houltmac.com

Encryption is always a popular back burner topic for geeks, but no one ever seems to actually do it. It seems to me to be one of those topics that make you feel all James Bond, but when it comes down to it you just don’t have the need for it. Well, that’s about to change. I am carrying more and more personal information and while the fact that my notebook is never more than 5 feet from me is a pretty good security measure, doesn’t mean I don’t think about what could happen.
 
So I am thinking about encrypting my hard drive because I don’t want to get caught, but I haven’t seen anything definitive about it regarding it’s use with OS X. I’d assume that full disk encryption is a better method than just encrypting your home directory (a la FileVault) because some things are stored (at least temporarily) outside your home folder, and thus outside the protected zone in the latter. Perhaps I am wrong?
 
I have heard about two methods of full disk encryption that seem pretty popular; PGP and TrueCrypt. I haven’t had any experience with encryption at all, but it does kinda scare me a little. I am looking to answer a few questions, but can’t find anything definitive:
 
* How easy is it to set up on a volume already in use? (ie. I don’t want to format and start again to use it)
* How long does it take to encrypt a drive on average? (I know it depends on the drive speed, capacity and I would assume the file sizes and CPU etc., but are we talking hours, days or weeks for 250GB?)
* How effective is it and what encryption method is best? It looks like TrueCrypt can use multiple methods at once but that sounds a little dangerous…
* Does it slow your machine significantly?
* What are the dangers other than forgetting the keys? For example; Do encrypted drives tend to fail quicker due to the constant reads and writes? Does the encryption fail often and render your data useless?
* How does Time Machine handle encrypted drives and can I encrypt my backup drive too?
* If the drive was to fail and I needed to send it to a data recovery centre, would it cause them an issue?
* Anything else I haven’t thought of yet?
 
Has anyone had any experience with any other encryption for the Mac? Anything to share?

Posted by email from houltmac.com (posterous)

I have seen Cooliris before, but I have never gotten around to poking around it myself. It’s a pretty cool concept really and I thought I’d take a moment to give a very brief overview.

Cooliris is a plugin for either Safari or Firefox which allows you to view the web visually. The plugin transforms your browser into a full-screen wall of images which are pulled from websites in a couple of different ways. Either you can search for a topic or keyword, or you can choose a news category to see images associated with news stories from the web. You can zoom in and out as well as scroll along the 3D wall of images, clicking on those you find interesting to view larger versions.

You can also view the webpage they are associated with or email the image to a friend, though the latter requires that you sign up with Cooliris’ free service.

All in all it’s pretty cool, and while I don’t want to go much deeper I will say that it’s super fast and you should check it out if you haven’t already. The team have also just released an iPhone app for free also and allow you to build it into your own website. Some very interesting things could be taken from this but to really understand how simple and effective it is you need to experience it for yourself. Get started by visiting www.cooliris.com.

Posted by email from houltmac.com (posterous)

I am a big fan of OS X Server. I use it all the time at work and am considering using it at home also. I use many of it’s features on a daily basis including AFP, DHCP, DNS, iChat, NFS, Open Directory, SMB, Software Update, VPN, and Web services. It’s pretty cool.

Today I was working on a permissions issue on our RAID when I attempted to log in as myself from another machine (where my password isn’t pulled from the keychain). The authentication was successful, but then something struck me - that wasn’t my password. I had typed another password I use regularly, but not my own Open Directory users password. Worrying. To clarify I logged out and did it again - it still worked.

I checked a little known setting in Server Admin under AFP>Settings>Access called “Enable administrator to masquerade as any registered user”. It’s a bit of a mouthful, but it does exactly that. I you know the password for any local user (on the server, as in created in System Preferences on the server) with Admin privileges you can use that with any other users username to gain access to their AFP share points. In my case I was using my own OD username with a password that was used by the main admin account on the server and it was working.

Sadly that wasn’t the end of the story as the checkbox to allow this behaviour was not checked. The situation was the same on both 10.5 servers we have in house. I tried a few things, narrowed the situation and was stumped. In the end I turned the option on, saved, back off and saved again. Now I had no access in this way. In short then the UI was not showing the status of the setting correctly, but it had happened on both servers. I logged this with Apple and have moved on.

If however you are running an OS X server I guess it’d be worth checking whether this option is actually turned on from time to time. It can be handy as an administrator (SysAdmin) to be able to log in as someone (even if it’s just for AFP file sharing) from time to time, but it can also be dangerous. The passwords used for regular admin access to many servers is weak, and worse still it’s often something everyone knows; a standard company password. If this is the case and you have proper naming conventions for users then it’s pretty easy to allow access to the accounts share for those who shouldn’t have access since all those enterprising people would need would be to figure out the username of someone in the accounts group.

This could then be a pretty serious little flaw, so keep an eye out admins.

Posted by email from houltmac.com (posterous)

I have made it clear over the years just how much I despise Adobe, their products and their code. It’s pretty abysmal all round. One very good about a specific issue was flagged today over at Daring Fireball. I am sure that anyone who reads this will already have seen it in the feed, but if you haven’t clicked through you should - it’s spot on.

Adobe need to learn how to provide a smoother user experience all around and that starts at the installer. Pierre Igot wrote a great little article on his blog about this today. The installers are cluttered, the apps are huge, slow and garish. The price is insane. The apps break if you so much as launch them and they are full of code and junk features which haven’t been re-written or optimised in any way for years. They are still wimping out of writing native code and using GPU power as a work around. Their CEO consistently makes promises of being the first, or the best but in such cases they fail to even beat Microsoft in the Mac space. For example they were the last major vendor to move our of Rosetta.

As far as I can see Adobe deserve a big, fat FAIL sign tattooed on their building.

Posted by email from houltmac.com (posterous)

As a recent Firefox convert (kinda), I found it quite exciting that there was a new release of the software today. Until I saw the bug fix list that is. Numbers 3 and 4 on the “What’s new” list are as follows:

# Official releases for the Icelandic and Thai languages are now available.
# Beta releases for the Bulgarian, Esperanto, Estonian, Latvian, Occitan, and Welsh languages are available for testing.

These are the first two features listed, which are only below security and stability updates. Point-point releases aren’t as fun after the software turns version 1.

Posted by email from houltmac.com (posterous)