Sunday, November 27, 2011

Hackerspace and Ethics.

To pre-empt any drama. Yes- I associate both online and IRL with Hackerdom and it's members.

No- I do not condone ethics violations in the workplace or in any way entangled with work.

Same with politics. My 9-5 is firewalled from my personal life and that's an impermeable barrier- no exceptions.

Outside of work? My personal guide line is starkly simple- If it has to be questioned about right or wrong- that's a warning in and of itself.

All the above says what it means and means what it says. Ethics are inherently a Zero tolerance pass/fail test in life. The degrees of fail are based on witting or unwitting fail and if it's malice or a lack of information. Ignorantia Nihil et all has some real world fails of it's own though. I recently saw a situation with near zero documentation of work rules. Which inherently makes for Very Bad Things of the " had no way to know" orbits.

Hence this post.

Think about why might be a good question?

Thursday, November 3, 2011

Backups and Accessibility Vs Security

I had a reminder of how easy it is to take for granted we've backed our digital lives up properly. It's been a background recovery 2 days running now.. IT was a potentially Oops avoided by long time practices made habitual. We're too dependent on our devices to ignore these issues!

My Android Cliq is arguably a "Brain Prosthetic" for me. I'd safely wager that many folks reading this have varying degrees of co-dependency going on with their handhelds or laptops etc. Seeing the little triangle with Exclamation point graphic as an electronic Tombstone to my MicroSd that was only 18 months old. The poor memory wafer led a hard life being used to back up files so I'd have them in hand. Being mindful of having client data in a handheld unless it's VERY securely encrypted has been part of my job a long time. Going back to TRG with CF slots.. Back to the "Why" for this post in a bit.

IF you're Ethernetted as with a desktop- NAS and proper backup practices lower the risks. It's automatic or only a few clicks/dragNdrops to offload onto a physically separate spindle. That backs up to Cloud if safe/applicable etc.

But our Handhelds and Laptops often get overlooked. Come home from a hard day in the field- plug the phone in but forget to mount as USB drive to dragNdrop safely? No worries- it's backed up by remote backup. Is it? Nope- Photos on MicroSd often are *NOT* backed up. Contacts etc - yeah.

PhotoRec can indeed drag pictures back from incredibly abused flash media. But are you willing to bet everything on it? Mercifully, I did not have to test that bet. I recently found out that my faithfully followed routine of copy DCIM>desktop_DCIM>USBin the fire safe was "Good Enough" for my needs.

EXT3 and Linux running from CD with data only -no OS on my HD's has often granted me much hassle reduction. A two drive failure in the same desktop machine= barring power event or fire etc? unlikely absent many warnings. Treat that FIRST warning properly or risk Very Bad Things.

There's NO sane reason to have the OS and "only copy" of your Data on the ONLY drive in a desktop! We can get paranoid and encrypt all our working copies- or is encrypting only backups "Good Enough" for your risk factors? That's a case by case risk evaluation. Choose wisely. Yes- you "Can" keep third copies of data in the unused space of that "OS" drive if you are bothered by wasting potential space. But if you're using- a $10 ballpark 8 gig flash drive for your OS? Let's be honest here- keep our gaming etc machines separate from our work machines if we can afford to ok? How much are the consequences worth if we don't? My T series IBM laptop with a second HD in the Ultrabay is one answer.

Back to the "Reminder" lesson 2 days ago.

That MicroSd in my primary Android phone had died the death of constant use. RIP faithful Filedroid?

Mourn not- the DATA is still Nearly Immortal on 3 other drives. Paranoia is under rated in backups? My access delay by being away from my home backups may have annoyed a client. But the enhanced data safety by restricting access is just good practices. Safer Vs inconvenience?

The ugly gotcha is SECURITY. What of our backups is a potential risk? Client data? Or just blowing a surprise party by the invite list being in a family shared folder?

Truecrypt may be "Good Enough" for most folks as I have been retrodeploying it on my older media retirement schedules:

Those old CD's in the freezer are a potential Information Grenade ticktick..with your past on them. And customer data risks too. Yeah Encryption's a hassle. But as I clean up all my stacks of retired HD's used for data buckets- DBAN is another perhaps "Good Enough" tool.

But is the risk assessment for NOT using such tools in your favor?

That's your bet. Bet wisely, OK?