Saturday, May 20, 2017

Safeguarding Development Environments

When I am teaching I often refer to a mistake I made years ago, typing "rm * .o" in a Unix shell while in a project folder. I realized when the shell said ".o not found" that by placing the asterisk accidentally all by itself I had selected and removed all the source for the project!

I am sure that it was not the first mistake that I ever made that corrupted a project, nor will it be the last. You or I do not even have to make a mistake; it could just be that your hardware fails or that today some black-hat exploits a security flaw that nobody has patched yet and voilĂ , all of your files are encrypted and forever beyond your reach.

In fact, it is the WannaCry ransomware attack that prompted this post! Not that it bit me, but something like it could some day...

I use three lines of defense. Defense in depth, not relying on a single solution, is always the best way to go.


The first line of defense is a good rolling backup scheme. If you use automatic backups but you only have one version back, you might find that the last backup backed up the bad files. Not so good for us. Any backup scheme needs to be able to go back at least thirty days, and needs to be "offsite," not stored at the same place as your computer.

If you work for a large employer, they may be handling backups for you. In that case, you can probably only count on going back to your work from yesterday or earlier because they do backups once a day during the night.

Fortunately, the Internet has become fast enough that you can use automated software that keeps your backup somewhere in the cloud. Carbonite, Nordic Backup, and similar services try to back up files immediately on a change so you could go back to an earlier version from the same day!


My second line of defense is to use a source-code control system, also known as a repository. Often, I need to work on a project with other people. If everybody shared the same copy of the files on a network drive, we would be stepping all over each other. With a repository, we all check the files that we need out onto our own computer, and when we are done making changes we commit the new versions back to the repository. One key thing about a repository is to make sure that people do not work on the same files simultaneously, so we set up strict boundaries for what section of the project everyone is supposed to be working on. But sometimes it does happen, and if two people try to check in two different versions of the same file, most repository software will identify the conflict and ask for someone to resolve it. Usually that happens by merging the changes from both versions.

Git is one of the most popular control systems around today, and its huge benefit is that everyone has a complete copy of the project on their computer. Not just the current version, but the entire history is on everyone's computer. The multiple copies create a backup, so even if the repository fails someone is likely to have the complete project.

If your employer uses a repository system great! If they do not, and both allow the creation of projects without any fees, Gitlab even lets you keep the free projects private to yourself or your team.


My third line of defense is to use what I like to call a "mirroring service," which is a tool like Dropbox, Google Drive, One Drive, or something else like those. Syncing the files on changes is very much like what the backup services are doing, except that I can sync multiple computers with the same folder structure. That really is not a good idea if multiple people are using those files simultaneously. The services will sense the conflicts, but they do not resolve those difficulties anywhere near as nicely as the repositories do.

I still use if for two slightly different reasons though. The first is that instead of just having one backup of my data, my personal computer syncs to a mirroring service. My server, which is sitting on a much faster Internet connection, syncs the same folder from from the mirror and it sees all the changes. My server also has backup software running, so any changes are immediately pushed back into the cloud. Now I have four copies: the one on my personal computer where I am working on the data, the one on the mirroring service in the cloud, the copy on my server, and the backup of my server in the cloud. That should pretty much cover everything, the odds of all four failing at the same time are pretty slim.

The other reason that I like a mirroring service in the mix is because I travel. I never know if my computer will be stolen, which is even more risky now as I have to check it with baggage in in some circumstances, or possibly confiscated as I cross an international border. The international scenarios worry me the most, there really is not much I can do if my computer is stolen abroad, either by a thief or by the local authorities.

Keeping everything synced on a mirroring service is my travel safeguard. Anything that is sensitive I keep encrypted and that makes it difficult for anybody to get to even if they keep me from my computer. More importantly, I can just get my hands on another computer and get to my data immediately from wherever I need it. I do not have to restore a backup to a computer, I can just go online and view the files that I need, even if I cannot replace my personal computer.


Frankly, I have too much data to keep on one computer. There are many old projects that I have archived, and other files and accounting information that I do not need every day. The bulk of my data is on several servers. Telling people where it is would be security risk for me, so I have to keep you guessing.  It is protected both by the cloud backup and by syncing it to a mirroring service. So there are at least three copies of all that data.

I only travel with what I am working on, but from my computer (or any other computer) I can retrieve any other data from the mirroring service if I need it. And if something happens to my computer, then I can replace it. It really does not take very long to put a working machine back together.

So, maybe you can learn from my mistakes and my solutions. Good luck to you in your travels!


I am not endorsing the services of any particular company in this post. The companies mentioned have only been used as examples of the different types of services and what they offer. You need to do your own research and make your own decisions to select your providers.

No comments:

Post a Comment