[workerbee]

I strongly recommend not using FileVault, based on recent events.

My PowerBook's FileVaulted Home directory had recently (about 2 weeks ago) started to act weird, and when I tried to fix it by logging into a new admin account and running DiskUtility over it, DU stopped with some stupid error and was unable to fix the volume.

I've since bought a new, smaller PowerBook, and have been trying unsuccessfully all day today to back up files from my old filevaulted Home. I connected the old PB in FireWire target mode to the new PB, and tried:

• burning the home.sparseimage to DVD in Toast
• mounting the home and burn it to DVD in Toast
• copying the home.sparseimage file to the new PowerBook

All of these approaches failed, as the old PB always froze while accessing the sparseimage data. I've wasted a day and 9 DVDs over this.

Fixing the sparseimage file size using hdiutil in the Terminal (it's 3+ GB and has about 1.6GB data) also did not work, of course.

Now I'll try to mount the sparseimage again, and manually copy directory per directoy, subdirectory per subdirectory.
I'm really looking forward to this, and recommend anyone never ever to even touch FileVault, because: once it's broken, there's apparently no fix.

Toast going crazy when the FW-target PowerBook crashed also did not help my mood. Is there really no f***ing way to get a madly spinning DVD-R to eject save for restarting and pressing the mouse button?! Even disktool in the Terminal was unable to put an end to this misery.

[Kristoff]

sounds like the sparceimage file is either crosslinked, or the medium on which it is written has a bad block.

Run Diskwarrior and see if that helps.

[workerbee]

Originally Posted by Kristoff

Run Diskwarrior and see if that helps.

Thanks for the tip, but I think I'll run a low-level format, actually. This will most certainly help.

[Athens]

Originally Posted by workerbee

I strongly recommend not using FileVault, based on recent events.

My PowerBook's FileVaulted Home directory had recently (about 2 weeks ago) started to act weird, and when I tried to fix it by logging into a new admin account and running DiskUtility over it, DU stopped with some stupid error and was unable to fix the volume.

I've since bought a new, smaller PowerBook, and have been trying unsuccessfully all day today to back up files from my old filevaulted Home. I connected the old PB in FireWire target mode to the new PB, and tried:

• burning the home.sparseimage to DVD in Toast
• mounting the home and burn it to DVD in Toast
• copying the home.sparseimage file to the new PowerBook

All of these approaches failed, as the old PB always froze while accessing the sparseimage data. I've wasted a day and 9 DVDs over this.

Fixing the sparseimage file size using hdiutil in the Terminal (it's 3+ GB and has about 1.6GB data) also did not work, of course.

Now I'll try to mount the sparseimage again, and manually copy directory per directoy, subdirectory per subdirectory.
I'm really looking forward to this, and recommend anyone never ever to even touch FileVault, because: once it's broken, there's apparently no fix.

Toast going crazy when the FW-target PowerBook crashed also did not help my mood. Is there really no f***ing way to get a madly spinning DVD-R to eject save for restarting and pressing the mouse button?! Even disktool in the Terminal was unable to put an end to this misery.

Thats not a issue with Filevault on its own, the issue is a corrupt disk image which is a risk you take when ever you use one. If a diskimage which file vault basically is gets messed the data in it is messed the same way a CD getting scratched becomes almost totally useless even if most of the CD is still good. Rule of thumb, always backup. I backup my sparseimage every few weeks just incase, but so far not a single problem over the last 4 months.

[workerbee]

Originally Posted by Athens

Rule of thumb, always backup. I backup my sparseimage every few weeks just incase, but so far not a single problem over the last 4 months.

Same here, actually; I've not lost any data in the process. I'd still much prefer Apple would implement a real encrypted file system, as the risk of corrupting a disk image is bigger IMHO.

[CharlesS]

Send me an e-mail (support āŧ charlessoft ďöţ čơṁ [address altered to confuse spambots]). I'll send you an app that I never ended up releasing, but which may work to back up your sparse image without hanging.

[Athens]

Originally Posted by workerbee

Same here, actually; I've not lost any data in the process. I'd still much prefer Apple would implement a real encrypted file system, as the risk of corrupting a disk image is bigger IMHO.

Oh I love this system much much more. Its easy to access your files from another user account or a networked Mac, just double click on it, it asks you to authenticate and done, your image is loaded on your desktop. For backups its as simple as drag and drop. If the hard drive ever gets messed up, its easier to fix unencrypted then if its encrypted. I think the system is perfect as is.

[bborofka]

On another note, I've been using FileVault for the past year and half on my PowerBook with no problems. I backup my home folder to an external drive every few weeks just to be safe, but I've never had data loss.

[jmgriff]

FWIW I've been using Filevault since 10.3.1 on two different powerbooks without any issue. I've since switched it off because I no longer need the protection it offers, and because it was incompatible with various automator actions and applescripts. As others have said the key is regular backups, because you are trading the risk of your sensitie data being read against the risk that the sparseimage will be damaged. Only you know if that risk is worthwhile.

[workerbee]

Originally Posted by Athens

Its easy to access your files from another user account or a networked Mac, just double click on it, it asks you to authenticate and done, your image is loaded on your desktop. For backups its as simple as drag and drop.

Very true... as long as the sparseimage is not corrupted. Once it does get corrupted, though, it starts losing attractiveness quickly, as backing up the sparseimage or even data off its mounted volume becomes difficult.

[workerbee]

Originally Posted by CharlesS

Send me an e-mail (support āŧ charlessoft ďöţ čơṁ [address altered to confuse spambots]). I'll send you an app that I never ended up releasing, but which may work to back up your sparse image without hanging.

Thanks Charles, will do immediately.
(Thanks also for indirectly reminding me about something I'd forgotten to transfer from my old soon ex-PowerBook to my new one... what would I do without Pacifist?

[Athens]

Originally Posted by workerbee

Very true... as long as the sparseimage is not corrupted. Once it does get corrupted, though, it starts losing attractiveness quickly, as backing up the sparseimage or even data off its mounted volume becomes difficult.

Same issue when the file system gets corrupt, nothing looks attractive any more.

[Macpilot]

Filevault is silly unless you are a CIA agent and only have a few things to encrypt, and little or no media files. There are so many other nice security options in OS X that can be used (master password, no auto login, secure virtual memory, open firmware password) that should satisfy the mose paranoid user.

[Boondoggle]

Originally Posted by Macpilot

Filevault is silly unless you are a CIA agent and only have a few things to encrypt, and little or no media files. There are so many other nice security options in OS X that can be used (master password, no auto login, secure virtual memory, open firmware password) that should satisfy the mose paranoid user.

Hardly. None of those measures protects data if someone gains physical access to your computer.

An encrypted disk image (other than filevault) for critical data can be a more efficient means of securing the files that need protection rather than securing the entire home directory, but the simplicity of having everything encrypted is a security feature in of itself.

bd

[Macpilot]

Originally Posted by Boondoggle

Hardly. None of those measures protects data if someone gains physical access to your computer.

An encrypted disk image (other than filevault) for critical data can be a more efficient means of securing the files that need protection rather than securing the entire home directory, but the simplicity of having everything encrypted is a security feature in of itself.

bd

Apparently you did not read my post. Of course Filevault is a security feature, but it is OVERKILL for 99% of users! You are right that Filevault protects your data, ONLY if you have a difficult password! It is not crack-proof. How many people actually have difficult-to-crack passwords? How many users actually use a password at all?

Again, if your data is so sensitive that you need Filevault, you are probably not debating about it on a public forum.

The features I mentioned are more than enough for the 99%, and you know this.

The only way around open-firmware is to remove the RAM and replace it with other RAM. Now, if grandma's iMac gets physically stolen, I suppose she should have used Filevault to protect her recipes?

One thing to remember is that if the Filevault process goes awry, you can be really screwed. You can always reset an account password, and a master password.

[Cadaver]

I've been running FileVault on my 12" PB since the day I bought it - for about 18 months now - and its never had a problem. I perform regular OS maintenance and of course I keep things securely backed up.

My situation is not typical, however. As some of you may know I'm a physician and medical researcher. Some of my grants are paid for by the US government. I am required by law (one of which is HIPAA) to keep my computers password protected and encrypted given the contents (including medical data & research with patient-identifiable information). I also use a strong alphanumeric & special character password, encrypted virtual memory and the Apple OpenFirmware lock. Its about as secure as consumer-grade equipment gets.

And I feel much more secure on my PowerBook than I do with contents on my other laptop (HP nc6220 with WinXP).

Overkill? Perhaps. But should my PowerBook be stolen/lost, I don't need to be heavily fined or jailed by the US government when some VIP discovers that his medical information/research data is "in the open" as they say in the spy movies.

Besides, at least for me, FileVault has been 100% transparent from my end-user experience.

[Hal Itosis]

Originally Posted by Cadaver

> Overkill? Perhaps.

It seems strange that the only option is to encrypt the entire Home folder... or nothing at all.
I might like to have one subfolder in my Home called "FileVault" into which I could toss only
those items I wanted to protect. (Yeah I know how to do it with Disk Utility, but we're talking
here about the automation afforded by having FileVault do it for us... behind the scenes).

What's most puzzling is this: by ***default** iTunes keeps the user's music in their Home,
and by ***default** FileVault encrypts the entire Home folder. How crazy is that?! How big
is the average user's music collection? 5 gigs? 20 gigs? It just seems wasteful for all those
encryption resources to have to chew on so much data, when all that the user really wants
to secure is probably only a few megs in size.

[G. I.]

I use PGPdisk from the PGP Desktop application w/o any problems for years.

[Toyin]

My experience with filevault was less than satisfactory

It will be a while before I trust it. I also didn't like the speed hit that you got from it. Not noticeable in simple document saving/opening, but definitely noticeable when manipulating music and video files. My warning to those who use filevault. Unless it's significantly changed since 10.3 it's hard to disable filevault once it's enabled and you're using more than 1/2 your hard drive space.

[alphasubzero949]

I have 3 computers with FileVault enabled under Tiger. Never a problem.

Of course, I couldn't say the same about Panther.

Like cadaver, I have sensitive information in my grant proposals and masters thesis. I also use strong and long alphanumeric passwords with characters in my login, FV master, and OF passwords. The firewall is turned on, rejects all UDP traffic, and is in "stealth" mode. Little Snitch keeps tabs on other network traffic.

It's not because I'm paranoid; it's a requirement. Should my laptop be stolen, I don't want someone having an easy time cracking my information.

The only time you'll have difficulty enabling or disabling FileVault, as I found out the hard way once, is when you don't have enough HDD space to match the size of your home directory.

[alphasubzero949]

double post

[alphasubzero949]

triple post

[alphasubzero949]

...

[alphasubzero949]

...

[cryptonomicon]

Originally Posted by workerbee

All of these approaches failed, as the old PB always froze while accessing the sparseimage data. I've wasted a day and 9 DVDs over this.

Fixing the sparseimage file size using hdiutil in the Terminal (it's 3+ GB and has about 1.6GB data) also did not work, of course.

I had exactly this problem today, complete with Disk Utility dying with an error and refusing to fix anything. However, Disk Warrior 3.03 fixed everything right up for me. I did, though, have to change the Owner of the sparseimage file temporarily to the alternate user I was logged in as. Otherwise the sparseimage mounted read-only, and Disk Warrior thus couldn't replace the directory with the fixed one.

Also, in terms of backing up the lost data - something that others have suggested is to use Disk Utility to select the sparseimage (you can drag the sparseimage file into Disk Utility to make it show up in the list of drives), and then choose Images->Convert which can sometimes copy the data into a new image that you can actually mount.

[workerbee]

Originally Posted by cryptonomicon

However, Disk Warrior 3.03 fixed everything right up for me.

Hmmm... I was somewhat afraid of using DW on a sparseimage. Of course, I should just have tried it. Silly me.

Originally Posted by cryptonomicon

Also, in terms of backing up the lost data - something that others have suggested is to use Disk Utility to select the sparseimage (you can drag the sparseimage file into Disk Utility to make it show up in the list of drives), and then choose Images->Convert which can sometimes copy the data into a new image that you can actually mount.

Well that's good to know - I wasn't aware of this at all. But then DU seems to have changed quite a bit recently anyway... must look into it one of these days.

Anyway, the disk is now wiped and reformatted, and the PowerBook around it, sold.