were different between unboxing my system and unboxing the Dell. I'm aware of that. And I'm sure that there are good points that I'm overlooking. The point is that there was a lot more friction in just getting this Dell system configured for even basic use than I encountered on the Mac, and it was almost always due to problems and peeves that were under control of the manufacturer, right down to the gawdy and irritating upside down boombox wallpaper (c'mon...what the hell is that?? Look at the links at the beginning and see if you can see in the screenshot of the product for the reviews the wallpaper I'm referring to.)

There are people who will be anti-Apple no matter what. There is an "Apple tax" for their hardware; and it purchases less irritation for me. The hardware integration with the operating system simplifies things and standardizes the interface and removes the need for two different ways to turn on my wireless networking, and I don't have to go through and delete trialware from the computer to clean it up. It's not perfect by any means (why can't they use a networked Finder, like X? Or workspaces that allows me to rotate a cube or slide the screen for multiple desktops like I can with Ubuntu's desktop? Yes, I know it has Workspaces, but I always found the Ubuntu enhanced GUI features a little easier, if not glitchy at times, to work with, but maybe that's just habit speaking right now.)

What it boils down to is that I am an Apple fan because despite the money I have to spend on their hardware they generally treat the customers right. They remove friction, for the most part, in using the system. Their walled garden is expensive to get entrance into and has a few bees hovering around. It simply seems that the more I use Windows 7, OS X, and Ubuntu, the more I appreciate the differences and enhancements each offers.

To tell the truth though I'm still looking for the enhancements Windows 7 has over Ubuntu and OS X...anyone? Honestly?

MacBook Pros (or, Surprise, Honey!)

I recently emailed a friend of mine about an unrelated item in life but alluding to self imposed stresses that I'd blog about in the near future. Well, here it is!

I've been going through both a technology crisis and a crossroads with technology. I've been working on trimming costs around the house and trimming my computer taxes (i.e., shutting off home servers because of the electricity they suck down) while evaluating how much I really need for using technology. By that, I mean, do I really need a desktop computer? I've been finding myself more often than not trying to work on my novel from a notebook or netbook at Barnes and Noble or in the bedroom, or having to remotely edit things to my desktop from another room.

So I began testing whether I could use a netbook for my computer needs. That was a mixed success for another blog entry.

At the same time, I had my "podcast" computer, a lowly Windows computer used pretty much for Skype for my son and podcast syncing to my iPod in the morning, die on me.

On top of that, my wife's MacBook had Applecare die. Again, topic for another blog post so I won't dive into it, but as a tech person who wants minimal hassle in supporting his own gear, any notebook that has gone out of warranty is a pain since the hassle in replacing anything beyond the most basic component is probably going to cost you more in time and parts than a whole new laptop would cost.

My wife's computer was going out of warranty. My netbook was adequate, but barely, for anything beyond basic web browsing, email, and working in OpenOffice.org on my manuscript. My multimedia computer was toasted, so I had to improvise another system that used to be my primary server/workstation but the CPU cooler was loose from the motherboard and thus rather unreliable (at least enough that I don't leave it alone for long periods while it's running).

So I formulated a plan.

And despite my constant debt worries, I purchased two new MacBook Pro's. One for me, one for my wife. With hardshell cases (one blue, one pink) to protect them.

And my wife knows that I constantly stress over bills and income, so she wasn't expecting it.

But I didn't just give it to her. That would be too simple.

When I was younger, my mother would (rarely) play this game to entertain me where she would hide clues around the house and give me the first clue, which would lead me to the next clue, and the next, etc. until I arrived at the final prize, usually some small toy or food or something. I don't remember the prize. I remember the fun of running around the house looking for hidden notes and the rush of figuring out her clues.

So the day FedEx finally delivered the notebooks I enlisted the help of one of my wife's coworkers and hid a number of clues around the campus of her workplace after hours (she usually hangs around with work after 90% of the other people have run home).

I had come up with clues and taped them to cut out foam letters spelling the word "apple". I also took an empty MacBook box from a friend and stuck a Fuji apple in it along with a "congratulations, you found the final clue!" note. I then messaged her to Skype me and I chatted for a few minutes before reminding her about my clue game as a kid, and said that now it was her turn. Then I gave her the first clue and told her she was on the clock.

Confused, she started following the clues until she arrived at a backpack that I normally use for my work equipment, but unbeknownst to her I had switched everything out of it and instead had her notebook and equipment inside. The MacBook box hinted that the Fuji apple inside was the prize, but there was a hint that it was the "final clue", meaning there was one more thing. In the hint, the words "under" and "me" were capitalised, so she had to figure out that she needed to look under the plastic insert in the box to find a printed picture of my bag that in turn had the MacBook Pro in it.

It took her about twenty or thirty minutes to figure everything out and get all the clues, but in the end I think she was rather surprised. I had spent, literally, weeks going over specs and finances and talking myself into doing this, since you can imagine these are not overly cheap computers. These are 13" MacBook Pros with iWork installed. I have been saving money whenever I could to help offset the cost. I also spent weeks coming up with the clues, the props, and the plans to pull this off on my wife, without her stumbling onto the equipment (the hard shell cases came days ahead of time).

So when I told my literary friend that I had some self-imposed stress on the docket, this was it. Weeks of planning culminating into this big surprise. I think she kind of liked it.

My biggest regret is that I am far enough in debt that I couldn't justify the expense of getting SSD drives, despite the added durability they offer. I juggled the numbers and figured that these were investments for the next three years, and over that time I would be using this almost every day. My wife uses her system almost every day as well, although I can't comment on how important her computer is to her. I know how vital it is to me, considering how much I work with computers at work, how much I work on my manuscript, online research, etc. and the computer I was using before the MacBook Pro was nice in some way, woefully underpowered in others.


So now I go back to worrying about paying bills. The fact that I'm using these laptops all the time probably means I made an okay decision this time around and probably  won't regret it. Yeah, it's more debt. But I know that unlike many frivolous purchases, these will be heavily used for the next several years, and I'll make a small amount of money back in saved electricity. Oh, and did I mention that my wife and I aren't buying anything for our birthdays and Christmas? Yeah, this was our gift for this year, so that also factored in to the cost.

With some luck, I'll manage to finish, and perhaps (dare I dream it?) sell a manuscript that is finished and polished on the new laptop...

Well, there's that, and I think my wife really liked her present. But I can't speak for her...

The Merion School Spy-On-Kids-With-Webcam Case

Wow.

Every once in awhile I get hit with a story that leaves me scratching my head and saying to myself, "What the hell were they thinking?"

This particular scratching came from the story pertaining to the Lower Merion School District. The best summary thus far of the events comes from Philly.com. The gist of the story; kid had a school-issued laptop at home, gets called into the office, and the assistant principal confronts the kid with a picture taken by the laptop's built-in web camera showing him with "pills" and accuses the kid of drug activity.

Um...

The school had software called LANRev installed on the laptops for theft control. If a laptop is stolen, then it's "tagged" on a server and the laptop tries to "call home" to record the IP address as well as record snapshots from the web camera and screen activity.

The student's family apparently turned around and filed a lawsuit for invasion of privacy, and from there poo was hitting all sorts of ceiling fans. Students had noticed the webcam light randomly blinking on and off at various times and were told this was a "glitch," that they could ignore it.

Now it's time for all sorts of indignant cries to rise up from the choir...

For example, one parent saying that the computer could have taken pictures of his daughter when she took the computer into the bathroom as she showered. Huh? Isn't that like cooking bacon in the nude? Why would you take a thousand-dollar laptop into a humid, wet room while you were showering? You do know that electronics don't like water, right? (this link gives the example in the transcript of the podcast) My daughter is nearly 18 years old and I wouldn't hesitate to whack her on the back of the head if we spent a thousand dollars on a computer for her and she took it into the bathroom while she showered.

But this does bring up a legitimate concern, namely the ability for someone to get pictures of kids in their rooms in various states of undress. This would then bring the school (or system administrators) into the nasty territory of child pornography.

Hmm...

I'm personally torn on the issue. I've read the excellent writeup by Stryde Hax on his blog here, and I think I understand his viewpoint. Unfortunately it's not really a balanced view on the situation (as is his right to present on his own blog, of course; he I think he has been very understanding of dissenting viewpoints in my opinion and am glad for what he has contributed to the story since most involved seem to prefer throwing out non-constructive or vindictive opinions without any actual content to justify the viewpoint, while Stryde has been very good at articulating his view.)

Here's my take.

People have a right to their property, and to protect said property from theft. If I'm robbed, I am damn well justified in being angry at the violation of my privacy and have a right to be angry at having someone steal my sense of security.

I think I should be allowed to set my computer to do whatever I want. It's mine. If I want it to take pictures and upload them to a server, I should be allowed to do so, as long as there's no intent to violate someone's rights (having my computer take pictures of me during the day or pictures when it's stolen is legit in my book, but having it programmed to take pictures because I'm planting it in a locker room is clearly wrong.)

The school laptop program is giving students school property. This cannot be emphasised enough because people like to conveniently forget that part of the story. The schools is lending property to students. My feeling is that because the laptop isn't mine, and isn't under my control, I'd trust it about as far as I absolutely must and after that it's shut down. The laptop was supposed to be used for schoolwork, not texting friends, browsing the web for porn, or anything else the personal computers are used for, even email that isn't school-related. Anything you do can be recorded and used against you later. I have yet to understand why people can't get that through their heads; just as employers own the computer on your desk at work and can browse your mail and monitor your Internet use, schools have the same rights on their network, and unless it's spelled out otherwise you should reasonably assume those Big Brother rights extend to a laptop you don't own.

I think that a school should be able to do whatever they can for gathering evidence to bust people for stealing expensive property, and taxpayers should support it since this ultimately is funded by the taxpayers. Losing laptops and breaking them and treating them like crap doesn't get them fixed for free. Someone foots the bill, even if the path for the money is convoluted to the point where kids don't understand that Mommy and Daddy may end up having to pay more in taxes because they can't be more responsible with school property.

BUT...

There are caveats to the case. The computers were meant to bridge the digital divide; every kid has a computer with which to do schoolwork under the laptop program, and that meant as they implemented the program that every kid was basically required to use the school laptop to get through their classes. In other words, there wasn't a choice in the matter. They had the laptop, and it was apparently spying on them at times. Again I wouldn't have trusted them for anything not school related; I'd use the laptop for school, and use my own computer for my own personal use. This isn't necessarily an option for kids that don't have computers of their own, and I understand that. But I'm still torn on that as another issue because it seemed that many of the kids that can't afford even a $300 computer manage to afford a cell phone. Priorities. But that's not the topic at hand.

Also, the school denied that the laptops had the ability to take pictures of the kids and spy on them. It's one thing to have the ability, it's another to hide the fact that it can be done. According to the Philly.com story, representatives from the student council asked administrators about this and were basically ignored when they voiced privacy concerns; from the sounds of it the administrators stuck to the story that it was a "glitch" causing the webcam light to come on. Totally unethical.

The Philly story also points out what was possibly the biggest bonehead move on the school's part. The user agreement that the kids and parents had to sign was just the old boilerplate used in past years for using the Internet in the school, nothing new or updated related to using school computers at home. Dude, liability 101...were you all asleep at the wheel here? Where was the tech with half a whit of common sense who stopped to say that maybe you should have special rules in place for kids carrying thousand-dollar equipment around, especially knowing that kids treat school equipment like crap since, "Hey, I didn't pay for it! It's FREE!"

Most parents don't seem to know just how much liability schools have to cover their arses for. When a teacher sees or overhears anything, anything, they have to report it to higher ups or they can be responsible should something happen to said kid. Kid has a bruise around the neck resembling fingers? Kid have unusual cuts on the arms, or marks that look like something was injected with something? Or maybe they heard some passing talk about a kid being coerced into oral sex? These things have to be reported to administrators or authorities.

So if I were there when discussing issues in rolling out these laptops, one of my concerns would be that these things are virtual black boxes for collecting data on kids and that would put technicians into a potentially dangerous situation with knowing "too much." Troubleshooting a computer and running across browsing history involving abortion, drug use, parents raping sons or daughters...sure, chances are slim, but in a litigious society there is little room for "we'll deal with it if it ever comes up" and hope for the best. With the addition of taking pictures of the computers in homes, you can be sure to bet that I'd worry about collateral damage; pot plant in the background? Parent or sibling walking in the background half-nude from the shower? It's a can of worms I'd not want to deal with.

More than that, where are the checks and balances? The article states that the system was only used if requested by administrators at the high school or higher-levels. That isn't good enough. There should have been an iron-clad method for controlling who gets to use this and view the collected evidence, not just within the school but by a third party, such as the local police department. Better yet have the police involved each and every time the system is used.

Side note-the school apparently is saying that the police department did know about it, because the pictures are uploaded to a website where they can view the collected evidence. The retired police chief was quoted as saying he knew nothing about it. Another case of police being...surprise...technology-tarded, nodding their heads when told about what they can do when in fact they had no clue what they were agreeing to? Or is the school lying? Or are the police covering their own behinds?

These seem like common sense cover-your-behind issues that should have been dealt with at the outset of the program.

Of course there are little details that are squeezing out as the story develops. Worse, the details that do leak out are mostly one-sided, as the school plays the stoic "lawyer advises us to say nothing so we're not commenting" game while the kids and parents are shooting off whatever details they want, true or not. For example, there's no full explanation for why the theft-tracking was activated on a laptop that the school knew the particular student had in his possession. There is also a rumor that the kid wasn't using drugs, he was actually eating Mike and Ike's candies, which if it's true is going to be a definite story for the hall of embarrassingly stupid mistakes.

The Philly.com story also has some more background on the details of the kid and his history with (mis)using the equipment. According the news story, his family never paid a required $55 insurance fee before taking the laptop off campus, and the laptop in the question was a loaner unit because he had broken at least two laptops. It then went on to say that the theft tracking features were turned on because the school suspected the student had taken the computer home when he wasn't supposed to, in which case it would be considered "stolen."

...of course, it was just laziness and/or lack of procedure that would lead them to turn on the picture taking features, as the only thing needed to prove the laptop was removed from campus was that it "phoned home" to the school's server after hours from an IP that belonged to a home network.

No doubt the case is going to continue to contort and twist as more details leak out. The federal authorities are now involved to see if there are civil rights that were violated, and congressional representatives are trying to score points by calling for an investigation (really, with all the waste in government, is it necessary to waste time grandstanding on this when there's already a court system being involved?) Everyone is now in spin control mode, doing what they can to cover their own arses and justify missteps.

What is clear is that the school was engaged in unethical behavior. Had I had a hand in the program, I would have encouraged openly telling students that yes, there are systems in place to keep them from being stolen. Students are issued laptops with ID numbers that are registered, and they are responsible if said laptop is broken or disappears while in their care. It has been my experience that kids treat technology as if it's disposable if there's no consequence for destroying it; they need to have encouragement from parents and school alike to take care of the equipment.

I also would have made it perfectly clear with an updated technology policy what is expected from students and parents charged with the care of the laptops. That would include notifying them of the possibility of photos being uploaded remotely as well as what the laptops could be used for. How they could have been so negligent in this is truly mystifying.

But life is 20/20 hindsight and this district will have a black eye for a long, long time. They will be known for many years as a district that deviously spied on kids and because of that they will have a long and hard road to travel in rebuilding what trust they had among students, parents, and probably teachers. They'll also have an interesting time if they are found guilty in the courts and end up paying a large settlement to this kid's family and as a consequence raise taxes on residents in the district...

EEE PC: More Conclusions

I've been using the EEE as my primary system for over a month now. So what's it like?

First the upsides.

My data is always with me. That's the primary reason we use computers; to have access to our data and services. I always had my computer on at home with secure shell open and waiting for my connections in the first place; I could access it from a laptop or other computer when away. Now I have that data whenever my netbook is with me, meaning accessing it is a bit faster (since I'm not editing a manuscript over a network connection, for example). It also means that I can access the data when I don't have a network connection available.

This thing is a tough little computer. The hard drive in the 701/4G Surf is not a standard drive, meaning no spinning platters with a little read/write head floating a hairs' breadth from the surface of the metal, further meaning that if it were dropped or there are extremes in temperature it would scrape the platter and possibly damage the head or media. It also means it runs quieter and requires less cooling.

It's small. This thing takes portability to heart; it's so lightweight that I think the Vaultz case I use to carry it actually weighs more than the netbook.

It runs Linux. I know Linux. It's usable, it's relatively small, and commands that work on my desktop at work also work on my netbook. I now have it running the Ubuntu Netbook Remix, so it stays up to date with security fixes and again...the commands are familiar. I can use handy tricks like redirecting Secure Shell tunnels and mounting other Linux computer filesystems with sshfs, and there's no vendor-exclusivity.

This unit happens to be one of the ones that has an underside panel that unscrews to add memory. I have a 512 meg DDR2 DIMM card running at 400 Mhz. I can probably upgrade it relatively inexpensively and without needing to solder or screw around with modifications to the unit.

Once you get the hang of it, using encryption on the laptop isn't so bad. I have encrypted my home directory so that if it is stolen, someone would have to crack the password in order to gain access to my files. If I'm not logged in or didn't leave my account logged in, my files appear as gobbledygook to anyone that tries looking at my home directory contents from a boot disk.

The unit has a built-in SD Card slot. I like it because I'm frequently transferring images from my camera and video camera to my external drives. The EEE was initially using the SD slot as additional swappable storage to make up for the small 4 gig built-in drive, but I've found that it was ahead of its time with giving access to SD cards now that so many accessories store data on them and using the USB cable can entail special drivers or instructions or software to interface with the toys. Lowest common denominator tends to be more reliable. Just insert the data card and use it like a disk volume instead of farting around with your high tech sony insta-digital-camera's settings.

Then there are downsides.

My data is always with me. If my netbook dies before I make a backup or if it's stolen, I lose my primary working set of data.

The drive in it tends to be on the slow side. I'm pretty sure this thing is using something more akin to an internal flash drive than an SSD drive because I've read information and seen video of SSD-equipped systems and they are fast compared to standard drives. this thing has a tiny amount of storage space and tends to crawl. It could very well be the sub-par specs compared to today's machines; it wouldn't be the first time I've hit bottlenecks that I didn't think were caused by a particular technology (i.e., a server that was slow and I thought it was the network getting bogged down, only to discover that indeed we've hit a point where the RAID controller and slower drives couldn't keep up with data requests!)

The battery life is sub-par. I bought a new battery thinking the old one was dying; nope, I still get around two hours of usable time on it. Very annoying, given the small screen and lack of spinning drive. The time on comparable netbooks today is closer to six hours or more. Either the battery technology on this is really crap or there's somthing quirky in the early generation 4G's.

It's small. The portability comes at a price. I wish there were some easy way of getting a virtual keyboard or a keyboard that expanded; the keys on this unit are small, and my fingers are big. I know I've brought this up before. My take is that I can almost type on it well. My error rate is definitely higher, and I am glad when I use it at home that I have a USB keyboard to plug into it so the "native" keyboard is more of a fallback while on the road. It's annoying but not a dealbreaker.

Linux was created for geeks, by geeks. It scratches personal itches, meaning that usability "papercuts", as they're called by Canonical's CEO, aren't bandaged unless a particular programmer is irritated by it enough to fix it. More often than not that means that Linux afficionados find workarounds and make excuses, saying that it's not hard to get around the issue, just do XYZ. That works well for them, but makes the Linux system look piss poor when comparing a simple, everyday task on a Mac running OS X (which is running a derivative of UNIX under the hood) and a Linux system side by side and it just works on the OS X system. I shouldn't have to use workarounds after two decades of development under Linux.

What kind of tasks? This is another papercut. I use a desktop monitor at home, an LCD panel. I plug it into the Mac, the Mac recognizes it and sets the display and refresh rates correctly. I have the monitor in front of me and the notebook on my right; on the Mac I tell it to arrange the monitor on the notebook's left and then dragged the strip on the virtual monitors to the LCD panel, turning it into my primary display. Works great. I was pleasantly surprised when I connected it up again the other day and the display came up as my primary display again, complete with doc and menu bar, with the notebook acting as a secondary display. It must have filed away some information about my LCD panel to remember my settings. Nice!

The netbook, however, loses this configuration. I connect the monitor up and boot the netbook. Inevitably, the first time it discovers the monitor, it mis-sets the refresh rate so that things are readable, but vibrating so fast that graphics look like they're being buzzed visually. Highly annoying. Oddly enough, I reboot the computer, and it will display things more sharply, like the second time around it discovers the proper refresh rate. Two boots. Every time.

Furthermore, if I try rearranging the displays, it won't set the graphics properly. I lose the menu bars and task bars, I can't use the netbook with the monitor attached anymore because I've basically lost all the control elements. I need to disconnect the monitor and re-set my settings to fix it. No matter how I try to set it or arrange it, the netbook screws it up. So I'm left with my primary display being on the netbook on my right side, and dragging my windows to the right hand side of the netbook's display to have it "wrap" to the primary monitor I want to use, then re-maximize programs. It appears that the primary display on the netbook/Ubuntu system is the monitor that is set to be on the "left" side of the virtual displays. Since I can't rearrange the displays and have it properly arrange graphical elements like menus, I can't move the Samsung LCD monitor to the left; the netbook always thinks it's on the right. That sucks.

I think the USB controllers on the netbook are slow, or the combination of memory/CPU/controller makes it slow. The netbook has a tremendous system load appear if I copy a lot of data over the USB bus to external Western Digital drives. Given that the netbook has a low amount of storage to begin with, this really means that things I occasionally do on computers...audio or video editing, for example...are out of this system's reach. It can barely watch YouTube videos, let alone edit them. Using external drives to store large data files would be painful to even contemplate.

Power is screwy on this thing. I keep getting this "your battery may be bad" error. I looked into it after I replaced the battery and it still had the error message; turns out that the unit is apparently known for it. The circuitry reports the power level to the operating system as a percentage, so the operating system interprets it as being at 1.9% power since it's converting the percent to another percent; it's suppose to report the power output in mAh. 100 mAh on a battery reporting itself as having a capacity of 5200 mAh is indeed going to screw up the math, and it appears that no one is going to fix this issue with a patch specific to the ASUS battery model in question within Linux.

Related to power, when this gets low on power it just shuts off. Blip. All work not saved is gone. No warning. The MacBook I use from work will try to go to sleep or hibernate to save your work, and give ample warning. The most warning this gives is a red battery display in the upper corner of the menu (which I configured to show that information) and if I don't keep an eye on it, blip it shuts down straight dead. It's a nasty surprise.

There is no disc drive. I know this cuts down on power use and size, but still it's a little bit of a pain not to be able to burn discs or access burned discs, especially when Ubuntu's built-in support of disc burning trumps OS X's way of handling it in my opinion (in OS X it looks like I'm burning aliases instead of files. I was sure when I first did it that I actually burned a disc of shortcuts instead of the content I actually wanted. Not user friendly in that aspect. Ubuntu uses Brasero to open a window in which it looks like I'm dragging copies of my files to that window, then click the big "burn" button to finalize it.)

Conclusions...

I've been using it exclusively for my desktop work at home. I am able to use it for most things I need; but I am limited, and those limitations chafe me. I can't watch many Youtube videos because it stutters on some of them horribly; I'm better off using my iPod. I can't use my computer to sync my iPod; but I already have a Windows computer to which I connect it with iTunes (and use my netbook to VNC into the headless Windows computer to do updates and maintenance.) I can't run Virtualbox...I suppose I could, but man it would be horribly slow, and there's no way I could create a hard disk bigger than a couple hundred meg at most without an external drive, and that would make access even slower.

The tasks I primarly focus on...remote control of the Windows system for my iPod, editing my manuscript of a novel, composing email in Thunderbird and reading mostly static web content...it works okay for those tasks. It does get bogged down with flash content to the point where it'll stutter the interface (the web browser will "pause" as it loads content, making the menus and tabs unusable for up to thirty seconds at a time.)

It's portable and it boots relatively quickly. Actually running of tasks seems to slow it down, but booting isn't that bad, despite running with encryption on the home directory.

I am able to get my primary work done, just with a little more care and a few more...papercuts.

In the end there are systems today available for under $500 that are refined versions of this 701. Unfortunately most of them are Windows 7-based so support for Linux is limited to what you can find from other netbook pioneers and experimenters online before buying, and since netbooks often have specialized design considerations there is an increased chance that something won't work properly due to driver issues if you try installing Linux on a new netbook. Would I consider getting a new netbook to use as my primary system? I'd consider it. I'd like to find something that addresses limitations in storage and speed, but again that influences some of the things I like about this unit...size, quiet running, and the flash memory instead of regular hard disk drive. Most of the cheaper units out there use micro drives so there's plenty of storage (if it has Windows, it needs that extra storage). On the other hand the battery life has increased to 6+ hours despite the slightly larger displays and traditional hard disks.

So the unit is usable, but I'm on the lookout for something better down the road. If I had a ten star rating system I'd give it an overall six for my purposes; satisfied enough to keep using it, but I definitely look around at Sam's Club and Amazon and NewEgg at the current crop of systems and wonder if I have enough money to buy something that might possibly fit my needs better.

Encrypting your Laptop: Summary Thoughts

The issue of encrypting your data is far more complicated that I'd like it to be. After doing this on my work laptop running OS X and my personal netbook that I'm using as a "portable computing experiment," I can say there is significant difference in the experience.

I used the "default" methods for encrypting these systems. There are many options if you research online; Truecrypt is popular and cross-platform, EncFS can be used on Linux and OS X but takes some Terminal Fu to accomplish, dm_crypt on Linux,...options abound.

But here's why I chose the "Default" methods; they work. They're supported (in this case by Apple and Canonical). When you upgrade the operating system, there's a far better chance that the encryption isn't going to break the new installation.

The problem is that these encryption techniques are still with trade-offs, partially because of the way these encryption techniques are implemented.

Both FileVault and EcryptFS as implemented here encrypt just the home directory. This means that anything in the temporary directory or in the log files are accessible, as is the swap partition, which can hold data that was in memory and could have sensitive information tucked among the crud. The good news is that odds are very good, since Linux and OS X are "UNIX-based" in design, that your personal data is contained within the home directory.

When you log in, the encrypted volumes are mounted so you can access the data. This means that when you're logged in malicious software can access your unencrypted data. In other words, encryption isn't a cure-all for security.

EcryptFS on Ubuntu stores your files as files on top of the filesystem. This means that if I were to look at my username's files when that username is logged off, say, by logging in as root, the files look like gobbledeygook. Each "real" file appears as a string of nonsense. There's a one to one correspondence...the encrypted file will still allow a nosebag to see when I created the file or last accessed the file, the approximate size of the file, basically they can get a lot of metadata without seeing the actual content or name of the file. This means that it's a lot easier to back up the files to another media.

FileVault is implemented using a "filesystem within a file". If I log in as my secondary user (more on that shortly) I see a huge number of files that comprise a sparse disk image. When I log in as my normal user, OS X takes the image files and combines them into one big container, and my files are contained within that container file. (To be more accurate, the many files are contained in a bundle, so within Finder you only see the top level bundle).

The reason the FileVault image was broken into many smaller files was because of an issue with Time Machine. Originally the encrypted volume was one giant file. If the user was logged in and then a backup was run, the backup will see that giant file has changed whenever even a tiny change was made in your home directory (since your home directory was actually contained in that giant container file). Apparently users got irritated at backups that took hours to complete when only a couple of documents changed.

Later versions of OS X changed the single giant volume into a number of smaller files. That way one small change doesn't trigger a backup of an entire multi-gigabyte file repeatedly but rather a single chunk of the volume.

In contrast, the EcryptFS method of using a one-to-one file encryption means that backups are simpler and faster. You alter one document, that file is the only one that changed and thus the nonsense-i-tized file will be backed up to your storage media.

It's also because of the OS X "container" approach that when using a utility like Carbon Copy Cloner for making images and backups of your computer that Bombich Software recommends you make sure you're logged out of any FileVaulted accounts. On the OS X system I had to create a second administrative user to do backups from.

Neither solution gives full-drive encryption, arguably the most secure. It is possible to configure a new Ubuntu system to encrypt an entire volume at installation time, but to do so means installing from the alternate installation CD. Not exactly user-friendly. So you balance security and convenience, accepting that anything in the temporary caches outside the home directory or anything in swap area could be recovered. On the other hand this means less of a performance penalty for accessing routine system files, since any encryption means having the CPU jump through more hurdles to decrypt information before you can access it.

Encryption adds a layer of security in case your notebook is stolen. The price is that it also adds a layer of complexity. Recovering your data in the event of drive corruption is far more difficult, and in the case of FileVault, if part of that container file is damaged you will most likely lose everything in your home directory. This makes having a backup even more important. Encryption adds processor overhead, so it slows the computer.

One last point I have is that these only encrypt the home directory. Since I'm using a netbook, my expansion storage area on the SD Card or USB drive is not encrypted. If I have that with my netbook case and they're both stolen, anything on those secondary drives is open to theft. I'm sure I could find a way to encrypt the data on those drives, but then if I needed to share data with another computer or use the drives with another computer, they couldn't use it since that system probably doesn't have the same encryption scheme installed. I also make heavy use of external drives at home for expanded space and backups, and they are not encrypted.

I do think that while FileVault has detractors...there are many on the Internet claiming that it will eventually destroy your data, and they decry the shortcomings of only encrypting the home directory...Apple has made the process braindead simple. When it comes to something like encryption, options are definitely a bad thing for end users. People want to accomplish a task. They don't want to have to weigh options and choose the "correct" answer among a sea of possibilities. With the Snow Leopard version, they get protection for the home directory, the protection is implemented in-place so they don't need to move their files around to a special encrypted directory or temporary holding area, the slack space can be securely wiped after the change is made, and they don't need to play with configuration files or the command line to set up details like automatically mounting the home directory, and since it's a standard OS X feature, chances are that new versions of OS X aren't going to render your home directory inaccessible.

The EcryptFS doesn't necessarily have detractors, but for a reason that is itself a criticism...it's not widely used. Linux has a small base of users compared to Windows (or Mac OS X), and an even smaller percent of those users are even aware of the existence of encrypted home directories. It's a feature that's probably not widely implemented in the wild.

I didn't talk about Windows encryption because I don't use it. Windows has had encryption support for some time now and third-party support is, predictably, even more mature (for example, TrueCrypt supports full-disk encryption for Windows, but not for Linux or OS X). But Windows is what I work with in my day job. And it drives me nuts. And one thing encryption will not protect you from is spying when you're already logged in with access to your encrypted volume, and the market for malware on Windows is more mature than the malware market for Linux and OS X as well.

What does that mean? It means that if spyware gets installed while you're logged in, the disk encryption can't prevent that spyware from uploading your documents or opening the machine to remote access to an attacker. The encryption only guards you from having your data stolen if your laptop is stolen; the attacker looks at your hard drive and finds nonsense instead of your banking information if they don't have your password.

It's all a balancing act. The two operating systems I am implementing encryption on stay true to their roots. OS X made it simple and painless. Linux makes it a hidden feature for people who dig under the surface to find the Easter eggs. Neither one is a panacea but are instead an added layer of security.

Encrypting Your Laptop: EEE PC (Ubuntu Netbook Remix) Edition

Continuing from my previous post regarding encrypting my employer-issued Mac, here I describe the experience of encrypting my netbook running, as the title says, Ubuntu Netbook Remix.

OS X includes FileVault for encrypting your home directory and is braindead simple to implement. It allows for live home directory encryption; that is, if you have the space available on your laptop and turn on FileVault, you don't have to do anything to your directory that involves copying or manipulating your files in order to get protection. Most of the time was spent just sitting and waiting while the laptop went ahead and started altering my home directory for me.

Ubuntu...not quite so much.

It's not fair to say that Linux makes it completely difficult to implement encrypted home directories. The latest versions of Ubuntu supports eCryptfs, the encrypted filesystem. This is built on the FUSE filesystem which allows users to mount "plugin"-supported filesystems (FUSE is a topic all of its own; I can use FUSE to do neat things like mount a SSHFS filesystem, a mount over secure shell. I used to do this to gain access to my home computer's files as if they were mounted locally on my work computer's directory tree.)

The main problem I ran into was that Ubuntu's supported home directory encryption was meant for implementation when users are newly created or when the system is being set up. There is no "live migration" as of Ubuntu 9.10.

There were instructions that were supposed to support a manual move to an encrypted home directory. I had a second computer, so I logged off of my netbook and secure shelled into the system from another system (you can't have files being accessed while you're trying to move them from your home directory, and part of the instructions tells you to log off the graphical interface to minimize the risk of corruption.) I tried those directions twice, and both times failed miserably.

What I ended up doing was first disabling the automatic login to my administrative user by going to system->login screen and telling it to "show the screen for choosing who will log in".

Next I set about the task of creating a new user using the "adduser --encrypt-home tempusername" command, giving that user full sudo privileges by adding him to the admin group, then logging in as the new user. Next I synced my original user's files with the new user's directory (from secure shell, not the graphical login) using the command "sudo rsync -aP --exlude=.Private --exclude=Private --exclude=.ecryptfs /home/username/ /home/tempusername". This copied all the files from the original unencrypted directory to the encrypted new user's subdirectory.

Next I changed ownership to the new user. Probably unnecessary, but I did it for testing purposes; "sudo chown -R tempusername:tempusername *" from the new user's home directory. Then to copy the hidden files, "sudo chown -R tempusername:tempusername .*"

A quick "ls -al" told me that I had caught all the files in the new user's home directory in the net of ownership to the temporary user. I then logged in as the new user on the netbook and lo and behold, my customized color scheme, icons, configuration...all of it...popped up. I checked that my files were intact and happily found that they were.

Next I deleted the old home directory by changing to /home and running "sudo rm -fr username" as well as removing the user from the user management GUI (which just disables the user; home directory is left intact.)


Then I went back to the command line and ran "adduser --encrypt-home username" to create that username again. I verified that /home/.encryptfs now had a home directory for that user then reversed my sync of directories; "sudo rsync -aP --exclude=.Private --exclude=Private --exclude=.ecryptfs /home/tempusername/ /home/username", followed by a "sudo chown -R username:username *" and "sudo chown -R username:username .*" from within username's home directory.
 
Once the sync was complete I logged in on the netbook again and my desktop once again popped up to greet me! Yay!

I then deleted the tempusername from the Users and Groups utility and deleted the subdirectory for TempUsername from /home and /home/.encryptfs; the last one is the actual home directory, where the encrypted files are kept. The "home" directory directly under /home is a mountpoint.

To sum it up, what I ended up doing was creating a new user with an encrypted home directory, copying my data there, then deleting my username and username's home directory and rebuilding it by creating a new user with my old username's name and copying my home directory contents *back* over to the newer username that I just created.

Now when I log in it's using eCryptFS to protect my home directory. Is it particularly user friendly? Not in my opinion. No end user is going to want to sit down and create a "temporary user" to hold data, delete then recreate their username so it will be encrypted.

There was also no built-in way to scrub slack space; my files were deleted, but they're still recoverable to disk utilities. In order to truly delete that old data you need to overwrite the "cleared" space a few times with nonsense data. Over time those files will be naturally erased as I use the computer and other data is added and removed, and without a special utility I'll have to rely on that.

A second problem is that the EEE PC uses a form of flash for storage, like an internal USB thumb drive. From what I understand the cells used to hold the information have a limited "write" lifecycle. The more you write to them, the sooner they'll fail, so controllers use algorithms to write to random spots on the drive to minimise wear on the cells. Running a scrub operation to overwrite the disk spots (and thus make my old data irretrievable) can wear more on the drive and there's no guarantee it's going to actually write where it needs to write to hide old data. Then again, I'm not a storage technology expert, so I don't know if there's a different mechanism at work here or not.

Overall the netbook encryption was more manual and difficult a process than it was on the Mac. If it weren't for my own experience in using Linux, I'd not have been able to easily do it. Even the encrypted home directory feature is not fully advertised in the Ubuntu installer; it's more of a stealth feature being tested internally and by advanced users worried about privacy. This is evident in the fact that to even create the encrypted home directory you have to add the user via the command line since the GUI user manager doesn't have the option. No doubt the feature will appear in a later version of Ubuntu. It'll be interesting to see what the next netbook remix version will bring in options for data protection should my netbook get stolen...

Encrypting Your Laptop: Mac Edition

Here's another chapter in my ongoing experiment with the mobile lifestyle.

Periodically a story crops up about some poor sap having his or her laptop pilfered. The news I get has all sorts of cringe-worthy details...doctors losing their laptops with patient information, accountants, business people...even my own employer has departments with sensitive information going between work and home.

Every time I see the story and the concern of personal data being ripped from the drive and used for identity theft, I laugh and think, "You dolt! Why would  you carry sensitive information on a portable computer without encrypting it?!"

Then I stopped and remembered that I never got around to securing my own work laptop (or the EEE PC). It was always one of those things I "meant" to do but just hadn't bothered, and every time I thought of it I knew it was a bad thing because not only would my equipment be missing but they could get passwords, cached emails, etc. on the system. I'd make yet another mental note to take care of it and promptly procrastinate again.

Well, no longer.

My employer lets me use a MacBook. Here I'll outline how I used the default form of protection, called FileVault.

How do you use it? Open the security preference pane. Go to FileVault. Set the "master password" and turn on FileVault for your account. I strongly advise setting the "Secure delete" to wipe the drive of your unencrypted data after your directory is moved to the encrypted volume.

And that's about it.

FileVault creates an invisible encrypted disk file that is mounted as your home directory; it's a sparse image file that grows as you add more files. When you log in with your password, OS X mounts the image file to your home directory. Everything you save or alter goes into that file. When you log out, it's unmounted.

You can see this if you create another user and try viewing the home directory of your filevaulted user. It's just a bundle of encrypted files.

The secure delete takes care of another issue with deletion and security; when you delete a file, it's just removing a reference to the file. The disk still has the data on it so data recovery utilities will be able to retrieve the data you're trying to encrypt (well, the remnants of your previously unencrypted home directory would be recoverable until it is overwritten with other files in the course of just using the computer.)

The process of secure deleting the slack space of the drive and the moving of your data to the FileVault volume can take quite a bit of time; in my case, a couple hours. On the plus side, I put the computer to sleep when I had to leave the office, and as soon as I woke the computer back up it continued with the secure delete task.

There are some issues with encryption (why must everything be a pain in some way?) Apple has tried to address some of the issues, but it's never simple.

Time machine apparently doesn't like the FileVault. See, attempts to back up the system sees the volume files plus your mounted volume as separate files, confusing the backup system. Plus, since you have those files mounted, they show up as being constantly altered, so time machine will keep trying to copy the sparseimage files, which as soon as your home directory changes triggers a change on the image files which triggers confusion for the backup system again...meaning a simple differential backup can easily be corrupted or take hours when it should have taken minutes.

Apple tried to address this by turning the FileVault image into many smaller images. From what I found online, this helps, but still leaves room for complaints. Fortunately I don't use Time Machine so this didn't affect me.

What does affect me, though, is the use of Carbon Copy Cloner. This is one of the best (free!) utilities I've found for creating backup images of your Mac. The problem is that you confuse the @#$% out of it if you're FileVaulted and logged in. It's trying to copy your drive while you're altering the image files.

The solution is to have an administrative user that isn't FileVaulted, made just for administrative work, then image the drive. That way the FileVault image files are unmounted and untouched and you won't need to worry about corrupting your home directory.

I also need to remember to log off or turn off the laptop if I want data secured. When you're logged in, the volumes are mounted, and so anyone else logged into the computer can read your files. Only when you are logged off and the images are disconnected from the home directory mount point are the files "secured."

The only other complaint I've really run into is that logging off takes longer. Because FileVault uses a disk image, the image can't "shrink" just because you delete files. When you log off OS X will try to shrink slack space in the image and thus recover some space on the drive. If you deleted a lot of data, like gigs of photos, then log off it can take quite a while for the shrinking process to complete.

Overall Apple made it extremely simple to encrypt your home directory. It's all graphical, it's simple, and Apple takes the burden off the end user to figure out the technical workings of encryption. A few clicks, a few passwords, and the rest is largely invisible and "just works". The process took an hour and a half...but an hour and 25 minutes of it was just waiting for it to finish the background copy and scrub of data. OS X let me continue working as if nothing was happening (well, it slowed a little since the drive was given a workout, but I could keep working without issue.)

I can say that barring issues like having the image files become corrupt due to disk or power problems, encrypting your home directory on the Mac has been painless. I've been using it for a week or so without issues with any of my software, including virtualizing Windows in a Virtualbox session.

Next, I tackle encrypting my EEE PC with Ubuntu...

EEE PC: The Experiment Continues

I've been continuing to use the hardy little EEE PC with Ubuntu Netbook Remix on the 701 (4G) model netbook, and so far it's not been too bad.

Yes, the keyboard is still cramped.

But...it's the most portable little thing I've ever used, and the keyboard isn't an issue for extended use when I have it "docked" to a USB hub (with a USB keyboard attached).

Right now I'm waiting for a $65 battery to come in the mail. The current battery is giving me roughly 2-1/2 hours of charge at a time, which is probably average for an older laptop, but a netbook should give at least 4 (if not closer to 6) hours on a full charge. The production date on this unit looks to be around 2007, so I'm not too surprised at the reduced performance if the laptop is physically around 3 years old, even if it didn't get a lot of use before. I'll probably know more once the new battery comes in.

That means that my netbook is going to end up costing me roughly $80 with the keyboard and battery replaced.

I was hesitant to use this as a primary system because there would be limitations. Now that I've used it more, how does it stack up?

Fairly well, I was surprised to learn.

Fairly well in that I have aggravations, but nothing that makes me (so far) throw my hands up and give up. The limitations are a combination of technical and operating system issues.

The aggravations seem to be usability limitations of Linux at times. I'm saying that because most of the limitations I hit with Windows (and I'm a Windows XP fan out of the Windows family; I hate the arbitrary security and DRM limitations that are layered into each subsequent release of Windows with a passion) seem to be architecture and design issues. For example, when Windows gets infected with malware, the easiest, most thorough solution is to wipe the drive and start over. Most malware manages to get its hooks so deeply embedded into the Windows system (or mucking up your profile) that really anything else is a half solution.

Linux, not so much. It either works, or it doesn't. That's its major limitation. It was designed by geeks for use by geeks and damn anyone else...you're just not computer-friendly so it's your own fault.

What limitations am I running into?

I already mentioned flash movies bogging the system down. What do you expect? This tiny miracle has 512 meg of RAM and a fly's sneeze of storage space. I can play one video at a time, and I don't mind being patient when looking at things online most of the time.

Video. I hooked up my external 22" LCD panel to the laptop, and it sees it automatically. Yay! I have it arranged with the LCD in front of me and the laptop on the right. Now, ordinarily, you go into the display properties and tell it to put the big monitor on the left and the built-in display on the right and you're good to go...you can span the mouse across the desktops as if you have one big, wide display. Well, in theory this works. In practice, it throws my EEE into a tizzy.

It will detect the LCD and put it on the right hand side of the netbook, reversing my layout. If I try to put it the other way around, it seems to get confused with where to put the primary display (like the menu bar), and really throws the resolution into a tiz as well. Just totally confuses it. So I end up leaving it reversed and remembering to move the pointer the "wrong" way to get to the correct screen.

Second, there seems to be a slight discrepency in refresh rate. Sometimes it uses 60 hz, sometimes 75 hz. The effect? Anything on the LCD panel gets these tiny, fast moving "wiggles", like goose bumps on meth. It's the visual equivalent to a buzzing. Sometimes restarting the netbook seems to fix this. Doesn't seem to hurt the LCD, but it's annoying if you're looking at the display for long periods of time.

Mounted volumes. I have a 2 gig SD Card in the system to store my files along with 2 external 250 gig drives for backup (well, now semi-permanent storage) connected via the USB hub. The netbooks boots and sees them but doesn't always mount them automatically. I go to the files and folders panel and have to click them each once to get them to mount so I can use them. Why? I have no idea. I discovered it while running my backup script and having it throw an error at me saying that the external drives weren't hooked up even though they had powered up and were showing up in my drive display. The netbook saw them, but wouldn't mount them until I clicked on them. Worked like a charm after that.

These are the kinds of usability problems that annoy me with Linux on the Netbook. I'm reminded of them because I recently had a little project that I was working on; I'm trying to create a relatively simple Visual Basic program for someone where I work, and that means I needed to use a Windows system.

I decided to use the virtualized version I have on a MacBook (1 gig RAM, 2 Ghz processor dual-core, the MacBook black notebook) running on Virtualbox to use Visual Studio Express 2008.

I connected it up to the hub and monitor so I'd have a little more comfort while puzzling out the programming problem. The Mac detected the display and used the proper resolution without issue. It let me place it to the left side of the notebook without a problem.

The computer saw the two external drives but because they are Linux-formatted with the EXT3 filesystem, it couldn't read them, so it offered to erase them. Um...eject...eject...that's not a problem with the Mac, I expected this to happen. Didn't hurt them.

The Mac asked about my keyboard; I had to press two specified keys to identify it, and it was happy after that.

From there...things seem to just work. Display settings, keyboard, mouse...happy. The Mac isn't without warts, but it has more of the end-user experience ironed out, while Linux has more burps and hiccups along the way. It's sad because the Linux system is fantastically secure and capable, but when you run into issues with something that should be simple for the end user like arranging your desktops between two displays, it's extremely frustrating. Especially when I hook up a Mac and am able to alter resolutions and arrangement of displays without losing my desktop, my control programs (which I did on the netbook and had to restart it to have it redetect the proper display resolutions without the 22" display connected), or guessing where my programs went when it decided to place the programs off the display area somewhere.

I should not be afraid to change my display settings! With the Mac I'm not. With the netbook, there's always a little crossing of fingers.

On the other hand, the Mac is heavier, bigger, and not as portable (I guess the heavier and bigger parts sum up as being a little less portable, huh?). It has a spinning disk drive that makes it a little more susceptible to damage if there's a fall or bump, and the larger display increases the chances of having the LCD get damaged as well. Not cheap to fix!

Is it the ideal desktop? The jury is still out. I'll have more as I solidify my judgment more. Right now I'm using the Mac as a web browsing and Windows-virtualizing machine for the project, while my EEE is doing the day-to-day email and web browsing and editing of documents, so I'm comparing the two. But to this point so far the EEE has worked fairly well for the "average" use scenarios. I'd never try virtualizing anything on it, but I rarely have had actual call to do that...

EEE PC: The Great Experiment

I've decided to try something more...interesting...with my technology lifestyle.

I used to keep my primary workstation online 24/7. It's a big monster for a desktop...dual core 2.13 Ghz processor, 2 gig of memory, 3Ware raid card mirroring 2 250 gig hard drives, CD/DVD burner and separate DVD drive (so I could easily copy disks to another blank without hogging the data bus), a slot card reader for reading SD cards and other media cards, nice fast video card driving a 22 inch samsung monitor...overkill for the vast vast majority of home users, but I did occasionally use the system for other things that average home users didn't (virtualization, for one, took a toll on the processor and memory...). It has Ubuntu installed on it, so it was virtually crash proof and was wonderful for most tasks I threw at it. Even three years old it's still above and beyond what most people use in their home, so it's aged quite nicely. I can't recommend the staff at Puget Systems enough for their help and guidance in assembling an affordable Linux machine.

I would connect to the system using secure shell, so I could easily access things like my journal application or files remotely. I could use the remote camera on the system to check on the house when I was away (did the daughter remember to let the dog in? Let's see...).

The thing is that keeping that thing running 24/7 sucks electricity. It also went largely unused most of the time. Sure, handy when I needed it, but otherwise, was it worth having it sit there, sucking up dust and pennies in power?

I've been experimenting with Ubuntu Netbook Remix on a very old EEE PC (the 701/4G unit). It's tiny. It's lightweight. And for specs, just about the only thing it has going for it is that it's really portable and probably takes weather changes and rough handling a lot better than most notebooks (how my daughter managed to still break it...twice...is !@#$ beyond me...).

I sat and thought about this for awhile. Here's what I've been doing lately...
1) edit my novel.
2) email
3) web browsing
4) diving into learning a programming language
5) blogging/filling in my nearly daily journal
6) transfer images from my camera to my hard disk and backing up my digital memories I have hundreds and hundreds of pictures of my 4 year old.

That kind of sums up what I've done with the computer lately.

So I've decided to go for a "grand experiment." I wanted to simplify my life and see if I could turn my computing life into a more mobile life. It wasn't easy. I had a lot of conversations with myself.

What if I needed to use virtualization to use Windows or a clean Ubuntu install? Guess I'll have to use the work-issued Mac.

What if I needed to burn an ISO disc, or create a CD??
Again...use the work-issued Mac. Dude, how often have you been doing that lately anyway?

No much, I guess. But what about editing pictures and movies?
You forgot that you've been doing that with iMovie? That was on the Mac too. And picture editing can be done on the netbook. It's just slower.

What about the keyboard? I can use it, but for everyday work? It'll get frustrating!
That's what you'll use the USB hub for, dummy.

Oh, yeah. I guess so.
Look, most of your utilities...OpenOffice, Adobe Reader, Firefox, Almanah Diary...the stuff on your desktop are also on the netbook. Don't worry.

What about...well, the display?
Plug in your monitor when the netbook is on the desk. We'll see how it works.

And remotely accessing files? If I need something while at Barnes and Noble, or at work?
Um...put the files you normally need on your netbook's SD card. You have a spare 2 gig card sitting in your drawer. You won't need to copy the data if it's with you.

It won't fit all the data, though. My files on the external drives are nearly 100 gig. The netbook has 4 gig of storage, plus 2 from an SD card? That won't be enough.
Calm down. You don't need that stuff. You keep it for reference or access later. The stuff you regularly use is tiny. It'll fit. And when you "dock" it with the USB hub, you have access to that data. I think we can do it.

I sighed, synced my data from the desktop machine to the 2 external hard disks I use for backups, then disconnected my computer completely, moving the mouse and keyboard to the USB hub on the desk. Then I took the CPU to another room where it'll sit undisturbed for awhile, and I'll not have the temptation of taking the easy way out of my experiment.

And now I am using my netbook as my primary machine.

It's not easy...I'm nervous to see how it works. The machine is really tight on space, around 300 meg free on the primary storage drive (and 2 gig on the SD card). The problem is that the system drive is filled from basic applications installed, so it's not easy to try trimming things out.

For my personal data, though, things should work out. I think.

I have a script I run that copies data from my computer to the backup drives; should anything fail, I can take my Western Digital "books" to another Linux computer and access my data (or restore to another machine if I need to replace a computer). I modified that script for its new home on my netbook, adding a metric ton of actual checks so that if a drive isn't mounted it won't run that backup routine (like the media computer; I mount it over the network and copy my podcasts and iTunes purchases to the drives in case the media computer dies (again)). Since my netbook may be out and about or not have the drives plugged in...hey, I forget things a lot, after all...I needed to add checks to the script so it won't delete an entire tree of data just because I forgot to mount something. It was long overdue anyway.

And now I am using the netbook. I'm taking my primary computer with me. I took it to Barnes and Noble last night. I brought it downstairs with me now for exercising while blogging. I dusted most of my desk for the first time in years, which I'm sure the desk appreciated.

So that's my great experiment. I'm approaching it with great trepidation, but I'm taking the plunge...can I, a computer geek, survive using a sub-par computer, placing emphasis on portability over power?

More later...stay tuned!