Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.apps > #37320 > unrolled thread

Mac OS (X)'s guest accounts can't use other apps beside its Safari?

Back to article view | Back to comp.sys.mac.apps

Contents

  Mac OS (X)'s guest accounts can't use other apps beside its Safari? ANTant@zimage.com (Ant) - 2016-12-09 01:09 -0600
    Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? dempson@actrix.gen.nz (David Empson) - 2016-12-09 23:18 +1300
    Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-10 04:21 +0000
    Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 10:19 -0500
      Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? "Happy.Hobo" <Happy.Hobo@Spam.Invalid> - 2016-12-10 09:51 -0600
        Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 10:59 -0500
          Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-10 12:40 -0500
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 12:52 -0500
              Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-10 13:04 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 13:23 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Jolly Roger <jollyroger@pobox.com> - 2016-12-10 21:15 +0000
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-10 21:35 +0000
              Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-10 16:52 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 17:42 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 01:58 +0000
                  Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-11 07:36 -0500
                    Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 17:38 +0000
                  Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-11 09:23 -0500
              Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 17:35 -0500
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 02:13 +0000
                  Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-11 07:36 -0500
                  Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-11 09:25 -0500
          Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? "Happy.Hobo" <Happy.Hobo@Spam.Invalid> - 2016-12-10 19:09 -0600
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-10 20:11 -0500
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 02:15 +0000
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Jolly Roger <jollyroger@pobox.com> - 2016-12-11 02:50 +0000
              Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? "Happy.Hobo" <Happy.Hobo@Spam.Invalid> - 2016-12-11 00:37 -0600
                Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? nospam <nospam@nospam.invalid> - 2016-12-11 07:36 -0500
            Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-11 08:41 -0500
      Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-10 21:34 +0000
        Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Alan Browne <alan.browne@freelunchvideotron.ca> - 2016-12-10 17:32 -0500
          Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? Lewis <g.kreme@gmail.com.dontsendmecopies> - 2016-12-11 02:12 +0000
        Re: Mac OS (X)'s guest accounts can't use other apps beside its Safari? "Happy.Hobo" <Happy.Hobo@Spam.Invalid> - 2016-12-10 19:19 -0600

Page 1 of 2  [1] 2  Next page →

#37320 — Mac OS (X)'s guest accounts can't use other apps beside its Safari?

Hello.

I noticed Mac OS (X)'s guest accounts only allow Safari with encrypted 
FileVault SSDs. Is there no way to access other apps like Office for 
those who need to use it?

Thank you in advance. :)
-- 
Quote of the Week: "Be thine enemy an ant, see in him(her!) an elephant." --Turkish Proverb
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
  /\___/\   Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site)
 / /\ /\ \                 Ant's Quality Foraged Links: http://aqfl.net
| |o   o| |
   \ _ /    Please nuke ANT if replying by e-mail privately. If credit-
    ( )     ing, then please kindly use Ant nickname and AQFL URL/link.

[toc] | [next] | [standalone]

#37321

Ant <ANTant@zimage.com> wrote:

> I noticed Mac OS (X)'s guest accounts only allow Safari with encrypted
> FileVault SSDs. Is there no way to access other apps like Office for 
> those who need to use it?

If the drive is encrypted with FileVault then the guest account boots
into the recovery partition. There is no access to the main partition
(it is encrypted) and the recovery partition is read only, so there is
no writeable internal storage.

You can't modify the recovery partition to install other applications,
and even if you could, they would not be able to store permissions or
save documents except by using external storage.

Safari is a limited version which is on the recovery partition. It can't
save anything permanently (e.g. bookmarks).

If you want a guest account with more applications then you need to do
something like create a standard account, perhaps with parental controls
to limit what it can do, and unlock the drive as an authorised user
before the "guest" can log in, assuming you don't grant the guest
account permission to unlock the drive. (The drive being unlocked
exposes you to the risk of the guest being able to gain access to
everything else on the computer, if they are so inclined and they manage
to bypass permissions somehow.)

-- 
David Empson
dempson@actrix.gen.nz

[toc] | [prev] | [next] | [standalone]

#37326

In message <X5udnYpXR4Y3xdfFnZ2dnUU7-evNnZ2d@earthlink.com> 
  Ant <ANTant@zimage.com> wrote:
> Hello.

> I noticed Mac OS (X)'s guest accounts only allow Safari with encrypted 
> FileVault SSDs. Is there no way to access other apps like Office for 
> those who need to use it?

No.

-- 
Beautiful dawn / Lights up the shore for me / There is nothing else in the
world I'd rather see with you.

[toc] | [prev] | [next] | [standalone]

#37328

On 2016-12-09 02:09, Ant wrote:
> Hello.
>
> I noticed Mac OS (X)'s guest accounts only allow Safari with encrypted
> FileVault SSDs. Is there no way to access other apps like Office for
> those who need to use it?

David makes clear the why's and wherefore's.

The whole "Guest" use account on a Mac is a pretty awful way to allow a 
guest access to your computer so he can browse or check his e-mail or 
some such.  The machine reboots for the guest and has to be re-booted 
again for the 'owner' to get back in.  Tedious, wot.

I have a guest account for such use at home.  It's not special in any 
way but it has no sharing at all of any kind, no backups, no accounts, 
no keychains ...  with that a guest could use all the installed apps.

Given such would be used when I am around, I don't consider it to be 
much of a risk.

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37329

On 12-10-2016 09:19, Alan Browne wrote:
> The whole "Guest" use account on a Mac is a pretty awful way to allow a
> guest access to your computer so he can browse or check his e-mail or
> some such.  The machine reboots for the guest and has to be re-booted
> again for the 'owner' to get back in.  Tedious, wot.
 >
> I have a guest account for such use at home.  It's not special in any
> way but it has no sharing at all of any kind, no backups, no accounts,
> no keychains ...  with that a guest could use all the installed apps.

Without FileVault, my guest account can use any apps that I haven't as 
admin blocked it from.  So apparently the "tedious" way is only if you 
turn on FileVault.

[toc] | [prev] | [next] | [standalone]

#37330

On 2016-12-10 10:51, Happy.Hobo wrote:
> On 12-10-2016 09:19, Alan Browne wrote:
>> The whole "Guest" use account on a Mac is a pretty awful way to allow a
>> guest access to your computer so he can browse or check his e-mail or
>> some such.  The machine reboots for the guest and has to be re-booted
>> again for the 'owner' to get back in.  Tedious, wot.
>>
>> I have a guest account for such use at home.  It's not special in any
>> way but it has no sharing at all of any kind, no backups, no accounts,
>> no keychains ...  with that a guest could use all the installed apps.
>
> Without FileVault, my guest account can use any apps that I haven't as
> admin blocked it from.  So apparently the "tedious" way is only if you
> turn on FileVault.

There is no reason to not turn on Filevault.

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37331

In article <UpadnU8KMtXQu9HFnZ2dnUU7-WGdnZ2d@giganews.com>, Alan Browne
<alan.browne@freelunchvideotron.ca> wrote:

> >> The whole "Guest" use account on a Mac is a pretty awful way to allow a
> >> guest access to your computer so he can browse or check his e-mail or
> >> some such.  The machine reboots for the guest and has to be re-booted
> >> again for the 'owner' to get back in.  Tedious, wot.
> >>
> >> I have a guest account for such use at home.  It's not special in any
> >> way but it has no sharing at all of any kind, no backups, no accounts,
> >> no keychains ...  with that a guest could use all the installed apps.
> >
> > Without FileVault, my guest account can use any apps that I haven't as
> > admin blocked it from.  So apparently the "tedious" way is only if you
> > turn on FileVault.
> 
> There is no reason to not turn on Filevault.

yes there are.

in addition to the guest account issue, two more that come to mind is
that it's a big performance hit on older macs and that a server won't
be able to reboot unattended, such as after a power outage.

[toc] | [prev] | [next] | [standalone]

#37332

On 2016-12-10 12:40, nospam wrote:
> In article <UpadnU8KMtXQu9HFnZ2dnUU7-WGdnZ2d@giganews.com>, Alan Browne
> <alan.browne@freelunchvideotron.ca> wrote:
>
>>>> The whole "Guest" use account on a Mac is a pretty awful way to allow a
>>>> guest access to your computer so he can browse or check his e-mail or
>>>> some such.  The machine reboots for the guest and has to be re-booted
>>>> again for the 'owner' to get back in.  Tedious, wot.
>>>>
>>>> I have a guest account for such use at home.  It's not special in any
>>>> way but it has no sharing at all of any kind, no backups, no accounts,
>>>> no keychains ...  with that a guest could use all the installed apps.
>>>
>>> Without FileVault, my guest account can use any apps that I haven't as
>>> admin blocked it from.  So apparently the "tedious" way is only if you
>>> turn on FileVault.
>>
>> There is no reason to not turn on Filevault.
>
> yes there are.
>
> in addition to the guest account issue, two more that come to mind is
> that it's a big performance hit on older macs and that a server won't
> be able to reboot unattended, such as after a power outage.

Narrow cases.

The guest account issue is easily solved with a low privilege account 
and normally under some supervision of the owner.

I had FileVault running on a late 2007 iMac and it was no impediment to 
use through the end of 2013.  It's still running too.

A Server is a narrow case.  First off it should have a UPS - that will 
cover many transients and short outages.  Further, the operator should 
be able to boot it remotely (?) and have some means of knowing it was down.

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37333

In article <jeidnVl3Ludt3dHFnZ2dnUU7-LPNnZ2d@giganews.com>, Alan Browne
<alan.browne@freelunchvideotron.ca> wrote:

> >>
> >> There is no reason to not turn on Filevault.
> >
> > yes there are.
> >
> > in addition to the guest account issue, two more that come to mind is
> > that it's a big performance hit on older macs and that a server won't
> > be able to reboot unattended, such as after a power outage.
> 
> Narrow cases.

it doesn't matter if it's narrow or not.

you said there is 'no reason not to turn on filevault', and there are
several reasons. 

you're wrong. simple as that.

> The guest account issue is easily solved with a low privilege account 
> and normally under some supervision of the owner.

that's not the same, and more work for the admin anyway.

> I had FileVault running on a late 2007 iMac and it was no impediment to 
> use through the end of 2013.  It's still running too.

it's running much slower than it otherwise would because a core 2 duo
lacks hardware aes encryption found in core i5/i7 and later.

you might not care, but others do.

> A Server is a narrow case.  First off it should have a UPS - that will 
> cover many transients and short outages. 

a ups won't power it forever.

if the outage is longer than the ups supports, then the server shuts
down (normally intentionally, before the ups is fully dead).

> Further, the operator should 
> be able to boot it remotely (?) and have some means of knowing it was down.

the point is that it *can't* be remotely booted because someone has to
type in the filevault password at the console.

[toc] | [prev] | [next] | [standalone]

#37334

On 2016-12-10 13:04, nospam wrote:
> In article <jeidnVl3Ludt3dHFnZ2dnUU7-LPNnZ2d@giganews.com>, Alan Browne
> <alan.browne@freelunchvideotron.ca> wrote:
>
>>>>
>>>> There is no reason to not turn on Filevault.
>>>
>>> yes there are.
>>>
>>> in addition to the guest account issue, two more that come to mind is
>>> that it's a big performance hit on older macs and that a server won't
>>> be able to reboot unattended, such as after a power outage.
>>
>> Narrow cases.
>
> it doesn't matter if it's narrow or not.
>
> you said there is 'no reason not to turn on filevault', and there are
> several reasons.
>
> you're wrong. simple as that.

For those cases sure.  BFD.  Doesn't apply to most people at all by a 
very long shot.


-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37338

On 2016-12-10, nospam <nospam@nospam.invalid> wrote:
> In article <jeidnVl3Ludt3dHFnZ2dnUU7-LPNnZ2d@giganews.com>, Alan Browne
><alan.browne@freelunchvideotron.ca> wrote:
>
>> >> There is no reason to not turn on Filevault.
>> >
>> > yes there are.
>> >
>> > in addition to the guest account issue, two more that come to mind
>> > is that it's a big performance hit on older macs and that a server
>> > won't be able to reboot unattended, such as after a power outage.
>> 
>> A Server is a narrow case.  First off it should have a UPS - that
>> will cover many transients and short outages. 
>
> a ups won't power it forever.
>
> if the outage is longer than the ups supports, then the server shuts
> down (normally intentionally, before the ups is fully dead).

True. And in that case, the only way to get it running again is to
physically supply the FileVault pass code during boot. I keep my
server's startup volume unencrypted for this reason. Even though it can
get around an hour run time on UPS battery, I do want it to be able to
start up once power is restored if I happen to be out of the house.

>> Further, the operator should be able to boot it remotely (?) and have
>> some means of knowing it was down.
>
> the point is that it *can't* be remotely booted because someone has to
> type in the filevault password at the console.

Actually, if the Mac is new enough to support it and you are running
10.8.2 or later, you can use the fdsetup command to restart a
FileVaule-encrypted Mac:

sudo fdesetup authrestart

Obviously this doesn't help if the machine is powered down completely.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#37340

In message <101220161240349584%nospam@nospam.invalid> 
  nospam <nospam@nospam.invalid> wrote:
> In article <UpadnU8KMtXQu9HFnZ2dnUU7-WGdnZ2d@giganews.com>, Alan Browne
> <alan.browne@freelunchvideotron.ca> wrote:

>> >> The whole "Guest" use account on a Mac is a pretty awful way to allow a
>> >> guest access to your computer so he can browse or check his e-mail or
>> >> some such.  The machine reboots for the guest and has to be re-booted
>> >> again for the 'owner' to get back in.  Tedious, wot.
>> >>
>> >> I have a guest account for such use at home.  It's not special in any
>> >> way but it has no sharing at all of any kind, no backups, no accounts,
>> >> no keychains ...  with that a guest could use all the installed apps.
>> >
>> > Without FileVault, my guest account can use any apps that I haven't as
>> > admin blocked it from.  So apparently the "tedious" way is only if you
>> > turn on FileVault.
>> 
>> There is no reason to not turn on Filevault.

> yes there are.

> in addition to the guest account issue, two more that come to mind is
> that it's a big performance hit on older macs

That is entirely false. In no way at all is it true. At all.

-- 
But of course there were the rules. Everyone knew there were rules. They
just had to hope like Hell that the gods knew the rules, too.

[toc] | [prev] | [next] | [standalone]

#37341

In article <slrno4otch.26q0.g.kreme@snow.local>, Lewis
<g.kreme@gmail.com.dontsendmecopies> wrote:

> >> 
> >> There is no reason to not turn on Filevault.
> 
> > yes there are.
> 
> > in addition to the guest account issue, two more that come to mind is
> > that it's a big performance hit on older macs
> 
> That is entirely false. In no way at all is it true. At all.

it's very true, for the reason i gave that you snipped, which is that
intel processors prior to core i5/i7 (i.e., core 2 duo) don't have aes
encryption in hardware.

[toc] | [prev] | [next] | [standalone]

#37344

On 2016-12-10 16:52, nospam wrote:
> In article <slrno4otch.26q0.g.kreme@snow.local>, Lewis
> <g.kreme@gmail.com.dontsendmecopies> wrote:
>
>>>>
>>>> There is no reason to not turn on Filevault.
>>
>>> yes there are.
>>
>>> in addition to the guest account issue, two more that come to mind is
>>> that it's a big performance hit on older macs
>>
>> That is entirely false. In no way at all is it true. At all.
>
> it's very true, for the reason i gave that you snipped, which is that
> intel processors prior to core i5/i7 (i.e., core 2 duo) don't have aes
> encryption in hardware.

Even with processor AES it is measurably slower.  Not as bad of course.

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37349

In message <101220161652206003%nospam@nospam.invalid> 
  nospam <nospam@nospam.invalid> wrote:
> In article <slrno4otch.26q0.g.kreme@snow.local>, Lewis
> <g.kreme@gmail.com.dontsendmecopies> wrote:

>> >> 
>> >> There is no reason to not turn on Filevault.
>> 
>> > yes there are.
>> 
>> > in addition to the guest account issue, two more that come to mind is
>> > that it's a big performance hit on older macs
>> 
>> That is entirely false. In no way at all is it true. At all.

> it's very true, for the reason i gave that you snipped, which is that
> intel processors prior to core i5/i7 (i.e., core 2 duo) don't have aes
> encryption in hardware.

And the amount of processing needed to manage full disk encryption is
still negligible on those system. It is by no means a big performance
hit. It is *maybe* measurable.


-- 
These budget numbers are not just estimates, these are the actual
results for the fiscal year that ended February the 30th. - GWB

[toc] | [prev] | [next] | [standalone]

#37355

In article <slrno4pcoc.27nl.g.kreme@snow.local>, Lewis
<g.kreme@gmail.com.dontsendmecopies> wrote:

> >> >> 
> >> >> There is no reason to not turn on Filevault.
> >> 
> >> > yes there are.
> >> 
> >> > in addition to the guest account issue, two more that come to mind is
> >> > that it's a big performance hit on older macs
> >> 
> >> That is entirely false. In no way at all is it true. At all.
> 
> > it's very true, for the reason i gave that you snipped, which is that
> > intel processors prior to core i5/i7 (i.e., core 2 duo) don't have aes
> > encryption in hardware.
> 
> And the amount of processing needed to manage full disk encryption is
> still negligible on those system. It is by no means a big performance
> hit. It is *maybe* measurable.

it's very measurable.

there is a very noticeable performance hit when using filevault on a
core 2 duo system because once again, there's no hardware level
encryption.

[toc] | [prev] | [next] | [standalone]

#37362

In message <111220160736243575%nospam@nospam.invalid> 
  nospam <nospam@nospam.invalid> wrote:
> In article <slrno4pcoc.27nl.g.kreme@snow.local>, Lewis
> <g.kreme@gmail.com.dontsendmecopies> wrote:

>> >> >> 
>> >> >> There is no reason to not turn on Filevault.
>> >> 
>> >> > yes there are.
>> >> 
>> >> > in addition to the guest account issue, two more that come to mind is
>> >> > that it's a big performance hit on older macs
>> >> 
>> >> That is entirely false. In no way at all is it true. At all.
>> 
>> > it's very true, for the reason i gave that you snipped, which is that
>> > intel processors prior to core i5/i7 (i.e., core 2 duo) don't have aes
>> > encryption in hardware.
>> 
>> And the amount of processing needed to manage full disk encryption is
>> still negligible on those system. It is by no means a big performance
>> hit. It is *maybe* measurable.

> it's very measurable.

> there is a very noticeable performance hit when using filevault on a
> core 2 duo system because once again, there's no hardware level
> encryption.

I have a 2010 Mac mini server, still in use. It has a Core 2 Duo Penryn
processor. There is no noticeable difference running File Vault on it.

-- 
Growing up leads to growing old, and then to dying/And dying to me don't
sound like all that much fun.

[toc] | [prev] | [next] | [standalone]

#37360

On 2016-12-10 20:58, Lewis wrote:
> In message <101220161652206003%nospam@nospam.invalid>
>   nospam <nospam@nospam.invalid> wrote:
>> In article <slrno4otch.26q0.g.kreme@snow.local>, Lewis
>> <g.kreme@gmail.com.dontsendmecopies> wrote:
>
>>>>>
>>>>> There is no reason to not turn on Filevault.
>>>
>>>> yes there are.
>>>
>>>> in addition to the guest account issue, two more that come to mind is
>>>> that it's a big performance hit on older macs
>>>
>>> That is entirely false. In no way at all is it true. At all.
>
>> it's very true, for the reason i gave that you snipped, which is that
>> intel processors prior to core i5/i7 (i.e., core 2 duo) don't have aes
>> encryption in hardware.
>
> And the amount of processing needed to manage full disk encryption is
> still negligible on those system. It is by no means a big performance
> hit. It is *maybe* measurable.

On an i7 quad core iMac (late 2012).

2 files of 1 GB of random data to an external flash memory card:

Encrypted:	46.388 s | 46.3 MB/s

Not encrypted:	40.882 s | 52.5 MB/s

So while not an important difference, very measurable at 11.8% speed 
difference.

Note that the above was to external flash using a USB 2.0 connection, so 
a lot of wait time in there.  I don't have a spare HD to test with.

As I recall from a past test I was getting around 150 MB/s to a USB 3 
external disk with encryption enabled (Filevault2).

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37343

On 2016-12-10 16:35, Lewis wrote:
> In message <101220161240349584%nospam@nospam.invalid>
>   nospam <nospam@nospam.invalid> wrote:
>> In article <UpadnU8KMtXQu9HFnZ2dnUU7-WGdnZ2d@giganews.com>, Alan Browne
>> <alan.browne@freelunchvideotron.ca> wrote:
>
>>>>> The whole "Guest" use account on a Mac is a pretty awful way to allow a
>>>>> guest access to your computer so he can browse or check his e-mail or
>>>>> some such.  The machine reboots for the guest and has to be re-booted
>>>>> again for the 'owner' to get back in.  Tedious, wot.
>>>>>
>>>>> I have a guest account for such use at home.  It's not special in any
>>>>> way but it has no sharing at all of any kind, no backups, no accounts,
>>>>> no keychains ...  with that a guest could use all the installed apps.
>>>>
>>>> Without FileVault, my guest account can use any apps that I haven't as
>>>> admin blocked it from.  So apparently the "tedious" way is only if you
>>>> turn on FileVault.
>>>
>>> There is no reason to not turn on Filevault.
>
>> yes there are.
>
>> in addition to the guest account issue, two more that come to mind is
>> that it's a big performance hit on older macs
>
> That is entirely false. In no way at all is it true. At all.

Encryption/decryption is not a 0 time transformation - it is measurable. 
  I posted data about it a few years ago.

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#37351

In message <xZmdnR9K0c6oHtHFnZ2dnUU7-aWdnZ2d@giganews.com> 
  Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
> On 2016-12-10 16:35, Lewis wrote:
>> In message <101220161240349584%nospam@nospam.invalid>
>>   nospam <nospam@nospam.invalid> wrote:
>>> In article <UpadnU8KMtXQu9HFnZ2dnUU7-WGdnZ2d@giganews.com>, Alan Browne
>>> <alan.browne@freelunchvideotron.ca> wrote:
>>
>>>>>> The whole "Guest" use account on a Mac is a pretty awful way to allow a
>>>>>> guest access to your computer so he can browse or check his e-mail or
>>>>>> some such.  The machine reboots for the guest and has to be re-booted
>>>>>> again for the 'owner' to get back in.  Tedious, wot.
>>>>>>
>>>>>> I have a guest account for such use at home.  It's not special in any
>>>>>> way but it has no sharing at all of any kind, no backups, no accounts,
>>>>>> no keychains ...  with that a guest could use all the installed apps.
>>>>>
>>>>> Without FileVault, my guest account can use any apps that I haven't as
>>>>> admin blocked it from.  So apparently the "tedious" way is only if you
>>>>> turn on FileVault.
>>>>
>>>> There is no reason to not turn on Filevault.
>>
>>> yes there are.
>>
>>> in addition to the guest account issue, two more that come to mind is
>>> that it's a big performance hit on older macs
>>
>> That is entirely false. In no way at all is it true. At all.

> Encryption/decryption is not a 0 time transformation - it is measurable. 
>   I posted data about it a few years ago.

It is close enough to zero that "big performance hit" is not at all true.

-- 
So here's us, on the raggedy edge. Don't push me. And I won't push you.

[toc] | [prev] | [next] | [standalone]

Page 1 of 2  [1] 2  Next page →

Back to top | Article view | comp.sys.mac.apps

csiph-web