LJ Archive

Hack and /: Travel Laptop Tips in Practice

It's one thing to give travel advice; it's another to follow it. By Kyle Rankin

In past articles, I've written about how to prepare for a vacation or other travel when you're on call. And, I just got back from a vacation where I put some of those ideas into practice, so I thought I'd write a follow-up and give some specifics on what I recommended, what I actually did and how it all worked.

Planning for the Vacation

The first thing to point out is that this was one of the first vacations in a long time where I was not on call, directly or indirectly. In my long career as a sysadmin responsible for production infrastructure, I've almost always been on call (usually indirectly) when on vacation. Even if someone else was officially taking over on-call duties while I was away, there always was the risk that a problem would crop up where they would need to escalate up to me. Often on my vacations something did blow up to the point that I needed to get involved. I've now transitioned into more of a management position, so the kinds of emergencies I face are much different.

I bring up the fact that I wasn't on an on-call rotation not because it factored into how I prepared for the trip, but because, generally speaking, it didn't factor in except that I didn't have to go to as extreme lengths to make sure everyone knew how to contact me in an emergency. Even though I wasn't on call, there still was a chance, however remote, that some emergency could pop up where I needed to help. And, an emergency might require that I access company resources, which meant I needed to have company credentials with me at a minimum. I imagine for most people in senior-enough positions that this would also be true. I could have handled this in a few ways:

  1. Hope that I could access all the work resources I might need from my phone.
  2. Carry a copy of my password manager database with me.
  3. Put a few select work VMs on my travel laptop.

I chose option number 3, just to be safe. Although I'm not superstitious, I still figured that if I were prepared for an emergency, there was a better chance one wouldn't show up (and I was right). At the very least, if I were well prepared for a work emergency, if even a minor problem arose, I could respond to it without a major inconvenience instead of scrambling to build some kind of MacGyver-style work environment out of duct tape and hotel computers.

Selecting the Travel Computer

As I've mentioned in previous articles, I recommend buying a cheap, used computer for travel. That way, if you lose it or it gets damaged, confiscated or stolen, you're not out much money. I personally bought a used Acer Parrot C710 for use as a travel computer, because it's small, cheap and runs QubesOS pretty well once you give it enough RAM.

I originally planned on taking this same small travel computer with me on my vacation. I even prepped the OS and was about to transfer files over when I changed my mind at the last minute. I changed my mind because at my job we are working on integrating a tamper-evident BIOS called Heads into our laptops that, in combination with our USB security token called the Librem Key, makes it easy to detect tampering. You plug in the key at boot, and if it blinks green, you are fine; if it blinks red, it detected tampering. Normally, I wouldn't recommend taking a work laptop on vacation, but in this case, I wanted to beta-test this BIOS protection, so at the last minute, I decided to take my work laptop and try everything out.

Preparing the Travel Computer

Another important part of travel preparation is to make backups of your personal or work laptops. This is important whether you are traveling with your personal laptop, a work laptop or a travel laptop, because in any of those cases, you will want to transfer some files to the laptop you have with you, and you'll also want to be safe in case you lose that machine.

In my case, the backup process has an additional significance because I use QubesOS. QubesOS allows you to separate different workflows, files and applications into individual VMs that all run in a unified desktop. You also can back up and restore those VMs independently. For travel, this means I can perform a full backup of personal and work machines before the trip and then restore just the VMs I need onto my travel laptop. If the laptop is lost, broken or stolen, or if I want to wipe the laptop, I don't have to worry about losing data.

Since I was traveling with my work laptop, this meant that I performed my normal backups of personal and work Qubes VMs, but then I just restored the personal VMs I thought I might need on the trip onto my work laptop. Otherwise, I would have restored both personal and work VMs onto my separate travel laptop. Normally I also recommend that you spend a full day working from your travel laptop after you have set it up, so you can make sure you have all of the access and files you need. Since I was traveling with the work laptop, I could skip this step, of course.

The Results

So what were the results of all this travel preparation? I barely had to open my laptop at all! I had one or two personal obligations that required the laptop at the beginning, but I didn't have to fire up any work VMs. Since I mostly kept my laptop in a bag, I did end up leaving it unattended quite a bit, so it was a good test for that tamper-detection (as you might expect, the laptop wasn't tampered with during the trip). Knowing that I could fire up work VMs if I had to did give me extra peace of mind during the trip, even though I never actually had to try it.

When I returned home, there was some clean up to do. Normally with my travel laptop, this means a complete wipe and re-install of the OS so it's ready for next time. In this case, since I was using my regular work laptop, I just deleted all of the personal VMs I had added.

Resources

About the Author

Kyle Rankin is a Tech Editor and columnist at Linux Journal and the Chief Security Officer at Purism. He is the author of Linux Hardening in Hostile Networks, DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks and Ubuntu Hacks, and also a contributor to a number of other O'Reilly books. Rankin speaks frequently on security and open-source software including at BsidesLV, O'Reilly Security Conference, OSCON, SCALE, CactusCon, Linux World Expo and Penguicon. You can follow him at @kylerankin.

Kyle Rankin
LJ Archive