My Protanopic Life

One of the first things people mention when I tell them I'm going to Asia is the possibility of getting robbed or having my possessions stolen. The security minded individual would then immediately consider ways to keep private data private in such an instance, and that is exactly what I did.

I'm still not sure what laptop I'm going to take with me. It's currently between the two laptops that I own, the 15" Macbook and the MSI Wind. I prefer OS X to Linux, but the smaller Wind is definitely tempting. I had originally bought it to use as a hackintosh, but once again I decided that with the ease-of-use of the Apple platform, you really do get what you pay for. The Wind sucks for running OS X.

Aside from hardware size, the security features look to be about the same. Both Ubuntu and OS X allow you to encrypt the home folder of your user so you have to be logged in for it to be readable by anybody. Both allow you to require a password to wake it up or come out of screensaver. Restarting will log you out and render your personal data safe and sound from unauthorized eyes. Incidentally, the behind the scenes technology is pretty much the same too. An encrypted disk image is stored in your home folder and is then mounted in place of your directory. No rocket science there, but worth mentioning.

One thing that linux does offer is the ability to have an encrypted partition which could be mounted on /home or wherever. This becomes interesting to me when I think about my personal MediaWiki installation. I want to make sure my mysql tables are not stored in the clear because they contain sensitive info. The problems come in at boot time when mysql starts up because if the password to unlock the encrypted partition hasn't been entered yet mysql will fail to start. I'm still trying to work out a way to do this gracefully, and may simply not do it at all if there's no elegant solution.

I'd be interested to hear feedback from anybody who has done a filesystem-level encryption of a mysql db successfully, especially in an environment that isn't running for months at a time, but is rebooted periodically.