Case study: my home network routine backup
As I promised last time, here is a description of how I deal with backups at home.
I am a very safe person when working with computers. Well not just for that… I am a safe person in general. Anyway, when it comes to safeguard the data stored in the home computers, I become even more cautious, up to the point of storing several backup copies of the same data, in case a copy is lost. All in all, I keep up to 4 copies of my data all around the house and one more up in the Internet cloud.
Here is how it works:
each computer in the network makes its own backup on a storage repository on the Linux server, which is used for that, to handle a local family WEB site, and to handle Internet access via a proxy server; this is what I call the first level of backup.
each month, I manually transfer the backup copies on the Linux server to a pool of removable drives; this is what I call the second level of backup.
each month, the previous content of the pool of removable drives is stored on a separate partition of the other server I have in the network, which acts as a storage and printer server; and this is, as you may guess, my third level of backup.
each month, the previous content of the storage server is moved on to DVD, my forth level of backup.
periodically, every time I deem it necessary, I finally store a copy of the most important data on the cloud, for safe keeping if something should go badly wrong in the house (I hope that never happens). This is usually data coming from the first level of backup. This data, are never removed form the cloud. Instead, every time I add something, I put the date in the name itself of the backup file, so that an historical archive is safely stored off site.
You can see how each level of backup stores a older version of data than the previous one. This way, files that are deleted from a computer can always be retrieved from an old backup, even though the most recent backups don’t have them anymore. You may call this one too an historical repository, if you are there for the big words.
And finally, here is a picture that delineates, hopefully better than words, what I just described.
To the next…
Backup your data!
Many people just assume that whatever they save in their computer is going to stay there forever, unless they delete it. Never a thought mas more wrong than that!
Computers are mostly made of solid state devices, which are supposed to last for a very long time without breaking. However, sometimes something goes wrong, for example a power surge, and a component on the motherboard goes away, or the whole motherboard fries up, or…
Did you ever think of the hard drive? Yes, that device that actually holds all your data. That is the most fragile piece inside a computer. Why? Because it is a mechanical device with moving parts! Moving parts are subject to friction, and they expand and contract when temperature changes. They get old, then they break. And usually they break way before other parts of the computer reach the end of their lifetime.
Then… what happens to the important things that you stored on the hard drive? All those pictures, and songs, and important documents, and…
Don’t wait ’till the worst happens. Take action immediately. Avoid blaming yourself once the disk dies and you haven’t make a copy of your data.
Take a USB drive, or a recordable DVD or a CD-ROM, and make a copy of all your data on it. Use several of them, if one is not enough. Even use an external removable disk. Then, once you have the copy of your data, store them in a safe place, ready for that day when your disk will break, and you’ll have to recreate your data on a new device.
Pretty easy, isn’t it? Just a little time spent once to make you sleep with no worries. Well, be careful! Every now and then you are surely going to change something in your data. Maybe you are going to add new stuff, like new songs, or new documents, or that video you were looking for since a long time.
Do another backup, save all those things that have changed, or you will end up with an old copy of your original data without the most recent updates.
Yes, I know, it is a never ending chore, but believe me: it is worth it.
Finally, if you want to play really safe, establish a routine:
Do periodic backups
Store a copy of your backup off site (what about if a fire or a flood strikes right where you keep both the computer and your only copy of backup?)
Think about the possibility of storing your data over the Internet, in the so named cloud. There are several on-line services that make available a certain amount of space to store your files in their servers. And if that space is not enough, for a small fee they can give you plenty of extra space and, one day, you’ll be happy you’ve done that.
Next time I will talk again about this topic. I will describe the routine I’ve established for my own computers, so to give you an example of how you could deal with your own stuff. Remember, nothing is perfect. What works for somebody may not be OK for another. In the end you have to decide how you want to protect your data, if at all. But a good example is a place to start, something you can think about to decide how you want to handle your stuff.
Sleep well.
Virtual Machines (1)
What is a Virtual Machine?
If you run a Google search for the definition of a Virtual Machine, you get something like this:
In computer science, a virtual machine (VM) is a software implementation of a machine (computer) that executes programs like a real machine.
A software emulation of a computer that runs in an isolated partition of a real computer; A computer system that is implemented in software …
A simulated computer in that it runs on a host computer but behaves as if it were a separate computer.
…. and several more definitions.
But what that really means for us? Simply put, think of the Virtual Machine as a program that runs on your computer and acts like a computer in itself, a computer where you can install an operating system, like MS-Windows or Linux, and where you can run programs for that operating system. And that operating system may even be different from the one installed on your actual computer.
OK, you might say, so what? I already have a computer and I have already my Windows 7 happily running on it. Why would I care to use a Virtual Machine to install another OS? Couldn’t I do that simply by double booting my machine? I could install both Windows 7 and Ubuntu, for example, and when I turn on my computer I choose which one to use.
True, that’s a very good point. But think about this now: what if you want to go back and forth from one OS to the other? What if you are running an application on Windows, for example, and then you want to run another one from another OS? Ubuntu, for example, or Mac.
Do you start seeing the point? One of the great things of using a Virtual Machine, is the possibility to run side by side programs that can only run on a specific platform. So, for example, you could be able to run at the same time an application from a Mac computer and another one for a Windows computer, keep them side by side, and be more productive that having to reboot your computer every time you have to switch from one application to the other.
Or maybe, you are one of those guys who likes testing all possible programs that come in your hands and, once you are done, you may want to discard some of the programs from your computer, leaving no traces of it. Using a Virtual Machine to emulate a PC would just help you on this. The Virtual Machine would create an isolated environment for you where you can do all the experiments you like. Then, once you’re done, you could actually remove from your computer the whole Virtual Machine and leave your PC exactly the way it was before you started your experimentation.
And what about browsing on the Internet with the constant fear that you could catch a virus that would infect your machine and damage it? Again, a Virtual Machine would help you in this case, because the virus would be imprisoned in it, unable to spread in to the host computer where the Virtual Machine runs. Stopping the Virtual Machine and simply deleting it, would eliminate the virus from your computer with very little effort.
Finally, running a virtual machine on your computer, would allow you to run that old program that you liked so much and that is not supported anymore in your new version of Windows. How about that?
Am I intriguing you? I really hope so because when you’ll experience all the benefits that the use of a VM can bring to you, you will actually starting loving it.
So, follow me through the next posts, and I will show you how you can actually install a Virtual Machine Manager on your computer (any OS you are using will work), and how you can use it to safely browse the web, or run your old programs, or experiment with a new OS by installing it and all, without altering the setup of your real computer.
See you soon and … Happy browsing.
Online Safety for the Kids (2)
Here we are with the second part of this topic discussion.
This time I will talk about how I setup the proxy server in my Linux box to provide blacklist capability in my network. As explained in Part 1, the proxy server intercepts any web page request made from a browser and checks the requested URL against a blacklist. If the requested web site matches one present on the blacklist, the proxy server directly responds to the request with an error page, preventing the actual web site to respond to the request itself. If there is no match, then the request is forwarded to the actual web site, and the response goes back to the browser that made the request.
Seems complicated? Well, it really is more difficult to explain that to see it working. Fortunately, after a few steps to set it up, the program does all by itself, without any further control on your part.
Please be advised that the procedure I’m going to present reflects what I did on my Linux box, which is equipped with the Fedora 11 distro. If you have a different Linux distribution, the procedure may change a little bit, as different distributions use different ways to download packages and sometimes they store the configuration files in different places. So, please refer to the documentation of your distribution for further details. I also used Squid as my preferred proxy server. If you decide to use a different one, please use this discussion only as a high level reference and read the documentation of your proxy server for the details.
Along with Squid, I also installed squidGuard , which is the actual tool that handles the blacklists and runs under Squid.
Note also that there are two ways to make the browsers in your network use the proxy server for their web access. One way is to configure each browser to use the proxy. Another way is to configure the network so that all the requests are automatically redirected to the proxy. Of the two solutions, I decided to go with the first one that, at the moment, seemed the simplest to implement. However, keep in mind that such mechanism may be counteracted if people change the browser configuration to bypass the proxy server. In such a case, you may want to consult the proxy server documentation to implement the second solution. Right now I didn’t have the need to do so.
And finally the installation and configuration procedure:
Download and install the Squid package on your Linux box. I easily accomplished that by using the Add/Remove Software tool available in my Fedora 11 Linux Distribution.
Create a Squid configuration file named squid.conf on the Linux box in the following directory: /etc/squid. You can download my copy of the configuration file here (right click and choose Save Link from the context menu). Note that my configuration file already contains the reference to squidGuard to redirect the browser request to the error message. If you don’t use my configuration file, please make sure you add the redirection instructions for squidGuard.
Download and install the squidGuard Package. Again, you can use the Add/Remove Software tool or the tool that comes with your Linux distribution.
If not already there, create the directory /var/squidGuard and copy there the script shalla_update.sh . My own copy of the script is available here for download.
Download the blacklists by running the script shalla_update.sh. Make sure you do so with root privileges. You’ll see that the new directory /var/squidGuard/blacklists will be created. Note that, for squidGuard to work correctly, the mysql service must be running in your Linux box. I will assume here that you know how to do that but, in any case, post a comment to address the issue and I will reply with the necessary information.
Create the configuration file for squidGuard. Believe it or not, it is named squidGuard.conf and needs to be located in the directory /etc/squid , along with squid.conf. A copy of my own version of this file can be downloaded here . You will have to edit this file to define the blacklists that you would like to use. Use those that I selected as an example on how to do it, and look under the directory /var/squidGuard/blacklists for the complete set of available blacklists.
At this point everything we need is installed and configured. We just need to learn how to actually start Squid. To do so, the easiest thing is to execute the following command as root:
service squid start
If everything was done correctly, squid will start running happily until you shut down the box.
And here comes a little problem: when you turn the box back on, Squid will not be running anymore! To avoid the inconvenience of manually start Squid every time you reboot your machine, you’ll have to tell the computer to automatically do so. This is achieved by running the following command as root:
chkconfig –level 345 squid on
Once that is done, you don’t have to worry anymore to start Squid. The computer will take care of that automatically every time you turn it on.
I’m sure now you are wandering about how the blacklists are updated. In fact, people continuously keep adding new web sites and new pages. How can we keep up with all the changes worldwide? Well, we don’t have to do so. The Shalla organization takes care of that for us. We only have to run again the script shalla_update.sh every now and then, so the blacklists in our computer get updated. I do so by running the script every night, to make sure I catch all the most recent updates. You may choose to do the same, or instead do that once a week or once a month, depending on how long you feel comfortable to wait between updates. Anyhow, don’t waste your time doing updates more than once a day. The blacklists on the Shalla web site are updated only once a day, so there is no good in running the script more often than that.
That’s all, right? Hum… no, there is just one more thing: you have to instruct the WEB browsers in all your computers to point to the proxy server, so they will forward the users requests to Squid rather than directly to the WEB sites. This procedure depends on the browser you are using. I will show you how to do it for Internet Explorer and for Firefox. Other browsers, like Opera or Chrome, use a simila procedure.
Setting the proxy server in Internet Explorer:
Open the Tool menu and select Internet Options . Click on the tab Connections . Now click on the button LAN Settings and, in the dialog that comes up, select Use a proxy server for your LAN . Then add the IP address of your Linux box in the Address box and the number 8080 in the Port box (if you changed the port number in squid.conf, then put your number here, otherwise 8080 will work just fine). Click OK to close all the dialogs and accept the configuration changes. You are ready to go.
Setting the proxy server in Mozilla Firefox:
Open the Tool menu and select Options . Click on the Network tab. Click on the Settings button. Click on the radio button for Manual proxy configuration . Now write the IP address of the Linux box in the HTTP Proxy box and the number 8080 in the Port box (if you changed the port number in squid.conf, then put your number here, otherwise 8080 will work just fine). Check the box Use this proxy server for all protocols and click OK to close all the dialog.
OK, done. Now it is time to test the browser and make sure it works as expected. Try to request some WEB pages and make sure they are correctly retrieved. Try to request a WEB page you now is in the blacklists and check that an error will be reported and the web page is not retrieved.
If everything works fine, you’re done. Otherwise, review all the previous steps and make sure you didn’t miss anything. If you still have problems, drop me a note and I’ll try to give you some extra advise.
Thank you all for following me through this long exposure. I hope it wasn’t too much boring and that somebody may actually find it useful.
Happy browsing and … see you next time.
Online Safety for the Kids (1)
Ever faced the problem of let your own kids browsing the web without your supervision?
Here is the problem I had to solve recently: my daughter was about to turn 16 and she was eager to have her own computer on which to do her homework, handle her e-mail, socialize with her friends on-line, and do some research on the web. All of that without being subject to take turns with her brother on the family room computer.
Put it like than, everything seems to be very innocent and safe. But we know very well what lurks on the Internet, ready to jump on their prey. Or maybe just some inappropriate site that you really don’t want your kids to see.
So, how to solve the problem of giving my daughter her own computer, installed in her own room, where both my wife and I cannot really supervise?
I’m sure many of you are already thinking at the many programs available on the market that deal with these kind of things. Programs that you buy, and then you have to pay a subscription to keep updated the database with the blacklisted web sites.
The point is, I don’t like those programs for different reasons:
I have little or no control on what can be put on those blacklists
I have to pay for the program
I have to pay the annual subscription or the database that comes with the program becomes quickly obsolete and basically useless.
What to do then?
Well, I happen to have an old computer that I use to experiment with Linux (you heard about it, right?). This is the kind of operating system that many web site providers use to handle their servers. It is a very powerful OS, it is very stable (you can keep the computer on for weeks without ever needing to reboot it). And it is free. Since I had that, I thought: why don’t I use this computer (the Linux Box, as it’s named by the Linux community) to run a program capable of intercepting and filtering all the web traffic on the home network? Since it is Linux, I have the opportunity to look at the huge list of open source code available on this platform, and surely I will find something that can be used for my purpose.
So, I started studying the problem and came up with a very simple, efficient , and absolutely free solution for my problem: a program that acts as a proxy, like a middle man that sits between each computer in the network and the Internet itself, filtering everything that goes back and forth, and selecting what can be viewed and what cannot. It’s name: SQUID . Yeah, like the name of that very tasteful mollusk.
So I set it up on my Linux Box, made a few adjustments to the network configuration, installed its companion squidGuard , configured the blacklists the way I like it, and let it run.
It is now running in my home network since about a month, smoothly and efficiently, and I have to say it really does a good job the way I desired.
Want to know the details? Keep watching this blog. Next time, I will describe all the details on how to set it up. And don’t be scared. It is not a difficult thing to do. If you ever had the need to install a program on your computer, then you are expert enough to handle this one too.
Hope to see you soon here again…
