Archive for September 26, 2017

Tuesday, September 26, 2017

APFS Benchmarks

Malc (via Hacker News):

As you can see, APFS’ encryption takes about 53% of file system 4K read speed, 32% of 4K write speed, 65% of 1M read speed and 47% of 1M write speed. That is a lot compared to HFS+’s accordingly: 41, 7, 4 and 0.1%.

Even without encryption, the results show HFS+ as faster.

Michael Larabel:

Some have complained of slowdowns with APFS, but for the most part my benchmark numbers are showing faster results.

Bombich Software:

These tests also demonstrate that boot time performance between HFS+ and APFS are comparable, with only one notable exception. The pre-encrypted APFS volume (both as a source and destination) encountered a very noticeable stall during startup when the progress indicator had filled to approximately 25%. I would not conclude that these numbers reflect a degradation of performance of the filesystem when it is pre-encrypted, rather it seems there is a flaw in the startup process that is specific to this filesystem variant. Regardless, if boot-time performance is important to your workflow, we recommend that you establish macOS on a non-encrypted volume initially, then enable FileVault via the Security & Privacy Preference Pane.

His test Mac was a 2011 Mac mini. Presumably a newer Mac would have less of a performance penalty for enabling encryption.

Update (2017-09-29): Mac:

in some cases APFS appears to be slightly slower than HFS+ when it comes to writing data, especially in smaller chunks

AFFS appears to be a lot faster than HFS+ when it comes to reading data

AFPS’ built-in encryption shows decreased throughput speeds in comparison to HFS+ with FileVault2

seek rates seem a tiny bit higher with APFS but that would be unnoticeable on most workflows

Update (2018-01-11): fG! (via Peter Steinberger):

We can observe that the performance loss between Sierra to High Sierra (HFS+ to APFS) is considerable and around 40% or more.

[…]

APFS appears to introduce a considerable performance loss, even against an HFS+ encrypted filesystem. I heard before some buzz about APFS performance issues but this was the first time I installed High Sierra outside a virtual machine and measured its performance.

macOS 10.13 High Sierra Released

Chris Espinosa:

High Sierra is Apple’s 28th major operating system release for the Mac product line, spanning five processor architectures over 33 years.

Reviews:

Discussion:

Issues I’ve encountered:

Previously: macOS 10.13 High Sierra Shipping Soon.

Update (2017-09-27): Gus Mueller:

Mac OS 10.13 High Sierra includes support for decoding and viewing HEIF images. There are no OS supplied libraries for writing or converting images to the HEIF format.

[…]

If you look back at WWDC videos and remember looking at early SDK headers from the 10.13 seeds, you’ll see that support for HEIF looked like it was coming to Mac OS. I don’t know what happened, but the decision to ship it was pulled at some point.

Previously: H.265/HEVC and HEIF.

Rich Trouton:

Apple includes a command line tool named startosinstall as part of the macOS High Sierra OS installer application, inside Install macOS High Sierra.app/Contents/Resources.

This tool has several options, including a –converttoapfs option which allows control over the APFS conversion process.

Howard Oakley:

It used to be that many Mac users, who needed to check their work with both the last and current releases of macOS, ran dual-boot systems. Start up from the internal drive, and you might be running Sierra; start from an external drive and you might be running High Sierra.

Having spent a lot of time trying to create this with my iMac, my experience is that it is very difficult, and a long, slow way to pain and grief.

[…]

If you want to install High Sierra onto an external SSD formatted in APFS, your best prospect is to make a bootable installer on a USB memory stick, start up from that, run Disk Utility to format your external SSD in APFS, and then run its installer to install High Sierra on that SSD.

Sabri:

Including a comma in the name or password of a APFS volume when creating it makes the process failing, miserably.

Update (2017-09-28): Daniel Jalkut:

Since I updated to macOS 10.13 High Sierra, some of my unit tests broke. Examining the failures more carefully, I discovered that they were making assumptions about the order that Foundation’s FileManager.contentsOfDirectory(atPath:) would return items.

Update (2017-09-29): Will Cosgrove:

MacOS updates are almost enough to make me quit coding. Always buggy, users blame us, we through our hands in the air. Repeat yearly.

Takes a month out of the year to workaround/fix bugs with each OS release. People expect us to find all the weird issues day one.

Ben Lovejoy:

Apple’s ‘just works’ philosophy has hit a snag for those shooting video on an iPhone for editing in Final Cut Pro X: the app doesn’t yet support the new H.265 High Efficiency Video Coding used in iOS 11.

Update (2017-10-01): Stephen Darlington:

Finding it hard to recommend that people upgrade to High Sierra at this point. Few new visible features, broken installer, glitchy UI.

Update (2017-10-02): Wil Shipley:

High Sierra locking up daily with SceneKit is not encouraging.

Daniel Jalkut:

Shortly after macOS 10.13 was released, I received an oddly specific bug report from a customer, who observed that the little square “swatches” in the standard Mac color panel no longer had any effect on MarsEdit’s rich text editor.

Howard Oakley:

To read most of the reviews, you’d have thought the whole thing went like clockwork, and most who have upgraded are impressed and delighted. From where I’m sitting, it was a succession of bad decisions which have caused serious problems for many of those who have upgraded. In short, High Sierra is currently a lemon.

I’m seeing a High Sierra bug where menus show a rainbow of colors when dismissed instead of just disappearing or fading out.

Update (2017-10-04): Steve Troughton-Smith:

10.12 doesn’t seem to be as compatible with 10.13’s APFS as you’d hope…

Thomas Tempelmann:

Even unencrypted APFS disks written by 10.13 may not be entirely readable by 10.12.6: Hard links are such as case that I found.

Tom Nelson:

It seems with each new release of the Mac operating system, there are some features that just don’t seem to work the way they used to. The tradition lives on with macOS High Sierra, so we’re gathering a list of what High Sierra broke and how to fix it (when you can).

Update (2017-10-10): Howard Oakley:

The really bizarre twist with High Sierra, though, is Apple’s handling of this and other major flaws with its urgent ‘Supplemental Update’. That update didn’t increment High Sierra’s minor version to 10.13.0.1, perhaps, but left the version unchanged at 10.13. Not only that, those apps which are replaced by this update, including Disk Utility.app, retain the same version and build numbers as in the original release of High Sierra, although they have clearly changed.

It’s as if Apple is pretending that the original release of High Sierra never contained those dreadful bugs in the first place.

Update (2017-10-10): See also: Chris Locke.

Update (2017-10-13): Howard Oakley:

Digita Security has reported that installing the Supplemental Update may downgrade the XProtect data files from the current version, 2095, to the previous one, 2094, removing protection from the malware detailed here. Not only that, but Apple’s push updates may have failed to update that older version to the newer one, because your Mac was already so updated before installing the Supplemental Update!

Update (2017-10-19): Peter N Lewis:

Well, now I’m really happy I haven’t “upgraded” to High Sierra - ScanSnap S1300 never supported, and all others “Early December”. Sigh.

Update (2017-10-21): Marco Arment:

Random old things High Sierra broke[…]

And I ran into an icon API bug along with various bugs worked around in EagleFiler 1.8.1.

Update (2017-10-29): Jim Correia:

My 2016 TouchBar MBP panics/unexpectedly shuts down while sleeping on 10.13.0.

Dave Nanian:

So, two volumes share the same mount point, eh? Methinks you are very buggy, High Sierra. Very buggy indeed.

Update (2017-11-01): I and others have encountered graphics glitches that were introduced in macOS 10.13 and persist in macOS 10.13.1.

Update (2017-12-11): Here are some new issues that I encountered upon updating to macOS 10.13.2 from macOS 10.12.6:

Update (2017-12-12):

Update (2017-12-13):

Update (2017-12-16):

Update (2017-12-17):

Update (2017-12-18):

Update (2017-12-19):

Update (2017-12-29):

Update (2018-01-01): sckeedoo (via Hacker News):

I upgrated to high Sierra and have a big problem since then. About 3-4 times a day in my worktime my MacBook Pro (i7, 256 SSD, 16 GB RAM), is lagging and freezing. I even can't move the mouse on the screen, only music is playing. I don't know what is the problem because i cant even make a report on that. This is a real problem, because I am working and this still happens. Maybe anyone have this problem too? What can I do, because untill upgrade everything worked perfectly fine.

Nicholas Riley:

Wow, AFP sharing is really broken in High Sierra (server and client) and SMB is being flaky. Also the account I was using appeared to disappear until I rebooted. Glad I'm using NFS at home, but I'm sure not setting it up here!

Update (2018-01-03):

Update (2018-01-08):

Update (2018-01-09):

Update (2018-01-22): Samer Albahra:

High Sierra has been the biggest disappointment for me personally. None of the issues I had were fixed and many more introduced like preview unable to save an image after edited with certain tools in the Preview app.

Update (2018-01-29): ClassicHasClass:

Because the bottom line is this: Apple doesn’t want users anymore who just want things to keep working. Hell, on this Quad in 10.4, I can run most software for 68K Macs! (in fact, I do -- some of those old tools are very speedy). But Classic ended with the Intel Macs, and Rosetta crapped out after 10.6. Since then every OS release has broken a little here, and deprecated a little there, and deleted a little somewhere else, to where every year when WWDC came along and Apple announced what they were screwing around with next that I dreaded the inevitable OS upgrade on a relatively middling laptop I dropped $1800 on in 2014. What was it going to break? What new problems were lurking? What would be missing that I actually used? There was no time to adapt because soon it was onto next year’s new mousetrap and its own set of new problems. So now, with the clusterflub that Because I Got High Sierra’s turned out to be, I’ve simply had enough. I’m just done.

Update (2018-01-30): Bram Walraet (via Hacker News):

And since our OSX clients in the office, media library and editing studios started upgrading to High Sierra, they can’t search for files on these shares anymore.

Update (2018-02-28): Peter Steinberger quoting Docker:

“Revert the default disk format to qcow2 for users running macOS 10.13 (High Sierra). There are confirmed reports of file corruption using the raw format which uses sparse files on APFS.”

Update (2018-07-17): As of macOS 10.13.6, I’m still seeing PDF problems: crashes and hangs in Preview, blank thumbnails, and pages that don’t render properly.

Mac Keychain Vulnerability

Patrick Wardle (via Juli Clover):

on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭 vid #smh

other versions of macOS are vulnerable too ☠️😡 Not sure what🍎 is thinking 😭😭😭

Thomas Fox-Brewster:

If turned truly malicious, Wardle’s keychain exploit would likely be the second-stage of an attack, on top of an initial hack that would run rogue code on an Apple machine. He claimed it wasn’t hard to get malicious code running on a Mac today. Indeed, he’s repeatedly shown how to execute attacks on Apple’s operating system in recent years, and earlier this month highlighted problems in macOS High Sierra’s “Secure Kernel Extension Loading” (SKEL) feature, which was designed to require user approval before third-party code ran at the kernel level of the operating system. Wardle showcased an attack on an unpatched and previously-unknown vulnerability (i.e. a “zero-day”) that bypassed SKEL security.

“Most attacks we see today involve social engineering and seem to be successful targeting Mac users,” he added. “I’m not going to say the [keychain] exploit is elegant - but it does the job, doesn’t require root and is 100% successful.”

Roman Loyola:

Apple has released a statement on the issue:

macOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents.

This is a rather disingenuous response because Wardle specifically reported that the vulnerability equally affects signed apps.

Update (2017-09-27): Nick Heer:

Users are inundated with dialog boxes and security warnings — surely Apple knows that very few people actually read them. And, again, I stress that this malware could be attached to a totally legitimate signed app. Apple could invalidate the developer’s certificate if something like this were to be discovered in the wild, but that doesn’t mean that the security issue doesn’t exist.

Thomas Reed:

It’s important to understand that the idea that people should wait to install High Sierra because of this bug is a very bad one, for multiple reasons.

Update (2017-10-06): macOS High Sierra 10.13 Supplemental Update:

Impact: A malicious application can extract keychain passwords

Description: A method existed for applications to bypass the keychain access prompt with a synthetic click. This was addressed by requiring the user password when prompting for keychain access.

CVE-2017-7150: Patrick Wardle of Synack

Sandbox Inheritance Tax

Daniel Jalkut:

When my subprocess is launched, the system sees that extra “com.apple.security.get-task-allow” entitlement in the context of “com.apple.security.inherit”, and unceremoniously crashes my the child process.

I’m not sure what Apple’s reasoning is for imposing this entitlement on sandboxed targets, but it appears to be doing so across the board, for literally every sandboxed target in my app. I confirmed that all of my apps, XPC processes, helper tools, etc., are all getting this bonus entitlement.

[…]

I’ve learned that Xcode’s “Export Archive” functionality causes the unwanted entitlement to be removed. Apparently the assumption is that everybody creates Xcode archives as part of their build and release process.

It’s still a bad bug, though, because you can’t run your app from Xcode during development. How did Apple not run into this when testing any of their own apps?

Update (2017-09-28): Daniel Jalkut:

So, if you’re a developer who doesn’t use archives, what are your options? I’ve come up with four workarounds, and I present them here, roughly sorted by advisability and level of tedium[…]

Update (2017-09-29): Erik Schwiebert:

yea, we dont use Xcode Achives due to restricted access to MSFT corp signing cert.

iOS Default File Associations

Federico Viticci:

As expected, one of the most common questions I’m getting. iOS needs a new system for default file associations.

Ian McDowell:

Turns out Google Drive registered as the owner of the ‘public.data’ UTI. When they enabled LSSupportsOpenInPlace, they became the default opener for every file format who’s owner does not support open in-place.

It’s a shame that Apple didn’t put safeguards for apps that do this. As the developers of Office, our own apps won’t open our own documents until we support opening in-place, which requires lots of changes to our open/save logic.

Update (2017-09-27): Gabriel Hauber (via Juande SantanderVela):

Dropbox also registers for public.data and public.content but doesn’t set Handler rank to Owner - I think that’s the key?

Text Replacements Do Not Sync

Brian Stucki (tweet):

In iOS 6 (2012), syncing between Mac and iOS devices was introduced. At least that is when Apple said it was introduced. I have yet to see the feature roll out. Therein lies the premise of this post.

Text replacement syncing is completely broken. Sometimes it works, sometimes it doesn’t. Sometimes it will only sync back old snippets that you have deleted. Sometimes the sync will work one direction, but not the other. Every time I ask about this on Twitter, it brings a strong response of similar experiences.

[…]

I mostly put forward this data to show just how random and far reaching the issue is on Apple devices.

Update (2017-09-27): Wojtek Pietrusiewicz:

I found my own solution. I had to go through this again, after updating to iOS 10 last year. So that’s twice since the feature was added — not bad, not perfect.

My method is supposed to isolate the one device on your account, which is causing problems. I personally have four — two Macs, an iPhone, and an iPad. Here is what I did, twice now, to fix the syncing of text shortcuts.

John Gruber:

I don’t know what’s going on with text replacement syncing, but it is the worst kind of buggy: it works just well enough to keep using it, but my machines are never in perfect sync. And, the feature is really useful, and really helpful to me on a daily basis. Apple: please get this fixed.

Nick Heer:

It’s truly astonishing that seemingly the buggiest part of iCloud is syncing plain text strings. As one person quipped in Slack, it’s amazing that I can make dozens of edits to a RAW photo and see that reflected nearly instantaneously on all my devices, but changes to text replacements remain entirely unreliable.

Brian Stucki (via Tim Hardwick):

Perhaps a clean install of High Sierra is now saving snippets correctly? It’s a start I guess. But who knows if it will still be working this afternoon.

Guilherme Rambo:

I just confirmed that text replacements sync through CloudKit on iOS 11 and High Sierra.

Update (2017-09-28): John Gruber:

Apple spokesperson emailed me to say they checked with the team, and an update that moves text replacement syncing to CloudKit should be rolling out to iOS 11 and MacOS 10.13 High Sierra users in the “next month or so”.

Update (2017-12-05): John Gruber:

In an update to his original report, Stucki reports that as of last week, this is now the case. So far so good for me personally. I think this deserves a non-sarcastic finally.

Update (2018-01-31): Meek Geek:

I’m on the latest versions of macOS and iOS, and text replacement shortcuts are still not syncing.

Update (2018-12-04): Federico Viticci:

More updates about my iCloud issues:

All my text replacements are now gone, replaced by ‘On my way!’ duplicates. I have no idea what is going on.

Sigh.

Update (2019-02-11): Mark Malström:

Went to add a new text replacement shortcut and discovered that all of my previous shortcuts have disappeared…

Seriously, how have these syncing issues not been resolved in the last 8 years, since the feature was released?