On 12/26/12 10:05 AM, Ben (B.K.) DeLong wrote:
Hi all -
Hope everyone had/is having an enjoyable holiday break. I'm at my new gig and thinking about being more vigilant regarding the separation of personal life and work technologically. Any access of personal files or activities, while at work, is done via a Portable Apps setup through a Mountable TrueCrypt drive stored on DropBox.
Surprised that works well without corruption... Although for a whole drive it would be a bit of an efficient storage use issue (requiring just periodic reset maintenance), SparkleShare+Gitolite git server via ssh is a great combination, with clients for Windows/Macosx/Linux or you can use any git client. If the git server were storing into a TrueCrypt loopback on the server, you'd ruin offline attacks against your data. Simply sync to another drive somewhere to get redundancy. Why not run an ephemeral VM (VirtualBox is free) that mounts a local host TrueCrypt volume that is a cache for SparkleShare/Git. You could run the VM from the TrueCrypt volume, but then it would be mounted on the local OS and Panopticon-like admin / system software would get to it. An ephemeral VM (that doesn't save updates to disk) that mounts the TrueCrypt volume is more difficult to attack. This was always a feature of VMWare; not sure how to do it with VirtualBox. Perhaps with snapshots or similar COW drive mounts with the drives in the TrueCrypt loopback. The VM should tunnel all network traffic over SSH to a shell server somewhere, home if you properly setup incoming ports. Use dynamic DNS to get to it or something simpler (file on the ssh server is enough). It's not to hard to get the beginnings of cover traffic to make traffic analysis tough. This could be done various ways from random data, traffic sensing reaction, to a smart tunnel that directly augments traffic patterns with chaff. Modify netcat and then run that over SSH socket proxies.
It syncs regularly and while most of the activity is over SSL, I'd like to ensure any and all activity being done from those particular applications are done either over an encrypted hosted VPN or (if I must) a hosted virtual machine that I can VPN/remote into from work.
I'm not trying to be surreptitious here at my new job, but at the same time, I've been trying to find the sweet-spot to this "secure, portable, backed-up virtual office" solution for a while and the VPN or Virtual machine setup is my last piece.
I'm looking for something that's no more than $10-$30 a month. But I am open to alternatives if I replace the dropbox solution.
I've been running a colocated machine one way or another since 1992, with my own DNS server, etc. When I get around to building almost-never-fail mini-servers, I have at least two other stable but seldom visited locations to put servers. I currently have an underused Linux box with 4 large drives and 10Mb symmetric unlimited use. The hard drive wears out about once every 2 years; it gets rebooted about once every 6-12 months. It would probably be a good idea to share it and defray some of the costs, especially while I'm in (relative) vow-of-poverty startup mode again.
Many thanks in advance for thoughts. I'll share what I come up with.
sdw _______________________________________________ FoRK mailing list http://xent.com/mailman/listinfo/fork ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE