Ask Slashdot: Good Tracking Solutions For Linux Laptop? 253
First time accepted submitter WillHPower writes "So I have ordered a new Ubuntu-powered laptop. I spent some extra bucks on lots of RAM and a good sized solid state drive. After putting money into it, I'd like to find a way to track this laptop in case it's ever stolen. Are there any good tracking software/services the run on Linux laptops? Also, are there any other techniques besides tracking for dealing with a lost or stolen laptop that I should consider?"
No (Score:5, Insightful)
No, there's no good Linux HW tracking software. Why? Cause there's no good software for other platforms either. It's all "make-you-feel-good-software" which doesn't survive a simple OS reinstallation...
Re:No (Score:4, Informative)
No, there's no good Linux HW tracking software. Why? Cause there's no good software for other platforms either. It's all "make-you-feel-good-software" which doesn't survive a simple OS reinstallation...
It doesn't exactly give you the warm-and-fuzzies to know that this is possible; but some models have it baked right into the firmware. A suitably provisioned AMT 6+ device can do entertaining things like phone home and provide 'home' with an IP KVM, regardless of OS state.
Re: (Score:3)
Re: (Score:3)
Well, I guess it comes down to trust and if you trust the vendor.
Re:No (Score:5, Interesting)
Can you point out a free OR open-source implementation of a phone-home BIOS on a laptop? No. No one can, as there ain't one. And a closed-cource security feature is a scam, plain and simple. I'd stay away from laptops that HAVE that feature, even if "deactivated" (how would you know?) by default.
WillHPower did not make FOSS a requirement; why are you making it a requirement? Can you explain why a closed-source security feature must by a scam?
WillHPower wants to get his laptop back if it is stolen. He's not asking for ideological purity. He knows that if his laptop has a tracking device that the tracking data could be used by law enforcement against him. That's what tracking software does; it tracks. That is not a bug, that's a feature, and is actually the feature he wants to have. Apparently he doesn't wear tinfoil; he's not required to. It is his right as a thinking person to choose to be paranoid, or not be paranoid.
The best solution is some form of hardware lo-jack. Maybe a GPS transmitter that can fit in one of the external ports on his laptop, if that isn't built in already.
Re: (Score:3)
Dogma corrupts the mind. (Score:3)
Any time dogma takes precedence over reality, you're going to fall like the Soviet Union.
Re: (Score:3)
I'm pretty sure it could be done using coreboot [coreboot.org] (formerly linuxbios). I don't think the code for it is written yet, of course, so yeah, there ain't one - yet.
Re: (Score:2)
Did you see the part where I mentioned it not exactly giving you the warm and fuzzies? There are basically no FOSS x86s BIOSes at all(yeah, coreboot runs on a few things, most of them old and few/none of them laptops, or you could get an OLPC from before their switch to ARM; but that's about it). As it happens, the 'AMT' stuff isn't really part of the BIOS(I'm sure there are points of integration; but they are distinct systems). It's a separate CPU, with its own firmware(never fear, it's cryptographicially
Re: (Score:2)
PREY (Score:5, Informative)
Prey is great. It is more effective than "Find My Mac" and runs on may platforms, including most Linuces. :-) Android, MacOS and iOS - besides teh usual vanilla from Redmond.
http://preyproject.com/ [preyproject.com]
From the FAQ:
Re: (Score:3)
Re: (Score:2)
You never know....
Prayer should be effective and properly employed when petitioning for a change in ourselves, rather than in material circumstance or disposition. ;-)
Re: (Score:3)
I think you are right. But the "plan" is not an intellectual construction, and includes evolution, chaotic interaction, and your own striving...
God isn't a "super human" - but entirely other. Outside time and space, as we can comprehend such things, therefore without "thought" which occurs in the context of the known, of unknowns and of memory. Without anticipation and without a transition of state, God is a category beyond what can be described as a mind or even a being.
Re: (Score:3)
So that the thief must take the disk out of the computer for formating it? It requires a screwdriver, flawless security.
Re: (Score:2)
How about...try to establish communications with known terrorists using it. Claim you want to start your own cell. Then the NSA will track your laptop for you, for free.
A simple lawsuit will get them to tell you its location if its lost or stolen.
Re: (Score:2)
How about...try to establish communications with known terrorists using it. Claim you want to start your own cell. Then the NSA will track your laptop for you, for free.
A simple lawsuit will get them to tell you its location if its lost or stolen.
You included some unnecessary steps in there. The correct procedure is:
1. Operate a computer.
2. NSA tracks the computer.
3. Computer gets stolen.
4. File FOIA request to find your stolen laptop.
5. ???
6. Don't lose as much money! (Sorry, I don't see any profit, unless you make a business model out of filing FOIA requests for other people to help them locate stolen laptops.)
Oh, and backup with Carbonite. Unless this is a trivial gaming machine, your data are more valuable than your hardware.
Re:No (Score:5, Funny)
No, there's no good Linux HW tracking software
Of course there is. You just need to tape a note to the laptop asking the thief to compile and install it after doing a code review to make sure it's trusted, and submitting any code patches necessary back to the developers.
Re: (Score:2)
Re:No (Score:5, Informative)
Re: (Score:2)
Note it's a hardware solution, while the question as about a software solution for existing hardware.
Re: (Score:2)
Some laptops actually has this built into UEFI. So it can survive a reinstall.
Re: (Score:3)
False. Computrace (LoJack) actually survives OS reinstallation, provided the new OS is compatible (i.e., WIndows).
It does it by relying on a BIOS component that checks for it to be installed and if not, patches itself back in on the hard drive.
Of course, it lacks a lot of authentication and can easily be hijacked if you modifiy the BIOS...
Re: (Score:2)
This is an interesting solution, and may even be the best one for a Linux laptop.
Simple, have windows and computrace on there...run linux. The software does nothing until someone steals it and tries to run or reinstall windows, at which point it activates and starts doing its thing. In the mean time, it doesn't really track you.
The only real problem comes if the thief decides to keep it running linux or some other non-windows flavor (encrypt the whole hard drive with LUKS and that should at least make it us
Re: (Score:2)
Of course, a Windows license is around $100, plus any other software costs.
Call it a hunch, but I'd bet that someone who doesn't have any qualms about stealing a laptop is not going to shy away from grabbing a windows All-in-one ISO from Piratebay...
Re: (Score:2)
And maybe more important: even if there is a hardware tracking software, you don't want it. Not only is sharing your location to others without your consent, maybe is sharing more than that.
In any case, a cron script that send you just a mail every N minutes (and if having some supporting hardware, your gps coordinates, a picture of the front camera, etc) will be enough to give a hint of what happened with it before the OS gets reinstalled.
how about a big, heavy logging chain? (Score:2)
weld one end to your desk, and the other end to... oh... a wimpy little Kensington clip. hmm. just like software tools. looks tough, acts muff.
Re: (Score:2)
On Dell and HP boxes, there are hooks for it to auto-load/install LoJack for Laptops the second a Windows OS is put on the machine. That might be an idea. It won't help when Linux is running, but if a thief decides to install Windows, the BIOS will automatically install the tracing program.
Of course, the best thing is to have the laptop insured, and the HDD encrypted.
I like using multiple layers of encryption, mainly for compartmentalization. One layer for everything on the HDD, preferably using a TPM (t
Re: (Score:2)
If the thief is that technically literate, then, arguably, you've been had, get over it. Use insurance or just buy a new machine and enjoy the fresh smell :)
Alas, in most cases, a BIOS/firmware password and a password-less guest account on the OS are enough the ensure that you'll hear back from your machine. Thiefs are mostly silly.
Here's a solution that will work on any Unix system [slashdot.org] (less Orbicule, of course).
Re: (Score:2)
Macintosh, use the command line for your linux needs (since it's linux based)
Enable firmware password and full disk encryption, both included free.
Current model macs cannot be overridden by any tech without your apple id. So as long as that stays secure, it's a brick if stolen. There are no back doors.
The tracking software is up to you. There are several commercially available, and I personally rolled my own. They
Re:No (Score:5, Informative)
There's a list of where BIOS level Computrace is available on their BIOS compatibility [absolute.com] page.
Re: (Score:3)
Unless they start it up and are greeted with a LinuxMint login screen.
Have it log in with DynDNS and open a VPN to you. (Score:2)
Re: (Score:3, Informative)
Re: (Score:2)
Theft prevention: label it "Linux Laptop" (Score:5, Funny)
You're probably better off going with theft protection. Your best bet might be to label it a "Linux Laptop" in big bold letters.
Re:Theft prevention: label it "Linux Laptop" (Score:5, Funny)
Re: (Score:3)
ROTFL I have never heard that one but.... I used to live in a house (condo conversion) where 8 people in two apartments had 6 cars with 1 driveway (worst case, number of both cars and people changed over time). During most of that time, I had the only manual transmission (I find it amusing they are still called "standard" by many).
Generally speaking, nobody could move my car but me. Eventually someone moved in downstairs who could move it, but, for the most part, I had to do it, which meant I couldn't just
Re: (Score:3)
You're probably better off going with theft protection. Your best bet might be to label it a "Linux Laptop" in big bold letters.
It works even better if you buy a pink one.
Re: (Score:2)
Re: (Score:2)
Just don't install FSN.
"It's a UNIX System! I know this!"
Prey (Score:5, Informative)
http://preyproject.com/
Free but only partially useful solution (Score:4, Informative)
Re: (Score:2)
That, and live the ssh server listening (passwords disabled), so that you can shred the disk if you want. There is not much more anyone can do...
Or maybe, buy one of those USB computers, plug it somewhere inside the laptop, and put a back door in it.
Re: (Score:2)
Re: (Score:2)
Not everyone lives in some uncivilized shithole. The cops here got my brother's $25 cellphone back after it was stolen. And they didn't need a full SWAT team with heavy gear to take it from the kid who stole it, either.
Disk encryption (Score:4, Informative)
Assuming you have valuable and/or personal data on the machine, don't forget disk encryption. Either encrypt the entire disk, or perhaps just the data partition. Truecrypt is a good solution for this.
Re: (Score:2, Insightful)
Exactly.
In fact, just forget tracking, and encrypt the whole disk---if it gets stolen, shrug it off, and buy another one (again, do full disk encryption).
There's not much you can do about crime (sure, you *might* be one of those few folks who locates their laptop, and then breaks the law in some stupid way trying to retrieve it---or infinitely less likely, gets the thief slapped on the wrist by the cops).
Password protect bios, encrypt disk, etc., make it a hassle for someone who ends up with it, but that's
Re:Disk encryption (Score:5, Insightful)
If you encrypt the boot drive properly, it won't boot to anywhere useful without a password. That means you can't use any of the OS-level tracking solutions, because the thief won't be able to boot into the regular OS. If you've let a criminal boot far enough to track them properly, you've really let them get too close to your data.
It sucks in a way that a locked down system can't also phone home easily to find the thief, but realistically that's the trade-off here. I'm willing to write off the cost of a laptop if it's stolen, as long as the thief doesn't also get access to any personal data I have on the drive. Recovering from a case of identity theft costs a lot more than any single device.
Re: (Score:2, Informative)
Re: (Score:3)
Assuming you have valuable and/or personal data on the machine, don't forget disk encryption. Either encrypt the entire disk, or perhaps just the data partition. Truecrypt is a good solution for this.
Plus provide autologin, so the user won't feel the need to reinstall immediately.
PREY (Score:2, Insightful)
Prey Project (Score:2, Informative)
Stop Theft Plates (Score:5, Informative)
http://www.stoptheft.com/ [stoptheft.com]
Re: (Score:2)
I'm a big fan of these - - They deter the actual theft before it happens. http://www.stoptheft.com/ [stoptheft.com]
It seems to me that if this works, and you can't get it off, it will probably just get your laptop thrown in a trash bin, or chopped for parts. Mildly satisfying in terms of pissing off your thief, but rather questionable with regard to helping you get your stuff back.
Re: (Score:2)
Never had a system st
Here is what you could do: (Score:5, Insightful)
Re:Here is what you could do: (Score:4, Insightful)
The key is you want the thief not to just wipe it and sell it, they need to power it on.
Depends on the style of thief; your typical, garden-variety tweeker looking for something to sell to the pawn shop probably won't even crack the top, let alone try and boot the thing... a pro or semi-pro identity thief, on the other hand...
Then there's the ever-present bored-teenage-vandal types (especially prevalent this time of year)... those kids are likely going to break into the machine to see what kind of "cool" (read: pornographic) stuff you've got on there, shortly before they completely trash the hardware.
also some people on ebay may part it out (Score:2)
if they can't boot it.
that SSD and the screen can sell as well as the case / ram / cpu / and other parts.
Insurance (Score:5, Informative)
Re:Insurance (Score:4, Informative)
Re: (Score:2)
Please don't forget to make and test backups every now and then otherwise you may well have your insurance payout but no data.
I keep my data on my server at home, I put stuff on my laptop if/when I need to use it when I am out & about. Nothing of real value would be lost if I were to lose my laptop.
Re:Insurance (Score:5, Interesting)
Encrypt the hard drive. Insure against theft. Forget about it if it's stolen.
Right, your data integrity is almost always worth more than the hardware itself. In order to install a tracker, you have to permit the attacker access to your filesystem. Don't do that.
If my laptop is stolen, they'll see a grub screen, and then dracut asking them for a password. I'm SoL on ever seeing it again but I don't have to go explain to clients how their security may have been compromised.
I guess ... you could try to bait them with a Windows boot option in grub. Maybe even make it the default if you think it's really likely that your laptop will be stolen. Install the tracker there, perhaps. One could continue along that train of thought with silent grub options and delays to make a deadman's switch of sorts, that would automatically bring up wireless, connect to any routable AP and send a help packet. Hey, there's an opportunity for the next guy who wants to make a new micro linux distro that does something unique - the more silent, slim, and faster the better. Maybe even a fake Windows splash screen while it's doing its business.
Tracking the IP is easy but... (Score:2, Insightful)
...the problem seems to be that just knowing the IP of your stolen computer is not enough for the police to get it back for you. It seems they also want a photo of the thief taken while using the computer, which complicated matters a lot. At least that's what other users have reported.
Another reason you put electrical tape over webcam (Score:2)
protect yourself against the tracking by the Illuminati.
Re: (Score:3)
...the problem seems to be that just knowing the IP of your stolen computer is not enough for the police to get it back for you. It seems they also want a photo of the thief taken while using the computer, which complicated matters a lot. At least that's what other users have reported.
Not to mention the police will want to talk to you about all that Indonesian plant porn the thieves downloaded onto your laptop after they stole it. Denying that you did it just won't work with them, but might work with a jury if you have a good enough l*wy*r.
Nice Try, NSA (Score:3, Funny)
You'll have to try harder than that to get me to help you track people.
Prey! (Score:2, Informative)
I would recommend Prey: http://preyproject.com/blog/2011/04/its-official-prey-is-now-on-ubuntu
I have used it and it seems to work well. It's free for up to 3 machines too.
Linux OS likely to be erased offline (Score:5, Insightful)
The first thing the theft will do: an offline OS installation.
I bet the stolen Linux laptop will have its OS erased to either to run MS Windows or an other Linux distro.
Re:Linux OS likely to be erased offline (Score:4, Informative)
Exactly. My daughter's Ubuntu laptop was stolen some years back. It was configured to start OpenVPN on boot-up. The VPN never connected after the theft, so I can safely conclude that it was never connected to the Internet while the original Linux install was present.
Re: (Score:2)
Prey (Score:3)
While it is true none of the solutions will survive an OS re-install, in most cases that's not terribly relevant. You want to track it down before they re-install the OS anyway.
Prey is very unobtrusive; I often forget it's even there. It can give you screen shots, access location information, and even snap pictures with the webcam if your laptop is so equipped.
Great product and service.
Comment removed (Score:5, Interesting)
Re: (Score:2)
Looked into this once before for a big rollout.. Very hard to get actual info on. All the BIOS chip does, is re-install the software automatically and silently in windows. (they have some sort of special encryption key or something)..
if you ever feel the need to steal a laptop, install linux, freeBSD, or make it a hackintosh, and the computrace is worthless..
Re: (Score:2)
Prey (Score:3, Insightful)
Apologies if this sounds like I'm some sort of shill, but I'm not. Just a happy customer:
http://preyproject.com/ [preyproject.com]
* Free and open source
* Completely passive
* If the laptop is reported missing (and has net access to know this), Prey will report its geo-location via Google Maps, take passive captures of the user with the laptop's webcam, take screenshots of their activity, and if necessary completely lock down the computer (though you'd normally do this manually and as a last resort - once locked, the thief will probably ditch it very quickly). Does other things as well.
* Works on Win/OSX/Linux/iOS/Android
* Allows you to run it in two ways:
1. Make an account on the website, install the software and link it to your account, so that should your laptop go missing you can report its absence via the site and it'll do its thing once the laptop goes online elsewhere. Free accounts all you to link up to 3 devices, pro accounts allow more in addition to more features, but you'll easily be fine with a free account.
2. If you want to be completely independent, you can run Prey stand-alone. No account needed - it works by monitoring for the existence of a URL when online, and if said URL reports a 404 error, it triggers and sends reports via email. Hence, you set up some free hosting with a dummy file, point Prey to the full URL of said file, then if laptop goes walkies, remove the file from the host to trigger Prey. No reliance on accounts or anything. Bit much for a regular user but easy enough for advanced users and not dependent on a company for the software to keep working.
Since you're running Linux ... (Score:4, Interesting)
Since you're running Linux, you will probably discover that any thief will reformat the hard drive to install Windows. This leaves two options:
1) Look into software that may already be baked into the firmware.
2) Have it automatically, and preferably transparently, boot into Windows then follow some of the other advice found here.
Neither route will help you recover a laptop once it has passed through the hands of professionals.
Overall, you'd probably be better off detering theft in the first place: don't use it in overly public places, never leave it alone in public places, invest in a good lock, and make it look undesirable. (One thing that I like about my ThinkPad is that it looks 10 years older than it actually is. Stickers, especially "non-removable" ones, make more identifiable and harder to resell without a cleanup effort. Scratches and dings will reduces its apparent value. Heck, smashing the slot for the lock will probably deter most thieves since it would be harder to sell.) Remember, the best way to avoid being a target is to avoid looking like a target.
Oh, and write down every serial number on the system.
Yeah (Score:2)
DDoS (Score:5, Insightful)
Three letters: (Score:2)
Cron (Score:3)
This will get you an IP address every 15 mins in your apache log so you can login or trace it.
/usr/bin/curl https://mywebserver.org/checkin [mywebserver.org]
/usr/bin/ssh -R 43811:localhost:22 mywebserver.org
*/15 * * * *
Also, if you don't want to run a full apache stack, boa [boa.org] is a nice light webserver which will do the same. Also, many options for perl/python servers which could be lighter yet but you would need to implement your own logging. Another cool option is have your laptop open a reverse ssh tunnel right to your server when it boots.
@reboot
How about a C4 "Deadman" Switch (Score:4, Funny)
You're a slashdot guy, so you must be pretty talented. Open the thing up and find some unused GPIO (or serial port) that you can tap into and hook a small block of C4 and a detonator up to it [1]. Then, create a cron job that runs daily to check that you've been logged in at least once, and if it doesn't it should assume the laptop was stolen and trigger the detonator. No. Wait. Better make the cron job run every 12 hours. You can never be too careful. Just make sure you never sleep in on weekends or leave your house without your laptop.
Next, to be extra safe, you'll want to somehow monitor failed login attempts and trigger the C4 whenever too many happen. Not sure how to do this as I'm a hardware guy myself, but I'm sure you can figure things out on your own or with your frienemy Google. I'd say that allowing one failed login attempt should be a safe threshold, but I'd recommend against allowing any more than that, as you're just asking for trouble. In fact, unless you're some kind of pussy that can't type, you can probably get away without any grace login attempts.
If you were really paranoid, you could try to implement some sort of retina scan or proximity sensor using the built-in webcam, but that's an advanced topic probably better left for some future "Ask Slashdot" post.
[1] If you have sort sort of issue with using C4, maybe you should consider somehow using a thermite charge instead. Less "bang", yes, but definitively more colourful, and would give new meaning to the term "toasted skin syndrome".
Re: (Score:2)
You're a slashdot guy, so you must be pretty talented.
LOL!
That assertion turned false way before Hemos left, let alone Taco.
no password?? (Score:2)
Unless you set it to automatically login with no password, the thief will never be able to boot it up to allow your tracking software to work.
Simple solution (Score:5, Funny)
Put a Windows 8 sticker on it. Nobody will touch it.
Re:Simple solution (Score:4, Funny)
And make sure it's a bright pink laptop. People will pay you to take it back!
Why? (Score:2)
Truth is, law enforcement isn't going to take you seriously if you say you have tracked down your laptop. Rather just get it insured and have your files backed up somewhere else.
The Easy Solution (Score:2)
Clearly identify it as a Ubuntu laptop. Your average, low-level thief is notoriously unwilling to steal things that are rare and unpopular.
or have some fun (Score:2)
This only works if you can act quickly after it's been stolen.
First, open the case. Place a block of C4 in some free area, with a detonator attached to the internal USB bus. Close the case. Remember to write down the secret code for the detonator as well as your machine's IPaddress.
When machine is stolen, send the code. Great hilarity ensues.
Re: (Score:2)
Doggone it -- AC ninja'd my C4 idea. Now I gotta race him to the patent office.
Tracking, then what? (Score:2)
Chances are you'll need the police to actually recover anything, if all you have is an IP the ISP won't give you the time of day. If they're just using it from the wifi at the local coffee shop it'll be a dead end. Even a GPS location isn't all that good if it leads to an apartment building. For every case in the media I hear about anyone making a successful recovery it's probably ten where they just can't be arsed or it just fizzles. I'd say this is a case where an ounce of prevention is worth a pound of c
Use aremote linux desktop server (Score:2)
Re: (Score:2)
He's asking about how he can protect his exisitng equipment that represents a significant invenstment, not what he coulda/shoulda done before he made it.
Easy! (Score:3)
Re: (Score:3)
Re: (Score:2, Interesting)
Actually they do the same thing, install windows on it. Go to craigslist and notice how many suspiciously cheap macbooks with windows installs there are.
Re: (Score:3)
They will? I thought that was classified.
Re:Just ask the NSA (Score:5, Funny)
No, just enter the following URL:
www.nsa.gov/applications/search/index.cfm?q=I lost my laptop could you tell me where it is
I have to admit I was freaked out when the result came back and said, "You're ON your laptop. Stop fucking around, Robert"
Re: (Score:2)
Re: (Score:2)