rc3.org

Strong opinions, weakly held

Tag: OS X (page 1 of 2)

The most interesting feature in OS X Mountain Lion

Panic Software has a long post explaining code signing and Apple’s new Gatekeeper feature in OS X Mountain Lion. Gatekeeper provides a way for developers to digitally sign their applications, verifying their origin, and for those signatures to be revoked so that the applications cannot run any longer if they are shown to be compromised by malware. Users can decide for themselves whether they want to let their Mac run any application or only applications which have been signed. (Or only applications from the App Store, although I think you’d have to be crazy to do that.) What I find particularly interesting about this is that Apple had decided last year to implement much more draconian rules that would essentially force developers into the App Store by making that the only way that developers could distribute signed applications. Wil Shipley beseeched Apple to take another course and allow developers to sign apps themselves. Here’s the recommendation he made last November:

My suggestion is for Apple to provide certificates directly to developers and allow the developers to sign their own code. And, by doing this, Apple can then reasonably say, “Ok, now we’re going to, by default, not allow the user to run any code whose certificate wasn’t issued by us and signed by a real third-party developer (except the stuff the user checks in the control panel).”

Apple then has the power, if any app is found to be malware, to shut it down remotely, immediately. This is a power Apple doesn’t have now over malware, and that won’t come from more sandboxing or more code audits. I have shown the only way to achieve it is to require developers to sign their code with a certificate from Apple.

At the time, I read the post, linked to it, and thought that it made too much sense for Apple to do it. I was pleasantly surprised to see Apple take that advice.

Update: Nelson Minar reminds us that features like Gatekeeper require users to put a lot of trust in the gatekeeper. I think one reason people are happy about Gatekeeper is that it’s such a retreat from Apple’s previous untenable position.

Daniel Jalkut’s post on Gatekeeper is also worth reading. Gatekeeper is important because it’s a step back from Apple’s previous decision to essentially force developers to distribute their apps via the App Store. That was problematic because App Store apps will be required to operate within a very limited Sandbox. Daniel Jalkut argues that the next step for Apple should take is to greatly increase the rights granted to apps in the Sandbox. Even though Apple has climbed back from its stance that would force developers into the App Store (and Sandbox), it is still making some new features of the OS available only to apps that are distributed through the App Store, so it’s important that the Sandbox be flexible enough to satisfy as many independent developers as possible.

The good and bad of the OS X sandbox

Lots of thoughtful posts are cropping up about the new restrictions Apple plans to implement for OS X applications that will be distributed through the App Store. The occasion is, I suppose, the news that Apple is pushing back the deadline for all applications distributed through the App Store to be Sandbox-compliant from the middle of this month to March 2012.

For a basic rundown of the new rules and what they mean, check out this post from Pauli Olavi Ojala.

For an argument that Apple could take a more realistic, less restrictive approach to securing applications, see Will Shipley. In it, he explains why entitlements and code auditing may be useful in theory, but certificates are a more straightforward solution:

But, in the real world, security exploits get discovered by users or researchers outside of Apple, and what’s important is having a fast response to security holes as they are discovered. Certificates give Apple this.

His proposed solution makes a lot of sense, I’d love to see Apple adopt it.

Ars Technica’s Infinite Loop blog has a useful post on the sandbox features in OS X Lion as well.

Snow Leopard: dyld issue

Since updating my Mac running Snow Leopard to 10.6.1, I’m seeing the following message in the Terminal at least once after running every command:

dyld: shared cached file was build against a different 
libSystem.dylib, ignoring cache

Someone said online that you can clear the cache using the following command:

sudo update_dyld_shared_cache -force

That returned the error:

update_dyld_shared_cache failed: vm address 0xFEEDFACE not found 
in /System/Library/Frameworks/Accelerate.framework/Versions/A/
Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib

I was hoping to post a solution to the problem for other people, but I haven’t solved it yet! So if you have any ideas, please post a comment.

Update: Looks like the library that’s preventing me from updating the dyld cache is in the hardware acceleration framework. Here’s one proposed solution, which involves moving the offending framework, running update_dyld_shared_cache and then moving the framework back. I’m not entirely comfortable with that.

Links for September 1

  • Ars Technica: John Siracusa’s Snow Leopard review. 23 pages of goodness.
  • How the economics of strip malls differ from the economics of commercial blocks in cities.
  • Jonah Lehrer: The Just World Hypothesis. One of the great moral insights I had at a relatively early age is that the world generally operates with no regard for or propensity toward just outcomes.
  • Dan Gillmor: Time Pundit’s Rant and (Partly) Misguided Sense of Privacy. You can’t expect email sent to a mailing list to remain private.
  • WebMonkey: Opera 10 Arrives. Opera has never caught on with me, but they’re to be commended for driving innovation in the browser market and putting the bigger browser makers to shame on a regular bases.

Links for August 28

What do you guys think of the new link format? Good? Bad? Should each link be a separate post?

  • It’s Snow Leopard day. Here’s a wiki for tracking which applications are Snow Leopard compatible. Here’s John Gruber’s upgrade procedure, which I will be following.
  • Ted Leung revisits the age old debate — is open source development incompatible with good design?
  • ComputerWorld tests free antivirus software for Windows.

Links for August 27

  • Simon St Laurent looks at reasons why there’s buzz around HTML again.
  • Mac OS X Automation explains Services in Snow Leopard (my copy arrives tomorrow). Via Daring Fireball.
  • A new poll reveals that people don’t actually even know what the public option is. The public option is a government-managed insurance plan that will compete with plans from private insurers in an exchange, available to individuals and small businesses that do not participate in group insurance. Here’s a longer explanation. In the meantime, the current Republican talking point seems to be that Medicare is a poorly run government program that we should preserve at all costs.
  • The MySQL Performance Blog looks at the Redis database. Redis is one of those schema-less databases people are all talking about these days.
  • Matt Raible takes a look at Java REST frameworks.
  • The UK is looking at plastic alternatives to traditional pub glasses. That wins my “stupidest thing I read today” award. Via Bruce Schneier.

Links from March 16th

MacBook disaster recovery

A couple of weeks ago, I set a magnetic money clip on top of my MacBook, killing the hard drive pretty much instantly. It made a funny grinding noise, the beach ball spun, and that was it. The hard drive never had a chance.

Fortunately, I have been backing up my Mac regularly with Time Machine, and I had a backup that was only a week or so old. I do nearly all of my work in version control or in the browser, so the only thing I stood to lose was a few tracks I had purchased from the Amazon.com MP3 store.

All I had to do was replace the hard drive and restore the backup.

First, I had to buy a new hard drive. Hitachi’s 7200 RPM notebook hard drives are the most highly regarded, but they were out of stock at Amazon, so I bought a Western Digital 320 gig hard drive instead.

Installing the hard drive was easy. Macinstruct describes the process as challenging, but it took me less than 15 minutes.

I have two different Leopard DVDs, and I couldn’t get the MacBook to boot from either of them (I still don’t have any idea why). So I booted from the OS X 10.4 CD, formatted the new hard drive, and installed the OS. Then I booted from the Leopard DVD (again, I have no idea why it didn’t work before but it did work after) and upgraded to Leopard.

At that point, I realized that restoring from Time Machine was something you have to do after booting from the Leopard install DVD. So I rebooted from that DVD again, and restored the Time Machine backup.

When I rebooted after the restore was complete, the MacBook started rebooting over and over and over. It wouldn’t even boot into single user mode. So I rebooted from the Leopard DVD again and used the Disk Utility to repair the disk and the permissions. There were no disk issues, but there were a few file permission issues. It fixed those, but when I rebooted again, the reboot cycle started all over.

At that point I was at a bit of a loss. I thought the problem may be a corrupt operating system, so I booted from the Leopard DVD and reinstalled the OS in Archive and Install mode. That failed, complaining that it couldn’t copy my user directory.

I figured my last shot was just to install a fresh copy of Leopard and manually copy my files from the backup drive. Before I did that, though, I tried running a Time Machine restore again, and this time it worked, restoring my machine to the state it was in before I destroyed the hard drive in the first place.

Conclusions

Time Machine works, but not incredibly well. Life would have been easier if I’d had a backup created using Carbon Copy Cloner or SuperDuper. I could have booted from the backup drive and restored to the new hard drive.

Had the MacBook been my only computer, the whole ordeal would have been incredibly stressful. It took me several days to get the new hard drive, and the restoration process was abetted by having another computer next to me that I could use to look up answers to the questions I ran into.

If I had to depend on the laptop for my day to day work, I’m pretty sure I’d keep my Time Machine backup drive and add a second external hard drive to the mix with a disk exactly like the one in the computer. I’d run Time Machine full time (as I do now), and make a supplemental backup to the second external hard drive weekly with a full system backup utility. Then in a disaster scenario, I could just swap out the dead hard drive with the second backup drive and experience zero down time. Large laptop hard drives are less than $100, and you can get an enclosure for $20 or $30. That’s not a high price for insurance.

Why does Flash suck on OS X?

Apparently Flash 10 isn’t much better than the previous versions of Flash in terms of performance on OS X. Anyone ever read a decent technical explanation of why that’s the case? Is it that Adobe just doesn’t put the effort into optimizing the Flash player on OS X that they do into optimizing it under Windows? Is it that there are APIs that Adobe takes advantage of under Windows that aren’t available in OS X?

I’ve never seen a really good explanation for the disparity.

The reason why I wonder if it’s something endemic to the Mac is that I’ve seen similar complaints about World of Warcraft performance. For example, here’s a comparison of World of Warcraft performance between the game running under OS X and on the same computer running Windows via Boot Camp. The performance is substantially better under Windows.

Opinions sought: OS X text editors

What’s the general consensus on BBEdit 9 versus TextMate for working on Ruby on Rails applications? Is there a compelling reason to migrate away from TextMate?

Older posts

© 2024 rc3.org

Theme by Anders NorenUp ↑