OS X Mavericks' fdsetup tool takes FileVault 2 management to a new level

OS X Mavericks' fdsetup tool takes FileVault 2 management to a new level

Summary: The recent edition of MacTech magazine offers a closeup look at new features added to the command-line tool fdsetup to manage FileVault 2 in OS X Mavericks. This offers many useful capabilities for Mac managers.

SHARE:

The October issue of MacTech magazine, available in hardcopy or in digital subscription through the iOS Newsstand, offers an interesting article by Rich Trouton on the many new features added in OS X Mavericks to the command-line tool fdsetup to manage FileVault 2. It details the features and how they work.

I was interested in the section on the management of personal and institutional recovery keys.

fdsetup in Mavericks adds the new ability to change, add and remove both personal and institutional recovery keys. This gives Mac admins much greater ability to manage recovery keys, including the capability to quickly update or remove the compromised personal and/or institutional recovery keys in the event of a data breach or other problem.

In addition, the tool lets Mac admins detect which kinds of recovery keys are being used on a Mac.

Trouton said fdsetup was already a "Swiss Army knife" for managing FileVault 2 when it arrived in Mountain Lion. This new version takes the tool to a new level.

According to Trouton, the updated fdsetup's greatest strengths include:

-It allows options for automating FileVault 2 setups via scripting.

-fdestup's defer option can be used to set up a self-service procedure for enabling encryption.

-It supports multiple recovery keys for FileVault 2 giving Mac admins more options for handling recovery situations.

-It allows you to rotate or remove recovery keys on an as-needed basis.

I also enjoyed an article on coding tips by developer Peter Hosey on the "subjective side of Objective-C." He presents a strong warning on sample code. He says it's a great mistake to drop code into a project sight unseen, even if it's from Apple.

Be very suspicious of sample code you find on the web — on blogs, on Stack Overflow, on GitHub, even on Apple's own site. Assume it's crap. Yes, even Apple's. Assume it's crap.

He then offers a checklist of tests for any sample code that catches the eye.

Of course, that's advice that can carry over to many things in work-life beyond coding.

Topics: Apple, Operating Systems, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion