WinMagic SecureDoc 3 Review with OS X Snow Leopard 10.6

I'm three months into the research of SecureDoc as a viable alternative to FileVault for encrypting data on my Mac. The technicians and sales support at WinMagic have fielded dozens of my emails and answered many of my questions. I'll recap my experience here.

While the WinMagic website is vague on personal protection and is seriously geared to sell enterprise disk encryption--not personal software--the sales team assures me that a personal protection solution is available for $124.00 (software only). For an additional and annual maintenance fee of $25, personal users receive Tech support and Free Upgrades to the software.

I installed and configured SecureDoc without a Seagate FDE drive. The installation process involves running an installer package in OS X, rebooting, and beginning the lengthy encryption process. During installation, do not use a password longer than 31 characters--the current edition only accepts 31 characters at pre-boot while accepting an indefinite number of characters during installation. You will be without your data if you do not heed this warning. The engineers will resolve it in the next update.

I tested rebooting, power loss, and application crashes during the encryption process. After a reboot, the encryption resumed without error and took the better part of an entire day to secure the 350GB OS X partition.

SecureDoc creates two unique, 5MB partitions after the first reboot during installation, and these partitions are used during pre-boot. They accompany the 200MB EFI system partition, the OS X partition, and the BOOTCAMP partition, if it exists.

Partition scheme:
http://files.uploadffs.com/a/5/bfa55308/capture_20091212_at_11.41.53_AM.png

Once the partitions are created and SecureDoc begins encrypting the drive, your data is protected behind the SecureDoc pre-boot logon and the < 32 character password you chose during installation. Holding Option at power-on now displays any removable and bootable media alongside the SecureDoc pre-boot logon partition and the BOOTCAMP partition, if it exists.

I vaguely recall the technical support technician telling me that the BOOTCAMP partition CAN be encrypted, but only when SecureDoc is used with a Seagate FDE drive. This warrants additional research.

Time Machine continues to back up my OS X partition as it did before. However, I'm concerned about how one would do any of the following:

• A full-system restore from Time Machine or Time Capsule backup after hard drive replacement
• An OS X system restore from Time Machine or Time Capsule backup

I say this because I don't know how one can restore into the encrypted OS X partition by booting to the OS X installation DVD. It's possible that the restore process is as simple as formatting the encrypted OS X partition and restoring the Time Machine or Time Capsule backup to it, booting to it as you normally would, and running the SecureDoc installation/encryption again.

On the other hand, the restoration may require you delete the two SecureDoc 5MB pre-boot partitions, format the encrypted OS X partition, and THEN restore from backup. All this would of course be followed by a re-installation of the SecureDoc software and encryption of the OS X partition--again.

I just haven't had the guts to try, nor have I needed to try either scenario.

Let me complicate the Time Machine backup even more. Time Capsule stores your Time Machine backup in a securely encrypted sparsebundle disk image on a network share. Time Machine, however, when used with an attached hard disk drive DOES NOT encrypt the backup unless File Vault is enabled. Thus, while your primary OS X partition remains securely protected by SecureDoc, all of your data remains insecurely available in the Time Machine backup. Guess what: File Vault is not yet supported by SecureDoc.

Therefore, to secure a Time Machine backup, the solution is to either use a Time Capsule device or to secure the "removable media" in SecureDoc with encryption.

Using SecureDoc to encrypt the removable media may mean that you CANNOT access it as a Time Machine backup from the OS X installation DVD. You may ONLY be able to restore from this Time Machine backup from within the booted and fully functional OS X that you used to secure the media in the first place.

Go fish.

In conclusion, I have to wonder if this full disk encryption is not causing me more trouble than it's worth. With FileVault, my user data IS encrypted on the system partition AND in my external backup. I can restore a full system, or individual files. Furthermore, I can mount the FileVault backup on another Mac and access its contents with password authentication. All this for the mere inconvenience of logging out to perform the backup.

SecureDoc by WinMagic has a long way to go before it is a secure, usable, and recoverable alternative to FileVault.

Additional discussion is available on the Apple support forum.

My new 2008 BMW

From BMW R 1200 GS

Today, I solidify my commitment to this journey. Today, I buy the bike. At this point, I can smell the faint sweetness of adventure coming to fruition. Buying the bike marks one of the biggest commitments yet to my going vagabond. The excitement has me giddy and unfocused at work; all I can think of are open roads and an endless desire to ride.

New Cameras

In March of 2002 I bought a Nikon D100 6.1 megapixel Digital SLR camera and lens as an uber cool 18th birthday present to myself. In nearly seven years, I've collected 11,828 digital photos with my D100. The math equates to about $0.25 per shot.

I did not know it while shooting, but on December 28, 2008 at 5:50:55 PM, I used my D100 for the last time to take a very fitting photograph of trailing car lights and a fading sunset over Cook Inlet.

On January 15, 2009, I took the very first photos with my new Nikon D90 12 megapixel Digital SLR camera and Nikon 18mm - 200mm f/3.5-5.6G ED IF AF-S DX VR-II Wide Angle Telephoto Zoom-Nikkor lens. Together, the ensemble sings sonnets that make me wonder why I waited so long to upgrade. Moments later, those initial shots were followed by the first of many with a new Canon PowerShot SD 880 IS 10 megapixel digital sub-compact camera.

The two new cameras with extra batteries, a Hoya 77mm Super HMC UV(0) filter, a Nikon Speedlight SB-800 flash, and a Nikon ML-L3 wireless remote were altogether only 2/3 of the cost of my D100 setup. I send a special thanks to photographer Ken Rockwell for his insightful reviews of these products.

I'm super excited to capture many more great photos with my new equipment. One particular scene I've been developing in my mind for years came to fruition this evening on Home Depot hill in Wasilla, overlooking the Parks and Palmer-Wasilla highway intersection. The other shot in this series, at Trunk Road overlooking the Parks Highway and Mat-Su Regional Medical Center, is available in my photo gallery.

Disable case-sensitive find in Firefox for Mac

It seems that Firefox 3 for Mac shipped with at least one annoyance: a case-sensitive Quick Find setting turned ON by default.

I searched the about:config advanced Firefox settings for a fix; these steps disable the annoyance and return the find feature to its proper, case-insensitive state:

1. Open a new tab in Firefox, type about:config into the address bar, and press return on the keyboard.
2. Type case into the filter field.
3. Double click on the preference accessibility.typeaheadfind.casesensitive.
4. Change the value from 1 to 0 and choose OK.
5. Close the about:config tab and test your newly improved case-insensitive Quick Find on any page.

Click the screen shot thumbnail above to see the appropriate final setting.

[EDIT]
My incredibly intelligent brother recommends disabling the case sensitivity by pressing Command+F and un-checking the obvious "Match case" box.

Fix: "boot from hard drive ..." error for Vista and Parallels

The Problem
I did something to my Boot Camp installation of Microsoft Windows Vista Ultimate, and I don't know what that something is.

When I launch My Boot Camp in Parallels Desktop, it hangs on the black screen with a persistent "Boot from hard drive ..." message. While Vista hangs during boot in Parallels, it works just fine booting by itself. Ugh.

The Fix
I browsed many forums in search of a solution; none worked for me. Bound and determined, I decided something had to be done.

This fix is inspired by the information found at Microsoft's website that describes how to use bootrec.exe in the Windows Recovery Environment.

The steps below outline how I configured Parallels to boot to the Windows Vista installation DVD to access the Windows Recovery Environment and how I used bootrec.exe to fix the master boot record on my Boot Camp partition. The figures at right are screen shots of the steps.

1. Start by modifying the boot devices in your Parallels Boot Camp configuration. Under the advanced tab of Hard Disk 1, change the device connection from IDE 0:0 to IDE 0:1.
   
   
2. Select Yes to the warning message, and Parallels will automatically set the CD/DVD device connection to IDE 0:0. This will configure Parallels to boot to the Windows Vista installation DVD.
   
   
3. Stick the Windows Vista installation DVD into the optical drive, and run the Boot Camp virtual machine inside Parallels. Hard drive booting will fail, and Parallels will continue to boot from the DVD.
   
   
4. Select Next at the Windows Vista installation welcome screen, and then choose to repair your Windows installation.
   
   
5. Windows will search for installations and prompt you with a list; choose your installation and select Next.
   
   
6. At this point, Windows will attempt to repair your installation. If you've done this before, the repair may fail, and you must select to view the advanced options for system recovery and support. Otherwise, the list of options will present itself.
   
   
7. Choose the option to open a command prompt window.
   
   
8. This is the step that involves the information at Microsoft's website. Execute the the following command:
   
   bootrec /fixboot
   
   
9. Wait for the operation to complete successfully, and then execute this command:
   
   bootrec /fixmbr
   
   
10. Wait for the operation to complete successfully, and then close the command prompt window and select to restart the computer.
    
    
11. Stop the virtual machine while it attempts to reboot.
    
    
12. Return the boot devices back to their original configurations (see steps 1 and 2 above). Under the advanced tab of Hard Disk 1, change the device connection from IDE 0:1 to IDE 0:0.
    
    
13. Select Yes to the warning message, and Parallels will automatically set the CD/DVD device connection back to IDE 0:1. This will configure Parallels to boot to the hard drive as normal.
    
    
14. If all went well, your Boot Camp installation of Windows Vista will no longer hang at "Boot from hard drive ..." as a Parallels virtual machine.
    

Garmin GPS + Parallels + Windows Vista/XP

Today, for the first time, I successfully connected a Garmin Oregon 300 hand held GPS device to Windows Vista via Mac OS X 10.5 and Parallels Desktop.

While the Garmin 300 jives very nicely when booting natively into a bootcamp installation of Windows Vista, communication fails with Parallels' default guest USB configuration.

Out of the box, Parallels prompts the user for action concerning connected USB devices. Choosing the "Garmin International - Composite" device from the list of connected devices produces an error message:

USB device you are trying to connect to the virtual machine is being used by another application. Close that application or unplug the device and plug it again. Then try to connect the device again.

To avoid this error message, change the default USB configuration from requesting user input to automatically connecting USB devices to the guest operating system.

1. Disconnect the GPS device from the Mac if it is already connected. Shutdown the virtual machine if it is already running.
   
   
2. Open Parallels Desktop without starting the virtual machine.
   Launch Spotlight with Apple + Spacebar, type Parallels Desktop.app, and press Return.
   
   
3. Edit the USB configuration for the appropriate virtual machine.
   Click USB Controller from the list of configuration options.
   
   
4. Configure Parallels to automatically connect USB devices to the guest operating system.
   Choose Connect to guest OS from the USB Connection Options drop down menu.
   
   
5. Close the virtual machine preferences window by clicking OK; start the virtual machine.
   
   
6. Once the virtual machine loads, the Parallels Tools initialize, and all booting and login activity complete, connect the Garmin GPS device to the Mac via a USB cable.
   
   
7. Wait as the Garmin GPS device saves all waypoints, routes, and trip log information to GPX format.
   
   
8. Windows Vista prompts you with an Autoplay dialogue if the configuration is proper. Otherwise, you will see the same error message as before.

At this point, you're free to run Garmin MapSource to transfer waypoints, tracks, trip logs, and maps between Windows and the Garmin GPS device through Parallels on your Mac. The Garmin MicroSD card is also accessible via this method.

Hiking Marmot Mountain

Mike and I like to drop everything and go hiking when the weather permits. Fresh snow and blue skies seem to draw us into the mountains. Today is Friday, October 17th; the sky shines brilliantly blue over the snow capped mountains to the north of the Valley, and as the sun begins its decent to the west, we head into the mountains of Hatcher Pass.

Check out the photos of our short afternoon hike in my Picasa Web Albums gallery.