Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue

TidBITS Logo

TidBITS#1029/24-May-2010

Our focus this week is on the Mac and the Web, with Joe Kissell contributing an in-depth look at PGP Whole Disk Encryption 10.0 and Matt Neuburg reviewing the MacSpeech Scribe transcription program. Adam also runs down Apple's changes to the MacBook and Glenn Fleishman passes along news of Google's secure search beta and Adobe's HTML5 and CSS3 plug-in for Dreamweaver CS5. And just so you don't think we've gone totally off the iPad, Glenn covers the MaxRoam micro-SIM that provides not-very-cheap European data roaming for 3G iPads. Notable software releases this week include QuickTime Player 7.6.6 for Mac OS X 10.6.3, Java for Mac OS X 10.6 Update 2, Java for Mac OS X 10.5 Update 7, and Keyboard Maestro 4.3.1. Finally, we're taking next week's email issue off for Memorial Day - see you in June!
 
Articles
 

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

No Email Issue on 31 May 2010 for Memorial Day

  by Adam C. Engst <ace@tidbits.com>

Between next Monday's Memorial Day holiday in the United States and numerous family commitments for TidBITS staffers, we're going to give ourselves a break next week. We'll continue publishing on the Web, of course, but the next email issue of TidBITS will appear on 7 June 2010.

Read and post comments about this article | Tweet this article


MacBook Gains Performance Improvements, Longer Battery Life

  by Adam C. Engst <ace@tidbits.com>
  2 comments

Eschewing a press release, Apple has quietly updated its low-end laptop, the 13-inch white MacBook, with a faster CPU, longer battery life, and a faster graphics processor. The processor remains an Intel Core 2 Duo, but its clock speed jumps from 2.26 GHz to 2.4 GHz, which should increase performance slightly. Also helping performance will be the switch to the Nvidia GeForce 320M graphics processor, which Apple claims performs up to 1.8 times faster than the previous Nvidia GeForce 9400M.

Almost more interesting is the improvement in battery life. Previously, Apple claimed "up to 7 hours wireless productivity" for the MacBook's 60-watt-hour battery, but the new MacBook features a 63.5-watt-hour battery that promises up to 10 hours of battery life. With Apple's theoretically more-accurate battery life tests (see "Apple Brings Intel Core i5/i7 to MacBook Pro," 13 April 2010), perhaps the new MacBook could last through an entire international flight.

All other specs remain the same from the late-2009 release that gave the MacBook a polycarbonate unibody and non-swappable battery (see "MacBook Gains Plastic Unibody with Updated Specs," 20 October 2009). Its only build-to-order options are increasing the RAM from 2 GB to 4 GB for $100, or increasing the hard disk size from the included 250 GB drive to either 320 GB ($50) or 500 GB ($150). The base configuration of the MacBook retains its $999 price tag, and is available immediately.

The only real question with the MacBook is if it's worth spending another $200 to get the 13-inch MacBook Pro, which also features a 2.4 GHz Intel Core 2 Duo processor. The main differences between the machines are the latter's aluminum unibody enclosure, 4 GB RAM, FireWire port, and SD card slot. Plus, if you move to the 13-inch MacBook Pro, you have the option of paying more for a faster 2.66 GHz CPU, 8 GB of RAM, and a solid-state drive. Personally, I'd go for the MacBook Pro, but for many less-demanding users, the cheaper MacBook will be entirely sufficient.

Read and post comments about this article | Tweet this article


Adobe Releases HTML5 and CSS3 Support for Dreamweaver CS5

  by Glenn Fleishman <glenn@tidbits.com>

Adobe announced at the Google I/O event last week that it had a free downloadable add-on module for Dreamweaver CS5 that extends the program to offer robust HTML5 and CSS3 support. Dreamweaver CS5 has been shipping only since 30 April 2010 as part of the Creative Suite 5 set of applications.

While Adobe has been fighting to promote Flash as a cross-platform tool for mobile devices, mentions of HTML5 and CSS3 have been scant. Adobe makes tools that produce audio, video, Web, Flash, and other content, and I had been hoping that along with its full-frontal promotion of Flash, it would also be working hard to create good tools for creating pages that rendered well in the next generation of browsers. (For more on the Apple/Adobe tiff, see "Jobs Explains Apple's Position on Adobe Flash," 29 April 2010.)

HTML5 and CSS3 go hand in hand to deliver a more nuanced browser experience. HTML is used for defining the content and structure of a page, while CSS controls the display and appearance.

HTML5 has many new features, including semantic tags to identify parts of a page by content, tags for audio and video to embed media, a "canvas" tag for rendering vector graphics and images, and other multimedia support. Although HTML5 defines these tags, Web browsers will have to implement the tags in the same way for playback and display of the associated media to provide a consistent user experience.

CSS3 enables designers to make Web pages with the kind of subtle interface choices found in desktop and mobile applications. For instance, support for rounded corners on boxes, custom borders, and graduated shading can make buttons and other elements fit into an overall design better without the use of static images. CSS3 also supports multiple-column layouts.

CSS3 is more or less baked, while HTML5 continues to lurch towards completion. Opera (10.1 Mac, 10.5 Windows), Safari 4, and Google's Chrome have the best support for both in-progress standards at the moment, while Firefox 3.6 lags behind. Internet Explorer 8 handles almost nothing HTML5 and CSS3 have to offer, but Microsoft is promising good support for both standards in the forthcoming Internet Explorer 9. FindMeByIP.com has a marvelous feature-by-feature compatibility list for each browser and platform.

Read and post comments about this article | Tweet this article


Google Offers Secure Search Beta

  by Glenn Fleishman <glenn@tidbits.com>

Google has launched a beta of secure Web searching at https://www.google.com/ - to search securely, you must start from that URL. The security is provided through normal SSL/TLS connections, which Google labels as "SSL" in the graphic, probably because the older (and outdated) term SSL is more familiar to users and certainly easier to say.

This is part of Google's effort to add encryption to more of the company's basic services, providing protection against snoops on local networks. SSL/TLS encryption ensures that communication between a Web browser and a Web server can't be decoded by anyone listening in on the communication stream. This addition of SSL/TLS will enable those in repressive dictatorships to search Google without worrying about government surveillance - assuming the government allows access to Google at all.

Not all of Google's search-related services, including Image Search and Maps, support SSL/TLS at this time, and of course, if you use the search bar in your Web browser, you won't be using the encrypted search option. Finally it's worth noting that securing search doesn't prevent Google from making use of your data; such uses are governed by Google's own privacy policy.

I recommend that anyone using an open Wi-Fi network or untrusted Ethernet network (such as at a hotel) rely on some form of encryption to protect communications. A virtual private network (VPN) connection is best, but second best is enabling encryption on all connections over which private data or cleartext passwords could potentially be sent, such as email, file-sharing links (like WebDAV), and FTP.

Earlier this year, Google flipped a switch so that Gmail Web sessions are conducted securely by default using SSL/TLS; see"Google's Gmail Defaults to Encrypted Sessions" (13 January 2010).

For more details on how SSL/TLS works, read Chris Pepper's "Securing Communications with SSL/TLS: A High-Level Overview" (25 June 2007). And for a somewhat out-of-date article about VPNs that's still worthwhile reading for its discussion of basic concepts, see Kevin van Haaren's "For Your Eyes Only: Virtual Private Networks," (15 August 2005).

Read and post comments about this article | Tweet this article


MaxRoam Offers micro-SIM for European 3G iPad Roaming

  by Glenn Fleishman <glenn@tidbits.com>
  6 comments

MaxRoam has a solution for the ruinously high price of using cellular data on a 3G iPad outside the country in which you've signed up for service. Its Euro iPad Pack is a micro-SIM that can be inserted into the 3G iPad and allows flat per-megabyte roaming with no expiration across Europe. The micro-SIM ships 1 June 2010. (Japan is, so far, the only country in which Apple is locking the 3G iPad to a particular carrier.)

The MaxRoam micro-SIM costs €75 (about US$95) initially for both the SIM and 50 MB of data. Additional data can be purchased in either 10 MB units for €25 (US$32) or 50 MB units for €75. The company provides scant information, but it appears that data does not expire at the end of a billing cycle, since you buy data in chunks as you need it.

AT&T's 3G iPad international service plans - which work across all of Europe, too - cost $24.99 for 20 MB, $59.99 for 50 MB, $119.99 for 100 MB, and $199.99 for 200 MB; data must be used within 30 days or it expires.

In other words, like AT&T's unique unlimited 3G service plan in the United States, AT&T's international service plans are far cheaper than this competitive European alternative unless you're worried about data expiration.

I haven't yet seen any information about pan-European roaming from European carriers, but I wonder if MaxRoam will be competitive there as well. The European Commission's Telecoms Commissioner has been aggressive in forcing carriers to lower voice, text, and data rates across EU borders. If AT&T can charge $60 for 50 MB, I'll be curious to see whether Orange, O2, Vodafone, and others can beat that deal.

Of course, all these roaming prices are essentially international highway robbery. Providing data costs the same on a modern cell network (2G and 3G) whether or not the user is a customer of the carrier or of a roaming partner.

The big cost is billing, in which carriers need to settle roaming charges with other carriers, but that should, at most, add 10 or 20 percent to the normal cost, which already includes a substantial profit margin. The markup is even more ridiculous for carriers - like O2, Orange, and Vodafone - that operate networks in multiple countries. Those firms are moving billings around among bank accounts owned by the same multinational parent, and have even fewer costs.

What drives international roaming prices for voice and 3G data is monopoly control. While countries can do something about pricing among carriers within a nation, there's little regulatory control that forces a European or Asian carrier to give AT&T a good roaming price, nor - if AT&T is paying a far lower cost than it bills - to force AT&T to charge less. Within the EU itself, though, regulators have that power, and have pushed through lower prices by the force of law and the force of shame.

Read and post comments about this article | Tweet this article


Transcribe Recordings With MacSpeech Scribe

  by Matt Neuburg <matt@tidbits.com>
  4 comments

In recent years, dictation software has become a firmly entrenched reality. It is perfectly possible to sit at your computer wearing a headset and speak to the computer and have it transcribe, with astonishing accuracy, the words that you speak. But what if you are not sitting at your computer? What if you have an idea that requires later transcription, and all you have with you is some sort of recording device? The promise of MacSpeech Scribe is a solution to that problem.

MacSpeech Scribe (from the makers of MacSpeech Dictate, the speech recognition application) does not pretend to have the human ability to recognize just anyone's speech. You have to train it, and the speech that it recognizes is yours, and yours alone, the result of your deliberately dictating into a particular digital recording device. So you're not going to be using MacSpeech Scribe to transcribe a teacher's lecture, let alone a debate.

Nevertheless, there are good reasons why the capability to transcribe one's own speech from a recording might be preferable to real-time dictation. As I've already suggested, you might not have a computer with you at the moment you'd like to dictate something. Also, there are significant psychological and even physical differences between dictating directly to your computer and speaking into a recording device. I find that something about the computer sitting there waiting for me, the necessity of wearing the headset, the importance of maintaining strict silence, and other factors combine to make me extremely nervous and tongue-tied. I feel more relaxed talking into a digital recorder. I feel I have time to collect my thoughts. Also, I can clean up the digital file a little with a sound editor program before I hand it over to MacSpeech Scribe, so I'm less nervous about errors than I am when the computer is listening to me.

Another reason why MacSpeech Scribe might be more congenial than MacSpeech Dictate is that the user interface is simpler. MacSpeech Dictate allows you to dictate directly into any application. The price of that power is that you then have to use your voice and some floating windows to make any corrections; you must not make corrections directly by typing, because then you would be acting behind the program's back, as it were, and it would not know what edits you had made to the dictated material. MacSpeech Scribe, on the other hand, is far simpler, both when you are doing your original training, and when you are transcribing an actual sound file. The folks at MacSpeech, which was recently bought by Nuance, the company from which MacSpeech licensed the speech recognition engine used in Dragon NaturallySpeaking for PC, reduced the interface to a single extremely simple window. I find it quick and easy to make the very few corrections that might be necessary when MacSpeech Scribe transcribes a recording into text.

As a demonstration of the sort of thing that MacSpeech Scribe can do, I dictated almost the entirety of the first draft of this article using MacSpeech Scribe and a digital recording device, the Zoom H2. To give you a sense of what the experience is like, I've uploaded a portion of the actual recording of myself speaking the original first draft, just making it up out of my head and saying it to the H2, along with MacSpeech Scribe's transcription of that section of the recording, without any edits or changes. You can compare the two and see how accurately the program is able to interpret the recording. I think the results speak for themselves.

Training MacSpeech Scribe is simple. You speak to your device, enough to make a recording of at least 2 minutes in length; then you hand that recording over to MacSpeech Scribe. The program transcribes the first 15 seconds of the recording, and you run through the transcription phrase by phrase, either accepting or correcting each phrase. The program then starts over and transcribes the first 90 seconds of the recording, and you do the same thing. This is enough for MacSpeech Scribe to generate an initial voice profile for you; you can give it more recorded material for additional training and additional resulting accuracy.

Transcribing is equally simple. You hand your recording over to MacSpeech Scribe. It presents the text result very quickly (much more quickly than it was spoken originally; I'm not sure how that magic is performed), in a window with two panes. When you click on any part of the text in the first pane, possible corrections appear in the second pane. If the correction you want isn't there, you can edit a correction that is there. You then click a button to enter that correction in place of the original interpretation. The accuracy seems very high, especially for non-technical subjects. Vocabulary can be added manually, a word or phrase at a time, or by giving MacSpeech Scribe a text file to analyze.

Despite all this simplicity, the program has some bugs. For example, there's a checkbox to stop MacSpeech Scribe from checking online for a new version of the program every time it starts up, but your setting here is forgotten. And I several times got mysterious error dialogs about not being able to find a needed file or folder, and had to quit the program and start it up again.

My biggest complaint is about the manual and online help. Nothing tells you what punctuation you're allowed to say, a serious omission. Beyond that, I confess, I have a dog in this fight: I wrote the original manual and online help for MacSpeech Dictate, and these have been edited badly to create the help for MacSpeech Scribe. Thus the Scribe manual starts out with some material that's true of Dictate but false and irrelevant for Scribe, and a careless global replacement turned my sentence "Dictate, don't talk" into "Scribe, don't talk." I wasn't paid or credited for this reuse of my work, and considering the nature of the result, perhaps that's just as well.

Still, I find it astonishing that a program like MacSpeech Scribe is even possible. You're up and running, with the program trained and ready to go, in just a few minutes; after that, you have your own personal transcription secretary and you're ready to dictate the Great American Novel while you're out for a walk in the woods.

MacSpeech Scribe costs $149.99, and requires an Intel-based Mac running Mac OS X 10.6 Snow Leopard. Audio files must be WAV, AIFF, or AAC, and should be as high quality as possible; you can dictate into your computer or into a digital recorder (including, according to the manual, an iPhone).

Read and post comments about this article | Tweet this article


PGP Whole Disk Encryption and PGP Desktop Professional 10.0

  by Joe Kissell <joe@tidbits.com>
  10 comments

About a year and a half ago, I reviewed the initial release of PGP Whole Disk Encryption (WDE) for Mac (see "Securing Your Disk with PGP Whole Disk Encryption," 31 October 2008). At the time, this security software was notable for being among the first products that could encrypt an entire startup volume on an Intel-based Mac.

When WDE appeared on the scene, it already faced competition from Check Point Full Disk Encryption, and soon thereafter was joined by a Mac version of WinMagic SecureDoc. However, both of these other products were at that time marketed solely to the enterprise market, whereas WDE was also readily available to ordinary end users. (Individuals can now buy WinMagic SecureDoc online, a welcome change; Check Point Full Disk Encryption is still targeted only at large organizations.) So, for about a year, WDE was the most logical choice for individual Mac users wanting to encrypt a startup disk.

Unfortunately, WDE was incompatible with Mac OS X 10.6 Snow Leopard when it first appeared in August 2009, and the fact that PGP hadn't warned its customers about this issue prior to Snow Leopard's release caused a certain amount of consternation. The company was appropriately apologetic for this misstep, although an updated version didn't appear until January 2010 - meaning that for more than four months, PGP customers had to choose between upgrading to Snow Leopard and keeping their disks encrypted. Since my work for TidBITS and Take Control obligated me to be an early adopter of Snow Leopard, I was among those who had to forgo an encrypted boot drive for a while.

Happily, those dark days are behind me, and I'm now once again using WDE. Although Snow Leopard compatibility was the big news in version 10.0, quite a few other changes occurred too. Now that I've spent some time with the latest version (10.0.2 as I write this), I want to share some observations and advice that may be useful to anyone else flirting with the idea of encrypting their primary hard disk.

First, a small clarification: PGP's Whole Disk Encryption is available both as a stand-alone product ($149) and as part of PGP Desktop Professional ($239), which also offers encryption for email, instant messaging, and disk images, among other features. Although the rest of PGP Desktop Pro for Mac hasn't changed dramatically since version 9.9 (see the complete release notes, in PDF form, on PGP's Web site), I do comment on some of its features a bit later.


WDE Basics -- In my initial review I went into some detail about why encrypting an entire startup volume is interesting, but for me, two main reasons stick out. First, convenience: whole-disk encryption is more flexible and reliable than using FileVault, while being less cumbersome than using encrypted disk images. And second, I can use it to make a fully encrypted bootable duplicate. That means I can carry my duplicate with me or store it offsite without having to worry that someone will steal or find my backup and be able to read all my files - but I can still boot from the drive if I need to.

Setup is simple. After you install WDE and restart, turning on encryption is a matter of a few clicks - open the application, select your volume, enter and confirm a passphrase, and then let it run. I tested version 10.0 on a slightly faster Mac than I used with version 9.9, so I expected to see only a minor speed improvement. But WDE 10.0 took only about 13 hours to encrypt a 500 GB disk, compared to the 10 hours version 9.9 took to encrypt a mere 250 GB. I found that speed improvement quite impressive. By the way, you can continue to use your Mac while encryption takes place in the background, and you can also pause and resume encryption if the need arises. As previously, once the disk was fully encrypted, my Mac didn't seem any less responsive in ordinary use than it did without encryption.

Because WDE encrypts every file on your disk, it has to add an authentication screen (called PGP BootGuard), which appears immediately when you turn on or restart your Mac - before Mac OS X itself has loaded. In my review of version 9.9, I complained that this screen fails to show feedback for passwords over 21 characters in length, leading users to worry that longer passwords weren't being accepted. This problem still exists, which I find rather astonishing since the company knew about it and a fix should have been easy. On the bright side, you can now press the Tab key to see your entire passphrase as you type it - this provides reassurance, although it also reduces security in public or shared environments. Another welcome change is that you can now choose from among half a dozen international keyboard layouts, a big plus for people unaccustomed to the U.S. English layout.

After you get past the BootGuard screen, PGP WDE is basically invisible. But it's important to keep in mind that whole-disk encryption is only for data "at rest," as industry lingo has it. That is, once you've entered your passphrase and booted your Mac, it behaves as though the data isn't encrypted - anyone with physical or network access to your Mac can access all its files exactly as they could on an unencrypted disk. Merely locking the screen or putting your Mac to sleep does nothing; you must shut down or restart the computer to protect your data. Once you've done so, your disk is effectively impenetrable without your passphrase, assuming you've chosen a good one. (If you don't know what constitutes a good passphrase, I can recommend a good book.)

With version 9.9, if you wanted to use software such as Carbon Copy Cloner to duplicate an encrypted volume, you first had to deselect the invisible files PGPWDE01 and PGPWDE02 at the root level of your disk manually; failing to do so would result in error messages and failed backups. This problem no longer exists - I successfully used Carbon Copy Cloner to duplicate an entire encrypted volume, and then started up from the duplicate, even though the files PGPWDE01 and PGPWDE02 were present. However, since WDE, Carbon Copy Cloner, and Mac OS X have all changed since I last tested this procedure, I don't know which one was responsible for resolving the problem.


Boot Camp Support -- Another of my criticisms of WDE version 9.9 was its incompatibility with Boot Camp, but PGP claimed to have fixed that in version 10 and I was eager to try it out. In fact, I was a bit too eager - I didn't bother to read the instructions first, which turned out to be a serious mistake. My test Mac didn't already have a Boot Camp partition, and I figured I'd simply install PGP, encrypt the disk, and then set up Boot Camp later. But when I tried to do so, Boot Camp Assistant informed me that my disk couldn't be used. When I checked PGP's documentation, I discovered that you have to set up Boot Camp first and then install PGP. Ah.

So I had to decrypt my disk (another 13 hours), uninstall PGP completely, and restart. But even then, Boot Camp Assistant refused to partition my disk, with a different error message that said, "The disk cannot be partitioned because some files cannot be moved," and invited me to back up, reformat, and restore my disk before trying again. I can only assume the PGP installer made some low-level changes to the disk that weren't undone by the uninstaller. So I spent several additional hours cloning, reformatting, and restoring the disk; then I ran Boot Camp Assistant again, installed Windows 7, installed PGP WDE under Windows and then under Mac OS X (as I was instructed to do in a PGP support document referenced in the online help), and finally repeated the 13-hour encryption of my disk. Whew!

After all that time and effort, I confirmed that WDE does indeed work with Boot Camp. Mostly. That is, my Mac lets me boot into either operating system; whichever one I use, I'm prompted for my PGP passphrase, after which I can log in and freely access all my files just as I normally would. However, there are a couple of gotchas. First, if I ever decide to remove my Boot Camp partition, I must first decrypt my disk (and later re-encrypt it), because Boot Camp Assistant won't work properly on an encrypted disk.

And second, switching between operating systems isn't as easy as it should be. When I'm running Mac OS X, I can open the Startup Disk pane of System Preferences, select my Windows volume, and click Restart; but when I'm running Windows, the analogous procedure doesn't work - although I can select my Mac volume as the startup disk in the Boot Camp control panel, that setting doesn't stick. I have to restart, hold down the Option key, and select my Mac volume on the Startup Manager screen. And, if I want to remain in Mac OS X after subsequent restarts, I must either manually change my startup disk back to the Mac volume in System Preferences or hold down the Option key again during each boot.

All this makes me feel slightly uneasy running Boot Camp and PGP WDE together, and reinforces my preference for using virtualization software such as VMware Fusion or Parallels Desktop, instead of Boot Camp, when the need to run Windows arises. But if you do decide to use both, remember to set up Boot Camp before letting PGP WDE anywhere near your disk - and read all the instructions carefully!


Less-Pretty Things -- A few other irritations I'd pointed out in version 9.9 are still present in 10.0, alas. With your startup disk encrypted, you can't perform a Safe Boot (holding down the Shift key while restarting to disable third-party kernel extensions and certain other software that may cause startup problems). And if your disk develops errors, you'll have to decrypt it before running a disk-repair application (such as Disk Utility or DiskWarrior) unless the startup volume containing that software also has WDE installed.

There were also some new annoyances. I was surprised to read in WDE's release notes that it's incompatible with Fast User Switching - a limitation that wasn't present in (or at least wasn't mentioned in the release notes for) version 9.9. When I asked about this limitation, a PGP representative replied as follows:

The incompatibility most often occurs when a disk is in the process of being encrypted (or paused while encrypting). During encryption, the UI and PGP Engine are polling the disk driver to find out the current status of the disk. Access to the driver is done using a launchd process that runs as root. There is only one launchd process.

When there are two PGP Engine applications running (by way of Fast User Switching), then both applications are polling the disk and both are accessing the launchd process. Due to the architecture of the launchd process access, the application thinks there is a problem and tries to fix the problem by self-healing and reinstalling the launchd process. This causes an authentication dialog because the installation process requires admin access. This happens over and over again. Annoying either or both users.

After a disk has been encrypted, this is not usually a problem as access to the launchd process is not as active.

In other words, it's not so much that WDE is incompatible with Fast User Switching as that the initial encryption process is.

Another odd item in the release notes was this: "The Mac mini does not have boot time support for the new thin aluminum Apple keyboards." A PGP rep told me this applies only to wireless keyboards - the wired aluminum keyboards should work just fine. I didn't test this, but Mac mini users who want to use WDE should consider having a wired keyboard on hand just in case.

I should also mention that PGP's recommended best practice when upgrading to a new version of Mac OS X is to decrypt the disk first, then upgrade, then re-encrypt. If you take this advice, upgrading could easily grow from a 30-minute process to a two-day process; on the other hand, if you ignore the advice and your Mac won't boot afterward, you'll be looking at spending at least a few hours restoring your Mac's disk from the bootable duplicate you wisely made just before upgrading. Either way, upgrades could take longer.


Getting the Message -- The other parts of PGP Desktop Professional look and act pretty much the way they did in previous versions, but I wanted to point out two interesting things about PGP Messaging, which lets you encrypt and decrypt email.

First, PGP Desktop Professional includes a new application called PGP Viewer, which lets you view encrypted email messages that you've already downloaded (or that you received in an email client that's not directly compatible with PGP). Ordinarily, PGP Messaging functions as a proxy server, intercepting both incoming and outgoing email messages between your email client and the mail server and transparently encrypting or decrypting them according to a user-defined policy. This scheme is easy to use, but if someone were to send you a message when PGP is turned off or uninstalled, you'd get an unreadable attachment. PGP Viewer opens such attachments and other PGP-encrypted messages that are on your disk but didn't come through a PGP-mediated mail stream.

I first noticed PGP Viewer when I sent myself an encrypted test message and, despite the fact that PGP Messaging was active, the message came through as an attachment. (I then simply clicked the attachment, and it opened in PGP Viewer, which decrypted it automatically.) The reason was that I'd changed a hidden setting to force Mail to display the plain-text version of all incoming messages. When I reset Mail's behavior to its default, newly decrypted messages began appearing inline.

The second interesting thing is that even though both Mail and Entourage support Microsoft Exchange accounts, PGP doesn't. It does work with accounts on Exchange servers that are accessed (in either email application) via IMAP, but if you use the default configuration in either Mail or Entourage, which relies instead on Exchange Web Services (EWS), PGP is unable to serve as a proxy for incoming and outgoing mail. This is apparently because EWS uses port 80, the default port for Web access. Although many people with Exchange accounts can switch to IMAP instead with no significant loss of functionality, not everyone can.

I didn't set out to review PGP Messaging in detail, but I would like to mention one important tip for new users. The default configuration for any email account you set up includes something called opportunistic encryption. This means whenever you send mail, PGP checks the company's global keyserver to see if any of the recipients have public keys stored there, and if so, it automatically encrypts the messages to those people. The assumption is that only people who have installed PGP would have public keys on the keyserver, so they must therefore be able to decrypt encrypted messages. However, users may read their messages on a device (such as an iPhone or iPad) that doesn't support PGP; they can also uninstall or deactivate PGP without removing their keys from the server. If any of these things happens, they'll be unable to read your messages.

I was reminded of this when, during my testing, I happened to send Glenn Fleishman an email message, which was duly encrypted because Glenn's public key was on the server, but couldn't be read because Glenn wasn't using PGP on the device with which he was reading his mail. So my suggestion is to select each account and deselect the Opportunistic Encryption checkbox; you can then use any of several other methods to encrypt messages on demand.


Conclusions -- PGP Whole Disk Encryption 10.0 is a distinct improvement over version 9.9. It now works under Snow Leopard, has at least some support for Boot Camp, and removes a few limitations and annoyances. It's not an earth-shattering upgrade, and not without some irritating quirks, but it's still the easiest way for a Mac user to protect the entire contents of a hard disk.

As for PGP Desktop Professional, it combines WDE with an elegant way to encrypt email and instant messaging, assuming the people you're corresponding with also use a PGP-compatible product. But if $239 seems like too great a price to pay for encrypted email, it's possible to get that capability for free with Apple Mail, a personal certificate, and a bit of extra effort, as I explain in "Take Control of Apple Mail in Snow Leopard."

Read and post comments about this article | Tweet this article


TidBITS Watchlist: Notable Software Updates for 24 May 2010

  by TidBITS Staff <editors@tidbits.com>


QuickTime Player 7.6.6 for Mac OS X 10.6.3 -- Apple has released QuickTime Player 7.6.6 for Mac OS X 10.6.3 Snow Leopard with absolutely no release notes, so there's no telling what has changed. Remember that Snow Leopard now comes with a new QuickTime Player for QuickTime X, so the only reason you would want QuickTime Player 7 is because it supports older media formats, such as QTVR, interactive QuickTime movies, and MIDI files on Snow Leopard. It also accepts QuickTime 7 Pro registration codes, which turn on QuickTime Pro functions. Apple explains more at this Knowledge Base article. (Free, 10.65 MB)

Read/post comments about QuickTime Player 7.6.6 for Mac OS X 10.6.3.


Java for Mac OS X 10.6 Update 2 -- Apple has released Java for Mac OS X 10.6 Update 2 for Snow Leopard users, updating Mac OS X's Java SE 6 to 1.6.0_20 and delivering "improved reliability, security, and compatibility for Java SE 6." The only details given revolve around security fixes, so it's probably worth downloading this update even if you don't anticipate using Java applets much. The update requires Mac OS X 10.6.3. (Free, 78 MB)

Read/post comments about Java for Mac OS X 10.6 Update 2.


Java for Mac OS X 10.5 Update 7 -- Apple has released Java for Mac OS X 10.5 Update 7 for Leopard users, updating Mac OS X's J2SE 5.0 to version 1.5.0_24 and Java SE 6 to 1.6.0_20 and delivering "improved reliability, security, and compatibility for J2SE 5.0 and Java SE 6." The only details given revolve around security fixes, so it's probably worth downloading this update even if you don't anticipate using Java applets much. Also note that J2SE 1.4.2 is no longer being updated and remains disabled in this update, which requires Mac OS X 10.5.8. (Free, 122 MB)

Read/post comments about Java for Mac OS X 10.5 Update 7.


Keyboard Maestro 4.3.1 -- There's nothing like real-world usage to flush out the last few bugs, as evidenced by the quick update to Keyboard Maestro 4.3.1, which fixes potential crashes when executing AppleScript or shell scripts, and when using device triggers. A few other minor bugs have also been fixed, and Stairways Software also added support for naming more X-Key keyboard keys and improved handling of negative numbers in the Move Window action. Full release notes are available. ($36 new, free update, 9.1 MB)

Read/post comments about Keyboard Maestro 4.3.1.


ExtraBITS for 24 May 2010

  by TidBITS Staff <editors@tidbits.com>

Alas, the "Get a Mac" ad campaign is no more, but you can still watch all the ads online. If you're looking for more, listen to Rich Mogull on Science Friday, check out the video of connecting an Alphasmart Neo to an iPad, the New York Times's info-graphic about Facebook's overwhelming privacy options, the Final Cut Pro rumors that Apple is taking pains to dispel, and an amusing way of venting some frustration after an application crash.


Rich Mogull Appears on NPR's Science Friday -- Kudos to our own Rich Mogull, whose TidBITS article about protecting your privacy from Facebook landed him a guest spot on the NPR radio show Science Friday with Ira Flatow (himself a TidBITS reader at one point). You can either listen to the audio of the show or read the transcript on NPR's Web site.

Read/post comments


"Get a Mac" Ad Campaign Officially Over -- After 4 years and 66 ads, Apple's "Get a Mac" series of ads is no more. The last ads were produced in October 2009, and a comment by Justin "I'm a Mac" Long hinted that the campaign was done in an April 2010 interview. The URL to Apple's archive of the ads now redirects to the general "Why You'll Love a Mac" page. But if you're missing Long and costar John "I'm a PC" Hodgman, you can still watch all the ads at Adfreak.

Read/post comments


New York Times Info-Graphic on Facebook Privacy Options -- The brouhaha surrounding privacy on Facebook continues to expand, with the New York Times producing a fascinating info-graphic that shows just how complex Facebook has made the topic, with 50 settings containing over 170 options. And the Facebook privacy policy? It's longer than the U.S. Constitution.

Read/post comments


Venting in Photoshop CS4 Crash Reports -- You know how many applications, when they crash, ask you for more information what you were doing at the time of the crash? Well, Garrett Murray spends a lot of time in Photoshop, and when it crashes, he sometimes feels the need to tell Adobe just what's on his mind at the time. The result is a hilarious collection of crash reports that make for great reading - one only hopes that the Photoshop engineers have enjoyed them as well.

Read/post comments


Apple Denies Final Cut Pro Refocus Rumors -- It's not often that Apple officially denies a rumor, but when one is both completely wrong and stands to confuse customers, they'll speak out. An AppleInsider report claimed that Final Cut Pro was to be refocused on more mainstream users, but Apple took pains to tell CNET (and us) that it's not true and that Final Cut Pro will continue to target professional video editors.

Read/post comments


Old Meets New: Alphasmart Neo as iPad Keyboard -- Who'd have guessed? It turns out that you can use the iPad Camera Connection Kit to connect the rugged Alphasmart Neo - a dedicated word processor with a keyboard, six-line LCD screen, and lineage dating to 1993 - to the iPad via USB and use it as a keyboard. Thanks to Eolake Stobblehouse for this video.

Read/post comments


This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2010 TidBITS; reuse governed by this Creative Commons License.

Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue