diglloyd Mac Performance Guide
Visit Thunderbolt Central

SSDStorageMemory

Through end of January: One Hour Consulting for 1 Bitcoin

One hour consulting for 1.0 Bitcoin (returning clients and/or past the first hour, 0.7 Bitcoin).

Use coinbase.com/diglloyd.

The easiest way to get Bitcoin and handle it security is to create an account at Coinbase.com. (MPG strongly suggests using two-factor authentication via Authy, which runs on your iPhone or similar). Like Paypal and banks, you have to be verified, etc. See also Bitcoin price and volume graphs.

Hard Drive Reliability

MPG has been recommending Hitachi hard drives for several years, based on several solid reasons, including using 25 or so of them over the past 5 years (4TB and 5TB and now 6TB modes.

Two articles on the topic:

Favorite MPG hard drives, such as for use in the OWC Thunderbay 4 or OWC Mercury Elite Pro. Note that Toshiba is part of Hitachi.

Apple Core Rot: More Views

To MPG’s knowledge, MPG was the first to seriously raise the Apple Core Rot issue a year ago.

Some new coverage on Apple Core Rot on the web:

What’s worse than a worm in an Apple? Half a worm!
What’s worse than a worm in an Apple?
Half a worm!

See also:

Waiter, there is a fly in every serving of Apple kitchen-sink soup these days, well actually in every ingredient that goes into Apple soup. Big complex operating systems with more and more superfluous eye candy lead to more and more security bugs and usability problems. It’s the the way software works: more complexity = more bugs, period.

Virtually all of these issues persist months after OS X Yosemite was released. And no doubt will never be fixed, or perhaps will be replaced by new bugs as Apple arbitrarily breaks things and rips out good useful features by inreeasingly disprectful-to-users judgment. A few of these issues are very serious (security), and inexcusable.

There are dozens of other problems MPG can’t afford the time to document, many of which degrade usability each and every day, including severe performance issues in Photoshop, 4K display support issues, complete failing to support technologies available for years (10-bit color), and a general crapware approach to the system (and iOS). No ordinary user can now use a Mac in more than a basic way without needing an expert helper. Even using an iPhone via iTunes befuddles your author; it’s a kitchen-sink disaster of a user interface. It’s a sad commentary on the company which once rightly carried the standard of usability in computing.

What’s the Most Important Aspect of Your Mac?

Most buyers of new computers think about speed, display, etc.

But the most important feature of any system is a disciplined backup strategy.

Key pages :

Hint: one Time Machine volume doesn’t cut it. MPG uses Time Machine and it is very useful for short-term recovery, but TM should be considered a redundant measure on top of full measures.

Backup and data safety

How to Automate DiskUtility Verification of Mounted Volumes

The OS X command line is a powerful tool that requires some learning, but can be a huge time saver for some tasks.

See How to Verify All Mounted Volumes for a power-user tip for taking the tedium out of checking the file system on your volumes, especially useful for systems with three or more volumes.

A similar approach can be used for other chores, such as using Integity Checker to verify the integrity of the file contents for an original or backup.

ioSafe Fireproof NAS

MPG review the ioSafe 1513 last year. An updated unit, the ioSafe 1515+ NAS is now available.

ioSafe Announces the 1515+ NAS

A high-performance ruggedized NAS optimized for on-premise data security, automatic failover and recovery.

Auburn, Calif., January 5, 2015 – ioSafe today announced the availability of the ioSafe 1515+: a fire and water-resistant 5-bay expandable NAS powered by Synology’s award-winning DiskStation Manager operating system.

“The new ioSafe 1515+ is simply the most capable product we’ve ever built. We continue our partnership with Synology to deliver our most technologically advanced product ever.” said Robb Moore, ioSafe CEO. “Along with our unmatched physical protection against fire and water, the latest Synology platform enables blazing hardware digital encryption at up to 448 MB/s reading and 191 MB/s writing. For even faster performance, choosing not to encrypt increases throughput to 450 MB/s reading and 396 MB/s writing.”

The 1515+ features an Intel® Atom™ processor C2000 family 2.4GHz quad-core processor which leverages Intel’s new AES-NI instruction set to provide accelerated encryption, enabling businesses to better and more comprehensively safeguard mission-critical data and to use encryption in areas where it previously was not possible.

“Primarily aimed at the Small Medium Business, the 1515+ can be used by anybody interested in protecting vulnerable data, minimizing downtime and creating private cloud environments for sharing data that isn’t susceptible to public cloud vulnerabilities” said Mr. Moore.

The 1515+ has a RAM module expandable up to 6GB, quad LAN ports supporting automatic failover and Link Aggregation and built-in redundancy, providing resiliency for mission-critical business operations. The 1515+ is deigned to expand with the need of growing companies and can be scaled up to 90TB of raw storage using N513X expansion units. With support for VMware, Citrix, and Microsoft Hyper-V, the 1515+ provides a seamless storage solution for virtualized environments.

“Our ongoing partnership with ioSafe enables us to deliver a unique and award-winning storage solution. Combining Synology’s DiskStation Manager operating system with ioSafe’s fireproofing and waterproofing technology provides customers with a solution that makes it easier than ever to both protect and manage their onsite data. The 1515+ features Intel’s new quad-core processor with hardware accelerated encryption to further security for users,” said Jason Bonoan, Marketing Director of Synology America Corp.

The 1515+ replaces the 1513+, which CRN named as their Storage Product of the Year 2014.

ioSafe N2
ioSafe N2

PDFEditor for Mac

MPG has not evaluated this offering, but might do so because there have been times when editing a PDF could be useful.

Woody writes:

We have released PDF Editor Mac 3.0, a powerful and free PDF application for Mac OS X. With just a few clicks, PDF Editor Mac allows users to add text, erase content, and insert images into their PDF file. Users can also rotate the PDF orientation, draw lines, change font size and color of text, and add a watermark to each page.

Is it possible to submit this free application and share it with your readers and visitors?

Feature Highlights:

* Simple and intuitive User Interface
* Add and edit text and images
* Supports JPG, PNG, GIF, BMP, TIFF, and more
* Delete content
* Ability to rotate orientation of PDF
* Ability to draw vertical and horizontal lines
* Watermark all pages
* Undo/Redo options
* Zoom in/Zoom out options

Homepage: http://www.pdfeditormac.com/

Download from website: http://www.pdfeditormac.com/download.html

Woody, PDFEditorMac.com

Newfangled Popup Password Dialogs Defeat Password Managers

I’m a delighted user of 1Password for managing all my passwords.

But two aggravating design trends have emerged within the past year, and seem to be growing:

  • Web sites that hide login fields and force the user to click on a Login button or login link in order to reveal the username/password fields.. Major sites are doing this now. It’s particularly aggravating when a visual scan is needed to find that “Login” link in 8 point type buried among the detritus.
  • Web sites that do the “hide” thing above, and then (worse) pop up a password dialog that won’t work with a password manager, at least not 1Password.

It’s classic “form before function” (very 'Apple'). But MPG can’t blame this one on Apple, because it’s popping up in too many places. It’s some mass design idiocy murmuration at play.

Update: 1Password is working for me now in the popup window. It did not work the day I wrote this, which puzzles me, and I have seen it not work on other sistes. Update 2: Sometime in the past few days, the B&H site had a major facelift (product pages change dramatically); something must have changed in regards to the login dialog too. The good news is login works with 1Password.

DiskTester
Workaround for popup password dialogs

Shown below is what B&H Photo Video does (B&H is my recommended vendor for all things photographic). 1Password won’t fill in this popup password dialog on the B&H site, nor other sites that use this approach.

Workaround as shown at right: right click (control click) on Login, choose Open in New Window.

Popup password dialog that will not allow password manager entry of login info
Popup password dialog that will not allow password manager entry of login info

Reader Feedback: “WORTH it. My drive (SSD) is back and so is my productivity”

DiskTester
DiskTester

Andres R writes:

I just wanted to let you know that I resisted paying $40 for a few days, but I knew my external SSD’s performance had gone down the drain.

Sadly, other than on your site, there was little about this anywhere. Most people seems to just be happy with their drives. I’m a photographer and use the drive for intermediary photoshop work. In any case, one hour after paying my money, it was WORTH it. My drive is back and so is my productivity.

Details: LaCie Rugged USB 3.0 Thunderbolt Series 120GB Solid State Drive used as an external drive via Thunderbolt. I was down to 19 MB/sec a second for writes and it is now back up to the 300-350+ range.

MPG: the DiskTester recondition command is designed expressly for SSDs. Not all SSDs benefit, but many types do.

At the least it clears out data to zeroes, perhaps easing the load on the SSD controller as it shuffles data around internally. The dgl wipeFree command is also effective for similar reasons.

DiskTester
DiskTester recondition

While the Apple SSDs in the MacBook Pro are generally quite good, a single recondition pass brought the minimum write speed up substantially (the first pass showed a big drop in performance near the end of the free space). This test on a late 2013 MacBook Pro Retina with a 512GB SSD about half full.

DiskTester recondition of late 2013 MacBook Pro Retina 512GB SSD
DiskTester recondition of late 2013 MacBook Pro Retina 512GB SSD

Selling that Computer? Wipe Out Personal Files First

diglloydTools

The iMac 5K has gone back to Apple (see comments on why it’s a fine machine but just not for me). See also the review of the iMac 5K.

Having copied over my stuff including mail and source code and various, I didn’t really like the idea of just emptying the trash, so I wanted a fast and efficient way to overwrite my files.

Enter the wipe command command in diglloydTools, which wipes files efficiently without any need to erase the drive. The command also wipes out metadata in the file system catalog as well as renaming each file to a random long gibberish name, before finally deleting it. Double confirmation is needed before any files are actually wiped.

NOTE: the wipe and wipeFree commands are available in Terminal (command line) only at present (advanced users).

  • A full erase/wipe is always better if the drive is to be sold, but this is not viable or convenient when/if the drive is in active and continued use. (Very high security requirements would require physical destruction of the drive, or at the least, a complete erase and block-level wipe by booting off another drive).
  • Since wiping files on an SSD doesn’t really wipe those actual blocks, I followed the wipe-files command with the dgl wipeFree command, letting it erase all free space down to the last free byte. Then I repeated; with most of the drive unused, this effectively cycles through all blocks on the SSD.

The wipe command also supports an easy to use convenience feature: appending the suffix -wipeMe to any file or folder tags it for wiping (“dgl wipe”). All local volumes are scanned for such files in highly efficient fashion, making it convenient to mark many items for wiping, then do it in one invocation.

Other users for wiping free space

As it turns out, my most frequent use of the wipeFree command is to wipe free space on Disk Utility disk images so that they compress down to the smallest possible size (e.g. when I zip compress one for downloading).

See also

Detecting Corruption / Validating Data Integrity Over Time and Across Drives and Backup/Restore

IntegrityChecker verify command
IntegrityChecker

An overlooked aspect of data management is data integrity: are the files intact tomorrow, a year from now, on the original drive and backup drive(s), or perhaps even on a DVD or BluRay. Or after having been transferred across a network.

Knowing that files/data is intact with no damage is a key part of any system restoration/update/backups/archiving. In some situations it could be mandatory (record keeping). The more valuable the data, the more important it is to consider the risks to loss, which include loss by file corruption as well file deletion (not to mention viruses and software bugs and user errors).

“Data” can mean image files (JPEG, TIF, PSD/PSB, etc) or video clips or projects, Lightroom catalogs, etc. Or it could mean spreadsheets, word processing files, accounting data, and so on. Knowing that these files are 100% intact leads to a comfort level in making system changes in storage approaches.

How can data be damaged? Disk errors, software bugs in applications or drivers or the system itself can happen. Moreover, the “damage” could be user-induced: saving over or replacing/deleting a file inadvertently. Simply having a “warning flag” could be useful in noting that “no expected changes” is violated.

For example, suppose that a new computer system is acquired and various drives need to be transferred over. Or that you have upgraded to a newer and larger hard drive. Or swapped SSDs. Or there is a need to restore from a backup. Or that you burned files to a DVD or BluRay—are they intact with no changes? Even RAID-5 with its parity data does not validate files when reading them, and a validate pass is over the entire volume with no selectivity for the desired file(s).

Enter IntegrityChecker, part of diglloydTools: at any time, files of any and all types can be checked against a previously computed “hash”, a cryptographic number unique to the file. If there is a mismatch, the file has been altered, somehow. This check can be made at any time: on the original, or on a 1000th-generation copy of that file. The only requirement is that the hash be computed once and remain in the same folder as the file for later reference.

How it works with IntegrityChecker.

IntegrityChecker computes a SHA1 cryptographic hash for each file in a folder, storing those hash numbers in a hidden “.ic” file within that folder. Thus, all files in the folder have a “hash value” against which its current state can be checked.

The process can be run on folder(s), or an entire volume.

  1. Run Update on the original files (computes and writes the hash values for every file in each folder into a hidden “.ic” file in that folder).
  2. Make the copy or backup or burn the DVD/BluRay or whatever (this naturally carries along the hidden “.ic” file in each folder).
  3. At any later time (tomorrow or a year later), run Verify on any backup or copy (this recomputes the hashes and compares to the values in the “.ic” file).

For example, some pro photographers burn DVD or BluRay discs containing folders on which IntegrityChecker has been run; these discs carry along the “.ic” file in each folder, and thus can be verified at any time. There are numerous such uses.

Usage

Both command line (Terminal) and GUI versions are provided. The GUI is basic, but the internals are what counts: one of the most efficient multi-threaded programs of any kind you’ll ever find. IntegrityChecker runs as fast as the drive and CPUs can go. Available commands include 'status', 'update', 'verify', 'update-all' and 'clean'.

See How to Safely Transfer Data or Verify Backups and also Example of Verifying Data Integrity.

Continues below.

IntegrityChecker reporting on verification results
IntegrityChecker reporting on verification results

Worth doing or happy go lucky?

For many computer users, the consequences are of little importance if a few things go bad: a song, a picture, a particular document; no big deal. But even such users would be upset losing years of photos—bugs in software (gray swan?) can have widespread impact; data integrity checking is a sanity check on assumptions.

But in a financial and obligatory professional duty sense, professionals need to consider the end-to-end processes they use. When data is one’s livelihood, attention to data integrity takes on new importance.

The greater the value of the data and the greater the time span over which the data has value, the more important it is to implement processes that minimize the chances of loss, because over years the storage format is likely to change with transitions and copying, etc. Also, knowing that a backup restored from a crash is valid takes some of the sting out of a crash.

Testing Multiple Drives for Consistency for a RAID or Similar

diglloydTools

Among its many features, diglloydTools DiskTester offers a run-area-test command that can be used for relatively fast characterization of drive performance across its capacity. The results can be graphed to get a good idea of the drive performance.

For example, suppose a high performance RAID is envisioned: one laggard can cut the performance, since the slowest drive determines the peak speed.

As shown below, 8 samples were tested, and one of those eight is a significant laggard; this slower drive is best set aside as a cold spare or backup drive.

While DiskTester can test any number of drives simultaneously (via command line), testing should take care not to saturate the bandwidth; for example four fast hard drives can demand almost all of the Thunderbolt v1 bandwidth, and other devices on the bus could suck up bandwidth, disturbing the results.

Purchase diglloydTools

Click for larger graph.

diglloydTools DiskTester: performance across volume capacity for eight drives; disktester run-area-test --iterations 5 --test-size 4G --delta-percent 5
diglloydTools DiskTester: performance across volume capacity for eight drives
disktester run-area-test --iterations 5 --test-size 4G --delta-percent 5

OWC Envoy Pro 1TB SSD In Stock

OWC has the 1TB Envoy Pro in stock for about $599. MPG has used its 480GB sibling (about $399) for about 18 months now; it is a travel favorite.

See previous commentary and review of the OWC 1TB Envoy Pro SSD.

OWC Envoy Pro 1TB SSD
OWC Envoy Pro 1TB SSD

Possible Work-Around for Spotlight Privacy/Security bug of Indexing Spam Email

See Spotlight Builds in a Feature Spammers Could Only Dream About.

Excluding Junk.mbox (Apple Mail junk mailbox) and Spam.mbox (my favorite spam filter, SpamSieve) might possibly preclude the Spotlight indexing of spammer mail (it’s unclear when exactly the indexing occurs and/or whether it might vary).

See How to Exclude Items from Spotlight Search. The mailboxes are found inside your Mail folder (inside the user home folder). Look around for each account and you will find them. Drag these into the Privacy tab.

852
Exclude Junk.mbox and Spam.mbox from Spotlight searches
Exclude Junk.mbox and Spam.mbox from Spotlight searches

Spotlight Builds in a Feature Spammers Could Only Dream About

How would you like it if every spam email you received reports your IP address back to the spammer who sent it? Even if you never see the email, never open it, never view it?

That’s apparently what Apple’s Spotlight does at present. More Apple Core Rot, but this time with a security/privacy twist. Macworld Magazine reports:

OS X Spotlight Search glitch can expose private details of Apple Mail users

At the moment, the only way to work around the issue seems to be to uncheck the “Mail & Messages” box for Spotlight in System Preferences. When this option is disabled no mails are returned in Spotlight’s search results, and thus, no preview is shown.

This is just plain sloppy engineering by Apple. With a fixed release schedule, not a little manure has to get shoveled out along with the hay. Where is the security review team in all this (is there one?).

The workaround is a disaster: MPG uses search within mail many times a day and receives dozens of emails from spammers a day. So either no search, or let the spammers have a field day/week/month until Apple gets it sh*t together.

Update: Possible Work-Around for Spotlight Privacy/Security bug of Indexing Spam Email.

Update 2: the scope of the issue may well be less than MPG originally understood. MPG understood the issue as happening with indexing, but it might actually be restricted to when searching (by the user) actually occurs and previews are shown. If so , the scope of the issue is much reduced, and we can all breath a lot easier. Still, the bug should be fixed, because searching by its nature pulls in just about everything. So the workaround above still has some value in sidestepping the issue.

...

Virtually all users have Spotlight indexing their mail. And because junk mail has things like tiny hidden images (you can’t see ’em), when loaded, every spam receive reports the computer’s IP address back to the spammer, telling the spammer you are a “live one”. Spammers might think they’ve died and gone to spammer heaven in terms of culling email lists for known-good emails.

But it’s not just spammers: consider for example that any forwarded or replied-to email would let the orginal sender know just what IP addresses it landed at, even if never opened or viewed (because of Spotlight loading images while indexing). That’s nasty. For security in government and corporations, this gets interesting. There may be other unforseen implications as well. In MPG’s view, this bug ought to be a top priority fix, or Apple is in effect an accessory to unsavory actors.

The serious bugs, and degraded usability in the past few OS releases are seeing a rising tide of criticism, but MPG posted Apple Core Rot a year ago, after watching it rot develop for 2-3 years prior. MPG’s view is that good judgment is in very short supply at Apple these days. This is not a bug out of the blue; a good software engineering team needs a core set of experienced engineers skilled in security and privacy issues. Someone had to write that code to load those images in emails. This and many other recent issues show slipshod software development practices extant today at Apple.

Tim Cook has emphasized how much Apple values your privacy, but can he be taken seriously when this kind of sloppy engineering is happening on his watch? Big flashy statements are easy to make. But engineering an operating system to deliver on promises requires sober thought and experienced judgment.

See also:

OWC Announces 'Transwarp', Combining the Speed of SSDs with the Capacity of Hard Drives

MPG was keen on seeing the Transwarp project come to light, having been modestly involved at an early stage with the SoftRAID folks developing it.

In MPG’s view, Apple’s 'Fusion' was a half-baked dumbed-down solution with reliability concerns as well as low-end performance and strictly limited options and data destroying bugs). MPG’s view is that Transwarp will do it right.

OWC Previews Revolutionary Transwarp Software — Instant SSD Cache Solution for Use with Any Hard Disk Drive — First Look at OWC’s CES Booth #30572

Woodstock, IL – January 7, 2015 – Other World Computing (OWC), a leading zero-emissions Mac and PC technology company, today announced Transwarp, a revolutionary software solution that redefines traditional hard drive performance.

Utilizing any SSD as a removable, flexible cache, Transwarp magically brings the incredible performance of solid state drives to any high-capacity hard drive. Transwarp will be available for preview at CES 2015 at OWC’s booth #30572 and is slated for release later this year.

Key Features:

  • Combines any SSD and HDD into an intelligent, fast volume
  • Achieve the incredible speed benefits of SSDs with the capacity of traditional hard disks
  • Quick and easy set-up
  • Maintains all data on the HDD
  • Compatible with any filesystem supported by OS X

With just a few clicks, combine any SSD and hard drive into a Transwarp drive -- an optimized volume that provides a user with near-instantaneous access to their data. Transwarp intelligently caches the most frequently and recently accessed parts of the volume onto the SSD, vastly improving overall performance while safely maintaining a complete copy of the volume’s information on the hard drive.

Transwarp is unique in that it allows the SSD caching drive to be removed without damaging the volume or compromising any data on the hard drive, and unlike conventional cache, Transwarp persists even when the power is turned off. Once the SSD is reconnected, Transwarp seamlessly picks up where it left off, making it a great option for laptop users looking for the flexibility to be light on the road, but fast at home or in the office. Converting a drive from Transwarp happens as quickly as it is created, returning both drives to regular volumes within minutes.

Developed by the same team that brought SoftRAID to the Mac, Transwarp is set to revolutionize the possibilities of hybrid drives.

“Transwarp is an exciting and innovative software solution giving Mac users the best of both worlds in terms of performance and capacity, while maximizing flexibility and data integrity,” said Larry O’Connor, Founder and CEO, Other World Computing. “We’re excited to offer an exclusive first-look at OWC’s CES 2015 booth.”

OWC Announces the 'Viper', a Capacious Blazingly Fast SSD for High-End Video and Similar Demanding Uses

MPG has been hoping to see a mainstream high capacity and high performance SSD offering for well over a year now. OWC is soon to offer such a product. Pricing has not been announced.

  • 4TB and 8TB capacities.
  • Up to 1400MB/s via Thunderbolt 2.
  • Optional RAID 4 Edition includes revolutionary SoftRAID, optimized with RAID 4 specifically for SSDs.
  • Daisy-chain support for additional Thunderbolt technology enabled devices
    Variable-speed fan and aluminum flow-through design for quiet cooling

RAID-4 has the same fault tolerance properties as RAID-5, but is proven to be faster in MPG tests. Hence OWC is going with RAID-4.

With this SSD capacity, it becomes possible for 99% of users to run an SSD-only system, using hard drives only for backup purposes. Look for an early test here at MPG.

Note: “dual thunderbolt interfaces” as stated below means simply dual Thunderbolt 2 ports, so the unit is daisy-chainable.

CES 2015: OWC Announces Viper Pro Thunderbolt SSD External with Thunderbolt 2

Tuesday, January 6th, 2015

Other World Computing today at CES announced the Viper Pro SSD external drive with Thunderbolt 2 technology. OWC Viper Pro Thunderbolt SSD features dual Thunderbolt 2 ports, offering extreme performance with phenomenal sustained speeds up to 1400MB/s, ideal for bandwidth-intensive workflows like professional content creation.

The Viper Pro Thunderbolt SSD will be offered in two models, the Viper Pro Thunderbolt SSD and Viper Pro Thunderbolt SSD RAID 4 Edition, with capacities up to 8TB. The RAID 4 Edition is powered by the SoftRAID engine preconfigured in RAID 4 for an optimized combination of speed and redundancy. RAID 4 provides the data integrity benefits of RAID 5 without sacrificing the incredible performance of SSD technology.

Now More Users Can Experience the Full Potential of Thunderbolt 2 Technology
The Viper Pro Thunderbolt SSD is designed with 4K workflows in mind. Industry professionals working in video capture and editing, media transcoding, audio processing, and large scale data processing will find their current productivity levels catapulted to new heights. Challenging conventional perceptions of desktop storage, the Viper Pro Thunderbolt SSD is custom-engineered with the power and reliability of Thunderbolt 2 technology. To further enhance your workflow, simply daisy-chain multiple Thunderbolt devices including displays, audio interfaces, and additional Viper Pro SSDs.

Pricing and Availability

More information about the release of the OWC Viper Pro SSD will be announced in 2015.

Features

  • 4TB and 8TB capacities
  • Speeds up to 1400MB/s
  • Dual Thunderbolt 2 Interface
  • RAID 4 Edition includes revolutionary SoftRAID, optimized with RAID 4 specifically for SSDs
  • Daisy-chain support for additional Thunderbolt technology enabled devices
    Variable-speed fan and aluminum flow-through design for quiet cooling
  • 3-year limited warranty

“At OWC we are constantly looking for ways to push the boundaries of innovation to deliver the ultimate in storage solutions for creative professionals. We are thrilled to reveal our latest addition to the OWC family of SSD products, the Viper Pro SSD,” said Larry O’Connor, Founder and CEO, Other World Computing. “You will be amazed by what you can achieve with the performance of the high-powered Viper Pro SSD with sustained speeds up to 1400MB/s. We look forward to seeing you at CES 2015!”

Arment: “Apple Has Lost the Functional High Ground” and then regrets

MPG has been writing about Apple Core Rot for a year now, and longer before making it explicit. Lately, there are so many dozens of specific issues that could be documented in OS X Yosemite that weeks could be spent documenting them. While adding the numerous examples to Apple Core Rot would strengthen the piece tremendously, MPG has useful work to do.

BTW, my Apple Mail VIP list has been deleted about fifty times now. Uncle.

Rising tide

Developer Marco Arment wrote a strong piece that MPG largely agrees with, even though it misses the mark in some areas and lacks specific examples.

Apple has lost the functional high ground

Mr. Arment then undermines his own credibility:

What it’s like to be way too popular for a day

Instead, I looked back at what I wrote with regret, guilt, and embarrassment. The sensationalism was my fault — I started it with the headline and many poor word choices, which were overly harsh and extreme. I was being much nastier and more alarmist than I intended. I edited some words to be more fair and accurate, but it was too late. I can’t blame the opportunists for taking the bait that I hastily left for them.

What a shame. The original post accurately describes the current state of Apple softare “progress”, but one voice that had much wider reach than MPG has deeply undermined his own credibillity, relegating himself to a future in which one must needs ask “did he really mean what he says, or will a retraction be coming soon?”.

Related

by Craig Hockenberry: Death by a thousand cuts

by Glenn Fleishman: THE SOFTWARE AND SERVICES APPLE NEEDS TO FIX

New CPU Options / Revised Mac Pro?

Intel should soon be releasing a minor revision of Xeon CPUs suitable for the Mac Pro. The new CPUs will allow marginally faster memory and slightly higher clock speeds for some parts, as well as up to 18 CPU cores on one chip.

In terms of performance vs current offerings, the new CPUs are of marginal interest. That is, unless Apple chooses to offer up to the 18 core option, which could be attractive for those looking for maximum grunt for things like video processing. But an 18-core CPU is ~$4700 for the CPU alone (Apple would get it in quantity for less, but it would surely not be sold for less than that in the Mac Pro). Of course, a “pro” Mac Pro would allow dual 18-core CPUs for 36 real cores, along with memory slots for up to the 768GB of memory the CPU is capable of addressing.

There is an outside chance that Apple will do something “interesting” in a revised Mac Pro (non CPU stuff). Possibilities could include higher capacity SSD options, revised GPUs, early support for emerging video standards (e.g. 5K), or a larger trash can supporting dual CPUs and more memory (highly unlikely in the current consumer driven approach).

Pathological Network Performance in Apple OS X

This is a technical piece safely skipped by most readers.

Apple throws resources at eye candy frippery in the OS, while leaving critical areas in serious “AWOL reliability” territory. More Apple Core Rot.

Your author spent about 14 hours tracking down an OS X performance bug while testing very high server loads (48 client threads from two machines with 12 cores total on local LAN gigabit against a highly optimized Tomcat web server). The test scenario involved 5000 to 15,000 client hits against the server per second, reaching up to 87MB/sec in delivering ~2K to ~40K HTML files to the client machines.

In a nutshell, the OS X networking stack enters a pathological performance situation which essentially shuts down all networking capability for ~30 seconds at a time (“AWOL ~30 seconds”). That is, with the default networking buffer sizes (ncl=131072 seems to be the default buffer size = 256MB memory). The performance bug was reproduced using the server on an 8-core 3.3 GHz Mac Pro, 2-core MacBook Pro, 4-core MacBook Pro and 4-core MacBook Pro Retina (16GB for the laptops, 64GB for the MacPro, total memory not relevant, ample to spare). Observed on OS X 10.10.1 and 10.8.5, so it is not a new bug.

When the system locks up its networking stack, netstat shows something like this (100% in use was also seen).

diglloydMP:MPG lloyd$ netstat -m

24615/24615 mbufs in use:
24565 mbufs allocated to data
50 mbufs allocated to socket names and addresses
712/712 mbuf 2KB clusters in use
19884/19884 mbuf 4KB clusters in use
2730/2730 mbuf 16KB clusters in use
131754 KB allocated to network (99.8% in use)
0 KB returned to the system
0 requests for memory denied
1038 requests for memory delayed
226 calls to drain routines

Ruling out many things and tearing out much hair, it became clear that the problem was in the OS itself. Much experimentation found that increasing the networking buffer memory to 512MB (ncl=262144) resolved the issue, at least with 48 client threads over local gigabit LAN hitting the server from a total of 12 cores on 2 clients.

Doubling the memory for the networking buffers almost entirely (but not quite) solves the problem:

sudo nvram boot-args="ncl=262144" (reboot required)

Note that ncl is a maximum and that the system dynamically allocates memory as needed up to that maximum, so that netstat -mm will show much smaller memory usage until a load is applied. Attempting to use 384K buffers hosed the networking stack. ncl=262144 might be the hard limit.

With the larger buffers in place, the system was able to handle the test load, but attempting to use more buffer space makes the networking stack fail entirely (dead). In short, OS X can barely handle gigabit ethernet speeds with a high volume of relatively small requests (4K to 40K typical). A toy OS for serious use. This explains some head scratchers MPG has seen in the past: a fundamentally broken OS X networking stack that goes AWOL for ~30 seconds at a time if the load is too high.

With ncl=262144 (256K buffers X 2K per buffer = 512MB memory) and 48 client threads over local gigabit LAN 99.6% utilization was seen, with no AWOL networking stack. The figures shown below are not the highest utilization observed, but are close.

netstat -mm
class buf active ctotal total cache cached uncached memory
name        size    bufs    bufs    bufs    state   bufs    bufs    usage
———-        —–      ——–     ——–     ——–     —–      ——–     ——–     ———
mbuf        256     83190   14688   86000   on      345     2465    3.6     MB
cl          2048    19213   609     19822   purge   0       609     1.2     MB
bigcl       4096    52099   0       52099   purge   0       0       0
16kcl       16384   10922   0       10922   on      0       0       0
mbuf_cl     2304    19213   19213   19213   purge   0       0       42.2    MB
mbuf_bigcl  4352    52099   52099   52099   purge   0       0       216.2   MB
mbuf_16kcl  16640   10922   10922   10922   on      0       0       173.3   MB
17654/83190 mbufs in use:
17307 mbufs allocated to data
347 mbufs allocated to packet headers
65536 mbufs allocated to caches
19213/19822 mbuf 2KB clusters in use
52099/52099 mbuf 4KB clusters in use
10922/10922 mbuf 16KB clusters in use
447022 KB allocated to network (99.6% in use)
0 KB returned to the system
0 requests for memory denied
0 requests for memory delayed
4 calls to drain routines

Z C writes:

About your article, and what things are shaping into, it seems lessons have not been learned.

I worked for over 25 years in Mainframe datacenters. When IBM introduced Z/OS, replacing MVS and consolidating the move to 64b architecture, they too came out with very frequent upgrades to their OS. Many BIG PROBLEMS emerged in enterprises and companies that invest millions of $$$ in IT, and we, the tech. systems guys, were struggling with stupid bugs and serious performance/workload issues. The icing on the cake came when we upgraded our CPU and it came with a microcode so advanced... that did not support our current OS version (about 2 releases, 1,5 years behind the then latest version)… What was to be a simple 16H weekend intervention turned into a nonstop 72 hour party, with weeks of aftermath…
This was the beginning of the end for me in the IT business...

Seems that the need to push people to buy new HW moves this? I understand that maintaining legacy products is expensive, and that change is good. But abandoning the use of CD/DVD drives is one thing, another is forcing changes in the OS so as to sell new HW. I think everybody who is or has been in the IT world is preoccupied now at what Apple will do next with OSX.

MPG: history repeats itself in core issues. OS X Yosemite is not exactly “Vista”, but maybe we’re headed that way.

Spotlight: Brain-Dead Search Priorities

Your author writes a fair amount of code in the Java programming language, and frequently uses Spotlight to open the desired “.java” source file.

So it’s maddening that Apple Spotlight chooses to present binary files as top picks over corresponding source files. For example, favoring “.class” files over “.java” (.class is a compiled .java file)—a useless and distracting behavior.

Spotlight also frequently prioritizes a filename found within an email or other file rather than the source file itself. So “HTMLRewriteFilter.java” buried in an email (or this web page!) is often prioritized in the list over the file itself. What sense does that make when there is an *exact* match on the file name?

It’s 2015 and it seems that all intelligent work on Spotlight has ceased, with the new Spotlight search dialog adding unhhelpful visual distractions and yet going backwards on useful behavior.

Moreover, the Spotlight preferences are a dumbed-down child’s version of something that might be useful if done properly. And so MPG is looking into a way to say “do not find or show .class files” and similar things, because the Spotlight search preferences are almost entirely useless (except for disabling entire classes of refuse).

644
Spotlight prioritizes binary compiled files over the source file
Spotlight prioritizes binary compiled files over the source file

Attempting to help things along, Spotlight fails utterly: as shown, the file “HTMLRewriteFilter.java” exists and its type (kind) is obviously java (specifying “.java” fails the same way).

532
Specifying kind of “java” finds nothing (this file exists)
Specifying kind of “java” finds nothing (this file exists)

Chris R writes:

What also is really annoying with the new Spotlight is the inability to be able to move the actual Spotlight box around the screen once it’s opened!, it’s fixed so if, for example, you were copying a field from a box behind spotlight, you
have to close Spotlight down to view it!

MPG: I’d like it on my 2nd display. Apple golden rule: “Use not more than one display or drive or iDevice, or thou shalt be punished mightily in all behaviors small and useful, for The Apple believes in The One Shall Rule All Testing Protocols”.

John W writes with the suggestion to use:

For the Spotlight search you're attempting, it works much better to use the query:

name:HTMLRewriteFilter.java

This limits the search to filename metadata, versus the full metadata+contents index. That neatly avoids the false hits you describe, since those are all content-based hits (e.g. from emails, blog posts, etc.). Command-line (Terminal.app) users can perform this same search as:

mdfind -name HTMLRewriteFilter.java

Also highly relevant to developer workflow is mdfind's -onlyin flag, which limits the search to the specified directory.

MPG: this is a helpful suggestion. But it begs the question: if a filename matches exactly, why can’t Spotlight just work properly rather than always having to type "name:". For that matter why can’t there be some preferences or a checkbox or similar which remembers its state: why do I have to type "name:" 100 times a day? I created these aliases for use within Terminal

alias mdf="mdfind"
alias mdfh="mdfind name:.html"
alias mdfh.="mdfind name:.html -onlyin ."
alias mdfj="mdfind name:.java"
alias mdfj.="mdfind name:.java -onlyin ."

It’s a pity that such behavior cannot be set as a preferences in the GUI Spotlight search, or as pre-canned searches. Apple thought is only as deep as the skin of an Apple these days.

Upgrade to a 1TB Internal SSD in MacBook Pro Retina, MacBook Air

OWC Thunderbolt 2 Dock, specifications
OWC 1TB upgrade for
MacBook Pro, MacBook Air

This recent announcement snuck up on MPG, but it’s significant for those who like to carry much of their “world” with them.

Too small an SSD inside your 2012/2013 MacBook Pro and/or MacBook Air 2008-2012?

Install the existing SSD into a compact Envoy Pro case, replacing it with a 1TB internal SSD (or 480GB or 240GB).

For example, a 1TB upgrade for the 2012/2013 MBP is $549 or $599 with tools and the Envoy Pro external case (for the prior SSD).

The MPG 2013 MacBook Pro Retina still does a great job*, so it’s nice to know that an internal SSD option is available. The CPU is amply fast for most all workflows.

* The 2014 MacBook Pro Retina has no material speed advantage over the 2013 model, no reason to upgrade on that account.

Tested: OWC Thunderbolt 2 Dock

Laptop users will find the OWC Thunderbolt 2 Dock at $249* especially useful for a home docking station.

Review of the OWC Thunderbolt 2 Dock

MPG now has the OWC Thunderbolt 2 Dock in active use and so far operation has been flawless using its gigabit ethernet port and also in driving a 4K display at 60 Hz. And yet two free Thunderbolt ports remain available: one on the MacBook Pro itself, and another on the dock.

* December shipment sold out, OWC is taking orders for January delivery.

OWC Thunderbolt 2 Dock, specifications
OWC Thunderbolt 2 Dock, specifications

OWC Envoy Pro 1TB SSD

A compact form factor and MPG’s favorite travel SSD (the 480GB Envoy Pro EX for about 18 months now), OWC now introduces a 1TB Envoy Pro.

OWC Mercury Envoy Pro 1TB USB3 SSD

Its attractive form factor and performance is matched by its $599 price. The convenience of bus power provided by the supplied short USB3 cable makes it an ideal on the go drive.

Price/performance/capacity context: taking the Kingston Data Traveler HyperX Predator 1TB (about $997) as an example of a compact alternative: the Kingston requires a short USB cable because it won’t allow a thinner laptop to lie flat, and it could block other ports. And the Kingston performance is lower and it is priced much higher.

OWC Envoy Pro 1TB SSD
OWC Envoy Pro 1TB SSD
1728 | 2592 | 3456
disktester run-sequential-suite — speed vs transfer size; OWC Envoy Pro 1TB SSD
disktester run-sequential-suite — speed vs transfer size
OWC Envoy Pro 1TB SSD

 

Elgato Thunderbolt Dock for $135

It’s not Thunderbolt 2 like the OWC Thunderbolt 2 Dock, but OWC has the Elgato Thunderbolt Dock at $135 ($115 off). It makes a fine unit for many purposes (features two Thunderbolt and three USB 3.0 ports, built-in HDMI and Gigabit Ethernet, as well as separate microphone input and audio output).

See also all the OWC end of year cyber savings items.

Taxes: Section 179 for Small Business Owners (Accelerated Depreciation)

MPG is not a tax adviser, this is FYI ONLY. Consult your own tax adviser. See also Section 179.org.

For a small business owner, the US federal tax code contains a benefit that Congress belatedly renewed late this year: Section 179 of the internal revenue code.

In essence, you can write off depreciable assets acquired and put into service in 2014 as expenses up to a limit of $500,000. Any small business that needs a new computer, office gear, camera, or any normally depreciable asset might consider making those purchases (and putting them into service) that gear by Dec 31, 2014.

iTunes Won’t Sync Any Contacts to iPhone

All contacts destroyed on iPhone

One more rotten spot in the core.

Today the interface disaster that is iTunes wiped out all contacts on my iPhone.

I tried rebooting the computer, rebooting the phone, syncing half a dozen times. All my contacts in the Contacts app on the Mac are there, but the iPhone has none in spite of syncing. So this bug rendered my iPhone marginally useless; all the numbers are gone.

Attempts at syncing contacts with iTunes
fails with any combination of settings

Next I tried my other iPhone. iTunes did not wipe out the contacts on it, but it also fails to sync (a new contact does not show up on the phone).

In MPG’s view, this sort of behavior represents the rotting software base that Apple ships to customers routinely these days. The OS is permeated by dozens of “small” issues like this.

Tried and failed

#0 FAIL: all those sync attempts above.

#1 FAIL: I also tried this including rebooting and trying again—FAIL.

defaults delete com.apple.SyncServer SyncServicesResetWorldRunOnce

#2 FAIL: Remove sync data, reboot. Waiting 3 hours for “step 3 of 4” to finish is too long. Hung / no good.

rm -rf ~/Library/Application\ Support/SyncServices/

#3 SUCCESS: complete wipe of iPhone 5s to factory settings.

The final solution

Kenneth C writes:

I was just helping my mother with this exact issue about syncing contacts between the Mac and the iPhone 6. On your Mac you have to make sure that all of your contacts are listed under the "On My Mac" category within Contacts (it can be found in the left sidebar). The default subgroup is called "All on My Mac". Only then will your contacts sync to the phone.

MPG: Why should Ken have to help his mother or I have to help an older friend of mine? Because the design itself is a confusing cluster**** mess. iCloud is a pox on usability in general.

In my case, I had iCloud off, and there is only "All Conttacts". I also tried turning iCloud on, and plenty of contacts in both. The sync failed in both/all cases.

TESTED: Kingston HyperX 128GB Data Traveler USB3 Thumb Drive

Compact storage for critical files can go into a pocket or safe deposit box or briefcase and so on—which is why MPG acquired the Kingston HyperX 128GB Data Traveler.

Kingston HyperX 128GB Data Traveler USB3 Thumb Drive

Kingston HyperX 128GB Data Traveler USB3 Thumb Drive
Kingston HyperX 128GB Data Traveler USB3 Thumb Drive
1728 | 2592 | 3456
disktester run-sequential-suite — speed vs transfer size; Kingston HyperX 128GB
disktester run-sequential-suite — speed vs transfer size
Kingston HyperX 128GB

Year End Computer Purchases: Consult

Charles (4 Mac Pro systems) writes:

I did a back of the envelope calculation, it looks like you saved me about $15,000 total for the four systems.

I don't know how to put a value FastRawViewer but it looks like a game changer for me. It is faster than I can use even on my notebook. Wow!!!

MPG: I like to save my consulting clients money.

Adele writes:

I have a 2009 Mac Pro (4 drives plus a four drive enclosure for backup plus other off-site backup) and a 2010 MacBook Pro, both of which likely need to be replaced.

My accountant has suggested that I do this before year end.

MPG: The tax year is indeed about to close. My consulting hours are flexible, and I work with clients all over the world. While I don’t Skype myself, clients can skype to me from virtually anywhere.

Apple Core Rot

Forbes weighs in a nearly year after I first wrote Apple Core Rot, though Mr. Kosner seems to have missed MPG entirely. MPG doesn’t need a chorus to recognize trends early.

Declining iOS and OS X Quality Imperil Apple's Future Growth And Retention

The iPhone 6 has set sales records since its first week of release and led to Apple’s most profitable quarter ever. There have been some bumps in the road, but the market—and Apple’s customers—continue to have that loving feeling. What could possibly go wrong?

In a word, software. A growing chorus of developers and Apple-watchers is raising the alarm that the buggy releases of iOS 8 and Yosemite are part of a systemic decline in the quality of Apple’s software. The now-yearly release schedule for both iOS and OS X combined with the increasing complexity of the overall Apple ecosystem have put a strain on its engineers, these voices say.

MPG: A strain on engineers without a doubt.

But how about a strain and constant headache for users who actually have work to do, and developers? The schedule-driven worm-eaten OS X upgrades are getting old for their newness. A barrage of updates for this and that baffles an older friend of mine (and feels like a hassle to me). This ain’t no toaster; it’s a demanding taskmaster that delivers burned spots on the toast.

Today, OS X is a forest after rain—mushrooms sprouting, singly and in clumps (inedible ones). The genius that carried Apple has departed. In its place is the conductor of a million-ton train by a leader whose abilities are of another nature entirely. But friction will prevail, especially self-inflicted friction, if not corrected. Praise lavished on Apple designers now goes beyond accolades to acolytes. Truly elegant form is manifest in bringing flawless function to fruition, but are we now at the stage of “outstanding form, good enough function” so as to drive the profit train?

Apple Core Rot is accelerating. I deal with it every single day many times over. Stuff that worked for years breaks, while new visual crapware is piled on endlessly. Apple Mail deletes my VIP list every day, file open dialogs are sluggish in most programs, to 4-8 second delays in DreamWeaver and with display glitches. APIs are removed breaking apps some users depend upon. In 10.10.1, Apple broke display scaling APIs in 10.10.1 leading to all sorts of issues with Photoshop and dual and 4K displays, so much so that I cannot use a large 4K display as the main screen and still with problems as a 2nd.

The OS X file system, a critical layer of OS X still has a nasty bug I reported to Apple a year ago. Individual sites regularly hangs on my Mac Pro even while working fine on the same connection at the same time on my MacBook Pro. GPU support broken for months with the 2013 Mac Pro last year, the usability kitchen sink abomination that is iTunes, the pathetic Apple Calendar, the annoying 20-prompts-in-a-row demands to login to iCloud—it’s about crappy little stuff too. Crapware sprinkled in little bits all over the place. I’ve just given up documenting and reporting the are too-many issues—I have real work to do.

The level of sophistication required today to use OS X and even iOS has crept steadily higher; this is self evident whenever I work with an older friend; it has almost become unusable for some tasks—the assumed skill level is too high a bar. The young generation designing more and more fails to understand that less is more. Perhaps it’s a brain disconnect, quite literally, with brains trained by the tens of thousands of hours staring at electronic gadgets.

Don’t get me started on the dumbing-down of Apple hardware; a Mac Pro that is not pro, dual core limits on formerly 4-core machines (MacMini), all in one models that preclude significant upgradeability, a fixed 16GB memory limit on laptops, 32GB on iMac, 64GB on “pro”. The bar keeps coming down for capabilities.

As for iOS, gratuitous visual changes are forced upon users along with changes that impair readability for those of us with older eyes. Its core function of being a phone is compromised, and capabilities I’ll never use are forced into key parts of the UI. This is not elegance or usability; it is a failure to innovate, and it started several years ago.

Windows? Heck no, not yet, lesser of evils principle applies there.

Stan B writes:

Couldn’t agree with you more. I haven’t upgraded to Yosemite yet because of obvious, widespread user problems in forums.

iTunes and IOS are exercises in frustration for what used to be simple and intuitive. It’s sad to see the proliferation of crapware and the lower bar for quality.

MPG: a dissonant mass murmuration is developing, faint though it is relative to the massive sales engine that is Apple today.

Mitch Z writes

I completely agree with your comments and observations.

I have worked on Macs one way or another since learning Basic on an Apple IIe back in the early 1980s, and am currently part of a small team supporting 1,500 Macs in an enterprise environment. I thought it was brilliant when Apple moved to OS X, and the stability of it convinced me to finally move all of my home systems over to Macs about the time that Microsoft Vista came out.

But not now. Over the past few years I've been seeing much the same sort of behavior as you:

0 OS X instability -- particularly with Yosemite, which I find to be about as stable as Win98. Seriously, system lockups and the black-screen-of-death on simple web page loads with Safari? WTF, Apple! Where's the legendary UNIX stability of BSD now?

- GUI design decisions that make no sense from a usability perspective and break workflow routines.

- Continued problems with Thunderbolt connections to external peripherals, particularly large screen monitors (why do we even see this happening with Apple displays? There should be NO compatibility issues with gear from the same vendor).

- iCloud prompts are an immense aggravation with the frequent password changes required in the enterprise environment.

- Enterprise support from Apple is laughable (even our Apple account reps tell us that there isn't any, because they have largely transitioned over to being a consumer mobile device company now).

Bugs? What bugs? Apple won't acknowledge bugs in their products. As you noted, the bar being lowered for both hardware and software (Aperture anyone?), but yet the prices have skyrocketed in recent years. My wife needed her 5-year old MacBook Pro recently refreshed and I gave her a choice -- a MacBook Pro workhorse at $2,848, or a Win7 laptop with even better specs for $899. She went with the Windows machine.

Based upon my recent OS X and iOS experiences with new hardware purchases both at home and at work, I'm going to begin switching back to the Windows camp with my home computers. I don't know what I'll do about phones next year, but I'm presently of the mindset that they'll be something other than an iPhone.

MPG: MPG is not advising switching to windows, but this note points out how Apple is now a consumer gadget company: hitting on all cylinders in that regard, but also turning off various classes of professional users by dumbing down hardware and destabilizing the platform for professionals.

Workflow: iPhoto was once slightly useful, but is now a disaster. Aperture has been killed, Final Cut was the best out there, but users turned away in droves when arrogance made it incompatible with prior version (see note below), the unwanted iCloud password prompts are indeed intensely irritating (multiple phones and Macs), many my Mail VIP list gets deleted every day (unless iCloud is used!)

William H writes:

I’ve said it before and I’m saying it again, the radical overhaul (demolition?) of the best professional editing software Final Cut Pro and the end of support for Aperture clearly moves the Mac OUT of the professional domain as far as I’m concerned.

These were once the BEST applications, so why kill them? WHY? The only answer can be (unless we consider sheer reckless stupidity …which might actually be the case) is the drive for profit from constantly upgrading (enforced redundancy) rather than innovating. And by innovating I mean sincere innovation that actually improves the product rather than ruining it - an alien concept for the rotting apple.

And I am constantly screaming at the 10.9.4 for doing something that costs me time rather than saving, especially when I have to find out what the thing has actually done such as an application suddenly hogging the full screen or whatever so I can’t get to my other applications.

Now, back to Aperture… WHY? Just WHY? I know Aperture isn’t everybody’s favourite and I know some nit-pickers noted the noise reduction was a tiny bit better with Lightroom (I’d guess non-professionals to which I’d say ‘learn your business and take better photos in the first place’) but I can still import, retouch and export top-quality work from Aperture in a fraction of the time it takes with LR. I know. I do it everyday and I HAVE tried LR many times. LR is 3rd-rate by comparison. So, WHY? WHY? What are you thinking, Mac? WHY?

MPG: professional users have very different requirements from those with time to kill with movies and music and selfies.

TESTED: Hitachi HGST Deskstar 6TB NAS Hard Drive — Fastest Yet!

The Hitachi HGST Deskstar 6TB NAS hard drive is a superb performer—the fastest ever tested by MPG. About $319.

Hitachi HGST Deskstar 6TB NAS Hard Drive

This drive is incorporated into an OWC Thunderbay 4 solution (at about $2099 for 24TB solution) and also the RAID-5 24/18TB edition (at about $2279).

1728 | 2592 | 3456
Sequential read/write performance of Hitachi HGST Deskstar 6TB NAS Hard Drive; MB/sec for 1000 files across the 6TB capacity; disktester fill-volume
Sequential read/write performance of Hitachi HGST Deskstar 6TB NAS Hard Drive
MB/sec for 1000 files across the 6TB capacity
disktester fill-volume
1728 | 2592 | 3456
Speed vs transfer size of Hitachi HGST Deskstar 6TB NAS Hard Drive; disktester run-sequential-suite
Speed vs transfer size of Hitachi HGST Deskstar 6TB NAS Hard Drive
disktester run-sequential-suite

Troubling Precedent: Apple Pushes Security Update Without User Permission (NTP Security Flaw)

A disturbing precedent was set today in which Apple auto-installed (without notice or permission) OS X NTP Security Update.

Yes, I wanted the update and kudos to Apple for patching this bug quickly, but my computer is my property, and never mind whatever legal excrement Apple mixes into the OS X license, I do not grant Apple the right to invade my computer, no matter what the goal. The ends do not justify the means.

352
Apple pushes update without permission
Apple pushes update without permission

The update is not even listed in the Updates section of the App Store app on my Mac. Which in itself was a source of concern. How would one know it is legitimate unless by reading the news?

Update: see App Store preferences at end.

Bars always get pushed lower, not higher; lines once crossed are more easily crossed the next time. There is absolutely no reason that Apple could not respect users enough to post a warning, asking for permission to install the fix. But this is coming from the same company that forced unwanted U2 albums into users accounts. And so, MPG increasingly distrusts the judgment and ethics now at the helm of Apple.

Consider also that any update mechanism capable of pushing updates without user permission is in itself a massively juicy prize that any hacker worth his/her salt would love to snag. Moreover, all software code has bugs. These reasons alone are enough to warrant the removal of the capability entirely.

MPG calls upon Apple to defeat the ability in OS X to make any auto-push update of any kind—remove the code so as to remove the risk.

Finally, consider a secret court order that instructs Apple to push an “update” that has, say, a bit more than one wishes for? Pick your country, USA or otherwise. All such prospects are chilling.

App Store preferences

Several readers wrote to educate me on the App Store preferences. They should be in the App Store app, right? Wrong. They are in System Preferences.

Such a step backwards—I could understand Software Update... just fine. But I don’t think of the App Store app as system software. Had me fooled for sure. And why can’t one preferences for App Store in the App Store app? Disjointed design.

In the past, I’ve unchecked every box except the download one, but I have noticed Apple resetting various preferences with system updates. So it seems that the auto push was enabled, probably at the 10.10.1 update. I certainly have never enabled the setting.

So I’ve now unchecked the Install system data files and security updates choice.

Apple pushes update without permission
Apple pushes update without permission

Year End Computer Purchases: Consult

A consulting client writes:

I have a 2009 Mac Pro (4 drives plus a four drive enclosure for backup plus other off-site backup) and a 2010 MacBook Pro, both of which likely need to be replaced.

My accountant has suggested that I do this before year end.

MPG: The tax year is indeed about to close. My consulting hours are flexible, and I work with clients all over the world. While I don’t Skype myself, clients can skype to me from virtually anywhere.

Suggested Boot/Master Volume Partitioning for Large SSD

How to use all that fast SSD space?

Suggested Boot/Master Volume Partitioning for Large SSD

Partitioning the OWC Aura SSD for 2013 Mac Pro into two volumes
Partitioning the OWC Aura SSD for 2013 Mac Pro into two volumes

OWC Turnkey Upgrade Program for Mac Pro

OWC’s Turnkey Upgrade Program for Mac Pro delivers CPU, memory, SSD and storage upgrades in one “do it all for me” program, supported by a vendor committed to Macs, the most recent addition being the 1TB or 2TB SSD options.

Virtualization for Safer Software Updates

Regarding, Procedure for Minimizing Risks with a Software Updater that Runs as 'root', Mark A writes with an excellent excellent suggestion of using virtualization via VirtualBox for the temporary bootable system:

I know this is obvious to you, being a software engineer like I am, but your readers may benefit from the understanding that a virtual hard drive can have its changes "rolled back" for free after such a potentially dangerous upgrade and restored to a condition ready for the next one.

Mac OS X is on the official virtualbox list of supported guest OSes. It's just a "normal" EFI-booted Intel OS. I believe Apple changed their license policy for hosting in a VM back in the Lion days.

https://www.virtualbox.org/wiki/Guest_OSes

There's the longer, hackier way ala http://www.robertsetiadi.net/install-os-x-virtualbox/

Or the way you suggest creating a pristine install and where I'd add a last step to clone the raw drive into a dmg image and then to a virtualbox image via https://www.virtualbox.org/manual/ch08.html#idp59618720 so something like

$ VBoxManage convertfromraw NewImage.dmg NewImage.vdi --format VDI

And a young geek's view (the kind my son would probably prefer rather than actually reading instructions) https://www.youtube.com/watch?v=Nod7cpxzxLc

 

Thunderbolt EFI Exploit

As if security weren’t hard enough, attaching a compromised Thunderbolt device can write the flash ROM on the computer. A system reinstall or drive replacement has no effect, since the EFI firmware is modified. You’d have to throw away the Mac—that is if you had any way of discovering the hack. This sort of thing is why high security users do things like glue USB3 ports shut and disconnect wireless and tape over cameras and so on. Certainly never, ever plug in a USB3 stick you find on the street (so to speak). Your good luck may be no accident.

Apple EFI Firmware Security Vulnerabilities

This sort of hardware vector is unnerving, because there are all sorts of waypoints betwen the manufacturing of a device and its delivery. And no conventional way to detect the exploit. MPG has little doubt that the NSA has used such techniques to compromise systems, not that such activities need be confined to spy agencies.

Additionally, other Thunderbolt devices' Option ROMs are writable from code that runs during the early boot and the bootkit could write copies of itself to new Thunderbolt devices. The devices remain functional, which would allow a stealthy bootkit to spread across air-gap security perimeters through shared Thunderbolt devices.

More unnevering is that Apple would store a certificate in writeable flash memory, which can simply be overwritten. And that this bug has been known for two years and that it can be fixed, but has not been fixed.

Last Minute Deals: Discounted Mac Pro, Deal Zone, and Oatmeal

The mass shopping murmuration reaches its climax right around now. But it will come down soon.

OWC has a bunch of stuff on sale and Cyber Savers and used Macs and displays.

For stocking stuffers sure to enthrall your kids, get 'em a few bags of Bob's Red Mill Gluten Free Thick Oats at Amazon. Well, they can make cookies heh heh.

Mac Pro

Looking for a Mac Pro? For general photography, the 6-core Mac Pro is the sweet spot. See my review of the 2013 Mac Pro over at MacPerformanceGuide.com.

Don’t forget 64GB 2013 Mac Pro memory at OWC.

B&H Photo has many 2013 Mac Pro models discounted by $250 to $400, with free one day shipping. MPG strongly recommends Mac Pro with the 1TB flash drive, or at least the 512TB flash drive, but you can upgrade to 1TB or 2TB SSD later. The B&H Photo DEAL ZONE has a few interesting smaller items.

TESTED: OWC Aura SSD for 2013 Mac Pro with Photoshop

Excellent real world performance.

OWC Aura SSD for 2013 Mac Pro as Photoshop Scratch Disk for diglloydHuge Benchmark

OWC Aura SSD for 2013 Mac Pro as a scratch disk for Photoshop
OWC Aura SSD for 2013 Mac Pro as a scratch disk for Photoshop

Procedure for Minimizing Risks with a Software Updater that Runs as 'root'

This follows:

Sea Change: Security is Your Job Also, the Writing is on the Wall.

Sony Pictures Hacked: Do You Really Want to Update your Camera Firmware with a Sony Updater that Runs as 'root'?

This discussion actually applies to any software updater, signed or not, for a camera or anything. Because as the Sony fiasco shows, private keys can be stolen.

Even a signed app or updater does not preclude a version modified to contain malware by a hacker who cracks a stolen private key file. And then signs the app so that it looks legitimate*.

  1. Erase a drive, and clone the system to it. (see also How to upgrade your system/boot drive).
  2. Disconnect all drives including the original system drive. Or at least dismount the volumes (sophisticated malware can still infect at the driver level though).
  3. Boot off the clone.
  4. Download the updater, update the camera. Of course, infected firmware could still infect the camera, but the only solution to that is never to update firmware. And even then, really good malware might infect modifiable firmare RAM. Well, it’s all odds.
  5. Disconnect the clone.
  6. Reconnect previous devices, boot up.
  7. Ideally, physically destroy the clone drive (e.g hammer and saw, so to speak). Alternately (and carrying some risk), connect the clone drive (do not boot off it!) then using Disk Utility, erase it, then wipe all blocks (one pass secure erase). SoftRAID 5 also has an even better “Wipe” function.

Obviously if the update is for software you want on your computer, you’re out of luck—in it goes.

You want that software on your system—or do you? It is why MPG installs only absolutely essential software and loathes vendors deliver crapware and automated agents of various kinds. More software means more updates, each of which is a potential vector for compromise.

* That is why it is so critical that a vendor immediately revoke a certificate if there is any suspicion of the private key having been obtained, encrypted or not.

For that matter, a computer containing the private key that signs software should ideally never be connected to the internet. Certainly the private key should not be on a laptop taken for travel. But given reality, the password for the private key should be very long and complex.

Another option — virtualization

Mark A writes with an excellent suggestion of using virtualization via VirtualBox for the temporary bootable system:

I know this is obvious to you, being a software engineer like I am, but your readers may benefit from the understanding that a virtual hard drive can have its changes "rolled back" for free after such a potentially dangerous upgrade and restored to a condition ready for the next one.

Mac OS X is on the official virtualbox list of supported guest OSes. It's just a "normal" EFI-booted Intel OS. I believe Apple changed their license policy for hosting in a VM back in the Lion days.

https://www.virtualbox.org/wiki/Guest_OSes

There's the longer, hackier way ala http://www.robertsetiadi.net/install-os-x-virtualbox/

Or the way you suggest creating a pristine install and where I'd add a last step to clone the raw drive into a dmg image and then to a virtualbox image via https://www.virtualbox.org/manual/ch08.html#idp59618720 so something like

$ VBoxManage convertfromraw NewImage.dmg NewImage.vdi --format VDI

And a young geek's view (the kind my son would probably prefer rather than actually reading instructions) https://www.youtube.com/watch?v=Nod7cpxzxLc

Sea Change: Security is Your Job Also, the Writing is on the Wall

With the recent and ongoing security breaches at Sony Pictures, a chilling new level of risk has emerged that is pummeling Sony*, but applies to any entity, including Apple and Google. No company has perfect security nor will it ever, period.

Sony Pictures Hacked: Do You Really Want to Update your Camera Firmware with a Sony Updater that Runs as 'root'?

Sony Firmware Updater: a Security Risk

* Reportedly, Sony has shut down filming because hackers have rendered its payment systems inoperable!

See also A concise history of recent Sony hacks (MPG takes no position on the material at that link).

Security is YOUR job too

This is a general discussion, and while specifics are used, the issues span a much larger space than detailed here.

This has always been true, but the risks have never been harder to understand or more concerning, nor has there every been more inter-connected. Then think bank and brokerage accounts, which in MPG’s view, should not be used via the web, though admittedly that is a huge hassle these days. A system compromise of any kind potentially delivers the juiciest prize: draining money from your account to a hacker somewhere.

Risk for which you by law have no choice and no control: MPG vehemently objects to electronic medical and tax records. For reasons that should be obvious given the Sony fiasco, e.g. the government is incompetent to protect those records from determined hackers. Edward Snowden showed that even our “spooks” with the most highly classified information and strictest procedures can be compromised.

MPG advises readers to disavow cameras that require software updaters or USB transfers or charging (USB also has exploits when connected to the computer):

Computer code that can turn almost any device that connects via USB into a cyber-attack platform has been shared online.

You camera and your computer

Sony and certain other camera vendors provide software updaters that run on the computer in order to upgrade camera firmware. Moreover, the Sony updater (and some other brands) must be run as 'root' (no security restrictions). A software updater that must be run on the computer with root access is a fundamentally flawed design; it is a potential “root kit” vector. Other vendors like Nikon and Canon provide downloadable firmware that the camera itself can load**.

Patient: “Doctor, it hurts when I do that”.
Doctor: “Don’t do that!”.

It cannot be fixed except by doing it properly: no software updater at all. The camera itself should accept a firmware file, taking the computer out of the loop, at least in the sense of running 'root' capable software. Because either the updater or the firmware could compromise (hack into) the system, and the user would have no way to tell (well written malware is invisible).

The writing is on the wall. Meaning that all Sony software of any kind must now be suspect as potentially harboring malware, either now or some time down the line. There can be no assumption that it is “only Sony Pictures” or similar naive ostriches.

As this was written, it appears that Sony had not revoked the certificates for the compromised PFX (private key) files. If true, that a (non) act of gross negligence that in MPG’s view carries the prospect of awesome financial and legal liabilities, should the private keys be cracked and used for unsavory purposes.

** There are no zero risk approaches to updating camera firmware, but a binary file that the computer does not execute carries a much lower level of risk than having to run software, especially software that executes as “root”.

 
Max Your Mac Pro at OWC

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter | Retina Image Control
Copyright © 2008-2015 diglloyd Inc, all rights reserved.