I worte about this back in 2010 and now it looks like its finally taking effect. I don’t watch much TV but you don’t have to in order to know this is a problem.

From Paul McNamara at Network World:

So I have this Thinkpad that I love (an X201s) that is coming up on two years old and is still perfectly capable. There are of course better spec’d machines available but I just cant justify the expense of a new laptop since this is still acceptable. The one thing I have been watching for some time though are the SSD prices. I figured that an upgrade to an SSD would provide a noticeable improvement and belay any temptation to go for that sweet looking X1 Carbon Thinkpad. This week Microcenter had the last generation Samsung 830 256GB SSDs at a great price of $149.00. I really waffled over the size because I keep just under 200GB on my laptop. I went for the 256GB though since the price per GB was soo low (not so on the 512GB models).

I’ve spent the last couple days restoring and tweaking and getting this new install set up just how I like it. It’s has been an adjustment because I decided to install the latest LTS version of Kubuntu rather than going with the new Unity based Ubuntu that has been so maligned lately. The current KDE is a completely different experience than the Gnome 2.4 I was using for the last few years. I’m liking KDE, it is very highly configurable and has some quite nice features. The Apricorn SATA to USB adapter for laptop drives comes in handy for transferring the data from my old drive to the new installed SSD.

Regarding the upgrade to the SSD it has indeed provided a noticeable and welcomed improvement. The results are what you would expect… faster boots and shutdowns and very fast sleeps and wake-up’s. Application also load faster, filesystem browsing is faster and opening documents is much faster. I also have the addded bonus of not having to worry about bumps and vibrations that make the mechanical spinning drives vulnerable. It was a worthwhile upgrade.

Debian turns 19 today. Thank you Ian.

Just another endeavor that has its roots in geekdom. I’ve loosely followed the progress of the Internet Archive over the years and find their work seems tedious but fascinating. This week I stumbled across one of their current projects; saving the soon to be lost free hosting accounts existing on fortunecity.com. I noticed that they had some tools available for volunteers to use to help their cause so I joined in. I wonder if any of this will be important in the future.

I wrote back in February 2009 about the idea of a personal digital legacy. It’s something I’ve spent some time thinking about and in some ways planning for. So much of our lives are in bytes now and preserving them in a lasting way is going to be a challenge. This post is about an aspect that is of more immediate concern. In my family I and the techie. I build my own computers, fix them for others and I keep the important electronic records and pay the bills electronically. This means I’m the one with all the online account passwords. I am the one with all of our financial records on my hard drive and just as important I am the one with the digital photo and video archives of our lives for the last 15+ years.

Being the techie I am, I use Linux, do plenty of backing up, practice safe password policies and in some of the above examples I use strong encryption to safeguard our personal and sensitive information. If something were to happen to me suddenly, be it amnesia, death or worse; there is the potential for some significant loss of digital assets. The data will survive me but will be inaccessible without the passwords and decryption keys that only I can use. So, this is something that has occupied my thoughts from time to time and I will share with you my current solution. I think it’s a pretty good start and welcome any ideas or criticism.

I’ve not yet settled on a name or term but the idea is something of a Digital Godfater or Digital Asset Executor. You get the idea. Someone who has been chosen to take on the responsibility of unlocking and releasing your digital assets to your heirs, or in any case the people that need them after you are out of the picture.

In my case, at this point in time no member of my immediate family has the tech know-how to handle this task. They may in the future but not now, so I have chosen someone else for the job. I’ll refer the them as “DAE” (Digital Asset Executor). I have known my DAE for long enough to know that they have the tech chops for the job and long enough to trust them. In this role, trust is important but there can be measures put in place to make sure that if DAE were to become untrustworthy they can still perform their duties reliably and securely. Regarding the DAE, it is essential that they have agreed to participate and are willing to perform this service. They have some responsibility of their own to maintain in order for this to work.

After the DAE is chosen the next step is to collect and organize all your digital assets. For myself, I have kept for years now a text file that I maintain with all current online accounts and their corresponding passwords. That file is in a folder along with many other digital assets including copies of Social Security cards, drivers licenses, credit cards, passports, tax returns, firearms paperwork and bank account numbers. Each one if those files is encrypted with GnuPG strong encryption. You may wonder why I have some of those things in digital form. Essentially it’s for disaster preparedness reasons. In the case of a disaster weather we have to leave home in a hurry or the house is destroyed, I have access to some important personal and financial data. Because I have backups in multiple geographic locations, even if I loose my laptop I can likely still get at it.

Next is preparing these assets for recovery in my absence. Here is what I have done it in a step by step process (this is after you have a willing and capable participant agreeable to act as your DAE) :

1. Create a working folder, i.e. “DigitalAssetRecovery”
2. Assemble copies of all digital assets (files) into one folder i.e. “assets”. Make sure all files are encrypted (GnuPG in my case) and compress that folder into a .tar or .zip file.
3. Assemble copies of your encryption keys both public and private into a folder i.e “keys” and compress that folder.
4. Write a short text document outlining your intent and instructions for your DAE.
5. Write another text document that contains only and exactly, your pass-phrase for use of your encryption keys.
6. Now, place the two compressed folders (keys and assets) along with the two text files into the working folder and compress the working folder.
7. Encrypt the compressed working folder with the public key of your DAE (it is critical to the process that you use the DAEs’ public key and not your own).
8. Delete the uncompressed/unencrypted copy of the working folder.
9. Copy the encrypted working folder onto two types of media (CD-RW and USB key in my case). Attach instructions written on paper for how to contact the DAE and the importance of the data contained on the media and place them in a secure location such as a safe or safety deposit box that your survivors have access to. Delete the encrypted copy from your computer.
10. Share your procedure with those that need to know.

Now what you have is a way for only your DAE (not even yourself) to access those assets that lie in the secure location. You will be relying on them to maintain their own encryption keys so that in the future when you need their services they will be able to perform the task. If you are concerned about their reliability, you can always have more than one DAE and just duplicate the process for each one. The only person in the world besides yourself that can get to your information now is your DAE. In that regard your data are not as secure as before because if  your DAE (and only the DAE) had physical access to the CD or USB stick you created, they could expose that data. This is why they don’t get access to the data until it is initiated by your heirs. In my case I have left written instructions on how to have the recovery session supervised and for no copies to be retained by the DAE after they have performed their duties. Trust but verify.

This is a bit of a tedious process and will require you to make an updated version from time to time and perhaps even change your DAE. It is however the most secure and reasonable procedure I have developed so far. This reminds me, I have an update to do.