Hola, cariño: > Neplokho. Woodchuck = surok, po-russki. Somewhat smaller than a > mamont. Cuter, too. My girlfriend: > http://www.bedford.net/users/djv/chuck1.jpeg
привлекательный! > Can I assume it's this? Do I understand properly? I'll answer point by point > > Problem: > > 1) A laptop, on one of its internal hard-drives has a > large collection of data in some directory and subdirectories, > say /home/vim/data/... These data is plaintext, i.e. unencrypted. > 2) As time passes, these data are changed, sometimes these > changes are few, sometimes major. > 3) Periodically, it is desired to backup these data to a > USB drive, and that these data be encrypted. WRIGHT! (I mean, right!) Even if not only is plain text, the fundamentals are the same > 4) Execution time of backups is important, and should, if > possible, be at the "impatient user" level, i.e. measured in minutes, > not hours. WRIGHT! As of now it takes me 30 min to tgz.nc all (tar, gzip and mcrypt) with blowfish > 5) Encryption should be secure enough to withstand routine > opponents (nosey office rivals, cow-orkers, casual thieves), but > need not withstand governments or torture. (The existence of the > encrypted data is not itself a secret, i.e. it need not be hidden > in pr0n fragments on "unused" areas of a disk, etc etc.) WRIGHT! Even if I am giving the backup file a new name; something like simulation2345dump.bin in a directory of the usb disk in which I have randomly put some binary files, so that it looks like a directory in which I made a computer simulations. The other files are also huge... I just have to remember to rename it to something fffff.tar.gz.nc if I want to recover the file and decrypt it > 6) Encryption should be painless. WRIGHT! I was even thinking of a cron job to look for a shell script. If my IP is that from the Institute, the laptop should do the backup. What's better, since it's an attached usb disk, there's no need for any prompting for scp passwords and everything runs by itself without requiring that I am physically there > 7) The laptop is moderately > secure digitally and physically. As secure as something with o'bsd can be. Of course, one can screw the hard disk out of the laptop but I don't expect any colleague to do that while I am at the cafeteria having lunch (only moment of the day in which I am longer than 10 min away from the laptop). The laptop is fine. I just care about the usbdisk which will stay there "alone" over the weekend and from 19h30 everyday > The USB drive is not secure. > 8) The encryption and backup scheme should be portable in > some moderate fashion. ... not necessary but nice if I ever have to do the same with GNU/Linux... if you're using specific o'bsd tools this will not be possible... but that's not a problem, because I am determined to jump to o'bsd 100% > > Things I need to know: > > 9) How much data *changes* on a typical interval between > backups. There is 6GB of data, assumed. Supposing that the > backup was done in an efficient manner, only backing up changed > files, how much data would have to be moved? (I'm thinking of > a solution using dump or maybe rdist. If feasible, this would > really cut backup time.) So, I have managed to reduce the size to 4.6GB... that's the absolute minimum. For that I delete all ~ files, gzip all ps, txt, eps, and live with really only the basic things I need for my daily work (no music there or pictures or unnecessary documents etc) If I made a diff from what I have now and what I will have next week by Saturday, I don't expect to have more than 20MB added to that, in the worse case. Those 4.6GB are the result of more than six years of unix work. I was even thinking of using subversion to "live" in a repository and svn add and commit from time to time... but then paranoia knocked > > 10) Is the USB drive plugged in and available all the > time, most of the time, only for designated backup sessions? > > I further assume that you do not want to work from the USB drive, > it is strictly for backup of encrypted data. One partition of it, > I mean. The data that you crunch and produce is on the laptop's > permanent drive. Right? that's right.... the usb disk will be mostly for backup and also to store some huge files, but in any case it'll close to my laptop, so that I don't have to stand up or whatever and thus become lazy and delay the backup > > > hey, woodchuck, you've already been of big help! that's fine, don't > > worry more about this! > > But this is how I learn. It is also how I keep others from learning. > This kept me employed for ten years once, progressively building > reputation until I could hide all day in an impregnable office. oh, yes, I know the feeling, even if not in the unix world > > Knowledge takes work. People shun work. Hence knowledge can be > concentrated, packaged, massaged and later sold dear. In a town > with a good bakery, there will only be one baker; although flour > and yeast will be sold everywhere cheaply, yet bread will be dear yeast will be sold everywhere cheaply, yet bread will be dear > and everyone will patronize the bakery. The baker will spread > stories about the difficulty and expense of baking, the unpleasant > kneading of dough, the terrifying hazards of hot ovens, the > self-sacrifice required to arise early in the day. that's it! you got it, peeeeerfectly right > > > > > I am really ruling out vnconfig... too many caveats > > > > > > I have some cute ideas for vnd. > > > > look forward > > They include such stunts as writing to a raw partition, without > benefit of filesystems. i.e. something like dd if=tarfile.gz > of=/dev/rsd2e with appropriate blocksize. This is as fast as it > gets. I believe dump(1) can do this, too. Maybe in the interests > of newbieism we should forget about that exercise, as it will amaze > and mystify. I really really cannot speak Chinese, I swear it > > .... > > who's doctor Doom, btw? > > http://en.wikipedia.org/wiki/Doctor_Doom > > Also see this for the rodent tie-in: > http://upload.wikimedia.org/wikipedia/en/e/e8/DrDoomSquirrels.gif ah, yes, I even know him! If you really want a villain, try with one out of the Bush saga... Dr Doom is a Charity Lady compared to those... poka, Pau > > Dave > -- > "Confound these wretched rodents! For every one I fling away, > a dozen more vex me!" -- Doctor Doom > _______________________________________________ > Openbsd-newbies mailing list > [email protected] > http://mailman.theapt.org/listinfo/openbsd-newbies _______________________________________________ Openbsd-newbies mailing list [email protected] http://mailman.theapt.org/listinfo/openbsd-newbies
