[OSX-Users] Re: Lion problems

Jules Field sysjkf at ecs.soton.ac.uk
Sun Jul 31 12:47:30 BST 2011 


On 31/07/2011 11:55, Philip Boulain wrote:
> On 31/07/2011 10:45, Hugh Glaser wrote:
>> 1) MenuMeters reports that my swap files are encrypted.
>> I don't want this, as it was bad enough before when they got big, 
>> watching the system occasionally thrash.
>> Now it is certainly worse.
>> Of course, it may be that MenuMeters is reporting wrongly, and it is 
>> something else?
>> If not, anyone any idea how to switch it off?
>
> I could have sworn it was via pmset's hibernatemode (looking at past 
> mails, perhaps it used to be), but apparently not:
>
> http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man8/dynamic_pager.8.html 
>
>
> From the look of that you want to open
> /Library/Preferences/com.apple.virtualMemory.plist
That file doesn't exist any more. I strongly suspect that they enforce 
"use secure virtual memory" which is what the setting in the "Security" 
Preference Pane used to say in Snow Leopard. The CPU overhead will be 
pretty much nil, as Phil says.
> find "UseEncryptedSwap", and toggle it to off. IIRC OS X has a pretty 
> GUI editor for plist files that should open by default.
 From the looks of the /sbin/dynamic_pager binary, it uses 
/Library/Preferences/com.apple.virtualMemory.plist (which doesn't exist 
by default) but now uses the key "DisableEncryptedSwap" which you 
presumably have to set to true.

But as Phil says, disabling encrypted swap is a pretty bad idea and 
won't speed up your system noticeably. If you have big swapping 
problems, buy more RAM or shut down apps you aren't using (which new 
apps written for Lion will do automatically, as you can demonstrate very 
easily with apps such as Preview and Quicktime Player).

Jules.
>
>> (Obviously I don't have FileVault switched on, which is what is 
>> pissing me off about the swap situation - what is the point of 
>> encrypted swap when the rest isn't?)
>
> Because no well-written software will write stored passwords 
> unencrypted to disk, e.g. Keychain stores them encrypted them with 
> your login password by default I believe. But to actually use them, at 
> some point those passwords have to be unencrypted in memory, and if 
> the machine were to be heavily overloaded or hibernated during that 
> point, that memory might get written to swap and your password is now 
> in plaintext on persistant storage. It might be harder to find than a 
> passwords.txt on your desktop, but it's also harder to get rid of 
> given swapfiles are system-managed and you'd effectively have to 
> disabled them all and secure-zero the drive's free space.
>
> Are you sure it's the cause of your performance woes, though? I'd 
> expect disk speed (and the lack of it) to completely dominate the CPU 
> cost of encryption, and I haven't found it (under Linux) to be a 
> problem on a hideously anaemic Celeron. If I'm remembering my cat 
> names correctly, that manpage is for Snow Leopard (it's the 
> most-recent Apple host), so it's been on by default on laptops since 
> then.
>

Jules

-- 
sysjkf at ecs.soton.ac.uk

More information about the Osx-users mailing list