A Primer on OSX Security

July 30, 2010 | Doug, Tech Features, Tips & Tech

In the past year both Dave Gallagher and myself have had a personal laptop stolen. The experience highlighted the issue of security and our findings were depressing indeed. Here are a few points highlighted for your attention and further research. Neither Dave nor I are security experts and this should not be considered legal or professional advice; just a caution against taking security for granted.

Foreword

Anytime an article on security is published it raises the question on whether the author should highlight weaknesses. My personal stance on this is absolutely firm: the people who want to bypass your security already know everything I’m writing below. Literally an intelligent 10-year old could find the information in under 10 minutes using google, and much of the information is posted publicly in Apple’s own help documents. This article is to help honest people understand what is needed to guard themselves against dishonest people.

OSX Password

All Mac user accounts must have a password associated with them. This password is required to make any low-level changes to the system like installing applications or changing important system preferences. If you’ve disabled “Auto-Login” in the system [System Preferences > Security] panel then the password is required to log into the computer. In addition [System Preferences > Security] can be set so that the computer automatically logs you out after X minutes of inactivity and requires a password to log back in. This is a pretty good level of security right?

Breaking the OSX Password

How long does it take to break past the OSX password? Using a good password makes it next to impossible for someone else to guess or “crack” your OSX Password. But they don’t have to. Anyone can change your OSX password by inserting an OSX install DVD and booting from the DVD. They even have a step-by-step guide to do this on Apple.com. Bottom line: if someone has physical access to your computer and more than 5 minutes then your OSX password is useless.

But I use a Firmware Password!

OSX allows you to set a “firmware password” which is required before a user can boot from a DVD. Since the procedure above requires the user to boot from the OSX DVD the idea is that the Firmware Password will prevent someone from subverting your OSX Password. Unfortunately it’s really easy to subvert the firmware password.

Breaking a Firmware Password

The Firmware Password can be reset by opening the computer and physically removing one of the sticks of ram, then booting the computer holding command-option-P-R (the shortcut to reset the PRAM). That’s it – the firmware password has been reset and you can boot from an OSX DVD to reset the OSX Password. If the bad-guy has physical access to the computer this entire process requires a OSX DVD, a screwdriver, and less than 10 minutes and your system is completely unlocked.

So what Can I Do?

So far as I can find, the only way to truly secure your system is FileVault. It may be possible for the NSA or CIA to crack a FileVault password, but as far as I can find, it’s impossible for any average bad guy. So unless you’re carrying state-secrets you’re probably more than safe using a FileVault with a good, hard to guess password. FileVault encrypts the entire contents of your home folder where the vast majority of programs store their data. Your Desktop, Documents, Pictures, Music, and Settings files are are located within your Home folder.

The Damage Possible

Nearly everyone I know stores sensitive information on their computer, even if they don’t know it. Here are some of the things a thief might do after unlocking your computer:

• Open and view all the passwords you’ve stored on the computer by selecting “Remember this password” in any application
• Read your email (if you use Mail)
• Send email in your name to your contacts (“e.g. Hey Mom, I can’t remember my ATM PIN – do you remember it??”)
• Check popular websites to see if you are auto-logged in (e.g. your gmail/hotmail/AOL email)
• Go to banking websites and use the “forgot my password” to email your secure passwords to your email address or initiate a password reset

Overall Recommendations

• Use a reasonably secure OSX password, set up a firmware password, and set up File Vault.
• Only store confidential documents in your user folder where File Vault will protect it.
• Turn your [System Preferences > Security] to disable automatic OSX login, and to require a password when coming back from a screen saver, set your screen saver to come on after only a few minutes of inactivity.
• Tier your passwords. Anything really important like bank accounts, tax information, etc., should be very secure passwords which are not directly related to your less important passwords. When creating throw-away accounts (e.g.  you have to create a username/password for a stupid giveaway) use a dedicated low-security and unrelated password like “nothing123″ so that anyone able to view such passwords cannot use them to access your important accounts.
• Do not use “auto logins” on any website or program which should be secure.
• Remember that many websites, even some financial websites, will email you your password with only a few (easy to guess/find) questions like date-of-birth. So whichever email address you use with secure accounts needs to be, itself, a high security password and should not be set to auto-login. For example a “hacker” (read: smart alec kid) gained access to one of Sarah Palin’s secure email address by using the “reset password” function which emailed the secure password to a much less secure email address.
• NEVER write your password down or type it into any document (only password entry fields). If needed write yourself clues on what the password is that are obscure/personal enough that they won’t be decipherable by anyone else. For instance if your password is “John4Galt2 you might remind yourself “Rand Also Can’t Remember” which easily jogs the memory of the originator but would be impossible to reverse engineer.
• If you ever suspect your computer or smart phone has been stolen immediately reset every password you have. If you have a smart phone which can be remotely wiped do so immediately as anyone who is stealing a phone in order to mine data off of it will know they only have a limited time to take advantage of it.
• If you have so many passwords you can’t keep track then consider creating an encrypted disk image file where you can type your passwords and other ultra-confidential information. Doing so in OSX takes only a few minutes.

_

Firmware Update for ALL P+ Back

July 15, 2010 | Tech Features, Tips & Tech

A new firmware, version 5.1.2, has been released for all Phase One P+ Backs (P20+, P21+, P25+, P30+, P40+, P45+, P65+). This firmware adds supports for several high-end compact flash cards including SanDisk Extreme 32/64GB (60/90MB) and Lexar 300X 16GB.

It is recommended for all users and is available for download here.

RZ Pro IID Users: This firwmare update adds a new functionality when using a P40+ or P65+ with an RZ Pro IID and studio strobes. This “RZ Pro IID” feature is added under the Camera Mode menu and allows normal latency to be used (increasing battery life) whereas previously in this setup you would need to use zero latency.

IMPORTANT NOTE:

• Windows Users: You should use Windows XP SP3, Vista, or Windows 7
• Mac Users: You should use 10.5.8 or 10.6.4 ONLY. Do not attempt to run this updater in 10.6.3. Bad things may happen.

_

C1 5.1.2 Released

June 10, 2010 | Tech Features, Tips & Tech

Capture One 5.1.2 has been released with enhancements mainly for Leaf cameras, Windows 64 bit drivers, and some limited but welcomed integration with Expression Media (recently acquired by Phase One).

Future versions of Capture One will surely further increase support and integration with Expression media; this update comes only days after the purchase of Expression media by Phase One, so seeing any results this fast is surprising and very welcome.

Capture Integration will be testing this new version of Capture One. Until then we recommend customers follow the same general advice as always. If you are a professional photographer depending on your computer as a tool to accomplish his work that you should not update their software or operating-system until:

• the update has been out long enough to give a sense of whether it contains any nasty bugs that would slow down your workflow, waste your time, or worse.
• you have time to make a complete bootable backup of your system in case you need it
• you have time to do a complete test of anything critical you do on your computer (tethering, processing, retouching, printing etc)

Also, we recommend you follow our Capture One Uninstall Instructions to remove any previous version of Capture One from your computer before updating to a new version (rather than simply overwriting the previous version).

From the release notes:

Capture One 5.1.2 contains the following enhancements:

• Updated firmware for Leaf backs (compatible with Leaf Capture 11.3.5).
• Tethered support and file support for the Leaf Aptus-II 10R.
• JPEG Quickproof® support on Windows.
• More stable tethering driver for Windows 64 bit.
• QuickLook and WIC support for Leaf MOS files.
• A number of bug fixes.

Expression Media support:

• Easily add a selection of images to an Expression Media catalog.
• Preview images in Expression Media using Capture One’s default rendering.
• Transfer rating and color tag between applications by drag and dropping images.
• Create an album with images found by searching in Expression Media.

You can always buy Capture One from Capture Integration following these instructions for a 10% discount.

_

Capture One Keyboard Shortcuts

May 14, 2010 | Tech Features, Tips & Tech

by Doug Peterson, Head of Technical Services

Capture One allows the user to easily customize the default set of keyboard shortcuts. After repeated requests we are releasing our internal Capture Integration recommended Custom Keyboard Shortcut list. These are intended to increase the speed of your workflow.

Below is the list of our recommended shortcuts. Some of these are defaults, some we added, and at the bottom are three that we removed.

See the shortcuts and download/install the custom shortcuts.

_

Capture One Styles

April 13, 2010 | Doug, Tech Features, Tips & Tech

by Doug Peterson, Head of Technical Services

One of Capture One’s most powerful features is the styles menu. However, it often gets overlooked because the variety and usefulness of the included styles is somewhat limited, and the method of creating your own style is easy, but not very intuitive or discoverable.

We hate to see our users missing out on powerful features we think they would benefit from, so we are working on a set of styles under our own Capture Integration brand. They will be free and offered without limitations / watermarking etc, though you do need to enter your email address to receive the download link.
Click here to read the rest of the article and download the styles.

_

OSX 10.6.3

April 9, 2010 | Tech Features, Tips & Tech

OSX 10.6.3 was released late last month. It served as an excellent reminder that if you are a professional photographer depending on your computer as a tool to accomplish his work that you should not update their software or operating-system until:

• the update has been out long enough to give a sense of whether it contains any nasty bugs that would slow down your workflow, waste your time, or worse.
• you have time to make a complete bootable backup of your system in case you need it
• you have time to do a complete test of anything critical you do on your computer (tethering, processing, retouching, printing etc)

In this case 10.6.3 appears to contain two bugs that affect Capture One users. As with most types of bugs these may or may not effect all 10.6.3 users. If either of these issues seem relevant to you or if you don’t have time to properly backup and test your system you may wish to hold off on updating to 10.6.3 for the time being.

• KB 2207 – specific bug in the operating system which causes license issues in programs including Photoshop CS4 and Capture One – Capture One crash after upgrading to Mac OS 10.6.3 if system serial number is greater than 12 characters.
• KB 1168 – After updating to Mac OS 10.6.3 all my images are blue (effects those proofing in CYMK only)

For more information on creating a bootable backup of your system see our article on backups before and during a shoot.

_

Copal Shutter Repairs On the Rise

April 8, 2010 | Tech Features, Tips & Tech

A must read if you use a Technical Camera or View Camera.

One of the best parts of working for Capture Integration is the direct interaction our company has with the technicians and engineers at the manufacturer’s we represent.

This email came from the Head of Technical Services at Cambo. Note that while his English is very good he is not a native speaker.

We like to share with you some experience that occurs lately more than previously.

Schneider as well as Rodenstock confirm that there is an increase of needed repairs for Copal shutters. We also notice this, where in the past the Copal shutter was a reliable product for years.

One of the possible reasons might be a different way of use by the newer generation of users
who shoot digital and may use a different workflow compared to the old style Large Format Shooters.

The traditional way of working is to open the shutter for viewing, then close the shutter before setting the shutter speed and aperture, and only then cock the shutter just before releasing the shutter. This is trouble free.

Appearantly with the workflow of digital shooting with a CCD-back always in place, it is tempting to cock the shutter directly after the shot, and perform time adjustments after that. On itselves this is OK, but once the shutter is cocked, and then the shutter opening lever is opened for viewing and the shutter speed setting ring is being used, the mechanism will be destroyed after some time. This can be noticed also because the time setting travels very difficult and stiff in that case.

So, please consider that the shutter speed setting may NOT be used when the lens is open
and the shutter is already cocked.

This information applies to any lens mounted on a Copal shutter, independent of the type and make
of the camera.

_

New and Old Canon 70-200/2.8 IS

April 1, 2010 | News, Steve, Tech Features, Tips & Tech

I did a quick comparison of the new Canon 70-200mm f/2.8 IS Version II vs the Canon 70-200mm f/2.8 IS Version II

e
I was told the new IS technology provides up to 4 stops hand-holdability. I thought, yeah, right. So, I zoomed to 200mm, set it 1/15th of a second and shot it alongside our Version I. Color me convinced! We ordered a bunch on the spot. If anyone wants one, a phone call and deposit puts you at the front of the line.

High resolution 100% crops after the break.

_

DF: Manual & Custom Function List

March 24, 2010 | Doug, Tech Features, Tips & Tech

Phase One DF Body User Manual

Click below to download

Custom function quick list.

For further information on custom functions (or larger type) download the user manual above and look through pages 88 through 92.

_

C1 5.1 – Leaf Tethering & More

February 22, 2010 | Tech Features, Tips & Tech

Capture One has the dominant market share for tethered shooting. Up until last year this was limited to Canon dSLRs and Phase One digital backs. In version 4.6 tethering in Capture One was opened to Nikon dSLRs. Now in version 5.1 the game is changing again.

Leaf Cameras Supported for Tethered Capture in Capture One 5.1 DB:

- Leaf Aptus II 10, Aptus II 8, Aptus II 7, Aptus II 6, Aptus II 5
- Leaf Afi II 10, Afi II 7, Afi II 6

Leaf Cameras Supported for Tethered Capture in Capture One 5.1 PRO:

- Leaf Aptus 75S, Aptus 65S, Aptus 54S
- Leaf Afi 7, Afi 6, Afi 5
- Leaf Aptus 75, Aptus 65, Aptus 22, Aptus 17

This tethered support is offered for Leaf backs as-they-are and does not require a new firmware (though you should ensure your firwmare is the latest available) or hardware update. Many Leaf photographers already own Capture One 5 Pro for use tethering the Nikon or Canon or for processing their Leica or other camera’s raws – those photographers can update their software for free to 5.1 and plus in their Leaf and use it tethered immediately. Users who own Capture One 3 Pro or Capture One 4 Pro can upgrade to Capture One 5.1 Pro for $99*

Live View for Leaf backs is not yet supported, but R+D expects to be able to implement Live View for some backs soon (no details can be provided at this time since they are seeing what can be made to work as we speak.

Stability and Performance

Shot-to-preview time is currently a bit slower than Leaf Capture. This is an area of performance that R+D anticipates being able to improve in the coming months. C1 has always had incredibly fast shot-to-preview times with Phase One cameras, even those with very large files like the P65+, so stay tuned for further improvements in performance.

Capture Integration (our company) has earned a reputation for being careful with it’s recommendations for software updating in appreciation for just how important it is for tethering software to be rock solid stable. Although Phase and Leaf have tested this release with a variety of leaf backs and computers I would still advise that anytime such a large improvement is made (adding tethered support for 18 different backs in one release – let alone a new brand/type of back) that caution is required and that you should test your own specific setup extensively before using it on a job. We will be happy to report back here our findings as we, and our customers, start to use the new version with Leaf backs and we encourage you to do the same. Of course we also encourage you to do your own due-diligence – if you experience problems please read our Ideal Tethered Setup which, though catered to Phase One backs, still contains a useful checklist for Leaf owners, and to contact your Leaf dealer to see if you’re running the latest firmware for your camera. Often the forums get flooded by implied issues which are actually user error – and that doesn’t help anyone.

Support for Leaf tethering in Windows is being called “preliminary”. So be especially sure to test your specific setup before using it on a job.

FREE Trial

ALL users will be able to do a 30 day full-featured trial of Capture One. Even if you’ve already done a trial of 5.0 you are eligible for a free trial of 5.1.

Other Features and Bug Fixes

Auto Select New Capture - Auto Pause (on/off): allowing you to decide whether clicking on an image during tethered capture should pause the selection of new incoming images or not.
Spot Removal – previous spot removal only worked well for dust, new spot removal works for zits, dirt, and, apparently flies.
Advanced Noise Reduction – available for advanced users to easily modify the type of noise reduction based on their intended use, includes surface noise reduction which targets noise in areas of continuos tone (e.g. the paint on a smooth/shiny car), and fine grain which was borrowed from Leaf Capture to allow the introduction of a fine and uniform grain to help mask unpleasant noise in very high ISO or for aesthetic effect
Underline Acceptable – In 5.0.1 and 5.0.2 the underline key was disabled during text entry – in 5.1 this is fixed
Negative Clarity – used to enhance the smoothness of tonality in a portrait
Inverted Color Selection in Color Editor – the color editor is the most powerful tool in Capture One and this new tool makes it more flexible, allowing you to select the inversion of a particular color for editing
Improved Metadata Handling – GPS location and aut0-importing of metadata stored in compatible sidecar files generated in other programs
Improved Sorting – including sort-by-process-state and more intelligent sort-by-name
Aspect ratio available from Crop Cursor drop down – brought back from the days of version 3.X this option saves you time when switching cropping aspect ratios and just plain makes sense
Faster loading of recent folders – similar to the near-instant loads for folders which are assigned as favorites Capture One 5.1 now includes sophisticated recent folder handling
Faster loading of large folders – catalog shooters will notice improvements when opening folders with many hundreds or thousands of raw files.

10% Discount for purchase

Capture Integration offers an easy way to purchase Capture One online at a 10% discount. Check out our step-by-step instructions on Buying Capture One.

Installation

We recommend that for the best experience you remove the application, application support, and preference files of any previous Capture One version before installing Capture One 5.1. This is not “required” but it has been our long standing experience that doing so is a good idea. See our uninstall instructions for a comprehensive guide, but for the purposes of an upgrade you can skip all the steps except the application, application support, and preference files. If you skip this step and experience a weird glitch, bug, or strangeness, then close the program and delete the application support and preference files.

Training Available

Capture Integration is known throughout the world and the web as a leading expert in Capture One. If you are a Leaf user who is considering purchasing or using Capture One you should subscribe to our newsletter. We’ll be announcing March classes online specific to Capture One 5.1 for users coming from Leaf Capture in our next newsletter.

Parting Thoughts

When Phase One purchased the assets and took on many of the employees of Leaf we received many calls from Leaf users asking when they would get to use Capture One. Now, just a few months later, this support is being offered even back to the Aptus 17. This is a good day for Leaf users and for Phase One, which has just expanded it’s user base enormously.

*depending on when you bought your Capture One 3 Pro license you may be entitled to a free upgrade to version 5 Pro. Check with your dealer or look in your account at phaseone.com > my account (sign in) > license management > select your license.

_

Next Page »