Thursday, June 25, 2009

File Encryption on Macs

We all know the importance of having passwords for almost everything we do. Our modern lives require us to be always prepared to change passwords and almost everywhere we go, we need a password, from the ATM machine to our computers at work and home. But sometimes just having our computer protected by a login password is not enough, specially on a Mac. On macs, all you need to reset the user password is to boot from the OS install disk and select the option Reset Password in the Utilities menu after you get past the Language Selection screen.

Although convenient for the user, this option is also convenient for less-than-well intentioned people and it pose a serious risk for all our Mac users out there. Just recently we had an episode at one of the Centers were a few computers were stolen including some Macs. If they contained important information, that information could be easily accessed using this simple Reset Password tool.

This is why it is so important to start thinking seriously about encryption. When it comes to encryption there is no shortage of options, both free and paid. Let’s start with the paid ones and move to the free options as we go along the yellow brick road to the land of Encryption.

PGP Whole Disk Encryption for MAC OS X
(http://www.pgp.com/mac/)


PGP is a company that provides paid encryption solution. I’ve never personally tested their products, but as far as commercial encryption goes, PGP is a widely known name and very respected at it too.
PGP or Pretty Good Protection was used originally for email and attachments encryption, but since 2002 they’ve started to provide a wider variety of encryption software. To my best knowledge, they are the only company to offer whole disk encryption for the Mac.
From their own website:

  • Full-disk encryption to secure all data, including temp and swap files
  • Pre-boot authentication to protect systems if lost or stolen
  • Encryption for USB flash drives and external USB and FireWire disk drives
  • Compatible with Apple FileVault protection for home directories
  • Can be deployed and managed using PGP Universal™ Server, providing consistent enterprise data protection for Apple Mac OS X and Windows systems
  • Part of the PGP® Encryption Platform, enabling organizations to secure data across platforms and throughout the enterprise
  • Runs on Intel-based Apple Mac OS X 10.4 and 10.5 systems


And the price for a perpetual license is $149.

There are plenty of other paid encryption applications out there as well, but I will focus on free options from now on, starting with Apple’s own FileVault.


FileVault

(http://www.apple.com/macosx/what-is-macosx/security.html)


FileVault comes with all the newest versions of OS X. It was first introduced in Mac OS 10.3 Panther. If all you need is quick and easy encryption, this is the way to go. FileVault will keep your files for a given account safe from unauthorized use and will give you that extra dosage of peace-of-mind. But don’t be fooled by its ease of use. If you ever forget your master password, you will loose access to all your files. And on top of that, there are some serious holes on FileVault’s encryption algorithms, which would make it easier to crack the code and have access to all your information. If you really want to use FileVault’s encryption, you can turn it on for each user by going to your System Preferences and selecting the option Safety. There you will find the tab for FileVault and then you can turn it on for the current user.


TrueCrypt
(http://www.truecrypt.org)


TrueCrypt is by far one of the most reliable free solutions out there, and although they don’t have Whole Disk Encryption on the Mac, they have a slew of other options that more than make up for it. You can create a separate Disk Image that contains all your important data, you can make that a hidden partition and much more. It offer all sorts of encryption algorithms, from AES to Twofish, it is cross-platform and easy to use. I definitely recommend it if you don’t need Whole Disk encryption. What makes it so compelling for our organization is that we are increasingly seeing a need for the use of encryption to protect sensitive information, and TrueCrypt is the version of choice, though features on the Macintosh continue to lag behind features available in Windows.
From their website:

  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire partition or storage device such as USB flash drive or hard drive.
  • Encrypts a partition or drive where Windows is installed (pre-boot authentication).
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
  • Provides plausible deniability, in case an adversary forces you to reveal the password:
Hidden volume (steganography) and hidden operating system.
  • Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: XTS.


External Hard Drive Encryption

If you are really serious about protecting your important information, the best approach is to have a separate hard drive where you can store your data, and encrypt that hard drive. If you have a small safe, also use it! There is a reason why we still trust safes and other analog methods of protecting data, and it is because if the data is literally locked, no amount of hacking will suffice to steal your information. Big companies do that, the military does that and if you have information that you are really interested in protecting, you should do this too. My personal scheme for encryption is using a small 2.5’’ hard drive on an usb enclosure that has my TrueCrypt file (using a fake encrypted partition and then my real hidden partition) that I lock away when not in use, and I keep all my financial and personal information. As soon as possible, I will also get an extra drive and make a backup of my encrypted drive and store it on an off-site location. It seems like paranoiac extra work, but this is actually the closest to true protection that one can get, and even so, there are no guarantees.

Monday, June 15, 2009

EEE and the Best OS for it - Parts 2, 3 and 4

(or: Why I've been skipping updates)


Ok, so lately I've been pretty quiet here at the wiki but things have been changing a lot in the past few days and a lot happened. It just didn't get posted here, but it was documented none the less at the LPC email list. And seems like the EEE and the XO will be getting the spot lights at CTC this year.

Well, lets go for the updates:

Part 2

So, I finally decided to play around a bit more with the OSes I knew would run on the eee.

Xandros:

Nothing changed much since the last time. Except that even though the easy mode is pretty convinient, the lack of repositories for the xandros distro was a bit annoying. I would have to compile most of the programs I really wanted to run, including the little game I play every once in a while (Battles of Wesnoth). I don't have time to play much, but when I do, I rather be playing than compiling the game from the source. The eee is fast to compile, but still, not fast enough that I wouldn't notice.

Besides, John needed to do some experiments with my eee on windows, so I had to reformat it.

Then I installed windows again, on the SSD still. After John finished his experiments, I decided that was about time for me to stop being lazy and start playing with the idea of installing windows on the sdhc card.

Turns out that once you get the whole idea right it is not so hard to do, and I've got the cd with the patched version of windows (you have to patch windows so it will run off of the sdhc). And I needed a live cd to transfer all the files from the SSD to the sdhc (you have to install it first on the ssd then transfer it over to the sdhc. After that you can reformat the SSD). The good thing about it is that it would leave me a free disk where I could install another system on it. Can you imagine it? Dual booting on an eee? Pretty nice! Bad thing though is that I've lost the ability to go to standby by closing the lid. Too bad.

The reason why I am leaving this sdhc card with windows on it is because I was also able to enable downscalling of the screen and virtual resizing also. Right now I am running on 800x600 without scrolling. The fonts are a bit too small for those with bad eyes, but with a perfect 20/20 vision I barely feel it. Also, I have access to all of the nice windows programs and viruses this way. (Gotta get my fix of avg updates!!!)

And lastly, I used the empty SSD to install eeebuntu on it. eeebuntu is the optimized version of ubuntu for the eee. They are using the optimized version of the kernel, and the wireless works. Also, the icon sets on this distro are pretty and shinny. I like shinny stuff. Eye-candies makes my eyes happy. Besides boot up time was greatly improved. Next step will be buying an extra 8GB and creating two extra partitions, one for /home and other for /usr/(whatever folder ubuntu uses to store programs. I never remember). Doing so will let me to do some real playing with eeebuntu, but so far it is coming along pretty good.

And that is my setup so far. As soon as I change anything that is worth mentioning, I will post it here. If anybody wants the links for the step-by-step guides I used, just let me know and I will post them also.

Part 3


So, I decided to try yet another OS on the eee, and boy does that make me feel good. I decided to try pupeee or Puppy 301 for the eee. Now, I've got to say that it is not for the faint of heart, and it is extremely geeky. But boy, that little puppy sure is fast, and you know what? It takes soooo little space off of the hard disk. It installs itself on the disk, but at boot up time it loads to the ram and runs from there, accessing the hard disk only if you need to run some program out of it or save something to it, so the ssd is for the most part untouched. And it beats the regular eee xandros boot up time. Mine is taking 7 seconds to boot up. (I do have 2gigs of Ram).

Then again, it is not easy to learn, and it is not base on any distro, so the learning curve is fairly big. Once you get past that, it is only happiness and joy. It comes loaded with programs (and yet the iso is only about 90mbs.)(AND you can run it off of a usb or sd or even a cd an still save the status of your section to a file onto the hard disk.) but I wanted to install my own set of tools (firefox, pidgin, wesnoth, thunderbird) and that fills up a little of the sd. But it is perfectly usable out of the box, with seamonkey for web and email, abiword for word processing, gaim for im and so on, so forth.

Part 4


I know this is getting old, but I can't help myself but keep trying. First of all, I would like to apologize to all of the OLPC supporters out there for not being playing with it that much, but I've been focusing highly on the eee. Mostly because I am a little wary of the keyboard and the interface. The interface problem can be almost easily (well, not as quite easy as on a eee, but still doable.) but the keyboard, oh gosh, so hard to get used to. Anyway, I will get to it in due time. I've been focusing mostly on getting Ourword, toolbox and some other tools at least working on Linux. Once I get that going, I will start thinking about a standard interface. Actually the reason why I am writing today is because I wanted to share a few findings. First of them, Xubuntu. Xubuntu is probably not the very best desktop around but it is fairly easy and yet resourceful enough to be considered. I had no problems whatsoever with the wireless on the eee (then again, I used eeexubuntu first, then upgraded to 8.04. eeexubuntu is based on 7.10) and everything worked flawlessly. It was also really fast (about 20 seconds to boot up.) and I was running it off of the SD so that is a big plus. But what I really wanted to share was about Ubuntu Netbook Remix. I had a chance to test it out on the eee and boy, it has set my expectations high up in the sky. It is not a ground breaking technology, but it is so easy to use (and I mean it.) I would even dare to say that it is easier than the Xandros EEE easy mode. And it runs on top of Ubuntu 8.04 or higher so that means updated packages. I had to test it out off of my SSD because Ubuntu 8.04 is not optimized to run off of SD cards yet, therefore it would take forever to do anything. So I believe that if the Ubuntu team keep their promise of better SD integration for 8.10 then we may be having a champion soon. The Netbook-Remix is not perfect yet and had a lot of flaws, but what I tested was just a pre-alpha sort of deal that I had compiled off of their early source code and now they have some packages up to testing that I haven't had a chance to test yet. I will get to it also soon enough but like I said, this is not my main priority right now. Going back to porting translations tools to Linux, boy I wish I had some help on it. I am not a programmer, and as much as I am eager to learn, I also am having a hard time with C# code. It doesn't make much sense to me, and Mono is not perfect yet either. I've been trying real hard, but my main duties are at the help desk and I frequently don't have time enough to concentrate only on this. Therefore, if anybody feels like helping, I would very much appreciate. If not, oh bother, I will just keep up as best as I can. That is it for today, and hope to be seeing you all at CTC this year.

EEE PC and the best OS for it

(or: Why should we try anything other than Xandros Linux on the EEE)

Update: This post is outdated since we've had a plethora of new netbooks and the new version of ubuntu works mostly well on all of them.


So, I've got my new EEE PC (4GB, added 2GB ram, no webcam and 8GB SDHC card) on the mail and the first thing I did was boot it up to see how well it would compare with regular laptops. I was really impressed by what I saw and it pleased me very much. Next I installed the extra 2GB of ram and 8GB SDHC card on it and booted it up again. I could notice a slight difference on the time it took to boot up but not too big of a difference though. I can say I was a bit disappointed. So I went to System Preferences and was surprised by a 1GB ram showing up for me when it was supposed to be 2. Well, this could only mean that I would have to recompile the kernel with the right flags for 2GBs max instead of 1GB.

Asus branded Xandros = strike 1

Well, not too bad of a deal still. I could recompile the kernel latter, but I really wanted to test it out first and upgrade a few things (skype was one of them. Nothing beats skype 2.0 with video for Linux!). I would like to remember you that I had a 8GB SDHC card inserted and Xandros recognized it and mounted it for me, so I thought that it would ask me if I wanted to use it as a storage device. Well, turns out that I couldn't choose it to be part of the system, and I would not be able to install anything on it. It would function strictly as an external drive.

Asus branded Xandros = strike 2

Ok, that was enough for me. It was time to move on to the next OS.

UBUNTU

Ubuntu Linux it was. Installing ubuntu was pretty easy and straight forward (provided that I had an external usb dvd reader). After Ubuntu finished installing I was greeted with the full blown desktop with sound and even compiz running just fine. Ubuntu was great, except for 2 things (I forgot to try using the 8GB as part of the file system. I suppose I could just tell ubuntu at the installation that I wanted to mount my 8GB as /home or something. Besides, I am almost sure that this would still not make Ubuntu use the 8GB SDHC for installing programs or updates. Very annoying.):

  • No Wireless out of the box.
  • Screen was way too cramped.


Now, I know that for the wireless problem there are some workarounds out there and I could have even used the eeeUbuntu distro (which comes with wireless working out-of-the-box) but I didn't want to fiddle with that and besides, my other issue would still not be attended. I would have to deal with that tinny screen and that would be somewhat of a nuisance.
Ubuntu was out. At least for the time being, I would rather not have to deal with a bunch of googling and code compiling.



Time to move on again.

WINDOWS

Windows was next up on my list.
Again, Installation process was quite easy. If you install it onto the SSD that is. I was googling a way to install it on the SDHC card and it seems to be a painstaking and desperating process. Of course I will try this eventually, but I am not bored enough with me EEE as it is just yet. Not in order to seek a final solution that will require a lot of sweat, tears, blood and some hammering (at the eee, that's what it is...). So, on with windows installation.
After the install was done I neede to install the drivers for it. Not a big deal, since Asus provides you with the drivers if you buy at least their 4GB model (which I did). And what a surprise! After you install the drivers you have the option to switch the resolution from 800x480 (which is the eee fisical max) to 800x600. Of course it was not perfect, mainly because what you have to to is to move your mouse over to either the top or the bottom edge of the screen in order to scroll it. Useful but not quite what I wanted. It was time for some updates from Microsoft. And what a disappointment. I was left with 6mb free on the SSD. And for the life of me, I could not find a way to tell windows to not use the SSD and use the SDHC instead.
That was a HUGE drawback for windows. It was almost like a uber-strike +∞.



Now, just to make things fair, I've found just recently a hack for windows that allows me to emulate any wide-screen resolution I want up to 1600x1200 (I think that this is right. Could be more or could be less...). It does make everything on the screen looks a little bit smaller, but I have perfect vision so this is not a problem, and there are some applications that won't run with at least 1024x768 screen res. I haven't tried yet because by the time I saw that I had uninstalled windows already. It seems to be extremely complicated to make it work, but I may be willing to try it out when I decide that I am ready to try and install windows on my SDHC.

And the time to move on to the next OS was here again.

OS X 10.4

OS X 10.4 was the last one on my list. I wasn't too serious about getting it to work since I would not be using it on my eee (against Apple EULA.). I tried it more as an experiment than as a real attempt to get it running. Surprisingly it was easy enough once you patch the installation DVD to accept other Intel chips other than the one that apple uses. And boot up as the fastest other than Xandros (on that same note, Xandros was the fastest, and ubuntu was the slowest. Go figure.)
The only drawback I could notice was the lack of support for wireless. But I could even install and run it from my SDHC, no problems. Was in fact really easy to do.
But since I wasn't going to use it as my OS, I decided to move along.




So, it was time for a big decision. And while I was at it, I caught myself thinking about the Xandros easy mode. I know, how lame of me, a more or less seasoned Linux user thinking about an easy interface. The fact is that it was really helpful and responsive, and nothing beats its boot up time.

XANDROS

(or: There and Back again.)
(Disclaimer= This title is copyrighted by JRR Tokien™)

So back to Xandros it was. Re-installing it was a no brainer. Asus made sure that it was foolproof. Of course I would have to tweak it a lot to be to my liking but any other solution would require tweaking also, so I wasn't too bothered by it. First thing I did was recompiling the kernel so it would accept 2GB of ram. Afterwards I had to make sure that the EEE would recognize my SDHC as a part of the unionfs. Then I got lazy and decided to install tweakeee. What it does is it allows you to activate all the tweaks out there on the internet with a click of the mouse. Easy like that. Want access to the advanced mode? Just check the advanced mode check box. Want a start menu? Another check box and you are good to go. Want to add firefox 3.0b5? Click on install and you are done. It was probably one of the best piece of software for the eee yet to come. I would compare it only to automatix 2 or easybuntu.
After running the tweaks, the eee was almost the way I wanted. I just wanted one more thing and that was to be able to lock my screen. Well, again googling provided me with the answer and the eee was ready for deployment. Well, not deployment, but was the way I wanted.



And this is where I am at right now.

I may consider going back to windows on a later date, or maybe even eeeUbuntu. But for now I am more than happy with Xandros running on easy mode and my 13 secs boot up time (the extra 3 secs are for the wireless to connect.).

Please, let me know what you guys think about these, and if you would have done something different.

The Evil of Incredimail

(or: Why email clients evolved the way they did.)

Here at the Help Desk every time we get a call that starts with: "Hi, I am a member/volunteer and I'm at home. I use *Incredimail* and I need help." we shudder.
I don't mean to advertise against Incredimail, and I don't mean to criticize our member's choices regarding email clients. My point is that incredimail relies heavily on HTML emails, and we all know what that means right? Of course html is a great improvement over text only email but that comes with a few downsides to it also. Not only that, Incredimail itself is a big memory hog. For example:

Huge email size
Tons of flashy icons
Advertising built in
Relies on selling other pieces of software
Slows down the computers

The list could go on and on. I understand that some people like to add a little something to their email, that they think that text only is boring and so 1980's and that we all should be using smiles () and pictures on our emails also. But some people like myself prefer speed and functionality over beauty and eye-candy. Now all this may change if Google Waves is all that it promises to be. If you have not yet seen the videos, I definitely recomend watching it: Google Wave Video


Now, what I don't understand is this: We all have a mail client built-in in our machines already. It is the (in)famous Outlook Express. It is free (somewhat at least) and functional, it uses a standard GUI that is easy to get used to, and on top of that is fairly light. And yet some people decide to take the risk and go with a different email client. That is good. Overcoming our fears is what makes us keep moving ahead. The problem lies when we take a step on the wrong direction. You know what they say right? Not all that glitters is gold. Specially when the glitter is the glitter of flashy smiles ().

If people are willing to accept a new learning curve (and incredimail gui does require a learning curve), and yet they what to stick with free software, they should try Thunderbird. I mean, it is free, the GUI is as easy as it gets, and it is way more bug free than Incredimail. It is not flashy out of the box, but if being able to glitterize is a must, then you can always use some addons for thunderbird, and guess what? They are free also!
I would much rather that people would not use html emails at all, but if they really want to, they should at least think about their computers and be kind to them. Why do our computers have to pay for our need of eye-candy?

If you want to try thunderbird you can go to http://www.getthunderbird.com and for the addons you can go to https://addons.mozilla.org/en-US/thunderbird/ and get your fix of glitter.

Writing Documentation

(or: The quest for the holly grail of information)

I am terrible at documenting my steps. I had to admit it from the beginning so I would accept it easier and try to find a solution for this. We here at the Help Desk have a gazillion of procedures that we follow and not all of them are documented, and that for sure make our job a little more confusing.

The issue begins when we (or at least I) don't know exactly who handles what. And that is just the beginning. But then again, I am not saying that the we are not organized. We are. But not in a fashion that makes sense to me. I am all for the documentation, but it needs to be available easily and needs do be also easy to follow.
I've been thinking about how to make this happen and I've come up with the following plan or as I call it, the Tri-Force:

GOOGLE IT!

Meaning that every time we find something we don't know, we should use some of our google magic and find the answers. That we already do pretty well, but then we print it and archive it. Not very useful.


Therefore, my next step.

FORMAT IT!

Formatting it in such a manner that it would be easily understandable, with screenshots and all, so all of those that find written instructions hard to follow can benefit from it also.


And finally:

PUBLISH IT!

Publishing it on the wiki allows us to have all the documentation in a common place that everybody can find and use.



I know it sounds too simple for a plan, but it is how they say: Keep it simple. Keeping it simple makes it understandable as well.

That is it for now.