oei.yungchin.NL

Just a brief thought… I don’t quite understand the whole marketing thing, but doesn’t “AMD GAME!” sound kind of awful? So that’s the new branding AMD have chosen for their all-AMD gaming platforms.

To me this sounds like it’s really just that: branding. Some company, that the layman whom this sticker is targeted at has perhaps never heard of, calls this product “game”. Does that make one curious enough to ask the store clerk about it? I wonder.

I guess if I had cooked up such says-what-it-does branding, I would have turned it around and been more explicit too: “Certified for GAMING” … (smaller font:) “by AMD”. Leaves no question as to the intention of the branding, and perhaps gets you wondering what apparently authoritative company could be behind this “certification scheme”.

But then, I don’t game and I don’t do marketing, so uhm, right.

It’s been a while since I wrote stuff here - ironically I thought it was cool to get my own domain name, and then I ended up having too much fun on the GNU/Linux blog I also started. This should actually also go on the other blog, but I really wanted to write something here :)

Besides, the more Ubuntu buzz on blogs, the better, right? With the release of Ubuntu 8.04 this week, it couldn’t be a better time.

About these tips

If you’re new to the GNU/Linux operating system, this may not be for you. Nothing I’m mentioning here is complicated in any way, but it sort of assumes you’re reasonably comfortable finding your way around in Ubuntu. Instead, you may want to check out the Ubuntu website and, if you’re looking for help, the Ubuntu Forums.

The tips I’m listing here are a personal collection of things that I think might make your Ubuntu system that little bit more robust. That’s not only in a security or stability sense: I’m also thinking about protecting my system from my own tweaking and fiddling around (which you’ll inevitably do if you want to learn new things).

The tips here are most simple to act on at installation time, so I’ve sort of turned this into an installation advice list. Quite a few pointers here point back to my own writing of this week, for which I apologise. My middle name is not Narcissus, but those pieces needed a good overview to connect them, and this is it.

Preparations

1. Check hardware compatibility before you start - this is still a big problem for all free-software operating systems. By now, it’s no longer a problem the developers can really help: all hardware could be made compatible if some manufacturers weren’t so secretive about the devices they make. As a sad result, the Ubuntu Forums are full of reports on (mostly) hardware compatibility problems.

No general recommendations here, but you’ll want to be prepared. If your wifi chip vendor is an ***, it’s helpful to know which packages and other files you need to have at hand. A few pointers: HardwareSupport on the Ubuntu wiki pages, TuxMobil, UbuntuHCL.org.

2. Download a disc image using BitTorrent - it takes some persistence to find the page with the torrent links for Hardy if you start from the Ubuntu frontpage. I presume they don’t want to confuse new users. Of course, using the torrents takes some load off the main servers, helps some people, and (best of all) it’s likely faster too (especially now, just after the release date).

If you’re interested in the tips in the next section, you’ll want the alternate installer disc image.

Installation

Almost all choices you make during installation are revertible later on. I mean, you can always change your username, clock settings (local or UTC time?), which packages you want. One thing is a bit more tricky to change later, and that’s partitioning your disk(s). The alternate installer gives you some neat extra partitioning options which I want to highlight here.

3. Logical Volume Management - creating your file systems as LVM logical volumes gives you a lot more flexibility. The LVM HOWTO has a section “Benefits of Logical Volume Management on a Small System” which however doesn’t mention one of its cooler features: snapshots. LVM snapshots allow you to keep an image of your file system frozen at some point in time.

That will be useful for at least one thing: six months from now, you can take a snapshot of your root file system, upgrade to Ubuntu 8.10, and if it didn’t work well (proprietary video and wifi drivers seem to have regressions to no end), you still have a working 8.04 snapshot you can boot to use until you fixed the upgrade.

The other useful application for the home user: it’s easier to create consistent backups from a snapshot. Now, while you’re at it, I’d combine LVM with…

4. Disk encryption - reusing the rationale from this post: “if someone steals your laptop, you’ll worry a lot less about them getting access to your email and other important accounts (think browser cookies…). In case you’re wondering why the user login won’t protect you: anyone with physical access to the machine - like a thief - can just reboot and start in single-user mode, thereby getting root user privileges. Not so with an encrypted disk”.

Be sure to make frequent backups though - recovering data from an encrypted disk can be hard.

Post-installation

5. Set up version control on your configuration files - before you stroll off to your favourite geek forum and take advice from everyone and their dog to alter all kinds of stuff in configuration files under /etc, you might want to ensure that you can always get back what it said originally. Don’t get me wrong, I also try risky stuff people I’ve never met recommend to me, but I really like to keep track of those actions, too. So here you go: version control on /etc using Bazaar. As explained there, version control gives you some cool flexibility that a simple backup wouldn’t.

6. Installing additional packages: use aptitude - actually that’s not really what I want to recommend. There are quite a few APT front-ends and it’s worth checking out several, especially if you’ve never looked beyond Synaptic. So check out a few, and then decide that you like aptitude :)

Aptitude runs in a console, and has both a direct command line mode and an interactive mode. Its killer feature for me: it tracks which packages were only installed as dependencies of a package you really chose. So if you ever tell it to remove that package, it will remove its dependencies, too.

Here’s a more elaborate discussion of the tool’s merits.

7. Keep non-repo software under /usr/local - just one more quote of my own writing (promised!): “To ensure that the package manager doesn’t interfere with software you installed “manually” (i.e. not through dpkg, apt-get, aptitude, synaptic, …), there’s an article in the Filesystem Hierarchy Standard that says everything you install manually should go into /usr/local (or /opt, actually) and not directly into /usr.”

If you want to make it easier for yourself to enforce that policy, without reading every line of every install script you use, you might like to check out that post. It’s about installing software on /usr/local without full root privileges.

8. Secure your web browser - with properly set user permissions, should you now bother with such things as a firewall and a virus scanner on your desktop (laptop) machine? Probably not. (Although I wonder if everybody is sudoing all the time, won’t somebody exploit that at some point? How high are the chances that a malicious script that’s trying to use sudo hits you while a sudo session that you started is still open? Not sure how that would work, but then I’m not a seasoned malware designer).

A lot of executable code that you rake in as a normal user is stuff coming through your web browser: scripts on web pages, but also (Firefox) browser plug-ins. Malicious code in those can only destroy stuff that you have write permission for, and can only collect information that you have read permission for (which is typically most of other users’ data!), so decide if you think that’s still worrying. A good start for securing Firefox is this overview at Ubuntu Forums.

Wrap up

That’s all I could produce in my spare time this week… hope it’s useful. I’d love to hear if it is. Commenting here does not require you to leave any contact details (hint!). Thanks for reading.

… just to say I found myself a nicer domain name. No old links should be affected and the FeedBurner feed remains unchanged. Ok, that was all… I don’t plan to post anything this short again (for that, I’ve found tumblr to be a better fit).

Actually, to make today a bit more useful, let me give a few pointers for any fellow Dutchmen passing by (and I’ll tag this in Dutch): I registered this domain name through TransIP, a Dutch hosting provider, and it’s been very smooth sailing so far. Everything you’d want to have control of can be set through their AJAX-written control panel, and it only took me 15 minutes to get set up with them yesterday.

How did I pick? Well, for high-quality, unbiased tech opinions GoT is the Dutch forum to check out (use the search function, don’t annoy people ;)). I found recommendations for TransIP there in a few minutes, and the advice to check out WebHosters.nl - this is an independent website that collects user opinions on all Dutch hosting providers. They had an endless list of positive user reviews of TransIP too. Finally, the price was right, and so it was a done deal.

Not a terribly short post, after all :)

As I mentioned in a comment earlier, it’s proven too difficult for me to keep up the essay-style posts I started out with. It was a fun experiment, and I’ll definitely write a few more that way, but actually it looks pompous, and it just slows me down. That is, I now have six or eight draft posts that I’ll never get to post if I wait until I find time to expand them to that format.

On a side note, yesterday ProBlogger put up a guest post I wrote on “OpenID for bloggers”. Of course, I don’t have pro-blogging aspirations, but I want to thank Darren Rowse for an opportunity to try out my writing on a larger audience.

Here’s one draft that would have never made it into a post if I stuck to pompous writing:

Nick Cernis (whose site design is awesome by the way) wrote an interesting piece on the productivity craze. While I think he has a point, I’m not sure I agree with the analysis given. I’m afraid I should admit to possessing the “self-help” book Getting Things Done (Nick calls its author the “archbishop” of the productivity religion), too, which all of this goes back to. So I took it off the book shelf to see if I could find a basis for Nick’s criticism there. Nick writes

Productivity tips and habits are a manual — they’re an attempt to answer the question, “how should I lead my life?” That ‘answer’ is now spiralling out of control into a complex algorithm of habits, software, tips, tricks and a long list of reading material.

I couldn’t find a complex algorithm. The whole organisation scheme fits in a single-page diagram with only three or perhaps four branches. As David Allen writes, all you ever need are lists and folders. That is, the original text is simple. I do believe however that Nick’s criticism applies to all the Getting Things Done spin-offs, that just go around in circles repeating what used to be a simple message, until all clarity was beaten out of it.

Another point to note: the way I read it, Getting Things Done is not about being more productive (as in taking up even more responsibilities) - it doesn’t mention anything like that anywhere on the cover. Instead, it is about stress-free productivity. The one take-home message is that you should relieve yourself of the anxious feeling that you may have forgotten about some to-do: write it down somewhere where you’ll find it again.

Whether you’re going to call that a todoodlist or anything else, in the end it’s the same simple idea.

photo by Mark Grealish

Why is it that people both inside and outside of Microsoft seem to think of the company as incompatible with free software? Here are a few crazy thoughts on how a next version of Windows could be free-software powered. Disclaimer: I hardly ever use MS Windows these days - let me know if I’ve developed a distorted view of the product and the company as a result :)

Need for a next version

Does it make sense to develop another version of Windows at all? Won’t free software kill the market for proprietary operating systems?

Let’s first ask what it is that attracts people in free software. Just browse through the Ubuntu forums and you’ll have your answer: the first thing most people want to know after installing the distribution is how to install an Adobe Flash plugin, a bunch of Windows Media codecs, a DVD decrypter, and a fancy video card driver - things that are either proprietary, covered by software patents, or in other ways non-free. You see, the average user doesn’t care about the sweet ideology.

They’re in it for the gratis aspect. And they hate it when their favourite proprietary bits don’t run.

Let’s see what that means for MS. They have a product that works well enough for millions of users, and that can host all the popular and possibly proprietary stuff people demand. Nobody cares whether it is proprietary technology (except perhaps Richard Stallman, and you and me). The toughest bit, then, is that they will eventually have to compete with gratis.

Need for a bit more free(dom)

The real problem with proprietary isn’t that the market cares about such things, but that academics care. As more and more students are brought up in institutes that give them a preference for free software, it may become harder for MS to recruit the best and the brightest. Essentially, it’s a marketing issue, it’s all about company image. You don’t have to become a free-only shop to be loved: just look at Google - it seems every developer wants to work there, yet it’s not like Google is giving all their customised server software away to everyone. They found a balance between proprietary and free. I don’t see why MS couldn’t do that too.

The second reason why MS could use a bit more free is that they will need to cut down on development costs if they want to stay competitive with gratis. Apple has shown the way: in building MacOS X they used parts of BSD, creating an effective blend of free and proprietary. Again, MS could easily do the same - and remember, copy-catting Apple has been a lucrative approach for them before ;). BSD seem the obvious party to liaise with: their product is robust, and their licenses don’t bite proprietary.

Building Windows on BSD

This is where it gets interesting: what makes Windows such an attractive product? I’ll say it’s the user interface, which excels in uniformity, consistency, and aesthetics, and the stable APIs that make that possible - again, uniformity, consistency…

Creating a competing GUI that measures up is a complicated matter, if only because it’s so hard to point out all the crucial properties that make Windows Windows. It doesn’t just take software programmers and graphical artists, you see. It takes psychologists and testers, who spend hours and hours with “Joe average”. It takes people who know how to write layman-accessible documentation, and who maintain it (in umpteen languages, too). Many of those tasks are not things you’d keep doing for long without wages. Let’s not even talk about the special accessibility features… MS Windows really is a hard act to beat.

But who’s fond of the underlying system? Can the NT core do anything that a GNU/Linux or BSD can’t? Ok, there are a few popular hardware abstractions there. No, wait, we also want to keep the registry.

Kidding.

Anyway, the recipe seems simple: take BSD, spice it up with a few worthwile APIs, and equip it with that special, proprietary graphical user interface that makes it Windows. To secure full backwards compatibility, you could even throw a virtualised Vista into the package - Windows users don’t seem to mind a few extra GBs of disk use…

Last but not least: the BSD folks should love it. MS will bring more developers, more employment, and suddenly every hardware shop in the world will provide BSD compatible drivers (yes, I’m suggesting to just make “Windows” a layer on top of an off-the-shelf BSD). A thriving BSD community can probably save MS even some more cash.

Beating gratis

Corporate buyers will always understand that gratis doesn’t exist. They need support services and training programs anyway. They like uniformity. They’ll stick with MS as long as the price is fair.

The private user is a different matter. While it’s not where the big money is coming from, it’s still important to keep the private user on Windows: if half the available workforce grow accustomed to a free desktop they use at home, companies will reconsider their choices too. I have some ideas on creating unique value that will appeal to the home user, but I’ll save them for another post. Let’s first see how badly you’ll flame me for this one (yes, that’s an invitation - I’m asking for a reality check!).

Edit: AA told me that it wouldn’t be bad to put in some Wikipedia references, which I did now. Thanks!

photo by stanescoo

For some reason, governments don’t understand how to convey the necessity and sense of highway speed limits to citizens, while getting that right just seems extremely obvious to me. Both in the Netherlands and the UK, all the ad campaigns I’ve ever seen try to instil fear into people - speeding will get you involved in the most awful accidents, and you’ll get killed or feel guilty for life. I’m not a marketing guy, but I have no doubt there will be some wisdom out there in the marketing world that says campaigns do better with positive messages.

So how do these campaigns work out? Let’s see (and no, there’s no quantitative study here, this is just me typing up a casual blog post). I think I know countless people who

• acknowledge that speeding may be dangerous when asked
• but who happily race over the highway nonetheless
• because they don’t feel unsafe doing it
• and aren’t ashamed to brag about it at a party
• who in fact feel ripped off when they get fined for it
• and deep inside think of it all as a hidden government tax

That’s not really a good result. We all democratically decided that there should be speed limits, yet many of us feel that it’s just a way for “them” to get some extra tax off us: the fact that it’s socially acceptable to brag about driving fast shows that there’s no real support for this particular bit of legislation. Thus, when we do stick to the speed limits, it is really only because we don’t want to get fined - why else would so many people have TomToms tell them when there are cameras around?

I don’t want to discuss the safety aspect in too much detail. Let’s just say I never felt insecure or inapt while driving a reasonably modern car at 160 or 180km/h - I’m sure you’ll agree. Also, most people do behave within urban zones, which shows that they are not completely blind to road safety. The point that speeding is dangerous is just not as convincing for the highway. Drunk drivers scare me, fast drivers don’t.

The better message

Have a look at this test, which is in German, but you can also just cycle through the images in the top right hand corner (where it says “35 Bilder”). The diagrams tell you how much fuel is consumed per unit distance at different speeds.

Yes, those graphs are steep indeed. Aerodynamic drag is not linear in the velocity.

Can you justify paying twice as much for every trip, only to shave off a few minutes of traveling time? There’s better message number one. Positive news: don’t drive too fast, and at the end of the day you can afford quite a few extra beers sodas.

In case you’re a rich snob who doesn’t even pay the fuel bills because the company does, here’s better message number two: you really want to brag about not speeding. That’s right. You’re trying to be sparing with an increasingly scarce and very precious product. You are aware that burning oil is really a waste (and a barbary!), when much cooler things can be done with it.

(And for those grinding their teeth rolling past Rotterdam at a strictly enforced 80km/h: you may be saving a few city children from a particulate-induced astma attack.)

Seems fashionable enough a statement for a cocktail party, or? And what’s better, you didn’t even have to bring up uncool stuff like “saving the environment” or “global warming”… ;)

I’m saying nothing new, I think. That test I linked to is two years old and it was done by a car lovers magazine - it’s not like I’m touching on taboos or anything. Now why do those ad campaign designers not pick up on this, why do they keep making dull safety campaigns as if we’re still in the 1980s?

The really good news

Soon, we won’t need those speed limits anymore. Whoohoo!

photo of Tesla sports car by Robert Scoble

This is my completely non-technical explanation of OpenID. I felt after all the OpenID buzz last week there was a need for such, seeing that even the BBC wrote a story that focuses on how it technically works first, instead of on how it works for you.

Chances are you’re reading this because you’re a friend, and you already know all of this stuff. If so, I hope you’ll find it a useful (and good enough) piece to refer your uninitiated friends to. Here goes.

Why do you want it?

Because you’re tired of getting yet another username/password combo to remember every time you discover a cool new web service. Having just one username and one password for everything would be so much more convenient, right?

You may have tried that already, but it didn’t really work - some sites want passwords with numbers in it, some sites want at least eight characters, some don’t like your chosen username. And besides, it’s dangerous to reuse the same passwords, too: let’s say, you create an account on my website and I want to be nasty - I figure out your email address (probably you gave that to me when you created an account) and I’ll have a good chance that I can read your email - because you used the same password for my site as for your webmail…

How OpenID works for you

OpenID solves the problem: in my words, it is a protocol that lets all websites that you want to register with use the same sign-on system. What you need to have is what I’ll call an OpenID address. When you subscribe to a website, you tell it your OpenID address, just like you used tell it your email address before. Now, when you want to sign on at that website later, the website asks your OpenID provider to check on you. Let’s see how that typically works, broken down into a few steps:

1. You begin to sign on to a website A by telling that website your OpenID address.
2. Website A sends a request to your OpenID address to check on you.
3. You’re sent to the website of your OpenID provider to sign on.
4. Your OpenID provider tells website A that you’re ok.
5. Website A allows you to get in.

This clearly solves two problems I raised above:

1. You only have to remember one way to sign on now.
2. Website A never gets to see your password: that’s between you and your OpenID provider.

But that’s not all. OpenID has more to offer. If you wish, you can for example let your OpenID provider share personal details with the websites you visit - so you won’t have to enter things like your gender and location again and again when joining new web communities. Here, I’m deliberately leaving many details out, hence the title: a first introduction.

Your OpenID provider is much like your email provider

Think it’s scary to access all your accounts on the web from one point? In a way, you’re probably already doing that, although you may not have realised.

Think about what usually happens when you forget your password to some website A. You go and click “recover my password”, and you get an email with a magic link that allows you to change your password. In other words, website A assumes that only you can open your email. So you better have a pretty strong password to your webmail: anyone who can access your email can reset the passwords to most web services you use.

With your OpenID, it works almost exactly the same: instead of checking who you are through your email address, websites now check on you through your OpenID address. And just like someone who breaks into your email box, someone who breaks into your OpenID account can access all your web services. You’ve chosen an email provider that you trust not to read or mess with your emails. You should choose an OpenID provider that you trust in the same way.

Do you need an OpenID right now?

There’s no hurry: I think you will find that most websites you use don’t allow OpenID sign-on yet. That’s good, because there are some security and privacy caveats that we need to become aware of: nothing to really worry about as far as I can see, but it’s important to be sufficiently aware and make smart choices. I’m planning to look into this in a little more detail before I start using OpenID seriously, and of course I plan to then write a bit about this - probably the piece will be called something like “choose your OpenID provider carefully” - your thoughts and advice on the topic are appreciated!

In the mean time, you can of course help to accelerate the adoption of this neat protocol by prodding your favourite websites to start using it. Here’s a template email to send them.

Further reading

Like I said, OpenID is a much richer system than I’ve presented it to be here. I’ve skipped all the technical details - I haven’t even told you your OpenID login name will be just a web address. Should I have told you that the main idea is that “a URL is an identity”? I’ve never seen anyone starting to explain email by saying that that’s using domain name with a user name slapped onto it, and directly jumping into the details of how SMTP servers find each other… But by presenting OpenID as merely another sign-on solution I may not have done justice to it either.

So, please, do read more about it. You’ll find that OpenID is a very open protocol that gives you more freedom than any other sign-on solution before it. In fact, with OpenID you can be your own OpenID provider if you wish. And also: you get to choose how strict and secure you want your logins to be.

An obvious starting point for further reading is Wikipedia, although the page that’s up currently isn’t a very easy read (let’s change that!). Some manageable primers, perhaps a step up from this one, can be found here, here, here, and here. You may also find some good blog posts through Planet OpenID. Enjoy!

photo by Lost in Scotland

This is a short one. I just thought I should make a few notes about why I set up camp here at WordPress.com, and give credit to the sites that I took inspiration from while setting up this blog, before I forget.

Generally good advice on setting up a blog can be found over at Skelliewag.org, and in particular I liked this idea of hers to celebrate the great body of Creative Commons licensed work that is published on Flickr. Especially on a blog like mine, which will presumably consist of a lot of dry talking (reflecting what I’m like), that is a very welcome addition.

Further on the topic of licensing, I then found Vincent’s Xubuntu Blog which is likewise covered by a Creative Commons license (his blog is pretty much all that I had hoped for my old blog to become - an interesting resource for GNU/Linux users) . Taking inspiration from him, I’m applying a similar license to this blog.

Now, then, why WordPress.com? I’ve already spent some words on that when I moved my older blog here from Blogger.com, but if you’re looking to start blogging you may also like this compilation of links that discuss a number of blogging platforms (some of his links are broken but the content is still available in other places on those sites). Basically, what’s important to me is a managed site - I want to be writing, not web mastering - and the assuring feeling that the service is going to stay around for some time. With WordPress you even have a double assurance in that respect, as it is truly free software.

That’s all I have to write about that. But what do you make of this Google Trends query (and take into consideration that “blogger” is also used as a word that doesn’t refer to the service by that name):

graph generated with Google Trends

photo by ChuKi.

Many (perhaps most?) home users that make backups do this on USB drives these days (so do I). I want to try and explain why that really isn’t good enough, as I alluded to the other day. The upshot is that connecting via USB (or Firewire) exposes your backups to any malware or intruders on your machine, and - possibly worse - to your mistakes. Are the scenarios presented here perhaps more likely than you’d think? And, does software like Apple’s Time Machine or Flyback make things better or worse? Here’s what I think.

Good cover for common disk failures

Let’s start with some good news. The typical failure rates (Google research pdf) of consumer hard disks are such that your data should be pretty safe when it’s mirrored to a second disk (roughly you can just take the square of the probability, assuming that you didn’t buy two disks from one and the same bad batch). So in this respect, you’re well covered with a simple USB backup.

Or are you? Dismissing, for the moment, the question how likely or unlikely they are, let’s consider mains voltage spikes (apparently that is an issue in Oz). With USB backups, at times, both copies of your data are inevitably connected to the same system. If that system dies with a bang you might just be in trouble.

What about malware?

How about this scenario: imaginary PC virus goes undetected, hides inside your system, eventually writes zeroes to all your text documents. You don’t notice what is going on until after you connected your USB drive to make a backup. The virus happily welcomes the new disk and zeroes the documents on there, too. Again, the problem is that you’re bringing your backup into the same system that holds the principal copy of your data.

Now, of course, you are running a properly configured system, so the backups are owned by the superuser/administrator, while you’re of course logging on as a normal user, and so the virus can’t actually touch your backups. To anyone who detects sarcasm in the previous sentence: if the cap fits…

Come on, is this likely at all?

I tried to find some statistics on causes of data loss the other day, and had a rather hard time finding any reliable information. Almost every link Google served up pointed to some corporate website selling a data protection or recovery product. This article seems to be the most independent that I came across, but here’s a compilation that has quite a few other links too. You can decide for yourself how likely you believe the above scenarios to be.

The most striking figure in the report, however, is that an estimated 29 percent of all causes of data loss apparently boils down to human error. I can easily think of a few nasty scenarios in this category, too, but I actually stumbled upon a real life example while browsing some other blogs tagged with “backup” (and I can hear people thinking “that doesn’t happen to me”…). The theme here, I think, remains the same as before: both copies of your data are concurrently exposed to the same threat - in this case, to you.

Automation tools may make things worse

Fancy backup tools that automatically keep multiple versions of your backups are all the rage lately. Automation is definitely a great thing: if it’s easy to do, you will back up more often. Also, the risk of human errors should be smaller. But there’s a problem, too. Here’s a quote from the Apple website:

Every hour, every day, an incremental backup of your Mac is made automatically as long as your backup drive is attached to your Mac.

Don’t get me wrong, I’m not trying to single out Apple here. Tools like Flyback for GNU/Linux desktops or the Rebit drive for Windows will, by their user friendliness, also encourage you to always leave your backup drive connected. And that’s just the problem: doing so, you extend the window of opportunity for bad things to happen to both your originals and your backups indefinitely.

So…?

Do you think I’m paranoid? I’m looking forward to your comments. In the mean time, I’ll just go on to back up to my USB disks - a vulnerable backup is better than no backup, after all. But I’ll be looking for a better way. I hope you’ll stay tuned.

Jungle Disk offers secure backups based on Amazon’s Simple Storage Service. I installed a trial version of the software for my parents last weekend. Interestingly, although many people seem to have taken note of Jungle Disk (and those links are just a selection), I couldn’t find a real, thorough, official review, so I plan to follow up with one of my own (although that still won’t be very “official” ;)) when the trial period is over next month. A motivation of my choice and a few impressions are compiled for you below.

Requirements

First of all, we needed a backup solution that is fully automated. Because of the distance, I only get to drop by my parents’ place once every month these days - not a good time span to allow for regular troubleshooting. For that reason a local home NAS was out of the question. And if it wasn’t for that, it would still be too expensive: my parents only have a few gigabytes of data to back up - for the price of even a simple home NAS you could store that data on Amazon S3 for years. Jungle Disk fits the bill, as you can specify what to backup once, after which it should do that daily (we’ll see next month if it worked as advertised) without anyone taking action.

Other requirements were also fulfilled, like an incremental backup option (I’m sure I’ll write more about the virtues of incremental backups soon), file encryption (not that you’d expect Amazon to read your data, but still it’s a good idea), and the availability of source code to decrypt the files with (more about this below).

Other options?

There are other services than Amazon’s, and there are other tools for Amazon S3 than Jungle Disk. But I figured that of all the services I came across, Amazon S3 was most likely to be around for the next few years, given the size of the company backing it, and the fact that they actually charge money for the service. You can think I’m funny, but I want to pay for my backups - and 18 dollar cents or so per GB per month is not bad if you get a 99.9% uptime service level agreement in return.

That may sound like shallow reasoning. Well, brace yourselves, more shallow reasoning to come: I chose Jungle Disk out of all those Amazon S3 services in just two hours of web browsing. The website made a mature impression, with a forum, complete documentation, support for Windows, MacOS and Linux, and… (that did it) an open source decryption component. The features are right, and there is a trial period.

The only other option I would perhaps have trusted more is duplicity (probably because I’m a GNU/Linux user myself), because it is fully open source software and has been around for years now. But my parents run Windows, and I’m not sure how well-tested duplicity on Windows is. I like open source tools, especially for services that you need to rely on for years (like data storage) - having the source code, you can always read your files long after the companies have moved on. But in this case, none of the open solutions seemed mature or well-tested enough. Thus I went for Jungle Disk.

Jungle Disk is “just open enough”

Maybe some day they’ll go out of business, or change formats, or something like that. We’ll be in a little bit of trouble, because surely by then Microsoft will have introduced some new version of Windows and the Jungle Disk executable we’re left with (imagine for a moment they went out of business) doesn’t run on that. How do we now read our encrypted backups? This is where the open-source decryption code that Jungle Disk publishes comes in handy. Whatever we’ll have by then, we can read the code and make a new decryption tool (or pay someone to do it). So don’t forget: if you go with Jungle Disk, download the source code file too and safe it in a few places (it contains only a few text files).

Complaints so far

Two things that Jungle Disk can’t help, and two things it can help. The first thing is, this is a slow way to do backups if you’re on a cheap DSL line (obviously). Don’t try syncing a movie everyday. However, after your first full backup, you can set Jungle Disk to only do incremental backups. For my parents, who only have some office documents and emails and a modest collection of photos, the speed is just fine then.

Point two: another thing Jungle Disk can’t really help… a general property of unmanaged backup services like these (that is, services where you manage the remote data yourself) is that they give your pc access to the remote data. Often, the networked storage space is available to the pc as if it was a local disk (in Windowsy terms, a disk icon appears for it in My Computer). Now imagine some malware wipes out your mounted disks. Does it make excuses for your backups? I don’t think so. On the upside, you can disable this My Computer appearance of the S3 space in Jungle Disk’s settings. When you disable that, although in theory the malware could still access your backups, it probably won’t understand how to get to it (I’m not explaining this too clearly, do leave a comment if you can help explaining it or have questions!).

Now for a real complaint: backups stop with an error message when you suspend the pc. That’s fine, but the unfinished backup doesn’t resume when the machine resumes. I don’t mind if it needs resending the last file, but it should finish the job. Due to this problem, if you’re switching the pc on for only a short period of time every day, a backup may never finish.

The last thing: there’s no easy way to see the status of your backups. Ideally, you would want to not only see if backups are up to date, but also have a way to verify them. I should add that many backup tools miss these features and they’re hard to implement too. But right now, I just miss a feeling of control in an otherwise very smooth tool.

Ok, that’s it so far. If I forget to follow up, remind me!

Edit: I forgot to mention that these remarks apply to version 1.50b of the software. Also, I ran into some thoughts about Amazon S3 on HostingFu - two of my complaints above were basically already mentioned there.

Edit2: when I said I couldn’t find any decent reviews, I missed this one - which is, let’s say, half-decent ;)

Edit3: I shared this writing with the people at Jungle Disk, and received a friendly and prompt reply. There is in fact automatic verification functionality in the software - I’ll put some screenshots in the upcoming full review!