Am I the only person who feels that there's a serious (a very big understatement) security problem in Disk Utility since APFS was introduced?
Under HFS+, one can without problem make with DU a VERIFIED clone of a system disk and boot on the clone, knowing it is an exact copy of the system disk used as a source for the cloning operation.
Unless I'm dense (and, if it is the case, I would more than welcome any explanation/clarification/education), while duplicating a data APFS volume with DU works OK, it is not possible to do the same with an APFS SYSTEM disk: when one tries to do it, this fails and the user gets the infamous "APFS failed to invert the volume - Resource busy. The operation couldn't complete. (OSStatus error 16)." message.
Aside from the fact that I would very much like to know the exact meaning of OSStatus error 16 and what on Earth is a volume inversion and why it is needed here (many thanks to Apple for their extensive and widely available technical documentation...), this failure to provide a way to produce a VERIFIED copy of a system disk is simply a way to send any user, sooner or later, to his doom.
Now, I am well aware of the existence of Time Machine and of such third party utilities as, for example, Carbon Copy Cloner or SuperDuper. While I haven't tried SD, I have CCC and use it daily.
I have given up using Time Machine a while ago, the reason being that, while tests I had done prior to putting it to use had worked satisfactorily, I had to use it in real need twice and in both cases, Time Machine failed me. I was only saved because, being a firm believer in belt and suspenders policy, I had other types of backups available. In the first case, the restored system disk turned out not to be bootable (for unknown reasons), while the tests I had previously done had produced bootable clones. No error message had ever been issued by Time Machine either during the save or the restore operations. I was just told: "Well, it may happen"... (side question: would you accept such an answer in the case of a non-functioning airbag in a car?) In the second case, I asked the migration assistant to use a freshly made Time Machine backup (only one run of Time Machine, which produced no error message) as source for its operations during a macOS version upgrade. The migration assistant reported missing HUNDREDS of files... The unescapable conclusion is that Time Machine is, at best, an unnecessarily complicated copy utility, but cannot in ANY circumstances be termed a backup utility. It shouldn't have failed in the first place and, if or when it met with problems, it should have reported them.
CCC, with its "search for damaged files" option, does a good job. Still, it is not a VERIFIED backup and I really wish to have this feature available, even if, short of implementing reliable disk shadowing, it necessarily means making an offline backup of the system disk. I'm ready to trade this penalty for security (I have done it routinely at least every fortnight with HFS+ for the past eleven years).
When is Apple (or anybody else) going to provide a way to produce a VERIFIED APFS system disk clone?
Upgrading production systems to Mojave is out of question for me in the current situation.
Denis M.
Under HFS+, one can without problem make with DU a VERIFIED clone of a system disk and boot on the clone, knowing it is an exact copy of the system disk used as a source for the cloning operation.
Unless I'm dense (and, if it is the case, I would more than welcome any explanation/clarification/education), while duplicating a data APFS volume with DU works OK, it is not possible to do the same with an APFS SYSTEM disk: when one tries to do it, this fails and the user gets the infamous "APFS failed to invert the volume - Resource busy. The operation couldn't complete. (OSStatus error 16)." message.
Aside from the fact that I would very much like to know the exact meaning of OSStatus error 16 and what on Earth is a volume inversion and why it is needed here (many thanks to Apple for their extensive and widely available technical documentation...), this failure to provide a way to produce a VERIFIED copy of a system disk is simply a way to send any user, sooner or later, to his doom.
Now, I am well aware of the existence of Time Machine and of such third party utilities as, for example, Carbon Copy Cloner or SuperDuper. While I haven't tried SD, I have CCC and use it daily.
I have given up using Time Machine a while ago, the reason being that, while tests I had done prior to putting it to use had worked satisfactorily, I had to use it in real need twice and in both cases, Time Machine failed me. I was only saved because, being a firm believer in belt and suspenders policy, I had other types of backups available. In the first case, the restored system disk turned out not to be bootable (for unknown reasons), while the tests I had previously done had produced bootable clones. No error message had ever been issued by Time Machine either during the save or the restore operations. I was just told: "Well, it may happen"... (side question: would you accept such an answer in the case of a non-functioning airbag in a car?) In the second case, I asked the migration assistant to use a freshly made Time Machine backup (only one run of Time Machine, which produced no error message) as source for its operations during a macOS version upgrade. The migration assistant reported missing HUNDREDS of files... The unescapable conclusion is that Time Machine is, at best, an unnecessarily complicated copy utility, but cannot in ANY circumstances be termed a backup utility. It shouldn't have failed in the first place and, if or when it met with problems, it should have reported them.
CCC, with its "search for damaged files" option, does a good job. Still, it is not a VERIFIED backup and I really wish to have this feature available, even if, short of implementing reliable disk shadowing, it necessarily means making an offline backup of the system disk. I'm ready to trade this penalty for security (I have done it routinely at least every fortnight with HFS+ for the past eleven years).
When is Apple (or anybody else) going to provide a way to produce a VERIFIED APFS system disk clone?
Upgrading production systems to Mojave is out of question for me in the current situation.
Denis M.