View Single Post
Old 04-16-2018, 02:58 AM   #4
Human being with feelings
Join Date: Mar 2018
Location: Norfolk, UK
Posts: 250

Originally Posted by serr View Post
You need to understand what Filevault actually is.
This encrypts your hard drive volume. This is security against physical access to your hard drive. It would not protect you online or in any other way.
I work with security every day of the week, so i have a rough approximation of what Filevault is, but i'm always keen to learn more.

And, If by 'any other way' you include physical loss or theft of your hardware then yes it would very much protect you, may be the one thing that keeps your data safe infact, so really YOU need to understand what disk encryption means, HOW it works and WHY it protects you, because again, you're going to be posting nonsense in a vein attempt to protect your own integrity vs providing fellow users accurate information.

If that's the line you tread, then i can't help you, but as a professional who's been covered via disk encryption and have actively chosen to use it for many years i shall stand to correct such nonsense, mainly for the benefit of anyone reading, and zero desire to argue with you on the matter - because it's such clearly ill-advised information that you're promoting.

Originally Posted by serr View Post
Anything in or out of the drive is encrypted/decrypted and this is obviously a performance hit. A fast machine with a SSD might not be fully crippled but you would be sacrificing significant performance none the less.
Not a clue have you? You realise CPU's have encryption sets built in, so the majority of the encryption is handled direct via instructions within the CPU itself? i.e. basically means it's using areas of computing that your machine wouldn't even be using if encryption was disabled? It's like putting shopping in the engine bay of your car cause you've 'heard' putting it in the boot will slow you down.

Look into AES-NI, as you're clearly oblivious to how it works.

Originally Posted by serr View Post
If you ARE at risk of theft and theft of sensitive data, then you absolutely want to make this kind of security first priority. Either put up with a slower machine for secondary uses or use a machine with no expensive company secrets on it instead. Bricking an OS update/install is an acceptable risk if this kind of security is a priority.
There is no noticeable trade off, and we ARE ALL at risk of theft, or machine loss - particularly laptop users. There is NO priority to be considered, it's really not an issue, and as i've said before if you have some first hand experience of it causing you issues then go ahead and post them, as it is this is all just hear say and nonsense, and regurgitation of false information.

But to use that further and recommend people disable a very well implemented security for their devices is really really ill-advised. I would even be willing to make a case that by not using it you could be walking in to more problems as Apple are strongly advising it to be used.

As i've said before, i use multiple devices ALL encrypted, have done so for years, i lost a MacBook at a live gig, and luckily it was fully encrypted. On top of that, companies i work for have all 100's of their machines encrypted, and i've not heard of any of them having to disable it for the massive 1% CPU boost they 'may' see.

If you've got a studio that cannot be broken into, or a house that you never leave unattended, or you're a laptop user who never takes it out/leaves it in a car/on holiday, or you trust any computer repair shop where you may send your machine to be fixed, or you have shared accommodation where you can trust everyone coming in and out of, and you destroy all media after use - Then go ahead, disable it and revel in the CPU boost that you'll probably never even notice with modern encryption. Furthermore, Keep working AGAINST what the OS provider recommends, and see what happens.

Originally Posted by serr View Post
High security against physical access and theft is a lower use case and absolutely a faux pas to have enabled by default for the average user.
I suppose holding multiple backups is a 'faux pas' too, right? I mean, why even backup externally (via cloud/ftp/nas etc) when by your advice nothing can happen to an 'average user's physical machine? An unencrypted Laptop with USB drive is enough, right? Unencrypted local backups also pointless in your opinion also?

Originally Posted by serr View Post
Do what you will with this info and believe it or not. I see things, I spill the beans on them.
No, you read 'things', and then post ill advised recommendations to fellow users that's not to their longterm benefit, it's nothing to do with 'believing' you, in fact, this isn't anything do with 'you' at all and i think that's the problem you're having.

Originally Posted by serr View Post
I've never seen Apple crashing and burning this hard before. This is Windows-esque stuff.
Yeah sure, it's really confusing how millions of professionals around the world are cashing in their invoices with this clear burning and crashing of apple that's happening around us!! It's absolutely insane. I don't know how i made it through last month alive... Luckily i was able to fight all these issues and get through the work. But next month... wow, may have to swap to windows, which, actually is a really good OS too - oh wait, now you have me confused. How an earth have people be running on windows all these years too?!!

Are you without a machine by the way? Have you been crashing and burning too? Or is this just more 'spilling the beans' kinda stuff, that you've seen?

And are Apple now so windows-esque that they're selling your personal details to the highest bidder? All i see is them putting some great technology in place to protect it's users both physically and virtually. But hey, if you want to fight against that, then do so. But please, don't recommend that others should do so by default, even if you caused one person to have their data stolen a year down the line, one is still too much.

Originally Posted by serr View Post
I tried playing along even with the extra work and feature regressions but I'm back to recommending avoiding both 10.12 and 10.13 again. (10.13 was supposed to be a bug fixed 10.12)
Again, i'm running all the latest updates, encryption enabled, has been for years, multiple machines, i service approx 70-80 machines directly over the course of a year and i have not known one occurrence of having to disable disk encryption. But then, i don't sit and read stories, i just get to work.

As you're a guru on recommending which OS we should also be using, could you please confirm that you still recommend running without encryption enabled by default?

Last edited by Skijumptoes; 04-16-2018 at 03:21 AM.
Skijumptoes is offline   Reply With Quote