If it's something sensitive, you could encrypt the file and attach it to a note.
You could, for a one-off. It's not a useful model overall though, where their whole model of simplicity and ease of use only works if you're taking the easy way out and sharing everything by default.
The problem I had with EverNote is that there are no encryption options. I'm less worried about availability since I back up important data, but why should they ever have anything other than a bucket of bits?
What you call "notes", the local prosecutor calls "evidence". Something you write that might seem totally harmless to you - "today I spent three hours daydreaming about putting bleach in my idiot boss's Diet Coke" suddenly becomes damning when presented out of context to a jury, after someone put bleach in your boss's Diet Coke and he wound up in the hospital.
I have been keeping a plain text log for the better part of two decades. They are just individual text files, one for each day, with titles like 2014-04-20_sue_party, a date and a quick description of anything unusual. The encryption mechanism has changed, but right now they are all stored on a Truecrypt volume. A vanilla search only takes a minute at most.
I'll chip in with a combination that works for me. This may or may not overlap with the OP, but YMMV. Anyway, I want to be able to have access to my data in multiple places, including mobile. On the other hand, I also expect a certain control over my data, including the ability to encrypt (and still have access).
Org-mode has some support for iOS and Android apps, including syncing to a central location via Dropbox or WebDav. Encryption is available too, using the OpenSSL command-line tool IIRC. WebDav is also supported by ownCloud, so the central sync point isn't DropBox and their snoopy new board member, but my own VPS elsewhere. Of course, one of the beauties of org-mode too is that in the end, the data is still plain text once decrypted, so the local copy is never stuck in an opaque format. If I'm concerned about my local copies' security, then that is in an encrypted volume.
The thing with hibernate is that it's capturing an image of memory, and storing on your disk. Handy when you want to wake up from really-powered-off, but also handy for anyone who wants to do a forensic analysis of everything in memory when it went to sleep. Ditto iPhone backups too IIRC, which is why (a) I don't use hibernate, and use sleep unless I'm expecting something invasive like going through US Customs where they apparently have free reign over your constitutional rights, and (b), iPhone backups are set to use encryption.
Powered off with no image written to disk is a good combination.
Well, unless it's based on a a free, open protocol that you can host yourself if required.
And you can easily get your data out of the system. Because if you cannot get your data, you cannot host it elsewhere.
That part at least is something that Google does put some work into. You can use Google Takeout to get quite a bit back, in a form you may conceivably use elsewhere. Not sure about Schemer specifically though.
Bah. This cranky old guy (with a *four* digit ID) agrees with Animats. Get your own domain, and control your own online presence, with as much or little mucking about as you like.
More seriously, your organization should have the ability to reset or disable any account you have there, so it's moot.Other specific knowledge should be documented anyway, but your accounts needn't be that critical.
Nope, horse-puckey. This would be the same PIN data that their PCI compliance *cough* would disallow from storing after authorization for a transaction, just like the CVV codes which I think also got nabbed. Now, it is possible that they were all captured "in-flight" and not being stored against the rules, but it is very much verboten to keep even with encryption.
Oh sure, this shouldn't be the common use case for backups. There's no reason it can't be a useful alternative. Personally, I am tempted to mail postcards covered in optar-printed labels all over the place, just to drive people nuts. Some of them would have to contain Goatse images, others, possibly random data.
Well, Debian Testing gets more frequent updates than Stable, but they are explicit about security patches being intended for the latter. That said, your desktop environment is most likely to get owned through a browser glitch anyway if it has a firewall up, so it may not be that unreasonable. It is nice to see that the latest Firefox came through in a timely fashion.
Please someone mod the parent up. An overcomplicated password that need password management software ceased to be a password ("something you know") and were turned into a token ("something you have"). If your Lastpass DB is corrupted, goodbye passwords.
As well, you can export your LastPass data to another file, say one that you keep on your encrypted backups. No need to slag a very useful tool for nonsense reasons. (disclosure: premium subscriber here)
I was using Mint 13 for a good while, and loving it, but have now switched over to the newest Mint LMDE version. This is based on Debian's testing respository, not Ubuntu, so is more of a rolling update model. This puts me back to an improved version of what I had with my old stock-Debian desktop, having added some "just works" niceties from Mint.
If you have a well of your own, you can (and should) "shock" it from time to time. Best done before you are going to be away for a few days, to let the bleach water hang out in your household water pipes too.
Use of IE6 indicates that you are most likely an unimaginative corporate drone, who is likely using his dodgy old browser to post for other jobs while at work. Obviously, he will continue to do the same if you hire him. Use of cache correlation techniques to assess what *other* sites he goes to is an exercise for someone who isn't in HR.
Puppy is ideal for this purpose. It's familiar-enough to look at and start a browser, and since it runs from RAM after the initial CD boot, has no reason to touch anything on disk. Power down to clean up.
If you're feeling extra careful, put this device on a separate network chunk that can't reach anything internal (except maybe a printer).
If you don't understand the application-layer issues which might be present in your programs, then you won't necessarily understand what the tools (whichever) are trying to tell you. Read and learn, grasshopper. You can get a ton of info from OWASP (http://owasp.org) for free, including some issue-specific "cheat sheet" pages. Next, buy the Web Application Hacker's Handbook. Really, do it now, or at least after you've read the OWASP stuff. It's in dead-tree and e-book versions, now second edition.
Tool-wise, go to portswigger.net, and download the freebie version of Burp Suite. It doesn't have the scanner portion, but you can proxy all your traffic through it, and see what happens when you twiddle all the things that might be twiddled. Buy the pro version (few hundred bucks/year) when you're ready for the other features. By then, you'll know why you want them. The author is Dafydd Stuttard, one of the WAHH book authors. Great support, helpful and responsive.
Oh, and the suggestions for Nessus, OpenVAS and Backtrack/Kali aren't bad, they're good tools. Mostly for the infrastructure-level things such as the operating system and known services which are exposed, though this does include your web server. They mostly won't tell you much about your one-off apps though.
We already get taught to not trust people, and they're familiar. As robot behavior gets more complex, it'll be more apparently mysterious, and harder to trust.
While formatting options make something like EverNote look interesting, I haven't yet found a must-have feature for me that negates the loss of control I feel over my info. I do like Pinboard for bookmarks, which I don't really treat as private, but most of the rest ends up in plain-text files that I can read anywhere. Combined with an encrypted file sync service like Wuala or SpiderOak, I feel 90% of the way there. I might end up adding Tiddlywiki in the same sync folders for items which need a bit more formatting though.
Personally, I briefly held a Hotmail address. While I hadn't been using it, my non-obvious, hard to guess address still received a significant amount of spam. It's pretty much a smoking gun that they're sharing things they shouldn't, whether they do something similar with content or not.
Slashdot Mirror
If it's something sensitive, you could encrypt the file and attach it to a note.
You could, for a one-off. It's not a useful model overall though, where their whole model of simplicity and ease of use only works if you're taking the easy way out and sharing everything by default.
The problem I had with EverNote is that there are no encryption options. I'm less worried about availability since I back up important data, but why should they ever have anything other than a bucket of bits?
What you call "notes", the local prosecutor calls "evidence". Something you write that might seem totally harmless to you - "today I spent three hours daydreaming about putting bleach in my idiot boss's Diet Coke" suddenly becomes damning when presented out of context to a jury, after someone put bleach in your boss's Diet Coke and he wound up in the hospital.
I have been keeping a plain text log for the better part of two decades. They are just individual text files, one for each day, with titles like 2014-04-20_sue_party, a date and a quick description of anything unusual. The encryption mechanism has changed, but right now they are all stored on a Truecrypt volume. A vanilla search only takes a minute at most.
I'll chip in with a combination that works for me. This may or may not overlap with the OP, but YMMV.
Anyway, I want to be able to have access to my data in multiple places, including mobile. On the other hand, I also expect a certain control over my data, including the ability to encrypt (and still have access).
Org-mode has some support for iOS and Android apps, including syncing to a central location via Dropbox or WebDav. Encryption is available too, using the OpenSSL command-line tool IIRC. WebDav is also supported by ownCloud, so the central sync point isn't DropBox and their snoopy new board member, but my own VPS elsewhere. Of course, one of the beauties of org-mode too is that in the end, the data is still plain text once decrypted, so the local copy is never stuck in an opaque format. If I'm concerned about my local copies' security, then that is in an encrypted volume.
The thing with hibernate is that it's capturing an image of memory, and storing on your disk. Handy when you want to wake up from really-powered-off, but also handy for anyone who wants to do a forensic analysis of everything in memory when it went to sleep. Ditto iPhone backups too IIRC, which is why (a) I don't use hibernate, and use sleep unless I'm expecting something invasive like going through US Customs where they apparently have free reign over your constitutional rights, and (b), iPhone backups are set to use encryption.
Powered off with no image written to disk is a good combination.
Well, unless it's based on a a free, open protocol that you can host yourself if required.
And you can easily get your data out of the system. Because if you cannot get your data, you cannot host it elsewhere.
That part at least is something that Google does put some work into. You can use Google Takeout to get quite a bit back, in a form you may conceivably use elsewhere. Not sure about Schemer specifically though.
Bah. This cranky old guy (with a *four* digit ID) agrees with Animats. Get your own domain, and control your own online presence, with as much or little mucking about as you like.
Great parody site: http://accidenture.com/
More seriously, your organization should have the ability to reset or disable any account you have there, so it's moot.Other specific knowledge should be documented anyway, but your accounts needn't be that critical.
Nope, horse-puckey. This would be the same PIN data that their PCI compliance *cough* would disallow from storing after authorization for a transaction, just like the CVV codes which I think also got nabbed. Now, it is possible that they were all captured "in-flight" and not being stored against the rules, but it is very much verboten to keep even with encryption.
I think the toaster OS is NetBSD.
Oh sure, this shouldn't be the common use case for backups. There's no reason it can't be a useful alternative. Personally, I am tempted to mail postcards covered in optar-printed labels all over the place, just to drive people nuts. Some of them would have to contain Goatse images, others, possibly random data.
Actually, fire safes are a lot better for paper than CD/DVD media, which will be destroyed faster than paper chars.
Well, Debian Testing gets more frequent updates than Stable, but they are explicit about security patches being intended for the latter.
That said, your desktop environment is most likely to get owned through a browser glitch anyway if it has a firewall up, so it may not be that unreasonable.
It is nice to see that the latest Firefox came through in a timely fashion.
Mint LMDE is based on Debian, with rolling releases. I've only recently switched though, but seems good so far.
Please someone mod the parent up. An overcomplicated password that need password management software ceased to be a password ("something you know") and were turned into a token ("something you have"). If your Lastpass DB is corrupted, goodbye passwords.
As well, you can export your LastPass data to another file, say one that you keep on your encrypted backups. No need to slag a very useful tool for nonsense reasons. (disclosure: premium subscriber here)
I was using Mint 13 for a good while, and loving it, but have now switched over to the newest Mint LMDE version. This is based on Debian's testing respository, not Ubuntu, so is more of a rolling update model. This puts me back to an improved version of what I had with my old stock-Debian desktop, having added some "just works" niceties from Mint.
If you have a well of your own, you can (and should) "shock" it from time to time. Best done before you are going to be away for a few days, to let the bleach water hang out in your household water pipes too.
Use of IE6 indicates that you are most likely an unimaginative corporate drone, who is likely using his dodgy old browser to post for other jobs while at work. Obviously, he will continue to do the same if you hire him. Use of cache correlation techniques to assess what *other* sites he goes to is an exercise for someone who isn't in HR.
Puppy is ideal for this purpose. It's familiar-enough to look at and start a browser, and since it runs from RAM after the initial CD boot, has no reason to touch anything on disk. Power down to clean up.
If you're feeling extra careful, put this device on a separate network chunk that can't reach anything internal (except maybe a printer).
If you don't understand the application-layer issues which might be present in your programs, then you won't necessarily understand what the tools (whichever) are trying to tell you. Read and learn, grasshopper. You can get a ton of info from OWASP (http://owasp.org) for free, including some issue-specific "cheat sheet" pages. Next, buy the Web Application Hacker's Handbook. Really, do it now, or at least after you've read the OWASP stuff. It's in dead-tree and e-book versions, now second edition.
Tool-wise, go to portswigger.net, and download the freebie version of Burp Suite. It doesn't have the scanner portion, but you can proxy all your traffic through it, and see what happens when you twiddle all the things that might be twiddled. Buy the pro version (few hundred bucks/year) when you're ready for the other features. By then, you'll know why you want them. The author is Dafydd Stuttard, one of the WAHH book authors. Great support, helpful and responsive.
Oh, and the suggestions for Nessus, OpenVAS and Backtrack/Kali aren't bad, they're good tools. Mostly for the infrastructure-level things such as the operating system and known services which are exposed, though this does include your web server. They mostly won't tell you much about your one-off apps though.
HAHAHAH. OK, fine. I'll go back to sleep now.
Mine's got a USB wifi card, and does just fine.
We already get taught to not trust people, and they're familiar. As robot behavior gets more complex, it'll be more apparently mysterious, and harder to trust.
While formatting options make something like EverNote look interesting, I haven't yet found a must-have feature for me that negates the loss of control I feel over my info. I do like Pinboard for bookmarks, which I don't really treat as private, but most of the rest ends up in plain-text files that I can read anywhere. Combined with an encrypted file sync service like Wuala or SpiderOak, I feel 90% of the way there. I might end up adding Tiddlywiki in the same sync folders for items which need a bit more formatting though.
Personally, I briefly held a Hotmail address. While I hadn't been using it, my non-obvious, hard to guess address still received a significant amount of spam. It's pretty much a smoking gun that they're sharing things they shouldn't, whether they do something similar with content or not.