Posted in apple, free, OSX, security, upgrade

Apple’s OS X “El Capitan” first impressions

TL;DR: Faster, more secure, better looking, and the latest thing.
I upgraded last night.  NOTE:  it’s BIG (6 GB).  For those of you still have data caps, this can be a problem.  Start the process, and then go to bed.
What’s great so far:
1) You can see the new usability features from website, which is the first specific item in the Help menu in Finder:
The El Capitan Finder help menuThe El Capitan Finder help menu
In my case, upgrading from Yosemite (10.10), this points to:
2) The new font.  You will hardly notice it, except that the user interface looks…clearer.  Apple has chosen a font that will look great on Retina and non-Retina displays.  I am typing this on my trusty workhorse of a 2009 iMac, and it looks very clean and clear.
3) Faster graphics (including text rendering).  Much of the old OS X was built on top of OpenGL.  OpenGL is still in place, but now the library graphics calls in use by all apps are going straight to the Metal…which is Apple’s new “more direct to the hardware” API for rendering graphics, first debuted on iOS, where it made rich 3D games possible with lower CPU and therefore power use.  Think of it as DirectX for the Mac.
This means it will be faster for you, including on old machines, and it doesn’t break anything.  Note to business folks:  when developers tell you “we need a layer of abstraction” this is why.  These changes are invisible under the layer of abstraction which is the Mac programming API.  The developers are free to make things work faster and better, without breaking existing programs.
4) Application Transport Security.  A huge number of applications (all platforms, sadly) either don’t use modern encrypting transports when talking to web applications and/or web services.  Even worse, in some ways, they use the secure transports badly, giving the impression of security without the full benefit.  This enables things like “man in the middle” attacks, where your information that should be secure can be intercepted by an untrusted third party.  ATS enforces “works or breaks” in using application transport security by:
     a) requiring applications in OS X and iOS to use the latest secure transport, TLS 1.2.  Previous versions are known to be broken from a security standpoint.
     b) Except:  exceptions for particular domains may be made, but must be explicitly listed. (This is a small lie; you can tell ATS to allow unsecured.  BUT DON’T DO THAT.)
     c) Only ciphers which support forward security are supported.  This obsoletes a number of cyphers which permit men in the middle attacks, as above.
NOTE: 4. breaks a number of applications.  THIS IS A GOOD THING, THEY NEEDED TO BE FIXED.  IF the development companies decide NOT to fix them, there’s a work-around…but don’t do it, *you are betraying your customers by doing so*.  Take the (minimal) time and DO IT RIGHT.  (Sorry for the CAPS).
Remember, these are just first impressions.  I will post a follow-up later. Looking forwards to trying out some of the new features (full screen split screen!).
Have an excellent day,
Posted in documents, findability, management, paperless, passwords, security

DO Encrypt, DON’T Panic

Or, What the ‘strong encryption’ requirement means to Psychologists (regarding Fact Sheet #16 issued by the Information Privacy Commissioner of Ontario).

Why I’m writing this: I have a number of friends and associates who are Certified Psychologists in Ontario, and have been asked, casually, what exactly this fact sheet means.

Bottom line:  If you are a Psychologist providing health information to a health network provider, or a user of health information in the sense of PHIPA and its regulations, you need to secure all portable healthcare data as below. If you are NOT, you DO NOT have to.  If you do, or if you aren’t sure, please keep reading…

Continue reading “DO Encrypt, DON’T Panic”