Apple: SSH and FileVault

Biggest change for corporate non-personal Mac usage. Mac Minis are actually fairly good value and good quality for miscellaneous automation purposes. We started switching over to them at work, and the FileVault issue described here was actually one of the big things holding us back.

Ive been curious about using some Macs for general purpose servers. Is there anything else you do to make them easier to administrate as servers? Are you running Mac-specific stuff on them or more general purpose Linux containerized stuff?

Macs make terrible servers. I’ve had to manage various on-premises Mac servers for the last 15-20 years and every year Apple breaks something extremely basic and obvious with no reasonable workaround. Especially these days with locking down all the administrative functions such that only a local admin user (with a SecureToken!) clicking a button in the GUI with a physically attached mouse/keyboard can enable them.

It's generally a bad idea to use consumer hardware for servers.

One reason Google was a big hit was because (while all the competition was doubling down on big iron), they ran their search on commodity hardware, and compensated in software/networking.

I don't think Macs would be a great platform for running a k8s cluster, but the power efficiency alone makes them a curious alternative to explore.

Yes, and it's wise not to apply general advice to niche situations: like using a Mac mini for a web host.

With this attitude, we'd all still be running 2U Dell PowerEdge and poor Raspberry Pi would have gone out of business.

It's 2025, almost 2026. A web server from a few years ago has less power than consumer mac Mini today while using much more energy.

Throw out the advice that is from the era of physical install media and let's focus on specific (instead of general, unhelpful) advice as we move into the modern era where cheap computers are just fine.

Google used x86 Linux machines. Which is common in industry. Everything is documented, unlike Apple's offerings.

I'd rather know how a mac server is to run today than how it was over the last 15-20 years. Seems things are getting better now, especially with this ssh news.

Security is rarely convenient. Since the early OS X days, Apple seems to be willing to do things the more secure way even if it's a bit of a hassle. Seems to be paying off for them.

> Which is common in industry.

It was *not* common in mid-90s. x86 was commodity hardware - home PCs, early NT workstations. PHP was still written in Perl. Linux was a few years old - industry veterans (e.g. Greenspun) were throwing rocks at it.

Yes, the x86 platform was documented - through reverse-engineering efforts. Compaq was the first to produce PC clones, to IBM's great disdain.

Don't get me wrong - you're probably better off running Ampere. Just don't dismiss commodity hardware.

The setup was common in universities, back then. That's probably also how they got to use it.

This wouldn't work with Apple products because Apple ultimately has control over the hardware. You don't want a server that suddenly shows "Please enter your AppleID" in the middle of something, for example.

> The setup was common in universities, back then. That's probably also how they got to use it.

Sun Microsystems were also big in universities. As were IBM. Lots of people believed the "servers have special hardware" voodoo back then, and parroted that it's bad news to run servers on consumer hardware.

Somehow, decades later, the meme refuses to die. Unlike Sun Microsystems. Or IBM's Unix server business.

Except Apple has tight control. You're basically building your castle in Apple's kingdom.

If Google had used Apple appliances for their servers they would be violating the EULA and have lawyers knocking on their door.

Apple appliances are made for consumers. Apple's lawyers were not paid to cover business usecases, so they basically don't allow it.

PHP was written in C. To quote Rasmus Lerdorf:

“I wonder why people keep writing that PHP was ever written in Perl. It never was. #php”

The PHP history page at one point claimed it was:

https://web.archive.org/web/20090426061624/http://us3.php.ne...

He may have had some Perl scripts on his computer before the 1.0 C release, but that’s a far cry from “PHP was written in Perl”.

It’s a lot harder than it used to be. You basically need to ensure you have a remote KVM, or else have access to smart hands every few months to press a button.

And yet, running clusters of Mac Minis is one of the most common datacenter solutions for when you need MacOS (usually for CI systems that run iOS builds or something similar).

the point is that the “security” changes apple has been making are not broadly beneficial to the server use case and seem designed for single-user systems with no consideration for remote management/access.

This is the same reason why Apple has lost the education market to Chromebooks.

If you want iOS build servers Apple’s licensing gives them no other option.

Your data integrity is at risk not using ECC ram (EXTRA ESPECIALLY IF YOU USE SOFTWARE RAID), which is usually gated out of consumer hardware.

Though those poweredges would have had it.

Why not just install linux on them? Macs don't require macos. Hardware ≠ software.

None of this is the point of this discussion.

The point is: commodity hardware is powerful, and it's interesting to explore its capabilities outside of its original purpose. Apple or not.

Thanks for debunking, I'll stop spreading lies now ^^;

I don't agree that it is harder than it used to be, unless you specifically mean there are a few more dialogs to hop through during install and initial setup which is annoying on recent versions. But you do this once, just like Windows UAP.

Apple sells remote management software* if you don't want to buy your own KVM solution, it's $79.99 but given that there are no per-user limits and it has been continually updated for ~20 years, I'd say it's often overlooked in discussions of remotely managing Macs.

If you want a free solution, Tahoe w/ ssh FileVault unlock makes using a Mac as a server more useful than ever with a non-Apple VNC product of your choice.

* Mac App Store link: https://apps.apple.com/us/app/apple-remote-desktop/id4099073...

If you ignore legal constraints, maybe.

Unless you're sending the Mac mini to space as part of this project, the internal hardware ECC built in to Apple silicon SoC combined with the extremely short unified memory paths removes this as a valid concern

Any software RAID on macOS is a risk I wouldn't be willing to take, but that is another matter entirely and has nothing to do with ECC.