Sheepishly
Yet utterly unlike a sheep. Last Sunday, we were out at Cabaret Night at Annapolis Shakespeare. It was song and dance and showtunes from the 50’s, and the joint was rockin’! So much fun I forgot to post. And as I remembered, each ensuing day, well, I was at work, not relaxing at home, so I kicked the can down the road and here we are. The cabaret was wonderful, as always. Up next at the theater, another Cabaret Night, 60’s this time, and then it’s time for Pride and Predjudice to open (runs for 6 weeks starting on March 15). So good, so looking forward to the work!
Computationally
I’ve been building out new infrastructure for this joint, and for the home server. FreeBSD 12 has been out for a while, and I wanted to upgrade at a reasonable pace, rather than waiting for the 11 branch to go out of support. Additionally, unlike the transition from 10 to 11, I’m not upgrading these systems, but building out fresh, and doing clean configurations of the services I really need (and leaving every prior experiment behind).
Additionally, for home backups, I’m migrating to using the Free edition of the Veeam Agent for Windows. I’m a big fan of Veeam, and there are features in the free agent that are perfect for my needs.
First, the backups can be encrypted. Do that. Keep the credentials in a password manager software, use a good passphrase, and secure your backups. Why? Because you plug in the disk, run the backup, unplug it and take it offsite (like to work, or keep it in the glove box of your car). Because the backup might be in a less-than-secure environment, encrypt that backup.
Secondly, by default Veeam runs backups based upon changed blocks in the volume, rather than changed files. So if you edit a few bytes of a huge document, you may only have to back up a few tens of kilobytes instead of the whole file.
Finally (for me, there are lots of features), while Veeam defaults to configuring a job with a calendar schedule, that doesn’t make much sense when you’re backing up to media (say, a 1TB USB3 mobile disk) that only gets plugged in when you remember to bring it home. The answer is to change the job schedule to simply run automatically when the media is plugged in, then eject the media when the backup is done. That’s about the best you’ll be able to do. Why is this important? If you click on a malicious link in an email, and your AV solution lets you down, some jerk’s ransomware will encrypt or wipe every file on your system. Your backup won’t help you IF it’s also attached to the system, encrypted or not. Only attach your backup disks for as long as you need to run the backup.
One last point – every once in a while, plug up the backup disk, and restore a file or two and check them. Backups are wonderful, but you don’t know if they’re good unless you test them, regularly. You don’t want an emergency restore to be the time you find out that the backup wasn’t really working because you misconfigured the job, or the disk has errors, or whatever.
Bottom line: Make backups. Encrypt the backups. Test the backups. Only leave them connected for as long as needed for backups and testing. Store your backups offsite – a disaster that takes your house shouldn’t take your precious data, too!
Winding Down
It’s been a slightly busy weekend – we celebrated Marcia’s birthday on Friday, so I took off work that day. We hung out, did stuff together, and went out to supper in the evening. Saturday was a total write-off. I relaxed. Today was shopping and remote work and haircut and coffee roasting, oh my! Tomorrow’s a holiday, so it’s a four day weekend, but I have an office that needs cleaning, yet.
DoD announced no new casualties in the last two weeks.