snapup.net/blog

Uhm, once again about computers? Yes todays special is about OS X (of course) and how you can improve the work with your data.

Let me clarify what I mean with the term ‘work with your data’. Most actions can be summarized by one of these four major actions:

1. use (edit, view, listen…)
2. organize (to find it again)
3. secure (to keep it private)
4. backup (to have copy in case of data-loss

I guess that most people agree that working with your data stands for using it by opening, writing and edit documents, listen to MP3s, watch movies…

If you’re one of these ‘knowledge-workers’ capturing more and more information each day, have different running projects (private or work related) you need to think about a way to keep things organized.

Technorati Tags: apple, encryption, productivity, filevault

And if you’re an alpha geek and like all this gtd-stuff you don’t want to have a cluttered desktop at all. (a friend of me actually organizes his stuff by putting it on his desktop and moving the icons to huge clouds. Amazing! It looks like, he doesn’t know that there is something like a create-new-folder-command).

This topic was already on my future-blogging-posts-list, but I was inspired to ‘do it now’ because a friend gave FileVault a try and asked me what I think about it.

So here it is: PhilVault

If you’re smart, you think about all the four actions mentioned earlier when working with your data. Some ideas why you should do that:

• if your data is organized, it’s much easier to find files and work with them
• a good outline structure can mirror the way you’re working
• it’s much easier to backup if your data is organized
• in my case, I’ve a bunch of information that is lost forever in case of an accident, since it’s only digital. I backup often according to the importance of my data. You don’t need the bad-guy-is-hacking-my-home-computer-and-deleting-everything-szenario to find a reason to do backups. Think about a fire in your house, earthquakes and yes even the return of the undead.
• since my iBook is my main-computer, I need to think about serious security in case it gets stolen. I use both backup and encryption and you should do the same. It’s good to have a backup-version of your goal-list but maybe you don’t want that the guy that stole your notebook knows that your two main lifetime goals are
  1. stop-wearing-female-underwear and
  2. realizing-that-the-neighbours-dog-is-really-a-dog-and-not-the-rebirth-of-elvis

To summarize: Since backing up and encrypting your data is much easier today than in good old DOS-times, you should do it.

I don’t want to spent much time on the topic, why I think FileVault isn’t doing the job right, just some ideas about what you should keep in mind when creating your personal data-organizing-backup-encryption-solution. I guess that I don’t need to mention that the solution I came up with, perfectly suits my needs, but maybe is not working for you at all - as everything think about evolution and adapt it - or you get adapted (words of wisdom from biology teacher).

Thoughts about a good data-organizing-backup-encryption-solution (PhilVault)

• you should have the possibility to choose what should be encrypted (while FileVault offers only encrypt-everything-or-nothing). To decide what should be encrypted can save CPU-time. If you use FileVault even video, music and photos will be encrypted in the default configuration. The FileVault encryption layer adds more complexity to your system.
• backup of encrypted data should be possible and the backups itself should also be encrypted and yes the name of your dog IS a bad password and yes again, Elvis is also a bad passphrase!
• if everything is stored in one big file (FileVault) than data corruption can destroy anything
• keep in mind what is necessary and how to decrypt your data. Using FileVault you need at least as much free space as the encrypted diskimage
• the mechanism has to be fully integrated in the OS (even better: it should be cross plattform compatible)
• you need to understand the basics of the underlaying mechanisms in order to validate your strategy. Are there any risks, think about worst case szenarios (loosing data, forgetting passwords, once again the undead …)
• if you need to share data with other users, how can you insure that the data is safe AND accessible?
• add more security by choosing proven algorithms (fully documentated), strong passwords and use a firewall and maybe an anti-virus program. Can you trust all your software? Ex: a simple keylogger (an application that writes every keystroke to a file) can reveal all your passwords.
• if you’re a paranoid alpha-geek: is it possible to re-encrypt your data and even better, change alhorithms?
• if possible use Software that is OpenSource so that you (most times other *nix-geeks will do that for you) can check the underlaying algorithms and procedures and to make sure that there is no backdoor

The solution I came up with doesn’t require any additional software, since it is based on commands and features that are already built into the OS (only Mac OS X, poor reader!).

Here is how it works

1. separate your data in different categories (I call them containers)
2. create encrypted diskimages (same technology FileVault is using)
3. optional: move this diskimages out of your home-directory, to keep this directory clean and small
4. move all data in one of your created diskimages. If you want additional security. Make sure that the content is really removed from your harddisk. Previous FileVault version didn’t overwrite the (old) data, so it could be retrieved with special software. Fixed in OS X 10.4!
5. if necessary create symbolic links from the origin location to the location within your encrypted image.
6. optional: automount your diskimages by adding them to the list of your startup-items. Aehm, do I need to mention that you should NOT add the diskimage-passphrases to your keyring?
7. One more thing… Do NOT add the passphrases to your keyring!

Example or I did it my way

So let’s take a look how I’ve implemented the above solution:

My containers or my encrypted diskimages:

the diskimages are located in a folder in my root directory with the name “(containers)”. I often use parenthesis to sort my directories. If you order them by name they’ll be on top. Using Disk Utility I’ve created AES encrypted diskimages with a filesize of either 680 MB (CD-ROM-size) or 4.7 GB (DVD-Size). Since the images will grow according to the size of the files within that image, I don’t waste space. Using these two filesizes I know that I can always burn them for backup purposes. If I get one day more than 4.7 GB I can decide to create a second image, move some files to another place or choose another backup-media like Double-Layer-DVDs. Having a maximum filesize create some pressure to think about how to organize your data.

After some trial and error I’ve these diskimages in my “(containers)”-directory:

• bookshelf: all kind of different documents, e-books, howto’s… stuff that I want to read and is not created by me.
• data: all kind of personal documents, data for the applications like: Adressbook, Mail, iCal, Safari, FireFox, NetNewsWire. I’m ‘getting things done’ by using Hog Bay Notebook and have this file (something like a VIP-document) also stored in the data-container. Example: To secure your Adressbook you need to move the directory ~/Library/Application Support/Adressbook into the encrypted diskimage and then create a symbolic link using the terminal command: ls -s /Volumes/DISKIMAGENAME/PATH/TO/ADRESSBOOK-DIRECTORY ~/Library/Application Support/Adressbook. This applies to every folder and file you move into the encrypted diskimage. Following that method you’ll quickly learn where your data is stored. Some other directories I’ve moved:
  • ~/Library/Mail
  • ~/Library/Mail Downloads
  • ~/Library/Safari
  • ~/Library/Application Support/Firefox
  • ~/Library/Application Support/iCal
  • ~/Library/Application Support/NetNewsWire
  • …
  Always make sure to use the Terminal command ln -s TARGET ORIGIN to create a link to the data within the diskimage.
• inbox: contains stuff I’m currently working on and that doesn’t belong really to my data. Something like my ‘encrypted Desktop’
• pictures: I use iView Media Pro to organize my pictures, since iPhoto doesn’t support IPTC-data (metatags for picture-files) and to file the pictures in folder-structure. See a future post about how to organize pictures, since iPhoto really sucks!
• university: guess what goes in here.
• web: I’ve choosen to use a diskimage as document root for my local apache-server, since it’s much faster to backup a diskimage than 234567 small html and php files.

Additional folders to keep things organized

I’ve setup some additional folders in my root-directory, to move some data out of my home-directory:

• [Inbox]: Everything that get’s in and that I don’t want to move to a final destination get’s in here. I’ve a link on my Desktop to that directory. The Inbox also holds my Acquisition-Download-Folder.
• [music]: I use an applescript to switch between two different iTunes-configurations, depending if my external harddrive is attached or not. The iTunes Library is stored in that directory and a link is set to it in my Home-Folder. It makes no sense to have the music in your home directory since all my MP3s take more room then the size of my internal harddrive and I only have a small collection on the local harddrive when I’m ‘out of town’
• [Outbox]: If I get some files that need to be stored on my external harddrive while I’m out, they go to the Outbox-directory. I also have a link to that directory on my desktop. All software downloads (installer or .dmg’s) go into the Outbox-directory after I’ve installed them and are stored on my external harddrive.
• [temp]: a directory for things like a MPEG4 movie I’ve copied from my external harddrive to my iBook. You could also setup a Movie directory within your document root, but since I delete the Movie after I’ve seen it (remember that it is still on my external) the temp-directory suits my needs.

This setup evolved time after time and is doing a nice job for me, because it’s very easy to backup data (just copy the diskimage-files to my external harddrive, much faster than copy trillions of small files). I can decide what I want to have encrypted. For example I can unmount the data-diskimage and all mails, bookmarks, personal data are safe while doing some other work or have other people accessing my home folder via network. Another benefit is that my home folder only holds some settings and can be easily zipped for backup purposes. I use TRI-Backup to make backups. If you want additional security you can restrict access to the container-directory setting read/write permissions only for the user. WARNING: If your iBook is connected in firewire-target-mode this will not help. Even if you disable firewire-target-mode its possible to get access to the harddrive by opening your computer, take the harddrive and put into an external case.

You have an equal setup, questions or improvements, please leave a comment!

Further reading:

• Apple’s FileVault
• Apple about Security
• ‘An unencrypted look at FileVault’ by François Joseph de Kermadec.
• How FileVault should work
• Safer Computing by me, myself, my macintosh
• Anleitung für Apples FileVault
• Wikipedia about AES = Advanced Encryption Standard.
• What the World Google says about PhilVault

This entry was posted on Wednesday, October 26th, 2005 at 1:55 am and is filed under Productivity, Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.