[OSX-Users] Re: Lion problems

Hugh Glaser hg at ecs.soton.ac.uk
Sun Jul 31 12:56:40 BST 2011 

Thanks Phil,

On 31 Jul 2011, at 11:55, Philip Boulain wrote:

> On 31/07/2011 10:45, Hugh Glaser wrote:
>> 1) MenuMeters reports that my swap files are encrypted.
>> I don't want this, as it was bad enough before when they got big, watching the system occasionally thrash.
>> Now it is certainly worse.
>> Of course, it may be that MenuMeters is reporting wrongly, and it is something else?
>> If not, anyone any idea how to switch it off?
> 
> I could have sworn it was via pmset's hibernatemode (looking at past mails, perhaps it used to be), but apparently not:
> 
> http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man8/dynamic_pager.8.html
> 
> From the look of that you want to open
> /Library/Preferences/com.apple.virtualMemory.plist
> find "UseEncryptedSwap", and toggle it to off. IIRC OS X has a pretty GUI editor for plist files that should open by default.
I thought I might need to get into a plist somewhere, and that is the right one.
And I was guessing perhaps I switched it off a while ago.
But it gets a bit more interesting.
UseEncryptedSwap is not set.
So has Lion started ignoring UseEncryptedSwap - who knows?
I've downloaded a new version of MenuMeters.
I've set and unset it again
(sudo defaults write /Library/Preferences/com.apple.virtualMemory UseEncryptedSwap -bool {yes|no} )
I'll see what happens next time I restart.
>> (Obviously I don't have FileVault switched on, which is what is pissing me off about the swap situation - what is the point of encrypted swap when the rest isn't?)
> 
> Because no well-written software will write stored passwords unencrypted to disk, e.g. Keychain stores them encrypted them with your login password by default I believe. But to actually use them, at some point those passwords have to be unencrypted in memory, and if the machine were to be heavily overloaded or hibernated during that point, that memory might get written to swap and your password is now in plaintext on persistant storage. It might be harder to find than a passwords.txt on your desktop, but it's also harder to get rid of given swapfiles are system-managed and you'd effectively have to disabled them all and secure-zero the drive's free space.
> 
> Are you sure it's the cause of your performance woes, though? I'd expect disk speed (and the lack of it) to completely dominate the CPU cost of encryption, and I haven't found it (under Linux) to be a problem on a hideously anaemic Celeron. If I'm remembering my cat names correctly, that manpage is for Snow Leopard (it's the most-recent Apple host), so it's been on by default on laptops since then.
Yeah, I guess so.
But the reason I went looking was that I could see the swapping maxing, and the CPUs seemed to be hammered at the same time.
If anyone gets a hold of my machine and wants to go for it my life is at an end in any case, so the odd password stuck in some swapfiles really doesn't register on my list of concerns, certainly if it causes any performance loss on my old machine.
Cheers
> 
> -- 
> Phil

-- 
Hugh Glaser,  
              Intelligence, Agents, Multimedia
              School of Electronics and Computer Science,
              University of Southampton,
              Southampton SO17 1BJ
Work: +44 23 8059 3670, Fax: +44 23 8059 3045
Mobile: +44 75 9533 4155 , Home: +44 23 8061 5652
http://www.ecs.soton.ac.uk/~hg/

More information about the Osx-users mailing list