If you THINK you have a backup, but you’ve never done a restore, you’ve got a liability in the form of a false sense of comfort.

If you THINK you have a recovery plan, but you’ve never taken all the things, put them in a box, and tried to stand back up, again it’s false comfort.

Since 1997 I have faced a hurricane revealing a leaky generator diesel tank, a tornado taking an above ground office with the company’s datacenter inside, a commercial airliner ramming the skyscraper housing the control center for an international voice carrier, an ISP plant engineer erasing every device config on a regional network, and the nicest guy in the world face planting hard enough that he never regained consciousness, despite a top quality bike helmet.

I often make suggestions about preparedness, but not nearly so much about how to TEST. I’ve been doing that the last week and encountering the usual hurdles. Let’s discuss …

Attention Conservation Notice:

Readiness is a spectrum. On the one end you can periodically gloat on Substack because you’re a stickler, the other involves bankruptcy, prison, or maybe a shallow unmarked grave. Your perception of risks will govern the amount of time you spend trying to remain on the smiley side of the pain scale.

Issues:

I’m just some random guy on a boat anchoring out somewhere in the Delta, or I live in a Diablo valley garage, or maybe I’m OCD enough to plant signs all over northeast BARTopia, and I actually live somewhere on Telegraph Ave in Berkeley near a non-chain car rental place. Whatever the truth of the matter, we’re a two person household, if you count my bloodthirsty office assistant, but we’ve got enterprise caliber continuity issues.

The Remediation section in Federal Task Force Detection & Avoidance article contained mention of my peculiar off site backup strategy. Just before that, Creating A Public Record contained mention of my unhappiness with my two factor authentication method, that being Authy. Let’s address and test.

Backups:

I had copied the age archives to those heavy duty aluminum flash drives, but then realized I hadn’t booted one since I first conceived of this method during the summer of 2024. I placed one in the one liter Windows machine and … nothing.

It only took a few minutes of diagnostic work to decide it was time to try a new version of Ventoy. All of the drives got restarted from scratch, reloaded, and then TESTED.

Four passed with flying colors. The fifth not so much. There isn’t a sixth, the most easily accessible of the three magnetic key keepers is special, in ways I will decline to describe in detail. Number five came back after I got annoyed and went to do something else for a while - just fat fingers I guess.

The fact that there are PAIRS of drives is the legacy of the prior generation. These Kingston drives, 8GB and 16GB, are what’s left of a prior strategy. They were seldom accessed, but these two are the only ones that didn’t mysteriously fail after just occasional use. So now I trust no single thumb drive any further than I can throw it.

These two linger because the just keep working for operating system installs and such.

The next wave of this is going to be a bit different. These clever rotating USB-A/USB-C drives are Mac friendly w/o making a hassle with older gear. I kept needing to fiddle with microSD cards, so now an adapter rides on my keychain, in addition to the collection that has formed as I acquire new flash storage for phones and Raspberries.

Two Factor:

I really liked Authy for two factor authentication … until they ended their desktop companion software. Concurrent with that I started finding issues with device sync and device reverification before use. It’s needed replacing for a good long while now.

Maybe some of you think I’m just bloviating about Authy. Nope, not really, it’s on EVERYTHING I have, even that Best Buy account that didn’t exist until I had to create because some ankle biter kept trying to password reset it using one of my publicly known emails.

I asked ChatGPT what to do to replace Authy and I’m pretty underwhelmed with the response. Authy is a seat in coach class, KeePassXC reminds me of the cockpit of a Grumman F4F I once got to sit in. I sorta know what most of this stuff does, but I’d hate to be just cold dropped into needing to make it go without a bit of familiarization.

There’s a deeper issue here that troubles me. There are some things I do that relatively few others can. I bring as much of that stuff here as I’m permitted to show, hoping that it’ll inspire some of you to start down a similar path, or maybe take what I’ve uncovered and exploit it in some fashion.

The other side of the coin is that thing on the masthead labeled Safety Dance. My cat is smart enough to use Authy, she’s just too lazy to put it on her account. But KeePassXC? There are more serious barriers here than needing a pair of opposable thumbs. I’ll climb the learning curve with it, because I don’t have any other workable option, but if that was the only 2FA available, what sort of uptake would there be?

NOTE: There is nothing wrong with Authy, it’s still a fine choice for almost all of you. The only caution I’d offer is that you should get a cheap burner for backup. Put the burner in a drawer, take it out on the 1st of the month to make sure it still works. Better yet, put it in your fire resistant safe. This is a whole ‘nother article, I just don’t want to trigger a panic. Most of you have very different answers than I do when the question is What Hunts You?

Conclusion:

I wrote this late last night, then took off at 0400 and put in 18,000+ steps, scouting a couple new hideouts. BART locations were good, this time I’m hunting for public areas that are accessible, yet quiet in the wee hours of the morning. Placing and cycling has to be done surreptitiously, but someone else who needs to do a recovery on my behalf is only going to do that once.

This is a bit like being a World War II submarine commander. There’s content here, a couple places around town, and however many friends I’m made in Europe who are willing to hold 38GB of data. It’s like a spread of torpedoes in the water - all I need to succeed is for just one of them to get through. The other side of the coin requires a raid, a scavenger hunt, and getting multiple NATO member countries to coordinate similar activities.

I sometimes wish I had a mundane job with a fat paycheck, mostly on the 1st and 15th, but otherwise I guess this is OK …