mac

Lately I’ve been taking measured steps to secure and preserve my data and online presence. My main goal is to still enjoy computing while being able to sleep at night, so when it came down to jumping through more security hoops to get my work done, versus just doing my work, I often selected the latter. Case in point, I don’t want to give up using Keychain for storing my passwords and other sensitive information. Rather than keeping all my passwords in iffy cranial storage I can instead wrap other security layers around Keychain while still keeping it easy to use.

OpenID

The sheer volume of accounts, user names, and passwords we have across them intertubes is enough to drive even the biggest-brained elephant mad with struggling to remember. OpenID allows you to create a single, central account you can then use to login to other OpenID enabled sites. Best of all, it’s an openly distributed protocol, meaning you’re free to choose your provider, and you’re never locked in by a vendor. AOL, Yahoo! and Microsoft are among the larger who have rallied around OpenID support. Oh yes - and Drupal 6 is OpenID enabled.

I chose myOpenID as my provider because of their secure logins, and the ability to create multiple profiles for my identity.

Mail.app

Mail.app in Mac OS X can use secure email signing certificates to protect email messages. To get a key, you must first obtain a (usually free) secure signing certificate from a third-party, such as VeriSign or Thawte Communications.

Once you’ve been issued a personal certificate, you can send signed messages (including the body of the message and any attachments) to anyone else using Mail.app or an email client that understands the S/MIME Protocol. Signed messages let your recipients verify your identity as the sender, and provide assurance that the message has not been tampered with in transit. A Signed icon (a checkmark) in the email header indicates your personal certificate is installed in Keychain Access.

You can only send encrypted messages when you have certificates stored on your computer for both you and all recipients of your message. The easiest way to get someone’s certificate is to have them send you a signed email message. When you view a signed message, Mail.app automatically imports the person’s certificate and stores it in your keychain. You’ll know you have the recipient’s personal certificate installed in Keychain Access if an Encrypt (closed lock) icon appears next to the Signed icon after you address a new mail message to that person.

For more information see: http://docs.info.apple.com/article.html?artnum=25555

Firmware Password

A firmware password prevents other people from starting your computer with a different disk. The idea here is if someone tries to install a new operating system, or boot from a different drive, they’ll need a password to do so. The application is found on your installation disc. More instructions from apple here.

VPN

Traveling all the time, I often use unfamiliar internet connections, some of which seem sketchy. Because of this, I recently purchased a VPN service, which encrypts and hides my identity and location when I’m online. For $40 a year the folks at witopia offer a personalVPN service which protects not only my laptop connection, but my iPhone data too. Awesome.

UnderCover

http://www.orbicule.com/undercover/

This cool third party application ($49 for a single license) helps you and the authorities track down the criminal who stole your laptop. If it’s not recovered within a certain time frame, UnderCover slowly simulates a hardware failure, protecting your data and encouraging the thief to bring your laptop in for repairs. Once the laptop is online, it starts to phone home again. You can also set up a password-less guest account on your laptop, as a booby trap of sorts. Using the built-in iSight camera, UnderCover will take pictures of the criminal and send them to you! Awesome again.

Apple System Prefs Settings

In your System Preferences -> Security, I recommend requiring a password to wake the computer from sleep or screen saver mode. This is great way to keep your computer safe if you leave the room or if you wake it up in which case you’ll be asked to log in again.

After I upgraded to Leopard I found myself with a constantly running DockSyncClient process, draining my battery and making my fans to spin up.

It turns out that Harmonic, a third party dashboard widget was the culprit. If you run into this problem try removing third party widgets one by one until DockSyncClient calms down. Activity Monitor is a great tool for drilling down into system processes.

wget is great command line *nix program for grabbing things from the web, but it doesn’t ship with macs. It’s also not a part of the developer tools package. Here’s the steps I used to build and install wget on my mac.

Grab the wget source code from http://ftp.gnu.org/pub/gnu/wget/wget-1.9.1.tar.gz . Open a terminal window and follow along:

tar xzf wget-1.9.1.tar.gz
cd wget-1.9.1
./configure
make
sudo make install

The wget binary should now be in your /usr/local/bin folder. Let’s also put /usr/local/bin in the shell path so we can type wget from the command line rather than the tedious /usr/local/bin/wget when we want to run the program. This is accomplished by editing ~/.bash_profile to add the following line:

PATH=$PATH:/usr/local/bin; export PATH

To get the shell to re-read this file again, type source ~/.bash_profile. Now whenever you start the terminal, /usr/local/bin will be in the path.

The other part of installing wget that needs a tweak is wget’s manual page isn’t found when running man wget from the terminal. To resolve this we need to edit the man configuration file.

sudo nano /usr/share/misc/man.conf

Scroll down a bit and below all the other lines beginning with MANPATH, add:

MANPATH /usr/local/man

You’ll have to logout and login again for this change to take effect, but once you do you’ll have a fully functioning copy of wget installed on your mac!