Tao Effect

The next update to Espionage, Espionage 1.1.3, is turning into 1.2. It will be Espionage’s first major update, boasting many significant new features including: built-in DelayedLauncher, custom master-password support through a separate keychain, various UI changes, and more. Another huge feature (that’s currently hush-hush, involving some more of iSpy’s magical abilities), may make an appearance in this update as well.

However, this post is mainly about one of the features that you may see removed from the next update, and that’s Espionage’s ability to password-protect a folder without encryption, and hence, insecurely.

There are two reasons that I’m considering this:

The first is that it adds some inconsistencies to Espionage, one prime example is the ignore list. Normally, applications that are whitelisted still do not have access to the actual contents of a folder (when it is encrypted), however, they *do* have access to the real contents when that folder is not encrypted.

The second reason, is that it can unwittingly generate bad press. One example is this post by Alex Payne where he describes Espionage in the following manner:

The other tempting option for encrypting just a few files is Espionage, which looks to be part of the so-called “Delicious Generation” of high-gloss single-purpose apps. Unfortunately, this detailed review suggests that Espionage is more style than substance, as there’s a number of scenarios in which the protection it provides is rendered moot.

When someone like Alex Payne can misunderstand a review of Espionage that badly, it makes me wonder whether other, less technically savvy people, also discount Espionage because of this feature.

I should probably make it clear here, that Espionage’s primary method of protection, the encryption of folders, is as secure as FileVault’s¹, because it uses the same encrypted disk image technology that FileVault uses, as well as OS X’s secure keychain system.

I know that unencrypted password-protected folders can be a convenient way to protect “a collection of videos that you don’t want your grandma to have access to but don’t care enough about to encrypt”, but does anyone make use of that feature?

We’re interested in hearing your thoughts on this issue, so let us know in the comments.

Thanks!

¹Actually, it might be more secure because Espionage has the AES-256 option, and soon, a separate custom master password.

Some users may experience a bug in Espionage 1.1.2 associated with the “auto-unlock at login” option where Espionage will display many “Critical Alert!” messages upon login, which, though harmless, can be annoying.

This bug has been fixed in the next update to Espionage (along with a slew of others), but that update may not be available for a few more weeks because of the nature of the improvements that are being added to it.

However, you don’t have to wait for the next update for a fix to this problem:

1. Download Fix Messages.zip
2. After extracting it, double-click on the fixmessages.command file.
3. This will open the Terminal. At the prompt enter you administrator’s password and press enter.

That’s it. Next time you login those messages should not be there. The fix places a small script in the Espionage support directory that will run when you login. This script simply removes the /Volumes/EspionageMounts directory, which Espionage will subsequently re-create.

To uninstall it, run remove-fixmessages.command.

Quite often in the past I’ve experienced a strange problem with my Macbook Pro where it would wake itself up shortly after I put it to sleep. I discovered that it only did this when the Airport card in my laptop was turned on.

After learning that I wasn’t the only one experiencing this problem, I wrote a program to solve the problem: Wireless Sleeper.

Just launch the program and let Wireless Sleeper do the rest. It’s a tiny, efficient program that silently sits in the background. When it discovers that your computer is about to go to sleep it will turn off Airport and wait 5 seconds to make sure that it’s off (this is necessary for the fix to work). Once your computer wakes up after its night of uninterrupted rest, Wireless Sleeper will turn your Airport card back on for you. It will even add itself to your list of login items when you run it so that you don’t have to worry about that too!

Enjoy.

10.6 UPDATE: If you are running Snow Leopard please download this version instead.

Recently Michael Zenke was kind enough to inform us about a potential conflict between Espionage and PGP’s Whole Disk Encryption. Michael was kind enough to give us permission to quote his email in this blog post to alert other users of the situation:

Hi,

for the last few weeks, I’ve been evaluating PGP Whole Disk Encryption (WDE) on my quest for an alternative for File Vault. While testing PGP WDE I discovered Espionage which meets all my needs. But I had to realize that unmounting on shutdown did not work properly, which resulted in corrupted Thunderbird and Firefox-Profiles. Looking in the system-logs showed that PGP-WDE seems to do some wiered things with the mounted images, so Mac OS X cannot unmount them. During the last two days I decrypted my last WDE-Encrypted external harddisk and removed PGP completely. From this time on Espionage works like a charm. No more corrupted profiles for several reboots. Thanks for your great work.

We will look into this situation to see if there’s anything we can do about it, but in the meantime hopefully this blog post will alert others to the problem. Thanks Michael!

Terminal fiends will likely find this post useful.

A while ago, I was sitting in the library at the University of Florida under the pretense of preparing for a final exam that was scheduled for the following day. I had, however, made the idiotic mistake of bringing my laptop with me.

Instead of studying I became inexplicably fascinated with how much memory my various running applications were taking up. Actually, it was really the fault of Alex Harper’s fantastic MenuMeters application, because I noticed that I was running low on free memory, despite having 2 gigabytes installed and very few applications running.

This lead to another discovery, namely that Safari was hording over a gigabyte of RAM for itself. This upset me, as I’m rather neurotic about how much RAM applications use. Every time the OS has to pageout I cringe inside with the knowledge that my laptop’s battery life, performance, and theoretically, the lifespan of its hard drive, are all affected. So I set aside the textbook and wrote memusage, a shell script that reports back the largest of offenders:

gslepak$ memusage
Top 10 memory intensive apps:

	Name			Percentage	Size

#1:	Xcode                   5.3		217.688 MB
#2:	firefox-bin             4.4		181.754 MB
#3:	WindowServer            4.1		165.961 MB
#4:	Finder                  2.3		95.2305 MB
#5:	iTunes                  2.0		81.7227 MB
#6:	Mail                    1.8		75.7031 MB
#7:	Interface               1.7		67.7344 MB
#8:	coreservicesd           1.3		53.1914 MB
#9:	mds                     1.1		45.0312 MB
#10:	Quicksilver             0.9		38.4531 MB

As you can see, I don’t use Safari anymore.

I wonder what iSpy is using right now…

gslepak$ memusage ispy
ispyd: 0.0 %  0.441406 MB

Ten is too many, just show me the top 5:

gslepak$ memusage 5
Top 5 memory intensive apps:

	Name			Percentage	Size

#1:	Xcode                   5.3		217.688 MB
#2:	firefox-bin             4.5		182.457 MB
#3:	WindowServer            4.1		166.281 MB
#4:	Finder                  2.3		95.2305 MB
#5:	iTunes                  2.0		81.7227 MB

If you’re wondering why the percentages don’t match up with 2GB, it’s because I recently upgraded to 4GB, and I highly recommend it!