Happiness is having a good backup

I’ve my share of hard drive failures and software accidents, and more often than not I’ve been able to recover.  Here are my current back-up provisions:

  • Daily backups using Acronis
  • Windows 7 “Previous Versions” feature
  • Backup copies of important files on different drives
  • Backup copies of important files on different machines at home
  • Annual off-site backup of entire machine
  • Important files stored using RAID-5

The technology of back-up media has changed over the years.  Once upon a time I used a stack of 50–100 5¼″ floppy disks!  I also remember when I went to DAT tape, which could hold a full backup and incremental backups every day for a month on one 400 MB cartridge.  Eventually came recordable CDs, and later DVD-RAM.  Along the way were 20MB “floptical” disks, Jaz drives, and Zip discs.

Today, the best backup medium is another hard drive.  A cheap on-sale hard drive has a better price per gigabyte than optical media of reputable quality, and nothing else is even close.  Desktop HDDs are also quite robust—I’ve heard of data recovery companies reading a hard drive after a house fire had destroyed the computer.  Plastic optical media would be toast!

Partition vs File

There are two fundamentally different kinds of backup.  For typical data applications, “documents” are files and can be easily copied elsewhere for safe keeping.  Any manner of copying a file (and copying it back where it came from) will serve to back up a word processing or any kind of office document, photo, video, etc.

But the “system” is different.  The operating system and the arrangement of installed programs has files you don’t understand, and even special things in special places on the hard drive.  The way to back that up is to make an exact sector-by-sector image of the partition.  This requires specialized software both to make and restore.

That is also one reason why I still keep my data separate from the system.  My C: drive is for the operating system and installed programs, and my files are on a different partition (say, E: and G:).  On Windows this means ignoring the prepared My Documents locations or taking steps to point that to another partition.

It has definite advantages, and I’ve made good use of it recently.  When updating some program caused problems, I simply restored to the previous day’s system backup of the entire C: drive.  My work, which was on E:, was not affected.  Had my work been on C: also, this step would have erased my efforts that were performed since that backup point.

Multiple Methods

Besides using different tools for the System backup and your day-to-day work files, you can use a variety of different overlapping techniques all at the same time.  You don’t have to use one tool or another.  You can use a 3rd party backup suite and casually replicate your work to your spouse’s computer.  Even with a single too, you can have automated daily incremental backups to another drive and make monthly full backups to Blu-ray to store off-site.

Automatically and Frequent

I used to boot the computer specially in order to do a complete partition back up of the normal C: drive.  I would do so before making significant changes, and was supposed to do so once a month regardless.  But it was a chore and a bother.

Now, Windows can reliably back up the running C: drive using an operating system called Volume Shadowing.  Being able to perform the backup while running the regular system is liberating, because it can be done automatically on a timer, and it can be done in the background.  So I have Acronis True Image perform daily backups of the C: drive.

Likewise, the same technology applies to data files.  Even if I happened to be still working at the odd hour at which I scheduled the daily file backup, using the files would not conflict with the backing up.

Windows Previous Versions feature

Windows 7 has a feature called Previous Versions that can be handy.  You can turn on System Protection and also enable it for your data drive.  Use the System control panel applet, and there is a tab for System Protection.

Windows 8 File History

This is deprecated but still available on Windows 8.  Windows 8 revamps the general idea with something that’s said to be more like Mac’s Time Machine.  It backs up to an external drive or network location, and it is hourly (or customizable interval).

Search for file history on the Windows 8 Start screen to get to the applet.  However, there seems no way to specify which files are being backed up!  It only and always applies to places that are part of a Library.  So I worked-around it by adding the directories of interest to a Library in File Explorer.

Windows Restore

I tried (on Windows 7) using its supplied System Backup feature, and was less than trilled with it.  It backs up to a hidden directory on the same drive, I don’t know what it does about having multiple versions stored there.  And I can’t simply copy the backup file elsewhere.  It’s actually the same feature that the Previous Versions uses, so I imagine it’s also better on Windows 8.

Drill!  Be confidant

Make sure you know how to restore files, and that it actually works.  When an urgent deadline coincides with a messed up file, that is not the time to be figuring out an unfamiliar system.

So, after you initiate your automated backup system for work files, also create one or more scratch files of the same kind you normally work with.  A silly word processor document containing a stupid joke, perhaps.  After a couple days, when the automated system has had time to do its thing, delete the file.

Now, get it back.

Make notes, and keep them on actual paper, to refer to when this is not a drill.

Then, you can be happy.  Be smug even, especially when someone else has “an incident”.

 

Jehovah’s Witnesses at the door, again

Late this Saturday morning I eagerly answered the door, expecting a visit from a landscaper.  Instead, I met two religious evangelists.

Although they did not identify themselves until I asked for details, they turned out to be Jahovah’s Witnesses.  Not too long ago I had a similar visit, and was not very prepared.  I wanted to know more about them, so later I checked on the Internet. The Wikipedia article has a section on beliefs but wasn’t really the kind of practical details I was interested in.  I also tried You-Tube, since I knew there was a lot posted in reaction to other evangelists.  Perhaps if Jahovah’s Witnesses themselves posted some videos instead of just going door to door, there would be ten times as many posted in response, dissecting every statement and analyzing every point made.  But all I found were a few odd cartoons to expound on what JW’s believed and how they acted.

I’m still interested in a definitive (yet brief!) summary.  But here are some things I’ve learned about them:

  • The world is ending!  This time for sure!
  • No blood transfusions allowed!
  • Probably no modern medicine, but strictness varies.
  • Against education.  Instead of college, young people go door knocking, and don’t get paid for it.
  • No holidays or celebrations at all, not even birthdays.
  • Creationists.
  • Hostile toward homosexuals.

So this time, I at least knew what their group stood for.  I could probably argue over several points of their doctrine, if the matter came up.  But, what did he want?

The implicit assumption is that the real goal, in the long term, is “Join our cult; believe the same things we do; do exactly as we do.”  But that’s not what they come out and say.

This one (the talkative of the pair) seemed to be saying that he wanted to “spread the good news”, and had some thesis about making the world a better place and Man alone can’t manage it.  In the half hour that I talked with him, I learned that they feel compelled to do their characteristic door-to-door stuff because of some passage in the Bible.

He also thinks that the Holy Bible is the first and oldest Holy book, even older than the Torah!  That the Old Testament is, in fact, older than the Christian collection is not something he was willing to accept.

But it still leaves me wondering what I should have said.  Any (serious) pointers or suggestions?

 

How do Phishing scammers get your personal information?

Today I got email that pretended to come from Ebay, in the form of a fake invoice that is actually bait to get you to click on one of the links in the message.  This is known as “phishing”, as explained on Wikipedia.

Now this particular message was sent to the wrong email address.  I use a unique email address for each online merchant or other purpose such as forums and any other kind of sign-up.  The particular service I use, and have been happy with for many years, is https://www.sneakemail.com.  It is handy for me to keep track of order information and forum sign-up data too, for low-to-medium security purposes (I keep passwords for banking sites and such in a password vault).

So, when I got this scam email, I knew that it was not really sent from PayPal.  It was sent to the address I used for Things From Another World, “best online store to buy comics, graphic novels, manga, and pop-culture collectibles!” and apparently to have your customer information stolen, too.  I used this email address on an order made January 3, 2006, for the Serenity comics, in case you’re interested.  That’s just to point out how Sneakemail helps me track these things.

So now their customer database winds up in the hands of criminals.

This is not the first time it has happened.  Other companies have been caught at supplying email address and perhaps first/last name (and who knows what else?) to those who then send spam or phishing email.  Most of the time they totally ignore repeated inquiries to their customer service, support, help, or other email addresses.

But when I have gotten an answer (e.g. from dyndns), it usually turns out to be blamed on the company they use for their newsletters, and they promise that it only included non-sensitive information.  So, that’s another reason to be sure to un-check any kind of newsletter subscription that they usually have on the check-out page.

Now, with Sneakemail, I can activate greylisting on an individual address, set up filtering (which is handy for addresses used for mailing lists and forums) to only allow through the intended correspondent, and, when necessary, disable or delete that individual address.  Deleting the address I used to place orders with TFAW or Oratec, does not affect any other address so all my other correspondence is not bothered.

Update May 11

I received a reply from someone at TFAW.com dated Friday afternoon.  That’s about a 24-hour turn-around, which is remarkable in these cases.

She said, (bold mine)

Thank you for contacting us, and notifying us of this matter.  We definitely do not rent or sell out any customer information at all, and any information provided on our site is kept completely confidential.  We do list our privacy policy confirming this in our site’s help pages that you can review at the following location: http://www.tfaw.com/Help/Privacy-Policy___35   We had our technical team look into this matter and have confirmed that there have not been any compromises in security on our end.  We definitely understand your concern on this matter, but rest assured no personal information has been passed along or obtained from our site.  We here at TFAW.com take privacy concerns very seriously, and actively ensure that all information is kept safe and confidential.

And also invited me to forward the message with the headers, for them to keep on file (not to further analyze?)

If I read that correctly, they didn’t give information to anyone such as a mailing list company, and nobody ever accessed their data surreptitiously (meaning their detection would be flawless even if the access control isn’t).  So what’s left? Deliberate access by someone on the inside.  Somehow I don’t think that’s what she meant.  Maybe email was gathered in-flight from their outgoing confirmation mail (the only time that address ever appeared in an email before the spam) only to be held for a couple years before being used for spam.

If some third party is listening in on email transit, I think there would be worse effects than just use of the address much later: such a person would have the receipt, invoice, and whatnot, containing order numbers and account information and could immediately spoof that person at that store, read the mail sent for a password reset, and go nuts.  However, the current state of security on email sent between parties on normal ISPs is far from tight.

July 28, 2014 — The Sock Company

I got another PayPal phishing message, this one sent to the email address I used with Thorlos socks.  I like their socks very much, and my notes indicate that it’s cheaper to order from them directly because of free shipping, unless the order is more than $55 in which case it’s better to by from The Sock Company.  I’m sure prices have changed since I first ordered from them in 2005, but that is an illustration of the kind of records I keep and why I’m confidant that nobody else would know of the email address to which I’m receiving these messages.

September 4, 2014 — Kingwin

Another occurrence, this time from Kingwin.  I emailed their tech support two years ago with questions about their USB SATA Dock products.  At least this time there’s no customer information with them, but only my name and a (unique) email address.

June 18, 2014 — LightRocket

I got an ad promoting something called LightRocket, sent to my historical original email address.  What I mean by that is once upon a time the Web was a nicer place and my email address was published on my web pages and various publications.  I still maintain it, but it’s only used by “cold calls”.

When I wrote back asking how I got on their mailing list, I got a real reply from someone in short order.  That’s nice, and hopefully I’ll find out something.  I’ll revise this report as I learn more.

January 4, 2015 — OEM PC World

I’ve ordered flash media from time to time from OEM PC World, most recently in July 2013.  Now I’m getting dozens of emails for mail order brides.  I’m sure that’s not really in their catalog, so how did these purported women get my contact info from them?  Interesting that a company that’s been “the world’s memory value leader” for over 15 years doesn’t have an email address itself, but can only be reached via a web form.

I received a real reply from someone later that same day.

Ongoing…

 June 2015— Paradigm Speakers tech support

I wrote Paradigm Speakers support email on 23 June 2014, and one year later I started getting PayPal and Apple ID Phishing email.  It wasn’t until November that I noticed some leaking through my normal spam filter, but I see it goes back at least to June 3.

In December 2016, I’m still getting junk from them (56 over the last 30 days), with nothing resolved.

December 4, 2016 — IcyDock

I got a PayPal Phishing email that slipped through my filters, that was sent to an email address used for product registration for Icy Dock, on November 21 2011.  Is this just the first to slip past the filters?  I checked the sneakemail stats and it was the only email to that address in the last 30 days.  So, the security breach of customer info is recent perhaps.

I contacted Icy Dock Sales, and quickly got a serious reply from a representative.  It’s refreshing to see that a company not only reads and responds to their own email, but gives a serious reply rather than some canned blather or blanket denials.  So, Kudos to them!

It would be great to discover if some particular 3rd party service were responsible for many of these incidents.  It would be possible if companies took it seriously and noted who was given customer information and when.  A culprit would show up as being common to many of them.

 

 

How much would you pay for the universe?

This is inspiring.  Neil deGrasse Tyson could run for president.

This goes with it.  I actually found this first and followed the link to Tyson.

Watch in the Home Theater for best experience (or at least full screen 1080p, with headphones).  I liked the music so much that I bought the album it’s from, as a gift for my wife to listen to in the car on her traffic-jammed commute.

As it so happens, today I received a letter from The Planetary Society.  They are campaigning for action on the budget for NASA.  You can sign a petition at http://action.planetary.org.

Censorship is Wrong

This post is not to preach in support of the free exchange of ideas, as you can find that stated eloquently from many others.  Rather, I want to give some practical advice.

TOR

A few years ago, I was visiting a country that is famous for having a “firewall” that censors access to arbitrary sites on the whim of whoever is running it.  On that particular day, the blocked list included that fount of human knowledge, Wikipedia.  In fact, here is a link to TOR’s description on Wikipedia, as an example of how prevalent it is for me to do so!

I installed a Firefox browser extension that automatically tried TOR if a URL was blocked.  I don’t see that listed on currently supported extensions, but I see several proxy-switcher extensions that are generic.  If you have TOR installed, then any of those would let you change your browser settings to use TOR, or back to normal settings, by clicking an icon on the status bar.

Since the list of available or favored extensions will be always changing, I won’t list the top results that I see today.  Rather, just search for “proxy” in Firefox Extensions and look at anything that says it will Select, Switch, Toggle, etc. the proxy settings.

That would still require that TOR be installed first.  If you look at TOR’s website, you will also find Tor Browser Bundle, in many languages.  This will, with a single installer, automatically install TOR and a browser pre-configured to use it.  It may be stored on a USB stick and hidden away, and used on any machine.

Finding “unpublished” Tor entry points is the best way to stay reliably connected to the whole world, without cost.  New ones are added as they become blocked.

VPN

A VPN is normally used to connect your home PC to your office LAN.  However, the same function allows you to privately connect to another machine for any purpose.  Some companies sell accounts on computers located in friendly places such as Zurich, Amsterdam, Copenhagen, etc.  If you set up your computer to log in to this as your “office”, you can use any networking software normally, and it goes through the friendly remote location.

These are sold for a variety of purposes, including aggregating bandwidth and caching content, for users in areas with poor connections.  I would suppose some are set up specifically to combat censorship, in which case advertising them would just make them easy to block, so you’ll have to find out about them from someone who’s already on it.  In general, the paid products I know about (assuming they are not themselves blocked) offer high quality of service and no loss of bandwidth (though increased latency), and a level of service and support that goes with being a professional product.  Covert or free systems set up by activists might be more difficult to use and have low bandwidth.  For example, if I were to set up such a server on my home PC and give the address and password to relatives somewhere else, then everyone using it would be going through my home PC and sharing my total bandwidth.

You-Tube Performance

My original concern was to access Wikipedia, and if the page took a long time to get through TOR, I would just wait for it to load and then read the page when it finished.  But streaming video is another story:  If it loads slowly, you cannot watch it.

So, here is some advice for You-Tube, using a couple Firefox extensions.

Download the Video

Even with uncensored Internet access, I sometimes have problems with the network performance, which prevents me from watching a video.  I originally supposed that pausing the player would let it read ahead, and I’d watch after it buffered most of it.  But the Flash player they use does not work that way at all!  If you pause, it stops reading from the network!  It reads and plays one little chunk at a time, and does not buffer ahead.

What I really needed was to download the video file, and then watch it once I had successfully downloaded the whole thing.  This is also useful when the You-Tube player has any other kinds of problems, such as wrong aspect ratio, refusing to go full screen, or sound out of sync.  I download the file and play it on a more capable player.

Finally, for watching videos while traveling, including on a long flight, I needed to store several hours of content to watch without reliable network access at all.  The Android player has a “preload” feature, but it doesn’t have controls to force preloading or tell me when it’s done so, and furthermore it checks the site again before playing the preloaded file, so it must have a connection anyway!

You-Tube does not provide a download feature on their web page.  But, I found numerous Firefox extensions that provide this.  Many of them are poor in various ways, or are built around server-based conversion features I’m not interested in.  I wanted something that would just save the stream to a file, nothing more.  I found exactly that with the extension called “Download YouTube Videos as MP4” by a user called ialc.  This is based on a Greasemonkey script that you could run in a different browser, or adapt and change it to suit your needs.

I’ve used it for all the reasons I’ve explained, and find it simple and useful, and it just saves the file, without involving other servers or installing complicated software.  I strongly endorse it.  In fact, I am wary of any of the other extensions that offer You-Tube downloading.

Customize the You-Tube Page

Even if a video is provided as a file on another site, such as the author’s download page, it can be handy to access the You-Tube page anyway.  In particular, you can read the description, read and respond to comments, and add your ratings!

So, if you access a You-Tube page on a connection that is too poor to watch video, with the intent of using the Download button described earlier, and adding your comments, you might still find that the network connection chokes when it starts to play automatically when the page is loaded.

I tried a few Firefox extensions for You-Tube, that improve or customize the page in various ways.  I recall one feature was to “disable auto-play”, so it doesn’t start playing the video immediately when a page loads.  I ended up not using those extensions, so I don’t recall exactly which one that was!  But browsing through the extensions now, I see Stop YouTube AutoPlay by Nikola Kovacs, which is a single-purpose extension which does exactly that.  It has an option for stopping autoplay on background tabs, so I may load that on my machine for everyday use.  It’s terrible when the browser is restarted and all the tabs reload, and every one of them starts playing at the same time!

For simple changes to the You-Tube page, Greasemonkey scripts might be a better choice.

Maybe you can buffer, after all?

The SmartVideo extension by Ashish for Firefox will allow the player to buffer the video before you start playing.  It also states, “you can opt to defer video initialization video until you click on it” which I think means that it won’t do anything at all (not play, not buffer) until you tell it to.  This works for embedded players on other pages, too!

You-Tube Specific Proxy

In writing the previous section, I came upon this extension:  ProxTube by Malte Götz.  It appears to be ad-ware and was written because GEMA (Society for musical performing and mechanical reproduction rights in Germany) is making it difficult for You-Tube to provide service in Germany.  I don’t know how well it works from other countries.

 

 

 

 

 

 

Input

When you work with the computer all day, the human-machine interface is of critical importance.  I spend all day typing, so the workstation should optimize my ability to work rather than getting in the way.  So it is well worth putting some attention into getting right.

Here is a photograph of the “input” portion of my work desk:

kb-overview

Main Keyboard

It’s mostly all black, so it is hard to see in the photograph I’m afraid.  And I do mean all black—the keys are solid black with no labels.  Visitors are surprised by that, and I point out, “neither does a piano.”  This is a Das Keyboard II, featuring Cherry MX mechanical switches.  It is a little different from the third iteration that was introduced in 2008, in that it does not have an internal USB hub, has a matte surface, and is a fully rectangular case, something that I make use of.

Using an unlabeled keyboard does indeed make one a better typist.  The first time I learned to type was on a mechanical typewriter that had belonged to my grandfather.  The buttons were small and round with nice gaps between them to catch your finger instead!  The keys needed to be depressed a long distance and with great force.

I wasn’t that great at touch-typing and had to look at the keyboard.  It was once I became a professional computer programmer (late ′80′s) that I decided to better learn to touch type without looking.  I used Typing Tutor software, and learned the normal letter area quite well.  Typing forum posts and other prose writing, I easily made 60wpm.  But, I never really learned to “touch type” the funny characters like {} and &.  They are rare in prose, but bread-and-butter for programming languages.

I’d always appreciated a good quality keyboard.  Typing confidently with speed means not having the keys slide from side to side, and having a better feel than a cheapo keyboard.  When PC computers started getting cheap (shoddy!) keyboards, I found the Keytronics KB-101Pro, which I wore the labels off and started to wear down the plastic on some of the keys to a noticeable extent.  Eventually common keyboards improved in quality and an inexpensive keyboard from a stock PC was not too bad, and an inexpensive after-market keyboard was only subtly inferior to a high-end one.

A high-quality keyboard that was unlabeled made sense.  The labels wear off anyway, and you are not supposed to look while you type.  I recall someone improving upon the normal “don’t look” instructions for learning how to type well by using a box that hid it from view.

After I got this one, I had to learn all those funny keys that were not covered under lessons.  If I hit the wrong button, I could not cheat by looking at the labels.  I really had to learn them.  For letters and most other keys, I didn’t notice the difference because I never needed to look anyway.

Today, the only keys I ever worry about are the three to the right of the F-keys.  They are so rarely used at all, and never for their original labeled purpose anyway.  (Now I use them for different varieties of screen capturing.)

Keyboard Extension

kb-closeup

In this close-up you can see that there is another row of keys above the normal top row on the keyboard, and these are white.  Actually, they are hand-written labels under a clear flat cap.  This is a 16-key X-Keys stick.

The idea is pretty simple:  16 buttons, and USB.  But the software it came with was utterly useless.  The MacroWorks software could only issue codes for keys that you could already type!  I guess that’s for sending whole words with a single button, but I was specifically wanting it for characters that were not already on the keyboard.  I tried to hack the saved file format, but the software didn’t like the codes anyway.  I tried to use the plain USB keyboard mode and program it with codes that are defined but not on my regular keyboard (there are actually a bunch more F-keys than 12, and a few non-US keys) and then use other software to map those to what I really wanted; but that didn’t work either (I don’t know if it was the XP operating system or more funny business with X-keys).

Almost ready to give up, they pointed me to the Developers Kit.  Using the DLL they provide, I obtain the keypress.  Then it is trivial to call the Windows API function SendInput with the Unicode character.  Their original MacroWorks software installed a bunch of device drivers for a fake keyboard and fake mouse.  I asked why they didn’t just use SendInput — Win95 compatibility or some other features?  They never answered, but the next version of MacroWorks did not install a bunch of drivers.

My motivation for getting a keyboard extension was writing a chapter of text full of things like “1.23×108 kg∙m∙s−2

Trackball

To the right of the keyboard is a Kensington trackball.  It nicely matches the black motif, but that’s simply the color they sell it in.  Years ago, I realized that reaching for the mouse was not at all ergonomic.  Having piles of stuff on the desk doesn’t help either!  So I tried trackballs.  Many are too poorly made and are useless.  I actually liked the Microsoft model, but eventually wore down the ridges on the scroll wheel and they stopped making it so I could not get another of the same.  Other “ergonomic” trackballs I’ve tried make the mistake of thinking that one size fits all.  When the placement is for hands three sizes too small, it becomes the exact opposite of ergonomic.

Kensington has made professional trackballs since before mice became mainstream.  And their classic model is hard to improve upon for the actual ball.  Some day I’ll make a mod to add mouse buttons on the left side of the keyboard.

Shuttle

To the left of the keyboard is another gizmo, a ShuttlePro2.  This was recommended for use with some software I was using to edit video.  Since it can be programmed to issue keypresses for the jog and shuttle actions, it can be made to work with other software that doesn’t specifically know about it too, if you watch out for where the cursor is or what control is activated.  It’s basically a must-have for video editing and quite helpful for audio too.  For other programs it’s a bunch of extra buttons too!

Wacom  Tablet (not pictured)

For photo editing, I use a 9×12 inch Wacom tablet.  I got it around the year 2000, so I’m worried that they will stop supporting it although it works fine and there is no real reason to get a newer one.  What the trackball can’t do well, a mouse isn’t very good either:  try writing your name in a painting program with a mouse.  The stylus is the tool to use.

Unicode on St. Patrick’s Day

I have a key to type ⌘ on my keyboard (though it doesn’t work in the MCE editor!  So I copied it from Notepad++ after typing there) which is handy for writing things like “Type ⌘B to rebuild the project.”  This is technically called the Place of Interest Sign.  But searching for clover in BabelMap gives me U+1F340 which may show up as (🍀) if you have a suitable font installed. There is also a Shamrock, (☘), with three leaves.