Dave's Tech Blog
A Third Eye on Technology

I came across an article in Network World magazine that goes over five common Internet scams and thought this needed to be shared with everybody.  Please click here to read the article.

I was just browsing Ubuntu Forums recently and someone wanted to get a second opinion to see if it were indeed true that Linux doesn’t need anti-virus software.  I humbly obliged them with my own answer on the matter:

You don’t need anti-virus for Linux. Others in here will do a better job at explaining why this is, but in short, the OS has a big advantage here due to it being open source. The operating system is a product of crowd-sourcing, much in the same way as Wikipedia has been since it first showed up several years ago. And much like the highly-moderated articles of Wikipedia that require membership and an approval process for changes made to locked articles, so to is a strict moderation that goes on with the source code for Linux before it’s allowed to become part of the official distribution. Everybody is out to identify possible flaws or weaknesses or bugs in the source code and it’s much easier for any single person to make a contribution because the OS and much of the software that runs on it is open-source.

In Windows, the users don’t have the luxury of being able to dig through the source code to look for flaws. All they can do is report symptoms of problems to Microsoft, and the limited number of paid programmers that do have access to the source code then have to decide what flaws are the most important and which ones don’t merit their attention. So with Windows, a bug that affects only 500 people won’t be as important as a bug that affects 500,000 and probably won’t be fixed at all. But if it were Linux and if just one or two of those 500 people were a programmer who had access to the source code and figured out how to fix the problem on their own, the other 498 would actually stand to benefit from a patch that ends up being released thanks to the work of that one developer who had some spare time on his hands and decided to do something about a bug simply because he could.

So throughout the long life of Linux there has been this much more diversified, seasoned, multi-cultured source for development feedback that has helped to make it a much stronger, more “mature” operating system, especially in terms of the way security was designed. If there was ever a person out there who found a way to circumvent that security, there is at least one other who knows exactly how to repair the flaw. The reason viruses are able to best Windows is because their developers can only patch so many holes, and the ones they don’t have time to get around to end up being exploited the most. Third-party software developers that make Anti-Virus software make a killing because Microsoft is unable to handle this responsibility all by themselves, and even still, the best anti-virus software isn’t perfect.

The reason anti-virus software isn’t necessary in Linux is simply because the OS and its updates that patch vulnerabilities do the exact job anti-virus software in Windows is meant for: Prevent unwanted, malicious software or network activity from compromising the system. If there were a flaw in Linux found that allowed something like that, it wouldn’t be the job of some third-party software to safeguard the user against but the job of the OS itself. The reason anti-virus software even exists is simply because Microsoft is unable to handle the immense work load of patching their own source code as well as a crowd of Linux geeks can.

Am I saying Linux is perfect and invincible to viruses? Might it become more susceptible to viruses in the future if it were to ever become as popular as Windows is today? I would think that with an increase in the number of users would also come a complimentary increase in the number of clever developers that would only help to increase the number of eyes available to find flaws and fix them. Saying that Linux would get a lot of viruses down the road because more people are going to use it is like saying Wikipedia will become rife with widespread, uncontrollable vandalism because more people visit it. It hasn’t happened yet, and very likely never will happen because of the way it is designed, moderated and improved upon by the hive mind.

EDIT to add: As mentioned in the first comments below, I failed to acknowledge that while Linux is more robust in the area of security, nothing can compensate for the weakest link in this arrangement:  The User.  A novice user could easily be enticed by a sinister website  that tells them to download a deb file which might contain malicious code and absentmindedly install it or execute a destructive command from the terminal window because they didn’t know any better (like rm -rf ~/*).  Fortunately for novice users there is little if any need to actually venture out into uncharted territory like a terminal window or strange websites to get software, thanks to the official repositories that contain a HUGE collection of software which continues to grow.  I’ve even heard you will soon be able to purchase proprietary Linux-based software through it.  Unfortunately, little can really be done to compensate for user negligence, and trying to compensate for all possibilities would likely result in too many annoying alerts and prompts for the average user (like when Windows Vista sprang the UAC on its users).

There are only a couple of circumstances that I believe anti-virus software on a Linux platform would might be worth having which involve helping to protect other Windows systems.  Say you got an email from someone that contained a virus but you never knew it was there and forwarded it onto someone else who uses Windows, resulting in their day being ruined and you being blamed.  So that’s one scenario.  You might also have a Linux server administrating a network of Windows based workstations which you have read/write access to and use the server to conduct scans of these machines over the network, but at the expense of finite network bandwidth and CPU cycles on the server.

(Special thanks to this blog post for showing me how to get this working finally).

About 2 months ago or so I read the tutorial in the above link to help get my fingerprint sensor setup in Ubuntu.  The problem was that it left one simple instruction out:  Paste a line of  text AT THE TOP of a config file (and not at the bottom like I did).  The mistake has been corrected and I’m happy to say my finger print sensor is working in Ubuntu 9.04.  Based on the directions from the the link above, here’s how to set it up (these instructions are meant for version 9.04; see the above link for instructions for 8.04 and 8.10):

Step 1: Click Applications>Accessories>Terminal and paste in the following command:

sudo apt-get update && sudo apt-get install aes2501-wy fprint-demo libfprint0 libpam-fprint

Step 2: Still in Terminal, paste in the following text:

sudo gedit /etc/pam.d/common-auth

This will open a text file called common-auth in Gnome Text Editor.  (Here’s where I screwed up last time).

Step 3: If you want to use both the password and the fingerprint to authenticate (more secure) add at the bottom:

auth required pam_fprint.so

If you want to use either the fingerprint or the password to authenticate (i.e. completely bypass the password through the fingerprint) the following string must be placed at the top of the file:

auth sufficient pam_fprint.so

Once pasted, save and close the file.

Step 4: Press Alt-F2, type “fprint_demo” without the quotes and press enter.

This will launch the fingerprint utility that you can use to enroll the finger you wish to use for future authentications.

That’s basically it.  Special notes:

• If you happen to screw something up in the config file by mistake and lock yourself out of your PC by accident, you can boot into Recovery Mode from the GRUB boot menu to access a root command prompt and edit the above config file using nano (nano /etc/pam.d/common-auth).
• Not all login screens are compatible with this feature.
• To test your finger print in fprint_demo, click on the verify tab at the top and use the verify button to compare an enrolled fingerprint to another finger (or the same finger) and you’ll see the difference.

As of Ubuntu 9.04, I’ve noticed the following quirks:

• Often you will not see an on-screen prompt asking you to swipe your finger across the sensor if the system is waiting for it.  Examples include the login screen, running Update Manager or Synaptic Package Manager, and otherwise most other programs that required your password to run them.
• The only actual on-screen requests I’ve seen so far is when you are unlocking a screen-saver, or are running a program with sudo privileges in a terminal window.

I don’t normally pass along virus alerts because they are often outdated and obsolete, but this one is strait from my IBM inbox.  You may have heard about a virus that is set to strike on April 1st in the news recently.  It is called Conficker.C and you can read more about how it works by visiting these addresses:

http://en.wikipedia.org/wiki/Conficker
http://mtc.sri.com/Conficker/addendumC/

As stated in the links above, the virus takes advantage of a buffer-overflow vulnerability of certain server services on Windows based machines.  Microsoft issued an update (MS08-067) for Windows 2000 SP4, XP SP2 & SP3, and Vista to patch this hole back in October of last year. So if you have installed all available Windows updates you should be fine and not need to worry.  It is highly recommended you install all available updates if you have not done so lately.  To force your PC to check for available updates, click Start>All Programs>Windows Update and follow the on-screen instructions.

If your computer is directly connected to the Internet it is advised that you have a quality software firewall installed and blocking unexpected inbound traffic.  A comparison of free firewall software can be found here:  http://www.techsupportalert.com/best-free-firewall.htm

In addition you should also have a quality anti-virus software solution in place.  Any of the following will suffice:

• CA Anti-Virus
• Symantec Anti-Virus
• F-Secure Anti-Virus
• Panda Anti-Virus
• Kaspersky Anti-Virus
• McAfee Anti-Virus
• BitDefender Anti-Virus

I personally recommend  AVG Free Edition

In summery:

• Be sure to apply all available updates for Microsoft Windows
• Ensure you have some form of firewall blocking unwanted network traffic
• Install a quality anti-virus solution

Now lets all have a happy April Fools day!

I would have made the title of this post “How to remove the Keyring password manager in Ubuntu Linux” but that’s kinda long…  Anyway, you might be wondering what the keyring password manager is.  It is a built in feature of Ubuntu that remembers passwords for things like FTP account logins, Evolution Email accounts, your wireless network authentication passwords, etc., and locks them all behind a kind of Master Password of sorts.  So for example, lets pretend that the password for your wireless network was 64 characters long and was just a bunch of random numbers and letters that you’d only be able to remember if you were some kind of freak savant mathematician.  The keyring password manager would remember this for you, but will only allow the system to access and use that long password after you grant it access to the keyring.

As nice and handy as this might sound to security buffs, it’s struck me as a minor inconvenience.  For starts, if I were to configure Ubuntu to automatically login to my account after I turn the computer on, I would then also be asked to type in my keyring password so it would connect to my wireless network.  This becomes a bigger problem if, for instance, I were to connect to my computer remotely and had to reset it for some reason, like applying a recent kernel update.  The snag there would be that after restarting, my computer would boot up, but since I’m not physically sitting in front of it, it would sit there waiting for me to enter a keyring password before it would reconnect to my wireless network, and I’d have to go home or ask someone else to type in the password for me.

So what I’ve always wanted to have happen is this:

• I start or restart the computer by remote (such as through SSH or VNC).
• After booting it automatically logs into my account and connects to my wireless network without asking for any passwords along the way so I can VNC right back into the system with no further trouble.

I’ve finally learned how to do this, and it’s stupid easy to do.

There is of course a few security drawbacks about doing this.  For starts, if any person were to gain physical access to my machine they’d be able to connect to my wireless network without needing to enter a password. Then again, if someone I don’t trust has somehow gained physical access to my machine I might as well go ahead and consider it to be compromised.

Now, if the PC were in an office with a bunch of random co-workers always around, I’d be a lot more concerned.  If that were the case, I’d have that puppy locked down with a power on password, disable booting from the CD-ROM/Ethernet/USB in the BIOS, perhaps have a GRUB password and be working with an encrypted HD partition, and of course auto-login would be disabled so I would be required to enter anywhere from 2 to 3 different passwords just to login to the system.  But this thing is in my house behind two large dogs and a dead-bolt locked door, functioning as a server that requires a password for me to access it by via SSH or VNC anyway.  So for this particular PC, I see little harm in opting out of using this security feature.

So here’s how you get rid of the keyring manager.  Please note this will erase saved passwords you have so be sure you know or remember them before you make your computer forget them:

1. Open up your Home Folder by clicking Places>Home Folder
2. Press CTRL-H (or click View>Show Hidden Files)
3. Find a folder called .gnome2 (it has a period at the beginning of the name) and open it by double clicking on it
4. In side of the .gnome2 folder, there is another folder called keyrings.  Open it up.
5. Delete any files you find within the keyrings folder
6. Restart the computer

After you restart and login (if you’re automatically logging in) you’ll probably be asked to enter your wireless networks WPA/WEP encryption key.  After you type that password in, the keyring manager will appear to let you know that it would like to handle the storage of that password and lock it away with a new keyring password.  The box looks like this:

Instead of typing in a new password, leave both boxes completely empty and click Create.

You’ll then be asked if you know what the hell you’re doing:

Go ahead and click Use Unsafe Storage.

WARNING: Doing this creates a new file in your ~/.gnome2/keyrings/ folder called default.keyring and it will now house passwords IN CLEAR TEXT and not in an encrypted form.  So it is imperative that you are certain no untrustworthy persons can access your user account (either physically or by remote) or they will be able to easily open and read this file and obtain many passwords (for things such as FTP accounts, SSH, e-mail accounts, etc).  Proceed with caution.

From here on all keyring stored passwords you enter will not safeguarded behind a master password or encryption.  Whether or not you want to do this is entirely up to you.  I personally have had enough of the keyring manager and consider it kind of annoying.  But as I said before, you may have certain environmental factors that make having a master password over the rest of your passwords a good idea.  Keep in mind that the keyring password manager has absolutely nothing to do with your administrative/root privilages password that has to be entered any time you want to apply updates, or add/remove software.  You will still have to type your account password in for these actions, and that is something I am quite comfortable with. I’m just happy I don’t have to have to ask my girlfriend to type in a keyring password every time I want to restart the computer while I’m away from home.

As much as it would probably sooth the stiffness in my neck and shoulders from doing busy work inventorying computer equipment today, I’m going to try to not turn this into a sarcastic sounding slam against Microsoft… although they damn well deserve it.

I’ll just keep this very short.  Internet Explorer has once again dropped the ball in the realm of Internet security and it’s something that’s been present for over 48 hours already.  You can read about the problem via BBC’s website by clicking here.

The article states in bold letters at the top, “Security experts recommend switching to a rival browser until the problem is fixed.”  Need a rival web browser?  Download Firefox at www.firefox.com.  It’s free, faster and much more secure than Internet Explorer ever will be.  Seriously.  Why is it more secure, you ask?  Because it’s open-source, just like Linux.  But again… don’t wanna turn this into a “Microsoft sucks” bashing post.

Also, on the side, I should mention that I’ve see a LOT of Windows systems get hit with viruses in the last 3 weeks, a good chunk of which have come in from emails on Facebook.  Which isn’t to say that Facebook is bad.  It just doesn’t have much of an effective spam filter or virus scanner built into it.  You would think that after a few people have recieved the same spam from their friend whose computer was compromised, they’d start filtering messages with the same links, the same stupid subject line, and all the rest that comes along with basic social engineering-based viruses.  It’s what Yahoo and Google do.  So to you Facebook/Myspace users out there (and everyone else who doesn’t uses these services), be VERY cautious about clicking on links to websites you’ve never visited to before in email sent to you by a friend.  They may not have actually sent you something.  In fact, it’s possible their account password was phished, changed, and their account used as a lauch pad for spreading the same infection to other people (like you).  So be careful.

I came across a funny screenshot today that provides a pretty clear example of how social engineering is used to con people (in this case, Windows users) while browsing the Internet (click for full size):

Clearly, this user is not running Windows XP but Ubuntu Linux.  Yet with their pop-up blocker disabled in Firefox 3, a malicious website presents a window that mimics a “real” warning.  But it’s actually a trap.  This is probably the most common reason viruses find their way into Windows systems — by exploiting a users lack of expertise and susceptibility to intimidation on a technical level.  So fair warning to you Windows users out there.  Fortunately for our Linux user, he’ll just laugh and close this window.  If you’re a Windows user and you see an alert like this, you should close it too (but run a virus scan using something like AVG immediately afterwords).

In my previous blog, I wrote about staying at Holiday Inn and attempting to use their wireless networks to give my girlfriends’ Nintendo Wii access to the Internet.  Gateway access to the Internet is not typically granted until you click on a button that binds you to terms of usage.

Well, it turns out the Wii itself is causing quite a bit of mystery.  Spoofing it’s MAC address, I was able to get the agreement page to re-appear on my laptop.  But after shutting Backtrack down and trying again, the Wii still couldn’t gain access to the Internet for some odd reason.

I went ahead and contacted their IT department and within a couple minutes, they had granted the MAC address of the Wii access to the Internet.  Yet it still doesn’t work.  Which… doesn’t exactly surprise me, especially after the IT guy told me I was the first person to attempt to connect a Wii while staying at a Holiday Inn.  We sat on the phone for about 15 minutes testing and testing, power cycling and testing again, but the Wii wasn’t doing anything except giving up.  It would seem that the IT department and myself are both stumped about this.  So for the time being, the spoofing tutorial is useless.  But still, it was a fun experiment.

In the meantime, I’m going to sit down with Google and see if I can find an alternate solution.  If I find one, I’ll be sure to write about it here.

My girlfriend works as a manager for a major restaurant chain that has a catchy theme song about ribs. About a month ago, one of the restaurants located in a city about 50 minutes west of where we live lost three managers. I’m not very clear on the details, but I understand two walked out without giving advanced notice (why oh why, I wonder) and a third was fired for breaking a serious policy (I mean a federal law, but its been dealt with). As a result, the place is essentially in a state of needing emergency life support. They’ve called upon my girlfriend to help pick up the pieces (hopefully with the intention of letting her go someday, and not use this as an opportunity to coerce her to stay permanently). So far, she’s been scheduled to stay through till the end of July, and this was a very recent revelation on the part of her boss. I would not be surprised if “the end of July” becomes “the end of August” sometime soon.

Fortunately she is being put up in nice hotels (which I would imagine is coming out of her bosses bonus checks this year, and that sort of makes me feel a tad bit better about the whole long-distance relationship mini-drama). But there are many days I can’t stay with her, and spending time in a hotel alone can get really boring after a month or two or three (hopefully not four, but I’m a little pessimistic at this point).

Holiday Inn’s WiFi Meets Nintendo Wii

One of the things my girlfriend purchased before this stretch of work was delivered to her was a Nintendo Wii. I showed her at my house how to configure the wireless network connection settings and talked her through it over the phone when the time came. But for some reason, it just wouldn’t connect. By “connect”, I don’t mean wireless association followed by authentication (which, in this case, means nothing because the network does not use encryption). What I mean is, you’re not granted gateway access to external IP addresses until you’ve clicked on a link indicating that you agree to certain legal usage terms. Once you click the “I agree” button, you are then given full access to the Internet.

What the Nintendo Wii is trying to do is phone home (access Nintendo’s servers) immediately after it’s assigned a default gateway with the assumption that the gateway is not blocking traffic to external IP addresses. If it were to ping the gateway, it would likely get a reply. Any other site, nothing. The Wii assumes your router to be working, but the cable modem is broken, so it gives up and asks you to try a different network.

Since I’ve already agreed to a certain group of usage terms I shouldn’t be required to click “agree” again so as to personally access the Internet. But it’s the MAC address that acts as my identity, more like a name-badge, and the MAC on the Wii will be different from the MAC on the laptop. Your MAC address is a hard-coded number used to uniquely identify your wireless networking adapter. No two MAC addresses are said to be the same. So at first, it would seem there’s nothing I can do with the Wii to get it to connect to the Internet… Or is there?

What can be done about this?

There are a couple solutions. The first is to contact customer service and see if they can get their IT guy on the phone. I would then ask him if he could manually add the MAC address of the Wii to their routing tables and grant the device access. For some, this would be the simpler solution… though your mileage may vary. How long do you think it would take? Because I really don’t feel like placing bets on them being immediately available. I’m just telling you right now that the IT people at this particular hotel are not very advanced. The reason I say this is because the channels they picked for their 3 routers are all within the same frequency range (channels 1, 2 and 3) instead of spread out (channels 1, 6 and 11). In other words: They’re not very professional. Bandwidth is being lost because the routers are overlapping each others frequencies, and this is basic wireless network design technique we’re talking about here.

The other solution is to trick their wireless networks into thinking my laptop is the Wii and click “I agree” a second time, and then disconnect. I would do this by changing the MAC address of my wireless adapter. This is what is known as “MAC address spoofing”, the act of using a networking device to appear to be another (not to be confused with a “spoofing attack”, because we’re not going to attack anybody). Not all networking devices can do this. I happen to be using one that contains an Atheros chipset (it’s a D-Link WNA-2330 to be exact), which can be made to do anything I want it to do in the world of Linux. (Another blog I’m going to write in the future about Wireless Adapter hacking is turning my laptop into a Wireless router, and then share my cellphone’s Internet access wirelessly).

The Trick

I intend to use a copy of Backtrack 3 beta to carry out this little experiment. But it’s late, I’m away from home and have to download a fresh ISO and burn it to a disc first before I can try this out. By the way, spoofing a MAC address can be done in Windows, but I’m not going to write about Windows software that does this in here (because I’m lazy. But if you’re really curious, google can help).

In Backtrack (or even Ubuntu if I install the MadWifi drivers, which is not as easy as burning a Backtrack Live CD) the commands to change the MAC are as follows (reference link):

• wlanconfig ath0 destroy

You can use any mac address you like. In this example: 00:11:22:33:44:55

• macchanger -m 00:11:22:33:44:55 wifi0
  
• wlanconfig ath0 create wlandev wifi0 wlanmode managed
• ifconfig wifi0 up

After this, I can just use a plain old connection manager to connect to the network.  I could also use this command to do it manually:

• iwconfig ath0 essid [NetworkName] key [WepKeyHere]

Pretty simple. Note though that if your card uses a chipset other than Atheros, you might not be able to do this with your card, and the first command “wlanconfig ath0 destroy” might be slightly different (like “eth1″ for instance), depending on the device name Linux assigns your wireless adapter.

Isn’t this a little extreme?

If by “extreme” you mean “illegal”, the answer is no. Spoofing doesn’t become illegal until you use it in to acquire private information you’re not supposed to have access to (which requires a lot more work anyway). The Nintendo Wii is flawed in that it doesn’t included a web browser with it by default, and even if it were installed, it wouldn’t believe it was actually able to connect to the Internet. Perhaps I’ll send Nintendo a little suggestion so they’ll release a patch in their next update sweep. Though it surprises me that they’ve not encountered this problem, considering they sell Nintendo Wii carrying cases for smug Wii-owners to take their Wii’s to their non-Wii-owning friends’ house so they can show it off over and over… though this probably doesn’t take place in nice Hotels with moderate network security in place. And Nintendo would probably ignore me because they charge people to buy their web browser (you have to be able to download it from their servers anyway), which is required to agree to view Holiday Inn’s agreement page.

So I suppose the next best place to put the blame is on Holiday Inn….and we know that IT guy isn’t in the mood to revamp company policy (and I can’t really think of an easy solution, other than unblocking the MAC). You see, it becomes this dilemma of, “Just how out of my way should I have to go?” If I had a backtrack CD with me right now, I’d hopefully be able to solve this problem in 5 minutes. To me, that’s the opposite of extreme. I’d call it practical (for me). For most people, they’re either stuck with a design flaw in their game console, or hotel Internet policies that were not designed to accommodate these kinds of dumb devices.  Quite a double-bind we have here.

Well, I’ve got some sleep to get… At least they have nice pillows here and the bathroom sink is to die for!

A client of mine recently wiped his computer clean when they accidentally initiated a destructive recovery via the F10 key during POST. This caused their hard drive to be formated and their OS to be reinstalled as it was when it was originally installed at the factory. The lost files on the system were not recoverable, and the only alternative would be to have an advanced data forensics lab extract the old data off, the cost of which could go up as high as a couple thousand dollars.

There are some simple things you should get in the habit of doing if you want to decrease your odds of facing such a horrid situation as the one above:

Unplug your PC when there is lightning outside

I shouldn’t have to tell people this, but some of you uber-nerds out there think that the bigger their basement-computer-bedroom-cave-hermit dwelling is, the more invincible they are. It’s not a matter of probability of being struck, but probability of surviving a lightning strike unscathed. Like the Black Knight from Monty Python.

Don’t let the price tag on that expensive Uninterrupted Power Supply fool you. Its purpose isn’t to safe-guard you from a lightning strike, but to sustain power to your PC in the event of an unexpected outage and to compensate for brownouts and power spikes. Lightning can still penetrate it and make its way to your computer. Once there, it’s up in the air how much damage it might inflict, and hard to diagnose the extent of damage after the fact. Every time I’ve seen a system that’s been hit by lightning, I’ve ended up having to tell people to buy a new computer, because so many parts were damaged in a split second.

Do what most people do during severe weather: Watch TV till the power goes out, grab a radio and flash light, salvage the remaining beer from the unpowered refrigerator, and hope for the best when you regain consciousness in the morning. Or whatever floats your boat.  If you have an Internet addiction like I do, use a wireless device like a laptop or a cell phone to get your info fix.

Backup to an external storage device

Here’s what I’ve got pictured above from left to right:

• An external USB hard drive. Advantages: Cheap for price per megabyte, easy to setup and use. Disadvantages: Subject to failure from old age after several years of use (see your warranty), and sometimes bulky (depends on how cheap you are).
• A USB Flash Drive. Advantages: Small, handy, convenient, instant plug-and-play capable (usually). Disadvantages: Must be replaced after about 250 uses, easy to misplace and lose (get a nice 4 dollar lanyard like I did). Costly if you have lots of data to backup.
• A cell phone with a MicroSD card. Same as the USB flash drive, but slower. The advantage is that it’s in your phone, and you probably aren’t as likely to misplace that thing.
• Network Attached Storage. Network attached storage is basically a “computer-less” hard drive that attaches to your local network (router) and shares hard drive space to other computers on the network. Advantage: Highest fault tolerance (there are multiple copies of files spread across hard drives, so if one drive fails, the file is not lost). Disadvantage: Expensive.

You can also backup data to external CD’s or DVD’s and keep them in a dark place. Doing so will keep your data safe for a long time. But it’s good to shed old storage media after several years of data sitting on them and move data to a fresher medium that is less likely to suddenly flake out unexpectedly.

You can also use software to automate backing data up. A good one is Amanda Open Source Backup. I’ll write more about it sometime in the future. But for now, you should consider using one of the external devices above and practice good habits to protect your computer and your documents from being lost.