Wednesday, June 16, 2021

2021 06 16                                                      SECURITY 
OK So far the new computer will have: 
  • CPU: AMD Ryzen 9 5950X CPU, 16 cores & 32 threads 
  •  Motherboard: ASUS ROG Crosshair VIII Dark Hero, PCIe 4.0 and more 
  •  Windows 10 Pro, full version, USB 
  

But first some words about security: BitLocker is Microsoft's full-disk encryption facility, and it works. The computer must be and will be BitLocker compatible. It turns out that BitLocker has almost no impact on performance, even gaming performance, so that's not a downside. I think that the the mobo (motherboard) should probably have a header for a TPM (Trusted Platform Module), and the "Dark Hero" does. I'm not certain about actually using a TPM though, because I think that the CPU or the firmware may also provide the necessary BitLocker functions. If so, the separate TPM module would not be necessary. In fact, last I looked, new ones with the right updates were kind of hard to find. On a previous computer I enabled BitLocker with a tiny USB flash drive and no TPM. Important point: Even if the mobo is compatible and everything is in place, BitLocker doesn't have to be enabled. 
 
If you're not a BitLocker (or Microsoft) fan, or you don't have the Professional version of Windows, an excellent alternative is VeraCrypt, an open-source and thoroughly-audited facility which has both a full-disk encryption mode and a file-encryption mode. In fact, the best security may be found with a combination, where BitLocker is used to encrypt the whole disk, and the most precious individual files are further encrypted with VeraCrypt. Examples: A lawyer's client files, an engineering company's proprietary designs, the computer owner's social security numbers, bank accounts, and website logon passwords. I do use both BitLocker and VeraCrypt, plus several more. 
 
Please do not use the same password for BitLocker and VeraCrypt, or for anything else. That would entirely defeat the additional security. That's what a password vault is for, and there are some very good free ones.
 
In addition to BitLocker and VeraCrypt, there are other very useful encryption facilities. For example, I use Macrium Reflect to back up entire disk drives, and those output files can be encrypted. I'm sure that some of the competitive backup facilities can do the same. There is also a free and widely-used zipping app called 7Zip which is better than the Windows zipper in several ways, especially because its zipped output files can be encrypted. Here is a partial list of a few handy encrypting apps:
  • BitLocker (requires Windows 10 Pro) 
  • VeraCrypt (replaces TrueCrypt) 
  • 7Zip 
  • Macrium Reflect (or competitors) 
  • KeePass (password vault, or competitors) 
  • EFS (Windows "encrypting file system") 
  • Lots more ... 
Macrium Reflect
Please PLEASE do not lose your BitLocker keys! Or your VeraCrypt passwords or PIMs, or any other encryption keys. There is likely no recovery except for your backups, and only then if the backups are UNencrypted or you know THEIR keys. Losing the keys is the same as a disk crash. Obviously, it's not a clever plan to keep the only copy of your encryption keys WITHIN the encrypted files. Please please write the keys on paper, or in a file within an UNencrypted DVD or flash drive, and keep that in a safe place, like a bank safe deposit box or your best friend's top dresser drawer, several miles away. Note: If you have more than one disk, you will have more than one key. You must save all of them. 

No matter what you think, the keys are not safe in the residence (or office) where the computer is located. Period.
 
Here is an only-slightly tongue-in-cheek list of risks to keeping the keys in the residence: Fire, flood, lightning, hurricane, tornado, theft, computer virus, ransomware, sinkhole, earthquake, termites, C-drive failure, smoked motherboard, smoked CPU, BitLocker failure, other encryption failure, Covid-19, another pandemic, asteroid impact, gamma-ray burst, nuclear explosion, coronal mass ejection, sun going nova, or bad luck. 
 
The point is: Some of these could actually happen, and WILL happen to some people who don't have their keys. Please don't be one of those. My residence is not safe, and neither is yours.
 
There is no rule against keeping the keys in multiple places. It's a really good idea. 

Backup is even (far) more important than encryption, and we have said little about it here. There is much more to be said about security, but saved for another time. 

The next post will get back to building a computer.

Sunday, June 13, 2021

2021 06 13

What computer shall I build this time? I'm a retired guy with an appreciation for excellence and (maybe) enough budget to do excellence. My computer experience started in 1962 with the University's Control Data 1604 using a magnetic tape operating system. Indeed, even though that computer cost a million dollars, disk was still a dream. My how times have changed.


I'm going to make (another) very hot, dual-purpose, world-class (if consumer-grade) Windows 10 desktop computer.

New Computer with RGB (LED) Fans
Photo by Don
Last February, 2021, I fired up a really nice new homebuilt desktop computer with an AMD Ryzen 9 3950X CPU, the gamey little brother of the Ryzen 9 5950X CPU, which is is arguably the hottest silicon on today's market. Both CPUs sport 16 cores and 32 threads with speeds that make them appropriate for BOTH gaming and content creation. At the time, I bought the 3950X instead of the 5950X to avoid scalper's prices and sellers with odious reputations. That computer is working very well, thank you, but perhaps I'll upgrade to the 5950X soon anyway. The ASUS mobo and everything else will support the big brother.

Now I want to build another new computer just because it's fun to build hot computers. I don't really have any use for it yet - perhaps I'll sell it, or use it and sell the first one. Cost is an issue, but performance is a bigger one. Here are some features that are already pretty much decided:

Photo by Don

Processor: AMD Ryzen 9 5950X. I'll get one somewhere, maybe two. Prices are coming down and the sellers are looking more reliable. In fact, BREAKING NEWS, last week (June 5, 2021) Amazon was selling these from their own warehouse to prime members, with 3-week delivery, at the AMD list price of $799. Today they aren't, though. Sigh. Guess I should have snagged one when I could have. Yep. 

More BREAKING NEWS - I just ordered one from Amazon Prime with delivery in July. $799.00 Sold by Amazon, shipped by Amazon. And just now I hear that delivery will be in June after all. I like Amazon.

ASUS ROG Crosshair VIII Dark Hero,
 Image borrowed from Amazon

Motherboard: ASUS ROG, X570, exact model to be determined. TUF? STRIX? Crosshair? What kind of a name is "Crosshair" anyway? (oh, it's a rifle sight). Or "Strix" for that matter (a mythical bird of ill omen). I choose ASUS only because I have some experience with ASUS. Most of that experience is good, though not all. Is there a better mobo? Comments invited. Maybe this isn't so very decided after all. Having done some searching, I'd probably choose the same board that I bought before, the ASUS ROG Crosshair VIII Hero, though I was advised online not to waste my money on "that brick." 

Looking further, however, I'm now attracted to the newer ASUS ROG Crosshair VIII "Dark Hero" mobo. It's more expensive yet, but has every feature of the plain ordinary brick plus Wi-Fi, and seems somehow simpler and more straightforward. In particular, it doesn't seem to need its own fan to cool the X570 chips. It's just cool all by itself. $433.89. BLT (ShopBit.com).

More coming soon ...

Sunday, September 2, 2018

Which Flash Drives Are Best for Backup?

The most appropriate form of backup depends on the type of threat to the files. For example, a permanently-connected hard disk backup drive will protect against failure of the primary disk drive, but not necessarily against fire, flood, theft, viral infection, ransomware, you get the idea.

Online backup protects against most of those but it can be painfully slow and, in my own experience, may fail when recovery is required.

I do create monthly backups on archive-quality Blu-ray M-Discs, and keep those in safe places, but would like something more frequent and current.

How about a nightly flash-drive backup that I can carry with me if I like? Below are tests of some drives. All prices are Amazon Prime:

Corsair Voyager Vega (CMFVV3-128GB) USB 3.0 128GB Ultra Compact Low Profile Flash drive $53.99

Of the drives that I tested this is easily the best, though also the most expensive. I like the very small size, making it perfect for a complete backup that can be carried inconspicuously in a pocket, a wallet or purse, briefcase, shoe, wherever. A bright little blue activity light flashes during data transfer. The drive seems to get a little warm during transfer, but not hot.

Using a USB 3.0 port, the flash drive writes data at about 432 megabits per second (Mbps), which is about 9% of the 5,000 Mbps USB 3.0 standard.  My recent backups are 25 zipped files running about 77 GiB (82.6 GB) total, and the transfer is completed in about 25 minutes.

Using a USB 2.0 port with the same drive, the write speed is about 205 Mbps and the whole task takes about 54 minutes, more than twice as long as when writing from a USB 3.0 port. Maximum theoretical data transfer speed for USB 2.0 is 480 Mbps, so the flash drive is actually writing at 43% of theoretical. Not bad, but I'll stick with USB 3.0.

Lexar JumpDrive S75 (LJDS75-128ABNL) USB 3.0 128GB $33.29

Second in price, second in performance.  This flash drive has the same 128GB nominal capacity as the Corsair, but is physically much larger (see image), the largest I'm testing, and far from wallet size. Using USB 3.0 it writes at about 293 Mbps and finishes the 77 GiB job in about 37 minutes. It doesn't seem to get warm. It does have an activity light. If size is not an issue, it's a less-expensive alternative to the Corsair and about 2/3 as fast.

Patriot Tab Series Micro-Sized (PSF64GTAB3USB) USB 3.0 Flash Drive, $17.99 for 64GB, no 128GB version currently available.

Though it hardly seems possible, this drive is even smaller than the Corsair. It doesn't get hot. It has no activity light. The 64GB version can't take my entire backup, but a transfer of about 40GB yielded a write speed of about 169 Mbps, or 21 MB/s.

Sandisk Ultra Flair USB 3.0 32GB (SDCZ73-032G-G46) Flash Drive High Performance, $29.99 for 128GB.

This drive is a big disappointment. I previously held Sandisk in high esteem, based on prior experience, but this drive is WAY over-hyped. A lot of ballyhoo about high-speed USB 3.0 performance (even in the name), but it heats up and actual performance falls off dramatically after a minute or two. A 24 GiB transfer achieved a rate of about 166 Mbps, finishing in a little over 20 minutes. Lots of marketing, not so much product. It might be OK for some applications, but not for this backup. By comparison, the Corsair finished the same 24 GiB task in less than 8 minutes.

It gets hot to the touch when writing, and warm even when idle. No activity light. Note: Testing was done on 32GB models, not the 128GB model. I believed the hype and bought several, but they perform badly and I won't be buying anything more from Sandisk. Ever.

Testing platform:

The computer used for these tests is a two-year-old ASUS H170-Pro motherboard with an Intel i7 6700 3.4 GHz Quad-core CPU and H170 chipset running Windows 10. Five USB 3.0 ports and two USB 2.0 ports are available at the front of the system. The C: drive is an SSD, but only 4GB of the backup data comes from C:, the rest coming from Seagate SSHD hard drives on SATA 6.0 Gb/s ports.

More about the backup:

All of the tested flash drives are bootable on this system (and several other systems). In particular, they are intended to be used as Macrium Reflect Rescue media, with backup files then written and rewritten to them as desired.

All are USB 3.0. In my opinion, USB 3.1 is an unnecessary enhancement in a backup application unless the destination drive is actually able to write at speeds of at least 1 or 2 Gb/s, and no flash drives are that fast yet. Be wary of the 3.1 hype.

Read speed was not measured on any of the drives. They are backups, and if all goes well I will never have to read from them except very occasionally to verify that they are written correctly.

Prices are what I actually paid, and may change at any moment, most likely down.  This technology is moving fast, and no doubt new devices will soon make these obsolete.

Saturday, February 25, 2017

CyberPower CP1500AVRLCD UPS Review

Love the Hardware.  After four days (!), the UPS works exactly as hoped, or even better.

The software, not so much.

Hardware:

We have one nice, new home-built desktop computer and several laptops, all on a network.  The UPS serves three purposes, in order of importance:
  • Avoid harm from bouncing, flickering, up/down/up power failures like those we experienced several times last Monday.  Those erratic fluctuations put sensitive computers, disk drives, and disk data at serious risk.  I've had an older computer fail because of a simple down/up power outage.  Was it the power supply, the mother board, CPU chip, what?  Spare me!  Last Monday's repeated power failures resulted in an effort by Windows 10 to "repair" the SSD on this new desktop during one of the several reboots.  Was the repair successful?  I may never know, but was inspired to buy a UPS.
  • Keep the network running, including the internet (DSL modem).  The laptops mostly laugh at power problems anyway, being battery-powered already, so all they need is the Wi-Fi network to continue unaffected for a while.
  • Allow work on the desktop to continue undisturbed through short power outages.  That's why I bought a 900-watt UPS for a 110-watt load.  For any given load, a higher-rated UPS is likely to have bigger batteries, which will last longer when the power goes off.
Connected to the UPS are: (1) Computer; (2) Monitor; (3) DSL modem/router and WAP; (4) Network switch; (5) 3TB network drive; and (5) Speakers. According to the UPS display this array pulls 117 watts when the computer isn't very busy.  The sealed lead acid batteries in the CyberPower CP1500AVRLCD are rated at 9 ampere hours and 24 volts, for a nominal 216 watt-hours.  Thus my computer and the rest of the load might theoretically run for a maximum of 216/117 = 1.8 hours, or 108 minutes.

In practice the computer can pull much more, going up to 220 watts when the CPU gets really busy.  Moreover, there are inefficiencies in the UPS, and of course the UPS won't allow the battery to run all the way down, so I'd be content to get half of the 108 minutes.  Almost an hour, that's enough.  We live in a suburban city, and rarely experience outages longer than an hour anyway.  Indeed, when I unplugged the UPS from the wall, everything ran normally for 68 minutes, more than expected, even though I was actively using the computer throughout that time.

So the UPS works surprisingly well and I'm happy with the hardware.

Software:

The software is called Power Panel Personal Edition:

Nothing comes with the unit - no DVD or thumb drive in the box.  You have to find the software on the CyberPower web site, then download it.  Here is the link for the  CP1500AVRLCD Model.  Click on the Downloads tab.  The unit does come with a USB cable, providing the data connection between the computer and the UPS.  And see update below - that cable may be all that you need.

The Power Panel Personal Edition looks nice, with displays of power source, battery capacity, and estimated run time.  However, going into the Configure options and exploring a bit more, it turns out that the software INSISTS on automatically shutting down the computer AND the power to all device at some point.  Yes, the software will turn the UPS completely off!  You can choose whether this is a few minutes after the AC utility power failure, or a few minutes before the batteries will fail altogether, but those are the only two choices and it's going to happen.  When it does, everything goes down, including the network, in my case.

This is exactly the opposite of what I want in a UPS.  Power should stay UP as long as possible.  The software offers a brief (10 second?) popup window allowing the shutdown to be aborted, but you'd better not miss it!  I especially want this to work when I am not around.

When we have an AC utility power failure here, we really don't know when it will be back.  How about an option to shut down the computer, but not the UPS, when half of the power is gone?  Or a third, or two thirds?  This would allow the network to keep running, and for much longer than it would run with the computer and monitor drawing power.

Further, there is risk of data loss.  Much of the time I have applications open (e.g. VeraCrypt volumes, the Mail app) that shouldn't be open when the computer shuts down - they should be closed first, or data integrity is imperiled.  What is really needed is a way for the computer to interact with the UPS - to know whether power is coming from the line or from the battery, for example.  Perhaps a command-line script that could be launched when the UPS switches to battery power.  Power Panel Personal Edition provides no such hooks.

There is another version of the software, Power Panel Business Edition, which appears to be free, and which may have more functionality.  Perhaps someday I'll look into that.  In the meantime I will uninstall Power Panel Personal Edition.  The UPS itself has a very nice front panel which tells me what I need to know.

I've also developed a command-line script that detects whether the scanner and laser printer are both off line, indicating that AC utility power has been lost.  If so, the script waits for a programmable number of minutes (now 15) and then offers the user (me) an optional graceful shutdown.  It shuts down the computer (but not the UPS) if the answer is Yes or if the prompt times out after 5 more minutes.

Update 2016 February 27:

Since installation and uninstallation of CyberPower's Power Panel Personal Edition software, the standard Windows laptop battery-level indicator icon appears in the taskbar of the desktop computer if the USB cable is connected from UPS to computer.  Further, when the AC utility power fails and the UPS switches to battery, the computer recognizes that, displays the "percent full" battery status, and employs the special power options for turning off the monitor and/or shutting down when on battery, just as if the computer were a laptop.

I don't know if the battery-level icon showed up before the Power Panel software was installed - I didn't notice it.  It probably showed up as soon as the USB cable was connected and the CyberPower driver downloaded.  In any case the normal Windows power options, now present with the Power Panel software gone, are preferable to those offered by the Power Panel software.

My system still wants advance warning of a pending shutdown though, so that the shutdown can be done gracefully.  Therefore the command-line script mentioned above is still in place.  I've tested the software by unplugging the UPS, so now I'm almost (not quite) hoping for a real power failure.


Tuesday, July 19, 2016

Perhaps I'll Build Another Computer

Oops - the power went out and my old computer, the nine-year-old one that started this blog, didn't come back up again.  Power supply voltages looked good, but a new mobo didn't fix it, so I'll build a new computer and maybe fix the old one later.  It could serve as a server.

Requirements:
  • The old computer seemed fast enough, but the new one should be very modern and thus much faster.
  • Quiet.  I was very fussy about this when building the old one, and this one too.
  • Cool running - no worrying about CPU or anything else overheating.
  • Mobo capacity for at least two BD/DVD/CD drives and four hard drives.
  • Must fit under my desk drawer.
    Left side view
In other words, a sprightly, silent, cool computer.  I don't play games on it - no overclocking or overvoltage required, just reliability.

Nine years ago I chose the box, motherboard, memory, and everything else, assembling it all myself.   This time I took advantage of a company that builds "bare bones" computers from their stock, then ships the mostly-assembled box.  I visited three of these on the web: 
The OutletPC systems did not meet my needs.  Hoping for the quickest delivery, I configured a system from PortaTech, as follows:
  • Thermaltake Showcase mid-tower case.
  • Intel Core i7 6700 Processor 3.4 GHz, four cores, eight threads, 3400 GHz.
  • 16 GB memory, DDR4, 2133 MHz.
  • Asus H170 Pro motherboard, 6 SATA ports, one additional M.2 PCI Express (PCIe) disk port, lots more. I'm not yet sure if this means it will support 6 disks or 7.
  • Quiet Cooling Package.
  • 700W power supply.
  • 14x Blu-Ray writer (BD/DVD/CD).  The 16x was not available on the web site.
  • No disks.  I have plenty, from the old system.
  • No Graphics card (yet) - the CPU includes graphics.
The new bare bones box arrived promptly. At a modest extra cost, they built and shipped it by second-day express the day after they received the order.  Since my main machine was down, that was very cool.

My first surprise was the Thermaltake X31 Showcase case itself.  It is two inches larger in all of the three dimensions than the old Antec box holding my first computer.  Happily, I do have space for it.  It was slightly over-advertised on the PortaTech website, though (now fixed), and it came with only three of the six disk trays. The left-side rack has capacity for three disks, and oddly, there is space on the right side of the bulkhead for three more, but it is nevertheless supplied with only three trays.  

As the case arrived, more or less
Since the right side has no air circulation, and I had no more trays anyway, I asked the PortaTech people for a solution, and they responded by supplying another 3-disk rack, with trays, for the left side.  These racks are stackable (nice!) and there are now six hard disks mounted there, all of which can be connected to the mobo at the same time if the BD drives are not connected.

Both side panels of the X31 are removable, and in fact it is quite necessary to remove the right-side panel to do anything at all with hard disks.  It does come with mounting brackets for two 2.5-inch (laptop) disks, but I don't have plans for those just yet.  In my experience with many computers I have never had a 3.5-inch drive fail (though they ALL will eventually), but most of my laptop drives have failed, and we do not abuse our laptops. Maybe I could use these brackets for SSD drives someday? I suppose that's what they are for, but I have another idea for an SSD drive.

I should have done a little more research on the case before specifying it in the order, but it's very sturdy, well designed otherwise, and I'm warming up to it.  In particular, the buttons, lights, and USB ports are on the top in the very front, front, rather than the front panel, and if the case sticks out from user the disk by an inch I can see them easily.  Especially nice to see the disk activity light sometimes.

Next - Other additions to the hardware.

Saturday, March 5, 2016

VeraCrypt Review

It works!  I recently switched to VeraCrypt from TrueCrypt, because TrueCrypt is now unsupported and rumor has it that technology was making TrueCrypt less and less secure.  I do not use Partition/Device encryption or System encryption, only Volume Encryption, meaning that specially-created "container" files in the normal unencrypted Windows environment are mounted as encrypted volumes exactly as if they were separate, encrypted disk drives.  I keep my personal and business files there, and I do it this way because it is simple, because backup of those container files is trivially easy, and because there is zero risk of a complete failure.

If you want to know more about Partition/Device encryption or System encryption, the information in this post may not help you.

A year ago I wrote about TrueCrypt Forks. I didn't like VeraCrypt then because it took a very long time, a minute or more, to open a container after entering the correct password.  This was by design - the VeraCrypt developer, Idrassi, by default uses hundreds of thousands of iterations in the key derivation function, contending that it helps protect against brute-force attacks, where a computer is automatically trying billions of password guesses.  He is right - this method of attack is becoming faster and more effective as computer power increases and multiple processors can be brought to bear.  However, I open and close encrypted volumes frequently and the defaults pushed my patience too far.

Happily, the current version of VeraCrypt, Release 1.17, offers a compromise:  If the password is 20 characters or more, VeraCrypt allows the user to bypass the defaults and choose a lower number of iterations by specifying a Personal Iteration Multiplier (PIM).  The minimum multiplier of 1 will still result in an iteration count 8 to 16 times greater than that used in TrueCrypt, with a very short delay, whereas multipliers in the range of 10 to 100 will increase security but will cause somewhat greater delays.  Those delays might still be acceptable, depending on the speed of the processor. I experimented with several different PIM values.

The PIM is a secret value, chosen when the container file is created, and it must be entered correctly as a separate parameter when the password is entered to mount an encrypted volume.  Therefore, though the PIM may be used to reduce the iteration count and make a brute force attack easier, it also effectively increases the password strength, making the attack more difficult again.

I use passwords of 20 characters or more anyway, so the PIM is a perfect compromise.  During the process of creating new volumes I did have to wait through some long delays, but now that the volumes are created and in place, the delays are quite acceptable.  PIM works.

Also interesting, VeraCrypt can actively coexist with TrueCrypt on the same system, running at the same time.  I created new VeraCrypt containers and copied the encrypted contents of the old mounted TrueCrypt volumes directly into the mounted VeraCrypt volumes with no problems.  During that process, none of the encrypted files were ever decrypted on disk.  That's cool - no disk wiping required.  Actually, VeraCrypt can mount most TrueCrypt volumes (though not my oldest ones), so the applications might not have to coexist, but it was slick.

I rarely use the TrueCrypt or VeraCrypt console, instead using command-line scripts (cmd.exe processor) to automatically mount and dismount volumes, create backups of volumes, copy volumes to the cloud and to other computers, and more.  Every script that worked with TrueCrypt still works with VeraCrypt, after just changing the run path.  It just works, no errors, no problems.

For a thorough, functional test I uploaded a 3 GB encrypted container full of files to the cloud, using both iDrive and CloudBerry, then downloaded that same file back to the desktop.  Using Microsoft's comp program, the files compared exactly with the original in each case.  Also, in each case, the downloaded encrypted container opened without issue, the true proof that the file was not corrupted.

I use VeraCrypt on two computers, a desktop and a laptop,  The desktop runs a clean install of Windows 10 (it once ran Vista), and the laptop runs Windows 10 upgraded from Windows 7.  Both have plenty of RAM and disk, with dual processors in the 2 - 3 GHz range.

My congratulations to Mounir Idrassi, the force behind VeraCrypt.  I'll be making a PayPal donation to the cause.

By the way:  I also downloaded CipherShed, intending to compare it with VeraCrypt.  However, the CipherShed installer informed me that I would have to uninstall TrueCrypt first.  Since I want to keep TrueCrypt around, I did not install CipherShed.

Wednesday, June 17, 2015

Cloud Backup Review, IDrive vs Cloudberry

My desktop running Windows Vista Ultimate is already backed up thoroughly by a command-line script that I start every night when I go to sleep.  The script shuts down certain processes (e.g. FTP server, open TrueCrypt volumes, KeePass password vault) and copies all important files to other local hard disks.  

I also need a cloud backup, though, in case of a disaster like a fire, flood, theft, vandalism, sinkhole, asteroid, apocalypse, whatever, because all of my hard disks are in the same building.  A close friend did have a fire and lost everything. What the fire doesn't get, the filthy, soaking, ash-filled water does.  In my view everyone needs a cloud backup these days, and maybe it's the other local disks that are unnecessarily redundant.  I have 62,000 files to upload, totaling 7+ GB, including a 3GB TrueCrypt volume file.

Because I already have a time-tested command line backup script, I want my cloud backup to fit in and be part of it. At the least, the script should be able to start the cloud backup from the command line, know when it's done, and preferably log any errors that occur.  Then, when the cloud backup is done, the script can perhaps do other cleanup tasks and shut down the computer, or put it to sleep, or get going on other things that it needs to do.

At least two cloud backup offerings seem to have a sufficiently robust command-line interface and with "chunk" backup capabilities (more later): IDrive and CloudBerry.

IDrive is a complete backup solution, offering an installed application program, a web-based interface, a command-line interface, and storage.  Backups are physically kept on IDrive's own web servers.  The Basic Plan is FREE, with 5 GB file storage space and another 5 GB of "sync" space (files kept automatically in sync.).  You can also get "credits" for referring IDrive to others.  


I did that and used the free plan for my 7 GB for a whole year, before something failed and I needed help.  Since then I have upgraded to IDrive Personal, with 1000 GB of storage, which cost me $39.95 for the first year.  That's not expensive, and it's my impression that cloud backup prices are going down, so I doubt that cost will go up much.

Features important to me:
  • Incremental backup is standard, of course.  Only new or updated files are sent to the cloud.
  • "Chunk" backup for large files allows backup of only the parts of the file that have changed.  Automatic in IDrive.
  • Command line interface.
  • Data transmission and file storage are both encrypted.
Concerns:
  • The IDrive Application program failed this month, and I was unable to get it going again without help.  The online chat support did the trick, but the technician went so fast that I was unable to see what s/he did.  I believe that s/he changed permissions in c:\Program Files (x86)\IDriveWindows and c:\ProgramData\IDrive, then did something with the VSS Service.  I asked the tech what s/he did, and got an answer like "fixed your computer," for which s/he gets a "D" for customer communication.  My concern is that it may fail again after some Microsoft update.
  • The command line interface utility that comes with the newest IDrive download doesn't work on Windows.  Log in fails.  I use an older one that does work.
  • For file encryption, you get a choice of a default key or a private key.  A year ago I chose the default, but suddenly this month the program demanded my private key.  Since I didn't have one, my data was lost and I had to upload the whole 7 GB again.  Now I do have a private key, but will it always work?
Validation:  After the most-recent backup I downloaded the 3GB Truecrypt container file and compared it bit-by-bit with the original here, using the comp utility.  There were no differences.  Further, I was able to open that downloaded file with TrueCrypt, highly unlikely if the file was corrupted at all.

CloudBerry is a front end application program for use with any number of cloud storage space vendors.  Its most robust implementation, though, is with Amazon S3 storage, and that is how I am using it because I need some features only available with Amazon S3.  For desktop (or laptop) use, there is a Freeware version called CloudBerry Explorer which does have some command line functionality, but I don't know how much, and I don't know if it handles "chunks."

I am have just purchased CloudBerry Backup (for Windows Desktop), a "Pro" version, for $29.99 plus $6.00 for an annual update service.  I'm happy to pay that. The Amazon S3 storage cost is trivial for my 7 GB:  The first 5 GB is free for 12 months, and prices thereafter are 3 cents per GB per month, at most. That will be $0.21 per month, or less than $3.00 per year. There are also transaction fees (for GET and PUT requests).  In this first month my Amazon S3 bill is so far $0.34 (34 cents), most of which is transaction fees for the initial upload of files.  I'll be happy to pay the Amazon costs too.

Features important to me:
  • Incremental backup is standard, as with IDrive.  Only new or updated files are sent to the cloud unless a full backup is specifically ordered.
  • "Chunk" backup of huge files is available with Amazon S3, and it is possible to configure the size of the chunks.
  • Command line interface.
  • Data transmission and file storage can both be encrypted.
Concerns:
  • Amazon S3 is complicated, and you have to sign up for that separately.  I recommend sticking with as many defaults as possible.  I tried Google Cloud too, and it is simpler, but fewer features are available.
  • The CloudBerry command line interface CBB.exe has many, many commands, a confusing array in fact.  Further, when starting a backup with a pre-existing backup plan, CBB simply starts another program, CBBackupPlan, and then quits, so the batch script can only know when the actual backup is done by looping, waiting for CBBackupPlan to disappear.  I'll be happy to supply that code or the whole script if anyone wants it.  It's all in CMD command line language.
  • When performing a backup, the progress reports on the screen are mostly nonsensical.  It pulls up a list of 1000 files are a time, and sort of tells you how it's doing with that 1000. The Overall Progress bar shows about 33% most of the time, for some reason.  The backup works, so it doesn't really matter, and it does show a count of files uploaded, so if you know how many there are, you can figure progress yourself. 
Validation:  I have several times downloaded the 3GB Truecrypt file and compared it with the original from my computer. There were no differences.  Further, I was able to open that downloaded file with TrueCrypt, highly unlikely if the file was corrupted at all.

Some speed comparisons:

First, I am using a DSL connection to the internet, with 26Mbps download and about 0.9Mbps upload.  
  • For both CloudBerry and IDrive, the upload time for my full 7GB is almost a day. I hope not to do a full backup very often!
  • I have one 3GB encrypted file which downloads in 21 minutes with CloudBerry and 71 minutes with IDrive. Big difference.
  • Smaller files download in no time, of course, and both providers make file selection and destination selection easy.
  • Daily incremental backups take about 9 minutes with CloudBerry and 21 minutes with IDrive. Also a big difference, but I'm asleep anyway.
A SERIOUS CAUTION ABOUT CLOUD BACKUP:  If you end up needing it, you will be required to supply passwords.  In the case of Cloudberry, for example, you may need a password to access the CloudBerry program on a new computer, and if you use Amazon S3 services for storage, CloudBerry will ask you for a lot of information.  You will need your Access Key ID (long), your Secret Access Key (longer yet), the Encryption Password, and possibly the name of your Amazon S3 Bucket.  

For any other storage provider you will need similar information.  For IDrive you need at least the IDrive Password, and also the Private Encryption Key if you have chosen your own.

Obviously, it's no good backing that stuff up on the cloud with everything else!  It's inaccessible.  These passwords and keys will not change often, and you should have them offsite, far away from your computers.  I keep mine on a gold archival DVD in a safe deposit box.  A thumb drive might be more convenient in the future, but there are folks who believe that thumb drives are not a good archival medium.  My next computer will have a Blu-Ray (and DVD/CD) drive anyway. But I might keep a thumb drive in the safe box too, as backup.  :-)

Just sayin'