Zen Data Management, Backups & the Cloud

Contents

We present the basic notions for use of the Desktop Environment in LUbuntu Linux, search engine configuration and data protection and security. The content is organized as follows:

  1. Introduction and General Issues
  2. Basic Use of the LXDE Desktop Environment
  3. Installing Software from the Software or the Package Manager
  4. Choosing the Preferred Search Engine
  5. Support for Non-Free Multimedia Formats
  6. Basics About Data Protection and Security
  7. Using, Securing and Partitioning an External Drive
  8. Automating backups using rsync

Introduction and General Issues

First, to understand the depth of problems related to privacy with Information Technology (IT), and why you want to run away for proprietary operating systems like Windows and Mac OS, see my page about Privacy, Dependence on Providers, Sovereignty and Digital Alternatives.

We assume here that you are using a Free Operating System (OS), and the examples we provide are based on the default desktop environment for the lubuntu linux distribution, which is called LXDE. Similar tools and procedures are available on all desktop versions of Linux distributions.

We explain the basics about the desktop and accessing the main features such as language configuration, installing free software, manage data security, and organize backups.

Basic Use of the LXDE Desktop Environment

On the bottom-left corner of the screen, a "start button" provides access to the different menus of the OS's desktop environment. The figure below shows an example about how to configure the language for the desktop's interface. The current language is English and the example shows how to set it to French. Disconnect the user or reboot for the change of language to take effect.

a) Accessing the languages tool
b) Adding/Selecting the language

Figure 1. Selecting the Desktop Environment's language.

By right clicking on a menu item in this "start menu", you can create a shortcut on the desktop, such as the ones appearing on Figure 1.a. The shortcuts on the figure are the text processor Libre Office, music and playlists player Clementine, image editor GIMP, Web Browser Firefox and e-mail/newsfeeds reader Thunderbird. The LXTerminal from the "System Tools" menu provides access to a terminal for the Command Line Interface for the OS which, as we shall see, allows to automatize some tasks such as data backup.

Installing Software from the Software Manager or the Package Manager

Suppose for example that you want to install the libreoffice suite, which includes a text processor, an excel-like calc-sheet software, a picture drawing tool, etc. You can first look for it in your favourite search engine, and find documentation about how to install with Ubuntu (see Figure 2.a below).

Once you have the right information about the software name (for example office), you can search for that software name in the Software Manager, which you can access from the "start menu" (Figure 1.a), and then System Tools, and then search for the software you need, as shown in Figure 2.b below.

a) Searching documentation for Libre Office
b) Installing from the Software Center
c) Searching for a Screen Capture utility
and instructions in the Ubuntu Wiki
d) Searching from the package name gnome-screenshot and installing from the Synaptic Package Manager
Figure 2. Looking for software and installinf either from the Software Center or from the Package Manager

Now, the Libre Office suite, for example, includes many features such as drawing, adding support for exotic fonts or languages, drawing, calculating, etc. Those are generally organized in separate Software Package, which are related through dependencies. You generally don't have to worry about the dependencies, as they are managed automatically, by installation of the required packages for the software you want to install.

There is, however, a so-called Packages Manager for a more refined installation of software on a package er package basis (still automatically taking care of dependencies; don't worry...). On Figure 2.c, we see how, by searching for a screen capture utility, we find a page in the Ubuntu Wiki, about a package called gnome-screenshot which looks great (remember, all of this is free, so, you can always try it and uninstall if you don't like it...). On Figure 2.d, we show how to search that package in the Synaptic Package Manager (still in the System Tools), and check the box to select it for installation.

Choosing the Preferred Search Engine

In the preferences of Firefox or Brave, configure your preferred search engines. Here is how to do it for my favourite search engine Qwant:


Figure 3. Setup of the default search engine in Firefox's preferences.

Support for Non-Free Multimedia Formats

Multimedia contents, such as videos or music, are often protected by proprietary software or hardware locks, such as Digital Rights Management (DRMs) techniques. See this section for an introduction to DRMs. Specific software must be installed on Linux distributions such as Ubuntu in order to be able to read those protected contents and use them.

The installation of this software is kept separate from other free software, as the use of such software might be subject to legal restrictions in some country. Make sure that the software you use is not illegal in your country (see the section about laws in the wikipedia page about DRMs).

Here are pages from the Ubuntu Wiki and Help pages in French and in English about the packages to install and their configurations. That includes the Libdvdcss software library to decode the Content Scramble System (CSS) which encrypts the content of video DVDs, and similar protection techniques used to protect sometimes audio CDs.

There are also a number of non free software repositories with software packages such as flashplugin-installer which allow to use proprietary plugins like the flash player plugin for Web Browsers. See also the page about safety and privacy while Web browsing and related privacy issues, and in particular this section explaining the difference with open standards and this section about the use of proprietary plugins

Basics About Data Protection and Security

The most important notions to understand for basic management of computer security are having good passwords and the use of encryption. A password or a passphrase gives you access to a protected resource/computer. Encryption makes more difficult to access some protected data.

A good password must resist the most common attacks by hackers. There are two very common types of attacks:

  • Brute force attacks by trying all the different words or names (e.g. all known first names, words in the dictionary, etc.). To avoid this attack, don't choose a password such as family name, common nickname, known word, etc.
  • Brute force attacks by trying all combinations of characters. To avoid this problem, choose passwords that both have sufficient number of characters, at least one digit, at least one lower case letter, at least one upper case letter, and at least one "special character" such a *$?/@. Example of such a password: dTgg05@2kW=

At last, you should not use the same passwords for different sites, as a breach in the information system of one site could then compromise your personal data on other sites (for example an e-mail account with a well known e-mail service provider), and lead you to be also exposed to impersonation, with criminal organizations contacting the people in your address book (contacts), for example asking for financial help...

You can find on this page a more general presentation of privacy in relation to Web Browsing, and how to protect all of your complex passwords and use them without having to remember all of them, or having to key them in each time you need them.

Encryption allows you to protect some data or message, such as a credit card number used to pay on the internet, or such as the data on your hard disk, or the data you send to a cloud provider (for example for backup). In order to see the protected data, someone would have to know some secret passphrase or some encryption key.

There are different levels of stronger or weaker encryption and protection for the data. With a weaker protection, someone with skills and resources who is determined to read the data can design an attack which will be successful to access the cleared data. A stronger protection generally requires more skills to implement and use.

A reasonable precaution before sending some data to a cloud storage for backup is to create an encrypted archive. You can do that in the file manager in LXDE as follows: right-click on a chosen directory to backup, and chose "Compress...". This will open a dialog in which you can chose a compression method (for example ZIP), and allows to protect by a password.


Figure 4.Create an encrypted ZIP archive from a directory.

This will create a unique file containing all the directory, which is called a compressed archive. In order to unpack the archive and create a copy of the directory, you will have to provide the password.

Using, Securing and Partitioning an External Drive

This section is organized as follows:

What is an external drive and what for?

An external drive is a device such as a USB stick, a USB large storage device (external HD), an SD or Micro SD memory device. For example, in order to transfer MP3's to an android phone, if the phone has an external Micro SD slot, you can use an SD<--->Micro SD adapter to transfer your MP3's and the playlists from Clementine (configure Clementine to use "relative paths" for playlists and chose the M3U format for playlists, with file extention .m3u). On other devices, the USB connection between a smartphone and tne computer might be supported to copy the files to the internal memory of the phone. Those operations, however, are liable to be restricted or made impossible by Digital Right Management(DRMs) techniques. See this section for an introduction to DRMs.

In order to use an external drive for backups (you will probably NOT chose the Micro SD card for this!!!), you should consider the following:

  • Some formats are supported by proprietary OS such as Windows, and some are not supported. Generally, Microsoft, Apple and (to a lesser degree for now) Google all want to make it as hard as possible for you to use Linux.
  • An encrypted Linux format such as in the example below (which is not supported by proprietary OS) is generally much safer, not only against prying, but also against viruses and malware (see this page for a summary...) on board the USB drive.

Partitioning of a hard drive

To see the partitioning structure of your hard drives and external drives, chose "accessories" in the "start menu" like in Figure 1.a, and then chose Disks. The corresponding software will show you the different storage devices connected to the computer, including the hard disk containing the operating system which is currently running.

Warning: Don't perform any operation on the active hard drive as this is liable to break the system completely. You would need a live drive to change the partitions on that hard drive.


Figure 5. The partitioning structure of the hard drive
(with ID /dev/sda in the example)
containing the operating system which is running,
including one Windows and one encrypted Linux.

Advanced operations on an external drive

In the following example, I create two different encrypted partitions with different passwords for two people who want to share the drive, while preserving each other's privacy. Each of these two users will chose her own space in the file manager and type her own password to pen her backup space (See Figure 6 below).

Warning: All operations on the external drive will destroy any existing data on the affected partitions. Make a prior backup of the data if you need it.
Make sure you're not confusing the external drive with an internal drive.

The steps to prepare and format the drive are as follows:

  1. Delete all existing partitions by selecting them and clicking - (minus sign button to delete the selected partition)
  2. Create, one after the other, the two partitions by clicking + (plus sign button to add a partition), with a chose size (in megabytes) for each of them. Chose the LUKS+Ext4 encrypted format, and set your passwords.
  3. After those operations, the partitions might still need to be formatted
  4. Select the partitions and, one after the other, chose the "Format..." operation. Again, chose the LUKS+Ext4 encrypted format, and set your passwords.
  5. The disk is now ready to use. You can always change the partition's passwords here (but you will be requested to provide the current password)
a) After deleting all partitions
b) Create the first partition
c) After creating the both partitions
d) Format both partitions (LUKS+Ext4)
e) After formatting the both partitions

Figure 6. Securing and Partitioning an external USB drive.

Using an External Drive (Potentially Encrypted)

Here is how to use (mount) the external drive's volumes from the previous example, use the (for example put backups on them), and then safely remove them after unmounting them. Here are the main steps in that usage:

  1. As you insert the USB drive, you are prompted for the password to unlock the volumes. You may chose "Cancel" if a confusion between several volumes may arise, and unlock later.
  2. The two still locked volumes appear in the File Manager, each with their sizes (approx. 15GB and 16GB in the example)
  3. As you click on one of the volumes (say Teammate-A with size about 15GB), you are prompted for the corresponding password to unlock as in a). Enter the right password and the volume is mounted and open.

Don't forget to unmount the volume before you remove the USB drive after use.

a) When inserting and encrypted drive
b) File manager with volumes unmounted
c) File manage with the volume Teammate-A mounted and open

Figure 7. Using a partitioned and secured external USB drive in the File Manager.

Automating backups using rsync

Now, we want to do the following:

  1. Create a so-called shell script which will automatically backup a directory directoryToBackup at the root of the home directory of a user (this is the directory /home/remy/directoryToBackup/ in my example), and create a copy of that directory, under the name destinationBackupDirectory, in the volume Teammate-A of the encrypted volume in the USB stick ans used in previous section (so, the destination directory in this example is: /media/remy/Teammate-A/destinationBackupDirectory)
  2. To make thinks properly, we shall put that script in a subdirectory of the home directory of the user which will be dedicated to contain such scripts to automate daily routines. This subdirectory will be called bin (in a standard way). Hence, in the example, we create a directory /home/remy/bin/
  3. The we make the script, placed in that bin directory executable, and use it for the backup. You can of course change the names and paths of the directory to backup and its destination directory by editing the script.

First, create a new text file named backupDirectory-A.sh and containing the following Shell code (copy-paste exactly the code, changing only the directory names if you need):

#!/bin/sh

rsync -avz -l -t -r -P -u --delete --filter=:C --include '*.old *.bak  *.BAK  *.orig  *.rej .del-*  *.a  *.olb  *.o *.obj *.so *.exe *.Z' --exclude '/.cache' --exclude '/.local' --exclude '/.local/share/Trash/'  --exclude '/Desktop' --exclude '/.xsession*' --exclude '/.Xauthority' --exclude '/.config/' /home/${USER}/directoryToBackup/ /media/${USER}/Teammate-A/destinationBackupDirectory

Make sure the software package rsync is installed

Now, create the bin directory at the root of your home directory (click "Home Folder" in the file manager to go to the root of your home, then right click and chose "Create new..." then "folder", with name bin). Place the backupDirectory-A.sh script file previously created inside it.

Now, set the permissions as on Figure 8.a for the script (right-click on the script and chose "Properties..."), and as on Figure 8.b for the bin directory. Check the content of the bin directory on Figure 8.c.

At last, open the volume Teammate-A ans in the previous section, and create a sub-directory destinationBackupDirectory if it doesn't already exist (see Figure 8.d). Make sure the directory directoryToBackup to backup also exists (create a small directory with dummy test content for the tests if you like...).

a) Permissions on a Shell script
b) Permissions on the bin directory
c) The content of the bin directory
d) The content of the Teammate-A volume
Figure 8. Preparing for the use of an automated backup script.

Now, everything should be in place for us to execute the script. From the file manager in the bin directory, open a console from the Tools menu "Open current folder in Terminal". In the terminal, type:
./backupDirectory-A.sh
You should see some information about the data being transferred (or an error message if you made something wrong... try to understand the message and if you cant't: check everything again).

You can proceed further by making the script available from any directory, or making the backups to another computer over the network, etc. You can find resources such as my own lecture about server administration or resources about Ubuntu or Debian in different languages here in French, here in English, here in different languages and formats. But ultimately, it's pretty much about spending some time and using search engines...