It seems better to do your backups to a separately-secured environment, either with a distinct (and differently managed) encryption key, or just to a physically secure location without encryption (frankly my preference).
I'd love to have fully working TC on the laptop
Yet using full drive encryption + daily backups (or dropbox or google drive or whatever webfs) + having a spare machine at home (so that you can spare the trip to a computer store and have a machine readily configured) is necessary if you are a professional.
You seem to have underestimated this last point, with your estimation of a full day to have a new one ready.
Having a machine setup and ready can sure take hours - which might not be ok if you have a client waiting. Also, anything else may happen (car broke, computer shop closed / out of computers). I have noticed that when bad things happend, they tend to spiral out until sh*t hit the fan.
Your $1k is a lowball estimate. Better have a spare one ready and waiting for you.
Now a web-based ssh is enough to do 99% of the work.
But true comfort takes time
Only if you don't take the few minutes to prepare. I have a Dropbox hosted bash profile that keeps all my favorites synced across machines, there's no reason why your hot-keys couldn't be stored similarly.
(I have a real .profile for each machine, but its first line is `source ~/Dropbox/conf/bash_profile` which lets me override if necessary and apply machine specific instructions.)
After years of being frustrated at my configuration being different on every system because I was too lazy to invest a little bit of time into doing something like this, I wrote a small Python script that creates all the config files I use (zshrc, tmux.conf, etc.) - it concatenates the 'generic' piece of each config file with an OS-specific part (for Linux/Mac-specific setup) and a host-specific part (for system-specific setup) and writes the concatenated file to my home directory. There are probably much better solutions out there than rolling your own script to do this, but I like it because I know exactly what it does and how to add features myself when I need them.
Now when I start using a new system, I just do 'git pull' and 'make all'. It's extremely satisfying how with this type of setup, in seconds, a brand new system feels exactly like the ones I've been using for months/years.
My solution of Dropbox synced config files was the few minute solution, but I'm sure I could be more clever if needed.
My next machine will be Mac or Ubuntu 13.04. (and last time 10.10 -> 12.10 took 1 day).
When I was a teenager, we used to toy with trojans/viruses and infecting each other and playing wargames on one another in our group. Out of context, it could seem very malicious and non-educational. There are probably hard copies of this in my backups. (When 200MB hard drives were a luxury, and Windows 3.11 for workgroups was a way of life for poor people, and 20 mile walks uphill in snow to school...punchcards...AOL CD art...).
Things really are so much different now. It seems like a couple of years ago that AOL was dominating the market. The IIS string vulnerabilities seem like months ago.
If an employee's laptop goes missing, you want them to promptly notify IT, so that measures can be taken to plug any security holes.
You don't want them to try to hide the loss - or even to delay, while they try recover the laptop themselves - which they might do if they believe they'll get fired for reporting it missing.
You can usually learn more about the history of a company by reading its employee handbook than by reading its "About Us" page.
With Ubuntu 12.10 onwards you have the option to use dm-crypt for full disk encryption baked right into the installer. With 12.04 and earlier you have to use the alternate CD, but it's still painless. Android also uses dm-crypt for its FDE implementation, also dead easy to enable.
With a password manager for the rest of your passwords, and an SSH key for remote system access, you can manage everything only knowing three different passphrases.
Using FDE precludes theft protection programs, obviously, since an attacker wouldn't have access to a live OS. But if you're willing to forego a bit of fun (see https://www.youtube.com/watch?v=U4oB28ksiIo) and the chance to recover the hardware, you have a pretty solid guarantee that no one will get to your data.
And, of course, daily backups, which is another can of worms. Personally I just rsync to a remote system and offsite that data periodically.
TrueCrypt container which contains sensible project-data;
.ssh somewhere on that container with ~/.ssh linking to it;
Keepass for passwords, it's quite convinient.
Maybe Pray or something similar, haven't set it up myself yet...
I guess in the end it boils down to: do you prefer to leak the data, or lose your laptop ? :-)
A normal account would require unlocking the disk, which would expose everything.
Last time I looked at Prey (over a year ago) it didn't support installation to the recovery partition. But they may have added support since then.
I don't want to escalate a lost laptop to a felony charge.
Apparently, it's federal, not state based.
The key point seems to be:
> the court was saying that Absolute went too far in collecting the contents of the communications being made on the stolen computer.
So location tracking and snapping photos of the user is acceptable, but intercepting the users communication content is not. Unfortunate, and poorly decided, but not complete failure.
As usual, the government reserves rights for itself to perform specific acts that it considers criminal when private citizens engage. (And of course, the government offers no replacement for citizens who are prohibited for taking defensive actions on their own behalf.)
As usual, the government reserves rights for itself to perform specific acts that it considers criminal when private citizens engage.
will appriciate if you can drop me a line with corrections do @ itlater.com
Doesn't help that I have the rsas floating around on my iphone, ipad, putty,...hmmm I need to do a check like this on every device now.
Linux: dm-crypt + LUKS
MacOS: probably FileVault
TrueCrypt (when used with Pre-boot authentication) will encrypted everything including swap, dm-crypt/LUKS would configure encrypted swap, and with FileVault (actually even without FileVault) MacOS configures itself to use encrypted swap.
> * Yes we do all those and more, do you ?
is referencing to.