Encrypting your Laptop: Summary Thoughts

The issue of encrypting your data is far more complicated that I'd like it to be. After doing this on my work laptop running OS X and my personal netbook that I'm using as a "portable computing experiment," I can say there is significant difference in the experience.

I used the "default" methods for encrypting these systems. There are many options if you research online; Truecrypt is popular and cross-platform, EncFS can be used on Linux and OS X but takes some Terminal Fu to accomplish, dm_crypt on Linux,...options abound.

But here's why I chose the "Default" methods; they work. They're supported (in this case by Apple and Canonical). When you upgrade the operating system, there's a far better chance that the encryption isn't going to break the new installation.

The problem is that these encryption techniques are still with trade-offs, partially because of the way these encryption techniques are implemented.

Both FileVault and EcryptFS as implemented here encrypt just the home directory. This means that anything in the temporary directory or in the log files are accessible, as is the swap partition, which can hold data that was in memory and could have sensitive information tucked among the crud. The good news is that odds are very good, since Linux and OS X are "UNIX-based" in design, that your personal data is contained within the home directory.

When you log in, the encrypted volumes are mounted so you can access the data. This means that when you're logged in malicious software can access your unencrypted data. In other words, encryption isn't a cure-all for security.

EcryptFS on Ubuntu stores your files as files on top of the filesystem. This means that if I were to look at my username's files when that username is logged off, say, by logging in as root, the files look like gobbledeygook. Each "real" file appears as a string of nonsense. There's a one to one correspondence...the encrypted file will still allow a nosebag to see when I created the file or last accessed the file, the approximate size of the file, basically they can get a lot of metadata without seeing the actual content or name of the file. This means that it's a lot easier to back up the files to another media.

FileVault is implemented using a "filesystem within a file". If I log in as my secondary user (more on that shortly) I see a huge number of files that comprise a sparse disk image. When I log in as my normal user, OS X takes the image files and combines them into one big container, and my files are contained within that container file. (To be more accurate, the many files are contained in a bundle, so within Finder you only see the top level bundle).

The reason the FileVault image was broken into many smaller files was because of an issue with Time Machine. Originally the encrypted volume was one giant file. If the user was logged in and then a backup was run, the backup will see that giant file has changed whenever even a tiny change was made in your home directory (since your home directory was actually contained in that giant container file). Apparently users got irritated at backups that took hours to complete when only a couple of documents changed.

Later versions of OS X changed the single giant volume into a number of smaller files. That way one small change doesn't trigger a backup of an entire multi-gigabyte file repeatedly but rather a single chunk of the volume.

In contrast, the EcryptFS method of using a one-to-one file encryption means that backups are simpler and faster. You alter one document, that file is the only one that changed and thus the nonsense-i-tized file will be backed up to your storage media.

It's also because of the OS X "container" approach that when using a utility like Carbon Copy Cloner for making images and backups of your computer that Bombich Software recommends you make sure you're logged out of any FileVaulted accounts. On the OS X system I had to create a second administrative user to do backups from.

Neither solution gives full-drive encryption, arguably the most secure. It is possible to configure a new Ubuntu system to encrypt an entire volume at installation time, but to do so means installing from the alternate installation CD. Not exactly user-friendly. So you balance security and convenience, accepting that anything in the temporary caches outside the home directory or anything in swap area could be recovered. On the other hand this means less of a performance penalty for accessing routine system files, since any encryption means having the CPU jump through more hurdles to decrypt information before you can access it.

Encryption adds a layer of security in case your notebook is stolen. The price is that it also adds a layer of complexity. Recovering your data in the event of drive corruption is far more difficult, and in the case of FileVault, if part of that container file is damaged you will most likely lose everything in your home directory. This makes having a backup even more important. Encryption adds processor overhead, so it slows the computer.

One last point I have is that these only encrypt the home directory. Since I'm using a netbook, my expansion storage area on the SD Card or USB drive is not encrypted. If I have that with my netbook case and they're both stolen, anything on those secondary drives is open to theft. I'm sure I could find a way to encrypt the data on those drives, but then if I needed to share data with another computer or use the drives with another computer, they couldn't use it since that system probably doesn't have the same encryption scheme installed. I also make heavy use of external drives at home for expanded space and backups, and they are not encrypted.

I do think that while FileVault has detractors...there are many on the Internet claiming that it will eventually destroy your data, and they decry the shortcomings of only encrypting the home directory...Apple has made the process braindead simple. When it comes to something like encryption, options are definitely a bad thing for end users. People want to accomplish a task. They don't want to have to weigh options and choose the "correct" answer among a sea of possibilities. With the Snow Leopard version, they get protection for the home directory, the protection is implemented in-place so they don't need to move their files around to a special encrypted directory or temporary holding area, the slack space can be securely wiped after the change is made, and they don't need to play with configuration files or the command line to set up details like automatically mounting the home directory, and since it's a standard OS X feature, chances are that new versions of OS X aren't going to render your home directory inaccessible.

The EcryptFS doesn't necessarily have detractors, but for a reason that is itself a criticism...it's not widely used. Linux has a small base of users compared to Windows (or Mac OS X), and an even smaller percent of those users are even aware of the existence of encrypted home directories. It's a feature that's probably not widely implemented in the wild.

I didn't talk about Windows encryption because I don't use it. Windows has had encryption support for some time now and third-party support is, predictably, even more mature (for example, TrueCrypt supports full-disk encryption for Windows, but not for Linux or OS X). But Windows is what I work with in my day job. And it drives me nuts. And one thing encryption will not protect you from is spying when you're already logged in with access to your encrypted volume, and the market for malware on Windows is more mature than the malware market for Linux and OS X as well.

What does that mean? It means that if spyware gets installed while you're logged in, the disk encryption can't prevent that spyware from uploading your documents or opening the machine to remote access to an attacker. The encryption only guards you from having your data stolen if your laptop is stolen; the attacker looks at your hard drive and finds nonsense instead of your banking information if they don't have your password.

It's all a balancing act. The two operating systems I am implementing encryption on stay true to their roots. OS X made it simple and painless. Linux makes it a hidden feature for people who dig under the surface to find the Easter eggs. Neither one is a panacea but are instead an added layer of security.

Encrypting Your Laptop: EEE PC (Ubuntu Netbook Remix) Edition

Continuing from my previous post regarding encrypting my employer-issued Mac, here I describe the experience of encrypting my netbook running, as the title says, Ubuntu Netbook Remix.

OS X includes FileVault for encrypting your home directory and is braindead simple to implement. It allows for live home directory encryption; that is, if you have the space available on your laptop and turn on FileVault, you don't have to do anything to your directory that involves copying or manipulating your files in order to get protection. Most of the time was spent just sitting and waiting while the laptop went ahead and started altering my home directory for me.

Ubuntu...not quite so much.

It's not fair to say that Linux makes it completely difficult to implement encrypted home directories. The latest versions of Ubuntu supports eCryptfs, the encrypted filesystem. This is built on the FUSE filesystem which allows users to mount "plugin"-supported filesystems (FUSE is a topic all of its own; I can use FUSE to do neat things like mount a SSHFS filesystem, a mount over secure shell. I used to do this to gain access to my home computer's files as if they were mounted locally on my work computer's directory tree.)

The main problem I ran into was that Ubuntu's supported home directory encryption was meant for implementation when users are newly created or when the system is being set up. There is no "live migration" as of Ubuntu 9.10.

There were instructions that were supposed to support a manual move to an encrypted home directory. I had a second computer, so I logged off of my netbook and secure shelled into the system from another system (you can't have files being accessed while you're trying to move them from your home directory, and part of the instructions tells you to log off the graphical interface to minimize the risk of corruption.) I tried those directions twice, and both times failed miserably.

What I ended up doing was first disabling the automatic login to my administrative user by going to system->login screen and telling it to "show the screen for choosing who will log in".

Next I set about the task of creating a new user using the "adduser --encrypt-home tempusername" command, giving that user full sudo privileges by adding him to the admin group, then logging in as the new user. Next I synced my original user's files with the new user's directory (from secure shell, not the graphical login) using the command "sudo rsync -aP --exlude=.Private --exclude=Private --exclude=.ecryptfs /home/username/ /home/tempusername". This copied all the files from the original unencrypted directory to the encrypted new user's subdirectory.

Next I changed ownership to the new user. Probably unnecessary, but I did it for testing purposes; "sudo chown -R tempusername:tempusername *" from the new user's home directory. Then to copy the hidden files, "sudo chown -R tempusername:tempusername .*"

A quick "ls -al" told me that I had caught all the files in the new user's home directory in the net of ownership to the temporary user. I then logged in as the new user on the netbook and lo and behold, my customized color scheme, icons, configuration...all of it...popped up. I checked that my files were intact and happily found that they were.

Next I deleted the old home directory by changing to /home and running "sudo rm -fr username" as well as removing the user from the user management GUI (which just disables the user; home directory is left intact.)


Then I went back to the command line and ran "adduser --encrypt-home username" to create that username again. I verified that /home/.encryptfs now had a home directory for that user then reversed my sync of directories; "sudo rsync -aP --exclude=.Private --exclude=Private --exclude=.ecryptfs /home/tempusername/ /home/username", followed by a "sudo chown -R username:username *" and "sudo chown -R username:username .*" from within username's home directory.
 
Once the sync was complete I logged in on the netbook again and my desktop once again popped up to greet me! Yay!

I then deleted the tempusername from the Users and Groups utility and deleted the subdirectory for TempUsername from /home and /home/.encryptfs; the last one is the actual home directory, where the encrypted files are kept. The "home" directory directly under /home is a mountpoint.

To sum it up, what I ended up doing was creating a new user with an encrypted home directory, copying my data there, then deleting my username and username's home directory and rebuilding it by creating a new user with my old username's name and copying my home directory contents *back* over to the newer username that I just created.

Now when I log in it's using eCryptFS to protect my home directory. Is it particularly user friendly? Not in my opinion. No end user is going to want to sit down and create a "temporary user" to hold data, delete then recreate their username so it will be encrypted.

There was also no built-in way to scrub slack space; my files were deleted, but they're still recoverable to disk utilities. In order to truly delete that old data you need to overwrite the "cleared" space a few times with nonsense data. Over time those files will be naturally erased as I use the computer and other data is added and removed, and without a special utility I'll have to rely on that.

A second problem is that the EEE PC uses a form of flash for storage, like an internal USB thumb drive. From what I understand the cells used to hold the information have a limited "write" lifecycle. The more you write to them, the sooner they'll fail, so controllers use algorithms to write to random spots on the drive to minimise wear on the cells. Running a scrub operation to overwrite the disk spots (and thus make my old data irretrievable) can wear more on the drive and there's no guarantee it's going to actually write where it needs to write to hide old data. Then again, I'm not a storage technology expert, so I don't know if there's a different mechanism at work here or not.

Overall the netbook encryption was more manual and difficult a process than it was on the Mac. If it weren't for my own experience in using Linux, I'd not have been able to easily do it. Even the encrypted home directory feature is not fully advertised in the Ubuntu installer; it's more of a stealth feature being tested internally and by advanced users worried about privacy. This is evident in the fact that to even create the encrypted home directory you have to add the user via the command line since the GUI user manager doesn't have the option. No doubt the feature will appear in a later version of Ubuntu. It'll be interesting to see what the next netbook remix version will bring in options for data protection should my netbook get stolen...

Encrypting Your Laptop: Mac Edition

Here's another chapter in my ongoing experiment with the mobile lifestyle.

Periodically a story crops up about some poor sap having his or her laptop pilfered. The news I get has all sorts of cringe-worthy details...doctors losing their laptops with patient information, accountants, business people...even my own employer has departments with sensitive information going between work and home.

Every time I see the story and the concern of personal data being ripped from the drive and used for identity theft, I laugh and think, "You dolt! Why would  you carry sensitive information on a portable computer without encrypting it?!"

Then I stopped and remembered that I never got around to securing my own work laptop (or the EEE PC). It was always one of those things I "meant" to do but just hadn't bothered, and every time I thought of it I knew it was a bad thing because not only would my equipment be missing but they could get passwords, cached emails, etc. on the system. I'd make yet another mental note to take care of it and promptly procrastinate again.

Well, no longer.

My employer lets me use a MacBook. Here I'll outline how I used the default form of protection, called FileVault.

How do you use it? Open the security preference pane. Go to FileVault. Set the "master password" and turn on FileVault for your account. I strongly advise setting the "Secure delete" to wipe the drive of your unencrypted data after your directory is moved to the encrypted volume.

And that's about it.

FileVault creates an invisible encrypted disk file that is mounted as your home directory; it's a sparse image file that grows as you add more files. When you log in with your password, OS X mounts the image file to your home directory. Everything you save or alter goes into that file. When you log out, it's unmounted.

You can see this if you create another user and try viewing the home directory of your filevaulted user. It's just a bundle of encrypted files.

The secure delete takes care of another issue with deletion and security; when you delete a file, it's just removing a reference to the file. The disk still has the data on it so data recovery utilities will be able to retrieve the data you're trying to encrypt (well, the remnants of your previously unencrypted home directory would be recoverable until it is overwritten with other files in the course of just using the computer.)

The process of secure deleting the slack space of the drive and the moving of your data to the FileVault volume can take quite a bit of time; in my case, a couple hours. On the plus side, I put the computer to sleep when I had to leave the office, and as soon as I woke the computer back up it continued with the secure delete task.

There are some issues with encryption (why must everything be a pain in some way?) Apple has tried to address some of the issues, but it's never simple.

Time machine apparently doesn't like the FileVault. See, attempts to back up the system sees the volume files plus your mounted volume as separate files, confusing the backup system. Plus, since you have those files mounted, they show up as being constantly altered, so time machine will keep trying to copy the sparseimage files, which as soon as your home directory changes triggers a change on the image files which triggers confusion for the backup system again...meaning a simple differential backup can easily be corrupted or take hours when it should have taken minutes.

Apple tried to address this by turning the FileVault image into many smaller images. From what I found online, this helps, but still leaves room for complaints. Fortunately I don't use Time Machine so this didn't affect me.

What does affect me, though, is the use of Carbon Copy Cloner. This is one of the best (free!) utilities I've found for creating backup images of your Mac. The problem is that you confuse the @#$% out of it if you're FileVaulted and logged in. It's trying to copy your drive while you're altering the image files.

The solution is to have an administrative user that isn't FileVaulted, made just for administrative work, then image the drive. That way the FileVault image files are unmounted and untouched and you won't need to worry about corrupting your home directory.

I also need to remember to log off or turn off the laptop if I want data secured. When you're logged in, the volumes are mounted, and so anyone else logged into the computer can read your files. Only when you are logged off and the images are disconnected from the home directory mount point are the files "secured."

The only other complaint I've really run into is that logging off takes longer. Because FileVault uses a disk image, the image can't "shrink" just because you delete files. When you log off OS X will try to shrink slack space in the image and thus recover some space on the drive. If you deleted a lot of data, like gigs of photos, then log off it can take quite a while for the shrinking process to complete.

Overall Apple made it extremely simple to encrypt your home directory. It's all graphical, it's simple, and Apple takes the burden off the end user to figure out the technical workings of encryption. A few clicks, a few passwords, and the rest is largely invisible and "just works". The process took an hour and a half...but an hour and 25 minutes of it was just waiting for it to finish the background copy and scrub of data. OS X let me continue working as if nothing was happening (well, it slowed a little since the drive was given a workout, but I could keep working without issue.)

I can say that barring issues like having the image files become corrupt due to disk or power problems, encrypting your home directory on the Mac has been painless. I've been using it for a week or so without issues with any of my software, including virtualizing Windows in a Virtualbox session.

Next, I tackle encrypting my EEE PC with Ubuntu...

EEE PC: The Experiment Continues

I've been continuing to use the hardy little EEE PC with Ubuntu Netbook Remix on the 701 (4G) model netbook, and so far it's not been too bad.

Yes, the keyboard is still cramped.

But...it's the most portable little thing I've ever used, and the keyboard isn't an issue for extended use when I have it "docked" to a USB hub (with a USB keyboard attached).

Right now I'm waiting for a $65 battery to come in the mail. The current battery is giving me roughly 2-1/2 hours of charge at a time, which is probably average for an older laptop, but a netbook should give at least 4 (if not closer to 6) hours on a full charge. The production date on this unit looks to be around 2007, so I'm not too surprised at the reduced performance if the laptop is physically around 3 years old, even if it didn't get a lot of use before. I'll probably know more once the new battery comes in.

That means that my netbook is going to end up costing me roughly $80 with the keyboard and battery replaced.

I was hesitant to use this as a primary system because there would be limitations. Now that I've used it more, how does it stack up?

Fairly well, I was surprised to learn.

Fairly well in that I have aggravations, but nothing that makes me (so far) throw my hands up and give up. The limitations are a combination of technical and operating system issues.

The aggravations seem to be usability limitations of Linux at times. I'm saying that because most of the limitations I hit with Windows (and I'm a Windows XP fan out of the Windows family; I hate the arbitrary security and DRM limitations that are layered into each subsequent release of Windows with a passion) seem to be architecture and design issues. For example, when Windows gets infected with malware, the easiest, most thorough solution is to wipe the drive and start over. Most malware manages to get its hooks so deeply embedded into the Windows system (or mucking up your profile) that really anything else is a half solution.

Linux, not so much. It either works, or it doesn't. That's its major limitation. It was designed by geeks for use by geeks and damn anyone else...you're just not computer-friendly so it's your own fault.

What limitations am I running into?

I already mentioned flash movies bogging the system down. What do you expect? This tiny miracle has 512 meg of RAM and a fly's sneeze of storage space. I can play one video at a time, and I don't mind being patient when looking at things online most of the time.

Video. I hooked up my external 22" LCD panel to the laptop, and it sees it automatically. Yay! I have it arranged with the LCD in front of me and the laptop on the right. Now, ordinarily, you go into the display properties and tell it to put the big monitor on the left and the built-in display on the right and you're good to go...you can span the mouse across the desktops as if you have one big, wide display. Well, in theory this works. In practice, it throws my EEE into a tizzy.

It will detect the LCD and put it on the right hand side of the netbook, reversing my layout. If I try to put it the other way around, it seems to get confused with where to put the primary display (like the menu bar), and really throws the resolution into a tiz as well. Just totally confuses it. So I end up leaving it reversed and remembering to move the pointer the "wrong" way to get to the correct screen.

Second, there seems to be a slight discrepency in refresh rate. Sometimes it uses 60 hz, sometimes 75 hz. The effect? Anything on the LCD panel gets these tiny, fast moving "wiggles", like goose bumps on meth. It's the visual equivalent to a buzzing. Sometimes restarting the netbook seems to fix this. Doesn't seem to hurt the LCD, but it's annoying if you're looking at the display for long periods of time.

Mounted volumes. I have a 2 gig SD Card in the system to store my files along with 2 external 250 gig drives for backup (well, now semi-permanent storage) connected via the USB hub. The netbooks boots and sees them but doesn't always mount them automatically. I go to the files and folders panel and have to click them each once to get them to mount so I can use them. Why? I have no idea. I discovered it while running my backup script and having it throw an error at me saying that the external drives weren't hooked up even though they had powered up and were showing up in my drive display. The netbook saw them, but wouldn't mount them until I clicked on them. Worked like a charm after that.

These are the kinds of usability problems that annoy me with Linux on the Netbook. I'm reminded of them because I recently had a little project that I was working on; I'm trying to create a relatively simple Visual Basic program for someone where I work, and that means I needed to use a Windows system.

I decided to use the virtualized version I have on a MacBook (1 gig RAM, 2 Ghz processor dual-core, the MacBook black notebook) running on Virtualbox to use Visual Studio Express 2008.

I connected it up to the hub and monitor so I'd have a little more comfort while puzzling out the programming problem. The Mac detected the display and used the proper resolution without issue. It let me place it to the left side of the notebook without a problem.

The computer saw the two external drives but because they are Linux-formatted with the EXT3 filesystem, it couldn't read them, so it offered to erase them. Um...eject...eject...that's not a problem with the Mac, I expected this to happen. Didn't hurt them.

The Mac asked about my keyboard; I had to press two specified keys to identify it, and it was happy after that.

From there...things seem to just work. Display settings, keyboard, mouse...happy. The Mac isn't without warts, but it has more of the end-user experience ironed out, while Linux has more burps and hiccups along the way. It's sad because the Linux system is fantastically secure and capable, but when you run into issues with something that should be simple for the end user like arranging your desktops between two displays, it's extremely frustrating. Especially when I hook up a Mac and am able to alter resolutions and arrangement of displays without losing my desktop, my control programs (which I did on the netbook and had to restart it to have it redetect the proper display resolutions without the 22" display connected), or guessing where my programs went when it decided to place the programs off the display area somewhere.

I should not be afraid to change my display settings! With the Mac I'm not. With the netbook, there's always a little crossing of fingers.

On the other hand, the Mac is heavier, bigger, and not as portable (I guess the heavier and bigger parts sum up as being a little less portable, huh?). It has a spinning disk drive that makes it a little more susceptible to damage if there's a fall or bump, and the larger display increases the chances of having the LCD get damaged as well. Not cheap to fix!

Is it the ideal desktop? The jury is still out. I'll have more as I solidify my judgment more. Right now I'm using the Mac as a web browsing and Windows-virtualizing machine for the project, while my EEE is doing the day-to-day email and web browsing and editing of documents, so I'm comparing the two. But to this point so far the EEE has worked fairly well for the "average" use scenarios. I'd never try virtualizing anything on it, but I rarely have had actual call to do that...

EEE PC: The Great Experiment

I've decided to try something more...interesting...with my technology lifestyle.

I used to keep my primary workstation online 24/7. It's a big monster for a desktop...dual core 2.13 Ghz processor, 2 gig of memory, 3Ware raid card mirroring 2 250 gig hard drives, CD/DVD burner and separate DVD drive (so I could easily copy disks to another blank without hogging the data bus), a slot card reader for reading SD cards and other media cards, nice fast video card driving a 22 inch samsung monitor...overkill for the vast vast majority of home users, but I did occasionally use the system for other things that average home users didn't (virtualization, for one, took a toll on the processor and memory...). It has Ubuntu installed on it, so it was virtually crash proof and was wonderful for most tasks I threw at it. Even three years old it's still above and beyond what most people use in their home, so it's aged quite nicely. I can't recommend the staff at Puget Systems enough for their help and guidance in assembling an affordable Linux machine.

I would connect to the system using secure shell, so I could easily access things like my journal application or files remotely. I could use the remote camera on the system to check on the house when I was away (did the daughter remember to let the dog in? Let's see...).

The thing is that keeping that thing running 24/7 sucks electricity. It also went largely unused most of the time. Sure, handy when I needed it, but otherwise, was it worth having it sit there, sucking up dust and pennies in power?

I've been experimenting with Ubuntu Netbook Remix on a very old EEE PC (the 701/4G unit). It's tiny. It's lightweight. And for specs, just about the only thing it has going for it is that it's really portable and probably takes weather changes and rough handling a lot better than most notebooks (how my daughter managed to still break it...twice...is !@#$ beyond me...).

I sat and thought about this for awhile. Here's what I've been doing lately...
1) edit my novel.
2) email
3) web browsing
4) diving into learning a programming language
5) blogging/filling in my nearly daily journal
6) transfer images from my camera to my hard disk and backing up my digital memories I have hundreds and hundreds of pictures of my 4 year old.

That kind of sums up what I've done with the computer lately.

So I've decided to go for a "grand experiment." I wanted to simplify my life and see if I could turn my computing life into a more mobile life. It wasn't easy. I had a lot of conversations with myself.

What if I needed to use virtualization to use Windows or a clean Ubuntu install? Guess I'll have to use the work-issued Mac.

What if I needed to burn an ISO disc, or create a CD??
Again...use the work-issued Mac. Dude, how often have you been doing that lately anyway?

No much, I guess. But what about editing pictures and movies?
You forgot that you've been doing that with iMovie? That was on the Mac too. And picture editing can be done on the netbook. It's just slower.

What about the keyboard? I can use it, but for everyday work? It'll get frustrating!
That's what you'll use the USB hub for, dummy.

Oh, yeah. I guess so.
Look, most of your utilities...OpenOffice, Adobe Reader, Firefox, Almanah Diary...the stuff on your desktop are also on the netbook. Don't worry.

What about...well, the display?
Plug in your monitor when the netbook is on the desk. We'll see how it works.

And remotely accessing files? If I need something while at Barnes and Noble, or at work?
Um...put the files you normally need on your netbook's SD card. You have a spare 2 gig card sitting in your drawer. You won't need to copy the data if it's with you.

It won't fit all the data, though. My files on the external drives are nearly 100 gig. The netbook has 4 gig of storage, plus 2 from an SD card? That won't be enough.
Calm down. You don't need that stuff. You keep it for reference or access later. The stuff you regularly use is tiny. It'll fit. And when you "dock" it with the USB hub, you have access to that data. I think we can do it.

I sighed, synced my data from the desktop machine to the 2 external hard disks I use for backups, then disconnected my computer completely, moving the mouse and keyboard to the USB hub on the desk. Then I took the CPU to another room where it'll sit undisturbed for awhile, and I'll not have the temptation of taking the easy way out of my experiment.

And now I am using my netbook as my primary machine.

It's not easy...I'm nervous to see how it works. The machine is really tight on space, around 300 meg free on the primary storage drive (and 2 gig on the SD card). The problem is that the system drive is filled from basic applications installed, so it's not easy to try trimming things out.

For my personal data, though, things should work out. I think.

I have a script I run that copies data from my computer to the backup drives; should anything fail, I can take my Western Digital "books" to another Linux computer and access my data (or restore to another machine if I need to replace a computer). I modified that script for its new home on my netbook, adding a metric ton of actual checks so that if a drive isn't mounted it won't run that backup routine (like the media computer; I mount it over the network and copy my podcasts and iTunes purchases to the drives in case the media computer dies (again)). Since my netbook may be out and about or not have the drives plugged in...hey, I forget things a lot, after all...I needed to add checks to the script so it won't delete an entire tree of data just because I forgot to mount something. It was long overdue anyway.

And now I am using the netbook. I'm taking my primary computer with me. I took it to Barnes and Noble last night. I brought it downstairs with me now for exercising while blogging. I dusted most of my desk for the first time in years, which I'm sure the desk appreciated.

So that's my great experiment. I'm approaching it with great trepidation, but I'm taking the plunge...can I, a computer geek, survive using a sub-par computer, placing emphasis on portability over power?

More later...stay tuned!

More on the EEE PC

I had previously posted that I was confiscating my teenage daughter's EEE PC (the 4G model, also known as the 701) because:
A) she abuses technology in ways I didn't think was possible
B) she never uses it
C) she broke the keyboard, after having it sent back for a factory repair on a power/motherboard issue
D) she consistently had it falling on the floor and it was never her fault, it was always her little brother's fault that the power cable was strung across the room and the hyperactive 4 year old would stumble over said power cable.

So I thought I'd take it and try using it. The new keyboard came in (remarkably affordable off an Amazon third-party reseller, only $15). I also had said that I erased the Asus-supplied Linux version in favor of the Ubuntu Netbook Remix from Canonical; essentially Ubuntu with a graphical shell better suited to netbook desktop real estate. That means it's actually kept up to date (boo Asus!) and it was in parity with my desktop Ubuntu system in regards to updates and fixes and applications that can be installed.

I've been using it on and off for a few days and thought I'd do a quick revisit.

First, the keyboard install wasn't that bad. There are three tiny meal clips that you have to push back, located along the top of the keyboard (near the pause, f6, and ~ keys). They kind of felt chincy in the quality, and I think I managed to scratch them, is they don't look like they're holding the keyboard very securely but the keyboard hasn't fallen off yet so...I'm going with it.

Once the clips are pushed back you lift the keyboard and slide it out of the tray slightly. There's a ribbon that is held in with two slider clips; you push the clips back towards the display (parallel to the motherboard) to release the plastic ribbon and the keyboard comes right off. Slide the new ribbon in, lock it, slide the keyboard in place, and pry the clips back over the keyboard and it's done.

Now the bigger challenge. I haven't used it to edit my novel yet, but I have done some web browsing and watching movie clips (avi, mpg, flv...) to see what it can do. The 701 has only 512 meg of RAM and a ~900 Mhz processor, and storage is a premium, so how did it handle things?

Web browsing; it's running Ubuntu, so it has the latest Firefox available (with the flash blocker to stop ads; helps with processor power too). Because of the slower processor, you shouldn't try watching more than one video at a time. You shouldn't even scroll while a flash-based player is playing or the video stutters and starts caching a bit. It's not like I'm doing high-end HD video crunching and the performance was something I found to be acceptable. There is a bit of juggling to get multiple tabs to work well and some videos don't scale properly to the oddly proportioned display resolution. Overall, web browsing is acceptable, but I'd not be beyond trying an iPad as a web browsing tool primarily due to screen real estate.

The video watching was a test in seeing what it could handle with codecs. I stuck some movies of different formats on a 2 gig SD card and tried playing them. The built-in movie player application threw up a huge number of "plugin needed" errors, then would try to download new plugins to handle various codecs. I then opened a terminal and ran "sudo apt-get install vlc" to install the VLC movie player, which handled a larger array of formats and handled them well. I had one case where the plugin installer hung on the display (movie player, not VLC related). I couldn't move it and even though the interface was responding in the background I didn't know how to get a process list up to kill the offending application or how to bring up a terminal to kill the process or how to bring up another desktop to get to a process manager from there, so my options were limited to logging in from another computer using SSH or use Control-Alt-Delete to restart the EEE. I restarted it. Not that it takes that long, but it was annoying. I need to figure out how to use a shortcut to get to another desktop or bring up a terminal session.

Other than that movies played half-decently. Surprising.

And the most obvious: keyboard evaluation. The keyboard is indeed something to get used to. Especially when you're built like a fridge, like I am. I had quite a bit of trouble not hitting the right-arrow key instead of shift, which was a pain when I tried using a spreadsheet I created in OpenOffice. But I knew this would take some work to get used to, and I'm trying to give it time (like editing my novel on it...can I get used to the annoyance?)

Any other surprises? I'm continually surprised at the software this little thing can run. I may have already mentioned that I installed SSH and SSHD, so I can use secure shell to log into it from another Unix machine (or Windows using PuTTY). It's weird to think I'm remotely logging into this thing the size of a paperback book and then install software or alter files from a remote system. I can also use the FUSE filesystem with the SSHFS module to mount other filesystems (or the EEE's filesystem) using secure shell, so I can edit and manipulate remote files as if they were local.

I also installed Synergy. If you're not familiar with it, it's a GREAT application for people with multiple computers in the same area. I wrote about it before but here's a quick overview: it's a software KVM without the V.

Scenario: as I type this I'm using my desktop computer to enter text on the blog. Sitting next to my keyboard is the EEE. I'm bouncing between the blog and the EEE to do updates as well as configure a few things on the EEE. Rather than stopping what I'm doing and task switching to the tiny keyboard and touchpad of the EEE, I am using Synergy on the netbook and the Synergy Server on my desktop to link the two computers. I just slide the mouse off the left side off my desktop computer and the mouse "appears" on the EEE display, meaning now my keyboard and mouse are focused on the EEE. I type and the characters are on the EEE. I move the mouse, the pointer moves on the EEE. I slide the mouse off the right hand side of the EEE's display, and my mouse reappears on my desktop computer's display.

Neat, huh? Neater still is I can have four computers do this off the "Synergy Server" computer: top, bottom, left and right. And thanks to secure shell, I can encrypt the connection so the connection links are cryptographically secure.

It's a neat way to do work on the desktop and laptops at the same time, and the software (ssh, synergy, etc.) are all in the Ubuntu repos (and synergy itself is cross platform, so you can mix and match Linux, Windows and OS X clients and servers).

The keyboard is definitely annoying at times; I'm working to adapt to it, so I'm going to reserve judgment for the moment. In the meantime I'll note that the EEE has managed to recognize and use a USB keyboard without problem, just as it has recognized a USB CD burner (how I installed Ubuntu NR in the first place) and the SD card and a USB memory stick without issues.

The thing that is simultaneously neat and a bullet in the foot is that this is, for all practical purposes, Ubuntu Linux on a miniature PC. It can do a huge number of things, but it sometimes takes some stretching and bending to accomplish them.

For example, installing Synergy, VLC, and SSH were straight from the repos, no real work necessary (if you're used to Ubuntu, anyway). Just select and install. Or from the terminal, issue the apropos apt-get command. But the new interface tries to hide the ability to access multiple desktop workspaces (kind of like virtual desktops). Hitting control-alt- will select a new desktop so I can organize my applications, or in the case of the one app getting "stuck" I might have been able to switch to another desktop to pull up the terminal and regain practical control of my EEE. When I tried it, it wouldn't let me. Just kept telling me I had one workspace.

But...it could do it. It does support multiple workspaces. It just wouldn't let me because it was configured for one, which is a sensible default when the screen is this tiny, I suppose. I couldn't use the workspace manager to configure a new desktop the way I do on my desktop because that "useless" interface was removed for the streamlined Netbook Remix interface.

So the fix is to open a terminal and enter the command "gconftool-2 -s /apps/metacity/
general/num_workspaces 4 --type int" where the 4 is the number of workspaces I want. Intuitive? Heck no. It was a total Google job to find this solution.

And now I have 4 workspaces. But here's the thing; I'm mixed on this feature. The fact is that a tiny device like this is kind of stretching the computer metaphor. Now small can you make a computer before the desktop paradigms become stretched too thin? I'm multitasking desktop applications on something I can barely type on because the keyboard's too small, with a processor that is being pushed to it's limits if I have OpenOffice open and a web browser playing YouTube videos at the same time, with RAM that is furiously juggled because it's only 512 meg. The graphics subsystem can barely handle itself let alone adding the 3-D candy of Compiz (which is turned off, but seems to be available as an option).

In short there are a number of features on the EEE that are probably inappropriate for the platform but are available, taking up memory space or storage space (which is a premium on this little thing), just as they are available on my desktop. Is it really necessary to have the same features on a 512 meg 900Mhz system with 4 gig of storage and a all-in-one design the size of a paperback book as my dual-core 2.13 Ghz desktop with 2 gig of RAM and 200+ gig of storage?

Probably not, at least not for the average user. Still, I can connect a USB hub to the EEE, and from that have a printer, keyboard and mouse, and I can hook up an external monitor, even if the resolution isn't all that great due to limitations of the graphics processor. In other words, the EEE can be a really portable computer for going between work and home with emergency access to my data stored on it when I'm in between "docks".

That's the only reason I could see for using netbooks like this with features that don't really scale down this small; portable desktops where you can dock it for convenient access, while still having access to your data while out at the coffee shop.

I'm still using it and adapting to it. I find myself leaning on the Mac laptop still for things because while it's not as small or light, it does just work, and I'm not fighting frustration with the keyboard.

But I did swear I was going to give the mini-keyboard a shot...so look forward to another installment of triple-EEE info in the near future!

Playing With an Asus EEE PC

Way back when we first started getting the house situated, we worked on a way to get everyone online.

My wife got a Mac laptop, a white MacBook, now about three years old or so.

I bought a desktop, a really killer Linux system with RAID and the whole shebang. I also have a belongs-to-the-day-job black MacBook.

My toddler son got a destined-to-be-scrapped Mac G5, which was top of the line before Apple moved to Intel processors but today was adequate for playing DVD's and playing online flash games, which are the two things he pretty much limits himself to doing.

My daughter, a teenager, klutzy and at times rather irresponsible (she's destroyed somewhere between three and five phones in a year and a half and she's responsible for replacing them herself...and she still doesn't take better care of them) got an EEE PC. A netbook. I thought it would be perfect as a starter laptop for her; it has USB ports so she could use a USB keyboard and mouse to work on papers, it's tiny so she could curl up in a corner somewhere to work on whatever she's working on, works on the wireless network, runs Linux so it's nearly immune to most of the crud out there targeting Windows, and it has a solid state disk, making storage a premium but for what she does it shouldn't matter. The tradeoff was no moving parts so it could take a little more rough handling without the heads of the drive crashing since an SSD drive doesn't have heads or platters to crash.

I was wrong. She managed to damage it once, killing the power supply, necessitating a trip back to the factory. Then months later we notice that she's using her brother's computer more and more; what's wrong with your triple-E?

"The keyboard doesn't work right..."

sigh

I look at the thing. She's dropped it so many times that I feel bad for it. Of course, it's her brother's fault, the four year old tripped over the power cable that she would string across a room; I can see it happening once, maybe twice, but there comes a point where you learn to not string things at ankle level lest electronics go flying, wouldn't you think?

True enough, some of the keys are dead. IThe function keys for the fake number pad function isn't causing it. A reinstall of the software (she hardly did anything to customize the thing) didn't affect it, so it wasn't a software setting. I disassembled the keyboard to reseat the ribbon connecting it to the motherboard. Nothing. I also found that a USB keyboard works fine, so the keys on the keyboard itself aren't sticking.

She just managed to kill certain keys on the keyboard. "It just stopped working," she said.

I've been considering attempting to find something more portable for my computing needs. Mainly for things like going to Barnes and Noble for editing my first draft of a novel in OpenOffice, or doing light web browsing. I'm not sure about the size of the keyboard, but something with the form factor of the EEE PC might fit the bill otherwise, so I take it.

"But I'm using it!"

Keep in mind we've not seen her use it for months, and the power cable was upstairs not even plugged in. When I got it from her the battery was dead. Stone dead.

First things first. After failing to revive the keyboard, I scrounge around a bit and find a possible replacement keyboard on Amazon (of all things) for $15. I put in the order for 3-5 day shipping (overnight was $20!), seeing as the USB keyboard will suffice for a little while as a makeshift replacement.

Second, I do updates, seeing as she's not touched the software updates. I get a bad taste in my mouth when I realize that Asus looks to have pretty much abandoned the plucky little 4G Surf (no webcam, 512 meg of RAM, 4 gig storage). OpenOffice is stuck at version 2. Ugh.

I again scrape the webbertubes for some advice and find that Ubuntu, the Linux distro I run on my desktop now, has a Netbook Remix available. It's a modern distro meant specifically for netbooks (big surprise from the name, I know). Download, burn the CD, boot and install, run the updates, and now the netbook is running essentially Ubuntu 9.10 with the latest kernel and security updates (and OpenOffice 3!).

I even get Skype installed. I plugged in a USB Quickcam, and found that it worked with Cheese, the camera booth app. Skype, unfortunately, refuses to work with it. Why? No clue. But it does appear that it will receive video, and I can do audio (and text) chat. So that much works.

I get SSH installed, and the SSH Server. If you know what secure shell is, then you know how cool this can be. After getting that installed, I logged into the EEE from my desktop computer with X forwarded and ran the rest of my updates and changes from my desktop console while the EEE sat on a stand charging up with the LCD sleeping.

Can it play online movies like YouTube? Barely. The thing has 512 meg of RAM and is a Celeron 900 Mhz processor. It strains and grunts and groans, but if you're not taxing the little dude it'll play them.

It can also record in MP3 format now that I installed Audacity.

Storage? It won't store movies well. At the moment it is running with about 300 meg free on storage. I could stick in an SD card to add a couple gig, though.

What are my initial impressions? It's impressive what it can do. I can't take it out as a road warrior device yet because of the lack of a functioning onboard keyboard; that'll have to wait until the new one comes in, and then I have to hope it's the right kind and will fit. I also don't know what shape the battery is in. My daughter swore it won't hold a charge; I haven't tested it yet, really.

I also don't like the way the trackpad buttons work. It's like a rocker bar to left and right click. Seems...weird. And of course the keys are tiny and take some getting used to in order to use (a task that's pretty impossible when 1/4 of the keys don't work).

For its size, it's impressive, and when I'm in my home network range it can get a boost from the fact that I can secure shell into my home computer and tap into some of the applications and files from there. Out on the road I could probably secure shell into a remote system, but speed would be an issue. Could it function on it's own?

It would probably be better if I had dainty feminine hands, but again, the jury will have to hold out on that until I get a better chance to test it when and if it gets a functional keyboard. I have enough trouble typing properly with a full size keyboard (although the tiny keys may force me to take my time and not make as many mistakes in the first place...)

So that's my new project. The daughter is computerless and at the mercy of her four year old brother; it's been made clear to her that that computer was made for him and she had one free computer and she broke it and stopped using it, so it's been appropriated. She's free to save her money from her job to get a cheap laptop, and instead she opts to play Pogo and Facebook games on her brother's Mac. If he tells her to get off it, she does. Which gives a four year old much joy to have power over someone, it seems (to be fair he rarely kicks her off his computer though).

I'll have to see how things play out. Maybe I'll update this more after the keyboard comes in, supposedly this upcoming week!